Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7e33b04e by security tracker role at 2018-12-20T20:10:26Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,151 @@
-CVE-2018-20307
+CVE-2018-20317
RESERVED
-CVE-2018-20306
+CVE-2018-20316
RESERVED
+CVE-2018-20315
+ RESERVED
+CVE-2018-20314
+ RESERVED
+CVE-2018-20313
+ RESERVED
+CVE-2018-20312
+ RESERVED
+CVE-2018-20311
+ RESERVED
+CVE-2018-20310
+ RESERVED
+CVE-2018-20309
+ RESERVED
+CVE-2018-20308
+ RESERVED
+CVE-2018-1000882 (WeBid version up to current version 1.2.2 contains a
Directory ...)
+ TODO: check
+CVE-2018-1000881 (Traccar Traccar Server version 4.0 and earlier contains a
CWE-94: ...)
+ TODO: check
+CVE-2018-1000880 (libarchive version commit
9693801580c0cf7c70e862d305270a16b52826a7 ...)
+ TODO: check
+CVE-2018-1000879 (libarchive version commit
379867ecb330b3a952fb7bfa7bffb7bbd5547205 ...)
+ TODO: check
+CVE-2018-1000878 (libarchive version commit
416694915449219d505531b1096384f3237dd6cc ...)
+ TODO: check
+CVE-2018-1000877 (libarchive version commit
416694915449219d505531b1096384f3237dd6cc ...)
+ TODO: check
+CVE-2018-1000876 (binutils version 2.32 and earlier contains a Integer
Overflow ...)
+ TODO: check
+CVE-2018-1000875 (Berkeley Open Infrastructure for Network Computing BOINC
Server and ...)
+ TODO: check
+CVE-2018-1000874 (PHP Markdown version 1.2.0 and earlier contains a Cross Site
Scripting ...)
+ TODO: check
+CVE-2018-1000873 (Fasterxml Jackson version Before 2.9.8 contains a CWE-20:
Improper ...)
+ TODO: check
+CVE-2018-1000872 (OpenKMIP PyKMIP version All versions before 0.8.0 contains a
CWE 399: ...)
+ TODO: check
+CVE-2018-1000871 (HotelDruid HotelDruid 2.3.0 version 2.3.0 and earlier
contains a SQL ...)
+ TODO: check
+CVE-2018-1000870 (PHPipam version 1.3.2 and earlier contains a CWE-79
vulnerability in ...)
+ TODO: check
+CVE-2018-1000869 (phpIPAM version 1.3.2 contains a CWE-89 vulnerability in ...)
+ TODO: check
+CVE-2018-1000868 (WeBid version up to current version 1.2.2 contains a Cross
Site ...)
+ TODO: check
+CVE-2018-1000867 (WeBid version up to current version 1.2.2 contains a SQL
Injection ...)
+ TODO: check
+CVE-2018-1000860 (phpipam version 1.3.2 and earlier contains a Cross Site
Scripting ...)
+ TODO: check
+CVE-2018-1000858 (GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request
Forgery ...)
+ TODO: check
+CVE-2018-1000857 (log-user-session version 0.7 and earlier contains a
Directory ...)
+ TODO: check
+CVE-2018-1000856 (DomainMOD version 4.09.03 and above. Also verified in the
latest ...)
+ TODO: check
+CVE-2018-1000855 (easymon version 1.4 and earlier contains a Cross Site
Scripting (XSS) ...)
+ TODO: check
+CVE-2018-1000854 (esigate.org esigate version 5.2 and earlier contains a
CWE-74: ...)
+ TODO: check
+CVE-2018-1000852 (FreeRDP FreeRDP 2.0.0-rc3 released version before commit ...)
+ TODO: check
+CVE-2018-1000851 (Copay Bitcoin Wallet version 5.01 to 5.1.0 included.
contains a ...)
+ TODO: check
+CVE-2018-1000850 (Square Retrofit version versions from (including) 2.0 and
2.5.0 ...)
+ TODO: check
+CVE-2018-1000849 (Alpine Linux version Versions prior to 2.6.10, 2.7.6, and
2.10.1 ...)
+ TODO: check
+CVE-2018-1000848 (Wampserver version prior to version 3.1.5 contains a Cross
Site ...)
+ TODO: check
+CVE-2018-1000847 (FreshDNS version 1.0.3 and prior contains a Cross Site
Scripting (XSS) ...)
+ TODO: check
+CVE-2018-1000846 (FreshDNS version 1.0.3 and earlier contains a Cross ite
Request ...)
+ TODO: check
+CVE-2018-1000845 (Avahi version 0.7 contains a Incorrect Access Control
vulnerability in ...)
+ TODO: check
+CVE-2018-1000844 (Square Open Source Retrofit version Prior to commit ...)
+ TODO: check
+CVE-2018-1000843 (Luigi version prior to version 2.8.0; after commit ...)
+ TODO: check
+CVE-2018-1000842 (FatFreeCRM version <=0.14.1, >=0.15.0 <=0.15.1,
>=0.16.0 <=0.16.3, ...)
+ TODO: check
+CVE-2018-1000841 (Zend.To version Prior to 5.15-1 contains a Cross Site
Scripting (XSS) ...)
+ TODO: check
+CVE-2018-1000840 (Processing Foundation Processing version 3.4 and earlier
contains a ...)
+ TODO: check
+CVE-2018-1000839 (LH-EHR version REL-2_0_0 contains a Arbitrary File Upload
...)
+ TODO: check
+CVE-2018-1000838 (autopsy version <= 4.9.0 contains a XML External Entity
(XXE) ...)
+ TODO: check
+CVE-2018-1000837 (UML Designer version <= 8.0.0 contains a XML External
Entity (XXE) ...)
+ TODO: check
+CVE-2018-1000836 (bw-calendar-engine version <= bw-calendar-engine-3.12.0
contains a XML ...)
+ TODO: check
+CVE-2018-1000835 (KeePassDX version <= 2.5.0.0beta17 contains a XML
External Entity ...)
+ TODO: check
+CVE-2018-1000834 (runelite version <= runelite-parent-1.4.23 contains a XML
External ...)
+ TODO: check
+CVE-2018-1000833 (ZoneMinder version <= 1.32.2 contains a Other/Unknown
vulnerability in ...)
+ TODO: check
+CVE-2018-1000832 (ZoneMinder version <= 1.32.2 contains a Other/Unknown
vulnerability in ...)
+ TODO: check
+CVE-2018-1000831 (K9Mail version <= v5.600 contains a XML External Entity
(XXE) ...)
+ TODO: check
+CVE-2018-1000830 (XR3Player version <= V3.124 contains a XML External
Entity (XXE) ...)
+ TODO: check
+CVE-2018-1000829 (Anyplace version before commit 80359b4 contains a XML
External Entity ...)
+ TODO: check
+CVE-2018-1000828 (FrostWire version <= frostwire-desktop-6.7.4-build-272
contains a XML ...)
+ TODO: check
+CVE-2018-1000827 (Ubilling version <= 0.9.2 contains a Other/Unknown
vulnerability in ...)
+ TODO: check
+CVE-2018-1000826 (Microweber version <= 1.0.7 contains a Cross Site
Scripting (XSS) ...)
+ TODO: check
+CVE-2018-1000825 (FreeCol version <= nightly-2018-08-22 contains a XML
External Entity ...)
+ TODO: check
+CVE-2018-1000824 (MegaMek version < v0.45.1 contains a Other/Unknown
vulnerability in ...)
+ TODO: check
+CVE-2018-1000823 (exist version <= 5.0.0-RC4 contains a XML External Entity
(XXE) ...)
+ TODO: check
+CVE-2018-1000822 (codelibs fess version before commit faa265b contains a XML
External ...)
+ TODO: check
+CVE-2018-1000821 (MicroMathematics version before commit 5c05ac8 contains a
XML External ...)
+ TODO: check
+CVE-2018-1000820 (neo4j-contrib neo4j-apoc-procedures version before commit
45bc09c ...)
+ TODO: check
+CVE-2018-1000817 (Asset Pipeline Grails Plugin Asset-pipeline plugin version
Prior to ...)
+ TODO: check
+CVE-2018-1000816 (Grafana version confirmed for 5.2.4 and 5.3.0 contains a
Cross Site ...)
+ TODO: check
+CVE-2018-1000815 (Brave Software Inc. Brave version version 0.22.810 to 0.24.0
contains ...)
+ TODO: check
+CVE-2018-1000814 (aio-libs aiohttp-session version 2.6.0 and earlier contains
a ...)
+ TODO: check
+CVE-2018-1000813 (Backdrop CMS version 1.11.0 and earlier contains a Cross
Site ...)
+ TODO: check
+CVE-2018-1000812 (&#xc1;rtica Soluciones Tecnol&#xf3;gicas Integria
IMS version 5.0 MR56 ...)
+ TODO: check
+CVE-2018-1000811 (bludit version 3.0.0 contains a Unrestricted Upload of File
with ...)
+ TODO: check
+CVE-2018-20307 (Pulse Secure Virtual Traffic Manager 9.9 versions prior to
9.9r2 and ...)
+ TODO: check
+CVE-2018-20306 (A stored cross-site scripting (XSS) vulnerability in the web
...)
+ TODO: check
CVE-2018-20305 (D-Link DIR-816 A2 1.10 B05 devices allow arbitrary remote code
...)
NOT-FOR-US: D-Link
CVE-2018-20304 (wbook_addworksheet in workbook.c in libexcel.a in libexcel
0.01 allows ...)
@@ -10,8 +154,8 @@ CVE-2018-20303 (In pkg/tool/path.go in Gogs before
0.11.82.1218, a directory tra
NOT-FOR-US: Go Git Service
CVE-2018-20302 (An XSS issue was discovered in Steve Pallen Xain before 0.6.2
via the ...)
TODO: check
-CVE-2018-20301
- RESERVED
+CVE-2018-20301 (An issue was discovered in Steve Pallen Coherence before 0.5.2
that is ...)
+ TODO: check
CVE-2018-20300 (Empire CMS 7.5 allows remote attackers to execute arbitrary
PHP code ...)
NOT-FOR-US: Empire CMS
CVE-2018-20299 (An issue was discovered in several Bosch Smart Home cameras
(360 degree ...)
@@ -9392,10 +9536,10 @@ CVE-2018-19236
RESERVED
CVE-2018-19235
RESERVED
-CVE-2018-19234
- RESERVED
-CVE-2018-19233
- RESERVED
+CVE-2018-19234 (The Miss Marple Updater Service in COMPAREX Miss Marple
Enterprise ...)
+ TODO: check
+CVE-2018-19233 (COMPAREX Miss Marple Enterprise Edition before 2.0 allows
local users ...)
+ TODO: check
CVE-2018-19232
RESERVED
CVE-2018-19231
@@ -23169,7 +23313,7 @@ CVE-2018-13844 (An issue has been found in HTSlib 1.8.
It is a memory leak in fa
[stretch] - htslib <no-dsa> (Minor issue)
[jessie] - htslib <no-dsa> (Minor issue)
NOTE:
https://github.com/samtools/htslib/issues/731#issuecomment-403675330
-CVE-2018-13843 (An issue has been found in HTSlib 1.8. It is a memory leak in
...)
+CVE-2018-13843 (** DISPUTED ** An issue has been found in HTSlib 1.8. It is a
memory ...)
- htslib 1.9-2 (low)
[stretch] - htslib <no-dsa> (Minor issue)
[jessie] - htslib <no-dsa> (Minor issue)
@@ -27967,18 +28111,18 @@ CVE-2018-11990
RESERVED
CVE-2018-11989
RESERVED
-CVE-2018-11988
- RESERVED
-CVE-2018-11987
- RESERVED
-CVE-2018-11986
- RESERVED
-CVE-2018-11985
- RESERVED
-CVE-2018-11984
- RESERVED
-CVE-2018-11983
- RESERVED
+CVE-2018-11988 (In all android releases(Android for MSM, Firefox OS for MSM,
QRD ...)
+ TODO: check
+CVE-2018-11987 (In all android releases(Android for MSM, Firefox OS for MSM,
QRD ...)
+ TODO: check
+CVE-2018-11986 (In all android releases(Android for MSM, Firefox OS for MSM,
QRD ...)
+ TODO: check
+CVE-2018-11985 (In all android releases(Android for MSM, Firefox OS for MSM,
QRD ...)
+ TODO: check
+CVE-2018-11984 (In all android releases(Android for MSM, Firefox OS for MSM,
QRD ...)
+ TODO: check
+CVE-2018-11983 (In all android releases(Android for MSM, Firefox OS for MSM,
QRD ...)
+ TODO: check
CVE-2018-11982 (In Snapdragon (Mobile, Wear) in version MDM9206, MDM9607,
MDM9635M, ...)
NOT-FOR-US: Snapdragon
CVE-2018-11981
@@ -28013,18 +28157,18 @@ CVE-2018-11967
RESERVED
CVE-2018-11966
RESERVED
-CVE-2018-11965
- RESERVED
-CVE-2018-11964
- RESERVED
-CVE-2018-11963
- RESERVED
+CVE-2018-11965 (In all android releases(Android for MSM, Firefox OS for MSM,
QRD ...)
+ TODO: check
+CVE-2018-11964 (In all android releases(Android for MSM, Firefox OS for MSM,
QRD ...)
+ TODO: check
+CVE-2018-11963 (In all android releases(Android for MSM, Firefox OS for MSM,
QRD ...)
+ TODO: check
CVE-2018-11962
RESERVED
-CVE-2018-11961
- RESERVED
-CVE-2018-11960
- RESERVED
+CVE-2018-11961 (In all android releases(Android for MSM, Firefox OS for MSM,
QRD ...)
+ TODO: check
+CVE-2018-11960 (In all android releases(Android for MSM, Firefox OS for MSM,
QRD ...)
+ TODO: check
CVE-2018-11959
RESERVED
CVE-2018-11958
@@ -36915,8 +37059,8 @@ CVE-2018-8655
RESERVED
CVE-2018-8654
RESERVED
-CVE-2018-8653
- RESERVED
+CVE-2018-8653 (A remote code execution vulnerability exists in the way that
the ...)
+ TODO: check
CVE-2018-8652 (A Cross-site Scripting (XSS) vulnerability exists when Windows
Azure ...)
NOT-FOR-US: Windows Azure Pack Rollup
CVE-2018-8651 (A cross site scripting vulnerability exists when Microsoft
Dynamics ...)
@@ -40379,8 +40523,8 @@ CVE-2018-7367
RESERVED
CVE-2018-7366
RESERVED
-CVE-2018-7365
- RESERVED
+CVE-2018-7365 (All versions up to ZXCLOUD iRAI V5.01.05 of the ZTE uSmartView
product ...)
+ TODO: check
CVE-2018-7364 (All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product
...)
NOT-FOR-US: ZTE
CVE-2018-7363 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are
impacted ...)
@@ -42475,8 +42619,8 @@ CVE-2018-6671 (Application Protection Bypass
vulnerability in McAfee ePolicy ...
NOT-FOR-US: McAfee
CVE-2018-6670 (External Entity Attack vulnerability in the ePO extension in
McAfee ...)
NOT-FOR-US: McAfee
-CVE-2018-6669
- RESERVED
+CVE-2018-6669 (A whitelist bypass vulnerability in McAfee Application Control
/ ...)
+ TODO: check
CVE-2018-6668
RESERVED
CVE-2018-6667 (Authentication Bypass vulnerability in the administrative user
...)
@@ -47339,12 +47483,12 @@ CVE-2018-5202
RESERVED
CVE-2018-5201
RESERVED
-CVE-2018-5200
- RESERVED
-CVE-2018-5199
- RESERVED
-CVE-2018-5198
- RESERVED
+CVE-2018-5200 (KMPlayer 4.2.2.15 and earlier have a Heap Based Buffer Overflow
...)
+ TODO: check
+CVE-2018-5199 (In Veraport G3 ALL on MacOS, due to insufficient domain
validation, It ...)
+ TODO: check
+CVE-2018-5198 (In Veraport G3 ALL on MacOS, a race condition when calling the
...)
+ TODO: check
CVE-2018-5197
RESERVED
CVE-2018-5196
@@ -56321,8 +56465,8 @@ CVE-2018-1975
RESERVED
CVE-2018-1974
RESERVED
-CVE-2018-1973
- RESERVED
+CVE-2018-1973 (IBM API Connect 5.0.0.0 through 5.0.8.4 allows a user with
limited ...)
+ TODO: check
CVE-2018-1972
RESERVED
CVE-2018-1971
@@ -56699,8 +56843,8 @@ CVE-2018-1786 (IBM Spectrum Protect 7.1 and 8.1 dsmc
and dsmcad processes incorr
NOT-FOR-US: IBM Spectrum Protect
CVE-2018-1785 (IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1)
uses ...)
NOT-FOR-US: IBM
-CVE-2018-1784
- RESERVED
+CVE-2018-1784 (IBM API Connect 5.0.0.0 and 5.0.8.4 is affected by a NoSQL
Injection ...)
+ TODO: check
CVE-2018-1783 (IBM GPFS (IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0,
4.2.3.10, ...)
NOT-FOR-US: IBM
CVE-2018-1782 (IBM GPFS (IBM Spectrum Scale 5.0.1.0 and 5.0.1.1) allows a
local, ...)
@@ -56711,8 +56855,8 @@ CVE-2018-1780 (IBM DB2 for Linux, UNIX and Windows
(includes DB2 Connect Server)
NOT-FOR-US: IBM
CVE-2018-1779 (IBM API Connect 2018.1 through 2018.3.7 could allow an
unauthenticated ...)
NOT-FOR-US: IBM
-CVE-2018-1778
- RESERVED
+CVE-2018-1778 (IBM LoopBack (IBM API Connect 2018.1, 2018.4.1, 5.0.8.0, and
5.0.8.4) ...)
+ TODO: check
CVE-2018-1777 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is
vulnerable ...)
NOT-FOR-US: IBM
CVE-2018-1776
@@ -56725,8 +56869,8 @@ CVE-2018-1773 (IBM Datacap Fastdoc Capture 9.1.1,
9.1.3, and 9.1.4 could allow a
NOT-FOR-US: IBM
CVE-2018-1772
RESERVED
-CVE-2018-1771
- RESERVED
+CVE-2018-1771 (IBM Domino 9.0 and 9.0.1 could allow an attacker to execute
commands ...)
+ TODO: check
CVE-2018-1770 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could
allow a ...)
NOT-FOR-US: IBM
CVE-2018-1769
@@ -56913,8 +57057,8 @@ CVE-2018-1679 (IBM Sterling B2B Integrator Standard
Edition 5.2 through 5.2.6 co
NOT-FOR-US: IBM
CVE-2018-1678
RESERVED
-CVE-2018-1677
- RESERVED
+CVE-2018-1677 (IBM DataPower Gateways 7.1, 7.2, 7.5, 7.5.1, 7.5.2, 7.6, and
7.7 and ...)
+ TODO: check
CVE-2018-1676 (IBM Planning Analytics 2.0.0 through 2.0.4 is vulnerable to
cross-site ...)
NOT-FOR-US: IBM Planning Analytics
CVE-2018-1675
@@ -56945,8 +57089,8 @@ CVE-2018-1663 (IBM DataPower Gateways 7.5, 7.5.1,
7.5.2, 7.6, and 2018.4 could a
NOT-FOR-US: IBM
CVE-2018-1662
RESERVED
-CVE-2018-1661
- RESERVED
+CVE-2018-1661 (IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable
to ...)
+ TODO: check
CVE-2018-1660 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to
...)
NOT-FOR-US: IBM
CVE-2018-1659 (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and
6.0 ...)
@@ -58884,6 +59028,7 @@ CVE-2018-1161 (This vulnerability allows remote
attackers to execute arbitrary c
NOT-FOR-US: Quest NetVault Backup
CVE-2018-1160 [Unauthenticated remote code execution in Netatalk]
RESERVED
+ {DSA-4356-1}
- netatalk <unfixed> (bug #916930)
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=13711
CVE-2018-1159 (Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a
memory ...)
@@ -84853,8 +84998,8 @@ CVE-2017-9706 (In Android for MSM, Firefox OS for MSM,
QRD Android, with all And
NOT-FOR-US: Qualcomm components for Android
CVE-2017-9705 (In Android for MSM, Firefox OS for MSM, QRD Android, with all
Android ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-9704
- RESERVED
+CVE-2017-9704 (In all android releases(Android for MSM, Firefox OS for MSM,
QRD ...)
+ TODO: check
CVE-2017-9703 (In Android for MSM, Firefox OS for MSM, QRD Android, with all
Android ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-9702 (In android for MSM, Firefox OS for MSM, QRD Android, with all
Android ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7e33b04e5f4e02dfebc28e2aac1faffa4ea1cec6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7e33b04e5f4e02dfebc28e2aac1faffa4ea1cec6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
