[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Fri, 28 Dec 2018 12:11:00 -0800

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
c22b889f by security tracker role at 2018-12-28T20:10:28Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,65 @@
+CVE-2018-20579 (Contiki-NG before 4.2 has a stack-based buffer overflow in the 
push ...)
+       TODO: check
+CVE-2018-20578 (An issue was discovered in NuttX before 7.27. The function ...)
+       TODO: check
+CVE-2018-20577 (Orange Livebox 00.96.320S devices allow cgi-bin/restore.exe, 
...)
+       TODO: check
+CVE-2018-20576 (Orange Livebox 00.96.320S devices allow 
cgi-bin/autodialing.exe and ...)
+       TODO: check
+CVE-2018-20575 (Orange Livebox 00.96.320S devices have an undocumented ...)
+       TODO: check
+CVE-2018-20574 (The SingleDocParser::HandleFlowMap function in yaml-cpp (aka 
...)
+       TODO: check
+CVE-2018-20573 (The Scanner::EnsureTokensInQueue function in yaml-cpp (aka 
LibYaml-C++) ...)
+       TODO: check
+CVE-2018-20572 (WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php 
SQL ...)
+       TODO: check
+CVE-2018-20571 (DamiCMS 6.0.1 allows remote attackers to read arbitrary files 
via a ...)
+       TODO: check
+CVE-2018-20570 (jp2_encode in jp2/jp2_enc.c in JasPer 2.0.14 has a heap-based 
buffer ...)
+       TODO: check
+CVE-2018-20569 (user/index.php in Ivan Cordoba Generic Content Management 
System (CMS) ...)
+       TODO: check
+CVE-2018-20568 (Administrator/index.php in Ivan Cordoba Generic Content 
Management ...)
+       TODO: check
+CVE-2018-20567 (An issue was discovered in DouCo DouPHP 1.5 20181221. ...)
+       TODO: check
+CVE-2018-20566 (An issue was discovered in DouCo DouPHP 1.5 20181221. It 
allows full ...)
+       TODO: check
+CVE-2018-20565 (An issue was discovered in DouCo DouPHP 1.5 20181221. ...)
+       TODO: check
+CVE-2018-20564 (An issue was discovered in DouCo DouPHP 1.5 20181221. ...)
+       TODO: check
+CVE-2018-20563 (An issue was discovered in DouCo DouPHP 1.5 20181221. ...)
+       TODO: check
+CVE-2018-20562 (An issue was discovered in DouCo DouPHP 1.5 20181221. ...)
+       TODO: check
+CVE-2018-20561 (An issue was discovered in DouCo DouPHP 1.5 20181221. ...)
+       TODO: check
+CVE-2018-20560 (An issue was discovered in DouCo DouPHP 1.5 20181221. ...)
+       TODO: check
+CVE-2018-20559 (An issue was discovered in DouCo DouPHP 1.5 20181221. ...)
+       TODO: check
+CVE-2018-20558 (An issue was discovered in DouCo DouPHP 1.5 20181221. ...)
+       TODO: check
+CVE-2018-20557 (An issue was discovered in DouCo DouPHP 1.5 20181221. ...)
+       TODO: check
+CVE-2018-20556
+       RESERVED
+CVE-2018-20555
+       RESERVED
+CVE-2018-20554
+       RESERVED
+CVE-2018-20553 (Tcpreplay before 4.3.1 has a heap-based buffer over-read in 
get_l2len ...)
+       TODO: check
+CVE-2018-20552 (Tcpreplay before 4.3.1 has a heap-based buffer over-read in 
packet2tree ...)
+       TODO: check
+CVE-2018-1000893
+       RESERVED
+CVE-2018-1000892
+       RESERVED
+CVE-2018-1000891
+       RESERVED
 CVE-2018-20551 (A reachable Object::getString assertion in Poppler 0.72.0 
allows ...)
        - poppler <unfixed> (low; bug #917525)
        [stretch] - poppler <ignored> (Minor issue)
@@ -303,6 +365,7 @@ CVE-2018-20435
 CVE-2018-20434
        RESERVED
 CVE-2018-20433 (c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in 
...)
+       {DLA-1621-1}
        - c3p0 0.9.1.2-10 (bug #917257)
        [stretch] - c3p0 <no-dsa> (Minor issue; can be fixed via point release)
        NOTE: 
https://github.com/zhutougg/c3p0/commit/2eb0ea97f745740b18dd45e4a909112d4685f87b
@@ -647,7 +710,7 @@ CVE-2018-1000876 (binutils version 2.32 and earlier 
contains a Integer Overflow
        NOTE: 
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=3a551c7a1b80fca579461774860574eabfd7f18f
 CVE-2018-1000875 (Berkeley Open Infrastructure for Network Computing BOINC 
Server and ...)
        NOT-FOR-US: BOINC server (src:boinc only covers the client)
-CVE-2018-1000874 (PHP Markdown version 1.2.0 and earlier contains a Cross Site 
Scripting ...)
+CVE-2018-1000874 (PHP cebe markdown parser version 1.2.0 and earlier contains 
a Cross ...)
        NOT-FOR-US: cebe markdown parser (different from src:php-markdown)
 CVE-2018-1000873 (Fasterxml Jackson version Before 2.9.8 contains a CWE-20: 
Improper ...)
        TODO: check, could affect any of the src-jackson* packages
@@ -11512,8 +11575,8 @@ CVE-2018-18698 (An issue was discovered on Xiaomi Mi A1 
...)
        TODO: check
 CVE-2018-18697
        RESERVED
-CVE-2018-18696
-       RESERVED
+CVE-2018-18696 (main.aspx in Microstrategy Analytics 10.4.0026.0049 and 
earlier has ...)
+       TODO: check
 CVE-2018-18695 (M2SOFT Report Designer Viewer 5.0 allows a Buffer Overflow 
with ...)
        NOT-FOR-US: M2SOFT Report Designer Viewer
 CVE-2018-18694 (admin/index.php?id=filesmanager in Monstra CMS 3.0.4 allows 
remote ...)
@@ -11573,12 +11636,12 @@ CVE-2018-18669
        RESERVED
 CVE-2018-18668
        RESERVED
-CVE-2018-18667
-       RESERVED
-CVE-2018-18666
-       RESERVED
-CVE-2018-18665
-       RESERVED
+CVE-2018-18667 (The mintToken function of Pylon (PYLNT) aka PylonToken, an 
Ethereum ...)
+       TODO: check
+CVE-2018-18666 (The mintToken function of SwftCoin (SWFTC) aka SwftCoin, an 
Ethereum ...)
+       TODO: check
+CVE-2018-18665 (The mintToken function of Nexxus (NXX) aka NexxusToken, an 
Ethereum ...)
+       TODO: check
 CVE-2018-18664
        RESERVED
 CVE-2018-18663
@@ -14514,8 +14577,8 @@ CVE-2018-17540 (The gmp plugin in strongSwan before 
5.7.1 has a Buffer Overflow
        {DSA-4309-1 DLA-1528-1}
        - strongswan 5.7.1-1
        NOTE: 
https://www.strongswan.org/blog/2018/10/01/strongswan-vulnerability-(cve-2018-17540).html
-CVE-2018-17539
-       RESERVED
+CVE-2018-17539 (The BGP daemon (bgpd) in all IP Infusion ZebOS versions to 
7.10.6 and ...)
+       TODO: check
 CVE-2018-17538 (** DISPUTED ** Axon (formerly TASER International) Evidence 
Sync ...)
        NOT-FOR-US: Axon Evidence Sync
 CVE-2018-17537 [Persistent XSS package.json]
@@ -16832,10 +16895,10 @@ CVE-2018-16640 (ImageMagick 7.0.8-5 has a memory leak 
vulnerability in the funct
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1201
 CVE-2018-16639
        RESERVED
-CVE-2018-16638
-       RESERVED
-CVE-2018-16637
-       RESERVED
+CVE-2018-16638 (Evolution CMS 1.4.x allows XSS via the manager/ search 
parameter. ...)
+       TODO: check
+CVE-2018-16637 (Evolution CMS 1.4.x allows XSS via the page weblink title 
parameter to ...)
+       TODO: check
 CVE-2018-16636 (Nucleus CMS 3.70 allows HTML Injection via the index.php body 
...)
        NOT-FOR-US: Nucleus CMS
 CVE-2018-16635 (Blackcat CMS 1.3.2 allows XSS via the willkommen.php?lang=DE 
page ...)
@@ -16844,12 +16907,12 @@ CVE-2018-16634 (Pluck v4.7.7 allows CSRF via 
admin.php?action=settings. ...)
        NOT-FOR-US: Pluck CMS
 CVE-2018-16633 (Pluck v4.7.7 allows XSS via the 
admin.php?action=editpage&amp;page= page ...)
        NOT-FOR-US: Pluck CMS
-CVE-2018-16632
-       RESERVED
+CVE-2018-16632 (Mezzanine CMS v4.3.1 allows XSS via the ...)
+       TODO: check
 CVE-2018-16631 (Subrion CMS v4.2.1 allows XSS via the 
panel/configuration/general/ ...)
        NOT-FOR-US: Subrion CMS
-CVE-2018-16630
-       RESERVED
+CVE-2018-16630 (Kirby v2.5.12 allows XSS by using the &quot;site files&quot; 
Add option to ...)
+       TODO: check
 CVE-2018-16629 (panel/uploads/#elf_l1_XA in Subrion CMS v4.2.1 allows XSS via 
an SVG ...)
        NOT-FOR-US: Subrion CMS
 CVE-2018-16628 (panel/login in Kirby v2.5.12 allows XSS via a blog name. ...)
@@ -20138,12 +20201,12 @@ CVE-2018-15337
        RESERVED
 CVE-2018-15336
        RESERVED
-CVE-2018-15335
-       RESERVED
-CVE-2018-15334
-       RESERVED
-CVE-2018-15333
-       RESERVED
+CVE-2018-15335 (When APM 13.0.0-13.1.x is deployed as an OAuth Resource 
Server, APM ...)
+       TODO: check
+CVE-2018-15334 (A cross-site request forgery (CSRF) vulnerability in the APM 
webtop ...)
+       TODO: check
+CVE-2018-15333 (On versions 11.2.1. and greater, unrestricted Snapshot File 
Access ...)
+       TODO: check
 CVE-2018-15332 (The svpn component of the F5 BIG-IP APM client prior to 
version ...)
        NOT-FOR-US: F5 BIG-IP
 CVE-2018-15331 (On BIG-IP AAM 13.0.0 or 12.1.0-12.1.3.7, the dcdb_convert 
utility used ...)
@@ -21372,22 +21435,22 @@ CVE-2015-9262 (_XcursorThemeInherits in library.c in 
libXcursor before 1.1.15 al
        NOTE: 
https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=897213f36baf6926daf6d192c709cf627aa5fd05
 CVE-2018-14777 (An issue was discovered in DataLife Engine (DLE) through 13.0. 
An ...)
        NOT-FOR-US: DataLife Engine
-CVE-2018-1000631
-       RESERVED
-CVE-2018-1000630
-       RESERVED
-CVE-2018-1000629
-       RESERVED
-CVE-2018-1000628
-       RESERVED
-CVE-2018-1000627
-       RESERVED
-CVE-2018-1000626
-       RESERVED
-CVE-2018-1000625
-       RESERVED
-CVE-2018-1000624
-       RESERVED
+CVE-2018-1000631 (Battelle V2I Hub 3.0 is vulnerable to SQL injection. A 
remote attacker ...)
+       TODO: check
+CVE-2018-1000630 (Battelle V2I Hub 2.5.1 is vulnerable to SQL injection. A 
remote ...)
+       TODO: check
+CVE-2018-1000629 (Battelle V2I Hub 2.5.1 is vulnerable to cross-site 
scripting, caused ...)
+       TODO: check
+CVE-2018-1000628 (Battelle V2I Hub 2.5.1 could allow a remote attacker to 
bypass ...)
+       TODO: check
+CVE-2018-1000627 (Battelle V2I Hub 2.5.1 could allow a remote attacker to 
obtain ...)
+       TODO: check
+CVE-2018-1000626 (Battelle V2I Hub 2.5.1 could allow a remote attacker to 
bypass ...)
+       TODO: check
+CVE-2018-1000625 (Battelle V2I Hub 2.5.1 contains hard-coded credentials for 
the ...)
+       TODO: check
+CVE-2018-1000624 (Battelle V2I Hub 2.5.1 is vulnerable to a denial of service, 
caused by ...)
+       TODO: check
 CVE-2018-14776 (Click Studios Passwordstate before 8.3 Build 8397 allows XSS 
by ...)
        NOT-FOR-US: Click Studios Passwordstate
 CVE-2018-14775 (tss_alloc in sys/arch/i386/i386/gdt.c in OpenBSD 6.2 and 6.3 
has a ...)
@@ -41227,8 +41290,8 @@ CVE-2018-7368
        RESERVED
 CVE-2018-7367
        RESERVED
-CVE-2018-7366
-       RESERVED
+CVE-2018-7366 (ZTE ZXV10 B860AV2.1 product ChinaMobile branch with the ICNT 
versions ...)
+       TODO: check
 CVE-2018-7365 (All versions up to ZXCLOUD iRAI V5.01.05 of the ZTE uSmartView 
product ...)
        NOT-FOR-US: ZTE
 CVE-2018-7364 (All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product 
...)
@@ -48203,10 +48266,10 @@ CVE-2018-5205 (When using incomplete escape codes, 
Irssi before 1.0.6 may access
        [wheezy] - irssi <no-dsa> (Minor issue)
        NOTE: https://irssi.org/security/irssi_sa_2018_01.txt
        NOTE: 
https://github.com/irssi/irssi/releases/download/1.0.6/irssi-1.0.5_1.0.6.diff
-CVE-2018-5204
-       RESERVED
-CVE-2018-5203
-       RESERVED
+CVE-2018-5204 (ML Report version Between 2.00.000.0000 and 2.18.628.5980 
contains a ...)
+       TODO: check
+CVE-2018-5203 (DEXTUploadX5 version Between 1.0.0.0 and 2.2.0.0 contains a ...)
+       TODO: check
 CVE-2018-5202 (SKCertService 2.5.5 and earlier contains a vulnerability that 
could ...)
        TODO: check
 CVE-2018-5201 (Hancom Office 2018 10.0.0.8214 and earlier, Hancom Office NEO 
...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c22b889fa6dd9eef41b218bca65409d94ad51e77

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c22b889fa6dd9eef41b218bca65409d94ad51e77
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to