Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2a90d052 by security tracker role at 2019-01-10T08:10:17Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,317 @@
-CVE-2019-5882 [Use after free when hidden lines were expired from the scroll
buffer]
+CVE-2019-5884 (php/elFinder.class.php in elFinder before 2.1.45 leaks
information if ...)
+ TODO: check
+CVE-2019-5883
+ RESERVED
+CVE-2019-5881
+ RESERVED
+CVE-2019-5880
+ RESERVED
+CVE-2019-5879
+ RESERVED
+CVE-2019-5878
+ RESERVED
+CVE-2019-5877
+ RESERVED
+CVE-2019-5876
+ RESERVED
+CVE-2019-5875
+ RESERVED
+CVE-2019-5874
+ RESERVED
+CVE-2019-5873
+ RESERVED
+CVE-2019-5872
+ RESERVED
+CVE-2019-5871
+ RESERVED
+CVE-2019-5870
+ RESERVED
+CVE-2019-5869
+ RESERVED
+CVE-2019-5868
+ RESERVED
+CVE-2019-5867
+ RESERVED
+CVE-2019-5866
+ RESERVED
+CVE-2019-5865
+ RESERVED
+CVE-2019-5864
+ RESERVED
+CVE-2019-5863
+ RESERVED
+CVE-2019-5862
+ RESERVED
+CVE-2019-5861
+ RESERVED
+CVE-2019-5860
+ RESERVED
+CVE-2019-5859
+ RESERVED
+CVE-2019-5858
+ RESERVED
+CVE-2019-5857
+ RESERVED
+CVE-2019-5856
+ RESERVED
+CVE-2019-5855
+ RESERVED
+CVE-2019-5854
+ RESERVED
+CVE-2019-5853
+ RESERVED
+CVE-2019-5852
+ RESERVED
+CVE-2019-5851
+ RESERVED
+CVE-2019-5850
+ RESERVED
+CVE-2019-5849
+ RESERVED
+CVE-2019-5848
+ RESERVED
+CVE-2019-5847
+ RESERVED
+CVE-2019-5846
+ RESERVED
+CVE-2019-5845
+ RESERVED
+CVE-2019-5844
+ RESERVED
+CVE-2019-5843
+ RESERVED
+CVE-2019-5842
+ RESERVED
+CVE-2019-5841
+ RESERVED
+CVE-2019-5840
+ RESERVED
+CVE-2019-5839
+ RESERVED
+CVE-2019-5838
+ RESERVED
+CVE-2019-5837
+ RESERVED
+CVE-2019-5836
+ RESERVED
+CVE-2019-5835
+ RESERVED
+CVE-2019-5834
+ RESERVED
+CVE-2019-5833
+ RESERVED
+CVE-2019-5832
+ RESERVED
+CVE-2019-5831
+ RESERVED
+CVE-2019-5830
+ RESERVED
+CVE-2019-5829
+ RESERVED
+CVE-2019-5828
+ RESERVED
+CVE-2019-5827
+ RESERVED
+CVE-2019-5826
+ RESERVED
+CVE-2019-5825
+ RESERVED
+CVE-2019-5824
+ RESERVED
+CVE-2019-5823
+ RESERVED
+CVE-2019-5822
+ RESERVED
+CVE-2019-5821
+ RESERVED
+CVE-2019-5820
+ RESERVED
+CVE-2019-5819
+ RESERVED
+CVE-2019-5818
+ RESERVED
+CVE-2019-5817
+ RESERVED
+CVE-2019-5816
+ RESERVED
+CVE-2019-5815
+ RESERVED
+CVE-2019-5814
+ RESERVED
+CVE-2019-5813
+ RESERVED
+CVE-2019-5812
+ RESERVED
+CVE-2019-5811
+ RESERVED
+CVE-2019-5810
+ RESERVED
+CVE-2019-5809
+ RESERVED
+CVE-2019-5808
+ RESERVED
+CVE-2019-5807
+ RESERVED
+CVE-2019-5806
+ RESERVED
+CVE-2019-5805
+ RESERVED
+CVE-2019-5804
+ RESERVED
+CVE-2019-5803
+ RESERVED
+CVE-2019-5802
+ RESERVED
+CVE-2019-5801
+ RESERVED
+CVE-2019-5800
+ RESERVED
+CVE-2019-5799
+ RESERVED
+CVE-2019-5798
+ RESERVED
+CVE-2019-5797
+ RESERVED
+CVE-2019-5796
+ RESERVED
+CVE-2019-5795
+ RESERVED
+CVE-2019-5794
+ RESERVED
+CVE-2019-5793
+ RESERVED
+CVE-2019-5792
+ RESERVED
+CVE-2019-5791
+ RESERVED
+CVE-2019-5790
+ RESERVED
+CVE-2019-5789
+ RESERVED
+CVE-2019-5788
+ RESERVED
+CVE-2019-5787
+ RESERVED
+CVE-2019-5786
+ RESERVED
+CVE-2019-5785
+ RESERVED
+CVE-2019-5784
+ RESERVED
+CVE-2019-5783
+ RESERVED
+CVE-2019-5782
+ RESERVED
+CVE-2019-5781
+ RESERVED
+CVE-2019-5780
+ RESERVED
+CVE-2019-5779
+ RESERVED
+CVE-2019-5778
+ RESERVED
+CVE-2019-5777
+ RESERVED
+CVE-2019-5776
+ RESERVED
+CVE-2019-5775
+ RESERVED
+CVE-2019-5774
+ RESERVED
+CVE-2019-5773
+ RESERVED
+CVE-2019-5772
+ RESERVED
+CVE-2019-5771
+ RESERVED
+CVE-2019-5770
+ RESERVED
+CVE-2019-5769
+ RESERVED
+CVE-2019-5768
+ RESERVED
+CVE-2019-5767
+ RESERVED
+CVE-2019-5766
+ RESERVED
+CVE-2019-5765
+ RESERVED
+CVE-2019-5764
+ RESERVED
+CVE-2019-5763
+ RESERVED
+CVE-2019-5762
+ RESERVED
+CVE-2019-5761
+ RESERVED
+CVE-2019-5760
+ RESERVED
+CVE-2019-5759
+ RESERVED
+CVE-2019-5758
+ RESERVED
+CVE-2019-5757
+ RESERVED
+CVE-2019-5756
+ RESERVED
+CVE-2019-5755
+ RESERVED
+CVE-2019-5754
+ RESERVED
+CVE-2018-20682 (Fork CMS 5.0.6 allows stored XSS via the private/en/settings
...)
+ TODO: check
+CVE-2018-20681 (mate-screensaver before 1.20.2 in MATE Desktop Environment
allows ...)
+ TODO: check
+CVE-2018-1000426 (A cross-site scripting vulnerability exists in Jenkins Git
Changelog ...)
+ TODO: check
+CVE-2018-1000425 (An insufficiently protected credentials vulnerability exists
in ...)
+ TODO: check
+CVE-2018-1000424 (An insufficiently protected credentials vulnerability exists
in ...)
+ TODO: check
+CVE-2018-1000423 (An insufficiently protected credentials vulnerability exists
in ...)
+ TODO: check
+CVE-2018-1000422 (An improper authorization vulnerability exists in Jenkins
Crowd 2 ...)
+ TODO: check
+CVE-2018-1000421 (An improper authorization vulnerability exists in Jenkins
Mesos Plugin ...)
+ TODO: check
+CVE-2018-1000420 (An improper authorization vulnerability exists in Jenkins
Mesos Plugin ...)
+ TODO: check
+CVE-2018-1000419 (An improper authorization vulnerability exists in Jenkins
HipChat ...)
+ TODO: check
+CVE-2018-1000418 (An improper authorization vulnerability exists in Jenkins
HipChat ...)
+ TODO: check
+CVE-2018-1000417 (A cross-site request forgery vulnerability exists in Jenkins
Email ...)
+ TODO: check
+CVE-2018-1000416 (A reflected cross-site scripting vulnerability exists in
Jenkins Job ...)
+ TODO: check
+CVE-2018-1000415 (A cross-site scripting vulnerability exists in Jenkins
Rebuilder ...)
+ TODO: check
+CVE-2018-1000414 (A cross-site request forgery vulnerability exists in Jenkins
Config ...)
+ TODO: check
+CVE-2018-1000413 (A cross-site scripting vulnerability exists in Jenkins
Config File ...)
+ TODO: check
+CVE-2018-1000412 (An improper authorization vulnerability exists in Jenkins
Jira Plugin ...)
+ TODO: check
+CVE-2018-1000411 (A cross-site request forgery vulnerability exists in Jenkins
JUnit ...)
+ TODO: check
+CVE-2018-1000410 (An information exposure vulnerability exists in Jenkins
2.145 and ...)
+ TODO: check
+CVE-2018-1000409 (A session fixation vulnerability exists in Jenkins 2.145 and
earlier, ...)
+ TODO: check
+CVE-2018-1000408 (A denial of service vulnerability exists in Jenkins 2.145
and earlier, ...)
+ TODO: check
+CVE-2018-1000407 (A cross-site scripting vulnerability exists in Jenkins 2.145
and ...)
+ TODO: check
+CVE-2018-1000406 (A path traversal vulnerability exists in Jenkins 2.145 and
earlier, ...)
+ TODO: check
+CVE-2016-10736 (The "Social Pug - Easy Social Share Buttons" plugin
before 1.2.6 for ...)
+ TODO: check
+CVE-2019-5882 (Irssi 1.1.x before 1.1.2 has a use after free when hidden lines
are ...)
- irssi <unfixed> (bug #918865)
NOTE: https://irssi.org/security/irssi_sa_2019_01.txt
NOTE: https://github.com/irssi/irssi/pull/948
NOTE:
https://github.com/irssi/irssi//commit/8684ccb45c267fdeaaa779fce9323047aa5a9e38
-CVE-2018-20683 [security issue in optional bundle helper ("rsync" command)]
+CVE-2018-20683 (commands/rsync in Gitolite before 3.6.11, if .gitolite.rc
enables ...)
- gitolite3 <unfixed> (bug #918849)
[stretch] - gitolite3 <no-dsa> (Minor issue)
[jessie] - gitolite3 <no-dsa> (Minor issue)
@@ -4636,8 +4944,7 @@ CVE-2019-3500 (aria2c in aria2 1.33.1, when --log is
used, can store an HTTP Bas
NOTE:
https://github.com/aria2/aria2/commit/37368130ca7de5491a75fd18a20c5c5cc641824a
CVE-2019-3499
RESERVED
-CVE-2019-3498 [Content spoofing possibility in the default 404 page]
- RESERVED
+CVE-2019-3498 (In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x
before ...)
{DSA-4363-1 DLA-1629-1}
- python-django 1:1.11.18-1 (bug #918230)
NOTE:
https://www.djangoproject.com/weblog/2019/jan/04/security-releases/
@@ -5091,6 +5398,7 @@ CVE-2018-20551 (A reachable Object::getString assertion
in Poppler 0.72.0 allows
CVE-2018-20550
RESERVED
CVE-2018-20549 (There is an illegal WRITE memory access at caca/file.c
(function ...)
+ {DLA-1631-1}
- libcaca <unfixed> (bug #917807)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652628
NOTE: https://github.com/cacalabs/libcaca/issues/41
@@ -5103,11 +5411,13 @@ CVE-2018-20548 (There is an illegal WRITE memory access
at common-image.c (funct
NOTE:
https://github.com/cacalabs/libcaca/commit/3e52dabe3e64dc50f4422effe364a1457a8a8592
NOTE: Debian binary packages built with the Imlib2 library
CVE-2018-20547 (There is an illegal READ memory access at caca/dither.c
(function ...)
+ {DLA-1631-1}
- libcaca <unfixed> (bug #917807)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652624
NOTE: https://github.com/cacalabs/libcaca/issues/39
NOTE: Fixed by:
https://github.com/cacalabs/libcaca/commit/02a09ec9e5ed8981e7a810bfb6a0172dc24f0790
CVE-2018-20546 (There is an illegal READ memory access at caca/dither.c
(function ...)
+ {DLA-1631-1}
- libcaca <unfixed> (bug #917807)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652622
NOTE: https://github.com/cacalabs/libcaca/issues/38
@@ -5120,6 +5430,7 @@ CVE-2018-20545 (There is an illegal WRITE memory access
at common-image.c (funct
NOTE:
https://github.com/cacalabs/libcaca/commit/3e52dabe3e64dc50f4422effe364a1457a8a8592
NOTE: Debian binary packages built with the Imlib2 library
CVE-2018-20544 (There is floating point exception at caca/dither.c (function
...)
+ {DLA-1631-1}
- libcaca <unfixed> (bug #917807)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652627
NOTE: https://github.com/cacalabs/libcaca/issues/36
@@ -23183,92 +23494,90 @@ CVE-2018-16207
RESERVED
CVE-2018-16206
RESERVED
-CVE-2018-16205
- RESERVED
-CVE-2018-16204
- RESERVED
+CVE-2018-16205 (Cross-site scripting vulnerability in GROWI v3.2.3 and earlier
allows ...)
+ TODO: check
+CVE-2018-16204 (Cross-site scripting vulnerability in Google XML Sitemaps
Version ...)
NOT-FOR-US: WordPress plugin google-sitemap-generator
-CVE-2018-16203
- RESERVED
+CVE-2018-16203 (PgpoolAdmin 4.0 and earlier allows remote attackers to bypass
the ...)
NOT-FOR-US: postgresql-pgpoolAdmin
-CVE-2018-16202
- RESERVED
-CVE-2018-16201
- RESERVED
-CVE-2018-16200
- RESERVED
-CVE-2018-16199
- RESERVED
-CVE-2018-16198
- RESERVED
-CVE-2018-16197
- RESERVED
-CVE-2018-16196
- RESERVED
-CVE-2018-16195
- RESERVED
-CVE-2018-16194
- RESERVED
-CVE-2018-16193
- RESERVED
-CVE-2018-16192
- RESERVED
-CVE-2018-16191
- RESERVED
+CVE-2018-16202 (Directory traversal vulnerability in
cordova-plugin-ionic-webview ...)
+ TODO: check
+CVE-2018-16201 (Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home
gateway ...)
+ TODO: check
+CVE-2018-16200 (Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home
gateway ...)
+ TODO: check
+CVE-2018-16199 (Cross-site scripting vulnerability in Toshiba Home gateway
HEM-GW16A ...)
+ TODO: check
+CVE-2018-16198 (Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home
gateway ...)
+ TODO: check
+CVE-2018-16197 (Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home
gateway ...)
+ TODO: check
+CVE-2018-16196 (Multiple Yokogawa products that contain Vnet/IP Open
Communication ...)
+ TODO: check
+CVE-2018-16195 (Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware
Ver1.1.1 ...)
+ TODO: check
+CVE-2018-16194 (Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware
Ver1.1.1 ...)
+ TODO: check
+CVE-2018-16193 (Cross-site scripting vulnerability in Aterm WF1200CR and Aterm
...)
+ TODO: check
+CVE-2018-16192 (Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware
Ver1.1.1 ...)
+ TODO: check
+CVE-2018-16191 (Open redirect vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE
3.0.1, ...)
+ TODO: check
CVE-2018-16190
RESERVED
CVE-2018-16189
RESERVED
-CVE-2018-16188
- RESERVED
-CVE-2018-16187
- RESERVED
-CVE-2018-16186
- RESERVED
-CVE-2018-16185
- RESERVED
-CVE-2018-16184
- RESERVED
-CVE-2018-16183
- RESERVED
-CVE-2018-16182
- RESERVED
-CVE-2018-16181
- RESERVED
-CVE-2018-16180
- RESERVED
-CVE-2018-16179
- RESERVED
-CVE-2018-16178
- RESERVED
-CVE-2018-16177
- RESERVED
-CVE-2018-16176
- RESERVED
-CVE-2018-16175
- RESERVED
-CVE-2018-16174
- RESERVED
-CVE-2018-16173
- RESERVED
-CVE-2018-16172
- RESERVED
-CVE-2018-16171
- RESERVED
-CVE-2018-16170
- RESERVED
-CVE-2018-16169
- RESERVED
-CVE-2018-16168
- RESERVED
-CVE-2018-16167
- RESERVED
-CVE-2018-16166
- RESERVED
-CVE-2018-16165
- RESERVED
-CVE-2018-16164
- RESERVED
+CVE-2018-16188 (SQL injection vulnerability in the RICOH Interactive
Whiteboard D2200 ...)
+ TODO: check
+CVE-2018-16187 (The RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500
V1.3 to ...)
+ TODO: check
+CVE-2018-16186 (RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to
V2.2, ...)
+ TODO: check
+CVE-2018-16185 (RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to
V2.2, ...)
+ TODO: check
+CVE-2018-16184 (RICOH Interactive Whiteboard D2200 V1.6 to V2.2, D5500 V1.6 to
V2.2, ...)
+ TODO: check
+CVE-2018-16183 (An unquoted search path vulnerability in some pre-installed
...)
+ TODO: check
+CVE-2018-16182 (Untrusted search path vulnerability in the installer of MARKET
SPEED ...)
+ TODO: check
+CVE-2018-16181 (HTTP header injection vulnerability in i-FILTER Ver.9.50R05
and ...)
+ TODO: check
+CVE-2018-16180 (Cross-site scripting vulnerability in i-FILTER Ver.9.50R05 and
earlier ...)
+ TODO: check
+CVE-2018-16179 (The Mizuho Direct App for Android version 3.13.0 and earlier
does not ...)
+ TODO: check
+CVE-2018-16178 (Cybozu Garoon 3.0.0 to 4.10.0 allows remote attackers to
bypass access ...)
+ TODO: check
+CVE-2018-16177 (Untrusted search path vulnerability in The installer of
Windows10 Fall ...)
+ TODO: check
+CVE-2018-16176 (Untrusted search path vulnerability in Installer of Mapping
Tool ...)
+ TODO: check
+CVE-2018-16175 (SQL injection vulnerability in the LearnPress prior to version
3.1.0 ...)
+ TODO: check
+CVE-2018-16174 (Open redirect vulnerability in LearnPress prior to version
3.1.0 ...)
+ TODO: check
+CVE-2018-16173 (Cross-site scripting vulnerability in LearnPress prior to
version ...)
+ TODO: check
+CVE-2018-16172 (Improper countermeasure against clickjacking attack in client
...)
+ TODO: check
+CVE-2018-16171 (Directory traversal vulnerability in Cybozu Remote Service
3.0.0 to ...)
+ TODO: check
+CVE-2018-16170 (Directory traversal vulnerability in Cybozu Remote Service
3.0.0 to ...)
+ TODO: check
+CVE-2018-16169 (Cybozu Remote Service 3.0.0 to 3.1.0 allows remote
authenticated ...)
+ TODO: check
+CVE-2018-16168 (LogonTracer 1.2.0 and earlier allows remote attackers to
conduct ...)
+ TODO: check
+CVE-2018-16167 (LogonTracer 1.2.0 and earlier allows remote attackers to
execute ...)
+ TODO: check
+CVE-2018-16166 (LogonTracer 1.2.0 and earlier allows remote attackers to
conduct XML ...)
+ TODO: check
+CVE-2018-16165 (Cross-site scripting vulnerability in LogonTracer 1.2.0 and
earlier ...)
+ TODO: check
+CVE-2018-16164 (Cross-site scripting vulnerability in Event Calendar WD
version 1.1.21 ...)
+ TODO: check
CVE-2018-16163 (OpenDolphin 2.7.0 and earlier allows authenticated attackers
to bypass ...)
NOT-FOR-US: OpenDolphin
CVE-2018-16162 (OpenDolphin 2.7.0 and earlier allows authenticated attackers
to obtain ...)
@@ -67204,22 +67513,22 @@ CVE-2017-17046 (An issue was discovered in Xen
through 4.9.x on the ARM platform
- xen 4.8.2+xsa245-0+deb9u1
[wheezy] - xen <not-affected> (arm not supported)
NOTE: https://xenbits.xen.org/xsa/advisory-245.html
-CVE-2018-0705
- RESERVED
-CVE-2018-0704
- RESERVED
-CVE-2018-0703
- RESERVED
-CVE-2018-0702
- RESERVED
+CVE-2018-0705 (Directory traversal vulnerability in Cybozu Dezie 8.0.2 to
8.1.2 ...)
+ TODO: check
+CVE-2018-0704 (Directory traversal vulnerability in Cybozu Office 10.0.0 to
10.8.1 ...)
+ TODO: check
+CVE-2018-0703 (Directory traversal vulnerability in Cybozu Office 10.0.0 to
10.8.1 ...)
+ TODO: check
+CVE-2018-0702 (Directory traversal vulnerability in Cybozu Mailwise 5.0.0 to
5.4.5 ...)
+ TODO: check
CVE-2018-0701 (BlueStacks App Player (BlueStacks App Player for Windows 3.0.0
to ...)
NOT-FOR-US: BlueStacks App Player
CVE-2018-0700 (YukiWiki 2.1.3 and earlier does not process a particular
request ...)
NOT-FOR-US: YukiWiki
CVE-2018-0699 (Cross-site scripting vulnerability in YukiWiki 2.1.3 and
earlier ...)
NOT-FOR-US: YukiWiki
-CVE-2018-0698
- RESERVED
+CVE-2018-0698 (Cross-site scripting vulnerability in GROWI v3.2.3 and earlier
allows ...)
+ TODO: check
CVE-2018-0697 (Cross-site scripting vulnerability in Metabase version 0.29.3
and ...)
NOT-FOR-US: Metabase
CVE-2018-0696
@@ -67236,10 +67545,10 @@ CVE-2018-0691 (Multiple +Message Apps (Softbank
+Message App for Android prior t
NOT-FOR-US: Softbank +Message App for Android
CVE-2018-0690 (An unvalidated software update vulnerability in Music Center
for PC ...)
NOT-FOR-US: Music Center for PC
-CVE-2018-0689
- RESERVED
-CVE-2018-0688
- RESERVED
+CVE-2018-0689 (HTTP header injection vulnerability in SEIKO EPSON printers and
...)
+ TODO: check
+CVE-2018-0688 (Open redirect vulnerability in SEIKO EPSON printers and
scanners ...)
+ TODO: check
CVE-2018-0687 (Cross-site scripting vulnerability in Denbun by NEOJAPAN Inc.
(Denbun ...)
NOT-FOR-US: NEOJAPAN
CVE-2018-0686 (Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and
earlier, ...)
@@ -67258,12 +67567,12 @@ CVE-2018-0680 (Denbun by NEOJAPAN Inc. (Denbun POP
version V3.3P R4.0 and earlie
NOT-FOR-US: NEOJAPAN
CVE-2018-0679 (Cross-site scripting vulnerability in multiple FXC Inc. network
...)
NOT-FOR-US: FXC
-CVE-2018-0678
- RESERVED
-CVE-2018-0677
- RESERVED
-CVE-2018-0676
- RESERVED
+CVE-2018-0678 (Buffer overflow in BN-SDWBP3 firmware version 1.0.9 and earlier
allows ...)
+ TODO: check
+CVE-2018-0677 (BN-SDWBP3 firmware version 1.0.9 and earlier allows attacker
with ...)
+ TODO: check
+CVE-2018-0676 (BN-SDWBP3 firmware version 1.0.9 and earlier allows an attacker
on the ...)
+ TODO: check
CVE-2018-0675 (AttacheCase ver.3.3.0.0 and earlier allows an arbitrary script
...)
NOT-FOR-US: AttacheCase
CVE-2018-0674 (AttacheCase ver.2.8.4.0 and earlier allows an arbitrary script
...)
@@ -67272,20 +67581,20 @@ CVE-2018-0673 (Directory traversal vulnerability in
Cybozu Garoon 3.5.0 to 4.6.3
NOT-FOR-US: Cybozu Garoon
CVE-2018-0672 (Cross-site scripting vulnerability in Movable Type versions
prior to ...)
- movabletype-opensource <removed>
-CVE-2018-0671
- RESERVED
-CVE-2018-0670
- RESERVED
-CVE-2018-0669
- RESERVED
-CVE-2018-0668
- RESERVED
-CVE-2018-0667
- RESERVED
-CVE-2018-0666
- RESERVED
-CVE-2018-0665
- RESERVED
+CVE-2018-0671 (Privilege escalation vulnerability in INplc-RT 3.08 and earlier
allows ...)
+ TODO: check
+CVE-2018-0670 (INplc-RT 3.08 and earlier allows remote attackers to bypass ...)
+ TODO: check
+CVE-2018-0669 (INplc-RT 3.08 and earlier allows remote attackers to bypass ...)
+ TODO: check
+CVE-2018-0668 (Buffer overflow in INplc-RT 3.08 and earlier allows remote
attackers ...)
+ TODO: check
+CVE-2018-0667 (Untrusted search path vulnerability in Installer of INplc SDK
Express ...)
+ TODO: check
+CVE-2018-0666 (Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51
and ...)
+ TODO: check
+CVE-2018-0665 (Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51
and ...)
+ TODO: check
CVE-2018-0664 (A vulnerability in NoMachine App for Android 5.0.63 and earlier
allows ...)
NOT-FOR-US: NoMachine App for Android
CVE-2018-0663 (Multiple I-O DATA network camera products (TS-WRLP firmware ...)
@@ -67312,8 +67621,8 @@ CVE-2018-0653 (Cross-site scripting vulnerability in
GROWI v.3.1.11 and earlier
NOT-FOR-US: GROWI
CVE-2018-0652 (Cross-site scripting vulnerability in GROWI v.3.1.11 and
earlier ...)
NOT-FOR-US: GROWI
-CVE-2018-0651
- RESERVED
+CVE-2018-0651 (Buffer overflow in the license management function of YOKOGAWA
...)
+ TODO: check
CVE-2018-0650 (The LINE MUSIC for Android version 3.1.0 to versions prior to
3.6.5 ...)
NOT-FOR-US: LINE MUSIC for Android
CVE-2018-0649 (Untrusted search path vulnerability in the installers of
multiple ...)
@@ -67332,40 +67641,40 @@ CVE-2018-0643 (Ubuntu14.04 ORCA (Online Receipt
Computer Advantage) 4.8.0 ...)
NOT-FOR-US: ORCA (Online Receipt Computer Advantage)
CVE-2018-0642 (Cross-site scripting vulnerability in FV Flowplayer Video
Player 6.1.2 ...)
NOT-FOR-US: FV Flowplayer Video Player
-CVE-2018-0641
- RESERVED
-CVE-2018-0640
- RESERVED
-CVE-2018-0639
- RESERVED
-CVE-2018-0638
- RESERVED
-CVE-2018-0637
- RESERVED
-CVE-2018-0636
- RESERVED
-CVE-2018-0635
- RESERVED
-CVE-2018-0634
- RESERVED
-CVE-2018-0633
- RESERVED
-CVE-2018-0632
- RESERVED
-CVE-2018-0631
- RESERVED
-CVE-2018-0630
- RESERVED
-CVE-2018-0629
- RESERVED
-CVE-2018-0628
- RESERVED
-CVE-2018-0627
- RESERVED
-CVE-2018-0626
- RESERVED
-CVE-2018-0625
- RESERVED
+CVE-2018-0641 (Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows
attacker ...)
+ TODO: check
+CVE-2018-0640 (Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows
attacker ...)
+ TODO: check
+CVE-2018-0639 (Aterm HC100RC Ver1.0.1 and earlier allows attacker with
administrator ...)
+ TODO: check
+CVE-2018-0638 (Aterm HC100RC Ver1.0.1 and earlier allows attacker with
administrator ...)
+ TODO: check
+CVE-2018-0637 (Aterm HC100RC Ver1.0.1 and earlier allows attacker with
administrator ...)
+ TODO: check
+CVE-2018-0636 (Aterm HC100RC Ver1.0.1 and earlier allows attacker with
administrator ...)
+ TODO: check
+CVE-2018-0635 (Aterm HC100RC Ver1.0.1 and earlier allows attacker with
administrator ...)
+ TODO: check
+CVE-2018-0634 (Aterm HC100RC Ver1.0.1 and earlier allows attacker with
administrator ...)
+ TODO: check
+CVE-2018-0633 (Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows
attacker ...)
+ TODO: check
+CVE-2018-0632 (Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows
attacker ...)
+ TODO: check
+CVE-2018-0631 (Aterm W300P Ver1.0.13 and earlier allows attacker with
administrator ...)
+ TODO: check
+CVE-2018-0630 (Aterm W300P Ver1.0.13 and earlier allows attacker with
administrator ...)
+ TODO: check
+CVE-2018-0629 (Aterm W300P Ver1.0.13 and earlier allows attacker with
administrator ...)
+ TODO: check
+CVE-2018-0628 (Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker
with ...)
+ TODO: check
+CVE-2018-0627 (Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker
with ...)
+ TODO: check
+CVE-2018-0626 (Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker
with ...)
+ TODO: check
+CVE-2018-0625 (Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker
with ...)
+ TODO: check
CVE-2018-0624 (Untrusted search path vulnerability in Multiple Yayoi 17 Series
...)
NOT-FOR-US: Yayoi
CVE-2018-0623 (Untrusted search path vulnerability in Multiple Yayoi 17 Series
...)
@@ -68247,8 +68556,8 @@ CVE-2018-0284 (A vulnerability in the local status page
functionality of the Cis
NOT-FOR-US: Cisco
CVE-2018-0283 (A vulnerability in the detection engine of Cisco Firepower
System ...)
NOT-FOR-US: Cisco
-CVE-2018-0282
- RESERVED
+CVE-2018-0282 (A vulnerability in the TCP socket code of Cisco IOS and IOS XE
...)
+ TODO: check
CVE-2018-0281 (A vulnerability in the detection engine of Cisco Firepower
System ...)
NOT-FOR-US: Cisco
CVE-2018-0280 (A vulnerability in the Real-Time Transport Protocol (RTP)
bitstream ...)
@@ -68458,8 +68767,8 @@ CVE-2018-0183 (A vulnerability in the CLI parser of
Cisco IOS XE Software could
NOT-FOR-US: Cisco
CVE-2018-0182 (Multiple vulnerabilities in the CLI parser of Cisco IOS XE
Software ...)
NOT-FOR-US: Cisco
-CVE-2018-0181
- RESERVED
+CVE-2018-0181 (A vulnerability in the Redis implementation used by the Cisco
Policy ...)
+ TODO: check
CVE-2018-0180 (Multiple vulnerabilities in the Login Enhancements (Login
Block) ...)
NOT-FOR-US: Cisco
CVE-2018-0179 (Multiple vulnerabilities in the Login Enhancements (Login
Block) ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2a90d0522841c82348c37c15a128709c36fdb827
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2a90d0522841c82348c37c15a128709c36fdb827
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
