Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 4aab2359 by security tracker role at 2018-07-09T20:14:25+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,14 @@ +CVE-2018-13787 (Certain Supermicro X11S, X10, X9, X8SI, K1SP, C9X299, C7, B1, A2, and ...) + TODO: check +CVE-2018-13786 + RESERVED +CVE-2018-13785 (In libpng 1.6.34, a wrong calculation of row_factor in the ...) + TODO: check +CVE-2018-13784 (PrestaShop before 1.6.1.20 and 1.7.x before 1.7.3.4 mishandles cookie ...) + TODO: check +CVE-2018-1000612 + REJECTED + TODO: check CVE-2018-13783 (The mintToken function of a smart contract implementation for ...) NOT-FOR-US: smart contract implementation for JiucaiToken CVE-2018-13782 (The mintToken function of a smart contract implementation for ENTER ...) @@ -1075,8 +1086,8 @@ CVE-2018-13258 RESERVED CVE-2018-13257 RESERVED -CVE-2018-13256 - RESERVED +CVE-2018-13256 (PHP Scripts Mall Auditor Website 2.0.1 has XSS via the lastname or ...) + TODO: check CVE-2018-13255 RESERVED CVE-2018-13254 @@ -1561,8 +1572,8 @@ CVE-2018-13036 RESERVED CVE-2018-13035 RESERVED -CVE-2018-13034 - RESERVED +CVE-2018-13034 (Directory traversal in Jester web framework 0.2.0 allows remote ...) + TODO: check CVE-2018-13033 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed ...) - binutils <unfixed> (low) [stretch] - binutils <ignored> (Minor issue) @@ -1688,8 +1699,8 @@ CVE-2018-12979 RESERVED CVE-2018-12978 RESERVED -CVE-2018-12977 - RESERVED +CVE-2018-12977 (A SQL injection vulnerability in the SoftExpert (SE) Excellence Suite ...) + TODO: check CVE-2018-12976 (In Go Doc Dot Org (gddo) through 2018-06-27, an attacker could use ...) NOT-FOR-US: Go Doc Dot Org CVE-2018-12975 @@ -2622,8 +2633,8 @@ CVE-2018-1000500 (Busybox contains a Missing SSL certificate validation vulnerab - busybox <unfixed> (unimportant) NOTE: Intentional design decision: NOTE: https://git.busybox.net/busybox/tree/networking/wget.c?id=8bc418f07eab79a9c8d26594629799f6157a9466#n74 -CVE-2018-1000404 - RESERVED +CVE-2018-1000404 (Jenkins project Jenkins AWS CodeBuild Plugin version 0.26 and earlier ...) + TODO: check CVE-2018-12637 RESERVED CVE-2018-12636 (The iThemes Security (better-wp-security) plugin before 7.0.3 for ...) @@ -2694,12 +2705,12 @@ CVE-2018-12609 RESERVED CVE-2018-12608 RESERVED -CVE-2018-1000403 - RESERVED -CVE-2018-1000402 - RESERVED -CVE-2018-1000401 - RESERVED +CVE-2018-1000403 (Jenkins project Jenkins AWS CodeDeploy Plugin version 1.19 and earlier ...) + TODO: check +CVE-2018-1000402 (Jenkins project Jenkins AWS CodeDeploy Plugin version 1.19 and earlier ...) + TODO: check +CVE-2018-1000401 (Jenkins project Jenkins AWS CodePipeline Plugin version 0.36 and ...) + TODO: check CVE-2018-12607 [gitlab: Persistent XSS in charts] RESERVED - gitlab <unfixed> (bug #902726) @@ -5456,12 +5467,12 @@ CVE-2018-11545 (md4c 0.2.5 has a heap-based buffer overflow in md_merge_lines be NOT-FOR-US: md4c CVE-2018-11544 (The Olive Tree Ftp Server application 1.32 for Android has Insecure ...) NOT-FOR-US: Olive Tree Ftp Server application -CVE-2018-11543 - RESERVED -CVE-2018-11542 - RESERVED -CVE-2018-11541 - RESERVED +CVE-2018-11543 (A Local File Inclusion (LFI) vulnerability in the Sonus SBC 1000 / SBC ...) + TODO: check +CVE-2018-11542 (A Remote Command Execution (RCE) vulnerability in the Sonus SBC 1000 / ...) + TODO: check +CVE-2018-11541 (A root privilege escalation vulnerability in the Sonus SBC 1000 / SBC ...) + TODO: check CVE-2018-XXXX [gitlab: Removing public deploy keys regression] [experimental] - gitlab 10.7.5+dfsg-1 - gitlab <unfixed> (bug #900522) @@ -17949,20 +17960,20 @@ CVE-2018-6859 (SQL Injection exists in PHP Scripts Mall Schools Alert Management NOT-FOR-US: PHP Scripts Mall Schools Alert Management Script CVE-2018-6858 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Facebook Clone ...) NOT-FOR-US: PHP Scripts Mall Facebook Clone Script -CVE-2018-6857 - RESERVED -CVE-2018-6856 - RESERVED -CVE-2018-6855 - RESERVED -CVE-2018-6854 - RESERVED -CVE-2018-6853 - RESERVED -CVE-2018-6852 - RESERVED -CVE-2018-6851 - RESERVED +CVE-2018-6857 (Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before ...) + TODO: check +CVE-2018-6856 (Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before ...) + TODO: check +CVE-2018-6855 (Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before ...) + TODO: check +CVE-2018-6854 (Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before ...) + TODO: check +CVE-2018-6853 (Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before ...) + TODO: check +CVE-2018-6852 (Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before ...) + TODO: check +CVE-2018-6851 (Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before ...) + TODO: check CVE-2018-6850 RESERVED CVE-2018-6849 (In the WebRTC component in DuckDuckGo 4.2.0, after visiting a web site ...) @@ -18002,12 +18013,12 @@ CVE-2018-6834 (static/js/pad_utils.js in Etherpad Lite before v1.6.3 has XSS via - etherpad-lite <itp> (bug #576998) CVE-2018-6833 RESERVED -CVE-2018-6832 - RESERVED -CVE-2018-6831 - RESERVED -CVE-2018-6830 - RESERVED +CVE-2018-6832 (Stack-based buffer overflow in the getSWFlag function in Foscam ...) + TODO: check +CVE-2018-6831 (The setSystemTime function in Foscam Cameras C1 Lite V3, and C1 V3 ...) + TODO: check +CVE-2018-6830 (Directory traversal vulnerability in Foscam Cameras C1 Lite V3, and C1 ...) + TODO: check CVE-2018-6829 (cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt ...) - libgcrypt20 <unfixed> (unimportant) - libgcrypt11 <removed> (unimportant) @@ -23783,127 +23794,121 @@ CVE-2018-5004 RESERVED CVE-2018-5003 RESERVED -CVE-2018-5002 - RESERVED +CVE-2018-5002 (Adobe Flash Player versions 29.0.0.171 and earlier have a Stack-based ...) NOT-FOR-US: Adobe -CVE-2018-5001 - RESERVED +CVE-2018-5001 (Adobe Flash Player versions 29.0.0.171 and earlier have an ...) NOT-FOR-US: Adobe -CVE-2018-5000 - RESERVED +CVE-2018-5000 (Adobe Flash Player versions 29.0.0.171 and earlier have an Integer ...) NOT-FOR-US: Adobe -CVE-2018-4999 - RESERVED -CVE-2018-4998 - RESERVED -CVE-2018-4997 - RESERVED -CVE-2018-4996 - RESERVED -CVE-2018-4995 - RESERVED +CVE-2018-4999 (Adobe Acrobat and Reader versions 2018.009.20050 and earlier, ...) + TODO: check +CVE-2018-4998 (Adobe Acrobat and Reader versions 2018.009.20050 and earlier, ...) + TODO: check +CVE-2018-4997 (Adobe Acrobat and Reader versions 2018.009.20050 and earlier, ...) + TODO: check +CVE-2018-4996 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, ...) + TODO: check +CVE-2018-4995 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, ...) + TODO: check CVE-2018-4994 (Adobe Connect versions 9.7.5 and earlier have an exploitable ...) NOT-FOR-US: Adobe -CVE-2018-4993 - RESERVED +CVE-2018-4993 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, ...) + TODO: check CVE-2018-4992 (Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier ...) NOT-FOR-US: Adobe CVE-2018-4991 (Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier ...) NOT-FOR-US: Adobe -CVE-2018-4990 - RESERVED -CVE-2018-4989 - RESERVED -CVE-2018-4988 - RESERVED -CVE-2018-4987 - RESERVED -CVE-2018-4986 - RESERVED -CVE-2018-4985 - RESERVED -CVE-2018-4984 - RESERVED -CVE-2018-4983 - RESERVED -CVE-2018-4982 - RESERVED -CVE-2018-4981 - RESERVED -CVE-2018-4980 - RESERVED -CVE-2018-4979 - RESERVED -CVE-2018-4978 - RESERVED -CVE-2018-4977 - RESERVED -CVE-2018-4976 - RESERVED -CVE-2018-4975 - RESERVED -CVE-2018-4974 - RESERVED -CVE-2018-4973 - RESERVED -CVE-2018-4972 - RESERVED -CVE-2018-4971 - RESERVED -CVE-2018-4970 - RESERVED -CVE-2018-4969 - RESERVED -CVE-2018-4968 - RESERVED -CVE-2018-4967 - RESERVED -CVE-2018-4966 - RESERVED -CVE-2018-4965 - RESERVED -CVE-2018-4964 - RESERVED -CVE-2018-4963 - RESERVED -CVE-2018-4962 - RESERVED -CVE-2018-4961 - RESERVED -CVE-2018-4960 - RESERVED -CVE-2018-4959 - RESERVED -CVE-2018-4958 - RESERVED -CVE-2018-4957 - RESERVED -CVE-2018-4956 - RESERVED -CVE-2018-4955 - RESERVED -CVE-2018-4954 - RESERVED -CVE-2018-4953 - RESERVED -CVE-2018-4952 - RESERVED +CVE-2018-4990 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, ...) + TODO: check +CVE-2018-4989 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, ...) + TODO: check +CVE-2018-4988 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, ...) + TODO: check +CVE-2018-4987 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, ...) + TODO: check +CVE-2018-4986 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, ...) + TODO: check +CVE-2018-4985 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, ...) + TODO: check +CVE-2018-4984 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, ...) + TODO: check +CVE-2018-4983 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, ...) + TODO: check +CVE-2018-4982 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, ...) + TODO: check +CVE-2018-4981 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, ...) + TODO: check +CVE-2018-4980 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, ...) + TODO: check +CVE-2018-4979 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, ...) + TODO: check +CVE-2018-4978 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, ...) + TODO: check +CVE-2018-4977 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, ...) + TODO: check +CVE-2018-4976 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, ...) + TODO: check +CVE-2018-4975 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, ...) + TODO: check +CVE-2018-4974 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, ...) + TODO: check +CVE-2018-4973 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, ...) + TODO: check +CVE-2018-4972 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, ...) + TODO: check +CVE-2018-4971 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, ...) + TODO: check +CVE-2018-4970 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, ...) + TODO: check +CVE-2018-4969 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, ...) + TODO: check +CVE-2018-4968 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, ...) + TODO: check +CVE-2018-4967 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, ...) + TODO: check +CVE-2018-4966 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, ...) + TODO: check +CVE-2018-4965 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, ...) + TODO: check +CVE-2018-4964 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, ...) + TODO: check +CVE-2018-4963 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, ...) + TODO: check +CVE-2018-4962 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, ...) + TODO: check +CVE-2018-4961 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, ...) + TODO: check +CVE-2018-4960 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, ...) + TODO: check +CVE-2018-4959 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, ...) + TODO: check +CVE-2018-4958 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, ...) + TODO: check +CVE-2018-4957 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, ...) + TODO: check +CVE-2018-4956 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, ...) + TODO: check +CVE-2018-4955 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, ...) + TODO: check +CVE-2018-4954 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, ...) + TODO: check +CVE-2018-4953 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, ...) + TODO: check +CVE-2018-4952 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, ...) NOT-FOR-US: VMware Xenon -CVE-2018-4951 - RESERVED -CVE-2018-4950 - RESERVED -CVE-2018-4949 - RESERVED -CVE-2018-4948 - RESERVED -CVE-2018-4947 - RESERVED +CVE-2018-4951 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, ...) + TODO: check +CVE-2018-4950 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, ...) + TODO: check +CVE-2018-4949 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, ...) + TODO: check +CVE-2018-4948 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, ...) + TODO: check +CVE-2018-4947 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, ...) NOT-FOR-US: VMware Xenon -CVE-2018-4946 - RESERVED -CVE-2018-4945 - RESERVED +CVE-2018-4946 (Adobe Photoshop CC versions 19.1.3 and earlier, 18.1.3 and earlier, and ...) + TODO: check +CVE-2018-4945 (Adobe Flash Player versions 29.0.0.171 and earlier have a Type ...) NOT-FOR-US: Adobe CVE-2018-4944 (Adobe Flash Player versions 29.0.0.140 and earlier have an exploitable ...) NOT-FOR-US: Adobe @@ -24165,8 +24170,8 @@ CVE-2018-4860 (A vulnerability has been identified in SCALANCE M875 (All version NOT-FOR-US: SCALANCE CVE-2018-4859 (A vulnerability has been identified in SCALANCE M875 (All versions). ...) NOT-FOR-US: SCALANCE -CVE-2018-4858 - RESERVED +CVE-2018-4858 (A vulnerability has been identified in IEC 61850 system configurator ...) + TODO: check CVE-2018-4857 RESERVED CVE-2018-4856 (A vulnerability has been identified in SICLOCK TC100 (All versions) ...) @@ -32522,8 +32527,8 @@ CVE-2018-1550 RESERVED CVE-2018-1549 RESERVED -CVE-2018-1548 - RESERVED +CVE-2018-1548 (IBM API Connect 2018.1.0.0, 2018.2.1, 2018.2.2, 2018.2.3, and 2018.2.4 ...) + TODO: check CVE-2018-1547 (IBM Robotic Process Automation with Automation Anywhere 10.0 could ...) NOT-FOR-US: IBM CVE-2018-1546 (IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker ...) @@ -38061,8 +38066,8 @@ CVE-2017-16892 (In Bftpd before 4.7, there is a memory leak in the file rename . NOTE: http://bftpd.sourceforge.net/news.html#032390 CVE-2017-16891 RESERVED -CVE-2017-16890 - RESERVED +CVE-2017-16890 (SWFTools 0.9.2 has a divide-by-zero error in the wav_convert2mono ...) + TODO: check CVE-2017-16889 RESERVED CVE-2017-16888 @@ -67242,8 +67247,7 @@ CVE-2017-7472 (The KEYS subsystem in the Linux kernel before 4.10.13 allows loca [jessie] - linux 3.16.43-1 NOTE: https://lkml.org/lkml/2017/4/1/235 NOTE: https://lkml.org/lkml/2017/4/3/724 -CVE-2017-7471 [9p: virtfs allows guest to change filesystem attributes on host] - RESERVED +CVE-2017-7471 (Quick Emulator (Qemu) built with the VirtFS, host directory sharing ...) {DLA-1035-1} - qemu 1:2.8+dfsg-5 (bug #860785) [jessie] - qemu <not-affected> (Vulnerable code introduced with fix for CVE-2016-9602) @@ -80518,10 +80522,10 @@ CVE-2017-3200 (The Java implementation of AMF3 deserializers used in GraniteDS, NOT-FOR-US: AMF3 deserialisers CVE-2017-3199 (The Java implementation of GraniteDS, version 3.1.1.GA, AMF3 ...) NOT-FOR-US: AMF3 deserialisers -CVE-2017-3198 - RESERVED -CVE-2017-3197 - RESERVED +CVE-2017-3198 (GIGABYTE BRIX UEFI firmware does not cryptographically validate images ...) + TODO: check +CVE-2017-3197 (GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 (version F6) and ...) + TODO: check CVE-2017-3196 (PCAUSA Rawether framework does not properly validate BPF data, ...) NOT-FOR-US: PCAUSA Rawether CVE-2017-3195 (Commvault Edge Communication Service (cvd) prior to version 11 SP7 or ...) @@ -103599,7 +103603,7 @@ CVE-2016-5017 (Buffer overflow in the C cli shell in Apache Zookeeper before 3.4 CVE-2016-5016 (Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and ...) NOT-FOR-US: Pivotal Cloud Foundry CVE-2016-5015 - RESERVED + REJECTED CVE-2016-5014 (In Moodle 2.x and 3.x, an unenrolled user still receives event monitor ...) - moodle <not-affected> (Only affects 2.8 and later) NOTE: https://moodle.org/mod/forum/discuss.php?d=336699 @@ -105359,7 +105363,7 @@ CVE-2016-4468 (SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before CVE-2016-4467 (The C client and C-based client bindings in the Apache Qpid Proton ...) - qpid-proton <not-affected> (Windows-specific) CVE-2016-4466 - RESERVED + REJECTED CVE-2016-4465 (The URLValidator class in Apache Struts 2 2.3.20 through 2.3.28.1 and ...) - libstruts1.2-java <not-affected> (Only affects 2.3.20 to 2.3.28.1 and 2.5) NOTE: https://struts.apache.org/docs/s2-041.html @@ -146240,7 +146244,7 @@ CVE-2015-0231 (Use-after-free vulnerability in the process_nested_data function NOTE: Upstream fix: https://github.com/php/php-src/commit/b585a3aed7880a5fa5c18e2b838fc96f40e075bd NOTE: in unstable actually incomplete fix was not yet applied, so n/a but wheezy is CVE-2015-0230 - RESERVED + REJECTED CVE-2015-0229 REJECTED CVE-2015-0228 (The lua_websocket_read function in lua_request.c in the mod_lua module ...) @@ -181078,8 +181082,8 @@ CVE-2013-3019 RESERVED CVE-2013-3018 (The AXIS webapp in deploy-tomcat/axis in IBM Tivoli Application ...) NOT-FOR-US: IBM -CVE-2013-3017 - RESERVED +CVE-2013-3017 (IBM Tivoli Application Dependency Discovery Manager (TADDM) before ...) + TODO: check CVE-2013-3016 (IBM WebSphere Portal 6.1, 7.0, and 8.0 allows remote attackers to ...) NOT-FOR-US: IBM WebSphere CVE-2013-3015 @@ -181110,12 +181114,12 @@ CVE-2013-3003 (Unspecified vulnerability in SOAP Gateway in IBM IMS Enterprise S NOT-FOR-US: IBM CVE-2013-3002 RESERVED -CVE-2013-3001 - RESERVED -CVE-2013-3000 - RESERVED -CVE-2013-2999 - RESERVED +CVE-2013-3001 (Directory traversal vulnerability in IBM InfoSphere Data Replication ...) + TODO: check +CVE-2013-3000 (SQL injection vulnerability in IBM InfoSphere Data Replication ...) + TODO: check +CVE-2013-2999 (Cross-site scripting (XSS) vulnerability in IBM InfoSphere Data ...) + TODO: check CVE-2013-2998 (frontcontroller.jsp in IBM Maximo Asset Management 7.x before 7.5.0.6 ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2013-2997 (IBM Security AppScan Enterprise before 8.7 does not invalidate the ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4aab23595b2229f9d1e39f61146c35491cbf765c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4aab23595b2229f9d1e39f61146c35491cbf765c You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits