Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 64953563 by security tracker role at 2018-09-28T20:10:38Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,359 @@ +CVE-2018-17764 + RESERVED +CVE-2018-17763 + RESERVED +CVE-2018-17762 + RESERVED +CVE-2018-17761 + RESERVED +CVE-2018-17760 + RESERVED +CVE-2018-17759 + RESERVED +CVE-2018-17758 + RESERVED +CVE-2018-17757 + RESERVED +CVE-2018-17756 + RESERVED +CVE-2018-17755 + RESERVED +CVE-2018-17754 + RESERVED +CVE-2018-17753 + RESERVED +CVE-2018-17752 + RESERVED +CVE-2018-17751 + RESERVED +CVE-2018-17750 + RESERVED +CVE-2018-17749 + RESERVED +CVE-2018-17748 + RESERVED +CVE-2018-17747 + RESERVED +CVE-2018-17746 + RESERVED +CVE-2018-17745 + RESERVED +CVE-2018-17744 + RESERVED +CVE-2018-17743 + RESERVED +CVE-2018-17742 + RESERVED +CVE-2018-17741 + RESERVED +CVE-2018-17740 + RESERVED +CVE-2018-17739 + RESERVED +CVE-2018-17738 + RESERVED +CVE-2018-17737 + RESERVED +CVE-2018-17736 + RESERVED +CVE-2018-17735 + RESERVED +CVE-2018-17734 + RESERVED +CVE-2018-17733 + RESERVED +CVE-2018-17732 + RESERVED +CVE-2018-17731 + RESERVED +CVE-2018-17730 + RESERVED +CVE-2018-17729 + RESERVED +CVE-2018-17728 + RESERVED +CVE-2018-17727 + RESERVED +CVE-2018-17726 + RESERVED +CVE-2018-17725 + RESERVED +CVE-2018-17724 + RESERVED +CVE-2018-17723 + RESERVED +CVE-2018-17722 + RESERVED +CVE-2018-17721 + RESERVED +CVE-2018-17720 + RESERVED +CVE-2018-17719 + RESERVED +CVE-2018-17718 + RESERVED +CVE-2018-17717 + RESERVED +CVE-2018-17716 + RESERVED +CVE-2018-17715 + RESERVED +CVE-2018-17714 + RESERVED +CVE-2018-17713 + RESERVED +CVE-2018-17712 + RESERVED +CVE-2018-17711 + RESERVED +CVE-2018-17710 + RESERVED +CVE-2018-17709 + RESERVED +CVE-2018-17708 + RESERVED +CVE-2018-17707 + RESERVED +CVE-2018-17706 + RESERVED +CVE-2018-17705 + RESERVED +CVE-2018-17704 + RESERVED +CVE-2018-17703 + RESERVED +CVE-2018-17702 + RESERVED +CVE-2018-17701 + RESERVED +CVE-2018-17700 + RESERVED +CVE-2018-17699 + RESERVED +CVE-2018-17698 + RESERVED +CVE-2018-17697 + RESERVED +CVE-2018-17696 + RESERVED +CVE-2018-17695 + RESERVED +CVE-2018-17694 + RESERVED +CVE-2018-17693 + RESERVED +CVE-2018-17692 + RESERVED +CVE-2018-17691 + RESERVED +CVE-2018-17690 + RESERVED +CVE-2018-17689 + RESERVED +CVE-2018-17688 + RESERVED +CVE-2018-17687 + RESERVED +CVE-2018-17686 + RESERVED +CVE-2018-17685 + RESERVED +CVE-2018-17684 + RESERVED +CVE-2018-17683 + RESERVED +CVE-2018-17682 + RESERVED +CVE-2018-17681 + RESERVED +CVE-2018-17680 + RESERVED +CVE-2018-17679 + RESERVED +CVE-2018-17678 + RESERVED +CVE-2018-17677 + RESERVED +CVE-2018-17676 + RESERVED +CVE-2018-17675 + RESERVED +CVE-2018-17674 + RESERVED +CVE-2018-17673 + RESERVED +CVE-2018-17672 + RESERVED +CVE-2018-17671 + RESERVED +CVE-2018-17670 + RESERVED +CVE-2018-17669 + RESERVED +CVE-2018-17668 + RESERVED +CVE-2018-17667 + RESERVED +CVE-2018-17666 + RESERVED +CVE-2018-17665 + RESERVED +CVE-2018-17664 + RESERVED +CVE-2018-17663 + RESERVED +CVE-2018-17662 + RESERVED +CVE-2018-17661 + RESERVED +CVE-2018-17660 + RESERVED +CVE-2018-17659 + RESERVED +CVE-2018-17658 + RESERVED +CVE-2018-17657 + RESERVED +CVE-2018-17656 + RESERVED +CVE-2018-17655 + RESERVED +CVE-2018-17654 + RESERVED +CVE-2018-17653 + RESERVED +CVE-2018-17652 + RESERVED +CVE-2018-17651 + RESERVED +CVE-2018-17650 + RESERVED +CVE-2018-17649 + RESERVED +CVE-2018-17648 + RESERVED +CVE-2018-17647 + RESERVED +CVE-2018-17646 + RESERVED +CVE-2018-17645 + RESERVED +CVE-2018-17644 + RESERVED +CVE-2018-17643 + RESERVED +CVE-2018-17642 + RESERVED +CVE-2018-17641 + RESERVED +CVE-2018-17640 + RESERVED +CVE-2018-17639 + RESERVED +CVE-2018-17638 + RESERVED +CVE-2018-17637 + RESERVED +CVE-2018-17636 + RESERVED +CVE-2018-17635 + RESERVED +CVE-2018-17634 + RESERVED +CVE-2018-17633 + RESERVED +CVE-2018-17632 + RESERVED +CVE-2018-17631 + RESERVED +CVE-2018-17630 + RESERVED +CVE-2018-17629 + RESERVED +CVE-2018-17628 + RESERVED +CVE-2018-17627 + RESERVED +CVE-2018-17626 + RESERVED +CVE-2018-17625 + RESERVED +CVE-2018-17624 + RESERVED +CVE-2018-17623 + RESERVED +CVE-2018-17622 + RESERVED +CVE-2018-17621 + RESERVED +CVE-2018-17620 + RESERVED +CVE-2018-17619 + RESERVED +CVE-2018-17618 + RESERVED +CVE-2018-17617 + RESERVED +CVE-2018-17616 + RESERVED +CVE-2018-17615 + RESERVED +CVE-2018-17614 + RESERVED +CVE-2018-17613 (Telegram Desktop (aka tdesktop) 1.3.16 alpha, when "Use proxy" is ...) + TODO: check +CVE-2018-17612 + RESERVED +CVE-2018-17611 (Foxit PhantomPDF and Reader before 9.3 allow remote attackers to ...) + TODO: check +CVE-2018-17610 (Foxit PhantomPDF and Reader before 9.3 allow remote attackers to ...) + TODO: check +CVE-2018-17609 (Foxit PhantomPDF and Reader before 9.3 allow remote attackers to ...) + TODO: check +CVE-2018-17608 (Foxit PhantomPDF and Reader before 9.3 allow remote attackers to ...) + TODO: check +CVE-2018-17607 (Foxit PhantomPDF and Reader before 9.3 allow remote attackers to ...) + TODO: check +CVE-2018-17606 + RESERVED +CVE-2018-17605 (An issue was discovered in the Asset Pipeline plugin before 3.0.4 for ...) + TODO: check +CVE-2018-17604 + RESERVED +CVE-2018-17603 + RESERVED +CVE-2018-17602 + RESERVED +CVE-2018-17601 + RESERVED +CVE-2018-17600 + RESERVED +CVE-2018-17599 + RESERVED +CVE-2018-17598 + RESERVED +CVE-2018-17597 + RESERVED +CVE-2018-17596 + RESERVED +CVE-2018-17595 + RESERVED +CVE-2018-17594 + RESERVED +CVE-2018-17593 + RESERVED +CVE-2018-17592 + RESERVED +CVE-2018-17591 + RESERVED +CVE-2018-17590 + RESERVED +CVE-2018-17589 + RESERVED +CVE-2018-17588 + RESERVED +CVE-2018-17587 + RESERVED CVE-2018-17586 RESERVED CVE-2018-17585 @@ -6,12 +362,12 @@ CVE-2018-17584 RESERVED CVE-2018-17583 RESERVED -CVE-2018-17582 - RESERVED -CVE-2018-17581 - RESERVED -CVE-2018-17580 - RESERVED +CVE-2018-17582 (tcpreplay v4.3.0 contains a heap-based buffer over-read. The ...) + TODO: check +CVE-2018-17581 (CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has ...) + TODO: check +CVE-2018-17580 (A heap-based buffer over-read exists in the function fast_edit_packet() ...) + TODO: check CVE-2018-17579 RESERVED CVE-2018-17578 @@ -20,15 +376,15 @@ CVE-2018-17577 RESERVED CVE-2018-17576 RESERVED -CVE-2018-17575 - RESERVED -CVE-2018-17574 - RESERVED +CVE-2018-17575 (SWA SWA.JACAD 3.1.37 Build 024 has SQL Injection via the ...) + TODO: check +CVE-2018-17574 (An issue was discovered in YMFE YApi 1.3.23. There is stored XSS in the ...) + TODO: check CVE-2018-17573 (The Wp-Insert plugin through 2.4.2 for WordPress allows upload of ...) TODO: check CVE-2018-17572 RESERVED -CVE-2018-17571 (Vanilla before 2.6.3 allows XSS via the email field of a profile. ...) +CVE-2018-17571 (Vanilla before 2.6.1 allows XSS via the email field of a profile. ...) TODO: check CVE-2018-17570 (utils/ut_ws_svr.c in ViaBTC Exchange Server before 2018-08-21 has an ...) NOT-FOR-US: ViaBTC Exchange Server @@ -94,7 +450,7 @@ CVE-2018-17540 RESERVED CVE-2018-17539 RESERVED -CVE-2018-17538 (Axon (formerly TASER International) Evidence Sync 3.15.89 is vulnerable ...) +CVE-2018-17538 (** DISPUTED ** Axon (formerly TASER International) Evidence Sync ...) NOT-FOR-US: Axon Evidence Sync CVE-2018-17537 RESERVED @@ -918,10 +1274,10 @@ CVE-2018-17157 RESERVED CVE-2018-17156 RESERVED -CVE-2018-17155 - RESERVED -CVE-2018-17154 - RESERVED +CVE-2018-17155 (In FreeBSD before 11.2-STABLE(r338983), 11.2-RELEASE-p4, ...) + TODO: check +CVE-2018-17154 (In FreeBSD before 11.2-STABLE(r338987), 11.2-RELEASE-p4, and ...) + TODO: check CVE-2018-1000802 (Python Software Foundation Python (CPython) version 2.7 contains a ...) {DSA-4306-1 DLA-1520-1 DLA-1519-1} - python3.7 <not-affected> (Fixed before initial upload) @@ -4333,8 +4689,8 @@ CVE-2018-15766 RESERVED CVE-2018-15765 RESERVED -CVE-2018-15764 - RESERVED +CVE-2018-15764 (Dell EMC ESRS Policy Manager versions 6.8 and prior contain a remote ...) + TODO: check CVE-2018-15763 RESERVED CVE-2018-15762 @@ -5276,8 +5632,8 @@ CVE-2018-15367 RESERVED CVE-2018-15366 RESERVED -CVE-2018-15365 - RESERVED +CVE-2018-15365 (A Reflected Cross-Site Scripting (XSS) vulnerability in Trend Micro ...) + TODO: check CVE-2018-15364 (A Named Pipe Request Processing Out-of-Bounds Read Information ...) NOT-FOR-US: Trend Micro CVE-2018-15363 (An Out-of-Bounds Read Privilege Escalation vulnerability in Trend ...) @@ -6910,13 +7266,12 @@ CVE-2018-14650 (It was discovered that sos-collector does not properly set the d CVE-2018-14649 RESERVED NOT-FOR-US: ceph-iscsi-cli -CVE-2018-14648 [Mishandled search requests in servers/slapd/search.c:do_search() allows for denial of service] - RESERVED +CVE-2018-14648 (A flaw was found in 389 Directory Server. A specially crafted search ...) - 389-ds-base <unfixed> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1630668 TODO: check, not much detail provided CVE-2018-14647 (Python's elementtree C accelerator failed to initialise Expat's hash ...) - {DSA-4306-1} + {DSA-4307-1 DSA-4306-1} - python3.7 3.7.0-7 - python3.6 3.6.7~rc1-1 - python3.5 <unfixed> @@ -16256,12 +16611,12 @@ CVE-2018-11077 RESERVED CVE-2018-11076 RESERVED -CVE-2018-11075 - RESERVED -CVE-2018-11074 - RESERVED -CVE-2018-11073 - RESERVED +CVE-2018-11075 (RSA Authentication Manager versions prior to 8.3 P3 contain a ...) + TODO: check +CVE-2018-11074 (RSA Authentication Manager versions prior to 8.3 P3 are affected by a ...) + TODO: check +CVE-2018-11073 (RSA Authentication Manager versions prior to 8.3 P3 contain a stored ...) + TODO: check CVE-2018-11072 RESERVED CVE-2018-11071 (Dell EMC Isilon OneFS versions 7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1.x, ...) @@ -27603,8 +27958,8 @@ CVE-2018-6927 (The futex_requeue function in kernel/futex.c in the Linux kernel NOTE: Fixed by: https://git.kernel.org/linus/fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a CVE-2018-6926 (In app/Controller/ServersController.php in MISP 2.4.87, a server ...) NOT-FOR-US: MISP -CVE-2018-6925 - RESERVED +CVE-2018-6925 (In FreeBSD before 11.2-STABLE(r338986), 11.2-RELEASE-p4, ...) + TODO: check CVE-2018-6924 (In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p3, 11.1-RELEASE-p14, ...) TODO: check CVE-2018-6923 (In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p2, 11.1-RELEASE-p13, ip ...) @@ -32489,8 +32844,8 @@ CVE-2018-5395 RESERVED CVE-2018-5394 RESERVED -CVE-2018-5393 - RESERVED +CVE-2018-5393 (The TP-LINK EAP Controller is TP-LINK's software for remotely ...) + TODO: check CVE-2018-5392 (mingw-w64 version 5.0.4 by default produces executables that opt in to ...) - mingw-w64 <unfixed> (unimportant) NOTE: https://sourceforge.net/p/mingw-w64/mailman/message/31034877/ @@ -42386,12 +42741,12 @@ CVE-2018-1706 RESERVED CVE-2018-1705 (IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum ...) NOT-FOR-US: IBM Platform Symphony -CVE-2018-1704 - RESERVED +CVE-2018-1704 (IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum ...) + TODO: check CVE-2018-1703 RESERVED -CVE-2018-1702 - RESERVED +CVE-2018-1702 (IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum ...) + TODO: check CVE-2018-1701 RESERVED CVE-2018-1700 @@ -44108,18 +44463,18 @@ CVE-2018-1253 (RSA Authentication Manager Operation Console, versions 8.3 P1 and NOT-FOR-US: RSA Authentication Manager Operation Console CVE-2018-1252 (RSA Web Threat Detection versions prior to 6.4, contain an SQL ...) NOT-FOR-US: RSA Web Threat Detection -CVE-2018-1251 - RESERVED -CVE-2018-1250 - RESERVED +CVE-2018-1251 (Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 ...) + TODO: check +CVE-2018-1250 (Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 ...) + TODO: check CVE-2018-1249 (Dell EMC iDRAC9 versions prior to 3.21.21.21 did not enforce the use ...) NOT-FOR-US: EMC CVE-2018-1248 (RSA Authentication Manager Security Console, Operation Console and ...) NOT-FOR-US: RSA Authentication Mamager CVE-2018-1247 (RSA Authentication Manager Security Console, version 8.3 and earlier, ...) NOT-FOR-US: RSA Authentication Manager -CVE-2018-1246 - RESERVED +CVE-2018-1246 (Dell EMC Unity and UnityVSA contains reflected cross-site scripting ...) + TODO: check CVE-2018-1245 (RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 ...) NOT-FOR-US: RSA CVE-2018-1244 (Dell EMC iDRAC7/iDRAC8, versions prior to 2.60.60.60, and iDRAC9 ...) @@ -44892,7 +45247,7 @@ CVE-2018-1063 (Context relabeling of filesystems is vulnerable to symbolic link CVE-2018-1062 (A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the ...) NOT-FOR-US: ovirt-engine CVE-2018-1061 (python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is ...) - {DSA-4306-1 DLA-1520-1 DLA-1519-1} + {DSA-4307-1 DSA-4306-1 DLA-1520-1 DLA-1519-1} - python3.7 3.7.0~b3-1 (low) - python3.6 3.6.5~rc1-1 (low) - python3.5 3.5.6-1 (low) @@ -44911,7 +45266,7 @@ CVE-2018-1061 (python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7. NOTE: https://github.com/python/cpython/commit/942cc04ae44825ea120e3a19a80c9b348b8194d0 (3.4) NOTE: https://github.com/python/cpython/commit/e052d40cea15f582b50947f7d906b39744dc62a2 (2.7) CVE-2018-1060 (python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is ...) - {DSA-4306-1 DLA-1520-1 DLA-1519-1} + {DSA-4307-1 DSA-4306-1 DLA-1520-1 DLA-1519-1} - python3.7 3.7.0~b3-1 (low) - python3.6 3.6.5~rc1-1 (low) - python3.5 3.5.6-1 (low) @@ -48647,7 +49002,7 @@ CVE-2017-1000164 (Tine 2.0 version 2017.02.4 is vulnerable to XSS in the Address CVE-2017-1000160 (EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting ...) NOT-FOR-US: EllisLab ExpressionEngine CVE-2017-1000158 (CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow ...) - {DLA-1520-1 DLA-1519-1 DLA-1190-1 DLA-1189-1} + {DSA-4307-1 DLA-1520-1 DLA-1519-1 DLA-1190-1 DLA-1189-1} - python3.5 3.5.5-1 - python3.4 <removed> - python2.7 2.7.13-4 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/649535637331b169fc3d384a72171c6cb42e00e0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/649535637331b169fc3d384a72171c6cb42e00e0 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits