diff options
author | security tracker role <sectracker@soriano.debian.org> | 2018-07-25 20:10:28 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2018-07-25 20:10:28 +0000 |
commit | 2de95921c8a7db31ada5007e060db26113631155 (patch) | |
tree | fa4c7c77843cd10091f4efb0c95ce6e8bc2a6c0a /data | |
parent | 445b1909271cfaed25d14a2197a6f9004213a069 (diff) |
automatic update
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/list | 92 |
1 files changed, 52 insertions, 40 deletions
diff --git a/data/CVE/list b/data/CVE/list index 40e02d56e6..50b6d14765 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,15 @@ +CVE-2018-14597 + RESERVED +CVE-2018-1002208 (sharplibzip before 1.0 RC1 is vulnerable to directory traversal, ...) + TODO: check +CVE-2018-1002207 (mholt/archiver golang package before ...) + TODO: check +CVE-2018-1002206 (SharpCompress before 0.21.0 is vulnerable to directory traversal, ...) + TODO: check +CVE-2018-1002205 (DotNetZip.Semvered before 1.11.0 is vulnerable to directory traversal, ...) + TODO: check +CVE-2018-1002203 (unzipper npm library before 0.8.13 is vulnerable to directory ...) + TODO: check CVE-2018-14596 (wancms 1.0 through 5.0 allows remote attackers to cause a denial of ...) NOT-FOR-US: wancms CVE-2018-14595 @@ -6783,18 +6795,18 @@ CVE-2018-12066 (BIRD Internet Routing Daemon before 1.6.4 allows local users to [jessie] - bird <no-dsa> (Minor issue) NOTE: https://gitlab.labs.nic.cz/labs/bird/blob/v1.6.4/NEWS#L11 NOTE: Fixed by: https://gitlab.labs.nic.cz/labs/bird/commit/e8bc64e308586b6502090da2775af84cd760ed0d -CVE-2018-1002209 [arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file] +CVE-2018-1002209 (QuaZIP before 0.7.6 is vulnerable to directory traversal, allowing ...) - libquazip 0.7.6-1 (bug #902786) [stretch] - libquazip <no-dsa> (Minor issue) [jessie] - libquazip <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1593011 -CVE-2018-1002204 [nodejs-adm-zip: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file] +CVE-2018-1002204 (adm-zip npm library before 0.4.9 is vulnerable to directory traversal, ...) NOT-FOR-US: adm-zip nodejs module -CVE-2018-1002202 [Arbitrary File Write via Archive Extraction] +CVE-2018-1002202 (zip4j before 1.3.3 is vulnerable to directory traversal, allowing ...) NOT-FOR-US: zip4j -CVE-2018-1002201 +CVE-2018-1002201 (zt-zip before 1.13 is vulnerable to directory traversal, allowing ...) NOT-FOR-US: zt-zip -CVE-2018-1002200 [arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file] +CVE-2018-1002200 (plexus-archiver before 3.6.0 is vulnerable to directory traversal, ...) {DSA-4227-1} - plexus-archiver 3.6.0-1 (bug #900953) NOTE: https://github.com/codehaus-plexus/plexus-archiver/pull/87 @@ -7715,8 +7727,8 @@ CVE-2018-11493 (An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF ...) NOT-FOR-US: WUZHI CMS CVE-2018-11492 RESERVED -CVE-2018-11491 - RESERVED +CVE-2018-11491 (ASUS HG100 devices with firmware before 1.05.12 allow unauthenticated ...) + TODO: check CVE-2018-11490 (The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly ...) - giflib <unfixed> (bug #904114) [stretch] - giflib <no-dsa> (Minor issue) @@ -9328,7 +9340,8 @@ CVE-2018-XXXX [Incomplete fix for CVE-2018-10886] NOTE: https://github.com/apache/ant/commit/6a41d62cb9ab4e640b72cb4de42a6c211dea645d NOTE: https://github.com/apache/ant/commit/5a8c37b271677587046bfd0fea18c1675d5a6300 NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=62502 -CVE-2018-10886 (ant before version 1.9.12 unzip and untar targets allows the ...) +CVE-2018-10886 + REJECTED {DSA-4255-1 DLA-1431-1} - ant 1.10.4-1 NOTE: Fixed upstream in 1.9.12 and 1.10.4 @@ -9361,8 +9374,7 @@ CVE-2018-10881 - linux 4.17.3-1 [stretch] - linux 4.9.110-1 NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200015 -CVE-2018-10880 - RESERVED +CVE-2018-10880 (Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 ...) {DLA-1423-1} - linux 4.17.3-1 [stretch] - linux 4.9.110-1 @@ -19786,10 +19798,10 @@ CVE-2018-6974 RESERVED CVE-2018-6973 RESERVED -CVE-2018-6972 - RESERVED -CVE-2018-6971 - RESERVED +CVE-2018-6972 (VMware ESXi (6.7 before ESXi670-201806401-BG, 6.5 before ...) + TODO: check +CVE-2018-6971 (VMware Horizon View Agents (7.x.x before 7.5.1) contain a local ...) + TODO: check CVE-2018-6970 RESERVED CVE-2018-6969 (VMware Tools (10.x and prior before 10.3.0) contains an out-of-bounds ...) @@ -24482,20 +24494,20 @@ CVE-2018-5544 RESERVED CVE-2018-5543 RESERVED -CVE-2018-5542 - RESERVED -CVE-2018-5541 - RESERVED +CVE-2018-5542 (F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.6, or 11.2.1-11.6.3.2 HTTPS ...) + TODO: check +CVE-2018-5541 (When F5 BIG-IP ASM 13.0.0-13.1.0.1, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, ...) + TODO: check CVE-2018-5540 (On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, or ...) NOT-FOR-US: F5 BIG-IP -CVE-2018-5539 - RESERVED -CVE-2018-5538 - RESERVED -CVE-2018-5537 - RESERVED -CVE-2018-5536 - RESERVED +CVE-2018-5539 (Under certain conditions, on F5 BIG-IP ASM 13.0.0-13.1.0.7, ...) + TODO: check +CVE-2018-5538 (On F5 BIG-IP DNS 13.1.0-13.1.0.7, 12.1.3-12.1.3.5, DNS Express / DNS ...) + TODO: check +CVE-2018-5537 (A remote attacker may be able to disrupt services on F5 BIG-IP ...) + TODO: check +CVE-2018-5536 (A remote attacker via undisclosed measures, may be able to exploit an ...) + TODO: check CVE-2018-5535 (On F5 BIG-IP 13.0.0-13.1.0, 12.1.0-12.1.3, or 11.2.1-11.6.3 ...) NOT-FOR-US: F5 BIG-IP CVE-2018-5534 (Under certain conditions on F5 BIG-IP 13.1.0-13.1.0.5, 13.0.0, ...) @@ -24504,10 +24516,10 @@ CVE-2018-5533 (Under certain conditions on F5 BIG-IP 13.0.0, 12.1.0-12.1.2, ...) NOT-FOR-US: F5 BIG-IP CVE-2018-5532 (On F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 ...) NOT-FOR-US: F5 BIG-IP -CVE-2018-5531 - RESERVED -CVE-2018-5530 - RESERVED +CVE-2018-5531 (Through undisclosed methods, on F5 BIG-IP 13.0.0-13.1.0.7, ...) + TODO: check +CVE-2018-5530 (F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, or 11.6.0-11.6.3.1 virtual ...) + TODO: check CVE-2018-5529 (The svpn component of the F5 BIG-IP APM client prior to version 7.1.7 ...) NOT-FOR-US: F5 BIG-IP CVE-2018-5528 (Under certain conditions, TMM may restart and produce a core file ...) @@ -25309,8 +25321,8 @@ CVE-2018-5242 (Norton App Lock prior to version 1.3.0.329 can be susceptible to NOT-FOR-US: Norton App Lock CVE-2018-5241 (Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, ...) NOT-FOR-US: Symantec -CVE-2018-5240 - RESERVED +CVE-2018-5240 (The Inventory Plugin for Symantec Management Agent prior to 7.6 POST ...) + TODO: check CVE-2018-5239 (Norton App Lock prior to v1.3.0.332 can be susceptible to a bypass ...) NOT-FOR-US: Norton CVE-2018-5238 @@ -59031,14 +59043,14 @@ CVE-2017-10939 REJECTED CVE-2017-10938 REJECTED -CVE-2017-10937 - RESERVED -CVE-2017-10936 - RESERVED -CVE-2017-10935 - RESERVED -CVE-2017-10934 - RESERVED +CVE-2017-10937 (SQL injection vulnerability in all versions prior to V2.01.05.09 of ...) + TODO: check +CVE-2017-10936 (SQL injection vulnerability in all versions prior to V4.01.01 of the ...) + TODO: check +CVE-2017-10935 (All versions prior to ZSRV2 V3.00.40 of the ZTE ZXR10 1800-2S products ...) + TODO: check +CVE-2017-10934 (All versions prior to V5.09.02.02T4 of the ZTE ZXIPTV-EPG product use ...) + TODO: check CVE-2017-10933 (All versions prior to V2.06.00.00 of ZTE ZXDT22 SF01, an monitoring ...) NOT-FOR-US: ZTE ZXDT22 SF01 CVE-2017-10932 (All versions prior to V12.17.20 of the ZTE Microwave NR8000 series ...) |