automatic update

author: security tracker role <sectracker@soriano.debian.org> 2018-10-19 20:10:44 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2018-10-19 20:10:44 +0000
commit: 2eec476fbc83801f83f7c15f776f6ac935d6fe0c (patch)
tree: 4795717c56b1940778d2509cc6854db99613eaeb /data/CVE
parent: 171070b4d16877abce2029b392b30b8ea058128e (diff)
3 files changed, 107 insertions, 31 deletions
diff --git a/data/CVE/2006.list b/data/CVE/2006.list
index f2482f92d8..256251766b 100644
--- a/data/CVE/2006.list
+++ b/data/CVE/2006.list
@@ -14482,7 +14482,7 @@ CVE-2006-0863 (InfoVista PortalSE 2.0 Build 20087 on Solaris 8 allows remote ...
 	NOT-FOR-US: InfoVista PortalSE
 CVE-2006-0862 (Unspecified vulnerability in InfoVista PortalSE 2.0 Build 20087 on ...)
 	NOT-FOR-US: InfoVista PortalSE
-CVE-2006-0861 (Michael Salzer Guestbox 0.6, and other versoins before 0.8, allows ...)
+CVE-2006-0861 (Michael Salzer Guestbox 0.6, and other versions before 0.8, allows ...)
 	NOT-FOR-US: Michael Salzer Guestbox
 CVE-2006-0860 (Multiple cross-site scripting (XSS) vulnerabilities in Michael Salzer ...)
 	NOT-FOR-US: Michael Salzer Guestbox
diff --git a/data/CVE/2017.list b/data/CVE/2017.list
index ab210c88bc..e6591d03c4 100644
--- a/data/CVE/2017.list
+++ b/data/CVE/2017.list
@@ -1,4 +1,4 @@
-CVE-2017-18348
+CVE-2017-18348 (Splunk Enterprise 6.6.x, when configured to run as root but drop ...)
 	NOT-FOR-US: Splunk
 CVE-2017-18347 (Incorrect access control in RDP Level 1 on STMicroelectronics STM32F0 ...)
 	NOT-FOR-US: STMicroelectronics STM32F0 series devices
diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index 325ee9419f..bd6ff0fe45 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -1,3 +1,79 @@
+CVE-2018-18528
+	RESERVED
+CVE-2018-18527 (OwnTicket 2018-05-23 allows SQL Injection via the showTicketId or ...)
+	TODO: check
+CVE-2018-18526
+	RESERVED
+CVE-2018-18525
+	RESERVED
+CVE-2018-18524
+	RESERVED
+CVE-2018-18523
+	RESERVED
+CVE-2018-18522
+	RESERVED
+CVE-2018-18521 (Divide-by-zero vulnerabilities in the function arlib_add_symbols() in ...)
+	TODO: check
+CVE-2018-18520 (An Invalid Memory Address Dereference exists in the function elf_end in ...)
+	TODO: check
+CVE-2018-18519
+	RESERVED
+CVE-2018-18518
+	RESERVED
+CVE-2018-18517
+	RESERVED
+CVE-2018-18516
+	RESERVED
+CVE-2018-18515
+	RESERVED
+CVE-2018-18514
+	RESERVED
+CVE-2018-18513
+	RESERVED
+CVE-2018-18512
+	RESERVED
+CVE-2018-18511
+	RESERVED
+CVE-2018-18510
+	RESERVED
+CVE-2018-18509
+	RESERVED
+CVE-2018-18508
+	RESERVED
+CVE-2018-18507
+	RESERVED
+CVE-2018-18506
+	RESERVED
+CVE-2018-18505
+	RESERVED
+CVE-2018-18504
+	RESERVED
+CVE-2018-18503
+	RESERVED
+CVE-2018-18502
+	RESERVED
+CVE-2018-18501
+	RESERVED
+CVE-2018-18500
+	RESERVED
+CVE-2018-18499
+	RESERVED
+CVE-2018-18498
+	RESERVED
+CVE-2018-18497
+	RESERVED
+CVE-2018-18496
+	RESERVED
+CVE-2018-18495
+	RESERVED
+CVE-2018-18494
+	RESERVED
+CVE-2018-18493
+	RESERVED
+CVE-2018-18492
+	RESERVED
+CVE-2018-18491
+	RESERVED
 CVE-2018-18490
 	RESERVED
 CVE-2018-18489
@@ -236,20 +312,20 @@ CVE-2018-18398
 	RESERVED
 CVE-2018-18397
 	RESERVED
-CVE-2018-18396
-	RESERVED
-CVE-2018-18395
-	RESERVED
-CVE-2018-18394
-	RESERVED
-CVE-2018-18393
-	RESERVED
-CVE-2018-18392
-	RESERVED
-CVE-2018-18391
-	RESERVED
-CVE-2018-18390
-	RESERVED
+CVE-2018-18396 (Remote Code Execution in Moxa ThingsPro IIoT Gateway and Device ...)
+	TODO: check
+CVE-2018-18395 (Hidden Token Access in Moxa ThingsPro IIoT Gateway and Device ...)
+	TODO: check
+CVE-2018-18394 (Sensitive Information Stored in Clear Text in Moxa ThingsPro IIoT ...)
+	TODO: check
+CVE-2018-18393 (Password Management Issue in Moxa ThingsPro IIoT Gateway and Device ...)
+	TODO: check
+CVE-2018-18392 (Privilege Escalation via Broken Access Control in Moxa ThingsPro IIoT ...)
+	TODO: check
+CVE-2018-18391 (User Privilege Escalation in Moxa ThingsPro IIoT Gateway and Device ...)
+	TODO: check
+CVE-2018-18390 (User Enumeration in Moxa ThingsPro IIoT Gateway and Device Management ...)
+	TODO: check
 CVE-2018-18389 (Due to incorrect access control in Neo4j Enterprise Database Server ...)
 	NOT-FOR-US: Neo4J server
 CVE-2018-18388
@@ -5136,7 +5212,7 @@ CVE-2018-16312
 	RESERVED
 CVE-2018-16311
 	RESERVED
-CVE-2018-16310 (Technicolor TG588V V2 devices allow remote attackers to cause a denial ...)
+CVE-2018-16310 (** DISPUTED ** Technicolor TG588V V2 devices allow remote attackers ...)
 	NOT-FOR-US: Technicolor
 CVE-2018-16309
 	REJECTED
@@ -6083,7 +6159,7 @@ CVE-2018-15908 (In Artifex Ghostscript 9.23 before 2018-08-23, attackers are abl
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0d3901189f245232f0161addf215d7268c4d05a3
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699657
 	NOTE: https://www.kb.cert.org/vuls/id/332928
-CVE-2018-15907 (Technicolor (formerly RCA) TC8305C devices allow remote attackers to ...)
+CVE-2018-15907 (** DISPUTED ** Technicolor (formerly RCA) TC8305C devices allow ...)
 	NOT-FOR-US: Technicolor (formerly RCA) TC8305C devices
 CVE-2018-15906
 	RESERVED
@@ -6310,7 +6386,7 @@ CVE-2018-15853 (Endless recursion exists in xkbcomp/expr.c in xkbcommon and ...)
 	[jessie] - libxkbcommon <no-dsa> (Minor issue)
 	NOTE: https://github.com/xkbcommon/libxkbcommon/commit/1f9d1248c07cda8aaff762429c0dce146de8632a
 	NOTE: https://lists.freedesktop.org/archives/wayland-devel/2018-August/039232.html
-CVE-2018-15852 (Technicolor TC7200.20 devices allow remote attackers to cause a denial ...)
+CVE-2018-15852 (** DISPUTED ** Technicolor TC7200.20 devices allow remote attackers ...)
 	NOT-FOR-US: Technicolor
 CVE-2018-15851 (An issue was discovered in Flexo CMS v0.1.6. There is a CSRF ...)
 	NOT-FOR-US: Flexo CMS
@@ -7547,16 +7623,16 @@ CVE-2018-15318
 	RESERVED
 CVE-2018-15317
 	RESERVED
-CVE-2018-15316
-	RESERVED
-CVE-2018-15315
-	RESERVED
-CVE-2018-15314
-	RESERVED
-CVE-2018-15313
-	RESERVED
-CVE-2018-15312
-	RESERVED
+CVE-2018-15316 (In F5 BIG-IP APM 13.0.0-13.1.1.1, APM Client 7.1.5-7.1.6, and/or Edge ...)
+	TODO: check
+CVE-2018-15315 (On F5 BIG-IP 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a reflected ...)
+	TODO: check
+CVE-2018-15314 (On F5 BIG-IP AFM 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a ...)
+	TODO: check
+CVE-2018-15313 (On F5 BIG-IP AFM 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a ...)
+	TODO: check
+CVE-2018-15312 (On F5 BIG-IP 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, a reflected ...)
+	TODO: check
 CVE-2018-15311 (When F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or ...)
 	NOT-FOR-US: F5 BIG-IP
 CVE-2018-15310 (A vulnerability in BIG-IP APM portal access 11.5.1-11.5.7, ...)
@@ -36853,8 +36929,8 @@ CVE-2018-4015
 	RESERVED
 CVE-2018-4014
 	RESERVED
-CVE-2018-4013
-	RESERVED
+CVE-2018-4013 (An exploitable code execution vulnerability exists in the HTTP ...)
+	TODO: check
 CVE-2018-4012
 	RESERVED
 CVE-2018-4011
author	security tracker role <sectracker@soriano.debian.org>	2018-10-19 20:10:44 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2018-10-19 20:10:44 +0000
commit	2eec476fbc83801f83f7c15f776f6ac935d6fe0c (patch)
tree	4795717c56b1940778d2509cc6854db99613eaeb /data/CVE
parent	171070b4d16877abce2029b392b30b8ea058128e (diff)