diff options
author | security tracker role <sectracker@soriano.debian.org> | 2018-11-16 20:10:23 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2018-11-16 20:10:23 +0000 |
commit | c2ef52ee41118e3c979c7b4b0871309fc5ce2c02 (patch) | |
tree | 9ccf15fb31d6b66d264666492541d94193b2867c /data/CVE | |
parent | 2b687a8a914e79a2120379243be7bf07dc53d92e (diff) |
automatic update
Diffstat (limited to 'data/CVE')
-rw-r--r-- | data/CVE/2001.list | 2 | ||||
-rw-r--r-- | data/CVE/2018.list | 160 |
2 files changed, 94 insertions, 68 deletions
diff --git a/data/CVE/2001.list b/data/CVE/2001.list index 8b70e0f08b..159ca822de 100644 --- a/data/CVE/2001.list +++ b/data/CVE/2001.list @@ -1030,7 +1030,7 @@ CVE-2001-0595 (Buffer overflow in the kcsSUNWIOsolf.so library in Solaris 7 and NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0594 (kcms_configure as included with Solaris 7 and 8 allows a local ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2001-0593 (Ananconda Partners Clipper 3.3 and earlier allows a remote attacker to ...) +CVE-2001-0593 (Anaconda Partners Clipper 3.3 and earlier allows a remote attacker to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0591 (Directory traversal vulnerability in Oracle JSP 1.0.x through 1.1.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker diff --git a/data/CVE/2018.list b/data/CVE/2018.list index b3711bddc3..d45746f614 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -1,3 +1,31 @@ +CVE-2018-19319 (SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=gifts&a=update to ...) + TODO: check +CVE-2018-19318 (SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=manager&a=update to ...) + TODO: check +CVE-2018-19317 + RESERVED +CVE-2018-19316 + RESERVED +CVE-2018-19315 + RESERVED +CVE-2018-19314 + RESERVED +CVE-2018-19313 + RESERVED +CVE-2018-19312 (Centreon 3.4.x allows SQL Injection via the searchVM parameter to the ...) + TODO: check +CVE-2018-19311 (Centreon 3.4.x allows XSS via the Service field to the main.php?p=20201 ...) + TODO: check +CVE-2018-19310 + RESERVED +CVE-2018-19309 + RESERVED +CVE-2018-19308 + RESERVED +CVE-2018-19307 + RESERVED +CVE-2018-19306 + RESERVED CVE-2018-19305 RESERVED CVE-2018-19304 @@ -16,8 +44,8 @@ CVE-2018-19298 RESERVED CVE-2018-19297 RESERVED -CVE-2018-19296 - RESERVED +CVE-2018-19296 (PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object ...) + TODO: check CVE-2018-19295 RESERVED CVE-2018-19294 @@ -1150,34 +1178,34 @@ CVE-2018-19131 (Squid before 4.4 has XSS via a crafted X.509 certificate during - squid3 <removed> (unimportant) NOTE: http://www.squid-cache.org/Advisories/SQUID-2018_4.txt NOTE: Squid in Debian builds without TLS support -CVE-2018-18806 - RESERVED -CVE-2018-18805 - RESERVED -CVE-2018-18804 - RESERVED -CVE-2018-18803 - RESERVED +CVE-2018-18806 (School Equipment Monitoring System 1.0 allows SQL injection via the ...) + TODO: check +CVE-2018-18805 (PointOfSales 1.0 allows SQL injection via the login screen, related to ...) + TODO: check +CVE-2018-18804 (Bakeshop Inventory System 1.0 has SQL injection via the login screen, ...) + TODO: check +CVE-2018-18803 (Curriculum Evaluation System 1.0 allows SQL Injection via the login ...) + TODO: check CVE-2018-18802 RESERVED -CVE-2018-18801 - RESERVED +CVE-2018-18801 (The BSEN Ordering software 1.0 has SQL Injection via ...) + TODO: check CVE-2018-18800 RESERVED -CVE-2018-18799 - RESERVED +CVE-2018-18799 (School Attendance Monitoring System 1.0 has CSRF via ...) + TODO: check CVE-2018-18798 RESERVED -CVE-2018-18797 - RESERVED -CVE-2018-18796 - RESERVED -CVE-2018-18795 - RESERVED -CVE-2018-18794 - RESERVED -CVE-2018-18793 - RESERVED +CVE-2018-18797 (School Attendance Monitoring System 1.0 has CSRF via ...) + TODO: check +CVE-2018-18796 (Library Management System 1.0 has SQL Injection via the "Search for ...) + TODO: check +CVE-2018-18795 (School Event Management System 1.0 has SQL Injection via the ...) + TODO: check +CVE-2018-18794 (School Event Management System 1.0 allows CSRF via ...) + TODO: check +CVE-2018-18793 (School Event Management System 1.0 allows Arbitrary File Upload via ...) + TODO: check CVE-2018-18792 (An issue was discovered in zzcms 8.3. SQL Injection exists in ...) NOT-FOR-US: zzcms CVE-2018-18791 (An issue was discovered in zzcms 8.3. SQL Injection exists in ...) @@ -1243,24 +1271,24 @@ CVE-2018-18764 (An exploitable arbitrary memory read vulnerability exists in the [stretch] - smplayer <not-affected> (Vulnerable code not present) [jessie] - smplayer <not-affected> (Vulnerable code not present) NOTE: 18.5.0~ds1-1 isn't fixed on the source level, but no longer builds the Chromecast support -CVE-2018-18763 - RESERVED +CVE-2018-18763 (SaltOS 3.1 r8126 allows ...) + TODO: check CVE-2018-18762 RESERVED -CVE-2018-18761 - RESERVED -CVE-2018-18760 - RESERVED -CVE-2018-18759 - RESERVED +CVE-2018-18761 (SaltOS 3.1 r8126 allows action=login&querystring=&user=[SQL] SQL ...) + TODO: check +CVE-2018-18760 (RhinOS 3.0 build 1190 allows CSRF. ...) + TODO: check +CVE-2018-18759 (Modbus Slave 7.0.0 in modbus tools has a Buffer Overflow. ...) + TODO: check CVE-2018-18758 RESERVED CVE-2018-18757 RESERVED -CVE-2018-18756 - RESERVED -CVE-2018-18755 - RESERVED +CVE-2018-18756 (Local Server 1.0.9 has a Buffer Overflow via crafted data on Port ...) + TODO: check +CVE-2018-18755 (K-iwi Framework 1775 has SQL Injection via the admin/user/group/update ...) + TODO: check CVE-2018-18754 (ZyXEL VMG3312-B10B 1.00(AAPP.7) devices have a backdoor root account ...) NOT-FOR-US: ZyXEL CVE-2018-18753 (Typecho V1.1 allows remote attackers to send shell commands via ...) @@ -6943,16 +6971,14 @@ CVE-2018-16398 (In Twistlock AuthZ Broker 0.1, regular expressions are mishandle NOT-FOR-US: Twistlock AuthZ Broker CVE-2018-16397 (In LimeSurvey before 3.14.7, an admin user can leverage a "file upload" ...) - limesurvey <itp> (bug #472802) -CVE-2018-16396 [Tainted flags are not propagated in Array#pack and String#unpack with some directives] - RESERVED +CVE-2018-16396 (An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, ...) {DSA-4332-1 DLA-1558-1} - ruby2.5 <unfixed> (bug #911920) - ruby2.3 <removed> - ruby2.1 <removed> NOTE: https://www.ruby-lang.org/en/news/2018/10/17/not-propagated-taint-flag-in-some-formats-of-pack-cve-2018-16396/ NOTE: https://github.com/ruby/ruby/commit/a2958f6743664006d21fc0bafd4ca6214df1d429 -CVE-2018-16395 [OpenSSL::X509::Name equality check does not work correctly] - RESERVED +CVE-2018-16395 (An issue was discovered in the OpenSSL library in Ruby before 2.3.8, ...) {DSA-4332-1 DLA-1558-1} - ruby-openssl <unfixed> (bug #911918) - ruby2.5 <unfixed> (bug #911919) @@ -8699,10 +8725,10 @@ CVE-2018-15695 (ASUSTOR Data Master 3.1.5 and below allows authenticated remote NOT-FOR-US: ASUSTOR Data Master CVE-2018-15694 (ASUSTOR Data Master 3.1.5 and below allows authenticated remote ...) NOT-FOR-US: ASUSTOR Data Master -CVE-2018-15693 - RESERVED -CVE-2018-15692 - RESERVED +CVE-2018-15693 (Inova Partner 5.0.5-RELEASE, Build 0510-0906 and earlier allows ...) + TODO: check +CVE-2018-15692 (Inova Partner 5.0.5-RELEASE, Build 0510-0906 and earlier allows ...) + TODO: check CVE-2018-15691 (Insecure deserialization of a specially crafted serialized object, in ...) NOT-FOR-US: CA Release Automation CVE-2018-15690 @@ -10636,7 +10662,7 @@ CVE-2018-14849 (Tiki before 18.2, 15.7 and 12.14 has XSS via link attributes, re NOTE: https://sourceforge.net/p/tikiwiki/code/66809 CVE-2018-14848 RESERVED -CVE-2018-14847 (Winbox for MikroTik RouterOS through 6.42 allows remote attackers to ...) +CVE-2018-14847 (MikroTik RouterOS through 6.42 allows unauthenticated remote attackers ...) NOT-FOR-US: Winbox for MikroTik RouterOS CVE-2018-14846 RESERVED @@ -25537,10 +25563,10 @@ CVE-2018-9088 RESERVED CVE-2018-9087 RESERVED -CVE-2018-9086 - RESERVED -CVE-2018-9085 - RESERVED +CVE-2018-9086 (In some Lenovo ThinkServer-branded servers, a command injection ...) + TODO: check +CVE-2018-9085 (A write protection lock bit was left unset after boot on an older ...) + TODO: check CVE-2018-9084 RESERVED CVE-2018-9083 @@ -25563,12 +25589,12 @@ CVE-2018-9075 (For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.3 NOT-FOR-US: Lenovo CVE-2018-9074 (For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 ...) NOT-FOR-US: Lenovo -CVE-2018-9073 - RESERVED +CVE-2018-9073 (Lenovo Chassis Management Module (CMM) prior to version 2.0.0 utilizes ...) + TODO: check CVE-2018-9072 RESERVED -CVE-2018-9071 - RESERVED +CVE-2018-9071 (Lenovo Chassis Management Module (CMM) prior to version 2.0.0 allows ...) + TODO: check CVE-2018-9070 (For the Lenovo Smart Assistant Android app versions earlier than ...) NOT-FOR-US: Lenovo CVE-2018-9069 (In some Lenovo IdeaPad consumer notebook models, a race condition in ...) @@ -29898,16 +29924,16 @@ CVE-2018-7365 RESERVED CVE-2018-7364 RESERVED -CVE-2018-7363 - RESERVED -CVE-2018-7362 - RESERVED -CVE-2018-7361 - RESERVED -CVE-2018-7360 - RESERVED -CVE-2018-7359 - RESERVED +CVE-2018-7363 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted ...) + TODO: check +CVE-2018-7362 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted ...) + TODO: check +CVE-2018-7361 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted ...) + TODO: check +CVE-2018-7360 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted ...) + TODO: check +CVE-2018-7359 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted ...) + TODO: check CVE-2018-7358 (ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, ...) NOT-FOR-US: ZTE ZXHN H168N product CVE-2018-7357 (ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, ...) @@ -44245,8 +44271,8 @@ CVE-2018-1799 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) NOT-FOR-US: IBM CVE-2018-1798 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...) NOT-FOR-US: IBM WebSphere Application Server -CVE-2018-1797 - RESERVED +CVE-2018-1797 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using ...) + TODO: check CVE-2018-1796 RESERVED CVE-2018-1795 (IBM Robotic Process Automation with Automation Anywhere Enterprise 10 ...) @@ -44561,8 +44587,8 @@ CVE-2018-1641 RESERVED CVE-2018-1640 RESERVED -CVE-2018-1639 - RESERVED +CVE-2018-1639 (The Report Builder of Jazz Reporting Service 5.0 through 5.0.2 and 6.0 ...) + TODO: check CVE-2018-1638 (IBM API Connect 5.0.0.0-5.0.8.3 Developer Portal does not enforce Two ...) NOT-FOR-US: IBM CVE-2018-1637 |