[Midnightbsd-cvs] mports [24638] trunk/security/vuxml/vuln.xml: update vulnerability list
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Wed Nov 21 21:04:34 EST 2018
Revision: 24638
http://svnweb.midnightbsd.org/mports/?rev=24638
Author: laffer1
Date: 2018-11-21 21:04:34 -0500 (Wed, 21 Nov 2018)
Log Message:
-----------
update vulnerability list
Modified Paths:
--------------
trunk/security/vuxml/vuln.xml
Modified: trunk/security/vuxml/vuln.xml
===================================================================
--- trunk/security/vuxml/vuln.xml 2018-11-22 02:03:56 UTC (rev 24637)
+++ trunk/security/vuxml/vuln.xml 2018-11-22 02:04:34 UTC (rev 24638)
@@ -28,7 +28,7 @@
OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- $FreeBSD: head/security/vuxml/vuln.xml 479568 2018-09-11 20:36:43Z yuri $
+ $FreeBSD: head/security/vuxml/vuln.xml 482299 2018-10-17 15:54:15Z feld $
QUICK GUIDE TO ADDING A NEW ENTRY
@@ -58,6 +58,922 @@
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="2383767c-d224-11e8-9623-a4badb2f4699">
+ <topic>libssh -- authentication bypass vulnerability</topic>
+ <affects>
+ <package>
+ <name>libssh</name>
+ <range><ge>0.6</ge><lt>0.7.6</lt></range>
+ <range><ge>0.8</ge><lt>0.8.4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>gladiac reports:</p>
+ <blockquote cite="https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release/">
+ <p>libssh versions 0.6 and above have an authentication bypass
+ vulnerability in the server code. By presenting the server an
+ SSH2_MSG_USERAUTH_SUCCESS message in place of the
+ SSH2_MSG_USERAUTH_REQUEST message which the server would expect to
+ initiate authentication, the attacker could successfully authentciate
+ without any credentials.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release/</url>
+ <cvename>CVE-2018-10933</cvename>
+ </references>
+ <dates>
+ <discovery>2018-10-16</discovery>
+ <entry>2018-10-17</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="8c08ab4c-d06c-11e8-b35c-001b217b3468">
+ <topic>Libgit2 -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>libgit2</name>
+ <range><lt>0.27.5</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Git community reports:</p>
+ <blockquote cite="https://github.com/libgit2/libgit2/releases/tag/v0.27.5">
+ <p>Multiple vulnerabilities.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://github.com/libgit2/libgit2/releases/tag/v0.27.5</url>
+ <cvename>CVE-2018-17456</cvename>
+ </references>
+ <dates>
+ <discovery>2018-10-05</discovery>
+ <entry>2018-10-15</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="4c11b51e-cd8d-11e8-b0cb-a0f3c100ae18">
+ <topic>Memory leak bug in Toxcore</topic>
+ <affects>
+ <package>
+ <name>toxcore</name>
+ <range><lt>0.2.8,1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Tox project blog reports:</p>
+ <blockquote cite="https://blog.tox.chat/2018/10/memory-leak-bug-and-new-toxcore-release-fixing-it/">
+ <p>A memory leak bug was discovered in Toxcore that can be triggered remotely to
+exhaust one’s system memory, resulting in a denial of service attack.
+The bug is present in the TCP Server module of Toxcore and therefore it
+affects mostly bootstrap nodes. Regular Tox clients generally have the
+TCP Server functionality disabled by default, leaving them unaffected.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://blog.tox.chat/2018/10/memory-leak-bug-and-new-toxcore-release-fixing-it/</url>
+ </references>
+ <dates>
+ <discovery>2018-09-29</discovery>
+ <entry>2018-10-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="cb539d4e-cd68-11e8-8819-00e04c1ea73d">
+ <topic>gitea -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>gitea</name>
+ <range><lt>1.5.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Gitea project reports:</p>
+ <blockquote cite="https://github.com/go-gitea/gitea/issues/4357">
+ <p>CSRF Vulnerability on API.</p>
+ <p>Enforce token on api routes.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://github.com/go-gitea/gitea/issues/4357</url>
+ <url>ttps://github.com/go-gitea/gitea/pull/4840</url>
+ </references>
+ <dates>
+ <discovery>2018-10-01</discovery>
+ <entry>2018-10-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="3350275d-cd5a-11e8-a7be-3497f683cb16">
+ <topic>jenkins -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>jenkins</name>
+ <range><lt>2.146</lt></range>
+ </package>
+ <package>
+ <name>jenkins-lts</name>
+ <range><lt>2.138.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Jenkins Security Advisory:</p>
+ <blockquote cite="https://jenkins.io/security/advisory/2018-10-10/">
+ <h1>Description</h1>
+ <h5>(Low) SECURITY-867</h5>
+ <p>Path traversal vulnerability in Stapler allowed accessing internal data</p>
+ <h5>(Medium) SECURITY-1074</h5>
+ <p>Arbitrary file write vulnerability using file parameter definitions</p>
+ <h5>(Medium) SECURITY-1129</h5>
+ <p>Reflected XSS vulnerability</p>
+ <h5>(Medium) SECURITY-1162</h5>
+ <p>Ephemeral user record was created on some invalid authentication attempts</p>
+ <h5>(Medium) SECURITY-1128</h5>
+ <p>Ephemeral user record creation</p>
+ <h5>(Medium) SECURITY-1158</h5>
+ <p>Session fixation vulnerability on user signup</p>
+ <h5>(Medium) SECURITY-765</h5>
+ <p>Failures to process form submission data could result in secrets being displayed or written to logs</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://jenkins.io/security/advisory/2018-10-10/</url>
+ </references>
+ <dates>
+ <discovery>2018-10-10</discovery>
+ <entry>2018-10-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="a4eb38ea-cc06-11e8-ada4-408d5cf35399">
+ <topic>tinc -- Buffer overflow</topic>
+ <affects>
+ <package>
+ <name>tinc</name>
+ <range><lt>1.0.35</lt></range>
+ </package>
+ <package>
+ <name>tinc-devel</name>
+ <range><lt>1.1pre17</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>tinc-vpn.org reports:</p>
+ <blockquote cite="http://www.tinc-vpn.org/news/">
+ <p>The authentication protocol allows an oracle attack that could
+potentially be exploited.</p>
+ <p>If a man-in-the-middle has intercepted the TCP connection it
+might be able to force plaintext UDP packets between two nodes for up to
+a PingInterval period.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.tinc-vpn.org/git/browse?p=tinc;a=commit;h=d3297fbd3b8c8c8a4661f5bbf89aca5cacba8b5a</url>
+ <url>https://www.tinc-vpn.org/git/browse?p=tinc;a=commit;h=e97943b7cc9c851ae36f5a41e2b6102faa74193f</url>
+ <cvename>CVE-2018-16737</cvename>
+ <cvename>CVE-2018-16738</cvename>
+ <cvename>CVE-2018-16758</cvename>
+ </references>
+ <dates>
+ <discovery>2018-10-08</discovery>
+ <entry>2018-10-09</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="23413442-c8ea-11e8-b35c-001b217b3468">
+ <topic>Gitlab -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>gitlab-ce</name>
+ <range><ge>11.3.0</ge><lt>11.3.4</lt></range>
+ <range><ge>11.2.0</ge><lt>11.2.5</lt></range>
+ <range><ge>10.2.0</ge><lt>11.1.8</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Gitlab reports:</p>
+ <blockquote cite="https://about.gitlab.com/2018/10/05/critical-security-release-11-3-4/">
+ <p>Merge request information disclosure</p>
+ <p>Private project namespace information disclosure</p>
+ <p>Gitlab Flavored Markdown API information disclosure</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://about.gitlab.com/2018/10/05/critical-security-release-11-3-4/</url>
+ <cvename>CVE-2018-17939</cvename>
+ <cvename>CVE-2018-17976</cvename>
+ <cvename>CVE-2018-17975</cvename>
+ </references>
+ <dates>
+ <discovery>2018-10-05</discovery>
+ <entry>2018-10-05</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="8b812395-c739-11e8-ab5b-9c5c8e75236a">
+ <topic>clamav -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>clamav</name>
+ <range><lt>0.100.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p> Joel Esler reports:</p>
+ <blockquote cite="https://blog.clamav.net/2018/10/clamav-01002-has-been-released.html">
+ <ul>
+ <li>CVE-2018-15378:
+ <ul>
+ <li>Vulnerability in ClamAV's MEW unpacking feature that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.</li>
+ <li>Reported by Secunia Research at Flexera.</li>
+ </ul>
+ </li>
+ <li>Fix for a 2-byte buffer over-read bug in ClamAV&s PDF parsing code.
+ <ul>
+ <li>Reported by Alex Gaynor.</li>
+ </ul>
+ </li>
+ <li>CVE-2018-14680:
+ <ul>
+ <li>An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.</li>
+ </ul>
+ </li>
+ <li>CVE-2018-14681:
+ <ul>
+ <li>An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.</li>
+ </ul>
+ </li>
+ <li>CVE-2018-14682:
+ <ul>
+ <li>An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression. Additionally, 0.100.2 reverted 0.100.1's patch for CVE-2018-14679, and applied libmspack's version of the fix in its place.</li>
+ </ul>
+ </li>
+ </ul>
+ <p>.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://blog.clamav.net/2018/10/clamav-01002-has-been-released.html</url>
+ <cvename>CVE-2018-15378</cvename>
+ <cvename>CVE-2018-14680</cvename>
+ <cvename>CVE-2018-14681</cvename>
+ <cvename>CVE-2018-14682</cvename>
+ </references>
+ <dates>
+ <discovery>2018-10-03</discovery>
+ <entry>2018-10-03</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="004d8c23-c710-11e8-98c7-000c29434208">
+ <topic>Django -- password hash disclosure</topic>
+ <affects>
+ <package>
+ <name>py34-django21</name>
+ <name>py35-django21</name>
+ <name>py36-django21</name>
+ <name>py37-django21</name>
+ <range><lt>2.1.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Django release notes:</p>
+ <blockquote cite="https://docs.djangoproject.com/en/2.1/releases/2.1.2/">
+ <p>CVE-2018-16984: Password hash disclosure to "view only" admin users</p>
+ <p>If an admin user has the change permission to the user model, only part
+ of the password hash is displayed in the change form. Admin users with the
+ view (but not change) permission to the user model were displayed the entire
+ hash. While it's typically infeasible to reverse a strong password hash, if
+ your site uses weaker password hashing algorithms such as MD5 or SHA1, it
+ could be a problem.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://docs.djangoproject.com/en/2.1/releases/2.1.2/</url>
+ <cvename>CVE-2018-16984</cvename>
+ </references>
+ <dates>
+ <discovery>2018-10-02</discovery>
+ <entry>2018-10-03</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="c4f39920-781f-4aeb-b6af-17ed566c4272">
+ <topic>mozilla -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>firefox</name>
+ <range><lt>62.0.3,1</lt></range>
+ </package>
+ <package>
+ <name>waterfox</name>
+ <range><lt>56.2.4</lt></range>
+ </package>
+ <package>
+ <name>seamonkey</name>
+ <name>linux-seamonkey</name>
+ <range><lt>2.49.5</lt></range>
+ </package>
+ <package>
+ <name>firefox-esr</name>
+ <range><lt>60.2.2,1</lt></range>
+ </package>
+ <package>
+ <name>linux-firefox</name>
+ <range><lt>60.2.2,2</lt></range>
+ </package>
+ <package>
+ <name>libxul</name>
+ <name>thunderbird</name>
+ <name>linux-thunderbird</name>
+ <range><lt>60.2.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Mozilla Foundation reports:</p>
+ <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/">
+ <h1>CVE-2018-12386: Type confusion in JavaScript</h1>
+ <p>A vulnerability in register allocation in JavaScript can
+ lead to type confusion, allowing for an arbitrary read and
+ write. This leads to remote code execution inside the
+ sandboxed content process when triggered.</p>
+ <h1>CVE-2018-12387: </h1>
+ <p>A vulnerability where the JavaScript JIT compiler inlines
+ Array.prototype.push with multiple arguments that results
+ in the stack pointer being off by 8 bytes after a
+ bailout. This leaks a memory address to the calling
+ function which can be used as part of an exploit inside
+ the sandboxed content process.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2018-12386</cvename>
+ <cvename>CVE-2018-12387</cvename>
+ <url>https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/</url>
+ </references>
+ <dates>
+ <discovery>2018-10-02</discovery>
+ <entry>2018-10-02</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="065b3b72-c5ab-11e8-9ae2-001b217b3468">
+ <topic>Gitlab -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>gitlab-ce</name>
+ <range><ge>11.3.0</ge><lt>11.3.1</lt></range>
+ <range><ge>11.2.0</ge><lt>11.2.4</lt></range>
+ <range><ge>7.6.0</ge><lt>11.1.7</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Gitlab reports:</p>
+ <blockquote cite="https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/">
+ <p>SSRF GCP access token disclosure</p>
+ <p>Persistent XSS on issue details</p>
+ <p>Diff formatter DoS in Sidekiq jobs</p>
+ <p>Confidential information disclosure in events API endpoint</p>
+ <p>validate_localhost function in url_blocker.rb could be bypassed</p>
+ <p>Slack integration CSRF Oauth2</p>
+ <p>GRPC::Unknown logging token disclosure</p>
+ <p>IDOR merge request approvals</p>
+ <p>Persistent XSS package.json</p>
+ <p>Persistent XSS merge request project import</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/</url>
+ <cvename>CVE-2018-17450</cvename>
+ <cvename>CVE-2018-17454</cvename>
+ <cvename>CVE-2018-15472</cvename>
+ <cvename>CVE-2018-17449</cvename>
+ <cvename>CVE-2018-17452</cvename>
+ <cvename>CVE-2018-17451</cvename>
+ <cvename>CVE-2018-17453</cvename>
+ <cvename>CVE-2018-17455</cvename>
+ <cvename>CVE-2018-17537</cvename>
+ <cvename>CVE-2018-17536</cvename>
+ </references>
+ <dates>
+ <discovery>2018-10-01</discovery>
+ <entry>2018-10-01</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="5a757a31-f98e-4bd4-8a85-f1c0f3409769">
+ <topic>pango -- remote DoS vulnerability</topic>
+ <affects>
+ <package>
+ <name>pango</name>
+ <range><lt>1.42.4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15120">
+ <p>libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15120</url>
+ <url>https://www.exploit-db.com/exploits/45263/</url>
+ <url>https://mail.gnome.org/archives/distributor-list/2018-August/msg00001.html</url>
+ <url>https://github.com/GNOME/pango/commit/71aaeaf020340412b8d012fe23a556c0420eda5f</url>
+ <cvename>CVE-2018-15120</cvename>
+ </references>
+ <dates>
+ <discovery>2018-08-06</discovery>
+ <entry>2018-10-01</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="01018916-c47c-11e8-8b07-00e04c1ea73d">
+ <topic>Serendipity -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>serendipity</name>
+ <range><lt>2.1.4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Serendipity reports:</p>
+ <blockquote cite="https://blog.s9y.org/archives/280-Serendipity-2.1.4-and-2.2.1-alpha1-released.html">
+ <p>Security: Fix XSS for pagination, when multi-category selection is used.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://blog.s9y.org/archives/280-Serendipity-2.1.4-and-2.2.1-alpha1-released.html</url>
+ </references>
+ <dates>
+ <discovery>2018-09-20</discovery>
+ <entry>2018-09-30</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="40a844bf-c430-11e8-96dc-000743165db0">
+ <topic>bitcoin -- Denial of Service and Possible Mining Inflation</topic>
+ <affects>
+ <package>
+ <name>bitcoin</name>
+ <name>bitcoin-daemon</name>
+ <range><lt>0.16.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Bitcoin Core reports:</p>
+ <blockquote cite="https://bitcoincore.org/en/2018/09/20/notice/">
+ <p>CVE-2018-17144, a fix for which was released on September 18th in Bitcoin Core versions 0.16.3 and 0.17.0rc4, includes both a Denial of Service component and a critical inflation vulnerability. It was originally reported to several developers working on Bitcoin Core, as well as projects supporting other cryptocurrencies, including ABC and Unlimited on September 17th as a Denial of Service bug only, however we quickly determined that the issue was also an inflation vulnerability with the same root cause and fix.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://bitcoincore.org/en/2018/09/20/notice/</url>
+ <cvename>CVE-2018-17144</cvename>
+ </references>
+ <dates>
+ <discovery>2018-09-17</discovery>
+ <entry>2018-09-29</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="613193a0-c1b4-11e8-ae2d-54e1ad3d6335">
+ <topic>spamassassin -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>spamassassin</name>
+ <range><lt>3.4.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>the Apache Spamassassin project reports:</p>
+ <blockquote cite="https://seclists.org/oss-sec/2018/q3/242">
+ <p>In Apache SpamAssassin, using HTML::Parser, we setup an object and
+ hook into the begin and end tag event handlers In both cases, the
+ "open" event is immediately followed by a "close" event - even if
+ the tag *does not* close in the HTML being parsed.</p>
+ <p>Because of this, we are missing the "text" event to deal with
+ the object normally. This can cause carefully crafted emails that
+ might take more scan time than expected leading to a Denial of
+ Service.</p>
+ <p>Fix a reliance on "." in @INC in one configuration script. Whether
+ this can be exploited in any way is uncertain.</p>
+ <p>Fix a potential Remote Code Execution bug with the PDFInfo plugin.
+ Thanks to cPanel Security Team for their report of this issue.</p>
+ <p> Fourth, this release fixes a local user code injection in the
+ meta rule syntax. Thanks again to cPanel Security Team for their
+ report of this issue.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://seclists.org/oss-sec/2018/q3/242</url>
+ <cvename>CVE-2017-15705</cvename>
+ <cvename>CVE-2016-1238</cvename>
+ <cvename>CVE-2018-11780</cvename>
+ <cvename>CVE-2018-11781</cvename>
+ </references>
+ <dates>
+ <discovery>2018-09-16</discovery>
+ <entry>2018-09-26</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="bad59128-c188-11e8-9d40-f0def10dca57">
+ <topic>wesnoth -- Code Injection vulnerability</topic>
+ <affects>
+ <package>
+ <name>wesnoth</name>
+ <range><ge>1.7.0</ge><lt>1.14.4,1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>shadowm reports:</p>
+ <blockquote cite="https://forums.wesnoth.org/viewtopic.php?t=48528">
+ <p>A severe bug was found in the game client which could allow a malicious user to execute arbitrary code through the Lua engine by using specially-crafted code in add-ons, saves, replays, or networked games. This issue affects all platforms and all existing releases since Wesnoth version 1.7.0.
+ Users of all previous version should upgrade immediately.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2018-1999023</cvename>
+ <url>https://gist.github.com/shikadiqueen/45951ddc981cf8e0d9a74e4b30400380</url>
+ </references>
+ <dates>
+ <discovery>2018-07-14</discovery>
+ <entry>2018-09-26</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="e182c076-c189-11e8-a6d2-b499baebfeaf">
+ <topic>Apache -- Denial of service vulnerability in HTTP/2</topic>
+ <affects>
+ <package>
+ <name>apache24</name>
+ <range><lt>2.4.35</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Apache httpd project reports:</p>
+ <blockquote cite="http://httpd.apache.org/security/vulnerabilities_24.html">
+ <p>low: DoS for HTTP/2 connections by continuous SETTINGS</p>
+ <p>By sending continous SETTINGS frames of maximum size an ongoing
+ HTTP/2 connection could be kept busy and would never time out. This
+ can be abused for a DoS on the server. This only affect a server
+ that has enabled the h2 protocol.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://httpd.apache.org/security/vulnerabilities_24.html</url>
+ <cvename>CVE-2018-11763</cvename>
+ </references>
+ <dates>
+ <discovery>2018-09-25</discovery>
+ <entry>2018-09-26</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="6bf71117-c0c9-11e8-b760-6023b685b1ee">
+ <topic>mantis -- XSS vulnerability</topic>
+ <affects>
+ <package>
+ <name>mantis-php56</name>
+ <name>mantis-php70</name>
+ <name>mantis-php71</name>
+ <name>mantis-php72</name>
+ <range><lt>2.17.1,1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Brian Carpenter reports:</p>
+ <blockquote cite="https://mantisbt.org/bugs/view.php?id=24731">
+ <p>Reflected XSS in view_filters_page.php via core/filter_form_api.php</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2018-16514</cvename>
+ </references>
+ <dates>
+ <discovery>2018-09-03</discovery>
+ <entry>2018-09-25</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="2d6de6a8-fb78-4149-aeda-77fc8f140f06">
+ <topic>smart_proxy_dynflow -- authentication bypass vulnerability</topic>
+ <affects>
+ <package>
+ <name>rubygem-smart_proxy_dynflow</name>
+ <range><lt>0.2.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>MITRE reports:</p>
+ <blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-14643">
+ <p>An authentication bypass flaw was found in the smart_proxy_dynflow
+ component used by Foreman. A malicious attacker can use this flaw to
+ remotely execute arbitrary commands on machines managed by vulnerable
+ Foreman instances, in a highly privileged context.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-14643</url>
+ <url>https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14643</url>
+ <cvename>CVE-2018-14643</cvename>
+ </references>
+ <dates>
+ <discovery>2018-09-20</discovery>
+ <entry>2018-09-22</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="be1aada2-be6c-11e8-8fc6-000c29434208">
+ <topic>mediawiki -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>mediawiki127</name>
+ <range><lt>1.27.5</lt></range>
+ </package>
+ <package>
+ <name>mediawiki129</name>
+ <range><le>1.29.3</le></range>
+ </package>
+ <package>
+ <name>mediawiki130</name>
+ <range><lt>1.30.1</lt></range>
+ </package>
+ <package>
+ <name>mediawiki131</name>
+ <range><lt>1.31.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Mediawiki reports:</p>
+ <blockquote cite="https://lists.wikimedia.org/pipermail/mediawiki-announce/2018-September/000223.html">
+ <p>Security fixes:</p>
+ <p>T169545: $wgRateLimits entry for 'user' overrides 'newbie'.</p>
+ <p>T194605: BotPasswords can bypass CentralAuth's account lock.</p>
+ <p>T187638: When a log event is (partially) hidden Special:Redirect/logid
+ can link to the incorrect log and reveal hidden</p>
+ <p>T193237: Special:BotPasswords should require reauthenticate.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2018-0503</cvename>
+ <cvename>CVE-2018-0505</cvename>
+ <cvename>CVE-2018-0504</cvename>
+ <url>https://lists.wikimedia.org/pipermail/mediawiki-announce/2018-September/000223.html</url>
+ </references>
+ <dates>
+ <discovery>2018-08-29</discovery>
+ <entry>2018-09-22</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="3284d948-140c-4a3e-aa76-3b440e2006a8">
+ <topic>firefox -- Crash in TransportSecurityInfo due to cached data</topic>
+ <affects>
+ <package>
+ <name>firefox</name>
+ <range><lt>62.0.2,1</lt></range>
+ </package>
+ <package>
+ <name>firefox-esr</name>
+ <range><lt>60.2.1,1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Mozilla Foundation reports:</p>
+ <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-22/">
+ <p>A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally installed malware. This issue also triggers a non-exploitable startup crash for users switching between the Nightly and Release versions of Firefox if the same profile is used.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2018-12385</cvename>
+ <url>https://www.mozilla.org/security/advisories/mfsa2018-22/</url>
+ </references>
+ <dates>
+ <discovery>2018-09-21</discovery>
+ <entry>2018-09-21</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="77f67b46-bd75-11e8-81b6-001999f8d30b">
+ <topic>asterisk -- Remote crash vulnerability in HTTP websocket upgrade</topic>
+ <affects>
+ <package>
+ <name>asterisk13</name>
+ <range><lt>13.23.1</lt></range>
+ </package>
+ <package>
+ <name>asterisk15</name>
+ <range><lt>15.6.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Asterisk project reports:</p>
+ <blockquote cite="http://www.asterisk.org/downloads/security-advisories">
+ <p>There is a stack overflow vulnerability in the
+ res_http_websocket.so module of Asterisk that allows an
+ attacker to crash Asterisk via a specially crafted HTTP
+ request to upgrade the connection to a websocket. The
+ attackers request causes Asterisk to run out of stack
+ space and crash.</p>
+ <p>As a workaround disable HTTP websocket access by not
+ loading the res_http_websocket.so module.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://downloads.asterisk.org/pub/security/AST-2018-009.html</url>
+ <cvename>CVE-2018-17281</cvename>
+ </references>
+ <dates>
+ <discovery>2018-08-16</discovery>
+ <entry>2018-09-21</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="074cb225-bb2d-11e8-90e1-fcaa147e860e">
+ <topic>moodle -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>moodle31</name>
+ <range><lt>3.1.14</lt></range>
+ </package>
+ <package>
+ <name>moodle33</name>
+ <range><lt>3.3.8</lt></range>
+ </package>
+ <package>
+ <name>moodle34</name>
+ <range><lt>3.4.5</lt></range>
+ </package>
+ <package>
+ <name>moodle35</name>
+ <range><lt>3.5.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>moodle reports:</p>
+ <blockquote cite="https://moodle.org/mod/forum/discuss.php?d=376023">
+ <p>Moodle XML import of ddwtos could lead to intentional remote code
+ execution</p>
+ <p>QuickForm library remote code vulnerability (upstream)</p>
+ <p>Boost theme - blog search GET parameter insufficiently filtered</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2018-14630</cvename>
+ <cvename>CVE-2018-1999022</cvename>
+ <cvename>CVE-2018-14631</cvename>
+ <url>https://moodle.org/mod/forum/discuss.php?d=376023</url>
+ </references>
+ <dates>
+ <discovery>2018-09-05</discovery>
+ <entry>2018-09-18</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="bf2b9c56-b93e-11e8-b2a8-a4badb296695">
+ <topic>joomla3 -- vulnerabilitiesw</topic>
+ <affects>
+ <package>
+ <name>joomla3</name>
+ <range><lt>3.8.12</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>JSST reports: Multiple low-priority Vulnerabilities</p>
+ <blockquote cite="https://developer.joomla.org/security-centre/743-20180801-core-hardening-the-inputfilter-for-phar-stubs.html">
+ <p>Inadequate checks in the InputFilter class could allow specifically prepared PHAR files to pass the upload filter.</p>
+ </blockquote>
+ <blockquote cite="https://developer.joomla.org/security-centre/744-20180802-core-stored-xss-vulnerability-in-the-frontend-profile.html">
+ <p>Inadequate output filtering on the user profile page could lead to a stored XSS attack.</p>
+ </blockquote>
+ <blockquote cite="https://developer.joomla.org/security-centre/745-20180803-core-acl-violation-in-custom-fields.html">
+ <p>Inadequate checks regarding disabled fields can lead to an ACL violation.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2018-15860</cvename>
+ <cvename>CVE-2018-15881</cvename>
+ <cvename>CVE-2018-15882</cvename>
+ <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15880</url>
+ <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15881</url>
+ <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15882</url>
+ <url>https://developer.joomla.org/security-centre/743-20180801-core-hardening-the-inputfilter-for-phar-stubs.html</url>
+ <url>https://developer.joomla.org/security-centre/744-20180802-core-stored-xss-vulnerability-in-the-frontend-profile.html</url>
+ <url>https://developer.joomla.org/security-centre/745-20180803-core-acl-violation-in-custom-fields.html</url>
+ </references>
+ <dates>
+ <discovery>2018-08-23</discovery>
+ <entry>2018-09-15</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="ab38d9f8-b787-11e8-8e7a-00e04c1ea73d">
+ <topic>mybb -- vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>mybb</name>
+ <range><lt>1.8.19</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>mybb Team reports:</p>
+ <blockquote cite="https://blog.mybb.com/2018/09/11/mybb-1-8-19-released-security-maintenance-release/">
+ <p>High risk: Email field SQL Injection.</p>
+ <p>Medium risk: Video MyCode Persistent XSS in Visual Editor.</p>
+ <p>Low risk: Insufficient permission check in User CP’s attachment management.</p>
+ <p>Low risk: Insufficient email address verification.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://blog.mybb.com/2018/09/11/mybb-1-8-19-released-security-maintenance-release/</url>
+ </references>
+ <dates>
+ <discovery>2018-09-11</discovery>
+ <entry>2018-09-13</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="a67c122a-b693-11e8-ac58-a4badb2f4699">
+ <topic>FreeBSD -- Improper ELF header parsing</topic>
+ <affects>
+ <package>
+ <name>FreeBSD-kernel</name>
+ <range><ge>11.2</ge><lt>11.2_3</lt></range>
+ <range><ge>11.1</ge><lt>11.1_14</lt></range>
+ <range><ge>10.4</ge><lt>10.4_12</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>Insufficient validation was performed in the ELF header
+ parser, and malformed or otherwise invalid ELF binaries
+ were not rejected as they should be.</p>
+ <h1>Impact:</h1>
+ <p>Execution of a malicious ELF binary may result in a
+ kernel crash or may disclose kernel memory.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2018-6924</cvename>
+ <freebsdsa>SA-18:12.elf</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2018-09-12</discovery>
+ <entry>2018-09-12</entry>
+ </dates>
+ </vuln>
+
<vuln vid="fe818607-b5ff-11e8-856b-485b3931c969">
<topic>Containous Traefik -- exposes the configuration and secret</topic>
<affects>
@@ -308,6 +1224,10 @@
<range><lt>62.0_1,1</lt></range>
</package>
<package>
+ <name>waterfox</name>
+ <range><lt>56.2.3</lt></range>
+ </package>
+ <package>
<name>seamonkey</name>
<name>linux-seamonkey</name>
<range><lt>2.49.5</lt></range>
@@ -359,6 +1279,7 @@
<dates>
<discovery>2018-09-05</discovery>
<entry>2018-09-05</entry>
+ <modified>2018-09-15</modified>
</dates>
</vuln>
@@ -1667,7 +2588,7 @@
<affects>
<package>
<name>openjpeg</name>
- <range><le>2.3.0</le></range>
+ <range><le>2.3.0_2</le></range>
</package>
</affects>
<description>
@@ -1675,7 +2596,7 @@
<p>OpenJPEG reports:</p>
<blockquote cite="https://github.com/uclouvain/openjpeg/issues?q=is%3Aissue+CVE-2018-5727+OR+CVE-2018-5785+OR+CVE-2018-6616">
<p>Multiple vulnerabilities have been found in OpenJPEG, the
- opensource JPEG2000 codec. Please consult the CVE list for further
+ opensource JPEG 2000 codec. Please consult the CVE list for further
details.</p>
</blockquote>
</body>
@@ -1695,6 +2616,7 @@
<dates>
<discovery>2017-12-08</discovery>
<entry>2018-07-27</entry>
+ <modified>2018-09-25</modified>
</dates>
</vuln>
More information about the Midnightbsd-cvs
mailing list