[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue Apr 10 08:10:22 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
aec1866f by security tracker role at 2018-04-10T08:10:13+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,41 @@
+CVE-2018-9934 (The reset-password feature in MetInfo 6.0 allows remote attackers to ...)
+	TODO: check
+CVE-2018-9933
+	RESERVED
+CVE-2018-9932
+	RESERVED
+CVE-2018-9931
+	RESERVED
+CVE-2018-9930
+	RESERVED
+CVE-2018-9929
+	RESERVED
+CVE-2018-9928 (Cross-site scripting (XSS) vulnerability in save.php in MetInfo 6.0 ...)
+	TODO: check
+CVE-2018-9927 (An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF ...)
+	TODO: check
+CVE-2018-9926 (An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF ...)
+	TODO: check
+CVE-2018-9925 (An issue was discovered in idreamsoft iCMS through 7.0.7. XSS exists ...)
+	TODO: check
+CVE-2018-9924 (An issue was discovered in idreamsoft iCMS through 7.0.7. SQL injection ...)
+	TODO: check
+CVE-2018-9923 (An issue was discovered in idreamsoft iCMS through 7.0.7. CSRF exists ...)
+	TODO: check
+CVE-2018-9922 (An issue was discovered in idreamsoft iCMS through 7.0.7. Physical path ...)
+	TODO: check
+CVE-2018-9921
+	RESERVED
+CVE-2018-9920
+	RESERVED
+CVE-2018-9919
+	RESERVED
+CVE-2018-9918
+	RESERVED
+CVE-2018-9917
+	RESERVED
+CVE-2018-9916
+	RESERVED
 CVE-2018-9915
 	RESERVED
 CVE-2018-9914
@@ -156,8 +194,8 @@ CVE-2018-9841 (The export function in libavfilter/vf_signature.c in FFmpeg throu
 	- ffmpeg <unfixed> (low)
 	[stretch] - ffmpeg <postponed> (Can wait until the next ffmpeg 3.2.x release)
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=35eeff30caf34df835206f1c12bcf4b7c2bd6758
-CVE-2018-9840
-	RESERVED
+CVE-2018-9840 (The Open Whisper Signal app before 2.23.2 for iOS allows physically ...)
+	TODO: check
 CVE-2018-9839
 	RESERVED
 CVE-2018-1000166 [Unsafe use of sprintf() can allow a remote unauthenticated attacker to execute arbitrary code]
@@ -5981,12 +6019,14 @@ CVE-2018-7482 (** DISPUTED ** The K2 component 2.8.0 for Joomla! has Incorrect A
 CVE-2017-18200 (The f2fs implementation in the Linux kernel before 4.14 mishandles ...)
 	- linux <not-affected> (Vulnerable code not present)
 CVE-2018-1000099 (Teluu PJSIP version 2.7.1 and earlier contains a Access of ...)
+	{DSA-4170-1}
 	- pjproject 2.7.2~dfsg-1
 	[jessie] - pjproject <ignored> (Minor issue)
 	NOTE: http://downloads.asterisk.org/pub/security/AST-2018-003.html
 	NOTE: https://trac.pjsip.org/repos/ticket/2092
 	NOTE: In jessie Asterisk doesn't use pjproject for SIP (only for ICE, STUN and TURN)
 CVE-2018-1000098 (Teluu PJSIP version 2.7.1 and earlier contains a Integer Overflow ...)
+	{DSA-4170-1}
 	- pjproject 2.7.2~dfsg-1
 	[jessie] - pjproject <ignored> (Minor issue)
 	NOTE: http://downloads.asterisk.org/pub/security/AST-2018-002.html
@@ -9932,8 +9972,8 @@ CVE-2018-6184 (ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_n
 	NOT-FOR-US: ZEIT Next.js
 CVE-2018-6183 (BitDefender Total Security 2018 allows local users to gain privileges ...)
 	NOT-FOR-US: BitDefender Total Security
-CVE-2018-6182
-	RESERVED
+CVE-2018-6182 (Mahara 16.10 before 16.10.9 and 17.04 before 17.04.7 and 17.10 before ...)
+	TODO: check
 CVE-2018-6181
 	RESERVED
 CVE-2018-6180 (A flaw in the profile section of Online Voting System 1.0 allows an ...)
@@ -11912,8 +11952,8 @@ CVE-2018-5465 (A Session Fixation issue was discovered in Belden Hirschmann RS, 
 	NOT-FOR-US: Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches
 CVE-2018-5464 (Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an ...)
 	NOT-FOR-US: Philips Intellispace Portal
-CVE-2018-5463
-	RESERVED
+CVE-2018-5463 (A structured exception handler overflow vulnerability in Leao ...)
+	TODO: check
 CVE-2018-5462 (Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an ...)
 	NOT-FOR-US: Philips Intellispace Portal
 CVE-2018-5461 (An Inadequate Encryption Strength issue was discovered in Belden ...)
@@ -23152,8 +23192,8 @@ CVE-2018-1219 (EMC RSA Archer, versions prior to 6.2.0.8, contains an improper a
 	NOT-FOR-US: EMC RSA Archer
 CVE-2018-1218 (In Dell EMC NetWorker versions prior to 9.2.1.1, versions prior to ...)
 	NOT-FOR-US: EMC NetWorker
-CVE-2018-1217
-	RESERVED
+CVE-2018-1217 (Avamar Installation Manager in Dell EMC Avamar Server 7.3.1, 7.4.1, ...)
+	TODO: check
 CVE-2018-1216 (A hard-coded password vulnerability was discovered in vApp Manager ...)
 	NOT-FOR-US: EMC
 CVE-2018-1215 (An arbitrary file upload vulnerability was discovered in vApp Manager ...)
@@ -27198,6 +27238,7 @@ CVE-2017-16876 (Cross-site scripting (XSS) vulnerability in the _keyify function
 	[stretch] - mistune <no-dsa> (Minor issue)
 	NOTE: https://github.com/lepture/mistune/commit/5f06d724bc05580e7f203db2d4a4905fc1127f98
 CVE-2017-16875 (An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in ...)
+	{DSA-4170-1}
 	- pjproject 2.7.1~dfsg-1
 	[jessie] - pjproject <ignored> (Minor issue)
 	NOTE: https://trac.pjsip.org/repos/ticket/2055
@@ -27246,6 +27287,7 @@ CVE-2017-1000168 (sodiumoxide 0.0.13 and older scalarmult() vulnerable to degene
 CVE-2017-1000161
 	REJECTED
 CVE-2017-16872 (An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in ...)
+	{DSA-4170-1}
 	- pjproject 2.7.1~dfsg-1
 	[jessie] - pjproject <ignored> (Minor issue)
 	NOTE: https://trac.pjsip.org/repos/ticket/2056
@@ -70672,8 +70714,8 @@ CVE-2017-2828 (An exploitable command injection vulnerability exists in the web 
 	NOT-FOR-US: Foscam C1 Indoor HD Camera
 CVE-2017-2827 (An exploitable command injection vulnerability exists in the web ...)
 	NOT-FOR-US: Foscam C1 Indoor HD Camera
-CVE-2017-2826
-	RESERVED
+CVE-2017-2826 (An information disclosure vulnerability exists in the iConfig proxy ...)
+	TODO: check
 CVE-2017-2825
 	RESERVED
 	{DSA-3937-1}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/aec1866f27514bb4d8ee1ef07b7f616d47cd074b

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/aec1866f27514bb4d8ee1ef07b7f616d47cd074b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180410/56723696/attachment-0001.html>

More information about the Secure-testing-commits mailing list