[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Apr 10 20:10:30 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c4d5f605 by security tracker role at 2018-04-10T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,113 @@
+CVE-2018-9989 (ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer ...)
+ TODO: check
+CVE-2018-9988 (ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer ...)
+ TODO: check
+CVE-2018-9987
+ RESERVED
+CVE-2018-9986
+ RESERVED
+CVE-2018-9985 (The front page of MetInfo 6.0 allows XSS by sending a feedback message ...)
+ TODO: check
+CVE-2018-9984
+ RESERVED
+CVE-2018-9983
+ RESERVED
+CVE-2018-9982
+ RESERVED
+CVE-2018-9981
+ RESERVED
+CVE-2018-9980
+ RESERVED
+CVE-2018-9979
+ RESERVED
+CVE-2018-9978
+ RESERVED
+CVE-2018-9977
+ RESERVED
+CVE-2018-9976
+ RESERVED
+CVE-2018-9975
+ RESERVED
+CVE-2018-9974
+ RESERVED
+CVE-2018-9973
+ RESERVED
+CVE-2018-9972
+ RESERVED
+CVE-2018-9971
+ RESERVED
+CVE-2018-9970
+ RESERVED
+CVE-2018-9969
+ RESERVED
+CVE-2018-9968
+ RESERVED
+CVE-2018-9967
+ RESERVED
+CVE-2018-9966
+ RESERVED
+CVE-2018-9965
+ RESERVED
+CVE-2018-9964
+ RESERVED
+CVE-2018-9963
+ RESERVED
+CVE-2018-9962
+ RESERVED
+CVE-2018-9961
+ RESERVED
+CVE-2018-9960
+ RESERVED
+CVE-2018-9959
+ RESERVED
+CVE-2018-9958
+ RESERVED
+CVE-2018-9957
+ RESERVED
+CVE-2018-9956
+ RESERVED
+CVE-2018-9955
+ RESERVED
+CVE-2018-9954
+ RESERVED
+CVE-2018-9953
+ RESERVED
+CVE-2018-9952
+ RESERVED
+CVE-2018-9951
+ RESERVED
+CVE-2018-9950
+ RESERVED
+CVE-2018-9949
+ RESERVED
+CVE-2018-9948
+ RESERVED
+CVE-2018-9947
+ RESERVED
+CVE-2018-9946
+ RESERVED
+CVE-2018-9945
+ RESERVED
+CVE-2018-9944
+ RESERVED
+CVE-2018-9943
+ RESERVED
+CVE-2018-9942
+ RESERVED
+CVE-2018-9941
+ RESERVED
+CVE-2018-9940
+ RESERVED
+CVE-2018-9939
+ RESERVED
+CVE-2018-9938
+ RESERVED
+CVE-2018-9937
+ RESERVED
+CVE-2018-9936
+ RESERVED
+CVE-2018-9935
+ RESERVED
CVE-2018-9934 (The reset-password feature in MetInfo 6.0 allows remote attackers to ...)
NOT-FOR-US: MetInfo
CVE-2018-9933
@@ -30,8 +140,8 @@ CVE-2018-9920
RESERVED
CVE-2018-9919
RESERVED
-CVE-2018-9918
- RESERVED
+CVE-2018-9918 (libqpdf.a in QPDF through 8.0.2 mishandles certain "expected dictionary ...)
+ TODO: check
CVE-2018-9917
RESERVED
CVE-2018-9916
@@ -2018,10 +2128,10 @@ CVE-2018-9040 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...)
NOT-FOR-US: Advanced SystemCare Ultimate
CVE-2018-9039 (In Octopus Deploy 2.0 and later before 2018.3.7, an authenticated user, ...)
NOT-FOR-US: Octopus Deploy
-CVE-2018-9038
- RESERVED
-CVE-2018-9037
- RESERVED
+CVE-2018-9038 (Monstra CMS 3.0.4 allows remote attackers to delete files via an ...)
+ TODO: check
+CVE-2018-9037 (Monstra CMS 3.0.4 allows remote code execution via an upload_file ...)
+ TODO: check
CVE-2018-9036
RESERVED
CVE-2018-9035 (CSV Injection vulnerability in ExportToCsvUtf8.php of the Contact Form ...)
@@ -2740,8 +2850,8 @@ CVE-2018-8774
RESERVED
CVE-2018-8773
RESERVED
-CVE-2018-8772
- RESERVED
+CVE-2018-8772 (Coship RT3052 4.0.0.48 devices allow XSS via a crafted SSID field on ...)
+ TODO: check
CVE-2018-8771
RESERVED
CVE-2018-8770 (Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via ...)
@@ -9102,10 +9212,10 @@ CVE-2017-18103
RESERVED
CVE-2017-18102
RESERVED
-CVE-2017-18101
- RESERVED
-CVE-2017-18100
- RESERVED
+CVE-2017-18101 (Various administrative external system import resources in Atlassian ...)
+ TODO: check
+CVE-2017-18100 (The agile wallboard gadget in Atlassian Jira before version 7.8.1 ...)
+ TODO: check
CVE-2017-18099
RESERVED
CVE-2017-18098 (The searchrequest-xml resource in Atlassian Jira before version 7.6.1 ...)
@@ -12624,8 +12734,8 @@ CVE-2018-5229
RESERVED
CVE-2018-5228
RESERVED
-CVE-2018-5227
- RESERVED
+CVE-2018-5227 (Various administrative application link resources in Atlassian ...)
+ TODO: check
CVE-2018-5226
RESERVED
CVE-2018-5225 (In browser editing in Atlassian Bitbucket Server from version 4.13.0 ...)
@@ -19988,28 +20098,28 @@ CVE-2018-2415
RESERVED
CVE-2018-2414
RESERVED
-CVE-2018-2413
- RESERVED
-CVE-2018-2412
- RESERVED
+CVE-2018-2413 (SAP Disclosure Management 10.1 does not perform necessary ...)
+ TODO: check
+CVE-2018-2412 (SAP Disclosure Management 10.1 does not perform necessary ...)
+ TODO: check
CVE-2018-2411
RESERVED
-CVE-2018-2410
- RESERVED
-CVE-2018-2409
- RESERVED
-CVE-2018-2408
- RESERVED
+CVE-2018-2410 (SAP Business One, 9.2, 9.3, browser access does not sufficiently ...)
+ TODO: check
+CVE-2018-2409 (Improper session management when using SAP Cloud Platform 2.0 ...)
+ TODO: check
+CVE-2018-2408 (Improper Session Management in SAP Business Objects, 4.0, from 4.10, ...)
+ TODO: check
CVE-2018-2407
RESERVED
-CVE-2018-2406
- RESERVED
-CVE-2018-2405
- RESERVED
-CVE-2018-2404
- RESERVED
-CVE-2018-2403
- RESERVED
+CVE-2018-2406 (Unquoted windows search path (directory/path traversal) vulnerability ...)
+ TODO: check
+CVE-2018-2405 (SAP Solution Manager, 7.10, 7.20, Incident Management Work Center ...)
+ TODO: check
+CVE-2018-2404 (SAP Disclosure Management 10.1 allows an attacker to upload any file ...)
+ TODO: check
+CVE-2018-2403 (Under certain conditions, SAP Disclosure Management 10.1 allows an ...)
+ TODO: check
CVE-2018-2402 (In systems using the optional capture & replay functionality of SAP ...)
NOT-FOR-US: SAP
CVE-2018-2401 (SAP Business Process Automation (BPA) By Redwood does not sufficiently ...)
@@ -34356,8 +34466,8 @@ CVE-2017-14613
RESERVED
CVE-2017-14612
RESERVED
-CVE-2017-14611
- RESERVED
+CVE-2017-14611 (SSRF (Server Side Request Forgery) in Cockpit 0.13.0 allows remote ...)
+ TODO: check
CVE-2017-14610 (bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 ...)
- bareos <unfixed> (bug #877334)
[stretch] - bareos <no-dsa> (Minor issue)
@@ -35209,8 +35319,8 @@ CVE-2017-14324 (In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was foun
- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/739
NOTE: https://github.com/ImageMagick/ImageMagick/commit/399631650b38eaf21c2f3c306b8b74e66be6a0d2
-CVE-2017-14323
- RESERVED
+CVE-2017-14323 (SSRF (Server Side Request Forgery) in getRemoteImage.php in Ueditor in ...)
+ TODO: check
CVE-2017-14322 (The function in charge to check whether the user is already logged in ...)
NOT-FOR-US: Interspire Email Marketer
CVE-2017-14321 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
@@ -74558,8 +74668,8 @@ CVE-2017-1083
RESERVED
CVE-2017-1082
RESERVED
-CVE-2017-1081
- RESERVED
+CVE-2017-1081 (In FreeBSD before 11.0-STABLE, 11.0-RELEASE-p10, 10.3-STABLE, and ...)
+ TODO: check
CVE-2017-1080
RESERVED
CVE-2017-1079
@@ -127714,8 +127824,8 @@ CVE-2015-1959 (IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 befo
NOT-FOR-US: IBM
CVE-2015-1958 (IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial ...)
NOT-FOR-US: IBM
-CVE-2015-1957
- RESERVED
+CVE-2015-1957 (IBM WebSphere MQ 7.5.x before 7.5.0.6 and 8.0.x before 8.0.0.3 allows ...)
+ TODO: check
CVE-2015-1956 (IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial ...)
NOT-FOR-US: IBM
CVE-2015-1955 (IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial ...)
@@ -135467,8 +135577,8 @@ CVE-2015-0174 (The SNMP implementation in IBM WebSphere Application Server (WAS)
NOT-FOR-US: IBM WebSphere Application Server
CVE-2015-0173 (The HTTP connection-management functionality in Internet Pass-Thru ...)
NOT-FOR-US: IBM
-CVE-2015-0172
- RESERVED
+CVE-2015-0172 (IBM Security SiteProtector System 3.0, 3.1.0 and 3.1.1 allows remote ...)
+ TODO: check
CVE-2015-0171 (Directory traversal vulnerability in IBM Security SiteProtector System ...)
NOT-FOR-US: IBM
CVE-2015-0170 (IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before ...)
@@ -148089,8 +148199,7 @@ CVE-2014-4000 (Cacti before 1.0.0 allows remote authenticated users to conduct P
NOTE: This CVE was fixed by introduction of the function sanitize_unserialize_selected_items
NOTE: in version 0.8.8e and calling it instead of unserialize(stripslashes()).
NOTE: Affected files require authenticated users.
-CVE-2014-3999 [Stricter parameter check in bind() to detect empty passwords]
- RESERVED
+CVE-2014-3999 (The Horde_Ldap library before 2.0.6 for Horde allows remote attackers ...)
- php-horde-ldap 2.0.6-1
CVE-2014-3998
RESERVED
@@ -150801,8 +150910,7 @@ CVE-2014-3116
RESERVED
CVE-2014-3115 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web ...)
NOT-FOR-US: Fortinet Fortiweb
-CVE-2014-3114
- RESERVED
+CVE-2014-3114 (The EZPZ One Click Backup (ezpz-one-click-backup) plugin 12.03.10 and ...)
NOT-FOR-US: WordPress plugin ezpz-one-click-backup
CVE-2014-3113 (Multiple buffer overflows in RealNetworks RealPlayer before 17.0.10.8 ...)
NOT-FOR-US: RealPlayer
@@ -153557,8 +153665,7 @@ CVE-2014-2079 [File New sets inappropriate permissions in ACL enabled directorie
- xfe 1.37-2 (bug #739536)
[wheezy] - xfe <no-dsa> (Minor issue)
[squeeze] - xfe <no-dsa> (Minor issue)
-CVE-2014-2078
- RESERVED
+CVE-2014-2078 (The backend in Open-Xchange (OX) AppSuite 7.4.2 before 7.4.2-rev9 ...)
NOT-FOR-US: Open-Xchange
CVE-2014-2077 (Cross-site scripting (XSS) vulnerability in the frontend in ...)
NOT-FOR-US: Open-Xchange
@@ -153568,8 +153675,8 @@ CVE-2014-2075 (TIBCO Enterprise Administrator 1.0.0 and Enterprise Administrator
NOT-FOR-US: TIBCO Enterprise Administrator
CVE-2014-2074
RESERVED
-CVE-2014-2073
- RESERVED
+CVE-2014-2073 (Stack-based buffer overflow in Dassault Systemes CATIA V5-6R2013 ...)
+ TODO: check
CVE-2014-2072
RESERVED
NOT-FOR-US: Dassault Systemes Catia
@@ -153836,8 +153943,8 @@ CVE-2014-1952
RESERVED
CVE-2014-1951
RESERVED
-CVE-2014-1946
- RESERVED
+CVE-2014-1946 (OpenDocMan 1.2.7 and earlier does not properly validate allowed ...)
+ TODO: check
CVE-2014-1945 (SQL injection vulnerability in ajax_udf.php in OpenDocMan before ...)
NOT-FOR-US: OpenDocMan
CVE-2014-1944 (Cross-site scripting (XSS) vulnerability in Ilch CMS 2.0 and earlier ...)
@@ -154005,8 +154112,8 @@ CVE-2014-1897
RESERVED
CVE-2014-1890
RESERVED
-CVE-2014-1889
- RESERVED
+CVE-2014-1889 (The Group creation process in the Buddypress plugin before 1.9.2 for ...)
+ TODO: check
CVE-2014-1888 (Cross-site scripting (XSS) vulnerability in the BuddyPress plugin ...)
NOT-FOR-US: BuddyPress plugin for WordPress
CVE-2014-1880
@@ -156398,14 +156505,11 @@ CVE-2014-1402 (The default configuration for bccache.FileSystemBytecodeCache in
NOTE: 2.7.2 does not create safely temporary files, new CVE-2014-0012 was assigned for this issue
CVE-2014-1401 (Multiple SQL injection vulnerabilities in AuraCMS 2.3 and earlier ...)
NOT-FOR-US: AuraCMS
-CVE-2014-1400
- RESERVED
+CVE-2014-1400 (The entity_access API in the Entity API module 7.x-1.x before 7.x-1.3 ...)
NOT-FOR-US: Drupal 7 Entity module
-CVE-2014-1399
- RESERVED
+CVE-2014-1399 (The entity wrapper access API in the Entity API module 7.x-1.x before ...)
NOT-FOR-US: Drupal 7 Entity module
-CVE-2014-1398
- RESERVED
+CVE-2014-1398 (The entity wrapper access API in the Entity API module 7.x-1.x before ...)
NOT-FOR-US: Drupal 7 Entity module
CVE-2014-1236 (Stack-based buffer overflow in the chkNum function in ...)
{DSA-2843-1}
@@ -175151,8 +175255,7 @@ CVE-2013-1449
RESERVED
CVE-2013-1448
RESERVED
-CVE-2014-0158
- RESERVED
+CVE-2014-0158 (Open Web Analytics (OWA) before 1.5.7 allows remote attackers to ...)
- openjpeg 1.3+dfsg-4.7
NOTE: Not considering a duplicate of CVE-2013-1447 following
NOTE: http://www.openwall.com/lists/oss-security/2014/04/02/2 . A query
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c4d5f6054e1a35f912757d6863a3c52f19546542
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c4d5f6054e1a35f912757d6863a3c52f19546542
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180410/484e451e/attachment.html>
More information about the Secure-testing-commits
mailing list