[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Apr 13 09:10:21 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d612da9a by security tracker role at 2018-04-13T08:10:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,23 @@
+CVE-2018-10086 (CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary code ...)
+ TODO: check
+CVE-2018-10085 (CMS Made Simple (CMSMS) through 2.2.6 allows PHP object injection ...)
+ TODO: check
+CVE-2018-10084 (CMS Made Simple (CMSMS) through 2.2.6 contains a privilege escalation ...)
+ TODO: check
+CVE-2018-10083 (CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary file ...)
+ TODO: check
+CVE-2018-10082 (CMS Made Simple (CMSMS) through 2.2.7 allows physical path leakage via ...)
+ TODO: check
+CVE-2018-10081 (CMS Made Simple (CMSMS) through 2.2.6 contains an admin password reset ...)
+ TODO: check
+CVE-2018-10080 (Secutech RiS-11, RiS-22, and RiS-33 devices with firmware ...)
+ TODO: check
+CVE-2018-10079
+ RESERVED
+CVE-2018-10078
+ RESERVED
+CVE-2018-10077
+ RESERVED
CVE-2018-10076
RESERVED
CVE-2018-10075
@@ -1587,7 +1607,8 @@ CVE-2016-10719
RESERVED
CVE-2018-9330 (register.jsp in Coremail XT3.0 allows stored XSS, as demonstrated by ...)
NOT-FOR-US: Coremail XT3.0
-CVE-2018-9329 (** DISPUTED ** The Bitdefender Antivirus 6.2.19.890 component, as ...)
+CVE-2018-9329
+ REJECTED
NOT-FOR-US: Bitdefender Antivirus
CVE-2018-9328 (PHP Scripts Mall Redbus Clone Script 3.0.6 has XSS via the ter_from ...)
NOT-FOR-US: PHP Scripts Mall Redbus Clone Script
@@ -8037,10 +8058,10 @@ CVE-2018-6937
RESERVED
CVE-2018-6936 (Cross Site Scripting (XSS) exists on the D-Link DIR-600M C1 3.01 via ...)
NOT-FOR-US: D-Link
-CVE-2018-6935
- RESERVED
-CVE-2018-6934
- RESERVED
+CVE-2018-6935 (PHP Scripts Mall Student Profile Management System Script v2.0.6 has ...)
+ TODO: check
+CVE-2018-6934 (CSRF exists in student/personal-info in PHP Scripts Mall Online ...)
+ TODO: check
CVE-2018-6933
RESERVED
CVE-2018-6932
@@ -8183,16 +8204,16 @@ CVE-2018-6906
RESERVED
CVE-2018-6905 (The page module in TYPO3 before 8.7.11, and 9.1.0, has XSS via ...)
- typo3-src <removed>
-CVE-2018-6904
- RESERVED
-CVE-2018-6903
- RESERVED
-CVE-2018-6902
- RESERVED
+CVE-2018-6904 (PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the User Name ...)
+ TODO: check
+CVE-2018-6903 (PHP Scripts Mall Hot Scripts Clone Script Classified v3.1 uses the ...)
+ TODO: check
+CVE-2018-6902 (PHP Scripts Mall Image Sharing Script 1.3.3 has XSS via the Full Name ...)
+ TODO: check
CVE-2018-6901
RESERVED
-CVE-2018-6900
- RESERVED
+CVE-2018-6900 (PHP Scripts Mall Website Broker Script 3.0.6 has XSS via the Last Name ...)
+ TODO: check
CVE-2018-6899
RESERVED
CVE-2018-6898
@@ -8243,8 +8264,8 @@ CVE-2018-6881 (EmpireCMS 6.6 allows remote attackers to discover the full path v
NOT-FOR-US: EmpireCMS
CVE-2018-6880 (EmpireCMS 6.6 through 7.2 allows remote attackers to discover the full ...)
NOT-FOR-US: EmpireCMS
-CVE-2018-6879
- RESERVED
+CVE-2018-6879 (PHP Scripts Mall Website Seller Script 2.0.3 uses the client side to ...)
+ TODO: check
CVE-2018-6878 (Cross Site Scripting (XSS) exists in the review section in PHP Scripts ...)
NOT-FOR-US: PHP Scripts Mall Hot Scripts Clone Script Classified
CVE-2018-6877
@@ -8269,8 +8290,8 @@ CVE-2018-6871 (LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attac
- libreoffice 1:6.0.1-1
[wheezy] - libreoffice <not-affected> (Vulnerable code not present)
NOTE: https://github.com/jollheef/libreoffice-remote-arbitrary-file-disclosure
-CVE-2018-6870
- RESERVED
+CVE-2018-6870 (Reflected XSS exists in PHP Scripts Mall Website Seller Script 2.0.3 ...)
+ TODO: check
CVE-2018-6869 (In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a ...)
{DLA-1287-1}
- zziplib <unfixed>
@@ -12900,8 +12921,8 @@ CVE-2014-10069 (Hitron CVE-30360 devices use a 578A958E3DD933FC DES key that is
NOT-FOR-US: Hitron CVE-30360 devices
CVE-2018-5255 (The Mlag agent in Arista EOS 4.19 before 4.19.4M and 4.20 before ...)
NOT-FOR-US: Arista
-CVE-2018-5254
- RESERVED
+CVE-2018-5254 (Arista EOS before 4.20.2F allows remote BGP peers to cause a denial of ...)
+ TODO: check
CVE-2018-5253 (The AP4_FtypAtom class in Core/Ap4FtypAtom.cpp in Bento4 1.5.1.0 has an ...)
NOT-FOR-US: Bento4
CVE-2018-5252 (libimageworsener.a in ImageWorsener 1.3.2, when libjpeg 8d is used, has ...)
@@ -132877,8 +132898,8 @@ CVE-2014-9565 (Cross-site request forgery (CSRF) vulnerability in IBM Flex Syste
NOT-FOR-US: IBM
CVE-2014-9564 (CRLF injection vulnerability in IBM Flex System EN6131 40Gb Ethernet ...)
NOT-FOR-US: IBM
-CVE-2014-9563
- RESERVED
+CVE-2014-9563 (CRLF injection vulnerability in the web-based management (WBM) ...)
+ TODO: check
CVE-2014-9562 (Cross-site scripting (XSS) vulnerability in display_dialog.php in M2 ...)
NOT-FOR-US: M2 OptimalSite
CVE-2014-9561 (Cross-site scripting (XSS) vulnerability in redir_last_post_list.php ...)
@@ -135879,14 +135900,14 @@ CVE-2015-0155
RESERVED
CVE-2015-0154
RESERVED
-CVE-2015-0153
- RESERVED
-CVE-2015-0152
- RESERVED
-CVE-2015-0151
- RESERVED
-CVE-2015-0150
- RESERVED
+CVE-2015-0153 (D-Link DIR-815 devices with firmware before 2.07.B01 allow remote ...)
+ TODO: check
+CVE-2015-0152 (D-Link DIR-815 devices with firmware before 2.07.B01 allow remote ...)
+ TODO: check
+CVE-2015-0151 (Cross-site request forgery (CSRF) vulnerability in D-Link DIR-815 ...)
+ TODO: check
+CVE-2015-0150 (The remote administration UI in D-Link DIR-815 devices with firmware ...)
+ TODO: check
CVE-2015-0149 (The developer portal in IBM API Management 3.0 before 3.0.4.1 does not ...)
NOT-FOR-US: IBM API Management
CVE-2015-0148
@@ -136413,8 +136434,8 @@ CVE-2014-8890 (IBM WebSphere Application Server Liberty Profile 8.5.x before 8.5
NOT-FOR-US: IBM
CVE-2014-8889 (Dropbox SDK for Android before 1.6.2 might allow remote attackers to ...)
NOT-FOR-US: Dropbox SDK for Android
-CVE-2014-8888
- RESERVED
+CVE-2014-8888 (The remote administration interface in D-Link DIR-815 devices with ...)
+ TODO: check
CVE-2014-8887 (IBM Marketing Operations 7.x and 8.x before 8.5.0.7.2, 8.6.x before ...)
NOT-FOR-US: IBM Marketing Operations
CVE-2014-8886 (AVM FRITZ!OS before 6.30 extracts the contents of firmware updates ...)
@@ -137642,10 +137663,10 @@ CVE-2014-8424 (ARRIS VAP2500 before FW08.41 does not properly validate passwords
NOT-FOR-US: ARRIS VAP2500
CVE-2014-8423 (Unspecified vulnerability in the management portal in ARRIS VAP2500 ...)
NOT-FOR-US: ARRIS VAP2500
-CVE-2014-8422
- RESERVED
-CVE-2014-8421
- RESERVED
+CVE-2014-8422 (The web-based management (WBM) interface in Unify (former Siemens) ...)
+ TODO: check
+CVE-2014-8421 (Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 ...)
+ TODO: check
CVE-2014-8420 (The ViewPoint web application in Dell SonicWALL Global Management ...)
NOT-FOR-US: Dell SonicWALL
CVE-2014-8419 (Wibu-Systems CodeMeter Runtime before 5.20 uses weak permissions (read ...)
@@ -142652,8 +142673,7 @@ CVE-2014-6415
RESERVED
CVE-2014-6413
RESERVED
-CVE-2014-6412
- RESERVED
+CVE-2014-6412 (WordPress before 4.4 makes it easier for remote attackers to predict ...)
- wordpress <not-affected> (Affects only Wordpress on Windows systems)
CVE-2014-6411
RESERVED
@@ -143327,8 +143347,8 @@ CVE-2014-6171 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal
NOT-FOR-US: IBM
CVE-2014-6170 (The HTTPInput node in IBM WebSphere Message Broker 7.0 before 7.0.0.8 ...)
NOT-FOR-US: IBM
-CVE-2014-6169
- RESERVED
+CVE-2014-6169 (Cross-site scripting (XSS) vulnerability in IBM Forms Experience ...)
+ TODO: check
CVE-2014-6168 (Cross-site request forgery (CSRF) vulnerability in IBM Security ...)
NOT-FOR-US: IBM
CVE-2014-6167 (Cross-site scripting (XSS) vulnerability in the URL rewriting feature ...)
@@ -143425,8 +143445,8 @@ CVE-2014-6122 (IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 befo
NOT-FOR-US: IBM
CVE-2014-6121 (Cross-site scripting (XSS) vulnerability in IBM Security AppScan ...)
NOT-FOR-US: IBM
-CVE-2014-6120
- RESERVED
+CVE-2014-6120 (IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through ...)
+ TODO: check
CVE-2014-6119 (IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before ...)
NOT-FOR-US: IBM
CVE-2014-6118
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d612da9a729d9f2aa3336c597a90054e42f6e6c9
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d612da9a729d9f2aa3336c597a90054e42f6e6c9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180413/0bf00bc1/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list