[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Apr 13 09:10:21 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d612da9a by security tracker role at 2018-04-13T08:10:13+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,23 @@
+CVE-2018-10086 (CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary code ...)
+	TODO: check
+CVE-2018-10085 (CMS Made Simple (CMSMS) through 2.2.6 allows PHP object injection ...)
+	TODO: check
+CVE-2018-10084 (CMS Made Simple (CMSMS) through 2.2.6 contains a privilege escalation ...)
+	TODO: check
+CVE-2018-10083 (CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary file ...)
+	TODO: check
+CVE-2018-10082 (CMS Made Simple (CMSMS) through 2.2.7 allows physical path leakage via ...)
+	TODO: check
+CVE-2018-10081 (CMS Made Simple (CMSMS) through 2.2.6 contains an admin password reset ...)
+	TODO: check
+CVE-2018-10080 (Secutech RiS-11, RiS-22, and RiS-33 devices with firmware ...)
+	TODO: check
+CVE-2018-10079
+	RESERVED
+CVE-2018-10078
+	RESERVED
+CVE-2018-10077
+	RESERVED
 CVE-2018-10076
 	RESERVED
 CVE-2018-10075
@@ -1587,7 +1607,8 @@ CVE-2016-10719
 	RESERVED
 CVE-2018-9330 (register.jsp in Coremail XT3.0 allows stored XSS, as demonstrated by ...)
 	NOT-FOR-US: Coremail XT3.0
-CVE-2018-9329 (** DISPUTED ** The Bitdefender Antivirus 6.2.19.890 component, as ...)
+CVE-2018-9329
+	REJECTED
 	NOT-FOR-US: Bitdefender Antivirus
 CVE-2018-9328 (PHP Scripts Mall Redbus Clone Script 3.0.6 has XSS via the ter_from ...)
 	NOT-FOR-US: PHP Scripts Mall Redbus Clone Script
@@ -8037,10 +8058,10 @@ CVE-2018-6937
 	RESERVED
 CVE-2018-6936 (Cross Site Scripting (XSS) exists on the D-Link DIR-600M C1 3.01 via ...)
 	NOT-FOR-US: D-Link
-CVE-2018-6935
-	RESERVED
-CVE-2018-6934
-	RESERVED
+CVE-2018-6935 (PHP Scripts Mall Student Profile Management System Script v2.0.6 has ...)
+	TODO: check
+CVE-2018-6934 (CSRF exists in student/personal-info in PHP Scripts Mall Online ...)
+	TODO: check
 CVE-2018-6933
 	RESERVED
 CVE-2018-6932
@@ -8183,16 +8204,16 @@ CVE-2018-6906
 	RESERVED
 CVE-2018-6905 (The page module in TYPO3 before 8.7.11, and 9.1.0, has XSS via ...)
 	- typo3-src <removed>
-CVE-2018-6904
-	RESERVED
-CVE-2018-6903
-	RESERVED
-CVE-2018-6902
-	RESERVED
+CVE-2018-6904 (PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the User Name ...)
+	TODO: check
+CVE-2018-6903 (PHP Scripts Mall Hot Scripts Clone Script Classified v3.1 uses the ...)
+	TODO: check
+CVE-2018-6902 (PHP Scripts Mall Image Sharing Script 1.3.3 has XSS via the Full Name ...)
+	TODO: check
 CVE-2018-6901
 	RESERVED
-CVE-2018-6900
-	RESERVED
+CVE-2018-6900 (PHP Scripts Mall Website Broker Script 3.0.6 has XSS via the Last Name ...)
+	TODO: check
 CVE-2018-6899
 	RESERVED
 CVE-2018-6898
@@ -8243,8 +8264,8 @@ CVE-2018-6881 (EmpireCMS 6.6 allows remote attackers to discover the full path v
 	NOT-FOR-US: EmpireCMS
 CVE-2018-6880 (EmpireCMS 6.6 through 7.2 allows remote attackers to discover the full ...)
 	NOT-FOR-US: EmpireCMS
-CVE-2018-6879
-	RESERVED
+CVE-2018-6879 (PHP Scripts Mall Website Seller Script 2.0.3 uses the client side to ...)
+	TODO: check
 CVE-2018-6878 (Cross Site Scripting (XSS) exists in the review section in PHP Scripts ...)
 	NOT-FOR-US: PHP Scripts Mall Hot Scripts Clone Script Classified
 CVE-2018-6877
@@ -8269,8 +8290,8 @@ CVE-2018-6871 (LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attac
 	- libreoffice 1:6.0.1-1
 	[wheezy] - libreoffice <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/jollheef/libreoffice-remote-arbitrary-file-disclosure
-CVE-2018-6870
-	RESERVED
+CVE-2018-6870 (Reflected XSS exists in PHP Scripts Mall Website Seller Script 2.0.3 ...)
+	TODO: check
 CVE-2018-6869 (In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a ...)
 	{DLA-1287-1}
 	- zziplib <unfixed>
@@ -12900,8 +12921,8 @@ CVE-2014-10069 (Hitron CVE-30360 devices use a 578A958E3DD933FC DES key that is 
 	NOT-FOR-US: Hitron CVE-30360 devices
 CVE-2018-5255 (The Mlag agent in Arista EOS 4.19 before 4.19.4M and 4.20 before ...)
 	NOT-FOR-US: Arista
-CVE-2018-5254
-	RESERVED
+CVE-2018-5254 (Arista EOS before 4.20.2F allows remote BGP peers to cause a denial of ...)
+	TODO: check
 CVE-2018-5253 (The AP4_FtypAtom class in Core/Ap4FtypAtom.cpp in Bento4 1.5.1.0 has an ...)
 	NOT-FOR-US: Bento4
 CVE-2018-5252 (libimageworsener.a in ImageWorsener 1.3.2, when libjpeg 8d is used, has ...)
@@ -132877,8 +132898,8 @@ CVE-2014-9565 (Cross-site request forgery (CSRF) vulnerability in IBM Flex Syste
 	NOT-FOR-US: IBM
 CVE-2014-9564 (CRLF injection vulnerability in IBM Flex System EN6131 40Gb Ethernet ...)
 	NOT-FOR-US: IBM
-CVE-2014-9563
-	RESERVED
+CVE-2014-9563 (CRLF injection vulnerability in the web-based management (WBM) ...)
+	TODO: check
 CVE-2014-9562 (Cross-site scripting (XSS) vulnerability in display_dialog.php in M2 ...)
 	NOT-FOR-US: M2 OptimalSite
 CVE-2014-9561 (Cross-site scripting (XSS) vulnerability in redir_last_post_list.php ...)
@@ -135879,14 +135900,14 @@ CVE-2015-0155
 	RESERVED
 CVE-2015-0154
 	RESERVED
-CVE-2015-0153
-	RESERVED
-CVE-2015-0152
-	RESERVED
-CVE-2015-0151
-	RESERVED
-CVE-2015-0150
-	RESERVED
+CVE-2015-0153 (D-Link DIR-815 devices with firmware before 2.07.B01 allow remote ...)
+	TODO: check
+CVE-2015-0152 (D-Link DIR-815 devices with firmware before 2.07.B01 allow remote ...)
+	TODO: check
+CVE-2015-0151 (Cross-site request forgery (CSRF) vulnerability in D-Link DIR-815 ...)
+	TODO: check
+CVE-2015-0150 (The remote administration UI in D-Link DIR-815 devices with firmware ...)
+	TODO: check
 CVE-2015-0149 (The developer portal in IBM API Management 3.0 before 3.0.4.1 does not ...)
 	NOT-FOR-US: IBM API Management
 CVE-2015-0148
@@ -136413,8 +136434,8 @@ CVE-2014-8890 (IBM WebSphere Application Server Liberty Profile 8.5.x before 8.5
 	NOT-FOR-US: IBM
 CVE-2014-8889 (Dropbox SDK for Android before 1.6.2 might allow remote attackers to ...)
 	NOT-FOR-US: Dropbox SDK for Android
-CVE-2014-8888
-	RESERVED
+CVE-2014-8888 (The remote administration interface in D-Link DIR-815 devices with ...)
+	TODO: check
 CVE-2014-8887 (IBM Marketing Operations 7.x and 8.x before 8.5.0.7.2, 8.6.x before ...)
 	NOT-FOR-US: IBM Marketing Operations
 CVE-2014-8886 (AVM FRITZ!OS before 6.30 extracts the contents of firmware updates ...)
@@ -137642,10 +137663,10 @@ CVE-2014-8424 (ARRIS VAP2500 before FW08.41 does not properly validate passwords
 	NOT-FOR-US: ARRIS VAP2500
 CVE-2014-8423 (Unspecified vulnerability in the management portal in ARRIS VAP2500 ...)
 	NOT-FOR-US: ARRIS VAP2500
-CVE-2014-8422
-	RESERVED
-CVE-2014-8421
-	RESERVED
+CVE-2014-8422 (The web-based management (WBM) interface in Unify (former Siemens) ...)
+	TODO: check
+CVE-2014-8421 (Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 ...)
+	TODO: check
 CVE-2014-8420 (The ViewPoint web application in Dell SonicWALL Global Management ...)
 	NOT-FOR-US: Dell SonicWALL
 CVE-2014-8419 (Wibu-Systems CodeMeter Runtime before 5.20 uses weak permissions (read ...)
@@ -142652,8 +142673,7 @@ CVE-2014-6415
 	RESERVED
 CVE-2014-6413
 	RESERVED
-CVE-2014-6412
-	RESERVED
+CVE-2014-6412 (WordPress before 4.4 makes it easier for remote attackers to predict ...)
 	- wordpress <not-affected> (Affects only Wordpress on Windows systems)
 CVE-2014-6411
 	RESERVED
@@ -143327,8 +143347,8 @@ CVE-2014-6171 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 
 	NOT-FOR-US: IBM
 CVE-2014-6170 (The HTTPInput node in IBM WebSphere Message Broker 7.0 before 7.0.0.8 ...)
 	NOT-FOR-US: IBM
-CVE-2014-6169
-	RESERVED
+CVE-2014-6169 (Cross-site scripting (XSS) vulnerability in IBM Forms Experience ...)
+	TODO: check
 CVE-2014-6168 (Cross-site request forgery (CSRF) vulnerability in IBM Security ...)
 	NOT-FOR-US: IBM
 CVE-2014-6167 (Cross-site scripting (XSS) vulnerability in the URL rewriting feature ...)
@@ -143425,8 +143445,8 @@ CVE-2014-6122 (IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 befo
 	NOT-FOR-US: IBM
 CVE-2014-6121 (Cross-site scripting (XSS) vulnerability in IBM Security AppScan ...)
 	NOT-FOR-US: IBM
-CVE-2014-6120
-	RESERVED
+CVE-2014-6120 (IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through ...)
+	TODO: check
 CVE-2014-6119 (IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before ...)
 	NOT-FOR-US: IBM
 CVE-2014-6118



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d612da9a729d9f2aa3336c597a90054e42f6e6c9

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d612da9a729d9f2aa3336c597a90054e42f6e6c9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180413/0bf00bc1/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list