[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Apr 25 21:10:21 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7865cc0c by security tracker role at 2018-04-25T20:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,21 @@
+CVE-2018-10379
+ RESERVED
+CVE-2018-10378
+ RESERVED
+CVE-2018-10377
+ RESERVED
+CVE-2018-10376 (An integer overflow in the transferProxy function of a smart contract ...)
+ TODO: check
+CVE-2018-10375 (A file uploading vulnerability exists in ...)
+ TODO: check
+CVE-2018-10374 (EasyCMS 1.3 has XSS via the s POST parameter (aka a search box value) ...)
+ TODO: check
+CVE-2018-10373 (concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library ...)
+ TODO: check
+CVE-2018-10372 (process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote ...)
+ TODO: check
+CVE-2018-10371
+ RESERVED
CVE-2018-XXXX [Implement custom deserializer to add our own sanity checks]
- quassel 1:0.12.5-1 (bug #896914)
NOTE: https://github.com/quassel/quassel/commit/2b777e99fc9f74d4ed21491710260664a1721d1f (master)
@@ -10,12 +28,12 @@ CVE-2018-10370
RESERVED
CVE-2018-10369
RESERVED
-CVE-2018-10368
- RESERVED
-CVE-2018-10367
- RESERVED
-CVE-2018-10366
- RESERVED
+CVE-2018-10368 (An issue was discovered in WUZHI CMS 4.1.0. The "Extension Module -> ...)
+ TODO: check
+CVE-2018-10367 (An issue was discovered in WUZHI CMS 4.1.0. The content-management ...)
+ TODO: check
+CVE-2018-10366 (An issue was discovered in the Users (aka Front-end user management) ...)
+ TODO: check
CVE-2018-10365
RESERVED
CVE-2018-10364
@@ -133,8 +151,8 @@ CVE-2018-10312 (index.php?m=member&v=pw_reset in WUZHI CMS 4.1.0 allows CSRF
NOT-FOR-US: WUZHI CMS
CVE-2018-10311 (A vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent ...)
NOT-FOR-US: WUZHI CMS
-CVE-2018-10310
- RESERVED
+CVE-2018-10310 (A persistent cross-site scripting vulnerability has been identified in ...)
+ TODO: check
CVE-2018-10309 (The Responsive Cookie Consent plugin before 1.8 for WordPress ...)
NOT-FOR-US: Responsive Cookie Consent plugin for WordPress
CVE-2018-10308
@@ -345,22 +363,22 @@ CVE-2018-10215
RESERVED
CVE-2018-10214
RESERVED
-CVE-2018-10213
- RESERVED
-CVE-2018-10212
- RESERVED
-CVE-2018-10211
- RESERVED
-CVE-2018-10210
- RESERVED
-CVE-2018-10209
- RESERVED
-CVE-2018-10208
- RESERVED
-CVE-2018-10207
- RESERVED
-CVE-2018-10206
- RESERVED
+CVE-2018-10213 (An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. ...)
+ TODO: check
+CVE-2018-10212 (An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. ...)
+ TODO: check
+CVE-2018-10211 (An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. ...)
+ TODO: check
+CVE-2018-10210 (An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. ...)
+ TODO: check
+CVE-2018-10209 (An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. ...)
+ TODO: check
+CVE-2018-10208 (An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. ...)
+ TODO: check
+CVE-2018-10207 (An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. ...)
+ TODO: check
+CVE-2018-10206 (An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. ...)
+ TODO: check
CVE-2018-10205 (hyperstart 1.0.0 in HyperHQ Hyper has memory leaks in the ...)
NOT-FOR-US: HyperHQ Hyper
CVE-2018-10204 (PureVPN 6.0.1 for Windows suffers from a SYSTEM privilege escalation ...)
@@ -388,6 +406,7 @@ CVE-2018-10196
CVE-2018-10195
RESERVED
CVE-2018-10194 (The set_text_distance function in devices/vector/gdevpdts.c in the ...)
+ {DLA-1363-1}
- ghostscript 9.22~dfsg-2.1 (bug #896069)
NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=39b1e54b2968620723bf32e96764c88797714879
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699255 (not yet public)
@@ -3736,8 +3755,7 @@ CVE-2018-8803
RESERVED
CVE-2018-8802 (SQL injection vulnerability in the management interface in ePortal ...)
NOT-FOR-US: ePortal Manager in Unisys ClearPath MCP OS systems
-CVE-2018-8801
- RESERVED
+CVE-2018-8801 (GitLab Community and Enterprise Editions version 8.3 up to 10.x before ...)
- gitlab 10.5.6+dfsg-1 (bug #893905)
NOTE: https://about.gitlab.com/2018/03/20/critical-security-release-gitlab-10-dot-5-dot-6-released/
CVE-2018-8800
@@ -6675,6 +6693,7 @@ CVE-2018-7603
RESERVED
CVE-2018-7602 [SA-CORE-2018-004]
RESERVED
+ {DSA-4180-1}
- drupal7 <removed> (bug #896701)
NOTE: https://www.drupal.org/psa-2018-003
NOTE: https://www.drupal.org/sa-core-2018-004
@@ -23552,8 +23571,8 @@ CVE-2018-1365
RESERVED
CVE-2018-1364 (IBM Content Navigator 2.0 and 3.0 is vulnerable to a XML External ...)
NOT-FOR-US: IBM Content Navigator
-CVE-2018-1363
- RESERVED
+CVE-2018-1363 (IBM Jazz Reporting Service (JRS) 5.0 through 5.0.2 and 6.0 through ...)
+ TODO: check
CVE-2018-1362 (IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 ...)
NOT-FOR-US: IBM Curam Social Program Management
CVE-2018-1361 (IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site ...)
@@ -25054,8 +25073,7 @@ CVE-2018-1113
RESERVED
NOT-FOR-US: Red Hat specific CVE assignment for Red Hat / Fedora setups (nologin listed in /etc/shells violates security expectations)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1571094
-CVE-2018-1112 [glusterfs: auth.allow allows unauthenticated clients to mount gluster volumes (CVE-2018-1088 regression)]
- RESERVED
+CVE-2018-1112 (glusterfs server before versions 3.10.12, 4.0.2 is vulnerable when ...)
- glusterfs <not-affected> (Fix for CVE-2018-1088 was not applied/ incomplete fix not applied)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1570891
CVE-2018-1111
@@ -41646,16 +41664,16 @@ CVE-2017-12718 (A Classic Buffer Overflow issue was discovered in Smiths Medical
NOT-FOR-US: Smiths Medical Medfusion
CVE-2017-12717 (An Uncontrolled Search Path Element issue was discovered in Advantech ...)
NOT-FOR-US: Advantech WebAccess
-CVE-2017-12716
- RESERVED
+CVE-2017-12716 (Abbott Laboratories Accent and Anthem pacemakers manufactured prior to ...)
+ TODO: check
CVE-2017-12715
RESERVED
-CVE-2017-12714
- RESERVED
+CVE-2017-12714 (Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017 do ...)
+ TODO: check
CVE-2017-12713 (An Incorrect Permission Assignment for Critical Resource issue was ...)
NOT-FOR-US: Advantech WebAccess
-CVE-2017-12712
- RESERVED
+CVE-2017-12712 (The authentication algorithm in Abbott Laboratories pacemakers ...)
+ TODO: check
CVE-2017-12711 (An Incorrect Privilege Assignment issue was discovered in Advantech ...)
NOT-FOR-US: Advantech WebAccess
CVE-2017-12710 (A SQL Injection issue was discovered in Advantech WebAccess versions ...)
@@ -43409,9 +43427,11 @@ CVE-2017-12110 (An exploitable integer overflow vulnerability exists in the ...)
- r-cran-readxl 1.0.0-2 (bug #895564)
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0462
CVE-2017-12109 (An exploitable integer overflow vulnerability exists in the ...)
+ {DSA-4173-1}
- r-cran-readxl 1.0.0-2
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0461
CVE-2017-12108 (An exploitable integer overflow vulnerability exists in the ...)
+ {DSA-4173-1}
- r-cran-readxl 1.0.0-2
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0460
CVE-2017-12107 (An memory corruption vulnerability exists in the .PCX parsing ...)
@@ -56923,8 +56943,7 @@ CVE-2017-7654
RESERVED
CVE-2017-7653
RESERVED
-CVE-2017-7652
- RESERVED
+CVE-2017-7652 (In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running ...)
{DLA-1334-1}
- mosquitto 1.4.15-1
NOTE: Patches: https://mosquitto.org/files/cve/2017-7652
@@ -74734,8 +74753,8 @@ CVE-2017-1752
RESERVED
CVE-2017-1751 (IBM Robotic Process Automation with Automation Anywhere 10.0.0 is ...)
NOT-FOR-US: IBM Robotic Process Automation with Automation Anywhere
-CVE-2017-1750
- RESERVED
+CVE-2017-1750 (IBM Jazz Reporting Service (JRS) 5.0 through 5.0.2 and 6.0 through ...)
+ TODO: check
CVE-2017-1749
RESERVED
CVE-2017-1748
@@ -147050,8 +147069,8 @@ CVE-2014-5017 (SQL injection vulnerability in CPDB in ...)
- limesurvey <itp> (bug #472802)
CVE-2014-5016 (Multiple cross-site scripting (XSS) vulnerabilities in LimeSurvey ...)
- limesurvey <itp> (bug #472802)
-CVE-2014-5014
- RESERVED
+CVE-2014-5014 (The WordPress Flash Uploader plugin before 3.1.3 for WordPress allows ...)
+ TODO: check
CVE-2014-5013 [Remote Code Execution (complement of CVE-2014-2383)]
RESERVED
- php-dompdf 0.6.2+dfsg-1 (bug #813849)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7865cc0c2665c0c5a98ff04d00049fb4567205eb
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7865cc0c2665c0c5a98ff04d00049fb4567205eb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180425/361df5ff/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list