[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Apr 26 21:10:27 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
50cba2c1 by security tracker role at 2018-04-26T20:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,13 @@
+CVE-2018-10432
+ RESERVED
+CVE-2018-10431 (D-Link DIR-615 2.5.17 devices allow Remote Code Execution via shell ...)
+ TODO: check
+CVE-2018-10430 (An issue was discovered in DiliCMS (aka DiligentCMS) 2.4.0. There is a ...)
+ TODO: check
+CVE-2018-10429 (Cosmo 1.0.0Beta6 allows attackers to execute arbitrary PHP code via the ...)
+ TODO: check
+CVE-2018-10428
+ RESERVED
CVE-2018-10427
RESERVED
CVE-2018-10426
@@ -5551,8 +5561,8 @@ CVE-2018-8074 (Yii 2.x before 2.0.15 allows remote attackers to inject unintende
- yii <itp> (bug #597899)
CVE-2018-8073 (Yii 2.x before 2.0.15 allows remote attackers to execute arbitrary LUA ...)
- yii <itp> (bug #597899)
-CVE-2018-8072
- RESERVED
+CVE-2018-8072 (An issue was discovered on EDIMAX IC-3140W through 3.06, IC-5150W ...)
+ TODO: check
CVE-2018-8071 (Mautic before v2.13.0 has stored XSS via a theme config file. ...)
NOT-FOR-US: Mautic
CVE-2018-8070 (QCMS version 3.0 has XSS via the title parameter to the ...)
@@ -6802,7 +6812,7 @@ CVE-2018-7603
RESERVED
CVE-2018-7602 [SA-CORE-2018-004]
RESERVED
- {DSA-4180-1}
+ {DSA-4180-1 DLA-1365-1}
- drupal7 <removed> (bug #896701)
NOTE: https://www.drupal.org/psa-2018-003
NOTE: https://www.drupal.org/sa-core-2018-004
@@ -7324,8 +7334,8 @@ CVE-2018-7467 (AxxonSoft Axxon Next has Directory Traversal via an initial /css/
NOT-FOR-US: AxxonSoft Axxon Next
CVE-2018-7466 (install/installNewDB.php in TestLink through 1.9.16 allows remote ...)
NOT-FOR-US: TestLink
-CVE-2018-7465
- RESERVED
+CVE-2018-7465 (An XSS issue was discovered in VirtueMart before 3.2.14. All the ...)
+ TODO: check
CVE-2018-7464
RESERVED
CVE-2018-7463 (SQL injection vulnerability in files.php in the "files" component in ...)
@@ -10275,8 +10285,8 @@ CVE-2018-6519 (The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before
NOTE: The issue lies in the simplesamlphp/saml2 part, which is
NOTE: updated in 1.15.2 to the respective fixed version.
NOTE: https://github.com/simplesamlphp/saml2/commit/726404bf7b4085a9eb9c9a869af1ecc146bd8f6d
-CVE-2018-6518
- RESERVED
+CVE-2018-6518 (Composr CMS 10.0.13 has XSS via the site_name parameter in a ...)
+ TODO: check
CVE-2018-6517
RESERVED
CVE-2018-6516
@@ -23574,8 +23584,8 @@ CVE-2018-1420
RESERVED
CVE-2018-1419
RESERVED
-CVE-2018-1418
- RESERVED
+CVE-2018-1418 (IBM Security QRadar SIEM 7.2 and 7.3 could allow a user to bypass ...)
+ TODO: check
CVE-2018-1417 (Under certain circumstances, a flaw in the J9 JVM (IBM SDK, Java ...)
NOT-FOR-US: IBM Runtimes for Java Technology
CVE-2018-1416 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to ...)
@@ -25332,8 +25342,8 @@ CVE-2018-1076
RESERVED
CVE-2018-1075
RESERVED
-CVE-2018-1074
- RESERVED
+CVE-2018-1074 (ovirt-engine API and administration web portal before versions ...)
+ TODO: check
CVE-2018-1073
RESERVED
CVE-2018-1072
@@ -32584,8 +32594,8 @@ CVE-2017-15693 (In Apache Geode before v1.4.0, the Geode server stores applicati
NOT-FOR-US: Apache Geode
CVE-2017-15692 (In Apache Geode before v1.4.0, the TcpServer within the Geode locator ...)
NOT-FOR-US: Apache Geode
-CVE-2017-15691
- RESERVED
+CVE-2017-15691 (In Apache uimaj prior to 2.10.2, Apache uimaj 3.0.0-xxx prior to ...)
+ TODO: check
CVE-2017-15924 (In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing ...)
{DSA-4009-1}
- shadowsocks-libev 3.1.0+ds-2
@@ -35555,8 +35565,8 @@ CVE-2017-14741 (The ReadCAPTIONImage function in coders/caption.c in ImageMagick
NOTE: https://github.com/ImageMagick/ImageMagick/issues/771
NOTE: https://github.com/ImageMagick/ImageMagick/commit/7d8e14899c562157c7760a77fc91625a27cb596f
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/bb11d07139efe0f5e4ce0e4afda32abdbe82fa9d
-CVE-2017-14740
- RESERVED
+CVE-2017-14740 (Cross-site scripting (XSS) vulnerability in GeniXCMS 1.1.0 allows ...)
+ TODO: check
CVE-2017-14739 (The AcquireResampleFilterThreadSet function in ...)
{DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878547)
@@ -37837,8 +37847,8 @@ CVE-2017-14012
RESERVED
CVE-2017-14011 (A Cross-Site Request Forgery issue was discovered in ProMinent ...)
NOT-FOR-US: ProMinent MultiFLEX M10a Controller
-CVE-2017-14010
- RESERVED
+CVE-2017-14010 (An uncontrolled search path element vulnerability has been identified ...)
+ TODO: check
CVE-2017-14009 (An Information Exposure issue was discovered in ProMinent MultiFLEX ...)
NOT-FOR-US: ProMinent MultiFLEX M10a Controller
CVE-2017-14008 (GE Centricity PACS RA1000, diagnostic image analysis, all current ...)
@@ -51923,8 +51933,8 @@ CVE-2017-9286 (The packaging of NextCloud in openSUSE used /srv/www/htdocs in an
NOT-FOR-US: OpenSUSE specific packaging issue of NextCloud
CVE-2017-9285 (NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions ...)
NOT-FOR-US: NetIQ eDirectory
-CVE-2017-9284
- RESERVED
+CVE-2017-9284 (IDM 4.6 Identity Applications prior to 4.6.2.1 may expose sensitive ...)
+ TODO: check
CVE-2017-9283 (An out-of-bounds read (CWE-125) vulnerability exists in Micro Focus ...)
NOT-FOR-US: Micro Focus VisiBroker
CVE-2017-9282 (An integer overflow (CWE-190) led to an out-of-bounds write (CWE-787) ...)
@@ -51941,8 +51951,8 @@ CVE-2017-9277 (The LDAP backend in Novell eDirectory before 9.0 SP4 when switche
NOT-FOR-US: Novell eDirectory
CVE-2017-9276 (Novell Access Manager iManager before 4.3.3 did not validate ...)
NOT-FOR-US: Novell Access Manager iManager
-CVE-2017-9275
- RESERVED
+CVE-2017-9275 (NetIQ Identity Reporting, in versions prior to 5.5 Service Pack 1, is ...)
+ TODO: check
CVE-2017-9274 (A shell command injection in the obs-service-source_validator before ...)
- osc 0.162.1-1 (bug #887391)
[stretch] - osc <no-dsa> (Minor issue)
@@ -74935,14 +74945,14 @@ CVE-2017-1726
RESERVED
CVE-2017-1725 (IBM Jazz Team Server affecting the following IBM Rational Products: ...)
NOT-FOR-US: IBM
-CVE-2017-1724
- RESERVED
-CVE-2017-1723
- RESERVED
-CVE-2017-1722
- RESERVED
-CVE-2017-1721
- RESERVED
+CVE-2017-1724 (IBM Security QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site ...)
+ TODO: check
+CVE-2017-1723 (IBM Security QRadar SIEM 7.2 and 7.3 could allow a remote attacker to ...)
+ TODO: check
+CVE-2017-1722 (IBM Security QRadar SIEM 7.2 and 7.3 is vulnerable to SQL injection. A ...)
+ TODO: check
+CVE-2017-1721 (IBM Security QRadar SIEM 7.2 and 7.3 could allow an unauthenticated ...)
+ TODO: check
CVE-2017-1720 (IBM Notes 8.5 and 9.0 could allow a local attacker to execute ...)
NOT-FOR-US: IBM Notes
CVE-2017-1719
@@ -78445,8 +78455,7 @@ CVE-2016-9603 [cirrus: heap buffer overflow via vnc connection]
NOTE: https://xenbits.xen.org/xsa/advisory-211.html
NOTE: http://www.openwall.com/lists/oss-security/2017/03/14/2
NOTE: Upstream patch http://git.qemu-project.org/?p=qemu.git;a=commit;h=50628d3479e4f9aa97e323506856e394fe7ad7a6
-CVE-2016-9602 [9p: virtfs allows guest to access host filesystem]
- RESERVED
+CVE-2016-9602 (Qemu before version 2.9 is vulnerable to an improper link following ...)
{DLA-1035-1 DLA-965-1}
- qemu 1:2.8+dfsg-3 (bug #853006)
[jessie] - qemu <no-dsa> (Minor issue)
@@ -78496,8 +78505,7 @@ CVE-2016-9591 (JasPer before version 2.0.12 is vulnerable to a use-after-free in
- jasper <removed>
NOTE: https://github.com/mdadams/jasper/issues/105
NOTE: Fixed by: https://github.com/mdadams/jasper/commit/03fe49ab96bf65fea784cdc256507ea88267fc7c
-CVE-2016-9590
- RESERVED
+CVE-2016-9590 (puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an ...)
- puppet-module-swift 9.4.4-1 (bug #851293)
CVE-2016-9589 (Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable ...)
NOT-FOR-US: Red Hat specific use of undertow in Wildfly
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/50cba2c155f1f3307896a3f64fc2ca36b36a70e5
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/50cba2c155f1f3307896a3f64fc2ca36b36a70e5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180426/30a36b37/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list