[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Apr 27 21:10:28 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2e59f85c by security tracker role at 2018-04-27T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,113 @@
+CVE-2018-10524
+ RESERVED
+CVE-2018-10523 (CMS Made Simple (CMSMS) through 2.2.7 contains a physical path leakage ...)
+ TODO: check
+CVE-2018-10522 (In CMS Made Simple (CMSMS) through 2.2.7, the "file view" operation in ...)
+ TODO: check
+CVE-2018-10521 (In CMS Made Simple (CMSMS) through 2.2.7, the "file move" operation in ...)
+ TODO: check
+CVE-2018-10520 (In CMS Made Simple (CMSMS) through 2.2.7, the "module remove" operation ...)
+ TODO: check
+CVE-2018-10519 (CMS Made Simple (CMSMS) 2.2.7 contains a privilege escalation ...)
+ TODO: check
+CVE-2018-10518 (In CMS Made Simple (CMSMS) through 2.2.7, the "file delete" operation ...)
+ TODO: check
+CVE-2018-10517 (In CMS Made Simple (CMSMS) through 2.2.7, the "module import" operation ...)
+ TODO: check
+CVE-2018-10516 (In CMS Made Simple (CMSMS) through 2.2.7, the "file rename" operation ...)
+ TODO: check
+CVE-2018-10515 (In CMS Made Simple (CMSMS) through 2.2.7, the "file unpack" operation ...)
+ TODO: check
+CVE-2018-10514
+ RESERVED
+CVE-2018-10513
+ RESERVED
+CVE-2018-10512
+ RESERVED
+CVE-2018-10511
+ RESERVED
+CVE-2018-10510
+ RESERVED
+CVE-2018-10509
+ RESERVED
+CVE-2018-10508
+ RESERVED
+CVE-2018-10507
+ RESERVED
+CVE-2018-10506
+ RESERVED
+CVE-2018-10505
+ RESERVED
+CVE-2018-10504 (The WebDorado "Form Maker by WD" plugin before 1.12.24 for WordPress ...)
+ TODO: check
+CVE-2018-10503 (An issue was discovered in index.php in baijiacms V4 v4_1_4_20170105. ...)
+ TODO: check
+CVE-2018-10502
+ RESERVED
+CVE-2018-10501
+ RESERVED
+CVE-2018-10500
+ RESERVED
+CVE-2018-10499
+ RESERVED
+CVE-2018-10498
+ RESERVED
+CVE-2018-10497
+ RESERVED
+CVE-2018-10496
+ RESERVED
+CVE-2018-10495
+ RESERVED
+CVE-2018-10494
+ RESERVED
+CVE-2018-10493
+ RESERVED
+CVE-2018-10492
+ RESERVED
+CVE-2018-10491
+ RESERVED
+CVE-2018-10490
+ RESERVED
+CVE-2018-10489
+ RESERVED
+CVE-2018-10488
+ RESERVED
+CVE-2018-10487
+ RESERVED
+CVE-2018-10486
+ RESERVED
+CVE-2018-10485
+ RESERVED
+CVE-2018-10484
+ RESERVED
+CVE-2018-10483
+ RESERVED
+CVE-2018-10482
+ RESERVED
+CVE-2018-10481
+ RESERVED
+CVE-2018-10480
+ RESERVED
+CVE-2018-10479
+ RESERVED
+CVE-2018-10478
+ RESERVED
+CVE-2018-10477
+ RESERVED
+CVE-2018-10476
+ RESERVED
+CVE-2018-10475
+ RESERVED
+CVE-2018-10474
+ RESERVED
+CVE-2018-10473
+ RESERVED
+CVE-2018-10470
+ RESERVED
+CVE-2018-10469 (b3log Symphony (aka Sym) 2.6.0 allows remote attackers to upload and ...)
+ TODO: check
+CVE-2018-10468
+ RESERVED
CVE-2018-10467
RESERVED
CVE-2018-10466
@@ -70,10 +180,10 @@ CVE-2018-10433
RESERVED
CVE-2017-18262
RESERVED
-CVE-2018-10471 [XSA-259: x86: PV guest may crash Xen with XPTI]
+CVE-2018-10471 (An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS ...)
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-259.html
-CVE-2018-10472 [XSA-258: Information leak via crafted user-supplied CDROM]
+CVE-2018-10472 (An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS ...)
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-258.html
CVE-2018-10432
@@ -1453,6 +1563,7 @@ CVE-2018-9848 (In Gxlcms QY v1.0.0713, the upload function in ...)
CVE-2018-9847 (In Gxlcms QY v1.0.0713, the update function in ...)
NOT-FOR-US: Gxlcms QY
CVE-2018-9846 (In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin ...)
+ {DSA-4181-1}
- roundcube 1.3.6+dfsg.1-1 (bug #895184)
[wheezy] - roundcube <not-affected> (Vulnerable code not present in archive.php)
NOTE: https://github.com/roundcube/roundcubemail/issues/6238
@@ -1521,10 +1632,12 @@ CVE-2018-10101 (Before WordPress 4.9.5, the URL validator assumed URLs with the
NOTE: https://github.com/WordPress/WordPress/commit/804363859602d4050d9a38a21f5a65d9aec18216
NOTE: Introduced via https://github.com/WordPress/WordPress/commit/c73a812109e1a64ecf21b6a198f949c58d1f2674 (4.5)
CVE-2018-10100 (Before WordPress 4.9.5, the redirection URL for the login page was not ...)
+ {DLA-1366-1}
- wordpress 4.9.5+dfsg1-1 (bug #895034)
NOTE: https://core.trac.wordpress.org/changeset/42892
NOTE: https://github.com/WordPress/WordPress/commit/14bc2c0a6fde0da04b47130707e01df850eedc7e
CVE-2018-10102 (Before WordPress 4.9.5, the version string was not escaped in the ...)
+ {DLA-1366-1}
- wordpress 4.9.5+dfsg1-1 (bug #895034)
NOTE: https://core.trac.wordpress.org/changeset/42893
NOTE: https://github.com/WordPress/WordPress/commit/31a4369366d6b8ce30045d4c838de2412c77850d
@@ -6676,8 +6789,8 @@ CVE-2018-7671
RESERVED
CVE-2018-7670
RESERVED
-CVE-2018-7669
- RESERVED
+CVE-2018-7669 (An issue was discovered in Sitecore Sitecore.NET 8.1 rev. 151207 ...)
+ TODO: check
CVE-2018-7668 (TestLink through 1.9.16 allows remote attackers to read arbitrary ...)
NOT-FOR-US: TestLink
CVE-2018-7667 (Adminer through 4.3.1 has SSRF via the server parameter. ...)
@@ -23554,24 +23667,24 @@ CVE-2018-1481
RESERVED
CVE-2018-1480
RESERVED
-CVE-2018-1479
- RESERVED
+CVE-2018-1479 (IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site request ...)
+ TODO: check
CVE-2018-1478
RESERVED
CVE-2018-1477
RESERVED
CVE-2018-1476
RESERVED
-CVE-2018-1475
- RESERVED
+CVE-2018-1475 (IBM BigFix Platform 9.2 and 9.5 uses an inadequate account lockout ...)
+ TODO: check
CVE-2018-1474
RESERVED
-CVE-2018-1473
- RESERVED
+CVE-2018-1473 (IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scripting. ...)
+ TODO: check
CVE-2018-1472
RESERVED
-CVE-2018-1471
- RESERVED
+CVE-2018-1471 (IBM BigFix Platform 9.2 and 9.5 stores user credentials in plain in ...)
+ TODO: check
CVE-2018-1470
RESERVED
CVE-2018-1469 (IBM API Connect Developer Portal 5.0.0.0 through 5.0.8.2 could allow ...)
@@ -76282,8 +76395,8 @@ CVE-2017-1118 (IBM WebSphere MQ Internet Pass-Thru 2.0 and 2.1 could allow n att
NOT-FOR-US: IBM
CVE-2017-1117 (IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to ...)
NOT-FOR-US: IBM
-CVE-2017-1116
- RESERVED
+CVE-2017-1116 (IBM Campaign 8.6, 9.0, 9.1, 9.1.1, 9.1.2, and 10.0 contains excessive ...)
+ TODO: check
CVE-2017-1115
RESERVED
CVE-2017-1114
@@ -78588,7 +78701,7 @@ CVE-2016-9602 (Qemu before version 2.9 is vulnerable to an improper link followi
NOTE: If fixing this issue for older suites, then make sure not to open the
NOTE: CVE-2017-7471 vulnerability and apply as well 9c6b899f7a46893ab3b671e341a2234e9c0c060e
NOTE: See further details in the CVE-2017-7471 tracker entry.
-CVE-2016-9601 (ghostscript before version 0.14 is vulnerable to a heap based buffer ...)
+CVE-2016-9601 (ghostscript before version 9.21 is vulnerable to a heap based buffer ...)
{DSA-3817-1 DLA-874-1}
- jbig2dec 0.13-4 (bug #850497)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697457
@@ -129750,8 +129863,8 @@ CVE-2015-1858 (Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtB
- qtbase-opensource-src 5.3.2+dfsg-5 (bug #783134)
[jessie] - qtbase-opensource-src 5.3.2+dfsg-4+deb8u1
NOTE: http://lists.qt-project.org/pipermail/announce/2015-April/000067.html
-CVE-2015-1857
- RESERVED
+CVE-2015-1857 (The odl-mdsal-apidocs feature in OpenDaylight Helium allow remote ...)
+ TODO: check
CVE-2015-1856 (OpenStack Object Storage (Swift) before 2.3.0, when allow_version is ...)
- swift 2.2.0-2 (bug #783163)
[jessie] - swift 2.2.0-1+deb8u1
@@ -154001,8 +154114,8 @@ CVE-2014-2553 (Cross-site scripting (XSS) vulnerability in Open Ticket Request S
{DLA-1119-1}
- otrs2 3.3.6-1
[squeeze] - otrs2 <no-dsa> (Minor issue)
-CVE-2014-2552
- RESERVED
+CVE-2014-2552 (Brookins Consulting (BC) Collected Information Export extension for eZ ...)
+ TODO: check
CVE-2014-2551
RESERVED
CVE-2014-2550 (Cross-site request forgery (CSRF) vulnerability in the Disable ...)
@@ -156038,14 +156151,12 @@ CVE-2014-1831 (Phusion Passenger before 4.0.37 allows local users to write to ce
CVE-2001-1593 (The tempname_ensure function in lib/routines.h in a2ps 4.14 and ...)
{DSA-2892-1}
- a2ps 1:4.14-1.2 (low; bug #737385)
-CVE-2014-1845 [hardening to the defaults]
- RESERVED
+CVE-2014-1845 (An unspecified setuid root helper in Enlightenment before 0.17.6 ...)
- e17 0.17.3-3 (bug #737705)
NOTE: https://git.enlightenment.org/core/enlightenment.git/commit/?id=ea605237bb64ee09341121461b3d2c0f5dbe832d
NOTE: https://git.enlightenment.org/core/enlightenment.git/commit/?id=126afd0fda493deec8398088e6e928b4d2e5f463
NOTE: https://git.enlightenment.org/core/enlightenment.git/commit/?id=8cabf2708520539cf25ca0a876f9c044f6d56a77
-CVE-2014-1846 [hardening to the defaults]
- RESERVED
+CVE-2014-1846 (Enlightenment before 0.17.6 might allow local users to gain privileges ...)
- e17 0.17.3-3 (bug #737705)
NOTE: https://git.enlightenment.org/core/enlightenment.git/commit/?id=ea605237bb64ee09341121461b3d2c0f5dbe832d
NOTE: https://git.enlightenment.org/core/enlightenment.git/commit/?id=126afd0fda493deec8398088e6e928b4d2e5f463
@@ -158462,8 +158573,8 @@ CVE-2014-0843 (Cross-site scripting (XSS) vulnerability in IBM Rational Focal Po
NOT-FOR-US: IBM Rational Focal Point
CVE-2014-0842 (The account-creation functionality in IBM Rational Focal Point 6.4.x ...)
NOT-FOR-US: IBM Rational Focal Point
-CVE-2014-0841
- RESERVED
+CVE-2014-0841 (IBM Rational Focal Point 6.4.0, 6.4.1, 6.5.1, 6.5.2, and 6.6.0 use a ...)
+ TODO: check
CVE-2014-0840 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Rational ...)
NOT-FOR-US: IBM Rational Focal Point
CVE-2014-0839 (IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x ...)
@@ -159163,10 +159274,10 @@ CVE-2013-7206
RESERVED
CVE-2013-7204 (Cross-site request forgery (CSRF) vulnerability in set_users.cgi in ...)
NOT-FOR-US: Conceptronic CIPCAMPTIWL Camera
-CVE-2013-7202
- RESERVED
-CVE-2013-7201
- RESERVED
+CVE-2013-7202 (The WebHybridClient class in PayPal 5.3 and earlier for Android allows ...)
+ TODO: check
+CVE-2013-7201 (WebHybridClient.java in PayPal 5.3 and earlier for Android ignores SSL ...)
+ TODO: check
CVE-2013-7200
RESERVED
CVE-2013-7199
@@ -162213,8 +162324,8 @@ CVE-2013-6741 (IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-083
NOT-FOR-US: IBM Maximo Asset Management and others
CVE-2013-6740
RESERVED
-CVE-2013-6739
- RESERVED
+CVE-2013-6739 (IBM SPSS Modeler before 16 on UNIX allows remote authenticated users ...)
+ TODO: check
CVE-2013-6738 (Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics ...)
NOT-FOR-US: IBM
CVE-2013-6737 (IBM System Storage Storwize V7000 Unified 1.3.x and 1.4.x before ...)
@@ -165685,8 +165796,8 @@ CVE-2013-5463 (The WinCollect agent in IBM Security QRadar SIEM before 7.1.1.569
NOT-FOR-US: IBM Security QRadar SIEM
CVE-2013-5462 (IBM/ECMClient/configure/explodedformat/navigator/header.jsp in IBM ...)
NOT-FOR-US: IBM
-CVE-2013-5461
- RESERVED
+CVE-2013-5461 (IBM Endpoint Manager for Remote Control 9.0.0 and 9.0.1 and Tivoli ...)
+ TODO: check
CVE-2013-5460 (IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control ...)
NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-5459 (Unspecified vulnerability in IBM Rational Software Architect (RSA) ...)
@@ -165825,8 +165936,8 @@ CVE-2013-5393 (The monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.
NOT-FOR-US: IBM WebSphere eXtreme Scale
CVE-2013-5392
RESERVED
-CVE-2013-5391
- RESERVED
+CVE-2013-5391 (IBM Worklight Consumer and Enterprise Editions 5.0.x before 5.0.6 Fix ...)
+ TODO: check
CVE-2013-5390 (Cross-site scripting (XSS) vulnerability in the monitoring console in ...)
NOT-FOR-US: IBM WebSphere eXtreme Scale
CVE-2013-5389 (Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.3 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2e59f85c3d3075c83d97285933d6b63b51c039a8
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2e59f85c3d3075c83d97285933d6b63b51c039a8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180427/b6419307/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list