[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Thu Aug 2 09:10:20 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4a912bc7 by security tracker role at 2018-08-02T08:10:13Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,147 @@
+CVE-2018-14848
+	RESERVED
+CVE-2018-14847 (Winbox for MikroTik RouterOS through 6.42 allows remote attackers to ...)
+	TODO: check
+CVE-2018-14846
+	RESERVED
+CVE-2018-14845
+	RESERVED
+CVE-2018-14844
+	RESERVED
+CVE-2018-14843
+	RESERVED
+CVE-2018-14842
+	RESERVED
+CVE-2018-14841
+	RESERVED
+CVE-2018-14840 (uploads/.htaccess in Subrion CMS 4.2.1 allows XSS because it does not ...)
+	TODO: check
+CVE-2018-14839
+	RESERVED
+CVE-2018-14838 (rejucms 2.1 has stored XSS via the admin/book.php content parameter. ...)
+	TODO: check
+CVE-2018-14837
+	RESERVED
+CVE-2018-14836 (Subrion 4.2.1 is vulnerable to Improper Access control because user ...)
+	TODO: check
+CVE-2018-14835 (Subrion CMS v4.2.1 is vulnerable to Stored XSS because of no escaping ...)
+	TODO: check
+CVE-2018-14834
+	RESERVED
+CVE-2018-14833
+	RESERVED
+CVE-2018-14832
+	RESERVED
+CVE-2018-14831
+	RESERVED
+CVE-2018-14830
+	RESERVED
+CVE-2018-14829
+	RESERVED
+CVE-2018-14828
+	RESERVED
+CVE-2018-14827
+	RESERVED
+CVE-2018-14826
+	RESERVED
+CVE-2018-14825
+	RESERVED
+CVE-2018-14824
+	RESERVED
+CVE-2018-14823
+	RESERVED
+CVE-2018-14822
+	RESERVED
+CVE-2018-14821
+	RESERVED
+CVE-2018-14820
+	RESERVED
+CVE-2018-14819
+	RESERVED
+CVE-2018-14818
+	RESERVED
+CVE-2018-14817
+	RESERVED
+CVE-2018-14816
+	RESERVED
+CVE-2018-14815
+	RESERVED
+CVE-2018-14814
+	RESERVED
+CVE-2018-14813
+	RESERVED
+CVE-2018-14812
+	RESERVED
+CVE-2018-14811
+	RESERVED
+CVE-2018-14810
+	RESERVED
+CVE-2018-14809
+	RESERVED
+CVE-2018-14808
+	RESERVED
+CVE-2018-14807
+	RESERVED
+CVE-2018-14806
+	RESERVED
+CVE-2018-14805
+	RESERVED
+CVE-2018-14804
+	RESERVED
+CVE-2018-14803
+	RESERVED
+CVE-2018-14802
+	RESERVED
+CVE-2018-14801
+	RESERVED
+CVE-2018-14800
+	RESERVED
+CVE-2018-14799
+	RESERVED
+CVE-2018-14798
+	RESERVED
+CVE-2018-14797
+	RESERVED
+CVE-2018-14796
+	RESERVED
+CVE-2018-14795
+	RESERVED
+CVE-2018-14794
+	RESERVED
+CVE-2018-14793
+	RESERVED
+CVE-2018-14792
+	RESERVED
+CVE-2018-14791
+	RESERVED
+CVE-2018-14790
+	RESERVED
+CVE-2018-14789
+	RESERVED
+CVE-2018-14788
+	RESERVED
+CVE-2018-14787
+	RESERVED
+CVE-2018-14786
+	RESERVED
+CVE-2018-14785
+	RESERVED
+CVE-2018-14784
+	RESERVED
+CVE-2018-14783
+	RESERVED
+CVE-2018-14782
+	RESERVED
+CVE-2018-14781
+	RESERVED
+CVE-2018-14780
+	RESERVED
+CVE-2018-14779
+	RESERVED
+CVE-2018-14778
+	RESERVED
+CVE-2015-9262 (_XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows ...)
+	TODO: check
 CVE-2018-14777 (An issue was discovered in DataLife Engine (DLE) through 13.0. An ...)
 	TODO: check
 CVE-2018-1000631
@@ -5654,8 +5798,8 @@ CVE-2018-12470
 	RESERVED
 CVE-2018-12469
 	RESERVED
-CVE-2018-12468
-	RESERVED
+CVE-2018-12468 (A vulnerability in the administration console of Micro Focus GroupWise ...)
+	TODO: check
 CVE-2018-12467 (Authorized users of the openbuildservice before 2.9.4 could delete ...)
 	- open-build-service <undetermined>
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1100217
@@ -10584,8 +10728,8 @@ CVE-2018-10626
 	RESERVED
 CVE-2018-10625
 	RESERVED
-CVE-2018-10624
-	RESERVED
+CVE-2018-10624 (In Johnson Controls Metasys System Versions 8.0 and prior and BCPro ...)
+	TODO: check
 CVE-2018-10623 (Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 ...)
 	NOT-FOR-US: Delta Electronics Delta Industrial Automation DOPSoft
 CVE-2018-10622
@@ -28955,8 +29099,8 @@ CVE-2018-3941
 	RESERVED
 CVE-2018-3940
 	RESERVED
-CVE-2018-3939
-	RESERVED
+CVE-2018-3939 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
+	TODO: check
 CVE-2018-3938
 	RESERVED
 CVE-2018-3937
@@ -28985,8 +29129,8 @@ CVE-2018-3926
 	RESERVED
 CVE-2018-3925
 	RESERVED
-CVE-2018-3924
-	RESERVED
+CVE-2018-3924 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
+	TODO: check
 CVE-2018-3923 (A memory corruption vulnerability exists in the PCX-parsing ...)
 	TODO: check
 CVE-2018-3922 (A memory corruption vulnerability exists in the ANI-parsing ...)
@@ -29071,8 +29215,8 @@ CVE-2018-3883
 	RESERVED
 CVE-2018-3882
 	RESERVED
-CVE-2018-3881
-	RESERVED
+CVE-2018-3881 (An exploitable unauthenticated XML external injection vulnerability ...)
+	TODO: check
 CVE-2018-3880
 	RESERVED
 CVE-2018-3879
@@ -31926,6 +32070,7 @@ CVE-2018-3083
 CVE-2018-3082 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
 	NOT-FOR-US: Oracle MySQL 8
 CVE-2018-3081 (Vulnerability in the MySQL Client component of Oracle MySQL ...)
+	{DLA-1407-1}
 	- mariadb-10.1 1:10.1.34-1
 	- mariadb-10.0 <removed>
 	- mysql-5.7 <unfixed> (bug #904121)
@@ -40044,22 +40189,22 @@ CVE-2018-0415
 	RESERVED
 CVE-2018-0414
 	RESERVED
-CVE-2018-0413
-	RESERVED
+CVE-2018-0413 (A vulnerability in the web-based management interface of Cisco Identity ...)
+	TODO: check
 CVE-2018-0412
 	RESERVED
-CVE-2018-0411
-	RESERVED
+CVE-2018-0411 (A vulnerability in the web-based management interface of Cisco Unified ...)
+	TODO: check
 CVE-2018-0410
 	RESERVED
 CVE-2018-0409
 	RESERVED
-CVE-2018-0408
-	RESERVED
-CVE-2018-0407
-	RESERVED
-CVE-2018-0406
-	RESERVED
+CVE-2018-0408 (A vulnerability in the web-based management interface of Cisco Small ...)
+	TODO: check
+CVE-2018-0407 (A vulnerability in the web-based management interface of Cisco Small ...)
+	TODO: check
+CVE-2018-0406 (A vulnerability in the web-based management interface of Cisco Web ...)
+	TODO: check
 CVE-2018-0405
 	RESERVED
 CVE-2018-0404
@@ -40076,8 +40221,8 @@ CVE-2018-0399 (Multiple vulnerabilities in the web-based management interface of
 	NOT-FOR-US: Cisco
 CVE-2018-0398 (Multiple vulnerabilities in the web-based management interface of Cisco ...)
 	NOT-FOR-US: Cisco
-CVE-2018-0397
-	RESERVED
+CVE-2018-0397 (A vulnerability in Cisco AMP for Endpoints Mac Connector Software ...)
+	TODO: check
 CVE-2018-0396 (A vulnerability in the web framework of the Cisco Unified ...)
 	NOT-FOR-US: Cisco
 CVE-2018-0395
@@ -40088,8 +40233,8 @@ CVE-2018-0393 (A Read-Only User Effect Change vulnerability in the Policy Builde
 	NOT-FOR-US: Cisco
 CVE-2018-0392 (A vulnerability in the CLI of Cisco Policy Suite could allow an ...)
 	NOT-FOR-US: Cisco
-CVE-2018-0391
-	RESERVED
+CVE-2018-0391 (A vulnerability in the password change function of Cisco Prime ...)
+	TODO: check
 CVE-2018-0390 (A vulnerability in the web framework of Cisco Webex could allow an ...)
 	NOT-FOR-US: Cisco
 CVE-2018-0389



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4a912bc75e5e61a467b8c468fefbdbad21f3d3a1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4a912bc75e5e61a467b8c468fefbdbad21f3d3a1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180802/dbb54c74/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list