[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Mon Aug 6 21:10:32 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
10c2b474 by security tracker role at 2018-08-06T20:10:24Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,19 @@
+CVE-2018-15127
+	RESERVED
+CVE-2018-15126
+	RESERVED
+CVE-2018-15125
+	RESERVED
+CVE-2018-15124
+	RESERVED
+CVE-2018-15123
+	RESERVED
+CVE-2018-15122
+	RESERVED
+CVE-2018-15121
+	RESERVED
+CVE-2018-15120
+	RESERVED
 CVE-2018-15119
 	RESERVED
 CVE-2018-15118
@@ -280,44 +296,44 @@ CVE-2018-14980
 	RESERVED
 CVE-2018-14979
 	RESERVED
-CVE-2018-14978
-	RESERVED
-CVE-2018-14977
-	RESERVED
-CVE-2018-14976
-	RESERVED
-CVE-2018-14975
-	RESERVED
-CVE-2018-14974
-	RESERVED
-CVE-2018-14973
-	RESERVED
-CVE-2018-14972
-	RESERVED
-CVE-2018-14971
-	RESERVED
-CVE-2018-14970
-	RESERVED
-CVE-2018-14969
-	RESERVED
-CVE-2018-14968
-	RESERVED
-CVE-2018-14967
-	RESERVED
-CVE-2018-14966
-	RESERVED
-CVE-2018-14965
-	RESERVED
-CVE-2018-14964
-	RESERVED
-CVE-2018-14963
-	RESERVED
-CVE-2018-14962
-	RESERVED
-CVE-2018-14961
-	RESERVED
-CVE-2018-14960
-	RESERVED
+CVE-2018-14978 (An issue was discovered in QCMS 3.0.1. CSRF exists via the ...)
+	TODO: check
+CVE-2018-14977 (An issue was discovered in QCMS 3.0.1. ...)
+	TODO: check
+CVE-2018-14976 (An issue was discovered in QCMS 3.0.1. ...)
+	TODO: check
+CVE-2018-14975 (An issue was discovered in QCMS 3.0.1. ...)
+	TODO: check
+CVE-2018-14974 (An issue was discovered in QCMS 3.0.1. ...)
+	TODO: check
+CVE-2018-14973 (An issue was discovered in QCMS 3.0.1. ...)
+	TODO: check
+CVE-2018-14972 (An issue was discovered in QCMS 3.0.1. ...)
+	TODO: check
+CVE-2018-14971 (An issue was discovered in QCMS 3.0.1. ...)
+	TODO: check
+CVE-2018-14970 (An issue was discovered in QCMS 3.0.1. ...)
+	TODO: check
+CVE-2018-14969 (An issue was discovered in QCMS 3.0.1. ...)
+	TODO: check
+CVE-2018-14968 (An issue was discovered in EMLsoft 5.4.5. ...)
+	TODO: check
+CVE-2018-14967 (An issue was discovered in EMLsoft 5.4.5. ...)
+	TODO: check
+CVE-2018-14966 (An issue was discovered in EMLsoft 5.4.5. The ...)
+	TODO: check
+CVE-2018-14965 (An issue was discovered in EMLsoft 5.4.5. The ...)
+	TODO: check
+CVE-2018-14964 (An issue was discovered in EMLsoft 5.4.5. XSS exists via the ...)
+	TODO: check
+CVE-2018-14963 (zzcms 8.3 has CSRF via the admin/adminadd.php?action=add URI. ...)
+	TODO: check
+CVE-2018-14962 (zzcms 8.3 has stored XSS related to the content variable in ...)
+	TODO: check
+CVE-2018-14961 (dl/dl_sendmail.php in zzcms 8.3 has SQL Injection via the sql ...)
+	TODO: check
+CVE-2018-14960 (Xiao5uCompany 1.7 has CSRF via admin/Admin.asp. ...)
+	TODO: check
 CVE-2018-14959 (An issue was discovered in WeaselCMS v0.3.5. CSRF can create new pages ...)
 	NOT-FOR-US: WeaselCMS
 CVE-2018-14958 (An issue was discovered in WeaselCMS v0.3.5. CSRF can update the ...)
@@ -1006,22 +1022,22 @@ CVE-2018-14669
 CVE-2018-14668
 	RESERVED
 CVE-2018-14679 (An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. ...)
-	{DSA-4260-1}
+	{DSA-4260-1 DLA-1460-1}
 	- libmspack 0.7-1 (bug #904802)
 	NOTE: https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a
 	NOTE: http://www.openwall.com/lists/oss-security/2018/07/26/1
 CVE-2018-14680 (An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. ...)
-	{DSA-4260-1}
+	{DSA-4260-1 DLA-1460-1}
 	- libmspack 0.7-1 (bug #904801)
 	NOTE: https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a
 	NOTE: http://www.openwall.com/lists/oss-security/2018/07/26/1
 CVE-2018-14682 (An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. ...)
-	{DSA-4260-1}
+	{DSA-4260-1 DLA-1460-1}
 	- libmspack 0.7-1 (bug #904800)
 	NOTE: https://github.com/kyz/libmspack/commit/4fd9ccaa54e1aebde1e4b95fb0163b699fd7bcc8
 	NOTE: http://www.openwall.com/lists/oss-security/2018/07/26/1
 CVE-2018-14681 (An issue was discovered in kwajd_read_headers in mspack/kwajd.c in ...)
-	{DSA-4260-1}
+	{DSA-4260-1 DLA-1460-1}
 	- libmspack 0.7-1 (bug #904799)
 	NOTE: https://github.com/kyz/libmspack/commit/0b0ef9344255ff5acfac6b7af09198ac9c9756c8
 	NOTE: http://www.openwall.com/lists/oss-security/2018/07/26/1
@@ -4107,6 +4123,7 @@ CVE-2018-13406 (An integer overflow in the uvesafb_setcmap function in ...)
 	- linux 4.17.6-1
 	NOTE: https://git.kernel.org/linus/9f645bcc566a1e9f921bdae7528a01ced5bc3713
 CVE-2018-13405 (The inode_init_owner function in fs/inode.c in the Linux kernel through ...)
+	{DSA-4266-1}
 	- linux 4.17.6-1
 	[jessie] - linux-4.9 <unfixed>
 	NOTE: https://git.kernel.org/linus/0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7
@@ -26194,6 +26211,7 @@ CVE-2018-5391
 	RESERVED
 CVE-2018-5390 [Linux Kernel TCP implementation vulnerable to Denial of Service]
 	RESERVED
+	{DSA-4266-1}
 	- linux <unfixed>
 	[jessie] - linux <not-affected> (Vulnerable code introduced later)
 	NOTE: https://www.kb.cert.org/vuls/id/962459
@@ -36289,8 +36307,8 @@ CVE-2018-1553 (IBM WebSphere Application Server Liberty prior to 18.0.0.2 could 
 	NOT-FOR-US: IBM
 CVE-2018-1552
 	RESERVED
-CVE-2018-1551
-	RESERVED
+CVE-2018-1551 (IBM WebSphere MQ 8.0.0.2 through 8.0.0.8 and 9.0.0.0 through 9.0.0.3 ...)
+	TODO: check
 CVE-2018-1550
 	RESERVED
 CVE-2018-1549 (IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 ...)
@@ -36335,8 +36353,8 @@ CVE-2018-1530
 	RESERVED
 CVE-2018-1529 (IBM Rational DOORS Next Generation 5.0 through 5.0.2, 6.0 through ...)
 	NOT-FOR-US: IBM Rational DOORS Next Generation
-CVE-2018-1528
-	RESERVED
+CVE-2018-1528 (IBM Maximo Asset Management 7.6 through 7.6.3 could allow an ...)
+	TODO: check
 CVE-2018-1527
 	RESERVED
 CVE-2018-1526
@@ -36547,8 +36565,8 @@ CVE-2018-1424
 	RESERVED
 CVE-2018-1423 (IBM Jazz Foundation products could disclose sensitive information to ...)
 	NOT-FOR-US: IBM
-CVE-2018-1422
-	RESERVED
+CVE-2018-1422 (IBM Jazz Foundation products (IBM Rational DOORS Next Generation 5.0 ...)
+	TODO: check
 CVE-2018-1421 (IBM WebSphere DataPower Appliances 7.1, 7.2, 7.5, 7.5.1, 7.5.2, and ...)
 	NOT-FOR-US: IBM WebSphere DataPower Appliances
 CVE-2018-1420
@@ -49791,8 +49809,8 @@ CVE-2017-14448 (An exploitable code execution vulnerability exists in the XCF im
 	- sdl-image1.2 1.2.12-8
 	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0497
 	NOTE: https://hg.libsdl.org/SDL_image/rev/7df1580f1695
-CVE-2017-14447
-	RESERVED
+CVE-2017-14447 (An exploitable buffer overflow vulnerability exists in the PubNub ...)
+	TODO: check
 CVE-2017-14446 (An exploitable stack-based buffer overflow vulnerability exists in ...)
 	NOT-FOR-US: Insteon Hub
 CVE-2017-14445 (An exploitable buffer overflow vulnerability exists in Insteon Hub ...)
@@ -55391,8 +55409,7 @@ CVE-2017-12616 (When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.8
 	NOTE: https://svn.apache.org/r1804729
 CVE-2017-12615 (When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs ...)
 	- tomcat7 <not-affected> (Windows-specific)
-CVE-2017-12614
-	RESERVED
+CVE-2017-12614 (It was noticed an XSS in certain 404 pages that could be exploited to ...)
 	NOT-FOR-US: Apache Airflow
 CVE-2017-12613 (When apr_time_exp*() or apr_os_exp_time*() functions are invoked with ...)
 	{DLA-1162-1}
@@ -72971,8 +72988,7 @@ CVE-2017-6921 [File REST resource does not properly validate]
 	RESERVED
 	- drupal8 <itp> (bug #756305)
 	NOTE: https://www.drupal.org/SA-CORE-2017-003
-CVE-2017-6920 [PECL YAML parser unsafe object handling]
-	RESERVED
+CVE-2017-6920 (Drupal core 8 before versions 8.3.4 allows remote attackers to execute ...)
 	- drupal8 <itp> (bug #756305)
 	NOTE: https://www.drupal.org/SA-CORE-2017-003
 CVE-2017-6919 (Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access ...)
@@ -88031,8 +88047,8 @@ CVE-2017-1757 (IBM Security Guardium 10.0 is vulnerable to SQL injection. A remo
 	NOT-FOR-US: IBM Security Guardium
 CVE-2017-1756 (IBM Business Process Manager 8.6 allows web pages to be stored locally ...)
 	NOT-FOR-US: IBM
-CVE-2017-1755
-	RESERVED
+CVE-2017-1755 (IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 ...)
+	TODO: check
 CVE-2017-1754
 	RESERVED
 CVE-2017-1753
@@ -88717,14 +88733,14 @@ CVE-2017-1414
 	RESERVED
 CVE-2017-1413
 	RESERVED
-CVE-2017-1412
-	RESERVED
-CVE-2017-1411
-	RESERVED
+CVE-2017-1412 (IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 ...)
+	TODO: check
+CVE-2017-1411 (IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 ...)
+	TODO: check
 CVE-2017-1410
 	RESERVED
-CVE-2017-1409
-	RESERVED
+CVE-2017-1409 (IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 ...)
+	TODO: check
 CVE-2017-1408
 	RESERVED
 CVE-2017-1407 (IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could ...)
@@ -88749,8 +88765,8 @@ CVE-2017-1398 (IBM WebSphere Commerce Enterprise, Professional, Express, and ...
 	NOT-FOR-US: IBM
 CVE-2017-1397
 	RESERVED
-CVE-2017-1396
-	RESERVED
+CVE-2017-1396 (IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 ...)
+	TODO: check
 CVE-2017-1395 (IBM Security Identity Governance and Intelligence Virtual Appliance ...)
 	NOT-FOR-US: IBM
 CVE-2017-1394
@@ -88805,12 +88821,12 @@ CVE-2017-1370 (IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could disclose sensi
 	NOT-FOR-US: IBM
 CVE-2017-1369 (IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This ...)
 	NOT-FOR-US: IBM
-CVE-2017-1368
-	RESERVED
+CVE-2017-1368 (IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 ...)
+	TODO: check
 CVE-2017-1367 (IBM Security Identity Governance and Intelligence Virtual Appliance ...)
 	NOT-FOR-US: IBM
-CVE-2017-1366
-	RESERVED
+CVE-2017-1366 (IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 ...)
+	TODO: check
 CVE-2017-1365 (IBM Team Concert (RTC including IBM Rational Collaborative Lifecycle ...)
 	NOT-FOR-US: IBM Team Concert
 CVE-2017-1364 (IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/10c2b474ec07cf6db7c035566a483fc27a38ae09

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/10c2b474ec07cf6db7c035566a483fc27a38ae09
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180806/b458db99/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list