[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7ad26450 by security tracker role at 2018-08-09T20:10:14Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -51,14 +51,14 @@ CVE-2018-15186
 	RESERVED
 CVE-2018-15185
 	RESERVED
-CVE-2018-15184
-	RESERVED
-CVE-2018-15183
-	RESERVED
-CVE-2018-15182
-	RESERVED
-CVE-2018-15181
-	RESERVED
+CVE-2018-15184 (PHP Scripts Mall Naukri / Shine / Jobsite Clone Script 3.0.4 has ...)
+	TODO: check
+CVE-2018-15183 (PHP Scripts Mall Myperfectresume / JobHero / Resume Clone Script 2.0.6 ...)
+	TODO: check
+CVE-2018-15182 (PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the FirstName and ...)
+	TODO: check
+CVE-2018-15181 (JioFi 4G Hotspot M2S devices allow attackers to cause a denial of ...)
+	TODO: check
 CVE-2018-15180
 	RESERVED
 CVE-2018-15179
@@ -153,8 +153,8 @@ CVE-2018-15135
 	RESERVED
 CVE-2018-15134
 	RESERVED
-CVE-2018-15133
-	RESERVED
+CVE-2018-15133 (In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote ...)
+	TODO: check
 CVE-2018-15132 (An issue was discovered in ext/standard/link_win32.c in PHP before ...)
 	TODO: check
 CVE-2018-15131
@@ -10798,8 +10798,7 @@ CVE-2018-10910 [ailure in disabling Bluetooth discoverability in certain cases m
 	TODO: check, might not be a problem with Gnome <= 3.26, i.e. no-dsa for those suites
 CVE-2018-10909
 	RESERVED
-CVE-2018-10908
-	RESERVED
+CVE-2018-10908 (It was found that vdsm before version 4.20.37 invokes qemu-img on ...)
 	NOT-FOR-US: ovirt
 CVE-2018-10907
 	RESERVED
@@ -21545,8 +21544,7 @@ CVE-2018-6924
 	RESERVED
 CVE-2018-6923
 	RESERVED
-CVE-2018-6922
-	RESERVED
+CVE-2018-6922 (One of the data structures that holds TCP segments in all versions of ...)
 	- kfreebsd-10 <unfixed> (unimportant)
 	NOTE: https://www.kb.cert.org/vuls/id/962459
 	NOTE: kfreebsd not covered by security support
@@ -41282,10 +41280,12 @@ CVE-2018-0363 (A vulnerability in the web-based management interface of Cisco Un
 CVE-2018-0362 (A vulnerability in BIOS authentication management of Cisco 5000 Series ...)
 	NOT-FOR-US: Cisco
 CVE-2018-0361 (ClamAV before 0.100.1 lacks a PDF object length check, resulting in an ...)
+	{DLA-1461-1}
 	- clamav 0.100.1+dfsg-1
 	[stretch] - clamav <no-dsa> (clamav is updated via -updates)
 	NOTE: https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html
 CVE-2018-0360 (ClamAV before 0.100.1 has an HWP integer overflow with a resultant ...)
+	{DLA-1461-1}
 	- clamav 0.100.1+dfsg-1
 	[stretch] - clamav <no-dsa> (clamav is updated via -updates)
 	NOTE: https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html
@@ -174729,7 +174729,7 @@ CVE-2014-0086 (The doFilter function in webapp/PushHandlerFilter.java in JBoss .
 	NOT-FOR-US: RichFaces
 	NOTE: https://github.com/richfaces/richfaces/commit/4115c103f74e7cb0af6d392e22866e52db2bc4e7
 	NOTE: https://issues.jboss.org/browse/RF-13250
-CVE-2014-0085 (Apache Zookeeper logs cleartext admin passwords, which allows local ...)
+CVE-2014-0085 (JBoss Fuse did not enable encrypted passwords by default in its usage ...)
 	NOT-FOR-US: Fuse Fabric
 CVE-2014-0084
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7ad264508318c1432fed28c24d491d11c3ec2d53

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7ad264508318c1432fed28c24d491d11c3ec2d53
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180809/45bfb695/attachment.html>