[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Aug 10 21:10:41 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5f272ded by security tracker role at 2018-08-10T20:10:15Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -37,20 +37,20 @@ CVE-2018-15193 (A CSRF vulnerability in the admin panel in Gogs through 0.11.53
CVE-2018-15192 (An SSRF vulnerability in webhooks in Gitea through 1.5.0-rc2 and Gogs ...)
- gitea <unfixed>
NOTE: https://github.com/go-gitea/gitea/issues/4624
-CVE-2018-15191
- RESERVED
-CVE-2018-15190
- RESERVED
-CVE-2018-15189
- RESERVED
-CVE-2018-15188
- RESERVED
-CVE-2018-15187
- RESERVED
-CVE-2018-15186
- RESERVED
-CVE-2018-15185
- RESERVED
+CVE-2018-15191 (PHP Scripts Mall hotel-booking-script 2.0.4 allows remote attackers to ...)
+ TODO: check
+CVE-2018-15190 (PHP Scripts Mall hotel-booking-script 2.0.4 allows XSS via the First ...)
+ TODO: check
+CVE-2018-15189 (PHP Scripts Mall advanced-real-estate-script has XSS via the Name ...)
+ TODO: check
+CVE-2018-15188 (PHP Scripts Mall advanced-real-estate-script 4.0.9 allows remote ...)
+ TODO: check
+CVE-2018-15187 (PHP Scripts Mall advanced-real-estate-script 4.0.9 has CSRF via ...)
+ TODO: check
+CVE-2018-15186 (PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has CSRF ...)
+ TODO: check
+CVE-2018-15185 (PHP Scripts Mall Naukri / Shine / Jobsite Clone Script 3.0.4 allows ...)
+ TODO: check
CVE-2018-15184 (PHP Scripts Mall Naukri / Shine / Jobsite Clone Script 3.0.4 has ...)
NOT-FOR-US: PHP Scripts Mall Naukri / Shine / Jobsite Clone Script
CVE-2018-15183 (PHP Scripts Mall Myperfectresume / JobHero / Resume Clone Script 2.0.6 ...)
@@ -785,8 +785,8 @@ CVE-2018-14839
RESERVED
CVE-2018-14838 (rejucms 2.1 has stored XSS via the admin/book.php content parameter. ...)
NOT-FOR-US: rejucms
-CVE-2018-14837
- RESERVED
+CVE-2018-14837 (Wolf CMS 0.8.3.1 has XSS in the Snippets tab, as demonstrated by a ...)
+ TODO: check
CVE-2018-14836 (Subrion 4.2.1 is vulnerable to Improper Access control because user ...)
NOT-FOR-US: Subrion CMS
CVE-2018-14835 (Subrion CMS v4.2.1 is vulnerable to Stored XSS because of no escaping ...)
@@ -889,14 +889,14 @@ CVE-2018-14787
RESERVED
CVE-2018-14786
RESERVED
-CVE-2018-14785
- RESERVED
-CVE-2018-14784
- RESERVED
-CVE-2018-14783
- RESERVED
-CVE-2018-14782
- RESERVED
+CVE-2018-14785 (NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with ...)
+ TODO: check
+CVE-2018-14784 (NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with ...)
+ TODO: check
+CVE-2018-14783 (NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with ...)
+ TODO: check
+CVE-2018-14782 (NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with ...)
+ TODO: check
CVE-2018-14781
RESERVED
CVE-2018-14780
@@ -1685,8 +1685,8 @@ CVE-2018-14504 (An issue was discovered in manage_filter_edit_page.php in Mantis
NOTE: http://github.com/mantisbt/mantisbt/commit/8b5fa243dbf04344a55fe880135ec149fc1f439f
NOTE: https://mantisbt.org/blog/archives/mantisbt/602
NOTE: https://mantisbt.org/bugs/view.php?id=24608
-CVE-2018-14503
- RESERVED
+CVE-2018-14503 (Cross-site scripting (XSS) vulnerability in intervalCheck.jsp in ...)
+ TODO: check
CVE-2018-14502
RESERVED
CVE-2018-14501 (manager/admin_ajax.php in joyplus-cms 1.6.0 has SQL Injection, as ...)
@@ -2937,8 +2937,8 @@ CVE-2018-14030
RESERVED
CVE-2018-14029 (CSRF vulnerability in admin/user/edit in Creatiwity wityCMS 0.6.2 ...)
NOT-FOR-US: Creatiwity wityCMS
-CVE-2018-14028
- RESERVED
+CVE-2018-14028 (In WordPress 4.9.7, plugins uploaded via the admin area are not ...)
+ TODO: check
CVE-2018-14027
RESERVED
CVE-2018-14026
@@ -4330,8 +4330,8 @@ CVE-2018-13392
RESERVED
CVE-2018-13391
RESERVED
-CVE-2018-13390
- RESERVED
+CVE-2018-13390 (Unauthenticated access to cloudtoken daemon on Linux via network from ...)
+ TODO: check
CVE-2018-13389 (The attachment resource in Atlassian Confluence before version 6.6.1 ...)
NOT-FOR-US: Atlassian Confluence
CVE-2018-13388 (The review attachment resource in Atlassian Fisheye and Crucible ...)
@@ -4422,8 +4422,8 @@ CVE-2018-13343
RESERVED
CVE-2018-13342
RESERVED
-CVE-2018-13341
- RESERVED
+CVE-2018-13341 (Crestron TSW-X60 all versions prior to 2.001.0037.001 and MC3 all ...)
+ TODO: check
CVE-2018-13340 (Gleez CMS 1.2.0 has CSRF, as demonstrated by a /page/add request. ...)
NOT-FOR-US: Gleez CMS
CVE-2018-13339 (Imperavi Redactor 3 in Angular Redactor 1.1.6, when HTML content mode ...)
@@ -6291,6 +6291,7 @@ CVE-2018-12603 (Cross-site request forgery (CSRF) vulnerability in admin.php in
CVE-2018-12602 (A CSRF vulnerability exists in LFCMS 3.7.0: users can be added ...)
NOT-FOR-US: LFCMS
CVE-2018-12601 (There is a heap-based buffer overflow in ReadImage in input-tga.ci in ...)
+ {DLA-1463-1}
- sam2p <removed>
NOTE: https://github.com/pts/sam2p/issues/41
NOTE: https://github.com/pts/sam2p/commit/8b2b7151991e07ef262857c2325e95c3b2867f80
@@ -6356,6 +6357,7 @@ CVE-2018-12580 (library/DBTech/Security/Action/Sessions.php in DragonByte vBSecu
CVE-2018-12579
RESERVED
CVE-2018-12578 (There is a heap-based buffer overflow in bmp_compress1_row in ...)
+ {DLA-1463-1}
- sam2p <removed>
NOTE: https://github.com/pts/sam2p/issues/39
NOTE: https://github.com/pts/sam2p/commit/22e7a17e70e5f5eedf466b0b1855c8c954061a51
@@ -9241,8 +9243,8 @@ CVE-2018-11494 (The "program extension upload" feature in OpenCart thr
NOT-FOR-US: OpenCart
CVE-2018-11493 (An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF ...)
NOT-FOR-US: WUZHI CMS
-CVE-2018-11492
- RESERVED
+CVE-2018-11492 (ASUS HG100 devices allow denial of service via an IPv4 packet flood. ...)
+ TODO: check
CVE-2018-11491 (ASUS HG100 devices with firmware before 1.05.12 allow unauthenticated ...)
NOT-FOR-US: ASUS HG100 devices
CVE-2018-11490 (The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly ...)
@@ -11268,8 +11270,8 @@ CVE-2018-10771 (Stack-based buffer overflow in the get_key function in parse.c i
NOTE: Crash in CLI tool (neutralised by toolchain hardening), no security impact
CVE-2018-10770 (download.rsp on ShenZhen Anni "5 in 1 XVR" devices allows remote ...)
NOT-FOR-US: ShenZhen Anni "5 in 1 XVR" devices
-CVE-2018-10769
- RESERVED
+CVE-2018-10769 (The transferProxy and approveProxy functions of a smart contract ...)
+ TODO: check
CVE-2018-10768 (There is a NULL pointer dereference in the AnnotPath::getCoordsLength ...)
- poppler 0.38.0-2
[jessie] - poppler <no-dsa> (Minor issue)
@@ -11603,24 +11605,24 @@ CVE-2018-10632 (In Moxa NPort 5210, 5230, and 5232 versions 2.9 build 17030709 a
NOT-FOR-US: Moxa
CVE-2018-10631 (Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician ...)
NOT-FOR-US: Medtronic
-CVE-2018-10630
- RESERVED
+CVE-2018-10630 (For Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version ...)
+ TODO: check
CVE-2018-10629
RESERVED
CVE-2018-10628 (AVEVA InTouch 2014 R2 SP1 and prior, InTouch 2017, InTouch 2017 Update ...)
NOT-FOR-US: AVEVA
CVE-2018-10627 (Echelon SmartServer 1 all versions, SmartServer 2 all versions prior ...)
NOT-FOR-US: Echelon
-CVE-2018-10626
- RESERVED
+CVE-2018-10626 (A vulnerability was discovered in all versions of Medtronic MyCareLink ...)
+ TODO: check
CVE-2018-10625
RESERVED
CVE-2018-10624 (In Johnson Controls Metasys System Versions 8.0 and prior and BCPro ...)
NOT-FOR-US: Johnson Controls Metasys System
CVE-2018-10623 (Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 ...)
NOT-FOR-US: Delta Electronics Delta Industrial Automation DOPSoft
-CVE-2018-10622
- RESERVED
+CVE-2018-10622 (A vulnerability was discovered in all versions of Medtronic MyCareLink ...)
+ TODO: check
CVE-2018-10621 (Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 ...)
NOT-FOR-US: Delta Electronics Delta Industrial Automation DOPSoft
CVE-2018-10620 (AVEVA InduSoft Web Studio v8.1 and v8.1SP1, and InTouch Machine ...)
@@ -18739,8 +18741,8 @@ CVE-2018-7755 (An issue was discovered in the fd_locked_ioctl function in ...)
- linux <unfixed>
[jessie] - linux-4.9 <unfixed>
NOTE: https://lkml.org/lkml/2018/5/29/495
-CVE-2018-7754
- RESERVED
+CVE-2018-7754 (The aoedisk_debugfs_show function in drivers/block/aoe/aoeblk.c in the ...)
+ TODO: check
CVE-2018-7751 (The svg_probe function in libavformat/img2dec.c in FFmpeg through 3.4.2 ...)
- ffmpeg 7:3.4.3-1
[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
@@ -22680,8 +22682,7 @@ CVE-2018-6558
RESERVED
CVE-2018-6557
RESERVED
-CVE-2018-6556 [lxc-user-nic allows unprivileged users to open arbitrary files]
- RESERVED
+CVE-2018-6556 (lxc-user-nic when asked to delete a network interface will ...)
- lxc <unfixed> (bug #905586)
[stretch] - lxc <not-affected> (Vulnerable code introduced later)
[jessie] - lxc <not-affected> (Vulnerable code introduced later)
@@ -22692,8 +22693,7 @@ CVE-2018-6555
RESERVED
CVE-2018-6554
RESERVED
-CVE-2018-6553 [AppArmor profile issue in cups]
- RESERVED
+CVE-2018-6553 (The CUPS AppArmor profile incorrectly confined the dnssd backend due ...)
{DSA-4243-1 DLA-1426-1}
- cups 2.2.8-5 (bug #903605)
CVE-2018-6552 (Apport does not properly handle crashes originating from a PID ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5f272ded9806fec475c14261443e43928809fe1d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5f272ded9806fec475c14261443e43928809fe1d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180810/3716bdc8/attachment.html>
More information about the debian-security-tracker-commits
mailing list