[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sat Aug 25 09:10:22 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
56c08308 by security tracker role at 2018-08-25T08:10:15Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2018-15869 (The Amazon Web Services (AWS) CLI version 1.15.85 (and possibly earlier ...)
+	TODO: check
+CVE-2018-15868
+	RESERVED
 CVE-2018-15867
 	RESERVED
 CVE-2018-15866
@@ -714,8 +718,8 @@ CVE-2018-15578
 	RESERVED
 CVE-2018-15577
 	RESERVED
-CVE-2018-15576
-	RESERVED
+CVE-2018-15576 (An issue was discovered in EasyLogin Pro through 1.3.0. Encryptor.php ...)
+	TODO: check
 CVE-2018-15575
 	RESERVED
 CVE-2018-15574 (** DISPUTED ** An issue was discovered in the license editor in Reprise ...)
@@ -4328,8 +4332,7 @@ CVE-2018-14061
 	RESERVED
 CVE-2018-14060 (OS command injection in the AP mode settings feature in /cgi-bin/luci ...)
 	NOT-FOR-US: Xiaomi R3D
-CVE-2018-14059
-	RESERVED
+CVE-2018-14059 (Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, ...)
 	NOT-FOR-US: Pimcore
 CVE-2018-14058 (Pimcore before 5.3.0 allows SQL Injection via the REST web service ...)
 	NOT-FOR-US: Pimcore
@@ -10361,10 +10364,10 @@ CVE-2018-11655 (In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability
 	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/930
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/a7414b7322201a9c8a5cacf563f08468c329b4b1
-CVE-2018-11654
-	RESERVED
-CVE-2018-11653
-	RESERVED
+CVE-2018-11654 (Information disclosure in Netwave IP camera at get_status.cgi (via ...)
+	TODO: check
+CVE-2018-11653 (Information disclosure in Netwave IP camera at //etc/RT2870STA.dat ...)
+	TODO: check
 CVE-2018-11652 (CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote ...)
 	- nikto 1:2.1.5-3 (bug #900608)
 	[stretch] - nikto <no-dsa> (non-free not supported)
@@ -10761,8 +10764,8 @@ CVE-2018-11503 (The isfootnote function in markdown.c in libmarkdown.a in DISCOU
 	- discount 2.2.4-1 (bug #901912)
 	NOTE: https://github.com/Orc/discount/issues/189#issuecomment-392247798
 	NOTE: POC: https://github.com/fCorleone/fuzz_programs/blob/master/discount/issue2_testcase
-CVE-2018-11502
-	RESERVED
+CVE-2018-11502 (An issue was discovered in the Moderator Log Notes plugin 1.1 for ...)
+	TODO: check
 CVE-2018-11501 (PHP Scripts Mall Website Seller Script 2.0.3 has CSRF via ...)
 	NOT-FOR-US: PHP Scripts Mall Website Seller Script
 CVE-2018-11500 (An issue was discovered in PublicCMS V4.0.20180210. There is a CSRF ...)
@@ -32317,8 +32320,8 @@ CVE-2018-3788
 	RESERVED
 CVE-2018-3787
 	RESERVED
-CVE-2018-3786
-	RESERVED
+CVE-2018-3786 (A command injection vulnerability in egg-scripts <v2.8.1 allows ...)
+	TODO: check
 CVE-2018-3785 (A command injection in git-dummy-commit v1.3.0 allows os level ...)
 	NOT-FOR-US: Node.js third-party module git-dummy-commit
 CVE-2018-3784 (A code injection in cryo 0.0.6 allows an attacker to arbitrarily ...)
@@ -63723,14 +63726,14 @@ CVE-2017-9823
 	RESERVED
 CVE-2017-9822 (DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a ...)
 	NOT-FOR-US: DotNetNuke
-CVE-2017-9821
-	RESERVED
-CVE-2017-9820
-	RESERVED
-CVE-2017-9819
-	RESERVED
-CVE-2017-9818
-	RESERVED
+CVE-2017-9821 (The National Payments Corporation of India BHIM application 1.3 for ...)
+	TODO: check
+CVE-2017-9820 (The National Payments Corporation of India BHIM application 1.3 for ...)
+	TODO: check
+CVE-2017-9819 (The National Payments Corporation of India BHIM application 1.3 for ...)
+	TODO: check
+CVE-2017-9818 (The National Payments Corporation of India BHIM application 1.3 for ...)
+	TODO: check
 CVE-2017-9817
 	RESERVED
 CVE-2017-9816 (Cross-site scripting (XSS) vulnerability in Paessler PRTG Network ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/56c08308ddbb83b52b2527ef13a307d45e82b0ff

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/56c08308ddbb83b52b2527ef13a307d45e82b0ff
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180825/f3219a72/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list