[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Jul 4 09:11:06 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8f5761c0 by security tracker role at 2018-07-04T08:10:58+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,35 @@
+CVE-2018-13132 (Spadeico is a smart contract running on Ethereum. The mint function has ...)
+ TODO: check
+CVE-2018-13131 (SpadePreSale is a smart contract running on Ethereum. The mint function ...)
+ TODO: check
+CVE-2018-13130 (Bitotal (TFUND) is a smart contract running on Ethereum. The mintTokens ...)
+ TODO: check
+CVE-2018-13129 (SP8DE Token (SPX) is a smart contract running on Ethereum. The mint ...)
+ TODO: check
+CVE-2018-13128 (Etherty Token (ETY) is a smart contract running on Ethereum. The mint ...)
+ TODO: check
+CVE-2018-13127 (SP8DE PreSale Token (DSPX) is a smart contract running on Ethereum. The ...)
+ TODO: check
+CVE-2018-13126 (MoxyOnePresale is a smart contract running on Ethereum. The mint ...)
+ TODO: check
+CVE-2018-13125
+ RESERVED
+CVE-2018-13124
+ RESERVED
+CVE-2018-13123 (onefilecms.php in OneFileCMS through 2017-10-08 might allow attackers ...)
+ TODO: check
+CVE-2018-13122 (onefilecms.php in OneFileCMS through 2017-10-08 might allow attackers ...)
+ TODO: check
+CVE-2018-13121 (RealOne Player 2.0 Build 6.0.11.872 allows remote attackers to cause a ...)
+ TODO: check
+CVE-2018-13120
+ RESERVED
+CVE-2018-13119
+ RESERVED
+CVE-2018-13118
+ RESERVED
+CVE-2018-13117
+ RESERVED
CVE-2018-13116 (/user/del.php in zzcms 8.3 allows SQL injection via the tablename ...)
NOT-FOR-US: zzcms
CVE-2018-13115
@@ -119,7 +151,7 @@ CVE-2018-13067 (/upload/catalog/controller/account/password.php in OpenCart thro
CVE-2018-13066 (There is a memory leak in util/parser.c in libming 0.4.8, which will ...)
- ming <removed>
NOTE: https://github.com/libming/libming/issues/146
-CVE-2018-13065 (ModSecurity 3.0.0 has XSS via an onerror attribute of an IMG element. ...)
+CVE-2018-13065 (** DISPUTED ** ModSecurity 3.0.0 has XSS via an onerror attribute of ...)
TODO: check
CVE-2018-13064
RESERVED
@@ -1181,6 +1213,7 @@ CVE-2018-1000530
CVE-2018-1000529 (Grails Fields plugin version 2.2.7 contains a Cross Site Scripting ...)
NOT-FOR-US: Grails Fields plugin
CVE-2018-1000528 (GONICUS GOsa version before commit ...)
+ {DSA-4239-1}
- gosa 2.7.4+reloaded3-5 (low; bug #902723)
NOTE: https://github.com/gosa-project/gosa-core/commit/56070d6289d47ba3f5918885954dcceb75606001
NOTE: https://github.com/gosa-project/gosa-core/issues/14
@@ -2282,12 +2315,12 @@ CVE-2018-12267
CVE-2018-12266 (system\errors\404.php in HongCMS 3.0.0 has XSS via crafted input that ...)
NOT-FOR-US: HongCMS
CVE-2018-12265 (Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in ...)
- {DLA-1402-1}
+ {DSA-4238-1 DLA-1402-1}
- exiv2 0.25-4 (bug #901706)
NOTE: https://github.com/Exiv2/exiv2/issues/365
NOTE: https://github.com/Exiv2/exiv2/commit/937a1a2bd067b8b3b787f3757089d972f3a39853
CVE-2018-12264 (Exiv2 0.26 has integer overflows in LoaderTiff::getData() in ...)
- {DLA-1402-1}
+ {DSA-4238-1 DLA-1402-1}
- exiv2 0.25-4 (bug #901707)
NOTE: https://github.com/Exiv2/exiv2/issues/366
NOTE: https://github.com/Exiv2/exiv2/commit/fe70939f54476e99046245ca69ff27012401f759
@@ -4095,7 +4128,7 @@ CVE-2018-11533
CVE-2018-11532 (An issue was discovered in the ChangUonDyU Advanced Statistics plugin ...)
NOT-FOR-US: MyBB plugin
CVE-2018-11531 (Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp. ...)
- {DLA-1402-1}
+ {DSA-4238-1 DLA-1402-1}
- exiv2 0.25-4
NOTE: https://github.com/Exiv2/exiv2/issues/283
NOTE: https://github.com/Exiv2/exiv2/commit/ed874703ad553338f973d537b8159d0eb4375cc4
@@ -4337,8 +4370,8 @@ CVE-2018-11431
RESERVED
CVE-2018-11430 (An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. ...)
NOT-FOR-US: Moderator Log Notes plugin for MyBB
-CVE-2018-11429
- RESERVED
+CVE-2018-11429 (ATLANT (ATL) is a smart contract running on Ethereum. The mint function ...)
+ TODO: check
CVE-2018-11428
RESERVED
CVE-2018-11427
@@ -4635,8 +4668,8 @@ CVE-2018-11337
RESERVED
CVE-2018-11336
RESERVED
-CVE-2018-11335
- RESERVED
+CVE-2018-11335 (GVToken Genesis Vision (GVT) is a smart contract running on Ethereum. ...)
+ TODO: check
CVE-2018-11334 (Windscribe 1.81 creates a named pipe with a NULL DACL that allows ...)
NOT-FOR-US: Windscribe
CVE-2018-11333
@@ -5474,13 +5507,13 @@ CVE-2018-11001
CVE-2018-11000
RESERVED
CVE-2018-10999 (An issue was discovered in Exiv2 0.26. The ...)
- {DLA-1402-1}
+ {DSA-4238-1 DLA-1402-1}
- exiv2 0.25-4
NOTE: https://github.com/Exiv2/exiv2/issues/306
NOTE: https://github.com/Exiv2/exiv2/commit/2fb00c8a16ce93756cddd70536e361a49369ba88
NOTE: https://github.com/Exiv2/exiv2/commit/3ad0050469e6ea63b4081f2a88c264ce8ab55c51
CVE-2018-10998 (An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp ...)
- {DLA-1402-1}
+ {DSA-4238-1 DLA-1402-1}
- exiv2 0.25-4
NOTE: https://github.com/Exiv2/exiv2/issues/303
NOTE: https://github.com/Exiv2/exiv2/commit/f4e8ed2fd48d012467b99552f0d6378302a23c75
@@ -5586,7 +5619,7 @@ CVE-2018-10960
CVE-2018-10959
RESERVED
CVE-2018-10958 (In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT ...)
- {DLA-1402-1}
+ {DSA-4238-1 DLA-1402-1}
- exiv2 0.25-4
NOTE: https://github.com/Exiv2/exiv2/issues/302
NOTE: https://github.com/Exiv2/exiv2/commit/2fb00c8a16ce93756cddd70536e361a49369ba88
@@ -9512,15 +9545,15 @@ CVE-2018-9339
RESERVED
CVE-2018-9338
RESERVED
-CVE-2018-9337
- RESERVED
+CVE-2018-9337 (The PAN-OS web interface administration page in PAN-OS 6.1.20 and ...)
+ TODO: check
CVE-2018-9336 (openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x ...)
- openvpn <not-affected> (Windows specific issue)
NOTE: https://github.com/OpenVPN/openvpn/commit/1394192b210cb3c6624a7419bcf3ff966742e79b
-CVE-2018-9335
- RESERVED
-CVE-2018-9334
- RESERVED
+CVE-2018-9335 (The PAN-OS session browser in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 ...)
+ TODO: check
+CVE-2018-9334 (The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, ...)
+ TODO: check
CVE-2018-9333
RESERVED
CVE-2018-9332
@@ -9902,8 +9935,8 @@ CVE-2018-9246 (The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as us
TODO: check if set of commits complete
CVE-2018-9245 (The Ericsson-LG iPECS NMS A.1Ac login portal has a SQL injection ...)
NOT-FOR-US: Ericsson-LG iPECS NMS A.1Ac login portal
-CVE-2018-9242
- RESERVED
+CVE-2018-9242 (The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, ...)
+ TODO: check
CVE-2018-9241
RESERVED
CVE-2018-9239
@@ -12832,8 +12865,7 @@ CVE-2018-8038
RESERVED
CVE-2018-8037
RESERVED
-CVE-2018-8036
- RESERVED
+CVE-2018-8036 (In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully ...)
- libpdfbox-java 1:1.8.15-1 (low; bug #902776)
- libpdfbox2-java 2.0.11-1 (low)
[stretch] - libpdfbox-java <no-dsa> (Minor issue)
@@ -13977,8 +14009,8 @@ CVE-2018-7637 (An issue was discovered in CImg v.220. A heap-based buffer over-r
[wheezy] - cimg <no-dsa> (Minor issue)
NOTE: https://github.com/dtschump/CImg/issues/185
NOTE: https://github.com/dtschump/CImg/commit/10af1e8c1ad2a58a0a3342a856bae63e8f257abb
-CVE-2018-7636
- RESERVED
+CVE-2018-7636 (The URL filtering "continue page" hosted by PAN-OS 8.0.10 and earlier ...)
+ TODO: check
CVE-2018-7635 (Whale Browser before 1.0.41.8 displays no URL information but only a ...)
TODO: check
CVE-2018-7634 (An issue was discovered in Enalean Tuleap 9.17. Lack of CSRF attack ...)
@@ -25347,25 +25379,24 @@ CVE-2018-3756 (Hyperledger Iroha versions v1.0_beta and v1.0.0_beta-1 are vulner
NOT-FOR-US: Hyperledger Iroha
CVE-2018-3755 (XSS in sexstatic <=0.6.2 causes HTML injection in directory name(s) ...)
NOT-FOR-US: sexstatic
-CVE-2018-3754
- RESERVED
-CVE-2018-3753
- RESERVED
-CVE-2018-3752
- RESERVED
-CVE-2018-3751
- RESERVED
-CVE-2018-3750 [Prototype pollution can allow attackers to modify object properties]
- RESERVED
+CVE-2018-3754 (Node.js third-party module query-mysql versions 0.0.0, 0.0.1, and ...)
+ TODO: check
+CVE-2018-3753 (The utilities function in all versions <= 1.0.0 of the merge-objects ...)
+ TODO: check
+CVE-2018-3752 (The utilities function in all versions <= 1.0.0 of the merge-options ...)
+ TODO: check
+CVE-2018-3751 (The utilities function in all versions <= 0.3.0 of the merge-recursive ...)
+ TODO: check
+CVE-2018-3750 (The utilities function in all versions <= 0.5.0 of the deep-extend ...)
- node-deep-extend <unfixed> (unimportant)
NOTE: https://nodesecurity.io/advisories/612
NOTE: nodejs not covered by security support
-CVE-2018-3749
- RESERVED
-CVE-2018-3748
- RESERVED
-CVE-2018-3747
- RESERVED
+CVE-2018-3749 (The utilities function in all versions < 1.0.1 of the deap node module ...)
+ TODO: check
+CVE-2018-3748 (There is a Stored XSS vulnerability in the glance node module versions ...)
+ TODO: check
+CVE-2018-3747 (The public node module versions <= 1.0.3 allows to embed HTML in file ...)
+ TODO: check
CVE-2018-3746 (The pdfinfojs NPM module versions <= 0.3.6 has a command injection ...)
NOT-FOR-US: pdfinfojs nodejs module
CVE-2018-3745 (atob 2.0.3 and earlier allocates uninitialized Buffers when number is ...)
@@ -84430,8 +84461,8 @@ CVE-2017-0931 (html-janitor node module suffers from a Cross-Site Scripting (XSS
NOT-FOR-US: html-janitor node module
CVE-2017-0930 (augustine node module suffers from a Path Traversal vulnerability due ...)
NOT-FOR-US: augustine node module
-CVE-2017-0929
- RESERVED
+CVE-2017-0929 (DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request ...)
+ TODO: check
CVE-2017-0928 (html-janitor node module suffers from an External Control of Critical ...)
NOT-FOR-US: html-janitor node module
CVE-2017-0927 (Gitlab Community Edition version 10.3 is vulnerable to an improper ...)
@@ -84458,14 +84489,14 @@ CVE-2017-0922 (Gitlab Enterprise Edition version 10.3 is vulnerable to an ...)
- gitlab 10.5.5+dfsg-1
[stretch] - gitlab <not-affected> (Only affects 9.1 and later)
NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
-CVE-2017-0921
- RESERVED
+CVE-2017-0921 (GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and ...)
+ TODO: check
CVE-2017-0920 (GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and ...)
{DSA-4206-1}
- gitlab 10.5.5+dfsg-1
NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
-CVE-2017-0919
- RESERVED
+CVE-2017-0919 (GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and ...)
+ TODO: check
CVE-2017-0918 (Gitlab Community Edition version 10.3 is vulnerable to a path ...)
{DSA-4145-1}
- gitlab 10.5.5+dfsg-1 (bug #888508)
@@ -84487,10 +84518,10 @@ CVE-2017-0914 (Gitlab Community and Enterprise Editions version 10.1, 10.2, and
- gitlab 10.5.5+dfsg-1
[stretch] - gitlab <not-affected> (Only affects 9.4 and later)
NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
-CVE-2017-0913
- RESERVED
-CVE-2017-0912
- RESERVED
+CVE-2017-0913 (Ubiquiti UCRM versions 2.3.0 to 2.7.7 allow an authenticated user to ...)
+ TODO: check
+CVE-2017-0912 (Ubiquiti UCRM versions 2.5.0 to 2.7.7 are vulnerable to Stored ...)
+ TODO: check
CVE-2017-0911 (Twitter Kit for iOS versions 3.0 to 3.2.1 is vulnerable to a callback ...)
NOT-FOR-US: Twitter Kit for iOS
CVE-2017-0910 (In Zulip Server before 1.7.1, on a server with multiple realms, a ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8f5761c01eac60013e7f3c7ec859e27b16ee5c0d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8f5761c01eac60013e7f3c7ec859e27b16ee5c0d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180704/1b01a593/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list