[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Jul 5 21:10:42 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
de1844a5 by security tracker role at 2018-07-05T20:10:32+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,163 @@
+CVE-2018-13328 (The transfer, transferFrom, and mint functions of a smart contract ...)
+ TODO: check
+CVE-2018-13327 (The transfer and transferFrom functions of a smart contract ...)
+ TODO: check
+CVE-2018-13326 (The transfer and transferFrom functions of a smart contract ...)
+ TODO: check
+CVE-2018-13325 (The _sell function of a smart contract implementation for GROWCHAIN ...)
+ TODO: check
+CVE-2018-13324
+ RESERVED
+CVE-2018-13323
+ RESERVED
+CVE-2018-13322
+ RESERVED
+CVE-2018-13321
+ RESERVED
+CVE-2018-13320
+ RESERVED
+CVE-2018-13319
+ RESERVED
+CVE-2018-13318
+ RESERVED
+CVE-2018-13317
+ RESERVED
+CVE-2018-13316
+ RESERVED
+CVE-2018-13315
+ RESERVED
+CVE-2018-13314
+ RESERVED
+CVE-2018-13313
+ RESERVED
+CVE-2018-13312
+ RESERVED
+CVE-2018-13311
+ RESERVED
+CVE-2018-13310
+ RESERVED
+CVE-2018-13309
+ RESERVED
+CVE-2018-13308
+ RESERVED
+CVE-2018-13307
+ RESERVED
+CVE-2018-13306
+ RESERVED
+CVE-2018-13305 (In FFmpeg 4.0.1, due to a missing check for negative values of the ...)
+ TODO: check
+CVE-2018-13304 (In libavcodec in FFmpeg 4.0.1, improper maintenance of the consistency ...)
+ TODO: check
+CVE-2018-13303 (In FFmpeg 4.0.1, a missing check for failure of a call to ...)
+ TODO: check
+CVE-2018-13302 (In FFmpeg 4.0.1, improper handling of frame types (other than ...)
+ TODO: check
+CVE-2018-13301 (In FFmpeg 4.0.1, due to a missing check of a profile value before ...)
+ TODO: check
+CVE-2018-13300 (In FFmpeg 4.0.1, an improper argument (AVCodecParameters) passed to the ...)
+ TODO: check
+CVE-2018-13299
+ RESERVED
+CVE-2018-13298
+ RESERVED
+CVE-2018-13297
+ RESERVED
+CVE-2018-13296
+ RESERVED
+CVE-2018-13295
+ RESERVED
+CVE-2018-13294
+ RESERVED
+CVE-2018-13293
+ RESERVED
+CVE-2018-13292
+ RESERVED
+CVE-2018-13291
+ RESERVED
+CVE-2018-13290
+ RESERVED
+CVE-2018-13289
+ RESERVED
+CVE-2018-13288
+ RESERVED
+CVE-2018-13287
+ RESERVED
+CVE-2018-13286
+ RESERVED
+CVE-2018-13285
+ RESERVED
+CVE-2018-13284
+ RESERVED
+CVE-2018-13283
+ RESERVED
+CVE-2018-13282
+ RESERVED
+CVE-2018-13281
+ RESERVED
+CVE-2018-13280
+ RESERVED
+CVE-2018-13279
+ RESERVED
+CVE-2018-13278
+ RESERVED
+CVE-2018-13277
+ RESERVED
+CVE-2018-13276
+ RESERVED
+CVE-2018-13275
+ RESERVED
+CVE-2018-13274
+ RESERVED
+CVE-2018-13273
+ RESERVED
+CVE-2018-13272
+ RESERVED
+CVE-2018-13271
+ RESERVED
+CVE-2018-13270
+ RESERVED
+CVE-2018-13269
+ RESERVED
+CVE-2018-13268
+ RESERVED
+CVE-2018-13267
+ RESERVED
+CVE-2018-13266
+ RESERVED
+CVE-2018-13265
+ RESERVED
+CVE-2018-13264
+ RESERVED
+CVE-2018-13263
+ RESERVED
+CVE-2018-13262
+ RESERVED
+CVE-2018-13261
+ RESERVED
+CVE-2018-13260
+ RESERVED
+CVE-2018-13259
+ RESERVED
+CVE-2018-13258
+ RESERVED
+CVE-2018-13257
+ RESERVED
+CVE-2018-13256
+ RESERVED
+CVE-2018-13255
+ RESERVED
+CVE-2018-13254
+ RESERVED
+CVE-2018-13253
+ RESERVED
+CVE-2018-13252 (Entrust Datacard Syntera CS 5.x has XSS via the name field of "Domain ...)
+ TODO: check
+CVE-2018-13251 (In libming 0.4.8, there is an excessive memory allocation attempt in ...)
+ TODO: check
+CVE-2018-13250 (libming 0.4.8 has a NULL pointer dereference in the getString function ...)
+ TODO: check
+CVE-2018-13249
+ RESERVED
CVE-2018-13248
RESERVED
CVE-2018-13247
@@ -586,8 +746,8 @@ CVE-2018-12978
RESERVED
CVE-2018-12977
RESERVED
-CVE-2018-12976
- RESERVED
+CVE-2018-12976 (In Go Doc Dot Org (gddo) through 2018-06-27, an attacker could use ...)
+ TODO: check
CVE-2018-12975
RESERVED
CVE-2018-12974
@@ -739,8 +899,7 @@ CVE-2018-12912 (An issue wan discovered in admin\controllers\database.php in Hon
NOT-FOR-US: HongCMS
CVE-2018-12911
RESERVED
-CVE-2018-12910
- RESERVED
+CVE-2018-12910 (soup_cookie_jar_get_cookies in soup-cookie-jar.c in libsoup allows ...)
- libsoup2.4 2.62.2-2
NOTE: https://gitlab.gnome.org/GNOME/libsoup/commit/db2b0d5809d5f8226d47312b40992cadbcde439f
CVE-2018-12909 (** DISPUTED ** Webgrind 1.5 relies on user input to display a file, ...)
@@ -1256,8 +1415,8 @@ CVE-2018-12693 (Stack-based buffer overflow in TP-Link TL-WA850RE Wi-Fi Range Ex
NOT-FOR-US: TP-Link
CVE-2018-12692 (TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows ...)
NOT-FOR-US: TP-Link
-CVE-2018-12691
- RESERVED
+CVE-2018-12691 (Time-of-check to time-of-use (TOCTOU) race condition in ...)
+ TODO: check
CVE-2018-12690
RESERVED
CVE-2018-12689 (phpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id ...)
@@ -3151,8 +3310,7 @@ CVE-2018-12023
RESERVED
CVE-2018-12022
RESERVED
-CVE-2018-12021
- RESERVED
+CVE-2018-12021 (Singularity 2.3.0 through 2.5.1 is affected by an incorrect access ...)
- singularity-container 2.5.2-1
NOTE: https://github.com/singularityware/singularity/releases/tag/2.5.2
CVE-2018-12020 (mainproc.c in GnuPG before 2.2.8 mishandles the original filename ...)
@@ -6064,8 +6222,7 @@ CVE-2018-10886
NOTE: https://github.com/apache/ant/commit/1a2b1e37e3616991588f21efa89c474dd6ff83ff
NOTE: https://github.com/apache/ant/commit/f72406d53cfb3b3425cc9d000eea421a0e05d8fe
NOTE: https://github.com/apache/ant/commit/857095da5153fd18504b46f276d84f1e76a66970
-CVE-2018-10885
- RESERVED
+CVE-2018-10885 (In atomic-openshift before version 3.10.9 a malicious network-policy ...)
NOT-FOR-US: atomic-openshift
CVE-2018-10884
RESERVED
@@ -10330,8 +10487,8 @@ CVE-2018-9187
RESERVED
CVE-2018-9186 (A cross-site scripting (XSS) vulnerability in Fortinet ...)
NOT-FOR-US: Fortinet
-CVE-2018-9185
- RESERVED
+CVE-2018-9185 (An information disclosure vulnerability in Fortinet FortiOS 6.0.0 and ...)
+ TODO: check
CVE-2018-9184
RESERVED
CVE-2018-9183 (The Joom Sky JS Jobs extension before 1.2.1 for Joomla! has XSS. ...)
@@ -11004,8 +11161,8 @@ CVE-2018-8930 (The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor
NOT-FOR-US: AMD
CVE-2018-8929
RESERVED
-CVE-2018-8928
- RESERVED
+CVE-2018-8928 (Cross-site scripting (XSS) vulnerability in Address Book Editor in ...)
+ TODO: check
CVE-2018-8927 (Improper authorization vulnerability in SYNO.Cal.Event in Calendar ...)
NOT-FOR-US: Synology
CVE-2018-8926 (Permissive regular expression vulnerability in synophoto_dsm_user in ...)
@@ -13130,8 +13287,7 @@ CVE-2018-8040
RESERVED
CVE-2018-8039 (It is possible to configure Apache CXF to use the com.sun.net.ssl ...)
NOT-FOR-US: Apache CXF
-CVE-2018-8038
- RESERVED
+CVE-2018-8038 (Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable ...)
NOT-FOR-US: Apache CXF
CVE-2018-8037
RESERVED
@@ -13159,8 +13315,7 @@ CVE-2018-8028
RESERVED
CVE-2018-8027
RESERVED
-CVE-2018-8026 [XE vulnerability due to Apache Solr configset upload (exchange rate provider config / enum field config / TIKA parsecontext)]
- RESERVED
+CVE-2018-8026 (This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 ...)
- lucene-solr <not-affected> (Do not allow to upload configsets via the API)
NOTE: Versions 5.x and earlier are not affected by the vulnerability, since
NOTE: those versions do not allow to upload configsets via the API.
@@ -13378,8 +13533,8 @@ CVE-2018-7946
RESERVED
CVE-2018-7945
RESERVED
-CVE-2018-7944
- RESERVED
+CVE-2018-7944 (Huawei smart phones Emily-AL00A with software 8.1.0.106(SP2C00) and ...)
+ TODO: check
CVE-2018-7943 (There is an authentication bypass vulnerability in some Huawei ...)
NOT-FOR-US: Huawei
CVE-2018-7942 (The iBMC (Intelligent Baseboard Management Controller) of some Huawei ...)
@@ -17673,7 +17828,7 @@ CVE-2018-1000031 (A heap-based buffer overflow exists in Info-Zip UnZip version
- unzip <not-affected> (Only affects 6.1c22)
NOTE: https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html
CVE-2017-18123 (The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e ...)
- {DLA-1269-1}
+ {DLA-1413-1 DLA-1269-1}
- dokuwiki <unfixed> (bug #889281)
NOTE: https://github.com/splitbrain/dokuwiki/issues/2029
NOTE: https://github.com/splitbrain/dokuwiki/commit/238b8e878ad48f370903465192b57c2072f65d86
@@ -25623,24 +25778,24 @@ CVE-2018-3771
RESERVED
CVE-2018-3770
RESERVED
-CVE-2018-3769
- RESERVED
+CVE-2018-3769 (ruby-grape ruby gem suffers from a cross-site scripting (XSS) ...)
+ TODO: check
CVE-2018-3768
- RESERVED
-CVE-2018-3767
- RESERVED
-CVE-2018-3766
- RESERVED
+ REJECTED
+CVE-2018-3767 (`memjs` versions <= 1.1.0 allocates and stores buffers on typed input, ...)
+ TODO: check
+CVE-2018-3766 (Path traversal in buttle module versions <= 0.2.0 allows to read any ...)
+ TODO: check
CVE-2018-3765
RESERVED
-CVE-2018-3764
- RESERVED
-CVE-2018-3763
- RESERVED
-CVE-2018-3762
- RESERVED
-CVE-2018-3761
- RESERVED
+CVE-2018-3764 (In Nextcloud Contacts before 2.1.2, a missing sanitization of search ...)
+ TODO: check
+CVE-2018-3763 (In Nextcloud Calendar before 1.5.8 and 1.6.1, a missing sanitization ...)
+ TODO: check
+CVE-2018-3762 (Nextcloud Server before 12.0.8 and 13.0.3 suffers from improper checks ...)
+ TODO: check
+CVE-2018-3761 (Nextcloud Server before 12.0.8 and 13.0.3 suffer from improper ...)
+ TODO: check
CVE-2018-3760 (There is an information leak vulnerability in Sprockets. Versions ...)
- ruby-sprockets <unfixed> (bug #901913)
NOTE: http://www.openwall.com/lists/oss-security/2018/06/19/2
@@ -37734,8 +37889,8 @@ CVE-2017-16775
RESERVED
CVE-2017-16774
RESERVED
-CVE-2017-16773
- RESERVED
+CVE-2017-16773 (Improper authorization vulnerability in Highlight Preview in Synology ...)
+ TODO: check
CVE-2017-16772 (Improper input validation vulnerability in ...)
NOT-FOR-US: Synology Photo Station
CVE-2017-16771 (Cross-site scripting (XSS) vulnerability in Log Viewer in Synology ...)
@@ -39988,8 +40143,8 @@ CVE-2016-10547 (Nunjucks is a full featured templating engine for JavaScript. Ve
TODO: check
CVE-2016-10546 (An arbitrary code injection vector was found in PouchDB 6.0.4 and ...)
TODO: check
-CVE-2016-10545
- RESERVED
+CVE-2016-10545 (thor ruby gem suffers from a command injection vulnerability due to ...)
+ TODO: check
CVE-2016-10544 (uws is a WebSocket server library. By sending a 256mb websocket ...)
TODO: check
CVE-2016-10543 (call is an HTTP router that is primarily used by the hapi framework. ...)
@@ -40049,8 +40204,8 @@ CVE-2016-10524 (i18n-node-angular is a module used to interact between i18n and
TODO: check
CVE-2016-10523 (MQTT before 3.4.6 and 4.0.x before 4.0.5 allows specifically crafted ...)
TODO: check
-CVE-2016-10522
- RESERVED
+CVE-2016-10522 (rails_admin ruby gem <v1.1.1 is vulnerable to cross-site request ...)
+ TODO: check
CVE-2016-10521 (jshamcrest is vulnerable to regular expression denial of service ...)
TODO: check
CVE-2016-10520 (jadedown is vulnerable to regular expression denial of service (ReDoS) ...)
@@ -54533,8 +54688,8 @@ CVE-2017-11176 (The mq_notify function in the Linux kernel through 4.11.9 does n
{DSA-3945-1 DSA-3927-1 DLA-1099-1}
- linux 4.11.11-1
NOTE: Fixed by: https://git.kernel.org/linus/f991af3daabaecff34684fd51fac80319d1baad1
-CVE-2017-11175
- RESERVED
+CVE-2017-11175 (In J2 Innovations FIN Stack 4.0, the authentication webform is ...)
+ TODO: check
CVE-2017-11174 (In install/page_dbsettings.php in the Core distribution of XOOPS ...)
NOT-FOR-US: XOOPS
CVE-2017-11173 (Missing anchor in generated regex for rack-cors before 0.4.1 allows a ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/de1844a51ee69cf8e27570ce7b575ac985b2848e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/de1844a51ee69cf8e27570ce7b575ac985b2848e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180705/f614261a/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list