[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue Jul 10 09:10:18 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
95b95535 by security tracker role at 2018-07-10T08:10:11+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,4 +1,42 @@
-CVE-2018-1000622 [rustdoc loads plugins from world writable directory allowing for arbitrary code execution]
+CVE-2018-13795 (Gravity before 0.5.1 does not support a maximum recursion depth. ...)
+	TODO: check
+CVE-2018-13794 (A heap-based buffer overflow exists in stbi__bmp_load_cont in ...)
+	TODO: check
+CVE-2018-13793 (Multiple Cross Site Request Forgery (CSRF) vulnerabilities in the HTTP ...)
+	TODO: check
+CVE-2018-13792
+	RESERVED
+CVE-2018-13791 (The HTTP API in ABBYY FlexiCapture before 12 Release 1 Update 7 allows ...)
+	TODO: check
+CVE-2018-13790 (A Server Side Request Forgery (SSRF) vulnerability in ...)
+	TODO: check
+CVE-2018-13789
+	RESERVED
+CVE-2018-13788
+	RESERVED
+CVE-2018-1000623 (JFrog JFrog Artifactory version Prior to version 6.0.3, since version ...)
+	TODO: check
+CVE-2018-1000621 (Mycroft AI mycroft-core version 18.2.8b and earlier contains a ...)
+	TODO: check
+CVE-2018-1000620 (Eran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: ...)
+	TODO: check
+CVE-2018-1000619 (Ovidentia version 8.4.3 and earlier contains a Unsanitized User Input ...)
+	TODO: check
+CVE-2018-1000618 (EOSIO/eos eos version after commit ...)
+	TODO: check
+CVE-2018-1000617 (Atlassian Floodlight Atlassian Floodlight Controller version 1.2 and ...)
+	TODO: check
+CVE-2018-1000616 (ONOS ONOS controller version 1.13.1 and earlier contains a XML ...)
+	TODO: check
+CVE-2018-1000615 (ONOS ONOS Controller version 1.13.1 and earlier contains a Denial of ...)
+	TODO: check
+CVE-2018-1000614 (ONOS ONOS Controller version 1.13.1 and earlier contains a XML ...)
+	TODO: check
+CVE-2018-1000613 (Legion of the Bouncy Castle Legion of the Bouncy Castle Java ...)
+	TODO: check
+CVE-2018-1000611 (SURFnet OpenConext EngineBlock version 5.7.0 to 5.7.3 contains a Cross ...)
+	TODO: check
+CVE-2018-1000622 (The Rust Programming Language rustdoc version Between 0.8 and 1.27.0 ...)
 	- rustc <unfixed>
 	NOTE: https://groups.google.com/forum/#!topic/rustlang-security-announcements/4ybxYLTtXuM
 CVE-2018-13787 (Certain Supermicro X11S, X10, X9, X8SI, K1SP, C9X299, C7, B1, A2, and ...)
@@ -5730,8 +5768,8 @@ CVE-2018-11452
 	RESERVED
 CVE-2018-11451
 	RESERVED
-CVE-2018-11450
-	RESERVED
+CVE-2018-11450 (A reflected Cross-Site-Scripting (XSS) vulnerability has been ...)
+	TODO: check
 CVE-2018-11449 (A vulnerability has been identified in SCALANCE M875 (All versions). ...)
 	NOT-FOR-US: SCALANCE
 CVE-2018-11448 (A vulnerability has been identified in SCALANCE M875 (All versions). ...)
@@ -17606,12 +17644,12 @@ CVE-2018-6969
 	RESERVED
 CVE-2018-6968 (The VMware AirWatch Agent for Android prior to 8.2 and AirWatch Agent ...)
 	NOT-FOR-US: VMware AirWatch Agent
-CVE-2018-6967
-	RESERVED
-CVE-2018-6966
-	RESERVED
-CVE-2018-6965
-	RESERVED
+CVE-2018-6967 (VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x ...)
+	TODO: check
+CVE-2018-6966 (VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x ...)
+	TODO: check
+CVE-2018-6965 (VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x ...)
+	TODO: check
 CVE-2018-6964 (VMware Horizon Client for Linux (4.x before 4.8.0 and prior) contains ...)
 	NOT-FOR-US: VMware
 CVE-2018-6963 (VMware Workstation (14.x before 14.1.2) and Fusion (10.x before ...)
@@ -26784,6 +26822,7 @@ CVE-2018-3762 (Nextcloud Server before 12.0.8 and 13.0.3 suffers from improper c
 CVE-2018-3761 (Nextcloud Server before 12.0.8 and 13.0.3 suffer from improper ...)
 	- nextcloud <itp> (bug #835086)
 CVE-2018-3760 (There is an information leak vulnerability in Sprockets. Versions ...)
+	{DSA-4242-1}
 	- ruby-sprockets 3.7.0-1.1 (bug #901913)
 	NOTE: http://www.openwall.com/lists/oss-security/2018/06/19/2
 	NOTE: https://github.com/rails/sprockets/commit/c09131cf5b2c479263939c8582e22b98ed616c5f



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/95b95535ae3ab32a499956a6f62b46f2fdbcc6d6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/95b95535ae3ab32a499956a6f62b46f2fdbcc6d6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180710/f6c28498/attachment.html>

More information about the debian-security-tracker-commits mailing list