[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Jul 11 21:10:23 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d0168ef0 by security tracker role at 2018-07-11T20:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,233 @@
+CVE-2018-13994
+ RESERVED
+CVE-2018-13993
+ RESERVED
+CVE-2018-13992
+ RESERVED
+CVE-2018-13991
+ RESERVED
+CVE-2018-13990
+ RESERVED
+CVE-2018-13989 (Grundig Smart Inter at ctive TV 3.0 devices allow CSRF attacks via a POST ...)
+ TODO: check
+CVE-2018-13988
+ RESERVED
+CVE-2018-13987
+ RESERVED
+CVE-2018-13986
+ RESERVED
+CVE-2018-13985
+ RESERVED
+CVE-2018-13984
+ RESERVED
+CVE-2018-13983
+ RESERVED
+CVE-2018-13982
+ RESERVED
+CVE-2018-13981
+ RESERVED
+CVE-2018-13980
+ RESERVED
+CVE-2018-13979
+ RESERVED
+CVE-2018-13978
+ RESERVED
+CVE-2018-13977
+ RESERVED
+CVE-2018-13976
+ RESERVED
+CVE-2018-13975
+ RESERVED
+CVE-2018-13974
+ RESERVED
+CVE-2018-13973
+ RESERVED
+CVE-2018-13972
+ RESERVED
+CVE-2018-13971
+ RESERVED
+CVE-2018-13970
+ RESERVED
+CVE-2018-13969
+ RESERVED
+CVE-2018-13968
+ RESERVED
+CVE-2018-13967
+ RESERVED
+CVE-2018-13966
+ RESERVED
+CVE-2018-13965
+ RESERVED
+CVE-2018-13964
+ RESERVED
+CVE-2018-13963
+ RESERVED
+CVE-2018-13962
+ RESERVED
+CVE-2018-13961
+ RESERVED
+CVE-2018-13960
+ RESERVED
+CVE-2018-13959
+ RESERVED
+CVE-2018-13958
+ RESERVED
+CVE-2018-13957
+ RESERVED
+CVE-2018-13956
+ RESERVED
+CVE-2018-13955
+ RESERVED
+CVE-2018-13954
+ RESERVED
+CVE-2018-13953
+ RESERVED
+CVE-2018-13952
+ RESERVED
+CVE-2018-13951
+ RESERVED
+CVE-2018-13950
+ RESERVED
+CVE-2018-13949
+ RESERVED
+CVE-2018-13948
+ RESERVED
+CVE-2018-13947
+ RESERVED
+CVE-2018-13946
+ RESERVED
+CVE-2018-13945
+ RESERVED
+CVE-2018-13944
+ RESERVED
+CVE-2018-13943
+ RESERVED
+CVE-2018-13942
+ RESERVED
+CVE-2018-13941
+ RESERVED
+CVE-2018-13940
+ RESERVED
+CVE-2018-13939
+ RESERVED
+CVE-2018-13938
+ RESERVED
+CVE-2018-13937
+ RESERVED
+CVE-2018-13936
+ RESERVED
+CVE-2018-13935
+ RESERVED
+CVE-2018-13934
+ RESERVED
+CVE-2018-13933
+ RESERVED
+CVE-2018-13932
+ RESERVED
+CVE-2018-13931
+ RESERVED
+CVE-2018-13930
+ RESERVED
+CVE-2018-13929
+ RESERVED
+CVE-2018-13928
+ RESERVED
+CVE-2018-13927
+ RESERVED
+CVE-2018-13926
+ RESERVED
+CVE-2018-13925
+ RESERVED
+CVE-2018-13924
+ RESERVED
+CVE-2018-13923
+ RESERVED
+CVE-2018-13922
+ RESERVED
+CVE-2018-13921
+ RESERVED
+CVE-2018-13920
+ RESERVED
+CVE-2018-13919
+ RESERVED
+CVE-2018-13918
+ RESERVED
+CVE-2018-13917
+ RESERVED
+CVE-2018-13916
+ RESERVED
+CVE-2018-13915
+ RESERVED
+CVE-2018-13914
+ RESERVED
+CVE-2018-13913
+ RESERVED
+CVE-2018-13912
+ RESERVED
+CVE-2018-13911
+ RESERVED
+CVE-2018-13910
+ RESERVED
+CVE-2018-13909
+ RESERVED
+CVE-2018-13908
+ RESERVED
+CVE-2018-13907
+ RESERVED
+CVE-2018-13906
+ RESERVED
+CVE-2018-13905
+ RESERVED
+CVE-2018-13904
+ RESERVED
+CVE-2018-13903
+ RESERVED
+CVE-2018-13902
+ RESERVED
+CVE-2018-13901
+ RESERVED
+CVE-2018-13900
+ RESERVED
+CVE-2018-13899
+ RESERVED
+CVE-2018-13898
+ RESERVED
+CVE-2018-13897
+ RESERVED
+CVE-2018-13896
+ RESERVED
+CVE-2018-13895
+ RESERVED
+CVE-2018-13894
+ RESERVED
+CVE-2018-13893
+ RESERVED
+CVE-2018-13892
+ RESERVED
+CVE-2018-13891
+ RESERVED
+CVE-2018-13890
+ RESERVED
+CVE-2018-13889
+ RESERVED
+CVE-2018-13888
+ RESERVED
+CVE-2018-13887
+ RESERVED
+CVE-2018-13886
+ RESERVED
+CVE-2018-13885
+ RESERVED
+CVE-2018-13884
+ RESERVED
+CVE-2018-13883
+ RESERVED
+CVE-2018-13882
+ RESERVED
+CVE-2018-13881
+ RESERVED
+CVE-2018-13880
+ RESERVED
CVE-2018-13879 (A reflected XSS issue was discovered in the registration form in ...)
NOT-FOR-US: Rocket.Chat
CVE-2018-13878 (An XSS issue was discovered in packages/rocketchat-mentions/Mentions.js ...)
@@ -5772,8 +6002,8 @@ CVE-2018-11531 (Exiv2 0.26 has a heap-based buffer overflow in getData in previe
NOTE: https://github.com/Exiv2/exiv2/commit/67a5a741153c876a6f1c189abb874721d1725c48
CVE-2018-11530
RESERVED
-CVE-2018-11529
- RESERVED
+CVE-2018-11529 (VideoLAN VLC media player 2.2.x is prone to a use after free ...)
+ TODO: check
CVE-2018-11528 (WUZHI CMS 4.1.0 has SQL Injection via an api/sms_check.php?param= URI. ...)
NOT-FOR-US: WUZHI CMS
CVE-2018-11527 (An issue was discovered in CScms v4.1. A Cross-site request forgery ...)
@@ -8129,12 +8359,12 @@ CVE-2018-10637
RESERVED
CVE-2018-10636
RESERVED
-CVE-2018-10635
- RESERVED
+CVE-2018-10635 (In Universal Robots Robot Controllers Version CB 3.1, SW Version ...)
+ TODO: check
CVE-2018-10634
RESERVED
-CVE-2018-10633
- RESERVED
+CVE-2018-10633 (Universal Robots Robot Controllers Version CB 3.1, SW Version ...)
+ TODO: check
CVE-2018-10632
RESERVED
CVE-2018-10631
@@ -9115,10 +9345,10 @@ CVE-2018-10234 (Authenticated Cross site Scripting exists in the User Profile &a
NOT-FOR-US: User Profile & Membership plugin for WordPress
CVE-2018-10233 (The User Profile & Membership plugin before 2.0.7 for WordPress has no ...)
NOT-FOR-US: User Profile & Membership plugin for WordPress
-CVE-2018-10232
- RESERVED
-CVE-2018-10231
- RESERVED
+CVE-2018-10232 (Cross-site request forgery (CSRF) vulnerability in TOPdesk before ...)
+ TODO: check
+CVE-2018-10231 (Cross-site scripting (XSS) vulnerability in TOPdesk before 8.05.017 ...)
+ TODO: check
CVE-2018-10230 (Zend Debugger in Zend Server before 9.1.3 has XSS, aka ZSR-2455. ...)
NOT-FOR-US: Zend Server
CVE-2018-10229 (A hardware vulnerability in GPU memory modules allows attackers to ...)
@@ -9193,8 +9423,8 @@ CVE-2018-10198 (An issue was discovered in OTRS 6.0.x before 6.0.7. An attacker
[jessie] - otrs2 <not-affected> (Specific to OTRS 6)
NOTE: https://github.com/OTRS/otrs/commit/9f5f09e4eef283c2f38c003ba0685b77234750d1
NOTE: https://community.otrs.com/security-advisory-2018-01-security-update-for-otrs-framework
-CVE-2018-10197
- RESERVED
+CVE-2018-10197 (There is a time-based blind SQL injection vulnerability in the Access ...)
+ TODO: check
CVE-2018-10196 (NULL pointer dereference vulnerability in the rebuild_vlists function ...)
- graphviz <unfixed> (low; bug #898841)
[stretch] - graphviz <no-dsa> (Minor issue)
@@ -14622,8 +14852,7 @@ CVE-2018-8009
- hadoop <itp> (bug #793644)
CVE-2018-8008 (Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version ...)
NOT-FOR-US: Apache Storm
-CVE-2018-8007 [administrative privilege escalation]
- RESERVED
+CVE-2018-8007 (Apache CouchDB administrative users can configure the database server ...)
- couchdb <removed>
NOTE: https://blog.couchdb.org/2018/07/10/cve-2018-8007/
CVE-2018-8006
@@ -19160,6 +19389,7 @@ CVE-2018-6554
RESERVED
CVE-2018-6553 [AppArmor profile issue in cups]
RESERVED
+ {DSA-4243-1}
- cups <unfixed> (bug #903605)
CVE-2018-6552 (Apport does not properly handle crashes originating from a PID ...)
[experimental] - apport <unfixed>
@@ -25810,18 +26040,22 @@ CVE-2018-4184 (An issue was discovered in certain Apple products. macOS before .
NOT-FOR-US: Apple (Speech component)
CVE-2018-4183 [cups-exec Sandbox Bypass Due to Profile Misconfiguration]
RESERVED
+ {DSA-4243-1}
- cups 2.2.8-2
NOTE: Fixed by: https://github.com/apple/cups/commit/d47f6aec436e0e9df6554436e391471097686ecc
CVE-2018-4182 [cups-exec Sandbox Bypass Due to Insecure Error Handling]
RESERVED
+ {DSA-4243-1}
- cups 2.2.8-2
NOTE: Fixed by: https://github.com/apple/cups/commit/d47f6aec436e0e9df6554436e391471097686ecc
CVE-2018-4181 [Limited Local File Reads as Root via cupsd.conf Include Directive]
RESERVED
+ {DSA-4243-1}
- cups 2.2.8-2
NOTE: Fixed by: https://github.com/apple/cups/commit/d47f6aec436e0e9df6554436e391471097686ecc
CVE-2018-4180 [Local Privilege Escalation to Root in dnssd Backend (CUPS_SERVERBIN)]
RESERVED
+ {DSA-4243-1}
- cups 2.2.8-2
NOTE: Fixed by: https://github.com/apple/cups/commit/d47f6aec436e0e9df6554436e391471097686ecc
CVE-2018-4179
@@ -26359,22 +26593,22 @@ CVE-2018-3938
RESERVED
CVE-2018-3937
RESERVED
-CVE-2018-3936
- RESERVED
+CVE-2018-3936 (In Antenna House Office Server Document Converter version V6.1 Pro MR2 ...)
+ TODO: check
CVE-2018-3935
RESERVED
CVE-2018-3934
RESERVED
-CVE-2018-3933
- RESERVED
-CVE-2018-3932
- RESERVED
-CVE-2018-3931
- RESERVED
-CVE-2018-3930
- RESERVED
-CVE-2018-3929
- RESERVED
+CVE-2018-3933 (An exploitable out-of-bounds write exists in the Microsoft Word ...)
+ TODO: check
+CVE-2018-3932 (An exploitable stack-based buffer overflow exists in the Microsoft ...)
+ TODO: check
+CVE-2018-3931 (In Antenna House Office Server Document Converter version V6.1 Pro MR2 ...)
+ TODO: check
+CVE-2018-3930 (In Antenna House Office Server Document Converter version V6.1 Pro MR2 ...)
+ TODO: check
+CVE-2018-3929 (An exploitable heap corruption exists in the PowerPoint document ...)
+ TODO: check
CVE-2018-3928
RESERVED
CVE-2018-3927
@@ -37040,8 +37274,7 @@ CVE-2018-0502
RESERVED
CVE-2018-0501
RESERVED
-CVE-2018-0500 [SMTP send heap buffer overflow]
- RESERVED
+CVE-2018-0500 (Curl_smtp_escape_eob in lib/smtp.c in curl before 7.61.0 has a ...)
- curl <unfixed> (bug #903546)
[stretch] - curl <not-affected> (Only affects 7.54.1 to 7.60.0)
[jessie] - curl <not-affected> (Only affects 7.54.1 to 7.60.0)
@@ -38777,44 +39010,44 @@ CVE-2018-0044
RESERVED
CVE-2018-0043
RESERVED
-CVE-2018-0042
- RESERVED
-CVE-2018-0041
- RESERVED
-CVE-2018-0040
- RESERVED
-CVE-2018-0039
- RESERVED
-CVE-2018-0038
- RESERVED
-CVE-2018-0037
- RESERVED
+CVE-2018-0042 (Juniper Networks CSO versions prior to 4.0.0 may log passwords in log ...)
+ TODO: check
+CVE-2018-0041 (Juniper Networks Contrail Service Orchestration releases prior to ...)
+ TODO: check
+CVE-2018-0040 (Juniper Networks Contrail Service Orchestrator versions prior to 4.0.0 ...)
+ TODO: check
+CVE-2018-0039 (Juniper Networks Contrail Service Orchestration releases prior to ...)
+ TODO: check
+CVE-2018-0038 (Juniper Networks Contrail Service Orchestration releases prior to ...)
+ TODO: check
+CVE-2018-0037 (Junos OS routing protocol daemon (RPD) process may crash and restart ...)
+ TODO: check
CVE-2018-0036
RESERVED
-CVE-2018-0035
- RESERVED
-CVE-2018-0034
- RESERVED
+CVE-2018-0035 (QFX5200 and QFX10002 devices that have been shipped with Junos OS ...)
+ TODO: check
+CVE-2018-0034 (A Denial of Service vulnerability exists in the Juniper Networks Junos ...)
+ TODO: check
CVE-2018-0033
RESERVED
-CVE-2018-0032
- RESERVED
-CVE-2018-0031
- RESERVED
-CVE-2018-0030
- RESERVED
-CVE-2018-0029
- RESERVED
+CVE-2018-0032 (The receipt of a crafted BGP UPDATE can lead to a routing process ...)
+ TODO: check
+CVE-2018-0031 (Receipt of specially crafted UDP/IP packets over MPLS may be able to ...)
+ TODO: check
+CVE-2018-0030 (Receipt of a specific MPLS packet may cause MPC7/8/9, PTX-FPC3 ...)
+ TODO: check
+CVE-2018-0029 (While experiencing a broadcast storm, placing the fxp0 interface into ...)
+ TODO: check
CVE-2018-0028
RESERVED
-CVE-2018-0027
- RESERVED
-CVE-2018-0026
- RESERVED
-CVE-2018-0025
- RESERVED
-CVE-2018-0024
- RESERVED
+CVE-2018-0027 (Receipt of a crafted or malformed RSVP PATH message may cause the ...)
+ TODO: check
+CVE-2018-0026 (After Junos OS device reboot or upgrade, the stateless firewall filter ...)
+ TODO: check
+CVE-2018-0025 (When an SRX Series device is configured to use HTTP/HTTPS pass-through ...)
+ TODO: check
+CVE-2018-0024 (An Improper Privilege Management vulnerability in a shell session of ...)
+ TODO: check
CVE-2018-0023 (JSNAPy is an open source python version of Junos Snapshot ...)
NOT-FOR-US: JSNAPy
CVE-2018-0022 (A Junos device with VPLS routing-instances configured on one or more ...)
@@ -39288,10 +39521,10 @@ CVE-2017-16711 (The swf_DefineLosslessBitsTagToImage function in lib/modules/swf
- swftools <unfixed> (unimportant; bug #881390)
NOTE: https://github.com/matthiaskramm/swftools/issues/46
NOTE: Crash in CLI tool, no security implications
-CVE-2017-16710
- RESERVED
-CVE-2017-16709
- RESERVED
+CVE-2017-16710 (Cross-site scripting (XSS) vulnerability in Crestron Airmedia AM-100 ...)
+ TODO: check
+CVE-2017-16709 (Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 ...)
+ TODO: check
CVE-2017-16708
RESERVED
CVE-2017-16707
@@ -43073,6 +43306,7 @@ CVE-2017-15402
CVE-2017-15401
RESERVED
CVE-2017-15400 (Insufficient restriction of IPP filters in CUPS in Google Chrome OS ...)
+ {DSA-4243-1}
- cups 2.2.3-2
[jessie] - cups <not-affected> (Vulnerable code not present, ppdCreateFromIPP() introduced in v2.2.0)
[wheezy] - cups <not-affected> (Vulnerable code not present)
@@ -67567,8 +67801,7 @@ CVE-2017-7468
[jessie] - curl <not-affected> (Only affects 7.52 and later)
[wheezy] - curl <not-affected> (Only affects 7.52 and later)
NOTE: https://curl.haxx.se/docs/adv_20170419.html
-CVE-2017-7467
- RESERVED
+CVE-2017-7467 (A buffer overflow flaw was found in the way minicom before version ...)
{DLA-914-1}
- minicom 2.7-1.1 (bug #860940)
[jessie] - minicom 2.7-1+deb8u1
@@ -88066,8 +88299,7 @@ CVE-2016-9605 [Cross site scripting in profile page]
- cobbler <removed> (bug #858844)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1433950
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1399333
-CVE-2016-9604
- RESERVED
+CVE-2016-9604 (It was discovered in the Linux kernel before 4.11-rc8 that root can ...)
{DLA-922-1}
- linux 4.9.25-1
[jessie] - linux 3.16.43-1
@@ -181477,8 +181709,8 @@ CVE-2013-2974 (The BIRT viewer in IBM Tivoli Application Dependency Discovery Ma
NOT-FOR-US: IBM Tivoli Application Dependency Discovery Manager
CVE-2013-2973
RESERVED
-CVE-2013-2972
- RESERVED
+CVE-2013-2972 (IBM WebSphere Cast Iron 6.3 allows remote attackers to bypass intended ...)
+ TODO: check
CVE-2013-2971
RESERVED
CVE-2013-2970 (Unspecified vulnerability in IBM QRadar Security Information and Event ...)
@@ -181519,8 +181751,8 @@ CVE-2013-2953 (IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x,
NOT-FOR-US: IBM
CVE-2013-2952
RESERVED
-CVE-2013-2951
- RESERVED
+CVE-2013-2951 (IBM WebSphere Portal 7.0.0.x and 8.0.0.x write passwords to a trace ...)
+ TODO: check
CVE-2013-2950 (CRLF injection vulnerability in IBM WebSphere Portal 6.1.0.x before ...)
NOT-FOR-US: IBM WebSphere
CVE-2013-2949
@@ -188841,18 +189073,18 @@ CVE-2013-0596 (Cross-site scripting (XSS) vulnerability in the Administrative co
NOT-FOR-US: IBM WebSphere Application Server
CVE-2013-0595 (Multiple cross-site scripting (XSS) vulnerabilities in iNotes 8.5.x in ...)
NOT-FOR-US: IBM Lotus Domino
-CVE-2013-0594
- RESERVED
+CVE-2013-0594 (Open redirect vulnerability in IBM iNotes before 8.5.3 Fix Pack 6 and ...)
+ TODO: check
CVE-2013-0593 (Unspecified vulnerability in the olch2x32 ActiveX control in IBM SPSS ...)
NOT-FOR-US: IBM SPSS SamplePower
-CVE-2013-0592
- RESERVED
+CVE-2013-0592 (Cross-site scripting (XSS) vulnerability in IBM iNotes before 8.5.3 ...)
+ TODO: check
CVE-2013-0591 (Cross-site scripting (XSS) vulnerability in iNotes 8.5.x in IBM Lotus ...)
NOT-FOR-US: IBM Lotus Domino
CVE-2013-0590 (Cross-site scripting (XSS) vulnerability in iNotes 8.5.x in IBM Lotus ...)
NOT-FOR-US: IBM Lotus Domino
-CVE-2013-0589
- RESERVED
+CVE-2013-0589 (IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote ...)
+ TODO: check
CVE-2013-0588
RESERVED
CVE-2013-0587 (Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d0168ef0f7d7de0a900bcfa749a82f67f8f159aa
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d0168ef0f7d7de0a900bcfa749a82f67f8f159aa
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180711/1f775f28/attachment.html>
More information about the debian-security-tracker-commits
mailing list