[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Jul 12 21:10:28 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
61c54d25 by security tracker role at 2018-07-12T20:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,43 @@
+CVE-2018-14014 (In waimai Super Cms 20150505, there is a CSRF vulnerability that can ...)
+ TODO: check
+CVE-2018-14013
+ RESERVED
+CVE-2018-14012 (WolfSight CMS 3.2 allows SQL injection via the PATH_INFO to the default ...)
+ TODO: check
+CVE-2018-14011
+ RESERVED
+CVE-2018-14010
+ RESERVED
+CVE-2018-14009 (Codiad through 2.8.4 allows Remote Code Execution, a different ...)
+ TODO: check
+CVE-2018-14008
+ RESERVED
+CVE-2018-14007
+ RESERVED
+CVE-2018-14006 (An integer overflow vulnerability exists in the function ...)
+ TODO: check
+CVE-2018-14005 (An integer overflow vulnerability exists in the function transferAny of ...)
+ TODO: check
+CVE-2018-14004 (An integer overflow vulnerability exists in the function ...)
+ TODO: check
+CVE-2018-14003 (An integer overflow vulnerability exists in the function batchTransfer ...)
+ TODO: check
+CVE-2018-14002 (An integer overflow vulnerability exists in the function distribute of ...)
+ TODO: check
+CVE-2018-14001 (An integer overflow vulnerability exists in the function batchTransfer ...)
+ TODO: check
+CVE-2018-14000
+ RESERVED
+CVE-2018-13999 (Catfish CMS v4.7.9 allows XSS via the admin/Index/write.html ...)
+ TODO: check
+CVE-2018-13998 (ClipperCMS 1.3.3 has stored XSS via the Full Name field of (1) Security ...)
+ TODO: check
+CVE-2018-13997 (Genann through 2018-07-08 has a SEGV in genann_run in genann.c. ...)
+ TODO: check
+CVE-2018-13996 (Genann through 2018-07-08 has a stack-based buffer over-read in ...)
+ TODO: check
+CVE-2018-13995
+ RESERVED
CVE-2018-13994
RESERVED
CVE-2018-13993
@@ -335,8 +375,8 @@ CVE-2018-13838
RESERVED
CVE-2018-13837
RESERVED
-CVE-2018-13836
- RESERVED
+CVE-2018-13836 (An integer overflow vulnerability exists in the function multiTransfer ...)
+ TODO: check
CVE-2018-13835
RESERVED
CVE-2018-13834
@@ -415,8 +455,7 @@ CVE-2018-13799
RESERVED
CVE-2018-13798
RESERVED
-CVE-2018-13796 [minor unspecified security issue]
- RESERVED
+CVE-2018-13796 (Unspecified vulnerability in Mailman before 2.1.28 has unknown impact ...)
- mailman <unfixed> (bug #903674)
NOTE: Fixed in 2.1.28
NOTE: https://mail.python.org/pipermail/mailman-users/2018-July/083536.html
@@ -1132,10 +1171,10 @@ CVE-2018-13460
RESERVED
CVE-2018-13459
RESERVED
-CVE-2018-13458
- RESERVED
-CVE-2018-13457
- RESERVED
+CVE-2018-13458 (qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer ...)
+ TODO: check
+CVE-2018-13457 (qh_echo in Nagios Core 4.4.1 and earlier is prone to a NULL pointer ...)
+ TODO: check
CVE-2018-13456
RESERVED
CVE-2018-13455
@@ -1170,8 +1209,8 @@ CVE-2018-13443
RESERVED
CVE-2018-13442
RESERVED
-CVE-2018-13441
- RESERVED
+CVE-2018-13441 (qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL ...)
+ TODO: check
CVE-2018-13440 (The audiofile Audio File Library 0.3.6 has a NULL pointer dereference ...)
- audiofile <unfixed> (low; bug #903499)
[stretch] - audiofile <no-dsa> (Minor issue)
@@ -2174,12 +2213,12 @@ CVE-2018-12982 (Invalid memory read in the PoDoFo::PdfVariant::DelayedLoad() fun
[jessie] - libpodofo <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1595689
NOTE: https://sourceforge.net/p/podofo/tickets/22
-CVE-2018-12981
- RESERVED
-CVE-2018-12980
- RESERVED
-CVE-2018-12979
- RESERVED
+CVE-2018-12981 (An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 ...)
+ TODO: check
+CVE-2018-12980 (An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 ...)
+ TODO: check
+CVE-2018-12979 (An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 ...)
+ TODO: check
CVE-2018-12978
RESERVED
CVE-2018-12977 (A SQL injection vulnerability in the SoftExpert (SE) Excellence Suite ...)
@@ -3394,8 +3433,8 @@ CVE-2018-12542
RESERVED
CVE-2018-12541
RESERVED
-CVE-2018-12540
- RESERVED
+CVE-2018-12540 (In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do ...)
+ TODO: check
CVE-2018-12539
RESERVED
CVE-2018-12538 (In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional ...)
@@ -3561,8 +3600,8 @@ CVE-2018-12465 (An OS command injection vulnerability in the web administration
NOT-FOR-US: Micro Focus
CVE-2018-12464 (A SQL injection vulnerability in the web administration and quarantine ...)
NOT-FOR-US: Micro Focus
-CVE-2018-12463
- RESERVED
+CVE-2018-12463 (An XML external entity (XXE) vulnerability in Fortify Software ...)
+ TODO: check
CVE-2018-12462 (NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities. ...)
NOT-FOR-US: NetIQ iManager
CVE-2018-12461 (Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking ...)
@@ -7663,8 +7702,7 @@ CVE-2018-10897 [reposync: improper path validation may lead to directory travers
CVE-2018-10896
RESERVED
NOT-FOR-US: Red Hat-specific packaging flaw of cloud-init default config
-CVE-2018-10895 [Remote code execution due to CSRF in qutebrowser]
- RESERVED
+CVE-2018-10895 (qutebrowser before version 1.4.1 is vulnerable to a cross-site request ...)
- qutebrowser 1.4.1-1
NOTE: http://www.openwall.com/lists/oss-security/2018/07/11/7
NOTE: https://github.com/qutebrowser/qutebrowser/issues/4060
@@ -14816,8 +14854,7 @@ CVE-2018-8026 (This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3
NOTE: https://issues.apache.org/jira/browse/SOLR-12450
CVE-2018-8025 (CVE-2018-8025 describes an issue in Apache HBase that affects the ...)
NOT-FOR-US: Apache HBase
-CVE-2018-8024
- RESERVED
+CVE-2018-8024 (In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's ...)
NOT-FOR-US: Apache Spark
CVE-2018-8023
RESERVED
@@ -19105,8 +19142,8 @@ CVE-2017-18157
RESERVED
CVE-2017-18156
RESERVED
-CVE-2017-18155
- RESERVED
+CVE-2017-18155 (While playing HEVC content using HD DMB in Snapdragon Automobile and ...)
+ TODO: check
CVE-2017-18154 (A crafted binder request can cause an arbitrary unmap in MediaServer ...)
NOT-FOR-US: Android Mediaserver
CVE-2017-18153
@@ -22748,8 +22785,8 @@ CVE-2018-5531
RESERVED
CVE-2018-5530
RESERVED
-CVE-2018-5529
- RESERVED
+CVE-2018-5529 (The svpn component of the F5 BIG-IP APM client prior to version 7.1.7 ...)
+ TODO: check
CVE-2018-5528 (Under certain conditions, TMM may restart and produce a core file ...)
NOT-FOR-US: F5 BIG-IP
CVE-2018-5527 (On BIG-IP 13.1.0-13.1.0.7, a remote attacker using undisclosed methods ...)
@@ -27306,7 +27343,7 @@ CVE-2018-3762 (Nextcloud Server before 12.0.8 and 13.0.3 suffers from improper c
CVE-2018-3761 (Nextcloud Server before 12.0.8 and 13.0.3 suffer from improper ...)
- nextcloud <itp> (bug #835086)
CVE-2018-3760 (There is an information leak vulnerability in Sprockets. Versions ...)
- {DSA-4242-1}
+ {DSA-4242-1 DLA-1419-1}
- ruby-sprockets 3.7.0-1.1 (bug #901913)
NOTE: http://www.openwall.com/lists/oss-security/2018/06/19/2
NOTE: https://github.com/rails/sprockets/commit/c09131cf5b2c479263939c8582e22b98ed616c5f (master)
@@ -34152,8 +34189,7 @@ CVE-2018-1336
CVE-2018-1335 (From Apache Tika versions 1.7 to 1.17, clients could send carefully ...)
- tika <not-affected> (Server functionality not present)
NOTE: http://www.openwall.com/lists/oss-security/2018/04/25/8
-CVE-2018-1334
- RESERVED
+CVE-2018-1334 (In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, when using ...)
NOT-FOR-US: Apache Spark
CVE-2018-1333
REJECTED
@@ -45662,10 +45698,10 @@ CVE-2017-14712 (In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Pho
NOT-FOR-US: EPESI
CVE-2017-14711 (The Kickbase GmbH "Kickbase Bundesliga Manager" app before 2.2.1 -- aka ...)
NOT-FOR-US: Kickbase GmbH "Kickbase Bundesliga Manager"
-CVE-2017-14710
- RESERVED
-CVE-2017-14709
- RESERVED
+CVE-2017-14710 (The Shein Group Ltd. "SHEIN - Fashion Shopping" app -- aka shein ...)
+ TODO: check
+CVE-2017-14709 (The komoot GmbH "Komoot - Cycling & Hiking Maps" app before 9.3.2 -- ...)
+ TODO: check
CVE-2017-14708
RESERVED
CVE-2017-14707
@@ -45972,8 +46008,8 @@ CVE-2017-14614 (Directory traversal vulnerability in the Visor GUI Console in Gr
NOT-FOR-US: GridGain
CVE-2017-14613
RESERVED
-CVE-2017-14612
- RESERVED
+CVE-2017-14612 ("Shpock Boot Sale & Classifieds" app before 3.17.0 -- aka ...)
+ TODO: check
CVE-2017-14611 (SSRF (Server Side Request Forgery) in Cockpit 0.13.0 allows remote ...)
NOT-FOR-US: Cockpit CMS (different from src:cockpit)
CVE-2017-14610 (bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/61c54d2508cbca5c3baaab41311d23f8ab576db2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/61c54d2508cbca5c3baaab41311d23f8ab576db2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180712/364c1230/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list