[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Jul 19 21:10:24 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
90fa4009 by security tracker role at 2018-07-19T20:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,45 @@
+CVE-2018-14424
+ RESERVED
+CVE-2018-14423 (Division-by-zero vulnerabilities in the functions pi_next_pcrl, ...)
+ TODO: check
+CVE-2018-14422 (blog/index.php in SansCMS 0.7 has XSS via the q parameter. ...)
+ TODO: check
+CVE-2018-14421 (SeaCMS v6.61 allows Remote Code execution by placing PHP code in a ...)
+ TODO: check
+CVE-2018-14420 (MetInfo 6.0.0 allows a CSRF attack to add a user account via a ...)
+ TODO: check
+CVE-2018-14419 (MetInfo 6.0.0 allows XSS via a modified name of the navigation bar on ...)
+ TODO: check
+CVE-2018-14418 (In Msvod Cms v10, SQL Injection exists via an images/lists?cid= URI. ...)
+ TODO: check
+CVE-2018-14417
+ RESERVED
+CVE-2018-14416
+ RESERVED
+CVE-2018-14415 (An issue was discovered in idreamsoft iCMS before 7.0.10. XSS exists ...)
+ TODO: check
+CVE-2018-14414
+ RESERVED
+CVE-2018-14413
+ RESERVED
+CVE-2018-14412
+ RESERVED
+CVE-2018-14411
+ RESERVED
+CVE-2018-14410
+ RESERVED
+CVE-2018-14409
+ RESERVED
+CVE-2018-14408
+ RESERVED
+CVE-2018-14407
+ RESERVED
+CVE-2018-14406
+ RESERVED
+CVE-2018-14405
+ RESERVED
+CVE-2018-14404 (A NULL pointer dereference vulnerability exists in the ...)
+ TODO: check
CVE-2018-14403 (MP4NameFirstMatches in mp4util.cpp in MP4v2 2.0.0 mishandles substrings ...)
- mp4v2 <unfixed>
[stretch] - mp4v2 <no-dsa> (Minor issue)
@@ -274,8 +316,8 @@ CVE-2018-14334 (manager/editor/upload.php in joyplus-cms 1.6.0 allows arbitrary
NOT-FOR-US: joyplus-cms
CVE-2018-14333 (TeamViewer through 13.1.1548 stores a password in Unicode format within ...)
NOT-FOR-US: TeamViewer
-CVE-2018-14332
- RESERVED
+CVE-2018-14332 (An issue was discovered in Clementine Music Player 1.3.1. ...)
+ TODO: check
CVE-2018-14331 (An issue was discovered in XiaoCms X1 v20140305. There is a CSRF ...)
NOT-FOR-US: XiaoCms
CVE-2018-14330
@@ -3389,9 +3431,9 @@ CVE-2018-12913 (In Miniz 2.0.7, tinfl_decompress in miniz_tinfl.c has an infinit
NOT-FOR-US: Miniz
CVE-2018-12912 (An issue wan discovered in admin\controllers\database.php in HongCMS ...)
NOT-FOR-US: HongCMS
-CVE-2018-12911
- RESERVED
-CVE-2018-12910 (soup_cookie_jar_get_cookies in soup-cookie-jar.c in libsoup allows ...)
+CVE-2018-12911 (WebKitGTK+ 2.20.3 has an off-by-one error, with a resultant ...)
+ TODO: check
+CVE-2018-12910 (The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows ...)
{DSA-4241-1 DLA-1416-1}
- libsoup2.4 2.62.2-2
NOTE: https://gitlab.gnome.org/GNOME/libsoup/commit/db2b0d5809d5f8226d47312b40992cadbcde439f
@@ -9521,8 +9563,8 @@ CVE-2018-10622
RESERVED
CVE-2018-10621 (Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 ...)
NOT-FOR-US: Delta Electronics Delta Industrial Automation DOPSoft
-CVE-2018-10620
- RESERVED
+CVE-2018-10620 (AVEVA InduSoft Web Studio v8.1 and v8.1SP1, and InTouch Machine ...)
+ TODO: check
CVE-2018-10619 (An unquoted search path or element in RSLinx Classic Versions 3.90.01 ...)
NOT-FOR-US: RSLinx
CVE-2018-10618
@@ -13378,7 +13420,7 @@ CVE-2018-9064
CVE-2018-9063 (MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) In Lenovo ...)
NOT-FOR-US: Lenovo
CVE-2018-9062
- RESERVED
+ REJECTED
CVE-2018-9061
RESERVED
CVE-2018-9060
@@ -15946,8 +15988,7 @@ CVE-2018-8020
RESERVED
CVE-2018-8019
RESERVED
-CVE-2018-8018
- RESERVED
+CVE-2018-8018 (Apache Ignite 2.5 and earlier serialization mechanism does not have a ...)
NOT-FOR-US: Apache Ignite
CVE-2018-8017
RESERVED
@@ -17130,8 +17171,7 @@ CVE-2018-7604
RESERVED
CVE-2018-7603
RESERVED
-CVE-2018-7602 [SA-CORE-2018-004]
- RESERVED
+CVE-2018-7602 (A remote code execution vulnerability exists within multiple ...)
{DSA-4180-1 DLA-1365-1}
- drupal7 <removed> (bug #896701)
NOTE: https://www.drupal.org/psa-2018-003
@@ -23862,8 +23902,8 @@ CVE-2018-5542
RESERVED
CVE-2018-5541
RESERVED
-CVE-2018-5540
- RESERVED
+CVE-2018-5540 (On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, or ...)
+ TODO: check
CVE-2018-5539
RESERVED
CVE-2018-5538
@@ -23872,14 +23912,14 @@ CVE-2018-5537
RESERVED
CVE-2018-5536
RESERVED
-CVE-2018-5535
- RESERVED
-CVE-2018-5534
- RESERVED
-CVE-2018-5533
- RESERVED
-CVE-2018-5532
- RESERVED
+CVE-2018-5535 (On F5 BIG-IP 13.0.0-13.1.0, 12.1.0-12.1.3, or 11.2.1-11.6.3 ...)
+ TODO: check
+CVE-2018-5534 (Under certain conditions on F5 BIG-IP 13.1.0-13.1.0.5, 13.0.0, ...)
+ TODO: check
+CVE-2018-5533 (Under certain conditions on F5 BIG-IP 13.0.0, 12.1.0-12.1.2, ...)
+ TODO: check
+CVE-2018-5532 (On F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 ...)
+ TODO: check
CVE-2018-5531
RESERVED
CVE-2018-5530
@@ -27887,10 +27927,10 @@ CVE-2018-3873
RESERVED
CVE-2018-3872
RESERVED
-CVE-2018-3871
- RESERVED
-CVE-2018-3870
- RESERVED
+CVE-2018-3871 (An exploitable out-of-bounds write exists in the PCX parsing ...)
+ TODO: check
+CVE-2018-3870 (An exploitable out-of-bounds write exists in the PCX parsing ...)
+ TODO: check
CVE-2018-3869
RESERVED
CVE-2018-3868 (A specially crafted TIFF image processed via the application can lead ...)
@@ -27909,14 +27949,14 @@ CVE-2018-3862 (A specially crafted TIFF image processed via the application can
NOT-FOR-US: Computerinsel Photoline
CVE-2018-3861 (A specially crafted TIFF image processed via the application can lead ...)
NOT-FOR-US: Computerinsel Photoline
-CVE-2018-3860
- RESERVED
-CVE-2018-3859
- RESERVED
-CVE-2018-3858
- RESERVED
-CVE-2018-3857
- RESERVED
+CVE-2018-3860 (An exploitable out-of-bounds write exists in the TIFF parsing ...)
+ TODO: check
+CVE-2018-3859 (An exploitable out-of-bounds write exists in the TIFF parsing ...)
+ TODO: check
+CVE-2018-3858 (An exploitable heap overflow exists in the TIFF parsing functionality ...)
+ TODO: check
+CVE-2018-3857 (An exploitable heap overflow exists in the TIFF parsing functionality ...)
+ TODO: check
CVE-2018-3856
RESERVED
CVE-2018-3855 (In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 ...)
@@ -34150,12 +34190,12 @@ CVE-2018-1589
RESERVED
CVE-2018-1588
RESERVED
-CVE-2018-1587
- RESERVED
+CVE-2018-1587 (IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through ...)
+ TODO: check
CVE-2018-1586
RESERVED
-CVE-2018-1585
- RESERVED
+CVE-2018-1585 (IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through ...)
+ TODO: check
CVE-2018-1584
RESERVED
CVE-2018-1583 (IBM StoredIQ 7.6 could allow an authenticated attacker to bypass ...)
@@ -34252,10 +34292,10 @@ CVE-2018-1538
RESERVED
CVE-2018-1537
RESERVED
-CVE-2018-1536
- RESERVED
-CVE-2018-1535
- RESERVED
+CVE-2018-1536 (IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through ...)
+ TODO: check
+CVE-2018-1535 (IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through ...)
+ TODO: check
CVE-2018-1534
RESERVED
CVE-2018-1533
@@ -34266,8 +34306,8 @@ CVE-2018-1531
RESERVED
CVE-2018-1530
RESERVED
-CVE-2018-1529
- RESERVED
+CVE-2018-1529 (IBM Rational DOORS Next Generation 5.0 through 5.0.2, 6.0 through ...)
+ TODO: check
CVE-2018-1528
RESERVED
CVE-2018-1527
@@ -68947,8 +68987,7 @@ CVE-2017-7482
{DSA-3945-1 DSA-3927-1 DLA-1099-1}
- linux 4.11.11-1
NOTE: Fixed by: https://git.kernel.org/linus/5f2f97656ada8d811d3c1bef503ced266fcd53a0
-CVE-2017-7481 [Security issue with lookup return not tainting the jinja2 environment]
- RESERVED
+CVE-2017-7481 (Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark ...)
- ansible 2.3.1.0+dfsg-1 (bug #862666)
[stretch] - ansible <no-dsa> (Minor issue)
[jessie] - ansible <no-dsa> (Minor issue)
@@ -83862,8 +83901,7 @@ CVE-2017-2675 (Little Snitch version 3.0 through 3.7.3 suffer from a local privi
CVE-2017-2674
RESERVED
NOT-FOR-US: Red Hat business central
-CVE-2017-2673 [federated user gets wrong role]
- RESERVED
+CVE-2017-2673 (An authorization-check flaw was discovered in federation ...)
- keystone 2:10.0.0-9 (bug #861189)
[jessie] - keystone <not-affected> (Vulnerable code not present)
[wheezy] - keystone <not-affected> (Vulnerable code not present)
@@ -89692,8 +89730,7 @@ CVE-2016-9575 (Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1395311
NOTE: https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=fec4c32ff15
NOTE: https://fedorahosted.org/freeipa/ticket/6560
-CVE-2016-9574 [Remote DoS during session handshake when using SessionTicket extention and ECDHE-ECDSA]
- RESERVED
+CVE-2016-9574 (nss before version 3.30 is vulnerable to a remote denial of service ...)
- nss 2:3.25-1
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1320695
NOTE: The CVE is specific to the segfault resulting from the reproducing steps
@@ -165690,8 +165727,8 @@ CVE-2014-2304
RESERVED
CVE-2014-2303 (Multiple SQL injection vulnerabilities in the file browser component ...)
NOT-FOR-US: webEdition CMS
-CVE-2014-2302
- RESERVED
+CVE-2014-2302 (The installer script in webEdition CMS before 6.2.7-s1 and 6.3.x ...)
+ TODO: check
CVE-2014-2301 (OrbiTeam BSCW before 5.0.8 allows remote attackers to obtain sensitive ...)
NOT-FOR-US: OrbiTeam BSCW
CVE-2014-2300
@@ -171811,8 +171848,7 @@ CVE-2014-0244 (The sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4
- samba4 4.0.0~beta2+dfsg1-3.2+deb7u2
NOTE: AD-related packages removed from src:samba4 in 4.0.0~beta2+dfsg1-3.2+deb7u2
NOTE: https://www.samba.org/samba/security/CVE-2014-0244
-CVE-2014-0243 [check-mk: arbitrary file disclosure]
- RESERVED
+CVE-2014-0243 (Check_MK through 1.2.5i2p1 allows local users to read arbitrary files ...)
- check-mk <not-affected> (Vulnerable code not present)
NOTE: https://www.lsexperts.de/advisories/lse-2014-05-21.txt
CVE-2014-0242 [information disclosure via Content-Type response header]
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/90fa400975cb178169b246c2617771cd9ff0824c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/90fa400975cb178169b246c2617771cd9ff0824c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180719/fe9e02f8/attachment.html>
More information about the debian-security-tracker-commits
mailing list