[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue Jul 24 09:10:31 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
33eccdb7 by security tracker role at 2018-07-24T08:10:11+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,21 @@
+CVE-2018-14577
+	RESERVED
+CVE-2018-14576
+	RESERVED
+CVE-2018-14575
+	RESERVED
+CVE-2018-14574
+	RESERVED
+CVE-2018-14573 (A Local File Inclusion (LFI) vulnerability exists in the Web Interface ...)
+	TODO: check
+CVE-2018-14572
+	RESERVED
+CVE-2018-14571
+	RESERVED
+CVE-2018-14570 (A file upload vulnerability in application/shop/controller/member.php ...)
+	TODO: check
+CVE-2018-14569
+	RESERVED
 CVE-2018-1999024 (MathJax version prior to version 2.7.4 contains a Cross Site Scripting ...)
 	- mathjax 2.7.4+dfsg-1
 	NOTE: https://github.com/mathjax/MathJax/commit/a55da396c18cafb767a26aa9ad96f6f4199852f1
@@ -41,8 +59,8 @@ CVE-2018-1999009 (October CMS version prior to Build 437 contains a Local File I
 	NOT-FOR-US: October CMS
 CVE-2018-1999008 (October CMS version prior to build 437 contains a Cross Site Scripting ...)
 	NOT-FOR-US: October CMS
-CVE-2018-14568
-	RESERVED
+CVE-2018-14568 (Suricata before 4.0.5 stops TCP stream inspection upon a TCP RST from a ...)
+	TODO: check
 CVE-2018-14567
 	RESERVED
 CVE-2018-14566
@@ -73,8 +91,8 @@ CVE-2018-14554
 	RESERVED
 CVE-2018-14553
 	RESERVED
-CVE-2016-10728
-	RESERVED
+CVE-2016-10728 (An issue was discovered in Suricata before 3.1.2. If an ICMPv4 error ...)
+	TODO: check
 CVE-2018-14552
 	RESERVED
 CVE-2018-14551 (The ReadMATImageV4 function in coders/mat.c in ImageMagick 7.0.8-7 uses ...)
@@ -217,7 +235,7 @@ CVE-2018-14493
 	RESERVED
 CVE-2018-14492 (Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, ...)
 	NOT-FOR-US: Tenda devices
-CVE-2018-1999022 [CIVI-SA-2018-07: Remote code execution in QuickForm]
+CVE-2018-1999022 (PEAR HTML_QuickForm version 3.2.14 contains an eval injection (CWE-95) ...)
 	- civicrm 5.3.1+dfsg-1 (bug #904215)
 	NOTE: https://civicrm.org/advisory/civi-sa-2018-07-remote-code-execution-in-quickform
 CVE-2018-14491
@@ -721,8 +739,8 @@ CVE-2018-14329 (In HTSlib 1.8, a race condition in cram/cram_io.c might allow lo
 	- htslib <unfixed> (unimportant)
 	NOTE: https://github.com/samtools/htslib/issues/736
 	NOTE: Neutralised by kernel hardening
-CVE-2018-14328
-	RESERVED
+CVE-2018-14328 (Brynamics "Online Trade - Online trading and cryptocurrency investment ...)
+	TODO: check
 CVE-2018-14327
 	RESERVED
 CVE-2018-14324 (The demo feature in Oracle GlassFish Open Source Edition 5.0 has TCP ...)
@@ -7734,10 +7752,10 @@ CVE-2018-11454
 	RESERVED
 CVE-2018-11453
 	RESERVED
-CVE-2018-11452
-	RESERVED
-CVE-2018-11451
-	RESERVED
+CVE-2018-11452 (A vulnerability has been identified in Firmware variant IEC 61850 for ...)
+	TODO: check
+CVE-2018-11451 (A vulnerability has been identified in Firmware variant IEC 61850 for ...)
+	TODO: check
 CVE-2018-11450 (A reflected Cross-Site-Scripting (XSS) vulnerability has been ...)
 	NOT-FOR-US: Siemens PLM Software TEAMCENTER
 CVE-2018-11449 (A vulnerability has been identified in SCALANCE M875 (All versions). ...)
@@ -9158,8 +9176,7 @@ CVE-2018-10914
 	RESERVED
 CVE-2018-10913
 	RESERVED
-CVE-2018-10912
-	RESERVED
+CVE-2018-10912 (keycloak before version 4.0.0.final is vulnerable to a infinite loop ...)
 	NOT-FOR-US: Keycloak
 CVE-2018-10911
 	RESERVED
@@ -9197,6 +9214,7 @@ CVE-2018-10901
 	RESERVED
 CVE-2018-10900 [local privilege escalation]
 	RESERVED
+	{DSA-4253-1}
 	- network-manager-vpnc <unfixed> (bug #904255)
 	NOTE: http://www.openwall.com/lists/oss-security/2018/07/20/3
 	NOTE: https://gitlab.gnome.org/GNOME/NetworkManager-vpnc/commit/07ac18a32b4e361a27ef48ac757d36cbb46e8e12
@@ -16403,8 +16421,8 @@ CVE-2018-8033
 	RESERVED
 CVE-2018-8032
 	RESERVED
-CVE-2018-8031
-	RESERVED
+CVE-2018-8031 (The TomEE console (tomee-webapp) has a XSS vulnerability which could ...)
+	TODO: check
 CVE-2018-8030 (A Denial of Service vulnerability was found in Apache Qpid Broker-J ...)
 	- qpid-java <itp> (bug #840131)
 CVE-2018-8029



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/33eccdb71885f9ad965c192d7df609677ba43abd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/33eccdb71885f9ad965c192d7df609677ba43abd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180724/cf1a2d8f/attachment.html>

More information about the debian-security-tracker-commits mailing list