[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Jul 24 21:10:38 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d324a239 by security tracker role at 2018-07-24T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,35 @@
+CVE-2018-14593
+ RESERVED
+CVE-2018-14592
+ RESERVED
+CVE-2018-14591
+ RESERVED
+CVE-2018-14590 (An issue has been discovered in Bento4 1.5.1-624. A SEGV can occur in ...)
+ TODO: check
+CVE-2018-14589 (An issue has been discovered in Bento4 1.5.1-624. ...)
+ TODO: check
+CVE-2018-14588 (An issue has been discovered in Bento4 1.5.1-624. A NULL pointer ...)
+ TODO: check
+CVE-2018-14587 (An issue has been discovered in Bento4 1.5.1-624. ...)
+ TODO: check
+CVE-2018-14586 (An issue has been discovered in Bento4 1.5.1-624. A SEGV can occur in ...)
+ TODO: check
+CVE-2018-14585 (An issue has been discovered in Bento4 1.5.1-624. AP4_BytesToUInt16BE ...)
+ TODO: check
+CVE-2018-14584 (An issue has been discovered in Bento4 1.5.1-624. AP4_AvccAtom::Create ...)
+ TODO: check
+CVE-2018-14583 (xyhai.php?s=/Auth/addUser in XYHCMS 3.5 allows CSRF to add a background ...)
+ TODO: check
+CVE-2018-14582 (index.php?r=admini/admin/create in BageCMS V3.1.3 allows CSRF to add a ...)
+ TODO: check
+CVE-2018-14581
+ RESERVED
+CVE-2018-14580
+ RESERVED
+CVE-2018-14579 (GolemCMS through 2008-12-24, if the install/ directory remains active ...)
+ TODO: check
+CVE-2018-14578
+ RESERVED
CVE-2018-14577
RESERVED
CVE-2018-14576
@@ -720,8 +752,8 @@ CVE-2018-14337 (The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby
NOTE: https://github.com/mruby/mruby/commit/adb1eae912659d680a9c5b7832e22cf73d36a69a
CVE-2018-14336 (TP-Link WR840N devices allow remote attackers to cause a denial of ...)
NOT-FOR-US: TP-Link
-CVE-2018-14335
- RESERVED
+CVE-2018-14335 (An issue was discovered in H2 1.4.197. Insecure handling of ...)
+ TODO: check
CVE-2018-14334 (manager/editor/upload.php in joyplus-cms 1.6.0 allows arbitrary file ...)
NOT-FOR-US: joyplus-cms
CVE-2018-14333 (TeamViewer through 13.1.1548 stores a password in Unicode format within ...)
@@ -2804,10 +2836,10 @@ CVE-2018-13388 (The review attachment resource in Atlassian Fisheye and Crucible
NOT-FOR-US: Atlassian Fisheye and Crucible
CVE-2018-13387 (The IncomingMailServers resource in Atlassian JIRA Server before ...)
NOT-FOR-US: Atlassian
-CVE-2018-13386
- RESERVED
-CVE-2018-13385
- RESERVED
+CVE-2018-13386 (There was an argument injection vulnerability in Sourcetree for ...)
+ TODO: check
+CVE-2018-13385 (There was an argument injection vulnerability in Sourcetree for macOS ...)
+ TODO: check
CVE-2018-13384
RESERVED
CVE-2018-13383
@@ -4791,6 +4823,7 @@ CVE-2018-12586
CVE-2018-12585
RESERVED
CVE-2018-12584 (The ConnectionBase::preparseNewBytes function in ...)
+ {DLA-1439-1}
- resiprocate <unfixed>
NOTE: http://joachimdezutter.webredirect.org/advisory.html
NOTE: https://github.com/resiprocate/resiprocate/commit/2cb291191c93c7c4e371e22cb89805a5b31d6608
@@ -8809,10 +8842,10 @@ CVE-2018-11062
RESERVED
CVE-2018-11061
RESERVED
-CVE-2018-11060
- RESERVED
-CVE-2018-11059
- RESERVED
+CVE-2018-11060 (RSA Archer, versions prior to 6.4.0.1, contain an authorization bypass ...)
+ TODO: check
+CVE-2018-11059 (RSA Archer, versions prior to 6.4.0.1, contain a stored cross-site ...)
+ TODO: check
CVE-2018-11058
RESERVED
CVE-2018-11057
@@ -8835,14 +8868,14 @@ CVE-2018-11049 (RSA Identity Governance and Lifecycle, RSA Via Lifecycle and ...
NOT-FOR-US: RSA
CVE-2018-11048
RESERVED
-CVE-2018-11047
- RESERVED
+CVE-2018-11047 (Cloud Foundry UAA, versions 4.19 prior to 4.19.2 and 4.12 prior to ...)
+ TODO: check
CVE-2018-11046 (Pivotal Operations Manager, versions 2.1.x prior to 2.1.6 and version ...)
NOT-FOR-US: Pivotal
CVE-2018-11045 (Pivotal Operations Manager, versions 2.1 prior to 2.1.6 and 2.0 prior ...)
NOT-FOR-US: Pivotal
-CVE-2018-11044
- RESERVED
+CVE-2018-11044 (Pivotal Apps Manager included in Pivotal Application Service, versions ...)
+ TODO: check
CVE-2018-11043
RESERVED
CVE-2018-11042
@@ -8961,7 +8994,7 @@ CVE-2018-10997 (Etere EtereWeb before 28.1.20 has a pre-authentication blind SQL
CVE-2018-10996 (The weblogin_log function in /htdocs/cgibin on D-Link DIR-629-B1 ...)
NOT-FOR-US: D-Link
CVE-2018-10995 (SchedMD Slurm before 17.02.11 and 17.1x.x before 17.11.7 mishandles ...)
- {DLA-1437-1}
+ {DSA-4254-1 DLA-1437-1}
- slurm-llnl 17.11.7-1 (bug #900548)
NOTE: https://www.schedmd.com/news.php?id=203
NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2018/000008.html
@@ -9200,8 +9233,7 @@ CVE-2018-10906 [Restriction bypass of the "allow_other" option when SELinux is a
- fuse 2.9.8-1 (bug #904439)
NOTE: https://github.com/libfuse/libfuse/pull/268
NOTE: https://sourceforge.net/p/fuse/mailman/message/36374753/
-CVE-2018-10905
- RESERVED
+CVE-2018-10905 (CloudForms Management Engine (cfme) is vulnerable to an improper ...)
NOT-FOR-US: Red Hat CloudForms Management Engine
CVE-2018-10904
RESERVED
@@ -9275,7 +9307,7 @@ CVE-2018-XXXX [Incomplete fix for CVE-2018-10886]
NOTE: https://github.com/apache/ant/commit/5a8c37b271677587046bfd0fea18c1675d5a6300
NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=62502
CVE-2018-10886 (ant before version 1.9.12 unzip and untar targets allows the ...)
- {DLA-1431-1}
+ {DSA-4255-1 DLA-1431-1}
- ant 1.10.4-1
NOTE: Fixed upstream in 1.9.12 and 1.10.4
NOTE: https://github.com/apache/ant/commit/e56e54565804991c62ec76dad385d2bdda8972a7
@@ -9988,18 +10020,18 @@ CVE-2018-10634
RESERVED
CVE-2018-10633 (Universal Robots Robot Controllers Version CB 3.1, SW Version ...)
NOT-FOR-US: Universal Robots
-CVE-2018-10632
- RESERVED
+CVE-2018-10632 (In Moxa NPort 5210, 5230, and 5232 versions 2.9 build 17030709 and ...)
+ TODO: check
CVE-2018-10631 (Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician ...)
NOT-FOR-US: Medtronic
CVE-2018-10630
RESERVED
CVE-2018-10629
RESERVED
-CVE-2018-10628
- RESERVED
-CVE-2018-10627
- RESERVED
+CVE-2018-10628 (AVEVA InTouch 2014 R2 SP1 and prior, InTouch 2017, InTouch 2017 Update ...)
+ TODO: check
+CVE-2018-10627 (Echelon SmartServer 1 all versions, SmartServer 2 all versions prior ...)
+ TODO: check
CVE-2018-10626
RESERVED
CVE-2018-10625
@@ -10036,24 +10068,24 @@ CVE-2018-10610
RESERVED
CVE-2018-10609
RESERVED
-CVE-2018-10608
- RESERVED
+CVE-2018-10608 (SEL AcSELerator Architect version 2.2.24.0 and prior can be exploited ...)
+ TODO: check
CVE-2018-10607
RESERVED
CVE-2018-10606
RESERVED
CVE-2018-10605
RESERVED
-CVE-2018-10604
- RESERVED
+CVE-2018-10604 (SEL Compass version 3.0.5.1 and prior allows all users full access to ...)
+ TODO: check
CVE-2018-10603
RESERVED
CVE-2018-10602
RESERVED
CVE-2018-10601 (IntelliVue Patient Monitors MP Series (including ...)
NOT-FOR-US: Philips
-CVE-2018-10600
- RESERVED
+CVE-2018-10600 (SEL AcSELerator Architect version 2.2.24.0 and prior allows ...)
+ TODO: check
CVE-2018-10599 (IntelliVue Patient Monitors MP Series (including ...)
NOT-FOR-US: Philips
CVE-2018-10598
@@ -14434,24 +14466,24 @@ CVE-2018-8861 (Vulnerabilities within the Philips Brilliance CT kiosk environmen
NOT-FOR-US: Philips Brilliance
CVE-2018-8860 (In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker may be ...)
NOT-FOR-US: Vecna VGo Robot
-CVE-2018-8859
- RESERVED
+CVE-2018-8859 (Echelon SmartServer 1 all versions, SmartServer 2 all versions prior ...)
+ TODO: check
CVE-2018-8858
RESERVED
CVE-2018-8857 (Philips Brilliance CT software (Brilliance 64 version 2.6.2 and prior, ...)
NOT-FOR-US: Philips Brilliance
CVE-2018-8856
RESERVED
-CVE-2018-8855
- RESERVED
+CVE-2018-8855 (Echelon SmartServer 1 all versions, SmartServer 2 all versions prior ...)
+ TODO: check
CVE-2018-8854
RESERVED
CVE-2018-8853 (Philips Brilliance CT devices operate user functions from within a ...)
NOT-FOR-US: Philips Brilliance
CVE-2018-8852
RESERVED
-CVE-2018-8851
- RESERVED
+CVE-2018-8851 (Echelon SmartServer 1 all versions, SmartServer 2 all versions prior ...)
+ TODO: check
CVE-2018-8850
RESERVED
CVE-2018-8849 (Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician ...)
@@ -19605,7 +19637,7 @@ CVE-2018-7035 (Cross-site scripting (XSS) vulnerability in Gleez CMS 1.2.0 and 2
CVE-2018-7034 (TRENDnet TEW-751DR v1.03B03, TEW-752DRU v1.03B01, and TEW733GR v1.03B01 ...)
NOT-FOR-US: TRENDnet devices
CVE-2018-7033 (SchedMD Slurm before 17.02.10 and 17.11.x before 17.11.5 allows SQL ...)
- {DLA-1437-1 DLA-1367-1}
+ {DSA-4254-1 DLA-1437-1 DLA-1367-1}
- slurm-llnl 17.11.5-1 (bug #893044)
NOTE: https://bugs.schedmd.com/show_bug.cgi?id=4792 (not yet public)
NOTE: https://github.com/SchedMD/slurm/commit/db468895240ad6817628d07054fe54e71273b2fe
@@ -21316,8 +21348,8 @@ CVE-2017-18106
RESERVED
CVE-2017-18105
RESERVED
-CVE-2017-18104
- RESERVED
+CVE-2017-18104 (The Webhooks component of Atlassian Jira before version 7.6.7 and from ...)
+ TODO: check
CVE-2017-18103 (The atlassian-http library, as used in various Atlassian products, ...)
NOT-FOR-US: Atlassian
CVE-2017-18102 (The wiki markup component of atlassian-renderer from version 8.0.0 ...)
@@ -24691,14 +24723,14 @@ CVE-2018-5388 (In stroke_socket.c in strongSwan before 5.6.3, a missing packet l
NOTE: https://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=0acd1ab4
NOTE: https://www.strongswan.org/blog/2018/05/28/strongswan-5.6.3-released.html
NOTE: https://www.strongswan.org/blog/2018/05/28/strongswan-vulnerability-(cve-2018-5388).html
-CVE-2018-5387
- RESERVED
-CVE-2018-5386
- RESERVED
-CVE-2018-5385
- RESERVED
-CVE-2018-5384
- RESERVED
+CVE-2018-5387 (Wizkunde SAMLBase may incorrectly utilize the results of XML DOM ...)
+ TODO: check
+CVE-2018-5386 (Some Navarino Infinity functions, up to version 2.2, placed in the URL ...)
+ TODO: check
+CVE-2018-5385 (Navarino Infinity is prone to session fixation attacks. The server ...)
+ TODO: check
+CVE-2018-5384 (Navarino Infinity web interface up to version 2.2 exposes an ...)
+ TODO: check
CVE-2018-5383
RESERVED
CVE-2018-5382 (Bouncy Castle BKS version 1 keystore (BKS-V1) files use an HMAC that ...)
@@ -56964,7 +56996,7 @@ CVE-2017-11531 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/c81594c6ee93581b97e8f8c743200b1366d83989
NOTE: https://github.com/ImageMagick/ImageMagick/commit/1885ab1231e82f90d3f0e839555ee3e1a441bbf8
CVE-2017-11521 (The SdpContents::Session::Medium::parse function in ...)
- {DLA-1040-1}
+ {DLA-1439-1 DLA-1040-1}
- resiprocate <unfixed> (low; bug #869404)
[stretch] - resiprocate <no-dsa> (Minor issue)
NOTE: https://github.com/resiprocate/resiprocate/pull/88
@@ -82747,8 +82779,7 @@ CVE-2017-3228
RESERVED
CVE-2017-3227
RESERVED
-CVE-2017-3226
- RESERVED
+CVE-2017-3226 (Das U-Boot is a device bootloader that can read its configuration from ...)
- u-boot <unfixed> (unimportant)
[wheezy] - u-boot <not-affected> (Vulnerable code do not exist)
NOTE: jessie+ no built targets use ENV_AES by default, but fw_printenv/fw_setenv
@@ -82756,8 +82787,7 @@ CVE-2017-3226
NOTE: it in future versions.
NOTE: https://www.kb.cert.org/vuls/id/166743
NOTE: Negligable security impact
-CVE-2017-3225
- RESERVED
+CVE-2017-3225 (Das U-Boot is a device bootloader that can read its configuration from ...)
- u-boot <unfixed> (unimportant)
[wheezy] - u-boot <not-affected> (Vulnerable code do not exist)
NOTE: jessie+ no built targets use ENV_AES by default, but fw_printenv/fw_setenv
@@ -82765,15 +82795,14 @@ CVE-2017-3225
NOTE: it in future versions.
NOTE: https://www.kb.cert.org/vuls/id/166743
NOTE: Negligable security impact
-CVE-2017-3224 [OSPF implementation improperly determines LSA recency (VU#793496)]
- RESERVED
+CVE-2017-3224 (Open Shortest Path First (OSPF) protocol implementations may ...)
- quagga <unfixed> (low; bug #871617)
[stretch] - quagga <no-dsa> (Minor issue)
[jessie] - quagga <no-dsa> (Minor issue)
[wheezy] - quagga <no-dsa> (Minor issue)
NOTE: http://www.kb.cert.org/vuls/id/793496
-CVE-2017-3223
- RESERVED
+CVE-2017-3223 (Dahua IP camera products using firmware versions prior to ...)
+ TODO: check
CVE-2017-3222 (Hard-coded credentials in AmosConnect 8 allow remote attackers to gain ...)
NOT-FOR-US: AmosConnect
CVE-2017-3221 (Blind SQL injection in Inmarsat AmosConnect 8 login form allows remote ...)
@@ -82784,8 +82813,8 @@ CVE-2017-3219 (Acronis True Image up to and including version 2017 Build 8053 ..
NOT-FOR-US: Acronis True Image
CVE-2017-3218 (Samsung Magician 5.0 fails to validate TLS certificates for HTTPS ...)
NOT-FOR-US: Samsung
-CVE-2017-3217
- RESERVED
+CVE-2017-3217 (CalAmp LMU 3030 series OBD-II CDMA and GSM devices has an SMS (text ...)
+ TODO: check
CVE-2017-3216 (WiMAX routers based on the MediaTek SDK (libmtk) that use a custom ...)
NOT-FOR-US: WiMAX routers
CVE-2017-3215 (The Milwaukee ONE-KEY Android mobile application uses bearer tokens ...)
@@ -82798,10 +82827,10 @@ CVE-2017-3212 (The Space Coast Credit Union Mobile app 2.2 for iOS and 2.1.0.110
NOT-FOR-US: Space Coast Credit Union Mobile app
CVE-2017-3211
RESERVED
-CVE-2017-3210
- RESERVED
-CVE-2017-3209
- RESERVED
+CVE-2017-3210 (Applications developed using the Portrait Display SDK, versions 2.30 ...)
+ TODO: check
+CVE-2017-3209 (The DBPOWER U818A WIFI quadcopter drone provides FTP access over its ...)
+ TODO: check
CVE-2017-3208 (The Java implementation of AMF3 deserializers used by WebORB for Java ...)
NOT-FOR-US: AMF3 deserialisers
CVE-2017-3207 (The Java implementations of AMF3 deserializers in WebORB for Java by ...)
@@ -82843,26 +82872,26 @@ CVE-2017-3191 (D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version
NOT-FOR-US: D-Link
CVE-2017-3190 (Flash Seats Mobile App for Android version 1.7.9 and earlier and for ...)
NOT-FOR-US: Flash Seats Mobile App
-CVE-2017-3189
- RESERVED
-CVE-2017-3188
- RESERVED
-CVE-2017-3187
- RESERVED
+CVE-2017-3189 (The dotCMS administration panel, versions 3.7.1 and earlier, "Push ...)
+ TODO: check
+CVE-2017-3188 (The dotCMS administration panel, versions 3.7.1 and earlier, "Push ...)
+ TODO: check
+CVE-2017-3187 (The dotCMS administration panel, versions 3.7.1 and earlier, are ...)
+ TODO: check
CVE-2017-3186 (ACTi cameras including the D, B, I, and E series using firmware ...)
NOT-FOR-US: ACTi cameras
CVE-2017-3185 (ACTi cameras including the D, B, I, and E series using firmware ...)
NOT-FOR-US: ACTi cameras
CVE-2017-3184 (ACTi cameras including the D, B, I, and E series using firmware ...)
NOT-FOR-US: ACTi cameras
-CVE-2017-3183
- RESERVED
-CVE-2017-3182
- RESERVED
-CVE-2017-3181
- RESERVED
-CVE-2017-3180
- RESERVED
+CVE-2017-3183 (Sage XRT Treasury, version 3, fails to properly restrict database ...)
+ TODO: check
+CVE-2017-3182 (On the iOS platform, the ThreatMetrix SDK versions prior to 3.2 fail ...)
+ TODO: check
+CVE-2017-3181 (Multiple TIBCO Products are prone to multiple unspecified ...)
+ TODO: check
+CVE-2017-3180 (Multiple TIBCO Products are prone to multiple unspecified cross-site ...)
+ TODO: check
CVE-2017-3179
RESERVED
CVE-2017-3178
@@ -103255,8 +103284,8 @@ CVE-2016-5651
RESERVED
CVE-2016-5650 (ZModo ZP-NE14-S and ZP-IBH-13W devices do not enforce a WPA2 ...)
NOT-FOR-US: ZModo
-CVE-2016-5649
- RESERVED
+CVE-2016-5649 (A vulnerability is in the 'BSW_cxttongr.htm' page of the Netgear ...)
+ TODO: check
CVE-2016-5648 (Acer Portal app before 3.9.4.2000 for Android does not properly ...)
NOT-FOR-US: Acer Portal Android application
CVE-2016-5647 (The igdkmd64 module in the Intel Graphics Driver through 15.33.42.435, ...)
@@ -103277,8 +103306,8 @@ CVE-2016-5640 (Directory traversal vulnerability in cgi-bin/rftest.cgi on Crestr
NOT-FOR-US: Creston
CVE-2016-5639 (Directory traversal vulnerability in cgi-bin/login.cgi on Crestron ...)
NOT-FOR-US: Creston
-CVE-2016-5638
- RESERVED
+CVE-2016-5638 (There are few web pages associated with the genie app on the Netgear ...)
+ TODO: check
CVE-2016-5637 (The restore_tqb_pixels function in libbpg 0.9.5 through 0.9.7 ...)
NOTE: https://www.kb.cert.org/vuls/id/123799
NOTE: No further information provided, but this is very likely a dupe of CVE-2016-8710
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d324a23935404d714098ac5499bba67a804697de
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d324a23935404d714098ac5499bba67a804697de
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180724/7a83c94b/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list