[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Jul 31 21:10:27 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ed397c3d by security tracker role at 2018-07-31T20:10:19Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -430,8 +430,8 @@ CVE-2018-14583 (xyhai.php?s=/Auth/addUser in XYHCMS 3.5 allows CSRF to add a bac
NOT-FOR-US: XYHCMS
CVE-2018-14582 (index.php?r=admini/admin/create in BageCMS V3.1.3 allows CSRF to add a ...)
NOT-FOR-US: BageCMS
-CVE-2018-14581
- RESERVED
+CVE-2018-14581 (Redgate .NET Reflector before 10.0.7.774 and SmartAssembly before ...)
+ TODO: check
CVE-2018-14580
RESERVED
CVE-2018-14579 (GolemCMS through 2008-12-24, if the install/ directory remains active ...)
@@ -591,8 +591,8 @@ CVE-2018-14535
RESERVED
CVE-2018-14534
RESERVED
-CVE-2018-14533
- RESERVED
+CVE-2018-14533 (read_tmp and write_tmp in Inteno IOPSYS allow attackers to gain ...)
+ TODO: check
CVE-2018-14532 (An issue was discovered in Bento4 1.5.1-624. There is a heap-based ...)
NOT-FOR-US: Bento4
CVE-2018-14531 (An issue was discovered in Bento4 1.5.1-624. There is an unspecified ...)
@@ -839,8 +839,7 @@ CVE-2018-14434 (ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPC
NOTE: https://github.com/ImageMagick/ImageMagick/commit/98a2cceae0dceccbfe54051167c2c80be1f13c3f
CVE-2018-14433
RESERVED
-CVE-2018-14432 [GET /v3/OS-FEDERATION/projects leaks project information]
- RESERVED
+CVE-2018-14432 (In the Federation component of OpenStack Keystone before 11.0.4, ...)
- keystone <unfixed> (bug #904616)
[jessie] - keystone <end-of-life> (Not supported in Jessie)
NOTE: http://www.openwall.com/lists/oss-security/2018/07/25/2
@@ -4253,18 +4252,18 @@ CVE-2018-12946
RESERVED
CVE-2018-12945
RESERVED
-CVE-2018-12944
- RESERVED
-CVE-2018-12943
- RESERVED
-CVE-2018-12942
- RESERVED
-CVE-2018-12941
- RESERVED
-CVE-2018-12940
- RESERVED
-CVE-2018-12939
- RESERVED
+CVE-2018-12944 (Persistent Cross-Site Scripting (XSS) vulnerability in the ...)
+ TODO: check
+CVE-2018-12943 (Cross-Site Scripting (XSS) vulnerability in every page that includes ...)
+ TODO: check
+CVE-2018-12942 (SQL injection vulnerability in the "Users management" functionality in ...)
+ TODO: check
+CVE-2018-12941 (This vulnerability allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2018-12940 (Unrestricted file upload vulnerability in "op/op.UploadChunks.php" in ...)
+ TODO: check
+CVE-2018-12939 (A directory traversal flaw in SeedDMS (formerly LetoDMS and MyDMS) ...)
+ TODO: check
CVE-2018-12937
RESERVED
CVE-2018-12938
@@ -8601,8 +8600,8 @@ CVE-2018-11340 (An unrestricted file upload vulnerability in importuser.cgi in A
NOT-FOR-US: ASUSTOR
CVE-2018-11339 (An XSS issue was discovered in Frappe ERPNext v11.x.x-develop b1036e5 ...)
NOT-FOR-US: Frappe ERPNext
-CVE-2018-11338
- RESERVED
+CVE-2018-11338 (Intuit Lacerte 2017 for Windows in a client/server environment ...)
+ TODO: check
CVE-2018-11337
RESERVED
CVE-2018-11336
@@ -9716,7 +9715,7 @@ CVE-2018-10901 (A flaw was found in Linux kernel's KVM virtualization subsystem.
- linux <not-affected> (Fixed before src:linux-2.6 -> src:linux rename)
NOTE: https://git.kernel.org/linus/3444d7da1839b851eefedd372978d8a982316c36 (2.6.36-rc1)
CVE-2018-10900 (Network Manager VPNC plugin (aka networkmanager-vpnc) before version ...)
- {DSA-4253-1}
+ {DSA-4253-1 DLA-1454-1}
- network-manager-vpnc 1.2.6-1 (bug #904255)
NOTE: http://www.openwall.com/lists/oss-security/2018/07/20/3
NOTE: https://gitlab.gnome.org/GNOME/NetworkManager-vpnc/commit/07ac18a32b4e361a27ef48ac757d36cbb46e8e12
@@ -10528,20 +10527,20 @@ CVE-2018-10611 (Java remote method invocation (RMI) input port in GE MDS PulseNE
NOT-FOR-US: GE MDS PulseNET and MDS PulseNET Enterprise
CVE-2018-10610
RESERVED
-CVE-2018-10609
- RESERVED
+CVE-2018-10609 (Martem TELEM GW6 and GWM devices with firmware ...)
+ TODO: check
CVE-2018-10608 (SEL AcSELerator Architect version 2.2.24.0 and prior can be exploited ...)
NOT-FOR-US: SEL AcSELerator Architect
-CVE-2018-10607
- RESERVED
+CVE-2018-10607 (Martem TELEM GW6 and GWM devices with firmware ...)
+ TODO: check
CVE-2018-10606
RESERVED
CVE-2018-10605
RESERVED
CVE-2018-10604 (SEL Compass version 3.0.5.1 and prior allows all users full access to ...)
NOT-FOR-US: SEL Compass
-CVE-2018-10603
- RESERVED
+CVE-2018-10603 (Martem TELEM GW6 and GWM devices with firmware ...)
+ TODO: check
CVE-2018-10602
RESERVED
CVE-2018-10601 (IntelliVue Patient Monitors MP Series (including ...)
@@ -10562,8 +10561,8 @@ CVE-2018-10594 (Delta Industrial Automation COMMGR from Delta Electronics versio
NOT-FOR-US: Delta
CVE-2018-10593 (A vulnerability in DB Manager version 3.0.1.0 and previous and ...)
NOT-FOR-US: BD Kiestra and InoqulA systems
-CVE-2018-10592
- RESERVED
+CVE-2018-10592 (Yokogawa STARDOM FCJ controllers R4.02 and prior, FCN-100 controllers ...)
+ TODO: check
CVE-2018-10591 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ...)
NOT-FOR-US: Advantech
CVE-2018-10590 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ...)
@@ -16928,8 +16927,7 @@ CVE-2018-8029
RESERVED
CVE-2018-8028
RESERVED
-CVE-2018-8027
- RESERVED
+CVE-2018-8027 (Apache Camel 2.20.0 to 2.20.3 and 2.21.0 Core is vulnerable to XXE in ...)
NOT-FOR-US: Apache Camel
CVE-2018-8026 (This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 ...)
- lucene-solr <not-affected> (Do not allow to upload configsets via the API)
@@ -16946,10 +16944,10 @@ CVE-2018-8022
RESERVED
CVE-2018-8021
RESERVED
-CVE-2018-8020
- RESERVED
-CVE-2018-8019
- RESERVED
+CVE-2018-8020 (Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw ...)
+ TODO: check
+CVE-2018-8019 (When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and ...)
+ TODO: check
CVE-2018-8018 (Apache Ignite 2.5 and earlier serialization mechanism does not have a ...)
NOT-FOR-US: Apache Ignite
CVE-2018-8017
@@ -17055,12 +17053,12 @@ CVE-2018-7997 (Eramba e1.0.6.033 has Reflected XSS on the Error page of the CSV
NOT-FOR-US: Eramba
CVE-2018-7996 (Eramba e1.0.6.033 has Stored XSS on the tooltip box via the ...)
NOT-FOR-US: Eramba
-CVE-2018-7994
- RESERVED
-CVE-2018-7993
- RESERVED
-CVE-2018-7992
- RESERVED
+CVE-2018-7994 (Some Huawei products IPS Module V500R001C50; NGFW Module V500R001C50; ...)
+ TODO: check
+CVE-2018-7993 (HUAWEI Mate 10 smartphones with versions earlier than ALP-AL00 ...)
+ TODO: check
+CVE-2018-7992 (Mdapt Driver of Huawei MediaPad M3 BTV-W09C128B353CUSTC128D001; Mate 9 ...)
+ TODO: check
CVE-2018-7991
RESERVED
CVE-2018-7990
@@ -17129,8 +17127,8 @@ CVE-2018-7959
RESERVED
CVE-2018-7958
RESERVED
-CVE-2018-7957
- RESERVED
+CVE-2018-7957 (Huawei smartphones with software Victoria-AL00 8.0.0.336a(C00) have an ...)
+ TODO: check
CVE-2018-7956
RESERVED
CVE-2018-7955
@@ -17149,8 +17147,8 @@ CVE-2018-7949 (The iBMC (Intelligent Baseboard Management Controller) of some Hu
NOT-FOR-US: Huawei
CVE-2018-7948
RESERVED
-CVE-2018-7947
- RESERVED
+CVE-2018-7947 (Huawei mobile phones with versions earlier before Emily-AL00A ...)
+ TODO: check
CVE-2018-7946
RESERVED
CVE-2018-7945
@@ -17175,8 +17173,8 @@ CVE-2018-7936
RESERVED
CVE-2018-7935
RESERVED
-CVE-2018-7934
- RESERVED
+CVE-2018-7934 (Some Huawei mobile phone with the versions before BLA-L29 ...)
+ TODO: check
CVE-2018-7933 (Huawei home gateway products HiRouter-CD20 and WS5200 with the ...)
NOT-FOR-US: Huawei
CVE-2018-7932 (Huawei AppGallery versions before 8.0.4.301 has an arbitrary ...)
@@ -24958,10 +24956,10 @@ CVE-2018-5546
RESERVED
CVE-2018-5545
RESERVED
-CVE-2018-5544
- RESERVED
-CVE-2018-5543
- RESERVED
+CVE-2018-5544 (When the F5 BIG-IP APM 13.0.0-13.1.1 or 12.1.0-12.1.3 renders certain ...)
+ TODO: check
+CVE-2018-5543 (The F5 BIG-IP Controller for Kubernetes 1.0.0-1.5.0 (k8s-bigip-crtl) ...)
+ TODO: check
CVE-2018-5542 (F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.6, or 11.2.1-11.6.3.2 HTTPS ...)
NOT-FOR-US: F5 BIG-IP
CVE-2018-5541 (When F5 BIG-IP ASM 13.0.0-13.1.0.1, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, ...)
@@ -30849,10 +30847,10 @@ CVE-2017-17710
RESERVED
CVE-2017-17709
RESERVED
-CVE-2017-17708
- RESERVED
-CVE-2017-17707
- RESERVED
+CVE-2017-17708 (Because of insufficient authorization checks it is possible for any ...)
+ TODO: check
+CVE-2017-17707 (Due to missing authorization checks, any authenticated user is able to ...)
+ TODO: check
CVE-2017-17706
RESERVED
CVE-2017-17705
@@ -34995,8 +34993,8 @@ CVE-2018-1720
RESERVED
CVE-2018-1719
RESERVED
-CVE-2018-1718
- RESERVED
+CVE-2018-1718 (IBM Sterling B2B Integrator Standard Edition 5.2.0.1 - 5.2.6.3 is ...)
+ TODO: check
CVE-2018-1717
RESERVED
CVE-2018-1716
@@ -35155,8 +35153,8 @@ CVE-2018-1640
RESERVED
CVE-2018-1639
RESERVED
-CVE-2018-1638
- RESERVED
+CVE-2018-1638 (IBM API Connect 5.0.0.0-5.0.8.3 Developer Portal does not enforce Two ...)
+ TODO: check
CVE-2018-1637
RESERVED
CVE-2018-1636
@@ -38065,8 +38063,8 @@ CVE-2017-17176
RESERVED
CVE-2017-17175 (Short Message Service (SMS) module of Mate 9 Pro Huawei smart phones ...)
NOT-FOR-US: Huawei
-CVE-2017-17174
- RESERVED
+CVE-2017-17174 (Some Huawei products RSE6500 V500R002C00; SoftCo V200R003C20SPCb00; ...)
+ TODO: check
CVE-2017-17173 (Due to insufficient parameters verification GPU driver of Mate 9 Pro ...)
NOT-FOR-US: Huawei
CVE-2017-17172 (Huawei smart phones LYO-L21 with software LYO-L21C479B107, ...)
@@ -39595,7 +39593,7 @@ CVE-2018-0502
RESERVED
CVE-2018-0501
RESERVED
-CVE-2018-0500 (Curl_smtp_escape_eob in lib/smtp.c in curl before 7.61.0 has a ...)
+CVE-2018-0500 (Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including ...)
- curl <unfixed> (bug #903546)
[stretch] - curl <not-affected> (Only affects 7.54.1 to 7.60.0)
[jessie] - curl <not-affected> (Only affects 7.54.1 to 7.60.0)
@@ -51195,8 +51193,8 @@ CVE-2017-13654
RESERVED
CVE-2017-13653
RESERVED
-CVE-2017-13652
- RESERVED
+CVE-2017-13652 (NetApp OnCommand Insight version 7.3.0 and versions prior to 7.2.0 are ...)
+ TODO: check
CVE-2017-13651
RESERVED
CVE-2017-13650
@@ -75579,8 +75577,8 @@ CVE-2017-5695 (Data corruption vulnerability in firmware in Intel Solid-State Dr
NOT-FOR-US: Intel
CVE-2017-5694 (Data corruption vulnerability in firmware in Intel Solid-State Drive ...)
NOT-FOR-US: Intel
-CVE-2017-5693
- RESERVED
+CVE-2017-5693 (Firmware in the Intel Puma 5, 6, and 7 Series might experience ...)
+ TODO: check
CVE-2017-5692
RESERVED
CVE-2017-5691 (Incorrect check in Intel processors from 6th and 7th Generation Intel ...)
@@ -93930,8 +93928,7 @@ CVE-2016-8662
REJECTED
CVE-2016-8661 (Little Snitch version 3.0 through 3.6.1 suffer from a buffer overflow ...)
NOT-FOR-US: Little Snitch
-CVE-2016-8657
- RESERVED
+CVE-2016-8657 (It was discovered that EAP packages in certain versions of Red Hat ...)
NOT-FOR-US: Red Hat JBoss; jbossas Red Hat configuration file permissions and init script
CVE-2016-8656 (Jboss jbossas before versions 5.2.0-23, 6.4.13, 7.0.5 is vulnerable to ...)
NOT-FOR-US: Red Hat JBoss; jbossas init script
@@ -94078,8 +94075,7 @@ CVE-2016-8628
NOTE: Needs an attacker to compromise a controlled server.
CVE-2016-8627 (admin-cli before versions 3.0.0.alpha25, 2.2.1.cr2 is vulnerable to an ...)
NOT-FOR-US: Red Hat JBoss EAP
-CVE-2016-8626 [RGW Denial of Service by sending POST object with null conditions]
- RESERVED
+CVE-2016-8626 (A flaw was found in Red Hat Ceph before 0.94.9-8. The way Ceph Object ...)
- ceph 10.2.5-1 (bug #844200)
[jessie] - ceph 0.80.7-2+deb8u2
NOTE: http://tracker.ceph.com/issues/17635
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ed397c3d935b5c9f5035f49e2aecaee21aa41cd2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ed397c3d935b5c9f5035f49e2aecaee21aa41cd2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180731/d1dccb3e/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list