[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sat Jun 2 09:10:29 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
408aac3e by security tracker role at 2018-06-02T08:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,5 @@
+CVE-2018-11672
+ RESERVED
CVE-2018-11671 (An issue was discovered in GreenCMS v2.3.0603. There is a CSRF ...)
NOT-FOR-US: GreenCMS
CVE-2018-11670 (An issue was discovered in GreenCMS v2.3.0603. There is a CSRF ...)
@@ -240,8 +242,8 @@ CVE-2018-11566
CVE-2018-11565 (Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before ...)
- mahara <removed>
NOTE: https://bugs.launchpad.net/mahara/+bug/1772774
-CVE-2018-11564
- RESERVED
+CVE-2018-11564 (Stored XSS in YOOtheme Pagekit 1.0.13 and earlier allows a user to ...)
+ TODO: check
CVE-2018-11563
RESERVED
CVE-2018-11562 (An issue was discovered in MISP 2.4.91. A vulnerability in ...)
@@ -352,8 +354,8 @@ CVE-2018-11524
RESERVED
CVE-2018-11523 (upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, such ...)
NOT-FOR-US: NUUO NVRmini
-CVE-2018-11522
- RESERVED
+CVE-2018-11522 (Yosoro 1.0.4 has stored XSS. ...)
+ TODO: check
CVE-2018-11521
RESERVED
CVE-2018-11520
@@ -1256,110 +1258,110 @@ CVE-2018-11195 (Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 b
- mahara <removed>
NOTE: https://bugs.launchpad.net/mahara/+bug/1770561
NOTE: https://mahara.org/interaction/forum/topic.php?id=8269
-CVE-2018-11194
- RESERVED
-CVE-2018-11193
- RESERVED
-CVE-2018-11192
- RESERVED
-CVE-2018-11191
- RESERVED
-CVE-2018-11190
- RESERVED
-CVE-2018-11189
- RESERVED
-CVE-2018-11188
- RESERVED
-CVE-2018-11187
- RESERVED
-CVE-2018-11186
- RESERVED
-CVE-2018-11185
- RESERVED
-CVE-2018-11184
- RESERVED
-CVE-2018-11183
- RESERVED
-CVE-2018-11182
- RESERVED
-CVE-2018-11181
- RESERVED
-CVE-2018-11180
- RESERVED
-CVE-2018-11179
- RESERVED
-CVE-2018-11178
- RESERVED
-CVE-2018-11177
- RESERVED
-CVE-2018-11176
- RESERVED
-CVE-2018-11175
- RESERVED
-CVE-2018-11174
- RESERVED
-CVE-2018-11173
- RESERVED
-CVE-2018-11172
- RESERVED
-CVE-2018-11171
- RESERVED
-CVE-2018-11170
- RESERVED
-CVE-2018-11169
- RESERVED
-CVE-2018-11168
- RESERVED
-CVE-2018-11167
- RESERVED
-CVE-2018-11166
- RESERVED
-CVE-2018-11165
- RESERVED
-CVE-2018-11164
- RESERVED
-CVE-2018-11163
- RESERVED
-CVE-2018-11162
- RESERVED
-CVE-2018-11161
- RESERVED
-CVE-2018-11160
- RESERVED
-CVE-2018-11159
- RESERVED
-CVE-2018-11158
- RESERVED
-CVE-2018-11157
- RESERVED
-CVE-2018-11156
- RESERVED
-CVE-2018-11155
- RESERVED
-CVE-2018-11154
- RESERVED
-CVE-2018-11153
- RESERVED
-CVE-2018-11152
- RESERVED
-CVE-2018-11151
- RESERVED
-CVE-2018-11150
- RESERVED
-CVE-2018-11149
- RESERVED
-CVE-2018-11148
- RESERVED
-CVE-2018-11147
- RESERVED
-CVE-2018-11146
- RESERVED
-CVE-2018-11145
- RESERVED
-CVE-2018-11144
- RESERVED
-CVE-2018-11143
- RESERVED
+CVE-2018-11194 (Quest DR Series Disk Backup software version before 4.0.3.1 allows ...)
+ TODO: check
+CVE-2018-11193 (Quest DR Series Disk Backup software version before 4.0.3.1 allows ...)
+ TODO: check
+CVE-2018-11192 (Quest DR Series Disk Backup software version before 4.0.3.1 allows ...)
+ TODO: check
+CVE-2018-11191 (Quest DR Series Disk Backup software version before 4.0.3.1 allows ...)
+ TODO: check
+CVE-2018-11190 (Quest DR Series Disk Backup software version before 4.0.3.1 allows ...)
+ TODO: check
+CVE-2018-11189 (Quest DR Series Disk Backup software version before 4.0.3.1 allows ...)
+ TODO: check
+CVE-2018-11188 (Quest DR Series Disk Backup software version before 4.0.3.1 allows ...)
+ TODO: check
+CVE-2018-11187 (Quest DR Series Disk Backup software version before 4.0.3.1 allows ...)
+ TODO: check
+CVE-2018-11186 (Quest DR Series Disk Backup software version before 4.0.3.1 allows ...)
+ TODO: check
+CVE-2018-11185 (Quest DR Series Disk Backup software version before 4.0.3.1 allows ...)
+ TODO: check
+CVE-2018-11184 (Quest DR Series Disk Backup software version before 4.0.3.1 allows ...)
+ TODO: check
+CVE-2018-11183 (Quest DR Series Disk Backup software version before 4.0.3.1 allows ...)
+ TODO: check
+CVE-2018-11182 (Quest DR Series Disk Backup software version before 4.0.3.1 allows ...)
+ TODO: check
+CVE-2018-11181 (Quest DR Series Disk Backup software version before 4.0.3.1 allows ...)
+ TODO: check
+CVE-2018-11180 (Quest DR Series Disk Backup software version before 4.0.3.1 allows ...)
+ TODO: check
+CVE-2018-11179 (Quest DR Series Disk Backup software version before 4.0.3.1 allows ...)
+ TODO: check
+CVE-2018-11178 (Quest DR Series Disk Backup software version before 4.0.3.1 allows ...)
+ TODO: check
+CVE-2018-11177 (Quest DR Series Disk Backup software version before 4.0.3.1 allows ...)
+ TODO: check
+CVE-2018-11176 (Quest DR Series Disk Backup software version before 4.0.3.1 allows ...)
+ TODO: check
+CVE-2018-11175 (Quest DR Series Disk Backup software version before 4.0.3.1 allows ...)
+ TODO: check
+CVE-2018-11174 (Quest DR Series Disk Backup software version before 4.0.3.1 allows ...)
+ TODO: check
+CVE-2018-11173 (Quest DR Series Disk Backup software version before 4.0.3.1 allows ...)
+ TODO: check
+CVE-2018-11172 (Quest DR Series Disk Backup software version before 4.0.3.1 allows ...)
+ TODO: check
+CVE-2018-11171 (Quest DR Series Disk Backup software version before 4.0.3.1 allows ...)
+ TODO: check
+CVE-2018-11170 (Quest DR Series Disk Backup software version before 4.0.3.1 allows ...)
+ TODO: check
+CVE-2018-11169 (Quest DR Series Disk Backup software version before 4.0.3.1 allows ...)
+ TODO: check
+CVE-2018-11168 (Quest DR Series Disk Backup software version before 4.0.3.1 allows ...)
+ TODO: check
+CVE-2018-11167 (Quest DR Series Disk Backup software version before 4.0.3.1 allows ...)
+ TODO: check
+CVE-2018-11166 (Quest DR Series Disk Backup software version before 4.0.3.1 allows ...)
+ TODO: check
+CVE-2018-11165 (Quest DR Series Disk Backup software version before 4.0.3.1 allows ...)
+ TODO: check
+CVE-2018-11164 (Quest DR Series Disk Backup software version before 4.0.3.1 allows ...)
+ TODO: check
+CVE-2018-11163 (Quest DR Series Disk Backup software version before 4.0.3.1 allows ...)
+ TODO: check
+CVE-2018-11162 (Quest DR Series Disk Backup software version before 4.0.3.1 allows ...)
+ TODO: check
+CVE-2018-11161 (Quest DR Series Disk Backup software version before 4.0.3.1 allows ...)
+ TODO: check
+CVE-2018-11160 (Quest DR Series Disk Backup software version before 4.0.3.1 allows ...)
+ TODO: check
+CVE-2018-11159 (Quest DR Series Disk Backup software version before 4.0.3.1 allows ...)
+ TODO: check
+CVE-2018-11158 (Quest DR Series Disk Backup software version before 4.0.3.1 allows ...)
+ TODO: check
+CVE-2018-11157 (Quest DR Series Disk Backup software version before 4.0.3.1 allows ...)
+ TODO: check
+CVE-2018-11156 (Quest DR Series Disk Backup software version before 4.0.3.1 allows ...)
+ TODO: check
+CVE-2018-11155 (Quest DR Series Disk Backup software version before 4.0.3.1 allows ...)
+ TODO: check
+CVE-2018-11154 (Quest DR Series Disk Backup software version before 4.0.3.1 allows ...)
+ TODO: check
+CVE-2018-11153 (Quest DR Series Disk Backup software version before 4.0.3.1 allows ...)
+ TODO: check
+CVE-2018-11152 (Quest DR Series Disk Backup software version before 4.0.3.1 allows ...)
+ TODO: check
+CVE-2018-11151 (Quest DR Series Disk Backup software version before 4.0.3.1 allows ...)
+ TODO: check
+CVE-2018-11150 (Quest DR Series Disk Backup software version before 4.0.3.1 allows ...)
+ TODO: check
+CVE-2018-11149 (Quest DR Series Disk Backup software version before 4.0.3.1 allows ...)
+ TODO: check
+CVE-2018-11148 (Quest DR Series Disk Backup software version before 4.0.3.1 allows ...)
+ TODO: check
+CVE-2018-11147 (Quest DR Series Disk Backup software version before 4.0.3.1 allows ...)
+ TODO: check
+CVE-2018-11146 (Quest DR Series Disk Backup software version before 4.0.3.1 allows ...)
+ TODO: check
+CVE-2018-11145 (Quest DR Series Disk Backup software version before 4.0.3.1 allows ...)
+ TODO: check
+CVE-2018-11144 (Quest DR Series Disk Backup software version before 4.0.3.1 allows ...)
+ TODO: check
+CVE-2018-11143 (Quest DR Series Disk Backup software version before 4.0.3.1 allows ...)
+ TODO: check
CVE-2018-11142 (The 'systemui/settings_network.php' and ...)
NOT-FOR-US: Quest KACE System Management Appliance
CVE-2018-11141 (The 'IMAGES_JSON' and 'attachments_to_remove[]' parameters of the ...)
@@ -3927,7 +3929,7 @@ CVE-2018-10097 (XSS exists in Domain Trader 2.5.3 via the recoverlogin.php ...)
NOT-FOR-US: Domain Trader
CVE-2018-1000171
REJECTED
-CVE-2018-1002100 [Kubectl copy doesn't check for paths outside of it's destination directory]
+CVE-2018-1002100 (In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to ...)
- kubernetes <unfixed>
NOTE: https://github.com/kubernetes/kubernetes/issues/61297
CVE-2018-1000170 (A cross-site scripting vulnerability exists in Jenkins 2.115 and ...)
@@ -8966,12 +8968,13 @@ CVE-2018-8014 (The defaults settings for the CORS filter provided in Apache Tomc
NOTE: It is expected that users of the CORS filter will have configured it appropriately
NOTE: for their einvironment rather than using it in the default configuration
CVE-2018-8013 (In Apache Batik 1.x before 1.10, when deserializing subclass of ...)
- {DLA-1385-1}
+ {DSA-4215-1 DLA-1385-1}
- batik 1.10-1 (bug #899374)
NOTE: https://issues.apache.org/jira/browse/BATIK-1222
NOTE: https://svn.apache.org/viewvc?view=revision&revision=1831241
- NOTE: https://marc.info/?l=oss-security&m=152707788503264&w=2
+ NOTE: https://marc.info/?l=oss-security&m=152707788503264&w=2
CVE-2018-8012 (No authentication/authorization is enforced when a server attempts to ...)
+ {DSA-4214-1}
- zookeeper 3.4.10-2 (bug #899332)
[wheezy] - zookeeper <ignored> (changes are too intrusive to backport)
NOTE: https://issues.apache.org/jira/browse/ZOOKEEPER-1045
@@ -57507,7 +57510,7 @@ CVE-2016-1000361
REJECTED
CVE-2016-1000360
REJECTED
-CVE-2016-1000338
+CVE-2016-1000338 (In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does ...)
- bouncycastle 1.56-1
NOTE: https://github.com/bcgit/bc-java/commit/b0c3ce99d43d73a096268831d0d120ffc89eac7f#diff-3679f5a9d2b939d0d3ee1601a7774fb0
CVE-2017-8829 (Deserialization vulnerability in lintian through 2.5.50.3 allows ...)
@@ -67555,7 +67558,7 @@ CVE-2017-5664 (The error page mechanism of the Java Servlet Specification requir
CVE-2017-5663 (In Apache Fineract 0.4.0-incubating, 0.5.0-incubating, and ...)
NOT-FOR-US: Apache Fineract
CVE-2017-5662 (In Apache Batik before 1.9, files lying on the filesystem of the ...)
- {DLA-926-1}
+ {DSA-4215-1 DLA-926-1}
- batik 1.9-1 (bug #860566)
NOTE: http://www.openwall.com/lists/oss-security/2017/04/18/1
NOTE: Upstream bug: https://issues.apache.org/jira/browse/BATIK-1139
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/408aac3ece8dfc28e18c0003cc8c8a733c29f154
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/408aac3ece8dfc28e18c0003cc8c8a733c29f154
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180602/3c756c51/attachment.html>
More information about the debian-security-tracker-commits
mailing list