[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Jun 8 09:10:27 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6a7b9185 by security tracker role at 2018-06-08T08:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,21 @@
+CVE-2018-12049 (A remote attacker can bypass the System Manager Mode on the Canon ...)
+ TODO: check
+CVE-2018-12048 (A remote attacker can bypass the Management Mode on the Canon LBP7110Cw ...)
+ TODO: check
+CVE-2018-12047 (xfind/search in Ximdex 4.0 has XSS via the filter[n][value] parameters ...)
+ TODO: check
+CVE-2018-12046 (DedeCMS through 5.7SP2 allows arbitrary file write in ...)
+ TODO: check
+CVE-2018-12045 (DedeCMS through V5.7SP2 allows arbitrary file upload in ...)
+ TODO: check
+CVE-2018-12044
+ RESERVED
+CVE-2018-12043 (content/content.blueprintspages.php in Symphony 2.7.6 has XSS via the ...)
+ TODO: check
+CVE-2018-12042 (Roxy Fileman through v1.4.5 has Directory traversal via the ...)
+ TODO: check
+CVE-2018-12041 (An issue was discovered on the MediaTek AWUS036NH wireless USB adapter ...)
+ TODO: check
CVE-2018-12040
RESERVED
CVE-2018-12039 (joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary ...)
@@ -2055,10 +2073,10 @@ CVE-2018-11231 (In the Divido plugin for OpenCart, there is SQL injection. Attac
NOT-FOR-US: OpenCart plugin
CVE-2018-11230 (jbig2_add_page in jbig2enc.cc in libjbig2enc.a in jbig2enc 0.29 allows ...)
NOT-FOR-US: jbig2enc
-CVE-2018-11229
- RESERVED
-CVE-2018-11228
- RESERVED
+CVE-2018-11229 (Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and ...)
+ TODO: check
+CVE-2018-11228 (Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and ...)
+ TODO: check
CVE-2018-11227
RESERVED
CVE-2018-11226 (The getString function in decompile.c in libming through 0.4.8 ...)
@@ -3506,8 +3524,8 @@ CVE-2018-10621
RESERVED
CVE-2018-10620
RESERVED
-CVE-2018-10619
- RESERVED
+CVE-2018-10619 (An unquoted search path or element in RSLinx Classic Versions 3.90.01 ...)
+ TODO: check
CVE-2018-10618
RESERVED
CVE-2018-10617
@@ -6900,8 +6918,7 @@ CVE-2018-9248 (FiberHome VDSL2 Modem HG 150-UB devices allow authentication bypa
NOT-FOR-US: FiberHome VDSL2 Modem HG 150-UB devices
CVE-2018-9247 (The upsql function in \Lib\Lib\Action\Admin\DataAction.class.php in ...)
NOT-FOR-US: Gxlcms QY
-CVE-2018-9246 [insufficient sanitizes or escapes variable values used as part of shell command execution]
- RESERVED
+CVE-2018-9246 (The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in ...)
- libpgobject-util-dbadmin-perl 0.130.1-1 (bug #900942)
NOTE: https://github.com/ledgersmb/PGObject-Util-DBAdmin/commit/2c25c3dbc8b832a657247d3ea63ae80f3c5df6b1
NOTE: https://github.com/ledgersmb/PGObject-Util-DBAdmin/commit/f4e684008ca9e182833a70793ae91288d2c80218
@@ -7042,8 +7059,8 @@ CVE-2018-9184
RESERVED
CVE-2018-9183 (The Joom Sky JS Jobs extension before 1.2.1 for Joomla! has XSS. ...)
NOT-FOR-US: Joomla addon
-CVE-2018-9182
- RESERVED
+CVE-2018-9182 (Twonky Server before 8.5.1 has XSS via a modified "language" parameter ...)
+ TODO: check
CVE-2018-9181
RESERVED
CVE-2018-9180
@@ -7052,8 +7069,8 @@ CVE-2018-9179
RESERVED
CVE-2018-9178
RESERVED
-CVE-2018-9177
- RESERVED
+CVE-2018-9177 (Twonky Server before 8.5.1 has XSS via a folder name on the Shared ...)
+ TODO: check
CVE-2018-9176
RESERVED
CVE-2018-9175 (DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via ...)
@@ -22292,8 +22309,8 @@ CVE-2018-3760
RESERVED
CVE-2018-3759
RESERVED
-CVE-2018-3758
- RESERVED
+CVE-2018-3758 (Unrestricted file upload (RCE) in express-cart module before 1.1.7 ...)
+ TODO: check
CVE-2018-3757 (Command injection exists in pdf-image v2.0.0 due to an unescaped ...)
NOT-FOR-US: node pdf-image
CVE-2018-3756 (Hyperledger Iroha versions v1.0_beta and v1.0.0_beta-1 are vulnerable ...)
@@ -32681,18 +32698,18 @@ CVE-2018-0359
RESERVED
CVE-2018-0358
RESERVED
-CVE-2018-0357
- RESERVED
-CVE-2018-0356
- RESERVED
-CVE-2018-0355
- RESERVED
-CVE-2018-0354
- RESERVED
+CVE-2018-0357 (A vulnerability in the web framework of Cisco WebEx could allow an ...)
+ TODO: check
+CVE-2018-0356 (A vulnerability in the web framework of Cisco WebEx could allow an ...)
+ TODO: check
+CVE-2018-0355 (A vulnerability in the web UI of Cisco Unified Communications Manager ...)
+ TODO: check
+CVE-2018-0354 (A vulnerability in the web framework of Cisco Unity Connection could ...)
+ TODO: check
CVE-2018-0353 (A vulnerability in traffic-monitoring functions in Cisco Web Security ...)
TODO: check
-CVE-2018-0352
- RESERVED
+CVE-2018-0352 (A vulnerability in the Disk Check Tool (disk-check.sh) for Cisco Wide ...)
+ TODO: check
CVE-2018-0351
RESERVED
CVE-2018-0350
@@ -32715,30 +32732,30 @@ CVE-2018-0342
RESERVED
CVE-2018-0341
RESERVED
-CVE-2018-0340
- RESERVED
-CVE-2018-0339
- RESERVED
-CVE-2018-0338
- RESERVED
+CVE-2018-0340 (A vulnerability in the web framework of the Cisco Unified ...)
+ TODO: check
+CVE-2018-0339 (A vulnerability in the web-based management interface of Cisco Identity ...)
+ TODO: check
+CVE-2018-0338 (A vulnerability in the role-based access-checking mechanisms of Cisco ...)
+ TODO: check
CVE-2018-0337
RESERVED
-CVE-2018-0336
- RESERVED
-CVE-2018-0335
- RESERVED
-CVE-2018-0334
- RESERVED
-CVE-2018-0333
- RESERVED
-CVE-2018-0332
- RESERVED
+CVE-2018-0336 (A vulnerability in the batch provisioning feature of Cisco Prime ...)
+ TODO: check
+CVE-2018-0335 (A vulnerability in the web portal authentication process of Cisco Prime ...)
+ TODO: check
+CVE-2018-0334 (A vulnerability in the certificate management subsystem of Cisco ...)
+ TODO: check
+CVE-2018-0333 (A vulnerability in the VPN configuration management of Cisco FireSIGHT ...)
+ TODO: check
+CVE-2018-0332 (A vulnerability in the Session Initiation Protocol (SIP) ingress packet ...)
+ TODO: check
CVE-2018-0331
RESERVED
CVE-2018-0330
RESERVED
-CVE-2018-0329
- RESERVED
+CVE-2018-0329 (A vulnerability in the default configuration of the Simple Network ...)
+ TODO: check
CVE-2018-0328 (A vulnerability in the web framework of Cisco Unified Communications ...)
NOT-FOR-US: Cisco
CVE-2018-0327 (A vulnerability in the web framework of Cisco Identity Services Engine ...)
@@ -33107,8 +33124,8 @@ CVE-2018-0151 (A vulnerability in the quality of service (QoS) subsystem of Cisc
NOT-FOR-US: Cisco
CVE-2018-0150 (A vulnerability in Cisco IOS XE Software could allow an ...)
NOT-FOR-US: Cisco
-CVE-2018-0149
- RESERVED
+CVE-2018-0149 (A vulnerability in the web-based management interface of Cisco ...)
+ TODO: check
CVE-2018-0148 (A vulnerability in the web-based management interface of Cisco UCS ...)
NOT-FOR-US: Cisco
CVE-2018-0147 (A vulnerability in Java deserialization used by Cisco Secure Access ...)
@@ -216138,8 +216155,8 @@ CVE-2011-0469 (Code injection in openSUSE when running some source services used
NOTE: Secondary fix: https://github.com/openSUSE/open-build-service/commit/23c8d21c75242999e29379e6ca8418a14c8725c6
CVE-2011-0468 (The aaa_base package before 11.3-8.9.1 in SUSE openSUSE 11.3, and ...)
NOT-FOR-US: OpenSUSE aaa_base package
-CVE-2011-0467
- RESERVED
+CVE-2011-0467 (A vulnerability in the listing of available software of SUSE SUSE ...)
+ TODO: check
CVE-2011-0466 (The API in SUSE openSUSE Build Service (OBS) 2.0.x before 2.0.8 and ...)
NOT-FOR-US: openSUSE Build Service
CVE-2011-0465 (xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6a7b918503038547a4d3e6301086e87e0fa2c21c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6a7b918503038547a4d3e6301086e87e0fa2c21c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180608/7bc7f195/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list