[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Jun 13 21:10:28 BST 2018


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a97047cd by security tracker role at 2018-06-13T20:10:22+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,13 +1,155 @@
-CVE-2018-12267
+CVE-2018-12339 (ArticleCMS through 2017-02-19 has XSS via an "add an article" action. ...)
+	TODO: check
+CVE-2018-12338
+	RESERVED
+CVE-2018-12337
+	RESERVED
+CVE-2018-12336
+	RESERVED
+CVE-2018-12335
+	RESERVED
+CVE-2018-12334
+	RESERVED
+CVE-2018-12333
+	RESERVED
+CVE-2018-12332
+	RESERVED
+CVE-2018-12331
+	RESERVED
+CVE-2018-12330
+	RESERVED
+CVE-2018-12329
+	RESERVED
+CVE-2018-12328
+	RESERVED
+CVE-2018-12327
+	RESERVED
+CVE-2018-12326
+	RESERVED
+CVE-2018-12325
+	RESERVED
+CVE-2018-12324
+	RESERVED
+CVE-2018-12323 (An issue was discovered on Momentum Axel 720P 5.1.8 devices. A password ...)
+	TODO: check
+CVE-2018-12322 (There is a heap out of bounds read in radare2 2.6.0 in _6502_op() in ...)
+	TODO: check
+CVE-2018-12321 (There is a heap out of bounds read in radare2 2.6.0 in java_switch_op() ...)
+	TODO: check
+CVE-2018-12320 (There is a use after free in radare2 2.6.0 in r_anal_bb_free() in ...)
+	TODO: check
+CVE-2018-12319
+	RESERVED
+CVE-2018-12318
+	RESERVED
+CVE-2018-12317
+	RESERVED
+CVE-2018-12316
+	RESERVED
+CVE-2018-12315
+	RESERVED
+CVE-2018-12314
+	RESERVED
+CVE-2018-12313
+	RESERVED
+CVE-2018-12312
+	RESERVED
+CVE-2018-12311
+	RESERVED
+CVE-2018-12310
+	RESERVED
+CVE-2018-12309
+	RESERVED
+CVE-2018-12308
+	RESERVED
+CVE-2018-12307
+	RESERVED
+CVE-2018-12306
+	RESERVED
+CVE-2018-12305
+	RESERVED
+CVE-2018-12304
+	RESERVED
+CVE-2018-12303
+	RESERVED
+CVE-2018-12302
+	RESERVED
+CVE-2018-12301
+	RESERVED
+CVE-2018-12300
+	RESERVED
+CVE-2018-12299
+	RESERVED
+CVE-2018-12298
+	RESERVED
+CVE-2018-12297
+	RESERVED
+CVE-2018-12296
+	RESERVED
+CVE-2018-12295
+	RESERVED
+CVE-2018-12294
+	RESERVED
+CVE-2018-12293
+	RESERVED
+CVE-2018-12292 (A use-after-free vulnerability exists in ...)
+	TODO: check
+CVE-2018-12290 (The Yii2-StateMachine extension v2.x.x for Yii2 has XSS. ...)
+	TODO: check
+CVE-2018-12289
+	RESERVED
+CVE-2018-12288
+	RESERVED
+CVE-2018-12287
+	RESERVED
+CVE-2018-12286
+	RESERVED
+CVE-2018-12285
+	RESERVED
+CVE-2018-12284
+	RESERVED
+CVE-2018-12283
+	RESERVED
+CVE-2018-12282
+	RESERVED
+CVE-2018-12281
+	RESERVED
+CVE-2018-12280
+	RESERVED
+CVE-2018-12279
+	RESERVED
+CVE-2018-12278
 	RESERVED
-CVE-2018-12266
+CVE-2018-12277
 	RESERVED
-CVE-2018-12265
+CVE-2018-12276
 	RESERVED
-CVE-2018-12264
+CVE-2018-12275
 	RESERVED
-CVE-2018-12263
+CVE-2018-12274
 	RESERVED
+CVE-2018-12273 (The /edit URI in the DMS component in Ximdex 4.0 has XSS via the Ciudad ...)
+	TODO: check
+CVE-2018-12272 (xowl/request.php in Ximdex 4.0 has XSS via the content parameter. ...)
+	TODO: check
+CVE-2018-12271
+	RESERVED
+CVE-2018-12270
+	RESERVED
+CVE-2018-12269
+	RESERVED
+CVE-2018-12268 (acccheck.pl in acccheck 0.2.1 allows Command Injection via shell ...)
+	TODO: check
+CVE-2018-12267
+	RESERVED
+CVE-2018-12266 (system\errors\404.php in HongCMS 3.0.0 has XSS via crafted input that ...)
+	TODO: check
+CVE-2018-12265 (Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in ...)
+	TODO: check
+CVE-2018-12264 (Exiv2 0.26 has integer overflows in LoaderTiff::getData() in ...)
+	TODO: check
+CVE-2018-12263 (portfolioCMS 1.0.5 allows upload of arbitrary .php files via the ...)
+	TODO: check
 CVE-2018-12262
 	RESERVED
 CVE-2018-12261 (An issue was discovered on Momentum Axel 720P 5.1.8 devices. All ...)
@@ -382,7 +524,7 @@ CVE-2018-12090 (There is unauthenticated reflected cross-site scripting (XSS) in
 	TODO: check
 CVE-2018-12089 (In Octopus Deploy version 2018.5.1 to 2018.5.7, a user with Task View ...)
 	NOT-FOR-US: Octopus Deploy
-CVE-2018-12291 [bug in the get_missing_events federation API where event visibility rules were not applied correctly]
+CVE-2018-12291 (The on_get_missing_events function in handlers/federation.py in Matrix ...)
 	- matrix-synapse 0.31.1+dfsg-1 (bug #901293)
 	NOTE: https://github.com/matrix-org/synapse/pull/3371
 	NOTE: https://github.com/matrix-org/synapse/commit/0834b49c6a9b6c597a154d4b2dfcf8fff90699ec
@@ -1006,8 +1148,7 @@ CVE-2018-11808 (Incorrect Access Control in CustomFieldsFeedServlet in Zoho ...)
 	NOT-FOR-US: Zoho ManageEngine Applications Manager
 CVE-2018-11807
 	RESERVED
-CVE-2018-11806 [slirp: heap buffer overflow while reassembling fragmented datagrams]
-	RESERVED
+CVE-2018-11806 (m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via ...)
 	- qemu <unfixed> (bug #901017)
 	[stretch] - qemu <postponed> (Minor issue, wait until more severe issues are around)
 	[jessie] - qemu <postponed> (Minor issue, wait until more severe issues are around)
@@ -1359,8 +1500,8 @@ CVE-2018-11690
 	RESERVED
 CVE-2018-11689
 	RESERVED
-CVE-2018-11688
-	RESERVED
+CVE-2018-11688 (Ignite Realtime Openfire 3.7.1 is vulnerable to cross-site scripting, ...)
+	TODO: check
 CVE-2018-11687
 	RESERVED
 CVE-2018-11686
@@ -2051,12 +2192,12 @@ CVE-2018-11410 (An issue was discovered in Liblouis 3.5.0. A invalid free in the
 	NOTE: https://github.com/liblouis/liblouis/issues/573
 CVE-2018-11409 (Splunk through 7.0.1 allows information disclosure by appending ...)
 	NOT-FOR-US: Splunk
-CVE-2018-11408
-	RESERVED
-CVE-2018-11407
-	RESERVED
-CVE-2018-11406
-	RESERVED
+CVE-2018-11408 (The security handlers in the Security component in Symfony in 2.7.x ...)
+	TODO: check
+CVE-2018-11407 (An issue was discovered in the Ldap component in Symfony 2.8.x before ...)
+	TODO: check
+CVE-2018-11406 (An issue was discovered in the Security component in Symfony 2.7.x ...)
+	TODO: check
 CVE-2018-11405 (Kliqqi 2.0.2 has CSRF in admin/admin_users.php. ...)
 	NOT-FOR-US: Kliqqi
 CVE-2018-11404 (DomainMod v4.09.03 has XSS via the assets/edit/ssl-provider-account.php ...)
@@ -2097,10 +2238,10 @@ CVE-2018-11388
 	RESERVED
 CVE-2018-11387
 	RESERVED
-CVE-2018-11386
-	RESERVED
-CVE-2018-11385
-	RESERVED
+CVE-2018-11386 (An issue was discovered in the HttpFoundation component in Symfony ...)
+	TODO: check
+CVE-2018-11385 (An issue was discovered in the Security component in Symfony 2.7.x ...)
+	TODO: check
 CVE-2018-11384 (The sh_op() function in radare2 2.5.0 allows remote attackers to cause ...)
 	- radare2 <unfixed> (low)
 	[stretch] - radare2 <no-dsa> (Minor issue)
@@ -4703,8 +4844,8 @@ CVE-2018-10365 (An XSS issue was discovered in the Threads to Link plugin 1.3 fo
 	NOT-FOR-US: Threads to Link plugin for MyBB
 CVE-2018-10364 (BigTree before 4.2.22 has XSS in the Users management page via the name ...)
 	NOT-FOR-US: BigTree CMS
-CVE-2018-10363
-	RESERVED
+CVE-2018-10363 (An issue was discovered in the WpDevArt "Booking calendar, Appointment ...)
+	TODO: check
 CVE-2018-10360 (The do_core_note function in readelf.c in libmagic.a in file 5.33 ...)
 	- file 1:5.33-3 (bug #901351)
 	[stretch] - file <no-dsa> (Minor issue; will be fixed via pu)
@@ -11770,8 +11911,8 @@ CVE-2018-7561 (Stack-based Buffer Overflow in httpd on Tenda AC9 devices ...)
 	NOT-FOR-US: Tenda AC9 devices
 CVE-2018-7560 (index.js in the Anton Myshenin aws-lambda-multipart-parser NPM package ...)
 	NOT-FOR-US: aws-lambda-multipart-parser NPM package
-CVE-2018-7559
-	RESERVED
+CVE-2018-7559 (An issue was discovered in OPC UA .NET Standard Stack and Sample Code ...)
+	TODO: check
 CVE-2018-7558
 	RESERVED
 CVE-2018-7557 (The decode_init function in libavcodec/utvideodec.c in FFmpeg through ...)
@@ -13234,20 +13375,20 @@ CVE-2018-7169 (An issue was discovered in shadow 4.5. newgidmap (in shadow-utils
 	NOTE: https://github.com/shadow-maint/shadow/pull/97
 CVE-2018-7168
 	RESERVED
-CVE-2018-7167
-	RESERVED
+CVE-2018-7167 (Calling Buffer.fill() or Buffer.alloc() with some parameters can lead ...)
+	TODO: check
 CVE-2018-7166
 	RESERVED
 CVE-2018-7165
 	RESERVED
-CVE-2018-7164
-	RESERVED
+CVE-2018-7164 (Node.js versions 9.7.0 and later and 10.x are vulnerable and the ...)
+	TODO: check
 CVE-2018-7163
 	RESERVED
-CVE-2018-7162
-	RESERVED
-CVE-2018-7161
-	RESERVED
+CVE-2018-7162 (All versions of Node.js 9.x and 10.x are vulnerable and the severity ...)
+	TODO: check
+CVE-2018-7161 (All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the ...)
+	TODO: check
 CVE-2018-7160 (The Node.js inspector, in 6.x and later is vulnerable to a DNS ...)
 	- nodejs <unfixed> (unimportant)
 	[stretch] - nodejs <not-affected> (Vulnerable code not present)
@@ -18443,12 +18584,12 @@ CVE-2018-5436
 	RESERVED
 CVE-2018-5435
 	RESERVED
-CVE-2018-5434
-	RESERVED
-CVE-2018-5433
-	RESERVED
-CVE-2018-5432
-	RESERVED
+CVE-2018-5434 (The TIBCO Designer component of TIBCO Software Inc.'s TIBCO Runtime ...)
+	TODO: check
+CVE-2018-5433 (The TIBCO Administrator server component of TIBCO Software Inc.'s ...)
+	TODO: check
+CVE-2018-5432 (The TIBCO Administrator server component of of TIBCO Software Inc.'s ...)
+	TODO: check
 CVE-2018-5431 (The domain designer component of TIBCO Software Inc.'s TIBCO ...)
 	- jasperreports <unfixed>
 	[wheezy] - jasperreports <end-of-life> (not supported in Wheezy)
@@ -19042,8 +19183,8 @@ CVE-2018-5245
 	RESERVED
 CVE-2018-5243
 	RESERVED
-CVE-2018-5242
-	RESERVED
+CVE-2018-5242 (Norton App Lock prior to version 1.3.0.329 can be susceptible to a ...)
+	TODO: check
 CVE-2018-5241 (Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, ...)
 	NOT-FOR-US: Symantec
 CVE-2018-5240
@@ -22764,8 +22905,8 @@ CVE-2018-3761
 	RESERVED
 CVE-2018-3760
 	RESERVED
-CVE-2018-3759
-	RESERVED
+CVE-2018-3759 (private_address_check ruby gem before 0.5.0 is vulnerable to a ...)
+	TODO: check
 CVE-2018-3758 (Unrestricted file upload (RCE) in express-cart module before 1.1.7 ...)
 	NOT-FOR-US: express-cart
 CVE-2018-3757 (Command injection exists in pdf-image v2.0.0 due to an unescaped ...)
@@ -28741,8 +28882,8 @@ CVE-2018-1433 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize 
 	NOT-FOR-US: IBM
 CVE-2018-1432 (IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is ...)
 	NOT-FOR-US: IBM InfoSphere Information Server
-CVE-2018-1431
-	RESERVED
+CVE-2018-1431 (A vulnerability in GSKit affects IBM Spectrum Scale 4.1.1, 4.2.0, ...)
+	TODO: check
 CVE-2018-1430 (IBM API Connect 5.0.0.0 through 5.0.8.2 is vulnerable to cross-site ...)
 	NOT-FOR-US: IBM API Connect
 CVE-2018-1429 (IBM MQ Appliance 9.0.1, 9.0.2, 9.0.3, amd 9.0.4 is vulnerable to ...)
@@ -28817,8 +28958,8 @@ CVE-2018-1395
 	RESERVED
 CVE-2018-1394
 	RESERVED
-CVE-2018-1393
-	RESERVED
+CVE-2018-1393 (IBM Financial Transaction Manager for ACH Services for Multi-Platform ...)
+	TODO: check
 CVE-2018-1392 (IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for ...)
 	NOT-FOR-US: IBM Financial Transaction Manager
 CVE-2018-1391 (IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for ...)
@@ -30044,8 +30185,8 @@ CVE-2017-17445
 	RESERVED
 CVE-2017-17444
 	RESERVED
-CVE-2017-17443
-	RESERVED
+CVE-2017-17443 (OPC Foundation Local Discovery Server (LDS) 1.03.370 required a ...)
+	TODO: check
 CVE-2017-17442 (In BlackBerry UEM Management Console version 12.7.1 and earlier, a ...)
 	NOT-FOR-US: BlackBerry
 CVE-2017-17441
@@ -35119,8 +35260,8 @@ CVE-2017-16654
 	RESERVED
 CVE-2017-16653
 	RESERVED
-CVE-2017-16652
-	RESERVED
+CVE-2017-16652 (An issue was discovered in Symfony 2.7.x before 2.7.38, 2.8.x before ...)
+	TODO: check
 CVE-2017-16651 (Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before ...)
 	{DSA-4030-1 DLA-1193-1}
 	- roundcube 1.3.3+dfsg.1-1
@@ -37910,8 +38051,7 @@ CVE-2017-15697 (A malicious X-ProxyContextPath or X-Forwarded-Context header ...
 	NOT-FOR-US: Apache NiFi
 CVE-2017-15696 (When an Apache Geode cluster before v1.4.0 is operating in secure ...)
 	NOT-FOR-US: Apache Geode
-CVE-2017-15695
-	RESERVED
+CVE-2017-15695 (When an Apache Geode server versions 1.0.0 to 1.4.0 is configured with ...)
 	NOT-FOR-US: Apache Geode
 CVE-2017-15694
 	RESERVED
@@ -50030,8 +50170,8 @@ CVE-2017-11674 (Reporter.exe in Acunetix 8 allows remote attackers to cause a de
 	NOT-FOR-US: Acunetix
 CVE-2017-11673 (Reporter.exe in Acunetix 8 allows remote attackers to execute arbitrary ...)
 	NOT-FOR-US: Acunetix
-CVE-2017-11672
-	RESERVED
+CVE-2017-11672 (The OPC Foundation Local Discovery Server (LDS) before 1.03.367 is ...)
+	TODO: check
 CVE-2017-11671 (Under certain circumstances, the ix86_expand_builtin function in i386.c ...)
 	- gcc-6 6.3.0-12
 	- gcc-5 5.4.1-10
@@ -57540,7 +57680,7 @@ CVE-2017-9232 (Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 u
 	- juju <removed>
 CVE-2017-9231 (XML external entity (XXE) vulnerability in Citrix XenMobile Server 9.x ...)
 	NOT-FOR-US: Citrix
-CVE-2017-9230 (The Bitcoin Proof-of-Work algorithm does not consider a certain attack ...)
+CVE-2017-9230 (** DISPUTED ** The Bitcoin Proof-of-Work algorithm does not consider a ...)
 	NOT-FOR-US: Bitcoin Proof-of-Work algorithm
 CVE-2017-9229 (An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in ...)
 	{DLA-958-1}
@@ -76422,7 +76562,7 @@ CVE-2017-3210
 	RESERVED
 CVE-2017-3209
 	RESERVED
-CVE-2017-3208 (The Java implementation of AMF3 deserializers used by Flamingo ...)
+CVE-2017-3208 (The Java implementation of AMF3 deserializers used by WebORB for Java ...)
 	TODO: check
 CVE-2017-3207 (The Java implementations of AMF3 deserializers in WebORB for Java by ...)
 	TODO: check
@@ -205253,8 +205393,8 @@ CVE-2011-4185 (The GetPrinterURLList2 method in the ActiveX control in Novell iP
 	NOT-FOR-US: ActiveX
 CVE-2011-4184
 	RESERVED
-CVE-2011-4183
-	RESERVED
+CVE-2011-4183 (A vulnerability in open build service allows remote attackers to ...)
+	TODO: check
 CVE-2011-4182 (Missing escaping of ESSID values in sysconfig of SUSE Linux Enterprise ...)
 	TODO: check
 CVE-2011-4181 (A vulnerability in open build service allows remote attackers to gain ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a97047cd0bf91e873aa46dbfa799ce3c3cad9843

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a97047cd0bf91e873aa46dbfa799ce3c3cad9843
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180613/d46ce3bb/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list