[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Thu Jun 14 09:10:27 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
223a3416 by security tracker role at 2018-06-14T08:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,39 @@
+CVE-2018-12357
+	RESERVED
+CVE-2018-12356
+	RESERVED
+CVE-2018-12355 (Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name or description ...)
+	TODO: check
+CVE-2018-12354 (Knowage (formerly SpagoBI) 6.1.1 allows CSRF via every form, as ...)
+	TODO: check
+CVE-2018-12353 (Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name field to the ...)
+	TODO: check
+CVE-2018-12352
+	RESERVED
+CVE-2018-12351
+	RESERVED
+CVE-2018-12350
+	RESERVED
+CVE-2018-12349
+	RESERVED
+CVE-2018-12348
+	RESERVED
+CVE-2018-12347
+	RESERVED
+CVE-2018-12346
+	RESERVED
+CVE-2018-12345
+	RESERVED
+CVE-2018-12344
+	RESERVED
+CVE-2018-12343
+	RESERVED
+CVE-2018-12342
+	RESERVED
+CVE-2018-12341
+	RESERVED
+CVE-2018-12340
+	RESERVED
 CVE-2018-12339 (ArticleCMS through 2017-02-19 has XSS via an "add an article" action. ...)
 	NOT-FOR-US: ArticleCMS
 CVE-2018-12338
@@ -144,8 +180,8 @@ CVE-2018-12273 (The /edit URI in the DMS component in Ximdex 4.0 has XSS via the
 	NOT-FOR-US: Ximdex
 CVE-2018-12272 (xowl/request.php in Ximdex 4.0 has XSS via the content parameter. ...)
 	NOT-FOR-US: Ximdex
-CVE-2018-12271
-	RESERVED
+CVE-2018-12271 (** DISPUTED ** An issue was discovered in the com.getdropbox.Dropbox ...)
+	TODO: check
 CVE-2018-12270
 	RESERVED
 CVE-2018-12269
@@ -655,8 +691,7 @@ CVE-2018-12042 (Roxy Fileman through v1.4.5 has Directory traversal via the ...)
 	NOT-FOR-US: Roxy Fileman
 CVE-2018-12041 (An issue was discovered on the MediaTek AWUS036NH wireless USB adapter ...)
 	NOT-FOR-US: MediaTek
-CVE-2018-12040 [Reflected cross-site scripting vulnerability]
-	RESERVED
+CVE-2018-12040 (** DISPUTED ** Reflected Cross-site scripting (XSS) vulnerability in ...)
 	- symfony <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1590702
 CVE-2018-12039 (joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary ...)
@@ -710,8 +745,7 @@ CVE-2018-12020 (mainproc.c in GnuPG before 2.2.8 mishandles the original filenam
 	NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=2326851c60793653069494379b16d84e4c10a0ac (STABLE-BRANCH-1-4)
 	NOTE: http://www.openwall.com/lists/oss-security/2018/06/13/10
 	NOTE: https://neopg.io/blog/gpg-signature-spoof/
-CVE-2018-12019
-	RESERVED
+CVE-2018-12019 (The signature verification routine in Enigmail before 2.0.7 interprets ...)
 	- enigmail 2:2.0.7-1
 	NOTE: http://www.openwall.com/lists/oss-security/2018/06/13/10
 	NOTE: https://neopg.io/blog/enigmail-signature-spoof/
@@ -3616,8 +3650,7 @@ CVE-2018-10852
 	RESERVED
 CVE-2018-10851
 	RESERVED
-CVE-2018-10850 [race condition on reference counter leads to DoS using persistent search]
-	RESERVED
+CVE-2018-10850 (389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race ...)
 	- 389-ds-base <undetermined>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1588056
 CVE-2018-10849
@@ -4731,18 +4764,18 @@ CVE-2018-10410
 	RESERVED
 CVE-2018-10409
 	RESERVED
-CVE-2018-10408
-	RESERVED
-CVE-2018-10407
-	RESERVED
-CVE-2018-10406
-	RESERVED
-CVE-2018-10405
-	RESERVED
-CVE-2018-10404
-	RESERVED
-CVE-2018-10403
-	RESERVED
+CVE-2018-10408 (An issue was discovered in VirusTotal. A maliciously crafted ...)
+	TODO: check
+CVE-2018-10407 (An issue was discovered in Carbon Black Cb Response. A maliciously ...)
+	TODO: check
+CVE-2018-10406 (An issue was discovered in Yelp OSXCollector. A maliciously crafted ...)
+	TODO: check
+CVE-2018-10405 (An issue was discovered in Google Santa and molcodesignchecker. A ...)
+	TODO: check
+CVE-2018-10404 (An issue was discovered in Objective-See KnockKnock, LuLu, ...)
+	TODO: check
+CVE-2018-10403 (An issue was discovered in F-Secure XFENCE and Little Flocker. A ...)
+	TODO: check
 CVE-2018-10402
 	RESERVED
 CVE-2018-10401
@@ -14367,7 +14400,7 @@ CVE-2018-6796 (PHP Scripts Mall Multilanguage Real Estate MLM Script 3.0 has Sto
 	NOT-FOR-US: PHP Scripts Mall Multilanguage Real Estate MLM Script
 CVE-2018-6795 (PHP Scripts Mall Naukri Clone Script 3.0.3 has Stored XSS via every ...)
 	NOT-FOR-US: PHP Scripts Mall Naukri Clone Script
-CVE-2018-6794 (Suricata before 4.1 is prone to an HTTP detection bypass vulnerability ...)
+CVE-2018-6794 (Suricata before 4.0.4 is prone to an HTTP detection bypass ...)
 	- suricata 1:4.0.4-1 (bug #889842)
 	[stretch] - suricata <no-dsa> (Minor issue)
 	[jessie] - suricata <no-dsa> (Minor issue)
@@ -18509,8 +18542,8 @@ CVE-2018-5490
 	RESERVED
 CVE-2018-5489
 	RESERVED
-CVE-2018-5488
-	RESERVED
+CVE-2018-5488 (NetApp SANtricity Web Services Proxy versions 1.10.x000.0002 through ...)
+	TODO: check
 CVE-2018-5487 (NetApp OnCommand Unified Manager for Linux versions 7.2 through 7.3 ...)
 	NOT-FOR-US: NetApp OnCommand Unified Manager for Linux
 CVE-2018-5486 (NetApp OnCommand Unified Manager for Linux versions 7.2 though 7.3 ...)
@@ -30575,8 +30608,7 @@ CVE-2018-1122 (procps-ng before version 3.3.15 is vulnerable to a local privileg
 	NOTE: https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
 	NOTE: Patch: 0097-top-Do-not-default-to-the-cwd-in-configs_read.patch
 	NOTE: https://gitlab.com/procps-ng/procps/commit/b45c4803dd176f4e3f9d3d47421ddec9bbbe66cd
-CVE-2018-1121 [Unprivileged process hiding]
-	RESERVED
+CVE-2018-1121 (procps-ng, procps is vulnerable to a process hiding through race ...)
 	- linux <unfixed> (unimportant)
 	NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
 	NOTE: https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
@@ -32926,8 +32958,7 @@ CVE-2018-0496 (Directory traversal issues in the D-Mod extractor in DFArc and DF
 	[jessie] - freedink-dfarc <no-dsa> (Minor issue)
 	NOTE: https://savannah.gnu.org/forum/forum.php?forum_id=9169
 	NOTE: https://git.savannah.gnu.org/cgit/freedink/dfarc.git/commit/?id=40cc957f52e772f45125126439ba9333cf2d2998
-CVE-2018-0495 [ecc: Add blinding for ECDSA]
-	RESERVED
+CVE-2018-0495 (Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache ...)
 	- libgcrypt20 1.8.3-1
 	NOTE: https://dev.gnupg.org/T4011
 	NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965
@@ -37972,6 +38003,7 @@ CVE-2017-15738 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 all
 CVE-2017-15737 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows ...)
 	NOT-FOR-US: IrfanView
 CVE-2017-15736 (Cross-site scripting (XSS) vulnerability (stored) in SPIP before 3.1.7 ...)
+	{DSA-4228-1}
 	- spip 3.1.4-4 (bug #879954)
 	[wheezy] - spip <not-affected> (vulnerable code not present)
 	NOTE: https://core.spip.net/projects/spip/repository/revisions/23701
@@ -73975,8 +74007,8 @@ CVE-2017-3970
 	RESERVED
 CVE-2017-3969 (Abuse of communication channels vulnerability in the server in McAfee ...)
 	NOT-FOR-US: McAfee
-CVE-2017-3968
-	RESERVED
+CVE-2017-3968 (Session fixation vulnerability in the web interface in McAfee Network ...)
+	TODO: check
 CVE-2017-3967 (Target influence via framing vulnerability in the web interface in ...)
 	NOT-FOR-US: McAfee
 CVE-2017-3966 (Exploitation of session variables, resource IDs and other trusted ...)
@@ -74039,8 +74071,8 @@ CVE-2017-3938
 	REJECTED
 CVE-2017-3937
 	RESERVED
-CVE-2017-3936
-	RESERVED
+CVE-2017-3936 (OS Command Injection vulnerability in McAfee ePolicy Orchestrator ...)
+	TODO: check
 CVE-2017-3935 (Network Data Loss Prevention is vulnerable to MIME type sniffing which ...)
 	NOT-FOR-US: McAfee Network Data Loss Prevention
 CVE-2017-3934 (Missing HTTP Strict Transport Security state information vulnerability ...)
@@ -74097,8 +74129,8 @@ CVE-2017-3909
 	RESERVED
 CVE-2017-3908
 	RESERVED
-CVE-2017-3907
-	RESERVED
+CVE-2017-3907 (Code Injection vulnerability in the ePolicy Orchestrator (ePO) ...)
+	TODO: check
 CVE-2017-3906
 	RESERVED
 CVE-2017-3905



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/223a3416e7d29931e57b5d31851007ebb3b20414

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/223a3416e7d29931e57b5d31851007ebb3b20414
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180614/b98c71ac/attachment.html>

More information about the debian-security-tracker-commits mailing list