[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Jun 15 09:10:23 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6a0d9f6d by security tracker role at 2018-06-15T08:10:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,7 +1,43 @@
+CVE-2018-12440 (BoringSSL through 2018-06-14 allows a memory-cache side-channel attack ...)
+	TODO: check
+CVE-2018-12439 (MatrixSSL through 3.9.5 Open allows a memory-cache side-channel attack ...)
+	TODO: check
+CVE-2018-12438 (The Elliptic Curve Cryptography library (aka sunec or libsunec) allows ...)
+	TODO: check
+CVE-2018-12437 (LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ...)
+	TODO: check
+CVE-2018-12436 (wolfcrypt/src/ecc.c in wolfSSL before 3.15.1.patch allows a ...)
+	TODO: check
+CVE-2018-12435 (Botan through 2.6.0 allows a memory-cache side-channel attack on ECDSA ...)
+	TODO: check
+CVE-2018-12434 (LibreSSL before 2.6.5 and 2.7.x before 2.7.4 allows a memory-cache ...)
+	TODO: check
+CVE-2018-12433 (** DISPUTED ** cryptlib through 3.4.4 allows a memory-cache ...)
+	TODO: check
+CVE-2018-12432 (JavaMelody through 1.60.0 has XSS via the counter parameter in a ...)
+	TODO: check
+CVE-2018-12431 (SeaCMS V6.61 has XSS via the site name parameter on an ...)
+	TODO: check
+CVE-2018-12430
+	RESERVED
+CVE-2018-12429
+	RESERVED
+CVE-2018-12428
+	RESERVED
+CVE-2018-12427
+	RESERVED
+CVE-2018-12426
+	RESERVED
+CVE-2018-12425
+	RESERVED
+CVE-2018-12424
+	RESERVED
+CVE-2018-12422
+	RESERVED
 CVE-2018-12421 (LTB (aka LDAP Tool Box) Self Service Password before 1.3 allows a ...)
 	NOT-FOR-US: LTB Self Service Password
-CVE-2018-12420
-	RESERVED
+CVE-2018-12420 (IceHrm before 23.0.1.OS has a risky usage of a hashed password in a ...)
+	TODO: check
 CVE-2018-12419
 	RESERVED
 CVE-2018-12418 (Archive.java in Junrar before 1.0.1, as used in Apache Tika and other ...)
@@ -126,13 +162,12 @@ CVE-2018-12359
 	RESERVED
 CVE-2018-12358
 	RESERVED
-CVE-2018-12423 [unauthorised users can hijack rooms when there is no m.room.power_levels event in force]
+CVE-2018-12423 (In Synapse before 0.31.2, unauthorised users can hijack rooms when ...)
 	- matrix-synapse 0.31.2+dfsg-1 (bug #901549)
 	NOTE: https://github.com/matrix-org/synapse/pull/3397
 CVE-2018-12357
 	RESERVED
-CVE-2018-12356
-	RESERVED
+CVE-2018-12356 (An issue was discovered in password-store.sh in pass in Simple Password ...)
 	- password-store 1.7.2-1 (bug #901574)
 	[stretch] - password-store <not-affected> (Signature verification support added in 1.7)
 	[jessie] - password-store <not-affected> (Signature verification support added in 1.7)
@@ -1692,10 +1727,10 @@ CVE-2018-11692 (An issue was discovered on Canon LBP6650, LBP3370, LBP3460, and 
 	NOT-FOR-US: Canon devices
 CVE-2018-11691
 	RESERVED
-CVE-2018-11690
-	RESERVED
-CVE-2018-11689
-	RESERVED
+CVE-2018-11690 (The Balbooa Gridbox extension version 2.4.0 and previous versions for ...)
+	TODO: check
+CVE-2018-11689 (Smart Viewer in Samsung Web Viewer for Samsung DVR is vulnerable to ...)
+	TODO: check
 CVE-2018-11688 (Ignite Realtime Openfire 3.7.1 is vulnerable to cross-site scripting, ...)
 	TODO: check
 CVE-2018-11687
@@ -1969,8 +2004,7 @@ CVE-2018-11576 (ngiflib.c in MiniUPnP ngiflib 0.4 has a heap-based buffer over-r
 	NOT-FOR-US: ngiflib
 CVE-2018-11575 (ngiflib.c in MiniUPnP ngiflib 0.4 has a stack-based buffer overflow in ...)
 	NOT-FOR-US: ngiflib
-CVE-2018-11574 [Buffer Overflow in pppd EAP-TLS implementation]
-	RESERVED
+CVE-2018-11574 (Improper input validation together with an integer overflow in the ...)
 	- ppp 2.4.7-2+3
 	[stretch] - ppp <not-affected> (Vulnerable code introduced later)
 	[jessie] - ppp <not-affected> (Vulnerable code introduced later)
@@ -8867,8 +8901,8 @@ CVE-2018-8821 (windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows att
 	NOT-FOR-US: windrvr1260.sys in Jungo DriverWizard WinDriver
 CVE-2018-8820 (An issue was discovered in Square 9 GlobalForms 6.2.x. A Time Based ...)
 	NOT-FOR-US: Square 9
-CVE-2018-8819
-	RESERVED
+CVE-2018-8819 (An XXE issue was discovered in Automated Logic Corporation (ALC) ...)
+	TODO: check
 CVE-2018-8818
 	RESERVED
 CVE-2018-8817 (Wampserver before 3.1.3 has CSRF in add_vhost.php. ...)
@@ -15485,8 +15519,8 @@ CVE-2018-6518 (Composr CMS 10.0.13 has XSS via the site_name parameter in a ...)
 	NOT-FOR-US: Composr CMS
 CVE-2018-6517
 	RESERVED
-CVE-2018-6516
-	RESERVED
+CVE-2018-6516 (On Windows only, with a specifically crafted configuration file an ...)
+	TODO: check
 CVE-2018-6515 (Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to ...)
 	- puppet <not-affected> (Specific issue Windows only)
 	NOTE: https://puppet.com/security/cve/CVE-2018-6515
@@ -49419,8 +49453,8 @@ CVE-2017-12072 (Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.p
 	NOT-FOR-US: Synology
 CVE-2017-12071 (Server-side request forgery (SSRF) vulnerability in file_upload.php in ...)
 	NOT-FOR-US: Synology
-CVE-2017-12070
-	RESERVED
+CVE-2017-12070 (Unsigned versions of the DLLs distributed by the OPC Foundation may be ...)
+	TODO: check
 CVE-2017-12069 (An XXE vulnerability has been identified in OPC Foundation UA .NET ...)
 	NOT-FOR-US: OPC Foundation UA .NET Sampe code and Local Discovery Server affecting various vendors
 CVE-2017-12068 (The Event List plugin 0.7.9 for WordPress has XSS in the slug array ...)
@@ -92042,7 +92076,7 @@ CVE-2016-7167 (Multiple integer overflows in the (1) curl_escape, (2) ...)
 	NOTE: Upstream patch: https://curl.haxx.se/CVE-2016-7167.patch
 	NOTE: Affected versions: libcurl 7.11.1 to and including 7.50.2
 	NOTE: Not affected versions: libcurl < 7.11.1 and libcurl >= 7.50.3
-CVE-2016-7165 (A vulnerability has been identified in Primary Setup Tool (PST), ...)
+CVE-2016-7165 (A vulnerability has been identified in Primary Setup Tool (PST) (All ...)
 	NOT-FOR-US: Microsoft
 CVE-2016-7162 (The _g_file_remove_directory function in file-utils.c in File Roller ...)
 	- file-roller 3.20.3-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6a0d9f6d28488473225b4cf0ebd4fd14f888920a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6a0d9f6d28488473225b4cf0ebd4fd14f888920a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180615/b10e15ef/attachment.html>

More information about the debian-security-tracker-commits mailing list