[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sat Jun 16 09:10:26 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b59baec4 by security tracker role at 2018-06-16T08:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -3210,12 +3210,12 @@ CVE-2018-11224 (An issue was discovered in Libav 12.3. A read access violation i
- libav <undetermined>
NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1129
TODO: check
-CVE-2018-11223
- RESERVED
-CVE-2018-11222
- RESERVED
-CVE-2018-11221
- RESERVED
+CVE-2018-11223 (XSS in Artica Pandora FMS before 7.0 NG 723 allows an attacker to ...)
+ TODO: check
+CVE-2018-11222 (Local File Inclusion (LFI) in Artica Pandora FMS through version 7.23 ...)
+ TODO: check
+CVE-2018-11221 (Unauthenticated untrusted file upload in Artica Pandora FMS through ...)
+ TODO: check
CVE-2018-11220 (Bitmain Antminer D3, L3+, and S9 devices allow Remote Command ...)
NOT-FOR-US: Bitmain Antminer D3, L3+, and S9 devices
CVE-2018-11219 [integer overflow]
@@ -6557,8 +6557,8 @@ CVE-2018-9860 (An issue was discovered in Botan 1.11.32 through 2.x before 2.6.0
- botan1.10 <not-affected> (Issue introduced in 1.11.32)
NOTE: https://github.com/randombit/botan/commit/ec222c99719c396a1f4756b2ca345dbbfbeb5ed5
NOTE: Bug introduced in 1.11.32, fixed in 2.6.0
-CVE-2018-9859
- RESERVED
+CVE-2018-9859 (The path of Whale update service was unquoted in NAVER Whale before ...)
+ TODO: check
CVE-2018-1000168 (nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper ...)
- nghttp2 1.31.1-1 (low; bug #895566)
[stretch] - nghttp2 <no-dsa> (Minor issue)
@@ -15256,8 +15256,8 @@ CVE-2017-18171
RESERVED
CVE-2017-18170
RESERVED
-CVE-2017-18169
- RESERVED
+CVE-2017-18169 (User process can perform the kernel DOS in ashmem when doing cache ...)
+ TODO: check
CVE-2017-18168
RESERVED
CVE-2017-18167
@@ -15800,10 +15800,10 @@ CVE-2018-6499
RESERVED
CVE-2018-6498
RESERVED
-CVE-2018-6497
- RESERVED
-CVE-2018-6496
- RESERVED
+CVE-2018-6497 (Remote Cross-site Request forgery (CSRF) potential has been identified ...)
+ TODO: check
+CVE-2018-6496 (Remote Cross-site Request forgery (CSRF) potential has been identified ...)
+ TODO: check
CVE-2018-6495 (Cross-Site Scripting (XSS) in Micro Focus Universal CMDB, version ...)
NOT-FOR-US: Micro Focus
CVE-2018-6494 (Remote SQL Injection against the HP Service Manager Software Web Tier, ...)
@@ -17937,14 +17937,14 @@ CVE-2018-5865
RESERVED
CVE-2018-5864
RESERVED
-CVE-2018-5863
- RESERVED
+CVE-2018-5863 (If userspace provides a too-large WPA RSN IE length in ...)
+ TODO: check
CVE-2018-5862
RESERVED
CVE-2018-5861
RESERVED
-CVE-2018-5860
- RESERVED
+CVE-2018-5860 (In the MDSS driver in all Android releases(Android for MSM, Firefox OS ...)
+ TODO: check
CVE-2018-5859
RESERVED
CVE-2018-5858
@@ -17955,7 +17955,7 @@ CVE-2018-5856
RESERVED
CVE-2018-5855
RESERVED
-CVE-2018-5854 (In fastboot, a stack-based buffer overflow can occur in all Android ...)
+CVE-2018-5854 (A stack-based buffer overflow can occur in fastboot from all Android ...)
TODO: check
CVE-2018-5853
RESERVED
@@ -18255,18 +18255,18 @@ CVE-2018-5758 (The Upload File functionality in upload.jspa in Aurea Jive Jive-n
NOT-FOR-US: Aurea Jive Jive-n
CVE-2018-5757
RESERVED
-CVE-2018-5756
- RESERVED
-CVE-2018-5755
- RESERVED
-CVE-2018-5754
- RESERVED
-CVE-2018-5753
- RESERVED
-CVE-2018-5752
- RESERVED
-CVE-2018-5751
- RESERVED
+CVE-2018-5756 (The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, ...)
+ TODO: check
+CVE-2018-5755 (Absolute path traversal vulnerability in the readerengine component in ...)
+ TODO: check
+CVE-2018-5754 (Cross-site scripting (XSS) vulnerability in the office-web component ...)
+ TODO: check
+CVE-2018-5753 (The frontend component in Open-Xchange OX App Suite before ...)
+ TODO: check
+CVE-2018-5752 (The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, ...)
+ TODO: check
+CVE-2018-5751 (The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, ...)
+ TODO: check
CVE-2017-18042 (The update user administration resource in Atlassian Bamboo before ...)
NOT-FOR-US: Atlassian Bamboo
CVE-2017-18041 (The viewDeploymentVersionJiraIssuesDialog resource in Atlassian Bamboo ...)
@@ -32817,8 +32817,8 @@ CVE-2017-17064
RESERVED
CVE-2017-17063
RESERVED
-CVE-2017-17062
- RESERVED
+CVE-2017-17062 (The backend component in Open-Xchange OX App Suite before 7.6.3-rev35, ...)
+ TODO: check
CVE-2017-17061
RESERVED
CVE-2017-17060
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b59baec4091cf2f34a65f7801e7b21f8bcce4ca9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b59baec4091cf2f34a65f7801e7b21f8bcce4ca9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180616/8f682d66/attachment.html>
More information about the debian-security-tracker-commits
mailing list