[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sun Jun 17 21:10:25 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
57c8d84d by security tracker role at 2018-06-17T20:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,7 @@
+CVE-2018-12519
+	RESERVED
+CVE-2018-12518
+	RESERVED
 CVE-2018-12517
 	RESERVED
 CVE-2018-12516
@@ -134,8 +138,8 @@ CVE-2018-12456
 	RESERVED
 CVE-2018-12455
 	RESERVED
-CVE-2018-12454
-	RESERVED
+CVE-2018-12454 (The _addguess function of a simplelottery smart contract implementation ...)
+	TODO: check
 CVE-2018-12453 (Type confusion in the xgroupCommand function in t_stream.c in ...)
 	- redis <not-affected> (Vulnerable code introduced in 5.0-rc1)
 	NOTE: https://gist.github.com/fakhrizulkifli/34a56d575030682f6c564553c53b82b5
@@ -484,32 +488,32 @@ CVE-2018-12340
 	RESERVED
 CVE-2018-12339 (ArticleCMS through 2017-02-19 has XSS via an "add an article" action. ...)
 	NOT-FOR-US: ArticleCMS
-CVE-2018-12338
-	RESERVED
-CVE-2018-12337
-	RESERVED
-CVE-2018-12336
-	RESERVED
-CVE-2018-12335
-	RESERVED
-CVE-2018-12334
-	RESERVED
-CVE-2018-12333
-	RESERVED
-CVE-2018-12332
-	RESERVED
-CVE-2018-12331
-	RESERVED
-CVE-2018-12330
-	RESERVED
-CVE-2018-12329
-	RESERVED
+CVE-2018-12338 (Undocumented Factory Backdoor in ECOS System Management Appliance (aka ...)
+	TODO: check
+CVE-2018-12337 (Reliance on Security Through Obscurity vulnerability in ECOS Secure ...)
+	TODO: check
+CVE-2018-12336 (Undocumented Factory Backdoor in ECOS Secure Boot Stick (aka SBS) 5.6.5 ...)
+	TODO: check
+CVE-2018-12335 (Incorrect access control in ECOS System Management Appliance (aka SMA) ...)
+	TODO: check
+CVE-2018-12334 (Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 ...)
+	TODO: check
+CVE-2018-12333 (Insufficient Verification of Data Authenticity vulnerability in ECOS ...)
+	TODO: check
+CVE-2018-12332 (Incomplete Cleanup vulnerability in ECOS Secure Boot Stick (aka SBS) ...)
+	TODO: check
+CVE-2018-12331 (Authentication Bypass by Spoofing vulnerability in ECOS System ...)
+	TODO: check
+CVE-2018-12330 (Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 ...)
+	TODO: check
+CVE-2018-12329 (Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 ...)
+	TODO: check
 CVE-2018-12328
 	RESERVED
 CVE-2018-12327
 	RESERVED
-CVE-2018-12326
-	RESERVED
+CVE-2018-12326 (Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 ...)
+	TODO: check
 CVE-2018-12325
 	RESERVED
 CVE-2018-12324
@@ -656,7 +660,7 @@ CVE-2018-12264 (Exiv2 0.26 has integer overflows in LoaderTiff::getData() in ...
 CVE-2018-12263 (portfolioCMS 1.0.5 allows upload of arbitrary .php files via the ...)
 	NOT-FOR-US: portfolioCMS
 CVE-2018-12262
-	RESERVED
+	REJECTED
 CVE-2018-12261 (An issue was discovered on Momentum Axel 720P 5.1.8 devices. All ...)
 	NOT-FOR-US: Momentum Axel 720P 5.1.8 devices
 CVE-2018-12260 (An issue was discovered on Momentum Axel 720P 5.1.8 devices. The root ...)
@@ -2132,8 +2136,8 @@ CVE-2018-11649 (Hue 3.12 has XSS via the /pig/save/ name and script parameters. 
 	NOT-FOR-US: Hue
 CVE-2018-11648
 	RESERVED
-CVE-2018-11647
-	RESERVED
+CVE-2018-11647 (index.js in oauth2orize-fprm before 0.2.1 has XSS via a crafted URL. ...)
+	TODO: check
 CVE-2018-11646 (webkitFaviconDatabaseSetIconForPageURL and ...)
 	- webkit2gtk 2.20.3-1 (unimportant)
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=186164
@@ -3288,13 +3292,13 @@ CVE-2018-11221 (Unauthenticated untrusted file upload in Artica Pandora FMS thro
 	NOT-FOR-US: Pandora FMS
 CVE-2018-11220 (Bitmain Antminer D3, L3+, and S9 devices allow Remote Command ...)
 	NOT-FOR-US: Bitmain Antminer D3, L3+, and S9 devices
-CVE-2018-11219 [integer overflow]
-	RESERVED
+CVE-2018-11219 (An Integer Overflow issue was discovered in the struct library in the ...)
+	{DSA-4230-1}
 	- redis 5:4.0.10-1 (bug #901495)
 	NOTE: https://github.com/antirez/redis/issues/5017
 	NOTE: http://antirez.com/news/119
-CVE-2018-11218 [heap corruption vulnerability in cmsgpack]
-	RESERVED
+CVE-2018-11218 (Memory Corruption was discovered in the cmsgpack library in the Lua ...)
+	{DSA-4230-1}
 	- redis 5:4.0.10-1 (bug #901495)
 	NOTE: https://github.com/antirez/redis/issues/5017
 	NOTE: http://antirez.com/news/119
@@ -3800,8 +3804,8 @@ CVE-2018-10999 (An issue was discovered in Exiv2 0.26. The ...)
 CVE-2018-10998 (An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp ...)
 	- exiv2 <unfixed>
 	NOTE: https://github.com/Exiv2/exiv2/issues/303
-CVE-2018-10997
-	RESERVED
+CVE-2018-10997 (Etere EtereWeb before 28.1.20 has a pre-authentication blind SQL ...)
+	TODO: check
 CVE-2018-10996 (The weblogin_log function in /htdocs/cgibin on D-Link DIR-629-B1 ...)
 	NOT-FOR-US: D-Link
 CVE-2018-10995 (SchedMD Slurm before 17.02.11 and 17.1x.x before 17.11.7 mishandles ...)
@@ -3874,8 +3878,8 @@ CVE-2018-10971 (An issue was discovered in Free Lossless Image Format (FLIF) 0.3
 	NOTE: https://github.com/FLIF-hub/FLIF/issues/501
 CVE-2018-10970
 	RESERVED
-CVE-2018-10969
-	RESERVED
+CVE-2018-10969 (SQL injection vulnerability in the Pie Register plugin before 3.0.10 ...)
+	TODO: check
 CVE-2018-10968 (On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious ...)
 	NOT-FOR-US: D-Link
 CVE-2018-10967 (On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious ...)
@@ -5337,8 +5341,8 @@ CVE-2018-10379 (An issue was discovered in GitLab Community Edition (CE) and Ent
 	NOTE: https://about.gitlab.com/2018/04/30/security-release-gitlab-10-dot-7-dot-2-released/
 CVE-2018-10378
 	RESERVED
-CVE-2018-10377
-	RESERVED
+CVE-2018-10377 (PortSwigger Burp Suite before 1.7.34 has Improper Certificate ...)
+	TODO: check
 CVE-2018-10376 (An integer overflow in the transferProxy function of a smart contract ...)
 	NOT-FOR-US: SmartMesh token
 CVE-2018-10375 (A file uploading vulnerability exists in ...)
@@ -33474,6 +33478,7 @@ CVE-2018-0496 (Directory traversal issues in the D-Mod extractor in DFArc and DF
 	NOTE: https://savannah.gnu.org/forum/forum.php?forum_id=9169
 	NOTE: https://git.savannah.gnu.org/cgit/freedink/dfarc.git/commit/?id=40cc957f52e772f45125126439ba9333cf2d2998
 CVE-2018-0495 (Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache ...)
+	{DSA-4231-1}
 	- libgcrypt20 1.8.3-1
 	NOTE: https://dev.gnupg.org/T4011
 	NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965
@@ -37486,7 +37491,7 @@ CVE-2017-16011 (jQuery is a javascript library for DOM manipulation. jQuery's ma
 	NOTE: https://nodesecurity.io/advisories/329
 	NOTE: https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d
 	NOTE: 1.9 release introduced backwards incompatible changes to fix
-        NOTE: this, so may be too invasive to fix
+	NOTE: this, so may be too invasive to fix
 	NOTE: Overlapping (or potentially) duplicate of CVE-2012-6708, but explicitly
 	NOTE: two CVEs were assigned.
 CVE-2017-16010 (i18next is a language translation framework. When using the .init ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/57c8d84dbfcacdbd41833f1d2c5f05cdaf455b6f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/57c8d84dbfcacdbd41833f1d2c5f05cdaf455b6f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180617/7a47fd64/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list