[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Mon Jun 18 21:10:31 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6e2982ee by security tracker role at 2018-06-18T20:10:24+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,73 @@
+CVE-2018-12555
+	RESERVED
+CVE-2018-12554
+	RESERVED
+CVE-2018-12553
+	RESERVED
+CVE-2018-12552
+	RESERVED
+CVE-2018-12551
+	RESERVED
+CVE-2018-12550
+	RESERVED
+CVE-2018-12549
+	RESERVED
+CVE-2018-12548
+	RESERVED
+CVE-2018-12547
+	RESERVED
+CVE-2018-12546
+	RESERVED
+CVE-2018-12545
+	RESERVED
+CVE-2018-12544
+	RESERVED
+CVE-2018-12543
+	RESERVED
+CVE-2018-12542
+	RESERVED
+CVE-2018-12541
+	RESERVED
+CVE-2018-12540
+	RESERVED
+CVE-2018-12539
+	RESERVED
+CVE-2018-12538
+	RESERVED
+CVE-2018-12537
+	RESERVED
+CVE-2018-12536
+	RESERVED
+CVE-2018-12535
+	RESERVED
+CVE-2018-12534 (A SQL injection issue was discovered in the Quick Chat plugin before ...)
+	TODO: check
+CVE-2018-12533 (JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote ...)
+	TODO: check
+CVE-2018-12532 (JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote ...)
+	TODO: check
+CVE-2018-12531 (An issue was discovered in MetInfo 6.0.0. install\index.php allows ...)
+	TODO: check
+CVE-2018-12530 (An issue was discovered in MetInfo 6.0.0. admin/app/batch/csvup.php ...)
+	TODO: check
+CVE-2018-12529
+	RESERVED
+CVE-2018-12528
+	RESERVED
+CVE-2018-12527
+	RESERVED
+CVE-2018-12526
+	RESERVED
+CVE-2018-12525 (An issue was discovered in perfSONAR Monitoring and Debugging Dashboard ...)
+	TODO: check
+CVE-2018-12524 (An issue was discovered in perfSONAR Monitoring and Debugging Dashboard ...)
+	TODO: check
+CVE-2018-12523 (An issue was discovered in perfSONAR Monitoring and Debugging Dashboard ...)
+	TODO: check
+CVE-2018-12522 (An issue was discovered in perfSONAR Monitoring and Debugging Dashboard ...)
+	TODO: check
+CVE-2018-12521
+	RESERVED
 CVE-2018-XXXX [cantata-mounter D-Bus service local privilege escalation and other security issues]
 	- cantata <unfixed> (bug #901798)
 	NOTE: http://www.openwall.com/lists/oss-security/2018/06/18/1
@@ -4734,20 +4804,20 @@ CVE-2018-10625
 	RESERVED
 CVE-2018-10624
 	RESERVED
-CVE-2018-10623
-	RESERVED
+CVE-2018-10623 (Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 ...)
+	TODO: check
 CVE-2018-10622
 	RESERVED
-CVE-2018-10621
-	RESERVED
+CVE-2018-10621 (Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 ...)
+	TODO: check
 CVE-2018-10620
 	RESERVED
 CVE-2018-10619 (An unquoted search path or element in RSLinx Classic Versions 3.90.01 ...)
 	NOT-FOR-US: RSLinx
 CVE-2018-10618
 	RESERVED
-CVE-2018-10617
-	RESERVED
+CVE-2018-10617 (Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 ...)
+	TODO: check
 CVE-2018-10616
 	RESERVED
 CVE-2018-10615 (Directory traversal may lead to files being exfiltrated or deleted on ...)
@@ -8633,24 +8703,24 @@ CVE-2018-9031 (The login interface on TNLSoftSolutions Sentry Vision 3.x devices
 	NOT-FOR-US: TNLSoftSolutions Sentry Vision 3.x devices
 CVE-2018-9030
 	RESERVED
-CVE-2018-9029
-	RESERVED
-CVE-2018-9028
-	RESERVED
-CVE-2018-9027
-	RESERVED
-CVE-2018-9026
-	RESERVED
-CVE-2018-9025
-	RESERVED
-CVE-2018-9024
-	RESERVED
-CVE-2018-9023
-	RESERVED
-CVE-2018-9022
-	RESERVED
-CVE-2018-9021
-	RESERVED
+CVE-2018-9029 (An improper input validation vulnerability in CA Privileged Access ...)
+	TODO: check
+CVE-2018-9028 (Weak cryptography used for passwords in CA Privileged Access Manager ...)
+	TODO: check
+CVE-2018-9027 (A reflected cross-site scripting vulnerability in CA Privileged Access ...)
+	TODO: check
+CVE-2018-9026 (A session fixation vulnerability in CA Privileged Access Manager 2.x ...)
+	TODO: check
+CVE-2018-9025 (An input validation vulnerability in CA Privileged Access Manager 2.x ...)
+	TODO: check
+CVE-2018-9024 (An improper authentication vulnerability in CA Privileged Access ...)
+	TODO: check
+CVE-2018-9023 (An input validation vulnerability in CA Privileged Access Manager 2.x ...)
+	TODO: check
+CVE-2018-9022 (An authentication bypass vulnerability in CA Privileged Access Manager ...)
+	TODO: check
+CVE-2018-9021 (An authentication bypass vulnerability in CA Privileged Access Manager ...)
+	TODO: check
 CVE-2017-18254 (An issue was discovered in ImageMagick 7.0.7. A memory leak ...)
 	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/24d5699753170c141b46816284430516c2d48fed
@@ -30333,7 +30403,7 @@ CVE-2018-1335 (From Apache Tika versions 1.7 to 1.17, clients could send careful
 CVE-2018-1334
 	RESERVED
 CVE-2018-1333
-	RESERVED
+	REJECTED
 CVE-2018-1332 (Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version ...)
 	NOT-FOR-US: Apache Storm
 CVE-2018-1331
@@ -30934,10 +31004,10 @@ CVE-2018-1155
 	RESERVED
 CVE-2018-1154
 	RESERVED
-CVE-2018-1153
-	RESERVED
-CVE-2018-1152
-	RESERVED
+CVE-2018-1153 (Burp Suite Community Edition 1.7.32 and 1.7.33 fail to validate the ...)
+	TODO: check
+CVE-2018-1152 (libjpeg-turbo 1.5.90 is vulnerable to a denial of service ...)
+	TODO: check
 CVE-2018-1151 (The web server on Western Digital TV Media Player 1.03.07 and TV Live ...)
 	TODO: check
 CVE-2018-1150
@@ -31272,8 +31342,7 @@ CVE-2018-1091 (In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptr
 	[jessie] - linux <not-affected> (Hardware not supported; POWER9 support missing)
 	[wheezy] - linux <not-affected> (Hardware not supported)
 	NOTE: Fixed by: https://git.kernel.org/linus/c1fa0768a8713b135848f78fd43ffc208d8ded70
-CVE-2018-1090
-	RESERVED
+CVE-2018-1090 (In Pulp before version 2.16.2, secrets are passed into override_config ...)
 	NOT-FOR-US: Pulp (Red Hat)
 CVE-2018-1089 (389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not ...)
 	- 389-ds-base 1.3.8.2-1 (bug #898138)
@@ -31418,8 +31487,7 @@ CVE-2018-1061 [DOS via regular expression backtracking in difflib.IS_LINE_JUNK m
 	NOTE: https://github.com/python/cpython/commit/937ac1fe069a4dc8471dff205f553d82e724015b (3.5)
 	NOTE: https://github.com/python/cpython/commit/942cc04ae44825ea120e3a19a80c9b348b8194d0 (3.4)
 	NOTE: https://github.com/python/cpython/commit/e052d40cea15f582b50947f7d906b39744dc62a2 (2.7)
-CVE-2018-1060 [DOS via regular expression catastrophic backtracking in apop() method in pop3lib]
-	RESERVED
+CVE-2018-1060 (python before versions 2.7.15, 3.4.9, 3.5.6 and 3.7.0 is vulnerable to ...)
 	- python3.7 3.7.0~b3-1 (low)
 	- python3.6 3.6.5~rc1-1 (low)
 	- python3.5 <unfixed> (low)
@@ -127309,18 +127377,18 @@ CVE-2015-4671 (Cross-site scripting (XSS) vulnerability in OpenCart before 2.1.0
 	NOT-FOR-US: OpenCart
 CVE-2015-4670 (Directory traversal vulnerability in the AjaxFileUpload control in ...)
 	NOT-FOR-US: AjaxControlToolkit
-CVE-2015-4669 (The MySQL "root" user in Xsuite 2.3.0 and 2.4.3.0 does not have a ...)
+CVE-2015-4669 (The MySQL "root" user in Xsuite 2.x does not have a password set, ...)
 	NOT-FOR-US: Xsuite
-CVE-2015-4668 (Open redirect vulnerability in Xsuite 2.3.0 and 2.4.3.0 allows remote ...)
+CVE-2015-4668 (Open redirect vulnerability in Xsuite 2.4.4.5 and earlier allows ...)
 	NOT-FOR-US: Xsuite
-CVE-2015-4667 (Multiple hardcoded credentials in Xsuite 2.3.0 and 2.4.3.0. ...)
+CVE-2015-4667 (Multiple hardcoded credentials in Xsuite 2.x. ...)
 	NOT-FOR-US: Xsuite
 CVE-2015-4666 (Directory traversal vulnerability in opm/read_sessionlog.php in ...)
 	NOT-FOR-US: Xceedium Xsuite
 CVE-2015-4665 (Cross-site scripting (XSS) vulnerability in ajax_cmd.php in Xceedium ...)
 	NOT-FOR-US: Xceedium Xsuite
-CVE-2015-4664
-	RESERVED
+CVE-2015-4664 (An improper input validation vulnerability in CA Privileged Access ...)
+	TODO: check
 CVE-2015-4663
 	RESERVED
 	- hhvm 3.11.0+dfsg-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6e2982ee92cc863d008a9213fa99c3988a2fe974

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6e2982ee92cc863d008a9213fa99c3988a2fe974
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180618/051f06ae/attachment.html>

More information about the debian-security-tracker-commits mailing list