[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue Jun 19 21:10:24 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
515dd22a by security tracker role at 2018-06-19T20:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,41 @@
+CVE-2018-12584
+	RESERVED
+CVE-2018-12583 (An issue was discovered in AKCMS 6.1. CSRF can delete an article via an ...)
+	TODO: check
+CVE-2018-12582 (An issue was discovered in AKCMS 6.1. CSRF can add an admin account via ...)
+	TODO: check
+CVE-2018-12581
+	RESERVED
+CVE-2018-12580 (library/DBTech/Security/Action/Sessions.php in DragonByte vBSecurity ...)
+	TODO: check
+CVE-2018-12579
+	RESERVED
+CVE-2018-12578 (There is a heap-based buffer overflow in bmp_compress1_row in ...)
+	TODO: check
+CVE-2018-12577
+	RESERVED
+CVE-2018-12576
+	RESERVED
+CVE-2018-12575
+	RESERVED
+CVE-2018-12574
+	RESERVED
+CVE-2018-12573
+	RESERVED
+CVE-2018-12572
+	RESERVED
+CVE-2018-12571
+	RESERVED
+CVE-2018-12570
+	RESERVED
+CVE-2018-12569
+	RESERVED
+CVE-2018-12568
+	RESERVED
+CVE-2018-12567
+	RESERVED
+CVE-2018-12566
+	RESERVED
 CVE-2018-12565 (An issue was discovered in Linaro LAVA before 2018.5.post1. Because of ...)
 	- lava 2018.5.post1-1
 	- lava-server <removed>
@@ -440,7 +478,7 @@ CVE-2018-12425
 	RESERVED
 CVE-2018-12424
 	RESERVED
-CVE-2018-12422 (addressbook/backends/ldap/e-book-backend-ldap.c in ...)
+CVE-2018-12422 (** DISPUTED ** addressbook/backends/ldap/e-book-backend-ldap.c in ...)
 	- evolution-data-server <unfixed> (bug #901665)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=796174
 	NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/commit/34bad6173
@@ -2111,20 +2149,20 @@ CVE-2016-1000339 (In the Bouncy Castle JCE Provider version 1.55 and earlier the
 	- bouncycastle 1.56-1
 	NOTE: https://github.com/bcgit/bc-java/commit/413b42f4d770456508585c830cfcde95f9b0e93b#diff-54656f860db94b867ba7542430cd2ef0
 	NOTE: https://github.com/bcgit/bc-java/commit/8a73f08931450c17c749af067b6a8185abdfd2c0#diff-494fb066bed02aeb76b6c005632943f2
-CVE-2018-11707
-	RESERVED
-CVE-2018-11706
-	RESERVED
-CVE-2018-11705
-	RESERVED
-CVE-2018-11704
-	RESERVED
-CVE-2018-11703
-	RESERVED
-CVE-2018-11702
-	RESERVED
-CVE-2018-11701
-	RESERVED
+CVE-2018-11707 (FastStone Image Viewer 6.2 has a User Mode Read and Execute AV at ...)
+	TODO: check
+CVE-2018-11706 (FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578dd8, ...)
+	TODO: check
+CVE-2018-11705 (FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578cc4, ...)
+	TODO: check
+CVE-2018-11704 (FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00402d7d, ...)
+	TODO: check
+CVE-2018-11703 (FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00402d6a, ...)
+	TODO: check
+CVE-2018-11702 (FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578cb3, ...)
+	TODO: check
+CVE-2018-11701 (FastStone Image Viewer 6.2 has a User Mode Write AV at 0x005cb509, ...)
+	TODO: check
 CVE-2018-11700
 	RESERVED
 CVE-2018-11699
@@ -2548,8 +2586,8 @@ CVE-2018-11539
 	RESERVED
 CVE-2018-11538 (servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, ...)
 	NOT-FOR-US: SearchBlox
-CVE-2018-11537
-	RESERVED
+CVE-2018-11537 (Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as ...)
+	TODO: check
 CVE-2018-11536 (md4c before 0.2.5 has a heap-based buffer overflow because ...)
 	NOT-FOR-US: md4c
 CVE-2018-11535 (An issue was discovered in SITEMAKIN SLAC (Site Login and Access ...)
@@ -2571,10 +2609,10 @@ CVE-2018-11528 (WUZHI CMS 4.1.0 has SQL Injection via an api/sms_check.php?param
 	NOT-FOR-US: WUZHI CMS
 CVE-2018-11527 (An issue was discovered in CScms v4.1. A Cross-site request forgery ...)
 	NOT-FOR-US: CScms
-CVE-2018-11526
-	RESERVED
-CVE-2018-11525
-	RESERVED
+CVE-2018-11526 (The plugin "WordPress Comments Import & Export" for WordPress (v2.0.4 ...)
+	TODO: check
+CVE-2018-11525 (The plugin "Advanced Order Export For WooCommerce" for WordPress ...)
+	TODO: check
 CVE-2018-11524
 	RESERVED
 CVE-2018-11523 (upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, such ...)
@@ -9651,8 +9689,8 @@ CVE-2018-8729 (Multiple cross-site scripting (XSS) vulnerabilities in the Activi
 	NOT-FOR-US: Activity Log plugin for WordPress
 CVE-2018-8728 (server/app/views/static/code.html in Kontena before 1.5.0 allows XSS in ...)
 	NOT-FOR-US: Kontena
-CVE-2018-8727
-	RESERVED
+CVE-2018-8727 (Path Traversal in Gateway in Mirasys DVMS Workstation 5.12.6 and ...)
+	TODO: check
 CVE-2017-18238 (An issue was discovered in Exempi before 2.4.4. The ...)
 	{DLA-1310-1}
 	- exempi 2.4.4-1 (low)
@@ -11214,8 +11252,8 @@ CVE-2018-8032
 	RESERVED
 CVE-2018-8031
 	RESERVED
-CVE-2018-8030
-	RESERVED
+CVE-2018-8030 (A Denial of Service vulnerability was found in Apache Qpid Broker-J ...)
+	TODO: check
 CVE-2018-8029
 	RESERVED
 CVE-2018-8028
@@ -16865,8 +16903,8 @@ CVE-2018-6212
 	RESERVED
 CVE-2018-6211
 	RESERVED
-CVE-2018-6210
-	RESERVED
+CVE-2018-6210 (D-Link DIR-620 devices, with a certain Rostelekom variant of firmware ...)
+	TODO: check
 CVE-2018-6209 (In Max Secure Anti Virus 19.0.3.019,, the driver file (MaxCryptMon.sys) ...)
 	NOT-FOR-US: Max Secure Anti Virus
 CVE-2018-6208 (In Max Secure Anti Virus 19.0.3.019,, the driver file ...)
@@ -31278,8 +31316,7 @@ CVE-2018-1118 (Linux kernel vhost since version 4.8 does not properly initialize
 	[wheezy] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://lkml.org/lkml/2018/4/27/833
 	NOTE: Fixed by: https://git.kernel.org/linus/670ae9caaca467ea1bfd325cb2a5c98ba87f94ad
-CVE-2018-1117
-	RESERVED
+CVE-2018-1117 (ovirt-ansible-roles before version 1.0.6 has a vulnerability due to a ...)
 	NOT-FOR-US: ovirt-ansible-roles
 CVE-2018-1116
 	RESERVED
@@ -31465,8 +31502,7 @@ CVE-2018-1075 (ovirt-engine up to version 4.2.3 is vulnerable to an unfiltered .
 	NOT-FOR-US: ovirt-engine
 CVE-2018-1074 (ovirt-engine API and administration web portal before versions ...)
 	NOT-FOR-US: ovirt-engine
-CVE-2018-1073
-	RESERVED
+CVE-2018-1073 (The web console login form in ovirt-engine before version 4.2.3 ...)
 	NOT-FOR-US: ovirt-engine
 CVE-2018-1072
 	RESERVED
@@ -31519,8 +31555,7 @@ CVE-2018-1063 (Context relabeling of filesystems is vulnerable to symbolic link 
 	NOTE: relabeling time.
 CVE-2018-1062 (A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the ...)
 	NOT-FOR-US: ovirt-engine
-CVE-2018-1061 [DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib]
-	RESERVED
+CVE-2018-1061 (python before versions 2.7.15, 3.4.9, 3.5.6 and 3.7.0 is vulnerable to ...)
 	- python3.7 3.7.0~b3-1 (low)
 	- python3.6 3.6.5~rc1-1 (low)
 	- python3.5 <unfixed> (low)
@@ -129118,8 +129153,8 @@ CVE-2015-4045 (The sudoers file in the asset discovery scanner in AlienVault OSS
 	NOT-FOR-US: AlienVault OSSIM
 CVE-2015-4044
 	RESERVED
-CVE-2015-4043
-	RESERVED
+CVE-2015-4043 (SQL injection vulnerability in ConnX ESP HR Management 4.4.0 allows ...)
+	TODO: check
 CVE-2015-4040 (Directory traversal vulnerability in the configuration utility in F5 ...)
 	NOT-FOR-US: F5 BIG-IP
 CVE-2015-4039



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/515dd22a546fe420124e2f969e596d36d0a46732

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/515dd22a546fe420124e2f969e596d36d0a46732
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180619/91ea27e7/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list