[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Jun 20 21:10:20 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
13d096f4 by security tracker role at 2018-06-20T20:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,35 @@
+CVE-2018-12604 (GreenCMS 2.3.0603 allows remote attackers to obtain sensitive ...)
+ TODO: check
+CVE-2018-12603
+ RESERVED
+CVE-2018-12602
+ RESERVED
+CVE-2018-12601 (There is a heap-based buffer overflow in ReadImage in input-tga.ci in ...)
+ TODO: check
+CVE-2018-12600 (In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in ...)
+ TODO: check
+CVE-2018-12599 (In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in ...)
+ TODO: check
+CVE-2018-12598
+ RESERVED
+CVE-2018-12597
+ RESERVED
+CVE-2018-12596
+ RESERVED
+CVE-2018-12595
+ RESERVED
+CVE-2018-12594 (Reliable Controls MACH-ProWebCom 7.80 devices allow remote attackers to ...)
+ TODO: check
+CVE-2018-12593
+ RESERVED
+CVE-2018-12592 (Polycom RealPresence Web Suite before 2.2.0 does not block a user's ...)
+ TODO: check
+CVE-2018-12591 (Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an ...)
+ TODO: check
+CVE-2018-12590 (Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an ...)
+ TODO: check
+CVE-2018-12589
+ RESERVED
CVE-2018-12588 (Cross-site scripting (XSS) vulnerability in ...)
TODO: check
CVE-2018-12587
@@ -90,8 +122,7 @@ CVE-2018-12559 (An issue was discovered in the cantata-mounter D-Bus service in
NOTE: if `-DENABLE_REMOTE_DEVICES=ON` was passed to the cmake invocation.
NOTE: 2.3.0.ds1-2 disables the cantata-mounter.
NOTE: https://github.com/CDrummond/cantata/commit/afc4f8315d3e96574925fb530a7004cc9e6ce3d3
-CVE-2018-12558 [DOS vulnerability]
- RESERVED
+CVE-2018-12558 (The parse() method in the Email::Address module through 1.909 for Perl ...)
- libemail-address-perl <unfixed> (unimportant; bug #901873)
NOTE: Possibility of DoS vs. usability issue for Email::Address
CVE-2018-12557 (An issue was discovered in Zuul 3.x before 3.1.0. If nodes become ...)
@@ -325,10 +356,10 @@ CVE-2018-12448
RESERVED
CVE-2018-12447 (The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used ...)
NOT-FOR-US: libbpg
-CVE-2018-12446
- RESERVED
-CVE-2018-12445
- RESERVED
+CVE-2018-12446 (** DISPUTED ** An issue was discovered in the com.dropbox.android ...)
+ TODO: check
+CVE-2018-12445 (** DISPUTED ** An issue was discovered in the com.dropbox.android ...)
+ TODO: check
CVE-2018-12444
RESERVED
CVE-2018-12443
@@ -679,8 +710,8 @@ CVE-2018-12329 (Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS)
NOT-FOR-US: ECOS Secure Boot Stick
CVE-2018-12328
RESERVED
-CVE-2018-12327
- RESERVED
+CVE-2018-12327 (Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 ...)
+ TODO: check
CVE-2018-12326 (Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 ...)
{DSA-4230-1}
- redis 5:4.0.10-1
@@ -4352,8 +4383,7 @@ CVE-2018-10843
CVE-2018-10842
RESERVED
NOT-FOR-US: Keycloak
-CVE-2018-10841 [access trusted peer group via remote-host command]
- RESERVED
+CVE-2018-10841 (glusterfs is vulnerable to privilege escalation on gluster server ...)
- glusterfs <unfixed> (bug #901968)
NOTE: https://review.gluster.org/#/c/20328/
NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=e8d928e34680079e42be6947ffacc4ddd7defca2
@@ -8792,8 +8822,8 @@ CVE-2018-9038 (Monstra CMS 3.0.4 allows remote attackers to delete files via an
NOT-FOR-US: Monstra CMS
CVE-2018-9037 (Monstra CMS 3.0.4 allows remote code execution via an upload_file ...)
NOT-FOR-US: Monstra CMS
-CVE-2018-9036
- RESERVED
+CVE-2018-9036 (CheckSec Canopy 3.x before 3.0.7 has stored XSS via the Login Page ...)
+ TODO: check
CVE-2018-9035 (CSV Injection vulnerability in ExportToCsvUtf8.php of the Contact Form ...)
NOT-FOR-US: Wordpress plugin
CVE-2018-9034 (Cross-site scripting (XSS) vulnerability in lib/interface.php of the ...)
@@ -10711,7 +10741,7 @@ CVE-2018-8247 (An elevation of privilege vulnerability exists when Office Web Ap
NOT-FOR-US: Microsoft
CVE-2018-8246 (An information disclosure vulnerability exists when Microsoft Excel ...)
NOT-FOR-US: Microsoft
-CVE-2018-8245 (An elevation of privilege vulnerability exists when Microsoft ...)
+CVE-2018-8245 (A remote code execution vulnerability exists when Microsoft Publisher ...)
NOT-FOR-US: Microsoft
CVE-2018-8244 (An elevation of privilege vulnerability exists when Microsoft Outlook ...)
NOT-FOR-US: Microsoft
@@ -15830,8 +15860,8 @@ CVE-2018-6565
RESERVED
CVE-2018-6564
RESERVED
-CVE-2018-6563
- RESERVED
+CVE-2018-6563 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
+ TODO: check
CVE-2018-6562 (totemomail Encryption Gateway before 6.0_b567 allows remote attackers ...)
NOT-FOR-US: totemomail Encryption Gateway
CVE-2018-6561 (dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute ...)
@@ -16909,12 +16939,12 @@ CVE-2018-6215
RESERVED
CVE-2018-6214
RESERVED
-CVE-2018-6213
- RESERVED
-CVE-2018-6212
- RESERVED
-CVE-2018-6211
- RESERVED
+CVE-2018-6213 (In the web server on D-Link DIR-620 devices with a certain customized ...)
+ TODO: check
+CVE-2018-6212 (On D-Link DIR-620 devices with a certain customized (by ISP) variant ...)
+ TODO: check
+CVE-2018-6211 (On D-Link DIR-620 devices with a certain customized (by ISP) variant ...)
+ TODO: check
CVE-2018-6210 (D-Link DIR-620 devices, with a certain Rostelekom variant of firmware ...)
TODO: check
CVE-2018-6209 (In Max Secure Anti Virus 19.0.3.019,, the driver file (MaxCryptMon.sys) ...)
@@ -19359,8 +19389,8 @@ CVE-2018-5429 (A vulnerability in the report scripting component of TIBCO Softwa
[jessie] - jasperreports <end-of-life> (not supported in Jessie)
[wheezy] - jasperreports <end-of-life> (not supported in Wheezy)
NOTE: https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5429
-CVE-2018-5428
- RESERVED
+CVE-2018-5428 (The version control adapters component of TIBCO Data Virtualization ...)
+ TODO: check
CVE-2018-5427
RESERVED
CVE-2018-5426
@@ -19952,10 +19982,10 @@ CVE-2018-5239
RESERVED
CVE-2018-5238
RESERVED
-CVE-2018-5237
- RESERVED
-CVE-2018-5236
- RESERVED
+CVE-2018-5237 (Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 ...)
+ TODO: check
+CVE-2018-5236 (Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 may ...)
+ TODO: check
CVE-2018-5235
RESERVED
CVE-2018-5234 (The Norton Core router prior to v237 may be susceptible to a command ...)
@@ -31268,8 +31298,7 @@ CVE-2018-1134 (An issue was discovered in Moodle 3.x. Students who submitted ...
- moodle <removed>
CVE-2018-1133 (An issue was discovered in Moodle 3.x. A Teacher creating a Calculated ...)
- moodle <removed>
-CVE-2018-1132
- RESERVED
+CVE-2018-1132 (A flaw was found in Opendaylight's SDNInterfaceapp (SDNI). Attackers ...)
NOT-FOR-US: OpenDaylight
CVE-2018-1131 (Infinispan permits improper deserialization of trusted data via XML ...)
NOT-FOR-US: infinispan
@@ -31323,8 +31352,7 @@ CVE-2018-1121 (procps-ng, procps is vulnerable to a process hiding through race
- linux <unfixed> (unimportant)
NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
NOTE: https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
-CVE-2018-1120 [FUSE-backed /proc/PID/cmdline]
- RESERVED
+CVE-2018-1120 (A flaw was found affecting the Linux kernel before version 4.17. By ...)
- linux 4.16.12-1
NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
NOTE: https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/13d096f48d1bc2db223fb168ec76302785e8ed36
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/13d096f48d1bc2db223fb168ec76302785e8ed36
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180620/8722d69e/attachment.html>
More information about the debian-security-tracker-commits
mailing list