[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Jun 25 21:10:30 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0421a27f by security tracker role at 2018-06-25T20:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,17 @@
+CVE-2018-12738
+ RESERVED
+CVE-2018-12737
+ RESERVED
+CVE-2018-12736
+ RESERVED
+CVE-2018-12735 (SAJ Solar Inverter allows remote attackers to obtain potentially ...)
+ TODO: check
+CVE-2018-12734
+ RESERVED
+CVE-2018-12733
+ RESERVED
+CVE-2016-10725
+ RESERVED
CVE-2018-12732
RESERVED
CVE-2018-12731
@@ -61,10 +75,10 @@ CVE-2018-12705 (DIGISOL DG-BR4000NG devices have XSS via the SSID (it is validat
NOT-FOR-US: DIGISOL
CVE-2018-12704
RESERVED
-CVE-2018-12703
- RESERVED
-CVE-2018-12702
- RESERVED
+CVE-2018-12703 (The approveAndCallcode function of a smart contract implementation for ...)
+ TODO: check
+CVE-2018-12702 (The approveAndCallcode function of a smart contract implementation for ...)
+ TODO: check
CVE-2018-12701
RESERVED
CVE-2018-12700 (A Stack Exhaustion issue was discovered in debug_write_type in debug.c ...)
@@ -222,7 +236,7 @@ CVE-2018-1000557
CVE-2018-1000556
RESERVED
CVE-2018-1000555
- RESERVED
+ REJECTED
CVE-2018-1000554
RESERVED
CVE-2018-1000553
@@ -242,7 +256,7 @@ CVE-2018-1000547
CVE-2018-1000546
RESERVED
CVE-2018-1000545
- RESERVED
+ REJECTED
CVE-2018-1000544
RESERVED
CVE-2018-1000543
@@ -250,7 +264,7 @@ CVE-2018-1000543
CVE-2018-1000542
RESERVED
CVE-2018-1000541
- RESERVED
+ REJECTED
CVE-2018-1000540
RESERVED
CVE-2018-1000539
@@ -272,7 +286,7 @@ CVE-2018-1000532
CVE-2018-1000531
RESERVED
CVE-2018-1000530
- RESERVED
+ REJECTED
CVE-2018-1000529
RESERVED
CVE-2018-1000528
@@ -288,7 +302,7 @@ CVE-2018-1000524
CVE-2018-1000523
RESERVED
CVE-2018-1000522
- RESERVED
+ REJECTED
CVE-2018-1000521
RESERVED
CVE-2018-1000520
@@ -421,8 +435,8 @@ CVE-2018-12604 (GreenCMS 2.3.0603 allows remote attackers to obtain sensitive ..
NOT-FOR-US: GreenCMS
CVE-2018-12603
RESERVED
-CVE-2018-12602
- RESERVED
+CVE-2018-12602 (A CSRF vulnerability exists in LFCMS 3.7.0: users can be added ...)
+ TODO: check
CVE-2018-12601 (There is a heap-based buffer overflow in ReadImage in input-tga.ci in ...)
- sam2p <removed>
NOTE: https://github.com/pts/sam2p/issues/41
@@ -1710,20 +1724,20 @@ CVE-2018-12085 (Liblouis 3.6.0 has a stack-based Buffer Overflow in the function
[jessie] - liblouis <no-dsa> (Minor issue)
NOTE: https://github.com/liblouis/liblouis/issues/595
NOTE: https://github.com/liblouis/liblouis/commit/dbfa58bb128cae86729578ac596056b3385817ef
-CVE-2018-12084
- RESERVED
-CVE-2018-12083
- RESERVED
-CVE-2018-12082
- RESERVED
-CVE-2018-12081
- RESERVED
-CVE-2018-12080
- RESERVED
-CVE-2018-12079
- RESERVED
-CVE-2018-12078
- RESERVED
+CVE-2018-12084 (The mintToken function of a smart contract implementation for BitAsean ...)
+ TODO: check
+CVE-2018-12083 (The mintToken function of a smart contract implementation for GOAL ...)
+ TODO: check
+CVE-2018-12082 (The mintToken function of a smart contract implementation for Fujinto ...)
+ TODO: check
+CVE-2018-12081 (The mintToken function of a smart contract implementation for Target ...)
+ TODO: check
+CVE-2018-12080 (The mintToken function of a smart contract implementation for Internet ...)
+ TODO: check
+CVE-2018-12079 (The mintToken function of a smart contract implementation for ...)
+ TODO: check
+CVE-2018-12078 (The mintToken function of a smart contract implementation for PolyAI ...)
+ TODO: check
CVE-2018-12077
RESERVED
CVE-2018-12076
@@ -1738,22 +1752,22 @@ CVE-2018-12072 (An issue was discovered in Cloud Media Popcorn A-200 ...)
NOT-FOR-US: Cloud Media Popcorn A-200 03-05-130708-21-POP-411-000 firmware
CVE-2018-12071 (A Session Fixation issue exists in CodeIgniter before 3.1.9 because ...)
- codeigniter <itp> (bug #471583)
-CVE-2018-12070
- RESERVED
+CVE-2018-12070 (The sell function of a smart contract implementation for SEC, a ...)
+ TODO: check
CVE-2018-12069
RESERVED
-CVE-2018-12068
- RESERVED
-CVE-2018-12067
- RESERVED
+CVE-2018-12068 (The sell function of a smart contract implementation for Target Coin ...)
+ TODO: check
+CVE-2018-12067 (The sell function of a smart contract implementation for Substratum ...)
+ TODO: check
CVE-2018-12065 (A Local File Inclusion vulnerability in /system/WCore/WHelper.php in ...)
NOT-FOR-US: wityCMS
CVE-2018-12064 (tinyexr 0.9.5 has a heap-based buffer over-read via ...)
NOT-FOR-US: tinyexr
-CVE-2018-12063
- RESERVED
-CVE-2018-12062
- RESERVED
+CVE-2018-12063 (The sell function of a smart contract implementation for Internet Node ...)
+ TODO: check
+CVE-2018-12062 (The sell function of a smart contract implementation for SwftCoin ...)
+ TODO: check
CVE-2018-12061
RESERVED
CVE-2018-12060
@@ -3298,8 +3312,8 @@ CVE-2018-11448
RESERVED
CVE-2018-11447
RESERVED
-CVE-2018-11446
- RESERVED
+CVE-2018-11446 (The buy function of a smart contract implementation for Gold Reward ...)
+ TODO: check
CVE-2018-11445 (A CSRF issue was discovered on the User Add/System Settings Page ...)
NOT-FOR-US: EasyService Billing
CVE-2018-11444 (A SQL Injection issue was observed in the parameter "q" in ...)
@@ -4356,8 +4370,8 @@ CVE-2018-11048
RESERVED
CVE-2018-11047
RESERVED
-CVE-2018-11046
- RESERVED
+CVE-2018-11046 (Pivotal Operations Manager, versions 2.1.x prior to 2.1.6 and version ...)
+ TODO: check
CVE-2018-11045
RESERVED
CVE-2018-11044
@@ -4366,14 +4380,12 @@ CVE-2018-11043
RESERVED
CVE-2018-11042
RESERVED
-CVE-2018-11041
- RESERVED
-CVE-2018-11040 [ross-domain requests via JSONP through AbstractJsonpResponseBodyAdvice]
- RESERVED
+CVE-2018-11041 (Cloud Foundry UAA, versions later than 4.6.0 and prior to 4.19.0 ...)
+ TODO: check
+CVE-2018-11040 (Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to ...)
- libspring-java <unfixed>
NOTE: https://pivotal.io/security/cve-2018-11040
-CVE-2018-11039 [Cross Site Tracing (XST) if vulnerable to XSS]
- RESERVED
+CVE-2018-11039 (Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior ...)
- libspring-java <unfixed>
NOTE: https://pivotal.io/security/cve-2018-11039
CVE-2017-18270 (In the Linux kernel before 4.13.5, a local user could create keyrings ...)
@@ -4576,8 +4588,8 @@ CVE-2018-10958 (In types.cpp in Exiv2 0.26, a large size value may lead to a SIG
NOTE: https://github.com/Exiv2/exiv2/issues/302
CVE-2018-10957 (CSRF exists on D-Link DIR-868L devices, leading to (for example) a ...)
NOT-FOR-US: D-Link
-CVE-2018-10956
- RESERVED
+CVE-2018-10956 (IPConfigure Orchid Core VMS 2.0.5 allows Directory Traversal. ...)
+ TODO: check
CVE-2018-10955 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 ...)
NOT-FOR-US: 2345 Security Guard
CVE-2018-10954 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 ...)
@@ -10102,8 +10114,8 @@ CVE-2018-8757
RESERVED
CVE-2018-8756 (Eval injection in yzmphp/core/function/global.func.php in YzmCMS v3.7.1 ...)
NOT-FOR-US: YzmCMS
-CVE-2018-8755
- RESERVED
+CVE-2018-8755 (NuCom WR644GACV devices before STA006 allow an attacker to download ...)
+ TODO: check
CVE-2018-8754 (The libevt_record_values_read_event() function in ...)
{DSA-4160-1}
- libevt 20180317-1 (bug #893431)
@@ -53334,12 +53346,12 @@ CVE-2017-1000025 (GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3
NOTE: webkit not covered by security support
CVE-2017-1000024 (Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable ...)
- shotwell 0.25.4+really0.24.5-0.1 (unimportant)
-CVE-2017-1000023
- REJECTED
-CVE-2017-1000022
- REJECTED
-CVE-2017-1000021
- REJECTED
+CVE-2017-1000023 (LogicalDoc Community Edition 7.5.3 and prior is vulnerable to an XSS when using preview on HTML document. ...)
+ TODO: check
+CVE-2017-1000022 (LogicalDoc Community Edition 7.5.3 and prior contain an Incorrect access control which could leave to privilege escalation. ...)
+ TODO: check
+CVE-2017-1000021 (LogicalDoc Community Edition 7.5.3 and prior is vulnerable to XXE when indexing XML documents. ...)
+ TODO: check
CVE-2017-1000020 (SYN Flood or FIN Flood attack in ECos 1 and other versions embedded ...)
NOT-FOR-US: ECos
CVE-2017-1000018 (phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack in the ...)
@@ -58581,8 +58593,8 @@ CVE-2017-9314 (Authentication vulnerability found in Dahua NVR models NVR50XX, .
NOT-FOR-US: Dahua NVR
CVE-2017-9313 (Multiple Cross-site scripting (XSS) vulnerabilities in Webmin before ...)
- webmin <removed>
-CVE-2017-9312
- RESERVED
+CVE-2017-9312 (Improperly implemented option-field processing in the TCP/IP stack on ...)
+ TODO: check
CVE-2017-9311
RESERVED
CVE-2017-9309
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0421a27f78d72b26397e85fe4dab1df34414cf16
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0421a27f78d72b26397e85fe4dab1df34414cf16
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180625/1dee5efc/attachment.html>
More information about the debian-security-tracker-commits
mailing list