[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Jun 26 21:10:46 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
83cb9df1 by security tracker role at 2018-06-26T20:10:38+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,27 +1,51 @@
+CVE-2018-12894
+ RESERVED
+CVE-2018-12893
+ RESERVED
+CVE-2018-12892
+ RESERVED
+CVE-2018-12891
+ RESERVED
+CVE-2018-12890
+ RESERVED
+CVE-2018-12889 (An issue was discovered in CCN-lite 2.0.1. There is a heap-based buffer ...)
+ TODO: check
+CVE-2018-12888
+ RESERVED
+CVE-2018-12887
+ RESERVED
+CVE-2018-12886
+ RESERVED
+CVE-2018-12885
+ RESERVED
+CVE-2018-12884 (In Octopus Deploy 3.0 onwards (before 2018.6.7), an authenticated user ...)
+ TODO: check
+CVE-2018-1000205 (U-Boot contains a CWE-20: Improper Input Validation vulnerability in ...)
+ TODO: check
CVE-2018-XXXX [grep-excuses: uses YAML::Syck in a unsafe way]
- devscripts <unfixed> (low; bug #902409)
[stretch] - devscripts <no-dsa> (Minor issue)
-CVE-2018-1000610
+CVE-2018-1000610 (A exposure of sensitive information vulnerability exists in Jenkins ...)
NOT-FOR-US: Jenkins plugin
-CVE-2018-1000609
+CVE-2018-1000609 (A exposure of sensitive information vulnerability exists in Jenkins ...)
NOT-FOR-US: Jenkins plugin
-CVE-2018-1000608
+CVE-2018-1000608 (A exposure of sensitive information vulnerability exists in Jenkins ...)
NOT-FOR-US: Jenkins plugin
-CVE-2018-1000607
+CVE-2018-1000607 (A arbitrary file write vulnerability exists in Jenkins Fortify ...)
NOT-FOR-US: Jenkins plugin
-CVE-2018-1000606
+CVE-2018-1000606 (A server-side request forgery vulnerability exists in Jenkins ...)
NOT-FOR-US: Jenkins plugin
-CVE-2018-1000605
+CVE-2018-1000605 (A man in the middle vulnerability exists in Jenkins CollabNet Plugin ...)
NOT-FOR-US: Jenkins plugin
-CVE-2018-1000604
+CVE-2018-1000604 (A persisted cross-site scripting vulnerability exists in Jenkins Badge ...)
NOT-FOR-US: Jenkins plugin
-CVE-2018-1000603
+CVE-2018-1000603 (A exposure of sensitive information vulnerability exists in Jenkins ...)
NOT-FOR-US: Jenkins plugin
-CVE-2018-1000602
+CVE-2018-1000602 (A session fixation vulnerability exists in Jenkins SAML Plugin 1.0.6 ...)
NOT-FOR-US: Jenkins plugin
-CVE-2018-1000601
+CVE-2018-1000601 (A arbitrary file read vulnerability exists in Jenkins SSH Credentials ...)
NOT-FOR-US: Jenkins plugin
-CVE-2018-1000600
+CVE-2018-1000600 (A exposure of sensitive information vulnerability exists in Jenkins ...)
NOT-FOR-US: Jenkins plugin
CVE-2018-12883
RESERVED
@@ -370,10 +394,10 @@ CVE-2018-12713 (GIMP through 2.10.2 makes g_get_tmp_dir calls to establish tempo
NOTE: https://github.com/GNOME/gimp/commit/c21eff4b031acb04fb4dfce8bd5fdfecc2b6524f
NOTE: https://gitlab.gnome.org/GNOME/gimp/issues/1689
NOTE: No security impact
-CVE-2018-12712
- RESERVED
-CVE-2018-12711
- RESERVED
+CVE-2018-12712 (An issue was discovered in Joomla! 2.5.0 through 3.8.8 before 3.8.9. ...)
+ TODO: check
+CVE-2018-12711 (An XSS issue was discovered in the language switcher module in Joomla! ...)
+ TODO: check
CVE-2018-12710
RESERVED
CVE-2016-10724
@@ -542,126 +566,126 @@ CVE-2018-12639
RESERVED
CVE-2018-12638
RESERVED
-CVE-2018-1000559
- RESERVED
-CVE-2018-1000558
- RESERVED
-CVE-2018-1000557
- RESERVED
-CVE-2018-1000556
- RESERVED
+CVE-2018-1000559 (qutebrowser version introduced in v0.11.0 ...)
+ TODO: check
+CVE-2018-1000558 (OCS Inventory NG ocsreports 2.4 and ocsreports 2.3.1 version 2.4 and ...)
+ TODO: check
+CVE-2018-1000557 (OCS Inventory OCS Inventory NG version ocsreports 2.4 contains a Cross ...)
+ TODO: check
+CVE-2018-1000556 (WordPress version 4.8 + contains a Cross Site Scripting (XSS) ...)
+ TODO: check
CVE-2018-1000555
REJECTED
-CVE-2018-1000554
- RESERVED
-CVE-2018-1000553
- RESERVED
-CVE-2018-1000552
- RESERVED
-CVE-2018-1000551
- RESERVED
-CVE-2018-1000550
- RESERVED
-CVE-2018-1000549
- RESERVED
-CVE-2018-1000548
- RESERVED
-CVE-2018-1000547
- RESERVED
-CVE-2018-1000546
- RESERVED
+CVE-2018-1000554 (Trovebox version <= 4.0.0-rc6 contains a Unsafe password reset token ...)
+ TODO: check
+CVE-2018-1000553 (Trovebox version <= 4.0.0-rc6 contains a Server-Side request forgery ...)
+ TODO: check
+CVE-2018-1000552 (Trovebox version <= 4.0.0-rc6 contains a SQL Injection vulnerability ...)
+ TODO: check
+CVE-2018-1000551 (Trovebox version <= 4.0.0-rc6 contains a PHP Type juggling ...)
+ TODO: check
+CVE-2018-1000550 (The Sympa Community Sympa version prior to version 6.2.32 contains a ...)
+ TODO: check
+CVE-2018-1000549 (Wekan version 1.04.0 contains a Email / Username Enumeration ...)
+ TODO: check
+CVE-2018-1000548 (Umlet version < 14.3 contains a XML External Entity (XXE) ...)
+ TODO: check
+CVE-2018-1000547 (coreBOS version 7.0 and earlier contains a Incorrect Access Control ...)
+ TODO: check
+CVE-2018-1000546 (Triplea version <= 1.9.0.0.10291 contains a XML External Entity (XXE) ...)
+ TODO: check
CVE-2018-1000545
REJECTED
-CVE-2018-1000544
- RESERVED
-CVE-2018-1000543
- RESERVED
-CVE-2018-1000542
- RESERVED
+CVE-2018-1000544 (rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory ...)
+ TODO: check
+CVE-2018-1000543 (Akiee version 0.0.3 contains a XSS leading to code execution due to ...)
+ TODO: check
+CVE-2018-1000542 (netbeans-mmd-plugin version <= 1.4.3 contains a XML External Entity ...)
+ TODO: check
CVE-2018-1000541
REJECTED
-CVE-2018-1000540
- RESERVED
-CVE-2018-1000539
- RESERVED
-CVE-2018-1000538
- RESERVED
-CVE-2018-1000537
- RESERVED
-CVE-2018-1000536
- RESERVED
-CVE-2018-1000535
- RESERVED
-CVE-2018-1000534
- RESERVED
-CVE-2018-1000533
- RESERVED
-CVE-2018-1000532
- RESERVED
-CVE-2018-1000531
- RESERVED
+CVE-2018-1000540 (LoboEvolution version < 9b75694cedfa4825d4a2330abf2719d470c654cd ...)
+ TODO: check
+CVE-2018-1000539 (Nov json-jwt version >= 0.5.0 && < 1.9.4 contains a CWE-347: Improper ...)
+ TODO: check
+CVE-2018-1000538 (Minio Inc. Minio S3 server version prior to ...)
+ TODO: check
+CVE-2018-1000537 (Marlin Firmware Marlin version 1.1.x and earlier contains a Buffer ...)
+ TODO: check
+CVE-2018-1000536 (Medis version 0.6.1 and earlier contains a XSS vulnerability evolving ...)
+ TODO: check
+CVE-2018-1000535 (lms version <= LMS_011123 contains a Local File Disclosure ...)
+ TODO: check
+CVE-2018-1000534 (Joplin version prior to 1.0.90 contains a XSS evolving into code ...)
+ TODO: check
+CVE-2018-1000533 (klaussilveira GitList version <= 0.6 contains a Passing incorrectly ...)
+ TODO: check
+CVE-2018-1000532 (beep version 1.3 and up contains a External Control of File Name or ...)
+ TODO: check
+CVE-2018-1000531 (inversoft prime-jwt version prior to commit ...)
+ TODO: check
CVE-2018-1000530
REJECTED
-CVE-2018-1000529
- RESERVED
-CVE-2018-1000528
- RESERVED
-CVE-2018-1000527
- RESERVED
-CVE-2018-1000526
- RESERVED
-CVE-2018-1000525
- RESERVED
-CVE-2018-1000524
- RESERVED
-CVE-2018-1000523
- RESERVED
+CVE-2018-1000529 (Grails Fields plugin version 2.2.7 contains a Cross Site Scripting ...)
+ TODO: check
+CVE-2018-1000528 (GONICUS GOsa version before commit ...)
+ TODO: check
+CVE-2018-1000527 (Froxlor version <= 0.9.39.5 contains a PHP Object Injection ...)
+ TODO: check
+CVE-2018-1000526 (Openpsa contains a XML Injection vulnerability in RSS file upload ...)
+ TODO: check
+CVE-2018-1000525 (openpsa contains a PHP Object Injection vulnerability in Form data ...)
+ TODO: check
+CVE-2018-1000524 (miniSphere version 5.2.9 and earlier contains a Integer Overflow ...)
+ TODO: check
+CVE-2018-1000523 (topydo contains a CWE-20: Improper Input Validation vulnerability in ...)
+ TODO: check
CVE-2018-1000522
REJECTED
-CVE-2018-1000521
- RESERVED
-CVE-2018-1000520
- RESERVED
-CVE-2018-1000519
- RESERVED
-CVE-2018-1000518
- RESERVED
-CVE-2018-1000517
- RESERVED
-CVE-2018-1000516
- RESERVED
-CVE-2018-1000515
- RESERVED
-CVE-2018-1000514
- RESERVED
-CVE-2018-1000513
- RESERVED
-CVE-2018-1000512
- RESERVED
-CVE-2018-1000511
- RESERVED
-CVE-2018-1000510
- RESERVED
-CVE-2018-1000509
- RESERVED
-CVE-2018-1000508
- RESERVED
-CVE-2018-1000507
- RESERVED
-CVE-2018-1000506
- RESERVED
-CVE-2018-1000505
- RESERVED
-CVE-2018-1000504
- RESERVED
-CVE-2018-1000503
- RESERVED
-CVE-2018-1000502
- RESERVED
-CVE-2018-1000501
- RESERVED
-CVE-2018-1000500
- RESERVED
+CVE-2018-1000521 (BigTree-CMS contains a Cross Site Scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2018-1000520 (ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows ...)
+ TODO: check
+CVE-2018-1000519 (aio-libs aiohttp-session contains a Session Fixation vulnerability in ...)
+ TODO: check
+CVE-2018-1000518 (aaugustin websockets version 4 contains a CWE-409: Improper Handling ...)
+ TODO: check
+CVE-2018-1000517 (BusyBox project BusyBox wget version prior to commit ...)
+ TODO: check
+CVE-2018-1000516 (The Galaxy Project Galaxy version v14.10 contains a CWE-79: Improper ...)
+ TODO: check
+CVE-2018-1000515 (ventrian News-Articles version NewsArticles.00.09.11 contains a XML ...)
+ TODO: check
+CVE-2018-1000514 (LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request ...)
+ TODO: check
+CVE-2018-1000513 (LimeSurvey version 3.0.0-beta.3+17110 contains a Cross Site Scripting ...)
+ TODO: check
+CVE-2018-1000512 (Tooltipy Tooltipy (tooltips for WP) version 5 contains a Cross Site ...)
+ TODO: check
+CVE-2018-1000511 (WP ULike version 2.8.1, 3.1 contains a Incorrect Access Control ...)
+ TODO: check
+CVE-2018-1000510 (WP Image Zoom version 1.23 contains a Incorrect Access Control ...)
+ TODO: check
+CVE-2018-1000509 (Redirection version 2.7.1 contains a Serialisation vulnerability ...)
+ TODO: check
+CVE-2018-1000508 (WP ULike version 2.8.1, 3.1 contains a Cross Site Scripting (XSS) ...)
+ TODO: check
+CVE-2018-1000507 (WP User Groups version 2.0.0 contains a Cross ite Request Forgery ...)
+ TODO: check
+CVE-2018-1000506 (Metronet Tag Manager version 1.2.7 contains a Cross ite Request ...)
+ TODO: check
+CVE-2018-1000505 (Tooltipy (tooltips for WP) version 5 contains a Cross ite Request ...)
+ TODO: check
+CVE-2018-1000504 (Redirection version 2.7.3 contains a ACE via file inclusion ...)
+ TODO: check
+CVE-2018-1000503 (MyBB Group MyBB contains a Incorrect Access Control vulnerability in ...)
+ TODO: check
+CVE-2018-1000502 (MyBB Group MyBB contains a File Inclusion vulnerability in Admin panel ...)
+ TODO: check
+CVE-2018-1000501 (Instant Update CMS contains a Password Reset Vulnerability ...)
+ TODO: check
+CVE-2018-1000500 (Busybox contains a Missing SSL certificate validation vulnerability in ...)
+ TODO: check
CVE-2018-1000404
RESERVED
CVE-2018-12637
@@ -1486,7 +1510,7 @@ CVE-2018-12327 (Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2
NOTE: https://gist.github.com/fakhrizulkifli/9b58ed8e0354e8deee50b0eebd1c011f
NOTE: Negligible security impact
CVE-2018-12326 (Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 ...)
- {DSA-4230-1}
+ {DSA-4230-1 DLA-1396-1}
- redis 5:4.0.10-1 (bug #902410)
NOTE: https://gist.github.com/fakhrizulkifli/f831f40ec6cde4f744c552503d8698f0
NOTE: https://github.com/antirez/redis/commit/9fdcc15962f9ff4baebe6fdd947816f43f730d50
@@ -2636,8 +2660,7 @@ CVE-2018-1002200 [arbitrary file write vulnerability / arbitrary code execution
- plexus-archiver 3.6.0-1 (bug #900953)
NOTE: https://github.com/codehaus-plexus/plexus-archiver/pull/87
NOTE: https://github.com/codehaus-plexus/plexus-archiver/commit/58bc24e465c0842981692adbf6d75680298989de
-CVE-2018-1000204 [infoleak due to incorrect andling of SG_IO ioctl]
- RESERVED
+CVE-2018-1000204 (Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl ...)
- linux 4.16.12-1
NOTE: Fixed by: https://git.kernel.org/linus/a45b599ad808c3c982fdcdc12b0b8611c2f92824
CVE-2018-1000203 (Soar Labs Soar Coin version up to and including git commit ...)
@@ -3621,12 +3644,12 @@ CVE-2018-11451
RESERVED
CVE-2018-11450
RESERVED
-CVE-2018-11449
- RESERVED
-CVE-2018-11448
- RESERVED
-CVE-2018-11447
- RESERVED
+CVE-2018-11449 (A vulnerability has been identified in SCALANCE M875 (All versions). ...)
+ TODO: check
+CVE-2018-11448 (A vulnerability has been identified in SCALANCE M875 (All versions). ...)
+ TODO: check
+CVE-2018-11447 (A vulnerability has been identified in SCALANCE M875 (All versions). ...)
+ TODO: check
CVE-2018-11446 (The buy function of a smart contract implementation for Gold Reward ...)
NOT-FOR-US: Gold Reward
CVE-2018-11445 (A CSRF issue was discovered on the User Add/System Settings Page ...)
@@ -4291,12 +4314,12 @@ CVE-2018-11221 (Unauthenticated untrusted file upload in Artica Pandora FMS thro
CVE-2018-11220 (Bitmain Antminer D3, L3+, and S9 devices allow Remote Command ...)
NOT-FOR-US: Bitmain Antminer D3, L3+, and S9 devices
CVE-2018-11219 (An Integer Overflow issue was discovered in the struct library in the ...)
- {DSA-4230-1}
+ {DSA-4230-1 DLA-1396-1}
- redis 5:4.0.10-1 (bug #901495)
NOTE: https://github.com/antirez/redis/issues/5017
NOTE: http://antirez.com/news/119
CVE-2018-11218 (Memory Corruption was discovered in the cmsgpack library in the Lua ...)
- {DSA-4230-1}
+ {DSA-4230-1 DLA-1396-1}
- redis 5:4.0.10-1 (bug #901495)
NOTE: https://github.com/antirez/redis/issues/5017
NOTE: http://antirez.com/news/119
@@ -5154,8 +5177,7 @@ CVE-2018-10853 [kvm: guest userspace to guest kernel write]
RESERVED
- linux 4.16.16-1
NOTE: Fixed by: https://git.kernel.org/linus/3c9fa24ca7c9c47605672916491f79e8ccacb9e6
-CVE-2018-10852
- RESERVED
+CVE-2018-10852 (The UNIX pipe which sudo uses to contact SSSD and read the available ...)
- sssd <unfixed>
NOTE: https://pagure.io/SSSD/sssd/issue/3766
CVE-2018-10851
@@ -5657,20 +5679,20 @@ CVE-2018-10666 (The Owned smart contract implementation for Aurora IDEX Membersh
NOT-FOR-US: Aurora IDEX
CVE-2018-10665 (ILIAS 5.3.4 has XSS through unsanitized output of PHP_SELF, related to ...)
NOT-FOR-US: ILIAS
-CVE-2018-10664
- RESERVED
-CVE-2018-10663
- RESERVED
-CVE-2018-10662
- RESERVED
-CVE-2018-10661
- RESERVED
-CVE-2018-10660
- RESERVED
-CVE-2018-10659
- RESERVED
-CVE-2018-10658
- RESERVED
+CVE-2018-10664 (An issue was discovered in the httpd process in multiple models of ...)
+ TODO: check
+CVE-2018-10663 (An issue was discovered in multiple models of Axis IP Cameras. There ...)
+ TODO: check
+CVE-2018-10662 (An issue was discovered in multiple models of Axis IP Cameras. There ...)
+ TODO: check
+CVE-2018-10661 (An issue was discovered in multiple models of Axis IP Cameras. There ...)
+ TODO: check
+CVE-2018-10660 (An issue was discovered in multiple models of Axis IP Cameras. There ...)
+ TODO: check
+CVE-2018-10659 (There was a Memory Corruption issue discovered in multiple models of ...)
+ TODO: check
+CVE-2018-10658 (There was a Memory Corruption issue discovered in multiple models of ...)
+ TODO: check
CVE-2018-10675 (The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel ...)
- linux 4.12.12-1
[stretch] - linux 4.9.47-1
@@ -5904,6 +5926,7 @@ CVE-2018-10551
CVE-2018-10550 (In Octopus Deploy before 2018.4.7, target and tenant tag variable ...)
NOT-FOR-US: Octopus Deploy
CVE-2018-10549 (An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, ...)
+ {DLA-1397-1}
- php7.2 <unfixed>
- php7.1 <unfixed>
- php7.0 <unfixed>
@@ -5912,7 +5935,7 @@ CVE-2018-10549 (An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.3
NOTE: Fixed in 5.6.36, 7.0.30, 7.1.17, 7.2.5
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=76130
CVE-2018-10548 (An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, ...)
- {DLA-1373-1}
+ {DLA-1397-1 DLA-1373-1}
- php7.2 <unfixed>
- php7.1 <unfixed>
- php7.0 <unfixed>
@@ -5920,7 +5943,7 @@ CVE-2018-10548 (An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.3
NOTE: Fixed in 5.6.36, 7.0.30, 7.1.17, 7.2.5
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=76248
CVE-2018-10547 (An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, ...)
- {DLA-1373-1}
+ {DLA-1397-1 DLA-1373-1}
- php7.2 <unfixed>
- php7.1 <unfixed>
- php7.0 <unfixed>
@@ -5928,6 +5951,7 @@ CVE-2018-10547 (An issue was discovered in ext/phar/phar_object.c in PHP before
NOTE: Fixed in 5.6.36, 7.0.30, 7.1.17, 7.2.5
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=76129
CVE-2018-10546 (An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, ...)
+ {DLA-1397-1}
- php7.2 <unfixed>
- php7.1 <unfixed>
- php7.0 <unfixed>
@@ -5936,7 +5960,7 @@ CVE-2018-10546 (An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.3
NOTE: Fixed in 5.6.36, 7.0.30, 7.1.17, 7.2.5
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=76249
CVE-2018-10545 (An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, ...)
- {DLA-1373-1}
+ {DLA-1397-1 DLA-1373-1}
- php7.2 7.2.4-1
- php7.1 7.1.16-1
- php7.0 7.0.29-1
@@ -13348,7 +13372,7 @@ CVE-2017-18212 (An issue was discovered in JerryScript 1.0. There is a heap-base
CVE-2018-7585
RESERVED
CVE-2018-7584 (In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and ...)
- {DLA-1326-1}
+ {DLA-1397-1 DLA-1326-1}
- php7.2 7.2.3-1
- php7.1 7.1.15-1
- php7.0 7.0.28-1
@@ -16205,8 +16229,8 @@ CVE-2018-6669
RESERVED
CVE-2018-6668
RESERVED
-CVE-2018-6667
- RESERVED
+CVE-2018-6667 (Authentication Bypass vulnerability in the administrative user ...)
+ TODO: check
CVE-2018-6666
RESERVED
CVE-2018-6665
@@ -21918,12 +21942,12 @@ CVE-2018-4863 (Sophos Endpoint Protection 10.7 allows local users to bypass an .
NOT-FOR-US: Sophos
CVE-2018-4862 (In Octopus Deploy versions 3.2.11 - 4.1.5 (fixed in 4.1.6), an ...)
NOT-FOR-US: Octopus Deploy
-CVE-2018-4861
- RESERVED
-CVE-2018-4860
- RESERVED
-CVE-2018-4859
- RESERVED
+CVE-2018-4861 (A vulnerability has been identified in SCALANCE M875 (All versions). ...)
+ TODO: check
+CVE-2018-4860 (A vulnerability has been identified in SCALANCE M875 (All versions). ...)
+ TODO: check
+CVE-2018-4859 (A vulnerability has been identified in SCALANCE M875 (All versions). ...)
+ TODO: check
CVE-2018-4858
RESERVED
CVE-2018-4857
@@ -21948,10 +21972,10 @@ CVE-2018-4848 (A vulnerability has been identified in SCALANCE X-200 IRT (All ..
NOT-FOR-US: Siemens SCALANCE X switches
CVE-2018-4847 (A vulnerability has been identified in SIMATIC WinCC OA Operator iOS ...)
NOT-FOR-US: SIMATIC WinCC OA Operator iOS App
-CVE-2018-4846
- RESERVED
-CVE-2018-4845
- RESERVED
+CVE-2018-4846 (A vulnerability has been identified in RAPIDLab 1200 systems / ...)
+ TODO: check
+CVE-2018-4845 (A vulnerability has been identified in RAPIDLab 1200 systems / ...)
+ TODO: check
CVE-2018-4844 (A vulnerability has been identified in SIMATIC WinCC OA UI for Android ...)
NOT-FOR-US: SIMATIC
CVE-2018-4843 (A vulnerability has been identified in SIMATIC CP 343-1 Advanced (All ...)
@@ -24518,8 +24542,7 @@ CVE-2018-3762
RESERVED
CVE-2018-3761
RESERVED
-CVE-2018-3760 [path traversal in sprockets/server.rb:forbidden_request?() can allow remote attackers to read arbitrary files]
- RESERVED
+CVE-2018-3760 (There is an information leak vulnerability in Sprockets. Versions ...)
- ruby-sprockets <unfixed> (bug #901913)
NOTE: http://www.openwall.com/lists/oss-security/2018/06/19/2
NOTE: https://github.com/rails/sprockets/commit/c09131cf5b2c479263939c8582e22b98ed616c5f
@@ -32365,8 +32388,7 @@ CVE-2018-1074 (ovirt-engine API and administration web portal before versions ..
NOT-FOR-US: ovirt-engine
CVE-2018-1073 (The web console login form in ovirt-engine before version 4.2.3 ...)
NOT-FOR-US: ovirt-engine
-CVE-2018-1072
- RESERVED
+CVE-2018-1072 (ovirt-engine before version ovirt 4.2.2 is vulnerable to an ...)
NOT-FOR-US: ovirt-engine
CVE-2018-1071 (zsh through version 5.4.2 is vulnerable to a stack-based buffer ...)
{DLA-1335-1}
@@ -34267,48 +34289,48 @@ CVE-2018-0614
RESERVED
CVE-2018-0613
RESERVED
-CVE-2018-0612
- RESERVED
-CVE-2018-0611
- RESERVED
-CVE-2018-0610
- RESERVED
-CVE-2018-0609
- RESERVED
-CVE-2018-0608
- RESERVED
+CVE-2018-0612 (Cross-site scripting vulnerability in 5000 trillion yen converter ...)
+ TODO: check
+CVE-2018-0611 (The ANA App for iOS version 4.0.22 and earlier does not verify X.509 ...)
+ TODO: check
+CVE-2018-0610 (Local file inclusion vulnerability in Zenphoto 1.4.14 and earlier ...)
+ TODO: check
+CVE-2018-0609 (Untrusted search path vulnerability in LINE for Windows versions ...)
+ TODO: check
+CVE-2018-0608 (Buffer overflow in H2O version 2.2.4 and earlier allows remote ...)
+ TODO: check
CVE-2018-0607
RESERVED
-CVE-2018-0606
- RESERVED
-CVE-2018-0605
- RESERVED
-CVE-2018-0604
- RESERVED
-CVE-2018-0603
- RESERVED
-CVE-2018-0602
- RESERVED
-CVE-2018-0601
- RESERVED
-CVE-2018-0600
- RESERVED
-CVE-2018-0599
- RESERVED
-CVE-2018-0598
- RESERVED
-CVE-2018-0597
- RESERVED
-CVE-2018-0596
- RESERVED
-CVE-2018-0595
- RESERVED
-CVE-2018-0594
- RESERVED
-CVE-2018-0593
- RESERVED
-CVE-2018-0592
- RESERVED
+CVE-2018-0606 (SQL injection vulnerability in the Pixelpost v1.7.3 and earlier allows ...)
+ TODO: check
+CVE-2018-0605 (Cross-site scripting vulnerability in Pixelpost v1.7.3 and earlier ...)
+ TODO: check
+CVE-2018-0604 (Pixelpost v1.7.3 and earlier allows remote code execution via ...)
+ TODO: check
+CVE-2018-0603 (Cross-site scripting vulnerability in Site Reviews versions prior to ...)
+ TODO: check
+CVE-2018-0602 (Cross-site scripting vulnerability in Email Subscribers & Newsletters ...)
+ TODO: check
+CVE-2018-0601 (Untrusted search path vulnerability in axpdfium v0.01 allows an ...)
+ TODO: check
+CVE-2018-0600 (Untrusted search path vulnerability in the installer of PlayMemories ...)
+ TODO: check
+CVE-2018-0599 (Untrusted search path vulnerability in the installer of Visual C++ ...)
+ TODO: check
+CVE-2018-0598 (Untrusted search path vulnerability in Self-extracting archive files ...)
+ TODO: check
+CVE-2018-0597 (Untrusted search path vulnerability in the installer of Visual Studio ...)
+ TODO: check
+CVE-2018-0596 (Untrusted search path vulnerability in the installer of Visual Studio ...)
+ TODO: check
+CVE-2018-0595 (Untrusted search path vulnerability in the installer of Skype for ...)
+ TODO: check
+CVE-2018-0594 (Untrusted search path vulnerability in Skype for Windows allows an ...)
+ TODO: check
+CVE-2018-0593 (Untrusted search path vulnerability in the installer of Microsoft ...)
+ TODO: check
+CVE-2018-0592 (Untrusted search path vulnerability in Microsoft OneDrive allows an ...)
+ TODO: check
CVE-2018-0591 (The KINEPASS App for Android Ver 3.1.1 and earlier, and for iOS Ver ...)
NOT-FOR-US: KINEPASS
CVE-2018-0590 (Ultimate Member plugin prior to version 2.0.4 for WordPress allows ...)
@@ -34323,8 +34345,8 @@ CVE-2018-0586 (Directory traversal vulnerability in the shortcodes function of .
NOT-FOR-US: WordPress plugin ultimate-member
CVE-2018-0585 (Cross-site scripting vulnerability in Ultimate Member plugin prior to ...)
NOT-FOR-US: WordPress plugin ultimate-member
-CVE-2018-0584
- RESERVED
+CVE-2018-0584 (IIJ SmartKey App for Android version 2.1.0 and earlier allows remote ...)
+ TODO: check
CVE-2018-0583 (Cross-site scripting vulnerability in ASUS RT-AC1200HP Firmware ...)
NOT-FOR-US: ASUS
CVE-2018-0582 (Cross-site scripting vulnerability in ASUS RT-AC68U Firmware version ...)
@@ -34341,44 +34363,44 @@ CVE-2018-0577 (Cross-site scripting vulnerability in WP Google Map Plugin prior
NOT-FOR-US: WordPress plugin wp-google-map-plugin
CVE-2018-0576 (Cross-site scripting vulnerability in Events Manager plugin prior to ...)
NOT-FOR-US: WordPress plugin events-manager
-CVE-2018-0575
- RESERVED
-CVE-2018-0574
- RESERVED
-CVE-2018-0573
- RESERVED
-CVE-2018-0572
- RESERVED
-CVE-2018-0571
- RESERVED
-CVE-2018-0570
- RESERVED
-CVE-2018-0569
- RESERVED
+CVE-2018-0575 (baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and ...)
+ TODO: check
+CVE-2018-0574 (Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and ...)
+ TODO: check
+CVE-2018-0573 (baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and ...)
+ TODO: check
+CVE-2018-0572 (baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and ...)
+ TODO: check
+CVE-2018-0571 (baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and ...)
+ TODO: check
+CVE-2018-0570 (Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and ...)
+ TODO: check
+CVE-2018-0569 (baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and ...)
+ TODO: check
CVE-2018-0568 (Unrestricted file upload vulnerability in SiteBridge Inc. Joruri Gw ...)
NOT-FOR-US: Joruri Gw
-CVE-2018-0567
- RESERVED
-CVE-2018-0566
- RESERVED
-CVE-2018-0565
- RESERVED
+CVE-2018-0567 (Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to ...)
+ TODO: check
+CVE-2018-0566 (Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to ...)
+ TODO: check
+CVE-2018-0565 (Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.0 ...)
+ TODO: check
CVE-2018-0564 (Session fixation vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE ...)
NOT-FOR-US: EC-CUBE
-CVE-2018-0563
- RESERVED
+CVE-2018-0563 (Untrusted search path vulnerability in the installer of FLET'S VIRUS ...)
+ TODO: check
CVE-2018-0562 (Untrusted search path vulnerability in Installer of SoundEngine Free ...)
NOT-FOR-US: Installer of SoundEngine Free
CVE-2018-0561 (Untrusted search path vulnerability in The installer of PhishWall ...)
NOT-FOR-US: Installer of PhishWall Client Internet Explorer
CVE-2018-0560 (Hatena Bookmark App for iOS Version 3.0 to 3.70 allows remote ...)
NOT-FOR-US: Hatena Bookmark App for iOS
-CVE-2018-0559
- RESERVED
-CVE-2018-0558
- RESERVED
-CVE-2018-0557
- RESERVED
+CVE-2018-0559 (Cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 ...)
+ TODO: check
+CVE-2018-0558 (Reflected cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 ...)
+ TODO: check
+CVE-2018-0557 (Stored cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to ...)
+ TODO: check
CVE-2018-0556 (Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to ...)
NOT-FOR-US: Buffalo WZR-1750DHP2
CVE-2018-0555 (Buffer overflow in Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an ...)
@@ -34433,14 +34455,14 @@ CVE-2018-0531 (Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attacker
NOT-FOR-US: Cybozu Garoon
CVE-2018-0530 (SQL injection vulnerability in the Cybozu Garoon 3.5.0 to 4.2.6 allows ...)
NOT-FOR-US: Cybozu Garoon
-CVE-2018-0529
- RESERVED
-CVE-2018-0528
- RESERVED
-CVE-2018-0527
- RESERVED
-CVE-2018-0526
- RESERVED
+CVE-2018-0529 (Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to cause a ...)
+ TODO: check
+CVE-2018-0528 (Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to ...)
+ TODO: check
+CVE-2018-0527 (Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.7.0 ...)
+ TODO: check
+CVE-2018-0526 (Cybozu Office 10.0.0 to 10.7.0 allow remote attackers to display an ...)
+ TODO: check
CVE-2018-0525 (Directory traversal vulnerability in Jubatus 1.0.2 and earlier allows ...)
- jubatus <itp> (bug #704100)
CVE-2018-0524 (Jubatus 1.0.2 and earlier allows remote code execution via unspecified ...)
@@ -38502,14 +38524,16 @@ CVE-2017-16014 (Http-proxy is a proxying library. Because of the way errors are
NOTE: https://github.com/nodejitsu/node-http-proxy/pull/101
CVE-2017-16013 (hapi is a web and services application framework. When hapi >= 15.0.0 ...)
TODO: check
-CVE-2017-16012 (Jquery is a javascript library for DOM traversal and manipulation, ...)
+CVE-2017-16012
+ REJECTED
- jquery 3.1.1-1
- node-jquery <unfixed>
NOTE: https://github.com/jquery/jquery/issues/2432
NOTE: https://github.com/jquery/jquery/commit/b078a62013782c7424a4a61a240c23c4c0b42614
NOTE: https://nodesecurity.io/advisories/328
TODO: check, why are there two jquery source packages once src:jquery and once src:node-jquery?
-CVE-2017-16011 (jQuery is a javascript library for DOM manipulation. jQuery's main ...)
+CVE-2017-16011
+ REJECTED
- jquery 1.11.3+dfsg-1
[jessie] - jquery <ignored> (Too intrusive to backport)
NOTE: https://bugs.jquery.com/ticket/11290
@@ -64194,12 +64218,12 @@ CVE-2017-7659 (A maliciously constructed HTTP/2 request could cause mod_http2 2.
[wheezy] - apache2 <not-affected> (Vulnerable code not present)
NOTE: HTTP/2 support introduced in 2.4.17
NOTE: http://www.openwall.com/lists/oss-security/2017/06/19/5
-CVE-2017-7658
- RESERVED
-CVE-2017-7657
- RESERVED
-CVE-2017-7656
- RESERVED
+CVE-2017-7658 (In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non ...)
+ TODO: check
+CVE-2017-7657 (In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all ...)
+ TODO: check
+CVE-2017-7656 (In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all ...)
+ TODO: check
CVE-2017-7655
RESERVED
CVE-2017-7654 (In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/83cb9df159fd6a766ce7228a78097cb016898eae
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/83cb9df159fd6a766ce7228a78097cb016898eae
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180626/15b41e94/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list