[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Thu Jun 28 21:11:37 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f7edf941 by security tracker role at 2018-06-28T20:11:26+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,19 +1,37 @@
-CVE-2018-12927
+CVE-2018-12936
 	RESERVED
-CVE-2018-12926
-	RESERVED
-CVE-2018-12925
-	RESERVED
-CVE-2018-12924
-	RESERVED
-CVE-2018-12923
-	RESERVED
-CVE-2018-12922
-	RESERVED
-CVE-2018-12921
-	RESERVED
-CVE-2018-12920
+CVE-2018-12935
 	RESERVED
+CVE-2018-12934 (remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU ...)
+	TODO: check
+CVE-2018-12933 (PlayEnhMetaFileRecord in enhmetafile.c in Wine 3.7 allows attackers to ...)
+	TODO: check
+CVE-2018-12932 (PlayEnhMetaFileRecord in enhmetafile.c in Wine 3.7 allows attackers to ...)
+	TODO: check
+CVE-2018-12931 (ntfs_attr_find in the ntfs.ko filesystem driver in the Linux kernel ...)
+	TODO: check
+CVE-2018-12930 (ntfs_end_buffer_async_read in the ntfs.ko filesystem driver in the ...)
+	TODO: check
+CVE-2018-12929 (ntfs_read_locked_inode in the ntfs.ko filesystem driver in the Linux ...)
+	TODO: check
+CVE-2018-12928 (In the Linux kernel 4.15.0, a NULL pointer dereference was discovered ...)
+	TODO: check
+CVE-2018-12927 (Northern Electric & Power (NEP) inverter devices allow remote attackers ...)
+	TODO: check
+CVE-2018-12926 (Pharos Controls devices allow remote attackers to obtain potentially ...)
+	TODO: check
+CVE-2018-12925 (Baseon Lantronix MSS devices do not require a password for TELNET ...)
+	TODO: check
+CVE-2018-12924 (Sollae Serial-Ethernet-Module and Remote-I/O-Device-Server devices have ...)
+	TODO: check
+CVE-2018-12923 (BWS Systems HA-Bridge devices allow remote attackers to obtain ...)
+	TODO: check
+CVE-2018-12922 (Emerson Liebert IntelliSlot Web Card devices allow remote attackers to ...)
+	TODO: check
+CVE-2018-12921 (Electro Industries GaugeTech Nexus devices allow remote attackers to ...)
+	TODO: check
+CVE-2018-12920 (Brickstream 2300 devices allow remote attackers to obtain potentially ...)
+	TODO: check
 CVE-2018-12919 (In CraftedWeb through 2013-09-24, aasp_includes/pages/notice.php allows ...)
 	NOT-FOR-US: CraftedWeb
 CVE-2018-12918 (In libpbc.a in PBC through 2017-03-02, there is a Segmentation fault in ...)
@@ -941,8 +959,8 @@ CVE-2018-12591 (Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from
 	NOT-FOR-US: Ubiquiti Networks EdgeSwitch
 CVE-2018-12590 (Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an ...)
 	NOT-FOR-US: Ubiquiti Networks EdgeSwitch
-CVE-2018-12589
-	RESERVED
+CVE-2018-12589 (Polaris Office 2017 8.1 allows attackers to execute arbitrary code via ...)
+	TODO: check
 CVE-2018-12588 (Cross-site scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: Public Knowledge Project (PKP) Open Monograph Press (OMP)
 CVE-2018-12587
@@ -999,7 +1017,7 @@ CVE-2018-12565 (An issue was discovered in Linaro LAVA before 2018.5.post1. Beca
 	[jessie] - lava-server <not-affected> (vulnerable code not present)
 	NOTE: https://git.linaro.org/lava/lava.git/commit/?id=583666c84ea2f12797a3eb71392bcb05782f5b14
 CVE-2018-12564 (An issue was discovered in Linaro LAVA before 2018.5.post1. Because of ...)
-	{DSA-4234-1}
+	{DSA-4234-1 DLA-1404-1}
 	- lava 2018.5.post1-1
 	- lava-server <removed>
 	NOTE: https://git.linaro.org/lava/lava.git/commit/?id=95a9a77b144ced24d7425d6544ab03ca7f6c75d3
@@ -3690,8 +3708,8 @@ CVE-2018-11512 (Stored cross-site scripting (XSS) vulnerability in the "Web
 	NOT-FOR-US: wityCMS
 CVE-2018-11511
 	RESERVED
-CVE-2018-11510
-	RESERVED
+CVE-2018-11510 (ASUSTOR ADM 3.1.2.RHG1 and earlier uses the same default root:admin ...)
+	TODO: check
 CVE-2018-11509
 	RESERVED
 CVE-2018-11508 (The compat_get_timex function in kernel/compat.c in the Linux kernel ...)
@@ -12352,8 +12370,7 @@ CVE-2018-8018
 	RESERVED
 CVE-2018-8017
 	RESERVED
-CVE-2018-8016
-	RESERVED
+CVE-2018-8016 (The default configuration in Apache Cassandra 3.8 through 3.11.1 binds ...)
 	- cassandra <itp> (bug #585905)
 CVE-2018-8015 (In Apache ORC 1.0.0 to 1.4.3 a malformed ORC file can trigger an ...)
 	NOT-FOR-US: Apache ORC
@@ -31232,8 +31249,8 @@ CVE-2018-1353
 	RESERVED
 CVE-2018-1352
 	RESERVED
-CVE-2018-1351
-	RESERVED
+CVE-2018-1351 (A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager ...)
+	TODO: check
 CVE-2017-17551 (The Backup and Restore feature in Mobotap Dolphin Browser for Android ...)
 	NOT-FOR-US: Dolphin Browser for Android
 CVE-2017-17550
@@ -36558,8 +36575,8 @@ CVE-2017-16861 (It was possible for double OGNL evaluation in certain redirect a
 	NOT-FOR-US: Atlassian Fisheye and Crucible
 CVE-2017-16860 (The invalidRedirectUrl template in Atlassian Application Links before ...)
 	NOT-FOR-US: Atlassian
-CVE-2017-16859
-	RESERVED
+CVE-2017-16859 (The review attachment resource in Atlassian Fisheye and Crucible ...)
+	TODO: check
 CVE-2017-16858 (The 'crowd-application' plugin module (notably used by the Google Apps ...)
 	NOT-FOR-US: 'crowd-application' plugin module in Atlassian Crowd
 CVE-2017-16857 (It is possible to bypass the bitbucket auto-unapprove plugin via ...)
@@ -102214,7 +102231,7 @@ CVE-2016-4863 (The Toshiba FlashAir SD-WD/WC series Class 6 model with firmware 
 CVE-2016-4862 (Twigmo bundled with CS-Cart 4.3.9 and earlier and Twigmo bundled with ...)
 	NOT-FOR-US: Twigmo
 CVE-2016-4861 (The (1) order and (2) group methods in Zend_Db_Select in the Zend ...)
-	{DLA-646-1}
+	{DLA-1403-1 DLA-646-1}
 	- zendframework 1.12.20+dfsg-1
 	NOTE: http://framework.zend.com/security/advisory/ZF2016-03
 	NOTE: This security fix can be considered an improvement of the previous ZF2016-02



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f7edf941259dcf354640e874d2176b6528ff396c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f7edf941259dcf354640e874d2176b6528ff396c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180628/50e62989/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list