[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Thu Mar 15 21:10:23 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
965066fb by security tracker role at 2018-03-15T21:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,23 @@
+CVE-2018-8730
+	RESERVED
+CVE-2018-8729 (Multiple cross-site scripting (XSS) vulnerabilities in the Activity Log ...)
+	TODO: check
+CVE-2018-8728 (server/app/views/static/code.html in Kontena before 1.5.0 allows XSS in ...)
+	TODO: check
+CVE-2018-8727
+	RESERVED
+CVE-2017-18238 (An issue was discovered in Exempi before 2.4.4. The ...)
+	TODO: check
+CVE-2017-18237 (An issue was discovered in Exempi before 2.4.3. The ...)
+	TODO: check
+CVE-2017-18236 (An issue was discovered in Exempi before 2.4.4. The ...)
+	TODO: check
+CVE-2017-18235 (An issue was discovered in Exempi before 2.4.3. The VPXChunk class in ...)
+	TODO: check
+CVE-2017-18234 (An issue was discovered in Exempi before 2.4.3. It allows remote ...)
+	TODO: check
+CVE-2017-18233 (An issue was discovered in Exempi before 2.4.4. Integer overflow in the ...)
+	TODO: check
 CVE-2018-8726
 	RESERVED
 CVE-2018-8725
@@ -10,8 +30,8 @@ CVE-2018-8722 (Zoho ManageEngine Desktop Central version 9.1.0 build 91099 has .
 	NOT-FOR-US: Zoho
 CVE-2018-8721 (Zoho ManageEngine EventLog Analyzer version 11.0 build 11000 has Stored ...)
 	NOT-FOR-US: Zoho
-CVE-2018-8720
-	RESERVED
+CVE-2018-8720 (ServiceNow ITSM 2016-06-02 has XSS via the First Name or Last Name ...)
+	TODO: check
 CVE-2018-8719
 	RESERVED
 CVE-2018-8718
@@ -3685,6 +3705,7 @@ CVE-2018-1000087 (WolfCMS version version 0.8.3.1 contains a Reflected Cross Sit
 CVE-2018-1000086 (NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a ...)
 	NOT-FOR-US: pym.js
 CVE-2018-1000085 (ClamAV version version 0.99.3 contains a Out of bounds heap memory ...)
+	{DLA-1307-1}
 	- clamav 0.99.3~beta1+dfsg-1
 	[stretch] - clamav 0.99.4+dfsg-1+deb9u1
 	[jessie] - clamav <no-dsa> (clamav is updated via -updates)
@@ -4577,11 +4598,12 @@ CVE-2018-6959
 	RESERVED
 CVE-2018-6958
 	RESERVED
-CVE-2018-6957
-	RESERVED
+CVE-2018-6957 (VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x before ...)
+	TODO: check
 CVE-2017-18188 (OpenRC opentmpfiles through 0.1.3, when the fs.protected_hardlinks ...)
 	NOT-FOR-US: opentmpfiles
 CVE-2017-18187 (In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an ...)
+	{DSA-4138-1}
 	- mbedtls 2.7.0-2
 	- polarssl <removed>
 	[wheezy] - polarssl <not-affected> (vulnerable code not present)
@@ -6750,32 +6772,32 @@ CVE-2018-6233
 	RESERVED
 CVE-2018-6232
 	RESERVED
-CVE-2018-6231
-	RESERVED
-CVE-2018-6230
-	RESERVED
-CVE-2018-6229
-	RESERVED
-CVE-2018-6228
-	RESERVED
-CVE-2018-6227
-	RESERVED
-CVE-2018-6226
-	RESERVED
-CVE-2018-6225
-	RESERVED
-CVE-2018-6224
-	RESERVED
-CVE-2018-6223
-	RESERVED
-CVE-2018-6222
-	RESERVED
-CVE-2018-6221
-	RESERVED
-CVE-2018-6220
-	RESERVED
-CVE-2018-6219
-	RESERVED
+CVE-2018-6231 (A server auth command injection authentication bypass vulnerability in ...)
+	TODO: check
+CVE-2018-6230 (A SQL injection vulnerability in an Trend Micro Email Encryption ...)
+	TODO: check
+CVE-2018-6229 (A SQL injection vulnerability in an Trend Micro Email Encryption ...)
+	TODO: check
+CVE-2018-6228 (A SQL injection vulnerability in a Trend Micro Email Encryption ...)
+	TODO: check
+CVE-2018-6227 (A stored cross-site scripting (XSS) vulnerability in Trend Micro Email ...)
+	TODO: check
+CVE-2018-6226 (Reflected cross-site scripting (XSS) vulnerabilities in two Trend ...)
+	TODO: check
+CVE-2018-6225 (An XML external entity injection (XXE) vulnerability in Trend Micro ...)
+	TODO: check
+CVE-2018-6224 (A lack of cross-site request forgery (CSRF) protection vulnerability ...)
+	TODO: check
+CVE-2018-6223 (A missing authentication for appliance registration vulnerability in ...)
+	TODO: check
+CVE-2018-6222 (Arbitrary logs location in Trend Micro Email Encryption Gateway 5.5 ...)
+	TODO: check
+CVE-2018-6221 (An unvalidated software update vulnerability in Trend Micro Email ...)
+	TODO: check
+CVE-2018-6220 (An arbitrary file write vulnerability in Trend Micro Email Encryption ...)
+	TODO: check
+CVE-2018-6219 (An Insecure Update via HTTP vulnerability in Trend Micro Email ...)
+	TODO: check
 CVE-2018-6218 (A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking ...)
 	NOT-FOR-US: Trend Micro
 CVE-2018-6217 (The WStr::_alloc_iostr_data() function in kso.dll in Kingsoft WPS ...)
@@ -9716,10 +9738,12 @@ CVE-2018-5146
 	RESERVED
 CVE-2018-5145
 	RESERVED
+	{DLA-1308-1}
 	- firefox-esr 52.7.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/
 CVE-2018-5144
 	RESERVED
+	{DLA-1308-1}
 	- firefox-esr 52.7.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/
 CVE-2018-5143
@@ -9770,18 +9794,21 @@ CVE-2018-5132
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
 CVE-2018-5131
 	RESERVED
+	{DLA-1308-1}
 	- firefox 59.0-1
 	- firefox-esr 52.7.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
 CVE-2018-5130
 	RESERVED
+	{DLA-1308-1}
 	- firefox 59.0-1
 	- firefox-esr 52.7.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
 CVE-2018-5129
 	RESERVED
+	{DLA-1308-1}
 	- firefox 59.0-1
 	- firefox-esr 52.7.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/
@@ -9792,6 +9819,7 @@ CVE-2018-5128
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
 CVE-2018-5127
 	RESERVED
+	{DLA-1308-1}
 	- firefox 59.0-1
 	- firefox-esr 52.7.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/
@@ -9802,6 +9830,7 @@ CVE-2018-5126
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
 CVE-2018-5125
 	RESERVED
+	{DLA-1308-1}
 	- firefox 59.0-1
 	- firefox-esr 52.7.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/
@@ -19659,8 +19688,8 @@ CVE-2018-1321
 	RESERVED
 CVE-2018-1320
 	RESERVED
-CVE-2018-1319
-	RESERVED
+CVE-2018-1319 (In Apache Allura prior to 1.8.1, attackers may craft URLs that cause ...)
+	TODO: check
 CVE-2018-1318
 	RESERVED
 CVE-2018-1317
@@ -22526,6 +22555,7 @@ CVE-2018-0489 (Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Servi
 	NOTE: https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
 	NOTE: https://www.kb.cert.org/vuls/id/475445
 CVE-2018-0488 (ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the ...)
+	{DSA-4138-1}
 	- mbedtls 2.7.0-2 (bug #890287)
 	- polarssl <removed>
 	[wheezy] - polarssl <not-affected> (according to the upstream advisory < 1.2.19 not affected)
@@ -22533,6 +22563,7 @@ CVE-2018-0488 (ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when
 	NOTE: https://github.com/ARMmbed/mbedtls/commit/992b6872f3ca717282ae367749a47f006d337a87
 	NOTE: https://github.com/ARMmbed/mbedtls/commit/464147cadc694379b7717afb7b517fe05cdb323f
 CVE-2018-0487 (ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows ...)
+	{DSA-4138-1}
 	- mbedtls 2.7.0-2 (bug #890288)
 	- polarssl <removed>
 	[wheezy] - polarssl <not-affected> (according to the upstream advisory < 1.3.7 not affected)
@@ -23215,6 +23246,7 @@ CVE-2018-0203 (A vulnerability in the SMTP relay of Cisco Unity Connection could
 	NOT-FOR-US: Cisco
 CVE-2018-0202 [Out-of-bounds access in the PDF parser]
 	RESERVED
+	{DLA-1307-1}
 	- clamav 0.100.0~beta+dfsg-2
 	[stretch] - clamav 0.99.4+dfsg-1+deb9u1
 	[jessie] - clamav <no-dsa> (clamav is updated via -updates)
@@ -106830,7 +106862,7 @@ CVE-2015-8042 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.
 	NOT-FOR-US: Adobe Flash Player
 CVE-2015-8040 (The rtsp_getdlsendtime method in the CNC_Ctrl control in Samsung ...)
 	NOT-FOR-US: Samsung SmartViewer
-CVE-2015-8039 (Samsung SmartViewer allow remote attackers to execute arbitrary code ...)
+CVE-2015-8039 (Samsung SmartViewer allows remote attackers to execute arbitrary code ...)
 	NOT-FOR-US: Samsung SmartViewer
 CVE-2015-8038 (Multiple cross-site scripting (XSS) vulnerabilities in the Graphical ...)
 	NOT-FOR-US: Fortinet



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/965066fb97274e7595ac5da7fd3b7dc5b1ca5ded

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/965066fb97274e7595ac5da7fd3b7dc5b1ca5ded
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180315/77f28a15/attachment.html>

More information about the Secure-testing-commits mailing list