[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed May 2 21:10:37 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
961ba277 by security tracker role at 2018-05-02T20:10:28+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,10 +1,56 @@
-CVE-2018-10675 [mm/mempolicy: fix use after free when calling get_mempolicy]
+CVE-2018-10681
+	RESERVED
+CVE-2018-10680 (** DISPUTED ** Z-BlogPHP 1.5.2 has a stored Cross Site Scripting ...)
+	TODO: check
+CVE-2018-10679
+	RESERVED
+CVE-2018-10678
+	RESERVED
+CVE-2018-10677 (The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 lacks ...)
+	TODO: check
+CVE-2018-10676 (CeNova, Night OWL, Novo, Pulnix, QSee, Securus, and TBK Vision DVR ...)
+	TODO: check
+CVE-2018-10674
+	RESERVED
+CVE-2018-10673
+	RESERVED
+CVE-2018-10672
+	RESERVED
+CVE-2018-10671
+	RESERVED
+CVE-2018-10670
+	RESERVED
+CVE-2018-10669
+	RESERVED
+CVE-2018-10668
+	RESERVED
+CVE-2018-10667
+	RESERVED
+CVE-2018-10666
+	RESERVED
+CVE-2018-10665 (ILIAS 5.3.4 has XSS through unsanitized output of PHP_SELF, related to ...)
+	TODO: check
+CVE-2018-10664
+	RESERVED
+CVE-2018-10663
+	RESERVED
+CVE-2018-10662
+	RESERVED
+CVE-2018-10661
+	RESERVED
+CVE-2018-10660
+	RESERVED
+CVE-2018-10659
+	RESERVED
+CVE-2018-10658
+	RESERVED
+CVE-2018-10675 (The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel ...)
 	- linux 4.12.12-1
 	[stretch] - linux 4.9.47-1
 	[jessie] - linux 3.16.51-1
 	[wheezy] - linux 3.2.96-1
 	NOTE: https://git.kernel.org/linus/73223e4e2e3867ebf033a5a8eb2e5df0158ccc99 (4.13-rc6)
-CVE-2018-10657 [matrix-synapse: federation DoS]
+CVE-2018-10657 (Matrix Synapse before 0.28.1 is prone to a denial of service flaw where ...)
 	- matrix-synapse 0.28.1+dfsg-1
 	NOTE: https://github.com/matrix-org/synapse/commit/33f469ba19586bbafa0cf2c7d7c35463bdab87eb
 	NOTE: https://matrix.org/blog/2018/05/01/security-update-synapse-0-28-1/
@@ -3106,7 +3152,7 @@ CVE-2018-1000152 (An improper authorization vulnerability exists in Jenkins vSph
 	NOT-FOR-US: Jenkins plugin
 CVE-2018-1000153 (A cross-site request forgery vulnerability exists in Jenkins vSphere ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2018-9310 (An issue was discovered in MagniComp SysInfo before 10-H81 if setuid ...)
+CVE-2018-9310 (An issue was discovered in MagniComp SysInfo before 10-H82 if setuid ...)
 	NOT-FOR-US: MagniComp SysInfo
 CVE-2018-9309 (An issue was discovered in zzcms 8.2. It allows SQL injection via the ...)
 	NOT-FOR-US: zzcms
@@ -3126,8 +3172,8 @@ CVE-2018-9304 (In Exiv2 0.26, a divide by zero in BigTiffImage::printIFD in ...)
 CVE-2018-9303 (In Exiv2 0.26, an assertion failure in BigTiffImage::readData in ...)
 	- exiv2 <not-affected> (Vulnerable code introduced after 0.26)
 	NOTE: https://github.com/Exiv2/exiv2/issues/262
-CVE-2018-9302
-	RESERVED
+CVE-2018-9302 (SSRF (Server Side Request Forgery) in /assets/lib/fuc.js.php in ...)
+	TODO: check
 CVE-2018-9301
 	RESERVED
 CVE-2018-9300
@@ -5968,8 +6014,8 @@ CVE-2018-8117 (A security feature bypass vulnerability exists in the Microsoft .
 	NOT-FOR-US: Microsoft
 CVE-2018-8116 (A denial of service vulnerability exists in the way that Windows ...)
 	NOT-FOR-US: Microsoft
-CVE-2018-8115
-	RESERVED
+CVE-2018-8115 (A remote code execution vulnerability exists when the Windows Host ...)
+	TODO: check
 CVE-2018-8114
 	RESERVED
 CVE-2018-8113
@@ -13928,24 +13974,24 @@ CVE-2018-5522
 	RESERVED
 CVE-2018-5521
 	RESERVED
-CVE-2018-5520
-	RESERVED
-CVE-2018-5519
-	RESERVED
-CVE-2018-5518
-	RESERVED
-CVE-2018-5517
-	RESERVED
-CVE-2018-5516
-	RESERVED
-CVE-2018-5515
-	RESERVED
-CVE-2018-5514
-	RESERVED
+CVE-2018-5520 (On an F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.2.1-11.6.3.1 ...)
+	TODO: check
+CVE-2018-5519 (On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.3, or 11.2.1-11.6.3.1, ...)
+	TODO: check
+CVE-2018-5518 (On F5 BIG-IP 13.0.0-13.1.0.5 or 12.0.0-12.1.3.3, malicious root users ...)
+	TODO: check
+CVE-2018-5517 (On F5 BIG-IP 13.1.0-13.1.0.5, malformed TCP packets sent to a self IP ...)
+	TODO: check
+CVE-2018-5516 (On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, ...)
+	TODO: check
+CVE-2018-5515 (On F5 BIG-IP 13.0.0-13.1.0.5, using RADIUS authentication responses ...)
+	TODO: check
+CVE-2018-5514 (On F5 BIG-IP 13.1.0-13.1.0.5, maliciously crafted HTTP/2 request ...)
+	TODO: check
 CVE-2018-5513
 	RESERVED
-CVE-2018-5512
-	RESERVED
+CVE-2018-5512 (On F5 BIG-IP 13.1.0-13.1.0.5, when Large Receive Offload (LRO) and SYN ...)
+	TODO: check
 CVE-2018-5511 (On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated ...)
 	NOT-FOR-US: F5 BIG-IP
 CVE-2018-5510 (On F5 BIG-IP 11.5.4 HF4-11.5.5, the Traffic Management Microkernel ...)
@@ -24190,8 +24236,8 @@ CVE-2018-1470
 	RESERVED
 CVE-2018-1469 (IBM API Connect Developer Portal 5.0.0.0 through 5.0.8.2 could allow ...)
 	NOT-FOR-US: IBM API Connect Developer Portal
-CVE-2018-1468
-	RESERVED
+CVE-2018-1468 (IBM API Connect 5.0.8.1 and 5.0.8.2 could allow a user to get access ...)
+	TODO: check
 CVE-2018-1467
 	RESERVED
 CVE-2018-1466
@@ -25940,14 +25986,14 @@ CVE-2018-1106 (An authentication bypass flaw has been found in PackageKit before
 	NOTE: Resulting affected (upstream) versions: >= 1.0.10 up until current 1.1.9
 CVE-2018-1105
 	RESERVED
-CVE-2018-1104
-	RESERVED
+CVE-2018-1104 (Ansible Tower through version 3.2.3 has a vulnerability that allows ...)
+	TODO: check
 CVE-2018-1103
 	RESERVED
 CVE-2018-1102 (A flaw was found in source-to-image function as shipped with Openshift ...)
 	NOT-FOR-US: source-to-image in OpenShift
-CVE-2018-1101
-	RESERVED
+CVE-2018-1101 (Ansible Tower before version 3.2.4 has a flaw in the management of ...)
+	TODO: check
 CVE-2018-1100 (zsh through version 5.4.2 is vulnerable to a stack-based buffer ...)
 	- zsh 5.5-1 (bug #895225)
 	[stretch] - zsh <no-dsa> (Minor issue)
@@ -29431,7 +29477,7 @@ CVE-2017-16907 (In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color
 	- php-horde <undetermined>
 	NOTE: http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html
 	TODO: check
-CVE-2017-16906 (In Horde Groupware 5.2.19, there is XSS via the URL field in a ...)
+CVE-2017-16906 (In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a ...)
 	- php-horde <undetermined>
 	NOTE: http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html
 	TODO: check
@@ -67335,8 +67381,7 @@ CVE-2017-4954
 	RESERVED
 CVE-2017-4953
 	RESERVED
-CVE-2017-4952
-	RESERVED
+CVE-2017-4952 (VMware Xenon 1.x prior to 1.5.7, 1.5.4, 1.3.7, and 1.1.0 contains an ...)
 	NOT-FOR-US: VMware Xenon
 CVE-2017-4951 (VMware AirWatch Console (9.2.x before 9.2.2 and 9.1.x before 9.1.5) ...)
 	NOT-FOR-US: VMware AirWatch Console
@@ -75961,8 +76006,8 @@ CVE-2017-1603
 	RESERVED
 CVE-2017-1602 (IBM RSA DM (IBM Rational Collaborative Lifecycle Management 5.0 and ...)
 	NOT-FOR-US: IBM
-CVE-2017-1601
-	RESERVED
+CVE-2017-1601 (IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 Database ...)
+	TODO: check
 CVE-2017-1600 (IBM Security Guardium 10.0 Database Activity Monitor is vulnerable to ...)
 	NOT-FOR-US: IBM Security Guardium
 CVE-2017-1599
@@ -76654,8 +76699,8 @@ CVE-2017-1257 (IBM Security Guardium 10.0 discloses sensitive information to ...
 	NOT-FOR-US: IBM Security Guardium
 CVE-2017-1256 (IBM Security Guardium 10.0, 10.1 is vulnerable to cross-site ...)
 	NOT-FOR-US: IBM
-CVE-2017-1255
-	RESERVED
+CVE-2017-1255 (IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 uses ...)
+	TODO: check
 CVE-2017-1254 (IBM Security Guardium 10.0 is vulnerable to a XML External Entity ...)
 	NOT-FOR-US: IBM
 CVE-2017-1253 (IBM Security Guardium 10.0 could allow a remote authenticated attacker ...)
@@ -164257,8 +164302,8 @@ CVE-2013-6274
 	RESERVED
 CVE-2013-6273
 	RESERVED
-CVE-2013-6272
-	RESERVED
+CVE-2013-6272 (The NotificationBroadcastReceiver class in the com.android.phone ...)
+	TODO: check
 CVE-2013-6271 (Android 4.0 through 4.3 allows attackers to bypass intended access ...)
 	NOT-FOR-US: Android
 CVE-2013-6270



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/961ba2775f4c5ad131ff3174c7e6d064c575796b

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/961ba2775f4c5ad131ff3174c7e6d064c575796b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180502/144caebf/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list