[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu May 3 09:10:27 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6ce7ca77 by security tracker role at 2018-05-03T08:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,53 @@
+CVE-2018-10704
+ RESERVED
+CVE-2018-10703
+ RESERVED
+CVE-2018-10702
+ RESERVED
+CVE-2018-10701
+ RESERVED
+CVE-2018-10700
+ RESERVED
+CVE-2018-10699
+ RESERVED
+CVE-2018-10698
+ RESERVED
+CVE-2018-10697
+ RESERVED
+CVE-2018-10696
+ RESERVED
+CVE-2018-10695
+ RESERVED
+CVE-2018-10694
+ RESERVED
+CVE-2018-10693
+ RESERVED
+CVE-2018-10692
+ RESERVED
+CVE-2018-10691
+ RESERVED
+CVE-2018-10690
+ RESERVED
+CVE-2018-10689 (blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel ...)
+ TODO: check
+CVE-2018-10688
+ RESERVED
+CVE-2018-10687
+ RESERVED
+CVE-2018-10686
+ RESERVED
+CVE-2018-10685 (In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the ...)
+ TODO: check
+CVE-2018-10684
+ RESERVED
+CVE-2018-10683
+ RESERVED
+CVE-2018-10682
+ RESERVED
+CVE-2016-10722 (partclone.fat in Partclone before 0.2.88 is prone to a heap-based ...)
+ TODO: check
+CVE-2016-10721 (partclone.restore in Partclone 0.2.87 is prone to a heap-based buffer ...)
+ TODO: check
CVE-2018-10681
RESERVED
CVE-2018-10680 (** DISPUTED ** Z-BlogPHP 1.5.2 has a stored Cross Site Scripting ...)
@@ -26,8 +76,8 @@ CVE-2018-10668
RESERVED
CVE-2018-10667
RESERVED
-CVE-2018-10666
- RESERVED
+CVE-2018-10666 (The Owned smart contract implementation for Aurora IDEX Membership ...)
+ TODO: check
CVE-2018-10665 (ILIAS 5.3.4 has XSS through unsanitized output of PHP_SELF, related to ...)
NOT-FOR-US: ILIAS
CVE-2018-10664
@@ -216,10 +266,10 @@ CVE-2018-10580
RESERVED
CVE-2018-10579
RESERVED
-CVE-2018-10578
- RESERVED
-CVE-2018-10577
- RESERVED
+CVE-2018-10578 (An issue was discovered on WatchGuard AP100, AP102, and AP200 devices ...)
+ TODO: check
+CVE-2018-10577 (An issue was discovered on WatchGuard AP100, AP102, and AP200 devices ...)
+ TODO: check
CVE-2018-10576 (An issue was discovered on WatchGuard AP100, AP102, and AP200 devices ...)
NOT-FOR-US: WatchGuard devices
CVE-2018-10575 (An issue was discovered on WatchGuard AP100, AP102, and AP200 devices ...)
@@ -238,18 +288,18 @@ CVE-2018-10570 (Frog CMS 0.9.5 has XSS in /install/index.php via the ...)
NOT-FOR-US: Frog CMS
CVE-2018-10569
RESERVED
-CVE-2018-10568
- RESERVED
-CVE-2018-10567
- RESERVED
-CVE-2018-10566
- RESERVED
-CVE-2018-10565
- RESERVED
-CVE-2018-10564
- RESERVED
-CVE-2018-10563
- RESERVED
+CVE-2018-10568 (XSS exists in Flexense DiskSorter Enterprise from v9.5.12 to v10.7. ...)
+ TODO: check
+CVE-2018-10567 (XSS exists in Flexense VX Search Enterprise from v10.1.12 to v10.7. ...)
+ TODO: check
+CVE-2018-10566 (XSS exists in Flexense DupScout Enterprise from v10.0.18 to v10.7. ...)
+ TODO: check
+CVE-2018-10565 (XSS exists in Flexense DiskSavvy Enterprise from v10.4 to v10.7. ...)
+ TODO: check
+CVE-2018-10564 (XSS exists in Flexense DiskPulse Enterprise from v10.4 to v10.7. ...)
+ TODO: check
+CVE-2018-10563 (An XSS in Flexense SyncBreeze affects all versions (tested from ...)
+ TODO: check
CVE-2018-10562
RESERVED
CVE-2018-10561
@@ -730,11 +780,13 @@ CVE-2018-10372 (process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remot
CVE-2018-10371 (An issue was discovered in the wunderfarm WF Cookie Consent plugin ...)
NOT-FOR-US: wunderfarm WF Cookie Consent plugin for WordPress
CVE-2018-1000178 [Implement custom deserializer to add our own sanity checks]
+ {DSA-4189-1}
- quassel 1:0.12.5-1 (bug #896914)
NOTE: https://github.com/quassel/quassel/commit/2b777e99fc9f74d4ed21491710260664a1721d1f (master)
NOTE: https://github.com/quassel/quassel/commit/18389a713a6810f57ab237b945e8ee03df857b8b (0.12)
NOTE: http://www.openwall.com/lists/oss-security/2018/04/27/1
CVE-2018-1000179 [Reject clients that attempt to login before the core is configured]
+ {DSA-4189-1}
- quassel 1:0.12.5-1 (bug #896915)
NOTE: https://github.com/quassel/quassel/commit/e17fca767d60c06ca02bc5898ced04f06d3670bd (master)
NOTE: https://github.com/quassel/quassel/commit/08bace4e9ecf08273f094c0c6aa8b3363d38ac3e (0.12)
@@ -903,8 +955,8 @@ CVE-2018-10296 (MiniCMS V1.10 has XSS via the mc-admin/post-edit.php title param
NOT-FOR-US: MiniCMS
CVE-2018-10295 (ChemCMS v1.0.6 has CSRF by using public/admin/user/addpost.html to add ...)
NOT-FOR-US: ChemCMS
-CVE-2018-10294
- RESERVED
+CVE-2018-10294 (Flexense DiskBoss Enterprise v7.4.28 to v9.1.16 has XSS. ...)
+ TODO: check
CVE-2018-10293
RESERVED
CVE-2018-10292
@@ -1358,8 +1410,8 @@ CVE-2018-10117 (An issue was discovered in idreamsoft iCMS V7.0.7. There is a CS
NOT-FOR-US: idreamsoft iCMS
CVE-2018-10116
RESERVED
-CVE-2018-10115
- RESERVED
+CVE-2018-10115 (Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 ...)
+ TODO: check
CVE-2018-10114 (An issue was discovered in GEGL through 0.3.32. The ...)
- gegl 0.3.34-1
[wheezy] - gegl <no-dsa> (Minor issue)
@@ -1827,8 +1879,8 @@ CVE-2018-9921 (In CMS Made Simple 2.2.7, a Directory Traversal issue makes it po
NOT-FOR-US: CMS Made Simple
CVE-2018-9920
RESERVED
-CVE-2018-9919
- RESERVED
+CVE-2018-9919 (A web-accessible backdoor, with resultant SSRF, exists in Tp-shop ...)
+ TODO: check
CVE-2018-9918 (libqpdf.a in QPDF through 8.0.2 mishandles certain "expected dictionary ...)
- qpdf 8.0.2-3 (bug #895443)
[stretch] - qpdf <no-dsa> (Minor issue)
@@ -4239,8 +4291,8 @@ CVE-2018-8902
RESERVED
CVE-2018-8901
RESERVED
-CVE-2018-8900
- RESERVED
+CVE-2018-8900 (The License Manager service of HASP SRM, Sentinel HASP and Sentinel ...)
+ TODO: check
CVE-2018-8899 (IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.1.3 ...)
NOT-FOR-US: IdentityServer
CVE-2018-8898
@@ -28787,28 +28839,28 @@ CVE-2018-0290
RESERVED
CVE-2018-0289
RESERVED
-CVE-2018-0288
- RESERVED
-CVE-2018-0287
- RESERVED
-CVE-2018-0286
- RESERVED
-CVE-2018-0285
- RESERVED
+CVE-2018-0288 (A vulnerability in Cisco WebEx Recording Format (WRF) Player could ...)
+ TODO: check
+CVE-2018-0287 (A vulnerability in the Cisco WebEx Network Recording Player for ...)
+ TODO: check
+CVE-2018-0286 (A vulnerability in the netconf interface of Cisco IOS XR Software could ...)
+ TODO: check
+CVE-2018-0285 (A vulnerability in service logging for Cisco Prime Service Catalog ...)
+ TODO: check
CVE-2018-0284
RESERVED
-CVE-2018-0283
- RESERVED
+CVE-2018-0283 (A vulnerability in the detection engine of Cisco Firepower System ...)
+ TODO: check
CVE-2018-0282
RESERVED
-CVE-2018-0281
- RESERVED
+CVE-2018-0281 (A vulnerability in the detection engine of Cisco Firepower System ...)
+ TODO: check
CVE-2018-0280
RESERVED
CVE-2018-0279
RESERVED
-CVE-2018-0278
- RESERVED
+CVE-2018-0278 (A vulnerability in the management console of Cisco Firepower System ...)
+ TODO: check
CVE-2018-0277
RESERVED
CVE-2018-0276 (A vulnerability in Cisco WebEx Connect IM could allow an ...)
@@ -28835,20 +28887,20 @@ CVE-2018-0266 (A vulnerability in the web framework of Cisco Unified Communicati
NOT-FOR-US: Cisco
CVE-2018-0265
RESERVED
-CVE-2018-0264
- RESERVED
+CVE-2018-0264 (A vulnerability in the Cisco WebEx Network Recording Player for ...)
+ TODO: check
CVE-2018-0263
RESERVED
-CVE-2018-0262
- RESERVED
+CVE-2018-0262 (A vulnerability in Cisco Meeting Server could allow an unauthenticated, ...)
+ TODO: check
CVE-2018-0261
RESERVED
CVE-2018-0260 (A vulnerability in the web interface of Cisco MATE Live could allow an ...)
NOT-FOR-US: Cisco
CVE-2018-0259 (A vulnerability in the web-based management interface of Cisco MATE ...)
NOT-FOR-US: Cisco
-CVE-2018-0258
- RESERVED
+CVE-2018-0258 (A vulnerability in the Cisco Prime File Upload servlet affecting ...)
+ TODO: check
CVE-2018-0257 (A vulnerability in Cisco IOS XE Software running on Cisco cBR Series ...)
NOT-FOR-US: Cisco
CVE-2018-0256 (A vulnerability in the peer-to-peer message processing functionality of ...)
@@ -28857,24 +28909,24 @@ CVE-2018-0255 (A vulnerability in the device manager web interface of Cisco Indu
NOT-FOR-US: Cisco
CVE-2018-0254 (A vulnerability in the detection engine of Cisco Firepower System ...)
NOT-FOR-US: Cisco
-CVE-2018-0253
- RESERVED
-CVE-2018-0252
- RESERVED
+CVE-2018-0253 (A vulnerability in the ACS Report component of Cisco Secure Access ...)
+ TODO: check
+CVE-2018-0252 (A vulnerability in the IP Version 4 (IPv4) fragment reassembly function ...)
+ TODO: check
CVE-2018-0251 (A vulnerability in the Web Server Authentication Required screen of the ...)
NOT-FOR-US: Cisco
-CVE-2018-0250
- RESERVED
-CVE-2018-0249
- RESERVED
+CVE-2018-0250 (A vulnerability in Central Web Authentication (CWA) with FlexConnect ...)
+ TODO: check
+CVE-2018-0249 (A vulnerability when handling incoming 802.11 Association Requests for ...)
+ TODO: check
CVE-2018-0248
RESERVED
-CVE-2018-0247
- RESERVED
+CVE-2018-0247 (A vulnerability in Web Authentication (WebAuth) clients for the Cisco ...)
+ TODO: check
CVE-2018-0246
RESERVED
-CVE-2018-0245
- RESERVED
+CVE-2018-0245 (A vulnerability in the REST API of Cisco 5500 and 8500 Series Wireless ...)
+ TODO: check
CVE-2018-0244 (A vulnerability in the detection engine of Cisco Firepower System ...)
NOT-FOR-US: Cisco
CVE-2018-0243 (A vulnerability in the detection engine of Cisco Firepower System ...)
@@ -28893,10 +28945,10 @@ CVE-2018-0237 (A vulnerability in the file type detection mechanism of the Cisco
NOT-FOR-US: Cisco
CVE-2018-0236
RESERVED
-CVE-2018-0235
- RESERVED
-CVE-2018-0234
- RESERVED
+CVE-2018-0235 (A vulnerability in the 802.11 frame validation functionality of the ...)
+ TODO: check
+CVE-2018-0234 (A vulnerability in the implementation of Point-to-Point Tunneling ...)
+ TODO: check
CVE-2018-0233 (A vulnerability in the Secure Sockets Layer (SSL) packet reassembly ...)
NOT-FOR-US: Cisco
CVE-2018-0232
@@ -28911,8 +28963,8 @@ CVE-2018-0228 (A vulnerability in the ingress flow creation functionality of Cis
NOT-FOR-US: Cisco
CVE-2018-0227 (A vulnerability in the Secure Sockets Layer (SSL) Virtual Private ...)
NOT-FOR-US: Cisco
-CVE-2018-0226
- RESERVED
+CVE-2018-0226 (A vulnerability in the assignment and management of default user ...)
+ TODO: check
CVE-2018-0225
RESERVED
CVE-2018-0224 (A vulnerability in the CLI of the Cisco StarOS operating system for ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6ce7ca7773d0ee9dee9d2f4bc2577c0a3ea23234
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6ce7ca7773d0ee9dee9d2f4bc2577c0a3ea23234
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180503/3ade1024/attachment.html>
More information about the debian-security-tracker-commits
mailing list