[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Thu May 3 21:10:35 BST 2018


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f8b0b868 by security tracker role at 2018-05-03T20:10:27+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,35 @@
+CVE-2018-10720
+	RESERVED
+CVE-2018-10719
+	RESERVED
+CVE-2018-10718 (Stack-based buffer overflow in Activision Infinity Ward Call of Duty ...)
+	TODO: check
+CVE-2018-10717 (The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 does not ...)
+	TODO: check
+CVE-2018-10716 (An issue was discovered in Shanghai 2345 Security Guard 3.7.0. ...)
+	TODO: check
+CVE-2018-10715
+	RESERVED
+CVE-2018-10714
+	RESERVED
+CVE-2018-10713 (An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An ...)
+	TODO: check
+CVE-2018-10712
+	RESERVED
+CVE-2018-10711
+	RESERVED
+CVE-2018-10710
+	RESERVED
+CVE-2018-10709
+	RESERVED
+CVE-2018-10708
+	RESERVED
+CVE-2018-10707
+	RESERVED
+CVE-2018-10706
+	RESERVED
+CVE-2018-10705
+	RESERVED
 CVE-2018-10704
 	RESERVED
 CVE-2018-10703
@@ -1304,16 +1336,16 @@ CVE-2018-10170 (NordVPN 6.12.7.0 for Windows suffers from a SYSTEM privilege esc
 	NOT-FOR-US: NordVPN for Windows
 CVE-2018-10169 (ProtonVPN 1.3.3 for Windows suffers from a SYSTEM privilege escalation ...)
 	NOT-FOR-US: ProtonVPN for Windows
-CVE-2018-10168
-	RESERVED
-CVE-2018-10167
-	RESERVED
-CVE-2018-10166
-	RESERVED
-CVE-2018-10165
-	RESERVED
-CVE-2018-10164
-	RESERVED
+CVE-2018-10168 (TP-Link EAP Controller and Omada Controller versions ...)
+	TODO: check
+CVE-2018-10167 (The web application backup file in the TP-Link EAP Controller and Omada ...)
+	TODO: check
+CVE-2018-10166 (The web management interface in the TP-Link EAP Controller and Omada ...)
+	TODO: check
+CVE-2018-10165 (Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP ...)
+	TODO: check
+CVE-2018-10164 (Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP ...)
+	TODO: check
 CVE-2018-10163
 	RESERVED
 CVE-2018-10162
@@ -7954,6 +7986,7 @@ CVE-2018-7490 (uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use o
 	NOTE: https://github.com/unbit/uwsgi/commit/0a480f435ea6feb63deb410ad2bf376ed3f05f8a
 	NOTE: https://blog.runesec.com/2018/03/01/uwsgi-path-traversal/
 CVE-2018-7489 (FasterXML jackson-databind before 2.8.11.1 and 2.9.x before 2.9.5 ...)
+	{DSA-4190-1}
 	- jackson-databind 2.9.5-1 (bug #891614)
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/1931
 	NOTE: https://github.com/FasterXML/jackson-databind/commit/6799f8f10cc78e9af6d443ed6982d00a13f2e7d2
@@ -14570,6 +14603,7 @@ CVE-2017-1000429 (rui Li finecms 5.0.10 is vulnerable to a reflected XSS in the 
 CVE-2017-1000428 (flatCore-CMS 1.4.6 is vulnerable to reflected XSS in ...)
 	NOT-FOR-US: flatCore-CMS
 CVE-2017-18026 (Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does ...)
+	{DSA-4191-1}
 	- redmine 3.4.4-1 (bug #887307)
 	[jessie] - redmine <end-of-life> (See DSA-4191-1)
 	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
@@ -15940,8 +15974,8 @@ CVE-2018-4851
 	RESERVED
 CVE-2018-4850
 	RESERVED
-CVE-2018-4849
-	RESERVED
+CVE-2018-4849 (A vulnerability has been identified in Siveillance VMS Video for ...)
+	TODO: check
 CVE-2018-4848
 	RESERVED
 CVE-2018-4847 (A vulnerability has been identified in SIMATIC WinCC OA Operator iOS ...)
@@ -30310,6 +30344,7 @@ CVE-2017-16803 (In Libav through 11.11 and 12.x through 12.1, the smacker_decode
 CVE-2017-16802 (In the sharingGroupPopulateOrganisations function in ...)
 	NOT-FOR-US: MISP
 CVE-2017-16804 (In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function ...)
+	{DSA-4191-1}
 	- redmine 3.4.2-1
 	[jessie] - redmine <end-of-life> (See DSA-4191-1)
 	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
@@ -33804,7 +33839,7 @@ CVE-2017-15533
 	RESERVED
 CVE-2017-15532 (Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a ...)
 	NOT-FOR-US: Symantec
-CVE-2017-15531 (Symantec Reporter 9.5 prior to 9.5.4.1 and 10.x prior to 10.2 does not ...)
+CVE-2017-15531 (Symantec Reporter 9.5 prior to 9.5.4.1 and 10.1 prior to 10.1.5.5 ...)
 	NOT-FOR-US: Symantec
 CVE-2017-15530 (Prior to 4.4.1.10, the Norton Family Android App can be susceptible to ...)
 	NOT-FOR-US: Norton
@@ -33841,6 +33876,7 @@ CVE-2017-15515
 CVE-2017-15514
 	RESERVED
 CVE-2017-15568 (In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, ...)
+	{DSA-4191-1}
 	- redmine 3.4.4-1 (bug #882544)
 	[jessie] - redmine <end-of-life> (See DSA-4191-1)
 	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
@@ -33849,6 +33885,7 @@ CVE-2017-15568 (In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.
 	NOTE: upstream fixed in 3.2.8, 3.3.5 and 3.4.3
 	NOTE: https://github.com/redmine/redmine/commit/94f7cfbf990028348b9262578acbc53a94fce448
 CVE-2017-15569 (In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, ...)
+	{DSA-4191-1}
 	- redmine 3.4.4-1 (bug #882545)
 	[jessie] - redmine <end-of-life> (See DSA-4191-1)
 	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
@@ -33856,6 +33893,7 @@ CVE-2017-15569 (In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.
 	NOTE: https://www.redmine.org/issues/27186 (private)
 	NOTE: https://github.com/redmine/redmine/commit/56c8ee0440d8555aa7822d947ba9091c8a791508
 CVE-2017-15570 (In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, ...)
+	{DSA-4191-1}
 	- redmine 3.4.4-1 (bug #882547)
 	[jessie] - redmine <end-of-life> (See DSA-4191-1)
 	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
@@ -33863,6 +33901,7 @@ CVE-2017-15570 (In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.
 	NOTE: https://www.redmine.org/issues/27186 (private)
 	NOTE: https://github.com/redmine/redmine/commit/1a0976417975a128b0a932ba1552c37e9414953b
 CVE-2017-15571 (In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, ...)
+	{DSA-4191-1}
 	- redmine 3.4.4-1 (bug #882548)
 	[jessie] - redmine <end-of-life> (See DSA-4191-1)
 	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
@@ -33870,6 +33909,7 @@ CVE-2017-15571 (In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.
 	NOTE: https://www.redmine.org/issues/27186 (private)
 	NOTE: https://github.com/redmine/redmine/commit/273dd9cb3bcfb1e0a0b90570b3b34eafa07d67aa
 CVE-2017-15573 (In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists because ...)
+	{DSA-4191-1}
 	- redmine 3.4.2-1
 	[jessie] - redmine <end-of-life> (See DSA-4191-1)
 	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
@@ -33877,6 +33917,7 @@ CVE-2017-15573 (In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists becau
 	NOTE: https://www.redmine.org/issues/25503 (private)
 	NOTE: upstream fixed in 3.2.6 and 3.3.3
 CVE-2017-15572 (In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can ...)
+	{DSA-4191-1}
 	- redmine 3.4.2-1
 	[jessie] - redmine <end-of-life> (See DSA-4191-1)
 	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
@@ -33884,6 +33925,7 @@ CVE-2017-15572 (In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers
 	NOTE: https://www.redmine.org/issues/24416 (private)
 	NOTE: upstream fixed in 3.2.6 and 3.3.3
 CVE-2017-15575 (In Redmine before 3.2.6 and 3.3.x before 3.3.3, Redmine.pm lacks a ...)
+	{DSA-4191-1}
 	- redmine 3.4.2-1
 	[jessie] - redmine <end-of-life> (See DSA-4191-1)
 	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
@@ -33891,6 +33933,7 @@ CVE-2017-15575 (In Redmine before 3.2.6 and 3.3.x before 3.3.3, Redmine.pm lacks
 	NOTE: https://www.redmine.org/issues/24307 (private)
 	NOTE: upstream fixed in 3.2.6 and 3.3.3
 CVE-2017-15574 (In Redmine before 3.2.6 and 3.3.x before 3.3.3, stored XSS is possible ...)
+	{DSA-4191-1}
 	- redmine 3.4.2-1
 	[jessie] - redmine <end-of-life> (See DSA-4191-1)
 	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
@@ -33898,6 +33941,7 @@ CVE-2017-15574 (In Redmine before 3.2.6 and 3.3.x before 3.3.3, stored XSS is po
 	NOTE: https://www.redmine.org/issues/24199 (private)
 	NOTE: upstream fixed in 3.2.6 and 3.3.3
 CVE-2017-15576 (Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry ...)
+	{DSA-4191-1}
 	- redmine 3.4.2-1
 	[jessie] - redmine <end-of-life> (See DSA-4191-1)
 	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
@@ -33905,6 +33949,7 @@ CVE-2017-15576 (Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entr
 	NOTE: https://www.redmine.org/issues/23803 (private)
 	NOTE: upstream fixed in 3.2.6 and 3.3.3
 CVE-2017-15577 (Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering of ...)
+	{DSA-4191-1}
 	- redmine 3.4.2-1
 	[jessie] - redmine <end-of-life> (See DSA-4191-1)
 	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
@@ -42596,7 +42641,7 @@ CVE-2017-12743
 	RESERVED
 CVE-2017-12742
 	RESERVED
-CVE-2017-12741 (A vulnerability has been identified in SIMATIC S7-200 Smart (All ...)
+CVE-2017-12741 (A vulnerability has been identified in SINAMICS GH150 V4.7 w. PROFINET ...)
 	NOT-FOR-US: Siemens
 CVE-2017-12740 (Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity ...)
 	NOT-FOR-US: Siemens



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f8b0b8680a32eee3abdf46d709c17854edbbeb25

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f8b0b8680a32eee3abdf46d709c17854edbbeb25
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180503/fa771c5c/attachment.html>


More information about the debian-security-tracker-commits mailing list