[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu May 3 21:10:35 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f8b0b868 by security tracker role at 2018-05-03T20:10:27+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,35 @@
+CVE-2018-10720
+ RESERVED
+CVE-2018-10719
+ RESERVED
+CVE-2018-10718 (Stack-based buffer overflow in Activision Infinity Ward Call of Duty ...)
+ TODO: check
+CVE-2018-10717 (The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 does not ...)
+ TODO: check
+CVE-2018-10716 (An issue was discovered in Shanghai 2345 Security Guard 3.7.0. ...)
+ TODO: check
+CVE-2018-10715
+ RESERVED
+CVE-2018-10714
+ RESERVED
+CVE-2018-10713 (An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An ...)
+ TODO: check
+CVE-2018-10712
+ RESERVED
+CVE-2018-10711
+ RESERVED
+CVE-2018-10710
+ RESERVED
+CVE-2018-10709
+ RESERVED
+CVE-2018-10708
+ RESERVED
+CVE-2018-10707
+ RESERVED
+CVE-2018-10706
+ RESERVED
+CVE-2018-10705
+ RESERVED
CVE-2018-10704
RESERVED
CVE-2018-10703
@@ -1304,16 +1336,16 @@ CVE-2018-10170 (NordVPN 6.12.7.0 for Windows suffers from a SYSTEM privilege esc
NOT-FOR-US: NordVPN for Windows
CVE-2018-10169 (ProtonVPN 1.3.3 for Windows suffers from a SYSTEM privilege escalation ...)
NOT-FOR-US: ProtonVPN for Windows
-CVE-2018-10168
- RESERVED
-CVE-2018-10167
- RESERVED
-CVE-2018-10166
- RESERVED
-CVE-2018-10165
- RESERVED
-CVE-2018-10164
- RESERVED
+CVE-2018-10168 (TP-Link EAP Controller and Omada Controller versions ...)
+ TODO: check
+CVE-2018-10167 (The web application backup file in the TP-Link EAP Controller and Omada ...)
+ TODO: check
+CVE-2018-10166 (The web management interface in the TP-Link EAP Controller and Omada ...)
+ TODO: check
+CVE-2018-10165 (Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP ...)
+ TODO: check
+CVE-2018-10164 (Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP ...)
+ TODO: check
CVE-2018-10163
RESERVED
CVE-2018-10162
@@ -7954,6 +7986,7 @@ CVE-2018-7490 (uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use o
NOTE: https://github.com/unbit/uwsgi/commit/0a480f435ea6feb63deb410ad2bf376ed3f05f8a
NOTE: https://blog.runesec.com/2018/03/01/uwsgi-path-traversal/
CVE-2018-7489 (FasterXML jackson-databind before 2.8.11.1 and 2.9.x before 2.9.5 ...)
+ {DSA-4190-1}
- jackson-databind 2.9.5-1 (bug #891614)
NOTE: https://github.com/FasterXML/jackson-databind/issues/1931
NOTE: https://github.com/FasterXML/jackson-databind/commit/6799f8f10cc78e9af6d443ed6982d00a13f2e7d2
@@ -14570,6 +14603,7 @@ CVE-2017-1000429 (rui Li finecms 5.0.10 is vulnerable to a reflected XSS in the
CVE-2017-1000428 (flatCore-CMS 1.4.6 is vulnerable to reflected XSS in ...)
NOT-FOR-US: flatCore-CMS
CVE-2017-18026 (Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does ...)
+ {DSA-4191-1}
- redmine 3.4.4-1 (bug #887307)
[jessie] - redmine <end-of-life> (See DSA-4191-1)
[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
@@ -15940,8 +15974,8 @@ CVE-2018-4851
RESERVED
CVE-2018-4850
RESERVED
-CVE-2018-4849
- RESERVED
+CVE-2018-4849 (A vulnerability has been identified in Siveillance VMS Video for ...)
+ TODO: check
CVE-2018-4848
RESERVED
CVE-2018-4847 (A vulnerability has been identified in SIMATIC WinCC OA Operator iOS ...)
@@ -30310,6 +30344,7 @@ CVE-2017-16803 (In Libav through 11.11 and 12.x through 12.1, the smacker_decode
CVE-2017-16802 (In the sharingGroupPopulateOrganisations function in ...)
NOT-FOR-US: MISP
CVE-2017-16804 (In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function ...)
+ {DSA-4191-1}
- redmine 3.4.2-1
[jessie] - redmine <end-of-life> (See DSA-4191-1)
[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
@@ -33804,7 +33839,7 @@ CVE-2017-15533
RESERVED
CVE-2017-15532 (Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a ...)
NOT-FOR-US: Symantec
-CVE-2017-15531 (Symantec Reporter 9.5 prior to 9.5.4.1 and 10.x prior to 10.2 does not ...)
+CVE-2017-15531 (Symantec Reporter 9.5 prior to 9.5.4.1 and 10.1 prior to 10.1.5.5 ...)
NOT-FOR-US: Symantec
CVE-2017-15530 (Prior to 4.4.1.10, the Norton Family Android App can be susceptible to ...)
NOT-FOR-US: Norton
@@ -33841,6 +33876,7 @@ CVE-2017-15515
CVE-2017-15514
RESERVED
CVE-2017-15568 (In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, ...)
+ {DSA-4191-1}
- redmine 3.4.4-1 (bug #882544)
[jessie] - redmine <end-of-life> (See DSA-4191-1)
[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
@@ -33849,6 +33885,7 @@ CVE-2017-15568 (In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.
NOTE: upstream fixed in 3.2.8, 3.3.5 and 3.4.3
NOTE: https://github.com/redmine/redmine/commit/94f7cfbf990028348b9262578acbc53a94fce448
CVE-2017-15569 (In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, ...)
+ {DSA-4191-1}
- redmine 3.4.4-1 (bug #882545)
[jessie] - redmine <end-of-life> (See DSA-4191-1)
[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
@@ -33856,6 +33893,7 @@ CVE-2017-15569 (In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.
NOTE: https://www.redmine.org/issues/27186 (private)
NOTE: https://github.com/redmine/redmine/commit/56c8ee0440d8555aa7822d947ba9091c8a791508
CVE-2017-15570 (In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, ...)
+ {DSA-4191-1}
- redmine 3.4.4-1 (bug #882547)
[jessie] - redmine <end-of-life> (See DSA-4191-1)
[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
@@ -33863,6 +33901,7 @@ CVE-2017-15570 (In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.
NOTE: https://www.redmine.org/issues/27186 (private)
NOTE: https://github.com/redmine/redmine/commit/1a0976417975a128b0a932ba1552c37e9414953b
CVE-2017-15571 (In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, ...)
+ {DSA-4191-1}
- redmine 3.4.4-1 (bug #882548)
[jessie] - redmine <end-of-life> (See DSA-4191-1)
[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
@@ -33870,6 +33909,7 @@ CVE-2017-15571 (In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.
NOTE: https://www.redmine.org/issues/27186 (private)
NOTE: https://github.com/redmine/redmine/commit/273dd9cb3bcfb1e0a0b90570b3b34eafa07d67aa
CVE-2017-15573 (In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists because ...)
+ {DSA-4191-1}
- redmine 3.4.2-1
[jessie] - redmine <end-of-life> (See DSA-4191-1)
[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
@@ -33877,6 +33917,7 @@ CVE-2017-15573 (In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists becau
NOTE: https://www.redmine.org/issues/25503 (private)
NOTE: upstream fixed in 3.2.6 and 3.3.3
CVE-2017-15572 (In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can ...)
+ {DSA-4191-1}
- redmine 3.4.2-1
[jessie] - redmine <end-of-life> (See DSA-4191-1)
[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
@@ -33884,6 +33925,7 @@ CVE-2017-15572 (In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers
NOTE: https://www.redmine.org/issues/24416 (private)
NOTE: upstream fixed in 3.2.6 and 3.3.3
CVE-2017-15575 (In Redmine before 3.2.6 and 3.3.x before 3.3.3, Redmine.pm lacks a ...)
+ {DSA-4191-1}
- redmine 3.4.2-1
[jessie] - redmine <end-of-life> (See DSA-4191-1)
[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
@@ -33891,6 +33933,7 @@ CVE-2017-15575 (In Redmine before 3.2.6 and 3.3.x before 3.3.3, Redmine.pm lacks
NOTE: https://www.redmine.org/issues/24307 (private)
NOTE: upstream fixed in 3.2.6 and 3.3.3
CVE-2017-15574 (In Redmine before 3.2.6 and 3.3.x before 3.3.3, stored XSS is possible ...)
+ {DSA-4191-1}
- redmine 3.4.2-1
[jessie] - redmine <end-of-life> (See DSA-4191-1)
[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
@@ -33898,6 +33941,7 @@ CVE-2017-15574 (In Redmine before 3.2.6 and 3.3.x before 3.3.3, stored XSS is po
NOTE: https://www.redmine.org/issues/24199 (private)
NOTE: upstream fixed in 3.2.6 and 3.3.3
CVE-2017-15576 (Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry ...)
+ {DSA-4191-1}
- redmine 3.4.2-1
[jessie] - redmine <end-of-life> (See DSA-4191-1)
[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
@@ -33905,6 +33949,7 @@ CVE-2017-15576 (Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entr
NOTE: https://www.redmine.org/issues/23803 (private)
NOTE: upstream fixed in 3.2.6 and 3.3.3
CVE-2017-15577 (Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering of ...)
+ {DSA-4191-1}
- redmine 3.4.2-1
[jessie] - redmine <end-of-life> (See DSA-4191-1)
[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
@@ -42596,7 +42641,7 @@ CVE-2017-12743
RESERVED
CVE-2017-12742
RESERVED
-CVE-2017-12741 (A vulnerability has been identified in SIMATIC S7-200 Smart (All ...)
+CVE-2017-12741 (A vulnerability has been identified in SINAMICS GH150 V4.7 w. PROFINET ...)
NOT-FOR-US: Siemens
CVE-2017-12740 (Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity ...)
NOT-FOR-US: Siemens
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f8b0b8680a32eee3abdf46d709c17854edbbeb25
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f8b0b8680a32eee3abdf46d709c17854edbbeb25
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180503/fa771c5c/attachment.html>
More information about the debian-security-tracker-commits
mailing list