[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue May 8 21:10:27 BST 2018


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ba443f4f by security tracker role at 2018-05-08T20:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,39 @@
+CVE-2018-10813
+	RESERVED
+CVE-2018-10812 (The Bitpie application through 3.2.4 for Android and iOS uses cleartext ...)
+	TODO: check
+CVE-2018-10811
+	RESERVED
+CVE-2018-10810
+	RESERVED
+CVE-2018-10809 (In 2345 Security Guard 3.7, the driver file (2345NetFirewall.sys) ...)
+	TODO: check
+CVE-2018-10808
+	RESERVED
+CVE-2018-10807
+	RESERVED
+CVE-2018-10806 (An issue was discovered in Frog CMS 0.9.5. There is a reflected Cross ...)
+	TODO: check
+CVE-2018-10805 (ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage ...)
+	TODO: check
+CVE-2018-10804 (ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage ...)
+	TODO: check
+CVE-2018-10803
+	RESERVED
+CVE-2018-1000301
+	RESERVED
+CVE-2018-1000300
+	RESERVED
+CVE-2018-1000177 (A cross-site scripting vulnerability exists in Jenkins S3 Plugin ...)
+	TODO: check
+CVE-2018-1000176 (An exposure of sensitive information vulnerability exists in Jenkins ...)
+	TODO: check
+CVE-2018-1000175 (A path traversal vulnerability exists in Jenkins HTML Publisher Plugin ...)
+	TODO: check
+CVE-2018-1000174 (An open redirect vulnerability exists in Jenkins Google Login Plugin ...)
+	TODO: check
+CVE-2018-1000173 (A session fixaction vulnerability exists in Jenkins Google Login ...)
+	TODO: check
 CVE-2018-10802
 	RESERVED
 CVE-2018-10801 (TIFFClientOpen in tif_unix.c in LibTIFF 3.8.2 has memory leaks, as ...)
@@ -167,8 +203,8 @@ CVE-2018-10736
 	RESERVED
 CVE-2018-10735
 	RESERVED
-CVE-2018-10734
-	RESERVED
+CVE-2018-10734 (KONGTOP DVR devices A303, A403, D303, D305, and D403 contain a ...)
+	TODO: check
 CVE-2018-10733 (There is a heap-based buffer over-read in the function ...)
 	- libgxps <unfixed> (low; bug #897954)
 	[wheezy] - libgxps <ignored> (Minor issue)
@@ -996,8 +1032,7 @@ CVE-2018-10382
 	RESERVED
 CVE-2018-10381 (TunnelBear 3.2.0.6 for Windows suffers from a SYSTEM privilege ...)
 	NOT-FOR-US: TunnelBear for Windows
-CVE-2018-10380 [Access to privileged files]
-	RESERVED
+CVE-2018-10380 (kwallet-pam in KDE KWallet before 5.12.6 allows local users to obtain ...)
 	- kwallet-pam 5.12.1-2
 	NOTE: https://www.kde.org/info/security/advisory-20180503-1.txt
 	NOTE: https://commits.kde.org/kwallet-pam/2134dec85ce19d6378d03cddfae9e5e464cb24c0 (Plasma 5.12)
@@ -1034,13 +1069,13 @@ CVE-2018-10372 (process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remot
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6aea08d9f3e3d6475a65454da488a0c51f5dc97d
 CVE-2018-10371 (An issue was discovered in the wunderfarm WF Cookie Consent plugin ...)
 	NOT-FOR-US: wunderfarm WF Cookie Consent plugin for WordPress
-CVE-2018-1000178 [Implement custom deserializer to add our own sanity checks]
+CVE-2018-1000178 (A heap corruption of type CWE-120 exists in quassel version 0.12.4 in ...)
 	{DSA-4189-1 DLA-1370-1}
 	- quassel 1:0.12.5-1 (bug #896914)
 	NOTE: https://github.com/quassel/quassel/commit/2b777e99fc9f74d4ed21491710260664a1721d1f (master)
 	NOTE: https://github.com/quassel/quassel/commit/18389a713a6810f57ab237b945e8ee03df857b8b (0.12)
 	NOTE: http://www.openwall.com/lists/oss-security/2018/04/27/1
-CVE-2018-1000179 [Reject clients that attempt to login before the core is configured]
+CVE-2018-1000179 (A NULL Pointer Dereference of CWE-476 exists in quassel version 0.12.4 ...)
 	{DSA-4189-1}
 	- quassel 1:0.12.5-1 (bug #896915)
 	[wheezy] - quassel <no-dsa> (Minor issue)
@@ -2276,8 +2311,7 @@ CVE-2018-9860 (An issue was discovered in Botan 1.11.32 through 2.x before 2.6.0
 	NOTE: Bug introduced in 1.11.32, fixed in 2.6.0
 CVE-2018-9859
 	RESERVED
-CVE-2018-1000168 [Denial of service due to NULL pointer dereference]
-	RESERVED
+CVE-2018-1000168 (nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper ...)
 	- nghttp2 1.31.1-1 (low; bug #895566)
 	[stretch] - nghttp2 <no-dsa> (Minor issue)
 	[jessie] - nghttp2 <not-affected> (Issue introduced in 1.10.0)
@@ -4569,8 +4603,7 @@ CVE-2018-8899 (IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.
 	NOT-FOR-US: IdentityServer
 CVE-2018-8898
 	RESERVED
-CVE-2018-8897 [error in exception handling leads to DoS]
-	RESERVED
+CVE-2018-8897 (A statement in the System Programming Guide of the Intel 64 and IA-32 ...)
 	- linux 4.15.17-1
 	NOTE: Fixed by: https://git.kernel.org/linus/d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9 (4.16-rc7)
 	- xen <unfixed>
@@ -10036,10 +10069,10 @@ CVE-2018-6923
 	RESERVED
 CVE-2018-6922
 	RESERVED
-CVE-2018-6921
-	RESERVED
-CVE-2018-6920
-	RESERVED
+CVE-2018-6921 (In FreeBSD before 11.1-STABLE(r332066) and 11.1-RELEASE-p10, due to ...)
+	TODO: check
+CVE-2018-6920 (In FreeBSD before 11.1-STABLE(r332303), 11.1-RELEASE-p10, ...)
+	TODO: check
 CVE-2018-6919 (In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, ...)
 	- kfreebsd-10 <unfixed> (unimportant)
 	NOTE: https://security.FreeBSD.org/advisories/FreeBSD-EN-18:04.mem.asc
@@ -11290,10 +11323,10 @@ CVE-2018-6513
 	RESERVED
 CVE-2018-6512
 	RESERVED
-CVE-2018-6511
-	RESERVED
-CVE-2018-6510
-	RESERVED
+CVE-2018-6511 (A cross-site scripting vulnerability in Puppet Enterprise Console of ...)
+	TODO: check
+CVE-2018-6510 (A cross-site scripting vulnerability in Puppet Enterprise Console of ...)
+	TODO: check
 CVE-2018-6509
 	RESERVED
 CVE-2018-6508 (Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a ...)
@@ -25802,10 +25835,10 @@ CVE-2018-1250
 	RESERVED
 CVE-2018-1249
 	RESERVED
-CVE-2018-1248
-	RESERVED
-CVE-2018-1247
-	RESERVED
+CVE-2018-1248 (RSA Authentication Manager Security Console, Operation Console and ...)
+	TODO: check
+CVE-2018-1247 (RSA Authentication Manager Security Console, version 8.3 and earlier, ...)
+	TODO: check
 CVE-2018-1246
 	RESERVED
 CVE-2018-1245
@@ -25820,8 +25853,8 @@ CVE-2018-1241
 	RESERVED
 CVE-2018-1240 (Dell EMC ViPR Controller, versions after 3.0.0.38, contain an ...)
 	NOT-FOR-US: EMC ViPR Controller
-CVE-2018-1239
-	RESERVED
+CVE-2018-1239 (Dell EMC Unity Operating Environment (OE) versions prior to ...)
+	TODO: check
 CVE-2018-1238 (Dell EMC ScaleIO versions prior to 2.5, contain a command injection ...)
 	NOT-FOR-US: EMC ScaleIO
 CVE-2018-1237 (Dell EMC ScaleIO versions prior to 2.5, contain improper restriction ...)
@@ -28585,6 +28618,7 @@ CVE-2018-0496
 CVE-2018-0495
 	RESERVED
 CVE-2018-0494 (GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in ...)
+	{DSA-4195-1}
 	- wget 1.19.5-1 (bug #898076)
 	NOTE: https://lists.gnu.org/archive/html/bug-wget/2018-05/msg00020.html
 	NOTE: https://savannah.gnu.org/bugs/?53763
@@ -74213,8 +74247,7 @@ CVE-2017-2612
 	RESERVED
 	- jenkins <removed>
 	NOTE: https://jenkins.io/security/advisory/2017-02-01/
-CVE-2017-2611
-	RESERVED
+CVE-2017-2611 (Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient ...)
 	- jenkins <removed>
 	NOTE: https://jenkins.io/security/advisory/2017-02-01/
 CVE-2017-2610
@@ -74277,13 +74310,11 @@ CVE-2017-2596 (The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the 
 CVE-2017-2595
 	RESERVED
 	- wildfly <itp> (bug #752018)
-CVE-2017-2594
-	RESERVED
+CVE-2017-2594 (hawtio before versions 2.0-beta-1, 2.0-beta-2 2.0-m1, 2.0-m2, 2.0-m3, ...)
 	NOT-FOR-US: hawtio
 CVE-2017-2593
 	RESERVED
-CVE-2017-2592 [CatchErrors leaks sensitive values in oslo.middleware]
-	RESERVED
+CVE-2017-2592 (python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is ...)
 	- python-oslo.middleware 3.19.0-3 (bug #852742)
 	NOTE: https://launchpad.net/bugs/1628031
 CVE-2017-2591 (389-ds-base before version 1.3.6 is vulnerable to an improperly NULL ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ba443f4f37342d086c73ede0e7115750ae788861

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ba443f4f37342d086c73ede0e7115750ae788861
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180508/543f961f/attachment.html>


More information about the debian-security-tracker-commits mailing list