[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue May 8 21:10:27 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ba443f4f by security tracker role at 2018-05-08T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,39 @@
+CVE-2018-10813
+ RESERVED
+CVE-2018-10812 (The Bitpie application through 3.2.4 for Android and iOS uses cleartext ...)
+ TODO: check
+CVE-2018-10811
+ RESERVED
+CVE-2018-10810
+ RESERVED
+CVE-2018-10809 (In 2345 Security Guard 3.7, the driver file (2345NetFirewall.sys) ...)
+ TODO: check
+CVE-2018-10808
+ RESERVED
+CVE-2018-10807
+ RESERVED
+CVE-2018-10806 (An issue was discovered in Frog CMS 0.9.5. There is a reflected Cross ...)
+ TODO: check
+CVE-2018-10805 (ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage ...)
+ TODO: check
+CVE-2018-10804 (ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage ...)
+ TODO: check
+CVE-2018-10803
+ RESERVED
+CVE-2018-1000301
+ RESERVED
+CVE-2018-1000300
+ RESERVED
+CVE-2018-1000177 (A cross-site scripting vulnerability exists in Jenkins S3 Plugin ...)
+ TODO: check
+CVE-2018-1000176 (An exposure of sensitive information vulnerability exists in Jenkins ...)
+ TODO: check
+CVE-2018-1000175 (A path traversal vulnerability exists in Jenkins HTML Publisher Plugin ...)
+ TODO: check
+CVE-2018-1000174 (An open redirect vulnerability exists in Jenkins Google Login Plugin ...)
+ TODO: check
+CVE-2018-1000173 (A session fixaction vulnerability exists in Jenkins Google Login ...)
+ TODO: check
CVE-2018-10802
RESERVED
CVE-2018-10801 (TIFFClientOpen in tif_unix.c in LibTIFF 3.8.2 has memory leaks, as ...)
@@ -167,8 +203,8 @@ CVE-2018-10736
RESERVED
CVE-2018-10735
RESERVED
-CVE-2018-10734
- RESERVED
+CVE-2018-10734 (KONGTOP DVR devices A303, A403, D303, D305, and D403 contain a ...)
+ TODO: check
CVE-2018-10733 (There is a heap-based buffer over-read in the function ...)
- libgxps <unfixed> (low; bug #897954)
[wheezy] - libgxps <ignored> (Minor issue)
@@ -996,8 +1032,7 @@ CVE-2018-10382
RESERVED
CVE-2018-10381 (TunnelBear 3.2.0.6 for Windows suffers from a SYSTEM privilege ...)
NOT-FOR-US: TunnelBear for Windows
-CVE-2018-10380 [Access to privileged files]
- RESERVED
+CVE-2018-10380 (kwallet-pam in KDE KWallet before 5.12.6 allows local users to obtain ...)
- kwallet-pam 5.12.1-2
NOTE: https://www.kde.org/info/security/advisory-20180503-1.txt
NOTE: https://commits.kde.org/kwallet-pam/2134dec85ce19d6378d03cddfae9e5e464cb24c0 (Plasma 5.12)
@@ -1034,13 +1069,13 @@ CVE-2018-10372 (process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remot
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6aea08d9f3e3d6475a65454da488a0c51f5dc97d
CVE-2018-10371 (An issue was discovered in the wunderfarm WF Cookie Consent plugin ...)
NOT-FOR-US: wunderfarm WF Cookie Consent plugin for WordPress
-CVE-2018-1000178 [Implement custom deserializer to add our own sanity checks]
+CVE-2018-1000178 (A heap corruption of type CWE-120 exists in quassel version 0.12.4 in ...)
{DSA-4189-1 DLA-1370-1}
- quassel 1:0.12.5-1 (bug #896914)
NOTE: https://github.com/quassel/quassel/commit/2b777e99fc9f74d4ed21491710260664a1721d1f (master)
NOTE: https://github.com/quassel/quassel/commit/18389a713a6810f57ab237b945e8ee03df857b8b (0.12)
NOTE: http://www.openwall.com/lists/oss-security/2018/04/27/1
-CVE-2018-1000179 [Reject clients that attempt to login before the core is configured]
+CVE-2018-1000179 (A NULL Pointer Dereference of CWE-476 exists in quassel version 0.12.4 ...)
{DSA-4189-1}
- quassel 1:0.12.5-1 (bug #896915)
[wheezy] - quassel <no-dsa> (Minor issue)
@@ -2276,8 +2311,7 @@ CVE-2018-9860 (An issue was discovered in Botan 1.11.32 through 2.x before 2.6.0
NOTE: Bug introduced in 1.11.32, fixed in 2.6.0
CVE-2018-9859
RESERVED
-CVE-2018-1000168 [Denial of service due to NULL pointer dereference]
- RESERVED
+CVE-2018-1000168 (nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper ...)
- nghttp2 1.31.1-1 (low; bug #895566)
[stretch] - nghttp2 <no-dsa> (Minor issue)
[jessie] - nghttp2 <not-affected> (Issue introduced in 1.10.0)
@@ -4569,8 +4603,7 @@ CVE-2018-8899 (IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.
NOT-FOR-US: IdentityServer
CVE-2018-8898
RESERVED
-CVE-2018-8897 [error in exception handling leads to DoS]
- RESERVED
+CVE-2018-8897 (A statement in the System Programming Guide of the Intel 64 and IA-32 ...)
- linux 4.15.17-1
NOTE: Fixed by: https://git.kernel.org/linus/d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9 (4.16-rc7)
- xen <unfixed>
@@ -10036,10 +10069,10 @@ CVE-2018-6923
RESERVED
CVE-2018-6922
RESERVED
-CVE-2018-6921
- RESERVED
-CVE-2018-6920
- RESERVED
+CVE-2018-6921 (In FreeBSD before 11.1-STABLE(r332066) and 11.1-RELEASE-p10, due to ...)
+ TODO: check
+CVE-2018-6920 (In FreeBSD before 11.1-STABLE(r332303), 11.1-RELEASE-p10, ...)
+ TODO: check
CVE-2018-6919 (In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, ...)
- kfreebsd-10 <unfixed> (unimportant)
NOTE: https://security.FreeBSD.org/advisories/FreeBSD-EN-18:04.mem.asc
@@ -11290,10 +11323,10 @@ CVE-2018-6513
RESERVED
CVE-2018-6512
RESERVED
-CVE-2018-6511
- RESERVED
-CVE-2018-6510
- RESERVED
+CVE-2018-6511 (A cross-site scripting vulnerability in Puppet Enterprise Console of ...)
+ TODO: check
+CVE-2018-6510 (A cross-site scripting vulnerability in Puppet Enterprise Console of ...)
+ TODO: check
CVE-2018-6509
RESERVED
CVE-2018-6508 (Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a ...)
@@ -25802,10 +25835,10 @@ CVE-2018-1250
RESERVED
CVE-2018-1249
RESERVED
-CVE-2018-1248
- RESERVED
-CVE-2018-1247
- RESERVED
+CVE-2018-1248 (RSA Authentication Manager Security Console, Operation Console and ...)
+ TODO: check
+CVE-2018-1247 (RSA Authentication Manager Security Console, version 8.3 and earlier, ...)
+ TODO: check
CVE-2018-1246
RESERVED
CVE-2018-1245
@@ -25820,8 +25853,8 @@ CVE-2018-1241
RESERVED
CVE-2018-1240 (Dell EMC ViPR Controller, versions after 3.0.0.38, contain an ...)
NOT-FOR-US: EMC ViPR Controller
-CVE-2018-1239
- RESERVED
+CVE-2018-1239 (Dell EMC Unity Operating Environment (OE) versions prior to ...)
+ TODO: check
CVE-2018-1238 (Dell EMC ScaleIO versions prior to 2.5, contain a command injection ...)
NOT-FOR-US: EMC ScaleIO
CVE-2018-1237 (Dell EMC ScaleIO versions prior to 2.5, contain improper restriction ...)
@@ -28585,6 +28618,7 @@ CVE-2018-0496
CVE-2018-0495
RESERVED
CVE-2018-0494 (GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in ...)
+ {DSA-4195-1}
- wget 1.19.5-1 (bug #898076)
NOTE: https://lists.gnu.org/archive/html/bug-wget/2018-05/msg00020.html
NOTE: https://savannah.gnu.org/bugs/?53763
@@ -74213,8 +74247,7 @@ CVE-2017-2612
RESERVED
- jenkins <removed>
NOTE: https://jenkins.io/security/advisory/2017-02-01/
-CVE-2017-2611
- RESERVED
+CVE-2017-2611 (Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient ...)
- jenkins <removed>
NOTE: https://jenkins.io/security/advisory/2017-02-01/
CVE-2017-2610
@@ -74277,13 +74310,11 @@ CVE-2017-2596 (The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the
CVE-2017-2595
RESERVED
- wildfly <itp> (bug #752018)
-CVE-2017-2594
- RESERVED
+CVE-2017-2594 (hawtio before versions 2.0-beta-1, 2.0-beta-2 2.0-m1, 2.0-m2, 2.0-m3, ...)
NOT-FOR-US: hawtio
CVE-2017-2593
RESERVED
-CVE-2017-2592 [CatchErrors leaks sensitive values in oslo.middleware]
- RESERVED
+CVE-2017-2592 (python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is ...)
- python-oslo.middleware 3.19.0-3 (bug #852742)
NOTE: https://launchpad.net/bugs/1628031
CVE-2017-2591 (389-ds-base before version 1.3.6 is vulnerable to an improperly NULL ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ba443f4f37342d086c73ede0e7115750ae788861
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ba443f4f37342d086c73ede0e7115750ae788861
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180508/543f961f/attachment.html>
More information about the debian-security-tracker-commits
mailing list