[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Thu May 10 09:12:28 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8d65658f by security tracker role at 2018-05-10T08:12:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,41 @@
+CVE-2018-10964
+	RESERVED
+CVE-2018-10963 (The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF ...)
+	TODO: check
+CVE-2018-10962 (An issue was discovered in Shanghai 2345 Security Guard 3.7.0. ...)
+	TODO: check
+CVE-2018-10961
+	RESERVED
+CVE-2018-10960
+	RESERVED
+CVE-2018-10959
+	RESERVED
+CVE-2018-10958 (In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT ...)
+	TODO: check
+CVE-2018-10957 (CSRF exists on D-Link DIR-868L devices, leading to (for example) a ...)
+	TODO: check
+CVE-2018-10956
+	RESERVED
+CVE-2018-10955 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 ...)
+	TODO: check
+CVE-2018-10954 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 ...)
+	TODO: check
+CVE-2018-10953 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 ...)
+	TODO: check
+CVE-2018-10952 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 ...)
+	TODO: check
+CVE-2018-10951 (mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before ...)
+	TODO: check
+CVE-2018-10950 (mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before ...)
+	TODO: check
+CVE-2018-10949 (mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before ...)
+	TODO: check
+CVE-2018-10948
+	RESERVED
+CVE-2018-10947
+	RESERVED
+CVE-2018-10946
+	RESERVED
 CVE-2018-XXXX [Argument injection in xdg-open open_envvar]
 	- xdg-utils <unfixed> (bug #898317)
 	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=103807
@@ -8,8 +46,8 @@ CVE-2018-10944
 	RESERVED
 CVE-2018-10943
 	RESERVED
-CVE-2018-10942
-	RESERVED
+CVE-2018-10942 (modules/attributewizardpro/file_upload.php in the Attribute Wizard ...)
+	TODO: check
 CVE-2018-10941
 	RESERVED
 CVE-2018-10940 (The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the ...)
@@ -1488,8 +1526,8 @@ CVE-2018-10316 (Netwide Assembler (NASM) 2.14rc0 has an endless while loop in th
 	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392474
 CVE-2018-10315
 	RESERVED
-CVE-2018-10314
-	RESERVED
+CVE-2018-10314 (Cross-site scripting (XSS) vulnerability in Open-AudIT Community 2.2.0 ...)
+	TODO: check
 CVE-2018-10313 (WUZHI CMS 4.1.0 allows persistent XSS via the form%5Bqq_10%5D parameter ...)
 	NOT-FOR-US: WUZHI CMS
 CVE-2018-10312 (index.php?m=member&v=pw_reset in WUZHI CMS 4.1.0 allows CSRF to change ...)
@@ -4342,10 +4380,10 @@ CVE-2018-9114
 	RESERVED
 CVE-2018-9113 (Centers for Disease Control and Prevention MicrobeTRACE 0.1.12 allows ...)
 	NOT-FOR-US: Centers for Disease Control and Prevention MicrobeTRACE
-CVE-2018-9112
-	RESERVED
-CVE-2018-9111
-	RESERVED
+CVE-2018-9112 (A low privileged admin account with a weak default password of admin ...)
+	TODO: check
+CVE-2018-9111 (Cross Site Scripting (XSS) exists on the Foxconn FEMTO AP-FC4064-T ...)
+	TODO: check
 CVE-2018-9110 (Studio 42 elFinder before 2.1.37 on Windows has Directory Traversal via ...)
 	NOT-FOR-US: Studio 42 elFinder
 CVE-2018-9109 (Studio 42 elFinder before 2.1.36 has Directory Traversal via the ...)
@@ -4995,8 +5033,8 @@ CVE-2018-8862
 	RESERVED
 CVE-2018-8861 (Vulnerabilities within the Philips Brilliance CT kiosk environment ...)
 	NOT-FOR-US: Philips Brilliance
-CVE-2018-8860
-	RESERVED
+CVE-2018-8860 (In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker may be ...)
+	TODO: check
 CVE-2018-8859
 	RESERVED
 CVE-2018-8858
@@ -5076,8 +5114,8 @@ CVE-2018-8826 (ASUS RT-AC51U, RT-AC58U, RT-AC66U, RT-AC1750, RT-ACRH13, and RT-N
 	NOT-FOR-US: ASUS routers
 CVE-2018-8825
 	RESERVED
-CVE-2018-8824
-	RESERVED
+CVE-2018-8824 (modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu ...)
+	TODO: check
 CVE-2018-8823 (modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu ...)
 	NOT-FOR-US: Responsive Mega Menu Pro module for PrestaShop
 CVE-2018-8822 (Incorrect buffer length handling in the ncp_read_kernel function in ...)
@@ -6884,10 +6922,10 @@ CVE-2018-8063
 	RESERVED
 CVE-2018-8062
 	RESERVED
-CVE-2018-8061
-	RESERVED
-CVE-2018-8060
-	RESERVED
+CVE-2018-8061 (HWiNFO AMD64 Kernel driver version 8.98 and lower allows an ...)
+	TODO: check
+CVE-2018-8060 (HWiNFO AMD64 Kernel driver version 8.98 and lower allows an ...)
+	TODO: check
 CVE-2018-8059 (The Djelibeybi configuration examples for use of NGINX in SUSE Portus ...)
 	NOT-FOR-US: Portus
 CVE-2018-8058 (CMS Made Simple (CMSMS) 2.2.6 has XSS in admin/moduleinterface.php via ...)
@@ -13284,10 +13322,10 @@ CVE-2018-6023
 	RESERVED
 CVE-2018-6022 (Directory traversal vulnerability in ...)
 	NOT-FOR-US: NoneCms
-CVE-2018-6021
-	RESERVED
-CVE-2018-6020
-	RESERVED
+CVE-2018-6021 (Silex SD-320AN version 2.01 and prior and GE MobileLink(GEH-SD-320AN) ...)
+	TODO: check
+CVE-2018-6020 (In Silex SX-500 all versions and GE MobileLink(GEH-500) version 1.54 ...)
+	TODO: check
 CVE-2018-6019 (Samsung Display Solutions App before 3.02 for Android allows ...)
 	NOT-FOR-US: Samsung Display Solutions App for Android
 CVE-2018-6018 (Fixed sizes of HTTPS responses in Tinder iOS app and Tinder Android ...)
@@ -23033,24 +23071,24 @@ CVE-2018-2425
 	RESERVED
 CVE-2018-2424
 	RESERVED
-CVE-2018-2423
-	RESERVED
-CVE-2018-2422
-	RESERVED
-CVE-2018-2421
-	RESERVED
-CVE-2018-2420
-	RESERVED
-CVE-2018-2419
-	RESERVED
-CVE-2018-2418
-	RESERVED
-CVE-2018-2417
-	RESERVED
-CVE-2018-2416
-	RESERVED
-CVE-2018-2415
-	RESERVED
+CVE-2018-2423 (SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, ...)
+	TODO: check
+CVE-2018-2422 (SAP Internet Graphics Server (IGS) Portwatcher, 7.20, 7.20EXT, 7.45, ...)
+	TODO: check
+CVE-2018-2421 (SAP Internet Graphics Server (IGS) Portwatcher, 7.20, 7.20EXT, 7.45, ...)
+	TODO: check
+CVE-2018-2420 (SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, ...)
+	TODO: check
+CVE-2018-2419 (SAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 1.01, ...)
+	TODO: check
+CVE-2018-2418 (SAP MaxDB ODBC driver (all versions before 7.9.09.07) allows an ...)
+	TODO: check
+CVE-2018-2417 (Under certain conditions, the SAP Identity Management 8.0 (pass of ...)
+	TODO: check
+CVE-2018-2416 (SAP Identity Management 8.0 does not sufficiently validate an XML ...)
+	TODO: check
+CVE-2018-2415 (SAP NetWeaver Application Server Java Web Container and HTTP Service ...)
+	TODO: check
 CVE-2018-2414
 	RESERVED
 CVE-2018-2413 (SAP Disclosure Management 10.1 does not perform necessary ...)
@@ -38008,22 +38046,22 @@ CVE-2017-1002001 (Vulnerability in wordpress plugin mobile-app-builder-by-wappre
 	NOT-FOR-US: Wordpress plugin
 CVE-2017-1002000 (Vulnerability in wordpress plugin ...)
 	NOT-FOR-US: Wordpress plugin
-CVE-2017-14481
-	RESERVED
-CVE-2017-14480
-	RESERVED
-CVE-2017-14479
-	RESERVED
-CVE-2017-14478
-	RESERVED
-CVE-2017-14477
-	RESERVED
-CVE-2017-14476
-	RESERVED
-CVE-2017-14475
-	RESERVED
-CVE-2017-14474
-	RESERVED
+CVE-2017-14481 (In the MMM::Agent::Helpers::Network::send_arp function in MySQL ...)
+	TODO: check
+CVE-2017-14480 (In the MMM::Agent::Helpers::Network::clear_ip function in MySQL ...)
+	TODO: check
+CVE-2017-14479 (In the MMM::Agent::Helpers::Network::clear_ip function in MySQL ...)
+	TODO: check
+CVE-2017-14478 (In the MMM::Agent::Helpers::Network::clear_ip function in MySQL ...)
+	TODO: check
+CVE-2017-14477 (In the MMM::Agent::Helpers::Network::add_ip function in MySQL ...)
+	TODO: check
+CVE-2017-14476 (In the MMM::Agent::Helpers::Network::add_ip function in MySQL ...)
+	TODO: check
+CVE-2017-14475 (In the MMM::Agent::Helpers::Network::add_ip function in MySQL ...)
+	TODO: check
+CVE-2017-14474 (In the MMM::Agent::Helpers::_execute function in MySQL Multi-Master ...)
+	TODO: check
 CVE-2017-14473 (An exploitable access control vulnerability exists in the data, ...)
 	NOT-FOR-US: Allen Bradley Micrologix
 CVE-2017-14472 (An exploitable access control vulnerability exists in the data, ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8d65658fda432bd434600199d9d18e5147bfeba2

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8d65658fda432bd434600199d9d18e5147bfeba2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180510/5c99e172/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list