[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sat May 12 09:10:24 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4ef27076 by security tracker role at 2018-05-12T08:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,55 @@
+CVE-2018-11012 (ruibaby Halo 0.0.2 has stored XSS via the loginName and loginPwd ...)
+ TODO: check
+CVE-2018-11011 (ruibaby Halo 0.0.2 has stored XSS via the commentAuthor field to ...)
+ TODO: check
+CVE-2018-11010
+ RESERVED
+CVE-2018-11009
+ RESERVED
+CVE-2018-11008
+ RESERVED
+CVE-2018-11007
+ RESERVED
+CVE-2018-11006
+ RESERVED
+CVE-2018-11005
+ RESERVED
+CVE-2018-11004 (An issue was discovered in SDcms v1.5. Cross-site request forgery ...)
+ TODO: check
+CVE-2018-11003 (An issue was discovered in YXcms 1.4.7. Cross-site request forgery ...)
+ TODO: check
+CVE-2018-11002
+ RESERVED
+CVE-2018-11001
+ RESERVED
+CVE-2018-11000
+ RESERVED
+CVE-2018-10999 (An issue was discovered in Exiv2 0.26. The ...)
+ TODO: check
+CVE-2018-10998 (An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp ...)
+ TODO: check
+CVE-2018-10997
+ RESERVED
+CVE-2018-10996 (The weblogin_log function in /htdocs/cgibin on D-Link DIR-629-B1 ...)
+ TODO: check
+CVE-2018-10995
+ RESERVED
+CVE-2018-10994
+ RESERVED
+CVE-2018-10993
+ RESERVED
+CVE-2018-10991
+ RESERVED
+CVE-2018-10990
+ RESERVED
+CVE-2018-10989
+ RESERVED
+CVE-2018-10988
+ RESERVED
+CVE-2018-10987
+ RESERVED
+CVE-2018-10986
+ RESERVED
CVE-2018-10985
RESERVED
CVE-2018-10984
@@ -10,7 +62,7 @@ CVE-2009-5151 (The stub component of Absolute Computrace Agent V70.785 executes
NOT-FOR-US: Absolute Computrace Agent
CVE-2009-5150 (Absolute Computrace Agent V80.845 and V80.866 does not have a digital ...)
NOT-FOR-US: Absolute Computrace Agent
-CVE-2018-10992 [Incomplete fix for CVE-2017-17523]
+CVE-2018-10992 (lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings ...)
- lilypond 2.18.2-13 (bug #898373)
[jessie] - lilypond <not-affected> (Incomplete fix not applied)
[wheezy] - lilypond <not-affected> (Incomplete fix not applied)
@@ -331,8 +383,8 @@ CVE-2018-10834
RESERVED
CVE-2018-10833
RESERVED
-CVE-2018-10832
- RESERVED
+CVE-2018-10832 (ModbusPal 1.6b is vulnerable to an XML External Entity (XXE) attack. ...)
+ TODO: check
CVE-2018-10831 (Z-NOMP before 2018-04-05 has an incorrect Equihash solution verifier ...)
NOT-FOR-US: Z-NOMP
CVE-2018-10830 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 ...)
@@ -11362,12 +11414,12 @@ CVE-2018-6621 (The decode_frame function in libavcodec/utvideodec.c in FFmpeg th
NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/118e1b0b3370dd1c0da442901b486689efd1654b
CVE-2018-6620 (Odoo does not require authentication to be configured for a Backup ...)
NOT-FOR-US: Odoo
-CVE-2018-6619
- RESERVED
-CVE-2018-6618
- RESERVED
-CVE-2018-6617
- RESERVED
+CVE-2018-6619 (Easy Hosting Control Panel (EHCP) v0.37.12.b makes it easier for ...)
+ TODO: check
+CVE-2018-6618 (Easy Hosting Control Panel (EHCP) v0.37.12.b allows attackers to ...)
+ TODO: check
+CVE-2018-6617 (Easy Hosting Control Panel (EHCP) v0.37.12.b, when using a local MySQL ...)
+ TODO: check
CVE-2018-6616 (In OpenJPEG 2.3.0, there is excessive iteration in the ...)
- openjpeg2 <unfixed> (bug #889683)
NOTE: https://github.com/uclouvain/openjpeg/issues/1059
@@ -11943,8 +11995,8 @@ CVE-2018-6459 (The rsa_pss_params_parse function in ...)
[jessie] - strongswan <not-affected> (Vulnerable code introduced later)
[wheezy] - strongswan <not-affected> (Vulnerable code introduced later)
NOTE: https://www.strongswan.org/blog/2018/02/19/strongswan-vulnerability-(cve-2018-6459).html
-CVE-2018-6458
- RESERVED
+CVE-2018-6458 (Easy Hosting Control Panel (EHCP) v0.37.12.b allows remote attackers ...)
+ TODO: check
CVE-2018-6457
RESERVED
CVE-2018-6456
@@ -12237,10 +12289,10 @@ CVE-2017-18078 (systemd-tmpfiles in systemd before 237 attempts to support ...)
NOTE: https://github.com/systemd/systemd/issues/7736
NOTE: https://github.com/systemd/systemd/commit/5579f85663d10269e7ac7464be6548c99cea4ada (v237)
NOTE: Neutralised by kernel hardening
-CVE-2018-6362
- RESERVED
-CVE-2018-6361
- RESERVED
+CVE-2018-6362 (Easy Hosting Control Panel (EHCP) v0.37.12.b has XSS via the domainop ...)
+ TODO: check
+CVE-2018-6361 (Easy Hosting Control Panel (EHCP) v0.37.12.b has XSS via the op ...)
+ TODO: check
CVE-2018-6360 (mpv through 0.28.0 allows remote attackers to execute arbitrary code ...)
{DSA-4105-1}
- mpv 0.27.0-3 (bug #888654)
@@ -13406,8 +13458,8 @@ CVE-2018-6025
RESERVED
CVE-2018-6024 (SQL Injection exists in the Project Log 1.5.3 component for Joomla! via ...)
NOT-FOR-US: Project Log component for Joomla!
-CVE-2018-6023
- RESERVED
+CVE-2018-6023 (Fastweb FASTgate 0.00.47 devices are vulnerable to CSRF, with impacts ...)
+ TODO: check
CVE-2018-6022 (Directory traversal vulnerability in ...)
NOT-FOR-US: NoneCms
CVE-2018-6021 (Silex SD-320AN version 2.01 and prior and GE MobileLink(GEH-SD-320AN) ...)
@@ -15327,10 +15379,10 @@ CVE-2018-5306 (Multiple cross-site scripting (XSS) vulnerabilities in Sonatype N
NOT-FOR-US: Sonatype Nexus Repository Manager
CVE-2018-5305
RESERVED
-CVE-2018-5304
- RESERVED
-CVE-2018-5303
- RESERVED
+CVE-2018-5304 (An issue was discovered on the Impinj Speedway Connect R420 RFID ...)
+ TODO: check
+CVE-2018-5303 (An issue was discovered on the Impinj Speedway Connect R420 RFID ...)
+ TODO: check
CVE-2018-5302
RESERVED
CVE-2018-5301 (Magento Community Edition and Enterprise Edition before 2.0.10 and ...)
@@ -26322,12 +26374,12 @@ CVE-2017-17448 (net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4
- linux 4.14.7-1
[wheezy] - linux <ignored> (User namespaces not supported)
NOTE: https://patchwork.kernel.org/patch/10089373/
-CVE-2018-1280
- RESERVED
+CVE-2018-1280 (Pivotal Greenplum Command Center versions 2.x prior to 2.5.1 contains ...)
+ TODO: check
CVE-2018-1279
RESERVED
-CVE-2018-1278
- RESERVED
+CVE-2018-1278 (Apps Manager included in Pivotal Application Service, versions 1.12.x ...)
+ TODO: check
CVE-2018-1277 (Cloud Foundry Garden-runC, versions prior to 1.13.0, does not ...)
NOT-FOR-US: Cloud Foundry
CVE-2018-1276
@@ -26366,16 +26418,16 @@ CVE-2018-1263
RESERVED
CVE-2018-1262
RESERVED
-CVE-2018-1261
- RESERVED
-CVE-2018-1260
- RESERVED
-CVE-2018-1259
- RESERVED
-CVE-2018-1258
- RESERVED
-CVE-2018-1257
- RESERVED
+CVE-2018-1261 (Spring-integration-zip versions prior to 1.0.1 exposes an arbitrary ...)
+ TODO: check
+CVE-2018-1260 (Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to ...)
+ TODO: check
+CVE-2018-1259 (Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to ...)
+ TODO: check
+CVE-2018-1258 (Spring Security in combination with Spring Framework versions prior to ...)
+ TODO: check
+CVE-2018-1257 (Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior ...)
+ TODO: check
CVE-2018-1256 (Spring Cloud SSO Connector, version 2.1.2, contains a regression which ...)
TODO: check
CVE-2018-1255
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4ef27076133e75ac777dd821c2c6d630ed44b4bb
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4ef27076133e75ac777dd821c2c6d630ed44b4bb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180512/3aabb7e4/attachment.html>
More information about the debian-security-tracker-commits
mailing list