[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sat May 12 09:10:24 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4ef27076 by security tracker role at 2018-05-12T08:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,55 @@
+CVE-2018-11012 (ruibaby Halo 0.0.2 has stored XSS via the loginName and loginPwd ...)
+	TODO: check
+CVE-2018-11011 (ruibaby Halo 0.0.2 has stored XSS via the commentAuthor field to ...)
+	TODO: check
+CVE-2018-11010
+	RESERVED
+CVE-2018-11009
+	RESERVED
+CVE-2018-11008
+	RESERVED
+CVE-2018-11007
+	RESERVED
+CVE-2018-11006
+	RESERVED
+CVE-2018-11005
+	RESERVED
+CVE-2018-11004 (An issue was discovered in SDcms v1.5. Cross-site request forgery ...)
+	TODO: check
+CVE-2018-11003 (An issue was discovered in YXcms 1.4.7. Cross-site request forgery ...)
+	TODO: check
+CVE-2018-11002
+	RESERVED
+CVE-2018-11001
+	RESERVED
+CVE-2018-11000
+	RESERVED
+CVE-2018-10999 (An issue was discovered in Exiv2 0.26. The ...)
+	TODO: check
+CVE-2018-10998 (An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp ...)
+	TODO: check
+CVE-2018-10997
+	RESERVED
+CVE-2018-10996 (The weblogin_log function in /htdocs/cgibin on D-Link DIR-629-B1 ...)
+	TODO: check
+CVE-2018-10995
+	RESERVED
+CVE-2018-10994
+	RESERVED
+CVE-2018-10993
+	RESERVED
+CVE-2018-10991
+	RESERVED
+CVE-2018-10990
+	RESERVED
+CVE-2018-10989
+	RESERVED
+CVE-2018-10988
+	RESERVED
+CVE-2018-10987
+	RESERVED
+CVE-2018-10986
+	RESERVED
 CVE-2018-10985
 	RESERVED
 CVE-2018-10984
@@ -10,7 +62,7 @@ CVE-2009-5151 (The stub component of Absolute Computrace Agent V70.785 executes 
 	NOT-FOR-US: Absolute Computrace Agent
 CVE-2009-5150 (Absolute Computrace Agent V80.845 and V80.866 does not have a digital ...)
 	NOT-FOR-US: Absolute Computrace Agent
-CVE-2018-10992 [Incomplete fix for CVE-2017-17523]
+CVE-2018-10992 (lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings ...)
 	- lilypond 2.18.2-13 (bug #898373)
 	[jessie] - lilypond <not-affected> (Incomplete fix not applied)
 	[wheezy] - lilypond <not-affected> (Incomplete fix not applied)
@@ -331,8 +383,8 @@ CVE-2018-10834
 	RESERVED
 CVE-2018-10833
 	RESERVED
-CVE-2018-10832
-	RESERVED
+CVE-2018-10832 (ModbusPal 1.6b is vulnerable to an XML External Entity (XXE) attack. ...)
+	TODO: check
 CVE-2018-10831 (Z-NOMP before 2018-04-05 has an incorrect Equihash solution verifier ...)
 	NOT-FOR-US: Z-NOMP
 CVE-2018-10830 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 ...)
@@ -11362,12 +11414,12 @@ CVE-2018-6621 (The decode_frame function in libavcodec/utvideodec.c in FFmpeg th
 	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/118e1b0b3370dd1c0da442901b486689efd1654b
 CVE-2018-6620 (Odoo does not require authentication to be configured for a Backup ...)
 	NOT-FOR-US: Odoo
-CVE-2018-6619
-	RESERVED
-CVE-2018-6618
-	RESERVED
-CVE-2018-6617
-	RESERVED
+CVE-2018-6619 (Easy Hosting Control Panel (EHCP) v0.37.12.b makes it easier for ...)
+	TODO: check
+CVE-2018-6618 (Easy Hosting Control Panel (EHCP) v0.37.12.b allows attackers to ...)
+	TODO: check
+CVE-2018-6617 (Easy Hosting Control Panel (EHCP) v0.37.12.b, when using a local MySQL ...)
+	TODO: check
 CVE-2018-6616 (In OpenJPEG 2.3.0, there is excessive iteration in the ...)
 	- openjpeg2 <unfixed> (bug #889683)
 	NOTE: https://github.com/uclouvain/openjpeg/issues/1059
@@ -11943,8 +11995,8 @@ CVE-2018-6459 (The rsa_pss_params_parse function in ...)
 	[jessie] - strongswan <not-affected> (Vulnerable code introduced later)
 	[wheezy] - strongswan <not-affected> (Vulnerable code introduced later)
 	NOTE: https://www.strongswan.org/blog/2018/02/19/strongswan-vulnerability-(cve-2018-6459).html
-CVE-2018-6458
-	RESERVED
+CVE-2018-6458 (Easy Hosting Control Panel (EHCP) v0.37.12.b allows remote attackers ...)
+	TODO: check
 CVE-2018-6457
 	RESERVED
 CVE-2018-6456
@@ -12237,10 +12289,10 @@ CVE-2017-18078 (systemd-tmpfiles in systemd before 237 attempts to support ...)
 	NOTE: https://github.com/systemd/systemd/issues/7736
 	NOTE: https://github.com/systemd/systemd/commit/5579f85663d10269e7ac7464be6548c99cea4ada (v237)
 	NOTE: Neutralised by kernel hardening
-CVE-2018-6362
-	RESERVED
-CVE-2018-6361
-	RESERVED
+CVE-2018-6362 (Easy Hosting Control Panel (EHCP) v0.37.12.b has XSS via the domainop ...)
+	TODO: check
+CVE-2018-6361 (Easy Hosting Control Panel (EHCP) v0.37.12.b has XSS via the op ...)
+	TODO: check
 CVE-2018-6360 (mpv through 0.28.0 allows remote attackers to execute arbitrary code ...)
 	{DSA-4105-1}
 	- mpv 0.27.0-3 (bug #888654)
@@ -13406,8 +13458,8 @@ CVE-2018-6025
 	RESERVED
 CVE-2018-6024 (SQL Injection exists in the Project Log 1.5.3 component for Joomla! via ...)
 	NOT-FOR-US: Project Log component for Joomla!
-CVE-2018-6023
-	RESERVED
+CVE-2018-6023 (Fastweb FASTgate 0.00.47 devices are vulnerable to CSRF, with impacts ...)
+	TODO: check
 CVE-2018-6022 (Directory traversal vulnerability in ...)
 	NOT-FOR-US: NoneCms
 CVE-2018-6021 (Silex SD-320AN version 2.01 and prior and GE MobileLink(GEH-SD-320AN) ...)
@@ -15327,10 +15379,10 @@ CVE-2018-5306 (Multiple cross-site scripting (XSS) vulnerabilities in Sonatype N
 	NOT-FOR-US: Sonatype Nexus Repository Manager
 CVE-2018-5305
 	RESERVED
-CVE-2018-5304
-	RESERVED
-CVE-2018-5303
-	RESERVED
+CVE-2018-5304 (An issue was discovered on the Impinj Speedway Connect R420 RFID ...)
+	TODO: check
+CVE-2018-5303 (An issue was discovered on the Impinj Speedway Connect R420 RFID ...)
+	TODO: check
 CVE-2018-5302
 	RESERVED
 CVE-2018-5301 (Magento Community Edition and Enterprise Edition before 2.0.10 and ...)
@@ -26322,12 +26374,12 @@ CVE-2017-17448 (net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4
 	- linux 4.14.7-1
 	[wheezy] - linux <ignored> (User namespaces not supported)
 	NOTE: https://patchwork.kernel.org/patch/10089373/
-CVE-2018-1280
-	RESERVED
+CVE-2018-1280 (Pivotal Greenplum Command Center versions 2.x prior to 2.5.1 contains ...)
+	TODO: check
 CVE-2018-1279
 	RESERVED
-CVE-2018-1278
-	RESERVED
+CVE-2018-1278 (Apps Manager included in Pivotal Application Service, versions 1.12.x ...)
+	TODO: check
 CVE-2018-1277 (Cloud Foundry Garden-runC, versions prior to 1.13.0, does not ...)
 	NOT-FOR-US: Cloud Foundry
 CVE-2018-1276
@@ -26366,16 +26418,16 @@ CVE-2018-1263
 	RESERVED
 CVE-2018-1262
 	RESERVED
-CVE-2018-1261
-	RESERVED
-CVE-2018-1260
-	RESERVED
-CVE-2018-1259
-	RESERVED
-CVE-2018-1258
-	RESERVED
-CVE-2018-1257
-	RESERVED
+CVE-2018-1261 (Spring-integration-zip versions prior to 1.0.1 exposes an arbitrary ...)
+	TODO: check
+CVE-2018-1260 (Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to ...)
+	TODO: check
+CVE-2018-1259 (Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to ...)
+	TODO: check
+CVE-2018-1258 (Spring Security in combination with Spring Framework versions prior to ...)
+	TODO: check
+CVE-2018-1257 (Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior ...)
+	TODO: check
 CVE-2018-1256 (Spring Cloud SSO Connector, version 2.1.2, contains a regression which ...)
 	TODO: check
 CVE-2018-1255



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4ef27076133e75ac777dd821c2c6d630ed44b4bb

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4ef27076133e75ac777dd821c2c6d630ed44b4bb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180512/3aabb7e4/attachment.html>

More information about the debian-security-tracker-commits mailing list