[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Mon May 14 21:10:24 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
04aa963f by security tracker role at 2018-05-14T20:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,5 @@
+CVE-2018-11038
+	RESERVED
 CVE-2018-11037 (In Exiv2 0.26, the Exiv2::PngImage::printStructure function in ...)
 	- exiv2 <unfixed>
 	NOTE: https://github.com/Exiv2/exiv2/issues/307
@@ -92,11 +94,11 @@ CVE-2018-10994
 CVE-2018-10993
 	RESERVED
 CVE-2018-10991
-	RESERVED
-CVE-2018-10990
-	RESERVED
-CVE-2018-10989
-	RESERVED
+	REJECTED
+CVE-2018-10990 (On Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices, a ...)
+	TODO: check
+CVE-2018-10989 (Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices are ...)
+	TODO: check
 CVE-2018-10988
 	RESERVED
 CVE-2018-10987
@@ -1544,6 +1546,7 @@ CVE-2018-10382
 CVE-2018-10381 (TunnelBear 3.2.0.6 for Windows suffers from a SYSTEM privilege ...)
 	NOT-FOR-US: TunnelBear for Windows
 CVE-2018-10380 (kwallet-pam in KDE KWallet before 5.12.6 allows local users to obtain ...)
+	{DSA-4200-1}
 	- kwallet-pam 5.12.1-2
 	NOTE: https://www.kde.org/info/security/advisory-20180503-1.txt
 	NOTE: https://commits.kde.org/kwallet-pam/2134dec85ce19d6378d03cddfae9e5e464cb24c0 (Plasma 5.12)
@@ -1849,8 +1852,8 @@ CVE-2018-10254 (Netwide Assembler (NASM) 2.13 has a stack-based buffer over-read
 	NOTE: https://sourceforge.net/p/nasm/bugs/561/
 CVE-2018-10253 (Paessler PRTG Network Monitor before 18.1.39.1648 mishandles stack ...)
 	NOT-FOR-US: Paessler PRTG Network Monitor
-CVE-2018-10252
-	RESERVED
+CVE-2018-10252 (An issue was discovered on Actiontec WCB6200Q before 1.1.10.20a ...)
+	TODO: check
 CVE-2018-10251 (A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and ...)
 	NOT-FOR-US: Sierra Wireless AirLink routers
 CVE-2018-10250 (iCMS V7.0.8 has XSS via the admincp.php keywords parameter in a ...)
@@ -15686,8 +15689,8 @@ CVE-2018-5232
 	RESERVED
 CVE-2018-5231
 	RESERVED
-CVE-2018-5230
-	RESERVED
+CVE-2018-5230 (The issue collector in Atlassian Jira before version 7.6.6, from ...)
+	TODO: check
 CVE-2018-5229
 	RESERVED
 CVE-2018-5228 (The /browse/~raw resource in Atlassian Fisheye and Crucible before ...)
@@ -29142,38 +29145,38 @@ CVE-2018-0593
 	RESERVED
 CVE-2018-0592
 	RESERVED
-CVE-2018-0591
-	RESERVED
-CVE-2018-0590
-	RESERVED
-CVE-2018-0589
-	RESERVED
-CVE-2018-0588
-	RESERVED
-CVE-2018-0587
-	RESERVED
-CVE-2018-0586
-	RESERVED
-CVE-2018-0585
-	RESERVED
+CVE-2018-0591 (The KINEPASS App for Android Ver 3.1.1 and earlier, and for iOS Ver ...)
+	TODO: check
+CVE-2018-0590 (Ultimate Member plugin prior to version 2.0.4 for WordPress allows ...)
+	TODO: check
+CVE-2018-0589 (Ultimate Member plugin prior to version 2.0.4 for WordPress allows ...)
+	TODO: check
+CVE-2018-0588 (Directory traversal vulnerability in the AJAX function of Ultimate ...)
+	TODO: check
+CVE-2018-0587 (Unrestricted file upload vulnerability in Ultimate Member plugin prior ...)
+	TODO: check
+CVE-2018-0586 (Directory traversal vulnerability in the shortcodes function of ...)
+	TODO: check
+CVE-2018-0585 (Cross-site scripting vulnerability in Ultimate Member plugin prior to ...)
+	TODO: check
 CVE-2018-0584
 	RESERVED
-CVE-2018-0583
-	RESERVED
-CVE-2018-0582
-	RESERVED
-CVE-2018-0581
-	RESERVED
-CVE-2018-0580
-	RESERVED
-CVE-2018-0579
-	RESERVED
-CVE-2018-0578
-	RESERVED
-CVE-2018-0577
-	RESERVED
-CVE-2018-0576
-	RESERVED
+CVE-2018-0583 (Cross-site scripting vulnerability in ASUS RT-AC1200HP Firmware ...)
+	TODO: check
+CVE-2018-0582 (Cross-site scripting vulnerability in ASUS RT-AC68U Firmware version ...)
+	TODO: check
+CVE-2018-0581 (Cross-site scripting vulnerability in ASUS RT-AC87U Firmware version ...)
+	TODO: check
+CVE-2018-0580 (Untrusted search path vulnerability in CELSYS, Inc CLIP STUDIO series ...)
+	TODO: check
+CVE-2018-0579 (Cross-site scripting vulnerability in Open Graph for Facebook, Google+ ...)
+	TODO: check
+CVE-2018-0578 (Cross-site scripting vulnerability in PixelYourSite plugin prior to ...)
+	TODO: check
+CVE-2018-0577 (Cross-site scripting vulnerability in WP Google Map Plugin prior to ...)
+	TODO: check
+CVE-2018-0576 (Cross-site scripting vulnerability in Events Manager plugin prior to ...)
+	TODO: check
 CVE-2018-0575
 	RESERVED
 CVE-2018-0574
@@ -29188,8 +29191,8 @@ CVE-2018-0570
 	RESERVED
 CVE-2018-0569
 	RESERVED
-CVE-2018-0568
-	RESERVED
+CVE-2018-0568 (Unrestricted file upload vulnerability in SiteBridge Inc. Joruri Gw ...)
+	TODO: check
 CVE-2018-0567
 	RESERVED
 CVE-2018-0566
@@ -31142,8 +31145,8 @@ CVE-2017-16862 (The IncomingMailServers resource in Atlassian Jira before versio
 	NOT-FOR-US: Atlassian Jira
 CVE-2017-16861 (It was possible for double OGNL evaluation in certain redirect action ...)
 	NOT-FOR-US: Atlassian Fisheye and Crucible
-CVE-2017-16860
-	RESERVED
+CVE-2017-16860 (The invalidRedirectUrl template in Atlassian Application Links before ...)
+	TODO: check
 CVE-2017-16859
 	RESERVED
 CVE-2017-16858 (The 'crowd-application' plugin module (notably used by the Google Apps ...)
@@ -64264,8 +64267,8 @@ CVE-2017-6023 (An issue was discovered in Fatek Automation PLC Ethernet Module. 
 	NOT-FOR-US: Fatek
 CVE-2017-6022 (A hard-coded password issue was discovered in Becton, Dickinson and ...)
 	NOT-FOR-US: BD's Kiestra PerformA and KLA Journal Service applications
-CVE-2017-6021
-	RESERVED
+CVE-2017-6021 (In Schneider Electric ClearSCADA 2014 R1 (build 75.5210) and prior, ...)
+	TODO: check
 CVE-2017-6020 (Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis ...)
 	NOT-FOR-US: Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA software
 CVE-2017-6019 (An issue was discovered in Schneider Electric Conext ComBox, model ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/04aa963fcc1d23ed6f58f962f612e4cf49fc1ca6

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/04aa963fcc1d23ed6f58f962f612e4cf49fc1ca6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180514/4265be7c/attachment.html>

More information about the debian-security-tracker-commits mailing list