[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue May 15 09:10:22 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d4336416 by security tracker role at 2018-05-15T08:10:13+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,137 @@
+CVE-2018-11104
+	RESERVED
+CVE-2018-11103
+	RESERVED
+CVE-2018-11102 (An issue was discovered in Libav 12.3. A read access violation in the ...)
+	TODO: check
+CVE-2018-11101
+	RESERVED
+CVE-2018-11100 (The decompileSETTARGET function in decompile.c in libming through 0.4.8 ...)
+	TODO: check
+CVE-2018-11099
+	RESERVED
+CVE-2018-11098 (An issue was discovered in Frog CMS 0.9.5. There is a file upload ...)
+	TODO: check
+CVE-2018-11097 (An issue was discovered in cloudwu/cstring through 2016-11-09. There is ...)
+	TODO: check
+CVE-2018-11096
+	RESERVED
+CVE-2018-11095 (The decompileJUMP function in decompile.c in libming through 0.4.8 ...)
+	TODO: check
+CVE-2018-11094
+	RESERVED
+CVE-2018-11093
+	RESERVED
+CVE-2018-11092
+	RESERVED
+CVE-2018-11091 (An issue was discovered in MyBiz MyProcureNet 5.0.0. A malicious file ...)
+	TODO: check
+CVE-2018-11090 (An XSS issue was discovered in MyBiz MyProcureNet 5.0.0. This ...)
+	TODO: check
+CVE-2018-11089
+	RESERVED
+CVE-2018-11088
+	RESERVED
+CVE-2018-11087
+	RESERVED
+CVE-2018-11086
+	RESERVED
+CVE-2018-11085
+	RESERVED
+CVE-2018-11084
+	RESERVED
+CVE-2018-11083
+	RESERVED
+CVE-2018-11082
+	RESERVED
+CVE-2018-11081
+	RESERVED
+CVE-2018-11080
+	RESERVED
+CVE-2018-11079
+	RESERVED
+CVE-2018-11078
+	RESERVED
+CVE-2018-11077
+	RESERVED
+CVE-2018-11076
+	RESERVED
+CVE-2018-11075
+	RESERVED
+CVE-2018-11074
+	RESERVED
+CVE-2018-11073
+	RESERVED
+CVE-2018-11072
+	RESERVED
+CVE-2018-11071
+	RESERVED
+CVE-2018-11070
+	RESERVED
+CVE-2018-11069
+	RESERVED
+CVE-2018-11068
+	RESERVED
+CVE-2018-11067
+	RESERVED
+CVE-2018-11066
+	RESERVED
+CVE-2018-11065
+	RESERVED
+CVE-2018-11064
+	RESERVED
+CVE-2018-11063
+	RESERVED
+CVE-2018-11062
+	RESERVED
+CVE-2018-11061
+	RESERVED
+CVE-2018-11060
+	RESERVED
+CVE-2018-11059
+	RESERVED
+CVE-2018-11058
+	RESERVED
+CVE-2018-11057
+	RESERVED
+CVE-2018-11056
+	RESERVED
+CVE-2018-11055
+	RESERVED
+CVE-2018-11054
+	RESERVED
+CVE-2018-11053
+	RESERVED
+CVE-2018-11052
+	RESERVED
+CVE-2018-11051
+	RESERVED
+CVE-2018-11050
+	RESERVED
+CVE-2018-11049
+	RESERVED
+CVE-2018-11048
+	RESERVED
+CVE-2018-11047
+	RESERVED
+CVE-2018-11046
+	RESERVED
+CVE-2018-11045
+	RESERVED
+CVE-2018-11044
+	RESERVED
+CVE-2018-11043
+	RESERVED
+CVE-2018-11042
+	RESERVED
+CVE-2018-11041
+	RESERVED
+CVE-2018-11040
+	RESERVED
+CVE-2018-11039
+	RESERVED
+CVE-2017-18268
+	RESERVED
 CVE-2018-11038
 	RESERVED
 CVE-2018-11037 (In Exiv2 0.26, the Exiv2::PngImage::printStructure function in ...)
@@ -89,8 +223,8 @@ CVE-2018-10996 (The weblogin_log function in /htdocs/cgibin on D-Link DIR-629-B1
 	NOT-FOR-US: D-Link
 CVE-2018-10995
 	RESERVED
-CVE-2018-10994
-	RESERVED
+CVE-2018-10994 (js/views/message_view.js in Open Whisper Signal (aka Signal-Desktop) ...)
+	TODO: check
 CVE-2018-10993
 	RESERVED
 CVE-2018-10991
@@ -456,8 +590,8 @@ CVE-2018-10827 (LiteCart before 2.1.2 allows remote attackers to cause a denial 
 	NOT-FOR-US: LiteCart
 CVE-2018-10826
 	RESERVED
-CVE-2018-10825
-	RESERVED
+CVE-2018-10825 (Mimo Baby 2 devices do not use authentication or encryption for the ...)
+	TODO: check
 CVE-2018-10824
 	RESERVED
 CVE-2018-10823
@@ -811,7 +945,7 @@ CVE-2018-10684
 	RESERVED
 CVE-2018-10683 (** DISPUTED ** An issue was discovered in WildFly 10.1.2.Final. In the ...)
 	- wildfly <itp> (bug #752018)
-CVE-2018-10682 (An issue was discovered in WildFly 10.1.2.Final. It is possible for an ...)
+CVE-2018-10682 (** DISPUTED ** An issue was discovered in WildFly 10.1.2.Final. It is ...)
 	- wildfly <itp> (bug #752018)
 CVE-2016-10722 (partclone.fat in Partclone before 0.2.88 is prone to a heap-based ...)
 	- partclone 0.2.88-1
@@ -5269,8 +5403,8 @@ CVE-2018-8845
 	RESERVED
 CVE-2018-8844
 	RESERVED
-CVE-2018-8843
-	RESERVED
+CVE-2018-8843 (Rockwell Automation Arena versions 16.10.00 and prior contains a use ...)
+	TODO: check
 CVE-2018-8842
 	RESERVED
 CVE-2018-8841
@@ -38488,22 +38622,22 @@ CVE-2017-14440 (An exploitable code execution vulnerability exists in the ILBM i
 	- sdl-image1.2 1.2.12-8
 	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0489
 	NOTE: https://hg.libsdl.org/SDL_image/rev/bfa08dc02b3c
-CVE-2017-14439
-	RESERVED
-CVE-2017-14438
-	RESERVED
-CVE-2017-14437
-	RESERVED
-CVE-2017-14436
-	RESERVED
-CVE-2017-14435
-	RESERVED
-CVE-2017-14434
-	RESERVED
-CVE-2017-14433
-	RESERVED
-CVE-2017-14432
-	RESERVED
+CVE-2017-14439 (Exploitable denial of service vulnerabilities exists in the Service ...)
+	TODO: check
+CVE-2017-14438 (Exploitable denial of service vulnerabilities exists in the Service ...)
+	TODO: check
+CVE-2017-14437 (An exploitable denial of service vulnerability exists in the web ...)
+	TODO: check
+CVE-2017-14436 (An exploitable denial of service vulnerability exists in the web ...)
+	TODO: check
+CVE-2017-14435 (An exploitable denial of service vulnerability exists in the web ...)
+	TODO: check
+CVE-2017-14434 (An exploitable command injection vulnerability exists in the web ...)
+	TODO: check
+CVE-2017-14433 (An exploitable command injection vulnerability exists in the web ...)
+	TODO: check
+CVE-2017-14432 (An exploitable command injection vulnerability exists in the web ...)
+	TODO: check
 CVE-2017-14430 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) ...)
 	NOT-FOR-US: D-Link
 CVE-2017-14429 (The DHCP client on D-Link DIR-850L REV. A (with firmware through ...)
@@ -45436,20 +45570,20 @@ CVE-2017-12131 (The Easy Testimonials plugin 3.0.4 for WordPress has XSS in ...)
 	NOT-FOR-US: Wordpress plugin
 CVE-2017-12130 (An exploitable NULL pointer dereference vulnerability exists in the ...)
 	NOT-FOR-US: tinysvcmdns
-CVE-2017-12129
-	RESERVED
-CVE-2017-12128
-	RESERVED
-CVE-2017-12127
-	RESERVED
-CVE-2017-12126
-	RESERVED
-CVE-2017-12125
-	RESERVED
-CVE-2017-12124
-	RESERVED
-CVE-2017-12123
-	RESERVED
+CVE-2017-12129 (An exploitable Weak Cryptography for Passwords vulnerability exists in ...)
+	TODO: check
+CVE-2017-12128 (An exploitable information disclosure vulnerability exists in the ...)
+	TODO: check
+CVE-2017-12127 (A password storage vulnerability exists in the operating system ...)
+	TODO: check
+CVE-2017-12126 (An exploitable cross-site request forgery vulnerability exists in the ...)
+	TODO: check
+CVE-2017-12125 (An exploitable command injection vulnerability exists in the web ...)
+	TODO: check
+CVE-2017-12124 (An exploitable denial of service vulnerability exists in the web ...)
+	TODO: check
+CVE-2017-12123 (An exploitable clear text transmission of password vulnerability ...)
+	TODO: check
 CVE-2017-12122 (An exploitable code execution vulnerability exists in the ILBM image ...)
 	{DSA-4184-1 DSA-4177-1 DLA-1341-1}
 	- libsdl2-image 2.0.3+dfsg1-1
@@ -45457,10 +45591,10 @@ CVE-2017-12122 (An exploitable code execution vulnerability exists in the ILBM i
 	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0488
 	NOTE: https://hg.libsdl.org/SDL_image/rev/16772bbb1b09
 	NOTE: https://hg.libsdl.org/SDL_image/rev/97f7f01e0665
-CVE-2017-12121
-	RESERVED
-CVE-2017-12120
-	RESERVED
+CVE-2017-12121 (An exploitable command injection vulnerability exists in the web ...)
+	TODO: check
+CVE-2017-12120 (An exploitable command injection vulnerability exists in the web ...)
+	TODO: check
 CVE-2017-12119 (An exploitable unhandled exception vulnerability exists in multiple ...)
 	- cpp-ethereum <itp> (bug #860434)
 CVE-2017-12118 (An exploitable improper authorization vulnerability exists in ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d4336416b7d967185c27dbcf653cf1a93f32234e

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d4336416b7d967185c27dbcf653cf1a93f32234e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180515/19dd7441/attachment.html>

More information about the debian-security-tracker-commits mailing list