[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue May 15 21:10:27 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
21ea10b6 by security tracker role at 2018-05-15T20:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,55 @@
+CVE-2018-11130
+	RESERVED
+CVE-2018-11129
+	RESERVED
+CVE-2018-11128
+	RESERVED
+CVE-2018-11127 (e107 2.1.7 has CSRF resulting in arbitrary user deletion. ...)
+	TODO: check
+CVE-2018-11126 (dg-user/?controller=users&action=add in doorGets 7.0 has CSRF that ...)
+	TODO: check
+CVE-2018-11125 (Tencent RapidJSON 1.1.0 has a heap-based buffer over-read in the Peek ...)
+	TODO: check
+CVE-2018-11124
+	RESERVED
+CVE-2018-11123
+	RESERVED
+CVE-2018-11122
+	RESERVED
+CVE-2018-11121
+	RESERVED
+CVE-2018-11120
+	RESERVED
+CVE-2018-11119
+	RESERVED
+CVE-2018-11118
+	RESERVED
+CVE-2018-11117
+	RESERVED
+CVE-2018-11116
+	RESERVED
+CVE-2018-11115
+	RESERVED
+CVE-2018-11114
+	RESERVED
+CVE-2018-11113
+	RESERVED
+CVE-2018-11112
+	RESERVED
+CVE-2018-11111
+	RESERVED
+CVE-2018-11110
+	RESERVED
+CVE-2018-11109
+	RESERVED
+CVE-2018-11108
+	RESERVED
+CVE-2018-11107
+	RESERVED
+CVE-2018-11106
+	RESERVED
+CVE-2018-11105 (There is stored cross site scripting in the wp-live-chat-support plugin ...)
+	TODO: check
 CVE-2018-11104
 	RESERVED
 CVE-2018-11103
@@ -22,8 +74,8 @@ CVE-2018-11096
 CVE-2018-11095 (The decompileJUMP function in decompile.c in libming through 0.4.8 ...)
 	- ming <removed>
 	NOTE: https://github.com/libming/libming/issues/141
-CVE-2018-11094
-	RESERVED
+CVE-2018-11094 (An issue was discovered on Intelbras NCLOUD 300 1.0 devices. ...)
+	TODO: check
 CVE-2018-11093
 	RESERVED
 CVE-2018-11092
@@ -260,9 +312,11 @@ CVE-2018-10992 (lilypond-invoke-editor in LilyPond 2.19.80 does not validate str
 	[jessie] - lilypond <not-affected> (Incomplete fix not applied)
 	[wheezy] - lilypond <not-affected> (Incomplete fix not applied)
 CVE-2018-10982 (An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS ...)
+	{DSA-4201-1}
 	- xen <unfixed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-261.html
 CVE-2018-10981 (An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS ...)
+	{DSA-4201-1}
 	- xen <unfixed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-262.html
 CVE-2018-10980
@@ -673,7 +727,7 @@ CVE-2018-10797
 	RESERVED
 CVE-2018-10796 (In 2345 Security Guard 3.7, the driver file (2345NetFirewall.sys) ...)
 	NOT-FOR-US: 2345 Security Guard
-CVE-2018-10795 (Liferay 6.2.x and before has an FCKeditor configuration that allows an ...)
+CVE-2018-10795 (** DISPUTED ** Liferay 6.2.x and before has an FCKeditor configuration ...)
 	NOT-FOR-US: Liferay
 CVE-2017-18265 (Prosody before 0.10.0 allows remote attackers to cause a denial of ...)
 	{DSA-4198-1}
@@ -1560,10 +1614,12 @@ CVE-2018-10433
 CVE-2017-18262 (Blackboard Learn (Since at least 17th of October 2017) has allowed ...)
 	NOT-FOR-US: Blackboard Learn
 CVE-2018-10471 (An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS ...)
+	{DSA-4201-1}
 	- xen <unfixed>
 	[wheezy] - xen <not-affected> (Regression for XSA-254 which was not applied in wheezy)
 	NOTE: https://xenbits.xen.org/xsa/advisory-259.html
 CVE-2018-10472 (An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS ...)
+	{DSA-4201-1}
 	- xen <unfixed>
 	[wheezy] - xen <not-affected> (No QMP support in wheezy)
 	NOTE: https://xenbits.xen.org/xsa/advisory-258.html
@@ -5273,7 +5329,7 @@ CVE-2018-8899 (IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.
 CVE-2018-8898
 	RESERVED
 CVE-2018-8897 (A statement in the System Programming Guide of the Intel 64 and IA-32 ...)
-	{DSA-4196-1}
+	{DSA-4201-1 DSA-4196-1}
 	- linux 4.15.17-1
 	NOTE: Fixed by: https://git.kernel.org/linus/d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9 (4.16-rc7)
 	- xen <unfixed>
@@ -19815,8 +19871,8 @@ CVE-2018-3663
 	RESERVED
 CVE-2018-3662
 	RESERVED
-CVE-2018-3661
-	RESERVED
+CVE-2018-3661 (Buffer overflow in Intel system Configuration utilities selview.exe ...)
+	TODO: check
 CVE-2018-3660
 	RESERVED
 CVE-2018-3659
@@ -19869,8 +19925,8 @@ CVE-2018-3636
 	RESERVED
 CVE-2018-3635
 	RESERVED
-CVE-2018-3634
-	RESERVED
+CVE-2018-3634 (Parameter corruption in NDIS filter driver in Intel Online Connect ...)
+	TODO: check
 CVE-2018-3633
 	RESERVED
 CVE-2018-3632
@@ -19915,8 +19971,8 @@ CVE-2018-3613
 	RESERVED
 CVE-2018-3612 (Intel NUC kits with insufficient input validation in system firmware, ...)
 	NOT-FOR-US: Intel
-CVE-2018-3611
-	RESERVED
+CVE-2018-3611 (Bounds check vulnerability in User Mode Driver in Intel Graphics ...)
+	TODO: check
 CVE-2018-3610 (SEMA driver in Intel Driver and Support Assistant before version 3.1.1 ...)
 	NOT-FOR-US: Intel
 CVE-2017-17968 (A buffer overflow vulnerability in NetTransport.exe in NetTransport ...)
@@ -27139,8 +27195,8 @@ CVE-2018-1133
 	RESERVED
 CVE-2018-1132
 	RESERVED
-CVE-2018-1131
-	RESERVED
+CVE-2018-1131 (Infinispan permits improper deserialization of trusted data via XML ...)
+	TODO: check
 CVE-2018-1130 (Linux kernel before version 4.16-rc7 is vulnerable to a null pointer ...)
 	- linux 4.15.17-1
 	NOTE: Fixed by: https://git.kernel.org/linus/67f93df79aeefc3add4e4b31a752600f834236e2
@@ -27308,8 +27364,7 @@ CVE-2018-1088 (A privilege escalation flaw was found in gluster 3.x snapshot ...
 	NOTE: CVE-2018-1112 causing that auth.allow allows all clients to mount volumes.
 	NOTE: Cf. https://bugzilla.redhat.com/show_bug.cgi?id=1570891
 	NOTE: Needs: https://review.gluster.org/#/c/19899/1..2
-CVE-2018-1087 [error in exception handling leads to wrong debug stack value]
-	RESERVED
+CVE-2018-1087 (kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel ...)
 	{DSA-4196-1}
 	- linux 4.15.17-1
 	NOTE: Fixed by: https://git.kernel.org/linus/32d43cd391bacb5f0814c2624399a5dad3501d09 (4.16-rc7)
@@ -74581,8 +74636,8 @@ CVE-2017-2816 (An exploitable buffer overflow vulnerability exists in the tag pa
 	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0317
 	NOTE: https://github.com/libofx/libofx/commit/a70934eea95c76a7737b83773bffe8738935082d
 	NOTE: https://github.com/libofx/libofx/issues/9
-CVE-2017-2815
-	RESERVED
+CVE-2017-2815 (An exploitable XML entity injection vulnerability exists in OpenFire ...)
+	TODO: check
 CVE-2017-2814 (An exploitable heap overflow vulnerability exists in the image ...)
 	- poppler <unfixed> (unimportant)
 	NOTE: Debian links against libjpeg which is unaffected



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/21ea10b67a5f6e08500b9b53f559e2e8bd1be0bf

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/21ea10b67a5f6e08500b9b53f559e2e8bd1be0bf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180515/7252e491/attachment.html>

More information about the debian-security-tracker-commits mailing list