[Git][security-tracker-team/security-tracker][master] automatic update

Wed May 16 09:10:19 BST 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cc0640f2 by security tracker role at 2018-05-16T08:10:13+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,25 @@
+CVE-2018-11141
+	RESERVED
+CVE-2018-11140
+	RESERVED
+CVE-2018-11139
+	RESERVED
+CVE-2018-11138
+	RESERVED
+CVE-2018-11137
+	RESERVED
+CVE-2018-11136
+	RESERVED
+CVE-2018-11135
+	RESERVED
+CVE-2018-11134
+	RESERVED
+CVE-2018-11133
+	RESERVED
+CVE-2018-11132
+	RESERVED
+CVE-2018-11131
+	RESERVED
 CVE-2018-11130
 	RESERVED
 CVE-2018-11129
@@ -1202,12 +1224,12 @@ CVE-2018-10593
 	RESERVED
 CVE-2018-10592
 	RESERVED
-CVE-2018-10591
-	RESERVED
-CVE-2018-10590
-	RESERVED
-CVE-2018-10589
-	RESERVED
+CVE-2018-10591 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ...)
+	TODO: check
+CVE-2018-10590 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ...)
+	TODO: check
+CVE-2018-10589 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ...)
+	TODO: check
 CVE-2018-10588
 	RESERVED
 CVE-2018-10587
@@ -5459,16 +5481,16 @@ CVE-2018-8847
 	RESERVED
 CVE-2018-8846
 	RESERVED
-CVE-2018-8845
-	RESERVED
+CVE-2018-8845 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ...)
+	TODO: check
 CVE-2018-8844
 	RESERVED
 CVE-2018-8843 (Rockwell Automation Arena versions 16.10.00 and prior contains a use ...)
 	NOT-FOR-US: Rockwell
 CVE-2018-8842
 	RESERVED
-CVE-2018-8841
-	RESERVED
+CVE-2018-8841 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ...)
+	TODO: check
 CVE-2018-8840 (A remote attacker could send a carefully crafted packet in InduSoft ...)
 	NOT-FOR-US: InduSoft
 CVE-2018-8839 (Delta PMSoft versions 2.10 and prior have multiple stack-based buffer ...)
@@ -8924,28 +8946,28 @@ CVE-2018-7507 (WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a
 	NOT-FOR-US: Delta Electronics
 CVE-2018-7506 (The private key of the web server in Moxa MXview versions 2.8 and ...)
 	NOT-FOR-US: Moxa
-CVE-2018-7505
-	RESERVED
+CVE-2018-7505 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ...)
+	TODO: check
 CVE-2018-7504 (A Protection Mechanism Failure issue was discovered in OSIsoft PI ...)
 	NOT-FOR-US: OSIsoft PI
-CVE-2018-7503
-	RESERVED
+CVE-2018-7503 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ...)
+	TODO: check
 CVE-2018-7502 (Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 ...)
 	NOT-FOR-US: Beckhoff TwinCAT
-CVE-2018-7501
-	RESERVED
+CVE-2018-7501 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ...)
+	TODO: check
 CVE-2018-7500 (A Permissions, Privileges, and Access Controls issue was discovered in ...)
 	NOT-FOR-US: OSIsoft PI
-CVE-2018-7499
-	RESERVED
+CVE-2018-7499 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ...)
+	TODO: check
 CVE-2018-7498 (In Philips Alice 6 System version R8.0.2 or prior, the lack of proper ...)
 	NOT-FOR-US: Philips Alice 6 System
-CVE-2018-7497
-	RESERVED
+CVE-2018-7497 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ...)
+	TODO: check
 CVE-2018-7496 (An Information Exposure issue was discovered in OSIsoft PI Vision ...)
 	NOT-FOR-US: OSIsoft PI
-CVE-2018-7495
-	RESERVED
+CVE-2018-7495 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ...)
+	TODO: check
 CVE-2018-7494 (WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a ...)
 	NOT-FOR-US: Delta Electronics
 CVE-2018-7493 (CactusVPN through 6.0 for macOS suffers from a root privilege ...)
@@ -26718,10 +26740,10 @@ CVE-2018-1265
 	RESERVED
 CVE-2018-1264
 	RESERVED
-CVE-2018-1263
-	RESERVED
-CVE-2018-1262
-	RESERVED
+CVE-2018-1263 (Addresses partial fix in CVE-2018-1261. Pivotal ...)
+	TODO: check
+CVE-2018-1262 (Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a ...)
+	TODO: check
 CVE-2018-1261 (Spring-integration-zip versions prior to 1.0.1 exposes an arbitrary ...)
 	TODO: check
 CVE-2018-1260 (Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to ...)
@@ -75216,27 +75238,23 @@ CVE-2017-2615 [display: cirrus: oob access while doing bitblt copy backward mode
 CVE-2017-2614
 	RESERVED
 	NOT-FOR-US: Red Hat ovirt-aaa-jdbc-tool tools
-CVE-2017-2613
-	RESERVED
+CVE-2017-2613 (jenkins before versions 2.44, 2.32.2 is vulnerable to a user creation ...)
 	- jenkins <removed>
 	NOTE: https://jenkins.io/security/advisory/2017-02-01/
-CVE-2017-2612
-	RESERVED
+CVE-2017-2612 (In Jenkins before versions 2.44, 2.32.2 low privilege users were able ...)
 	- jenkins <removed>
 	NOTE: https://jenkins.io/security/advisory/2017-02-01/
 CVE-2017-2611 (Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient ...)
 	- jenkins <removed>
 	NOTE: https://jenkins.io/security/advisory/2017-02-01/
-CVE-2017-2610
-	RESERVED
+CVE-2017-2610 (jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted ...)
 	- jenkins <removed>
 	NOTE: https://jenkins.io/security/advisory/2017-02-01/
 CVE-2017-2609
 	RESERVED
 	- jenkins <removed>
 	NOTE: https://jenkins.io/security/advisory/2017-02-01/
-CVE-2017-2608
-	RESERVED
+CVE-2017-2608 (Jenkins before versions 2.44, 2.32.2 is vulnerable to a remote code ...)
 	- jenkins <removed>
 	NOTE: https://jenkins.io/security/advisory/2017-02-01/
 CVE-2017-2607
@@ -75248,23 +75266,19 @@ CVE-2017-2606 (Jenkins before versions 2.44, 2.32.2 is vulnerable to an informat
 	NOTE: https://jenkins.io/security/advisory/2017-02-01/
 CVE-2017-2605
 	REJECTED
-CVE-2017-2604
-	RESERVED
+CVE-2017-2604 (In Jenkins before versions 2.44, 2.32.2 low privilege users were able ...)
 	- jenkins <removed>
 	NOTE: https://jenkins.io/security/advisory/2017-02-01/
-CVE-2017-2603
-	RESERVED
+CVE-2017-2603 (Jenkins before versions 2.44, 2.32.2 is vulnerable to a user data leak ...)
 	- jenkins <removed>
 	NOTE: https://jenkins.io/security/advisory/2017-02-01/
-CVE-2017-2602
-	RESERVED
+CVE-2017-2602 (jenkins before versions 2.44, 2.32.2 is vulnerable to an improper ...)
 	- jenkins <removed>
 	NOTE: https://jenkins.io/security/advisory/2017-02-01/
 CVE-2017-2601 (Jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted ...)
 	- jenkins <removed>
 	NOTE: https://jenkins.io/security/advisory/2017-02-01/
-CVE-2017-2600
-	RESERVED
+CVE-2017-2600 (In jenkins before versions 2.44, 2.32.2 node monitor data could be ...)
 	- jenkins <removed>
 	NOTE: https://jenkins.io/security/advisory/2017-02-01/
 CVE-2017-2599 (Jenkins before versions 2.44 and 2.32.2 is vulnerable to an ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cc0640f2127325e24b8bdcd8edc7faf0e8458e91

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cc0640f2127325e24b8bdcd8edc7faf0e8458e91
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180516/4809c685/attachment-0001.html>
