[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed May 16 21:10:36 BST 2018


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
356c6b07 by security tracker role at 2018-05-16T20:10:28+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,151 @@
+CVE-2018-11215
+	RESERVED
+CVE-2018-11214 (An issue was discovered in libjpeg 9a. The get_text_rgb_row function in ...)
+	TODO: check
+CVE-2018-11213 (An issue was discovered in libjpeg 9a. The get_text_gray_row function ...)
+	TODO: check
+CVE-2018-11212 (An issue was discovered in libjpeg 9a. The alloc_sarray function in ...)
+	TODO: check
+CVE-2018-11211
+	RESERVED
+CVE-2018-11210 (TinyXML2 6.2.0 has a heap-based buffer over-read in the ...)
+	TODO: check
+CVE-2018-11209 (** DISPUTED ** An issue was discovered in Z-BlogPHP 2.0.0. ...)
+	TODO: check
+CVE-2018-11208 (** DISPUTED ** An issue was discovered in Z-BlogPHP 2.0.0. There is a ...)
+	TODO: check
+CVE-2018-11207 (A division by zero was discovered in H5D__chunk_init in H5Dchunk.c in ...)
+	TODO: check
+CVE-2018-11206 (A out of bounds read was discovered in H5O_fill_new_decode and ...)
+	TODO: check
+CVE-2018-11205 (A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the ...)
+	TODO: check
+CVE-2018-11204 (A NULL pointer dereference was discovered in H5O__chunk_deserialize in ...)
+	TODO: check
+CVE-2018-11203 (A division by zero was discovered in H5D__btree_decode_key in ...)
+	TODO: check
+CVE-2018-11202 (A NULL pointer dereference was discovered in H5S_hyper_make_spans in ...)
+	TODO: check
+CVE-2018-11201
+	RESERVED
+CVE-2018-11200
+	RESERVED
+CVE-2018-11199
+	RESERVED
+CVE-2018-11198
+	RESERVED
+CVE-2018-11197
+	RESERVED
+CVE-2018-11196
+	RESERVED
+CVE-2018-11195
+	RESERVED
+CVE-2018-11194
+	RESERVED
+CVE-2018-11193
+	RESERVED
+CVE-2018-11192
+	RESERVED
+CVE-2018-11191
+	RESERVED
+CVE-2018-11190
+	RESERVED
+CVE-2018-11189
+	RESERVED
+CVE-2018-11188
+	RESERVED
+CVE-2018-11187
+	RESERVED
+CVE-2018-11186
+	RESERVED
+CVE-2018-11185
+	RESERVED
+CVE-2018-11184
+	RESERVED
+CVE-2018-11183
+	RESERVED
+CVE-2018-11182
+	RESERVED
+CVE-2018-11181
+	RESERVED
+CVE-2018-11180
+	RESERVED
+CVE-2018-11179
+	RESERVED
+CVE-2018-11178
+	RESERVED
+CVE-2018-11177
+	RESERVED
+CVE-2018-11176
+	RESERVED
+CVE-2018-11175
+	RESERVED
+CVE-2018-11174
+	RESERVED
+CVE-2018-11173
+	RESERVED
+CVE-2018-11172
+	RESERVED
+CVE-2018-11171
+	RESERVED
+CVE-2018-11170
+	RESERVED
+CVE-2018-11169
+	RESERVED
+CVE-2018-11168
+	RESERVED
+CVE-2018-11167
+	RESERVED
+CVE-2018-11166
+	RESERVED
+CVE-2018-11165
+	RESERVED
+CVE-2018-11164
+	RESERVED
+CVE-2018-11163
+	RESERVED
+CVE-2018-11162
+	RESERVED
+CVE-2018-11161
+	RESERVED
+CVE-2018-11160
+	RESERVED
+CVE-2018-11159
+	RESERVED
+CVE-2018-11158
+	RESERVED
+CVE-2018-11157
+	RESERVED
+CVE-2018-11156
+	RESERVED
+CVE-2018-11155
+	RESERVED
+CVE-2018-11154
+	RESERVED
+CVE-2018-11153
+	RESERVED
+CVE-2018-11152
+	RESERVED
+CVE-2018-11151
+	RESERVED
+CVE-2018-11150
+	RESERVED
+CVE-2018-11149
+	RESERVED
+CVE-2018-11148
+	RESERVED
+CVE-2018-11147
+	RESERVED
+CVE-2018-11146
+	RESERVED
+CVE-2018-11145
+	RESERVED
+CVE-2018-11144
+	RESERVED
+CVE-2018-11143
+	RESERVED
+CVE-2018-11142
+	RESERVED
 CVE-2018-11141
 	RESERVED
 CVE-2018-11140
@@ -700,8 +848,8 @@ CVE-2018-10812 (The Bitpie application through 3.2.4 for Android and iOS uses cl
 	NOT-FOR-US: Bitpie application for Android and iOS
 CVE-2018-10811
 	RESERVED
-CVE-2018-10810
-	RESERVED
+CVE-2018-10810 (chat/mobile/index.php in LiveZilla Live Chat 7.0.9.5 and prior is ...)
+	TODO: check
 CVE-2018-10809 (In 2345 Security Guard 3.7, the driver file (2345NetFirewall.sys) ...)
 	NOT-FOR-US: 2345 Security Guard
 CVE-2018-10808
@@ -721,6 +869,7 @@ CVE-2018-10803 (Cross-site scripting (XSS) vulnerability in the add credentials 
 	NOT-FOR-US: Zoho ManageEngine NetFlow Analyzer
 CVE-2018-1000301 [RTSP bad headers buffer over-read]
 	RESERVED
+	{DSA-4202-1 DLA-1379-1}
 	- curl <unfixed> (bug #898856)
 	NOTE: https://curl.haxx.se/docs/adv_2018-b138.html
 CVE-2018-1000300 [FTP shutdown response buffer overflow]
@@ -853,10 +1002,10 @@ CVE-2018-10762
 	RESERVED
 CVE-2018-10761
 	RESERVED
-CVE-2018-10760
-	RESERVED
-CVE-2018-10759
-	RESERVED
+CVE-2018-10760 (Unrestricted file upload vulnerability in the Files plugin in ...)
+	TODO: check
+CVE-2018-10759 (PHP remote file inclusion vulnerability in public/patch/patch.php in ...)
+	TODO: check
 CVE-2018-XXXX [Checker config files allow arbitrary code execution scenarios]
 	- vim-syntastic 3.9.0-1 (bug #894736)
 	NOTE: https://github.com/vim-syntastic/syntastic/issues/2170
@@ -909,14 +1058,14 @@ CVE-2018-10740 (Axublog 1.1.0 allows remote Code Execution as demonstrated by in
 	NOT-FOR-US: Axublog
 CVE-2018-10739 (An issue was discovered in Shanghai 2345 Security Guard 3.7.0. ...)
 	NOT-FOR-US: Shanghai 2345 Security Guard
-CVE-2018-10738
-	RESERVED
-CVE-2018-10737
-	RESERVED
-CVE-2018-10736
-	RESERVED
-CVE-2018-10735
-	RESERVED
+CVE-2018-10738 (A SQL injection issue was discovered in Nagios XI before 5.4.13 via the ...)
+	TODO: check
+CVE-2018-10737 (A SQL injection issue was discovered in Nagios XI before 5.4.13 via the ...)
+	TODO: check
+CVE-2018-10736 (A SQL injection issue was discovered in Nagios XI before 5.4.13 via the ...)
+	TODO: check
+CVE-2018-10735 (A SQL injection issue was discovered in Nagios XI before 5.4.13 via the ...)
+	TODO: check
 CVE-2018-10734 (KONGTOP DVR devices A303, A403, D303, D305, and D403 contain a ...)
 	NOT-FOR-US: KONGTOP DVR devices
 CVE-2018-10733 (There is a heap-based buffer over-read in the function ...)
@@ -2103,10 +2252,10 @@ CVE-2014-10073 (The create_response function in server/server.c in Psensor befor
 	- psensor 1.1.5-1 (low; bug #896195)
 	[jessie] - psensor <no-dsa> (Minor issue)
 	NOTE: http://git.wpitchoune.net/gitweb/?p=psensor.git;a=commitdiff;h=8b10426dcc0246c1712a99460dd470dcb1cc4d9c
-CVE-2018-10241
-	RESERVED
-CVE-2018-10240
-	RESERVED
+CVE-2018-10241 (A denial of service vulnerability in SolarWinds Serv-U before 15.1.6 ...)
+	TODO: check
+CVE-2018-10240 (SolarWinds Serv-U MFT before 15.1.6 HFv1 assigns authenticated users a ...)
+	TODO: check
 CVE-2018-10239
 	RESERVED
 CVE-2018-10238 (bvlc.c in skarg BACnet Protocol Stack 0.8.5 has a buffer overflow in ...)
@@ -2417,8 +2566,8 @@ CVE-2018-10126 (LibTIFF 4.0.9 has a NULL pointer dereference in the jpeg_fdct_16
 	NOTE: Crash in CLI tool, no security impact
 CVE-2018-10125
 	RESERVED
-CVE-2018-10123
-	RESERVED
+CVE-2018-10123 (p910nd on Inteno IOPSYS 2.0 through 4.2.0 allows remote attackers to ...)
+	TODO: check
 CVE-2018-10122 (QingDao Nature Easy Soft Chanzhi Enterprise Portal System (aka ...)
 	NOT-FOR-US: QingDao Nature Easy Soft Chanzhi Enterprise Portal System
 CVE-2018-10121 (plugins/box/pages/pages.admin.php in Monstra CMS 3.0.4 has a stored XSS ...)
@@ -7456,8 +7605,7 @@ CVE-2018-8016
 	RESERVED
 CVE-2018-8015
 	RESERVED
-CVE-2018-8014 [Insecure defaults for CORS filter]
-	RESERVED
+CVE-2018-8014 (The defaults settings for the CORS filter provided in Apache Tomcat ...)
 	- tomcat9 <itp> (bug #802312)
 	- tomcat8 <unfixed>
 	- tomcat8.0 <unfixed> (unimportant)
@@ -15924,8 +16072,8 @@ CVE-2018-5233 (Cross-site scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: Grav CMS admin plugin
 CVE-2018-5232
 	RESERVED
-CVE-2018-5231
-	RESERVED
+CVE-2018-5231 (The ForgotLoginDetails resource in Atlassian Jira before version ...)
+	TODO: check
 CVE-2018-5230 (The issue collector in Atlassian Jira before version 7.6.6, from ...)
 	NOT-FOR-US: Atlassian
 CVE-2018-5229
@@ -17111,8 +17259,8 @@ CVE-2018-4852
 	RESERVED
 CVE-2018-4851
 	RESERVED
-CVE-2018-4850
-	RESERVED
+CVE-2018-4850 (A vulnerability has been identified in SIMATIC S7-400 (incl. F) CPU ...)
+	TODO: check
 CVE-2018-4849 (A vulnerability has been identified in Siveillance VMS Video for ...)
 	NOT-FOR-US: Siveillance VMS Video
 CVE-2018-4848
@@ -23754,8 +23902,7 @@ CVE-2017-17691
 	RESERVED
 CVE-2017-17690
 	RESERVED
-CVE-2017-17689 [S/MIME CBC gadget attacks]
-	RESERVED
+CVE-2017-17689 (The S/MIME specification allows a Cipher Block Chaining (CBC) ...)
 	- thunderbird <unfixed> (bug #898631)
 	- evolution <unfixed> (bug #898633)
 	- kmail <unfixed> (bug #898634)
@@ -23763,8 +23910,7 @@ CVE-2017-17689 [S/MIME CBC gadget attacks]
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=796135 
 	NOTE: https://dot.kde.org/2018/05/15/efail-and-kmail
 	TODO: check all clients
-CVE-2017-17688 [OpenPGP CFB gadget attacks]
-	RESERVED
+CVE-2017-17688 (** DISPUTED ** The OpenPGP specification allows a Cipher Feedback Mode ...)
 	- enigmail <unfixed> (bug #898630)
 	NOTE: vulnerability is in the clients handling, not in OpenPGP
 	NOTE: https://efail.de
@@ -60060,7 +60206,8 @@ CVE-2017-7475 (Cairo version 1.15.4 is vulnerable to a NULL pointer dereference 
 	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=100763
 CVE-2017-7474 (It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not ...)
 	NOT-FOR-US: Keycloak
-CVE-2017-7473 (Ansible versions 2.2.3 and earlier are vulnerable to an information ...)
+CVE-2017-7473
+	REJECTED
 	- ansible <unfixed> (unimportant; bug #863583)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1440912
 	NOTE: Upstream issue is https://github.com/ansible/ansible/issues/22505



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/356c6b07ac4d3e14c5f426bd7f3792aab45d8b4a

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/356c6b07ac4d3e14c5f426bd7f3792aab45d8b4a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180516/12fa3e14/attachment.html>


More information about the debian-security-tracker-commits mailing list