[Git][security-tracker-team/security-tracker][master] automatic update

Tue May 22 09:10:30 BST 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0b477b51 by security tracker role at 2018-05-22T08:10:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,5 +1,77 @@
-CVE-2018-11329
+CVE-2018-11365 (sas/readstat_sas7bcat_read.c in libreadstat.a in ReadStat 0.1.1 has an ...)
+	TODO: check
+CVE-2018-11364 (sav_parse_machine_integer_info_record in spss/readstat_sav_read.c in ...)
+	TODO: check
+CVE-2018-11363 (jpeg_size in pdfgen.c in PDFGen before 2018-04-09 has a heap-based ...)
+	TODO: check
+CVE-2018-11362
+	RESERVED
+CVE-2018-11361
+	RESERVED
+CVE-2018-11360
+	RESERVED
+CVE-2018-11359
+	RESERVED
+CVE-2018-11358
+	RESERVED
+CVE-2018-11357
+	RESERVED
+CVE-2018-11356
+	RESERVED
+CVE-2018-11355
+	RESERVED
+CVE-2018-11354
+	RESERVED
+CVE-2018-11353
+	RESERVED
+CVE-2018-11352
+	RESERVED
+CVE-2018-11351
+	RESERVED
+CVE-2018-11350
+	RESERVED
+CVE-2018-11349
+	RESERVED
+CVE-2018-11348
+	RESERVED
+CVE-2018-11347
+	RESERVED
+CVE-2018-11346 (An insecure direct object reference vulnerability in download.cgi in ...)
+	TODO: check
+CVE-2018-11345 (An unrestricted file upload vulnerability in upload.cgi in ASUSTOR ...)
+	TODO: check
+CVE-2018-11344 (A path traversal vulnerability in download.cgi in ASUSTOR AS6202T ADM ...)
+	TODO: check
+CVE-2018-11343 (A persistent cross site scripting vulnerability in playlistmanger.cgi ...)
+	TODO: check
+CVE-2018-11342 (A path traversal vulnerability in fileExplorer.cgi in ASUSTOR AS6202T ...)
+	TODO: check
+CVE-2018-11341 (Directory traversal in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 ...)
+	TODO: check
+CVE-2018-11340 (An unrestricted file upload vulnerability in importuser.cgi in ASUSTOR ...)
+	TODO: check
+CVE-2018-11339 (An XSS issue was discovered in Frappe ERPNext v11.x.x-develop b1036e5 ...)
+	TODO: check
+CVE-2018-11338
+	RESERVED
+CVE-2018-11337
+	RESERVED
+CVE-2018-11336
+	RESERVED
+CVE-2018-11335
+	RESERVED
+CVE-2018-11334
+	RESERVED
+CVE-2018-11333
 	RESERVED
+CVE-2018-11332
+	RESERVED
+CVE-2018-11331 (An issue was discovered in Pluck before 4.7.6. Remote PHP code ...)
+	TODO: check
+CVE-2018-11330 (An issue was discovered in Pluck before 4.7.6. There is authenticated ...)
+	TODO: check
+CVE-2018-11329 (The DrugDealer function of a smart contract implementation for Ether ...)
+	TODO: check
 CVE-2018-11328
 	RESERVED
 CVE-2018-11327
@@ -7981,15 +8053,13 @@ CVE-2018-8014 (The defaults settings for the CORS filter provided in Apache Tomc
 	NOTE: for their einvironment rather than using it in the default configuration
 CVE-2018-8013
 	RESERVED
-CVE-2018-8012 [Quorum Peer mutual authentication]
-	RESERVED
+CVE-2018-8012 (No authentication/authorization is enforced when a server attempts to ...)
 	- zookeeper 3.4.10-2
 	NOTE: https://issues.apache.org/jira/browse/ZOOKEEPER-1045
 	NOTE: http://www.openwall.com/lists/oss-security/2018/05/21/6
 CVE-2018-8011
 	RESERVED
-CVE-2018-8010 [XXE vulnerability due to Apache Solr configset upload]
-	RESERVED
+CVE-2018-8010 (This vulnerability in Apache Solr 6.0.0 to 6.6.3, 7.0.0 to 7.3.0 ...)
 	- lucene-solr <not-affected> (Do not allow to upload configsets via the API)
 	NOTE: Versions 5.x and earlier are not affected by the vulnerability, since
 	NOTE: those versions do not allow to upload configsets via the API.
@@ -8835,8 +8905,8 @@ CVE-2018-7689
 	RESERVED
 CVE-2018-7688
 	RESERVED
-CVE-2018-7687
-	RESERVED
+CVE-2018-7687 (The Micro Focus Client for OES before version 2 SP4 IR8a has a ...)
+	TODO: check
 CVE-2018-7686
 	RESERVED
 CVE-2018-7685
@@ -27889,8 +27959,7 @@ CVE-2018-1109
 	NOTE: https://snyk.io/vuln/npm:braces:20180219
 	NOTE: https://github.com/micromatch/braces/commit/abdafb0cae1e0c00f184abbadc692f4eaa98f451
 	NOTE: nodejs not covered by security support
-CVE-2018-1108 [random: fix crng_ready() test]
-	RESERVED
+CVE-2018-1108 (kernel drivers before version 4.17-rc1 are vulnerable to a weakness in ...)
 	- linux 4.16.5-1
 	[jessie] - linux <not-affected> (Vulnerable code not present)
 	[wheezy] - linux <not-affected> (Vulnerable code not present)
@@ -75850,8 +75919,7 @@ CVE-2017-2609
 CVE-2017-2608 (Jenkins before versions 2.44, 2.32.2 is vulnerable to a remote code ...)
 	- jenkins <removed>
 	NOTE: https://jenkins.io/security/advisory/2017-02-01/
-CVE-2017-2607
-	RESERVED
+CVE-2017-2607 (jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted ...)
 	- jenkins <removed>
 	NOTE: https://jenkins.io/security/advisory/2017-02-01/
 CVE-2017-2606 (Jenkins before versions 2.44, 2.32.2 is vulnerable to an information ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0b477b51717be96f672686261e01646a4479b333

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0b477b51717be96f672686261e01646a4479b333
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180522/551e5b11/attachment.html>
