[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue May 22 21:10:33 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8961a379 by security tracker role at 2018-05-22T20:10:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,41 @@
+CVE-2018-11384 (The sh_op() function in radare2 2.5.0 allows remote attackers to cause ...)
+ TODO: check
+CVE-2018-11383 (The r_strbuf_fini() function in radare2 2.5.0 allows remote attackers ...)
+ TODO: check
+CVE-2018-11382 (The _inst__sts() function in radare2 2.5.0 allows remote attackers to ...)
+ TODO: check
+CVE-2018-11381 (The string_scan_range() function in radare2 2.5.0 allows remote ...)
+ TODO: check
+CVE-2018-11380 (The parse_import_ptr() function in radare2 2.5.0 allows remote ...)
+ TODO: check
+CVE-2018-11379 (The get_debug_info() function in radare2 2.5.0 allows remote attackers ...)
+ TODO: check
+CVE-2018-11378 (The wasm_dis() function in libr/asm/arch/wasm/wasm.c in or possibly ...)
+ TODO: check
+CVE-2018-11377 (The avr_op_analyze() function in radare2 2.5.0 allows remote attackers ...)
+ TODO: check
+CVE-2018-11376 (The r_read_le32() function in radare2 2.5.0 allows remote attackers to ...)
+ TODO: check
+CVE-2018-11375 (The _inst__lds() function in radare2 2.5.0 allows remote attackers to ...)
+ TODO: check
+CVE-2018-11374
+ RESERVED
+CVE-2018-11373 (iScripts eSwap v2.4 has SQL injection via the "salelistdetailed.php" ...)
+ TODO: check
+CVE-2018-11372 (iScripts eSwap v2.4 has SQL injection via the wishlistdetailed.php User ...)
+ TODO: check
+CVE-2018-11371 (SkyCaiji 1.2 allows CSRF to add an Administrator user. ...)
+ TODO: check
+CVE-2018-11370
+ RESERVED
+CVE-2018-11369 (An issue was discovered in PbootCMS v1.0.9. There is a SQL Injection ...)
+ TODO: check
+CVE-2018-11368
+ RESERVED
+CVE-2018-11367 (An issue was discovered in CppCMS before 1.2.1. There is a denial of ...)
+ TODO: check
+CVE-2018-11366 (init.php in the Loginizer plugin 1.3.8 through 1.3.9 for WordPress has ...)
+ TODO: check
CVE-2018-11365 (sas/readstat_sas7bcat_read.c in libreadstat.a in ReadStat 0.1.1 has an ...)
- r-cran-haven <unfixed> (low)
CVE-2018-11364 (sav_parse_machine_integer_info_record in spss/readstat_sav_read.c in ...)
@@ -72,22 +110,22 @@ CVE-2018-11330 (An issue was discovered in Pluck before 4.7.6. There is authenti
NOT-FOR-US: Pluck CMS
CVE-2018-11329 (The DrugDealer function of a smart contract implementation for Ether ...)
TODO: check
-CVE-2018-11328
- RESERVED
-CVE-2018-11327
- RESERVED
-CVE-2018-11326
- RESERVED
-CVE-2018-11325
- RESERVED
-CVE-2018-11324
- RESERVED
-CVE-2018-11323
- RESERVED
-CVE-2018-11322
- RESERVED
-CVE-2018-11321
- RESERVED
+CVE-2018-11328 (An issue was discovered in Joomla! Core before 3.8.8. Under specific ...)
+ TODO: check
+CVE-2018-11327 (An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks ...)
+ TODO: check
+CVE-2018-11326 (An issue was discovered in Joomla! Core before 3.8.8. Inadequate input ...)
+ TODO: check
+CVE-2018-11325 (An issue was discovered in Joomla! Core before 3.8.8. The web install ...)
+ TODO: check
+CVE-2018-11324 (An issue was discovered in Joomla! Core before 3.8.8. A long running ...)
+ TODO: check
+CVE-2018-11323 (An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks ...)
+ TODO: check
+CVE-2018-11322 (An issue was discovered in Joomla! Core before 3.8.8. Depending on the ...)
+ TODO: check
+CVE-2018-11321 (An issue was discovered in com_fields in Joomla! Core before 3.8.8. ...)
+ TODO: check
CVE-2018-11320 (In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are ...)
NOT-FOR-US: Octopus Deploy
CVE-2018-1000181
@@ -642,8 +680,8 @@ CVE-2018-11095 (The decompileJUMP function in decompile.c in libming through 0.4
NOTE: https://github.com/libming/libming/issues/141
CVE-2018-11094 (An issue was discovered on Intelbras NCLOUD 300 1.0 devices. ...)
NOT-FOR-US: Intelbras NCLOUD
-CVE-2018-11093
- RESERVED
+CVE-2018-11093 (Cross-site scripting (XSS) vulnerability in the Link package for ...)
+ TODO: check
CVE-2018-11092 (An issue was discovered in the Admin Notes plugin 1.1 for MyBB. CSRF ...)
NOT-FOR-US: Admin Notes plugin for MyBB
CVE-2018-11091 (An issue was discovered in MyBiz MyProcureNet 5.0.0. A malicious file ...)
@@ -11258,10 +11296,10 @@ CVE-2018-6965
RESERVED
CVE-2018-6964
RESERVED
-CVE-2018-6963
- RESERVED
-CVE-2018-6962
- RESERVED
+CVE-2018-6963 (VMware Workstation (14.x before 14.1.2) and Fusion (10.x before ...)
+ TODO: check
+CVE-2018-6962 (VMware Fusion (10.x before 10.1.2) contains a signature bypass ...)
+ TODO: check
CVE-2018-6961
RESERVED
CVE-2018-6960 (VMware Horizon DaaS (7.x before 8.0.0) contains a broken ...)
@@ -12732,12 +12770,12 @@ CVE-2018-6496
RESERVED
CVE-2018-6495
RESERVED
-CVE-2018-6494
- RESERVED
-CVE-2018-6493
- RESERVED
-CVE-2018-6492
- RESERVED
+CVE-2018-6494 (Remote SQL Injection against the HP Service Manager Software Web Tier, ...)
+ TODO: check
+CVE-2018-6493 (SQL Injection in HP Network Operations Management Ultimate, version ...)
+ TODO: check
+CVE-2018-6492 (Persistent Cross-Site Scripting, and non-persistent HTML Injection in ...)
+ TODO: check
CVE-2018-6491 (Local Escalation of Privilege vulnerability to Micro Focus Universal ...)
NOT-FOR-US: Micro Focus Universal CMDB
CVE-2018-6490 (Denial of Service vulnerability in Micro Focus Operations ...)
@@ -13084,8 +13122,8 @@ CVE-2018-6380 (In Joomla! before 3.8.4, lack of escaping in the module chromes l
NOT-FOR-US: Joomla!
CVE-2018-6379 (In Joomla! before 3.8.4, inadequate input filtering in the Uri class ...)
NOT-FOR-US: Joomla!
-CVE-2018-6378
- RESERVED
+CVE-2018-6378 (In Joomla! Core before 3.8.8, inadequate filtering of file and folder ...)
+ TODO: check
CVE-2018-6377 (In Joomla! before 3.8.4, inadequate input filtering in com_fields leads ...)
NOT-FOR-US: Joomla!
CVE-2018-6376 (In Joomla! before 3.8.4, the lack of type casting of a variable in a ...)
@@ -20570,15 +20608,13 @@ CVE-2018-3642
RESERVED
CVE-2018-3641 (Escalation of privilege in all versions of the Intel Remote Keyboard ...)
NOT-FOR-US: Intel
-CVE-2018-3640 [Spectre V3a]
- RESERVED
+CVE-2018-3640 (Systems with microprocessors utilizing speculative execution and that ...)
- intel-microcode <unfixed>
- amd64-microcode <unfixed>
NOTE: https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
NOTE: No software mitigations planned to be implemented in src:linux
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html
-CVE-2018-3639 [Speculative Store Bypass]
- RESERVED
+CVE-2018-3639 (Systems with microprocessors utilizing speculative execution and ...)
- intel-microcode <unfixed>
- amd64-microcode <unfixed>
- linux <unfixed>
@@ -25960,8 +25996,8 @@ CVE-2018-1585
RESERVED
CVE-2018-1584
RESERVED
-CVE-2018-1583
- RESERVED
+CVE-2018-1583 (IBM StoredIQ 7.6 could allow an authenticated attacker to bypass ...)
+ TODO: check
CVE-2018-1582
RESERVED
CVE-2018-1581
@@ -27881,6 +27917,7 @@ CVE-2018-1127
NOT-FOR-US: tendrl-api
CVE-2018-1126 [0035-proc-alloc.-Use-size_t-not-unsigned-int.patch]
RESERVED
+ {DSA-4208-1}
- procps 2:3.3.15-1 (bug #899170)
NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
NOTE: https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
@@ -27888,6 +27925,7 @@ CVE-2018-1126 [0035-proc-alloc.-Use-size_t-not-unsigned-int.patch]
NOTE: https://gitlab.com/procps-ng/procps/commit/f1077b7a558a5545837aae068422e58f1f9b1d33
CVE-2018-1125 [0008-pgrep-Prevent-a-potential-stack-based-buffer-overflo.patch]
RESERVED
+ {DSA-4208-1}
- procps 2:3.3.15-1 (bug #899170)
NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
NOTE: https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
@@ -27895,6 +27933,7 @@ CVE-2018-1125 [0008-pgrep-Prevent-a-potential-stack-based-buffer-overflo.patch]
NOTE: https://gitlab.com/procps-ng/procps/commit/b51ca2a1f8ca779f7632ade6a0a259ed882fa584
CVE-2018-1124 [Local Privilege Escalation in libprocps]
RESERVED
+ {DSA-4208-1}
- procps 2:3.3.15-1 (bug #899170)
NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
NOTE: https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
@@ -27902,6 +27941,7 @@ CVE-2018-1124 [Local Privilege Escalation in libprocps]
NOTE: https://gitlab.com/procps-ng/procps/commit/36c350f07c75aabf747fb833f52a234ae5781b20
CVE-2018-1123 [Denial of Service in ps]
RESERVED
+ {DSA-4208-1}
- procps 2:3.3.15-1 (bug #899170)
NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
NOTE: https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
@@ -27909,6 +27949,7 @@ CVE-2018-1123 [Denial of Service in ps]
NOTE: https://gitlab.com/procps-ng/procps/commit/136e3724952827bbae8887a42d9d2b6f658a48ab
CVE-2018-1122 [Local Privilege Escalation in top]
RESERVED
+ {DSA-4208-1}
- procps 2:3.3.15-1 (bug #899170)
NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
NOTE: https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
@@ -27983,6 +28024,7 @@ CVE-2018-1107
RESERVED
NOT-FOR-US: is-my-json-valid package for Node.js
CVE-2018-1106 (An authentication bypass flaw has been found in PackageKit before ...)
+ {DSA-4207-1}
- packagekit 1.1.10-1 (bug #896703)
[jessie] - packagekit <not-affected> (Issue introduced later)
[wheezy] - packagekit <not-affected> (Issue introduced later)
@@ -75892,8 +75934,7 @@ CVE-2017-2618 [selinux: fix off-by-one in setprocattr]
- linux 4.9.10-1
[wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: Fixed by: https://github.com/torvalds/linux/commit/0c461cb727d146c9ef2d3e86214f498b78b7d125
-CVE-2017-2617
- RESERVED
+CVE-2017-2617 (hawtio before version 1.5.5 is vulnerable to remote code execution via ...)
NOT-FOR-US: hawtio
CVE-2017-2616 [Sending SIGKILL to other processes with root privileges via su]
RESERVED
@@ -75926,8 +75967,7 @@ CVE-2017-2611 (Jenkins before versions 2.44, 2.32.2 is vulnerable to an insuffic
CVE-2017-2610 (jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted ...)
- jenkins <removed>
NOTE: https://jenkins.io/security/advisory/2017-02-01/
-CVE-2017-2609
- RESERVED
+CVE-2017-2609 (jenkins before versions 2.44, 2.32.2 is vulnerable to an information ...)
- jenkins <removed>
NOTE: https://jenkins.io/security/advisory/2017-02-01/
CVE-2017-2608 (Jenkins before versions 2.44, 2.32.2 is vulnerable to a remote code ...)
@@ -84681,8 +84721,7 @@ CVE-2016-8661 (Little Snitch version 3.0 through 3.6.1 suffer from a buffer over
CVE-2016-8657
RESERVED
NOT-FOR-US: Red Hat JBoss; jbossas Red Hat configuration file permissions and init script
-CVE-2016-8656
- RESERVED
+CVE-2016-8656 (Jboss jbossas before versions 5.2.0-23, 6.4.13, 7.0.5 is vulnerable to ...)
NOT-FOR-US: Red Hat JBoss; jbossas init script
CVE-2016-8655 (Race condition in net/packet/af_packet.c in the Linux kernel through ...)
{DLA-772-1}
@@ -114546,8 +114585,8 @@ CVE-2015-8096 (Integer overflow in Google Picasa 3.9.140 Build 239 and Build 248
NOT-FOR-US: Google Picasa
CVE-2015-8095 (The recycle bin feature in the Monster Menus module 7.x-1.21 before ...)
NOT-FOR-US: Monster Menus module for Drupal
-CVE-2015-8094
- RESERVED
+CVE-2015-8094 (Open redirect vulnerability in Cloudera HUE before 3.10.0 allows ...)
+ TODO: check
CVE-2015-8093
RESERVED
CVE-2015-8092
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8961a3794a3ad63653f402553a4b0e94c94e4748
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8961a3794a3ad63653f402553a4b0e94c94e4748
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180522/98fd18ad/attachment.html>
More information about the debian-security-tracker-commits
mailing list