[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu May 24 21:10:29 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5a549485 by security tracker role at 2018-05-24T20:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,12 +1,22 @@
-CVE-2018-11412 [Linux ext4: out-of-bounds memcpy via non-inline system.data xattr]
+CVE-2018-11417
+ RESERVED
+CVE-2018-11416
+ RESERVED
+CVE-2018-11415 (SAP Internet Transaction Server (ITS) 6200.X.X has Reflected Cross Site ...)
+ TODO: check
+CVE-2018-11414 (An issue was discovered in BearAdmin 0.5. There is ...)
+ TODO: check
+CVE-2018-11413 (An issue was discovered in BearAdmin 0.5. Remote attackers can download ...)
+ TODO: check
+CVE-2018-11412 (In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in ...)
- linux <unfixed>
[stretch] - linux <not-affected> (Introduced in e50e5129f384 in 4.13)
[jessie] - linux <not-affected> (Introduced in e50e5129f384 in 4.13)
[wheezy] - linux <not-affected> (Introduced in e50e5129f384 in 4.13)
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1580
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199803
-CVE-2018-11411
- RESERVED
+CVE-2018-11411 (The transferFrom function of a smart contract implementation for ...)
+ TODO: check
CVE-2018-11410 (An issue was discovered in Liblouis 3.5.0. A invalid free in the ...)
- liblouis <unfixed> (bug #899999)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1582024
@@ -243,8 +253,8 @@ CVE-2018-11334 (Windscribe 1.81 creates a named pipe with a NULL DACL that allow
NOT-FOR-US: Windscribe
CVE-2018-11333
RESERVED
-CVE-2018-11332
- RESERVED
+CVE-2018-11332 (Stored cross-site scripting (XSS) vulnerability in the "Site Name" ...)
+ TODO: check
CVE-2018-11331 (An issue was discovered in Pluck before 4.7.6. Remote PHP code ...)
NOT-FOR-US: Pluck CMS
CVE-2018-11330 (An issue was discovered in Pluck before 4.7.6. There is authenticated ...)
@@ -1456,13 +1466,11 @@ CVE-2018-10804 (ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFF
NOTE: https://github.com/ImageMagick/ImageMagick/commit/052f6c22d3a2b2aae9dfa24aff9ccdf8b72ace91
CVE-2018-10803 (Cross-site scripting (XSS) vulnerability in the add credentials ...)
NOT-FOR-US: Zoho ManageEngine NetFlow Analyzer
-CVE-2018-1000301 [RTSP bad headers buffer over-read]
- RESERVED
+CVE-2018-1000301 (curl version curl 7.20.0 to and including curl 7.59.0 contains a ...)
{DSA-4202-1 DLA-1379-1}
- curl 7.60.0-1 (bug #898856)
NOTE: https://curl.haxx.se/docs/adv_2018-b138.html
-CVE-2018-1000300 [FTP shutdown response buffer overflow]
- RESERVED
+CVE-2018-1000300 (curl version curl 7.54.1 to and including curl 7.59.0 contains a ...)
- curl 7.60.0-1
[stretch] - curl <not-affected> (Vulnerable code introduced in 7.54.1)
[jessie] - curl <not-affected> (Vulnerable code introduced in 7.54.1)
@@ -1968,12 +1976,12 @@ CVE-2018-10597
RESERVED
CVE-2018-10596
RESERVED
-CVE-2018-10595
- RESERVED
+CVE-2018-10595 (A vulnerability in ReadA version 1.1.0.2 and previous allows an ...)
+ TODO: check
CVE-2018-10594
RESERVED
-CVE-2018-10593
- RESERVED
+CVE-2018-10593 (A vulnerability in DB Manager version 3.0.1.0 and previous and ...)
+ TODO: check
CVE-2018-10592
RESERVED
CVE-2018-10591 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ...)
@@ -3039,8 +3047,7 @@ CVE-2018-10183 (An issue was discovered in BigTree 4.2.22. There is cross-site .
NOT-FOR-US: BigTree CMS
CVE-2018-10182
RESERVED
-CVE-2018-1000199 [ptrace() incorrect error handling leads to corruption and DoS]
- RESERVED
+CVE-2018-1000199 (The Linux Kernel version 3.18 contains a dangerous feature ...)
{DSA-4188-1 DSA-4187-1 DLA-1369-1}
- linux 4.15.17-1
NOTE: Fixed by: https://git.kernel.org/linus/f67b15037a7a50c57f72e69a6d59941ad90a0f0f
@@ -3677,8 +3684,8 @@ CVE-2018-9922 (An issue was discovered in idreamsoft iCMS through 7.0.7. Physica
NOT-FOR-US: idreamsoft iCMS
CVE-2018-9921 (In CMS Made Simple 2.2.7, a Directory Traversal issue makes it possible ...)
NOT-FOR-US: CMS Made Simple
-CVE-2018-9920
- RESERVED
+CVE-2018-9920 (Server side request forgery exists in the runtime application in K2 ...)
+ TODO: check
CVE-2018-9919 (A web-accessible backdoor, with resultant SSRF, exists in Tp-shop ...)
NOT-FOR-US: Tp-shop
CVE-2018-9918 (libqpdf.a in QPDF through 8.0.2 mishandles certain "expected dictionary ...)
@@ -4978,8 +4985,7 @@ CVE-2018-9312
RESERVED
CVE-2018-9311
RESERVED
-CVE-2018-1000155 [Denial of Service, Improper Authentication and Authorization, and Covert Channel in the OpenFlow handshake]
- RESERVED
+CVE-2018-1000155 (OpenFlow version 1.0 onwards contains a Denial of Service and Improper ...)
NOT-FOR-US: Flaw in the OpenFlow protocol
CVE-2018-1000154 (Zammad GmbH Zammad version 2.3.0 and earlier contains a Improper ...)
NOT-FOR-US: Zammad GmbH Zammad
@@ -8278,8 +8284,7 @@ CVE-2018-8014 (The defaults settings for the CORS filter provided in Apache Tomc
NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=62343
NOTE: It is expected that users of the CORS filter will have configured it appropriately
NOTE: for their einvironment rather than using it in the default configuration
-CVE-2018-8013 [Apache Batik information disclosure vulnerability]
- RESERVED
+CVE-2018-8013 (In Apache Batik 1.x before 1.10, when deserializing subclass of ...)
- batik <unfixed> (bug #899374)
CVE-2018-8012 (No authentication/authorization is enforced when a server attempts to ...)
- zookeeper 3.4.10-2 (bug #899332)
@@ -8450,8 +8455,8 @@ CVE-2018-7944
RESERVED
CVE-2018-7943
RESERVED
-CVE-2018-7942
- RESERVED
+CVE-2018-7942 (The iBMC (Intelligent Baseboard Management Controller) of some Huawei ...)
+ TODO: check
CVE-2018-7941 (Huawei iBMC V200R002C60 have an authentication bypass vulnerability. A ...)
NOT-FOR-US: Huawei
CVE-2018-7940 (Huawei smart phones Mate 10 and Mate 10 Pro with earlier versions than ...)
@@ -8526,12 +8531,12 @@ CVE-2018-7906
RESERVED
CVE-2018-7905
RESERVED
-CVE-2018-7904
- RESERVED
-CVE-2018-7903
- RESERVED
-CVE-2018-7902
- RESERVED
+CVE-2018-7904 (Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON ...)
+ TODO: check
+CVE-2018-7903 (Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON ...)
+ TODO: check
+CVE-2018-7902 (Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON ...)
+ TODO: check
CVE-2018-7901 (RCS module in Huawei ALP-AL00B smart phones with software versions ...)
NOT-FOR-US: Huawei
CVE-2018-7900
@@ -12642,16 +12647,16 @@ CVE-2018-6587 (CA API Developer Portal 3.5 up to and including 3.5 CR6 has a ...
NOT-FOR-US: CA API Developer Portal
CVE-2018-6586 (CA API Developer Portal 3.5 up to and including 3.5 CR6 has a stored ...)
NOT-FOR-US: CA API Developer Portal
-CVE-2018-1000040
- RESERVED
-CVE-2018-1000039
- RESERVED
-CVE-2018-1000038
- RESERVED
-CVE-2018-1000037
- RESERVED
-CVE-2018-1000036
- RESERVED
+CVE-2018-1000040 (In MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs ...)
+ TODO: check
+CVE-2018-1000039 (In MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the ...)
+ TODO: check
+CVE-2018-1000038 (In MuPDF 1.12.0 and earlier, a stack buffer overflow in function ...)
+ TODO: check
+CVE-2018-1000037 (In MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF ...)
+ TODO: check
+CVE-2018-1000036 (In MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser ...)
+ TODO: check
CVE-2018-1000035 (A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 ...)
- unzip <unfixed> (bug #889838)
[stretch] - unzip <no-dsa> (Harmless crash, builds with fortified source)
@@ -16034,12 +16039,12 @@ CVE-2018-5489
RESERVED
CVE-2018-5488
RESERVED
-CVE-2018-5487
- RESERVED
+CVE-2018-5487 (NetApp OnCommand Unified Manager for Linux versions 7.2 through 7.3 ...)
+ TODO: check
CVE-2018-5486 (NetApp OnCommand Unified Manager for Linux versions 7.2 though 7.3 ...)
NOT-FOR-US: NetApp OnCommand Unified Manager for Linux
-CVE-2018-5485
- RESERVED
+CVE-2018-5485 (NetApp OnCommand Unified Manager for Windows versions 7.2 through 7.3 ...)
+ TODO: check
CVE-2018-5484
RESERVED
CVE-2018-5483
@@ -28686,8 +28691,8 @@ CVE-2017-17317
RESERVED
CVE-2017-17316
RESERVED
-CVE-2017-17315
- RESERVED
+CVE-2017-17315 (Huawei DP300 V500R002C00; RP200 V600R006C00; TE30 V100R001C10; ...)
+ TODO: check
CVE-2017-17314 (Huawei DP300 V500R002C00, RP200 V600R006C00, TE30 V100R001C10, ...)
NOT-FOR-US: Huawei
CVE-2017-17313 (The inputhub driver of HUAWEI P9 Lite mobile phones with Versions ...)
@@ -29000,8 +29005,8 @@ CVE-2017-17160 (Huawei AR120-S V200R006C10, V200R007C00, AR1200 V200R006C10, ...
NOT-FOR-US: Huawei
CVE-2017-17159 (Some Huawei smart phones with software of NXT-AL10C00B386, ...)
NOT-FOR-US: Huawei
-CVE-2017-17158
- RESERVED
+CVE-2017-17158 (Some Huawei smart phones with the versions before ...)
+ TODO: check
CVE-2017-17157 (IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, ...)
NOT-FOR-US: Huawei
CVE-2017-17156 (IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, ...)
@@ -54427,8 +54432,8 @@ CVE-2017-9423
RESERVED
CVE-2017-9422
REJECTED
-CVE-2017-9421
- RESERVED
+CVE-2017-9421 (Authentication Bypass vulnerability in Accellion kiteworks before ...)
+ TODO: check
CVE-2017-9420 (Cross site scripting (XSS) vulnerability in the Spiffy Calendar plugin ...)
NOT-FOR-US: Spiffy Calendar plugin for WordPress
CVE-2017-9419 (Cross-site scripting (XSS) vulnerability in the Webhammer WP Custom ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5a549485afe1b01a34b3394244262af7816de463
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5a549485afe1b01a34b3394244262af7816de463
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180524/04c05142/attachment.html>
More information about the debian-security-tracker-commits
mailing list