[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri May 25 09:10:23 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3a0ec0e5 by security tracker role at 2018-05-25T08:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,7 +1,51 @@
-CVE-2018-11417
+CVE-2018-11439
+	RESERVED
+CVE-2018-11438
+	RESERVED
+CVE-2018-11437
+	RESERVED
+CVE-2018-11436
+	RESERVED
+CVE-2018-11435
+	RESERVED
+CVE-2018-11434
+	RESERVED
+CVE-2018-11433
+	RESERVED
+CVE-2018-11432
+	RESERVED
+CVE-2018-11431
+	RESERVED
+CVE-2018-11430
+	RESERVED
+CVE-2018-11429
+	RESERVED
+CVE-2018-11428
+	RESERVED
+CVE-2018-11427
+	RESERVED
+CVE-2018-11426
+	RESERVED
+CVE-2018-11425
+	RESERVED
+CVE-2018-11424
 	RESERVED
-CVE-2018-11416
+CVE-2018-11423
 	RESERVED
+CVE-2018-11422
+	RESERVED
+CVE-2018-11421
+	RESERVED
+CVE-2018-11420
+	RESERVED
+CVE-2018-11419 (An issue was discovered in JerryScript 1.0. There is a heap-based ...)
+	TODO: check
+CVE-2018-11418 (An issue was discovered in JerryScript 1.0. There is a heap-based ...)
+	TODO: check
+CVE-2018-11417
+	RESERVED
+CVE-2018-11416 (jpegoptim.c in jpegoptim 1.4.5 (fixed in 1.4.6) has an invalid use of ...)
+	TODO: check
 CVE-2018-11415 (SAP Internet Transaction Server (ITS) 6200.X.X has Reflected Cross Site ...)
 	NOT-FOR-US: SAP Internet Transaction Server
 CVE-2018-11414 (An issue was discovered in BearAdmin 0.5. There is ...)
@@ -9769,8 +9813,8 @@ CVE-2018-7528 (An SQL injection vulnerability has been identified in Geutebruck 
 	NOT-FOR-US: IP Geutebruck and Topline IP cameras
 CVE-2018-7527 (A buffer overflow can be triggered in LeviStudio HMI Editor, Version ...)
 	NOT-FOR-US: LeviStudio HMI Editor
-CVE-2018-7526
-	RESERVED
+CVE-2018-7526 (In TotalAlert Web Application in BeaconMedaes Scroll Medical Air ...)
+	TODO: check
 CVE-2018-7525 (In Omron CX-Supervisor Versions 3.30 and prior, processing a malformed ...)
 	NOT-FOR-US: Omron CX-Supervisor
 CVE-2018-7524 (A cross-site request forgery vulnerability has been identified in ...)
@@ -9785,8 +9829,8 @@ CVE-2018-7520 (An improper access control vulnerability has been identified in .
 	NOT-FOR-US: IP Geutebruck and Topline IP cameras
 CVE-2018-7519 (In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed ...)
 	NOT-FOR-US: Omron CX-Supervisor
-CVE-2018-7518
-	RESERVED
+CVE-2018-7518 (In TotalAlert Web Application in BeaconMedaes Scroll Medical Air ...)
+	TODO: check
 CVE-2018-7517 (In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed ...)
 	NOT-FOR-US: Omron CX-Supervisor
 CVE-2018-7516 (A server-side request forgery vulnerability has been identified in ...)
@@ -10175,10 +10219,10 @@ CVE-2018-7409 (In unixODBC before 2.3.5, there is a buffer overflow in the ...)
 	NOTE: https://github.com/lurcher/unixODBC/commit/4f9f77fb4204659ec9b7be8745d9e05a539c80b9
 CVE-2018-7408 (An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked ...)
 	- npm <not-affected> (Vulnerable code introduced later)
-CVE-2018-7407
-	RESERVED
-CVE-2018-7406
-	RESERVED
+CVE-2018-7407 (An issue was discovered in Foxit Reader before 9.1 and PhantomPDF ...)
+	TODO: check
+CVE-2018-7406 (An issue was discovered in Foxit Reader before 9.1 and PhantomPDF ...)
+	TODO: check
 CVE-2018-7405 (Cross-site scripting (XSS) in Zoho ManageEngine EventLog Analyzer ...)
 	NOT-FOR-US: Zoho ManageEngine EventLog Analyzer
 CVE-2018-7404
@@ -15690,20 +15734,20 @@ CVE-2018-5682 (PrestaShop 1.7.2.4 allows user enumeration via the Reset Password
 	NOT-FOR-US: PrestaShop
 CVE-2018-5681 (PrestaShop 1.7.2.4 has XSS via source-code editing on the "Pages > Edit ...)
 	NOT-FOR-US: PrestaShop
-CVE-2018-5680
-	RESERVED
-CVE-2018-5679
-	RESERVED
-CVE-2018-5678
-	RESERVED
-CVE-2018-5677
-	RESERVED
-CVE-2018-5676
-	RESERVED
-CVE-2018-5675
-	RESERVED
-CVE-2018-5674
-	RESERVED
+CVE-2018-5680 (This vulnerability allows remote attackers to execute arbitrary code ...)
+	TODO: check
+CVE-2018-5679 (This vulnerability allows remote attackers to execute arbitrary code ...)
+	TODO: check
+CVE-2018-5678 (This vulnerability allows remote attackers to execute arbitrary code ...)
+	TODO: check
+CVE-2018-5677 (This vulnerability allows remote attackers to execute arbitrary code ...)
+	TODO: check
+CVE-2018-5676 (This vulnerability allows remote attackers to execute arbitrary code ...)
+	TODO: check
+CVE-2018-5675 (This vulnerability allows remote attackers to execute arbitrary code ...)
+	TODO: check
+CVE-2018-5674 (This vulnerability allows remote attackers to execute arbitrary code ...)
+	TODO: check
 CVE-2018-5673 (An issue was discovered in the booking-calendar plugin 2.1.7 for ...)
 	NOT-FOR-US: booking-calendar plugin for WordPress
 CVE-2018-5672 (An issue was discovered in the booking-calendar plugin 2.1.7 for ...)
@@ -16939,15 +16983,17 @@ CVE-2018-5186
 	RESERVED
 CVE-2018-5185
 	RESERVED
+	{DSA-4209-1}
 	- thunderbird 1:52.8.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5185
 CVE-2018-5184
 	RESERVED
+	{DSA-4209-1}
 	- thunderbird 1:52.8.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5184
 CVE-2018-5183
 	RESERVED
-	{DSA-4199-1 DLA-1376-1}
+	{DSA-4209-1 DSA-4199-1 DLA-1376-1}
 	- firefox-esr 52.8.0esr-1
 	- thunderbird 1:52.8.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5183
@@ -16968,7 +17014,7 @@ CVE-2018-5179
 	RESERVED
 CVE-2018-5178
 	RESERVED
-	{DSA-4199-1 DLA-1376-1}
+	{DSA-4209-1 DSA-4199-1 DLA-1376-1}
 	- firefox-esr 52.8.0esr-1
 	- thunderbird 1:52.8.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5178
@@ -17005,6 +17051,7 @@ CVE-2018-5171
 	RESERVED
 CVE-2018-5170
 	RESERVED
+	{DSA-4209-1}
 	- thunderbird 1:52.8.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5170
 CVE-2018-5169
@@ -17013,7 +17060,7 @@ CVE-2018-5169
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5169
 CVE-2018-5168
 	RESERVED
-	{DSA-4199-1 DLA-1376-1}
+	{DSA-4209-1 DSA-4199-1 DLA-1376-1}
 	- firefox 60.0-1
 	- firefox-esr 52.8.0esr-1
 	- thunderbird 1:52.8.0-1
@@ -17042,10 +17089,12 @@ CVE-2018-5163
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5163
 CVE-2018-5162
 	RESERVED
+	{DSA-4209-1}
 	- thunderbird 1:52.8.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5162
 CVE-2018-5161
 	RESERVED
+	{DSA-4209-1}
 	- thunderbird 1:52.8.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5161
 CVE-2018-5160
@@ -17054,7 +17103,7 @@ CVE-2018-5160
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5160
 CVE-2018-5159
 	RESERVED
-	{DSA-4199-1 DLA-1376-1}
+	{DSA-4209-1 DSA-4199-1 DLA-1376-1}
 	- firefox 60.0-1
 	- firefox-esr 52.8.0esr-1
 	- thunderbird 1:52.8.0-1
@@ -17079,7 +17128,7 @@ CVE-2018-5156
 	RESERVED
 CVE-2018-5155
 	RESERVED
-	{DSA-4199-1 DLA-1376-1}
+	{DSA-4209-1 DSA-4199-1 DLA-1376-1}
 	- firefox 60.0-1
 	- firefox-esr 52.8.0esr-1
 	- thunderbird 1:52.8.0-1
@@ -17088,7 +17137,7 @@ CVE-2018-5155
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5155
 CVE-2018-5154
 	RESERVED
-	{DSA-4199-1 DLA-1376-1}
+	{DSA-4209-1 DSA-4199-1 DLA-1376-1}
 	- firefox 60.0-1
 	- firefox-esr 52.8.0esr-1
 	- thunderbird 1:52.8.0-1
@@ -17109,7 +17158,7 @@ CVE-2018-5151
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5151
 CVE-2018-5150
 	RESERVED
-	{DSA-4199-1 DLA-1376-1}
+	{DSA-4209-1 DSA-4199-1 DLA-1376-1}
 	- firefox 60.0-1
 	- firefox-esr 52.8.0esr-1
 	- thunderbird 1:52.8.0-1
@@ -20879,6 +20928,7 @@ CVE-2018-3640 (Systems with microprocessors utilizing speculative execution and 
 	NOTE: No software mitigations planned to be implemented in src:linux
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html
 CVE-2018-3639 (Systems with microprocessors utilizing speculative execution and ...)
+	{DSA-4210-1}
 	- intel-microcode <unfixed>
 	- amd64-microcode <unfixed>
 	- linux <unfixed>
@@ -40364,8 +40414,8 @@ CVE-2017-14189 (An improper access control vulnerability in Fortinet FortiWebMan
 	NOT-FOR-US: Fortinet
 CVE-2017-14188
 	RESERVED
-CVE-2017-14187
-	RESERVED
+CVE-2017-14187 (A local privilege escalation and local code execution vulnerability in ...)
+	TODO: check
 CVE-2017-14186 (A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 5.6.0 ...)
 	NOT-FOR-US: Fortinet
 CVE-2017-14185
@@ -53807,8 +53857,8 @@ CVE-2017-9666
 	RESERVED
 CVE-2017-9665
 	RESERVED
-CVE-2017-9664
-	RESERVED
+CVE-2017-9664 (In ABB SREA-01 revisions A, B, C: application versions up to 3.31.5, ...)
+	TODO: check
 CVE-2017-9663 (An Cleartext Storage of Sensitive Information issue was discovered in ...)
 	NOT-FOR-US: General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client
 CVE-2017-9662 (An Improper Privilege Management issue was discovered in Fuji Electric ...)
@@ -174960,10 +175010,10 @@ CVE-2013-3026 (Buffer overflow in the Lotus Quickr for Domino ActiveX control in
 	NOT-FOR-US: Lotus Quickr for Domino ActiveX
 CVE-2013-3025 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Rational ...)
 	NOT-FOR-US: IBM
-CVE-2013-3024
-	RESERVED
-CVE-2013-3023
-	RESERVED
+CVE-2013-3024 (IBM WebSphere Application Server (WAS) 8.5 through 8.5.0.2 on UNIX ...)
+	TODO: check
+CVE-2013-3023 (IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and ...)
+	TODO: check
 CVE-2013-3022
 	RESERVED
 CVE-2013-3021
@@ -174972,8 +175022,8 @@ CVE-2013-3020 (IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway
 	NOT-FOR-US: IBM
 CVE-2013-3019
 	RESERVED
-CVE-2013-3018
-	RESERVED
+CVE-2013-3018 (The AXIS webapp in deploy-tomcat/axis in IBM Tivoli Application ...)
+	TODO: check
 CVE-2013-3017
 	RESERVED
 CVE-2013-3016 (IBM WebSphere Portal 6.1, 7.0, and 8.0 allows remote attackers to ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3a0ec0e5cc5577dc83c03f32342aebe87feb3f06

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3a0ec0e5cc5577dc83c03f32342aebe87feb3f06
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180525/92bf2ba2/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list