[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri May 25 21:10:28 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
853eca56 by security tracker role at 2018-05-25T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,85 @@
+CVE-2018-11480
+ RESERVED
+CVE-2018-11479 (The VPN component in Windscribe 1.81 uses the OpenVPN client for ...)
+ TODO: check
+CVE-2018-11478
+ RESERVED
+CVE-2018-11477
+ RESERVED
+CVE-2018-11476
+ RESERVED
+CVE-2018-11475 (Monstra CMS 3.0.4 has a Session Management Issue in the Users tab. A ...)
+ TODO: check
+CVE-2018-11474 (Monstra CMS 3.0.4 has a Session Management Issue in the Administrations ...)
+ TODO: check
+CVE-2018-11473 (Monstra CMS 3.0.4 has XSS in the registration Form (i.e., the login ...)
+ TODO: check
+CVE-2018-11472 (Monstra CMS 3.0.4 has Reflected XSS during Login (i.e., the login ...)
+ TODO: check
+CVE-2018-11471 (Cockpit 0.5.5 has XSS via a collection, form, or region. ...)
+ TODO: check
+CVE-2018-11470 (iScripts eSwap v2.4 has SQL injection via the "search.php" 'Told' ...)
+ TODO: check
+CVE-2018-11469 (Incorrect caching of responses to requests including an Authorization ...)
+ TODO: check
+CVE-2018-11468 (The __mkd_trim_line function in mkdio.c in libmarkdown.a in DISCOUNT ...)
+ TODO: check
+CVE-2018-11467
+ RESERVED
+CVE-2018-11466
+ RESERVED
+CVE-2018-11465
+ RESERVED
+CVE-2018-11464
+ RESERVED
+CVE-2018-11463
+ RESERVED
+CVE-2018-11462
+ RESERVED
+CVE-2018-11461
+ RESERVED
+CVE-2018-11460
+ RESERVED
+CVE-2018-11459
+ RESERVED
+CVE-2018-11458
+ RESERVED
+CVE-2018-11457
+ RESERVED
+CVE-2018-11456
+ RESERVED
+CVE-2018-11455
+ RESERVED
+CVE-2018-11454
+ RESERVED
+CVE-2018-11453
+ RESERVED
+CVE-2018-11452
+ RESERVED
+CVE-2018-11451
+ RESERVED
+CVE-2018-11450
+ RESERVED
+CVE-2018-11449
+ RESERVED
+CVE-2018-11448
+ RESERVED
+CVE-2018-11447
+ RESERVED
+CVE-2018-11446
+ RESERVED
+CVE-2018-11445 (A CSRF issue was discovered on the User Add/System Settings Page ...)
+ TODO: check
+CVE-2018-11444 (A SQL Injection issue was observed in the parameter "q" in ...)
+ TODO: check
+CVE-2018-11443 (The parameter q is affected by Cross-site Scripting in ...)
+ TODO: check
+CVE-2018-11442 (A CSRF issue was discovered in EasyService Billing 1.0, which was ...)
+ TODO: check
+CVE-2018-11441
+ RESERVED
+CVE-2018-11440 (Liblouis 3.5.0 has a stack-based Buffer Overflow in the function ...)
+ TODO: check
CVE-2018-11439
RESERVED
CVE-2018-11438
@@ -1139,11 +1221,11 @@ CVE-2018-10992 (lilypond-invoke-editor in LilyPond 2.19.80 does not validate str
[jessie] - lilypond <not-affected> (Incomplete fix not applied)
[wheezy] - lilypond <not-affected> (Incomplete fix not applied)
CVE-2018-10982 (An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS ...)
- {DSA-4201-1}
+ {DSA-4201-1 DLA-1383-1}
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-261.html
CVE-2018-10981 (An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS ...)
- {DSA-4201-1}
+ {DSA-4201-1 DLA-1383-1}
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-262.html
CVE-2018-10980
@@ -1233,6 +1315,7 @@ CVE-2017-18267 (The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppl
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=103238
NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=60b4fe65bc9dc9b82bbadf0be2e3781be796a13d
CVE-2017-18266 (The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not ...)
+ {DLA-1384-1}
- xdg-utils 1.1.3-1 (bug #898317)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=103807
NOTE: Upstream bug discussed possible other approach to fix the issue.
@@ -2674,8 +2757,8 @@ CVE-2018-10352 (A vulnerability in Trend Micro Email Encryption Gateway 5.5 coul
NOT-FOR-US: Trend Micro
CVE-2018-10351 (A vulnerability in Trend Micro Email Encryption Gateway 5.5 could ...)
NOT-FOR-US: Trend Micro
-CVE-2018-10350
- RESERVED
+CVE-2018-10350 (A SQL injection remote code execution vulnerability in Trend Micro ...)
+ TODO: check
CVE-2018-10349
RESERVED
CVE-2018-10348
@@ -5713,8 +5796,8 @@ CVE-2018-9093
RESERVED
CVE-2018-9092 (There is a CSRF vulnerability in mc-admin/conf.php in MiniCMS 1.10 that ...)
NOT-FOR-US: MiniCMS
-CVE-2018-9091
- RESERVED
+CVE-2018-9091 (A critical vulnerability in the KEMP LoadMaster Operating System ...)
+ TODO: check
CVE-2018-9090
RESERVED
CVE-2018-9089
@@ -6233,7 +6316,7 @@ CVE-2018-8899 (IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.
CVE-2018-8898 (A flaw in the authentication mechanism in the Login Panel of router ...)
NOT-FOR-US: D-Link
CVE-2018-8897 (A statement in the System Programming Guide of the Intel 64 and IA-32 ...)
- {DSA-4201-1 DSA-4196-1}
+ {DSA-4201-1 DSA-4196-1 DLA-1383-1}
- linux 4.15.17-1
NOTE: Fixed by: https://git.kernel.org/linus/d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9 (4.16-rc7)
- xen <unfixed>
@@ -6311,8 +6394,8 @@ CVE-2018-8873 (In 2345 Security Guard 3.6, the driver file (2345NetFirewall.sys)
NOT-FOR-US: 2345 Security Guard
CVE-2018-8872 (In Schneider Electric Triconex Tricon MP model 3008 firmware versions ...)
NOT-FOR-US: Schneider
-CVE-2018-8871
- RESERVED
+CVE-2018-8871 (In Delta Electronics Automation TPEditor version 1.89 or prior, ...)
+ TODO: check
CVE-2018-8870
RESERVED
CVE-2018-8869 (In Lantech IDS 2102 2.0 and prior, nearly all input fields allow for ...)
@@ -6325,12 +6408,12 @@ CVE-2018-8866 (In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker on
NOT-FOR-US: Vecna VGo Robot
CVE-2018-8865 (In Lantech IDS 2102 2.0 and prior, a stack-based buffer overflow ...)
NOT-FOR-US: Lantech
-CVE-2018-8864
- RESERVED
+CVE-2018-8864 (In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, ...)
+ TODO: check
CVE-2018-8863
RESERVED
-CVE-2018-8862
- RESERVED
+CVE-2018-8862 (In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, ...)
+ TODO: check
CVE-2018-8861 (Vulnerabilities within the Philips Brilliance CT kiosk environment ...)
NOT-FOR-US: Philips Brilliance
CVE-2018-8860 (In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker may be ...)
@@ -8353,6 +8436,7 @@ CVE-2018-8014 (The defaults settings for the CORS filter provided in Apache Tomc
NOTE: It is expected that users of the CORS filter will have configured it appropriately
NOTE: for their einvironment rather than using it in the default configuration
CVE-2018-8013 (In Apache Batik 1.x before 1.10, when deserializing subclass of ...)
+ {DLA-1385-1}
- batik 1.10-1 (bug #899374)
NOTE: https://issues.apache.org/jira/browse/BATIK-1222
NOTE: https://svn.apache.org/viewvc?view=revision&revision=1831241
@@ -12360,8 +12444,8 @@ CVE-2018-6676
RESERVED
CVE-2018-6675
RESERVED
-CVE-2018-6674
- RESERVED
+CVE-2018-6674 (Privilege Escalation vulnerability in Microsoft Windows client in ...)
+ TODO: check
CVE-2018-6673
RESERVED
CVE-2018-6672
@@ -12380,8 +12464,8 @@ CVE-2018-6666
RESERVED
CVE-2018-6665
RESERVED
-CVE-2018-6664
- RESERVED
+CVE-2018-6664 (Application Protections Bypass vulnerability in Microsoft Windows in ...)
+ TODO: check
CVE-2018-6663
RESERVED
CVE-2018-6662
@@ -13857,18 +13941,18 @@ CVE-2018-6239
RESERVED
CVE-2018-6238
RESERVED
-CVE-2018-6237
- RESERVED
-CVE-2018-6236
- RESERVED
-CVE-2018-6235
- RESERVED
-CVE-2018-6234
- RESERVED
-CVE-2018-6233
- RESERVED
-CVE-2018-6232
- RESERVED
+CVE-2018-6237 (A vulnerability in Trend Micro Smart Protection Server (Standalone) ...)
+ TODO: check
+CVE-2018-6236 (A Time-of-Check Time-of-Use privilege escalation vulnerability in ...)
+ TODO: check
+CVE-2018-6235 (An Out-of-Bounds write privilege escalation vulnerability in Trend ...)
+ TODO: check
+CVE-2018-6234 (An Out-of-Bounds Read Information Disclosure vulnerability in Trend ...)
+ TODO: check
+CVE-2018-6233 (A buffer overflow privilege escalation vulnerability in Trend Micro ...)
+ TODO: check
+CVE-2018-6232 (A buffer overflow privilege escalation vulnerability in Trend Micro ...)
+ TODO: check
CVE-2018-6231 (A server auth command injection authentication bypass vulnerability in ...)
NOT-FOR-US: Trend Micro
CVE-2018-6230 (A SQL injection vulnerability in an Trend Micro Email Encryption ...)
@@ -16986,17 +17070,17 @@ CVE-2018-5186
RESERVED
CVE-2018-5185
RESERVED
- {DSA-4209-1}
+ {DSA-4209-1 DLA-1382-1}
- thunderbird 1:52.8.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5185
CVE-2018-5184
RESERVED
- {DSA-4209-1}
+ {DSA-4209-1 DLA-1382-1}
- thunderbird 1:52.8.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5184
CVE-2018-5183
RESERVED
- {DSA-4209-1 DSA-4199-1 DLA-1376-1}
+ {DSA-4209-1 DSA-4199-1 DLA-1382-1 DLA-1376-1}
- firefox-esr 52.8.0esr-1
- thunderbird 1:52.8.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5183
@@ -17017,7 +17101,7 @@ CVE-2018-5179
RESERVED
CVE-2018-5178
RESERVED
- {DSA-4209-1 DSA-4199-1 DLA-1376-1}
+ {DSA-4209-1 DSA-4199-1 DLA-1382-1 DLA-1376-1}
- firefox-esr 52.8.0esr-1
- thunderbird 1:52.8.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5178
@@ -17054,7 +17138,7 @@ CVE-2018-5171
RESERVED
CVE-2018-5170
RESERVED
- {DSA-4209-1}
+ {DSA-4209-1 DLA-1382-1}
- thunderbird 1:52.8.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5170
CVE-2018-5169
@@ -17063,7 +17147,7 @@ CVE-2018-5169
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5169
CVE-2018-5168
RESERVED
- {DSA-4209-1 DSA-4199-1 DLA-1376-1}
+ {DSA-4209-1 DSA-4199-1 DLA-1382-1 DLA-1376-1}
- firefox 60.0-1
- firefox-esr 52.8.0esr-1
- thunderbird 1:52.8.0-1
@@ -17092,12 +17176,12 @@ CVE-2018-5163
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5163
CVE-2018-5162
RESERVED
- {DSA-4209-1}
+ {DSA-4209-1 DLA-1382-1}
- thunderbird 1:52.8.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5162
CVE-2018-5161
RESERVED
- {DSA-4209-1}
+ {DSA-4209-1 DLA-1382-1}
- thunderbird 1:52.8.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5161
CVE-2018-5160
@@ -17106,7 +17190,7 @@ CVE-2018-5160
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5160
CVE-2018-5159
RESERVED
- {DSA-4209-1 DSA-4199-1 DLA-1376-1}
+ {DSA-4209-1 DSA-4199-1 DLA-1382-1 DLA-1376-1}
- firefox 60.0-1
- firefox-esr 52.8.0esr-1
- thunderbird 1:52.8.0-1
@@ -17131,7 +17215,7 @@ CVE-2018-5156
RESERVED
CVE-2018-5155
RESERVED
- {DSA-4209-1 DSA-4199-1 DLA-1376-1}
+ {DSA-4209-1 DSA-4199-1 DLA-1382-1 DLA-1376-1}
- firefox 60.0-1
- firefox-esr 52.8.0esr-1
- thunderbird 1:52.8.0-1
@@ -17140,7 +17224,7 @@ CVE-2018-5155
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5155
CVE-2018-5154
RESERVED
- {DSA-4209-1 DSA-4199-1 DLA-1376-1}
+ {DSA-4209-1 DSA-4199-1 DLA-1382-1 DLA-1376-1}
- firefox 60.0-1
- firefox-esr 52.8.0esr-1
- thunderbird 1:52.8.0-1
@@ -17161,7 +17245,7 @@ CVE-2018-5151
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5151
CVE-2018-5150
RESERVED
- {DSA-4209-1 DSA-4199-1 DLA-1376-1}
+ {DSA-4209-1 DSA-4199-1 DLA-1382-1 DLA-1376-1}
- firefox 60.0-1
- firefox-esr 52.8.0esr-1
- thunderbird 1:52.8.0-1
@@ -26347,8 +26431,8 @@ CVE-2018-1567
RESERVED
CVE-2018-1566
RESERVED
-CVE-2018-1565
- RESERVED
+CVE-2018-1565 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
+ TODO: check
CVE-2018-1564
RESERVED
CVE-2018-1563
@@ -26389,8 +26473,8 @@ CVE-2018-1546
RESERVED
CVE-2018-1545
RESERVED
-CVE-2018-1544
- RESERVED
+CVE-2018-1544 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
+ TODO: check
CVE-2018-1543
RESERVED
CVE-2018-1542
@@ -26447,8 +26531,8 @@ CVE-2018-1517
RESERVED
CVE-2018-1516
RESERVED
-CVE-2018-1515
- RESERVED
+CVE-2018-1515 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 ...)
+ TODO: check
CVE-2018-1514
RESERVED
CVE-2018-1513
@@ -26501,8 +26585,8 @@ CVE-2018-1490
RESERVED
CVE-2018-1489
RESERVED
-CVE-2018-1488
- RESERVED
+CVE-2018-1488 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 ...)
+ TODO: check
CVE-2018-1487
RESERVED
CVE-2018-1486
@@ -26543,8 +26627,8 @@ CVE-2018-1469 (IBM API Connect Developer Portal 5.0.0.0 through 5.0.8.2 could al
NOT-FOR-US: IBM API Connect Developer Portal
CVE-2018-1468 (IBM API Connect 5.0.8.1 and 5.0.8.2 could allow a user to get access ...)
NOT-FOR-US: IBM API Connect
-CVE-2018-1467
- RESERVED
+CVE-2018-1467 (The IBM Storwize V7000 Unified management Web interface 1.6 exposes ...)
+ TODO: check
CVE-2018-1466 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and ...)
NOT-FOR-US: IBM
CVE-2018-1465 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and ...)
@@ -26559,8 +26643,8 @@ CVE-2018-1461 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize
NOT-FOR-US: IBM
CVE-2018-1460
RESERVED
-CVE-2018-1459
- RESERVED
+CVE-2018-1459 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
+ TODO: check
CVE-2018-1458
RESERVED
CVE-2018-1457
@@ -26573,14 +26657,14 @@ CVE-2018-1454
RESERVED
CVE-2018-1453
RESERVED
-CVE-2018-1452
- RESERVED
-CVE-2018-1451
- RESERVED
-CVE-2018-1450
- RESERVED
-CVE-2018-1449
- RESERVED
+CVE-2018-1452 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
+ TODO: check
+CVE-2018-1451 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
+ TODO: check
+CVE-2018-1450 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
+ TODO: check
+CVE-2018-1449 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
+ TODO: check
CVE-2018-1448 (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 ...)
NOT-FOR-US: IBM
CVE-2018-1447 (The GSKit (IBM Spectrum Protect 7.1 and 7.2) and (IBM Spectrum Protect ...)
@@ -28205,16 +28289,16 @@ CVE-2018-1139
RESERVED
CVE-2018-1138
RESERVED
-CVE-2018-1137
- RESERVED
-CVE-2018-1136
- RESERVED
-CVE-2018-1135
- RESERVED
-CVE-2018-1134
- RESERVED
-CVE-2018-1133
- RESERVED
+CVE-2018-1137 (An issue was discovered in Moodle 3.x. By substituting URLs in ...)
+ TODO: check
+CVE-2018-1136 (An issue was discovered in Moodle 3.x. An authenticated user is allowed ...)
+ TODO: check
+CVE-2018-1135 (An issue was discovered in Moodle 3.x. Students who posted on forums ...)
+ TODO: check
+CVE-2018-1134 (An issue was discovered in Moodle 3.x. Students who submitted ...)
+ TODO: check
+CVE-2018-1133 (An issue was discovered in Moodle 3.x. A Teacher creating a Calculated ...)
+ TODO: check
CVE-2018-1132
RESERVED
NOT-FOR-US: OpenDaylight
@@ -40422,8 +40506,8 @@ CVE-2017-14187 (A local privilege escalation and local code execution vulnerabil
NOT-FOR-US: Fortinet
CVE-2017-14186 (A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 5.6.0 ...)
NOT-FOR-US: Fortinet
-CVE-2017-14185
- RESERVED
+CVE-2017-14185 (An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to ...)
+ TODO: check
CVE-2017-14184 (An Information Disclosure vulnerability in Fortinet FortiClient for ...)
NOT-FOR-US: Fortinet
CVE-2017-14183
@@ -53907,8 +53991,8 @@ CVE-2017-9643
RESERVED
CVE-2017-9642
RESERVED
-CVE-2017-9641
- RESERVED
+CVE-2017-9641 (PI Coresight 2016 R2 contains a cross-site request forgery ...)
+ TODO: check
CVE-2017-9640 (A Path Traversal issue was discovered in Automated Logic Corporation ...)
NOT-FOR-US: Automated Logic Corporation (ALC)
CVE-2017-9639 (An issue was discovered in Fuji Electric V-Server Version 3.3.22.0 and ...)
@@ -71801,8 +71885,8 @@ CVE-2017-3963
REJECTED
CVE-2017-3962
RESERVED
-CVE-2017-3961
- RESERVED
+CVE-2017-3961 (Cross-Site Scripting (XSS) vulnerability in the web interface in ...)
+ TODO: check
CVE-2017-3960
RESERVED
CVE-2017-3959
@@ -78136,8 +78220,8 @@ CVE-2017-1754
RESERVED
CVE-2017-1753
RESERVED
-CVE-2017-1752
- RESERVED
+CVE-2017-1752 (IBM UrbanCode Deploy 6.1 and 6.2 could allow an authenticated ...)
+ TODO: check
CVE-2017-1751 (IBM Robotic Process Automation with Automation Anywhere 10.0.0 is ...)
NOT-FOR-US: IBM Robotic Process Automation with Automation Anywhere
CVE-2017-1750 (IBM Jazz Reporting Service (JRS) 5.0 through 5.0.2 and 6.0 through ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/853eca560fd6597b1a36a2d7e2f63e062a43b923
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/853eca560fd6597b1a36a2d7e2f63e062a43b923
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180525/9efda484/attachment.html>
More information about the debian-security-tracker-commits
mailing list