[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue May 29 21:10:34 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2ff9d579 by security tracker role at 2018-05-29T20:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,11 @@
+CVE-2018-11540
+ RESERVED
+CVE-2018-11539
+ RESERVED
+CVE-2018-11538
+ RESERVED
+CVE-2018-11537
+ RESERVED
CVE-2018-11536 (md4c before 0.2.5 has a heap-based buffer overflow because ...)
NOT-FOR-US: md4c
CVE-2018-11535 (An issue was discovered in SITEMAKIN SLAC (Site Login and Access ...)
@@ -5941,9 +5949,9 @@ CVE-2018-9112 (A low privileged admin account with a weak default password of ad
NOT-FOR-US: Foxconn FEMTO AP-FC4064-T AP_GT_B38_5.8.3lb15-W47 LTE
CVE-2018-9111 (Cross Site Scripting (XSS) exists on the Foxconn FEMTO AP-FC4064-T ...)
NOT-FOR-US: Foxconn FEMTO AP-FC4064-T AP_GT_B38_5.8.3lb15-W47 LTE
-CVE-2018-9110 (Studio 42 elFinder before 2.1.37 on Windows has Directory Traversal via ...)
+CVE-2018-9110 (Studio 42 elFinder before 2.1.37 has a directory traversal ...)
NOT-FOR-US: Studio 42 elFinder
-CVE-2018-9109 (Studio 42 elFinder before 2.1.36 has Directory Traversal via the ...)
+CVE-2018-9109 (Studio 42 elFinder before 2.1.36 has a directory traversal ...)
NOT-FOR-US: Studio 42 elFinder
CVE-2018-9108 (CSRF in /admin/user/manage/add in QuickAppsCMS 2.0.0-beta2 allows an ...)
NOT-FOR-US: QuickAppsCMS
@@ -10336,7 +10344,7 @@ CVE-2018-7451
RESERVED
CVE-2018-7450
RESERVED
-CVE-2018-7449 (Free SEGGER embOS/IP FTP Server Utility 3.22 (not to be mistaken with the embOS/IP FTP Server add-on that is used by the utility) allows remote attackers to cause a denial of service (daemon crash) via an invalid LIST, STOR, or RETR command. ...)
+CVE-2018-7449 (SEGGER FTP Server for Windows before 3.22a allows remote attackers to ...)
NOT-FOR-US: SEGGER embOS/IP FTP Server
CVE-2018-7448 (Remote code execution vulnerability in ...)
NOT-FOR-US: CMS Made Simple
@@ -17127,8 +17135,8 @@ CVE-2018-5243
RESERVED
CVE-2018-5242
RESERVED
-CVE-2018-5241
- RESERVED
+CVE-2018-5241 (Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, ...)
+ TODO: check
CVE-2018-5240
RESERVED
CVE-2018-5239
@@ -26770,8 +26778,8 @@ CVE-2018-1497
RESERVED
CVE-2018-1496
RESERVED
-CVE-2018-1495
- RESERVED
+CVE-2018-1495 (IBM FlashSystem V840 and V900 products could allow an authenticated ...)
+ TODO: check
CVE-2018-1494
RESERVED
CVE-2018-1493
@@ -27008,10 +27016,10 @@ CVE-2018-1378
RESERVED
CVE-2018-1377 (IBM Security Guardium Big Data Intelligence (SonarG) 3.1 stores user ...)
NOT-FOR-US: IBM Security Guardium Big Data Intelligence
-CVE-2018-1376
- RESERVED
-CVE-2018-1375
- RESERVED
+CVE-2018-1376 (IBM Security Guardium Big Data Intelligence (SonarG) 3.1 is vulnerable ...)
+ TODO: check
+CVE-2018-1375 (IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not ...)
+ TODO: check
CVE-2018-1374
RESERVED
CVE-2018-1373 (IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses an ...)
@@ -27020,10 +27028,10 @@ CVE-2018-1372 (IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not
NOT-FOR-US: IBM Security Guardium Big Data Intelligence
CVE-2018-1371 (An IBM WebSphere MQ 8.0.0.8, 9.0.0.2, and 9.0.4 Client connecting to a ...)
NOT-FOR-US: IBM WebSphere MQ
-CVE-2018-1370
- RESERVED
-CVE-2018-1369
- RESERVED
+CVE-2018-1370 (IBM Security Guardium Big Data Intelligence (SonarG) 3.1 specifies ...)
+ TODO: check
+CVE-2018-1369 (IBM Security Guardium Big Data Intelligence (SonarG) 3.1 stores ...)
+ TODO: check
CVE-2018-1368 (IBM Security Guardium Database Activity Monitor 9.0, 9.1, and 9.5 ...)
NOT-FOR-US: IBM Security Guardium Database Activity Monitor
CVE-2018-1367
@@ -28066,10 +28074,10 @@ CVE-2018-1244
RESERVED
CVE-2018-1243
RESERVED
-CVE-2018-1242
- RESERVED
-CVE-2018-1241
- RESERVED
+CVE-2018-1242 (Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs ...)
+ TODO: check
+CVE-2018-1241 (Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs ...)
+ TODO: check
CVE-2018-1240 (Dell EMC ViPR Controller, versions after 3.0.0.38, contain an ...)
NOT-FOR-US: EMC ViPR Controller
CVE-2018-1239 (Dell EMC Unity Operating Environment (OE) versions prior to ...)
@@ -28080,8 +28088,8 @@ CVE-2018-1237 (Dell EMC ScaleIO versions prior to 2.5, contain improper restrict
NOT-FOR-US: EMC ScaleIO
CVE-2018-1236
RESERVED
-CVE-2018-1235
- RESERVED
+CVE-2018-1235 (Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs ...)
+ TODO: check
CVE-2018-1234 (RSA Authentication Agent version 8.0.1 and earlier for Web for IIS is ...)
NOT-FOR-US: RSA Authentication Agent
CVE-2018-1233 (RSA Authentication Agent version 8.0.1 and earlier for Web for both ...)
@@ -70128,7 +70136,7 @@ CVE-2017-4954
RESERVED
CVE-2017-4953
RESERVED
-CVE-2017-4952 (VMware Xenon 1.x prior to 1.5.7, 1.5.4, 1.3.7, and 1.1.0 contains an ...)
+CVE-2017-4952 (VMware Xenon 1.x, prior to 1.5.4-CR7_1, 1.5.7_7, 1.5.4-CR6_2, ...)
NOT-FOR-US: VMware Xenon
CVE-2017-4951 (VMware AirWatch Console (9.2.x before 9.2.2 and 9.1.x before 9.1.5) ...)
NOT-FOR-US: VMware AirWatch Console
@@ -78413,8 +78421,8 @@ CVE-2017-1770
RESERVED
CVE-2017-1769 (IBM Business Process Manager 8.6 is vulnerable to cross-site request ...)
NOT-FOR-US: IBM Business Process Manager
-CVE-2017-1768
- RESERVED
+CVE-2017-1768 (IBM Security Guardium Big Data Intelligence (SonarG) 3.1 generates an ...)
+ TODO: check
CVE-2017-1767 (IBM Business Process Manager 8.6 is vulnerable to cross-site ...)
NOT-FOR-US: IBM
CVE-2017-1766 (Due to incorrect authorization in IBM Business Process Manager 8.6 an ...)
@@ -90433,8 +90441,7 @@ CVE-2016-7077
RESERVED
- foreman <itp> (bug #663101)
NOTE: http://projects.theforeman.org/issues/16971
-CVE-2016-7076 [noexec bypass via wordexp()]
- RESERVED
+CVE-2016-7076 (sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo ...)
{DLA-707-1}
- sudo 1.8.18p1-1 (bug #842507)
[jessie] - sudo <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2ff9d57967062c11e50ae7916b37831fe0258f7a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2ff9d57967062c11e50ae7916b37831fe0258f7a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180529/f2197ebb/attachment.html>
More information about the debian-security-tracker-commits
mailing list