[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Thu May 31 09:10:22 BST 2018


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f0c78bad by security tracker role at 2018-05-31T08:10:13+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,53 @@
+CVE-2018-11585
+	RESERVED
+CVE-2018-11584
+	RESERVED
+CVE-2018-11583 (SeaCMS 6.61 has stored XSS in admin_collect.php via the siteurl ...)
+	TODO: check
+CVE-2018-11582
+	RESERVED
+CVE-2018-11581
+	RESERVED
+CVE-2018-11580 (An issue was discovered in mass-pages-posts-creator.php in the ...)
+	TODO: check
+CVE-2018-11579 (class-woo-banner-management.php in the MULTIDOTS WooCommerce Category ...)
+	TODO: check
+CVE-2018-11578 (GifIndexToTrueColor in ngiflib.c in MiniUPnP ngiflib 0.4 has a ...)
+	TODO: check
+CVE-2018-11577 (Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c. ...)
+	TODO: check
+CVE-2018-11576 (ngiflib.c in MiniUPnP ngiflib 0.4 has a heap-based buffer over-read in ...)
+	TODO: check
+CVE-2018-11575 (ngiflib.c in MiniUPnP ngiflib 0.4 has a stack-based buffer overflow in ...)
+	TODO: check
+CVE-2018-11574
+	RESERVED
+CVE-2018-11573
+	RESERVED
+CVE-2018-11572 (ClipperCMS 1.3.3 has XSS in the "Module name" field in a "Modules -> ...)
+	TODO: check
+CVE-2018-11571 (ClipperCMS 1.3.3 allows Session Fixation. ...)
+	TODO: check
+CVE-2018-11570
+	RESERVED
+CVE-2018-11569
+	RESERVED
+CVE-2018-11568 (Reflected XSS is possible in the GamePlan theme through 1.5.13.2 for ...)
+	TODO: check
+CVE-2018-11567 (Prior to 2018-04-27, the reprompt feature in Amazon Echo devices could ...)
+	TODO: check
+CVE-2018-11566
+	RESERVED
+CVE-2018-11565 (Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before ...)
+	TODO: check
+CVE-2018-11564
+	RESERVED
+CVE-2018-11563
+	RESERVED
+CVE-2018-11562 (An issue was discovered in MISP 2.4.91. A vulnerability in ...)
+	TODO: check
+CVE-2018-11561
+	RESERVED
 CVE-2018-11560
 	RESERVED
 CVE-2018-11559 (DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" ...)
@@ -110,8 +160,8 @@ CVE-2018-11520
 	RESERVED
 CVE-2018-11519
 	RESERVED
-CVE-2018-11518
-	RESERVED
+CVE-2018-11518 (A vulnerability allows a phreaking attack on HCL legacy IVR systems ...)
+	TODO: check
 CVE-2018-11517 (mySCADA myPRO 7 allows remote attackers to discover all ProjectIDs in a ...)
 	NOT-FOR-US: mySCADA myPRO
 CVE-2018-11516 (The vlc_demux_chained_Delete function in input/demux_chained.c in ...)
@@ -204,20 +254,20 @@ CVE-2018-11484
 	RESERVED
 CVE-2018-11483
 	RESERVED
-CVE-2018-11482
-	RESERVED
-CVE-2018-11481
-	RESERVED
+CVE-2018-11482 (/usr/lib/lua/luci/websys.lua on TP-LINK IPC TL-IPC223(P)-6, ...)
+	TODO: check
+CVE-2018-11481 (TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and ...)
+	TODO: check
 CVE-2018-11480
 	RESERVED
 CVE-2018-11479 (The VPN component in Windscribe 1.81 uses the OpenVPN client for ...)
 	NOT-FOR-US: VPN component in Windscribe
-CVE-2018-11478
-	RESERVED
-CVE-2018-11477
-	RESERVED
-CVE-2018-11476
-	RESERVED
+CVE-2018-11478 (An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The ...)
+	TODO: check
+CVE-2018-11477 (An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The ...)
+	TODO: check
+CVE-2018-11476 (An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The ...)
+	TODO: check
 CVE-2018-11475 (Monstra CMS 3.0.4 has a Session Management Issue in the Users tab. A ...)
 	NOT-FOR-US: Monstra CMS
 CVE-2018-11474 (Monstra CMS 3.0.4 has a Session Management Issue in the Administrations ...)
@@ -1430,8 +1480,8 @@ CVE-2018-10997
 	RESERVED
 CVE-2018-10996 (The weblogin_log function in /htdocs/cgibin on D-Link DIR-629-B1 ...)
 	NOT-FOR-US: D-Link
-CVE-2018-10995
-	RESERVED
+CVE-2018-10995 (SchedMD Slurm before 17.02.11 and 17.1x.x before 17.11.7 mishandles ...)
+	TODO: check
 CVE-2018-10994 (js/views/message_view.js in Open Whisper Signal (aka Signal-Desktop) ...)
 	NOT-FOR-US: Signal-Desktop
 CVE-2018-10993
@@ -1577,8 +1627,8 @@ CVE-2018-10941
 CVE-2018-10940 (The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the ...)
 	- linux 4.16.12-1
 	NOTE: Fixed by: https://git.kernel.org/linus/9de4ee40547fd315d4a0ed1dd15a2fa3559ad707
-CVE-2018-10939
-	RESERVED
+CVE-2018-10939 (Zimbra Web Client (ZWC) in Zimbra Collaboration Suite 8.8 before ...)
+	TODO: check
 CVE-2018-10938
 	RESERVED
 CVE-2018-10937
@@ -3350,8 +3400,7 @@ CVE-2018-10198
 	RESERVED
 CVE-2018-10197
 	RESERVED
-CVE-2018-10196 [null derefence in rebuild_vlist]
-	RESERVED
+CVE-2018-10196 (NULL pointer dereference vulnerability in the rebuild_vlists function ...)
 	- graphviz <unfixed> (low; bug #898841)
 	[stretch] - graphviz <no-dsa> (Minor issue)
 	[jessie] - graphviz <no-dsa> (Minor issue)
@@ -6120,7 +6169,8 @@ CVE-2018-9062
 	RESERVED
 CVE-2018-9061
 	RESERVED
-CVE-2018-9060 (R 3.4.4 suffers from a local buffer overflow that allows code ...)
+CVE-2018-9060
+	REJECTED
 	- r-base <not-affected> (R on Linux doesn't ship the GUI, likely non-issue for Windows as well, see #897254)
 	NOTE: https://github.com/bzyo/CVE-PoCs/tree/master/CVE-2018-9060
 	NOTE: https://github.com/wch/r-source/commit/c7263b067451b9cd553c4f42dd2b54b82689fbb4
@@ -10152,8 +10202,8 @@ CVE-2018-7536 (An issue was discovered in Django 2.0 before 2.0.3, 1.11 before .
 	NOTE: Patch https://github.com/django/django/commit/abf89d729f210c692a50e0ad3f75fb6bec6fae16
 CVE-2018-7535
 	RESERVED
-CVE-2018-7534
-	RESERVED
+CVE-2018-7534 (In Stealth Authorization Server before 3.3.017.0 in Unisys Stealth ...)
+	TODO: check
 CVE-2018-7533 (An Incorrect Default Permissions issue was discovered in OSIsoft PI ...)
 	NOT-FOR-US: OSIsoft PI
 CVE-2018-7532 (Unauthentication vulnerabilities have been identified in Geutebruck ...)
@@ -33894,8 +33944,8 @@ CVE-2017-1000143 (Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1
 	- mahara <removed>
 CVE-2017-1000142 (Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 ...)
 	- mahara <removed>
-CVE-2017-1000141
-	REJECTED
+CVE-2017-1000141 (An issue was discovered in Mahara before 18.10.0. It mishandled user ...)
+	TODO: check
 CVE-2017-1000140 (Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 ...)
 	- mahara <removed>
 CVE-2017-1000139 (Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 ...)
@@ -105821,7 +105871,7 @@ CVE-2015-XXXX [quoteless attributes in templates can lead to content injection]
 	NOTE: https://github.com/janl/mustache.js/commit/378bcca8a5cfe4058f294a3dbb78e8755e8e0da5
 	NOTE: https://nodesecurity.io/advisories/62
 	NOTE: Security hardening, not a vulnerability
-CVE-2015-9244 [SQL injection due to unescaped object keys]
+CVE-2015-9244 (Keys of objects in mysql node module v2.0.0-alpha7 and earlier are not ...)
 	- node-mysql 2.0.0~alpha8-1 (unimportant)
 	NOTE: https://github.com/felixge/node-mysql/issues/342
 	NOTE: https://nodesecurity.io/advisories/66
@@ -116843,8 +116893,8 @@ CVE-2015-7613 (Race condition in the IPC object implementation in the Linux kern
 	- linux 4.2.3-1
 	- linux-2.6 <removed>
 	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9a532277938798b53178d5a66af6e2915cb27cf (v4.3-rc4)
-CVE-2015-7610
-	RESERVED
+CVE-2015-7610 (Cross-site request forgery (CSRF) vulnerability in the login form in ...)
+	TODO: check
 CVE-2015-7609
 	RESERVED
 CVE-2015-7608



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f0c78bad812ad2d092efb64c3eebb12ec7ba7523

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f0c78bad812ad2d092efb64c3eebb12ec7ba7523
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180531/0d608a0b/attachment.html>


More information about the debian-security-tracker-commits mailing list