[Git][security-tracker-team/security-tracker][master] automatic update

Thu Oct 11 09:11:16 BST 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c8425b60 by security tracker role at 2018-10-11T08:11:05Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2018-18241
+	RESERVED
+CVE-2018-18240 (Pippo through 1.11.0 allows remote code execution via a command to ...)
+	TODO: check
+CVE-2018-18239
+	RESERVED
+CVE-2018-18238
+	RESERVED
+CVE-2018-18237
+	RESERVED
+CVE-2018-18236
+	RESERVED
+CVE-2018-18235
+	RESERVED
+CVE-2018-18234
+	RESERVED
+CVE-2018-18233
+	RESERVED
+CVE-2018-18232
+	RESERVED
+CVE-2018-18231
+	RESERVED
+CVE-2018-18230
+	RESERVED
+CVE-2018-18229
+	RESERVED
+CVE-2018-18228
+	RESERVED
+CVE-2018-18227
+	RESERVED
+CVE-2018-18226
+	RESERVED
+CVE-2018-18225
+	RESERVED
+CVE-2018-18224
+	RESERVED
+CVE-2018-18223
+	RESERVED
 CVE-2018-18222
 	RESERVED
 CVE-2018-18221
@@ -345,10 +383,10 @@ CVE-2018-18064 (cairo through 1.15.14 has an out-of-bounds stack-memory write du
 	NOTE: https://gitlab.freedesktop.org/cairo/cairo/issues/341
 CVE-2018-18063
 	RESERVED
-CVE-2018-18062
-	RESERVED
-CVE-2018-18061
-	RESERVED
+CVE-2018-18062 (An issue was discovered in dialog.php in tecrail Responsive ...)
+	TODO: check
+CVE-2018-18061 (An issue was discovered in dialog.php in tecrail Responsive ...)
+	TODO: check
 CVE-2018-18060
 	RESERVED
 CVE-2018-18059
@@ -1017,8 +1055,8 @@ CVE-2018-17786 (On D-Link DIR-823G devices, ExportSettings.sh, upload_settings.c
 	NOT-FOR-US: D-Link DIR-823G devices
 CVE-2018-17785 (In blynk-server in Blynk before 0.39.7, Directory Traversal exists via ...)
 	NOT-FOR-US: blynk-server in Blynk
-CVE-2018-17784
-	RESERVED
+CVE-2018-17784 (Multiple vulnerabilities in YUI and FlashCanvas embedded in SugarCRM ...)
+	TODO: check
 CVE-2018-17783
 	RESERVED
 CVE-2018-17782
@@ -1973,8 +2011,8 @@ CVE-2018-17339
 	RESERVED
 CVE-2018-17338 (An issue has been found in pdfalto through 0.2. It is a heap-based ...)
 	NOT-FOR-US: pdfalto
-CVE-2018-17337
-	RESERVED
+CVE-2018-17337 (Intelbras NPLUG 1.0.0.14 devices have XSS via a crafted SSID that is ...)
+	TODO: check
 CVE-2018-17336 (UDisks 2.8.0 has a format string vulnerability in udisks_log in ...)
 	- udisks2 2.8.1-1 (bug #909607)
 	[stretch] - udisks2 <not-affected> (Vulnerable code introduced later)
@@ -3318,8 +3356,7 @@ CVE-2018-16760
 	RESERVED
 CVE-2018-16759 (The removeXSS function in App/Common/common.php (called from ...)
 	NOT-FOR-US: EasyCMS
-CVE-2018-16758
-	RESERVED
+CVE-2018-16758 (Missing message authentication in the meta-protocol in Tinc VPN ...)
 	{DSA-4312-1 DLA-1538-1}
 	- tinc 1.0.35-1
 	NOTE: http://www.tinc-vpn.org/git/browse?p=tinc;a=commit;h=e97943b7cc9c851ae36f5a41e2b6102faa74193f
@@ -3385,16 +3422,14 @@ CVE-2018-16740
 	RESERVED
 CVE-2018-16739
 	RESERVED
-CVE-2018-16738
-	RESERVED
+CVE-2018-16738 (tinc 1.0.30 through 1.0.34 has a broken authentication protocol, ...)
 	{DSA-4312-1}
 	- tinc 1.0.35-1
 	[jessie] - tinc <not-affected> (Only affects 1.0.30 to 1.0.34)
 	NOTE: http://www.tinc-vpn.org/git/browse?p=tinc;a=commit;h=d3297fbd3b8c8c8a4661f5bbf89aca5cacba8b5a
 	NOTE: This CVE is specific for tinc versions which did had mitigations put
 	NOTE: in place for the Sweet32 attack in tinc 1.0.30.
-CVE-2018-16737
-	RESERVED
+CVE-2018-16737 (tinc before 1.0.30 has a broken authentication protocol, without even ...)
 	{DLA-1538-1}
 	- tinc 1.0.31-1
 	NOTE: http://www.tinc-vpn.org/git/browse?p=tinc;a=commit;h=d3297fbd3b8c8c8a4661f5bbf89aca5cacba8b5a
@@ -10771,8 +10806,8 @@ CVE-2018-13791 (The HTTP API in ABBYY FlexiCapture before 12 Release 1 Update 7
 	NOT-FOR-US: ABBYY FlexiCapture
 CVE-2018-13790 (A Server Side Request Forgery (SSRF) vulnerability in ...)
 	NOT-FOR-US: concrete5
-CVE-2018-13789
-	RESERVED
+CVE-2018-13789 (An issue was discovered in Descor Infocad FM before 3.1.0.0. An ...)
+	TODO: check
 CVE-2018-13788
 	RESERVED
 CVE-2018-1000623 (JFrog JFrog Artifactory version Prior to version 6.0.3, since version ...)
@@ -13630,8 +13665,8 @@ CVE-2018-12598
 	RESERVED
 CVE-2018-12597
 	RESERVED
-CVE-2018-12596
-	RESERVED
+CVE-2018-12596 (Episerver Ektron CMS before 9.0 SP3 Site CU 31, 9.1 before SP3 Site CU ...)
+	TODO: check
 CVE-2018-12595
 	RESERVED
 CVE-2018-12594 (Reliable Controls MACH-ProWebCom 7.80 devices allow remote attackers to ...)
@@ -13780,14 +13815,14 @@ CVE-2018-12546
 	RESERVED
 CVE-2018-12545
 	RESERVED
-CVE-2018-12544
-	RESERVED
+CVE-2018-12544 (In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML ...)
+	TODO: check
 CVE-2018-12543
 	RESERVED
-CVE-2018-12542
-	RESERVED
-CVE-2018-12541
-	RESERVED
+CVE-2018-12542 (In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the StaticHandler ...)
+	TODO: check
+CVE-2018-12541 (In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP ...)
+	TODO: check
 CVE-2018-12540 (In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do ...)
 	NOT-FOR-US: Eclipse Vertx
 CVE-2018-12539 (In Eclipse OpenJ9 version 0.8, users other than the process owner may ...)
@@ -13992,10 +14027,10 @@ CVE-2018-12458 (An improper integer type in the mpeg4_encode_gop_header function
 	NOTE: Fixed in 3.2.11
 CVE-2018-12457 (expressCart before 1.1.6 allows remote attackers to create an admin ...)
 	NOT-FOR-US: expressCart
-CVE-2018-12456
-	RESERVED
-CVE-2018-12455
-	RESERVED
+CVE-2018-12456 (Intelbras NPLUG 1.0.0.14 wireless repeater devices have no CSRF token ...)
+	TODO: check
+CVE-2018-12455 (Intelbras NPLUG 1.0.0.14 wireless repeater devices have a critical ...)
+	TODO: check
 CVE-2018-12454 (The _addguess function of a simplelottery smart contract implementation ...)
 	NOT-FOR-US: simplelottery
 CVE-2018-12453 (Type confusion in the xgroupCommand function in t_stream.c in ...)
@@ -14218,8 +14253,8 @@ CVE-2018-12412
 	RESERVED
 CVE-2018-12411
 	RESERVED
-CVE-2018-12410
-	RESERVED
+CVE-2018-12410 (The web server component of TIBCO Software Inc's Spotfire Statistics ...)
+	TODO: check
 CVE-2018-12409
 	RESERVED
 CVE-2018-12408 (The BusinessWorks engine component of TIBCO Software Inc.'s TIBCO ...)
@@ -38571,7 +38606,8 @@ CVE-2018-3737 (sshpk is vulnerable to ReDoS when parsing crafted invalid public
 	NOTE: https://github.com/joyent/node-sshpk/issues/44
 	NOTE: https://github.com/joyent/node-sshpk/commit/46065d38a5e6d1bccf86d3efb2fb83c14e3f9957
 	NOTE: nodejs not covered by security support
-CVE-2018-3736 (https-proxy-agent passes unsanitized options to Buffer(arg) resulting ...)
+CVE-2018-3736
+	REJECTED
 	NOT-FOR-US: https-proxy-agent nodejs module
 CVE-2018-3735 (bracket-template suffers from reflected XSS possible when variable ...)
 	NOT-FOR-US: bracket-template nodejs module



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c8425b60484b22ddcac76b034da0bd4837886cb9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c8425b60484b22ddcac76b034da0bd4837886cb9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181011/f0d2411a/attachment.html>
