[Git][security-tracker-team/security-tracker][master] automatic update

Fri Oct 19 09:10:34 BST 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4ca4f323 by security tracker role at 2018-10-19T08:10:18Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,19 @@
+CVE-2018-18490
+	RESERVED
+CVE-2018-18489
+	RESERVED
+CVE-2018-18488 (In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, SQL Injection ...)
+	TODO: check
+CVE-2018-18487 (In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, the database ...)
+	TODO: check
+CVE-2018-18486 (An issue was discovered in PHPSHE 1.7. SQL injection exists via the ...)
+	TODO: check
+CVE-2018-18485 (An issue was discovered in PHPSHE 1.7. admin.php?mod=db&act=del allows ...)
+	TODO: check
+CVE-2018-18484 (An issue was discovered in cp-demangle.c in GNU libiberty, as ...)
+	TODO: check
+CVE-2018-18483 (The get_count function in cplus-dem.c in GNU libiberty, as distributed ...)
+	TODO: check
 CVE-2018-18482 (An issue was discovered in libpg_query 10-1.0.2. There is a memory leak ...)
 	NOT-FOR-US: libpg_query
 CVE-2018-18481 (A heap-based buffer over-read exists in libopencad 0.2.0 in the ...)
@@ -6673,8 +6689,8 @@ CVE-2018-15767
 	RESERVED
 CVE-2018-15766 (On install, Dell Encryption versions prior 10.0.1 and Dell Endpoint ...)
 	NOT-FOR-US: Dell
-CVE-2018-15765
-	RESERVED
+CVE-2018-15765 (Dell EMC Secure Remote Services, versions prior to 3.32.00.08, ...)
+	TODO: check
 CVE-2018-15764 (Dell EMC ESRS Policy Manager versions 6.8 and prior contain a remote ...)
 	NOT-FOR-US: EMC ESRS Policy Manager
 CVE-2018-15763 (Pivotal Container Service, versions prior to 1.2.0, contains an ...)
@@ -6687,12 +6703,12 @@ CVE-2018-15760
 	RESERVED
 CVE-2018-15759
 	RESERVED
-CVE-2018-15758
-	RESERVED
+CVE-2018-15758 (Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to ...)
+	TODO: check
 CVE-2018-15757
 	RESERVED
-CVE-2018-15756
-	RESERVED
+CVE-2018-15756 (Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, ...)
+	TODO: check
 CVE-2018-15755 (Cloud Foundry CF Networking Release, versions 2.11.0 prior to 2.16.0, ...)
 	NOT-FOR-US: Cloud Foundry
 CVE-2018-15754
@@ -8836,8 +8852,8 @@ CVE-2018-14809 (Fuji Electric V-Server 4.0.3.0 and prior, A use after free ...)
 	NOT-FOR-US: Fuji Electric V-Server
 CVE-2018-14808 (Emerson AMS Device Manager v12.0 to v13.5.  Non-administrative users ...)
 	NOT-FOR-US: Emerson AMS Device Manager
-CVE-2018-14807
-	RESERVED
+CVE-2018-14807 (A stack-based buffer overflow vulnerability in Opto 22 PAC Control ...)
+	TODO: check
 CVE-2018-14806
 	RESERVED
 CVE-2018-14805 (ABB eSOMS version 6.0.2 may allow unauthorized access to the system ...)
@@ -18629,10 +18645,10 @@ CVE-2018-11082 (Cloud Foundry UAA, all versions prior to 4.20.0 and Cloud Foundr
 	NOT-FOR-US: Cloud Foundry
 CVE-2018-11081 (Pivotal Operations Manager, versions 2.2.x prior to 2.2.1, 2.1.x prior ...)
 	NOT-FOR-US: Pivotal
-CVE-2018-11080
-	RESERVED
-CVE-2018-11079
-	RESERVED
+CVE-2018-11080 (Dell EMC Secure Remote Services, versions prior to 3.32.00.08, ...)
+	TODO: check
+CVE-2018-11079 (Dell EMC Secure Remote Services, versions prior to 3.32.00.08, ...)
+	TODO: check
 CVE-2018-11078 (Dell EMC VPlex GeoSynchrony, versions prior to 6.1, contains an ...)
 	NOT-FOR-US: EMC VPlex GeoSynchrony
 CVE-2018-11077
@@ -143516,7 +143532,7 @@ CVE-2015-4644 (The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (ak
 	NOTE: https://bugs.php.net/bug.php?id=69667
 	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=2cc4e69cc6d8dbc4b3568ad3dd583324a7c11d64
 	NOTE: http://www.openwall.com/lists/oss-security/2015/06/18/3
-CVE-2015-4639 (Multiple cross-site request forgery (CSRF) vulnerabilities in Koha ...)
+CVE-2015-4639 (Cross-site scripting (XSS) vulnerability in opac-addbybiblionumber.pl ...)
 	NOT-FOR-US: Koha
 CVE-2015-4638 (The FastL4 virtual server in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ...)
 	NOT-FOR-US: FastL4
@@ -143531,14 +143547,14 @@ CVE-2015-4634 (SQL injection vulnerability in graphs.php in Cacti before 0.8.8e
 	- cacti 0.8.8e+ds1-1
 	NOTE: http://bugs.cacti.net/view.php?id=2577
 	NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7731
-CVE-2015-4633
-	RESERVED
-CVE-2015-4632
-	RESERVED
-CVE-2015-4631
-	RESERVED
-CVE-2015-4630
-	RESERVED
+CVE-2015-4633 (Multiple SQL injection vulnerabilities in Koha 3.14.x before 3.14.16, ...)
+	TODO: check
+CVE-2015-4632 (Multiple directory traversal vulnerabilities in Koha 3.14.x before ...)
+	TODO: check
+CVE-2015-4631 (Multiple cross-site scripting (XSS) vulnerabilities in Koha 3.14.x ...)
+	TODO: check
+CVE-2015-4630 (Multiple cross-site request forgery (CSRF) vulnerabilities in Koha ...)
+	TODO: check
 CVE-2015-4629 (Huawei E5756S before V200R002B146D23SP00C00 allows remote attackers to ...)
 	NOT-FOR-US: Huawei
 CVE-2015-4628 (SQL injection vulnerability in ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4ca4f323fa5a99099f1fac5b9ecb18a1150e12e6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4ca4f323fa5a99099f1fac5b9ecb18a1150e12e6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181019/7f3ed30d/attachment.html>
