[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Sep 17 21:10:40 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
904d667a by security tracker role at 2018-09-17T20:10:30Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2018-17143 (The html package (aka x/net/html) through 2018-09-17 in Go mishandles ...)
+ TODO: check
+CVE-2018-17142 (The html package (aka x/net/html) through 2018-09-17 in Go mishandles ...)
+ TODO: check
+CVE-2018-17141
+ RESERVED
CVE-2018-17140 (The Quizlord plugin through 2.0 for WordPress is prone to Stored XSS ...)
NOT-FOR-US: Wordpress plugin
CVE-2018-17139 (UltimatePOS 2.5 allows users to upload arbitrary files, which leads to ...)
@@ -5934,8 +5940,8 @@ CVE-2018-14632 (An out of bound write can occur when patching an Openshift objec
NOT-FOR-US: OpenShift
CVE-2018-14631
RESERVED
-CVE-2018-14630
- RESERVED
+CVE-2018-14630 (moodle before versions 3.5.2, 3.4.5, 3.3.8, 3.1.14 is vulnerable to an ...)
+ TODO: check
CVE-2018-14629
RESERVED
CVE-2018-14628
@@ -6966,8 +6972,7 @@ CVE-2018-14322
RESERVED
CVE-2018-14321
RESERVED
-CVE-2018-14320 [PoDoFo Library ParseToUnicode Memory Corruption Information Disclosure Vulnerability]
- RESERVED
+CVE-2018-14320 (This vulnerability allows remote attackers to disclose sensitive ...)
- libpodofo <unfixed>
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-18-1046/
CVE-2018-14319
@@ -13239,12 +13244,10 @@ CVE-2018-11783
RESERVED
CVE-2018-11782
RESERVED
-CVE-2018-11781 [local user code injection in the meta rule syntax]
- RESERVED
+CVE-2018-11781 (Apache SpamAssassin 3.4.2 fixes a local user code injection in the ...)
- spamassassin <unfixed> (bug #908971)
NOTE: https://www.openwall.com/lists/oss-security/2018/09/16/1
-CVE-2018-11780 [potential remote code execution bug with the PDFInfo plugin]
- RESERVED
+CVE-2018-11780 (A potential Remote Code Execution bug exists with the PDFInfo plugin ...)
- spamassassin <unfixed> (bug #908970)
NOTE: https://www.openwall.com/lists/oss-security/2018/09/16/1
CVE-2018-11779
@@ -15182,12 +15185,12 @@ CVE-2018-11090 (An XSS issue was discovered in MyBiz MyProcureNet 5.0.0. This ..
NOT-FOR-US: MyBiz MyProcureNet
CVE-2018-11089
RESERVED
-CVE-2018-11088
- RESERVED
+CVE-2018-11088 (Pivotal Applications Manager in Pivotal Application Service, versions ...)
+ TODO: check
CVE-2018-11087 (Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions ...)
TODO: check
-CVE-2018-11086
- RESERVED
+CVE-2018-11086 (Pivotal Usage Service in Pivotal Application Service, versions 2.0 ...)
+ TODO: check
CVE-2018-11085
REJECTED
CVE-2018-11084
@@ -22955,8 +22958,7 @@ CVE-2018-8043 (The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac
NOTE: Negligable security impact, only enabled on armhf
CVE-2018-8042 (Apache Ambari, version 2.5.0 to 2.6.2, passwords for Hadoop credential ...)
NOT-FOR-US: Apache Ambari
-CVE-2018-8041
- RESERVED
+CVE-2018-8041 (Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1 and ...)
NOT-FOR-US: Apache Camel Mail component
CVE-2018-8040 (Pages that are rendered using the ESI plugin can have access to the ...)
{DSA-4282-1}
@@ -43108,8 +43110,8 @@ CVE-2018-1225
REJECTED
CVE-2018-1224
REJECTED
-CVE-2018-1223
- RESERVED
+CVE-2018-1223 (Cloud Foundry Container Runtime (kubo-release), versions prior to ...)
+ TODO: check
CVE-2018-1222
RESERVED
CVE-2018-1221 (In cf-deployment before 1.14.0 and routing-release before 0.172.0, the ...)
@@ -43161,8 +43163,8 @@ CVE-2018-1199 (Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before
[wheezy] - libspring-java <ignored> (Too intrusive to fix by upgrade)
- libspring-security-java <itp> (bug #582181)
NOTE: https://pivotal.io/security/cve-2018-1199
-CVE-2018-1198
- RESERVED
+CVE-2018-1198 (Pivotal Cloud Cache, versions prior to 1.3.1, prints a superuser ...)
+ TODO: check
CVE-2018-1197 (In Windows Stemcells versions prior to 1200.14, apps running inside ...)
NOT-FOR-US: Windows Stemcells
CVE-2018-1196 (Spring Boot supports an embedded launch script that can be used to ...)
@@ -51156,8 +51158,7 @@ CVE-2017-15706 (As part of the fix for bug 61201, the documentation for Apache T
NOTE: https://svn.apache.org/r1814826 (8.5.x)
NOTE: Introduced by fix for https://bz.apache.org/bugzilla/show_bug.cgi?id=61201
NOTE: https://lists.apache.org/thread.html/e1ef853fc0079cdb55befbd2dac042934e49288b476d5f6a649e5da2@%3Cannounce.tomcat.apache.org%3E
-CVE-2017-15705 [denial of service vulnerability]
- RESERVED
+CVE-2017-15705 (A denial of service vulnerability was identified that exists in Apache ...)
- spamassassin <unfixed> (bug #908969)
NOTE: https://www.openwall.com/lists/oss-security/2018/09/16/1
CVE-2017-15704
@@ -55160,8 +55161,8 @@ CVE-2017-14445 (An exploitable buffer overflow vulnerability exists in Insteon H
NOT-FOR-US: Insteon Hub
CVE-2017-14444 (An exploitable buffer overflow vulnerability exists in Insteon Hub ...)
NOT-FOR-US: Insteon Hub
-CVE-2017-14443
- RESERVED
+CVE-2017-14443 (An exploitable information leak vulnerability exists in Insteon Hub ...)
+ TODO: check
CVE-2017-14442 (An exploitable code execution vulnerability exists in the BMP image ...)
{DSA-4184-1 DSA-4177-1 DLA-1341-1}
- libsdl2-image 2.0.3+dfsg1-1
@@ -90833,8 +90834,8 @@ CVE-2017-2876
RESERVED
CVE-2017-2875
RESERVED
-CVE-2017-2874
- RESERVED
+CVE-2017-2874 (An information disclosure vulnerability exists in the Multi-Camera ...)
+ TODO: check
CVE-2017-2873
RESERVED
CVE-2017-2872
@@ -91114,8 +91115,8 @@ CVE-2017-2779 (An exploitable memory corruption vulnerability exists in the RSRC
NOT-FOR-US: Labview
CVE-2017-2778
RESERVED
-CVE-2017-2777
- RESERVED
+CVE-2017-2777 (An exploitable heap overflow vulnerability exists in the ...)
+ TODO: check
CVE-2017-2776
RESERVED
CVE-2017-2775 (An exploitable memory corruption vulnerability exists in the ...)
@@ -99141,8 +99142,8 @@ CVE-2016-9047
RESERVED
CVE-2016-9046
RESERVED
-CVE-2016-9045
- RESERVED
+CVE-2016-9045 (A code execution vulnerability exists in ProcessMaker Enterprise Core ...)
+ TODO: check
CVE-2016-9044 (An exploitable command execution vulnerability exists in Information ...)
TODO: check
CVE-2016-9043 (An out of bound write vulnerability exists in the EMF parsing ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/904d667aefc7a783260eff0b2f9f7ae0e7dc48d8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/904d667aefc7a783260eff0b2f9f7ae0e7dc48d8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180917/a092ed5a/attachment.html>
More information about the debian-security-tracker-commits
mailing list