Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a9ed6023 by security tracker role at 2018-04-16T20:10:27+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,29 @@
+CVE-2018-10137 (iScripts UberforX 2.2 has CSRF in the
"manage_settings" section of the ...)
+ TODO: check
+CVE-2018-10136 (iScripts UberforX 2.2 has Stored XSS in the
"manage_settings" section ...)
+ TODO: check
+CVE-2018-10135 (iScripts eSwap v2.4 has Reflected XSS via the
"catwiseproducts.php" ...)
+ TODO: check
+CVE-2018-10134
+ RESERVED
+CVE-2018-10133 (PbootCMS v0.9.8 allows PHP code injection via an IF label in
...)
+ TODO: check
+CVE-2018-10132 (PbootCMS v0.9.8 has CSRF via an ...)
+ TODO: check
+CVE-2018-10131
+ RESERVED
+CVE-2018-10130
+ RESERVED
+CVE-2018-10129
+ RESERVED
+CVE-2018-10128 (An issue was discovered in XYHCMS 3.5. It has XSS via the test
...)
+ TODO: check
+CVE-2018-10127 (An issue was discovered in XYHCMS 3.5. It has CSRF via an ...)
+ TODO: check
+CVE-2018-10126
+ RESERVED
+CVE-2018-10125
+ RESERVED
CVE-2018-10123
RESERVED
CVE-2018-10122 (QingDao Nature Easy Soft Chanzhi Enterprise Portal System (aka
...)
@@ -91,7 +117,7 @@ CVE-2018-10089
RESERVED
CVE-2018-10088
RESERVED
-CVE-2018-10124 [kernel/signal.c: avoid undefined behaviour in
kill_something_info]
+CVE-2018-10124 (The kill_something_info function in kernel/signal.c in the
Linux kernel ...)
- linux 4.13.4-1
NOTE: Fixed by:
https://git.kernel.org/linus/4ea77014af0d6205b05503d1c7aac6eace11d473 (4.13-rc1)
CVE-2018-10087 (The kernel_wait4 function in kernel/exit.c in the Linux kernel
before ...)
@@ -235,7 +261,7 @@ CVE-2018-10023 (Catfish CMS V4.7.21 allows XSS via the
pinglun parameter to ...)
NOT-FOR-US: Catfish CMS
CVE-2018-10022
RESERVED
-CVE-2018-10021 (drivers/scsi/libsas/sas_scsi_host.c in the Linux kernel before
4.16 ...)
+CVE-2018-10021 (** DISPUTED ** drivers/scsi/libsas/sas_scsi_host.c in the
Linux kernel ...)
- linux <unfixed>
NOTE: Fixed by:
https://git.kernel.org/linus/318aaf34f1179b39fa9c30fa0f3288b645beee39 (4.16-rc7)
NOTE: Low security impact, failure can only occur for physically
@@ -12625,8 +12651,7 @@ CVE-2018-5384
RESERVED
CVE-2018-5383
RESERVED
-CVE-2018-5382 [BKS-V1 keystore files vulnerable to trivial hash collisions]
- RESERVED
+CVE-2018-5382 (Bouncy Castle BKS version 1 keystore (BKS-V1) files use an HMAC
that ...)
- bouncycastle 1.48+dfsg-2
[wheezy] - bouncycastle <ignored> (this only affects the integrity
verification and not the content of the BKS keystore)
NOTE:
https://insights.sei.cmu.edu/cert/2018/03/the-curious-case-of-the-bouncy-castle-bks-passwords.html
@@ -16281,14 +16306,14 @@ CVE-2018-3851
RESERVED
CVE-2018-3850
RESERVED
-CVE-2018-3849
- RESERVED
-CVE-2018-3848
- RESERVED
+CVE-2018-3849 (In the ffghtb function in NASA CFITSIO 3.42, specially crafted
images ...)
+ TODO: check
+CVE-2018-3848 (In the ffghbn function in NASA CFITSIO 3.42, specially crafted
images ...)
+ TODO: check
CVE-2018-3847
RESERVED
-CVE-2018-3846
- RESERVED
+CVE-2018-3846 (In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42,
specially ...)
+ TODO: check
CVE-2018-3845
RESERVED
CVE-2018-3844
@@ -25741,8 +25766,7 @@ CVE-2018-0739 (Constructed ASN.1 types with a recursive
definition (such as can
NOTE: OpenSSL_1_0_2-stable:
https://git.openssl.org/?p=openssl.git;a=commit;h=9310d45087ae546e27e61ddf8f6367f29848220d
CVE-2018-0738
RESERVED
-CVE-2018-0737 [Cache timing vulnerability in RSA Key Generation]
- RESERVED
+CVE-2018-0737 (The OpenSSL RSA Key generation algorithm has been shown to be
...)
- openssl <unfixed> (low; bug #895844)
[stretch] - openssl <postponed> (Can wait for next DSA and upstream
release)
[jessie] - openssl <postponed> (Can wait for next DSA and upstream
release)
@@ -26241,12 +26265,12 @@ CVE-2018-0564
RESERVED
CVE-2018-0563
RESERVED
-CVE-2018-0562
- RESERVED
-CVE-2018-0561
- RESERVED
-CVE-2018-0560
- RESERVED
+CVE-2018-0562 (Untrusted search path vulnerability in Installer of SoundEngine
Free ...)
+ TODO: check
+CVE-2018-0561 (Untrusted search path vulnerability in The installer of
PhishWall ...)
+ TODO: check
+CVE-2018-0560 (Hatena Bookmark App for iOS Version 3.0 to 3.70 allows remote
...)
+ TODO: check
CVE-2018-0559
RESERVED
CVE-2018-0558
@@ -26263,14 +26287,14 @@ CVE-2018-0553 (The iRemoconWiFi App for Android
version 4.1.7 and earlier does n
NOT-FOR-US: iRemoconWiFi App for Android
CVE-2018-0552 (Untrusted search path vulnerability in The installer of
PhishWall ...)
NOT-FOR-US: installer of PhishWall Client (Firefox and Chrome edition
for Windows)
-CVE-2018-0551
- RESERVED
-CVE-2018-0550
- RESERVED
-CVE-2018-0549
- RESERVED
-CVE-2018-0548
- RESERVED
+CVE-2018-0551 (Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to
4.6.1 ...)
+ TODO: check
+CVE-2018-0550 (Cybozu Garoon 3.5.0 to 4.6.1 allows remote authenticated
attackers to ...)
+ TODO: check
+CVE-2018-0549 (Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to
4.6.0 ...)
+ TODO: check
+CVE-2018-0548 (Cybozu Garoon 4.0.0 to 4.6.0 allows remote authenticated
attackers to ...)
+ TODO: check
CVE-2018-0547 (Cross-site scripting vulnerability in WP All Import plugin
prior to ...)
NOT-FOR-US: WP All Import plugin for WordPress
CVE-2018-0546 (Cross-site scripting vulnerability in WP All Import plugin
prior to ...)
@@ -26299,14 +26323,14 @@ CVE-2018-0535 (Cross-site scripting vulnerability in
PHP 2chBBS version bbs18c a
NOT-FOR-US: PHP 2chBBS
CVE-2018-0534 (Cross-site scripting vulnerability in ArsenoL Version 0.5
allows an ...)
NOT-FOR-US: ArsenoL
-CVE-2018-0533
- RESERVED
-CVE-2018-0532
- RESERVED
-CVE-2018-0531
- RESERVED
-CVE-2018-0530
- RESERVED
+CVE-2018-0533 (Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated
attackers to ...)
+ TODO: check
+CVE-2018-0532 (Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated
attackers to ...)
+ TODO: check
+CVE-2018-0531 (Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated
attackers to ...)
+ TODO: check
+CVE-2018-0530 (SQL injection vulnerability in the Cybozu Garoon 3.5.0 to 4.2.6
allows ...)
+ TODO: check
CVE-2018-0529
RESERVED
CVE-2018-0528
@@ -42448,9 +42472,11 @@ CVE-2017-12113 (An exploitable improper authorization
vulnerability exists in ..
CVE-2017-12112 (An exploitable improper authorization vulnerability exists in
...)
- cpp-ethereum <itp> (bug #860434)
CVE-2017-12111 (An exploitable out-of-bounds vulnerability exists in the
xls_addCell ...)
+ {DSA-4173-1}
- r-cran-readxl 1.0.0-2 (bug #895564)
NOTE:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0463
CVE-2017-12110 (An exploitable integer overflow vulnerability exists in the
...)
+ {DSA-4173-1}
- r-cran-readxl 1.0.0-2 (bug #895564)
NOTE:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0462
CVE-2017-12109
@@ -48594,8 +48620,7 @@ CVE-2017-10142 (Vulnerability in the Oracle Hospitality
Reporting and Analytics
NOT-FOR-US: Oracle
CVE-2017-10141 (Vulnerability in the Oracle Outside In Technology component of
Oracle ...)
NOT-FOR-US: Oracle
-CVE-2017-10140 [Berkeley DB reads DB_CONFIG from cwd]
- RESERVED
+CVE-2017-10140 (Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before
3.1.6, and ...)
{DLA-1137-1 DLA-1136-1 DLA-1135-1}
- db5.3 5.3.28-13.1 (bug #872436)
[stretch] - db5.3 5.3.28-12+deb9u1
@@ -60378,8 +60403,8 @@ CVE-2017-6325 (The Symantec Messaging Gateway can
encounter a file inclusion ...
NOT-FOR-US: Symantec
CVE-2017-6324 (The Symantec Messaging Gateway, when processing a specific
email ...)
NOT-FOR-US: Symantec
-CVE-2017-6323
- RESERVED
+CVE-2017-6323 (The Symantec Management Console prior to ITMS 8.1 RU1, ITMS ...)
+ TODO: check
CVE-2017-6322
RESERVED
CVE-2017-XXXX [scanelf: out of bounds read in scanelf_file_get_symtabs
(scanelf.c)]
@@ -71018,6 +71043,7 @@ CVE-2017-2921 (An exploitable memory corruption
vulnerability exists in the Webs
CVE-2017-2920 (An memory corruption vulnerability exists in the .SVG parsing
...)
NOT-FOR-US: Computerinsel Photoline
CVE-2017-2919 (An exploitable stack based buffer overflow vulnerability exists
in the ...)
+ {DSA-4173-1}
- r-cran-readxl 1.0.0-2 (bug #895564)
NOTE:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0426
CVE-2017-2918
@@ -71066,9 +71092,11 @@ CVE-2017-2899
CVE-2017-2898 (An exploitable vulnerability exists in the signature
verification of ...)
NOT-FOR-US: Circle with Disney
CVE-2017-2897 (An exploitable out-of-bounds write vulnerability exists in the
...)
+ {DSA-4173-1}
- r-cran-readxl 1.0.0-2 (bug #895564)
NOTE:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0404
CVE-2017-2896 (An exploitable out-of-bounds write vulnerability exists in the
...)
+ {DSA-4173-1}
- r-cran-readxl 1.0.0-2 (bug #895564)
NOTE:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0403
CVE-2017-2895 (An exploitable arbitrary memory read vulnerability exists in
the MQTT ...)
@@ -77386,11 +77414,9 @@ CVE-2016-9594
RESERVED
- curl <not-affected> (Only affects 7.52.0)
NOTE: https://curl.haxx.se/docs/adv_20161223.html
-CVE-2016-9593
- RESERVED
+CVE-2016-9593 (foreman-debug before version 1.15.0 is vulnerable to a flaw in
...)
- foreman <itp> (bug #663101)
-CVE-2016-9592
- RESERVED
+CVE-2016-9592 (openshift before versions 3.3.1.11, 3.2.1.23, 3.4 is vulnerable
to a ...)
NOT-FOR-US: OpenShift
CVE-2016-9591 (JasPer before version 2.0.12 is vulnerable to a use-after-free
in the ...)
{DSA-3827-1 DLA-920-1}
@@ -79339,10 +79365,10 @@ CVE-2016-9096
REJECTED
CVE-2016-9095
REJECTED
-CVE-2016-9094
- RESERVED
-CVE-2016-9093
- RESERVED
+CVE-2016-9094 (Symantec Endpoint Protection clients place detected malware in
...)
+ TODO: check
+CVE-2016-9093 (A version of the SymEvent Driver that shipped with Symantec
Endpoint ...)
+ TODO: check
CVE-2016-9092
REJECTED
CVE-2016-9091 (Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and
Content ...)
@@ -128274,8 +128300,8 @@ CVE-2015-1954 (Stack-based buffer overflow in the
server in IBM Tivoli Storage .
NOT-FOR-US: IBM
CVE-2015-1953 (Stack-based buffer overflow in the server in IBM Tivoli Storage
...)
NOT-FOR-US: IBM
-CVE-2015-1952
- RESERVED
+CVE-2015-1952 (Cross-site scripting (XSS) vulnerability in IBM AppScan
Enterprise ...)
+ TODO: check
CVE-2015-1951 (IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before
7.5.0.8 ...)
NOT-FOR-US: IBM
CVE-2015-1950 (IBM PowerVC Standard Edition 1.2.2.1 through 1.2.2.2 does not
require ...)
@@ -130071,6 +130097,7 @@ CVE-2015-1419 (Unspecified vulnerability in vsftpd
3.0.2 and earlier allows remo
CVE-2015-1418 (The do_ed_script function in pch.c in GNU patch through 2.7.6,
and ...)
NOT-FOR-US: patch as used in FreeBSD specifically
CVE-2018-1000156 (GNU Patch version 2.7.6 contains an input validation
vulnerability ...)
+ {DLA-1348-1}
- patch 2.7.6-2 (bug #894993)
[stretch] - patch <no-dsa> (Can be fixed via point release)
[jessie] - patch <no-dsa> (Can be fixed via point release)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a9ed6023fd14a27c9655b2534e555172e72e9413
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a9ed6023fd14a27c9655b2534e555172e72e9413
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
