[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Tue, 17 Apr 2018 13:11:25 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
d8de9c0f by security tracker role at 2018-04-17T20:10:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,17 @@
+CVE-2018-10187
+       RESERVED
+CVE-2018-10186
+       RESERVED
+CVE-2018-10185 (An issue was discovered in TuziCMS v2.0.6. There is a CSRF ...)
+       TODO: check
+CVE-2018-10184
+       RESERVED
+CVE-2018-10183 (An issue was discovered in BigTree 4.2.22. There is cross-site 
...)
+       TODO: check
+CVE-2018-10182
+       RESERVED
+CVE-2018-1000199
+       RESERVED
 CVE-2018-10181
        RESERVED
 CVE-2018-10180
@@ -3136,8 +3150,8 @@ CVE-2018-8836 (Wago 750 Series PLCs with firmware version 
10 and prior include a
        NOT-FOR-US: Wago 750 Series PLCs
 CVE-2018-8835
        RESERVED
-CVE-2018-8834
-       RESERVED
+CVE-2018-8834 (Parsing malformed project files in Omron CX-One versions 4.42 
and ...)
+       TODO: check
 CVE-2018-8833
        RESERVED
 CVE-2018-8832 (enhavo 0.4.0 has XSS via a user-group that contains executable 
...)
@@ -6375,6 +6389,7 @@ CVE-2018-7551 (There is an invalid free in 
MiniPS::delete0 in minips.cpp that le
        [jessie] - sam2p <no-dsa> (Will be fixed via point release)
        NOTE: https://github.com/pts/sam2p/issues/28
 CVE-2018-7550 (The load_multiboot function in hw/i386/multiboot.c in Quick 
Emulator ...)
+       {DLA-1351-1 DLA-1350-1}
        - qemu 1:2.12~rc3+dfsg-1 (bug #892041)
        - qemu-kvm <removed>
        NOTE: 
https://git.qemu.org/?p=qemu.git;a=patch;h=2a8fcd119eb7c6bb3837fc3669eb1b2dfb31daf8
@@ -6470,8 +6485,8 @@ CVE-2018-7532 (Unauthentication vulnerabilities have been 
identified in Geutebru
        NOT-FOR-US: IP Geutebruck and Topline IP cameras
 CVE-2018-7531 (An Improper Input Validation issue was discovered in OSIsoft PI 
Data ...)
        NOT-FOR-US: OSIsoft PI
-CVE-2018-7530
-       RESERVED
+CVE-2018-7530 (Parsing malformed project files in Omron CX-One versions 4.42 
and ...)
+       TODO: check
 CVE-2018-7529 (A Deserialization of Untrusted Data issue was discovered in 
OSIsoft PI ...)
        NOT-FOR-US: OSIsoft PI
 CVE-2018-7528 (An SQL injection vulnerability has been identified in 
Geutebruck ...)
@@ -6502,8 +6517,8 @@ CVE-2018-7516 (A server-side request forgery 
vulnerability has been identified i
        NOT-FOR-US: IP Geutebruck and Topline IP cameras
 CVE-2018-7515 (In Omron CX-Supervisor Versions 3.30 and prior, access of ...)
        NOT-FOR-US: Omron CX-Supervisor
-CVE-2018-7514
-       RESERVED
+CVE-2018-7514 (Parsing malformed project files in Omron CX-One versions 4.42 
and ...)
+       TODO: check
 CVE-2018-7513 (In Omron CX-Supervisor Versions 3.30 and prior, parsing 
malformed ...)
        NOT-FOR-US: Omron CX-Supervisor
 CVE-2018-7512 (A cross-site scripting vulnerability has been identified in 
Geutebruck ...)
@@ -7387,7 +7402,7 @@ CVE-2018-1000071 (roundcube version 1.3.4 and earlier 
contains an Insecure Permi
 CVE-2018-1000070 (Bitmessage PyBitmessage version v0.6.2 (and introduced in or 
after ...)
        NOT-FOR-US: PyBitmessage
 CVE-2018-1000069 (FreePlane version 1.5.9 and earlier contains a XML External 
Entity ...)
-       {DLA-1316-1}
+       {DSA-4175-1 DLA-1316-1}
        - freeplane 1.6.6-1 (bug #893663)
        NOTE: 
https://www.freeplane.org/wiki/index.php/XML_External_Entity_vulnerability_in_map_parser
        NOTE: https://github.com/freeplane/freeplane/commit/a5dce7f9f
@@ -9717,8 +9732,8 @@ CVE-2017-18104
        RESERVED
 CVE-2017-18103
        RESERVED
-CVE-2017-18102
-       RESERVED
+CVE-2017-18102 (The wiki markup component of atlassian-renderer from version 
8.0.0 ...)
+       TODO: check
 CVE-2017-18101 (Various administrative external system import resources in 
Atlassian ...)
        NOT-FOR-US: Atlassian
 CVE-2017-18100 (The agile wallboard gadget in Atlassian Jira before version 
7.8.1 ...)
@@ -12637,12 +12652,12 @@ CVE-2018-5433
        RESERVED
 CVE-2018-5432
        RESERVED
-CVE-2018-5431
-       RESERVED
-CVE-2018-5430
-       RESERVED
-CVE-2018-5429
-       RESERVED
+CVE-2018-5431 (The domain designer component of TIBCO Software Inc.'s TIBCO 
...)
+       TODO: check
+CVE-2018-5430 (The Spring web flows of TIBCO Software Inc.'s TIBCO 
JasperReports ...)
+       TODO: check
+CVE-2018-5429 (A vulnerability in the report scripting component of TIBCO 
Software ...)
+       TODO: check
 CVE-2018-5428
        RESERVED
 CVE-2018-5427
@@ -13338,8 +13353,8 @@ CVE-2018-5192
        RESERVED
 CVE-2018-5191
        REJECTED
-CVE-2018-5190
-       RESERVED
+CVE-2018-5190 (PicturesPro Photo Cart 6 and 7 before Security-Patch-2018-B 
allows ...)
+       TODO: check
 CVE-2018-5189 (Race condition in Jungo Windriver 12.5.1 allows local users to 
cause a ...)
        NOT-FOR-US: Jungo Windriver
 CVE-2018-5188
@@ -22611,8 +22626,8 @@ CVE-2018-1447 (The GSKit (IBM Spectrum Protect 7.1 and 
7.2) and (IBM Spectrum Pr
        NOT-FOR-US: IBM Spectrum Protect
 CVE-2018-1446
        RESERVED
-CVE-2018-1445
-       RESERVED
+CVE-2018-1445 (IBM WebSphere Portal 8.0.0 through 8.0.0.1, 8.5, and 9.0 is 
vulnerable ...)
+       TODO: check
 CVE-2018-1444 (IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site 
...)
        NOT-FOR-US: IBM
 CVE-2018-1443 (An XML parsing vulnerability affects IBM SAML-based single 
sign-on ...)
@@ -22759,8 +22774,8 @@ CVE-2018-1373 (IBM Security Guardium Big Data 
Intelligence (SonarG) 3.1 uses an 
        NOT-FOR-US: IBM Security Guardium Big Data Intelligence
 CVE-2018-1372 (IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does 
not ...)
        NOT-FOR-US: IBM Security Guardium Big Data Intelligence
-CVE-2018-1371
-       RESERVED
+CVE-2018-1371 (An IBM WebSphere MQ 8.0.0.8, 9.0.0.2, and 9.0.4 Client 
connecting to a ...)
+       TODO: check
 CVE-2018-1370
        RESERVED
 CVE-2018-1369
@@ -40845,8 +40860,8 @@ CVE-2017-12703 (A Cross-Site Request Forgery (CSRF) 
issue was discovered in West
        NOT-FOR-US: Westermo
 CVE-2017-12702 (An Externally Controlled Format String issue was discovered in 
...)
        NOT-FOR-US: Advantech WebAccess
-CVE-2017-12701
-       RESERVED
+CVE-2017-12701 (BMC Medical Luna CPAP Machines released prior to July 1, 2017, 
contain ...)
+       TODO: check
 CVE-2017-12700
        RESERVED
 CVE-2017-12699 (An Incorrect Default Permissions issue was discovered in 
AzeoTech ...)
@@ -49706,16 +49721,16 @@ CVE-2017-9640 (A Path Traversal issue was discovered 
in Automated Logic Corporat
        NOT-FOR-US: Automated Logic Corporation (ALC)
 CVE-2017-9639 (An issue was discovered in Fuji Electric V-Server Version 
3.3.22.0 and ...)
        NOT-FOR-US: Fuji Electric V-Server
-CVE-2017-9638
-       RESERVED
+CVE-2017-9638 (Mitsubishi E-Designer, Version 7.52 Build 344 contains six code 
...)
+       TODO: check
 CVE-2017-9637
        RESERVED
-CVE-2017-9636
-       RESERVED
+CVE-2017-9636 (Mitsubishi E-Designer, Version 7.52 Build 344 contains five 
code ...)
+       TODO: check
 CVE-2017-9635
        RESERVED
-CVE-2017-9634
-       RESERVED
+CVE-2017-9634 (Mitsubishi E-Designer, Version 7.52 Build 344 contains two code 
...)
+       TODO: check
 CVE-2017-9633 (An Improper Restriction of Operations within the Bounds of a 
Memory ...)
        NOT-FOR-US: Continental AG Infineon S-Gold 2
 CVE-2017-9632 (A Missing Encryption of Sensitive Data issue was discovered in 
PDQ ...)
@@ -61318,8 +61333,8 @@ CVE-2017-6022 (A hard-coded password issue was 
discovered in Becton, Dickinson a
        NOT-FOR-US: BD's Kiestra PerformA and KLA Journal Service applications
 CVE-2017-6021
        RESERVED
-CVE-2017-6020
-       RESERVED
+CVE-2017-6020 (Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME 
LAquis ...)
+       TODO: check
 CVE-2017-6019 (An issue was discovered in Schneider Electric Conext ComBox, 
model ...)
        NOT-FOR-US: Schneider Electric
 CVE-2017-6018 (An open redirect issue was discovered in B. Braun Medical 
SpaceCom ...)
@@ -153668,8 +153683,8 @@ CVE-2014-2296
        RESERVED
 CVE-2014-2295
        RESERVED
-CVE-2014-2294
-       RESERVED
+CVE-2014-2294 (Open Web Analytics (OWA) before 1.5.7 allows remote attackers 
to ...)
+       TODO: check
 CVE-2014-2293 (Zikula Application Framework before 1.3.7 build 11 allows 
remote ...)
        NOT-FOR-US: Zikula
 CVE-2014-2292 (Unspecified vulnerability in the Linux Network Connect client 
in ...)
@@ -175819,7 +175834,8 @@ CVE-2013-1449
        RESERVED
 CVE-2013-1448
        RESERVED
-CVE-2014-0158 (Open Web Analytics (OWA) before 1.5.7 allows remote attackers 
to ...)
+CVE-2014-0158
+       REJECTED
        - openjpeg 1.3+dfsg-4.7
        NOTE: Not considering a duplicate of CVE-2013-1447 following
        NOTE: http://www.openwall.com/lists/oss-security/2014/04/02/2 . A query



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d8de9c0f2e4aa99350b651b7077850e41df899bc

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d8de9c0f2e4aa99350b651b7077850e41df899bc
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to