Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9b24b947 by security tracker role at 2018-04-18T08:15:06+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,7 +1,19 @@
-CVE-2018-10187
- RESERVED
-CVE-2018-10186
+CVE-2018-10193 (LogMeIn LastPass through 4.9.1 allows remote attackers to
cause a ...)
+ TODO: check
+CVE-2018-10192 (IPVanish 3.0.11 for macOS suffers from a root privilege
escalation ...)
+ TODO: check
+CVE-2018-10191 (In versions of mruby up to and including 1.4.0, an integer
overflow ...)
+ TODO: check
+CVE-2018-10190 (A vulnerability in London Trust Media Private Internet Access
(PIA) VPN ...)
+ TODO: check
+CVE-2018-10189 (An issue was discovered in Mautic 1.x and 2.x before 2.13.0.
It is ...)
+ TODO: check
+CVE-2018-10188
RESERVED
+CVE-2018-10187 (In radare2 2.5.0, there is a heap-based buffer over-read in
the ...)
+ TODO: check
+CVE-2018-10186 (In radare2 2.5.0, there is a heap-based buffer over-read in
the ...)
+ TODO: check
CVE-2018-10185 (An issue was discovered in TuziCMS v2.0.6. There is a CSRF ...)
NOT-FOR-US: TuziCMS
CVE-2018-10184
@@ -2382,7 +2394,7 @@ CVE-2018-9146 (In Exiv2 0.26, there is an out-of-bounds
read in ...)
[wheezy] - exiv2 <ignored> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/issues/254
NOTE: https://github.com/xiaoqx/pocs/tree/master/exiv2
-CVE-2018-9145 (In Exiv2 0.26, there is a reachable assertion abort in the
function ...)
+CVE-2018-9145 (In the DataBuf class in include/exiv2/types.hpp in Exiv2 0.26,
an ...)
- exiv2 <undetermined>
[wheezy] - exiv2 <ignored> (Minor issue)
NOTE: https://github.com/xiaoqx/pocs/tree/master/exiv2
@@ -3157,8 +3169,8 @@ CVE-2018-8840
RESERVED
CVE-2018-8839
RESERVED
-CVE-2018-8838
- RESERVED
+CVE-2018-8838 (A weakness in access controls in CENTUM CS 1000 all versions,
CENTUM ...)
+ TODO: check
CVE-2018-8837
RESERVED
CVE-2018-8836 (Wago 750 Series PLCs with firmware version 10 and prior include
a ...)
@@ -3479,14 +3491,14 @@ CVE-2018-8738
RESERVED
CVE-2018-8737 (Bookme Control Panel 2.0 Application is vulnerable to stored
XSS within ...)
NOT-FOR-US: Bookme Control Panel Application
-CVE-2018-8736
- RESERVED
-CVE-2018-8735
- RESERVED
-CVE-2018-8734
- RESERVED
-CVE-2018-8733
- RESERVED
+CVE-2018-8736 (A privilege escalation vulnerability in Nagios XI 5.2.x through
5.4.x ...)
+ TODO: check
+CVE-2018-8735 (Remote command execution (RCE) vulnerability in Nagios XI 5.2.x
through ...)
+ TODO: check
+CVE-2018-8734 (SQL injection vulnerability in the core config manager in
Nagios XI ...)
+ TODO: check
+CVE-2018-8733 (Authentication bypass vulnerability in the core config manager
in ...)
+ TODO: check
CVE-2018-8732 (Cross-site scripting (XSS) vulnerability in WampServer 3.1.1
allows ...)
NOT-FOR-US: WampServer
CVE-2018-8731
@@ -4910,7 +4922,7 @@ CVE-2018-8085
CVE-2018-1000097 (Sharutils sharutils (unshar command) version 4.15.2 contains
a Buffer ...)
{DSA-4167-1}
- sharutils 1:4.15.2-3 (bug #893525)
- [wheezy] - sharutils <not-affected>
+ [wheezy] - sharutils <not-affected>
NOTE: http://seclists.org/bugtraq/2018/Feb/54
CVE-2018-1000096 (brianleroux tiny-json-http version all versions since commit
...)
NOT-FOR-US: tiny-json-http
@@ -6459,8 +6471,8 @@ CVE-2018-7544 (** DISPUTED ** A cross-protocol scripting
issue was discovered in
NOTE: a runtime warning.
CVE-2018-7543 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: Wordpress plugin
-CVE-2018-7539
- RESERVED
+CVE-2018-7539 (On Appear TV XC5000 and XC5100 devices with firmware 3.26.217,
it is ...)
+ TODO: check
CVE-2018-7538 (A SQL injection vulnerability in the tracker functionality of
Enalean ...)
NOT-FOR-US: Enalean Tuleap
CVE-2018-7542 (An issue was discovered in Xen 4.8.x through 4.10.x allowing
x86 PVH ...)
@@ -7386,6 +7398,7 @@ CVE-2018-1000075 (RubyGems version Ruby 2.2 series: 2.2.9
and earlier, Ruby 2.3
NOTE:
https://github.com/rubygems/rubygems/commit/92e98bf8f810bd812f919120d4832df51bc25d83
NOTE:
https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
CVE-2018-1000074 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby
2.3 series: ...)
+ {DLA-1352-1}
- ruby2.5 2.5.0-5
- ruby2.3 <unfixed>
- ruby2.1 <removed>
@@ -8445,8 +8458,7 @@ CVE-2017-18176 (Progress Sitefinity 9.1 has XSS via file
upload, because JavaScr
NOT-FOR-US: Progress Sitefinity
CVE-2017-18175 (Progress Sitefinity 9.1 has XSS via the Content Management
Template ...)
NOT-FOR-US: Progress Sitefinity
-CVE-2018-6913 [heap-buffer-overflow in S_pack_rec]
- RESERVED
+CVE-2018-6913 (Heap-based buffer overflow in the pack function in Perl before
5.26.2 ...)
{DSA-4172-1 DLA-1345-1}
- perl 5.26.1-6
NOTE: https://rt.perl.org/Public/Bug/Display.html?id=131844
@@ -8722,8 +8734,7 @@ CVE-2018-6799 (The AcquireCacheNexus function in
magick/pixel_cache.c in ...)
- graphicsmagick 1.3.28-1
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/b41e2efce6d3
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/d30ed06e9b87
-CVE-2018-6798 [Heap-buffer-overflow in Perl__byte_dump_string (utf8.c)]
- RESERVED
+CVE-2018-6798 (An issue was discovered in Perl 5.22 through 5.26. Matching a
crafted ...)
- perl 5.26.1-6
[stretch] - perl 5.24.1-3+deb9u3
[jessie] - perl <not-affected> (Issue introduced later)
@@ -8733,8 +8744,7 @@ CVE-2018-6798 [Heap-buffer-overflow in
Perl__byte_dump_string (utf8.c)]
NOTE: maint-5.26:
https://perl5.git.perl.org/perl.git/commitdiff/8b80ce67ff257aaa36e47eaf4194d27a51595524
NOTE: maint-5.24:
https://perl5.git.perl.org/perl.git/commitdiff/0abf1e8d89aecd32dbdabda5da4d52a2d57a7cff
NOTE: maint-5.24:
https://perl5.git.perl.org/perl.git/commitdiff/f65da1ca2eee74696d9c120e9d69af37b4fa1920
-CVE-2018-6797 [heap-buffer-overflow (WRITE of size 1) in S_regatom (regcomp.c)]
- RESERVED
+CVE-2018-6797 (An issue was discovered in Perl 5.18 through 5.26. A crafted
regular ...)
- perl 5.26.1-6
[stretch] - perl 5.24.1-3+deb9u3
[jessie] - perl <ignored> (Backport of fixes too intrusive and risky
for regressions)
@@ -42402,8 +42412,7 @@ CVE-2017-12197 (It was found that libpam4j up to and
including 1.8 did not prope
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1503103
NOTE: https://github.com/kohsuke/libpam4j/issues/18
NOTE: (Non-upstream) patch:
https://github.com/letonez/libpam4j/commit/84f32f4001fc6bdcc125ccc959081de022d18b6d
-CVE-2017-12196 [Client can use bogus uri in Digest authentication]
- RESERVED
+CVE-2017-12196 (undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final
was ...)
- undertow <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1503055
NOTE: Fixed by
https://github.com/undertow-io/undertow/commit/facb33a5cedaf4b7b96d3840a08210370a806870
@@ -71447,8 +71456,8 @@ CVE-2017-2873
RESERVED
CVE-2017-2872
RESERVED
-CVE-2017-2871
- RESERVED
+CVE-2017-2871 (Insufficient security checks exist in the recovery procedure
used by ...)
+ TODO: check
CVE-2017-2870 (An exploitable integer overflow vulnerability exists in the ...)
- gdk-pixbuf 2.36.10-1 (unimportant; bug #873787)
NOTE:
https://git.gnome.org/browse/gdk-pixbuf/commit/?id=31a6cff3dfc6944aad4612a9668b8ad39122e48b
@@ -175989,7 +175998,7 @@ CVE-2013-1449
RESERVED
CVE-2013-1448
RESERVED
-CVE-2014-0158
+CVE-2014-0158 (Heap-based buffer overflow in the JPEG2000 image tile decoder
in ...)
- openjpeg 1.3+dfsg-4.7
NOTE: Not considering a duplicate of CVE-2013-1447 following
NOTE: http://www.openwall.com/lists/oss-security/2014/04/02/2 . A query
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9b24b947ad22e60606d3e1ea3ef93380b0453c15
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9b24b947ad22e60606d3e1ea3ef93380b0453c15
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
