Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c2e1616e by security tracker role at 2018-04-19T20:10:27+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,15 +1,39 @@
-CVE-2018-10224
+CVE-2018-10236 (POSCMS 3.2.18 allows remote attackers to execute arbitrary PHP
code via ...)
+ TODO: check
+CVE-2018-10235 (POSCMS 3.2.10 allows remote attackers to execute arbitrary PHP
code via ...)
+ TODO: check
+CVE-2018-10234
RESERVED
-CVE-2018-10223
+CVE-2018-10233
RESERVED
-CVE-2018-10222
+CVE-2018-10232
RESERVED
-CVE-2018-10221
+CVE-2018-10231
RESERVED
-CVE-2018-10220
+CVE-2018-10230 (Zend Debugger in Zend Server before 9.1.3 has XSS, aka
ZSR-2455. ...)
+ TODO: check
+CVE-2018-10229
RESERVED
-CVE-2018-10219
+CVE-2018-10228
RESERVED
+CVE-2018-10227 (MiniCMS v1.10 has XSS via the mc-admin/conf.php site_link
parameter. ...)
+ TODO: check
+CVE-2018-10226
+ RESERVED
+CVE-2018-10225 (thinkphp 3.1.3 has SQL Injection via the index.php s
parameter. ...)
+ TODO: check
+CVE-2018-10224 (An issue was discovered in YzmCMS 3.8. There is a CSRF
vulnerability ...)
+ TODO: check
+CVE-2018-10223 (An issue was discovered in YzmCMS 3.8. There is a CSRF
vulnerability ...)
+ TODO: check
+CVE-2018-10222 (An issue was discovered in idreamsoft iCMS V7.0. There is a
CSRF ...)
+ TODO: check
+CVE-2018-10221 (An issue was discovered in WUZHI CMS V4.1.0. There is a
persistent XSS ...)
+ TODO: check
+CVE-2018-10220 (** DISPUTED ** Glastopf 3.1.3-dev has SSRF, as demonstrated by
the ...)
+ TODO: check
+CVE-2018-10219 (baijiacms V3 has physical path leakage via an ...)
+ TODO: check
CVE-2018-10218
RESERVED
CVE-2018-10217
@@ -36,8 +60,8 @@ CVE-2018-10207
RESERVED
CVE-2018-10206
RESERVED
-CVE-2018-10205
- RESERVED
+CVE-2018-10205 (hyperstart 1.0.0 in HyperHQ Hyper has memory leaks in the ...)
+ TODO: check
CVE-2018-10204 (PureVPN 6.0.1 for Windows suffers from a SYSTEM privilege
escalation ...)
NOT-FOR-US: PureVPN
CVE-2018-10203
@@ -46,8 +70,8 @@ CVE-2018-10202
RESERVED
CVE-2018-10201
RESERVED
-CVE-2017-18261
- RESERVED
+CVE-2017-18261 (The arch_timer_reg_read_stable macro in ...)
+ TODO: check
CVE-2018-10200
RESERVED
CVE-2018-10198
@@ -94,8 +118,8 @@ CVE-2018-10190 (A vulnerability in London Trust Media
Private Internet Access (P
NOT-FOR-US: London Trust Media Private Internet Access (PIA) VPN Client
for Windows
CVE-2018-10189 (An issue was discovered in Mautic 1.x and 2.x before 2.13.0.
It is ...)
NOT-FOR-US: Mautic
-CVE-2018-10188
- RESERVED
+CVE-2018-10188 (phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker
to ...)
+ TODO: check
CVE-2018-10187 (In radare2 2.5.0, there is a heap-based buffer over-read in
the ...)
- radare2 <unfixed> (low)
[stretch] - radare2 <no-dsa> (Minor issue)
@@ -848,8 +872,8 @@ CVE-2018-9863
RESERVED
CVE-2018-9862 (util.c in runV 1.0.0 for Docker mishandles a numeric username,
which ...)
NOT-FOR-US: runV for Docker
-CVE-2018-9861
- RESERVED
+CVE-2018-9861 (Cross-site scripting (XSS) vulnerability in the Enhanced Image
(aka ...)
+ TODO: check
CVE-2018-9860 (An issue was discovered in Botan 1.11.32 through 2.x before
2.6.0. An ...)
- botan 2.4.0-6
- botan1.10 <not-affected> (Issue introduced in 1.11.32)
@@ -2526,8 +2550,8 @@ CVE-2018-9138 (An issue was discovered in cplus-dem.c in
GNU libiberty, as ...)
[jessie] - binutils <ignored> (Minor issue)
[wheezy] - binutils <ignored> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23008
-CVE-2018-9137
- RESERVED
+CVE-2018-9137 (Open-AudIT before 2.2 has CSV Injection. ...)
+ TODO: check
CVE-2018-9136 (windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows
attackers ...)
NOT-FOR-US: Jungo
CVE-2018-9135 (In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer
over-read in ...)
@@ -4888,8 +4912,8 @@ CVE-2018-8120
RESERVED
CVE-2018-8119
RESERVED
-CVE-2018-8118
- RESERVED
+CVE-2018-8118 (A remote code execution vulnerability exists when Internet
Explorer ...)
+ TODO: check
CVE-2018-8117 (A security feature bypass vulnerability exists in the Microsoft
...)
NOT-FOR-US: Microsoft
CVE-2018-8116 (A denial of service vulnerability exists in the way that
Windows ...)
@@ -5418,8 +5442,8 @@ CVE-2018-7922
RESERVED
CVE-2018-7921
RESERVED
-CVE-2018-7920
- RESERVED
+CVE-2018-7920 (Huawei AR1200 V200R006C10SPC300, AR160 V200R006C10SPC300, AR200
...)
+ TODO: check
CVE-2018-7919
RESERVED
CVE-2018-7918
@@ -5460,8 +5484,8 @@ CVE-2018-7901
RESERVED
CVE-2018-7900
RESERVED
-CVE-2018-7899
- RESERVED
+CVE-2018-7899 (The Mali Driver of Huawei Berkeley-AL20 and Berkeley-BD smart
phones ...)
+ TODO: check
CVE-2018-7898
RESERVED
CVE-2018-7897
@@ -10463,8 +10487,8 @@ CVE-2018-6308 (Multiple SQL injections exist in
SugarCRM Community Edition 6.5.2
NOT-FOR-US: SugarCRM
CVE-2018-6307
RESERVED
-CVE-2018-6306
- RESERVED
+CVE-2018-6306 (Unauthorized code execution from specific DLL and is known as
DLL ...)
+ TODO: check
CVE-2018-6305 (Denial of service in Gemalto's Sentinel LDK RTE version before
7.65 ...)
NOT-FOR-US: Gemalto
CVE-2018-6304 (Stack overflow in custom XML-parser in Gemalto's Sentinel LDK
RTE ...)
@@ -16693,10 +16717,10 @@ CVE-2018-3845
RESERVED
CVE-2018-3844
RESERVED
-CVE-2018-3843
- RESERVED
-CVE-2018-3842
- RESERVED
+CVE-2018-3843 (An exploitable type confusion vulnerability exists in the way
Foxit ...)
+ TODO: check
+CVE-2018-3842 (An exploitable use of an uninitialized pointer vulnerability
exists in ...)
+ TODO: check
CVE-2018-3841
RESERVED
CVE-2018-3840
@@ -19958,14 +19982,17 @@ CVE-2018-2821 (Vulnerability in the PeopleSoft
Enterprise PeopleTools component
CVE-2018-2820 (Vulnerability in the PeopleSoft Enterprise PeopleTools
component of ...)
NOT-FOR-US: Oracle
CVE-2018-2819 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ {DLA-1355-1}
- mysql-5.7 <unfixed> (bug #895997)
- mysql-5.5 <removed>
NOTE:
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2818 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ {DLA-1355-1}
- mysql-5.7 <unfixed> (bug #895997)
- mysql-5.5 <removed>
NOTE:
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2817 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ {DLA-1355-1}
- mysql-5.7 <unfixed> (bug #895997)
- mysql-5.5 <removed>
NOTE:
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
@@ -19986,6 +20013,7 @@ CVE-2018-2814 (Vulnerability in the Java SE, Java SE
Embedded component of Oracl
- openjdk-6 <removed>
[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2813 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ {DLA-1355-1}
- mysql-5.7 <unfixed> (bug #895997)
- mysql-5.5 <removed>
NOTE:
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
@@ -20097,6 +20125,7 @@ CVE-2018-2782 (Vulnerability in the MySQL Server
component of Oracle MySQL ...)
- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
NOTE:
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2781 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ {DLA-1355-1}
- mysql-5.7 <unfixed> (bug #895997)
- mysql-5.5 <removed>
NOTE:
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
@@ -20127,12 +20156,14 @@ CVE-2018-2775 (Vulnerability in the MySQL Server
component of Oracle MySQL ...)
CVE-2018-2774 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools
component of ...)
NOT-FOR-US: Oracle
CVE-2018-2773 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ {DLA-1355-1}
- mysql-5.7 <unfixed> (bug #895997)
- mysql-5.5 <removed>
NOTE:
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2772 (Vulnerability in the PeopleSoft Enterprise PeopleTools
component of ...)
NOT-FOR-US: Oracle
CVE-2018-2771 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ {DLA-1355-1}
- mysql-5.7 <unfixed> (bug #895997)
- mysql-5.5 <removed>
NOTE:
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
@@ -20173,6 +20204,7 @@ CVE-2018-2762 (Vulnerability in the MySQL Server
component of Oracle MySQL ...)
- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
NOTE:
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2761 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ {DLA-1355-1}
- mysql-5.7 <unfixed> (bug #895997)
- mysql-5.5 <removed>
NOTE:
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
@@ -20191,6 +20223,7 @@ CVE-2018-2757
CVE-2018-2756 (Vulnerability in the Oracle Communications Order and Service
...)
NOT-FOR-US: Oracle
CVE-2018-2755 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ {DLA-1355-1}
- mysql-5.7 <unfixed> (bug #895997)
- mysql-5.5 <removed>
NOTE:
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
@@ -24489,14 +24522,14 @@ CVE-2018-1148
RESERVED
CVE-2018-1147
RESERVED
-CVE-2018-1146
- RESERVED
-CVE-2018-1145
- RESERVED
-CVE-2018-1144
- RESERVED
-CVE-2018-1143
- RESERVED
+CVE-2018-1146 (A remote unauthenticated user can enable telnet on the Belkin
N750 ...)
+ TODO: check
+CVE-2018-1145 (A remote unauthenticated user can overflow a stack buffer in
the ...)
+ TODO: check
+CVE-2018-1144 (A remote unauthenticated user can execute commands as root in
the ...)
+ TODO: check
+CVE-2018-1143 (A remote unauthenticated user can execute commands as root in
the ...)
+ TODO: check
CVE-2018-1142 (Tenable Appliance versions 4.6.1 and earlier have been found to
...)
NOT-FOR-US: Tenable
CVE-2018-1141 (When installing Nessus to a directory outside of the default
location, ...)
@@ -25116,14 +25149,14 @@ CVE-2017-17315
RESERVED
CVE-2017-17314
RESERVED
-CVE-2017-17313
- RESERVED
+CVE-2017-17313 (The inputhub driver of HUAWEI P9 Lite mobile phones with
Versions ...)
+ TODO: check
CVE-2017-17312
RESERVED
CVE-2017-17311
RESERVED
-CVE-2017-17310
- RESERVED
+CVE-2017-17310 (Electronic Numbers to URI Mapping (ENUM) module in some Huawei
...)
+ TODO: check
CVE-2017-17309
RESERVED
CVE-2017-17308 (SCCPX module in Huawei DP300 V500R002C00, RP200 V500R002C00,
...)
@@ -27699,7 +27732,7 @@ CVE-2018-0177 (A vulnerability in the IP Version 4
(IPv4) processing code of Cis
NOT-FOR-US: Cisco
CVE-2018-0176 (Multiple vulnerabilities in the CLI parser of Cisco IOS XE
Software ...)
NOT-FOR-US: Cisco
-CVE-2018-0175 (Multiple Buffer Overflow vulnerabilities in the Link Layer
Discovery ...)
+CVE-2018-0175 (Format String vulnerability in the Link Layer Discovery
Protocol ...)
NOT-FOR-US: Cisco
CVE-2018-0174 (A vulnerability in the DHCP option 82 encapsulation
functionality of ...)
NOT-FOR-US: Cisco
@@ -68520,12 +68553,12 @@ CVE-2017-3778
REJECTED
CVE-2017-3777
REJECTED
-CVE-2017-3776
- RESERVED
+CVE-2017-3776 (Lenovo Help Android mobile app versions earlier than 6.1.2.0327
...)
+ TODO: check
CVE-2017-3775
RESERVED
-CVE-2017-3774
- RESERVED
+CVE-2017-3774 (A stack overflow vulnerability was discovered within the web
...)
+ TODO: check
CVE-2017-3773
REJECTED
CVE-2017-3772
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c2e1616eb650a09606420bf54251c3d6794df946
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c2e1616eb650a09606420bf54251c3d6794df946
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
