Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3263ba51 by security tracker role at 2018-04-21T08:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,11 @@
+CVE-2018-10253 (Paessler PRTG Network Monitor before 18.1.39.1648 mishandles
stack ...)
+ TODO: check
+CVE-2018-10252
+ RESERVED
+CVE-2018-10251
+ RESERVED
+CVE-2014-10073 (The create_response function in server/server.c in Psensor
before 1.1.4 ...)
+ TODO: check
CVE-2018-10250 (iCMS V7.0.8 has XSS via the admincp.php keywords parameter in
a ...)
NOT-FOR-US: iCMS
CVE-2018-10249 (baijiacms V3 has CSRF via ...)
@@ -194,14 +202,14 @@ CVE-2018-10177 (In ImageMagick 7.0.7-28, there is an
infinite loop in the ...)
[jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1095
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/9fdda6391e38aaad3bfd6a30bd6a72bd31aeee02
-CVE-2018-10176
- RESERVED
-CVE-2018-10175
- RESERVED
-CVE-2018-10174
- RESERVED
-CVE-2018-10173
- RESERVED
+CVE-2018-10176 (Digital Guardian Management Console 7.1.2.0015 has a Directory
...)
+ TODO: check
+CVE-2018-10175 (Digital Guardian Management Console 7.1.2.0015 has an XXE
issue. ...)
+ TODO: check
+CVE-2018-10174 (Digital Guardian Management Console 7.1.2.0015 has an SSRF
issue that ...)
+ TODO: check
+CVE-2018-10173 (Digital Guardian Management Console 7.1.2.0015 allows
authenticated ...)
+ TODO: check
CVE-2018-10172 (7-Zip through 18.01 on Windows implements the "Large
memory pages" ...)
NOT-FOR-US: 7-Zip
CVE-2018-10171
@@ -425,12 +433,12 @@ CVE-2018-10081 (CMS Made Simple (CMSMS) through 2.2.6
contains an admin password
NOT-FOR-US: CMS Made Simple
CVE-2018-10080 (Secutech RiS-11, RiS-22, and RiS-33 devices with firmware ...)
NOT-FOR-US: Secutech RiS-11, RiS-22, and RiS-33 devices
-CVE-2018-10079
- RESERVED
-CVE-2018-10078
- RESERVED
-CVE-2018-10077
- RESERVED
+CVE-2018-10079 (Geist WatchDog Console 3.2.2 uses a weak ACL for the ...)
+ TODO: check
+CVE-2018-10078 (Cross-site scripting (XSS) vulnerability in Geist WatchDog
Console ...)
+ TODO: check
+CVE-2018-10077 (XML external entity (XXE) vulnerability in Geist WatchDog
Console ...)
+ TODO: check
CVE-2018-10076
RESERVED
CVE-2018-10075
@@ -2383,7 +2391,7 @@ CVE-2018-9232
RESERVED
CVE-2018-9231
RESERVED
-CVE-2018-9230 (In OpenResty before 1.13.6.1, URI parameters were obtained
using the ...)
+CVE-2018-9230 (** DISPUTED ** In OpenResty through 1.13.6.1, URI parameters
are ...)
NOT-FOR-US: OpenResty
CVE-2018-9229
RESERVED
@@ -2754,8 +2762,8 @@ CVE-2018-9061
RESERVED
CVE-2018-9060
RESERVED
-CVE-2018-9059
- RESERVED
+CVE-2018-9059 (Stack-based buffer overflow in Easy File Sharing (EFS) Web
Server 7.2 ...)
+ TODO: check
CVE-2018-9058 (In Long Range Zip (aka lrzip) 0.631, there is an infinite loop
in the ...)
- lrzip <unfixed> (unimportant)
NOTE: https://github.com/ckolivas/lrzip/issues/93
@@ -3367,8 +3375,8 @@ CVE-2018-8828 (A Buffer Overflow issue was discovered in
Kamailio before 4.4.7,
NOTE:
https://github.com/kamailio/kamailio/commit/e1d8008a09d9390ebaf698abe8909e10dfec4097
CVE-2018-8827
RESERVED
-CVE-2018-8826
- RESERVED
+CVE-2018-8826 (ASUS RT-AC51U, RT-AC58U, RT-AC66U, RT-AC1750, RT-ACRH13, and
RT-N12 D1 ...)
+ TODO: check
CVE-2018-8825
RESERVED
CVE-2018-8824
@@ -5881,8 +5889,8 @@ CVE-2018-7749 (The SSH server implementation of AsyncSSH
before 1.12.1 does not
NOTE:
https://github.com/ronf/asyncssh/commit/16e6ebfa893167c7d9d3f6dc7a2c0d197e47f43a
CVE-2018-7748
RESERVED
-CVE-2018-7747
- RESERVED
+CVE-2018-7747 (Multiple cross-site scripting (XSS) vulnerabilities in the
Caldera ...)
+ TODO: check
CVE-2018-7746 (An issue was discovered in Western Bridge Cobub Razor 0.7.2.
...)
NOT-FOR-US: Western Bridge Cobub Razor
CVE-2018-7745 (An issue was discovered in Western Bridge Cobub Razor 0.7.2.
...)
@@ -71919,8 +71927,7 @@ CVE-2017-2826 (An information disclosure vulnerability
exists in the iConfig pro
NOTE: https://support.zabbix.com/browse/ZBX-12076
NOTE: Workaround for Zabbix 3.0 exists:
https://www.zabbix.com/documentation/3.0/manual/distributed_monitoring/proxies#configuration
NOTE: using encyrpted connections with the proxy.
-CVE-2017-2825
- RESERVED
+CVE-2017-2825 (In the trapper functionality of Zabbix Server 2.4.x,
specifically ...)
{DSA-3937-1}
- zabbix 1:3.0.7+dfsg-3 (bug #863584)
NOTE: http://www.talosintelligence.com/reports/TALOS-2017-0326/
@@ -144250,16 +144257,16 @@ CVE-2014-6114 (The Hosted Transparent Decision
Service in the Rule Execution Ser
NOT-FOR-US: IBM WebSphere
CVE-2014-6113 (Cross-site scripting (XSS) vulnerability in the Web Reports
component ...)
NOT-FOR-US: IBM Tivoli
-CVE-2014-6112
- RESERVED
-CVE-2014-6111
- RESERVED
+CVE-2014-6112 (IBM Tivoli Identity Manager 5.1.x before
5.1.0.15-ISS-TIM-IF0057 and ...)
+ TODO: check
+CVE-2014-6111 (IBM Tivoli Identity Manager 5.1.x before
5.1.0.15-ISS-TIM-IF0057 and ...)
+ TODO: check
CVE-2014-6110 (IBM Security Identity Manager 6.x before 6.0.0.3 IF14 does not
...)
NOT-FOR-US: IBM
-CVE-2014-6109
- RESERVED
-CVE-2014-6108
- RESERVED
+CVE-2014-6109 (IBM Tivoli Identity Manager 5.1.x before
5.1.0.15-ISS-TIM-IF0057 and ...)
+ TODO: check
+CVE-2014-6108 (IBM Tivoli Identity Manager 5.1.x before
5.1.0.15-ISS-TIM-IF0057 and ...)
+ TODO: check
CVE-2014-6107 (IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows
remote ...)
NOT-FOR-US: IBM
CVE-2014-6106 (Cross-site request forgery (CSRF) vulnerability in IBM Security
...)
@@ -147346,8 +147353,8 @@ CVE-2014-4784 (IBM Initiate Master Data Service 9.5
before 9.5.093013, 9.7 befor
NOT-FOR-US: IBM
CVE-2014-4783 (Cross-site request forgery (CSRF) vulnerability in IBM Initiate
Master ...)
NOT-FOR-US: IBM
-CVE-2014-4782
- RESERVED
+CVE-2014-4782 (IBM InfoSphere BigInsights 2.1.2 allows remote authenticated
users to ...)
+ TODO: check
CVE-2014-4781 (The alert module in IBM InfoSphere BigInsights 2.1.2 and 3.x
before ...)
NOT-FOR-US: IBM InfoSphere BigInsights
CVE-2014-4780
@@ -157655,8 +157662,8 @@ CVE-2014-0952 (Cross-site scripting (XSS)
vulnerability in boot_config.jsp in IB
NOT-FOR-US: IBM WebSphere Portal
CVE-2014-0951 (Cross-site scripting (XSS) vulnerability in FilterForm.jsp in
IBM ...)
NOT-FOR-US: IBM WebSphere Portal
-CVE-2014-0950
- RESERVED
+CVE-2014-0950 (Multiple XML external entity (XXE) vulnerabilities in (1) CQWeb
/ CM ...)
+ TODO: check
CVE-2014-0949 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through
6.1.5.3 ...)
NOT-FOR-US: IBM WebSphere Portal
CVE-2014-0948 (Unspecified vulnerability in IBM Rational Software Architect
Design ...)
@@ -157693,16 +157700,16 @@ CVE-2014-0933 (Cross-site request forgery (CSRF)
vulnerability in IBM InfoSphere
NOT-FOR-US: IBM WebSphere Portal
CVE-2014-0932 (Cross-site scripting (XSS) vulnerability in IBM Sterling Order
...)
NOT-FOR-US: IBM
-CVE-2014-0931
- RESERVED
+CVE-2014-0931 (Multiple XML external entity (XXE) vulnerabilities in the (1)
CCRC WAN ...)
+ TODO: check
CVE-2014-0930 (The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS
2.2.x, ...)
NOT-FOR-US: IBM AIX
CVE-2014-0929 (Cross-site request forgery (CSRF) vulnerability in the Profiles
...)
NOT-FOR-US: IBM Connections
CVE-2014-0928
RESERVED
-CVE-2014-0927
- RESERVED
+CVE-2014-0927 (The ActiveMQ admin user interface in IBM Sterling B2B
Integrator 5.1 ...)
+ TODO: check
CVE-2014-0926
RESERVED
CVE-2014-0925 (Open redirect vulnerability in IBM Sterling Control Center
5.4.0 ...)
@@ -157731,8 +157738,8 @@ CVE-2014-0914 (Cross-site scripting (XSS)
vulnerability in IBM Maximo Asset ...)
NOT-FOR-US: IBM Maximo Asset Management
CVE-2014-0913 (Cross-site scripting (XSS) vulnerability in IBM iNotes and
Domino ...)
NOT-FOR-US: IBM iNotes
-CVE-2014-0912
- RESERVED
+CVE-2014-0912 (IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File
Gateway 2.1 ...)
+ TODO: check
CVE-2014-0911 (inetd in IBM WebSphere MQ 7.1.x before 7.1.0.5 and 7.5.x before
...)
NOT-FOR-US: IBM WebSphere MQ
CVE-2014-0910 (Cross-site scripting (XSS) vulnerability in IBM WebSphere
Portal ...)
@@ -157755,8 +157762,8 @@ CVE-2014-0902
RESERVED
CVE-2014-0901 (Cross-site scripting (XSS) vulnerability in the Social
Rendering ...)
NOT-FOR-US: IBM WebSphere Portal
-CVE-2014-0900
- RESERVED
+CVE-2014-0900 (The Device Administrator code in Android before 4.4.1_r1 might
allow ...)
+ TODO: check
CVE-2014-0899 (ftpd in IBM AIX 7.1.1 before SP10 and 7.1.2 before SP5, when a
...)
NOT-FOR-US: IBM AIX
CVE-2014-0898
@@ -157789,8 +157796,8 @@ CVE-2014-0885 (Cross-site request forgery (CSRF)
vulnerability in the Admin Web
NOT-FOR-US: IBM Lotus Protector for Mail Security
CVE-2014-0884 (Cross-site scripting (XSS) vulnerability in the Admin Web UI in
IBM ...)
NOT-FOR-US: IBM Lotus Protector for Mail Security
-CVE-2014-0883
- RESERVED
+CVE-2014-0883 (Cross-site scripting (XSS) vulnerability in IBM Power Hardware
...)
+ TODO: check
CVE-2014-0882
RESERVED
CVE-2014-0881
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3263ba512858b94a6f164e743b81baeef347447c
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3263ba512858b94a6f164e743b81baeef347447c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
