Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 6931ec86 by security tracker role at 2018-04-23T20:10:34+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -2,10 +2,10 @@ CVE-2018-XXXX [Authorization bypass] - phpliteadmin <unfixed> (bug #896682) NOTE: https://github.com/phpLiteAdmin/pla/issues/11 NOTE: Fixed by: https://github.com/phpLiteAdmin/pla/commit/41545fe058e674a983f557bff13787df53167274 -CVE-2018-10301 - RESERVED -CVE-2018-10300 - RESERVED +CVE-2018-10301 (Cross-site scripting (XSS) vulnerability in the Web-Dorado Instagram ...) + TODO: check +CVE-2018-10300 (Cross-site scripting (XSS) vulnerability in the Web-Dorado Instagram ...) + TODO: check CVE-2018-10299 (An integer overflow in the batchTransfer function of a smart contract ...) TODO: check CVE-2018-10298 (Discuz! DiscuzX through X3.4 has reflected XSS via ...) @@ -149,10 +149,10 @@ CVE-2018-10236 (POSCMS 3.2.18 allows remote attackers to execute arbitrary PHP c NOT-FOR-US: POSCMS CVE-2018-10235 (POSCMS 3.2.10 allows remote attackers to execute arbitrary PHP code via ...) NOT-FOR-US: POSCMS -CVE-2018-10234 - RESERVED -CVE-2018-10233 - RESERVED +CVE-2018-10234 (Authenticated Cross site Scripting exists in the User Profile & ...) + TODO: check +CVE-2018-10233 (The User Profile & Membership plugin before 2.0.7 for WordPress has no ...) + TODO: check CVE-2018-10232 RESERVED CVE-2018-10231 @@ -906,8 +906,8 @@ CVE-2018-9923 (An issue was discovered in idreamsoft iCMS through 7.0.7. CSRF ex NOT-FOR-US: idreamsoft iCMS CVE-2018-9922 (An issue was discovered in idreamsoft iCMS through 7.0.7. Physical path ...) NOT-FOR-US: idreamsoft iCMS -CVE-2018-9921 - RESERVED +CVE-2018-9921 (In CMS Made Simple 2.2.7, a Directory Traversal issue makes it possible ...) + TODO: check CVE-2018-9920 RESERVED CVE-2018-9919 @@ -3375,8 +3375,8 @@ CVE-2018-8881 (Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer over- [wheezy] - nasm <ignored> (Minor issue) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392446 NOTE: http://repo.or.cz/nasm.git/commit/3144e84add8b152cc7a71e44617ce6f21daa4ba3 (nasm-2.13.02rc3) -CVE-2018-8880 - RESERVED +CVE-2018-8880 (Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) doesn't check ...) + TODO: check CVE-2018-8879 RESERVED CVE-2018-8878 @@ -14822,8 +14822,8 @@ CVE-2018-4849 RESERVED CVE-2018-4848 RESERVED -CVE-2018-4847 - RESERVED +CVE-2018-4847 (A vulnerability has been identified in SIMATIC WinCC OA Operator iOS ...) + TODO: check CVE-2018-4846 RESERVED CVE-2018-4845 @@ -16863,8 +16863,8 @@ CVE-2018-3852 RESERVED CVE-2018-3851 RESERVED -CVE-2018-3850 - RESERVED +CVE-2018-3850 (An exploitable use-after-free vulnerability exists in the JavaScript ...) + TODO: check CVE-2018-3849 (In the ffghtb function in NASA CFITSIO 3.42, specially crafted images ...) - cfitsio 3.430-1 (low; bug #892458) [stretch] - cfitsio <no-dsa> (Minor issue) @@ -18122,8 +18122,8 @@ CVE-2017-17835 RESERVED CVE-2017-17834 RESERVED -CVE-2017-17833 - RESERVED +CVE-2017-17833 (OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a ...) + TODO: check CVE-2017-17832 (ServersCheck Monitoring Software before 14.2.3 is prone to a ...) NOT-FOR-US: ServersCheck Monitoring Software CVE-2017-17843 (An issue was discovered in Enigmail before 1.9.9 that allows remote ...) @@ -36171,8 +36171,8 @@ CVE-2017-14460 (An exploitable overly permissive cross-domain (CORS) whitelist . - parity <itp> (bug #890550) CVE-2017-14459 (An exploitable OS Command Injection vulnerability exists in the ...) NOT-FOR-US: Moxa -CVE-2017-14458 - RESERVED +CVE-2017-14458 (An exploitable use-after-free vulnerability exists in the JavaScript ...) + TODO: check CVE-2017-14457 (An exploitable information leak/denial of service vulnerability exists ...) - cpp-etherum <itp> (bug #860434) CVE-2017-14456 @@ -39813,8 +39813,8 @@ CVE-2017-13075 RESERVED CVE-2017-13074 RESERVED -CVE-2017-13073 - RESERVED +CVE-2017-13073 (Cross-site scripting (XSS) vulnerability in QNAP NAS application Photo ...) + TODO: check CVE-2017-13072 RESERVED CVE-2017-13071 (QNAP has already patched this vulnerability. This security concern ...) @@ -74487,8 +74487,8 @@ CVE-2017-1788 (IBM WebSphere Application Server 9 installations using Form Login NOT-FOR-US: IBM CVE-2017-1787 (IBM Publishing Engine 2.1.2 and 6.0.5 contains an undisclosed ...) NOT-FOR-US: IBM Publishing Engine -CVE-2017-1786 - RESERVED +CVE-2017-1786 (IBM WebSphere MQ 8.0 through 8.0.0.8 and 9.0 through 9.0.4 under ...) + TODO: check CVE-2017-1785 (IBM API Connect 5.0.7 and 5.0.8 could allow an authenticated remote ...) NOT-FOR-US: IBM API Connect CVE-2017-1784 (IBM Cognos Analytics 11.0 could produce results in temporary files ...) @@ -74531,8 +74531,8 @@ CVE-2017-1766 (Due to incorrect authorization in IBM Business Process Manager 8. NOT-FOR-US: IBM CVE-2017-1765 (IBM Business Process Manager 8.6 could allow an authenticated user ...) NOT-FOR-US: IBM -CVE-2017-1764 - RESERVED +CVE-2017-1764 (IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2, ...) + TODO: check CVE-2017-1763 RESERVED CVE-2017-1762 (IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management ...) @@ -74657,8 +74657,8 @@ CVE-2017-1703 RESERVED CVE-2017-1702 RESERVED -CVE-2017-1701 - RESERVED +CVE-2017-1701 (IBM Team Concert (RTC) 5.0, 5.0.1, 5.0.2, 6.0, 6.0.1, 6.0.2, 6.0.3, ...) + TODO: check CVE-2017-1700 RESERVED CVE-2017-1699 (IBM MQ Managed File Transfer Agent 8.0 and 9.0 sets insecure ...) @@ -75088,8 +75088,8 @@ CVE-2017-1488 NOT-FOR-US: Qualcomm component for Android CVE-2017-1487 (IBM Sterling File Gateway 2.2 could allow an authenticated attacker to ...) NOT-FOR-US: IBM -CVE-2017-1486 - RESERVED +CVE-2017-1486 (IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2 is ...) + TODO: check CVE-2017-1485 (IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This ...) NOT-FOR-US: IBM CVE-2017-1484 (IBM WebSphere Commerce Enterprise, Professional, Express, and ...) @@ -75114,8 +75114,8 @@ CVE-2017-1475 RESERVED CVE-2017-1474 RESERVED -CVE-2017-1473 - RESERVED +CVE-2017-1473 (IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6 and 9.0.0 ...) + TODO: check CVE-2017-1472 RESERVED CVE-2017-1471 @@ -78193,8 +78193,7 @@ CVE-2016-9587 [Compromised remote hosts can lead to running commands on the Ansi NOTE: Fixed by: https://github.com/ansible/ansible/commit/eb8c26c105e8457b86324b64a13fac37d8862d47 (v2.2.1.0-0.4.rc4) NOTE: Fixed by: https://github.com/ansible/ansible/commit/cc4634a5e73c06c6b4581f11171289ca9228391e (v2.2.1.0-0.4.rc4) NOTE: Fix in 2.2.0.0-2 only partially addressed the issues, and needed a follow-up, 2.2.0.0-3 -CVE-2016-9586 [printf floating point buffer overflow] - RESERVED +CVE-2016-9586 (curl before version 7.52.0 is vulnerable to a buffer overflow when ...) {DLA-767-1} - curl 7.52.1-1 (bug #848958) [jessie] - curl <no-dsa> (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6931ec865878b18d7a0422ef90a9e104a5297510 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6931ec865878b18d7a0422ef90a9e104a5297510 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits