Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6931ec86 by security tracker role at 2018-04-23T20:10:34+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -2,10 +2,10 @@ CVE-2018-XXXX [Authorization bypass]
- phpliteadmin <unfixed> (bug #896682)
NOTE: https://github.com/phpLiteAdmin/pla/issues/11
NOTE: Fixed by:
https://github.com/phpLiteAdmin/pla/commit/41545fe058e674a983f557bff13787df53167274
-CVE-2018-10301
- RESERVED
-CVE-2018-10300
- RESERVED
+CVE-2018-10301 (Cross-site scripting (XSS) vulnerability in the Web-Dorado
Instagram ...)
+ TODO: check
+CVE-2018-10300 (Cross-site scripting (XSS) vulnerability in the Web-Dorado
Instagram ...)
+ TODO: check
CVE-2018-10299 (An integer overflow in the batchTransfer function of a smart
contract ...)
TODO: check
CVE-2018-10298 (Discuz! DiscuzX through X3.4 has reflected XSS via ...)
@@ -149,10 +149,10 @@ CVE-2018-10236 (POSCMS 3.2.18 allows remote attackers to
execute arbitrary PHP c
NOT-FOR-US: POSCMS
CVE-2018-10235 (POSCMS 3.2.10 allows remote attackers to execute arbitrary PHP
code via ...)
NOT-FOR-US: POSCMS
-CVE-2018-10234
- RESERVED
-CVE-2018-10233
- RESERVED
+CVE-2018-10234 (Authenticated Cross site Scripting exists in the User Profile
& ...)
+ TODO: check
+CVE-2018-10233 (The User Profile & Membership plugin before 2.0.7 for
WordPress has no ...)
+ TODO: check
CVE-2018-10232
RESERVED
CVE-2018-10231
@@ -906,8 +906,8 @@ CVE-2018-9923 (An issue was discovered in idreamsoft iCMS
through 7.0.7. CSRF ex
NOT-FOR-US: idreamsoft iCMS
CVE-2018-9922 (An issue was discovered in idreamsoft iCMS through 7.0.7.
Physical path ...)
NOT-FOR-US: idreamsoft iCMS
-CVE-2018-9921
- RESERVED
+CVE-2018-9921 (In CMS Made Simple 2.2.7, a Directory Traversal issue makes it
possible ...)
+ TODO: check
CVE-2018-9920
RESERVED
CVE-2018-9919
@@ -3375,8 +3375,8 @@ CVE-2018-8881 (Netwide Assembler (NASM) 2.13.02rc2 has a
heap-based buffer over-
[wheezy] - nasm <ignored> (Minor issue)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392446
NOTE:
http://repo.or.cz/nasm.git/commit/3144e84add8b152cc7a71e44617ce6f21daa4ba3
(nasm-2.13.02rc3)
-CVE-2018-8880
- RESERVED
+CVE-2018-8880 (Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243)
doesn't check ...)
+ TODO: check
CVE-2018-8879
RESERVED
CVE-2018-8878
@@ -14822,8 +14822,8 @@ CVE-2018-4849
RESERVED
CVE-2018-4848
RESERVED
-CVE-2018-4847
- RESERVED
+CVE-2018-4847 (A vulnerability has been identified in SIMATIC WinCC OA
Operator iOS ...)
+ TODO: check
CVE-2018-4846
RESERVED
CVE-2018-4845
@@ -16863,8 +16863,8 @@ CVE-2018-3852
RESERVED
CVE-2018-3851
RESERVED
-CVE-2018-3850
- RESERVED
+CVE-2018-3850 (An exploitable use-after-free vulnerability exists in the
JavaScript ...)
+ TODO: check
CVE-2018-3849 (In the ffghtb function in NASA CFITSIO 3.42, specially crafted
images ...)
- cfitsio 3.430-1 (low; bug #892458)
[stretch] - cfitsio <no-dsa> (Minor issue)
@@ -18122,8 +18122,8 @@ CVE-2017-17835
RESERVED
CVE-2017-17834
RESERVED
-CVE-2017-17833
- RESERVED
+CVE-2017-17833 (OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a
...)
+ TODO: check
CVE-2017-17832 (ServersCheck Monitoring Software before 14.2.3 is prone to a
...)
NOT-FOR-US: ServersCheck Monitoring Software
CVE-2017-17843 (An issue was discovered in Enigmail before 1.9.9 that allows
remote ...)
@@ -36171,8 +36171,8 @@ CVE-2017-14460 (An exploitable overly permissive
cross-domain (CORS) whitelist .
- parity <itp> (bug #890550)
CVE-2017-14459 (An exploitable OS Command Injection vulnerability exists in
the ...)
NOT-FOR-US: Moxa
-CVE-2017-14458
- RESERVED
+CVE-2017-14458 (An exploitable use-after-free vulnerability exists in the
JavaScript ...)
+ TODO: check
CVE-2017-14457 (An exploitable information leak/denial of service
vulnerability exists ...)
- cpp-etherum <itp> (bug #860434)
CVE-2017-14456
@@ -39813,8 +39813,8 @@ CVE-2017-13075
RESERVED
CVE-2017-13074
RESERVED
-CVE-2017-13073
- RESERVED
+CVE-2017-13073 (Cross-site scripting (XSS) vulnerability in QNAP NAS
application Photo ...)
+ TODO: check
CVE-2017-13072
RESERVED
CVE-2017-13071 (QNAP has already patched this vulnerability. This security
concern ...)
@@ -74487,8 +74487,8 @@ CVE-2017-1788 (IBM WebSphere Application Server 9
installations using Form Login
NOT-FOR-US: IBM
CVE-2017-1787 (IBM Publishing Engine 2.1.2 and 6.0.5 contains an undisclosed
...)
NOT-FOR-US: IBM Publishing Engine
-CVE-2017-1786
- RESERVED
+CVE-2017-1786 (IBM WebSphere MQ 8.0 through 8.0.0.8 and 9.0 through 9.0.4
under ...)
+ TODO: check
CVE-2017-1785 (IBM API Connect 5.0.7 and 5.0.8 could allow an authenticated
remote ...)
NOT-FOR-US: IBM API Connect
CVE-2017-1784 (IBM Cognos Analytics 11.0 could produce results in temporary
files ...)
@@ -74531,8 +74531,8 @@ CVE-2017-1766 (Due to incorrect authorization in IBM
Business Process Manager 8.
NOT-FOR-US: IBM
CVE-2017-1765 (IBM Business Process Manager 8.6 could allow an authenticated
user ...)
NOT-FOR-US: IBM
-CVE-2017-1764
- RESERVED
+CVE-2017-1764 (IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and
10.2.2, ...)
+ TODO: check
CVE-2017-1763
RESERVED
CVE-2017-1762 (IBM Jazz Foundation (IBM Rational Collaborative Lifecycle
Management ...)
@@ -74657,8 +74657,8 @@ CVE-2017-1703
RESERVED
CVE-2017-1702
RESERVED
-CVE-2017-1701
- RESERVED
+CVE-2017-1701 (IBM Team Concert (RTC) 5.0, 5.0.1, 5.0.2, 6.0, 6.0.1, 6.0.2,
6.0.3, ...)
+ TODO: check
CVE-2017-1700
RESERVED
CVE-2017-1699 (IBM MQ Managed File Transfer Agent 8.0 and 9.0 sets insecure
...)
@@ -75088,8 +75088,8 @@ CVE-2017-1488
NOT-FOR-US: Qualcomm component for Android
CVE-2017-1487 (IBM Sterling File Gateway 2.2 could allow an authenticated
attacker to ...)
NOT-FOR-US: IBM
-CVE-2017-1486
- RESERVED
+CVE-2017-1486 (IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and
10.2.2 is ...)
+ TODO: check
CVE-2017-1485 (IBM Cognos Analytics 11.0 is vulnerable to cross-site
scripting. This ...)
NOT-FOR-US: IBM
CVE-2017-1484 (IBM WebSphere Commerce Enterprise, Professional, Express, and
...)
@@ -75114,8 +75114,8 @@ CVE-2017-1475
RESERVED
CVE-2017-1474
RESERVED
-CVE-2017-1473
- RESERVED
+CVE-2017-1473 (IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6 and
9.0.0 ...)
+ TODO: check
CVE-2017-1472
RESERVED
CVE-2017-1471
@@ -78193,8 +78193,7 @@ CVE-2016-9587 [Compromised remote hosts can lead to
running commands on the Ansi
NOTE: Fixed by:
https://github.com/ansible/ansible/commit/eb8c26c105e8457b86324b64a13fac37d8862d47
(v2.2.1.0-0.4.rc4)
NOTE: Fixed by:
https://github.com/ansible/ansible/commit/cc4634a5e73c06c6b4581f11171289ca9228391e
(v2.2.1.0-0.4.rc4)
NOTE: Fix in 2.2.0.0-2 only partially addressed the issues, and needed
a follow-up, 2.2.0.0-3
-CVE-2016-9586 [printf floating point buffer overflow]
- RESERVED
+CVE-2016-9586 (curl before version 7.52.0 is vulnerable to a buffer overflow
when ...)
{DLA-767-1}
- curl 7.52.1-1 (bug #848958)
[jessie] - curl <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6931ec865878b18d7a0422ef90a9e104a5297510
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6931ec865878b18d7a0422ef90a9e104a5297510
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
