Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 7865cc0c by security tracker role at 2018-04-25T20:10:15+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,21 @@ +CVE-2018-10379 + RESERVED +CVE-2018-10378 + RESERVED +CVE-2018-10377 + RESERVED +CVE-2018-10376 (An integer overflow in the transferProxy function of a smart contract ...) + TODO: check +CVE-2018-10375 (A file uploading vulnerability exists in ...) + TODO: check +CVE-2018-10374 (EasyCMS 1.3 has XSS via the s POST parameter (aka a search box value) ...) + TODO: check +CVE-2018-10373 (concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library ...) + TODO: check +CVE-2018-10372 (process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote ...) + TODO: check +CVE-2018-10371 + RESERVED CVE-2018-XXXX [Implement custom deserializer to add our own sanity checks] - quassel 1:0.12.5-1 (bug #896914) NOTE: https://github.com/quassel/quassel/commit/2b777e99fc9f74d4ed21491710260664a1721d1f (master) @@ -10,12 +28,12 @@ CVE-2018-10370 RESERVED CVE-2018-10369 RESERVED -CVE-2018-10368 - RESERVED -CVE-2018-10367 - RESERVED -CVE-2018-10366 - RESERVED +CVE-2018-10368 (An issue was discovered in WUZHI CMS 4.1.0. The "Extension Module -> ...) + TODO: check +CVE-2018-10367 (An issue was discovered in WUZHI CMS 4.1.0. The content-management ...) + TODO: check +CVE-2018-10366 (An issue was discovered in the Users (aka Front-end user management) ...) + TODO: check CVE-2018-10365 RESERVED CVE-2018-10364 @@ -133,8 +151,8 @@ CVE-2018-10312 (index.php?m=member&v=pw_reset in WUZHI CMS 4.1.0 allows CSRF NOT-FOR-US: WUZHI CMS CVE-2018-10311 (A vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent ...) NOT-FOR-US: WUZHI CMS -CVE-2018-10310 - RESERVED +CVE-2018-10310 (A persistent cross-site scripting vulnerability has been identified in ...) + TODO: check CVE-2018-10309 (The Responsive Cookie Consent plugin before 1.8 for WordPress ...) NOT-FOR-US: Responsive Cookie Consent plugin for WordPress CVE-2018-10308 @@ -345,22 +363,22 @@ CVE-2018-10215 RESERVED CVE-2018-10214 RESERVED -CVE-2018-10213 - RESERVED -CVE-2018-10212 - RESERVED -CVE-2018-10211 - RESERVED -CVE-2018-10210 - RESERVED -CVE-2018-10209 - RESERVED -CVE-2018-10208 - RESERVED -CVE-2018-10207 - RESERVED -CVE-2018-10206 - RESERVED +CVE-2018-10213 (An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. ...) + TODO: check +CVE-2018-10212 (An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. ...) + TODO: check +CVE-2018-10211 (An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. ...) + TODO: check +CVE-2018-10210 (An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. ...) + TODO: check +CVE-2018-10209 (An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. ...) + TODO: check +CVE-2018-10208 (An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. ...) + TODO: check +CVE-2018-10207 (An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. ...) + TODO: check +CVE-2018-10206 (An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. ...) + TODO: check CVE-2018-10205 (hyperstart 1.0.0 in HyperHQ Hyper has memory leaks in the ...) NOT-FOR-US: HyperHQ Hyper CVE-2018-10204 (PureVPN 6.0.1 for Windows suffers from a SYSTEM privilege escalation ...) @@ -388,6 +406,7 @@ CVE-2018-10196 CVE-2018-10195 RESERVED CVE-2018-10194 (The set_text_distance function in devices/vector/gdevpdts.c in the ...) + {DLA-1363-1} - ghostscript 9.22~dfsg-2.1 (bug #896069) NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=39b1e54b2968620723bf32e96764c88797714879 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699255 (not yet public) @@ -3736,8 +3755,7 @@ CVE-2018-8803 RESERVED CVE-2018-8802 (SQL injection vulnerability in the management interface in ePortal ...) NOT-FOR-US: ePortal Manager in Unisys ClearPath MCP OS systems -CVE-2018-8801 - RESERVED +CVE-2018-8801 (GitLab Community and Enterprise Editions version 8.3 up to 10.x before ...) - gitlab 10.5.6+dfsg-1 (bug #893905) NOTE: https://about.gitlab.com/2018/03/20/critical-security-release-gitlab-10-dot-5-dot-6-released/ CVE-2018-8800 @@ -6675,6 +6693,7 @@ CVE-2018-7603 RESERVED CVE-2018-7602 [SA-CORE-2018-004] RESERVED + {DSA-4180-1} - drupal7 <removed> (bug #896701) NOTE: https://www.drupal.org/psa-2018-003 NOTE: https://www.drupal.org/sa-core-2018-004 @@ -23552,8 +23571,8 @@ CVE-2018-1365 RESERVED CVE-2018-1364 (IBM Content Navigator 2.0 and 3.0 is vulnerable to a XML External ...) NOT-FOR-US: IBM Content Navigator -CVE-2018-1363 - RESERVED +CVE-2018-1363 (IBM Jazz Reporting Service (JRS) 5.0 through 5.0.2 and 6.0 through ...) + TODO: check CVE-2018-1362 (IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 ...) NOT-FOR-US: IBM Curam Social Program Management CVE-2018-1361 (IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site ...) @@ -25054,8 +25073,7 @@ CVE-2018-1113 RESERVED NOT-FOR-US: Red Hat specific CVE assignment for Red Hat / Fedora setups (nologin listed in /etc/shells violates security expectations) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1571094 -CVE-2018-1112 [glusterfs: auth.allow allows unauthenticated clients to mount gluster volumes (CVE-2018-1088 regression)] - RESERVED +CVE-2018-1112 (glusterfs server before versions 3.10.12, 4.0.2 is vulnerable when ...) - glusterfs <not-affected> (Fix for CVE-2018-1088 was not applied/ incomplete fix not applied) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1570891 CVE-2018-1111 @@ -41646,16 +41664,16 @@ CVE-2017-12718 (A Classic Buffer Overflow issue was discovered in Smiths Medical NOT-FOR-US: Smiths Medical Medfusion CVE-2017-12717 (An Uncontrolled Search Path Element issue was discovered in Advantech ...) NOT-FOR-US: Advantech WebAccess -CVE-2017-12716 - RESERVED +CVE-2017-12716 (Abbott Laboratories Accent and Anthem pacemakers manufactured prior to ...) + TODO: check CVE-2017-12715 RESERVED -CVE-2017-12714 - RESERVED +CVE-2017-12714 (Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017 do ...) + TODO: check CVE-2017-12713 (An Incorrect Permission Assignment for Critical Resource issue was ...) NOT-FOR-US: Advantech WebAccess -CVE-2017-12712 - RESERVED +CVE-2017-12712 (The authentication algorithm in Abbott Laboratories pacemakers ...) + TODO: check CVE-2017-12711 (An Incorrect Privilege Assignment issue was discovered in Advantech ...) NOT-FOR-US: Advantech WebAccess CVE-2017-12710 (A SQL Injection issue was discovered in Advantech WebAccess versions ...) @@ -43409,9 +43427,11 @@ CVE-2017-12110 (An exploitable integer overflow vulnerability exists in the ...) - r-cran-readxl 1.0.0-2 (bug #895564) NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0462 CVE-2017-12109 (An exploitable integer overflow vulnerability exists in the ...) + {DSA-4173-1} - r-cran-readxl 1.0.0-2 NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0461 CVE-2017-12108 (An exploitable integer overflow vulnerability exists in the ...) + {DSA-4173-1} - r-cran-readxl 1.0.0-2 NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0460 CVE-2017-12107 (An memory corruption vulnerability exists in the .PCX parsing ...) @@ -56923,8 +56943,7 @@ CVE-2017-7654 RESERVED CVE-2017-7653 RESERVED -CVE-2017-7652 - RESERVED +CVE-2017-7652 (In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running ...) {DLA-1334-1} - mosquitto 1.4.15-1 NOTE: Patches: https://mosquitto.org/files/cve/2017-7652 @@ -74734,8 +74753,8 @@ CVE-2017-1752 RESERVED CVE-2017-1751 (IBM Robotic Process Automation with Automation Anywhere 10.0.0 is ...) NOT-FOR-US: IBM Robotic Process Automation with Automation Anywhere -CVE-2017-1750 - RESERVED +CVE-2017-1750 (IBM Jazz Reporting Service (JRS) 5.0 through 5.0.2 and 6.0 through ...) + TODO: check CVE-2017-1749 RESERVED CVE-2017-1748 @@ -147050,8 +147069,8 @@ CVE-2014-5017 (SQL injection vulnerability in CPDB in ...) - limesurvey <itp> (bug #472802) CVE-2014-5016 (Multiple cross-site scripting (XSS) vulnerabilities in LimeSurvey ...) - limesurvey <itp> (bug #472802) -CVE-2014-5014 - RESERVED +CVE-2014-5014 (The WordPress Flash Uploader plugin before 3.1.3 for WordPress allows ...) + TODO: check CVE-2014-5013 [Remote Code Execution (complement of CVE-2014-2383)] RESERVED - php-dompdf 0.6.2+dfsg-1 (bug #813849) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7865cc0c2665c0c5a98ff04d00049fb4567205eb --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7865cc0c2665c0c5a98ff04d00049fb4567205eb You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits