[Git][security-tracker-team/security-tracker][master] automatic update

Wed, 25 Apr 2018 13:11:09 -0700 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7865cc0c by security tracker role at 2018-04-25T20:10:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,21 @@
+CVE-2018-10379
+       RESERVED
+CVE-2018-10378
+       RESERVED
+CVE-2018-10377
+       RESERVED
+CVE-2018-10376 (An integer overflow in the transferProxy function of a smart 
contract ...)
+       TODO: check
+CVE-2018-10375 (A file uploading vulnerability exists in ...)
+       TODO: check
+CVE-2018-10374 (EasyCMS 1.3 has XSS via the s POST parameter (aka a search box 
value) ...)
+       TODO: check
+CVE-2018-10373 (concat_filename in dwarf2.c in the Binary File Descriptor 
(BFD) library ...)
+       TODO: check
+CVE-2018-10372 (process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows 
remote ...)
+       TODO: check
+CVE-2018-10371
+       RESERVED
 CVE-2018-XXXX [Implement custom deserializer to add our own sanity checks]
        - quassel 1:0.12.5-1 (bug #896914)
        NOTE: 
https://github.com/quassel/quassel/commit/2b777e99fc9f74d4ed21491710260664a1721d1f
 (master)
@@ -10,12 +28,12 @@ CVE-2018-10370
        RESERVED
 CVE-2018-10369
        RESERVED
-CVE-2018-10368
-       RESERVED
-CVE-2018-10367
-       RESERVED
-CVE-2018-10366
-       RESERVED
+CVE-2018-10368 (An issue was discovered in WUZHI CMS 4.1.0. The 
"Extension Module -> ...)
+       TODO: check
+CVE-2018-10367 (An issue was discovered in WUZHI CMS 4.1.0. The 
content-management ...)
+       TODO: check
+CVE-2018-10366 (An issue was discovered in the Users (aka Front-end user 
management) ...)
+       TODO: check
 CVE-2018-10365
        RESERVED
 CVE-2018-10364
@@ -133,8 +151,8 @@ CVE-2018-10312 (index.php?m=member&v=pw_reset in WUZHI 
CMS 4.1.0 allows CSRF
        NOT-FOR-US: WUZHI CMS
 CVE-2018-10311 (A vulnerability was discovered in WUZHI CMS 4.1.0. There is 
persistent ...)
        NOT-FOR-US: WUZHI CMS
-CVE-2018-10310
-       RESERVED
+CVE-2018-10310 (A persistent cross-site scripting vulnerability has been 
identified in ...)
+       TODO: check
 CVE-2018-10309 (The Responsive Cookie Consent plugin before 1.8 for WordPress 
...)
        NOT-FOR-US: Responsive Cookie Consent plugin for WordPress
 CVE-2018-10308
@@ -345,22 +363,22 @@ CVE-2018-10215
        RESERVED
 CVE-2018-10214
        RESERVED
-CVE-2018-10213
-       RESERVED
-CVE-2018-10212
-       RESERVED
-CVE-2018-10211
-       RESERVED
-CVE-2018-10210
-       RESERVED
-CVE-2018-10209
-       RESERVED
-CVE-2018-10208
-       RESERVED
-CVE-2018-10207
-       RESERVED
-CVE-2018-10206
-       RESERVED
+CVE-2018-10213 (An issue was discovered in Vaultize Enterprise File Sharing 
17.05.31. ...)
+       TODO: check
+CVE-2018-10212 (An issue was discovered in Vaultize Enterprise File Sharing 
17.05.31. ...)
+       TODO: check
+CVE-2018-10211 (An issue was discovered in Vaultize Enterprise File Sharing 
17.05.31. ...)
+       TODO: check
+CVE-2018-10210 (An issue was discovered in Vaultize Enterprise File Sharing 
17.05.31. ...)
+       TODO: check
+CVE-2018-10209 (An issue was discovered in Vaultize Enterprise File Sharing 
17.05.31. ...)
+       TODO: check
+CVE-2018-10208 (An issue was discovered in Vaultize Enterprise File Sharing 
17.05.31. ...)
+       TODO: check
+CVE-2018-10207 (An issue was discovered in Vaultize Enterprise File Sharing 
17.05.31. ...)
+       TODO: check
+CVE-2018-10206 (An issue was discovered in Vaultize Enterprise File Sharing 
17.05.31. ...)
+       TODO: check
 CVE-2018-10205 (hyperstart 1.0.0 in HyperHQ Hyper has memory leaks in the ...)
        NOT-FOR-US: HyperHQ Hyper
 CVE-2018-10204 (PureVPN 6.0.1 for Windows suffers from a SYSTEM privilege 
escalation ...)
@@ -388,6 +406,7 @@ CVE-2018-10196
 CVE-2018-10195
        RESERVED
 CVE-2018-10194 (The set_text_distance function in devices/vector/gdevpdts.c in 
the ...)
+       {DLA-1363-1}
        - ghostscript 9.22~dfsg-2.1 (bug #896069)
        NOTE: 
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=39b1e54b2968620723bf32e96764c88797714879
        NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699255 (not yet 
public)
@@ -3736,8 +3755,7 @@ CVE-2018-8803
        RESERVED
 CVE-2018-8802 (SQL injection vulnerability in the management interface in 
ePortal ...)
        NOT-FOR-US: ePortal Manager in Unisys ClearPath MCP OS systems
-CVE-2018-8801
-       RESERVED
+CVE-2018-8801 (GitLab Community and Enterprise Editions version 8.3 up to 10.x 
before ...)
        - gitlab 10.5.6+dfsg-1 (bug #893905)
        NOTE: 
https://about.gitlab.com/2018/03/20/critical-security-release-gitlab-10-dot-5-dot-6-released/
 CVE-2018-8800
@@ -6675,6 +6693,7 @@ CVE-2018-7603
        RESERVED
 CVE-2018-7602 [SA-CORE-2018-004]
        RESERVED
+       {DSA-4180-1}
        - drupal7 <removed> (bug #896701)
        NOTE: https://www.drupal.org/psa-2018-003
        NOTE: https://www.drupal.org/sa-core-2018-004
@@ -23552,8 +23571,8 @@ CVE-2018-1365
        RESERVED
 CVE-2018-1364 (IBM Content Navigator 2.0 and 3.0 is vulnerable to a XML 
External ...)
        NOT-FOR-US: IBM Content Navigator
-CVE-2018-1363
-       RESERVED
+CVE-2018-1363 (IBM Jazz Reporting Service (JRS) 5.0 through 5.0.2 and 6.0 
through ...)
+       TODO: check
 CVE-2018-1362 (IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 
7.0.1 ...)
        NOT-FOR-US: IBM Curam Social Program Management
 CVE-2018-1361 (IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site 
...)
@@ -25054,8 +25073,7 @@ CVE-2018-1113
        RESERVED
        NOT-FOR-US: Red Hat specific CVE assignment for Red Hat / Fedora setups 
(nologin listed in /etc/shells violates security expectations)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1571094
-CVE-2018-1112 [glusterfs: auth.allow allows unauthenticated clients to mount 
gluster volumes (CVE-2018-1088 regression)]
-       RESERVED
+CVE-2018-1112 (glusterfs server before versions 3.10.12, 4.0.2 is vulnerable 
when ...)
        - glusterfs <not-affected> (Fix for CVE-2018-1088 was not applied/ 
incomplete fix not applied)  
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1570891
 CVE-2018-1111
@@ -41646,16 +41664,16 @@ CVE-2017-12718 (A Classic Buffer Overflow issue was 
discovered in Smiths Medical
        NOT-FOR-US: Smiths Medical Medfusion
 CVE-2017-12717 (An Uncontrolled Search Path Element issue was discovered in 
Advantech ...)
        NOT-FOR-US: Advantech WebAccess
-CVE-2017-12716
-       RESERVED
+CVE-2017-12716 (Abbott Laboratories Accent and Anthem pacemakers manufactured 
prior to ...)
+       TODO: check
 CVE-2017-12715
        RESERVED
-CVE-2017-12714
-       RESERVED
+CVE-2017-12714 (Abbott Laboratories pacemakers manufactured prior to Aug 28, 
2017 do ...)
+       TODO: check
 CVE-2017-12713 (An Incorrect Permission Assignment for Critical Resource issue 
was ...)
        NOT-FOR-US: Advantech WebAccess
-CVE-2017-12712
-       RESERVED
+CVE-2017-12712 (The authentication algorithm in Abbott Laboratories pacemakers 
...)
+       TODO: check
 CVE-2017-12711 (An Incorrect Privilege Assignment issue was discovered in 
Advantech ...)
        NOT-FOR-US: Advantech WebAccess
 CVE-2017-12710 (A SQL Injection issue was discovered in Advantech WebAccess 
versions ...)
@@ -43409,9 +43427,11 @@ CVE-2017-12110 (An exploitable integer overflow 
vulnerability exists in the ...)
        - r-cran-readxl 1.0.0-2 (bug #895564)
        NOTE: 
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0462
 CVE-2017-12109 (An exploitable integer overflow vulnerability exists in the 
...)
+       {DSA-4173-1}
        - r-cran-readxl 1.0.0-2
        NOTE: 
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0461
 CVE-2017-12108 (An exploitable integer overflow vulnerability exists in the 
...)
+       {DSA-4173-1}
        - r-cran-readxl 1.0.0-2
        NOTE: 
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0460
 CVE-2017-12107 (An memory corruption vulnerability exists in the .PCX parsing 
...)
@@ -56923,8 +56943,7 @@ CVE-2017-7654
        RESERVED
 CVE-2017-7653
        RESERVED
-CVE-2017-7652
-       RESERVED
+CVE-2017-7652 (In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set 
running ...)
        {DLA-1334-1}
        - mosquitto 1.4.15-1
        NOTE: Patches: https://mosquitto.org/files/cve/2017-7652
@@ -74734,8 +74753,8 @@ CVE-2017-1752
        RESERVED
 CVE-2017-1751 (IBM Robotic Process Automation with Automation Anywhere 10.0.0 
is ...)
        NOT-FOR-US: IBM Robotic Process Automation with Automation Anywhere
-CVE-2017-1750
-       RESERVED
+CVE-2017-1750 (IBM Jazz Reporting Service (JRS) 5.0 through 5.0.2 and 6.0 
through ...)
+       TODO: check
 CVE-2017-1749
        RESERVED
 CVE-2017-1748
@@ -147050,8 +147069,8 @@ CVE-2014-5017 (SQL injection vulnerability in CPDB in 
...)
        - limesurvey <itp> (bug #472802)
 CVE-2014-5016 (Multiple cross-site scripting (XSS) vulnerabilities in 
LimeSurvey ...)
        - limesurvey <itp> (bug #472802)
-CVE-2014-5014
-       RESERVED
+CVE-2014-5014 (The WordPress Flash Uploader plugin before 3.1.3 for WordPress 
allows ...)
+       TODO: check
 CVE-2014-5013 [Remote Code Execution (complement of CVE-2014-2383)]
        RESERVED
        - php-dompdf 0.6.2+dfsg-1 (bug #813849)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7865cc0c2665c0c5a98ff04d00049fb4567205eb

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7865cc0c2665c0c5a98ff04d00049fb4567205eb
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to