Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ecc9f96e by security tracker role at 2018-04-26T08:10:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,99 @@
+CVE-2018-10427
+ RESERVED
+CVE-2018-10426
+ RESERVED
+CVE-2018-10425 (An issue was discovered in Shanghai 2345 Security Guard 3.7.0.
...)
+ TODO: check
+CVE-2018-10424 (mc-admin/post-edit.php in MiniCMS 1.10 allows full path
disclosure via ...)
+ TODO: check
+CVE-2018-10423 (mc-admin/post.php in MiniCMS 1.10 allows remote attackers to
obtain a ...)
+ TODO: check
+CVE-2018-10422 (An issue was discovered in HongCMS 3.0.0. The post news
feature has ...)
+ TODO: check
+CVE-2018-10421
+ RESERVED
+CVE-2018-10420
+ RESERVED
+CVE-2018-10419
+ RESERVED
+CVE-2018-10418
+ RESERVED
+CVE-2018-10417
+ RESERVED
+CVE-2018-10416
+ RESERVED
+CVE-2018-10415
+ RESERVED
+CVE-2018-10414
+ RESERVED
+CVE-2018-10413
+ RESERVED
+CVE-2018-10412
+ RESERVED
+CVE-2018-10411
+ RESERVED
+CVE-2018-10410
+ RESERVED
+CVE-2018-10409
+ RESERVED
+CVE-2018-10408
+ RESERVED
+CVE-2018-10407
+ RESERVED
+CVE-2018-10406
+ RESERVED
+CVE-2018-10405
+ RESERVED
+CVE-2018-10404
+ RESERVED
+CVE-2018-10403
+ RESERVED
+CVE-2018-10402
+ RESERVED
+CVE-2018-10401
+ RESERVED
+CVE-2018-10400
+ RESERVED
+CVE-2018-10399
+ RESERVED
+CVE-2018-10398
+ RESERVED
+CVE-2018-10397
+ RESERVED
+CVE-2018-10396
+ RESERVED
+CVE-2018-10395
+ RESERVED
+CVE-2018-10394
+ RESERVED
+CVE-2018-10393 (bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a
...)
+ TODO: check
+CVE-2018-10392 (mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6
does not ...)
+ TODO: check
+CVE-2018-10391 (An issue was discovered in WUZHI CMS 4.1.0. There is XSS via
the email ...)
+ TODO: check
+CVE-2018-10390
+ RESERVED
+CVE-2018-10389
+ RESERVED
+CVE-2018-10388
+ RESERVED
+CVE-2018-10387
+ RESERVED
+CVE-2018-10386
+ RESERVED
+CVE-2018-10385
+ RESERVED
+CVE-2018-10384
+ RESERVED
+CVE-2018-10383
+ RESERVED
+CVE-2018-10382
+ RESERVED
+CVE-2018-10381 (TunnelBear 3.2.0.6 for Windows suffers from a SYSTEM privilege
...)
+ TODO: check
+CVE-2018-10380
+ RESERVED
CVE-2018-10379
RESERVED
CVE-2018-10378
@@ -2958,8 +3054,8 @@ CVE-2018-9115 (Systematic SitaWare 6.4 SP2 does not
validate input from other so
NOT-FOR-US: Systematic SitaWare
CVE-2018-9114
RESERVED
-CVE-2018-9113
- RESERVED
+CVE-2018-9113 (Centers for Disease Control and Prevention MicrobeTRACE 0.1.12
allows ...)
+ TODO: check
CVE-2018-9112
RESERVED
CVE-2018-9111
@@ -2976,14 +3072,14 @@ CVE-2018-9106 (CSV Injection (aka Excel Macro Injection
or Formula Injection) ex
NOT-FOR-US: Acyba AcyMailing extension for Joomla!
CVE-2018-9105 (NordVPN 3.3.10 for macOS suffers from a root privilege
escalation ...)
NOT-FOR-US: NordVPN
-CVE-2018-9104
- RESERVED
-CVE-2018-9103
- RESERVED
-CVE-2018-9102
- RESERVED
-CVE-2018-9101
- RESERVED
+CVE-2018-9104 (A vulnerability in the conferencing component of Mitel MiVoice
...)
+ TODO: check
+CVE-2018-9103 (A vulnerability in the conferencing component of Mitel MiVoice
...)
+ TODO: check
+CVE-2018-9102 (A vulnerability in the conferencing component of Mitel MiVoice
...)
+ TODO: check
+CVE-2018-9101 (A vulnerability in the conferencing component of Mitel MiVoice
...)
+ TODO: check
CVE-2018-9100
RESERVED
CVE-2018-9099
@@ -3294,8 +3390,8 @@ CVE-2018-8976 (In Exiv2 0.26, jpgimage.cpp allows remote
attackers to cause a de
CVE-2018-8975 (The pm_mallocarray2 function in lib/util/mallocvar.c in Netpbm
through ...)
- netpbm-free <not-affected> (Vulnerable code not present)
NOTE: Debian uses an unaffected fork
-CVE-2018-8974
- RESERVED
+CVE-2018-8974 (Centers for Disease Control and Prevention MicrobeTRACE 0.1.11
allows ...)
+ TODO: check
CVE-2018-8973 (OTCMS 3.20 allows XSS by adding a keyword or link to an
article, as ...)
NOT-FOR-US: OTCMS
CVE-2018-8972 (Creditwest Bank CMS Project (aka CWCMS) through 2017-07-28 has
CSRF in ...)
@@ -3652,16 +3748,16 @@ CVE-2018-8839
RESERVED
CVE-2018-8838 (A weakness in access controls in CENTUM CS 1000 all versions,
CENTUM ...)
NOT-FOR-US: CENTUM
-CVE-2018-8837
- RESERVED
+CVE-2018-8837 (Processing specially crafted .pm3 files in Advantech WebAccess
HMI ...)
+ TODO: check
CVE-2018-8836 (Wago 750 Series PLCs with firmware version 10 and prior include
a ...)
NOT-FOR-US: Wago 750 Series PLCs
-CVE-2018-8835
- RESERVED
+CVE-2018-8835 (Double free vulnerabilities in Advantech WebAccess HMI Designer
...)
+ TODO: check
CVE-2018-8834 (Parsing malformed project files in Omron CX-One versions 4.42
and ...)
NOT-FOR-US: Omron
-CVE-2018-8833
- RESERVED
+CVE-2018-8833 (Heap-based buffer overflow vulnerabilities in Advantech
WebAccess HMI ...)
+ TODO: check
CVE-2018-8832 (enhavo 0.4.0 has XSS via a user-group that contains executable
...)
NOT-FOR-US: enhavo
CVE-2018-8831 (A Persistent XSS vulnerability exists in Kodi (formerly XBMC)
through ...)
@@ -4074,8 +4170,8 @@ CVE-2017-18232 (The Serial Attached SCSI (SAS)
implementation in the Linux kerne
NOTE: Fixed by:
https://git.kernel.org/linus/0558f33c06bb910e2879e355192227a8e8f0219d
CVE-2018-8717 (joyplus-cms 1.6.0 has CSRF, as demonstrated by adding an
administrator ...)
NOT-FOR-US: joyplus-cms
-CVE-2018-8716
- RESERVED
+CVE-2018-8716 (WSO2 Identity Server before 5.5.0 has XSS via the dashboard,
allowing ...)
+ TODO: check
CVE-2018-8715 (The Embedthis HTTP library, and Appweb versions before 7.0.3,
have a ...)
NOT-FOR-US: Embedthis HTTP library / Appweb
CVE-2018-8714
@@ -13194,8 +13290,8 @@ CVE-2018-5488
RESERVED
CVE-2018-5487
RESERVED
-CVE-2018-5486
- RESERVED
+CVE-2018-5486 (NetApp OnCommand Unified Manager for Linux versions 7.2 though
7.3 ...)
+ TODO: check
CVE-2018-5485
RESERVED
CVE-2018-5484
@@ -13923,8 +14019,8 @@ CVE-2018-5228 (The /browse/~raw resource in Atlassian
Fisheye and Crucible befor
NOT-FOR-US: Atlassian
CVE-2018-5227 (Various administrative application link resources in Atlassian
...)
NOT-FOR-US: Atlassian
-CVE-2018-5226
- RESERVED
+CVE-2018-5226 (There was an argument injection vulnerability in Sourcetree for
...)
+ TODO: check
CVE-2018-5225 (In browser editing in Atlassian Bitbucket Server from version
4.13.0 ...)
NOT-FOR-US: Atlassian Bitbucket Server
CVE-2018-5224 (Bamboo did not correctly check if a configured Mercurial
repository ...)
@@ -18324,6 +18420,7 @@ CVE-2017-17835
CVE-2017-17834
RESERVED
CVE-2017-17833 (OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a
...)
+ {DLA-1364-1}
- openslp-dfsg <removed>
NOTE:
https://sourceforge.net/p/openslp/mercurial/ci/151f07745901cbdba6e00e4889561b4083250da1/
CVE-2017-17832 (ServersCheck Monitoring Software before 14.2.3 is prone to a
...)
@@ -24279,21 +24376,18 @@ CVE-2017-17460
RESERVED
CVE-2018-1340
RESERVED
-CVE-2018-1339
- RESERVED
+CVE-2018-1339 (A carefully crafted (or fuzzed) file can trigger an infinite
loop in ...)
- tika <unfixed> (low)
[jessie] - tika <ignored> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2018/04/25/7
-CVE-2018-1338
- RESERVED
+CVE-2018-1338 (A carefully crafted (or fuzzed) file can trigger an infinite
loop in ...)
- tika <not-affected> (BGP parser introduced in 1.7)
NOTE: http://www.openwall.com/lists/oss-security/2018/04/25/6
CVE-2018-1337
RESERVED
CVE-2018-1336
RESERVED
-CVE-2018-1335 [Command Injection Vulnerability]
- RESERVED
+CVE-2018-1335 (From Apache Tika versions 1.7 to 1.17, clients could send
carefully ...)
- tika <unfixed>
NOTE: http://www.openwall.com/lists/oss-security/2018/04/25/8
CVE-2018-1334
@@ -59696,8 +59790,8 @@ CVE-2017-6890 (A boundary error within the
"foveon_load_camf()" functi
NOT-FOR-US: libraw demosaic extension (not packaged in Debian)
CVE-2017-6889 (An integer overflow error within the
"foveon_load_camf()" function ...)
NOT-FOR-US: libraw demosaic extension (not packaged in Debian)
-CVE-2017-6888
- RESERVED
+CVE-2017-6888 (An error in the "read_metadata_vorbiscomment_()"
function ...)
+ TODO: check
CVE-2017-6887 (A boundary error within the "parse_tiff_ifd()"
function ...)
{DSA-3950-1 DLA-1057-1}
- libraw 0.18.2-2 (bug #864183)
@@ -158153,10 +158247,10 @@ CVE-2014-0884 (Cross-site scripting (XSS)
vulnerability in the Admin Web UI in I
NOT-FOR-US: IBM Lotus Protector for Mail Security
CVE-2014-0883 (Cross-site scripting (XSS) vulnerability in IBM Power Hardware
...)
NOT-FOR-US: IBM
-CVE-2014-0882
- RESERVED
-CVE-2014-0881
- RESERVED
+CVE-2014-0882 (Integrated Management Module II (IMM2) on IBM Flex System,
NeXtScale, ...)
+ TODO: check
+CVE-2014-0881 (The TPM on Integrated Management Module II (IMM2) on IBM Flex
System ...)
+ TODO: check
CVE-2014-0880 (IBM SAN Volume Controller; Storwize V3500, V3700, V5000, and
V7000; ...)
NOT-FOR-US: IBM SAN Volume Controller
CVE-2014-0879 (Stack-based buffer overflow in the Taskmaster Capture ActiveX
control ...)
@@ -158173,8 +158267,8 @@ CVE-2014-0874 (Cross-site scripting (XSS)
vulnerability in IBM Content Navigator
NOT-FOR-US: IBM Content Navigator
CVE-2014-0873 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the (1) ...)
NOT-FOR-US: IBM InfoSphere
-CVE-2014-0872
- RESERVED
+CVE-2014-0872 (The installation process in IBM Security Key Lifecycle Manager
2.5 ...)
+ TODO: check
CVE-2014-0871 (RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0
before ...)
NOT-FOR-US: IBM Algo Credit Limits
CVE-2014-0870 (Multiple cross-site scripting (XSS) vulnerabilities in RICOS in
IBM ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ecc9f96e425b76d5e1fb679d338a3f9ac7d8d608
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ecc9f96e425b76d5e1fb679d338a3f9ac7d8d608
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
