Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 50cba2c1 by security tracker role at 2018-04-26T20:10:17+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,13 @@ +CVE-2018-10432 + RESERVED +CVE-2018-10431 (D-Link DIR-615 2.5.17 devices allow Remote Code Execution via shell ...) + TODO: check +CVE-2018-10430 (An issue was discovered in DiliCMS (aka DiligentCMS) 2.4.0. There is a ...) + TODO: check +CVE-2018-10429 (Cosmo 1.0.0Beta6 allows attackers to execute arbitrary PHP code via the ...) + TODO: check +CVE-2018-10428 + RESERVED CVE-2018-10427 RESERVED CVE-2018-10426 @@ -5551,8 +5561,8 @@ CVE-2018-8074 (Yii 2.x before 2.0.15 allows remote attackers to inject unintende - yii <itp> (bug #597899) CVE-2018-8073 (Yii 2.x before 2.0.15 allows remote attackers to execute arbitrary LUA ...) - yii <itp> (bug #597899) -CVE-2018-8072 - RESERVED +CVE-2018-8072 (An issue was discovered on EDIMAX IC-3140W through 3.06, IC-5150W ...) + TODO: check CVE-2018-8071 (Mautic before v2.13.0 has stored XSS via a theme config file. ...) NOT-FOR-US: Mautic CVE-2018-8070 (QCMS version 3.0 has XSS via the title parameter to the ...) @@ -6802,7 +6812,7 @@ CVE-2018-7603 RESERVED CVE-2018-7602 [SA-CORE-2018-004] RESERVED - {DSA-4180-1} + {DSA-4180-1 DLA-1365-1} - drupal7 <removed> (bug #896701) NOTE: https://www.drupal.org/psa-2018-003 NOTE: https://www.drupal.org/sa-core-2018-004 @@ -7324,8 +7334,8 @@ CVE-2018-7467 (AxxonSoft Axxon Next has Directory Traversal via an initial /css/ NOT-FOR-US: AxxonSoft Axxon Next CVE-2018-7466 (install/installNewDB.php in TestLink through 1.9.16 allows remote ...) NOT-FOR-US: TestLink -CVE-2018-7465 - RESERVED +CVE-2018-7465 (An XSS issue was discovered in VirtueMart before 3.2.14. All the ...) + TODO: check CVE-2018-7464 RESERVED CVE-2018-7463 (SQL injection vulnerability in files.php in the "files" component in ...) @@ -10275,8 +10285,8 @@ CVE-2018-6519 (The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before NOTE: The issue lies in the simplesamlphp/saml2 part, which is NOTE: updated in 1.15.2 to the respective fixed version. NOTE: https://github.com/simplesamlphp/saml2/commit/726404bf7b4085a9eb9c9a869af1ecc146bd8f6d -CVE-2018-6518 - RESERVED +CVE-2018-6518 (Composr CMS 10.0.13 has XSS via the site_name parameter in a ...) + TODO: check CVE-2018-6517 RESERVED CVE-2018-6516 @@ -23574,8 +23584,8 @@ CVE-2018-1420 RESERVED CVE-2018-1419 RESERVED -CVE-2018-1418 - RESERVED +CVE-2018-1418 (IBM Security QRadar SIEM 7.2 and 7.3 could allow a user to bypass ...) + TODO: check CVE-2018-1417 (Under certain circumstances, a flaw in the J9 JVM (IBM SDK, Java ...) NOT-FOR-US: IBM Runtimes for Java Technology CVE-2018-1416 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to ...) @@ -25332,8 +25342,8 @@ CVE-2018-1076 RESERVED CVE-2018-1075 RESERVED -CVE-2018-1074 - RESERVED +CVE-2018-1074 (ovirt-engine API and administration web portal before versions ...) + TODO: check CVE-2018-1073 RESERVED CVE-2018-1072 @@ -32584,8 +32594,8 @@ CVE-2017-15693 (In Apache Geode before v1.4.0, the Geode server stores applicati NOT-FOR-US: Apache Geode CVE-2017-15692 (In Apache Geode before v1.4.0, the TcpServer within the Geode locator ...) NOT-FOR-US: Apache Geode -CVE-2017-15691 - RESERVED +CVE-2017-15691 (In Apache uimaj prior to 2.10.2, Apache uimaj 3.0.0-xxx prior to ...) + TODO: check CVE-2017-15924 (In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing ...) {DSA-4009-1} - shadowsocks-libev 3.1.0+ds-2 @@ -35555,8 +35565,8 @@ CVE-2017-14741 (The ReadCAPTIONImage function in coders/caption.c in ImageMagick NOTE: https://github.com/ImageMagick/ImageMagick/issues/771 NOTE: https://github.com/ImageMagick/ImageMagick/commit/7d8e14899c562157c7760a77fc91625a27cb596f NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/bb11d07139efe0f5e4ce0e4afda32abdbe82fa9d -CVE-2017-14740 - RESERVED +CVE-2017-14740 (Cross-site scripting (XSS) vulnerability in GeniXCMS 1.1.0 allows ...) + TODO: check CVE-2017-14739 (The AcquireResampleFilterThreadSet function in ...) {DLA-1131-1} - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878547) @@ -37837,8 +37847,8 @@ CVE-2017-14012 RESERVED CVE-2017-14011 (A Cross-Site Request Forgery issue was discovered in ProMinent ...) NOT-FOR-US: ProMinent MultiFLEX M10a Controller -CVE-2017-14010 - RESERVED +CVE-2017-14010 (An uncontrolled search path element vulnerability has been identified ...) + TODO: check CVE-2017-14009 (An Information Exposure issue was discovered in ProMinent MultiFLEX ...) NOT-FOR-US: ProMinent MultiFLEX M10a Controller CVE-2017-14008 (GE Centricity PACS RA1000, diagnostic image analysis, all current ...) @@ -51923,8 +51933,8 @@ CVE-2017-9286 (The packaging of NextCloud in openSUSE used /srv/www/htdocs in an NOT-FOR-US: OpenSUSE specific packaging issue of NextCloud CVE-2017-9285 (NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions ...) NOT-FOR-US: NetIQ eDirectory -CVE-2017-9284 - RESERVED +CVE-2017-9284 (IDM 4.6 Identity Applications prior to 4.6.2.1 may expose sensitive ...) + TODO: check CVE-2017-9283 (An out-of-bounds read (CWE-125) vulnerability exists in Micro Focus ...) NOT-FOR-US: Micro Focus VisiBroker CVE-2017-9282 (An integer overflow (CWE-190) led to an out-of-bounds write (CWE-787) ...) @@ -51941,8 +51951,8 @@ CVE-2017-9277 (The LDAP backend in Novell eDirectory before 9.0 SP4 when switche NOT-FOR-US: Novell eDirectory CVE-2017-9276 (Novell Access Manager iManager before 4.3.3 did not validate ...) NOT-FOR-US: Novell Access Manager iManager -CVE-2017-9275 - RESERVED +CVE-2017-9275 (NetIQ Identity Reporting, in versions prior to 5.5 Service Pack 1, is ...) + TODO: check CVE-2017-9274 (A shell command injection in the obs-service-source_validator before ...) - osc 0.162.1-1 (bug #887391) [stretch] - osc <no-dsa> (Minor issue) @@ -74935,14 +74945,14 @@ CVE-2017-1726 RESERVED CVE-2017-1725 (IBM Jazz Team Server affecting the following IBM Rational Products: ...) NOT-FOR-US: IBM -CVE-2017-1724 - RESERVED -CVE-2017-1723 - RESERVED -CVE-2017-1722 - RESERVED -CVE-2017-1721 - RESERVED +CVE-2017-1724 (IBM Security QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site ...) + TODO: check +CVE-2017-1723 (IBM Security QRadar SIEM 7.2 and 7.3 could allow a remote attacker to ...) + TODO: check +CVE-2017-1722 (IBM Security QRadar SIEM 7.2 and 7.3 is vulnerable to SQL injection. A ...) + TODO: check +CVE-2017-1721 (IBM Security QRadar SIEM 7.2 and 7.3 could allow an unauthenticated ...) + TODO: check CVE-2017-1720 (IBM Notes 8.5 and 9.0 could allow a local attacker to execute ...) NOT-FOR-US: IBM Notes CVE-2017-1719 @@ -78445,8 +78455,7 @@ CVE-2016-9603 [cirrus: heap buffer overflow via vnc connection] NOTE: https://xenbits.xen.org/xsa/advisory-211.html NOTE: http://www.openwall.com/lists/oss-security/2017/03/14/2 NOTE: Upstream patch http://git.qemu-project.org/?p=qemu.git;a=commit;h=50628d3479e4f9aa97e323506856e394fe7ad7a6 -CVE-2016-9602 [9p: virtfs allows guest to access host filesystem] - RESERVED +CVE-2016-9602 (Qemu before version 2.9 is vulnerable to an improper link following ...) {DLA-1035-1 DLA-965-1} - qemu 1:2.8+dfsg-3 (bug #853006) [jessie] - qemu <no-dsa> (Minor issue) @@ -78496,8 +78505,7 @@ CVE-2016-9591 (JasPer before version 2.0.12 is vulnerable to a use-after-free in - jasper <removed> NOTE: https://github.com/mdadams/jasper/issues/105 NOTE: Fixed by: https://github.com/mdadams/jasper/commit/03fe49ab96bf65fea784cdc256507ea88267fc7c -CVE-2016-9590 - RESERVED +CVE-2016-9590 (puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an ...) - puppet-module-swift 9.4.4-1 (bug #851293) CVE-2016-9589 (Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable ...) NOT-FOR-US: Red Hat specific use of undertow in Wildfly View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/50cba2c155f1f3307896a3f64fc2ca36b36a70e5 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/50cba2c155f1f3307896a3f64fc2ca36b36a70e5 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits