[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Wed, 02 May 2018 13:11:17 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
961ba277 by security tracker role at 2018-05-02T20:10:28+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,10 +1,56 @@
-CVE-2018-10675 [mm/mempolicy: fix use after free when calling get_mempolicy]
+CVE-2018-10681
+       RESERVED
+CVE-2018-10680 (** DISPUTED ** Z-BlogPHP 1.5.2 has a stored Cross Site 
Scripting ...)
+       TODO: check
+CVE-2018-10679
+       RESERVED
+CVE-2018-10678
+       RESERVED
+CVE-2018-10677 (The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 
lacks ...)
+       TODO: check
+CVE-2018-10676 (CeNova, Night OWL, Novo, Pulnix, QSee, Securus, and TBK Vision 
DVR ...)
+       TODO: check
+CVE-2018-10674
+       RESERVED
+CVE-2018-10673
+       RESERVED
+CVE-2018-10672
+       RESERVED
+CVE-2018-10671
+       RESERVED
+CVE-2018-10670
+       RESERVED
+CVE-2018-10669
+       RESERVED
+CVE-2018-10668
+       RESERVED
+CVE-2018-10667
+       RESERVED
+CVE-2018-10666
+       RESERVED
+CVE-2018-10665 (ILIAS 5.3.4 has XSS through unsanitized output of PHP_SELF, 
related to ...)
+       TODO: check
+CVE-2018-10664
+       RESERVED
+CVE-2018-10663
+       RESERVED
+CVE-2018-10662
+       RESERVED
+CVE-2018-10661
+       RESERVED
+CVE-2018-10660
+       RESERVED
+CVE-2018-10659
+       RESERVED
+CVE-2018-10658
+       RESERVED
+CVE-2018-10675 (The do_get_mempolicy function in mm/mempolicy.c in the Linux 
kernel ...)
        - linux 4.12.12-1
        [stretch] - linux 4.9.47-1
        [jessie] - linux 3.16.51-1
        [wheezy] - linux 3.2.96-1
        NOTE: 
https://git.kernel.org/linus/73223e4e2e3867ebf033a5a8eb2e5df0158ccc99 (4.13-rc6)
-CVE-2018-10657 [matrix-synapse: federation DoS]
+CVE-2018-10657 (Matrix Synapse before 0.28.1 is prone to a denial of service 
flaw where ...)
        - matrix-synapse 0.28.1+dfsg-1
        NOTE: 
https://github.com/matrix-org/synapse/commit/33f469ba19586bbafa0cf2c7d7c35463bdab87eb
        NOTE: https://matrix.org/blog/2018/05/01/security-update-synapse-0-28-1/
@@ -3106,7 +3152,7 @@ CVE-2018-1000152 (An improper authorization vulnerability 
exists in Jenkins vSph
        NOT-FOR-US: Jenkins plugin
 CVE-2018-1000153 (A cross-site request forgery vulnerability exists in Jenkins 
vSphere ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2018-9310 (An issue was discovered in MagniComp SysInfo before 10-H81 if 
setuid ...)
+CVE-2018-9310 (An issue was discovered in MagniComp SysInfo before 10-H82 if 
setuid ...)
        NOT-FOR-US: MagniComp SysInfo
 CVE-2018-9309 (An issue was discovered in zzcms 8.2. It allows SQL injection 
via the ...)
        NOT-FOR-US: zzcms
@@ -3126,8 +3172,8 @@ CVE-2018-9304 (In Exiv2 0.26, a divide by zero in 
BigTiffImage::printIFD in ...)
 CVE-2018-9303 (In Exiv2 0.26, an assertion failure in BigTiffImage::readData 
in ...)
        - exiv2 <not-affected> (Vulnerable code introduced after 0.26)
        NOTE: https://github.com/Exiv2/exiv2/issues/262
-CVE-2018-9302
-       RESERVED
+CVE-2018-9302 (SSRF (Server Side Request Forgery) in /assets/lib/fuc.js.php in 
...)
+       TODO: check
 CVE-2018-9301
        RESERVED
 CVE-2018-9300
@@ -5968,8 +6014,8 @@ CVE-2018-8117 (A security feature bypass vulnerability 
exists in the Microsoft .
        NOT-FOR-US: Microsoft
 CVE-2018-8116 (A denial of service vulnerability exists in the way that 
Windows ...)
        NOT-FOR-US: Microsoft
-CVE-2018-8115
-       RESERVED
+CVE-2018-8115 (A remote code execution vulnerability exists when the Windows 
Host ...)
+       TODO: check
 CVE-2018-8114
        RESERVED
 CVE-2018-8113
@@ -13928,24 +13974,24 @@ CVE-2018-5522
        RESERVED
 CVE-2018-5521
        RESERVED
-CVE-2018-5520
-       RESERVED
-CVE-2018-5519
-       RESERVED
-CVE-2018-5518
-       RESERVED
-CVE-2018-5517
-       RESERVED
-CVE-2018-5516
-       RESERVED
-CVE-2018-5515
-       RESERVED
-CVE-2018-5514
-       RESERVED
+CVE-2018-5520 (On an F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 
11.2.1-11.6.3.1 ...)
+       TODO: check
+CVE-2018-5519 (On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.3, or 
11.2.1-11.6.3.1, ...)
+       TODO: check
+CVE-2018-5518 (On F5 BIG-IP 13.0.0-13.1.0.5 or 12.0.0-12.1.3.3, malicious root 
users ...)
+       TODO: check
+CVE-2018-5517 (On F5 BIG-IP 13.1.0-13.1.0.5, malformed TCP packets sent to a 
self IP ...)
+       TODO: check
+CVE-2018-5516 (On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 
11.2.1-11.6.3.1, ...)
+       TODO: check
+CVE-2018-5515 (On F5 BIG-IP 13.0.0-13.1.0.5, using RADIUS authentication 
responses ...)
+       TODO: check
+CVE-2018-5514 (On F5 BIG-IP 13.1.0-13.1.0.5, maliciously crafted HTTP/2 
request ...)
+       TODO: check
 CVE-2018-5513
        RESERVED
-CVE-2018-5512
-       RESERVED
+CVE-2018-5512 (On F5 BIG-IP 13.1.0-13.1.0.5, when Large Receive Offload (LRO) 
and SYN ...)
+       TODO: check
 CVE-2018-5511 (On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated ...)
        NOT-FOR-US: F5 BIG-IP
 CVE-2018-5510 (On F5 BIG-IP 11.5.4 HF4-11.5.5, the Traffic Management 
Microkernel ...)
@@ -24190,8 +24236,8 @@ CVE-2018-1470
        RESERVED
 CVE-2018-1469 (IBM API Connect Developer Portal 5.0.0.0 through 5.0.8.2 could 
allow ...)
        NOT-FOR-US: IBM API Connect Developer Portal
-CVE-2018-1468
-       RESERVED
+CVE-2018-1468 (IBM API Connect 5.0.8.1 and 5.0.8.2 could allow a user to get 
access ...)
+       TODO: check
 CVE-2018-1467
        RESERVED
 CVE-2018-1466
@@ -25940,14 +25986,14 @@ CVE-2018-1106 (An authentication bypass flaw has been 
found in PackageKit before
        NOTE: Resulting affected (upstream) versions: >= 1.0.10 up until 
current 1.1.9
 CVE-2018-1105
        RESERVED
-CVE-2018-1104
-       RESERVED
+CVE-2018-1104 (Ansible Tower through version 3.2.3 has a vulnerability that 
allows ...)
+       TODO: check
 CVE-2018-1103
        RESERVED
 CVE-2018-1102 (A flaw was found in source-to-image function as shipped with 
Openshift ...)
        NOT-FOR-US: source-to-image in OpenShift
-CVE-2018-1101
-       RESERVED
+CVE-2018-1101 (Ansible Tower before version 3.2.4 has a flaw in the management 
of ...)
+       TODO: check
 CVE-2018-1100 (zsh through version 5.4.2 is vulnerable to a stack-based buffer 
...)
        - zsh 5.5-1 (bug #895225)
        [stretch] - zsh <no-dsa> (Minor issue)
@@ -29431,7 +29477,7 @@ CVE-2017-16907 (In Horde Groupware 5.2.19 and 5.2.21, 
there is XSS via the Color
        - php-horde <undetermined>
        NOTE: http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html
        TODO: check
-CVE-2017-16906 (In Horde Groupware 5.2.19, there is XSS via the URL field in a 
...)
+CVE-2017-16906 (In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL 
field in a ...)
        - php-horde <undetermined>
        NOTE: http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html
        TODO: check
@@ -67335,8 +67381,7 @@ CVE-2017-4954
        RESERVED
 CVE-2017-4953
        RESERVED
-CVE-2017-4952
-       RESERVED
+CVE-2017-4952 (VMware Xenon 1.x prior to 1.5.7, 1.5.4, 1.3.7, and 1.1.0 
contains an ...)
        NOT-FOR-US: VMware Xenon
 CVE-2017-4951 (VMware AirWatch Console (9.2.x before 9.2.2 and 9.1.x before 
9.1.5) ...)
        NOT-FOR-US: VMware AirWatch Console
@@ -75961,8 +76006,8 @@ CVE-2017-1603
        RESERVED
 CVE-2017-1602 (IBM RSA DM (IBM Rational Collaborative Lifecycle Management 5.0 
and ...)
        NOT-FOR-US: IBM
-CVE-2017-1601
-       RESERVED
+CVE-2017-1601 (IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 
Database ...)
+       TODO: check
 CVE-2017-1600 (IBM Security Guardium 10.0 Database Activity Monitor is 
vulnerable to ...)
        NOT-FOR-US: IBM Security Guardium
 CVE-2017-1599
@@ -76654,8 +76699,8 @@ CVE-2017-1257 (IBM Security Guardium 10.0 discloses 
sensitive information to ...
        NOT-FOR-US: IBM Security Guardium
 CVE-2017-1256 (IBM Security Guardium 10.0, 10.1 is vulnerable to cross-site 
...)
        NOT-FOR-US: IBM
-CVE-2017-1255
-       RESERVED
+CVE-2017-1255 (IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 
uses ...)
+       TODO: check
 CVE-2017-1254 (IBM Security Guardium 10.0 is vulnerable to a XML External 
Entity ...)
        NOT-FOR-US: IBM
 CVE-2017-1253 (IBM Security Guardium 10.0 could allow a remote authenticated 
attacker ...)
@@ -164257,8 +164302,8 @@ CVE-2013-6274
        RESERVED
 CVE-2013-6273
        RESERVED
-CVE-2013-6272
-       RESERVED
+CVE-2013-6272 (The NotificationBroadcastReceiver class in the 
com.android.phone ...)
+       TODO: check
 CVE-2013-6271 (Android 4.0 through 4.3 allows attackers to bypass intended 
access ...)
        NOT-FOR-US: Android
 CVE-2013-6270



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/961ba2775f4c5ad131ff3174c7e6d064c575796b

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/961ba2775f4c5ad131ff3174c7e6d064c575796b
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to