Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6ce7ca77 by security tracker role at 2018-05-03T08:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,53 @@
+CVE-2018-10704
+ RESERVED
+CVE-2018-10703
+ RESERVED
+CVE-2018-10702
+ RESERVED
+CVE-2018-10701
+ RESERVED
+CVE-2018-10700
+ RESERVED
+CVE-2018-10699
+ RESERVED
+CVE-2018-10698
+ RESERVED
+CVE-2018-10697
+ RESERVED
+CVE-2018-10696
+ RESERVED
+CVE-2018-10695
+ RESERVED
+CVE-2018-10694
+ RESERVED
+CVE-2018-10693
+ RESERVED
+CVE-2018-10692
+ RESERVED
+CVE-2018-10691
+ RESERVED
+CVE-2018-10690
+ RESERVED
+CVE-2018-10689 (blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux
kernel ...)
+ TODO: check
+CVE-2018-10688
+ RESERVED
+CVE-2018-10687
+ RESERVED
+CVE-2018-10686
+ RESERVED
+CVE-2018-10685 (In Long Range Zip (aka lrzip) 0.631, there is a use-after-free
in the ...)
+ TODO: check
+CVE-2018-10684
+ RESERVED
+CVE-2018-10683
+ RESERVED
+CVE-2018-10682
+ RESERVED
+CVE-2016-10722 (partclone.fat in Partclone before 0.2.88 is prone to a
heap-based ...)
+ TODO: check
+CVE-2016-10721 (partclone.restore in Partclone 0.2.87 is prone to a heap-based
buffer ...)
+ TODO: check
CVE-2018-10681
RESERVED
CVE-2018-10680 (** DISPUTED ** Z-BlogPHP 1.5.2 has a stored Cross Site
Scripting ...)
@@ -26,8 +76,8 @@ CVE-2018-10668
RESERVED
CVE-2018-10667
RESERVED
-CVE-2018-10666
- RESERVED
+CVE-2018-10666 (The Owned smart contract implementation for Aurora IDEX
Membership ...)
+ TODO: check
CVE-2018-10665 (ILIAS 5.3.4 has XSS through unsanitized output of PHP_SELF,
related to ...)
NOT-FOR-US: ILIAS
CVE-2018-10664
@@ -216,10 +266,10 @@ CVE-2018-10580
RESERVED
CVE-2018-10579
RESERVED
-CVE-2018-10578
- RESERVED
-CVE-2018-10577
- RESERVED
+CVE-2018-10578 (An issue was discovered on WatchGuard AP100, AP102, and AP200
devices ...)
+ TODO: check
+CVE-2018-10577 (An issue was discovered on WatchGuard AP100, AP102, and AP200
devices ...)
+ TODO: check
CVE-2018-10576 (An issue was discovered on WatchGuard AP100, AP102, and AP200
devices ...)
NOT-FOR-US: WatchGuard devices
CVE-2018-10575 (An issue was discovered on WatchGuard AP100, AP102, and AP200
devices ...)
@@ -238,18 +288,18 @@ CVE-2018-10570 (Frog CMS 0.9.5 has XSS in
/install/index.php via the ...)
NOT-FOR-US: Frog CMS
CVE-2018-10569
RESERVED
-CVE-2018-10568
- RESERVED
-CVE-2018-10567
- RESERVED
-CVE-2018-10566
- RESERVED
-CVE-2018-10565
- RESERVED
-CVE-2018-10564
- RESERVED
-CVE-2018-10563
- RESERVED
+CVE-2018-10568 (XSS exists in Flexense DiskSorter Enterprise from v9.5.12 to
v10.7. ...)
+ TODO: check
+CVE-2018-10567 (XSS exists in Flexense VX Search Enterprise from v10.1.12 to
v10.7. ...)
+ TODO: check
+CVE-2018-10566 (XSS exists in Flexense DupScout Enterprise from v10.0.18 to
v10.7. ...)
+ TODO: check
+CVE-2018-10565 (XSS exists in Flexense DiskSavvy Enterprise from v10.4 to
v10.7. ...)
+ TODO: check
+CVE-2018-10564 (XSS exists in Flexense DiskPulse Enterprise from v10.4 to
v10.7. ...)
+ TODO: check
+CVE-2018-10563 (An XSS in Flexense SyncBreeze affects all versions (tested
from ...)
+ TODO: check
CVE-2018-10562
RESERVED
CVE-2018-10561
@@ -730,11 +780,13 @@ CVE-2018-10372 (process_cu_tu_index in dwarf.c in GNU
Binutils 2.30 allows remot
CVE-2018-10371 (An issue was discovered in the wunderfarm WF Cookie Consent
plugin ...)
NOT-FOR-US: wunderfarm WF Cookie Consent plugin for WordPress
CVE-2018-1000178 [Implement custom deserializer to add our own sanity checks]
+ {DSA-4189-1}
- quassel 1:0.12.5-1 (bug #896914)
NOTE:
https://github.com/quassel/quassel/commit/2b777e99fc9f74d4ed21491710260664a1721d1f
(master)
NOTE:
https://github.com/quassel/quassel/commit/18389a713a6810f57ab237b945e8ee03df857b8b
(0.12)
NOTE: http://www.openwall.com/lists/oss-security/2018/04/27/1
CVE-2018-1000179 [Reject clients that attempt to login before the core is
configured]
+ {DSA-4189-1}
- quassel 1:0.12.5-1 (bug #896915)
NOTE:
https://github.com/quassel/quassel/commit/e17fca767d60c06ca02bc5898ced04f06d3670bd
(master)
NOTE:
https://github.com/quassel/quassel/commit/08bace4e9ecf08273f094c0c6aa8b3363d38ac3e
(0.12)
@@ -903,8 +955,8 @@ CVE-2018-10296 (MiniCMS V1.10 has XSS via the
mc-admin/post-edit.php title param
NOT-FOR-US: MiniCMS
CVE-2018-10295 (ChemCMS v1.0.6 has CSRF by using
public/admin/user/addpost.html to add ...)
NOT-FOR-US: ChemCMS
-CVE-2018-10294
- RESERVED
+CVE-2018-10294 (Flexense DiskBoss Enterprise v7.4.28 to v9.1.16 has XSS. ...)
+ TODO: check
CVE-2018-10293
RESERVED
CVE-2018-10292
@@ -1358,8 +1410,8 @@ CVE-2018-10117 (An issue was discovered in idreamsoft
iCMS V7.0.7. There is a CS
NOT-FOR-US: idreamsoft iCMS
CVE-2018-10116
RESERVED
-CVE-2018-10115
- RESERVED
+CVE-2018-10115 (Incorrect initialization logic of RAR decoder objects in 7-Zip
18.03 ...)
+ TODO: check
CVE-2018-10114 (An issue was discovered in GEGL through 0.3.32. The ...)
- gegl 0.3.34-1
[wheezy] - gegl <no-dsa> (Minor issue)
@@ -1827,8 +1879,8 @@ CVE-2018-9921 (In CMS Made Simple 2.2.7, a Directory
Traversal issue makes it po
NOT-FOR-US: CMS Made Simple
CVE-2018-9920
RESERVED
-CVE-2018-9919
- RESERVED
+CVE-2018-9919 (A web-accessible backdoor, with resultant SSRF, exists in
Tp-shop ...)
+ TODO: check
CVE-2018-9918 (libqpdf.a in QPDF through 8.0.2 mishandles certain
"expected dictionary ...)
- qpdf 8.0.2-3 (bug #895443)
[stretch] - qpdf <no-dsa> (Minor issue)
@@ -4239,8 +4291,8 @@ CVE-2018-8902
RESERVED
CVE-2018-8901
RESERVED
-CVE-2018-8900
- RESERVED
+CVE-2018-8900 (The License Manager service of HASP SRM, Sentinel HASP and
Sentinel ...)
+ TODO: check
CVE-2018-8899 (IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before
2.1.3 ...)
NOT-FOR-US: IdentityServer
CVE-2018-8898
@@ -28787,28 +28839,28 @@ CVE-2018-0290
RESERVED
CVE-2018-0289
RESERVED
-CVE-2018-0288
- RESERVED
-CVE-2018-0287
- RESERVED
-CVE-2018-0286
- RESERVED
-CVE-2018-0285
- RESERVED
+CVE-2018-0288 (A vulnerability in Cisco WebEx Recording Format (WRF) Player
could ...)
+ TODO: check
+CVE-2018-0287 (A vulnerability in the Cisco WebEx Network Recording Player for
...)
+ TODO: check
+CVE-2018-0286 (A vulnerability in the netconf interface of Cisco IOS XR
Software could ...)
+ TODO: check
+CVE-2018-0285 (A vulnerability in service logging for Cisco Prime Service
Catalog ...)
+ TODO: check
CVE-2018-0284
RESERVED
-CVE-2018-0283
- RESERVED
+CVE-2018-0283 (A vulnerability in the detection engine of Cisco Firepower
System ...)
+ TODO: check
CVE-2018-0282
RESERVED
-CVE-2018-0281
- RESERVED
+CVE-2018-0281 (A vulnerability in the detection engine of Cisco Firepower
System ...)
+ TODO: check
CVE-2018-0280
RESERVED
CVE-2018-0279
RESERVED
-CVE-2018-0278
- RESERVED
+CVE-2018-0278 (A vulnerability in the management console of Cisco Firepower
System ...)
+ TODO: check
CVE-2018-0277
RESERVED
CVE-2018-0276 (A vulnerability in Cisco WebEx Connect IM could allow an ...)
@@ -28835,20 +28887,20 @@ CVE-2018-0266 (A vulnerability in the web framework
of Cisco Unified Communicati
NOT-FOR-US: Cisco
CVE-2018-0265
RESERVED
-CVE-2018-0264
- RESERVED
+CVE-2018-0264 (A vulnerability in the Cisco WebEx Network Recording Player for
...)
+ TODO: check
CVE-2018-0263
RESERVED
-CVE-2018-0262
- RESERVED
+CVE-2018-0262 (A vulnerability in Cisco Meeting Server could allow an
unauthenticated, ...)
+ TODO: check
CVE-2018-0261
RESERVED
CVE-2018-0260 (A vulnerability in the web interface of Cisco MATE Live could
allow an ...)
NOT-FOR-US: Cisco
CVE-2018-0259 (A vulnerability in the web-based management interface of Cisco
MATE ...)
NOT-FOR-US: Cisco
-CVE-2018-0258
- RESERVED
+CVE-2018-0258 (A vulnerability in the Cisco Prime File Upload servlet
affecting ...)
+ TODO: check
CVE-2018-0257 (A vulnerability in Cisco IOS XE Software running on Cisco cBR
Series ...)
NOT-FOR-US: Cisco
CVE-2018-0256 (A vulnerability in the peer-to-peer message processing
functionality of ...)
@@ -28857,24 +28909,24 @@ CVE-2018-0255 (A vulnerability in the device manager
web interface of Cisco Indu
NOT-FOR-US: Cisco
CVE-2018-0254 (A vulnerability in the detection engine of Cisco Firepower
System ...)
NOT-FOR-US: Cisco
-CVE-2018-0253
- RESERVED
-CVE-2018-0252
- RESERVED
+CVE-2018-0253 (A vulnerability in the ACS Report component of Cisco Secure
Access ...)
+ TODO: check
+CVE-2018-0252 (A vulnerability in the IP Version 4 (IPv4) fragment reassembly
function ...)
+ TODO: check
CVE-2018-0251 (A vulnerability in the Web Server Authentication Required
screen of the ...)
NOT-FOR-US: Cisco
-CVE-2018-0250
- RESERVED
-CVE-2018-0249
- RESERVED
+CVE-2018-0250 (A vulnerability in Central Web Authentication (CWA) with
FlexConnect ...)
+ TODO: check
+CVE-2018-0249 (A vulnerability when handling incoming 802.11 Association
Requests for ...)
+ TODO: check
CVE-2018-0248
RESERVED
-CVE-2018-0247
- RESERVED
+CVE-2018-0247 (A vulnerability in Web Authentication (WebAuth) clients for the
Cisco ...)
+ TODO: check
CVE-2018-0246
RESERVED
-CVE-2018-0245
- RESERVED
+CVE-2018-0245 (A vulnerability in the REST API of Cisco 5500 and 8500 Series
Wireless ...)
+ TODO: check
CVE-2018-0244 (A vulnerability in the detection engine of Cisco Firepower
System ...)
NOT-FOR-US: Cisco
CVE-2018-0243 (A vulnerability in the detection engine of Cisco Firepower
System ...)
@@ -28893,10 +28945,10 @@ CVE-2018-0237 (A vulnerability in the file type
detection mechanism of the Cisco
NOT-FOR-US: Cisco
CVE-2018-0236
RESERVED
-CVE-2018-0235
- RESERVED
-CVE-2018-0234
- RESERVED
+CVE-2018-0235 (A vulnerability in the 802.11 frame validation functionality of
the ...)
+ TODO: check
+CVE-2018-0234 (A vulnerability in the implementation of Point-to-Point
Tunneling ...)
+ TODO: check
CVE-2018-0233 (A vulnerability in the Secure Sockets Layer (SSL) packet
reassembly ...)
NOT-FOR-US: Cisco
CVE-2018-0232
@@ -28911,8 +28963,8 @@ CVE-2018-0228 (A vulnerability in the ingress flow
creation functionality of Cis
NOT-FOR-US: Cisco
CVE-2018-0227 (A vulnerability in the Secure Sockets Layer (SSL) Virtual
Private ...)
NOT-FOR-US: Cisco
-CVE-2018-0226
- RESERVED
+CVE-2018-0226 (A vulnerability in the assignment and management of default
user ...)
+ TODO: check
CVE-2018-0225
RESERVED
CVE-2018-0224 (A vulnerability in the CLI of the Cisco StarOS operating system
for ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6ce7ca7773d0ee9dee9d2f4bc2577c0a3ea23234
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6ce7ca7773d0ee9dee9d2f4bc2577c0a3ea23234
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
