[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Tue, 08 May 2018 13:10:52 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
ba443f4f by security tracker role at 2018-05-08T20:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,39 @@
+CVE-2018-10813
+       RESERVED
+CVE-2018-10812 (The Bitpie application through 3.2.4 for Android and iOS uses 
cleartext ...)
+       TODO: check
+CVE-2018-10811
+       RESERVED
+CVE-2018-10810
+       RESERVED
+CVE-2018-10809 (In 2345 Security Guard 3.7, the driver file 
(2345NetFirewall.sys) ...)
+       TODO: check
+CVE-2018-10808
+       RESERVED
+CVE-2018-10807
+       RESERVED
+CVE-2018-10806 (An issue was discovered in Frog CMS 0.9.5. There is a 
reflected Cross ...)
+       TODO: check
+CVE-2018-10805 (ImageMagick version 7.0.7-28 contains a memory leak in 
ReadYCBCRImage ...)
+       TODO: check
+CVE-2018-10804 (ImageMagick version 7.0.7-28 contains a memory leak in 
WriteTIFFImage ...)
+       TODO: check
+CVE-2018-10803
+       RESERVED
+CVE-2018-1000301
+       RESERVED
+CVE-2018-1000300
+       RESERVED
+CVE-2018-1000177 (A cross-site scripting vulnerability exists in Jenkins S3 
Plugin ...)
+       TODO: check
+CVE-2018-1000176 (An exposure of sensitive information vulnerability exists in 
Jenkins ...)
+       TODO: check
+CVE-2018-1000175 (A path traversal vulnerability exists in Jenkins HTML 
Publisher Plugin ...)
+       TODO: check
+CVE-2018-1000174 (An open redirect vulnerability exists in Jenkins Google 
Login Plugin ...)
+       TODO: check
+CVE-2018-1000173 (A session fixaction vulnerability exists in Jenkins Google 
Login ...)
+       TODO: check
 CVE-2018-10802
        RESERVED
 CVE-2018-10801 (TIFFClientOpen in tif_unix.c in LibTIFF 3.8.2 has memory 
leaks, as ...)
@@ -167,8 +203,8 @@ CVE-2018-10736
        RESERVED
 CVE-2018-10735
        RESERVED
-CVE-2018-10734
-       RESERVED
+CVE-2018-10734 (KONGTOP DVR devices A303, A403, D303, D305, and D403 contain a 
...)
+       TODO: check
 CVE-2018-10733 (There is a heap-based buffer over-read in the function ...)
        - libgxps <unfixed> (low; bug #897954)
        [wheezy] - libgxps <ignored> (Minor issue)
@@ -996,8 +1032,7 @@ CVE-2018-10382
        RESERVED
 CVE-2018-10381 (TunnelBear 3.2.0.6 for Windows suffers from a SYSTEM privilege 
...)
        NOT-FOR-US: TunnelBear for Windows
-CVE-2018-10380 [Access to privileged files]
-       RESERVED
+CVE-2018-10380 (kwallet-pam in KDE KWallet before 5.12.6 allows local users to 
obtain ...)
        - kwallet-pam 5.12.1-2
        NOTE: https://www.kde.org/info/security/advisory-20180503-1.txt
        NOTE: 
https://commits.kde.org/kwallet-pam/2134dec85ce19d6378d03cddfae9e5e464cb24c0 
(Plasma 5.12)
@@ -1034,13 +1069,13 @@ CVE-2018-10372 (process_cu_tu_index in dwarf.c in GNU 
Binutils 2.30 allows remot
        NOTE: 
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6aea08d9f3e3d6475a65454da488a0c51f5dc97d
 CVE-2018-10371 (An issue was discovered in the wunderfarm WF Cookie Consent 
plugin ...)
        NOT-FOR-US: wunderfarm WF Cookie Consent plugin for WordPress
-CVE-2018-1000178 [Implement custom deserializer to add our own sanity checks]
+CVE-2018-1000178 (A heap corruption of type CWE-120 exists in quassel version 
0.12.4 in ...)
        {DSA-4189-1 DLA-1370-1}
        - quassel 1:0.12.5-1 (bug #896914)
        NOTE: 
https://github.com/quassel/quassel/commit/2b777e99fc9f74d4ed21491710260664a1721d1f
 (master)
        NOTE: 
https://github.com/quassel/quassel/commit/18389a713a6810f57ab237b945e8ee03df857b8b
 (0.12)
        NOTE: http://www.openwall.com/lists/oss-security/2018/04/27/1
-CVE-2018-1000179 [Reject clients that attempt to login before the core is 
configured]
+CVE-2018-1000179 (A NULL Pointer Dereference of CWE-476 exists in quassel 
version 0.12.4 ...)
        {DSA-4189-1}
        - quassel 1:0.12.5-1 (bug #896915)
        [wheezy] - quassel <no-dsa> (Minor issue)
@@ -2276,8 +2311,7 @@ CVE-2018-9860 (An issue was discovered in Botan 1.11.32 
through 2.x before 2.6.0
        NOTE: Bug introduced in 1.11.32, fixed in 2.6.0
 CVE-2018-9859
        RESERVED
-CVE-2018-1000168 [Denial of service due to NULL pointer dereference]
-       RESERVED
+CVE-2018-1000168 (nghttp2 version &gt;= 1.10.0 and nghttp2 &lt;= v1.31.0 
contains an Improper ...)
        - nghttp2 1.31.1-1 (low; bug #895566)
        [stretch] - nghttp2 <no-dsa> (Minor issue)
        [jessie] - nghttp2 <not-affected> (Issue introduced in 1.10.0)
@@ -4569,8 +4603,7 @@ CVE-2018-8899 (IdentityServer IdentityServer4 1.x before 
1.5.3 and 2.x before 2.
        NOT-FOR-US: IdentityServer
 CVE-2018-8898
        RESERVED
-CVE-2018-8897 [error in exception handling leads to DoS]
-       RESERVED
+CVE-2018-8897 (A statement in the System Programming Guide of the Intel 64 and 
IA-32 ...)
        - linux 4.15.17-1
        NOTE: Fixed by: 
https://git.kernel.org/linus/d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9 (4.16-rc7)
        - xen <unfixed>
@@ -10036,10 +10069,10 @@ CVE-2018-6923
        RESERVED
 CVE-2018-6922
        RESERVED
-CVE-2018-6921
-       RESERVED
-CVE-2018-6920
-       RESERVED
+CVE-2018-6921 (In FreeBSD before 11.1-STABLE(r332066) and 11.1-RELEASE-p10, 
due to ...)
+       TODO: check
+CVE-2018-6920 (In FreeBSD before 11.1-STABLE(r332303), 11.1-RELEASE-p10, ...)
+       TODO: check
 CVE-2018-6919 (In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 
...)
        - kfreebsd-10 <unfixed> (unimportant)
        NOTE: https://security.FreeBSD.org/advisories/FreeBSD-EN-18:04.mem.asc
@@ -11290,10 +11323,10 @@ CVE-2018-6513
        RESERVED
 CVE-2018-6512
        RESERVED
-CVE-2018-6511
-       RESERVED
-CVE-2018-6510
-       RESERVED
+CVE-2018-6511 (A cross-site scripting vulnerability in Puppet Enterprise 
Console of ...)
+       TODO: check
+CVE-2018-6510 (A cross-site scripting vulnerability in Puppet Enterprise 
Console of ...)
+       TODO: check
 CVE-2018-6509
        RESERVED
 CVE-2018-6508 (Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to 
a ...)
@@ -25802,10 +25835,10 @@ CVE-2018-1250
        RESERVED
 CVE-2018-1249
        RESERVED
-CVE-2018-1248
-       RESERVED
-CVE-2018-1247
-       RESERVED
+CVE-2018-1248 (RSA Authentication Manager Security Console, Operation Console 
and ...)
+       TODO: check
+CVE-2018-1247 (RSA Authentication Manager Security Console, version 8.3 and 
earlier, ...)
+       TODO: check
 CVE-2018-1246
        RESERVED
 CVE-2018-1245
@@ -25820,8 +25853,8 @@ CVE-2018-1241
        RESERVED
 CVE-2018-1240 (Dell EMC ViPR Controller, versions after 3.0.0.38, contain an 
...)
        NOT-FOR-US: EMC ViPR Controller
-CVE-2018-1239
-       RESERVED
+CVE-2018-1239 (Dell EMC Unity Operating Environment (OE) versions prior to ...)
+       TODO: check
 CVE-2018-1238 (Dell EMC ScaleIO versions prior to 2.5, contain a command 
injection ...)
        NOT-FOR-US: EMC ScaleIO
 CVE-2018-1237 (Dell EMC ScaleIO versions prior to 2.5, contain improper 
restriction ...)
@@ -28585,6 +28618,7 @@ CVE-2018-0496
 CVE-2018-0495
        RESERVED
 CVE-2018-0494 (GNU Wget before 1.19.5 is prone to a cookie injection 
vulnerability in ...)
+       {DSA-4195-1}
        - wget 1.19.5-1 (bug #898076)
        NOTE: https://lists.gnu.org/archive/html/bug-wget/2018-05/msg00020.html
        NOTE: https://savannah.gnu.org/bugs/?53763
@@ -74213,8 +74247,7 @@ CVE-2017-2612
        RESERVED
        - jenkins <removed>
        NOTE: https://jenkins.io/security/advisory/2017-02-01/
-CVE-2017-2611
-       RESERVED
+CVE-2017-2611 (Jenkins before versions 2.44, 2.32.2 is vulnerable to an 
insufficient ...)
        - jenkins <removed>
        NOTE: https://jenkins.io/security/advisory/2017-02-01/
 CVE-2017-2610
@@ -74277,13 +74310,11 @@ CVE-2017-2596 (The nested_vmx_check_vmptr function in 
arch/x86/kvm/vmx.c in the 
 CVE-2017-2595
        RESERVED
        - wildfly <itp> (bug #752018)
-CVE-2017-2594
-       RESERVED
+CVE-2017-2594 (hawtio before versions 2.0-beta-1, 2.0-beta-2 2.0-m1, 2.0-m2, 
2.0-m3, ...)
        NOT-FOR-US: hawtio
 CVE-2017-2593
        RESERVED
-CVE-2017-2592 [CatchErrors leaks sensitive values in oslo.middleware]
-       RESERVED
+CVE-2017-2592 (python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is 
...)
        - python-oslo.middleware 3.19.0-3 (bug #852742)
        NOTE: https://launchpad.net/bugs/1628031
 CVE-2017-2591 (389-ds-base before version 1.3.6 is vulnerable to an improperly 
NULL ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ba443f4f37342d086c73ede0e7115750ae788861

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ba443f4f37342d086c73ede0e7115750ae788861
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to