[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Thu, 10 May 2018 01:13:01 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
8d65658f by security tracker role at 2018-05-10T08:12:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,41 @@
+CVE-2018-10964
+       RESERVED
+CVE-2018-10963 (The TIFFWriteDirectorySec() function in tif_dirwrite.c in 
LibTIFF ...)
+       TODO: check
+CVE-2018-10962 (An issue was discovered in Shanghai 2345 Security Guard 3.7.0. 
...)
+       TODO: check
+CVE-2018-10961
+       RESERVED
+CVE-2018-10960
+       RESERVED
+CVE-2018-10959
+       RESERVED
+CVE-2018-10958 (In types.cpp in Exiv2 0.26, a large size value may lead to a 
SIGABRT ...)
+       TODO: check
+CVE-2018-10957 (CSRF exists on D-Link DIR-868L devices, leading to (for 
example) a ...)
+       TODO: check
+CVE-2018-10956
+       RESERVED
+CVE-2018-10955 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, 
X64 ...)
+       TODO: check
+CVE-2018-10954 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, 
X64 ...)
+       TODO: check
+CVE-2018-10953 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, 
X64 ...)
+       TODO: check
+CVE-2018-10952 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, 
X64 ...)
+       TODO: check
+CVE-2018-10951 (mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 
before ...)
+       TODO: check
+CVE-2018-10950 (mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 
before ...)
+       TODO: check
+CVE-2018-10949 (mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 
before ...)
+       TODO: check
+CVE-2018-10948
+       RESERVED
+CVE-2018-10947
+       RESERVED
+CVE-2018-10946
+       RESERVED
 CVE-2018-XXXX [Argument injection in xdg-open open_envvar]
        - xdg-utils <unfixed> (bug #898317)
        NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=103807
@@ -8,8 +46,8 @@ CVE-2018-10944
        RESERVED
 CVE-2018-10943
        RESERVED
-CVE-2018-10942
-       RESERVED
+CVE-2018-10942 (modules/attributewizardpro/file_upload.php in the Attribute 
Wizard ...)
+       TODO: check
 CVE-2018-10941
        RESERVED
 CVE-2018-10940 (The cdrom_ioctl_media_changed function in 
drivers/cdrom/cdrom.c in the ...)
@@ -1488,8 +1526,8 @@ CVE-2018-10316 (Netwide Assembler (NASM) 2.14rc0 has an 
endless while loop in th
        NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392474
 CVE-2018-10315
        RESERVED
-CVE-2018-10314
-       RESERVED
+CVE-2018-10314 (Cross-site scripting (XSS) vulnerability in Open-AudIT 
Community 2.2.0 ...)
+       TODO: check
 CVE-2018-10313 (WUZHI CMS 4.1.0 allows persistent XSS via the form%5Bqq_10%5D 
parameter ...)
        NOT-FOR-US: WUZHI CMS
 CVE-2018-10312 (index.php?m=member&amp;v=pw_reset in WUZHI CMS 4.1.0 allows 
CSRF to change ...)
@@ -4342,10 +4380,10 @@ CVE-2018-9114
        RESERVED
 CVE-2018-9113 (Centers for Disease Control and Prevention MicrobeTRACE 0.1.12 
allows ...)
        NOT-FOR-US: Centers for Disease Control and Prevention MicrobeTRACE
-CVE-2018-9112
-       RESERVED
-CVE-2018-9111
-       RESERVED
+CVE-2018-9112 (A low privileged admin account with a weak default password of 
admin ...)
+       TODO: check
+CVE-2018-9111 (Cross Site Scripting (XSS) exists on the Foxconn FEMTO 
AP-FC4064-T ...)
+       TODO: check
 CVE-2018-9110 (Studio 42 elFinder before 2.1.37 on Windows has Directory 
Traversal via ...)
        NOT-FOR-US: Studio 42 elFinder
 CVE-2018-9109 (Studio 42 elFinder before 2.1.36 has Directory Traversal via 
the ...)
@@ -4995,8 +5033,8 @@ CVE-2018-8862
        RESERVED
 CVE-2018-8861 (Vulnerabilities within the Philips Brilliance CT kiosk 
environment ...)
        NOT-FOR-US: Philips Brilliance
-CVE-2018-8860
-       RESERVED
+CVE-2018-8860 (In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker 
may be ...)
+       TODO: check
 CVE-2018-8859
        RESERVED
 CVE-2018-8858
@@ -5076,8 +5114,8 @@ CVE-2018-8826 (ASUS RT-AC51U, RT-AC58U, RT-AC66U, 
RT-AC1750, RT-ACRH13, and RT-N
        NOT-FOR-US: ASUS routers
 CVE-2018-8825
        RESERVED
-CVE-2018-8824
-       RESERVED
+CVE-2018-8824 (modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu 
...)
+       TODO: check
 CVE-2018-8823 (modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu 
...)
        NOT-FOR-US: Responsive Mega Menu Pro module for PrestaShop
 CVE-2018-8822 (Incorrect buffer length handling in the ncp_read_kernel 
function in ...)
@@ -6884,10 +6922,10 @@ CVE-2018-8063
        RESERVED
 CVE-2018-8062
        RESERVED
-CVE-2018-8061
-       RESERVED
-CVE-2018-8060
-       RESERVED
+CVE-2018-8061 (HWiNFO AMD64 Kernel driver version 8.98 and lower allows an ...)
+       TODO: check
+CVE-2018-8060 (HWiNFO AMD64 Kernel driver version 8.98 and lower allows an ...)
+       TODO: check
 CVE-2018-8059 (The Djelibeybi configuration examples for use of NGINX in SUSE 
Portus ...)
        NOT-FOR-US: Portus
 CVE-2018-8058 (CMS Made Simple (CMSMS) 2.2.6 has XSS in 
admin/moduleinterface.php via ...)
@@ -13284,10 +13322,10 @@ CVE-2018-6023
        RESERVED
 CVE-2018-6022 (Directory traversal vulnerability in ...)
        NOT-FOR-US: NoneCms
-CVE-2018-6021
-       RESERVED
-CVE-2018-6020
-       RESERVED
+CVE-2018-6021 (Silex SD-320AN version 2.01 and prior and GE 
MobileLink(GEH-SD-320AN) ...)
+       TODO: check
+CVE-2018-6020 (In Silex SX-500 all versions and GE MobileLink(GEH-500) version 
1.54 ...)
+       TODO: check
 CVE-2018-6019 (Samsung Display Solutions App before 3.02 for Android allows 
...)
        NOT-FOR-US: Samsung Display Solutions App for Android
 CVE-2018-6018 (Fixed sizes of HTTPS responses in Tinder iOS app and Tinder 
Android ...)
@@ -23033,24 +23071,24 @@ CVE-2018-2425
        RESERVED
 CVE-2018-2424
        RESERVED
-CVE-2018-2423
-       RESERVED
-CVE-2018-2422
-       RESERVED
-CVE-2018-2421
-       RESERVED
-CVE-2018-2420
-       RESERVED
-CVE-2018-2419
-       RESERVED
-CVE-2018-2418
-       RESERVED
-CVE-2018-2417
-       RESERVED
-CVE-2018-2416
-       RESERVED
-CVE-2018-2415
-       RESERVED
+CVE-2018-2423 (SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 
7.53, ...)
+       TODO: check
+CVE-2018-2422 (SAP Internet Graphics Server (IGS) Portwatcher, 7.20, 7.20EXT, 
7.45, ...)
+       TODO: check
+CVE-2018-2421 (SAP Internet Graphics Server (IGS) Portwatcher, 7.20, 7.20EXT, 
7.45, ...)
+       TODO: check
+CVE-2018-2420 (SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 
7.53, ...)
+       TODO: check
+CVE-2018-2419 (SAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 
1.01, ...)
+       TODO: check
+CVE-2018-2418 (SAP MaxDB ODBC driver (all versions before 7.9.09.07) allows an 
...)
+       TODO: check
+CVE-2018-2417 (Under certain conditions, the SAP Identity Management 8.0 (pass 
of ...)
+       TODO: check
+CVE-2018-2416 (SAP Identity Management 8.0 does not sufficiently validate an 
XML ...)
+       TODO: check
+CVE-2018-2415 (SAP NetWeaver Application Server Java Web Container and HTTP 
Service ...)
+       TODO: check
 CVE-2018-2414
        RESERVED
 CVE-2018-2413 (SAP Disclosure Management 10.1 does not perform necessary ...)
@@ -38008,22 +38046,22 @@ CVE-2017-1002001 (Vulnerability in wordpress plugin 
mobile-app-builder-by-wappre
        NOT-FOR-US: Wordpress plugin
 CVE-2017-1002000 (Vulnerability in wordpress plugin ...)
        NOT-FOR-US: Wordpress plugin
-CVE-2017-14481
-       RESERVED
-CVE-2017-14480
-       RESERVED
-CVE-2017-14479
-       RESERVED
-CVE-2017-14478
-       RESERVED
-CVE-2017-14477
-       RESERVED
-CVE-2017-14476
-       RESERVED
-CVE-2017-14475
-       RESERVED
-CVE-2017-14474
-       RESERVED
+CVE-2017-14481 (In the MMM::Agent::Helpers::Network::send_arp function in 
MySQL ...)
+       TODO: check
+CVE-2017-14480 (In the MMM::Agent::Helpers::Network::clear_ip function in 
MySQL ...)
+       TODO: check
+CVE-2017-14479 (In the MMM::Agent::Helpers::Network::clear_ip function in 
MySQL ...)
+       TODO: check
+CVE-2017-14478 (In the MMM::Agent::Helpers::Network::clear_ip function in 
MySQL ...)
+       TODO: check
+CVE-2017-14477 (In the MMM::Agent::Helpers::Network::add_ip function in MySQL 
...)
+       TODO: check
+CVE-2017-14476 (In the MMM::Agent::Helpers::Network::add_ip function in MySQL 
...)
+       TODO: check
+CVE-2017-14475 (In the MMM::Agent::Helpers::Network::add_ip function in MySQL 
...)
+       TODO: check
+CVE-2017-14474 (In the MMM::Agent::Helpers::_execute function in MySQL 
Multi-Master ...)
+       TODO: check
 CVE-2017-14473 (An exploitable access control vulnerability exists in the 
data, ...)
        NOT-FOR-US: Allen Bradley Micrologix
 CVE-2017-14472 (An exploitable access control vulnerability exists in the 
data, ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8d65658fda432bd434600199d9d18e5147bfeba2

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8d65658fda432bd434600199d9d18e5147bfeba2
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to