Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f30dcf37 by security tracker role at 2018-05-11T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,15 @@
+CVE-2018-10985
+ RESERVED
+CVE-2018-10984
+ RESERVED
+CVE-2018-10983
+ RESERVED
+CVE-2009-5152 (Absolute Computrace Agent, as distributed on certain Dell
Inspiron ...)
+ TODO: check
+CVE-2009-5151 (The stub component of Absolute Computrace Agent V70.785
executes code ...)
+ TODO: check
+CVE-2009-5150 (Absolute Computrace Agent V80.845 and V80.866 does not have a
digital ...)
+ TODO: check
CVE-2018-XXXX [Incomplete fix for CVE-2017-17523]
- lilypond 2.18.2-13 (bug #898373)
[jessie] - lilypond <not-affected> (Incomplete fix not applied)
@@ -329,7 +341,7 @@ CVE-2018-10829
RESERVED
CVE-2018-10828 (An issue was discovered in Alps Pointing-device Driver
10.1.101.207. ...)
NOT-FOR-US: Alps Pointing-device Driver
-CVE-2018-10827 (LiteCart 2.1.2 allows remote attackers to cause a denial of
service ...)
+CVE-2018-10827 (LiteCart before 2.1.2 allows remote attackers to cause a
denial of ...)
NOT-FOR-US: LiteCart
CVE-2018-10826
RESERVED
@@ -913,8 +925,8 @@ CVE-2018-10582
RESERVED
CVE-2018-10581 (In Octopus Deploy 3.4.x before 2018.4.7, an authenticated user
is able ...)
NOT-FOR-US: Octopus Deploy
-CVE-2018-10580
- RESERVED
+CVE-2018-10580 (The "Latest Posts on Profile" plugin 1.1 for MyBB
has XSS because ...)
+ TODO: check
CVE-2018-10579
RESERVED
CVE-2018-10578 (An issue was discovered on WatchGuard AP100, AP102, and AP200
devices ...)
@@ -9575,8 +9587,8 @@ CVE-2018-7253 (The ParseDsdiffHeaderConfig function of
the cli/dsdiff.c file of
[wheezy] - wavpack <not-affected> (Vulnerable code not present)
NOTE: https://github.com/dbry/WavPack/issues/28
NOTE:
https://github.com/dbry/WavPack/commit/36a24c7881427d2e1e4dc1cef58f19eee0d13aec
-CVE-2018-7248
- RESERVED
+CVE-2018-7248 (An issue was discovered in Zoho ManageEngine ServiceDesk Plus
9.3 ...)
+ TODO: check
CVE-2018-7247 (An issue was discovered in pixHtmlViewer in prog/htmlviewer.c
in ...)
- leptonlib 1.76.0-1 (unimportant)
NOTE:
https://github.com/DanBloomberg/leptonica/commit/c1079bb8e77cdd426759e466729917ca37a3ed9f
@@ -50775,7 +50787,7 @@ CVE-2017-10386 (Vulnerability in the Java Advanced
Management Console component
CVE-2017-10385 (Vulnerability in the Oracle GlassFish Server component of
Oracle ...)
- glassfish <not-affected> (Vulnerable code not included, see bug
#853998)
CVE-2017-10384 (Vulnerability in the MySQL Server component of Oracle MySQL
...)
- {DSA-4002-1 DLA-1141-1}
+ {DSA-4002-1 DSA-3944-1 DLA-1141-1}
- mariadb-10.2 <removed> (bug #884065)
- mariadb-10.0 <removed>
- mysql-5.7 5.7.20-1 (bug #878398)
@@ -50790,7 +50802,7 @@ CVE-2017-10381 (Vulnerability in the PeopleSoft
Enterprise PeopleTools component
CVE-2017-10380 (Vulnerability in the Java Advanced Management Console
component of ...)
NOT-FOR-US: Java Advanced Management Console
CVE-2017-10379 (Vulnerability in the MySQL Server component of Oracle MySQL
...)
- {DSA-4002-1 DLA-1141-1}
+ {DSA-4002-1 DSA-3944-1 DLA-1141-1}
- mariadb-10.2 <removed> (bug #884065)
- mariadb-10.0 <removed>
- mysql-5.7 5.7.20-1 (bug #878398)
@@ -51068,6 +51080,7 @@ CVE-2017-10288
CVE-2017-10287 (Vulnerability in the PeopleSoft Enterprise FSCM component of
Oracle ...)
NOT-FOR-US: Oracle
CVE-2017-10286 (Vulnerability in the MySQL Server component of Oracle MySQL
...)
+ {DSA-3944-1}
- mariadb-10.2 <removed> (bug #884065)
- mariadb-10.0 <removed>
- mysql-5.7 5.7.20-1 (bug #878398)
@@ -64072,8 +64085,8 @@ CVE-2017-6017 (A Resource Exhaustion issue was
discovered in Schneider Electric
NOT-FOR-US: Schneider Electric
CVE-2017-6016 (An Improper Access Control issue was discovered in LCDS - Leao
...)
NOT-FOR-US: LCDS (Leao Consultoria e Desenvolvimento de Sistemas LTDA
ME LAquis SCADA)
-CVE-2017-6015
- RESERVED
+CVE-2017-6015 (Without quotation marks, any whitespace in the file path for
Rockwell ...)
+ TODO: check
CVE-2017-6014 (In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG
4607 ...)
{DSA-3811-1 DLA-826-1}
- wireshark 2.2.5+g440fd4d-2 (bug #855408)
@@ -83703,8 +83716,7 @@ CVE-2016-8628
[jessie] - ansible <no-dsa> (Minor issue; can be fixed via point
release)
NOTE: Fixed upstream in v2.2.0.0-1
NOTE: Needs an attacker to compromise a controlled server.
-CVE-2016-8627
- RESERVED
+CVE-2016-8627 (admin-cli before versions 3.0.0.alpha25, 2.2.1.cr2 is
vulnerable to an ...)
NOT-FOR-US: Red Hat JBoss EAP
CVE-2016-8626 [RGW Denial of Service by sending POST object with null
conditions]
RESERVED
@@ -184719,7 +184731,7 @@ CVE-2012-5606 (Multiple cross-site scripting (XSS)
vulnerabilities in ownCloud b
NOTE: http://www.openwall.com/lists/oss-security/2012/11/30/2
CVE-2012-5605 (Grinder in Red Hat CloudForms before 1.1 uses world-writable
...)
NOT-FOR-US: Red Hat CloudForms
-CVE-2012-5604 (The ldap_fluff gem for Ruby, as used in Red Hat CloudFroms 1.1,
when ...)
+CVE-2012-5604 (The ldap_fluff gem for Ruby, as used in Red Hat CloudForms 1.1,
when ...)
NOT-FOR-US: Red Hat CloudForms
CVE-2012-5603 (proxies_controller.rb in Katello in Red Hat CloudForms before
1.1 does ...)
NOT-FOR-US: Red Hat CloudForms
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f30dcf37e1ece3228aeaaf727fcc5fee45a2cdc8
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f30dcf37e1ece3228aeaaf727fcc5fee45a2cdc8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
