[Git][security-tracker-team/security-tracker][master] automatic update

Mon, 14 May 2018 13:10:40 -0700 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
04aa963f by security tracker role at 2018-05-14T20:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,5 @@
+CVE-2018-11038
+       RESERVED
 CVE-2018-11037 (In Exiv2 0.26, the Exiv2::PngImage::printStructure function in 
...)
        - exiv2 <unfixed>
        NOTE: https://github.com/Exiv2/exiv2/issues/307
@@ -92,11 +94,11 @@ CVE-2018-10994
 CVE-2018-10993
        RESERVED
 CVE-2018-10991
-       RESERVED
-CVE-2018-10990
-       RESERVED
-CVE-2018-10989
-       RESERVED
+       REJECTED
+CVE-2018-10990 (On Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 
devices, a ...)
+       TODO: check
+CVE-2018-10989 (Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices 
are ...)
+       TODO: check
 CVE-2018-10988
        RESERVED
 CVE-2018-10987
@@ -1544,6 +1546,7 @@ CVE-2018-10382
 CVE-2018-10381 (TunnelBear 3.2.0.6 for Windows suffers from a SYSTEM privilege 
...)
        NOT-FOR-US: TunnelBear for Windows
 CVE-2018-10380 (kwallet-pam in KDE KWallet before 5.12.6 allows local users to 
obtain ...)
+       {DSA-4200-1}
        - kwallet-pam 5.12.1-2
        NOTE: https://www.kde.org/info/security/advisory-20180503-1.txt
        NOTE: 
https://commits.kde.org/kwallet-pam/2134dec85ce19d6378d03cddfae9e5e464cb24c0 
(Plasma 5.12)
@@ -1849,8 +1852,8 @@ CVE-2018-10254 (Netwide Assembler (NASM) 2.13 has a 
stack-based buffer over-read
        NOTE: https://sourceforge.net/p/nasm/bugs/561/
 CVE-2018-10253 (Paessler PRTG Network Monitor before 18.1.39.1648 mishandles 
stack ...)
        NOT-FOR-US: Paessler PRTG Network Monitor
-CVE-2018-10252
-       RESERVED
+CVE-2018-10252 (An issue was discovered on Actiontec WCB6200Q before 
1.1.10.20a ...)
+       TODO: check
 CVE-2018-10251 (A vulnerability in Sierra Wireless AirLink GX400, GX440, 
ES440, and ...)
        NOT-FOR-US: Sierra Wireless AirLink routers
 CVE-2018-10250 (iCMS V7.0.8 has XSS via the admincp.php keywords parameter in 
a ...)
@@ -15686,8 +15689,8 @@ CVE-2018-5232
        RESERVED
 CVE-2018-5231
        RESERVED
-CVE-2018-5230
-       RESERVED
+CVE-2018-5230 (The issue collector in Atlassian Jira before version 7.6.6, 
from ...)
+       TODO: check
 CVE-2018-5229
        RESERVED
 CVE-2018-5228 (The /browse/~raw resource in Atlassian Fisheye and Crucible 
before ...)
@@ -29142,38 +29145,38 @@ CVE-2018-0593
        RESERVED
 CVE-2018-0592
        RESERVED
-CVE-2018-0591
-       RESERVED
-CVE-2018-0590
-       RESERVED
-CVE-2018-0589
-       RESERVED
-CVE-2018-0588
-       RESERVED
-CVE-2018-0587
-       RESERVED
-CVE-2018-0586
-       RESERVED
-CVE-2018-0585
-       RESERVED
+CVE-2018-0591 (The KINEPASS App for Android Ver 3.1.1 and earlier, and for iOS 
Ver ...)
+       TODO: check
+CVE-2018-0590 (Ultimate Member plugin prior to version 2.0.4 for WordPress 
allows ...)
+       TODO: check
+CVE-2018-0589 (Ultimate Member plugin prior to version 2.0.4 for WordPress 
allows ...)
+       TODO: check
+CVE-2018-0588 (Directory traversal vulnerability in the AJAX function of 
Ultimate ...)
+       TODO: check
+CVE-2018-0587 (Unrestricted file upload vulnerability in Ultimate Member 
plugin prior ...)
+       TODO: check
+CVE-2018-0586 (Directory traversal vulnerability in the shortcodes function of 
...)
+       TODO: check
+CVE-2018-0585 (Cross-site scripting vulnerability in Ultimate Member plugin 
prior to ...)
+       TODO: check
 CVE-2018-0584
        RESERVED
-CVE-2018-0583
-       RESERVED
-CVE-2018-0582
-       RESERVED
-CVE-2018-0581
-       RESERVED
-CVE-2018-0580
-       RESERVED
-CVE-2018-0579
-       RESERVED
-CVE-2018-0578
-       RESERVED
-CVE-2018-0577
-       RESERVED
-CVE-2018-0576
-       RESERVED
+CVE-2018-0583 (Cross-site scripting vulnerability in ASUS RT-AC1200HP Firmware 
...)
+       TODO: check
+CVE-2018-0582 (Cross-site scripting vulnerability in ASUS RT-AC68U Firmware 
version ...)
+       TODO: check
+CVE-2018-0581 (Cross-site scripting vulnerability in ASUS RT-AC87U Firmware 
version ...)
+       TODO: check
+CVE-2018-0580 (Untrusted search path vulnerability in CELSYS, Inc CLIP STUDIO 
series ...)
+       TODO: check
+CVE-2018-0579 (Cross-site scripting vulnerability in Open Graph for Facebook, 
Google+ ...)
+       TODO: check
+CVE-2018-0578 (Cross-site scripting vulnerability in PixelYourSite plugin 
prior to ...)
+       TODO: check
+CVE-2018-0577 (Cross-site scripting vulnerability in WP Google Map Plugin 
prior to ...)
+       TODO: check
+CVE-2018-0576 (Cross-site scripting vulnerability in Events Manager plugin 
prior to ...)
+       TODO: check
 CVE-2018-0575
        RESERVED
 CVE-2018-0574
@@ -29188,8 +29191,8 @@ CVE-2018-0570
        RESERVED
 CVE-2018-0569
        RESERVED
-CVE-2018-0568
-       RESERVED
+CVE-2018-0568 (Unrestricted file upload vulnerability in SiteBridge Inc. 
Joruri Gw ...)
+       TODO: check
 CVE-2018-0567
        RESERVED
 CVE-2018-0566
@@ -31142,8 +31145,8 @@ CVE-2017-16862 (The IncomingMailServers resource in 
Atlassian Jira before versio
        NOT-FOR-US: Atlassian Jira
 CVE-2017-16861 (It was possible for double OGNL evaluation in certain redirect 
action ...)
        NOT-FOR-US: Atlassian Fisheye and Crucible
-CVE-2017-16860
-       RESERVED
+CVE-2017-16860 (The invalidRedirectUrl template in Atlassian Application Links 
before ...)
+       TODO: check
 CVE-2017-16859
        RESERVED
 CVE-2017-16858 (The 'crowd-application' plugin module (notably used by the 
Google Apps ...)
@@ -64264,8 +64267,8 @@ CVE-2017-6023 (An issue was discovered in Fatek 
Automation PLC Ethernet Module. 
        NOT-FOR-US: Fatek
 CVE-2017-6022 (A hard-coded password issue was discovered in Becton, Dickinson 
and ...)
        NOT-FOR-US: BD's Kiestra PerformA and KLA Journal Service applications
-CVE-2017-6021
-       RESERVED
+CVE-2017-6021 (In Schneider Electric ClearSCADA 2014 R1 (build 75.5210) and 
prior, ...)
+       TODO: check
 CVE-2017-6020 (Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME 
LAquis ...)
        NOT-FOR-US: Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA 
ME LAquis SCADA software
 CVE-2017-6019 (An issue was discovered in Schneider Electric Conext ComBox, 
model ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/04aa963fcc1d23ed6f58f962f612e4cf49fc1ca6

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/04aa963fcc1d23ed6f58f962f612e4cf49fc1ca6
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to