[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Tue, 15 May 2018 13:10:46 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
21ea10b6 by security tracker role at 2018-05-15T20:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,55 @@
+CVE-2018-11130
+       RESERVED
+CVE-2018-11129
+       RESERVED
+CVE-2018-11128
+       RESERVED
+CVE-2018-11127 (e107 2.1.7 has CSRF resulting in arbitrary user deletion. ...)
+       TODO: check
+CVE-2018-11126 (dg-user/?controller=users&amp;action=add in doorGets 7.0 has 
CSRF that ...)
+       TODO: check
+CVE-2018-11125 (Tencent RapidJSON 1.1.0 has a heap-based buffer over-read in 
the Peek ...)
+       TODO: check
+CVE-2018-11124
+       RESERVED
+CVE-2018-11123
+       RESERVED
+CVE-2018-11122
+       RESERVED
+CVE-2018-11121
+       RESERVED
+CVE-2018-11120
+       RESERVED
+CVE-2018-11119
+       RESERVED
+CVE-2018-11118
+       RESERVED
+CVE-2018-11117
+       RESERVED
+CVE-2018-11116
+       RESERVED
+CVE-2018-11115
+       RESERVED
+CVE-2018-11114
+       RESERVED
+CVE-2018-11113
+       RESERVED
+CVE-2018-11112
+       RESERVED
+CVE-2018-11111
+       RESERVED
+CVE-2018-11110
+       RESERVED
+CVE-2018-11109
+       RESERVED
+CVE-2018-11108
+       RESERVED
+CVE-2018-11107
+       RESERVED
+CVE-2018-11106
+       RESERVED
+CVE-2018-11105 (There is stored cross site scripting in the 
wp-live-chat-support plugin ...)
+       TODO: check
 CVE-2018-11104
        RESERVED
 CVE-2018-11103
@@ -22,8 +74,8 @@ CVE-2018-11096
 CVE-2018-11095 (The decompileJUMP function in decompile.c in libming through 
0.4.8 ...)
        - ming <removed>
        NOTE: https://github.com/libming/libming/issues/141
-CVE-2018-11094
-       RESERVED
+CVE-2018-11094 (An issue was discovered on Intelbras NCLOUD 300 1.0 devices. 
...)
+       TODO: check
 CVE-2018-11093
        RESERVED
 CVE-2018-11092
@@ -260,9 +312,11 @@ CVE-2018-10992 (lilypond-invoke-editor in LilyPond 2.19.80 
does not validate str
        [jessie] - lilypond <not-affected> (Incomplete fix not applied)
        [wheezy] - lilypond <not-affected> (Incomplete fix not applied)
 CVE-2018-10982 (An issue was discovered in Xen through 4.10.x allowing x86 HVM 
guest OS ...)
+       {DSA-4201-1}
        - xen <unfixed>
        NOTE: https://xenbits.xen.org/xsa/advisory-261.html
 CVE-2018-10981 (An issue was discovered in Xen through 4.10.x allowing x86 HVM 
guest OS ...)
+       {DSA-4201-1}
        - xen <unfixed>
        NOTE: https://xenbits.xen.org/xsa/advisory-262.html
 CVE-2018-10980
@@ -673,7 +727,7 @@ CVE-2018-10797
        RESERVED
 CVE-2018-10796 (In 2345 Security Guard 3.7, the driver file 
(2345NetFirewall.sys) ...)
        NOT-FOR-US: 2345 Security Guard
-CVE-2018-10795 (Liferay 6.2.x and before has an FCKeditor configuration that 
allows an ...)
+CVE-2018-10795 (** DISPUTED ** Liferay 6.2.x and before has an FCKeditor 
configuration ...)
        NOT-FOR-US: Liferay
 CVE-2017-18265 (Prosody before 0.10.0 allows remote attackers to cause a 
denial of ...)
        {DSA-4198-1}
@@ -1560,10 +1614,12 @@ CVE-2018-10433
 CVE-2017-18262 (Blackboard Learn (Since at least 17th of October 2017) has 
allowed ...)
        NOT-FOR-US: Blackboard Learn
 CVE-2018-10471 (An issue was discovered in Xen through 4.10.x allowing x86 PV 
guest OS ...)
+       {DSA-4201-1}
        - xen <unfixed>
        [wheezy] - xen <not-affected> (Regression for XSA-254 which was not 
applied in wheezy)
        NOTE: https://xenbits.xen.org/xsa/advisory-259.html
 CVE-2018-10472 (An issue was discovered in Xen through 4.10.x allowing x86 HVM 
guest OS ...)
+       {DSA-4201-1}
        - xen <unfixed>
        [wheezy] - xen <not-affected> (No QMP support in wheezy)
        NOTE: https://xenbits.xen.org/xsa/advisory-258.html
@@ -5273,7 +5329,7 @@ CVE-2018-8899 (IdentityServer IdentityServer4 1.x before 
1.5.3 and 2.x before 2.
 CVE-2018-8898
        RESERVED
 CVE-2018-8897 (A statement in the System Programming Guide of the Intel 64 and 
IA-32 ...)
-       {DSA-4196-1}
+       {DSA-4201-1 DSA-4196-1}
        - linux 4.15.17-1
        NOTE: Fixed by: 
https://git.kernel.org/linus/d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9 (4.16-rc7)
        - xen <unfixed>
@@ -19815,8 +19871,8 @@ CVE-2018-3663
        RESERVED
 CVE-2018-3662
        RESERVED
-CVE-2018-3661
-       RESERVED
+CVE-2018-3661 (Buffer overflow in Intel system Configuration utilities 
selview.exe ...)
+       TODO: check
 CVE-2018-3660
        RESERVED
 CVE-2018-3659
@@ -19869,8 +19925,8 @@ CVE-2018-3636
        RESERVED
 CVE-2018-3635
        RESERVED
-CVE-2018-3634
-       RESERVED
+CVE-2018-3634 (Parameter corruption in NDIS filter driver in Intel Online 
Connect ...)
+       TODO: check
 CVE-2018-3633
        RESERVED
 CVE-2018-3632
@@ -19915,8 +19971,8 @@ CVE-2018-3613
        RESERVED
 CVE-2018-3612 (Intel NUC kits with insufficient input validation in system 
firmware, ...)
        NOT-FOR-US: Intel
-CVE-2018-3611
-       RESERVED
+CVE-2018-3611 (Bounds check vulnerability in User Mode Driver in Intel 
Graphics ...)
+       TODO: check
 CVE-2018-3610 (SEMA driver in Intel Driver and Support Assistant before 
version 3.1.1 ...)
        NOT-FOR-US: Intel
 CVE-2017-17968 (A buffer overflow vulnerability in NetTransport.exe in 
NetTransport ...)
@@ -27139,8 +27195,8 @@ CVE-2018-1133
        RESERVED
 CVE-2018-1132
        RESERVED
-CVE-2018-1131
-       RESERVED
+CVE-2018-1131 (Infinispan permits improper deserialization of trusted data via 
XML ...)
+       TODO: check
 CVE-2018-1130 (Linux kernel before version 4.16-rc7 is vulnerable to a null 
pointer ...)
        - linux 4.15.17-1
        NOTE: Fixed by: 
https://git.kernel.org/linus/67f93df79aeefc3add4e4b31a752600f834236e2
@@ -27308,8 +27364,7 @@ CVE-2018-1088 (A privilege escalation flaw was found in 
gluster 3.x snapshot ...
        NOTE: CVE-2018-1112 causing that auth.allow allows all clients to mount 
volumes.
        NOTE: Cf. https://bugzilla.redhat.com/show_bug.cgi?id=1570891
        NOTE: Needs: https://review.gluster.org/#/c/19899/1..2
-CVE-2018-1087 [error in exception handling leads to wrong debug stack value]
-       RESERVED
+CVE-2018-1087 (kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 
...)
        {DSA-4196-1}
        - linux 4.15.17-1
        NOTE: Fixed by: 
https://git.kernel.org/linus/32d43cd391bacb5f0814c2624399a5dad3501d09 (4.16-rc7)
@@ -74581,8 +74636,8 @@ CVE-2017-2816 (An exploitable buffer overflow 
vulnerability exists in the tag pa
        NOTE: 
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0317
        NOTE: 
https://github.com/libofx/libofx/commit/a70934eea95c76a7737b83773bffe8738935082d
        NOTE: https://github.com/libofx/libofx/issues/9
-CVE-2017-2815
-       RESERVED
+CVE-2017-2815 (An exploitable XML entity injection vulnerability exists in 
OpenFire ...)
+       TODO: check
 CVE-2017-2814 (An exploitable heap overflow vulnerability exists in the image 
...)
        - poppler <unfixed> (unimportant)
        NOTE: Debian links against libjpeg which is unaffected



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/21ea10b67a5f6e08500b9b53f559e2e8bd1be0bf

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/21ea10b67a5f6e08500b9b53f559e2e8bd1be0bf
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to