Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
356c6b07 by security tracker role at 2018-05-16T20:10:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,151 @@
+CVE-2018-11215
+ RESERVED
+CVE-2018-11214 (An issue was discovered in libjpeg 9a. The get_text_rgb_row
function in ...)
+ TODO: check
+CVE-2018-11213 (An issue was discovered in libjpeg 9a. The get_text_gray_row
function ...)
+ TODO: check
+CVE-2018-11212 (An issue was discovered in libjpeg 9a. The alloc_sarray
function in ...)
+ TODO: check
+CVE-2018-11211
+ RESERVED
+CVE-2018-11210 (TinyXML2 6.2.0 has a heap-based buffer over-read in the ...)
+ TODO: check
+CVE-2018-11209 (** DISPUTED ** An issue was discovered in Z-BlogPHP 2.0.0. ...)
+ TODO: check
+CVE-2018-11208 (** DISPUTED ** An issue was discovered in Z-BlogPHP 2.0.0.
There is a ...)
+ TODO: check
+CVE-2018-11207 (A division by zero was discovered in H5D__chunk_init in
H5Dchunk.c in ...)
+ TODO: check
+CVE-2018-11206 (A out of bounds read was discovered in H5O_fill_new_decode and
...)
+ TODO: check
+CVE-2018-11205 (A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c
in the ...)
+ TODO: check
+CVE-2018-11204 (A NULL pointer dereference was discovered in
H5O__chunk_deserialize in ...)
+ TODO: check
+CVE-2018-11203 (A division by zero was discovered in H5D__btree_decode_key in
...)
+ TODO: check
+CVE-2018-11202 (A NULL pointer dereference was discovered in
H5S_hyper_make_spans in ...)
+ TODO: check
+CVE-2018-11201
+ RESERVED
+CVE-2018-11200
+ RESERVED
+CVE-2018-11199
+ RESERVED
+CVE-2018-11198
+ RESERVED
+CVE-2018-11197
+ RESERVED
+CVE-2018-11196
+ RESERVED
+CVE-2018-11195
+ RESERVED
+CVE-2018-11194
+ RESERVED
+CVE-2018-11193
+ RESERVED
+CVE-2018-11192
+ RESERVED
+CVE-2018-11191
+ RESERVED
+CVE-2018-11190
+ RESERVED
+CVE-2018-11189
+ RESERVED
+CVE-2018-11188
+ RESERVED
+CVE-2018-11187
+ RESERVED
+CVE-2018-11186
+ RESERVED
+CVE-2018-11185
+ RESERVED
+CVE-2018-11184
+ RESERVED
+CVE-2018-11183
+ RESERVED
+CVE-2018-11182
+ RESERVED
+CVE-2018-11181
+ RESERVED
+CVE-2018-11180
+ RESERVED
+CVE-2018-11179
+ RESERVED
+CVE-2018-11178
+ RESERVED
+CVE-2018-11177
+ RESERVED
+CVE-2018-11176
+ RESERVED
+CVE-2018-11175
+ RESERVED
+CVE-2018-11174
+ RESERVED
+CVE-2018-11173
+ RESERVED
+CVE-2018-11172
+ RESERVED
+CVE-2018-11171
+ RESERVED
+CVE-2018-11170
+ RESERVED
+CVE-2018-11169
+ RESERVED
+CVE-2018-11168
+ RESERVED
+CVE-2018-11167
+ RESERVED
+CVE-2018-11166
+ RESERVED
+CVE-2018-11165
+ RESERVED
+CVE-2018-11164
+ RESERVED
+CVE-2018-11163
+ RESERVED
+CVE-2018-11162
+ RESERVED
+CVE-2018-11161
+ RESERVED
+CVE-2018-11160
+ RESERVED
+CVE-2018-11159
+ RESERVED
+CVE-2018-11158
+ RESERVED
+CVE-2018-11157
+ RESERVED
+CVE-2018-11156
+ RESERVED
+CVE-2018-11155
+ RESERVED
+CVE-2018-11154
+ RESERVED
+CVE-2018-11153
+ RESERVED
+CVE-2018-11152
+ RESERVED
+CVE-2018-11151
+ RESERVED
+CVE-2018-11150
+ RESERVED
+CVE-2018-11149
+ RESERVED
+CVE-2018-11148
+ RESERVED
+CVE-2018-11147
+ RESERVED
+CVE-2018-11146
+ RESERVED
+CVE-2018-11145
+ RESERVED
+CVE-2018-11144
+ RESERVED
+CVE-2018-11143
+ RESERVED
+CVE-2018-11142
+ RESERVED
CVE-2018-11141
RESERVED
CVE-2018-11140
@@ -700,8 +848,8 @@ CVE-2018-10812 (The Bitpie application through 3.2.4 for
Android and iOS uses cl
NOT-FOR-US: Bitpie application for Android and iOS
CVE-2018-10811
RESERVED
-CVE-2018-10810
- RESERVED
+CVE-2018-10810 (chat/mobile/index.php in LiveZilla Live Chat 7.0.9.5 and prior
is ...)
+ TODO: check
CVE-2018-10809 (In 2345 Security Guard 3.7, the driver file
(2345NetFirewall.sys) ...)
NOT-FOR-US: 2345 Security Guard
CVE-2018-10808
@@ -721,6 +869,7 @@ CVE-2018-10803 (Cross-site scripting (XSS) vulnerability in
the add credentials
NOT-FOR-US: Zoho ManageEngine NetFlow Analyzer
CVE-2018-1000301 [RTSP bad headers buffer over-read]
RESERVED
+ {DSA-4202-1 DLA-1379-1}
- curl <unfixed> (bug #898856)
NOTE: https://curl.haxx.se/docs/adv_2018-b138.html
CVE-2018-1000300 [FTP shutdown response buffer overflow]
@@ -853,10 +1002,10 @@ CVE-2018-10762
RESERVED
CVE-2018-10761
RESERVED
-CVE-2018-10760
- RESERVED
-CVE-2018-10759
- RESERVED
+CVE-2018-10760 (Unrestricted file upload vulnerability in the Files plugin in
...)
+ TODO: check
+CVE-2018-10759 (PHP remote file inclusion vulnerability in
public/patch/patch.php in ...)
+ TODO: check
CVE-2018-XXXX [Checker config files allow arbitrary code execution scenarios]
- vim-syntastic 3.9.0-1 (bug #894736)
NOTE: https://github.com/vim-syntastic/syntastic/issues/2170
@@ -909,14 +1058,14 @@ CVE-2018-10740 (Axublog 1.1.0 allows remote Code
Execution as demonstrated by in
NOT-FOR-US: Axublog
CVE-2018-10739 (An issue was discovered in Shanghai 2345 Security Guard 3.7.0.
...)
NOT-FOR-US: Shanghai 2345 Security Guard
-CVE-2018-10738
- RESERVED
-CVE-2018-10737
- RESERVED
-CVE-2018-10736
- RESERVED
-CVE-2018-10735
- RESERVED
+CVE-2018-10738 (A SQL injection issue was discovered in Nagios XI before
5.4.13 via the ...)
+ TODO: check
+CVE-2018-10737 (A SQL injection issue was discovered in Nagios XI before
5.4.13 via the ...)
+ TODO: check
+CVE-2018-10736 (A SQL injection issue was discovered in Nagios XI before
5.4.13 via the ...)
+ TODO: check
+CVE-2018-10735 (A SQL injection issue was discovered in Nagios XI before
5.4.13 via the ...)
+ TODO: check
CVE-2018-10734 (KONGTOP DVR devices A303, A403, D303, D305, and D403 contain a
...)
NOT-FOR-US: KONGTOP DVR devices
CVE-2018-10733 (There is a heap-based buffer over-read in the function ...)
@@ -2103,10 +2252,10 @@ CVE-2014-10073 (The create_response function in
server/server.c in Psensor befor
- psensor 1.1.5-1 (low; bug #896195)
[jessie] - psensor <no-dsa> (Minor issue)
NOTE:
http://git.wpitchoune.net/gitweb/?p=psensor.git;a=commitdiff;h=8b10426dcc0246c1712a99460dd470dcb1cc4d9c
-CVE-2018-10241
- RESERVED
-CVE-2018-10240
- RESERVED
+CVE-2018-10241 (A denial of service vulnerability in SolarWinds Serv-U before
15.1.6 ...)
+ TODO: check
+CVE-2018-10240 (SolarWinds Serv-U MFT before 15.1.6 HFv1 assigns authenticated
users a ...)
+ TODO: check
CVE-2018-10239
RESERVED
CVE-2018-10238 (bvlc.c in skarg BACnet Protocol Stack 0.8.5 has a buffer
overflow in ...)
@@ -2417,8 +2566,8 @@ CVE-2018-10126 (LibTIFF 4.0.9 has a NULL pointer
dereference in the jpeg_fdct_16
NOTE: Crash in CLI tool, no security impact
CVE-2018-10125
RESERVED
-CVE-2018-10123
- RESERVED
+CVE-2018-10123 (p910nd on Inteno IOPSYS 2.0 through 4.2.0 allows remote
attackers to ...)
+ TODO: check
CVE-2018-10122 (QingDao Nature Easy Soft Chanzhi Enterprise Portal System (aka
...)
NOT-FOR-US: QingDao Nature Easy Soft Chanzhi Enterprise Portal System
CVE-2018-10121 (plugins/box/pages/pages.admin.php in Monstra CMS 3.0.4 has a
stored XSS ...)
@@ -7456,8 +7605,7 @@ CVE-2018-8016
RESERVED
CVE-2018-8015
RESERVED
-CVE-2018-8014 [Insecure defaults for CORS filter]
- RESERVED
+CVE-2018-8014 (The defaults settings for the CORS filter provided in Apache
Tomcat ...)
- tomcat9 <itp> (bug #802312)
- tomcat8 <unfixed>
- tomcat8.0 <unfixed> (unimportant)
@@ -15924,8 +16072,8 @@ CVE-2018-5233 (Cross-site scripting (XSS) vulnerability
in ...)
NOT-FOR-US: Grav CMS admin plugin
CVE-2018-5232
RESERVED
-CVE-2018-5231
- RESERVED
+CVE-2018-5231 (The ForgotLoginDetails resource in Atlassian Jira before
version ...)
+ TODO: check
CVE-2018-5230 (The issue collector in Atlassian Jira before version 7.6.6,
from ...)
NOT-FOR-US: Atlassian
CVE-2018-5229
@@ -17111,8 +17259,8 @@ CVE-2018-4852
RESERVED
CVE-2018-4851
RESERVED
-CVE-2018-4850
- RESERVED
+CVE-2018-4850 (A vulnerability has been identified in SIMATIC S7-400 (incl. F)
CPU ...)
+ TODO: check
CVE-2018-4849 (A vulnerability has been identified in Siveillance VMS Video
for ...)
NOT-FOR-US: Siveillance VMS Video
CVE-2018-4848
@@ -23754,8 +23902,7 @@ CVE-2017-17691
RESERVED
CVE-2017-17690
RESERVED
-CVE-2017-17689 [S/MIME CBC gadget attacks]
- RESERVED
+CVE-2017-17689 (The S/MIME specification allows a Cipher Block Chaining (CBC)
...)
- thunderbird <unfixed> (bug #898631)
- evolution <unfixed> (bug #898633)
- kmail <unfixed> (bug #898634)
@@ -23763,8 +23910,7 @@ CVE-2017-17689 [S/MIME CBC gadget attacks]
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=796135
NOTE: https://dot.kde.org/2018/05/15/efail-and-kmail
TODO: check all clients
-CVE-2017-17688 [OpenPGP CFB gadget attacks]
- RESERVED
+CVE-2017-17688 (** DISPUTED ** The OpenPGP specification allows a Cipher
Feedback Mode ...)
- enigmail <unfixed> (bug #898630)
NOTE: vulnerability is in the clients handling, not in OpenPGP
NOTE: https://efail.de
@@ -60060,7 +60206,8 @@ CVE-2017-7475 (Cairo version 1.15.4 is vulnerable to a
NULL pointer dereference
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=100763
CVE-2017-7474 (It was found that the Keycloak Node.js adapter 2.5 - 3.0 did
not ...)
NOT-FOR-US: Keycloak
-CVE-2017-7473 (Ansible versions 2.2.3 and earlier are vulnerable to an
information ...)
+CVE-2017-7473
+ REJECTED
- ansible <unfixed> (unimportant; bug #863583)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1440912
NOTE: Upstream issue is https://github.com/ansible/ansible/issues/22505
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/356c6b07ac4d3e14c5f426bd7f3792aab45d8b4a
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/356c6b07ac4d3e14c5f426bd7f3792aab45d8b4a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
