Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0b477b51 by security tracker role at 2018-05-22T08:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,5 +1,77 @@
-CVE-2018-11329
+CVE-2018-11365 (sas/readstat_sas7bcat_read.c in libreadstat.a in ReadStat
0.1.1 has an ...)
+ TODO: check
+CVE-2018-11364 (sav_parse_machine_integer_info_record in
spss/readstat_sav_read.c in ...)
+ TODO: check
+CVE-2018-11363 (jpeg_size in pdfgen.c in PDFGen before 2018-04-09 has a
heap-based ...)
+ TODO: check
+CVE-2018-11362
+ RESERVED
+CVE-2018-11361
+ RESERVED
+CVE-2018-11360
+ RESERVED
+CVE-2018-11359
+ RESERVED
+CVE-2018-11358
+ RESERVED
+CVE-2018-11357
+ RESERVED
+CVE-2018-11356
+ RESERVED
+CVE-2018-11355
+ RESERVED
+CVE-2018-11354
+ RESERVED
+CVE-2018-11353
+ RESERVED
+CVE-2018-11352
+ RESERVED
+CVE-2018-11351
+ RESERVED
+CVE-2018-11350
+ RESERVED
+CVE-2018-11349
+ RESERVED
+CVE-2018-11348
+ RESERVED
+CVE-2018-11347
+ RESERVED
+CVE-2018-11346 (An insecure direct object reference vulnerability in
download.cgi in ...)
+ TODO: check
+CVE-2018-11345 (An unrestricted file upload vulnerability in upload.cgi in
ASUSTOR ...)
+ TODO: check
+CVE-2018-11344 (A path traversal vulnerability in download.cgi in ASUSTOR
AS6202T ADM ...)
+ TODO: check
+CVE-2018-11343 (A persistent cross site scripting vulnerability in
playlistmanger.cgi ...)
+ TODO: check
+CVE-2018-11342 (A path traversal vulnerability in fileExplorer.cgi in ASUSTOR
AS6202T ...)
+ TODO: check
+CVE-2018-11341 (Directory traversal in importuser.cgi in ASUSTOR AS6202T ADM
3.1.0.RFQ3 ...)
+ TODO: check
+CVE-2018-11340 (An unrestricted file upload vulnerability in importuser.cgi in
ASUSTOR ...)
+ TODO: check
+CVE-2018-11339 (An XSS issue was discovered in Frappe ERPNext v11.x.x-develop
b1036e5 ...)
+ TODO: check
+CVE-2018-11338
+ RESERVED
+CVE-2018-11337
+ RESERVED
+CVE-2018-11336
+ RESERVED
+CVE-2018-11335
+ RESERVED
+CVE-2018-11334
+ RESERVED
+CVE-2018-11333
RESERVED
+CVE-2018-11332
+ RESERVED
+CVE-2018-11331 (An issue was discovered in Pluck before 4.7.6. Remote PHP code
...)
+ TODO: check
+CVE-2018-11330 (An issue was discovered in Pluck before 4.7.6. There is
authenticated ...)
+ TODO: check
+CVE-2018-11329 (The DrugDealer function of a smart contract implementation for
Ether ...)
+ TODO: check
CVE-2018-11328
RESERVED
CVE-2018-11327
@@ -7981,15 +8053,13 @@ CVE-2018-8014 (The defaults settings for the CORS
filter provided in Apache Tomc
NOTE: for their einvironment rather than using it in the default
configuration
CVE-2018-8013
RESERVED
-CVE-2018-8012 [Quorum Peer mutual authentication]
- RESERVED
+CVE-2018-8012 (No authentication/authorization is enforced when a server
attempts to ...)
- zookeeper 3.4.10-2
NOTE: https://issues.apache.org/jira/browse/ZOOKEEPER-1045
NOTE: http://www.openwall.com/lists/oss-security/2018/05/21/6
CVE-2018-8011
RESERVED
-CVE-2018-8010 [XXE vulnerability due to Apache Solr configset upload]
- RESERVED
+CVE-2018-8010 (This vulnerability in Apache Solr 6.0.0 to 6.6.3, 7.0.0 to
7.3.0 ...)
- lucene-solr <not-affected> (Do not allow to upload configsets via the
API)
NOTE: Versions 5.x and earlier are not affected by the vulnerability,
since
NOTE: those versions do not allow to upload configsets via the API.
@@ -8835,8 +8905,8 @@ CVE-2018-7689
RESERVED
CVE-2018-7688
RESERVED
-CVE-2018-7687
- RESERVED
+CVE-2018-7687 (The Micro Focus Client for OES before version 2 SP4 IR8a has a
...)
+ TODO: check
CVE-2018-7686
RESERVED
CVE-2018-7685
@@ -27889,8 +27959,7 @@ CVE-2018-1109
NOTE: https://snyk.io/vuln/npm:braces:20180219
NOTE:
https://github.com/micromatch/braces/commit/abdafb0cae1e0c00f184abbadc692f4eaa98f451
NOTE: nodejs not covered by security support
-CVE-2018-1108 [random: fix crng_ready() test]
- RESERVED
+CVE-2018-1108 (kernel drivers before version 4.17-rc1 are vulnerable to a
weakness in ...)
- linux 4.16.5-1
[jessie] - linux <not-affected> (Vulnerable code not present)
[wheezy] - linux <not-affected> (Vulnerable code not present)
@@ -75850,8 +75919,7 @@ CVE-2017-2609
CVE-2017-2608 (Jenkins before versions 2.44, 2.32.2 is vulnerable to a remote
code ...)
- jenkins <removed>
NOTE: https://jenkins.io/security/advisory/2017-02-01/
-CVE-2017-2607
- RESERVED
+CVE-2017-2607 (jenkins before versions 2.44, 2.32.2 is vulnerable to a
persisted ...)
- jenkins <removed>
NOTE: https://jenkins.io/security/advisory/2017-02-01/
CVE-2017-2606 (Jenkins before versions 2.44, 2.32.2 is vulnerable to an
information ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0b477b51717be96f672686261e01646a4479b333
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0b477b51717be96f672686261e01646a4479b333
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
