[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Fri, 25 May 2018 01:11:00 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
3a0ec0e5 by security tracker role at 2018-05-25T08:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,7 +1,51 @@
-CVE-2018-11417
+CVE-2018-11439
+       RESERVED
+CVE-2018-11438
+       RESERVED
+CVE-2018-11437
+       RESERVED
+CVE-2018-11436
+       RESERVED
+CVE-2018-11435
+       RESERVED
+CVE-2018-11434
+       RESERVED
+CVE-2018-11433
+       RESERVED
+CVE-2018-11432
+       RESERVED
+CVE-2018-11431
+       RESERVED
+CVE-2018-11430
+       RESERVED
+CVE-2018-11429
+       RESERVED
+CVE-2018-11428
+       RESERVED
+CVE-2018-11427
+       RESERVED
+CVE-2018-11426
+       RESERVED
+CVE-2018-11425
+       RESERVED
+CVE-2018-11424
        RESERVED
-CVE-2018-11416
+CVE-2018-11423
        RESERVED
+CVE-2018-11422
+       RESERVED
+CVE-2018-11421
+       RESERVED
+CVE-2018-11420
+       RESERVED
+CVE-2018-11419 (An issue was discovered in JerryScript 1.0. There is a 
heap-based ...)
+       TODO: check
+CVE-2018-11418 (An issue was discovered in JerryScript 1.0. There is a 
heap-based ...)
+       TODO: check
+CVE-2018-11417
+       RESERVED
+CVE-2018-11416 (jpegoptim.c in jpegoptim 1.4.5 (fixed in 1.4.6) has an invalid 
use of ...)
+       TODO: check
 CVE-2018-11415 (SAP Internet Transaction Server (ITS) 6200.X.X has Reflected 
Cross Site ...)
        NOT-FOR-US: SAP Internet Transaction Server
 CVE-2018-11414 (An issue was discovered in BearAdmin 0.5. There is ...)
@@ -9769,8 +9813,8 @@ CVE-2018-7528 (An SQL injection vulnerability has been 
identified in Geutebruck 
        NOT-FOR-US: IP Geutebruck and Topline IP cameras
 CVE-2018-7527 (A buffer overflow can be triggered in LeviStudio HMI Editor, 
Version ...)
        NOT-FOR-US: LeviStudio HMI Editor
-CVE-2018-7526
-       RESERVED
+CVE-2018-7526 (In TotalAlert Web Application in BeaconMedaes Scroll Medical 
Air ...)
+       TODO: check
 CVE-2018-7525 (In Omron CX-Supervisor Versions 3.30 and prior, processing a 
malformed ...)
        NOT-FOR-US: Omron CX-Supervisor
 CVE-2018-7524 (A cross-site request forgery vulnerability has been identified 
in ...)
@@ -9785,8 +9829,8 @@ CVE-2018-7520 (An improper access control vulnerability 
has been identified in .
        NOT-FOR-US: IP Geutebruck and Topline IP cameras
 CVE-2018-7519 (In Omron CX-Supervisor Versions 3.30 and prior, parsing 
malformed ...)
        NOT-FOR-US: Omron CX-Supervisor
-CVE-2018-7518
-       RESERVED
+CVE-2018-7518 (In TotalAlert Web Application in BeaconMedaes Scroll Medical 
Air ...)
+       TODO: check
 CVE-2018-7517 (In Omron CX-Supervisor Versions 3.30 and prior, parsing 
malformed ...)
        NOT-FOR-US: Omron CX-Supervisor
 CVE-2018-7516 (A server-side request forgery vulnerability has been identified 
in ...)
@@ -10175,10 +10219,10 @@ CVE-2018-7409 (In unixODBC before 2.3.5, there is a 
buffer overflow in the ...)
        NOTE: 
https://github.com/lurcher/unixODBC/commit/4f9f77fb4204659ec9b7be8745d9e05a539c80b9
 CVE-2018-7408 (An issue was discovered in an npm 5.7.0 2018-02-21 pre-release 
(marked ...)
        - npm <not-affected> (Vulnerable code introduced later)
-CVE-2018-7407
-       RESERVED
-CVE-2018-7406
-       RESERVED
+CVE-2018-7407 (An issue was discovered in Foxit Reader before 9.1 and 
PhantomPDF ...)
+       TODO: check
+CVE-2018-7406 (An issue was discovered in Foxit Reader before 9.1 and 
PhantomPDF ...)
+       TODO: check
 CVE-2018-7405 (Cross-site scripting (XSS) in Zoho ManageEngine EventLog 
Analyzer ...)
        NOT-FOR-US: Zoho ManageEngine EventLog Analyzer
 CVE-2018-7404
@@ -15690,20 +15734,20 @@ CVE-2018-5682 (PrestaShop 1.7.2.4 allows user 
enumeration via the Reset Password
        NOT-FOR-US: PrestaShop
 CVE-2018-5681 (PrestaShop 1.7.2.4 has XSS via source-code editing on the 
&quot;Pages &gt; Edit ...)
        NOT-FOR-US: PrestaShop
-CVE-2018-5680
-       RESERVED
-CVE-2018-5679
-       RESERVED
-CVE-2018-5678
-       RESERVED
-CVE-2018-5677
-       RESERVED
-CVE-2018-5676
-       RESERVED
-CVE-2018-5675
-       RESERVED
-CVE-2018-5674
-       RESERVED
+CVE-2018-5680 (This vulnerability allows remote attackers to execute arbitrary 
code ...)
+       TODO: check
+CVE-2018-5679 (This vulnerability allows remote attackers to execute arbitrary 
code ...)
+       TODO: check
+CVE-2018-5678 (This vulnerability allows remote attackers to execute arbitrary 
code ...)
+       TODO: check
+CVE-2018-5677 (This vulnerability allows remote attackers to execute arbitrary 
code ...)
+       TODO: check
+CVE-2018-5676 (This vulnerability allows remote attackers to execute arbitrary 
code ...)
+       TODO: check
+CVE-2018-5675 (This vulnerability allows remote attackers to execute arbitrary 
code ...)
+       TODO: check
+CVE-2018-5674 (This vulnerability allows remote attackers to execute arbitrary 
code ...)
+       TODO: check
 CVE-2018-5673 (An issue was discovered in the booking-calendar plugin 2.1.7 
for ...)
        NOT-FOR-US: booking-calendar plugin for WordPress
 CVE-2018-5672 (An issue was discovered in the booking-calendar plugin 2.1.7 
for ...)
@@ -16939,15 +16983,17 @@ CVE-2018-5186
        RESERVED
 CVE-2018-5185
        RESERVED
+       {DSA-4209-1}
        - thunderbird 1:52.8.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5185
 CVE-2018-5184
        RESERVED
+       {DSA-4209-1}
        - thunderbird 1:52.8.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5184
 CVE-2018-5183
        RESERVED
-       {DSA-4199-1 DLA-1376-1}
+       {DSA-4209-1 DSA-4199-1 DLA-1376-1}
        - firefox-esr 52.8.0esr-1
        - thunderbird 1:52.8.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5183
@@ -16968,7 +17014,7 @@ CVE-2018-5179
        RESERVED
 CVE-2018-5178
        RESERVED
-       {DSA-4199-1 DLA-1376-1}
+       {DSA-4209-1 DSA-4199-1 DLA-1376-1}
        - firefox-esr 52.8.0esr-1
        - thunderbird 1:52.8.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5178
@@ -17005,6 +17051,7 @@ CVE-2018-5171
        RESERVED
 CVE-2018-5170
        RESERVED
+       {DSA-4209-1}
        - thunderbird 1:52.8.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5170
 CVE-2018-5169
@@ -17013,7 +17060,7 @@ CVE-2018-5169
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5169
 CVE-2018-5168
        RESERVED
-       {DSA-4199-1 DLA-1376-1}
+       {DSA-4209-1 DSA-4199-1 DLA-1376-1}
        - firefox 60.0-1
        - firefox-esr 52.8.0esr-1
        - thunderbird 1:52.8.0-1
@@ -17042,10 +17089,12 @@ CVE-2018-5163
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5163
 CVE-2018-5162
        RESERVED
+       {DSA-4209-1}
        - thunderbird 1:52.8.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5162
 CVE-2018-5161
        RESERVED
+       {DSA-4209-1}
        - thunderbird 1:52.8.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5161
 CVE-2018-5160
@@ -17054,7 +17103,7 @@ CVE-2018-5160
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5160
 CVE-2018-5159
        RESERVED
-       {DSA-4199-1 DLA-1376-1}
+       {DSA-4209-1 DSA-4199-1 DLA-1376-1}
        - firefox 60.0-1
        - firefox-esr 52.8.0esr-1
        - thunderbird 1:52.8.0-1
@@ -17079,7 +17128,7 @@ CVE-2018-5156
        RESERVED
 CVE-2018-5155
        RESERVED
-       {DSA-4199-1 DLA-1376-1}
+       {DSA-4209-1 DSA-4199-1 DLA-1376-1}
        - firefox 60.0-1
        - firefox-esr 52.8.0esr-1
        - thunderbird 1:52.8.0-1
@@ -17088,7 +17137,7 @@ CVE-2018-5155
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5155
 CVE-2018-5154
        RESERVED
-       {DSA-4199-1 DLA-1376-1}
+       {DSA-4209-1 DSA-4199-1 DLA-1376-1}
        - firefox 60.0-1
        - firefox-esr 52.8.0esr-1
        - thunderbird 1:52.8.0-1
@@ -17109,7 +17158,7 @@ CVE-2018-5151
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5151
 CVE-2018-5150
        RESERVED
-       {DSA-4199-1 DLA-1376-1}
+       {DSA-4209-1 DSA-4199-1 DLA-1376-1}
        - firefox 60.0-1
        - firefox-esr 52.8.0esr-1
        - thunderbird 1:52.8.0-1
@@ -20879,6 +20928,7 @@ CVE-2018-3640 (Systems with microprocessors utilizing 
speculative execution and 
        NOTE: No software mitigations planned to be implemented in src:linux
        NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html
 CVE-2018-3639 (Systems with microprocessors utilizing speculative execution 
and ...)
+       {DSA-4210-1}
        - intel-microcode <unfixed>
        - amd64-microcode <unfixed>
        - linux <unfixed>
@@ -40364,8 +40414,8 @@ CVE-2017-14189 (An improper access control 
vulnerability in Fortinet FortiWebMan
        NOT-FOR-US: Fortinet
 CVE-2017-14188
        RESERVED
-CVE-2017-14187
-       RESERVED
+CVE-2017-14187 (A local privilege escalation and local code execution 
vulnerability in ...)
+       TODO: check
 CVE-2017-14186 (A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 
5.6.0 ...)
        NOT-FOR-US: Fortinet
 CVE-2017-14185
@@ -53807,8 +53857,8 @@ CVE-2017-9666
        RESERVED
 CVE-2017-9665
        RESERVED
-CVE-2017-9664
-       RESERVED
+CVE-2017-9664 (In ABB SREA-01 revisions A, B, C: application versions up to 
3.31.5, ...)
+       TODO: check
 CVE-2017-9663 (An Cleartext Storage of Sensitive Information issue was 
discovered in ...)
        NOT-FOR-US: General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client
 CVE-2017-9662 (An Improper Privilege Management issue was discovered in Fuji 
Electric ...)
@@ -174960,10 +175010,10 @@ CVE-2013-3026 (Buffer overflow in the Lotus Quickr 
for Domino ActiveX control in
        NOT-FOR-US: Lotus Quickr for Domino ActiveX
 CVE-2013-3025 (Multiple cross-site scripting (XSS) vulnerabilities in IBM 
Rational ...)
        NOT-FOR-US: IBM
-CVE-2013-3024
-       RESERVED
-CVE-2013-3023
-       RESERVED
+CVE-2013-3024 (IBM WebSphere Application Server (WAS) 8.5 through 8.5.0.2 on 
UNIX ...)
+       TODO: check
+CVE-2013-3023 (IBM Tivoli Application Dependency Discovery Manager (TADDM) 
7.1.2 and ...)
+       TODO: check
 CVE-2013-3022
        RESERVED
 CVE-2013-3021
@@ -174972,8 +175022,8 @@ CVE-2013-3020 (IBM Sterling B2B Integrator 5.1 and 
5.2 and Sterling File Gateway
        NOT-FOR-US: IBM
 CVE-2013-3019
        RESERVED
-CVE-2013-3018
-       RESERVED
+CVE-2013-3018 (The AXIS webapp in deploy-tomcat/axis in IBM Tivoli Application 
...)
+       TODO: check
 CVE-2013-3017
        RESERVED
 CVE-2013-3016 (IBM WebSphere Portal 6.1, 7.0, and 8.0 allows remote attackers 
to ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3a0ec0e5cc5577dc83c03f32342aebe87feb3f06

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3a0ec0e5cc5577dc83c03f32342aebe87feb3f06
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to