Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 3a0ec0e5 by security tracker role at 2018-05-25T08:10:16+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,7 +1,51 @@ -CVE-2018-11417 +CVE-2018-11439 + RESERVED +CVE-2018-11438 + RESERVED +CVE-2018-11437 + RESERVED +CVE-2018-11436 + RESERVED +CVE-2018-11435 + RESERVED +CVE-2018-11434 + RESERVED +CVE-2018-11433 + RESERVED +CVE-2018-11432 + RESERVED +CVE-2018-11431 + RESERVED +CVE-2018-11430 + RESERVED +CVE-2018-11429 + RESERVED +CVE-2018-11428 + RESERVED +CVE-2018-11427 + RESERVED +CVE-2018-11426 + RESERVED +CVE-2018-11425 + RESERVED +CVE-2018-11424 RESERVED -CVE-2018-11416 +CVE-2018-11423 RESERVED +CVE-2018-11422 + RESERVED +CVE-2018-11421 + RESERVED +CVE-2018-11420 + RESERVED +CVE-2018-11419 (An issue was discovered in JerryScript 1.0. There is a heap-based ...) + TODO: check +CVE-2018-11418 (An issue was discovered in JerryScript 1.0. There is a heap-based ...) + TODO: check +CVE-2018-11417 + RESERVED +CVE-2018-11416 (jpegoptim.c in jpegoptim 1.4.5 (fixed in 1.4.6) has an invalid use of ...) + TODO: check CVE-2018-11415 (SAP Internet Transaction Server (ITS) 6200.X.X has Reflected Cross Site ...) NOT-FOR-US: SAP Internet Transaction Server CVE-2018-11414 (An issue was discovered in BearAdmin 0.5. There is ...) @@ -9769,8 +9813,8 @@ CVE-2018-7528 (An SQL injection vulnerability has been identified in Geutebruck NOT-FOR-US: IP Geutebruck and Topline IP cameras CVE-2018-7527 (A buffer overflow can be triggered in LeviStudio HMI Editor, Version ...) NOT-FOR-US: LeviStudio HMI Editor -CVE-2018-7526 - RESERVED +CVE-2018-7526 (In TotalAlert Web Application in BeaconMedaes Scroll Medical Air ...) + TODO: check CVE-2018-7525 (In Omron CX-Supervisor Versions 3.30 and prior, processing a malformed ...) NOT-FOR-US: Omron CX-Supervisor CVE-2018-7524 (A cross-site request forgery vulnerability has been identified in ...) @@ -9785,8 +9829,8 @@ CVE-2018-7520 (An improper access control vulnerability has been identified in . NOT-FOR-US: IP Geutebruck and Topline IP cameras CVE-2018-7519 (In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed ...) NOT-FOR-US: Omron CX-Supervisor -CVE-2018-7518 - RESERVED +CVE-2018-7518 (In TotalAlert Web Application in BeaconMedaes Scroll Medical Air ...) + TODO: check CVE-2018-7517 (In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed ...) NOT-FOR-US: Omron CX-Supervisor CVE-2018-7516 (A server-side request forgery vulnerability has been identified in ...) @@ -10175,10 +10219,10 @@ CVE-2018-7409 (In unixODBC before 2.3.5, there is a buffer overflow in the ...) NOTE: https://github.com/lurcher/unixODBC/commit/4f9f77fb4204659ec9b7be8745d9e05a539c80b9 CVE-2018-7408 (An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked ...) - npm <not-affected> (Vulnerable code introduced later) -CVE-2018-7407 - RESERVED -CVE-2018-7406 - RESERVED +CVE-2018-7407 (An issue was discovered in Foxit Reader before 9.1 and PhantomPDF ...) + TODO: check +CVE-2018-7406 (An issue was discovered in Foxit Reader before 9.1 and PhantomPDF ...) + TODO: check CVE-2018-7405 (Cross-site scripting (XSS) in Zoho ManageEngine EventLog Analyzer ...) NOT-FOR-US: Zoho ManageEngine EventLog Analyzer CVE-2018-7404 @@ -15690,20 +15734,20 @@ CVE-2018-5682 (PrestaShop 1.7.2.4 allows user enumeration via the Reset Password NOT-FOR-US: PrestaShop CVE-2018-5681 (PrestaShop 1.7.2.4 has XSS via source-code editing on the "Pages > Edit ...) NOT-FOR-US: PrestaShop -CVE-2018-5680 - RESERVED -CVE-2018-5679 - RESERVED -CVE-2018-5678 - RESERVED -CVE-2018-5677 - RESERVED -CVE-2018-5676 - RESERVED -CVE-2018-5675 - RESERVED -CVE-2018-5674 - RESERVED +CVE-2018-5680 (This vulnerability allows remote attackers to execute arbitrary code ...) + TODO: check +CVE-2018-5679 (This vulnerability allows remote attackers to execute arbitrary code ...) + TODO: check +CVE-2018-5678 (This vulnerability allows remote attackers to execute arbitrary code ...) + TODO: check +CVE-2018-5677 (This vulnerability allows remote attackers to execute arbitrary code ...) + TODO: check +CVE-2018-5676 (This vulnerability allows remote attackers to execute arbitrary code ...) + TODO: check +CVE-2018-5675 (This vulnerability allows remote attackers to execute arbitrary code ...) + TODO: check +CVE-2018-5674 (This vulnerability allows remote attackers to execute arbitrary code ...) + TODO: check CVE-2018-5673 (An issue was discovered in the booking-calendar plugin 2.1.7 for ...) NOT-FOR-US: booking-calendar plugin for WordPress CVE-2018-5672 (An issue was discovered in the booking-calendar plugin 2.1.7 for ...) @@ -16939,15 +16983,17 @@ CVE-2018-5186 RESERVED CVE-2018-5185 RESERVED + {DSA-4209-1} - thunderbird 1:52.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5185 CVE-2018-5184 RESERVED + {DSA-4209-1} - thunderbird 1:52.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5184 CVE-2018-5183 RESERVED - {DSA-4199-1 DLA-1376-1} + {DSA-4209-1 DSA-4199-1 DLA-1376-1} - firefox-esr 52.8.0esr-1 - thunderbird 1:52.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5183 @@ -16968,7 +17014,7 @@ CVE-2018-5179 RESERVED CVE-2018-5178 RESERVED - {DSA-4199-1 DLA-1376-1} + {DSA-4209-1 DSA-4199-1 DLA-1376-1} - firefox-esr 52.8.0esr-1 - thunderbird 1:52.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5178 @@ -17005,6 +17051,7 @@ CVE-2018-5171 RESERVED CVE-2018-5170 RESERVED + {DSA-4209-1} - thunderbird 1:52.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5170 CVE-2018-5169 @@ -17013,7 +17060,7 @@ CVE-2018-5169 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5169 CVE-2018-5168 RESERVED - {DSA-4199-1 DLA-1376-1} + {DSA-4209-1 DSA-4199-1 DLA-1376-1} - firefox 60.0-1 - firefox-esr 52.8.0esr-1 - thunderbird 1:52.8.0-1 @@ -17042,10 +17089,12 @@ CVE-2018-5163 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5163 CVE-2018-5162 RESERVED + {DSA-4209-1} - thunderbird 1:52.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5162 CVE-2018-5161 RESERVED + {DSA-4209-1} - thunderbird 1:52.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5161 CVE-2018-5160 @@ -17054,7 +17103,7 @@ CVE-2018-5160 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5160 CVE-2018-5159 RESERVED - {DSA-4199-1 DLA-1376-1} + {DSA-4209-1 DSA-4199-1 DLA-1376-1} - firefox 60.0-1 - firefox-esr 52.8.0esr-1 - thunderbird 1:52.8.0-1 @@ -17079,7 +17128,7 @@ CVE-2018-5156 RESERVED CVE-2018-5155 RESERVED - {DSA-4199-1 DLA-1376-1} + {DSA-4209-1 DSA-4199-1 DLA-1376-1} - firefox 60.0-1 - firefox-esr 52.8.0esr-1 - thunderbird 1:52.8.0-1 @@ -17088,7 +17137,7 @@ CVE-2018-5155 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5155 CVE-2018-5154 RESERVED - {DSA-4199-1 DLA-1376-1} + {DSA-4209-1 DSA-4199-1 DLA-1376-1} - firefox 60.0-1 - firefox-esr 52.8.0esr-1 - thunderbird 1:52.8.0-1 @@ -17109,7 +17158,7 @@ CVE-2018-5151 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5151 CVE-2018-5150 RESERVED - {DSA-4199-1 DLA-1376-1} + {DSA-4209-1 DSA-4199-1 DLA-1376-1} - firefox 60.0-1 - firefox-esr 52.8.0esr-1 - thunderbird 1:52.8.0-1 @@ -20879,6 +20928,7 @@ CVE-2018-3640 (Systems with microprocessors utilizing speculative execution and NOTE: No software mitigations planned to be implemented in src:linux NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html CVE-2018-3639 (Systems with microprocessors utilizing speculative execution and ...) + {DSA-4210-1} - intel-microcode <unfixed> - amd64-microcode <unfixed> - linux <unfixed> @@ -40364,8 +40414,8 @@ CVE-2017-14189 (An improper access control vulnerability in Fortinet FortiWebMan NOT-FOR-US: Fortinet CVE-2017-14188 RESERVED -CVE-2017-14187 - RESERVED +CVE-2017-14187 (A local privilege escalation and local code execution vulnerability in ...) + TODO: check CVE-2017-14186 (A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 5.6.0 ...) NOT-FOR-US: Fortinet CVE-2017-14185 @@ -53807,8 +53857,8 @@ CVE-2017-9666 RESERVED CVE-2017-9665 RESERVED -CVE-2017-9664 - RESERVED +CVE-2017-9664 (In ABB SREA-01 revisions A, B, C: application versions up to 3.31.5, ...) + TODO: check CVE-2017-9663 (An Cleartext Storage of Sensitive Information issue was discovered in ...) NOT-FOR-US: General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client CVE-2017-9662 (An Improper Privilege Management issue was discovered in Fuji Electric ...) @@ -174960,10 +175010,10 @@ CVE-2013-3026 (Buffer overflow in the Lotus Quickr for Domino ActiveX control in NOT-FOR-US: Lotus Quickr for Domino ActiveX CVE-2013-3025 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Rational ...) NOT-FOR-US: IBM -CVE-2013-3024 - RESERVED -CVE-2013-3023 - RESERVED +CVE-2013-3024 (IBM WebSphere Application Server (WAS) 8.5 through 8.5.0.2 on UNIX ...) + TODO: check +CVE-2013-3023 (IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and ...) + TODO: check CVE-2013-3022 RESERVED CVE-2013-3021 @@ -174972,8 +175022,8 @@ CVE-2013-3020 (IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway NOT-FOR-US: IBM CVE-2013-3019 RESERVED -CVE-2013-3018 - RESERVED +CVE-2013-3018 (The AXIS webapp in deploy-tomcat/axis in IBM Tivoli Application ...) + TODO: check CVE-2013-3017 RESERVED CVE-2013-3016 (IBM WebSphere Portal 6.1, 7.0, and 8.0 allows remote attackers to ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3a0ec0e5cc5577dc83c03f32342aebe87feb3f06 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3a0ec0e5cc5577dc83c03f32342aebe87feb3f06 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits