Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5d543050 by security tracker role at 2018-06-05T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,143 @@
+CVE-2018-11805
+ RESERVED
+CVE-2018-11804
+ RESERVED
+CVE-2018-11803
+ RESERVED
+CVE-2018-11802
+ RESERVED
+CVE-2018-11801
+ RESERVED
+CVE-2018-11800
+ RESERVED
+CVE-2018-11799
+ RESERVED
+CVE-2018-11798
+ RESERVED
+CVE-2018-11797
+ RESERVED
+CVE-2018-11796
+ RESERVED
+CVE-2018-11795
+ RESERVED
+CVE-2018-11794
+ RESERVED
+CVE-2018-11793
+ RESERVED
+CVE-2018-11792
+ RESERVED
+CVE-2018-11791
+ RESERVED
+CVE-2018-11790
+ RESERVED
+CVE-2018-11789
+ RESERVED
+CVE-2018-11788
+ RESERVED
+CVE-2018-11787
+ RESERVED
+CVE-2018-11786
+ RESERVED
+CVE-2018-11785
+ RESERVED
+CVE-2018-11784
+ RESERVED
+CVE-2018-11783
+ RESERVED
+CVE-2018-11782
+ RESERVED
+CVE-2018-11781
+ RESERVED
+CVE-2018-11780
+ RESERVED
+CVE-2018-11779
+ RESERVED
+CVE-2018-11778
+ RESERVED
+CVE-2018-11777
+ RESERVED
+CVE-2018-11776
+ RESERVED
+CVE-2018-11775
+ RESERVED
+CVE-2018-11774
+ RESERVED
+CVE-2018-11773
+ RESERVED
+CVE-2018-11772
+ RESERVED
+CVE-2018-11771
+ RESERVED
+CVE-2018-11770
+ RESERVED
+CVE-2018-11769
+ RESERVED
+CVE-2018-11768
+ RESERVED
+CVE-2018-11767
+ RESERVED
+CVE-2018-11766
+ RESERVED
+CVE-2018-11765
+ RESERVED
+CVE-2018-11764
+ RESERVED
+CVE-2018-11763
+ RESERVED
+CVE-2018-11762
+ RESERVED
+CVE-2018-11761
+ RESERVED
+CVE-2018-11760
+ RESERVED
+CVE-2018-11759
+ RESERVED
+CVE-2018-11758
+ RESERVED
+CVE-2018-11757
+ RESERVED
+CVE-2018-11756
+ RESERVED
+CVE-2018-11755
+ RESERVED
+CVE-2018-11754
+ RESERVED
+CVE-2018-11753
+ RESERVED
+CVE-2018-11752
+ RESERVED
+CVE-2018-11751
+ RESERVED
+CVE-2018-11750
+ RESERVED
+CVE-2018-11749
+ RESERVED
+CVE-2018-11748
+ RESERVED
+CVE-2018-11747
+ RESERVED
+CVE-2018-11746
+ RESERVED
+CVE-2018-11745
+ RESERVED
+CVE-2018-11744
+ RESERVED
+CVE-2018-11743 (The init_copy function in kernel.c in mruby 1.4.1 makes
initialize_copy ...)
+ TODO: check
+CVE-2018-11742
+ RESERVED
+CVE-2018-11741
+ RESERVED
+CVE-2018-11740 (An issue was discovered in libtskbase.a in The Sleuth Kit
(TSK) from ...)
+ TODO: check
+CVE-2018-11739 (An issue was discovered in libtskimg.a in The Sleuth Kit (TSK)
from ...)
+ TODO: check
+CVE-2018-11738 (An issue was discovered in libtskfs.a in The Sleuth Kit (TSK)
from ...)
+ TODO: check
+CVE-2018-11737 (An issue was discovered in libtskfs.a in The Sleuth Kit (TSK)
from ...)
+ TODO: check
+CVE-2018-1000201
+ RESERVED
CVE-2018-11736 (An issue was discovered in Pluck before 4.7.7-dev2. ...)
NOT-FOR-US: Pluck CMS
CVE-2018-11735 (index.php?action=createaccount in Ximdex 4.0 has XSS via the
sname or ...)
@@ -26,8 +166,8 @@ CVE-2018-11724
RESERVED
CVE-2018-11723
RESERVED
-CVE-2018-11722
- RESERVED
+CVE-2018-11722 (WUZHI CMS 4.1.0 has a SQL Injection in api/uc.php via the
'code' ...)
+ TODO: check
CVE-2018-11721
RESERVED
CVE-2018-11720
@@ -184,8 +324,8 @@ CVE-2018-11680 (An issue was discovered in CmsEasy
6.1_20180508. There is a CSRF
NOT-FOR-US: CmsEasy
CVE-2018-11679 (An issue was discovered in CmsEasy 6.1_20180508. There is a
CSRF ...)
NOT-FOR-US: CmsEasy
-CVE-2018-11678
- RESERVED
+CVE-2018-11678 (plugins/box/users/users.plugin.php in Monstra CMS 3.0.4 allows
Login ...)
+ TODO: check
CVE-2018-11677
RESERVED
CVE-2018-11676
@@ -460,8 +600,8 @@ CVE-2018-11556 (tificc in Little CMS 2.9 has an
out-of-bounds write in the ...)
NOT-FOR-US: Little CMS
CVE-2018-11555 (tificc in Little CMS 2.9 has an out-of-bounds write in the ...)
NOT-FOR-US: Little CMS
-CVE-2018-11554
- RESERVED
+CVE-2018-11554 (The forgotten-password feature in ...)
+ TODO: check
CVE-2018-11553
RESERVED
CVE-2018-11552 (There is a reflected XSS vulnerability in AXON PBX 2.02 via
the ...)
@@ -1103,10 +1243,10 @@ CVE-2018-11321 (An issue was discovered in com_fields
in Joomla! Core before 3.8
NOT-FOR-US: Joomla!
CVE-2018-11320 (In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables
that are ...)
NOT-FOR-US: Octopus Deploy
-CVE-2018-1000181
- RESERVED
-CVE-2018-1000180
- RESERVED
+CVE-2018-1000181 (Kitura 2.3.0 and earlier have an unintended read access to
...)
+ TODO: check
+CVE-2018-1000180 (Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and
earlier ...)
+ TODO: check
CVE-2018-11318
RESERVED
CVE-2018-11317
@@ -1972,8 +2112,8 @@ CVE-2018-10968 (On D-Link DIR-550A and DIR-604M devices
through v2.10KR, a malic
NOT-FOR-US: D-Link
CVE-2018-10967 (On D-Link DIR-550A and DIR-604M devices through v2.10KR, a
malicious ...)
NOT-FOR-US: D-Link
-CVE-2018-10966
- RESERVED
+CVE-2018-10966 (An issue was discovered in GamerPolls 0.4.6, related to ...)
+ TODO: check
CVE-2018-10965
RESERVED
CVE-2018-10964
@@ -2316,8 +2456,8 @@ CVE-2018-10815
RESERVED
CVE-2018-10814
RESERVED
-CVE-2018-10813
- RESERVED
+CVE-2018-10813 (In Dedos-web 1.0, the cookie and session secrets used in the
...)
+ TODO: check
CVE-2018-10812 (The Bitpie application through 3.2.4 for Android and iOS uses
cleartext ...)
NOT-FOR-US: Bitpie application for Android and iOS
CVE-2018-10811 [Missing Initialization of a Variable in IKEv2 Key Derivation]
@@ -3859,8 +3999,7 @@ CVE-2018-10194 (The set_text_distance function in
devices/vector/gdevpdts.c in t
[jessie] - ghostscript <no-dsa> (Minor issue)
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=39b1e54b2968620723bf32e96764c88797714879
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699255 (not yet
public)
-CVE-2018-1000200 [mm, oom: fix concurrent munlock and oom reaper unmap]
- RESERVED
+CVE-2018-1000200 (The Linux Kernel versions 4.14, 4.15, and 4.16 has a null
pointer ...)
- linux 4.16.12-1
[stretch] - linux <not-affected> (Vulnerable code introduced later)
[jessie] - linux <not-affected> (Vulnerable code introduced later)
@@ -7014,10 +7153,10 @@ CVE-2018-8926
RESERVED
CVE-2018-8925
RESERVED
-CVE-2018-8924
- RESERVED
-CVE-2018-8923
- RESERVED
+CVE-2018-8924 (Cross-site scripting (XSS) vulnerability in Title Tootip in
Synology ...)
+ TODO: check
+CVE-2018-8923 (Cross-site scripting (XSS) vulnerability in Attachment Preview
in ...)
+ TODO: check
CVE-2018-8922 (Improper access control vulnerability in Synology Drive before
...)
NOT-FOR-US: Synology Drive
CVE-2018-8921 (Cross-site scripting (XSS) vulnerability in File Sharing Notify
Toast ...)
@@ -9217,8 +9356,7 @@ CVE-2018-8010 (This vulnerability in Apache Solr 6.0.0 to
6.6.3, 7.0.0 to 7.3.0
NOTE: https://issues.apache.org/jira/browse/SOLR-12316
CVE-2018-8009
RESERVED
-CVE-2018-8008
- RESERVED
+CVE-2018-8008 (Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and
version ...)
NOT-FOR-US: Apache Storm
CVE-2018-8007
RESERVED
@@ -9370,8 +9508,8 @@ CVE-2018-7945
RESERVED
CVE-2018-7944
RESERVED
-CVE-2018-7943
- RESERVED
+CVE-2018-7943 (There is an authentication bypass vulnerability in some Huawei
...)
+ TODO: check
CVE-2018-7942 (The iBMC (Intelligent Baseboard Management Controller) of some
Huawei ...)
NOT-FOR-US: Huawei
CVE-2018-7941 (Huawei iBMC V200R002C60 have an authentication bypass
vulnerability. A ...)
@@ -13235,8 +13373,8 @@ CVE-2018-6664 (Application Protections Bypass
vulnerability in Microsoft Windows
NOT-FOR-US: McAfee
CVE-2018-6663
RESERVED
-CVE-2018-6662
- RESERVED
+CVE-2018-6662 (Privilege Escalation vulnerability in McAfee Management of
Native ...)
+ TODO: check
CVE-2018-6661 (DLL Side-Loading vulnerability in Microsoft Windows Client in
McAfee ...)
NOT-FOR-US: McAfee
CVE-2018-6660 (Directory Traversal vulnerability in McAfee ePolicy
Orchestrator (ePO) ...)
@@ -27505,8 +27643,8 @@ CVE-2018-1456
RESERVED
CVE-2018-1455
RESERVED
-CVE-2018-1454
- RESERVED
+CVE-2018-1454 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could
allow a ...)
+ TODO: check
CVE-2018-1453
RESERVED
CVE-2018-1452 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect
Server) 9.7, ...)
@@ -27549,8 +27687,8 @@ CVE-2018-1434 (IBM SAN Volume Controller, IBM Storwize,
IBM Spectrum Virtualize
NOT-FOR-US: IBM
CVE-2018-1433 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum
Virtualize and ...)
NOT-FOR-US: IBM
-CVE-2018-1432
- RESERVED
+CVE-2018-1432 (IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is
...)
+ TODO: check
CVE-2018-1431
RESERVED
CVE-2018-1430 (IBM API Connect 5.0.0.0 through 5.0.8.2 is vulnerable to
cross-site ...)
@@ -28404,8 +28542,7 @@ CVE-2018-1334
RESERVED
CVE-2018-1333
RESERVED
-CVE-2018-1332
- RESERVED
+CVE-2018-1332 (Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and
version ...)
NOT-FOR-US: Apache Storm
CVE-2018-1331
RESERVED
@@ -28702,8 +28839,8 @@ CVE-2018-1254
RESERVED
CVE-2018-1253
RESERVED
-CVE-2018-1252
- RESERVED
+CVE-2018-1252 (RSA Web Threat Detection versions prior to 6.4, contain an SQL
...)
+ TODO: check
CVE-2018-1251
RESERVED
CVE-2018-1250
@@ -35465,7 +35602,7 @@ CVE-2017-16038 (`f2e-server` 1.12.11 and earlier is
vulnerable to a directory ..
TODO: check
CVE-2017-16037 (`gomeplus-h5-proxy` is vulnerable to a directory traversal
issue, ...)
TODO: check
-CVE-2017-16036 (`badjs-sourcemap-server` recieves files sent by
`badjs-sourcemap`. ...)
+CVE-2017-16036 (`badjs-sourcemap-server` receives files sent by
`badjs-sourcemap`. ...)
TODO: check
CVE-2017-16035 (The hubl-server module is a wrapper for the HubL Development
Server. ...)
TODO: check
@@ -35571,7 +35708,7 @@ CVE-2016-10694 (alto-saxophone is a module to install
and launch Chromedriver fo
TODO: check
CVE-2016-10693 (pm2-kafka is a PM2 module that installs and runs a kafka
server ...)
TODO: check
-CVE-2016-10692 (haxeshim haxe shim to deal with cooexisting versions. haxeshim
...)
+CVE-2016-10692 (haxeshim haxe shim to deal with coexisting versions. haxeshim
...)
TODO: check
CVE-2016-10691 (windows-seleniumjar is a module that downloads the Selenium
Jar file ...)
TODO: check
@@ -35627,7 +35764,7 @@ CVE-2016-10666 (tomita-parser is a Node wrapper for
Yandex Tomita Parser tomita-
TODO: check
CVE-2016-10665 (herbivore is a packet sniffing and crafting library. Built on
libtins ...)
TODO: check
-CVE-2016-10664 (msystem is a Node.js wrapper for MyStem morphology text
analyzer by ...)
+CVE-2016-10664 (mystem is a Node.js wrapper for MyStem morphology text
analyzer by ...)
TODO: check
CVE-2016-10663 (wixtoolset is a Node module wrapper around the wixtoolset
binaries ...)
TODO: check
@@ -79918,8 +80055,8 @@ CVE-2017-1352 (IBM Maximo Asset Management 7.5 and 7.6
could allow an authentica
NOT-FOR-US: IBM
CVE-2017-1351
RESERVED
-CVE-2017-1350
- RESERVED
+CVE-2017-1350 (IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7
could ...)
+ TODO: check
CVE-2017-1349 (IBM Sterling B2B Integrator Standard Edition 5.2 stores
potentially ...)
NOT-FOR-US: IBM
CVE-2017-1348 (IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable
to ...)
@@ -82992,12 +83129,12 @@ CVE-2016-9492
RESERVED
CVE-2016-9491
RESERVED
-CVE-2016-9490
- RESERVED
+CVE-2016-9490 (ManageEngine Applications Manager versions 12 and 13 suffer
from a ...)
+ TODO: check
CVE-2016-9489
RESERVED
-CVE-2016-9488
- RESERVED
+CVE-2016-9488 (ManageEngine Applications Manager versions 12 and 13 suffer
from ...)
+ TODO: check
CVE-2016-9487
RESERVED
CVE-2016-9486
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5d5430507ec8178ec3a4ef16582c5196be6a1d80
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5d5430507ec8178ec3a4ef16582c5196be6a1d80
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
