Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
34c79481 by security tracker role at 2018-06-06T08:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,26 +1,58 @@
+CVE-2018-11814
+ RESERVED
+CVE-2018-11813 (libjpeg 9c has a large loop because read_pixel in rdtarga.c
mishandles ...)
+ TODO: check
+CVE-2018-11812
+ RESERVED
+CVE-2018-11811
+ RESERVED
+CVE-2018-11810
+ RESERVED
+CVE-2018-11809
+ RESERVED
+CVE-2018-11808 (Incorrect Access Control in CustomFieldsFeedServlet in Zoho
...)
+ TODO: check
+CVE-2018-11807
+ RESERVED
+CVE-2018-11806
+ RESERVED
+CVE-2018-1000202 (A persisted cross-site scripting vulnerability exists in
Jenkins ...)
+ TODO: check
+CVE-2018-1000198 (A XML external entity processing vulnerability exists in
Jenkins Black ...)
+ TODO: check
+CVE-2018-1000197 (An improper authorization vulnerability exists in Jenkins
Black Duck ...)
+ TODO: check
+CVE-2018-1000196 (A exposure of sensitive information vulnerability exists in
Jenkins ...)
+ TODO: check
+CVE-2018-1000195 (A server-side request forgery vulnerability exists in
Jenkins 2.120 ...)
+ TODO: check
+CVE-2018-1000194 (A path traversal vulnerability exists in Jenkins 2.120 and
older, LTS ...)
+ TODO: check
+CVE-2018-1000193 (A improper neutralization of control sequences vulnerability
exists in ...)
+ TODO: check
CVE-2018-XXXX [Archive::Tar: directory traversal]
- perl <unfixed> (bug #900834)
-CVE-2018-1000192
+CVE-2018-1000192 (A information exposure vulnerability exists in Jenkins 2.120
and ...)
NOT-FOR-US: Jenkins plugin
-CVE-2018-1000191
+CVE-2018-1000191 (A exposure of sensitive information vulnerability exists in
Jenkins ...)
NOT-FOR-US: Jenkins plugin
-CVE-2018-1000190
+CVE-2018-1000190 (A exposure of sensitive information vulnerability exists in
Jenkins ...)
NOT-FOR-US: Jenkins plugin
-CVE-2018-1000189
+CVE-2018-1000189 (A command execution vulnerability exists in Jenkins Absint
Astree ...)
NOT-FOR-US: Jenkins plugin
-CVE-2018-1000188
+CVE-2018-1000188 (A server-side request forgery vulnerability exists in
Jenkins CAS ...)
NOT-FOR-US: Jenkins plugin
-CVE-2018-1000187
+CVE-2018-1000187 (A exposure of sensitive information vulnerability exists in
Jenkins ...)
NOT-FOR-US: Jenkins plugin
-CVE-2018-1000186
+CVE-2018-1000186 (A exposure of sensitive information vulnerability exists in
Jenkins ...)
NOT-FOR-US: Jenkins plugin
-CVE-2018-1000185
+CVE-2018-1000185 (A server-side request forgery vulnerability exists in
Jenkins GitHub ...)
NOT-FOR-US: Jenkins plugin
-CVE-2018-1000184
+CVE-2018-1000184 (A server-side request forgery vulnerability exists in
Jenkins GitHub ...)
NOT-FOR-US: Jenkins plugin
-CVE-2018-1000183
+CVE-2018-1000183 (A exposure of sensitive information vulnerability exists in
Jenkins ...)
NOT-FOR-US: Jenkins plugin
-CVE-2018-1000182
+CVE-2018-1000182 (A server-side request forgery vulnerability exists in
Jenkins Git ...)
NOT-FOR-US: Jenkins plugin
CVE-2018-11805
RESERVED
@@ -562,8 +594,8 @@ CVE-2018-11588
RESERVED
CVE-2018-11587
RESERVED
-CVE-2018-11586
- RESERVED
+CVE-2018-11586 (XML external entity (XXE) vulnerability in api/rest/status in
...)
+ TODO: check
CVE-2018-11585
RESERVED
CVE-2018-11584
@@ -632,8 +664,8 @@ CVE-2018-11555 (tificc in Little CMS 2.9 has an
out-of-bounds write in the ...)
NOT-FOR-US: Little CMS
CVE-2018-11554 (The forgotten-password feature in ...)
TODO: check
-CVE-2018-11553
- RESERVED
+CVE-2018-11553 (SGIN.CN xiangyun platform V9.4.10 has XSS via the login_url
parameter ...)
+ TODO: check
CVE-2018-11552 (There is a reflected XSS vulnerability in AXON PBX 2.02 via
the ...)
NOT-FOR-US: AXON PBX
CVE-2018-11551 (AXON PBX 2.02 contains a DLL hijacking vulnerability that
could allow ...)
@@ -3025,16 +3057,16 @@ CVE-2018-10603
RESERVED
CVE-2018-10602
RESERVED
-CVE-2018-10601
- RESERVED
+CVE-2018-10601 (IntelliVue Patient Monitors MP Series (including ...)
+ TODO: check
CVE-2018-10600
RESERVED
-CVE-2018-10599
- RESERVED
+CVE-2018-10599 (IntelliVue Patient Monitors MP Series (including ...)
+ TODO: check
CVE-2018-10598
RESERVED
-CVE-2018-10597
- RESERVED
+CVE-2018-10597 (IntelliVue Patient Monitors MP Series (including ...)
+ TODO: check
CVE-2018-10596
RESERVED
CVE-2018-10595 (A vulnerability in ReadA version 1.1.0.2 and previous allows
an ...)
@@ -4432,13 +4464,11 @@ CVE-2018-10059 (Cacti before 1.1.37 has XSS because the
get_current_page functio
[wheezy] - cacti <not-affected> (Issue introduced later)
NOTE: https://github.com/Cacti/cacti/issues/1457
NOTE: get_current_page was added in the 1.x series
-CVE-2018-10058
- RESERVED
+CVE-2018-10058 (The remote management interface of cgminer 4.10.0 and bfgminer
5.5.0 ...)
- cgminer <unfixed>
- bfgminer <unfixed>
NOTE: http://www.openwall.com/lists/oss-security/2018/06/03/1
-CVE-2018-10057
- RESERVED
+CVE-2018-10057 (The remote management interface of cgminer 4.10.0 and bfgminer
5.5.0 ...)
- cgminer <unfixed>
- bfgminer <unfixed>
NOTE: http://www.openwall.com/lists/oss-security/2018/06/03/1
@@ -9689,8 +9719,8 @@ CVE-2018-7886 (An issue was discovered in CloudMe 1.11.0.
An unauthenticated loc
NOT-FOR-US: CloudMe
CVE-2018-7885
RESERVED
-CVE-2018-7884
- RESERVED
+CVE-2018-7884 (An issue was discovered in DisplayLink Core Software Cleaner
...)
+ TODO: check
CVE-2018-7883
RESERVED
CVE-2018-7882
@@ -21931,8 +21961,8 @@ CVE-2018-3693
RESERVED
CVE-2018-3692
RESERVED
-CVE-2018-3691
- RESERVED
+CVE-2018-3691 (Some implementations in Intel Integrated Performance Primitives
...)
+ TODO: check
CVE-2018-3690
RESERVED
CVE-2018-3689 (AESM daemon in Intel Software Guard Extensions Platform
Software ...)
@@ -22089,7 +22119,8 @@ CVE-2018-3619
RESERVED
CVE-2018-3618
RESERVED
-CVE-2018-3617 (Some implementations in Intel Integrated Performance Primitives
...)
+CVE-2018-3617
+ REJECTED
NOT-FOR-US: Intel
CVE-2018-3616
RESERVED
@@ -61442,10 +61473,10 @@ CVE-2017-7656
RESERVED
CVE-2017-7655
RESERVED
-CVE-2017-7654
- RESERVED
-CVE-2017-7653
- RESERVED
+CVE-2017-7654 (In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak
vulnerability ...)
+ TODO: check
+CVE-2017-7653 (The Eclipse Mosquitto broker up to version 1.4.15 does not
reject ...)
+ TODO: check
CVE-2017-7652 (In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set
running ...)
{DLA-1334-1}
- mosquitto 1.4.15-1
@@ -61483,16 +61514,16 @@ CVE-2017-7641 (QNAP NAS application Media Streaming
add-on version 421.1.0.2, ..
NOT-FOR-US: QNAP NAS application Media Streaming add-on
CVE-2017-7640 (QNAP NAS application Media Streaming add-on version 421.1.0.2,
...)
NOT-FOR-US: QNAP NAS application Media Streaming add-on
-CVE-2017-7639
- RESERVED
+CVE-2017-7639 (QNAP NAS application Proxy Server through version 1.2.0 does
not ...)
+ TODO: check
CVE-2017-7638 (QNAP NAS application Media Streaming add-on version 421.1.0.2,
...)
NOT-FOR-US: QNAP NAS application Media Streaming add-on
-CVE-2017-7637
- RESERVED
-CVE-2017-7636
- RESERVED
-CVE-2017-7635
- RESERVED
+CVE-2017-7637 (QNAP NAS application Proxy Server through version 1.2.0 allows
remote ...)
+ TODO: check
+CVE-2017-7636 (Cross-site scripting (XSS) vulnerability in QNAP NAS
application Proxy ...)
+ TODO: check
+CVE-2017-7635 (QNAP NAS application Proxy Server through version 1.2.0 does
not ...)
+ TODO: check
CVE-2017-7634 (Cross-site scripting (XSS) vulnerability in QNAP NAS
application Media ...)
NOT-FOR-US: QNAP NAS application Media Streaming add-on
CVE-2017-7633 (QNAP Qfinder Pro 6.1.0.0317 and earlier may expose sensitive
...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/34c7948107e6269d79f50247dcd1bb21c81974ea
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/34c7948107e6269d79f50247dcd1bb21c81974ea
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
