Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6a7b9185 by security tracker role at 2018-06-08T08:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,21 @@
+CVE-2018-12049 (A remote attacker can bypass the System Manager Mode on the
Canon ...)
+ TODO: check
+CVE-2018-12048 (A remote attacker can bypass the Management Mode on the Canon
LBP7110Cw ...)
+ TODO: check
+CVE-2018-12047 (xfind/search in Ximdex 4.0 has XSS via the filter[n][value]
parameters ...)
+ TODO: check
+CVE-2018-12046 (DedeCMS through 5.7SP2 allows arbitrary file write in ...)
+ TODO: check
+CVE-2018-12045 (DedeCMS through V5.7SP2 allows arbitrary file upload in ...)
+ TODO: check
+CVE-2018-12044
+ RESERVED
+CVE-2018-12043 (content/content.blueprintspages.php in Symphony 2.7.6 has XSS
via the ...)
+ TODO: check
+CVE-2018-12042 (Roxy Fileman through v1.4.5 has Directory traversal via the
...)
+ TODO: check
+CVE-2018-12041 (An issue was discovered on the MediaTek AWUS036NH wireless USB
adapter ...)
+ TODO: check
CVE-2018-12040
RESERVED
CVE-2018-12039 (joyplus-cms 1.6.0 allows Remote Code Execution because of an
Arbitrary ...)
@@ -2055,10 +2073,10 @@ CVE-2018-11231 (In the Divido plugin for OpenCart,
there is SQL injection. Attac
NOT-FOR-US: OpenCart plugin
CVE-2018-11230 (jbig2_add_page in jbig2enc.cc in libjbig2enc.a in jbig2enc
0.29 allows ...)
NOT-FOR-US: jbig2enc
-CVE-2018-11229
- RESERVED
-CVE-2018-11228
- RESERVED
+CVE-2018-11229 (Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC,
and ...)
+ TODO: check
+CVE-2018-11228 (Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC,
and ...)
+ TODO: check
CVE-2018-11227
RESERVED
CVE-2018-11226 (The getString function in decompile.c in libming through 0.4.8
...)
@@ -3506,8 +3524,8 @@ CVE-2018-10621
RESERVED
CVE-2018-10620
RESERVED
-CVE-2018-10619
- RESERVED
+CVE-2018-10619 (An unquoted search path or element in RSLinx Classic Versions
3.90.01 ...)
+ TODO: check
CVE-2018-10618
RESERVED
CVE-2018-10617
@@ -6900,8 +6918,7 @@ CVE-2018-9248 (FiberHome VDSL2 Modem HG 150-UB devices
allow authentication bypa
NOT-FOR-US: FiberHome VDSL2 Modem HG 150-UB devices
CVE-2018-9247 (The upsql function in
\Lib\Lib\Action\Admin\DataAction.class.php in ...)
NOT-FOR-US: Gxlcms QY
-CVE-2018-9246 [insufficient sanitizes or escapes variable values used as part
of shell command execution]
- RESERVED
+CVE-2018-9246 (The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as
used in ...)
- libpgobject-util-dbadmin-perl 0.130.1-1 (bug #900942)
NOTE:
https://github.com/ledgersmb/PGObject-Util-DBAdmin/commit/2c25c3dbc8b832a657247d3ea63ae80f3c5df6b1
NOTE:
https://github.com/ledgersmb/PGObject-Util-DBAdmin/commit/f4e684008ca9e182833a70793ae91288d2c80218
@@ -7042,8 +7059,8 @@ CVE-2018-9184
RESERVED
CVE-2018-9183 (The Joom Sky JS Jobs extension before 1.2.1 for Joomla! has
XSS. ...)
NOT-FOR-US: Joomla addon
-CVE-2018-9182
- RESERVED
+CVE-2018-9182 (Twonky Server before 8.5.1 has XSS via a modified
"language" parameter ...)
+ TODO: check
CVE-2018-9181
RESERVED
CVE-2018-9180
@@ -7052,8 +7069,8 @@ CVE-2018-9179
RESERVED
CVE-2018-9178
RESERVED
-CVE-2018-9177
- RESERVED
+CVE-2018-9177 (Twonky Server before 8.5.1 has XSS via a folder name on the
Shared ...)
+ TODO: check
CVE-2018-9176
RESERVED
CVE-2018-9175 (DedeCMS 5.7 allows remote attackers to execute arbitrary PHP
code via ...)
@@ -22292,8 +22309,8 @@ CVE-2018-3760
RESERVED
CVE-2018-3759
RESERVED
-CVE-2018-3758
- RESERVED
+CVE-2018-3758 (Unrestricted file upload (RCE) in express-cart module before
1.1.7 ...)
+ TODO: check
CVE-2018-3757 (Command injection exists in pdf-image v2.0.0 due to an
unescaped ...)
NOT-FOR-US: node pdf-image
CVE-2018-3756 (Hyperledger Iroha versions v1.0_beta and v1.0.0_beta-1 are
vulnerable ...)
@@ -32681,18 +32698,18 @@ CVE-2018-0359
RESERVED
CVE-2018-0358
RESERVED
-CVE-2018-0357
- RESERVED
-CVE-2018-0356
- RESERVED
-CVE-2018-0355
- RESERVED
-CVE-2018-0354
- RESERVED
+CVE-2018-0357 (A vulnerability in the web framework of Cisco WebEx could allow
an ...)
+ TODO: check
+CVE-2018-0356 (A vulnerability in the web framework of Cisco WebEx could allow
an ...)
+ TODO: check
+CVE-2018-0355 (A vulnerability in the web UI of Cisco Unified Communications
Manager ...)
+ TODO: check
+CVE-2018-0354 (A vulnerability in the web framework of Cisco Unity Connection
could ...)
+ TODO: check
CVE-2018-0353 (A vulnerability in traffic-monitoring functions in Cisco Web
Security ...)
TODO: check
-CVE-2018-0352
- RESERVED
+CVE-2018-0352 (A vulnerability in the Disk Check Tool (disk-check.sh) for
Cisco Wide ...)
+ TODO: check
CVE-2018-0351
RESERVED
CVE-2018-0350
@@ -32715,30 +32732,30 @@ CVE-2018-0342
RESERVED
CVE-2018-0341
RESERVED
-CVE-2018-0340
- RESERVED
-CVE-2018-0339
- RESERVED
-CVE-2018-0338
- RESERVED
+CVE-2018-0340 (A vulnerability in the web framework of the Cisco Unified ...)
+ TODO: check
+CVE-2018-0339 (A vulnerability in the web-based management interface of Cisco
Identity ...)
+ TODO: check
+CVE-2018-0338 (A vulnerability in the role-based access-checking mechanisms of
Cisco ...)
+ TODO: check
CVE-2018-0337
RESERVED
-CVE-2018-0336
- RESERVED
-CVE-2018-0335
- RESERVED
-CVE-2018-0334
- RESERVED
-CVE-2018-0333
- RESERVED
-CVE-2018-0332
- RESERVED
+CVE-2018-0336 (A vulnerability in the batch provisioning feature of Cisco
Prime ...)
+ TODO: check
+CVE-2018-0335 (A vulnerability in the web portal authentication process of
Cisco Prime ...)
+ TODO: check
+CVE-2018-0334 (A vulnerability in the certificate management subsystem of
Cisco ...)
+ TODO: check
+CVE-2018-0333 (A vulnerability in the VPN configuration management of Cisco
FireSIGHT ...)
+ TODO: check
+CVE-2018-0332 (A vulnerability in the Session Initiation Protocol (SIP)
ingress packet ...)
+ TODO: check
CVE-2018-0331
RESERVED
CVE-2018-0330
RESERVED
-CVE-2018-0329
- RESERVED
+CVE-2018-0329 (A vulnerability in the default configuration of the Simple
Network ...)
+ TODO: check
CVE-2018-0328 (A vulnerability in the web framework of Cisco Unified
Communications ...)
NOT-FOR-US: Cisco
CVE-2018-0327 (A vulnerability in the web framework of Cisco Identity Services
Engine ...)
@@ -33107,8 +33124,8 @@ CVE-2018-0151 (A vulnerability in the quality of
service (QoS) subsystem of Cisc
NOT-FOR-US: Cisco
CVE-2018-0150 (A vulnerability in Cisco IOS XE Software could allow an ...)
NOT-FOR-US: Cisco
-CVE-2018-0149
- RESERVED
+CVE-2018-0149 (A vulnerability in the web-based management interface of Cisco
...)
+ TODO: check
CVE-2018-0148 (A vulnerability in the web-based management interface of Cisco
UCS ...)
NOT-FOR-US: Cisco
CVE-2018-0147 (A vulnerability in Java deserialization used by Cisco Secure
Access ...)
@@ -216138,8 +216155,8 @@ CVE-2011-0469 (Code injection in openSUSE when
running some source services used
NOTE: Secondary fix:
https://github.com/openSUSE/open-build-service/commit/23c8d21c75242999e29379e6ca8418a14c8725c6
CVE-2011-0468 (The aaa_base package before 11.3-8.9.1 in SUSE openSUSE 11.3,
and ...)
NOT-FOR-US: OpenSUSE aaa_base package
-CVE-2011-0467
- RESERVED
+CVE-2011-0467 (A vulnerability in the listing of available software of SUSE
SUSE ...)
+ TODO: check
CVE-2011-0466 (The API in SUSE openSUSE Build Service (OBS) 2.0.x before 2.0.8
and ...)
NOT-FOR-US: openSUSE Build Service
CVE-2011-0465 (xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows
remote ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6a7b918503038547a4d3e6301086e87e0fa2c21c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6a7b918503038547a4d3e6301086e87e0fa2c21c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
