Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a97047cd by security tracker role at 2018-06-13T20:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,13 +1,155 @@
-CVE-2018-12267
+CVE-2018-12339 (ArticleCMS through 2017-02-19 has XSS via an "add an
article" action. ...)
+ TODO: check
+CVE-2018-12338
+ RESERVED
+CVE-2018-12337
+ RESERVED
+CVE-2018-12336
+ RESERVED
+CVE-2018-12335
+ RESERVED
+CVE-2018-12334
+ RESERVED
+CVE-2018-12333
+ RESERVED
+CVE-2018-12332
+ RESERVED
+CVE-2018-12331
+ RESERVED
+CVE-2018-12330
+ RESERVED
+CVE-2018-12329
+ RESERVED
+CVE-2018-12328
+ RESERVED
+CVE-2018-12327
+ RESERVED
+CVE-2018-12326
+ RESERVED
+CVE-2018-12325
+ RESERVED
+CVE-2018-12324
+ RESERVED
+CVE-2018-12323 (An issue was discovered on Momentum Axel 720P 5.1.8 devices. A
password ...)
+ TODO: check
+CVE-2018-12322 (There is a heap out of bounds read in radare2 2.6.0 in
_6502_op() in ...)
+ TODO: check
+CVE-2018-12321 (There is a heap out of bounds read in radare2 2.6.0 in
java_switch_op() ...)
+ TODO: check
+CVE-2018-12320 (There is a use after free in radare2 2.6.0 in r_anal_bb_free()
in ...)
+ TODO: check
+CVE-2018-12319
+ RESERVED
+CVE-2018-12318
+ RESERVED
+CVE-2018-12317
+ RESERVED
+CVE-2018-12316
+ RESERVED
+CVE-2018-12315
+ RESERVED
+CVE-2018-12314
+ RESERVED
+CVE-2018-12313
+ RESERVED
+CVE-2018-12312
+ RESERVED
+CVE-2018-12311
+ RESERVED
+CVE-2018-12310
+ RESERVED
+CVE-2018-12309
+ RESERVED
+CVE-2018-12308
+ RESERVED
+CVE-2018-12307
+ RESERVED
+CVE-2018-12306
+ RESERVED
+CVE-2018-12305
+ RESERVED
+CVE-2018-12304
+ RESERVED
+CVE-2018-12303
+ RESERVED
+CVE-2018-12302
+ RESERVED
+CVE-2018-12301
+ RESERVED
+CVE-2018-12300
+ RESERVED
+CVE-2018-12299
+ RESERVED
+CVE-2018-12298
+ RESERVED
+CVE-2018-12297
+ RESERVED
+CVE-2018-12296
+ RESERVED
+CVE-2018-12295
+ RESERVED
+CVE-2018-12294
+ RESERVED
+CVE-2018-12293
+ RESERVED
+CVE-2018-12292 (A use-after-free vulnerability exists in ...)
+ TODO: check
+CVE-2018-12290 (The Yii2-StateMachine extension v2.x.x for Yii2 has XSS. ...)
+ TODO: check
+CVE-2018-12289
+ RESERVED
+CVE-2018-12288
+ RESERVED
+CVE-2018-12287
+ RESERVED
+CVE-2018-12286
+ RESERVED
+CVE-2018-12285
+ RESERVED
+CVE-2018-12284
+ RESERVED
+CVE-2018-12283
+ RESERVED
+CVE-2018-12282
+ RESERVED
+CVE-2018-12281
+ RESERVED
+CVE-2018-12280
+ RESERVED
+CVE-2018-12279
+ RESERVED
+CVE-2018-12278
RESERVED
-CVE-2018-12266
+CVE-2018-12277
RESERVED
-CVE-2018-12265
+CVE-2018-12276
RESERVED
-CVE-2018-12264
+CVE-2018-12275
RESERVED
-CVE-2018-12263
+CVE-2018-12274
RESERVED
+CVE-2018-12273 (The /edit URI in the DMS component in Ximdex 4.0 has XSS via
the Ciudad ...)
+ TODO: check
+CVE-2018-12272 (xowl/request.php in Ximdex 4.0 has XSS via the content
parameter. ...)
+ TODO: check
+CVE-2018-12271
+ RESERVED
+CVE-2018-12270
+ RESERVED
+CVE-2018-12269
+ RESERVED
+CVE-2018-12268 (acccheck.pl in acccheck 0.2.1 allows Command Injection via
shell ...)
+ TODO: check
+CVE-2018-12267
+ RESERVED
+CVE-2018-12266 (system\errors\404.php in HongCMS 3.0.0 has XSS via crafted
input that ...)
+ TODO: check
+CVE-2018-12265 (Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class
in ...)
+ TODO: check
+CVE-2018-12264 (Exiv2 0.26 has integer overflows in LoaderTiff::getData() in
...)
+ TODO: check
+CVE-2018-12263 (portfolioCMS 1.0.5 allows upload of arbitrary .php files via
the ...)
+ TODO: check
CVE-2018-12262
RESERVED
CVE-2018-12261 (An issue was discovered on Momentum Axel 720P 5.1.8 devices.
All ...)
@@ -382,7 +524,7 @@ CVE-2018-12090 (There is unauthenticated reflected
cross-site scripting (XSS) in
TODO: check
CVE-2018-12089 (In Octopus Deploy version 2018.5.1 to 2018.5.7, a user with
Task View ...)
NOT-FOR-US: Octopus Deploy
-CVE-2018-12291 [bug in the get_missing_events federation API where event
visibility rules were not applied correctly]
+CVE-2018-12291 (The on_get_missing_events function in handlers/federation.py
in Matrix ...)
- matrix-synapse 0.31.1+dfsg-1 (bug #901293)
NOTE: https://github.com/matrix-org/synapse/pull/3371
NOTE:
https://github.com/matrix-org/synapse/commit/0834b49c6a9b6c597a154d4b2dfcf8fff90699ec
@@ -1006,8 +1148,7 @@ CVE-2018-11808 (Incorrect Access Control in
CustomFieldsFeedServlet in Zoho ...)
NOT-FOR-US: Zoho ManageEngine Applications Manager
CVE-2018-11807
RESERVED
-CVE-2018-11806 [slirp: heap buffer overflow while reassembling fragmented
datagrams]
- RESERVED
+CVE-2018-11806 (m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow
via ...)
- qemu <unfixed> (bug #901017)
[stretch] - qemu <postponed> (Minor issue, wait until more severe
issues are around)
[jessie] - qemu <postponed> (Minor issue, wait until more severe issues
are around)
@@ -1359,8 +1500,8 @@ CVE-2018-11690
RESERVED
CVE-2018-11689
RESERVED
-CVE-2018-11688
- RESERVED
+CVE-2018-11688 (Ignite Realtime Openfire 3.7.1 is vulnerable to cross-site
scripting, ...)
+ TODO: check
CVE-2018-11687
RESERVED
CVE-2018-11686
@@ -2051,12 +2192,12 @@ CVE-2018-11410 (An issue was discovered in Liblouis
3.5.0. A invalid free in the
NOTE: https://github.com/liblouis/liblouis/issues/573
CVE-2018-11409 (Splunk through 7.0.1 allows information disclosure by
appending ...)
NOT-FOR-US: Splunk
-CVE-2018-11408
- RESERVED
-CVE-2018-11407
- RESERVED
-CVE-2018-11406
- RESERVED
+CVE-2018-11408 (The security handlers in the Security component in Symfony in
2.7.x ...)
+ TODO: check
+CVE-2018-11407 (An issue was discovered in the Ldap component in Symfony 2.8.x
before ...)
+ TODO: check
+CVE-2018-11406 (An issue was discovered in the Security component in Symfony
2.7.x ...)
+ TODO: check
CVE-2018-11405 (Kliqqi 2.0.2 has CSRF in admin/admin_users.php. ...)
NOT-FOR-US: Kliqqi
CVE-2018-11404 (DomainMod v4.09.03 has XSS via the
assets/edit/ssl-provider-account.php ...)
@@ -2097,10 +2238,10 @@ CVE-2018-11388
RESERVED
CVE-2018-11387
RESERVED
-CVE-2018-11386
- RESERVED
-CVE-2018-11385
- RESERVED
+CVE-2018-11386 (An issue was discovered in the HttpFoundation component in
Symfony ...)
+ TODO: check
+CVE-2018-11385 (An issue was discovered in the Security component in Symfony
2.7.x ...)
+ TODO: check
CVE-2018-11384 (The sh_op() function in radare2 2.5.0 allows remote attackers
to cause ...)
- radare2 <unfixed> (low)
[stretch] - radare2 <no-dsa> (Minor issue)
@@ -4703,8 +4844,8 @@ CVE-2018-10365 (An XSS issue was discovered in the
Threads to Link plugin 1.3 fo
NOT-FOR-US: Threads to Link plugin for MyBB
CVE-2018-10364 (BigTree before 4.2.22 has XSS in the Users management page via
the name ...)
NOT-FOR-US: BigTree CMS
-CVE-2018-10363
- RESERVED
+CVE-2018-10363 (An issue was discovered in the WpDevArt "Booking
calendar, Appointment ...)
+ TODO: check
CVE-2018-10360 (The do_core_note function in readelf.c in libmagic.a in file
5.33 ...)
- file 1:5.33-3 (bug #901351)
[stretch] - file <no-dsa> (Minor issue; will be fixed via pu)
@@ -11770,8 +11911,8 @@ CVE-2018-7561 (Stack-based Buffer Overflow in httpd on
Tenda AC9 devices ...)
NOT-FOR-US: Tenda AC9 devices
CVE-2018-7560 (index.js in the Anton Myshenin aws-lambda-multipart-parser NPM
package ...)
NOT-FOR-US: aws-lambda-multipart-parser NPM package
-CVE-2018-7559
- RESERVED
+CVE-2018-7559 (An issue was discovered in OPC UA .NET Standard Stack and
Sample Code ...)
+ TODO: check
CVE-2018-7558
RESERVED
CVE-2018-7557 (The decode_init function in libavcodec/utvideodec.c in FFmpeg
through ...)
@@ -13234,20 +13375,20 @@ CVE-2018-7169 (An issue was discovered in shadow 4.5.
newgidmap (in shadow-utils
NOTE: https://github.com/shadow-maint/shadow/pull/97
CVE-2018-7168
RESERVED
-CVE-2018-7167
- RESERVED
+CVE-2018-7167 (Calling Buffer.fill() or Buffer.alloc() with some parameters
can lead ...)
+ TODO: check
CVE-2018-7166
RESERVED
CVE-2018-7165
RESERVED
-CVE-2018-7164
- RESERVED
+CVE-2018-7164 (Node.js versions 9.7.0 and later and 10.x are vulnerable and
the ...)
+ TODO: check
CVE-2018-7163
RESERVED
-CVE-2018-7162
- RESERVED
-CVE-2018-7161
- RESERVED
+CVE-2018-7162 (All versions of Node.js 9.x and 10.x are vulnerable and the
severity ...)
+ TODO: check
+CVE-2018-7161 (All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and
the ...)
+ TODO: check
CVE-2018-7160 (The Node.js inspector, in 6.x and later is vulnerable to a DNS
...)
- nodejs <unfixed> (unimportant)
[stretch] - nodejs <not-affected> (Vulnerable code not present)
@@ -18443,12 +18584,12 @@ CVE-2018-5436
RESERVED
CVE-2018-5435
RESERVED
-CVE-2018-5434
- RESERVED
-CVE-2018-5433
- RESERVED
-CVE-2018-5432
- RESERVED
+CVE-2018-5434 (The TIBCO Designer component of TIBCO Software Inc.'s TIBCO
Runtime ...)
+ TODO: check
+CVE-2018-5433 (The TIBCO Administrator server component of TIBCO Software
Inc.'s ...)
+ TODO: check
+CVE-2018-5432 (The TIBCO Administrator server component of of TIBCO Software
Inc.'s ...)
+ TODO: check
CVE-2018-5431 (The domain designer component of TIBCO Software Inc.'s TIBCO
...)
- jasperreports <unfixed>
[wheezy] - jasperreports <end-of-life> (not supported in Wheezy)
@@ -19042,8 +19183,8 @@ CVE-2018-5245
RESERVED
CVE-2018-5243
RESERVED
-CVE-2018-5242
- RESERVED
+CVE-2018-5242 (Norton App Lock prior to version 1.3.0.329 can be susceptible
to a ...)
+ TODO: check
CVE-2018-5241 (Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG
6.5, ...)
NOT-FOR-US: Symantec
CVE-2018-5240
@@ -22764,8 +22905,8 @@ CVE-2018-3761
RESERVED
CVE-2018-3760
RESERVED
-CVE-2018-3759
- RESERVED
+CVE-2018-3759 (private_address_check ruby gem before 0.5.0 is vulnerable to a
...)
+ TODO: check
CVE-2018-3758 (Unrestricted file upload (RCE) in express-cart module before
1.1.7 ...)
NOT-FOR-US: express-cart
CVE-2018-3757 (Command injection exists in pdf-image v2.0.0 due to an
unescaped ...)
@@ -28741,8 +28882,8 @@ CVE-2018-1433 (IBM SAN Volume Controller, IBM Storwize,
IBM Spectrum Virtualize
NOT-FOR-US: IBM
CVE-2018-1432 (IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is
...)
NOT-FOR-US: IBM InfoSphere Information Server
-CVE-2018-1431
- RESERVED
+CVE-2018-1431 (A vulnerability in GSKit affects IBM Spectrum Scale 4.1.1,
4.2.0, ...)
+ TODO: check
CVE-2018-1430 (IBM API Connect 5.0.0.0 through 5.0.8.2 is vulnerable to
cross-site ...)
NOT-FOR-US: IBM API Connect
CVE-2018-1429 (IBM MQ Appliance 9.0.1, 9.0.2, 9.0.3, amd 9.0.4 is vulnerable
to ...)
@@ -28817,8 +28958,8 @@ CVE-2018-1395
RESERVED
CVE-2018-1394
RESERVED
-CVE-2018-1393
- RESERVED
+CVE-2018-1393 (IBM Financial Transaction Manager for ACH Services for
Multi-Platform ...)
+ TODO: check
CVE-2018-1392 (IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH
Services for ...)
NOT-FOR-US: IBM Financial Transaction Manager
CVE-2018-1391 (IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH
Services for ...)
@@ -30044,8 +30185,8 @@ CVE-2017-17445
RESERVED
CVE-2017-17444
RESERVED
-CVE-2017-17443
- RESERVED
+CVE-2017-17443 (OPC Foundation Local Discovery Server (LDS) 1.03.370 required
a ...)
+ TODO: check
CVE-2017-17442 (In BlackBerry UEM Management Console version 12.7.1 and
earlier, a ...)
NOT-FOR-US: BlackBerry
CVE-2017-17441
@@ -35119,8 +35260,8 @@ CVE-2017-16654
RESERVED
CVE-2017-16653
RESERVED
-CVE-2017-16652
- RESERVED
+CVE-2017-16652 (An issue was discovered in Symfony 2.7.x before 2.7.38, 2.8.x
before ...)
+ TODO: check
CVE-2017-16651 (Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x
before ...)
{DSA-4030-1 DLA-1193-1}
- roundcube 1.3.3+dfsg.1-1
@@ -37910,8 +38051,7 @@ CVE-2017-15697 (A malicious X-ProxyContextPath or
X-Forwarded-Context header ...
NOT-FOR-US: Apache NiFi
CVE-2017-15696 (When an Apache Geode cluster before v1.4.0 is operating in
secure ...)
NOT-FOR-US: Apache Geode
-CVE-2017-15695
- RESERVED
+CVE-2017-15695 (When an Apache Geode server versions 1.0.0 to 1.4.0 is
configured with ...)
NOT-FOR-US: Apache Geode
CVE-2017-15694
RESERVED
@@ -50030,8 +50170,8 @@ CVE-2017-11674 (Reporter.exe in Acunetix 8 allows
remote attackers to cause a de
NOT-FOR-US: Acunetix
CVE-2017-11673 (Reporter.exe in Acunetix 8 allows remote attackers to execute
arbitrary ...)
NOT-FOR-US: Acunetix
-CVE-2017-11672
- RESERVED
+CVE-2017-11672 (The OPC Foundation Local Discovery Server (LDS) before
1.03.367 is ...)
+ TODO: check
CVE-2017-11671 (Under certain circumstances, the ix86_expand_builtin function
in i386.c ...)
- gcc-6 6.3.0-12
- gcc-5 5.4.1-10
@@ -57540,7 +57680,7 @@ CVE-2017-9232 (Juju before 1.25.12, 2.0.x before 2.0.4,
and 2.1.x before 2.1.3 u
- juju <removed>
CVE-2017-9231 (XML external entity (XXE) vulnerability in Citrix XenMobile
Server 9.x ...)
NOT-FOR-US: Citrix
-CVE-2017-9230 (The Bitcoin Proof-of-Work algorithm does not consider a certain
attack ...)
+CVE-2017-9230 (** DISPUTED ** The Bitcoin Proof-of-Work algorithm does not
consider a ...)
NOT-FOR-US: Bitcoin Proof-of-Work algorithm
CVE-2017-9229 (An issue was discovered in Oniguruma 6.2.0, as used in
Oniguruma-mod in ...)
{DLA-958-1}
@@ -76422,7 +76562,7 @@ CVE-2017-3210
RESERVED
CVE-2017-3209
RESERVED
-CVE-2017-3208 (The Java implementation of AMF3 deserializers used by Flamingo
...)
+CVE-2017-3208 (The Java implementation of AMF3 deserializers used by WebORB
for Java ...)
TODO: check
CVE-2017-3207 (The Java implementations of AMF3 deserializers in WebORB for
Java by ...)
TODO: check
@@ -205253,8 +205393,8 @@ CVE-2011-4185 (The GetPrinterURLList2 method in the
ActiveX control in Novell iP
NOT-FOR-US: ActiveX
CVE-2011-4184
RESERVED
-CVE-2011-4183
- RESERVED
+CVE-2011-4183 (A vulnerability in open build service allows remote attackers
to ...)
+ TODO: check
CVE-2011-4182 (Missing escaping of ESSID values in sysconfig of SUSE Linux
Enterprise ...)
TODO: check
CVE-2011-4181 (A vulnerability in open build service allows remote attackers
to gain ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a97047cd0bf91e873aa46dbfa799ce3c3cad9843
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a97047cd0bf91e873aa46dbfa799ce3c3cad9843
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
