[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Thu, 14 Jun 2018 01:11:06 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
223a3416 by security tracker role at 2018-06-14T08:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,39 @@
+CVE-2018-12357
+       RESERVED
+CVE-2018-12356
+       RESERVED
+CVE-2018-12355 (Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name or 
description ...)
+       TODO: check
+CVE-2018-12354 (Knowage (formerly SpagoBI) 6.1.1 allows CSRF via every form, 
as ...)
+       TODO: check
+CVE-2018-12353 (Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name field 
to the ...)
+       TODO: check
+CVE-2018-12352
+       RESERVED
+CVE-2018-12351
+       RESERVED
+CVE-2018-12350
+       RESERVED
+CVE-2018-12349
+       RESERVED
+CVE-2018-12348
+       RESERVED
+CVE-2018-12347
+       RESERVED
+CVE-2018-12346
+       RESERVED
+CVE-2018-12345
+       RESERVED
+CVE-2018-12344
+       RESERVED
+CVE-2018-12343
+       RESERVED
+CVE-2018-12342
+       RESERVED
+CVE-2018-12341
+       RESERVED
+CVE-2018-12340
+       RESERVED
 CVE-2018-12339 (ArticleCMS through 2017-02-19 has XSS via an &quot;add an 
article&quot; action. ...)
        NOT-FOR-US: ArticleCMS
 CVE-2018-12338
@@ -144,8 +180,8 @@ CVE-2018-12273 (The /edit URI in the DMS component in 
Ximdex 4.0 has XSS via the
        NOT-FOR-US: Ximdex
 CVE-2018-12272 (xowl/request.php in Ximdex 4.0 has XSS via the content 
parameter. ...)
        NOT-FOR-US: Ximdex
-CVE-2018-12271
-       RESERVED
+CVE-2018-12271 (** DISPUTED ** An issue was discovered in the 
com.getdropbox.Dropbox ...)
+       TODO: check
 CVE-2018-12270
        RESERVED
 CVE-2018-12269
@@ -655,8 +691,7 @@ CVE-2018-12042 (Roxy Fileman through v1.4.5 has Directory 
traversal via the ...)
        NOT-FOR-US: Roxy Fileman
 CVE-2018-12041 (An issue was discovered on the MediaTek AWUS036NH wireless USB 
adapter ...)
        NOT-FOR-US: MediaTek
-CVE-2018-12040 [Reflected cross-site scripting vulnerability]
-       RESERVED
+CVE-2018-12040 (** DISPUTED ** Reflected Cross-site scripting (XSS) 
vulnerability in ...)
        - symfony <unfixed>
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1590702
 CVE-2018-12039 (joyplus-cms 1.6.0 allows Remote Code Execution because of an 
Arbitrary ...)
@@ -710,8 +745,7 @@ CVE-2018-12020 (mainproc.c in GnuPG before 2.2.8 mishandles 
the original filenam
        NOTE: 
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=2326851c60793653069494379b16d84e4c10a0ac
 (STABLE-BRANCH-1-4)
        NOTE: http://www.openwall.com/lists/oss-security/2018/06/13/10
        NOTE: https://neopg.io/blog/gpg-signature-spoof/
-CVE-2018-12019
-       RESERVED
+CVE-2018-12019 (The signature verification routine in Enigmail before 2.0.7 
interprets ...)
        - enigmail 2:2.0.7-1
        NOTE: http://www.openwall.com/lists/oss-security/2018/06/13/10
        NOTE: https://neopg.io/blog/enigmail-signature-spoof/
@@ -3616,8 +3650,7 @@ CVE-2018-10852
        RESERVED
 CVE-2018-10851
        RESERVED
-CVE-2018-10850 [race condition on reference counter leads to DoS using 
persistent search]
-       RESERVED
+CVE-2018-10850 (389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to 
a race ...)
        - 389-ds-base <undetermined>
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1588056
 CVE-2018-10849
@@ -4731,18 +4764,18 @@ CVE-2018-10410
        RESERVED
 CVE-2018-10409
        RESERVED
-CVE-2018-10408
-       RESERVED
-CVE-2018-10407
-       RESERVED
-CVE-2018-10406
-       RESERVED
-CVE-2018-10405
-       RESERVED
-CVE-2018-10404
-       RESERVED
-CVE-2018-10403
-       RESERVED
+CVE-2018-10408 (An issue was discovered in VirusTotal. A maliciously crafted 
...)
+       TODO: check
+CVE-2018-10407 (An issue was discovered in Carbon Black Cb Response. A 
maliciously ...)
+       TODO: check
+CVE-2018-10406 (An issue was discovered in Yelp OSXCollector. A maliciously 
crafted ...)
+       TODO: check
+CVE-2018-10405 (An issue was discovered in Google Santa and 
molcodesignchecker. A ...)
+       TODO: check
+CVE-2018-10404 (An issue was discovered in Objective-See KnockKnock, LuLu, ...)
+       TODO: check
+CVE-2018-10403 (An issue was discovered in F-Secure XFENCE and Little Flocker. 
A ...)
+       TODO: check
 CVE-2018-10402
        RESERVED
 CVE-2018-10401
@@ -14367,7 +14400,7 @@ CVE-2018-6796 (PHP Scripts Mall Multilanguage Real 
Estate MLM Script 3.0 has Sto
        NOT-FOR-US: PHP Scripts Mall Multilanguage Real Estate MLM Script
 CVE-2018-6795 (PHP Scripts Mall Naukri Clone Script 3.0.3 has Stored XSS via 
every ...)
        NOT-FOR-US: PHP Scripts Mall Naukri Clone Script
-CVE-2018-6794 (Suricata before 4.1 is prone to an HTTP detection bypass 
vulnerability ...)
+CVE-2018-6794 (Suricata before 4.0.4 is prone to an HTTP detection bypass ...)
        - suricata 1:4.0.4-1 (bug #889842)
        [stretch] - suricata <no-dsa> (Minor issue)
        [jessie] - suricata <no-dsa> (Minor issue)
@@ -18509,8 +18542,8 @@ CVE-2018-5490
        RESERVED
 CVE-2018-5489
        RESERVED
-CVE-2018-5488
-       RESERVED
+CVE-2018-5488 (NetApp SANtricity Web Services Proxy versions 1.10.x000.0002 
through ...)
+       TODO: check
 CVE-2018-5487 (NetApp OnCommand Unified Manager for Linux versions 7.2 through 
7.3 ...)
        NOT-FOR-US: NetApp OnCommand Unified Manager for Linux
 CVE-2018-5486 (NetApp OnCommand Unified Manager for Linux versions 7.2 though 
7.3 ...)
@@ -30575,8 +30608,7 @@ CVE-2018-1122 (procps-ng before version 3.3.15 is 
vulnerable to a local privileg
        NOTE: 
https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
        NOTE: Patch: 0097-top-Do-not-default-to-the-cwd-in-configs_read.patch
        NOTE: 
https://gitlab.com/procps-ng/procps/commit/b45c4803dd176f4e3f9d3d47421ddec9bbbe66cd
-CVE-2018-1121 [Unprivileged process hiding]
-       RESERVED
+CVE-2018-1121 (procps-ng, procps is vulnerable to a process hiding through 
race ...)
        - linux <unfixed> (unimportant)
        NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
        NOTE: 
https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
@@ -32926,8 +32958,7 @@ CVE-2018-0496 (Directory traversal issues in the D-Mod 
extractor in DFArc and DF
        [jessie] - freedink-dfarc <no-dsa> (Minor issue)
        NOTE: https://savannah.gnu.org/forum/forum.php?forum_id=9169
        NOTE: 
https://git.savannah.gnu.org/cgit/freedink/dfarc.git/commit/?id=40cc957f52e772f45125126439ba9333cf2d2998
-CVE-2018-0495 [ecc: Add blinding for ECDSA]
-       RESERVED
+CVE-2018-0495 (Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a 
memory-cache ...)
        - libgcrypt20 1.8.3-1
        NOTE: https://dev.gnupg.org/T4011
        NOTE: 
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965
@@ -37972,6 +38003,7 @@ CVE-2017-15738 (IrfanView 4.50 - 64bit with CADImage 
plugin version 12.0.0.5 all
 CVE-2017-15737 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 
allows ...)
        NOT-FOR-US: IrfanView
 CVE-2017-15736 (Cross-site scripting (XSS) vulnerability (stored) in SPIP 
before 3.1.7 ...)
+       {DSA-4228-1}
        - spip 3.1.4-4 (bug #879954)
        [wheezy] - spip <not-affected> (vulnerable code not present)
        NOTE: https://core.spip.net/projects/spip/repository/revisions/23701
@@ -73975,8 +74007,8 @@ CVE-2017-3970
        RESERVED
 CVE-2017-3969 (Abuse of communication channels vulnerability in the server in 
McAfee ...)
        NOT-FOR-US: McAfee
-CVE-2017-3968
-       RESERVED
+CVE-2017-3968 (Session fixation vulnerability in the web interface in McAfee 
Network ...)
+       TODO: check
 CVE-2017-3967 (Target influence via framing vulnerability in the web interface 
in ...)
        NOT-FOR-US: McAfee
 CVE-2017-3966 (Exploitation of session variables, resource IDs and other 
trusted ...)
@@ -74039,8 +74071,8 @@ CVE-2017-3938
        REJECTED
 CVE-2017-3937
        RESERVED
-CVE-2017-3936
-       RESERVED
+CVE-2017-3936 (OS Command Injection vulnerability in McAfee ePolicy 
Orchestrator ...)
+       TODO: check
 CVE-2017-3935 (Network Data Loss Prevention is vulnerable to MIME type 
sniffing which ...)
        NOT-FOR-US: McAfee Network Data Loss Prevention
 CVE-2017-3934 (Missing HTTP Strict Transport Security state information 
vulnerability ...)
@@ -74097,8 +74129,8 @@ CVE-2017-3909
        RESERVED
 CVE-2017-3908
        RESERVED
-CVE-2017-3907
-       RESERVED
+CVE-2017-3907 (Code Injection vulnerability in the ePolicy Orchestrator (ePO) 
...)
+       TODO: check
 CVE-2017-3906
        RESERVED
 CVE-2017-3905



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/223a3416e7d29931e57b5d31851007ebb3b20414

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/223a3416e7d29931e57b5d31851007ebb3b20414
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to