[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Fri, 15 Jun 2018 01:10:32 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
6a0d9f6d by security tracker role at 2018-06-15T08:10:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,7 +1,43 @@
+CVE-2018-12440 (BoringSSL through 2018-06-14 allows a memory-cache 
side-channel attack ...)
+       TODO: check
+CVE-2018-12439 (MatrixSSL through 3.9.5 Open allows a memory-cache 
side-channel attack ...)
+       TODO: check
+CVE-2018-12438 (The Elliptic Curve Cryptography library (aka sunec or 
libsunec) allows ...)
+       TODO: check
+CVE-2018-12437 (LibTomCrypt through 1.18.1 allows a memory-cache side-channel 
attack on ...)
+       TODO: check
+CVE-2018-12436 (wolfcrypt/src/ecc.c in wolfSSL before 3.15.1.patch allows a 
...)
+       TODO: check
+CVE-2018-12435 (Botan through 2.6.0 allows a memory-cache side-channel attack 
on ECDSA ...)
+       TODO: check
+CVE-2018-12434 (LibreSSL before 2.6.5 and 2.7.x before 2.7.4 allows a 
memory-cache ...)
+       TODO: check
+CVE-2018-12433 (** DISPUTED ** cryptlib through 3.4.4 allows a memory-cache 
...)
+       TODO: check
+CVE-2018-12432 (JavaMelody through 1.60.0 has XSS via the counter parameter in 
a ...)
+       TODO: check
+CVE-2018-12431 (SeaCMS V6.61 has XSS via the site name parameter on an ...)
+       TODO: check
+CVE-2018-12430
+       RESERVED
+CVE-2018-12429
+       RESERVED
+CVE-2018-12428
+       RESERVED
+CVE-2018-12427
+       RESERVED
+CVE-2018-12426
+       RESERVED
+CVE-2018-12425
+       RESERVED
+CVE-2018-12424
+       RESERVED
+CVE-2018-12422
+       RESERVED
 CVE-2018-12421 (LTB (aka LDAP Tool Box) Self Service Password before 1.3 
allows a ...)
        NOT-FOR-US: LTB Self Service Password
-CVE-2018-12420
-       RESERVED
+CVE-2018-12420 (IceHrm before 23.0.1.OS has a risky usage of a hashed password 
in a ...)
+       TODO: check
 CVE-2018-12419
        RESERVED
 CVE-2018-12418 (Archive.java in Junrar before 1.0.1, as used in Apache Tika 
and other ...)
@@ -126,13 +162,12 @@ CVE-2018-12359
        RESERVED
 CVE-2018-12358
        RESERVED
-CVE-2018-12423 [unauthorised users can hijack rooms when there is no 
m.room.power_levels event in force]
+CVE-2018-12423 (In Synapse before 0.31.2, unauthorised users can hijack rooms 
when ...)
        - matrix-synapse 0.31.2+dfsg-1 (bug #901549)
        NOTE: https://github.com/matrix-org/synapse/pull/3397
 CVE-2018-12357
        RESERVED
-CVE-2018-12356
-       RESERVED
+CVE-2018-12356 (An issue was discovered in password-store.sh in pass in Simple 
Password ...)
        - password-store 1.7.2-1 (bug #901574)
        [stretch] - password-store <not-affected> (Signature verification 
support added in 1.7)
        [jessie] - password-store <not-affected> (Signature verification 
support added in 1.7)
@@ -1692,10 +1727,10 @@ CVE-2018-11692 (An issue was discovered on Canon 
LBP6650, LBP3370, LBP3460, and 
        NOT-FOR-US: Canon devices
 CVE-2018-11691
        RESERVED
-CVE-2018-11690
-       RESERVED
-CVE-2018-11689
-       RESERVED
+CVE-2018-11690 (The Balbooa Gridbox extension version 2.4.0 and previous 
versions for ...)
+       TODO: check
+CVE-2018-11689 (Smart Viewer in Samsung Web Viewer for Samsung DVR is 
vulnerable to ...)
+       TODO: check
 CVE-2018-11688 (Ignite Realtime Openfire 3.7.1 is vulnerable to cross-site 
scripting, ...)
        TODO: check
 CVE-2018-11687
@@ -1969,8 +2004,7 @@ CVE-2018-11576 (ngiflib.c in MiniUPnP ngiflib 0.4 has a 
heap-based buffer over-r
        NOT-FOR-US: ngiflib
 CVE-2018-11575 (ngiflib.c in MiniUPnP ngiflib 0.4 has a stack-based buffer 
overflow in ...)
        NOT-FOR-US: ngiflib
-CVE-2018-11574 [Buffer Overflow in pppd EAP-TLS implementation]
-       RESERVED
+CVE-2018-11574 (Improper input validation together with an integer overflow in 
the ...)
        - ppp 2.4.7-2+3
        [stretch] - ppp <not-affected> (Vulnerable code introduced later)
        [jessie] - ppp <not-affected> (Vulnerable code introduced later)
@@ -8867,8 +8901,8 @@ CVE-2018-8821 (windrvr1260.sys in Jungo DriverWizard 
WinDriver 12.6.0 allows att
        NOT-FOR-US: windrvr1260.sys in Jungo DriverWizard WinDriver
 CVE-2018-8820 (An issue was discovered in Square 9 GlobalForms 6.2.x. A Time 
Based ...)
        NOT-FOR-US: Square 9
-CVE-2018-8819
-       RESERVED
+CVE-2018-8819 (An XXE issue was discovered in Automated Logic Corporation 
(ALC) ...)
+       TODO: check
 CVE-2018-8818
        RESERVED
 CVE-2018-8817 (Wampserver before 3.1.3 has CSRF in add_vhost.php. ...)
@@ -15485,8 +15519,8 @@ CVE-2018-6518 (Composr CMS 10.0.13 has XSS via the 
site_name parameter in a ...)
        NOT-FOR-US: Composr CMS
 CVE-2018-6517
        RESERVED
-CVE-2018-6516
-       RESERVED
+CVE-2018-6516 (On Windows only, with a specifically crafted configuration file 
an ...)
+       TODO: check
 CVE-2018-6515 (Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior 
to ...)
        - puppet <not-affected> (Specific issue Windows only)
        NOTE: https://puppet.com/security/cve/CVE-2018-6515
@@ -49419,8 +49453,8 @@ CVE-2017-12072 (Cross-site scripting (XSS) 
vulnerability in PixlrEditorHandler.p
        NOT-FOR-US: Synology
 CVE-2017-12071 (Server-side request forgery (SSRF) vulnerability in 
file_upload.php in ...)
        NOT-FOR-US: Synology
-CVE-2017-12070
-       RESERVED
+CVE-2017-12070 (Unsigned versions of the DLLs distributed by the OPC 
Foundation may be ...)
+       TODO: check
 CVE-2017-12069 (An XXE vulnerability has been identified in OPC Foundation UA 
.NET ...)
        NOT-FOR-US: OPC Foundation UA .NET Sampe code and Local Discovery 
Server affecting various vendors
 CVE-2017-12068 (The Event List plugin 0.7.9 for WordPress has XSS in the slug 
array ...)
@@ -92042,7 +92076,7 @@ CVE-2016-7167 (Multiple integer overflows in the (1) 
curl_escape, (2) ...)
        NOTE: Upstream patch: https://curl.haxx.se/CVE-2016-7167.patch
        NOTE: Affected versions: libcurl 7.11.1 to and including 7.50.2
        NOTE: Not affected versions: libcurl < 7.11.1 and libcurl >= 7.50.3
-CVE-2016-7165 (A vulnerability has been identified in Primary Setup Tool 
(PST), ...)
+CVE-2016-7165 (A vulnerability has been identified in Primary Setup Tool (PST) 
(All ...)
        NOT-FOR-US: Microsoft
 CVE-2016-7162 (The _g_file_remove_directory function in file-utils.c in File 
Roller ...)
        - file-roller 3.20.3-1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6a0d9f6d28488473225b4cf0ebd4fd14f888920a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6a0d9f6d28488473225b4cf0ebd4fd14f888920a
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to