[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Sat, 16 Jun 2018 01:10:33 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b59baec4 by security tracker role at 2018-06-16T08:10:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -3210,12 +3210,12 @@ CVE-2018-11224 (An issue was discovered in Libav 12.3. 
A read access violation i
        - libav <undetermined>
        NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1129
        TODO: check
-CVE-2018-11223
-       RESERVED
-CVE-2018-11222
-       RESERVED
-CVE-2018-11221
-       RESERVED
+CVE-2018-11223 (XSS in Artica Pandora FMS before 7.0 NG 723 allows an attacker 
to ...)
+       TODO: check
+CVE-2018-11222 (Local File Inclusion (LFI) in Artica Pandora FMS through 
version 7.23 ...)
+       TODO: check
+CVE-2018-11221 (Unauthenticated untrusted file upload in Artica Pandora FMS 
through ...)
+       TODO: check
 CVE-2018-11220 (Bitmain Antminer D3, L3+, and S9 devices allow Remote Command 
...)
        NOT-FOR-US: Bitmain Antminer D3, L3+, and S9 devices
 CVE-2018-11219 [integer overflow]
@@ -6557,8 +6557,8 @@ CVE-2018-9860 (An issue was discovered in Botan 1.11.32 
through 2.x before 2.6.0
        - botan1.10 <not-affected> (Issue introduced in 1.11.32)
        NOTE: 
https://github.com/randombit/botan/commit/ec222c99719c396a1f4756b2ca345dbbfbeb5ed5
        NOTE: Bug introduced in 1.11.32, fixed in 2.6.0
-CVE-2018-9859
-       RESERVED
+CVE-2018-9859 (The path of Whale update service was unquoted in NAVER Whale 
before ...)
+       TODO: check
 CVE-2018-1000168 (nghttp2 version &gt;= 1.10.0 and nghttp2 &lt;= v1.31.0 
contains an Improper ...)
        - nghttp2 1.31.1-1 (low; bug #895566)
        [stretch] - nghttp2 <no-dsa> (Minor issue)
@@ -15256,8 +15256,8 @@ CVE-2017-18171
        RESERVED
 CVE-2017-18170
        RESERVED
-CVE-2017-18169
-       RESERVED
+CVE-2017-18169 (User process can perform the kernel DOS in ashmem when doing 
cache ...)
+       TODO: check
 CVE-2017-18168
        RESERVED
 CVE-2017-18167
@@ -15800,10 +15800,10 @@ CVE-2018-6499
        RESERVED
 CVE-2018-6498
        RESERVED
-CVE-2018-6497
-       RESERVED
-CVE-2018-6496
-       RESERVED
+CVE-2018-6497 (Remote Cross-site Request forgery (CSRF) potential has been 
identified ...)
+       TODO: check
+CVE-2018-6496 (Remote Cross-site Request forgery (CSRF) potential has been 
identified ...)
+       TODO: check
 CVE-2018-6495 (Cross-Site Scripting (XSS) in Micro Focus Universal CMDB, 
version ...)
        NOT-FOR-US: Micro Focus
 CVE-2018-6494 (Remote SQL Injection against the HP Service Manager Software 
Web Tier, ...)
@@ -17937,14 +17937,14 @@ CVE-2018-5865
        RESERVED
 CVE-2018-5864
        RESERVED
-CVE-2018-5863
-       RESERVED
+CVE-2018-5863 (If userspace provides a too-large WPA RSN IE length in ...)
+       TODO: check
 CVE-2018-5862
        RESERVED
 CVE-2018-5861
        RESERVED
-CVE-2018-5860
-       RESERVED
+CVE-2018-5860 (In the MDSS driver in all Android releases(Android for MSM, 
Firefox OS ...)
+       TODO: check
 CVE-2018-5859
        RESERVED
 CVE-2018-5858
@@ -17955,7 +17955,7 @@ CVE-2018-5856
        RESERVED
 CVE-2018-5855
        RESERVED
-CVE-2018-5854 (In fastboot, a stack-based buffer overflow can occur in all 
Android ...)
+CVE-2018-5854 (A stack-based buffer overflow can occur in fastboot from all 
Android ...)
        TODO: check
 CVE-2018-5853
        RESERVED
@@ -18255,18 +18255,18 @@ CVE-2018-5758 (The Upload File functionality in 
upload.jspa in Aurea Jive Jive-n
        NOT-FOR-US: Aurea Jive Jive-n
 CVE-2018-5757
        RESERVED
-CVE-2018-5756
-       RESERVED
-CVE-2018-5755
-       RESERVED
-CVE-2018-5754
-       RESERVED
-CVE-2018-5753
-       RESERVED
-CVE-2018-5752
-       RESERVED
-CVE-2018-5751
-       RESERVED
+CVE-2018-5756 (The backend component in Open-Xchange OX App Suite before 
7.6.3-rev36, ...)
+       TODO: check
+CVE-2018-5755 (Absolute path traversal vulnerability in the readerengine 
component in ...)
+       TODO: check
+CVE-2018-5754 (Cross-site scripting (XSS) vulnerability in the office-web 
component ...)
+       TODO: check
+CVE-2018-5753 (The frontend component in Open-Xchange OX App Suite before ...)
+       TODO: check
+CVE-2018-5752 (The backend component in Open-Xchange OX App Suite before 
7.6.3-rev36, ...)
+       TODO: check
+CVE-2018-5751 (The backend component in Open-Xchange OX App Suite before 
7.6.3-rev36, ...)
+       TODO: check
 CVE-2017-18042 (The update user administration resource in Atlassian Bamboo 
before ...)
        NOT-FOR-US: Atlassian Bamboo
 CVE-2017-18041 (The viewDeploymentVersionJiraIssuesDialog resource in 
Atlassian Bamboo ...)
@@ -32817,8 +32817,8 @@ CVE-2017-17064
        RESERVED
 CVE-2017-17063
        RESERVED
-CVE-2017-17062
-       RESERVED
+CVE-2017-17062 (The backend component in Open-Xchange OX App Suite before 
7.6.3-rev35, ...)
+       TODO: check
 CVE-2017-17061
        RESERVED
 CVE-2017-17060



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b59baec4091cf2f34a65f7801e7b21f8bcce4ca9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b59baec4091cf2f34a65f7801e7b21f8bcce4ca9
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to