Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
57c8d84d by security tracker role at 2018-06-17T20:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,7 @@
+CVE-2018-12519
+ RESERVED
+CVE-2018-12518
+ RESERVED
CVE-2018-12517
RESERVED
CVE-2018-12516
@@ -134,8 +138,8 @@ CVE-2018-12456
RESERVED
CVE-2018-12455
RESERVED
-CVE-2018-12454
- RESERVED
+CVE-2018-12454 (The _addguess function of a simplelottery smart contract
implementation ...)
+ TODO: check
CVE-2018-12453 (Type confusion in the xgroupCommand function in t_stream.c in
...)
- redis <not-affected> (Vulnerable code introduced in 5.0-rc1)
NOTE:
https://gist.github.com/fakhrizulkifli/34a56d575030682f6c564553c53b82b5
@@ -484,32 +488,32 @@ CVE-2018-12340
RESERVED
CVE-2018-12339 (ArticleCMS through 2017-02-19 has XSS via an "add an
article" action. ...)
NOT-FOR-US: ArticleCMS
-CVE-2018-12338
- RESERVED
-CVE-2018-12337
- RESERVED
-CVE-2018-12336
- RESERVED
-CVE-2018-12335
- RESERVED
-CVE-2018-12334
- RESERVED
-CVE-2018-12333
- RESERVED
-CVE-2018-12332
- RESERVED
-CVE-2018-12331
- RESERVED
-CVE-2018-12330
- RESERVED
-CVE-2018-12329
- RESERVED
+CVE-2018-12338 (Undocumented Factory Backdoor in ECOS System Management
Appliance (aka ...)
+ TODO: check
+CVE-2018-12337 (Reliance on Security Through Obscurity vulnerability in ECOS
Secure ...)
+ TODO: check
+CVE-2018-12336 (Undocumented Factory Backdoor in ECOS Secure Boot Stick (aka
SBS) 5.6.5 ...)
+ TODO: check
+CVE-2018-12335 (Incorrect access control in ECOS System Management Appliance
(aka SMA) ...)
+ TODO: check
+CVE-2018-12334 (Protection Mechanism Failure in ECOS Secure Boot Stick (aka
SBS) 5.6.5 ...)
+ TODO: check
+CVE-2018-12333 (Insufficient Verification of Data Authenticity vulnerability
in ECOS ...)
+ TODO: check
+CVE-2018-12332 (Incomplete Cleanup vulnerability in ECOS Secure Boot Stick
(aka SBS) ...)
+ TODO: check
+CVE-2018-12331 (Authentication Bypass by Spoofing vulnerability in ECOS System
...)
+ TODO: check
+CVE-2018-12330 (Protection Mechanism Failure in ECOS Secure Boot Stick (aka
SBS) 5.6.5 ...)
+ TODO: check
+CVE-2018-12329 (Protection Mechanism Failure in ECOS Secure Boot Stick (aka
SBS) 5.6.5 ...)
+ TODO: check
CVE-2018-12328
RESERVED
CVE-2018-12327
RESERVED
-CVE-2018-12326
- RESERVED
+CVE-2018-12326 (Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x
before 5.0 ...)
+ TODO: check
CVE-2018-12325
RESERVED
CVE-2018-12324
@@ -656,7 +660,7 @@ CVE-2018-12264 (Exiv2 0.26 has integer overflows in
LoaderTiff::getData() in ...
CVE-2018-12263 (portfolioCMS 1.0.5 allows upload of arbitrary .php files via
the ...)
NOT-FOR-US: portfolioCMS
CVE-2018-12262
- RESERVED
+ REJECTED
CVE-2018-12261 (An issue was discovered on Momentum Axel 720P 5.1.8 devices.
All ...)
NOT-FOR-US: Momentum Axel 720P 5.1.8 devices
CVE-2018-12260 (An issue was discovered on Momentum Axel 720P 5.1.8 devices.
The root ...)
@@ -2132,8 +2136,8 @@ CVE-2018-11649 (Hue 3.12 has XSS via the /pig/save/ name
and script parameters.
NOT-FOR-US: Hue
CVE-2018-11648
RESERVED
-CVE-2018-11647
- RESERVED
+CVE-2018-11647 (index.js in oauth2orize-fprm before 0.2.1 has XSS via a
crafted URL. ...)
+ TODO: check
CVE-2018-11646 (webkitFaviconDatabaseSetIconForPageURL and ...)
- webkit2gtk 2.20.3-1 (unimportant)
NOTE: https://bugs.webkit.org/show_bug.cgi?id=186164
@@ -3288,13 +3292,13 @@ CVE-2018-11221 (Unauthenticated untrusted file upload
in Artica Pandora FMS thro
NOT-FOR-US: Pandora FMS
CVE-2018-11220 (Bitmain Antminer D3, L3+, and S9 devices allow Remote Command
...)
NOT-FOR-US: Bitmain Antminer D3, L3+, and S9 devices
-CVE-2018-11219 [integer overflow]
- RESERVED
+CVE-2018-11219 (An Integer Overflow issue was discovered in the struct library
in the ...)
+ {DSA-4230-1}
- redis 5:4.0.10-1 (bug #901495)
NOTE: https://github.com/antirez/redis/issues/5017
NOTE: http://antirez.com/news/119
-CVE-2018-11218 [heap corruption vulnerability in cmsgpack]
- RESERVED
+CVE-2018-11218 (Memory Corruption was discovered in the cmsgpack library in
the Lua ...)
+ {DSA-4230-1}
- redis 5:4.0.10-1 (bug #901495)
NOTE: https://github.com/antirez/redis/issues/5017
NOTE: http://antirez.com/news/119
@@ -3800,8 +3804,8 @@ CVE-2018-10999 (An issue was discovered in Exiv2 0.26.
The ...)
CVE-2018-10998 (An issue was discovered in Exiv2 0.26. readMetadata in
jp2image.cpp ...)
- exiv2 <unfixed>
NOTE: https://github.com/Exiv2/exiv2/issues/303
-CVE-2018-10997
- RESERVED
+CVE-2018-10997 (Etere EtereWeb before 28.1.20 has a pre-authentication blind
SQL ...)
+ TODO: check
CVE-2018-10996 (The weblogin_log function in /htdocs/cgibin on D-Link
DIR-629-B1 ...)
NOT-FOR-US: D-Link
CVE-2018-10995 (SchedMD Slurm before 17.02.11 and 17.1x.x before 17.11.7
mishandles ...)
@@ -3874,8 +3878,8 @@ CVE-2018-10971 (An issue was discovered in Free Lossless
Image Format (FLIF) 0.3
NOTE: https://github.com/FLIF-hub/FLIF/issues/501
CVE-2018-10970
RESERVED
-CVE-2018-10969
- RESERVED
+CVE-2018-10969 (SQL injection vulnerability in the Pie Register plugin before
3.0.10 ...)
+ TODO: check
CVE-2018-10968 (On D-Link DIR-550A and DIR-604M devices through v2.10KR, a
malicious ...)
NOT-FOR-US: D-Link
CVE-2018-10967 (On D-Link DIR-550A and DIR-604M devices through v2.10KR, a
malicious ...)
@@ -5337,8 +5341,8 @@ CVE-2018-10379 (An issue was discovered in GitLab
Community Edition (CE) and Ent
NOTE:
https://about.gitlab.com/2018/04/30/security-release-gitlab-10-dot-7-dot-2-released/
CVE-2018-10378
RESERVED
-CVE-2018-10377
- RESERVED
+CVE-2018-10377 (PortSwigger Burp Suite before 1.7.34 has Improper Certificate
...)
+ TODO: check
CVE-2018-10376 (An integer overflow in the transferProxy function of a smart
contract ...)
NOT-FOR-US: SmartMesh token
CVE-2018-10375 (A file uploading vulnerability exists in ...)
@@ -33474,6 +33478,7 @@ CVE-2018-0496 (Directory traversal issues in the D-Mod
extractor in DFArc and DF
NOTE: https://savannah.gnu.org/forum/forum.php?forum_id=9169
NOTE:
https://git.savannah.gnu.org/cgit/freedink/dfarc.git/commit/?id=40cc957f52e772f45125126439ba9333cf2d2998
CVE-2018-0495 (Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a
memory-cache ...)
+ {DSA-4231-1}
- libgcrypt20 1.8.3-1
NOTE: https://dev.gnupg.org/T4011
NOTE:
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965
@@ -37486,7 +37491,7 @@ CVE-2017-16011 (jQuery is a javascript library for DOM
manipulation. jQuery's ma
NOTE: https://nodesecurity.io/advisories/329
NOTE:
https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d
NOTE: 1.9 release introduced backwards incompatible changes to fix
- NOTE: this, so may be too invasive to fix
+ NOTE: this, so may be too invasive to fix
NOTE: Overlapping (or potentially) duplicate of CVE-2012-6708, but
explicitly
NOTE: two CVEs were assigned.
CVE-2017-16010 (i18next is a language translation framework. When using the
.init ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/57c8d84dbfcacdbd41833f1d2c5f05cdaf455b6f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/57c8d84dbfcacdbd41833f1d2c5f05cdaf455b6f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
