[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Mon, 18 Jun 2018 13:11:09 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
6e2982ee by security tracker role at 2018-06-18T20:10:24+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,73 @@
+CVE-2018-12555
+       RESERVED
+CVE-2018-12554
+       RESERVED
+CVE-2018-12553
+       RESERVED
+CVE-2018-12552
+       RESERVED
+CVE-2018-12551
+       RESERVED
+CVE-2018-12550
+       RESERVED
+CVE-2018-12549
+       RESERVED
+CVE-2018-12548
+       RESERVED
+CVE-2018-12547
+       RESERVED
+CVE-2018-12546
+       RESERVED
+CVE-2018-12545
+       RESERVED
+CVE-2018-12544
+       RESERVED
+CVE-2018-12543
+       RESERVED
+CVE-2018-12542
+       RESERVED
+CVE-2018-12541
+       RESERVED
+CVE-2018-12540
+       RESERVED
+CVE-2018-12539
+       RESERVED
+CVE-2018-12538
+       RESERVED
+CVE-2018-12537
+       RESERVED
+CVE-2018-12536
+       RESERVED
+CVE-2018-12535
+       RESERVED
+CVE-2018-12534 (A SQL injection issue was discovered in the Quick Chat plugin 
before ...)
+       TODO: check
+CVE-2018-12533 (JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated 
remote ...)
+       TODO: check
+CVE-2018-12532 (JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated 
remote ...)
+       TODO: check
+CVE-2018-12531 (An issue was discovered in MetInfo 6.0.0. install\index.php 
allows ...)
+       TODO: check
+CVE-2018-12530 (An issue was discovered in MetInfo 6.0.0. 
admin/app/batch/csvup.php ...)
+       TODO: check
+CVE-2018-12529
+       RESERVED
+CVE-2018-12528
+       RESERVED
+CVE-2018-12527
+       RESERVED
+CVE-2018-12526
+       RESERVED
+CVE-2018-12525 (An issue was discovered in perfSONAR Monitoring and Debugging 
Dashboard ...)
+       TODO: check
+CVE-2018-12524 (An issue was discovered in perfSONAR Monitoring and Debugging 
Dashboard ...)
+       TODO: check
+CVE-2018-12523 (An issue was discovered in perfSONAR Monitoring and Debugging 
Dashboard ...)
+       TODO: check
+CVE-2018-12522 (An issue was discovered in perfSONAR Monitoring and Debugging 
Dashboard ...)
+       TODO: check
+CVE-2018-12521
+       RESERVED
 CVE-2018-XXXX [cantata-mounter D-Bus service local privilege escalation and 
other security issues]
        - cantata <unfixed> (bug #901798)
        NOTE: http://www.openwall.com/lists/oss-security/2018/06/18/1
@@ -4734,20 +4804,20 @@ CVE-2018-10625
        RESERVED
 CVE-2018-10624
        RESERVED
-CVE-2018-10623
-       RESERVED
+CVE-2018-10623 (Delta Electronics Delta Industrial Automation DOPSoft version 
4.00.04 ...)
+       TODO: check
 CVE-2018-10622
        RESERVED
-CVE-2018-10621
-       RESERVED
+CVE-2018-10621 (Delta Electronics Delta Industrial Automation DOPSoft version 
4.00.04 ...)
+       TODO: check
 CVE-2018-10620
        RESERVED
 CVE-2018-10619 (An unquoted search path or element in RSLinx Classic Versions 
3.90.01 ...)
        NOT-FOR-US: RSLinx
 CVE-2018-10618
        RESERVED
-CVE-2018-10617
-       RESERVED
+CVE-2018-10617 (Delta Electronics Delta Industrial Automation DOPSoft version 
4.00.04 ...)
+       TODO: check
 CVE-2018-10616
        RESERVED
 CVE-2018-10615 (Directory traversal may lead to files being exfiltrated or 
deleted on ...)
@@ -8633,24 +8703,24 @@ CVE-2018-9031 (The login interface on TNLSoftSolutions 
Sentry Vision 3.x devices
        NOT-FOR-US: TNLSoftSolutions Sentry Vision 3.x devices
 CVE-2018-9030
        RESERVED
-CVE-2018-9029
-       RESERVED
-CVE-2018-9028
-       RESERVED
-CVE-2018-9027
-       RESERVED
-CVE-2018-9026
-       RESERVED
-CVE-2018-9025
-       RESERVED
-CVE-2018-9024
-       RESERVED
-CVE-2018-9023
-       RESERVED
-CVE-2018-9022
-       RESERVED
-CVE-2018-9021
-       RESERVED
+CVE-2018-9029 (An improper input validation vulnerability in CA Privileged 
Access ...)
+       TODO: check
+CVE-2018-9028 (Weak cryptography used for passwords in CA Privileged Access 
Manager ...)
+       TODO: check
+CVE-2018-9027 (A reflected cross-site scripting vulnerability in CA Privileged 
Access ...)
+       TODO: check
+CVE-2018-9026 (A session fixation vulnerability in CA Privileged Access 
Manager 2.x ...)
+       TODO: check
+CVE-2018-9025 (An input validation vulnerability in CA Privileged Access 
Manager 2.x ...)
+       TODO: check
+CVE-2018-9024 (An improper authentication vulnerability in CA Privileged 
Access ...)
+       TODO: check
+CVE-2018-9023 (An input validation vulnerability in CA Privileged Access 
Manager 2.x ...)
+       TODO: check
+CVE-2018-9022 (An authentication bypass vulnerability in CA Privileged Access 
Manager ...)
+       TODO: check
+CVE-2018-9021 (An authentication bypass vulnerability in CA Privileged Access 
Manager ...)
+       TODO: check
 CVE-2017-18254 (An issue was discovered in ImageMagick 7.0.7. A memory leak 
...)
        - imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/24d5699753170c141b46816284430516c2d48fed
@@ -30333,7 +30403,7 @@ CVE-2018-1335 (From Apache Tika versions 1.7 to 1.17, 
clients could send careful
 CVE-2018-1334
        RESERVED
 CVE-2018-1333
-       RESERVED
+       REJECTED
 CVE-2018-1332 (Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and 
version ...)
        NOT-FOR-US: Apache Storm
 CVE-2018-1331
@@ -30934,10 +31004,10 @@ CVE-2018-1155
        RESERVED
 CVE-2018-1154
        RESERVED
-CVE-2018-1153
-       RESERVED
-CVE-2018-1152
-       RESERVED
+CVE-2018-1153 (Burp Suite Community Edition 1.7.32 and 1.7.33 fail to validate 
the ...)
+       TODO: check
+CVE-2018-1152 (libjpeg-turbo 1.5.90 is vulnerable to a denial of service ...)
+       TODO: check
 CVE-2018-1151 (The web server on Western Digital TV Media Player 1.03.07 and 
TV Live ...)
        TODO: check
 CVE-2018-1150
@@ -31272,8 +31342,7 @@ CVE-2018-1091 (In the flush_tmregs_to_thread function 
in arch/powerpc/kernel/ptr
        [jessie] - linux <not-affected> (Hardware not supported; POWER9 support 
missing)
        [wheezy] - linux <not-affected> (Hardware not supported)
        NOTE: Fixed by: 
https://git.kernel.org/linus/c1fa0768a8713b135848f78fd43ffc208d8ded70
-CVE-2018-1090
-       RESERVED
+CVE-2018-1090 (In Pulp before version 2.16.2, secrets are passed into 
override_config ...)
        NOT-FOR-US: Pulp (Red Hat)
 CVE-2018-1089 (389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not 
...)
        - 389-ds-base 1.3.8.2-1 (bug #898138)
@@ -31418,8 +31487,7 @@ CVE-2018-1061 [DOS via regular expression backtracking 
in difflib.IS_LINE_JUNK m
        NOTE: 
https://github.com/python/cpython/commit/937ac1fe069a4dc8471dff205f553d82e724015b
 (3.5)
        NOTE: 
https://github.com/python/cpython/commit/942cc04ae44825ea120e3a19a80c9b348b8194d0
 (3.4)
        NOTE: 
https://github.com/python/cpython/commit/e052d40cea15f582b50947f7d906b39744dc62a2
 (2.7)
-CVE-2018-1060 [DOS via regular expression catastrophic backtracking in apop() 
method in pop3lib]
-       RESERVED
+CVE-2018-1060 (python before versions 2.7.15, 3.4.9, 3.5.6 and 3.7.0 is 
vulnerable to ...)
        - python3.7 3.7.0~b3-1 (low)
        - python3.6 3.6.5~rc1-1 (low)
        - python3.5 <unfixed> (low)
@@ -127309,18 +127377,18 @@ CVE-2015-4671 (Cross-site scripting (XSS) 
vulnerability in OpenCart before 2.1.0
        NOT-FOR-US: OpenCart
 CVE-2015-4670 (Directory traversal vulnerability in the AjaxFileUpload control 
in ...)
        NOT-FOR-US: AjaxControlToolkit
-CVE-2015-4669 (The MySQL &quot;root&quot; user in Xsuite 2.3.0 and 2.4.3.0 
does not have a ...)
+CVE-2015-4669 (The MySQL &quot;root&quot; user in Xsuite 2.x does not have a 
password set, ...)
        NOT-FOR-US: Xsuite
-CVE-2015-4668 (Open redirect vulnerability in Xsuite 2.3.0 and 2.4.3.0 allows 
remote ...)
+CVE-2015-4668 (Open redirect vulnerability in Xsuite 2.4.4.5 and earlier 
allows ...)
        NOT-FOR-US: Xsuite
-CVE-2015-4667 (Multiple hardcoded credentials in Xsuite 2.3.0 and 2.4.3.0. ...)
+CVE-2015-4667 (Multiple hardcoded credentials in Xsuite 2.x. ...)
        NOT-FOR-US: Xsuite
 CVE-2015-4666 (Directory traversal vulnerability in opm/read_sessionlog.php in 
...)
        NOT-FOR-US: Xceedium Xsuite
 CVE-2015-4665 (Cross-site scripting (XSS) vulnerability in ajax_cmd.php in 
Xceedium ...)
        NOT-FOR-US: Xceedium Xsuite
-CVE-2015-4664
-       RESERVED
+CVE-2015-4664 (An improper input validation vulnerability in CA Privileged 
Access ...)
+       TODO: check
 CVE-2015-4663
        RESERVED
        - hhvm 3.11.0+dfsg-1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6e2982ee92cc863d008a9213fa99c3988a2fe974

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6e2982ee92cc863d008a9213fa99c3988a2fe974
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to