Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
515dd22a by security tracker role at 2018-06-19T20:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,41 @@
+CVE-2018-12584
+ RESERVED
+CVE-2018-12583 (An issue was discovered in AKCMS 6.1. CSRF can delete an
article via an ...)
+ TODO: check
+CVE-2018-12582 (An issue was discovered in AKCMS 6.1. CSRF can add an admin
account via ...)
+ TODO: check
+CVE-2018-12581
+ RESERVED
+CVE-2018-12580 (library/DBTech/Security/Action/Sessions.php in DragonByte
vBSecurity ...)
+ TODO: check
+CVE-2018-12579
+ RESERVED
+CVE-2018-12578 (There is a heap-based buffer overflow in bmp_compress1_row in
...)
+ TODO: check
+CVE-2018-12577
+ RESERVED
+CVE-2018-12576
+ RESERVED
+CVE-2018-12575
+ RESERVED
+CVE-2018-12574
+ RESERVED
+CVE-2018-12573
+ RESERVED
+CVE-2018-12572
+ RESERVED
+CVE-2018-12571
+ RESERVED
+CVE-2018-12570
+ RESERVED
+CVE-2018-12569
+ RESERVED
+CVE-2018-12568
+ RESERVED
+CVE-2018-12567
+ RESERVED
+CVE-2018-12566
+ RESERVED
CVE-2018-12565 (An issue was discovered in Linaro LAVA before 2018.5.post1.
Because of ...)
- lava 2018.5.post1-1
- lava-server <removed>
@@ -440,7 +478,7 @@ CVE-2018-12425
RESERVED
CVE-2018-12424
RESERVED
-CVE-2018-12422 (addressbook/backends/ldap/e-book-backend-ldap.c in ...)
+CVE-2018-12422 (** DISPUTED ** addressbook/backends/ldap/e-book-backend-ldap.c
in ...)
- evolution-data-server <unfixed> (bug #901665)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=796174
NOTE:
https://gitlab.gnome.org/GNOME/evolution-data-server/commit/34bad6173
@@ -2111,20 +2149,20 @@ CVE-2016-1000339 (In the Bouncy Castle JCE Provider
version 1.55 and earlier the
- bouncycastle 1.56-1
NOTE:
https://github.com/bcgit/bc-java/commit/413b42f4d770456508585c830cfcde95f9b0e93b#diff-54656f860db94b867ba7542430cd2ef0
NOTE:
https://github.com/bcgit/bc-java/commit/8a73f08931450c17c749af067b6a8185abdfd2c0#diff-494fb066bed02aeb76b6c005632943f2
-CVE-2018-11707
- RESERVED
-CVE-2018-11706
- RESERVED
-CVE-2018-11705
- RESERVED
-CVE-2018-11704
- RESERVED
-CVE-2018-11703
- RESERVED
-CVE-2018-11702
- RESERVED
-CVE-2018-11701
- RESERVED
+CVE-2018-11707 (FastStone Image Viewer 6.2 has a User Mode Read and Execute AV
at ...)
+ TODO: check
+CVE-2018-11706 (FastStone Image Viewer 6.2 has a User Mode Write AV at
0x00578dd8, ...)
+ TODO: check
+CVE-2018-11705 (FastStone Image Viewer 6.2 has a User Mode Write AV at
0x00578cc4, ...)
+ TODO: check
+CVE-2018-11704 (FastStone Image Viewer 6.2 has a User Mode Write AV at
0x00402d7d, ...)
+ TODO: check
+CVE-2018-11703 (FastStone Image Viewer 6.2 has a User Mode Write AV at
0x00402d6a, ...)
+ TODO: check
+CVE-2018-11702 (FastStone Image Viewer 6.2 has a User Mode Write AV at
0x00578cb3, ...)
+ TODO: check
+CVE-2018-11701 (FastStone Image Viewer 6.2 has a User Mode Write AV at
0x005cb509, ...)
+ TODO: check
CVE-2018-11700
RESERVED
CVE-2018-11699
@@ -2548,8 +2586,8 @@ CVE-2018-11539
RESERVED
CVE-2018-11538 (servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the
u_name, ...)
NOT-FOR-US: SearchBlox
-CVE-2018-11537
- RESERVED
+CVE-2018-11537 (Auth0 angular-jwt before 0.1.10 treats whiteListedDomains
entries as ...)
+ TODO: check
CVE-2018-11536 (md4c before 0.2.5 has a heap-based buffer overflow because ...)
NOT-FOR-US: md4c
CVE-2018-11535 (An issue was discovered in SITEMAKIN SLAC (Site Login and
Access ...)
@@ -2571,10 +2609,10 @@ CVE-2018-11528 (WUZHI CMS 4.1.0 has SQL Injection via
an api/sms_check.php?param
NOT-FOR-US: WUZHI CMS
CVE-2018-11527 (An issue was discovered in CScms v4.1. A Cross-site request
forgery ...)
NOT-FOR-US: CScms
-CVE-2018-11526
- RESERVED
-CVE-2018-11525
- RESERVED
+CVE-2018-11526 (The plugin "WordPress Comments Import & Export"
for WordPress (v2.0.4 ...)
+ TODO: check
+CVE-2018-11525 (The plugin "Advanced Order Export For WooCommerce"
for WordPress ...)
+ TODO: check
CVE-2018-11524
RESERVED
CVE-2018-11523 (upload.php on NUUO NVRmini 2 devices allows Arbitrary File
Upload, such ...)
@@ -9651,8 +9689,8 @@ CVE-2018-8729 (Multiple cross-site scripting (XSS)
vulnerabilities in the Activi
NOT-FOR-US: Activity Log plugin for WordPress
CVE-2018-8728 (server/app/views/static/code.html in Kontena before 1.5.0
allows XSS in ...)
NOT-FOR-US: Kontena
-CVE-2018-8727
- RESERVED
+CVE-2018-8727 (Path Traversal in Gateway in Mirasys DVMS Workstation 5.12.6
and ...)
+ TODO: check
CVE-2017-18238 (An issue was discovered in Exempi before 2.4.4. The ...)
{DLA-1310-1}
- exempi 2.4.4-1 (low)
@@ -11214,8 +11252,8 @@ CVE-2018-8032
RESERVED
CVE-2018-8031
RESERVED
-CVE-2018-8030
- RESERVED
+CVE-2018-8030 (A Denial of Service vulnerability was found in Apache Qpid
Broker-J ...)
+ TODO: check
CVE-2018-8029
RESERVED
CVE-2018-8028
@@ -16865,8 +16903,8 @@ CVE-2018-6212
RESERVED
CVE-2018-6211
RESERVED
-CVE-2018-6210
- RESERVED
+CVE-2018-6210 (D-Link DIR-620 devices, with a certain Rostelekom variant of
firmware ...)
+ TODO: check
CVE-2018-6209 (In Max Secure Anti Virus 19.0.3.019,, the driver file
(MaxCryptMon.sys) ...)
NOT-FOR-US: Max Secure Anti Virus
CVE-2018-6208 (In Max Secure Anti Virus 19.0.3.019,, the driver file ...)
@@ -31278,8 +31316,7 @@ CVE-2018-1118 (Linux kernel vhost since version 4.8
does not properly initialize
[wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: https://lkml.org/lkml/2018/4/27/833
NOTE: Fixed by:
https://git.kernel.org/linus/670ae9caaca467ea1bfd325cb2a5c98ba87f94ad
-CVE-2018-1117
- RESERVED
+CVE-2018-1117 (ovirt-ansible-roles before version 1.0.6 has a vulnerability
due to a ...)
NOT-FOR-US: ovirt-ansible-roles
CVE-2018-1116
RESERVED
@@ -31465,8 +31502,7 @@ CVE-2018-1075 (ovirt-engine up to version 4.2.3 is
vulnerable to an unfiltered .
NOT-FOR-US: ovirt-engine
CVE-2018-1074 (ovirt-engine API and administration web portal before versions
...)
NOT-FOR-US: ovirt-engine
-CVE-2018-1073
- RESERVED
+CVE-2018-1073 (The web console login form in ovirt-engine before version 4.2.3
...)
NOT-FOR-US: ovirt-engine
CVE-2018-1072
RESERVED
@@ -31519,8 +31555,7 @@ CVE-2018-1063 (Context relabeling of filesystems is
vulnerable to symbolic link
NOTE: relabeling time.
CVE-2018-1062 (A vulnerability was discovered in oVirt 4.1.x before 4.1.9,
where the ...)
NOT-FOR-US: ovirt-engine
-CVE-2018-1061 [DOS via regular expression backtracking in difflib.IS_LINE_JUNK
method in difflib]
- RESERVED
+CVE-2018-1061 (python before versions 2.7.15, 3.4.9, 3.5.6 and 3.7.0 is
vulnerable to ...)
- python3.7 3.7.0~b3-1 (low)
- python3.6 3.6.5~rc1-1 (low)
- python3.5 <unfixed> (low)
@@ -129118,8 +129153,8 @@ CVE-2015-4045 (The sudoers file in the asset
discovery scanner in AlienVault OSS
NOT-FOR-US: AlienVault OSSIM
CVE-2015-4044
RESERVED
-CVE-2015-4043
- RESERVED
+CVE-2015-4043 (SQL injection vulnerability in ConnX ESP HR Management 4.4.0
allows ...)
+ TODO: check
CVE-2015-4040 (Directory traversal vulnerability in the configuration utility
in F5 ...)
NOT-FOR-US: F5 BIG-IP
CVE-2015-4039
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/515dd22a546fe420124e2f969e596d36d0a46732
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/515dd22a546fe420124e2f969e596d36d0a46732
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
