[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Wed, 20 Jun 2018 13:10:45 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
13d096f4 by security tracker role at 2018-06-20T20:10:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,35 @@
+CVE-2018-12604 (GreenCMS 2.3.0603 allows remote attackers to obtain sensitive 
...)
+       TODO: check
+CVE-2018-12603
+       RESERVED
+CVE-2018-12602
+       RESERVED
+CVE-2018-12601 (There is a heap-based buffer overflow in ReadImage in 
input-tga.ci in ...)
+       TODO: check
+CVE-2018-12600 (In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in 
...)
+       TODO: check
+CVE-2018-12599 (In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in 
...)
+       TODO: check
+CVE-2018-12598
+       RESERVED
+CVE-2018-12597
+       RESERVED
+CVE-2018-12596
+       RESERVED
+CVE-2018-12595
+       RESERVED
+CVE-2018-12594 (Reliable Controls MACH-ProWebCom 7.80 devices allow remote 
attackers to ...)
+       TODO: check
+CVE-2018-12593
+       RESERVED
+CVE-2018-12592 (Polycom RealPresence Web Suite before 2.2.0 does not block a 
user's ...)
+       TODO: check
+CVE-2018-12591 (Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer 
from an ...)
+       TODO: check
+CVE-2018-12590 (Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer 
from an ...)
+       TODO: check
+CVE-2018-12589
+       RESERVED
 CVE-2018-12588 (Cross-site scripting (XSS) vulnerability in ...)
        TODO: check
 CVE-2018-12587
@@ -90,8 +122,7 @@ CVE-2018-12559 (An issue was discovered in the 
cantata-mounter D-Bus service in 
        NOTE: if `-DENABLE_REMOTE_DEVICES=ON` was passed to the cmake 
invocation.
        NOTE: 2.3.0.ds1-2 disables the cantata-mounter.
        NOTE: 
https://github.com/CDrummond/cantata/commit/afc4f8315d3e96574925fb530a7004cc9e6ce3d3
-CVE-2018-12558 [DOS vulnerability]
-       RESERVED
+CVE-2018-12558 (The parse() method in the Email::Address module through 1.909 
for Perl ...)
        - libemail-address-perl <unfixed> (unimportant; bug #901873)
        NOTE: Possibility of DoS vs. usability issue for Email::Address
 CVE-2018-12557 (An issue was discovered in Zuul 3.x before 3.1.0. If nodes 
become ...)
@@ -325,10 +356,10 @@ CVE-2018-12448
        RESERVED
 CVE-2018-12447 (The restore_tqb_pixels function in hevc_filter.c in 
libavcodec, as used ...)
        NOT-FOR-US: libbpg
-CVE-2018-12446
-       RESERVED
-CVE-2018-12445
-       RESERVED
+CVE-2018-12446 (** DISPUTED ** An issue was discovered in the 
com.dropbox.android ...)
+       TODO: check
+CVE-2018-12445 (** DISPUTED ** An issue was discovered in the 
com.dropbox.android ...)
+       TODO: check
 CVE-2018-12444
        RESERVED
 CVE-2018-12443
@@ -679,8 +710,8 @@ CVE-2018-12329 (Protection Mechanism Failure in ECOS Secure 
Boot Stick (aka SBS)
        NOT-FOR-US: ECOS Secure Boot Stick
 CVE-2018-12328
        RESERVED
-CVE-2018-12327
-       RESERVED
+CVE-2018-12327 (Stack-based buffer overflow in ntpq and ntpdc of NTP version 
4.2.8p11 ...)
+       TODO: check
 CVE-2018-12326 (Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x 
before 5.0 ...)
        {DSA-4230-1}
        - redis 5:4.0.10-1
@@ -4352,8 +4383,7 @@ CVE-2018-10843
 CVE-2018-10842
        RESERVED
        NOT-FOR-US: Keycloak
-CVE-2018-10841 [access trusted peer group via remote-host command]
-       RESERVED
+CVE-2018-10841 (glusterfs is vulnerable to privilege escalation on gluster 
server ...)
        - glusterfs <unfixed> (bug #901968)
        NOTE: https://review.gluster.org/#/c/20328/
        NOTE: 
http://git.gluster.org/cgit/glusterfs.git/commit/?id=e8d928e34680079e42be6947ffacc4ddd7defca2
@@ -8792,8 +8822,8 @@ CVE-2018-9038 (Monstra CMS 3.0.4 allows remote attackers 
to delete files via an 
        NOT-FOR-US: Monstra CMS
 CVE-2018-9037 (Monstra CMS 3.0.4 allows remote code execution via an 
upload_file ...)
        NOT-FOR-US: Monstra CMS
-CVE-2018-9036
-       RESERVED
+CVE-2018-9036 (CheckSec Canopy 3.x before 3.0.7 has stored XSS via the Login 
Page ...)
+       TODO: check
 CVE-2018-9035 (CSV Injection vulnerability in ExportToCsvUtf8.php of the 
Contact Form ...)
        NOT-FOR-US: Wordpress plugin
 CVE-2018-9034 (Cross-site scripting (XSS) vulnerability in lib/interface.php 
of the ...)
@@ -10711,7 +10741,7 @@ CVE-2018-8247 (An elevation of privilege vulnerability 
exists when Office Web Ap
        NOT-FOR-US: Microsoft
 CVE-2018-8246 (An information disclosure vulnerability exists when Microsoft 
Excel ...)
        NOT-FOR-US: Microsoft
-CVE-2018-8245 (An elevation of privilege vulnerability exists when Microsoft 
...)
+CVE-2018-8245 (A remote code execution vulnerability exists when Microsoft 
Publisher ...)
        NOT-FOR-US: Microsoft
 CVE-2018-8244 (An elevation of privilege vulnerability exists when Microsoft 
Outlook ...)
        NOT-FOR-US: Microsoft
@@ -15830,8 +15860,8 @@ CVE-2018-6565
        RESERVED
 CVE-2018-6564
        RESERVED
-CVE-2018-6563
-       RESERVED
+CVE-2018-6563 (Multiple cross-site request forgery (CSRF) vulnerabilities in 
...)
+       TODO: check
 CVE-2018-6562 (totemomail Encryption Gateway before 6.0_b567 allows remote 
attackers ...)
        NOT-FOR-US: totemomail Encryption Gateway
 CVE-2018-6561 (dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload 
attribute ...)
@@ -16909,12 +16939,12 @@ CVE-2018-6215
        RESERVED
 CVE-2018-6214
        RESERVED
-CVE-2018-6213
-       RESERVED
-CVE-2018-6212
-       RESERVED
-CVE-2018-6211
-       RESERVED
+CVE-2018-6213 (In the web server on D-Link DIR-620 devices with a certain 
customized ...)
+       TODO: check
+CVE-2018-6212 (On D-Link DIR-620 devices with a certain customized (by ISP) 
variant ...)
+       TODO: check
+CVE-2018-6211 (On D-Link DIR-620 devices with a certain customized (by ISP) 
variant ...)
+       TODO: check
 CVE-2018-6210 (D-Link DIR-620 devices, with a certain Rostelekom variant of 
firmware ...)
        TODO: check
 CVE-2018-6209 (In Max Secure Anti Virus 19.0.3.019,, the driver file 
(MaxCryptMon.sys) ...)
@@ -19359,8 +19389,8 @@ CVE-2018-5429 (A vulnerability in the report scripting 
component of TIBCO Softwa
        [jessie] - jasperreports <end-of-life> (not supported in Jessie)
        [wheezy] - jasperreports <end-of-life> (not supported in Wheezy)
        NOTE: 
https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5429
-CVE-2018-5428
-       RESERVED
+CVE-2018-5428 (The version control adapters component of TIBCO Data 
Virtualization ...)
+       TODO: check
 CVE-2018-5427
        RESERVED
 CVE-2018-5426
@@ -19952,10 +19982,10 @@ CVE-2018-5239
        RESERVED
 CVE-2018-5238
        RESERVED
-CVE-2018-5237
-       RESERVED
-CVE-2018-5236
-       RESERVED
+CVE-2018-5237 (Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 
MP10 ...)
+       TODO: check
+CVE-2018-5236 (Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 
MP10 may ...)
+       TODO: check
 CVE-2018-5235
        RESERVED
 CVE-2018-5234 (The Norton Core router prior to v237 may be susceptible to a 
command ...)
@@ -31268,8 +31298,7 @@ CVE-2018-1134 (An issue was discovered in Moodle 3.x. 
Students who submitted ...
        - moodle <removed>
 CVE-2018-1133 (An issue was discovered in Moodle 3.x. A Teacher creating a 
Calculated ...)
        - moodle <removed>
-CVE-2018-1132
-       RESERVED
+CVE-2018-1132 (A flaw was found in Opendaylight's SDNInterfaceapp (SDNI). 
Attackers ...)
        NOT-FOR-US: OpenDaylight
 CVE-2018-1131 (Infinispan permits improper deserialization of trusted data via 
XML ...)
        NOT-FOR-US: infinispan
@@ -31323,8 +31352,7 @@ CVE-2018-1121 (procps-ng, procps is vulnerable to a 
process hiding through race 
        - linux <unfixed> (unimportant)
        NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
        NOTE: 
https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
-CVE-2018-1120 [FUSE-backed /proc/PID/cmdline]
-       RESERVED
+CVE-2018-1120 (A flaw was found affecting the Linux kernel before version 
4.17. By ...)
        - linux 4.16.12-1
        NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
        NOTE: 
https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/13d096f48d1bc2db223fb168ec76302785e8ed36

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/13d096f48d1bc2db223fb168ec76302785e8ed36
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to