Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7005065c by security tracker role at 2018-06-22T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,7 +1,231 @@
-CVE-2018-12637
+CVE-2018-12688 (tinyexr 0.9.5 has a segmentation fault in the wav2Decode
function. ...)
+ TODO: check
+CVE-2018-12687 (tinyexr 0.9.5 has an assertion failure in DecodePixelData in
tinyexr.h. ...)
+ TODO: check
+CVE-2018-12686
+ RESERVED
+CVE-2018-12685
+ RESERVED
+CVE-2018-12684 (Out-of-bounds Read in the send_ssi_file function in civetweb.c
in ...)
+ TODO: check
+CVE-2018-12683
+ RESERVED
+CVE-2018-12682
+ RESERVED
+CVE-2018-12681
+ RESERVED
+CVE-2018-12680
+ RESERVED
+CVE-2018-12679
+ RESERVED
+CVE-2018-12678 (Portainer before 1.18.0 supports unauthenticated requests to
the ...)
+ TODO: check
+CVE-2018-12677
+ RESERVED
+CVE-2018-12676
+ RESERVED
+CVE-2018-12675
+ RESERVED
+CVE-2018-12674
+ RESERVED
+CVE-2018-12673
+ RESERVED
+CVE-2018-12672
+ RESERVED
+CVE-2018-12671
+ RESERVED
+CVE-2018-12670
+ RESERVED
+CVE-2018-12669
+ RESERVED
+CVE-2018-12668
+ RESERVED
+CVE-2018-12667
+ RESERVED
+CVE-2018-12666
+ RESERVED
+CVE-2018-12665
+ RESERVED
+CVE-2018-12664
+ RESERVED
+CVE-2018-12663
+ RESERVED
+CVE-2018-12662
+ RESERVED
+CVE-2018-12661
+ RESERVED
+CVE-2018-12660
+ RESERVED
+CVE-2018-12659 (SLiMS 8 Akasia 8.3.1 allows remote attackers to bypass the
CSRF ...)
+ TODO: check
+CVE-2018-12658 (Reflected Cross-Site Scripting (XSS) exists in the Stock Take
module in ...)
+ TODO: check
+CVE-2018-12657 (Reflected Cross-Site Scripting (XSS) exists in the Master File
module ...)
+ TODO: check
+CVE-2018-12656 (Reflected Cross-Site Scripting (XSS) exists in the Membership
module in ...)
+ TODO: check
+CVE-2018-12655 (Reflected Cross-Site Scripting (XSS) exists in the Circulation
module ...)
+ TODO: check
+CVE-2018-12654 (Reflected Cross-Site Scripting (XSS) exists in the
Bibliography module ...)
+ TODO: check
+CVE-2018-12653
+ RESERVED
+CVE-2018-12652
+ RESERVED
+CVE-2018-12651
+ RESERVED
+CVE-2018-12650
+ RESERVED
+CVE-2018-12649 (An issue was discovered in app/Controller/UsersController.php
in MISP ...)
+ TODO: check
+CVE-2018-12648 (The WEBP::GetLE32 function in ...)
+ TODO: check
+CVE-2018-12647
+ RESERVED
+CVE-2018-12646
+ RESERVED
+CVE-2018-12645
+ RESERVED
+CVE-2018-12644
+ RESERVED
+CVE-2018-12643
+ RESERVED
+CVE-2018-12642 (Froxlor through 0.9.39.5 has Incorrect Access Control for
tickets not ...)
+ TODO: check
+CVE-2018-12641 (An issue was discovered in arm_pt in cplus-dem.c in GNU
libiberty, as ...)
+ TODO: check
+CVE-2018-12640
+ RESERVED
+CVE-2018-12639
+ RESERVED
+CVE-2018-12638
+ RESERVED
+CVE-2018-1000559
+ RESERVED
+CVE-2018-1000558
+ RESERVED
+CVE-2018-1000557
+ RESERVED
+CVE-2018-1000556
+ RESERVED
+CVE-2018-1000555
+ RESERVED
+CVE-2018-1000554
+ RESERVED
+CVE-2018-1000553
+ RESERVED
+CVE-2018-1000552
+ RESERVED
+CVE-2018-1000551
+ RESERVED
+CVE-2018-1000550
+ RESERVED
+CVE-2018-1000549
+ RESERVED
+CVE-2018-1000548
RESERVED
-CVE-2018-12636
+CVE-2018-1000547
RESERVED
+CVE-2018-1000546
+ RESERVED
+CVE-2018-1000545
+ RESERVED
+CVE-2018-1000544
+ RESERVED
+CVE-2018-1000543
+ RESERVED
+CVE-2018-1000542
+ RESERVED
+CVE-2018-1000541
+ RESERVED
+CVE-2018-1000540
+ RESERVED
+CVE-2018-1000539
+ RESERVED
+CVE-2018-1000538
+ RESERVED
+CVE-2018-1000537
+ RESERVED
+CVE-2018-1000536
+ RESERVED
+CVE-2018-1000535
+ RESERVED
+CVE-2018-1000534
+ RESERVED
+CVE-2018-1000533
+ RESERVED
+CVE-2018-1000532
+ RESERVED
+CVE-2018-1000531
+ RESERVED
+CVE-2018-1000530
+ RESERVED
+CVE-2018-1000529
+ RESERVED
+CVE-2018-1000528
+ RESERVED
+CVE-2018-1000527
+ RESERVED
+CVE-2018-1000526
+ RESERVED
+CVE-2018-1000525
+ RESERVED
+CVE-2018-1000524
+ RESERVED
+CVE-2018-1000523
+ RESERVED
+CVE-2018-1000522
+ RESERVED
+CVE-2018-1000521
+ RESERVED
+CVE-2018-1000520
+ RESERVED
+CVE-2018-1000519
+ RESERVED
+CVE-2018-1000518
+ RESERVED
+CVE-2018-1000517
+ RESERVED
+CVE-2018-1000516
+ RESERVED
+CVE-2018-1000515
+ RESERVED
+CVE-2018-1000514
+ RESERVED
+CVE-2018-1000513
+ RESERVED
+CVE-2018-1000512
+ RESERVED
+CVE-2018-1000511
+ RESERVED
+CVE-2018-1000510
+ RESERVED
+CVE-2018-1000509
+ RESERVED
+CVE-2018-1000508
+ RESERVED
+CVE-2018-1000507
+ RESERVED
+CVE-2018-1000506
+ RESERVED
+CVE-2018-1000505
+ RESERVED
+CVE-2018-1000504
+ RESERVED
+CVE-2018-1000503
+ RESERVED
+CVE-2018-1000502
+ RESERVED
+CVE-2018-1000501
+ RESERVED
+CVE-2018-1000500
+ RESERVED
+CVE-2018-1000404
+ RESERVED
+CVE-2018-12637
+ RESERVED
+CVE-2018-12636 (The iThemes Security (better-wp-security) plugin before 7.0.3
for ...)
+ TODO: check
CVE-2018-12635 (CirCarLife Scada v4.2.4 allows unauthorized upgrades via
requests to ...)
NOT-FOR-US: CirCarLife Scada
CVE-2018-12634 (CirCarLife Scada v4.2.4 allows remote attackers to obtain
sensitive ...)
@@ -164,11 +388,13 @@ CVE-2018-12567
CVE-2018-12566
RESERVED
CVE-2018-12565 (An issue was discovered in Linaro LAVA before 2018.5.post1.
Because of ...)
+ {DSA-4234-1}
- lava 2018.5.post1-1
- lava-server <removed>
[jessie] - lava-server <not-affected> (vulnerable code not present)
NOTE:
https://git.linaro.org/lava/lava.git/commit/?id=583666c84ea2f12797a3eb71392bcb05782f5b14
CVE-2018-12564 (An issue was discovered in Linaro LAVA before 2018.5.post1.
Because of ...)
+ {DSA-4234-1}
- lava 2018.5.post1-1
- lava-server <removed>
NOTE:
https://git.linaro.org/lava/lava.git/commit/?id=95a9a77b144ced24d7425d6544ab03ca7f6c75d3
@@ -250,8 +476,8 @@ CVE-2018-12540
RESERVED
CVE-2018-12539
RESERVED
-CVE-2018-12538
- RESERVED
+CVE-2018-12538 (In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the
optional ...)
+ TODO: check
CVE-2018-12537
RESERVED
NOT-FOR-US: Eclipse Vertx
@@ -584,7 +810,7 @@ CVE-2018-12432 (JavaMelody through 1.60.0 has XSS via the
counter parameter in a
CVE-2018-12431 (SeaCMS V6.61 has XSS via the site name parameter on an ...)
NOT-FOR-US: SeaCMS
CVE-2018-12430
- RESERVED
+ REJECTED
CVE-2018-12429
RESERVED
CVE-2018-12428
@@ -2179,8 +2405,8 @@ CVE-2018-11737 (An issue was discovered in libtskfs.a in
The Sleuth Kit (TSK) fr
[stretch] - sleuthkit <no-dsa> (Minor issue)
[jessie] - sleuthkit <no-dsa> (Minor issue)
NOTE: https://github.com/sleuthkit/sleuthkit/issues/1266
-CVE-2018-1000201
- RESERVED
+CVE-2018-1000201 (ruby-ffi version 1.9.23 and earlier has a DLL loading issue
which can ...)
+ TODO: check
CVE-2018-11736 (An issue was discovered in Pluck before 4.7.7-dev2. ...)
NOT-FOR-US: Pluck CMS
CVE-2018-11735 (index.php?action=createaccount in Ximdex 4.0 has XSS via the
sname or ...)
@@ -3320,6 +3546,7 @@ CVE-2018-11320 (In Octopus Deploy 2018.4.4 through
2018.5.1, Octopus variables t
CVE-2018-1000181 (Kitura 2.3.0 and earlier have an unintended read access to
...)
NOT-FOR-US: Kitura
CVE-2018-1000180 (Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and
earlier ...)
+ {DSA-4233-1}
- bouncycastle 1.59-2 (bug #900843)
[jessie] - bouncycastle <not-affected> (Issue introduced in 1.54)
NOTE: Fixed by:
https://github.com/bcgit/bc-java/commit/22467b6e8fe19717ecdf201c0cf91bacf04a55ad
@@ -29370,8 +29597,8 @@ CVE-2018-1657
RESERVED
CVE-2018-1656
RESERVED
-CVE-2018-1655
- RESERVED
+CVE-2018-1655 (IBM AIX 5.3, 6.1, 7.1, and 7.2 contains a vulnerability in the
rmsock ...)
+ TODO: check
CVE-2018-1654
RESERVED
CVE-2018-1653
@@ -42366,6 +42593,7 @@ CVE-2017-14635 (In Open Ticket Request System (OTRS)
3.3.x before 3.3.18, 4.x be
NOTE:
https://github.com/OTRS/otrs/commit/0583dfda7bc9c7d76457aad68083f4b28a288ce5
(rel-3_3)
NOTE:
https://www.otrs.com/security-advisory-2017-04-security-update-otrs-versions/
CVE-2017-14650 (A Remote Code Execution vulnerability has been found in the
Horde_Image ...)
+ {DLA-1395-1}
- php-horde-image 2.5.2-1 (bug #876400)
NOTE: https://marc.info/?l=horde-announce&m=150600299528079&w=2
NOTE:
https://github.com/horde/horde/commit/eb3afd14c22c77ae0d29e2848f5ac726ef6e7c5b
@@ -56685,6 +56913,7 @@ CVE-2017-9775 (Stack buffer overflow in GfxState.cc in
pdftocairo in Poppler bef
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101540
NOTE: Fixed by:
https://cgit.freedesktop.org/poppler/poppler/commit/?id=8f4ff8243a3d599ff2a6c08b1da389e606ba4fc9
CVE-2017-9774 (Remote Code Execution was found in Horde_Image 2.x before 2.5.0
via a ...)
+ {DLA-1395-1}
- php-horde-image 2.5.1-1 (bug #865505)
NOTE: https://lists.horde.org/archives/announce/2017/001234.html
NOTE:
https://github.com/horde/horde/commit/01a11ccd37149101d67e0b20261fa48ab07dae13
@@ -63832,8 +64061,8 @@ CVE-2017-7570 (PivotX 2.3.11 allows remote
authenticated Advanced users to execu
NOT-FOR-US: PivotX
CVE-2017-7569 (In vBulletin before 5.3.0, remote attackers can bypass the ...)
NOT-FOR-US: vBulletin
-CVE-2017-7568
- RESERVED
+CVE-2017-7568 (NetApp OnCommand Unified Manager for 7-Mode (core package)
versions ...)
+ TODO: check
CVE-2017-7567
RESERVED
CVE-2017-7566 (MyBB before 1.8.11 allows remote attackers to bypass an SSRF
protection ...)
@@ -64334,8 +64563,7 @@ CVE-2017-7467
- minicom 2.7-1.1 (bug #860940)
[jessie] - minicom 2.7-1+deb8u1
NOTE: http://www.openwall.com/lists/oss-security/2017/04/18/5
-CVE-2017-7466 [Incomplete fix for CVE-2016-9587]
- RESERVED
+CVE-2017-7466 (Ansible before version 2.3 has an input validation
vulnerability in ...)
- ansible 2.2.1.0-2
[jessie] - ansible <not-affected> (Vulnerable code not present)
NOTE:
https://github.com/ansible/ansible/commit/0d418789a298561fded9bce977d34babc9097079
(v2.3.0.0-0.1.rc1)
@@ -79172,8 +79400,7 @@ CVE-2017-2669 (Dovecot before version 2.2.29 is
vulnerable to a denial of servic
[wheezy] - dovecot <not-affected> (Vulnerable code not present)
NOTE: Fixed by:
https://github.com/dovecot/core/commit/000030feb7a30f193197f1aab8a7b04a26b42735
NOTE: Introduced by:
https://github.com/dovecot/core/commit/a3783f8a3c9cd816b51e77a922f82301512fcf22
-CVE-2017-2668 [Remote crash via crafted LDAP messages]
- RESERVED
+CVE-2017-2668 (389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable
to an ...)
- 389-ds-base 1.3.5.17-1 (bug #860125)
NOTE: CentOS fix:
https://git.centos.org/raw/rpms!389-ds-base!/c9e5dad69e2b497f118efac56f43cc6c74b6a695/SOURCES!0072-fix-for-cve-2017-2668-simple-return-text-if-suffix-n.patch
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1436575
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7005065cf71562ebe0f54190bc6f6d96ed1e6e58
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7005065cf71562ebe0f54190bc6f6d96ed1e6e58
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
