Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f7edf941 by security tracker role at 2018-06-28T20:11:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,19 +1,37 @@
-CVE-2018-12927
+CVE-2018-12936
RESERVED
-CVE-2018-12926
- RESERVED
-CVE-2018-12925
- RESERVED
-CVE-2018-12924
- RESERVED
-CVE-2018-12923
- RESERVED
-CVE-2018-12922
- RESERVED
-CVE-2018-12921
- RESERVED
-CVE-2018-12920
+CVE-2018-12935
RESERVED
+CVE-2018-12934 (remember_Ktype in cplus-dem.c in GNU libiberty, as distributed
in GNU ...)
+ TODO: check
+CVE-2018-12933 (PlayEnhMetaFileRecord in enhmetafile.c in Wine 3.7 allows
attackers to ...)
+ TODO: check
+CVE-2018-12932 (PlayEnhMetaFileRecord in enhmetafile.c in Wine 3.7 allows
attackers to ...)
+ TODO: check
+CVE-2018-12931 (ntfs_attr_find in the ntfs.ko filesystem driver in the Linux
kernel ...)
+ TODO: check
+CVE-2018-12930 (ntfs_end_buffer_async_read in the ntfs.ko filesystem driver in
the ...)
+ TODO: check
+CVE-2018-12929 (ntfs_read_locked_inode in the ntfs.ko filesystem driver in the
Linux ...)
+ TODO: check
+CVE-2018-12928 (In the Linux kernel 4.15.0, a NULL pointer dereference was
discovered ...)
+ TODO: check
+CVE-2018-12927 (Northern Electric & Power (NEP) inverter devices allow
remote attackers ...)
+ TODO: check
+CVE-2018-12926 (Pharos Controls devices allow remote attackers to obtain
potentially ...)
+ TODO: check
+CVE-2018-12925 (Baseon Lantronix MSS devices do not require a password for
TELNET ...)
+ TODO: check
+CVE-2018-12924 (Sollae Serial-Ethernet-Module and Remote-I/O-Device-Server
devices have ...)
+ TODO: check
+CVE-2018-12923 (BWS Systems HA-Bridge devices allow remote attackers to obtain
...)
+ TODO: check
+CVE-2018-12922 (Emerson Liebert IntelliSlot Web Card devices allow remote
attackers to ...)
+ TODO: check
+CVE-2018-12921 (Electro Industries GaugeTech Nexus devices allow remote
attackers to ...)
+ TODO: check
+CVE-2018-12920 (Brickstream 2300 devices allow remote attackers to obtain
potentially ...)
+ TODO: check
CVE-2018-12919 (In CraftedWeb through 2013-09-24,
aasp_includes/pages/notice.php allows ...)
NOT-FOR-US: CraftedWeb
CVE-2018-12918 (In libpbc.a in PBC through 2017-03-02, there is a Segmentation
fault in ...)
@@ -941,8 +959,8 @@ CVE-2018-12591 (Ubiquiti Networks EdgeSwitch version 1.7.3
and prior suffer from
NOT-FOR-US: Ubiquiti Networks EdgeSwitch
CVE-2018-12590 (Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer
from an ...)
NOT-FOR-US: Ubiquiti Networks EdgeSwitch
-CVE-2018-12589
- RESERVED
+CVE-2018-12589 (Polaris Office 2017 8.1 allows attackers to execute arbitrary
code via ...)
+ TODO: check
CVE-2018-12588 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: Public Knowledge Project (PKP) Open Monograph Press (OMP)
CVE-2018-12587
@@ -999,7 +1017,7 @@ CVE-2018-12565 (An issue was discovered in Linaro LAVA
before 2018.5.post1. Beca
[jessie] - lava-server <not-affected> (vulnerable code not present)
NOTE:
https://git.linaro.org/lava/lava.git/commit/?id=583666c84ea2f12797a3eb71392bcb05782f5b14
CVE-2018-12564 (An issue was discovered in Linaro LAVA before 2018.5.post1.
Because of ...)
- {DSA-4234-1}
+ {DSA-4234-1 DLA-1404-1}
- lava 2018.5.post1-1
- lava-server <removed>
NOTE:
https://git.linaro.org/lava/lava.git/commit/?id=95a9a77b144ced24d7425d6544ab03ca7f6c75d3
@@ -3690,8 +3708,8 @@ CVE-2018-11512 (Stored cross-site scripting (XSS)
vulnerability in the "Web
NOT-FOR-US: wityCMS
CVE-2018-11511
RESERVED
-CVE-2018-11510
- RESERVED
+CVE-2018-11510 (ASUSTOR ADM 3.1.2.RHG1 and earlier uses the same default
root:admin ...)
+ TODO: check
CVE-2018-11509
RESERVED
CVE-2018-11508 (The compat_get_timex function in kernel/compat.c in the Linux
kernel ...)
@@ -12352,8 +12370,7 @@ CVE-2018-8018
RESERVED
CVE-2018-8017
RESERVED
-CVE-2018-8016
- RESERVED
+CVE-2018-8016 (The default configuration in Apache Cassandra 3.8 through
3.11.1 binds ...)
- cassandra <itp> (bug #585905)
CVE-2018-8015 (In Apache ORC 1.0.0 to 1.4.3 a malformed ORC file can trigger
an ...)
NOT-FOR-US: Apache ORC
@@ -31232,8 +31249,8 @@ CVE-2018-1353
RESERVED
CVE-2018-1352
RESERVED
-CVE-2018-1351
- RESERVED
+CVE-2018-1351 (A Cross-site Scripting (XSS) vulnerability in Fortinet
FortiManager ...)
+ TODO: check
CVE-2017-17551 (The Backup and Restore feature in Mobotap Dolphin Browser for
Android ...)
NOT-FOR-US: Dolphin Browser for Android
CVE-2017-17550
@@ -36558,8 +36575,8 @@ CVE-2017-16861 (It was possible for double OGNL
evaluation in certain redirect a
NOT-FOR-US: Atlassian Fisheye and Crucible
CVE-2017-16860 (The invalidRedirectUrl template in Atlassian Application Links
before ...)
NOT-FOR-US: Atlassian
-CVE-2017-16859
- RESERVED
+CVE-2017-16859 (The review attachment resource in Atlassian Fisheye and
Crucible ...)
+ TODO: check
CVE-2017-16858 (The 'crowd-application' plugin module (notably used by the
Google Apps ...)
NOT-FOR-US: 'crowd-application' plugin module in Atlassian Crowd
CVE-2017-16857 (It is possible to bypass the bitbucket auto-unapprove plugin
via ...)
@@ -102214,7 +102231,7 @@ CVE-2016-4863 (The Toshiba FlashAir SD-WD/WC series
Class 6 model with firmware
CVE-2016-4862 (Twigmo bundled with CS-Cart 4.3.9 and earlier and Twigmo
bundled with ...)
NOT-FOR-US: Twigmo
CVE-2016-4861 (The (1) order and (2) group methods in Zend_Db_Select in the
Zend ...)
- {DLA-646-1}
+ {DLA-1403-1 DLA-646-1}
- zendframework 1.12.20+dfsg-1
NOTE: http://framework.zend.com/security/advisory/ZF2016-03
NOTE: This security fix can be considered an improvement of the
previous ZF2016-02
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f7edf941259dcf354640e874d2176b6528ff396c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f7edf941259dcf354640e874d2176b6528ff396c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
