Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
39fa51e1 by security tracker role at 2018-07-17T08:10:11+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,25 @@
+CVE-2018-14337 (The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in
mruby 1.4.1 ...)
+ TODO: check
+CVE-2018-14336
+ RESERVED
+CVE-2018-14335
+ RESERVED
+CVE-2018-14334 (manager/editor/upload.php in joyplus-cms 1.6.0 allows
arbitrary file ...)
+ TODO: check
+CVE-2018-14333 (TeamViewer through 13.1.1548 stores a password in Unicode
format within ...)
+ TODO: check
+CVE-2018-14332
+ RESERVED
+CVE-2018-14331 (An issue was discovered in XiaoCms X1 v20140305. There is a
CSRF ...)
+ TODO: check
+CVE-2018-14330
+ RESERVED
+CVE-2018-14329 (In HTSlib 1.8, a race condition in cram/cram_io.c might allow
local ...)
+ TODO: check
+CVE-2018-14328
+ RESERVED
+CVE-2018-14327
+ RESERVED
CVE-2018-14324 (The demo feature in Oracle GlassFish Open Source Edition 5.0
has TCP ...)
TODO: check
CVE-2018-14323
@@ -1083,8 +1105,8 @@ CVE-2018-13834
RESERVED
CVE-2018-13833 (An issue was discovered in cmft through 2017-09-24. The ...)
NOT-FOR-US: cmft
-CVE-2018-13832
- RESERVED
+CVE-2018-13832 (Multiple Persistent cross-site scripting (XSS) issues in the
...)
+ TODO: check
CVE-2018-13831
RESERVED
CVE-2018-13830
@@ -4022,8 +4044,8 @@ CVE-2018-12586
RESERVED
CVE-2018-12585
RESERVED
-CVE-2018-12584
- RESERVED
+CVE-2018-12584 (The ConnectionBase::preparseNewBytes function in ...)
+ TODO: check
CVE-2018-12583 (An issue was discovered in AKCMS 6.1. CSRF can delete an
article via an ...)
NOT-FOR-US: AKCMS
CVE-2018-12582 (An issue was discovered in AKCMS 6.1. CSRF can add an admin
account via ...)
@@ -8581,8 +8603,7 @@ CVE-2018-10859 (git-annex is vulnerable to an Information
Exposure when decrypti
NOTE:
https://git-annex.branchable.com/security/CVE-2018-10857_and_CVE-2018-10859/
CVE-2018-10858
RESERVED
-CVE-2018-10857
- RESERVED
+CVE-2018-10857 (git-annex is vulnerable to a private data exposure and
exfiltration ...)
- git-annex 6.20180626-1
[stretch] - git-annex 6.20170101-1+deb9u2
NOTE: http://www.openwall.com/lists/oss-security/2018/06/26/4
@@ -8642,8 +8663,7 @@ CVE-2018-10841 (glusterfs is vulnerable to privilege
escalation on gluster serve
[jessie] - glusterfs <not-affected> (vulnerable code not present)
NOTE: https://review.gluster.org/#/c/20328/
NOTE:
http://git.gluster.org/cgit/glusterfs.git/commit/?id=e8d928e34680079e42be6947ffacc4ddd7defca2
-CVE-2018-10840 [ext4: correctly handle a zero-length xattr with a non-zero
e_value_offs]
- RESERVED
+CVE-2018-10840 (Linux kernel is vulnerable to a heap-based buffer overflow in
the ...)
- linux 4.17.3-1
[stretch] - linux <not-affected> (Vulnerable code not present)
[jessie] - linux <not-affected> (Vulnerable code not present)
@@ -16657,6 +16677,7 @@ CVE-2018-7651 (index.js in the ssri module before 5.2.2
for Node.js is prone to
NOTE: https://nodesecurity.io/advisories/565
NOTE: nodejs not covered by security support
CVE-2018-1000119 (Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and
earlier ...)
+ {DSA-4247-1}
- ruby-rack-protection <unfixed> (bug #892250)
[jessie] - ruby-rack-protection <ignored> (Low prio package and low
prio vulnerability according to RedHat)
[wheezy] - ruby-rack-protection <ignored> (Low prio package and low
prio vulnerability according to RedHat)
@@ -34618,8 +34639,8 @@ CVE-2017-17543 (Users' VPN authentication credentials
are unsafely encrypted in
NOT-FOR-US: Fortinet FortiClient
CVE-2017-17542
RESERVED
-CVE-2017-17541
- RESERVED
+CVE-2017-17541 (A Cross-site Scripting (XSS) vulnerability in Fortinet
FortiManager ...)
+ TODO: check
CVE-2017-17540 (The presence of a hardcoded account in Fortinet FortiWLC 8.3.3
allows ...)
NOT-FOR-US: Fortinet FortiWLC
CVE-2017-17539 (The presence of a hardcoded account in Fortinet FortiWLC
7.0.11 and ...)
@@ -36160,8 +36181,7 @@ CVE-2018-1047 (A flaw was found in Wildfly 9.x. A path
traversal vulnerability .
NOTE: https://issues.jboss.org/browse/WFLY-9620
NOTE: https://developer.jboss.org/thread/276826
NOTE: Fixed by https://github.com/wildfly/wildfly/pull/10748
-CVE-2018-1046 [stack-based buffer overflow in dnsreplay]
- RESERVED
+CVE-2018-1046 (pdns before version 4.1.2 is vulnerable to a buffer overflow in
...)
- pdns 4.1.2-1 (bug #898255)
[stretch] - pdns <no-dsa> (local DoS when parsing untrusted files)
[jessie] - pdns <not-affected> (Vulnerable code not present)
@@ -44990,8 +45010,7 @@ CVE-2017-15139
CVE-2017-15138
RESERVED
NOT-FOR-US: atomic-openshift
-CVE-2017-15137
- RESERVED
+CVE-2017-15137 (The OpenShift image import whitelist failed to enforce
restrictions ...)
NOT-FOR-US: atomic-openshift
CVE-2017-15136 (When registering and activating a new system with Red Hat
Satellite 6 ...)
NOT-FOR-US: Red Hat Satellite 6
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/39fa51e1d631b21c091d73b1eb57b0ae5d5e13dc
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/39fa51e1d631b21c091d73b1eb57b0ae5d5e13dc
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
