Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 10c2b474 by security tracker role at 2018-08-06T20:10:24Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,19 @@ +CVE-2018-15127 + RESERVED +CVE-2018-15126 + RESERVED +CVE-2018-15125 + RESERVED +CVE-2018-15124 + RESERVED +CVE-2018-15123 + RESERVED +CVE-2018-15122 + RESERVED +CVE-2018-15121 + RESERVED +CVE-2018-15120 + RESERVED CVE-2018-15119 RESERVED CVE-2018-15118 @@ -280,44 +296,44 @@ CVE-2018-14980 RESERVED CVE-2018-14979 RESERVED -CVE-2018-14978 - RESERVED -CVE-2018-14977 - RESERVED -CVE-2018-14976 - RESERVED -CVE-2018-14975 - RESERVED -CVE-2018-14974 - RESERVED -CVE-2018-14973 - RESERVED -CVE-2018-14972 - RESERVED -CVE-2018-14971 - RESERVED -CVE-2018-14970 - RESERVED -CVE-2018-14969 - RESERVED -CVE-2018-14968 - RESERVED -CVE-2018-14967 - RESERVED -CVE-2018-14966 - RESERVED -CVE-2018-14965 - RESERVED -CVE-2018-14964 - RESERVED -CVE-2018-14963 - RESERVED -CVE-2018-14962 - RESERVED -CVE-2018-14961 - RESERVED -CVE-2018-14960 - RESERVED +CVE-2018-14978 (An issue was discovered in QCMS 3.0.1. CSRF exists via the ...) + TODO: check +CVE-2018-14977 (An issue was discovered in QCMS 3.0.1. ...) + TODO: check +CVE-2018-14976 (An issue was discovered in QCMS 3.0.1. ...) + TODO: check +CVE-2018-14975 (An issue was discovered in QCMS 3.0.1. ...) + TODO: check +CVE-2018-14974 (An issue was discovered in QCMS 3.0.1. ...) + TODO: check +CVE-2018-14973 (An issue was discovered in QCMS 3.0.1. ...) + TODO: check +CVE-2018-14972 (An issue was discovered in QCMS 3.0.1. ...) + TODO: check +CVE-2018-14971 (An issue was discovered in QCMS 3.0.1. ...) + TODO: check +CVE-2018-14970 (An issue was discovered in QCMS 3.0.1. ...) + TODO: check +CVE-2018-14969 (An issue was discovered in QCMS 3.0.1. ...) + TODO: check +CVE-2018-14968 (An issue was discovered in EMLsoft 5.4.5. ...) + TODO: check +CVE-2018-14967 (An issue was discovered in EMLsoft 5.4.5. ...) + TODO: check +CVE-2018-14966 (An issue was discovered in EMLsoft 5.4.5. The ...) + TODO: check +CVE-2018-14965 (An issue was discovered in EMLsoft 5.4.5. The ...) + TODO: check +CVE-2018-14964 (An issue was discovered in EMLsoft 5.4.5. XSS exists via the ...) + TODO: check +CVE-2018-14963 (zzcms 8.3 has CSRF via the admin/adminadd.php?action=add URI. ...) + TODO: check +CVE-2018-14962 (zzcms 8.3 has stored XSS related to the content variable in ...) + TODO: check +CVE-2018-14961 (dl/dl_sendmail.php in zzcms 8.3 has SQL Injection via the sql ...) + TODO: check +CVE-2018-14960 (Xiao5uCompany 1.7 has CSRF via admin/Admin.asp. ...) + TODO: check CVE-2018-14959 (An issue was discovered in WeaselCMS v0.3.5. CSRF can create new pages ...) NOT-FOR-US: WeaselCMS CVE-2018-14958 (An issue was discovered in WeaselCMS v0.3.5. CSRF can update the ...) @@ -1006,22 +1022,22 @@ CVE-2018-14669 CVE-2018-14668 RESERVED CVE-2018-14679 (An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. ...) - {DSA-4260-1} + {DSA-4260-1 DLA-1460-1} - libmspack 0.7-1 (bug #904802) NOTE: https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a NOTE: http://www.openwall.com/lists/oss-security/2018/07/26/1 CVE-2018-14680 (An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. ...) - {DSA-4260-1} + {DSA-4260-1 DLA-1460-1} - libmspack 0.7-1 (bug #904801) NOTE: https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a NOTE: http://www.openwall.com/lists/oss-security/2018/07/26/1 CVE-2018-14682 (An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. ...) - {DSA-4260-1} + {DSA-4260-1 DLA-1460-1} - libmspack 0.7-1 (bug #904800) NOTE: https://github.com/kyz/libmspack/commit/4fd9ccaa54e1aebde1e4b95fb0163b699fd7bcc8 NOTE: http://www.openwall.com/lists/oss-security/2018/07/26/1 CVE-2018-14681 (An issue was discovered in kwajd_read_headers in mspack/kwajd.c in ...) - {DSA-4260-1} + {DSA-4260-1 DLA-1460-1} - libmspack 0.7-1 (bug #904799) NOTE: https://github.com/kyz/libmspack/commit/0b0ef9344255ff5acfac6b7af09198ac9c9756c8 NOTE: http://www.openwall.com/lists/oss-security/2018/07/26/1 @@ -4107,6 +4123,7 @@ CVE-2018-13406 (An integer overflow in the uvesafb_setcmap function in ...) - linux 4.17.6-1 NOTE: https://git.kernel.org/linus/9f645bcc566a1e9f921bdae7528a01ced5bc3713 CVE-2018-13405 (The inode_init_owner function in fs/inode.c in the Linux kernel through ...) + {DSA-4266-1} - linux 4.17.6-1 [jessie] - linux-4.9 <unfixed> NOTE: https://git.kernel.org/linus/0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7 @@ -26194,6 +26211,7 @@ CVE-2018-5391 RESERVED CVE-2018-5390 [Linux Kernel TCP implementation vulnerable to Denial of Service] RESERVED + {DSA-4266-1} - linux <unfixed> [jessie] - linux <not-affected> (Vulnerable code introduced later) NOTE: https://www.kb.cert.org/vuls/id/962459 @@ -36289,8 +36307,8 @@ CVE-2018-1553 (IBM WebSphere Application Server Liberty prior to 18.0.0.2 could NOT-FOR-US: IBM CVE-2018-1552 RESERVED -CVE-2018-1551 - RESERVED +CVE-2018-1551 (IBM WebSphere MQ 8.0.0.2 through 8.0.0.8 and 9.0.0.0 through 9.0.0.3 ...) + TODO: check CVE-2018-1550 RESERVED CVE-2018-1549 (IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 ...) @@ -36335,8 +36353,8 @@ CVE-2018-1530 RESERVED CVE-2018-1529 (IBM Rational DOORS Next Generation 5.0 through 5.0.2, 6.0 through ...) NOT-FOR-US: IBM Rational DOORS Next Generation -CVE-2018-1528 - RESERVED +CVE-2018-1528 (IBM Maximo Asset Management 7.6 through 7.6.3 could allow an ...) + TODO: check CVE-2018-1527 RESERVED CVE-2018-1526 @@ -36547,8 +36565,8 @@ CVE-2018-1424 RESERVED CVE-2018-1423 (IBM Jazz Foundation products could disclose sensitive information to ...) NOT-FOR-US: IBM -CVE-2018-1422 - RESERVED +CVE-2018-1422 (IBM Jazz Foundation products (IBM Rational DOORS Next Generation 5.0 ...) + TODO: check CVE-2018-1421 (IBM WebSphere DataPower Appliances 7.1, 7.2, 7.5, 7.5.1, 7.5.2, and ...) NOT-FOR-US: IBM WebSphere DataPower Appliances CVE-2018-1420 @@ -49791,8 +49809,8 @@ CVE-2017-14448 (An exploitable code execution vulnerability exists in the XCF im - sdl-image1.2 1.2.12-8 NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0497 NOTE: https://hg.libsdl.org/SDL_image/rev/7df1580f1695 -CVE-2017-14447 - RESERVED +CVE-2017-14447 (An exploitable buffer overflow vulnerability exists in the PubNub ...) + TODO: check CVE-2017-14446 (An exploitable stack-based buffer overflow vulnerability exists in ...) NOT-FOR-US: Insteon Hub CVE-2017-14445 (An exploitable buffer overflow vulnerability exists in Insteon Hub ...) @@ -55391,8 +55409,7 @@ CVE-2017-12616 (When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.8 NOTE: https://svn.apache.org/r1804729 CVE-2017-12615 (When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs ...) - tomcat7 <not-affected> (Windows-specific) -CVE-2017-12614 - RESERVED +CVE-2017-12614 (It was noticed an XSS in certain 404 pages that could be exploited to ...) NOT-FOR-US: Apache Airflow CVE-2017-12613 (When apr_time_exp*() or apr_os_exp_time*() functions are invoked with ...) {DLA-1162-1} @@ -72971,8 +72988,7 @@ CVE-2017-6921 [File REST resource does not properly validate] RESERVED - drupal8 <itp> (bug #756305) NOTE: https://www.drupal.org/SA-CORE-2017-003 -CVE-2017-6920 [PECL YAML parser unsafe object handling] - RESERVED +CVE-2017-6920 (Drupal core 8 before versions 8.3.4 allows remote attackers to execute ...) - drupal8 <itp> (bug #756305) NOTE: https://www.drupal.org/SA-CORE-2017-003 CVE-2017-6919 (Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access ...) @@ -88031,8 +88047,8 @@ CVE-2017-1757 (IBM Security Guardium 10.0 is vulnerable to SQL injection. A remo NOT-FOR-US: IBM Security Guardium CVE-2017-1756 (IBM Business Process Manager 8.6 allows web pages to be stored locally ...) NOT-FOR-US: IBM -CVE-2017-1755 - RESERVED +CVE-2017-1755 (IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 ...) + TODO: check CVE-2017-1754 RESERVED CVE-2017-1753 @@ -88717,14 +88733,14 @@ CVE-2017-1414 RESERVED CVE-2017-1413 RESERVED -CVE-2017-1412 - RESERVED -CVE-2017-1411 - RESERVED +CVE-2017-1412 (IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 ...) + TODO: check +CVE-2017-1411 (IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 ...) + TODO: check CVE-2017-1410 RESERVED -CVE-2017-1409 - RESERVED +CVE-2017-1409 (IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 ...) + TODO: check CVE-2017-1408 RESERVED CVE-2017-1407 (IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could ...) @@ -88749,8 +88765,8 @@ CVE-2017-1398 (IBM WebSphere Commerce Enterprise, Professional, Express, and ... NOT-FOR-US: IBM CVE-2017-1397 RESERVED -CVE-2017-1396 - RESERVED +CVE-2017-1396 (IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 ...) + TODO: check CVE-2017-1395 (IBM Security Identity Governance and Intelligence Virtual Appliance ...) NOT-FOR-US: IBM CVE-2017-1394 @@ -88805,12 +88821,12 @@ CVE-2017-1370 (IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could disclose sensi NOT-FOR-US: IBM CVE-2017-1369 (IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This ...) NOT-FOR-US: IBM -CVE-2017-1368 - RESERVED +CVE-2017-1368 (IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 ...) + TODO: check CVE-2017-1367 (IBM Security Identity Governance and Intelligence Virtual Appliance ...) NOT-FOR-US: IBM -CVE-2017-1366 - RESERVED +CVE-2017-1366 (IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 ...) + TODO: check CVE-2017-1365 (IBM Team Concert (RTC including IBM Rational Collaborative Lifecycle ...) NOT-FOR-US: IBM Team Concert CVE-2017-1364 (IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/10c2b474ec07cf6db7c035566a483fc27a38ae09 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/10c2b474ec07cf6db7c035566a483fc27a38ae09 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits