[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Mon, 06 Aug 2018 13:11:38 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
10c2b474 by security tracker role at 2018-08-06T20:10:24Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,19 @@
+CVE-2018-15127
+       RESERVED
+CVE-2018-15126
+       RESERVED
+CVE-2018-15125
+       RESERVED
+CVE-2018-15124
+       RESERVED
+CVE-2018-15123
+       RESERVED
+CVE-2018-15122
+       RESERVED
+CVE-2018-15121
+       RESERVED
+CVE-2018-15120
+       RESERVED
 CVE-2018-15119
        RESERVED
 CVE-2018-15118
@@ -280,44 +296,44 @@ CVE-2018-14980
        RESERVED
 CVE-2018-14979
        RESERVED
-CVE-2018-14978
-       RESERVED
-CVE-2018-14977
-       RESERVED
-CVE-2018-14976
-       RESERVED
-CVE-2018-14975
-       RESERVED
-CVE-2018-14974
-       RESERVED
-CVE-2018-14973
-       RESERVED
-CVE-2018-14972
-       RESERVED
-CVE-2018-14971
-       RESERVED
-CVE-2018-14970
-       RESERVED
-CVE-2018-14969
-       RESERVED
-CVE-2018-14968
-       RESERVED
-CVE-2018-14967
-       RESERVED
-CVE-2018-14966
-       RESERVED
-CVE-2018-14965
-       RESERVED
-CVE-2018-14964
-       RESERVED
-CVE-2018-14963
-       RESERVED
-CVE-2018-14962
-       RESERVED
-CVE-2018-14961
-       RESERVED
-CVE-2018-14960
-       RESERVED
+CVE-2018-14978 (An issue was discovered in QCMS 3.0.1. CSRF exists via the ...)
+       TODO: check
+CVE-2018-14977 (An issue was discovered in QCMS 3.0.1. ...)
+       TODO: check
+CVE-2018-14976 (An issue was discovered in QCMS 3.0.1. ...)
+       TODO: check
+CVE-2018-14975 (An issue was discovered in QCMS 3.0.1. ...)
+       TODO: check
+CVE-2018-14974 (An issue was discovered in QCMS 3.0.1. ...)
+       TODO: check
+CVE-2018-14973 (An issue was discovered in QCMS 3.0.1. ...)
+       TODO: check
+CVE-2018-14972 (An issue was discovered in QCMS 3.0.1. ...)
+       TODO: check
+CVE-2018-14971 (An issue was discovered in QCMS 3.0.1. ...)
+       TODO: check
+CVE-2018-14970 (An issue was discovered in QCMS 3.0.1. ...)
+       TODO: check
+CVE-2018-14969 (An issue was discovered in QCMS 3.0.1. ...)
+       TODO: check
+CVE-2018-14968 (An issue was discovered in EMLsoft 5.4.5. ...)
+       TODO: check
+CVE-2018-14967 (An issue was discovered in EMLsoft 5.4.5. ...)
+       TODO: check
+CVE-2018-14966 (An issue was discovered in EMLsoft 5.4.5. The ...)
+       TODO: check
+CVE-2018-14965 (An issue was discovered in EMLsoft 5.4.5. The ...)
+       TODO: check
+CVE-2018-14964 (An issue was discovered in EMLsoft 5.4.5. XSS exists via the 
...)
+       TODO: check
+CVE-2018-14963 (zzcms 8.3 has CSRF via the admin/adminadd.php?action=add URI. 
...)
+       TODO: check
+CVE-2018-14962 (zzcms 8.3 has stored XSS related to the content variable in 
...)
+       TODO: check
+CVE-2018-14961 (dl/dl_sendmail.php in zzcms 8.3 has SQL Injection via the sql 
...)
+       TODO: check
+CVE-2018-14960 (Xiao5uCompany 1.7 has CSRF via admin/Admin.asp. ...)
+       TODO: check
 CVE-2018-14959 (An issue was discovered in WeaselCMS v0.3.5. CSRF can create 
new pages ...)
        NOT-FOR-US: WeaselCMS
 CVE-2018-14958 (An issue was discovered in WeaselCMS v0.3.5. CSRF can update 
the ...)
@@ -1006,22 +1022,22 @@ CVE-2018-14669
 CVE-2018-14668
        RESERVED
 CVE-2018-14679 (An issue was discovered in mspack/chmd.c in libmspack before 
0.7alpha. ...)
-       {DSA-4260-1}
+       {DSA-4260-1 DLA-1460-1}
        - libmspack 0.7-1 (bug #904802)
        NOTE: 
https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a
        NOTE: http://www.openwall.com/lists/oss-security/2018/07/26/1
 CVE-2018-14680 (An issue was discovered in mspack/chmd.c in libmspack before 
0.7alpha. ...)
-       {DSA-4260-1}
+       {DSA-4260-1 DLA-1460-1}
        - libmspack 0.7-1 (bug #904801)
        NOTE: 
https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a
        NOTE: http://www.openwall.com/lists/oss-security/2018/07/26/1
 CVE-2018-14682 (An issue was discovered in mspack/chmd.c in libmspack before 
0.7alpha. ...)
-       {DSA-4260-1}
+       {DSA-4260-1 DLA-1460-1}
        - libmspack 0.7-1 (bug #904800)
        NOTE: 
https://github.com/kyz/libmspack/commit/4fd9ccaa54e1aebde1e4b95fb0163b699fd7bcc8
        NOTE: http://www.openwall.com/lists/oss-security/2018/07/26/1
 CVE-2018-14681 (An issue was discovered in kwajd_read_headers in 
mspack/kwajd.c in ...)
-       {DSA-4260-1}
+       {DSA-4260-1 DLA-1460-1}
        - libmspack 0.7-1 (bug #904799)
        NOTE: 
https://github.com/kyz/libmspack/commit/0b0ef9344255ff5acfac6b7af09198ac9c9756c8
        NOTE: http://www.openwall.com/lists/oss-security/2018/07/26/1
@@ -4107,6 +4123,7 @@ CVE-2018-13406 (An integer overflow in the 
uvesafb_setcmap function in ...)
        - linux 4.17.6-1
        NOTE: 
https://git.kernel.org/linus/9f645bcc566a1e9f921bdae7528a01ced5bc3713
 CVE-2018-13405 (The inode_init_owner function in fs/inode.c in the Linux 
kernel through ...)
+       {DSA-4266-1}
        - linux 4.17.6-1
        [jessie] - linux-4.9 <unfixed>
        NOTE: 
https://git.kernel.org/linus/0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7
@@ -26194,6 +26211,7 @@ CVE-2018-5391
        RESERVED
 CVE-2018-5390 [Linux Kernel TCP implementation vulnerable to Denial of Service]
        RESERVED
+       {DSA-4266-1}
        - linux <unfixed>
        [jessie] - linux <not-affected> (Vulnerable code introduced later)
        NOTE: https://www.kb.cert.org/vuls/id/962459
@@ -36289,8 +36307,8 @@ CVE-2018-1553 (IBM WebSphere Application Server Liberty 
prior to 18.0.0.2 could 
        NOT-FOR-US: IBM
 CVE-2018-1552
        RESERVED
-CVE-2018-1551
-       RESERVED
+CVE-2018-1551 (IBM WebSphere MQ 8.0.0.2 through 8.0.0.8 and 9.0.0.0 through 
9.0.0.3 ...)
+       TODO: check
 CVE-2018-1550
        RESERVED
 CVE-2018-1549 (IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 
6.0.5 ...)
@@ -36335,8 +36353,8 @@ CVE-2018-1530
        RESERVED
 CVE-2018-1529 (IBM Rational DOORS Next Generation 5.0 through 5.0.2, 6.0 
through ...)
        NOT-FOR-US: IBM Rational DOORS Next Generation
-CVE-2018-1528
-       RESERVED
+CVE-2018-1528 (IBM Maximo Asset Management 7.6 through 7.6.3 could allow an 
...)
+       TODO: check
 CVE-2018-1527
        RESERVED
 CVE-2018-1526
@@ -36547,8 +36565,8 @@ CVE-2018-1424
        RESERVED
 CVE-2018-1423 (IBM Jazz Foundation products could disclose sensitive 
information to ...)
        NOT-FOR-US: IBM
-CVE-2018-1422
-       RESERVED
+CVE-2018-1422 (IBM Jazz Foundation products (IBM Rational DOORS Next 
Generation 5.0 ...)
+       TODO: check
 CVE-2018-1421 (IBM WebSphere DataPower Appliances 7.1, 7.2, 7.5, 7.5.1, 7.5.2, 
and ...)
        NOT-FOR-US: IBM WebSphere DataPower Appliances
 CVE-2018-1420
@@ -49791,8 +49809,8 @@ CVE-2017-14448 (An exploitable code execution 
vulnerability exists in the XCF im
        - sdl-image1.2 1.2.12-8
        NOTE: 
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0497
        NOTE: https://hg.libsdl.org/SDL_image/rev/7df1580f1695
-CVE-2017-14447
-       RESERVED
+CVE-2017-14447 (An exploitable buffer overflow vulnerability exists in the 
PubNub ...)
+       TODO: check
 CVE-2017-14446 (An exploitable stack-based buffer overflow vulnerability 
exists in ...)
        NOT-FOR-US: Insteon Hub
 CVE-2017-14445 (An exploitable buffer overflow vulnerability exists in Insteon 
Hub ...)
@@ -55391,8 +55409,7 @@ CVE-2017-12616 (When using a VirtualDirContext with 
Apache Tomcat 7.0.0 to 7.0.8
        NOTE: https://svn.apache.org/r1804729
 CVE-2017-12615 (When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with 
HTTP PUTs ...)
        - tomcat7 <not-affected> (Windows-specific)
-CVE-2017-12614
-       RESERVED
+CVE-2017-12614 (It was noticed an XSS in certain 404 pages that could be 
exploited to ...)
        NOT-FOR-US: Apache Airflow
 CVE-2017-12613 (When apr_time_exp*() or apr_os_exp_time*() functions are 
invoked with ...)
        {DLA-1162-1}
@@ -72971,8 +72988,7 @@ CVE-2017-6921 [File REST resource does not properly 
validate]
        RESERVED
        - drupal8 <itp> (bug #756305)
        NOTE: https://www.drupal.org/SA-CORE-2017-003
-CVE-2017-6920 [PECL YAML parser unsafe object handling]
-       RESERVED
+CVE-2017-6920 (Drupal core 8 before versions 8.3.4 allows remote attackers to 
execute ...)
        - drupal8 <itp> (bug #756305)
        NOTE: https://www.drupal.org/SA-CORE-2017-003
 CVE-2017-6919 (Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical 
access ...)
@@ -88031,8 +88047,8 @@ CVE-2017-1757 (IBM Security Guardium 10.0 is vulnerable 
to SQL injection. A remo
        NOT-FOR-US: IBM Security Guardium
 CVE-2017-1756 (IBM Business Process Manager 8.6 allows web pages to be stored 
locally ...)
        NOT-FOR-US: IBM
-CVE-2017-1755
-       RESERVED
+CVE-2017-1755 (IBM Security Identity Governance Virtual Appliance 5.2 through 
5.2.3.2 ...)
+       TODO: check
 CVE-2017-1754
        RESERVED
 CVE-2017-1753
@@ -88717,14 +88733,14 @@ CVE-2017-1414
        RESERVED
 CVE-2017-1413
        RESERVED
-CVE-2017-1412
-       RESERVED
-CVE-2017-1411
-       RESERVED
+CVE-2017-1412 (IBM Security Identity Governance Virtual Appliance 5.2 through 
5.2.3.2 ...)
+       TODO: check
+CVE-2017-1411 (IBM Security Identity Governance Virtual Appliance 5.2 through 
5.2.3.2 ...)
+       TODO: check
 CVE-2017-1410
        RESERVED
-CVE-2017-1409
-       RESERVED
+CVE-2017-1409 (IBM Security Identity Governance Virtual Appliance 5.2 through 
5.2.3.2 ...)
+       TODO: check
 CVE-2017-1408
        RESERVED
 CVE-2017-1407 (IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 
could ...)
@@ -88749,8 +88765,8 @@ CVE-2017-1398 (IBM WebSphere Commerce Enterprise, 
Professional, Express, and ...
        NOT-FOR-US: IBM
 CVE-2017-1397
        RESERVED
-CVE-2017-1396
-       RESERVED
+CVE-2017-1396 (IBM Security Identity Governance Virtual Appliance 5.2 through 
5.2.3.2 ...)
+       TODO: check
 CVE-2017-1395 (IBM Security Identity Governance and Intelligence Virtual 
Appliance ...)
        NOT-FOR-US: IBM
 CVE-2017-1394
@@ -88805,12 +88821,12 @@ CVE-2017-1370 (IBM Jazz Reporting Service (JRS) 5.0 
and 6.0 could disclose sensi
        NOT-FOR-US: IBM
 CVE-2017-1369 (IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site 
scripting. This ...)
        NOT-FOR-US: IBM
-CVE-2017-1368
-       RESERVED
+CVE-2017-1368 (IBM Security Identity Governance Virtual Appliance 5.2 through 
5.2.3.2 ...)
+       TODO: check
 CVE-2017-1367 (IBM Security Identity Governance and Intelligence Virtual 
Appliance ...)
        NOT-FOR-US: IBM
-CVE-2017-1366
-       RESERVED
+CVE-2017-1366 (IBM Security Identity Governance Virtual Appliance 5.2 through 
5.2.3.2 ...)
+       TODO: check
 CVE-2017-1365 (IBM Team Concert (RTC including IBM Rational Collaborative 
Lifecycle ...)
        NOT-FOR-US: IBM Team Concert
 CVE-2017-1364 (IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site 
scripting. This ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/10c2b474ec07cf6db7c035566a483fc27a38ae09

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/10c2b474ec07cf6db7c035566a483fc27a38ae09
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to