[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Wed, 29 Aug 2018 01:10:42 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
c96a4ce7 by security tracker role at 2018-08-29T08:10:20Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2018-16063
+       RESERVED
+CVE-2018-16062 (dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils 
before ...)
+       TODO: check
+CVE-2018-16061
+       RESERVED
+CVE-2018-16060
+       RESERVED
+CVE-2018-16059
+       RESERVED
+CVE-2018-16058
+       RESERVED
+CVE-2018-16057
+       RESERVED
+CVE-2018-16056
+       RESERVED
+CVE-2018-16055
+       RESERVED
+CVE-2018-16054
+       RESERVED
+CVE-2018-16053
+       RESERVED
+CVE-2018-16052
+       RESERVED
 CVE-2018-16051
        RESERVED
 CVE-2018-16050
@@ -318,10 +342,10 @@ CVE-2018-15899 (An issue was discovered in MiniCMS 1.10. 
There is a post.php?dat
        NOT-FOR-US: MiniCMS
 CVE-2018-15898
        RESERVED
-CVE-2018-15897
-       RESERVED
-CVE-2018-15896
-       RESERVED
+CVE-2018-15897 (PHP Scripts Mall Website Seller Script 2.0.5 allows remote 
attackers ...)
+       TODO: check
+CVE-2018-15896 (PHP Scripts Mall Website Seller Script 2.0.5 has XSS via 
Personal ...)
+       TODO: check
 CVE-2018-15895 (An SSRF vulnerability was discovered in idreamsoft iCMS 7.0.11 
because ...)
        NOT-FOR-US: iCMS
 CVE-2018-15894 (A SQL injection was discovered in ...)
@@ -359,12 +383,12 @@ CVE-2018-15884 (RICOH MP C4504ex devices allow HTML 
Injection via the ...)
        NOT-FOR-US: RICOH MP C4504ex devices
 CVE-2018-15883
        RESERVED
-CVE-2018-15882
-       RESERVED
-CVE-2018-15881
-       RESERVED
-CVE-2018-15880
-       RESERVED
+CVE-2018-15882 (An issue was discovered in Joomla! before 3.8.12. Inadequate 
checks in ...)
+       TODO: check
+CVE-2018-15881 (An issue was discovered in Joomla! before 3.8.12. Inadequate 
checks ...)
+       TODO: check
+CVE-2018-15880 (An issue was discovered in Joomla! before 3.8.12. Inadequate 
output ...)
+       TODO: check
 CVE-2018-15879
        RESERVED
 CVE-2018-15878
@@ -2123,8 +2147,8 @@ CVE-2018-15123 (Insecure configuration storage in Zipato 
Zipabox Smart Home Cont
        NOT-FOR-US: Zipato
 CVE-2018-15122 (An issue found in Progress Telerik JustAssembly through 
2018.1.323.2 ...)
        NOT-FOR-US: Telerik
-CVE-2018-15121
-       RESERVED
+CVE-2018-15121 (An issue was discovered in Auth0 auth0-aspnet and 
auth0-aspnet-owin. ...)
+       TODO: check
 CVE-2018-15120 (libpango in Pango before 1.42.4, as used in hexchat and other 
...)
        - pango1.0 1.42.4-1 (low)
        [stretch] - pango1.0 <not-affected> (Vulnerable code not present)
@@ -20077,6 +20101,7 @@ CVE-2018-8039 (It is possible to configure Apache CXF 
to use the com.sun.net.ssl
 CVE-2018-8038 (Versions of Apache CXF Fediz prior to 1.4.4 do not fully 
disable ...)
        NOT-FOR-US: Apache CXF
 CVE-2018-8037 (If an async request was completed by the application at the 
same time ...)
+       {DSA-4281-1}
        - tomcat9 <itp> (bug #802312)
        - tomcat8 8.5.32-1
        - tomcat8.0 <not-affected> (Vulnerable code only present in 8.5.5 to 
8.5.31 in 8.x series)
@@ -20091,7 +20116,7 @@ CVE-2018-8036 (In Apache PDFBox 1.8.0 to 1.8.14 and 
2.0.0RC1 to 2.0.10, a carefu
 CVE-2018-8035
        RESERVED
 CVE-2018-8034 (The host name verification when using TLS with the WebSocket 
client ...)
-       {DLA-1453-1}
+       {DSA-4281-1 DLA-1453-1}
        - tomcat9 <itp> (bug #802312)
        - tomcat8 8.5.32-1
        - tomcat8.0 <unfixed> (unimportant)
@@ -32207,8 +32232,8 @@ CVE-2018-3918 (An exploitable vulnerability exists in 
the remote servers of Sams
        NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
 CVE-2018-3917 (On Samsung SmartThings Hub STH-ETH-250 devices with firmware 
version ...)
        NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
-CVE-2018-3916
-       RESERVED
+CVE-2018-3916 (An exploitable stack-based buffer overflow vulnerability exists 
in the ...)
+       TODO: check
 CVE-2018-3915
        RESERVED
 CVE-2018-3914
@@ -39788,6 +39813,7 @@ CVE-2018-1338 (A carefully crafted (or fuzzed) file can 
trigger an infinite loop
 CVE-2018-1337 (In Apache LDAP API before 1.0.2, a bug in the way the SSL 
Filter was ...)
        NOT-FOR-US: Apache LDAP API
 CVE-2018-1336 (An improper handing of overflow in the UTF-8 decoder with ...)
+       {DSA-4281-1}
        - tomcat9 <itp> (bug #802312)
        - tomcat8 8.5.31-1
        - tomcat8.0 <unfixed> (unimportant)
@@ -39886,7 +39912,7 @@ CVE-2018-1307 (In Apache jUDDI 3.2 through 3.3.4, if 
using the WADL2Java or WSDL
 CVE-2018-1306 (The PortletV3AnnotatedDemo Multipart Portlet war file code 
provided in ...)
        NOT-FOR-US: Apache Portals Pluto
 CVE-2018-1305 (Security constraints defined by annotations of Servlets in 
Apache ...)
-       {DLA-1450-1 DLA-1400-1 DLA-1301-1}
+       {DSA-4281-1 DLA-1450-1 DLA-1400-1 DLA-1301-1}
        - tomcat9 <itp> (bug #802312)
        - tomcat8 8.5.28-1
        - tomcat8.0 <unfixed> (unimportant)
@@ -39900,7 +39926,7 @@ CVE-2018-1305 (Security constraints defined by 
annotations of Servlets in Apache
        NOTE: https://svn.apache.org/r1823322 (7.0.x)
        NOTE: https://svn.apache.org/r1824360 (7.0.x)
 CVE-2018-1304 (The URL pattern of &quot;&quot; (the empty string) which 
exactly maps to the ...)
-       {DLA-1450-1 DLA-1400-1 DLA-1301-1}
+       {DSA-4281-1 DLA-1450-1 DLA-1400-1 DLA-1301-1}
        - tomcat9 <itp> (bug #802312)
        - tomcat8 8.5.28-1
        - tomcat8.0 <unfixed> (unimportant)
@@ -44847,7 +44873,7 @@ CVE-2017-16854 (In Open Ticket Request System (OTRS) 
through 3.3.20, 4 through 4
        NOTE: OTRS-4: 
https://github.com/OTRS/otrs/commit/e0deab303e3d0f7c860bba291410512734f4d6b0
 CVE-2017-16851 (Zoho ManageEngine Applications Manager 13 before build 13530 
allows ...)
        NOT-FOR-US: Zoho ManageEngine Applications Manager
-CVE-2017-16850 (Zoho ManageEngine Applications Manager 13 allows SQL injection 
via the ...)
+CVE-2017-16850 (Zoho ManageEngine Applications Manager 13 before build 13530 
allows ...)
        NOT-FOR-US: Zoho ManageEngine Applications Manager
 CVE-2017-16849 (Zoho ManageEngine Applications Manager 13 before build 13530 
allows ...)
        NOT-FOR-US: Zoho ManageEngine Applications Manager
@@ -48895,8 +48921,7 @@ CVE-2017-15431
        RESERVED
 CVE-2017-15430 (Unsafe navigation in Chromecast in Google Chrome prior to 
63.0.3239.84 ...)
        TODO: check
-CVE-2017-15429
-       RESERVED
+CVE-2017-15429 (Inappropriate implementation in V8 WebAssembly JS bindings in 
Google ...)
        {DSA-4103-1}
        - chromium-browser 64.0.3282.119-1
        [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -49007,8 +49032,7 @@ CVE-2017-15407 (Out-of-bounds Write in the QUIC 
networking stack in Google Chrom
        - chromium-browser 63.0.3239.84-1
        [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
        [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-15406
-       RESERVED
+CVE-2017-15406 (A stack buffer overflow in V8 in Google Chrome prior to 
62.0.3202.75 ...)
        {DSA-4020-1}
        - chromium-browser 62.0.3202.75-1
        [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -49034,24 +49058,21 @@ CVE-2017-15400 (Insufficient restriction of IPP 
filters in CUPS in Google Chrome
        NOTE: Patches from upstream to restrict what filters will be accpeted
        NOTE: 
https://github.com/apple/cups/commit/07428f6a640ff93aa0b4cc69ca372e2cf8490e41 
(v2.2.2)
        NOTE: 
https://github.com/apple/cups/commit/1add23375658e9163e5493ee19de7c9f7a9b483b 
(v2.2.2)
-CVE-2017-15399
-       RESERVED
+CVE-2017-15399 (A use after free in V8 in Google Chrome prior to 62.0.3202.89 
allowed a ...)
        {DSA-4024-1}
        - chromium-browser 62.0.3202.89-1
        [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
        [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
        - libv8 <unfixed> (unimportant)
        NOTE: libv8 not covered by security support
-CVE-2017-15398
-       RESERVED
+CVE-2017-15398 (A stack buffer overflow in the QUIC networking stack in Google 
Chrome ...)
        {DSA-4024-1}
        - chromium-browser 62.0.3202.89-1
        [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
        [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
 CVE-2017-15397 (Inappropriate implementation in ChromeVox in Google Chrome OS 
prior to ...)
        NOT-FOR-US: ChromeVox in Google Chrome OS
-CVE-2017-15396
-       RESERVED
+CVE-2017-15396 (A stack buffer overflow in NumberingSystem in International 
Components ...)
        {DSA-4020-1}
        - chromium-browser 62.0.3202.75-1
        [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c96a4ce7131dc4cb6822e74c56b225a31da78f59

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c96a4ce7131dc4cb6822e74c56b225a31da78f59
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to