[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Thu, 11 Oct 2018 01:12:02 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
c8425b60 by security tracker role at 2018-10-11T08:11:05Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2018-18241
+       RESERVED
+CVE-2018-18240 (Pippo through 1.11.0 allows remote code execution via a 
command to ...)
+       TODO: check
+CVE-2018-18239
+       RESERVED
+CVE-2018-18238
+       RESERVED
+CVE-2018-18237
+       RESERVED
+CVE-2018-18236
+       RESERVED
+CVE-2018-18235
+       RESERVED
+CVE-2018-18234
+       RESERVED
+CVE-2018-18233
+       RESERVED
+CVE-2018-18232
+       RESERVED
+CVE-2018-18231
+       RESERVED
+CVE-2018-18230
+       RESERVED
+CVE-2018-18229
+       RESERVED
+CVE-2018-18228
+       RESERVED
+CVE-2018-18227
+       RESERVED
+CVE-2018-18226
+       RESERVED
+CVE-2018-18225
+       RESERVED
+CVE-2018-18224
+       RESERVED
+CVE-2018-18223
+       RESERVED
 CVE-2018-18222
        RESERVED
 CVE-2018-18221
@@ -345,10 +383,10 @@ CVE-2018-18064 (cairo through 1.15.14 has an 
out-of-bounds stack-memory write du
        NOTE: https://gitlab.freedesktop.org/cairo/cairo/issues/341
 CVE-2018-18063
        RESERVED
-CVE-2018-18062
-       RESERVED
-CVE-2018-18061
-       RESERVED
+CVE-2018-18062 (An issue was discovered in dialog.php in tecrail Responsive 
...)
+       TODO: check
+CVE-2018-18061 (An issue was discovered in dialog.php in tecrail Responsive 
...)
+       TODO: check
 CVE-2018-18060
        RESERVED
 CVE-2018-18059
@@ -1017,8 +1055,8 @@ CVE-2018-17786 (On D-Link DIR-823G devices, 
ExportSettings.sh, upload_settings.c
        NOT-FOR-US: D-Link DIR-823G devices
 CVE-2018-17785 (In blynk-server in Blynk before 0.39.7, Directory Traversal 
exists via ...)
        NOT-FOR-US: blynk-server in Blynk
-CVE-2018-17784
-       RESERVED
+CVE-2018-17784 (Multiple vulnerabilities in YUI and FlashCanvas embedded in 
SugarCRM ...)
+       TODO: check
 CVE-2018-17783
        RESERVED
 CVE-2018-17782
@@ -1973,8 +2011,8 @@ CVE-2018-17339
        RESERVED
 CVE-2018-17338 (An issue has been found in pdfalto through 0.2. It is a 
heap-based ...)
        NOT-FOR-US: pdfalto
-CVE-2018-17337
-       RESERVED
+CVE-2018-17337 (Intelbras NPLUG 1.0.0.14 devices have XSS via a crafted SSID 
that is ...)
+       TODO: check
 CVE-2018-17336 (UDisks 2.8.0 has a format string vulnerability in udisks_log 
in ...)
        - udisks2 2.8.1-1 (bug #909607)
        [stretch] - udisks2 <not-affected> (Vulnerable code introduced later)
@@ -3318,8 +3356,7 @@ CVE-2018-16760
        RESERVED
 CVE-2018-16759 (The removeXSS function in App/Common/common.php (called from 
...)
        NOT-FOR-US: EasyCMS
-CVE-2018-16758
-       RESERVED
+CVE-2018-16758 (Missing message authentication in the meta-protocol in Tinc 
VPN ...)
        {DSA-4312-1 DLA-1538-1}
        - tinc 1.0.35-1
        NOTE: 
http://www.tinc-vpn.org/git/browse?p=tinc;a=commit;h=e97943b7cc9c851ae36f5a41e2b6102faa74193f
@@ -3385,16 +3422,14 @@ CVE-2018-16740
        RESERVED
 CVE-2018-16739
        RESERVED
-CVE-2018-16738
-       RESERVED
+CVE-2018-16738 (tinc 1.0.30 through 1.0.34 has a broken authentication 
protocol, ...)
        {DSA-4312-1}
        - tinc 1.0.35-1
        [jessie] - tinc <not-affected> (Only affects 1.0.30 to 1.0.34)
        NOTE: 
http://www.tinc-vpn.org/git/browse?p=tinc;a=commit;h=d3297fbd3b8c8c8a4661f5bbf89aca5cacba8b5a
        NOTE: This CVE is specific for tinc versions which did had mitigations 
put
        NOTE: in place for the Sweet32 attack in tinc 1.0.30.
-CVE-2018-16737
-       RESERVED
+CVE-2018-16737 (tinc before 1.0.30 has a broken authentication protocol, 
without even ...)
        {DLA-1538-1}
        - tinc 1.0.31-1
        NOTE: 
http://www.tinc-vpn.org/git/browse?p=tinc;a=commit;h=d3297fbd3b8c8c8a4661f5bbf89aca5cacba8b5a
@@ -10771,8 +10806,8 @@ CVE-2018-13791 (The HTTP API in ABBYY FlexiCapture 
before 12 Release 1 Update 7
        NOT-FOR-US: ABBYY FlexiCapture
 CVE-2018-13790 (A Server Side Request Forgery (SSRF) vulnerability in ...)
        NOT-FOR-US: concrete5
-CVE-2018-13789
-       RESERVED
+CVE-2018-13789 (An issue was discovered in Descor Infocad FM before 3.1.0.0. 
An ...)
+       TODO: check
 CVE-2018-13788
        RESERVED
 CVE-2018-1000623 (JFrog JFrog Artifactory version Prior to version 6.0.3, 
since version ...)
@@ -13630,8 +13665,8 @@ CVE-2018-12598
        RESERVED
 CVE-2018-12597
        RESERVED
-CVE-2018-12596
-       RESERVED
+CVE-2018-12596 (Episerver Ektron CMS before 9.0 SP3 Site CU 31, 9.1 before SP3 
Site CU ...)
+       TODO: check
 CVE-2018-12595
        RESERVED
 CVE-2018-12594 (Reliable Controls MACH-ProWebCom 7.80 devices allow remote 
attackers to ...)
@@ -13780,14 +13815,14 @@ CVE-2018-12546
        RESERVED
 CVE-2018-12545
        RESERVED
-CVE-2018-12544
-       RESERVED
+CVE-2018-12544 (In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the 
OpenAPI XML ...)
+       TODO: check
 CVE-2018-12543
        RESERVED
-CVE-2018-12542
-       RESERVED
-CVE-2018-12541
-       RESERVED
+CVE-2018-12542 (In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the 
StaticHandler ...)
+       TODO: check
+CVE-2018-12541 (In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the 
WebSocket HTTP ...)
+       TODO: check
 CVE-2018-12540 (In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the 
CSRFHandler do ...)
        NOT-FOR-US: Eclipse Vertx
 CVE-2018-12539 (In Eclipse OpenJ9 version 0.8, users other than the process 
owner may ...)
@@ -13992,10 +14027,10 @@ CVE-2018-12458 (An improper integer type in the 
mpeg4_encode_gop_header function
        NOTE: Fixed in 3.2.11
 CVE-2018-12457 (expressCart before 1.1.6 allows remote attackers to create an 
admin ...)
        NOT-FOR-US: expressCart
-CVE-2018-12456
-       RESERVED
-CVE-2018-12455
-       RESERVED
+CVE-2018-12456 (Intelbras NPLUG 1.0.0.14 wireless repeater devices have no 
CSRF token ...)
+       TODO: check
+CVE-2018-12455 (Intelbras NPLUG 1.0.0.14 wireless repeater devices have a 
critical ...)
+       TODO: check
 CVE-2018-12454 (The _addguess function of a simplelottery smart contract 
implementation ...)
        NOT-FOR-US: simplelottery
 CVE-2018-12453 (Type confusion in the xgroupCommand function in t_stream.c in 
...)
@@ -14218,8 +14253,8 @@ CVE-2018-12412
        RESERVED
 CVE-2018-12411
        RESERVED
-CVE-2018-12410
-       RESERVED
+CVE-2018-12410 (The web server component of TIBCO Software Inc's Spotfire 
Statistics ...)
+       TODO: check
 CVE-2018-12409
        RESERVED
 CVE-2018-12408 (The BusinessWorks engine component of TIBCO Software Inc.'s 
TIBCO ...)
@@ -38571,7 +38606,8 @@ CVE-2018-3737 (sshpk is vulnerable to ReDoS when 
parsing crafted invalid public
        NOTE: https://github.com/joyent/node-sshpk/issues/44
        NOTE: 
https://github.com/joyent/node-sshpk/commit/46065d38a5e6d1bccf86d3efb2fb83c14e3f9957
        NOTE: nodejs not covered by security support
-CVE-2018-3736 (https-proxy-agent passes unsanitized options to Buffer(arg) 
resulting ...)
+CVE-2018-3736
+       REJECTED
        NOT-FOR-US: https-proxy-agent nodejs module
 CVE-2018-3735 (bracket-template suffers from reflected XSS possible when 
variable ...)
        NOT-FOR-US: bracket-template nodejs module



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c8425b60484b22ddcac76b034da0bd4837886cb9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c8425b60484b22ddcac76b034da0bd4837886cb9
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to