[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Fri, 19 Oct 2018 01:11:17 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
4ca4f323 by security tracker role at 2018-10-19T08:10:18Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,19 @@
+CVE-2018-18490
+       RESERVED
+CVE-2018-18489
+       RESERVED
+CVE-2018-18488 (In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, SQL 
Injection ...)
+       TODO: check
+CVE-2018-18487 (In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, the 
database ...)
+       TODO: check
+CVE-2018-18486 (An issue was discovered in PHPSHE 1.7. SQL injection exists 
via the ...)
+       TODO: check
+CVE-2018-18485 (An issue was discovered in PHPSHE 1.7. 
admin.php?mod=db&amp;act=del allows ...)
+       TODO: check
+CVE-2018-18484 (An issue was discovered in cp-demangle.c in GNU libiberty, as 
...)
+       TODO: check
+CVE-2018-18483 (The get_count function in cplus-dem.c in GNU libiberty, as 
distributed ...)
+       TODO: check
 CVE-2018-18482 (An issue was discovered in libpg_query 10-1.0.2. There is a 
memory leak ...)
        NOT-FOR-US: libpg_query
 CVE-2018-18481 (A heap-based buffer over-read exists in libopencad 0.2.0 in 
the ...)
@@ -6673,8 +6689,8 @@ CVE-2018-15767
        RESERVED
 CVE-2018-15766 (On install, Dell Encryption versions prior 10.0.1 and Dell 
Endpoint ...)
        NOT-FOR-US: Dell
-CVE-2018-15765
-       RESERVED
+CVE-2018-15765 (Dell EMC Secure Remote Services, versions prior to 3.32.00.08, 
...)
+       TODO: check
 CVE-2018-15764 (Dell EMC ESRS Policy Manager versions 6.8 and prior contain a 
remote ...)
        NOT-FOR-US: EMC ESRS Policy Manager
 CVE-2018-15763 (Pivotal Container Service, versions prior to 1.2.0, contains 
an ...)
@@ -6687,12 +6703,12 @@ CVE-2018-15760
        RESERVED
 CVE-2018-15759
        RESERVED
-CVE-2018-15758
-       RESERVED
+CVE-2018-15758 (Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 
prior to ...)
+       TODO: check
 CVE-2018-15757
        RESERVED
-CVE-2018-15756
-       RESERVED
+CVE-2018-15756 (Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, 
...)
+       TODO: check
 CVE-2018-15755 (Cloud Foundry CF Networking Release, versions 2.11.0 prior to 
2.16.0, ...)
        NOT-FOR-US: Cloud Foundry
 CVE-2018-15754
@@ -8836,8 +8852,8 @@ CVE-2018-14809 (Fuji Electric V-Server 4.0.3.0 and prior, 
A use after free ...)
        NOT-FOR-US: Fuji Electric V-Server
 CVE-2018-14808 (Emerson AMS Device Manager v12.0 to v13.5.  Non-administrative 
users ...)
        NOT-FOR-US: Emerson AMS Device Manager
-CVE-2018-14807
-       RESERVED
+CVE-2018-14807 (A stack-based buffer overflow vulnerability in Opto 22 PAC 
Control ...)
+       TODO: check
 CVE-2018-14806
        RESERVED
 CVE-2018-14805 (ABB eSOMS version 6.0.2 may allow unauthorized access to the 
system ...)
@@ -18629,10 +18645,10 @@ CVE-2018-11082 (Cloud Foundry UAA, all versions prior 
to 4.20.0 and Cloud Foundr
        NOT-FOR-US: Cloud Foundry
 CVE-2018-11081 (Pivotal Operations Manager, versions 2.2.x prior to 2.2.1, 
2.1.x prior ...)
        NOT-FOR-US: Pivotal
-CVE-2018-11080
-       RESERVED
-CVE-2018-11079
-       RESERVED
+CVE-2018-11080 (Dell EMC Secure Remote Services, versions prior to 3.32.00.08, 
...)
+       TODO: check
+CVE-2018-11079 (Dell EMC Secure Remote Services, versions prior to 3.32.00.08, 
...)
+       TODO: check
 CVE-2018-11078 (Dell EMC VPlex GeoSynchrony, versions prior to 6.1, contains 
an ...)
        NOT-FOR-US: EMC VPlex GeoSynchrony
 CVE-2018-11077
@@ -143516,7 +143532,7 @@ CVE-2015-4644 (The php_pgsql_meta_data function in 
pgsql.c in the PostgreSQL (ak
        NOTE: https://bugs.php.net/bug.php?id=69667
        NOTE: 
http://git.php.net/?p=php-src.git;a=commitdiff;h=2cc4e69cc6d8dbc4b3568ad3dd583324a7c11d64
        NOTE: http://www.openwall.com/lists/oss-security/2015/06/18/3
-CVE-2015-4639 (Multiple cross-site request forgery (CSRF) vulnerabilities in 
Koha ...)
+CVE-2015-4639 (Cross-site scripting (XSS) vulnerability in 
opac-addbybiblionumber.pl ...)
        NOT-FOR-US: Koha
 CVE-2015-4638 (The FastL4 virtual server in F5 BIG-IP LTM, AAM, AFM, 
Analytics, APM, ...)
        NOT-FOR-US: FastL4
@@ -143531,14 +143547,14 @@ CVE-2015-4634 (SQL injection vulnerability in 
graphs.php in Cacti before 0.8.8e
        - cacti 0.8.8e+ds1-1
        NOTE: http://bugs.cacti.net/view.php?id=2577
        NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7731
-CVE-2015-4633
-       RESERVED
-CVE-2015-4632
-       RESERVED
-CVE-2015-4631
-       RESERVED
-CVE-2015-4630
-       RESERVED
+CVE-2015-4633 (Multiple SQL injection vulnerabilities in Koha 3.14.x before 
3.14.16, ...)
+       TODO: check
+CVE-2015-4632 (Multiple directory traversal vulnerabilities in Koha 3.14.x 
before ...)
+       TODO: check
+CVE-2015-4631 (Multiple cross-site scripting (XSS) vulnerabilities in Koha 
3.14.x ...)
+       TODO: check
+CVE-2015-4630 (Multiple cross-site request forgery (CSRF) vulnerabilities in 
Koha ...)
+       TODO: check
 CVE-2015-4629 (Huawei E5756S before V200R002B146D23SP00C00 allows remote 
attackers to ...)
        NOT-FOR-US: Huawei
 CVE-2015-4628 (SQL injection vulnerability in ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4ca4f323fa5a99099f1fac5b9ecb18a1150e12e6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4ca4f323fa5a99099f1fac5b9ecb18a1150e12e6
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to