[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Mon, 19 Mar 2018 14:11:34 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
95e9c6be by security tracker role at 2018-03-19T21:10:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,51 @@
+CVE-2018-8800
+       RESERVED
+CVE-2018-8799
+       RESERVED
+CVE-2018-8798
+       RESERVED
+CVE-2018-8797
+       RESERVED
+CVE-2018-8796
+       RESERVED
+CVE-2018-8795
+       RESERVED
+CVE-2018-8794
+       RESERVED
+CVE-2018-8793
+       RESERVED
+CVE-2018-8792
+       RESERVED
+CVE-2018-8791
+       RESERVED
+CVE-2018-8790
+       RESERVED
+CVE-2018-8789
+       RESERVED
+CVE-2018-8788
+       RESERVED
+CVE-2018-8787
+       RESERVED
+CVE-2018-8786
+       RESERVED
+CVE-2018-8785
+       RESERVED
+CVE-2018-8784
+       RESERVED
+CVE-2018-8783
+       RESERVED
+CVE-2018-8782
+       RESERVED
+CVE-2018-8781
+       RESERVED
+CVE-2018-8780
+       RESERVED
+CVE-2018-8779
+       RESERVED
+CVE-2018-8778
+       RESERVED
+CVE-2018-8777
+       RESERVED
 CVE-2018-XXXX [Multiple vulnerabilities in CiviCRM]
        - civicrm 4.7.30+dfsg-1 (bug #887330)
        NOTE: 
https://civicrm.org/blog/dev-team/security-release-civicrm-4726-and-4633-monthly-release-4727
@@ -37,8 +85,8 @@ CVE-2018-8763
        RESERVED
 CVE-2018-8762
        RESERVED
-CVE-2018-8761
-       RESERVED
+CVE-2018-8761 (protected\apps\member\controller\shopcarController.php in Yxcms 
...)
+       TODO: check
 CVE-2018-8760
        RESERVED
 CVE-2018-8759
@@ -120,8 +168,8 @@ CVE-2018-8734
        RESERVED
 CVE-2018-8733
        RESERVED
-CVE-2018-8732
-       RESERVED
+CVE-2018-8732 (Cross-site scripting (XSS) vulnerability in WampServer 3.1.1 
allows ...)
+       TODO: check
 CVE-2018-8731
        RESERVED
 CVE-2018-8730
@@ -3376,8 +3424,8 @@ CVE-2012-6709 (ELinks 0.12 and Twibright Links 2.3 have 
Missing SSL Certificate 
        NOTE: src:links2/2.6-1 adds verify-ssl-certs-510417.diff to verify SSL 
certs.
        NOTE: src:links2 upstream in 2.11 adds support for verifying SSL 
certificates.
        TODO: double check links2 again, since #694658 claims not all issues 
are fixed
-CVE-2018-7422
-       RESERVED
+CVE-2018-7422 (A Local File Inclusion vulnerability in the Site Editor plugin 
through ...)
+       TODO: check
 CVE-2018-7421 (In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the DMP 
dissector ...)
        - wireshark 2.4.5-1 (low)
        [stretch] - wireshark <no-dsa> (Minor issue)
@@ -5105,10 +5153,10 @@ CVE-2018-6845 (PHP Scripts Mall Multi Language Olx 
Clone Script 2.0.6 has XSS vi
        NOT-FOR-US: PHP Scripts Mall Multi Language Olx Clone Script
 CVE-2018-6844 (MyBB 1.8.14 has XSS via the Title or Description field on the 
Edit ...)
        NOT-FOR-US: MyBB
-CVE-2018-6843
-       RESERVED
-CVE-2018-6842
-       RESERVED
+CVE-2018-6843 (Kentico 10 before 10.0.50 and 11 before 11.0.3 has SQL 
injection in the ...)
+       TODO: check
+CVE-2018-6842 (Kentico 10 before 10.0.50 and 11 before 11.0.3 has XSS in which 
a ...)
+       TODO: check
 CVE-2018-6841
        RESERVED
 CVE-2018-6840
@@ -8847,10 +8895,10 @@ CVE-2018-5554
        RESERVED
 CVE-2018-5553
        RESERVED
-CVE-2018-5552
-       RESERVED
-CVE-2018-5551
-       RESERVED
+CVE-2018-5552 (Versions of DocuTrac QuicDoc and Office Therapy that ship with 
...)
+       TODO: check
+CVE-2018-5551 (Versions of DocuTrac QuicDoc and Office Therapy that ship with 
...)
+       TODO: check
 CVE-2018-5550 (Versions of Epson AirPrint released prior to January 19, 2018 
contain ...)
        NOT-FOR-US: Epson AirPrint
 CVE-2015-9250 (An issue was discovered in Skybox Platform before 7.5.201. 
Directory ...)
@@ -20149,23 +20197,23 @@ CVE-2018-1228
 CVE-2018-1227 (Pivotal Concourse after 2018-03-05 might allow remote attackers 
to ...)
        NOT-FOR-US: Pivotal
 CVE-2018-1226
-       RESERVED
+       REJECTED
 CVE-2018-1225
-       RESERVED
+       REJECTED
 CVE-2018-1224
-       RESERVED
+       REJECTED
 CVE-2018-1223
        RESERVED
 CVE-2018-1222
        RESERVED
-CVE-2018-1221
-       RESERVED
+CVE-2018-1221 (In cf-deployment before 1.14.0 and routing-release before 
0.172.0, the ...)
+       TODO: check
 CVE-2018-1220 (EMC RSA Archer, versions prior to 6.2.0.8, contains a redirect 
...)
        NOT-FOR-US: EMC RSA Archer
 CVE-2018-1219 (EMC RSA Archer, versions prior to 6.2.0.8, contains an improper 
access ...)
        NOT-FOR-US: EMC RSA Archer
-CVE-2018-1218
-       RESERVED
+CVE-2018-1218 (In Dell EMC NetWorker versions prior to 9.2.1.1, versions prior 
to ...)
+       TODO: check
 CVE-2018-1217
        RESERVED
 CVE-2018-1216 (A hard-coded password vulnerability was discovered in vApp 
Manager ...)
@@ -20208,13 +20256,12 @@ CVE-2018-1199 (Spring Security (Spring Security 4.1.x 
before 4.1.5, 4.2.x before
        NOTE: https://pivotal.io/security/cve-2018-1199
 CVE-2018-1198
        RESERVED
-CVE-2018-1197
-       RESERVED
-CVE-2018-1196
-       RESERVED
+CVE-2018-1197 (In Windows Stemcells versions prior to 1200.14, apps running 
inside ...)
+       TODO: check
+CVE-2018-1196 (Spring Boot supports an embedded launch script that can be used 
to ...)
        NOT-FOR-US: Spring Boot
-CVE-2018-1195
-       RESERVED
+CVE-2018-1195 (In Cloud Controller versions prior to 1.46.0, cf-deployment 
versions ...)
+       TODO: check
 CVE-2018-1194
        RESERVED
 CVE-2018-1193
@@ -20356,8 +20403,8 @@ CVE-2018-1173
        RESERVED
 CVE-2018-1172
        RESERVED
-CVE-2018-1171
-       RESERVED
+CVE-2018-1171 (This vulnerability allows local attackers to escalate 
privileges on ...)
+       TODO: check
 CVE-2018-1170 (This vulnerability allows adjacent attackers to inject 
arbitrary ...)
        NOT-FOR-US: Volkswagen Customer-Link App and HTC Customer-Link Bridge
 CVE-2018-1169 (This vulnerability allows remote attackers to execute arbitrary 
code ...)
@@ -114457,8 +114504,8 @@ CVE-2015-5351 (The (1) Manager and (2) Host Manager 
applications in Apache Tomca
        NOTE: upstream patches reveals that this issue is fixed since 6.0.45
        NOTE: http://svn.apache.org/viewvc?view=revision&revision=1720661
        NOTE: http://svn.apache.org/viewvc?view=revision&revision=1720663
-CVE-2015-5350
-       RESERVED
+CVE-2015-5350 (In Garden versions 0.22.0-0.329.0, a vulnerability has been 
discovered ...)
+       TODO: check
 CVE-2015-5349 (The CSV export in Apache LDAP Studio and Apache Directory 
Studio ...)
        NOT-FOR-US: Apache LDAP Studio and Apache Directory Studio
 CVE-2015-5348 (Apache Camel 2.6.x through 2.14.x, 2.15.x before 2.15.5, and 
2.16.x ...)
@@ -145963,8 +146010,8 @@ CVE-2014-3628 (Cross-site scripting (XSS) 
vulnerability in the Admin UI Plugin /
        NOTE: https://issues.apache.org/jira/browse/SOLR-6738
 CVE-2014-3627 (The YARN NodeManager daemon in Apache Hadoop 0.23.0 through 
0.23.11 ...)
        NOT-FOR-US: Apache Hadoop
-CVE-2014-3626
-       RESERVED
+CVE-2014-3626 (The Grails Resource Plugin often has to exchange URIs for 
resources ...)
+       TODO: check
 CVE-2014-3625 (Directory traversal vulnerability in Pivotal Spring Framework 
3.0.4 ...)
        - libspring-java 3.2.13-1 (bug #769698)
        [jessie] - libspring-java <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/95e9c6becc1c7129ba8b541a855184fcf75b0c69

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/95e9c6becc1c7129ba8b541a855184fcf75b0c69
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to