Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c4d5f605 by security tracker role at 2018-04-10T20:10:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,113 @@
+CVE-2018-9989 (ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has 
a buffer ...)
+       TODO: check
+CVE-2018-9988 (ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has 
a buffer ...)
+       TODO: check
+CVE-2018-9987
+       RESERVED
+CVE-2018-9986
+       RESERVED
+CVE-2018-9985 (The front page of MetInfo 6.0 allows XSS by sending a feedback 
message ...)
+       TODO: check
+CVE-2018-9984
+       RESERVED
+CVE-2018-9983
+       RESERVED
+CVE-2018-9982
+       RESERVED
+CVE-2018-9981
+       RESERVED
+CVE-2018-9980
+       RESERVED
+CVE-2018-9979
+       RESERVED
+CVE-2018-9978
+       RESERVED
+CVE-2018-9977
+       RESERVED
+CVE-2018-9976
+       RESERVED
+CVE-2018-9975
+       RESERVED
+CVE-2018-9974
+       RESERVED
+CVE-2018-9973
+       RESERVED
+CVE-2018-9972
+       RESERVED
+CVE-2018-9971
+       RESERVED
+CVE-2018-9970
+       RESERVED
+CVE-2018-9969
+       RESERVED
+CVE-2018-9968
+       RESERVED
+CVE-2018-9967
+       RESERVED
+CVE-2018-9966
+       RESERVED
+CVE-2018-9965
+       RESERVED
+CVE-2018-9964
+       RESERVED
+CVE-2018-9963
+       RESERVED
+CVE-2018-9962
+       RESERVED
+CVE-2018-9961
+       RESERVED
+CVE-2018-9960
+       RESERVED
+CVE-2018-9959
+       RESERVED
+CVE-2018-9958
+       RESERVED
+CVE-2018-9957
+       RESERVED
+CVE-2018-9956
+       RESERVED
+CVE-2018-9955
+       RESERVED
+CVE-2018-9954
+       RESERVED
+CVE-2018-9953
+       RESERVED
+CVE-2018-9952
+       RESERVED
+CVE-2018-9951
+       RESERVED
+CVE-2018-9950
+       RESERVED
+CVE-2018-9949
+       RESERVED
+CVE-2018-9948
+       RESERVED
+CVE-2018-9947
+       RESERVED
+CVE-2018-9946
+       RESERVED
+CVE-2018-9945
+       RESERVED
+CVE-2018-9944
+       RESERVED
+CVE-2018-9943
+       RESERVED
+CVE-2018-9942
+       RESERVED
+CVE-2018-9941
+       RESERVED
+CVE-2018-9940
+       RESERVED
+CVE-2018-9939
+       RESERVED
+CVE-2018-9938
+       RESERVED
+CVE-2018-9937
+       RESERVED
+CVE-2018-9936
+       RESERVED
+CVE-2018-9935
+       RESERVED
 CVE-2018-9934 (The reset-password feature in MetInfo 6.0 allows remote 
attackers to ...)
        NOT-FOR-US: MetInfo
 CVE-2018-9933
@@ -30,8 +140,8 @@ CVE-2018-9920
        RESERVED
 CVE-2018-9919
        RESERVED
-CVE-2018-9918
-       RESERVED
+CVE-2018-9918 (libqpdf.a in QPDF through 8.0.2 mishandles certain 
"expected dictionary ...)
+       TODO: check
 CVE-2018-9917
        RESERVED
 CVE-2018-9916
@@ -2018,10 +2128,10 @@ CVE-2018-9040 (In Advanced SystemCare Ultimate 
11.0.1.58, the driver file ...)
        NOT-FOR-US: Advanced SystemCare Ultimate
 CVE-2018-9039 (In Octopus Deploy 2.0 and later before 2018.3.7, an 
authenticated user, ...)
        NOT-FOR-US: Octopus Deploy
-CVE-2018-9038
-       RESERVED
-CVE-2018-9037
-       RESERVED
+CVE-2018-9038 (Monstra CMS 3.0.4 allows remote attackers to delete files via 
an ...)
+       TODO: check
+CVE-2018-9037 (Monstra CMS 3.0.4 allows remote code execution via an 
upload_file ...)
+       TODO: check
 CVE-2018-9036
        RESERVED
 CVE-2018-9035 (CSV Injection vulnerability in ExportToCsvUtf8.php of the 
Contact Form ...)
@@ -2740,8 +2850,8 @@ CVE-2018-8774
        RESERVED
 CVE-2018-8773
        RESERVED
-CVE-2018-8772
-       RESERVED
+CVE-2018-8772 (Coship RT3052 4.0.0.48 devices allow XSS via a crafted SSID 
field on ...)
+       TODO: check
 CVE-2018-8771
        RESERVED
 CVE-2018-8770 (Physical path Leakage exists in Western Bridge Cobub Razor 
0.8.0 via ...)
@@ -9102,10 +9212,10 @@ CVE-2017-18103
        RESERVED
 CVE-2017-18102
        RESERVED
-CVE-2017-18101
-       RESERVED
-CVE-2017-18100
-       RESERVED
+CVE-2017-18101 (Various administrative external system import resources in 
Atlassian ...)
+       TODO: check
+CVE-2017-18100 (The agile wallboard gadget in Atlassian Jira before version 
7.8.1 ...)
+       TODO: check
 CVE-2017-18099
        RESERVED
 CVE-2017-18098 (The searchrequest-xml resource in Atlassian Jira before 
version 7.6.1 ...)
@@ -12624,8 +12734,8 @@ CVE-2018-5229
        RESERVED
 CVE-2018-5228
        RESERVED
-CVE-2018-5227
-       RESERVED
+CVE-2018-5227 (Various administrative application link resources in Atlassian 
...)
+       TODO: check
 CVE-2018-5226
        RESERVED
 CVE-2018-5225 (In browser editing in Atlassian Bitbucket Server from version 
4.13.0 ...)
@@ -19988,28 +20098,28 @@ CVE-2018-2415
        RESERVED
 CVE-2018-2414
        RESERVED
-CVE-2018-2413
-       RESERVED
-CVE-2018-2412
-       RESERVED
+CVE-2018-2413 (SAP Disclosure Management 10.1 does not perform necessary ...)
+       TODO: check
+CVE-2018-2412 (SAP Disclosure Management 10.1 does not perform necessary ...)
+       TODO: check
 CVE-2018-2411
        RESERVED
-CVE-2018-2410
-       RESERVED
-CVE-2018-2409
-       RESERVED
-CVE-2018-2408
-       RESERVED
+CVE-2018-2410 (SAP Business One, 9.2, 9.3, browser access does not 
sufficiently ...)
+       TODO: check
+CVE-2018-2409 (Improper session management when using SAP Cloud Platform 2.0 
...)
+       TODO: check
+CVE-2018-2408 (Improper Session Management in SAP Business Objects, 4.0, from 
4.10, ...)
+       TODO: check
 CVE-2018-2407
        RESERVED
-CVE-2018-2406
-       RESERVED
-CVE-2018-2405
-       RESERVED
-CVE-2018-2404
-       RESERVED
-CVE-2018-2403
-       RESERVED
+CVE-2018-2406 (Unquoted windows search path (directory/path traversal) 
vulnerability ...)
+       TODO: check
+CVE-2018-2405 (SAP Solution Manager, 7.10, 7.20, Incident Management Work 
Center ...)
+       TODO: check
+CVE-2018-2404 (SAP Disclosure Management 10.1 allows an attacker to upload any 
file ...)
+       TODO: check
+CVE-2018-2403 (Under certain conditions, SAP Disclosure Management 10.1 allows 
an ...)
+       TODO: check
 CVE-2018-2402 (In systems using the optional capture & replay 
functionality of SAP ...)
        NOT-FOR-US: SAP
 CVE-2018-2401 (SAP Business Process Automation (BPA) By Redwood does not 
sufficiently ...)
@@ -34356,8 +34466,8 @@ CVE-2017-14613
        RESERVED
 CVE-2017-14612
        RESERVED
-CVE-2017-14611
-       RESERVED
+CVE-2017-14611 (SSRF (Server Side Request Forgery) in Cockpit 0.13.0 allows 
remote ...)
+       TODO: check
 CVE-2017-14610 (bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 
16.2.6 ...)
        - bareos <unfixed> (bug #877334)
        [stretch] - bareos <no-dsa> (Minor issue)
@@ -35209,8 +35319,8 @@ CVE-2017-14324 (In ImageMagick 7.0.7-1 Q16, a memory 
leak vulnerability was foun
        - imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/739
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/399631650b38eaf21c2f3c306b8b74e66be6a0d2
-CVE-2017-14323
-       RESERVED
+CVE-2017-14323 (SSRF (Server Side Request Forgery) in getRemoteImage.php in 
Ueditor in ...)
+       TODO: check
 CVE-2017-14322 (The function in charge to check whether the user is already 
logged in ...)
        NOT-FOR-US: Interspire Email Marketer
 CVE-2017-14321 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
@@ -74558,8 +74668,8 @@ CVE-2017-1083
        RESERVED
 CVE-2017-1082
        RESERVED
-CVE-2017-1081
-       RESERVED
+CVE-2017-1081 (In FreeBSD before 11.0-STABLE, 11.0-RELEASE-p10, 10.3-STABLE, 
and ...)
+       TODO: check
 CVE-2017-1080
        RESERVED
 CVE-2017-1079
@@ -127714,8 +127824,8 @@ CVE-2015-1959 (IBM Tivoli Security Directory Server 
6.0 before iFix 75, 6.1 befo
        NOT-FOR-US: IBM
 CVE-2015-1958 (IBM MQ Light before 1.0.0.2 allows remote attackers to cause a 
denial ...)
        NOT-FOR-US: IBM
-CVE-2015-1957
-       RESERVED
+CVE-2015-1957 (IBM WebSphere MQ 7.5.x before 7.5.0.6 and 8.0.x before 8.0.0.3 
allows ...)
+       TODO: check
 CVE-2015-1956 (IBM MQ Light before 1.0.0.2 allows remote attackers to cause a 
denial ...)
        NOT-FOR-US: IBM
 CVE-2015-1955 (IBM MQ Light before 1.0.0.2 allows remote attackers to cause a 
denial ...)
@@ -135467,8 +135577,8 @@ CVE-2015-0174 (The SNMP implementation in IBM 
WebSphere Application Server (WAS)
        NOT-FOR-US: IBM WebSphere Application Server
 CVE-2015-0173 (The HTTP connection-management functionality in Internet 
Pass-Thru ...)
        NOT-FOR-US: IBM
-CVE-2015-0172
-       RESERVED
+CVE-2015-0172 (IBM Security SiteProtector System 3.0, 3.1.0 and 3.1.1 allows 
remote ...)
+       TODO: check
 CVE-2015-0171 (Directory traversal vulnerability in IBM Security SiteProtector 
System ...)
        NOT-FOR-US: IBM
 CVE-2015-0170 (IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 
before ...)
@@ -148089,8 +148199,7 @@ CVE-2014-4000 (Cacti before 1.0.0 allows remote 
authenticated users to conduct P
        NOTE: This CVE was fixed by introduction of the function 
sanitize_unserialize_selected_items
        NOTE: in version 0.8.8e and calling it instead of 
unserialize(stripslashes()).
        NOTE: Affected files require authenticated users.
-CVE-2014-3999 [Stricter parameter check in bind() to detect empty passwords]
-       RESERVED
+CVE-2014-3999 (The Horde_Ldap library before 2.0.6 for Horde allows remote 
attackers ...)
        - php-horde-ldap 2.0.6-1
 CVE-2014-3998
        RESERVED
@@ -150801,8 +150910,7 @@ CVE-2014-3116
        RESERVED
 CVE-2014-3115 (Multiple cross-site request forgery (CSRF) vulnerabilities in 
the web ...)
        NOT-FOR-US: Fortinet Fortiweb
-CVE-2014-3114
-       RESERVED
+CVE-2014-3114 (The EZPZ One Click Backup (ezpz-one-click-backup) plugin 
12.03.10 and ...)
        NOT-FOR-US: WordPress plugin ezpz-one-click-backup
 CVE-2014-3113 (Multiple buffer overflows in RealNetworks RealPlayer before 
17.0.10.8 ...)
        NOT-FOR-US: RealPlayer
@@ -153557,8 +153665,7 @@ CVE-2014-2079 [File New sets inappropriate 
permissions in ACL enabled directorie
        - xfe 1.37-2 (bug #739536)
        [wheezy] - xfe <no-dsa> (Minor issue)
        [squeeze] - xfe <no-dsa> (Minor issue)
-CVE-2014-2078
-       RESERVED
+CVE-2014-2078 (The backend in Open-Xchange (OX) AppSuite 7.4.2 before 
7.4.2-rev9 ...)
        NOT-FOR-US: Open-Xchange
 CVE-2014-2077 (Cross-site scripting (XSS) vulnerability in the frontend in ...)
        NOT-FOR-US: Open-Xchange
@@ -153568,8 +153675,8 @@ CVE-2014-2075 (TIBCO Enterprise Administrator 1.0.0 
and Enterprise Administrator
        NOT-FOR-US: TIBCO Enterprise Administrator
 CVE-2014-2074
        RESERVED
-CVE-2014-2073
-       RESERVED
+CVE-2014-2073 (Stack-based buffer overflow in Dassault Systemes CATIA 
V5-6R2013 ...)
+       TODO: check
 CVE-2014-2072
        RESERVED
        NOT-FOR-US: Dassault Systemes Catia
@@ -153836,8 +153943,8 @@ CVE-2014-1952
        RESERVED
 CVE-2014-1951
        RESERVED
-CVE-2014-1946
-       RESERVED
+CVE-2014-1946 (OpenDocMan 1.2.7 and earlier does not properly validate allowed 
...)
+       TODO: check
 CVE-2014-1945 (SQL injection vulnerability in ajax_udf.php in OpenDocMan 
before ...)
        NOT-FOR-US: OpenDocMan
 CVE-2014-1944 (Cross-site scripting (XSS) vulnerability in Ilch CMS 2.0 and 
earlier ...)
@@ -154005,8 +154112,8 @@ CVE-2014-1897
        RESERVED
 CVE-2014-1890
        RESERVED
-CVE-2014-1889
-       RESERVED
+CVE-2014-1889 (The Group creation process in the Buddypress plugin before 
1.9.2 for ...)
+       TODO: check
 CVE-2014-1888 (Cross-site scripting (XSS) vulnerability in the BuddyPress 
plugin ...)
        NOT-FOR-US: BuddyPress plugin for WordPress
 CVE-2014-1880
@@ -156398,14 +156505,11 @@ CVE-2014-1402 (The default configuration for 
bccache.FileSystemBytecodeCache in 
        NOTE: 2.7.2 does not create safely temporary files, new CVE-2014-0012 
was assigned for this issue
 CVE-2014-1401 (Multiple SQL injection vulnerabilities in AuraCMS 2.3 and 
earlier ...)
        NOT-FOR-US: AuraCMS
-CVE-2014-1400
-       RESERVED
+CVE-2014-1400 (The entity_access API in the Entity API module 7.x-1.x before 
7.x-1.3 ...)
        NOT-FOR-US: Drupal 7 Entity module
-CVE-2014-1399
-       RESERVED
+CVE-2014-1399 (The entity wrapper access API in the Entity API module 7.x-1.x 
before ...)
        NOT-FOR-US: Drupal 7 Entity module
-CVE-2014-1398
-       RESERVED
+CVE-2014-1398 (The entity wrapper access API in the Entity API module 7.x-1.x 
before ...)
        NOT-FOR-US: Drupal 7 Entity module
 CVE-2014-1236 (Stack-based buffer overflow in the chkNum function in ...)
        {DSA-2843-1}
@@ -175151,8 +175255,7 @@ CVE-2013-1449
        RESERVED
 CVE-2013-1448
        RESERVED
-CVE-2014-0158
-       RESERVED
+CVE-2014-0158 (Open Web Analytics (OWA) before 1.5.7 allows remote attackers 
to ...)
        - openjpeg 1.3+dfsg-4.7
        NOTE: Not considering a duplicate of CVE-2013-1447 following
        NOTE: http://www.openwall.com/lists/oss-security/2014/04/02/2 . A query



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c4d5f6054e1a35f912757d6863a3c52f19546542

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c4d5f6054e1a35f912757d6863a3c52f19546542
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to