[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Tue, 10 Jul 2018 01:10:54 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
95b95535 by security tracker role at 2018-07-10T08:10:11+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,4 +1,42 @@
-CVE-2018-1000622 [rustdoc loads plugins from world writable directory allowing 
for arbitrary code execution]
+CVE-2018-13795 (Gravity before 0.5.1 does not support a maximum recursion 
depth. ...)
+       TODO: check
+CVE-2018-13794 (A heap-based buffer overflow exists in stbi__bmp_load_cont in 
...)
+       TODO: check
+CVE-2018-13793 (Multiple Cross Site Request Forgery (CSRF) vulnerabilities in 
the HTTP ...)
+       TODO: check
+CVE-2018-13792
+       RESERVED
+CVE-2018-13791 (The HTTP API in ABBYY FlexiCapture before 12 Release 1 Update 
7 allows ...)
+       TODO: check
+CVE-2018-13790 (A Server Side Request Forgery (SSRF) vulnerability in ...)
+       TODO: check
+CVE-2018-13789
+       RESERVED
+CVE-2018-13788
+       RESERVED
+CVE-2018-1000623 (JFrog JFrog Artifactory version Prior to version 6.0.3, 
since version ...)
+       TODO: check
+CVE-2018-1000621 (Mycroft AI mycroft-core version 18.2.8b and earlier contains 
a ...)
+       TODO: check
+CVE-2018-1000620 (Eran Hammer cryptiles version 4.1.1 earlier contains a 
CWE-331: ...)
+       TODO: check
+CVE-2018-1000619 (Ovidentia version 8.4.3 and earlier contains a Unsanitized 
User Input ...)
+       TODO: check
+CVE-2018-1000618 (EOSIO/eos eos version after commit ...)
+       TODO: check
+CVE-2018-1000617 (Atlassian Floodlight Atlassian Floodlight Controller version 
1.2 and ...)
+       TODO: check
+CVE-2018-1000616 (ONOS ONOS controller version 1.13.1 and earlier contains a 
XML ...)
+       TODO: check
+CVE-2018-1000615 (ONOS ONOS Controller version 1.13.1 and earlier contains a 
Denial of ...)
+       TODO: check
+CVE-2018-1000614 (ONOS ONOS Controller version 1.13.1 and earlier contains a 
XML ...)
+       TODO: check
+CVE-2018-1000613 (Legion of the Bouncy Castle Legion of the Bouncy Castle Java 
...)
+       TODO: check
+CVE-2018-1000611 (SURFnet OpenConext EngineBlock version 5.7.0 to 5.7.3 
contains a Cross ...)
+       TODO: check
+CVE-2018-1000622 (The Rust Programming Language rustdoc version Between 0.8 
and 1.27.0 ...)
        - rustc <unfixed>
        NOTE: 
https://groups.google.com/forum/#!topic/rustlang-security-announcements/4ybxYLTtXuM
 CVE-2018-13787 (Certain Supermicro X11S, X10, X9, X8SI, K1SP, C9X299, C7, B1, 
A2, and ...)
@@ -5730,8 +5768,8 @@ CVE-2018-11452
        RESERVED
 CVE-2018-11451
        RESERVED
-CVE-2018-11450
-       RESERVED
+CVE-2018-11450 (A reflected Cross-Site-Scripting (XSS) vulnerability has been 
...)
+       TODO: check
 CVE-2018-11449 (A vulnerability has been identified in SCALANCE M875 (All 
versions). ...)
        NOT-FOR-US: SCALANCE
 CVE-2018-11448 (A vulnerability has been identified in SCALANCE M875 (All 
versions). ...)
@@ -17606,12 +17644,12 @@ CVE-2018-6969
        RESERVED
 CVE-2018-6968 (The VMware AirWatch Agent for Android prior to 8.2 and AirWatch 
Agent ...)
        NOT-FOR-US: VMware AirWatch Agent
-CVE-2018-6967
-       RESERVED
-CVE-2018-6966
-       RESERVED
-CVE-2018-6965
-       RESERVED
+CVE-2018-6967 (VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation 
(14.x ...)
+       TODO: check
+CVE-2018-6966 (VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation 
(14.x ...)
+       TODO: check
+CVE-2018-6965 (VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation 
(14.x ...)
+       TODO: check
 CVE-2018-6964 (VMware Horizon Client for Linux (4.x before 4.8.0 and prior) 
contains ...)
        NOT-FOR-US: VMware
 CVE-2018-6963 (VMware Workstation (14.x before 14.1.2) and Fusion (10.x before 
...)
@@ -26784,6 +26822,7 @@ CVE-2018-3762 (Nextcloud Server before 12.0.8 and 
13.0.3 suffers from improper c
 CVE-2018-3761 (Nextcloud Server before 12.0.8 and 13.0.3 suffer from improper 
...)
        - nextcloud <itp> (bug #835086)
 CVE-2018-3760 (There is an information leak vulnerability in Sprockets. 
Versions ...)
+       {DSA-4242-1}
        - ruby-sprockets 3.7.0-1.1 (bug #901913)
        NOTE: http://www.openwall.com/lists/oss-security/2018/06/19/2
        NOTE: 
https://github.com/rails/sprockets/commit/c09131cf5b2c479263939c8582e22b98ed616c5f



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/95b95535ae3ab32a499956a6f62b46f2fdbcc6d6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/95b95535ae3ab32a499956a6f62b46f2fdbcc6d6
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to