[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Thu, 19 Jul 2018 13:11:12 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
90fa4009 by security tracker role at 2018-07-19T20:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,45 @@
+CVE-2018-14424
+       RESERVED
+CVE-2018-14423 (Division-by-zero vulnerabilities in the functions 
pi_next_pcrl, ...)
+       TODO: check
+CVE-2018-14422 (blog/index.php in SansCMS 0.7 has XSS via the q parameter. ...)
+       TODO: check
+CVE-2018-14421 (SeaCMS v6.61 allows Remote Code execution by placing PHP code 
in a ...)
+       TODO: check
+CVE-2018-14420 (MetInfo 6.0.0 allows a CSRF attack to add a user account via a 
...)
+       TODO: check
+CVE-2018-14419 (MetInfo 6.0.0 allows XSS via a modified name of the navigation 
bar on ...)
+       TODO: check
+CVE-2018-14418 (In Msvod Cms v10, SQL Injection exists via an 
images/lists?cid= URI. ...)
+       TODO: check
+CVE-2018-14417
+       RESERVED
+CVE-2018-14416
+       RESERVED
+CVE-2018-14415 (An issue was discovered in idreamsoft iCMS before 7.0.10. XSS 
exists ...)
+       TODO: check
+CVE-2018-14414
+       RESERVED
+CVE-2018-14413
+       RESERVED
+CVE-2018-14412
+       RESERVED
+CVE-2018-14411
+       RESERVED
+CVE-2018-14410
+       RESERVED
+CVE-2018-14409
+       RESERVED
+CVE-2018-14408
+       RESERVED
+CVE-2018-14407
+       RESERVED
+CVE-2018-14406
+       RESERVED
+CVE-2018-14405
+       RESERVED
+CVE-2018-14404 (A NULL pointer dereference vulnerability exists in the ...)
+       TODO: check
 CVE-2018-14403 (MP4NameFirstMatches in mp4util.cpp in MP4v2 2.0.0 mishandles 
substrings ...)
        - mp4v2 <unfixed>
        [stretch] - mp4v2 <no-dsa> (Minor issue)
@@ -274,8 +316,8 @@ CVE-2018-14334 (manager/editor/upload.php in joyplus-cms 
1.6.0 allows arbitrary 
        NOT-FOR-US: joyplus-cms
 CVE-2018-14333 (TeamViewer through 13.1.1548 stores a password in Unicode 
format within ...)
        NOT-FOR-US: TeamViewer
-CVE-2018-14332
-       RESERVED
+CVE-2018-14332 (An issue was discovered in Clementine Music Player 1.3.1. ...)
+       TODO: check
 CVE-2018-14331 (An issue was discovered in XiaoCms X1 v20140305. There is a 
CSRF ...)
        NOT-FOR-US: XiaoCms
 CVE-2018-14330
@@ -3389,9 +3431,9 @@ CVE-2018-12913 (In Miniz 2.0.7, tinfl_decompress in 
miniz_tinfl.c has an infinit
        NOT-FOR-US: Miniz
 CVE-2018-12912 (An issue wan discovered in admin\controllers\database.php in 
HongCMS ...)
        NOT-FOR-US: HongCMS
-CVE-2018-12911
-       RESERVED
-CVE-2018-12910 (soup_cookie_jar_get_cookies in soup-cookie-jar.c in libsoup 
allows ...)
+CVE-2018-12911 (WebKitGTK+ 2.20.3 has an off-by-one error, with a resultant 
...)
+       TODO: check
+CVE-2018-12910 (The get_cookies function in soup-cookie-jar.c in libsoup 
2.63.2 allows ...)
        {DSA-4241-1 DLA-1416-1}
        - libsoup2.4 2.62.2-2
        NOTE: 
https://gitlab.gnome.org/GNOME/libsoup/commit/db2b0d5809d5f8226d47312b40992cadbcde439f
@@ -9521,8 +9563,8 @@ CVE-2018-10622
        RESERVED
 CVE-2018-10621 (Delta Electronics Delta Industrial Automation DOPSoft version 
4.00.04 ...)
        NOT-FOR-US: Delta Electronics Delta Industrial Automation DOPSoft
-CVE-2018-10620
-       RESERVED
+CVE-2018-10620 (AVEVA InduSoft Web Studio v8.1 and v8.1SP1, and InTouch 
Machine ...)
+       TODO: check
 CVE-2018-10619 (An unquoted search path or element in RSLinx Classic Versions 
3.90.01 ...)
        NOT-FOR-US: RSLinx
 CVE-2018-10618
@@ -13378,7 +13420,7 @@ CVE-2018-9064
 CVE-2018-9063 (MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) In 
Lenovo ...)
        NOT-FOR-US: Lenovo
 CVE-2018-9062
-       RESERVED
+       REJECTED
 CVE-2018-9061
        RESERVED
 CVE-2018-9060
@@ -15946,8 +15988,7 @@ CVE-2018-8020
        RESERVED
 CVE-2018-8019
        RESERVED
-CVE-2018-8018
-       RESERVED
+CVE-2018-8018 (Apache Ignite 2.5 and earlier serialization mechanism does not 
have a ...)
        NOT-FOR-US: Apache Ignite
 CVE-2018-8017
        RESERVED
@@ -17130,8 +17171,7 @@ CVE-2018-7604
        RESERVED
 CVE-2018-7603
        RESERVED
-CVE-2018-7602 [SA-CORE-2018-004]
-       RESERVED
+CVE-2018-7602 (A remote code execution vulnerability exists within multiple 
...)
        {DSA-4180-1 DLA-1365-1}
        - drupal7 <removed> (bug #896701)
        NOTE: https://www.drupal.org/psa-2018-003
@@ -23862,8 +23902,8 @@ CVE-2018-5542
        RESERVED
 CVE-2018-5541
        RESERVED
-CVE-2018-5540
-       RESERVED
+CVE-2018-5540 (On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, 
or ...)
+       TODO: check
 CVE-2018-5539
        RESERVED
 CVE-2018-5538
@@ -23872,14 +23912,14 @@ CVE-2018-5537
        RESERVED
 CVE-2018-5536
        RESERVED
-CVE-2018-5535
-       RESERVED
-CVE-2018-5534
-       RESERVED
-CVE-2018-5533
-       RESERVED
-CVE-2018-5532
-       RESERVED
+CVE-2018-5535 (On F5 BIG-IP 13.0.0-13.1.0, 12.1.0-12.1.3, or 11.2.1-11.6.3 ...)
+       TODO: check
+CVE-2018-5534 (Under certain conditions on F5 BIG-IP 13.1.0-13.1.0.5, 13.0.0, 
...)
+       TODO: check
+CVE-2018-5533 (Under certain conditions on F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 
...)
+       TODO: check
+CVE-2018-5532 (On F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 
11.2.1-11.5.6 ...)
+       TODO: check
 CVE-2018-5531
        RESERVED
 CVE-2018-5530
@@ -27887,10 +27927,10 @@ CVE-2018-3873
        RESERVED
 CVE-2018-3872
        RESERVED
-CVE-2018-3871
-       RESERVED
-CVE-2018-3870
-       RESERVED
+CVE-2018-3871 (An exploitable out-of-bounds write exists in the PCX parsing 
...)
+       TODO: check
+CVE-2018-3870 (An exploitable out-of-bounds write exists in the PCX parsing 
...)
+       TODO: check
 CVE-2018-3869
        RESERVED
 CVE-2018-3868 (A specially crafted TIFF image processed via the application 
can lead ...)
@@ -27909,14 +27949,14 @@ CVE-2018-3862 (A specially crafted TIFF image 
processed via the application can 
        NOT-FOR-US: Computerinsel Photoline
 CVE-2018-3861 (A specially crafted TIFF image processed via the application 
can lead ...)
        NOT-FOR-US: Computerinsel Photoline
-CVE-2018-3860
-       RESERVED
-CVE-2018-3859
-       RESERVED
-CVE-2018-3858
-       RESERVED
-CVE-2018-3857
-       RESERVED
+CVE-2018-3860 (An exploitable out-of-bounds write exists in the TIFF parsing 
...)
+       TODO: check
+CVE-2018-3859 (An exploitable out-of-bounds write exists in the TIFF parsing 
...)
+       TODO: check
+CVE-2018-3858 (An exploitable heap overflow exists in the TIFF parsing 
functionality ...)
+       TODO: check
+CVE-2018-3857 (An exploitable heap overflow exists in the TIFF parsing 
functionality ...)
+       TODO: check
 CVE-2018-3856
        RESERVED
 CVE-2018-3855 (In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 ...)
@@ -34150,12 +34190,12 @@ CVE-2018-1589
        RESERVED
 CVE-2018-1588
        RESERVED
-CVE-2018-1587
-       RESERVED
+CVE-2018-1587 (IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 
through ...)
+       TODO: check
 CVE-2018-1586
        RESERVED
-CVE-2018-1585
-       RESERVED
+CVE-2018-1585 (IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 
through ...)
+       TODO: check
 CVE-2018-1584
        RESERVED
 CVE-2018-1583 (IBM StoredIQ 7.6 could allow an authenticated attacker to 
bypass ...)
@@ -34252,10 +34292,10 @@ CVE-2018-1538
        RESERVED
 CVE-2018-1537
        RESERVED
-CVE-2018-1536
-       RESERVED
-CVE-2018-1535
-       RESERVED
+CVE-2018-1536 (IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 
through ...)
+       TODO: check
+CVE-2018-1535 (IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 
through ...)
+       TODO: check
 CVE-2018-1534
        RESERVED
 CVE-2018-1533
@@ -34266,8 +34306,8 @@ CVE-2018-1531
        RESERVED
 CVE-2018-1530
        RESERVED
-CVE-2018-1529
-       RESERVED
+CVE-2018-1529 (IBM Rational DOORS Next Generation 5.0 through 5.0.2, 6.0 
through ...)
+       TODO: check
 CVE-2018-1528
        RESERVED
 CVE-2018-1527
@@ -68947,8 +68987,7 @@ CVE-2017-7482
        {DSA-3945-1 DSA-3927-1 DLA-1099-1}
        - linux 4.11.11-1
        NOTE: Fixed by: 
https://git.kernel.org/linus/5f2f97656ada8d811d3c1bef503ced266fcd53a0
-CVE-2017-7481 [Security issue with lookup return not tainting the jinja2 
environment]
-       RESERVED
+CVE-2017-7481 (Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly 
mark ...)
        - ansible 2.3.1.0+dfsg-1 (bug #862666)
        [stretch] - ansible <no-dsa> (Minor issue)
        [jessie] - ansible <no-dsa> (Minor issue)
@@ -83862,8 +83901,7 @@ CVE-2017-2675 (Little Snitch version 3.0 through 3.7.3 
suffer from a local privi
 CVE-2017-2674
        RESERVED
        NOT-FOR-US: Red Hat business central
-CVE-2017-2673 [federated user gets wrong role]
-       RESERVED
+CVE-2017-2673 (An authorization-check flaw was discovered in federation ...)
        - keystone 2:10.0.0-9 (bug #861189)
        [jessie] - keystone <not-affected> (Vulnerable code not present)
        [wheezy] - keystone <not-affected> (Vulnerable code not present)
@@ -89692,8 +89730,7 @@ CVE-2016-9575 (Ipa versions 4.2.x, 4.3.x before 4.3.3 
and 4.4.x before 4.4.3 did
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1395311
        NOTE: 
https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=fec4c32ff15
        NOTE: https://fedorahosted.org/freeipa/ticket/6560
-CVE-2016-9574 [Remote DoS during session handshake when using SessionTicket 
extention and ECDHE-ECDSA]
-       RESERVED
+CVE-2016-9574 (nss before version 3.30 is vulnerable to a remote denial of 
service ...)
        - nss 2:3.25-1
        NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1320695
        NOTE: The CVE is specific to the segfault resulting from the 
reproducing steps
@@ -165690,8 +165727,8 @@ CVE-2014-2304
        RESERVED
 CVE-2014-2303 (Multiple SQL injection vulnerabilities in the file browser 
component ...)
        NOT-FOR-US: webEdition CMS
-CVE-2014-2302
-       RESERVED
+CVE-2014-2302 (The installer script in webEdition CMS before 6.2.7-s1 and 
6.3.x ...)
+       TODO: check
 CVE-2014-2301 (OrbiTeam BSCW before 5.0.8 allows remote attackers to obtain 
sensitive ...)
        NOT-FOR-US: OrbiTeam BSCW
 CVE-2014-2300
@@ -171811,8 +171848,7 @@ CVE-2014-0244 (The sys_recvfrom function in nmbd in 
Samba 3.6.x before 3.6.24, 4
        - samba4 4.0.0~beta2+dfsg1-3.2+deb7u2
        NOTE: AD-related packages removed from src:samba4 in 
4.0.0~beta2+dfsg1-3.2+deb7u2
        NOTE: https://www.samba.org/samba/security/CVE-2014-0244
-CVE-2014-0243 [check-mk: arbitrary file disclosure]
-       RESERVED
+CVE-2014-0243 (Check_MK through 1.2.5i2p1 allows local users to read arbitrary 
files ...)
        - check-mk <not-affected> (Vulnerable code not present)
        NOTE: https://www.lsexperts.de/advisories/lse-2014-05-21.txt
 CVE-2014-0242 [information disclosure via Content-Type response header]



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/90fa400975cb178169b246c2617771cd9ff0824c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/90fa400975cb178169b246c2617771cd9ff0824c
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to