Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 965066fb by security tracker role at 2018-03-15T21:10:19+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,23 @@ +CVE-2018-8730 + RESERVED +CVE-2018-8729 (Multiple cross-site scripting (XSS) vulnerabilities in the Activity Log ...) + TODO: check +CVE-2018-8728 (server/app/views/static/code.html in Kontena before 1.5.0 allows XSS in ...) + TODO: check +CVE-2018-8727 + RESERVED +CVE-2017-18238 (An issue was discovered in Exempi before 2.4.4. The ...) + TODO: check +CVE-2017-18237 (An issue was discovered in Exempi before 2.4.3. The ...) + TODO: check +CVE-2017-18236 (An issue was discovered in Exempi before 2.4.4. The ...) + TODO: check +CVE-2017-18235 (An issue was discovered in Exempi before 2.4.3. The VPXChunk class in ...) + TODO: check +CVE-2017-18234 (An issue was discovered in Exempi before 2.4.3. It allows remote ...) + TODO: check +CVE-2017-18233 (An issue was discovered in Exempi before 2.4.4. Integer overflow in the ...) + TODO: check CVE-2018-8726 RESERVED CVE-2018-8725 @@ -10,8 +30,8 @@ CVE-2018-8722 (Zoho ManageEngine Desktop Central version 9.1.0 build 91099 has . NOT-FOR-US: Zoho CVE-2018-8721 (Zoho ManageEngine EventLog Analyzer version 11.0 build 11000 has Stored ...) NOT-FOR-US: Zoho -CVE-2018-8720 - RESERVED +CVE-2018-8720 (ServiceNow ITSM 2016-06-02 has XSS via the First Name or Last Name ...) + TODO: check CVE-2018-8719 RESERVED CVE-2018-8718 @@ -3685,6 +3705,7 @@ CVE-2018-1000087 (WolfCMS version version 0.8.3.1 contains a Reflected Cross Sit CVE-2018-1000086 (NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a ...) NOT-FOR-US: pym.js CVE-2018-1000085 (ClamAV version version 0.99.3 contains a Out of bounds heap memory ...) + {DLA-1307-1} - clamav 0.99.3~beta1+dfsg-1 [stretch] - clamav 0.99.4+dfsg-1+deb9u1 [jessie] - clamav <no-dsa> (clamav is updated via -updates) @@ -4577,11 +4598,12 @@ CVE-2018-6959 RESERVED CVE-2018-6958 RESERVED -CVE-2018-6957 - RESERVED +CVE-2018-6957 (VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x before ...) + TODO: check CVE-2017-18188 (OpenRC opentmpfiles through 0.1.3, when the fs.protected_hardlinks ...) NOT-FOR-US: opentmpfiles CVE-2017-18187 (In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an ...) + {DSA-4138-1} - mbedtls 2.7.0-2 - polarssl <removed> [wheezy] - polarssl <not-affected> (vulnerable code not present) @@ -6750,32 +6772,32 @@ CVE-2018-6233 RESERVED CVE-2018-6232 RESERVED -CVE-2018-6231 - RESERVED -CVE-2018-6230 - RESERVED -CVE-2018-6229 - RESERVED -CVE-2018-6228 - RESERVED -CVE-2018-6227 - RESERVED -CVE-2018-6226 - RESERVED -CVE-2018-6225 - RESERVED -CVE-2018-6224 - RESERVED -CVE-2018-6223 - RESERVED -CVE-2018-6222 - RESERVED -CVE-2018-6221 - RESERVED -CVE-2018-6220 - RESERVED -CVE-2018-6219 - RESERVED +CVE-2018-6231 (A server auth command injection authentication bypass vulnerability in ...) + TODO: check +CVE-2018-6230 (A SQL injection vulnerability in an Trend Micro Email Encryption ...) + TODO: check +CVE-2018-6229 (A SQL injection vulnerability in an Trend Micro Email Encryption ...) + TODO: check +CVE-2018-6228 (A SQL injection vulnerability in a Trend Micro Email Encryption ...) + TODO: check +CVE-2018-6227 (A stored cross-site scripting (XSS) vulnerability in Trend Micro Email ...) + TODO: check +CVE-2018-6226 (Reflected cross-site scripting (XSS) vulnerabilities in two Trend ...) + TODO: check +CVE-2018-6225 (An XML external entity injection (XXE) vulnerability in Trend Micro ...) + TODO: check +CVE-2018-6224 (A lack of cross-site request forgery (CSRF) protection vulnerability ...) + TODO: check +CVE-2018-6223 (A missing authentication for appliance registration vulnerability in ...) + TODO: check +CVE-2018-6222 (Arbitrary logs location in Trend Micro Email Encryption Gateway 5.5 ...) + TODO: check +CVE-2018-6221 (An unvalidated software update vulnerability in Trend Micro Email ...) + TODO: check +CVE-2018-6220 (An arbitrary file write vulnerability in Trend Micro Email Encryption ...) + TODO: check +CVE-2018-6219 (An Insecure Update via HTTP vulnerability in Trend Micro Email ...) + TODO: check CVE-2018-6218 (A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking ...) NOT-FOR-US: Trend Micro CVE-2018-6217 (The WStr::_alloc_iostr_data() function in kso.dll in Kingsoft WPS ...) @@ -9716,10 +9738,12 @@ CVE-2018-5146 RESERVED CVE-2018-5145 RESERVED + {DLA-1308-1} - firefox-esr 52.7.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/ CVE-2018-5144 RESERVED + {DLA-1308-1} - firefox-esr 52.7.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/ CVE-2018-5143 @@ -9770,18 +9794,21 @@ CVE-2018-5132 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/ CVE-2018-5131 RESERVED + {DLA-1308-1} - firefox 59.0-1 - firefox-esr 52.7.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/ CVE-2018-5130 RESERVED + {DLA-1308-1} - firefox 59.0-1 - firefox-esr 52.7.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/ CVE-2018-5129 RESERVED + {DLA-1308-1} - firefox 59.0-1 - firefox-esr 52.7.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/ @@ -9792,6 +9819,7 @@ CVE-2018-5128 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/ CVE-2018-5127 RESERVED + {DLA-1308-1} - firefox 59.0-1 - firefox-esr 52.7.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/ @@ -9802,6 +9830,7 @@ CVE-2018-5126 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/ CVE-2018-5125 RESERVED + {DLA-1308-1} - firefox 59.0-1 - firefox-esr 52.7.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/ @@ -19659,8 +19688,8 @@ CVE-2018-1321 RESERVED CVE-2018-1320 RESERVED -CVE-2018-1319 - RESERVED +CVE-2018-1319 (In Apache Allura prior to 1.8.1, attackers may craft URLs that cause ...) + TODO: check CVE-2018-1318 RESERVED CVE-2018-1317 @@ -22526,6 +22555,7 @@ CVE-2018-0489 (Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Servi NOTE: https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations NOTE: https://www.kb.cert.org/vuls/id/475445 CVE-2018-0488 (ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the ...) + {DSA-4138-1} - mbedtls 2.7.0-2 (bug #890287) - polarssl <removed> [wheezy] - polarssl <not-affected> (according to the upstream advisory < 1.2.19 not affected) @@ -22533,6 +22563,7 @@ CVE-2018-0488 (ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when NOTE: https://github.com/ARMmbed/mbedtls/commit/992b6872f3ca717282ae367749a47f006d337a87 NOTE: https://github.com/ARMmbed/mbedtls/commit/464147cadc694379b7717afb7b517fe05cdb323f CVE-2018-0487 (ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows ...) + {DSA-4138-1} - mbedtls 2.7.0-2 (bug #890288) - polarssl <removed> [wheezy] - polarssl <not-affected> (according to the upstream advisory < 1.3.7 not affected) @@ -23215,6 +23246,7 @@ CVE-2018-0203 (A vulnerability in the SMTP relay of Cisco Unity Connection could NOT-FOR-US: Cisco CVE-2018-0202 [Out-of-bounds access in the PDF parser] RESERVED + {DLA-1307-1} - clamav 0.100.0~beta+dfsg-2 [stretch] - clamav 0.99.4+dfsg-1+deb9u1 [jessie] - clamav <no-dsa> (clamav is updated via -updates) @@ -106830,7 +106862,7 @@ CVE-2015-8042 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0. NOT-FOR-US: Adobe Flash Player CVE-2015-8040 (The rtsp_getdlsendtime method in the CNC_Ctrl control in Samsung ...) NOT-FOR-US: Samsung SmartViewer -CVE-2015-8039 (Samsung SmartViewer allow remote attackers to execute arbitrary code ...) +CVE-2015-8039 (Samsung SmartViewer allows remote attackers to execute arbitrary code ...) NOT-FOR-US: Samsung SmartViewer CVE-2015-8038 (Multiple cross-site scripting (XSS) vulnerabilities in the Graphical ...) NOT-FOR-US: Fortinet View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/965066fb97274e7595ac5da7fd3b7dc5b1ca5ded --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/965066fb97274e7595ac5da7fd3b7dc5b1ca5ded You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits