[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Thu, 15 Mar 2018 14:10:54 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
965066fb by security tracker role at 2018-03-15T21:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,23 @@
+CVE-2018-8730
+       RESERVED
+CVE-2018-8729 (Multiple cross-site scripting (XSS) vulnerabilities in the 
Activity Log ...)
+       TODO: check
+CVE-2018-8728 (server/app/views/static/code.html in Kontena before 1.5.0 
allows XSS in ...)
+       TODO: check
+CVE-2018-8727
+       RESERVED
+CVE-2017-18238 (An issue was discovered in Exempi before 2.4.4. The ...)
+       TODO: check
+CVE-2017-18237 (An issue was discovered in Exempi before 2.4.3. The ...)
+       TODO: check
+CVE-2017-18236 (An issue was discovered in Exempi before 2.4.4. The ...)
+       TODO: check
+CVE-2017-18235 (An issue was discovered in Exempi before 2.4.3. The VPXChunk 
class in ...)
+       TODO: check
+CVE-2017-18234 (An issue was discovered in Exempi before 2.4.3. It allows 
remote ...)
+       TODO: check
+CVE-2017-18233 (An issue was discovered in Exempi before 2.4.4. Integer 
overflow in the ...)
+       TODO: check
 CVE-2018-8726
        RESERVED
 CVE-2018-8725
@@ -10,8 +30,8 @@ CVE-2018-8722 (Zoho ManageEngine Desktop Central version 
9.1.0 build 91099 has .
        NOT-FOR-US: Zoho
 CVE-2018-8721 (Zoho ManageEngine EventLog Analyzer version 11.0 build 11000 
has Stored ...)
        NOT-FOR-US: Zoho
-CVE-2018-8720
-       RESERVED
+CVE-2018-8720 (ServiceNow ITSM 2016-06-02 has XSS via the First Name or Last 
Name ...)
+       TODO: check
 CVE-2018-8719
        RESERVED
 CVE-2018-8718
@@ -3685,6 +3705,7 @@ CVE-2018-1000087 (WolfCMS version version 0.8.3.1 
contains a Reflected Cross Sit
 CVE-2018-1000086 (NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 
contains a ...)
        NOT-FOR-US: pym.js
 CVE-2018-1000085 (ClamAV version version 0.99.3 contains a Out of bounds heap 
memory ...)
+       {DLA-1307-1}
        - clamav 0.99.3~beta1+dfsg-1
        [stretch] - clamav 0.99.4+dfsg-1+deb9u1
        [jessie] - clamav <no-dsa> (clamav is updated via -updates)
@@ -4577,11 +4598,12 @@ CVE-2018-6959
        RESERVED
 CVE-2018-6958
        RESERVED
-CVE-2018-6957
-       RESERVED
+CVE-2018-6957 (VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x 
before ...)
+       TODO: check
 CVE-2017-18188 (OpenRC opentmpfiles through 0.1.3, when the 
fs.protected_hardlinks ...)
        NOT-FOR-US: opentmpfiles
 CVE-2017-18187 (In ARM mbed TLS before 2.7.0, there is a bounds-check bypass 
through an ...)
+       {DSA-4138-1}
        - mbedtls 2.7.0-2
        - polarssl <removed>
        [wheezy] - polarssl <not-affected> (vulnerable code not present)
@@ -6750,32 +6772,32 @@ CVE-2018-6233
        RESERVED
 CVE-2018-6232
        RESERVED
-CVE-2018-6231
-       RESERVED
-CVE-2018-6230
-       RESERVED
-CVE-2018-6229
-       RESERVED
-CVE-2018-6228
-       RESERVED
-CVE-2018-6227
-       RESERVED
-CVE-2018-6226
-       RESERVED
-CVE-2018-6225
-       RESERVED
-CVE-2018-6224
-       RESERVED
-CVE-2018-6223
-       RESERVED
-CVE-2018-6222
-       RESERVED
-CVE-2018-6221
-       RESERVED
-CVE-2018-6220
-       RESERVED
-CVE-2018-6219
-       RESERVED
+CVE-2018-6231 (A server auth command injection authentication bypass 
vulnerability in ...)
+       TODO: check
+CVE-2018-6230 (A SQL injection vulnerability in an Trend Micro Email 
Encryption ...)
+       TODO: check
+CVE-2018-6229 (A SQL injection vulnerability in an Trend Micro Email 
Encryption ...)
+       TODO: check
+CVE-2018-6228 (A SQL injection vulnerability in a Trend Micro Email Encryption 
...)
+       TODO: check
+CVE-2018-6227 (A stored cross-site scripting (XSS) vulnerability in Trend 
Micro Email ...)
+       TODO: check
+CVE-2018-6226 (Reflected cross-site scripting (XSS) vulnerabilities in two 
Trend ...)
+       TODO: check
+CVE-2018-6225 (An XML external entity injection (XXE) vulnerability in Trend 
Micro ...)
+       TODO: check
+CVE-2018-6224 (A lack of cross-site request forgery (CSRF) protection 
vulnerability ...)
+       TODO: check
+CVE-2018-6223 (A missing authentication for appliance registration 
vulnerability in ...)
+       TODO: check
+CVE-2018-6222 (Arbitrary logs location in Trend Micro Email Encryption Gateway 
5.5 ...)
+       TODO: check
+CVE-2018-6221 (An unvalidated software update vulnerability in Trend Micro 
Email ...)
+       TODO: check
+CVE-2018-6220 (An arbitrary file write vulnerability in Trend Micro Email 
Encryption ...)
+       TODO: check
+CVE-2018-6219 (An Insecure Update via HTTP vulnerability in Trend Micro Email 
...)
+       TODO: check
 CVE-2018-6218 (A DLL Hijacking vulnerability in Trend Micro's User-Mode 
Hooking ...)
        NOT-FOR-US: Trend Micro
 CVE-2018-6217 (The WStr::_alloc_iostr_data() function in kso.dll in Kingsoft 
WPS ...)
@@ -9716,10 +9738,12 @@ CVE-2018-5146
        RESERVED
 CVE-2018-5145
        RESERVED
+       {DLA-1308-1}
        - firefox-esr 52.7.0esr-1
        NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/
 CVE-2018-5144
        RESERVED
+       {DLA-1308-1}
        - firefox-esr 52.7.0esr-1
        NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/
 CVE-2018-5143
@@ -9770,18 +9794,21 @@ CVE-2018-5132
        NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
 CVE-2018-5131
        RESERVED
+       {DLA-1308-1}
        - firefox 59.0-1
        - firefox-esr 52.7.0esr-1
        NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/
        NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
 CVE-2018-5130
        RESERVED
+       {DLA-1308-1}
        - firefox 59.0-1
        - firefox-esr 52.7.0esr-1
        NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/
        NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
 CVE-2018-5129
        RESERVED
+       {DLA-1308-1}
        - firefox 59.0-1
        - firefox-esr 52.7.0esr-1
        NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/
@@ -9792,6 +9819,7 @@ CVE-2018-5128
        NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
 CVE-2018-5127
        RESERVED
+       {DLA-1308-1}
        - firefox 59.0-1
        - firefox-esr 52.7.0esr-1
        NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/
@@ -9802,6 +9830,7 @@ CVE-2018-5126
        NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
 CVE-2018-5125
        RESERVED
+       {DLA-1308-1}
        - firefox 59.0-1
        - firefox-esr 52.7.0esr-1
        NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/
@@ -19659,8 +19688,8 @@ CVE-2018-1321
        RESERVED
 CVE-2018-1320
        RESERVED
-CVE-2018-1319
-       RESERVED
+CVE-2018-1319 (In Apache Allura prior to 1.8.1, attackers may craft URLs that 
cause ...)
+       TODO: check
 CVE-2018-1318
        RESERVED
 CVE-2018-1317
@@ -22526,6 +22555,7 @@ CVE-2018-0489 (Shibboleth XMLTooling-C before 1.6.4, as 
used in Shibboleth Servi
        NOTE: 
https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
        NOTE: https://www.kb.cert.org/vuls/id/475445
 CVE-2018-0488 (ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, 
when the ...)
+       {DSA-4138-1}
        - mbedtls 2.7.0-2 (bug #890287)
        - polarssl <removed>
        [wheezy] - polarssl <not-affected> (according to the upstream advisory 
< 1.2.19 not affected)
@@ -22533,6 +22563,7 @@ CVE-2018-0488 (ARM mbed TLS before 1.3.22, before 
2.1.10, and before 2.7.0, when
        NOTE: 
https://github.com/ARMmbed/mbedtls/commit/992b6872f3ca717282ae367749a47f006d337a87
        NOTE: 
https://github.com/ARMmbed/mbedtls/commit/464147cadc694379b7717afb7b517fe05cdb323f
 CVE-2018-0487 (ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 
allows ...)
+       {DSA-4138-1}
        - mbedtls 2.7.0-2 (bug #890288)
        - polarssl <removed>
        [wheezy] - polarssl <not-affected> (according to the upstream advisory 
< 1.3.7 not affected)
@@ -23215,6 +23246,7 @@ CVE-2018-0203 (A vulnerability in the SMTP relay of 
Cisco Unity Connection could
        NOT-FOR-US: Cisco
 CVE-2018-0202 [Out-of-bounds access in the PDF parser]
        RESERVED
+       {DLA-1307-1}
        - clamav 0.100.0~beta+dfsg-2
        [stretch] - clamav 0.99.4+dfsg-1+deb9u1
        [jessie] - clamav <no-dsa> (clamav is updated via -updates)
@@ -106830,7 +106862,7 @@ CVE-2015-8042 (Use-after-free vulnerability in Adobe 
Flash Player before 18.0.0.
        NOT-FOR-US: Adobe Flash Player
 CVE-2015-8040 (The rtsp_getdlsendtime method in the CNC_Ctrl control in 
Samsung ...)
        NOT-FOR-US: Samsung SmartViewer
-CVE-2015-8039 (Samsung SmartViewer allow remote attackers to execute arbitrary 
code ...)
+CVE-2015-8039 (Samsung SmartViewer allows remote attackers to execute 
arbitrary code ...)
        NOT-FOR-US: Samsung SmartViewer
 CVE-2015-8038 (Multiple cross-site scripting (XSS) vulnerabilities in the 
Graphical ...)
        NOT-FOR-US: Fortinet



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/965066fb97274e7595ac5da7fd3b7dc5b1ca5ded

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/965066fb97274e7595ac5da7fd3b7dc5b1ca5ded
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to