[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Tue, 10 Apr 2018 01:18:52 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
aec1866f by security tracker role at 2018-04-10T08:10:13+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,41 @@
+CVE-2018-9934 (The reset-password feature in MetInfo 6.0 allows remote 
attackers to ...)
+       TODO: check
+CVE-2018-9933
+       RESERVED
+CVE-2018-9932
+       RESERVED
+CVE-2018-9931
+       RESERVED
+CVE-2018-9930
+       RESERVED
+CVE-2018-9929
+       RESERVED
+CVE-2018-9928 (Cross-site scripting (XSS) vulnerability in save.php in MetInfo 
6.0 ...)
+       TODO: check
+CVE-2018-9927 (An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF ...)
+       TODO: check
+CVE-2018-9926 (An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF ...)
+       TODO: check
+CVE-2018-9925 (An issue was discovered in idreamsoft iCMS through 7.0.7. XSS 
exists ...)
+       TODO: check
+CVE-2018-9924 (An issue was discovered in idreamsoft iCMS through 7.0.7. SQL 
injection ...)
+       TODO: check
+CVE-2018-9923 (An issue was discovered in idreamsoft iCMS through 7.0.7. CSRF 
exists ...)
+       TODO: check
+CVE-2018-9922 (An issue was discovered in idreamsoft iCMS through 7.0.7. 
Physical path ...)
+       TODO: check
+CVE-2018-9921
+       RESERVED
+CVE-2018-9920
+       RESERVED
+CVE-2018-9919
+       RESERVED
+CVE-2018-9918
+       RESERVED
+CVE-2018-9917
+       RESERVED
+CVE-2018-9916
+       RESERVED
 CVE-2018-9915
        RESERVED
 CVE-2018-9914
@@ -156,8 +194,8 @@ CVE-2018-9841 (The export function in 
libavfilter/vf_signature.c in FFmpeg throu
        - ffmpeg <unfixed> (low)
        [stretch] - ffmpeg <postponed> (Can wait until the next ffmpeg 3.2.x 
release)
        NOTE: 
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=35eeff30caf34df835206f1c12bcf4b7c2bd6758
-CVE-2018-9840
-       RESERVED
+CVE-2018-9840 (The Open Whisper Signal app before 2.23.2 for iOS allows 
physically ...)
+       TODO: check
 CVE-2018-9839
        RESERVED
 CVE-2018-1000166 [Unsafe use of sprintf() can allow a remote unauthenticated 
attacker to execute arbitrary code]
@@ -5981,12 +6019,14 @@ CVE-2018-7482 (** DISPUTED ** The K2 component 2.8.0 
for Joomla! has Incorrect A
 CVE-2017-18200 (The f2fs implementation in the Linux kernel before 4.14 
mishandles ...)
        - linux <not-affected> (Vulnerable code not present)
 CVE-2018-1000099 (Teluu PJSIP version 2.7.1 and earlier contains a Access of 
...)
+       {DSA-4170-1}
        - pjproject 2.7.2~dfsg-1
        [jessie] - pjproject <ignored> (Minor issue)
        NOTE: http://downloads.asterisk.org/pub/security/AST-2018-003.html
        NOTE: https://trac.pjsip.org/repos/ticket/2092
        NOTE: In jessie Asterisk doesn't use pjproject for SIP (only for ICE, 
STUN and TURN)
 CVE-2018-1000098 (Teluu PJSIP version 2.7.1 and earlier contains a Integer 
Overflow ...)
+       {DSA-4170-1}
        - pjproject 2.7.2~dfsg-1
        [jessie] - pjproject <ignored> (Minor issue)
        NOTE: http://downloads.asterisk.org/pub/security/AST-2018-002.html
@@ -9932,8 +9972,8 @@ CVE-2018-6184 (ZEIT Next.js 4 before 4.2.3 has Directory 
Traversal under the /_n
        NOT-FOR-US: ZEIT Next.js
 CVE-2018-6183 (BitDefender Total Security 2018 allows local users to gain 
privileges ...)
        NOT-FOR-US: BitDefender Total Security
-CVE-2018-6182
-       RESERVED
+CVE-2018-6182 (Mahara 16.10 before 16.10.9 and 17.04 before 17.04.7 and 17.10 
before ...)
+       TODO: check
 CVE-2018-6181
        RESERVED
 CVE-2018-6180 (A flaw in the profile section of Online Voting System 1.0 
allows an ...)
@@ -11912,8 +11952,8 @@ CVE-2018-5465 (A Session Fixation issue was discovered 
in Belden Hirschmann RS, 
        NOT-FOR-US: Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, 
MACH4000, MS, and OCTOPUS Classic Platform Switches
 CVE-2018-5464 (Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x 
have an ...)
        NOT-FOR-US: Philips Intellispace Portal
-CVE-2018-5463
-       RESERVED
+CVE-2018-5463 (A structured exception handler overflow vulnerability in Leao 
...)
+       TODO: check
 CVE-2018-5462 (Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x 
have an ...)
        NOT-FOR-US: Philips Intellispace Portal
 CVE-2018-5461 (An Inadequate Encryption Strength issue was discovered in 
Belden ...)
@@ -23152,8 +23192,8 @@ CVE-2018-1219 (EMC RSA Archer, versions prior to 
6.2.0.8, contains an improper a
        NOT-FOR-US: EMC RSA Archer
 CVE-2018-1218 (In Dell EMC NetWorker versions prior to 9.2.1.1, versions prior 
to ...)
        NOT-FOR-US: EMC NetWorker
-CVE-2018-1217
-       RESERVED
+CVE-2018-1217 (Avamar Installation Manager in Dell EMC Avamar Server 7.3.1, 
7.4.1, ...)
+       TODO: check
 CVE-2018-1216 (A hard-coded password vulnerability was discovered in vApp 
Manager ...)
        NOT-FOR-US: EMC
 CVE-2018-1215 (An arbitrary file upload vulnerability was discovered in vApp 
Manager ...)
@@ -27198,6 +27238,7 @@ CVE-2017-16876 (Cross-site scripting (XSS) 
vulnerability in the _keyify function
        [stretch] - mistune <no-dsa> (Minor issue)
        NOTE: 
https://github.com/lepture/mistune/commit/5f06d724bc05580e7f203db2d4a4905fc1127f98
 CVE-2017-16875 (An issue was discovered in Teluu pjproject (pjlib and 
pjlib-util) in ...)
+       {DSA-4170-1}
        - pjproject 2.7.1~dfsg-1
        [jessie] - pjproject <ignored> (Minor issue)
        NOTE: https://trac.pjsip.org/repos/ticket/2055
@@ -27246,6 +27287,7 @@ CVE-2017-1000168 (sodiumoxide 0.0.13 and older 
scalarmult() vulnerable to degene
 CVE-2017-1000161
        REJECTED
 CVE-2017-16872 (An issue was discovered in Teluu pjproject (pjlib and 
pjlib-util) in ...)
+       {DSA-4170-1}
        - pjproject 2.7.1~dfsg-1
        [jessie] - pjproject <ignored> (Minor issue)
        NOTE: https://trac.pjsip.org/repos/ticket/2056
@@ -70672,8 +70714,8 @@ CVE-2017-2828 (An exploitable command injection 
vulnerability exists in the web 
        NOT-FOR-US: Foscam C1 Indoor HD Camera
 CVE-2017-2827 (An exploitable command injection vulnerability exists in the 
web ...)
        NOT-FOR-US: Foscam C1 Indoor HD Camera
-CVE-2017-2826
-       RESERVED
+CVE-2017-2826 (An information disclosure vulnerability exists in the iConfig 
proxy ...)
+       TODO: check
 CVE-2017-2825
        RESERVED
        {DSA-3937-1}



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/aec1866f27514bb4d8ee1ef07b7f616d47cd074b

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/aec1866f27514bb4d8ee1ef07b7f616d47cd074b
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to