Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: d612da9a by security tracker role at 2018-04-13T08:10:13+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,23 @@ +CVE-2018-10086 (CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary code ...) + TODO: check +CVE-2018-10085 (CMS Made Simple (CMSMS) through 2.2.6 allows PHP object injection ...) + TODO: check +CVE-2018-10084 (CMS Made Simple (CMSMS) through 2.2.6 contains a privilege escalation ...) + TODO: check +CVE-2018-10083 (CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary file ...) + TODO: check +CVE-2018-10082 (CMS Made Simple (CMSMS) through 2.2.7 allows physical path leakage via ...) + TODO: check +CVE-2018-10081 (CMS Made Simple (CMSMS) through 2.2.6 contains an admin password reset ...) + TODO: check +CVE-2018-10080 (Secutech RiS-11, RiS-22, and RiS-33 devices with firmware ...) + TODO: check +CVE-2018-10079 + RESERVED +CVE-2018-10078 + RESERVED +CVE-2018-10077 + RESERVED CVE-2018-10076 RESERVED CVE-2018-10075 @@ -1587,7 +1607,8 @@ CVE-2016-10719 RESERVED CVE-2018-9330 (register.jsp in Coremail XT3.0 allows stored XSS, as demonstrated by ...) NOT-FOR-US: Coremail XT3.0 -CVE-2018-9329 (** DISPUTED ** The Bitdefender Antivirus 6.2.19.890 component, as ...) +CVE-2018-9329 + REJECTED NOT-FOR-US: Bitdefender Antivirus CVE-2018-9328 (PHP Scripts Mall Redbus Clone Script 3.0.6 has XSS via the ter_from ...) NOT-FOR-US: PHP Scripts Mall Redbus Clone Script @@ -8037,10 +8058,10 @@ CVE-2018-6937 RESERVED CVE-2018-6936 (Cross Site Scripting (XSS) exists on the D-Link DIR-600M C1 3.01 via ...) NOT-FOR-US: D-Link -CVE-2018-6935 - RESERVED -CVE-2018-6934 - RESERVED +CVE-2018-6935 (PHP Scripts Mall Student Profile Management System Script v2.0.6 has ...) + TODO: check +CVE-2018-6934 (CSRF exists in student/personal-info in PHP Scripts Mall Online ...) + TODO: check CVE-2018-6933 RESERVED CVE-2018-6932 @@ -8183,16 +8204,16 @@ CVE-2018-6906 RESERVED CVE-2018-6905 (The page module in TYPO3 before 8.7.11, and 9.1.0, has XSS via ...) - typo3-src <removed> -CVE-2018-6904 - RESERVED -CVE-2018-6903 - RESERVED -CVE-2018-6902 - RESERVED +CVE-2018-6904 (PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the User Name ...) + TODO: check +CVE-2018-6903 (PHP Scripts Mall Hot Scripts Clone Script Classified v3.1 uses the ...) + TODO: check +CVE-2018-6902 (PHP Scripts Mall Image Sharing Script 1.3.3 has XSS via the Full Name ...) + TODO: check CVE-2018-6901 RESERVED -CVE-2018-6900 - RESERVED +CVE-2018-6900 (PHP Scripts Mall Website Broker Script 3.0.6 has XSS via the Last Name ...) + TODO: check CVE-2018-6899 RESERVED CVE-2018-6898 @@ -8243,8 +8264,8 @@ CVE-2018-6881 (EmpireCMS 6.6 allows remote attackers to discover the full path v NOT-FOR-US: EmpireCMS CVE-2018-6880 (EmpireCMS 6.6 through 7.2 allows remote attackers to discover the full ...) NOT-FOR-US: EmpireCMS -CVE-2018-6879 - RESERVED +CVE-2018-6879 (PHP Scripts Mall Website Seller Script 2.0.3 uses the client side to ...) + TODO: check CVE-2018-6878 (Cross Site Scripting (XSS) exists in the review section in PHP Scripts ...) NOT-FOR-US: PHP Scripts Mall Hot Scripts Clone Script Classified CVE-2018-6877 @@ -8269,8 +8290,8 @@ CVE-2018-6871 (LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attac - libreoffice 1:6.0.1-1 [wheezy] - libreoffice <not-affected> (Vulnerable code not present) NOTE: https://github.com/jollheef/libreoffice-remote-arbitrary-file-disclosure -CVE-2018-6870 - RESERVED +CVE-2018-6870 (Reflected XSS exists in PHP Scripts Mall Website Seller Script 2.0.3 ...) + TODO: check CVE-2018-6869 (In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a ...) {DLA-1287-1} - zziplib <unfixed> @@ -12900,8 +12921,8 @@ CVE-2014-10069 (Hitron CVE-30360 devices use a 578A958E3DD933FC DES key that is NOT-FOR-US: Hitron CVE-30360 devices CVE-2018-5255 (The Mlag agent in Arista EOS 4.19 before 4.19.4M and 4.20 before ...) NOT-FOR-US: Arista -CVE-2018-5254 - RESERVED +CVE-2018-5254 (Arista EOS before 4.20.2F allows remote BGP peers to cause a denial of ...) + TODO: check CVE-2018-5253 (The AP4_FtypAtom class in Core/Ap4FtypAtom.cpp in Bento4 1.5.1.0 has an ...) NOT-FOR-US: Bento4 CVE-2018-5252 (libimageworsener.a in ImageWorsener 1.3.2, when libjpeg 8d is used, has ...) @@ -132877,8 +132898,8 @@ CVE-2014-9565 (Cross-site request forgery (CSRF) vulnerability in IBM Flex Syste NOT-FOR-US: IBM CVE-2014-9564 (CRLF injection vulnerability in IBM Flex System EN6131 40Gb Ethernet ...) NOT-FOR-US: IBM -CVE-2014-9563 - RESERVED +CVE-2014-9563 (CRLF injection vulnerability in the web-based management (WBM) ...) + TODO: check CVE-2014-9562 (Cross-site scripting (XSS) vulnerability in display_dialog.php in M2 ...) NOT-FOR-US: M2 OptimalSite CVE-2014-9561 (Cross-site scripting (XSS) vulnerability in redir_last_post_list.php ...) @@ -135879,14 +135900,14 @@ CVE-2015-0155 RESERVED CVE-2015-0154 RESERVED -CVE-2015-0153 - RESERVED -CVE-2015-0152 - RESERVED -CVE-2015-0151 - RESERVED -CVE-2015-0150 - RESERVED +CVE-2015-0153 (D-Link DIR-815 devices with firmware before 2.07.B01 allow remote ...) + TODO: check +CVE-2015-0152 (D-Link DIR-815 devices with firmware before 2.07.B01 allow remote ...) + TODO: check +CVE-2015-0151 (Cross-site request forgery (CSRF) vulnerability in D-Link DIR-815 ...) + TODO: check +CVE-2015-0150 (The remote administration UI in D-Link DIR-815 devices with firmware ...) + TODO: check CVE-2015-0149 (The developer portal in IBM API Management 3.0 before 3.0.4.1 does not ...) NOT-FOR-US: IBM API Management CVE-2015-0148 @@ -136413,8 +136434,8 @@ CVE-2014-8890 (IBM WebSphere Application Server Liberty Profile 8.5.x before 8.5 NOT-FOR-US: IBM CVE-2014-8889 (Dropbox SDK for Android before 1.6.2 might allow remote attackers to ...) NOT-FOR-US: Dropbox SDK for Android -CVE-2014-8888 - RESERVED +CVE-2014-8888 (The remote administration interface in D-Link DIR-815 devices with ...) + TODO: check CVE-2014-8887 (IBM Marketing Operations 7.x and 8.x before 8.5.0.7.2, 8.6.x before ...) NOT-FOR-US: IBM Marketing Operations CVE-2014-8886 (AVM FRITZ!OS before 6.30 extracts the contents of firmware updates ...) @@ -137642,10 +137663,10 @@ CVE-2014-8424 (ARRIS VAP2500 before FW08.41 does not properly validate passwords NOT-FOR-US: ARRIS VAP2500 CVE-2014-8423 (Unspecified vulnerability in the management portal in ARRIS VAP2500 ...) NOT-FOR-US: ARRIS VAP2500 -CVE-2014-8422 - RESERVED -CVE-2014-8421 - RESERVED +CVE-2014-8422 (The web-based management (WBM) interface in Unify (former Siemens) ...) + TODO: check +CVE-2014-8421 (Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 ...) + TODO: check CVE-2014-8420 (The ViewPoint web application in Dell SonicWALL Global Management ...) NOT-FOR-US: Dell SonicWALL CVE-2014-8419 (Wibu-Systems CodeMeter Runtime before 5.20 uses weak permissions (read ...) @@ -142652,8 +142673,7 @@ CVE-2014-6415 RESERVED CVE-2014-6413 RESERVED -CVE-2014-6412 - RESERVED +CVE-2014-6412 (WordPress before 4.4 makes it easier for remote attackers to predict ...) - wordpress <not-affected> (Affects only Wordpress on Windows systems) CVE-2014-6411 RESERVED @@ -143327,8 +143347,8 @@ CVE-2014-6171 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal NOT-FOR-US: IBM CVE-2014-6170 (The HTTPInput node in IBM WebSphere Message Broker 7.0 before 7.0.0.8 ...) NOT-FOR-US: IBM -CVE-2014-6169 - RESERVED +CVE-2014-6169 (Cross-site scripting (XSS) vulnerability in IBM Forms Experience ...) + TODO: check CVE-2014-6168 (Cross-site request forgery (CSRF) vulnerability in IBM Security ...) NOT-FOR-US: IBM CVE-2014-6167 (Cross-site scripting (XSS) vulnerability in the URL rewriting feature ...) @@ -143425,8 +143445,8 @@ CVE-2014-6122 (IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 befo NOT-FOR-US: IBM CVE-2014-6121 (Cross-site scripting (XSS) vulnerability in IBM Security AppScan ...) NOT-FOR-US: IBM -CVE-2014-6120 - RESERVED +CVE-2014-6120 (IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through ...) + TODO: check CVE-2014-6119 (IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before ...) NOT-FOR-US: IBM CVE-2014-6118 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d612da9a729d9f2aa3336c597a90054e42f6e6c9 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d612da9a729d9f2aa3336c597a90054e42f6e6c9 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits