[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Fri, 13 Apr 2018 01:11:02 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
d612da9a by security tracker role at 2018-04-13T08:10:13+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,23 @@
+CVE-2018-10086 (CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary 
code ...)
+       TODO: check
+CVE-2018-10085 (CMS Made Simple (CMSMS) through 2.2.6 allows PHP object 
injection ...)
+       TODO: check
+CVE-2018-10084 (CMS Made Simple (CMSMS) through 2.2.6 contains a privilege 
escalation ...)
+       TODO: check
+CVE-2018-10083 (CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary 
file ...)
+       TODO: check
+CVE-2018-10082 (CMS Made Simple (CMSMS) through 2.2.7 allows physical path 
leakage via ...)
+       TODO: check
+CVE-2018-10081 (CMS Made Simple (CMSMS) through 2.2.6 contains an admin 
password reset ...)
+       TODO: check
+CVE-2018-10080 (Secutech RiS-11, RiS-22, and RiS-33 devices with firmware ...)
+       TODO: check
+CVE-2018-10079
+       RESERVED
+CVE-2018-10078
+       RESERVED
+CVE-2018-10077
+       RESERVED
 CVE-2018-10076
        RESERVED
 CVE-2018-10075
@@ -1587,7 +1607,8 @@ CVE-2016-10719
        RESERVED
 CVE-2018-9330 (register.jsp in Coremail XT3.0 allows stored XSS, as 
demonstrated by ...)
        NOT-FOR-US: Coremail XT3.0
-CVE-2018-9329 (** DISPUTED ** The Bitdefender Antivirus 6.2.19.890 component, 
as ...)
+CVE-2018-9329
+       REJECTED
        NOT-FOR-US: Bitdefender Antivirus
 CVE-2018-9328 (PHP Scripts Mall Redbus Clone Script 3.0.6 has XSS via the 
ter_from ...)
        NOT-FOR-US: PHP Scripts Mall Redbus Clone Script
@@ -8037,10 +8058,10 @@ CVE-2018-6937
        RESERVED
 CVE-2018-6936 (Cross Site Scripting (XSS) exists on the D-Link DIR-600M C1 
3.01 via ...)
        NOT-FOR-US: D-Link
-CVE-2018-6935
-       RESERVED
-CVE-2018-6934
-       RESERVED
+CVE-2018-6935 (PHP Scripts Mall Student Profile Management System Script 
v2.0.6 has ...)
+       TODO: check
+CVE-2018-6934 (CSRF exists in student/personal-info in PHP Scripts Mall Online 
...)
+       TODO: check
 CVE-2018-6933
        RESERVED
 CVE-2018-6932
@@ -8183,16 +8204,16 @@ CVE-2018-6906
        RESERVED
 CVE-2018-6905 (The page module in TYPO3 before 8.7.11, and 9.1.0, has XSS via 
...)
        - typo3-src <removed>
-CVE-2018-6904
-       RESERVED
-CVE-2018-6903
-       RESERVED
-CVE-2018-6902
-       RESERVED
+CVE-2018-6904 (PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the User 
Name ...)
+       TODO: check
+CVE-2018-6903 (PHP Scripts Mall Hot Scripts Clone Script Classified v3.1 uses 
the ...)
+       TODO: check
+CVE-2018-6902 (PHP Scripts Mall Image Sharing Script 1.3.3 has XSS via the 
Full Name ...)
+       TODO: check
 CVE-2018-6901
        RESERVED
-CVE-2018-6900
-       RESERVED
+CVE-2018-6900 (PHP Scripts Mall Website Broker Script 3.0.6 has XSS via the 
Last Name ...)
+       TODO: check
 CVE-2018-6899
        RESERVED
 CVE-2018-6898
@@ -8243,8 +8264,8 @@ CVE-2018-6881 (EmpireCMS 6.6 allows remote attackers to 
discover the full path v
        NOT-FOR-US: EmpireCMS
 CVE-2018-6880 (EmpireCMS 6.6 through 7.2 allows remote attackers to discover 
the full ...)
        NOT-FOR-US: EmpireCMS
-CVE-2018-6879
-       RESERVED
+CVE-2018-6879 (PHP Scripts Mall Website Seller Script 2.0.3 uses the client 
side to ...)
+       TODO: check
 CVE-2018-6878 (Cross Site Scripting (XSS) exists in the review section in PHP 
Scripts ...)
        NOT-FOR-US: PHP Scripts Mall Hot Scripts Clone Script Classified
 CVE-2018-6877
@@ -8269,8 +8290,8 @@ CVE-2018-6871 (LibreOffice before 5.4.5 and 6.x before 
6.0.1 allows remote attac
        - libreoffice 1:6.0.1-1
        [wheezy] - libreoffice <not-affected> (Vulnerable code not present)
        NOTE: 
https://github.com/jollheef/libreoffice-remote-arbitrary-file-disclosure
-CVE-2018-6870
-       RESERVED
+CVE-2018-6870 (Reflected XSS exists in PHP Scripts Mall Website Seller Script 
2.0.3 ...)
+       TODO: check
 CVE-2018-6869 (In ZZIPlib 0.13.68, there is an uncontrolled memory allocation 
and a ...)
        {DLA-1287-1}
        - zziplib <unfixed>
@@ -12900,8 +12921,8 @@ CVE-2014-10069 (Hitron CVE-30360 devices use a 
578A958E3DD933FC DES key that is 
        NOT-FOR-US: Hitron CVE-30360 devices
 CVE-2018-5255 (The Mlag agent in Arista EOS 4.19 before 4.19.4M and 4.20 
before ...)
        NOT-FOR-US: Arista
-CVE-2018-5254
-       RESERVED
+CVE-2018-5254 (Arista EOS before 4.20.2F allows remote BGP peers to cause a 
denial of ...)
+       TODO: check
 CVE-2018-5253 (The AP4_FtypAtom class in Core/Ap4FtypAtom.cpp in Bento4 
1.5.1.0 has an ...)
        NOT-FOR-US: Bento4
 CVE-2018-5252 (libimageworsener.a in ImageWorsener 1.3.2, when libjpeg 8d is 
used, has ...)
@@ -132877,8 +132898,8 @@ CVE-2014-9565 (Cross-site request forgery (CSRF) 
vulnerability in IBM Flex Syste
        NOT-FOR-US: IBM
 CVE-2014-9564 (CRLF injection vulnerability in IBM Flex System EN6131 40Gb 
Ethernet ...)
        NOT-FOR-US: IBM
-CVE-2014-9563
-       RESERVED
+CVE-2014-9563 (CRLF injection vulnerability in the web-based management (WBM) 
...)
+       TODO: check
 CVE-2014-9562 (Cross-site scripting (XSS) vulnerability in display_dialog.php 
in M2 ...)
        NOT-FOR-US: M2 OptimalSite
 CVE-2014-9561 (Cross-site scripting (XSS) vulnerability in 
redir_last_post_list.php ...)
@@ -135879,14 +135900,14 @@ CVE-2015-0155
        RESERVED
 CVE-2015-0154
        RESERVED
-CVE-2015-0153
-       RESERVED
-CVE-2015-0152
-       RESERVED
-CVE-2015-0151
-       RESERVED
-CVE-2015-0150
-       RESERVED
+CVE-2015-0153 (D-Link DIR-815 devices with firmware before 2.07.B01 allow 
remote ...)
+       TODO: check
+CVE-2015-0152 (D-Link DIR-815 devices with firmware before 2.07.B01 allow 
remote ...)
+       TODO: check
+CVE-2015-0151 (Cross-site request forgery (CSRF) vulnerability in D-Link 
DIR-815 ...)
+       TODO: check
+CVE-2015-0150 (The remote administration UI in D-Link DIR-815 devices with 
firmware ...)
+       TODO: check
 CVE-2015-0149 (The developer portal in IBM API Management 3.0 before 3.0.4.1 
does not ...)
        NOT-FOR-US: IBM API Management
 CVE-2015-0148
@@ -136413,8 +136434,8 @@ CVE-2014-8890 (IBM WebSphere Application Server 
Liberty Profile 8.5.x before 8.5
        NOT-FOR-US: IBM
 CVE-2014-8889 (Dropbox SDK for Android before 1.6.2 might allow remote 
attackers to ...)
        NOT-FOR-US: Dropbox SDK for Android
-CVE-2014-8888
-       RESERVED
+CVE-2014-8888 (The remote administration interface in D-Link DIR-815 devices 
with ...)
+       TODO: check
 CVE-2014-8887 (IBM Marketing Operations 7.x and 8.x before 8.5.0.7.2, 8.6.x 
before ...)
        NOT-FOR-US: IBM Marketing Operations
 CVE-2014-8886 (AVM FRITZ!OS before 6.30 extracts the contents of firmware 
updates ...)
@@ -137642,10 +137663,10 @@ CVE-2014-8424 (ARRIS VAP2500 before FW08.41 does 
not properly validate passwords
        NOT-FOR-US: ARRIS VAP2500
 CVE-2014-8423 (Unspecified vulnerability in the management portal in ARRIS 
VAP2500 ...)
        NOT-FOR-US: ARRIS VAP2500
-CVE-2014-8422
-       RESERVED
-CVE-2014-8421
-       RESERVED
+CVE-2014-8422 (The web-based management (WBM) interface in Unify (former 
Siemens) ...)
+       TODO: check
+CVE-2014-8421 (Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone 
IP V3 ...)
+       TODO: check
 CVE-2014-8420 (The ViewPoint web application in Dell SonicWALL Global 
Management ...)
        NOT-FOR-US: Dell SonicWALL
 CVE-2014-8419 (Wibu-Systems CodeMeter Runtime before 5.20 uses weak 
permissions (read ...)
@@ -142652,8 +142673,7 @@ CVE-2014-6415
        RESERVED
 CVE-2014-6413
        RESERVED
-CVE-2014-6412
-       RESERVED
+CVE-2014-6412 (WordPress before 4.4 makes it easier for remote attackers to 
predict ...)
        - wordpress <not-affected> (Affects only Wordpress on Windows systems)
 CVE-2014-6411
        RESERVED
@@ -143327,8 +143347,8 @@ CVE-2014-6171 (Cross-site scripting (XSS) 
vulnerability in IBM WebSphere Portal 
        NOT-FOR-US: IBM
 CVE-2014-6170 (The HTTPInput node in IBM WebSphere Message Broker 7.0 before 
7.0.0.8 ...)
        NOT-FOR-US: IBM
-CVE-2014-6169
-       RESERVED
+CVE-2014-6169 (Cross-site scripting (XSS) vulnerability in IBM Forms 
Experience ...)
+       TODO: check
 CVE-2014-6168 (Cross-site request forgery (CSRF) vulnerability in IBM Security 
...)
        NOT-FOR-US: IBM
 CVE-2014-6167 (Cross-site scripting (XSS) vulnerability in the URL rewriting 
feature ...)
@@ -143425,8 +143445,8 @@ CVE-2014-6122 (IBM Security AppScan Enterprise 8.5 
before 8.5 IFix 002, 8.6 befo
        NOT-FOR-US: IBM
 CVE-2014-6121 (Cross-site scripting (XSS) vulnerability in IBM Security 
AppScan ...)
        NOT-FOR-US: IBM
-CVE-2014-6120
-       RESERVED
+CVE-2014-6120 (IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 
...)
+       TODO: check
 CVE-2014-6119 (IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 
before ...)
        NOT-FOR-US: IBM
 CVE-2014-6118



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d612da9a729d9f2aa3336c597a90054e42f6e6c9

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d612da9a729d9f2aa3336c597a90054e42f6e6c9
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to