Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 3c281f82 by security tracker role at 2018-04-20T20:10:26+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,21 @@ +CVE-2018-10250 (iCMS V7.0.8 has XSS via the admincp.php keywords parameter in a ...) + TODO: check +CVE-2018-10249 (baijiacms V3 has CSRF via ...) + TODO: check +CVE-2018-10248 (An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF ...) + TODO: check +CVE-2018-10247 + RESERVED +CVE-2018-10246 + RESERVED +CVE-2018-10245 (A Full Path Disclosure vulnerability in AWStats through 7.6 allows ...) + TODO: check +CVE-2018-10244 + RESERVED +CVE-2018-10243 + RESERVED +CVE-2018-10242 + RESERVED CVE-2018-XXXX [directory traversal flaw] - psensor 1.1.5-1 (bug #896195) NOTE: http://git.wpitchoune.net/gitweb/?p=psensor.git;a=commitdiff;h=8b10426dcc0246c1712a99460dd470dcb1cc4d9c @@ -81,8 +99,8 @@ CVE-2018-10203 RESERVED CVE-2018-10202 RESERVED -CVE-2018-10201 - RESERVED +CVE-2018-10201 (An issue was discovered in NcMonitorServer.exe in NC Monitor Server in ...) + TODO: check CVE-2017-18261 (The arch_timer_reg_read_stable macro in ...) - linux 4.13.4-1 NOTE: Fixed by: https://git.kernel.org/linus/adb4f11e0a8f4e29900adb2b7af28b6bbd5c1fa4 (4.13-rc6) @@ -286,7 +304,7 @@ CVE-2018-10122 (QingDao Nature Easy Soft Chanzhi Enterprise Portal System (aka . CVE-2018-10121 (plugins/box/pages/pages.admin.php in Monstra CMS 3.0.4 has a stored XSS ...) NOT-FOR-US: Monstra CMS CVE-2018-10120 (The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx ...) - {DLA-1356-1} + {DSA-4178-1 DLA-1356-1} - libreoffice 1:6.0.2-1 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6173 NOTE: https://gerrit.libreoffice.org/#/c/49486/ @@ -295,7 +313,7 @@ CVE-2018-10120 (The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolb NOTE: https://gerrit.libreoffice.org/gitweb?p=core.git;a=commit;h=017fcc2fcd00af17a97bd5463d89662404f57667 NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2018-10120/ CVE-2018-10119 (sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x ...) - {DLA-1356-1} + {DSA-4178-1 DLA-1356-1} - libreoffice 1:6.0.1-1 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5747 NOTE: https://gerrit.libreoffice.org/#/c/48751/ @@ -8425,8 +8443,8 @@ CVE-2018-6962 RESERVED CVE-2018-6961 RESERVED -CVE-2018-6960 - RESERVED +CVE-2018-6960 (VMware Horizon DaaS (7.x before 8.0.0) contains a broken ...) + TODO: check CVE-2018-6959 (VMware vRealize Automation (vRA) prior to 7.4.0 contains a ...) NOT-FOR-US: VMware vRealize Automation CVE-2018-6958 (VMware vRealize Automation (vRA) prior to 7.3.1 contains a ...) @@ -16750,19 +16768,19 @@ CVE-2018-3841 CVE-2018-3840 RESERVED CVE-2018-3839 (An exploitable code execution vulnerability exists in the XCF image ...) - {DLA-1341-1} + {DSA-4177-1 DLA-1341-1} - libsdl2-image 2.0.3+dfsg1-1 - sdl-image1.2 1.2.12-8 NOTE: https://hg.libsdl.org/SDL_image/rev/fb643e371806910f1973abfdfe7f981e8dba60f5 NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0521 CVE-2018-3838 (An exploitable information vulnerability exists in the XCF image ...) - {DLA-1341-1} + {DSA-4177-1 DLA-1341-1} - libsdl2-image 2.0.3+dfsg1-1 - sdl-image1.2 1.2.12-8 NOTE: https://hg.libsdl.org/SDL_image/rev/c5f9cbb5d2bbcb2150ba0596ea56b49efeed660d NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0520 CVE-2018-3837 (An exploitable information disclosure vulnerability exists in the PCX ...) - {DLA-1341-1} + {DSA-4177-1 DLA-1341-1} - libsdl2-image 2.0.3+dfsg1-1 - sdl-image1.2 1.2.12-8 NOTE: https://hg.libsdl.org/SDL_image/rev/2938fc80591abeae74b971cbdf966eff3213297e @@ -20006,17 +20024,17 @@ CVE-2018-2821 (Vulnerability in the PeopleSoft Enterprise PeopleTools component CVE-2018-2820 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...) NOT-FOR-US: Oracle CVE-2018-2819 (Vulnerability in the MySQL Server component of Oracle MySQL ...) - {DLA-1355-1} + {DSA-4176-1 DLA-1355-1} - mysql-5.7 <unfixed> (bug #895997) - mysql-5.5 <removed> NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL CVE-2018-2818 (Vulnerability in the MySQL Server component of Oracle MySQL ...) - {DLA-1355-1} + {DSA-4176-1 DLA-1355-1} - mysql-5.7 <unfixed> (bug #895997) - mysql-5.5 <removed> NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL CVE-2018-2817 (Vulnerability in the MySQL Server component of Oracle MySQL ...) - {DLA-1355-1} + {DSA-4176-1 DLA-1355-1} - mysql-5.7 <unfixed> (bug #895997) - mysql-5.5 <removed> NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL @@ -20037,7 +20055,7 @@ CVE-2018-2814 (Vulnerability in the Java SE, Java SE Embedded component of Oracl - openjdk-6 <removed> [wheezy] - openjdk-6 <end-of-life> CVE-2018-2813 (Vulnerability in the MySQL Server component of Oracle MySQL ...) - {DLA-1355-1} + {DSA-4176-1 DLA-1355-1} - mysql-5.7 <unfixed> (bug #895997) - mysql-5.5 <removed> NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL @@ -20149,7 +20167,7 @@ CVE-2018-2782 (Vulnerability in the MySQL Server component of Oracle MySQL ...) - mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7) NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL CVE-2018-2781 (Vulnerability in the MySQL Server component of Oracle MySQL ...) - {DLA-1355-1} + {DSA-4176-1 DLA-1355-1} - mysql-5.7 <unfixed> (bug #895997) - mysql-5.5 <removed> NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL @@ -20180,14 +20198,14 @@ CVE-2018-2775 (Vulnerability in the MySQL Server component of Oracle MySQL ...) CVE-2018-2774 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of ...) NOT-FOR-US: Oracle CVE-2018-2773 (Vulnerability in the MySQL Server component of Oracle MySQL ...) - {DLA-1355-1} + {DSA-4176-1 DLA-1355-1} - mysql-5.7 <unfixed> (bug #895997) - mysql-5.5 <removed> NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL CVE-2018-2772 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...) NOT-FOR-US: Oracle CVE-2018-2771 (Vulnerability in the MySQL Server component of Oracle MySQL ...) - {DLA-1355-1} + {DSA-4176-1 DLA-1355-1} - mysql-5.7 <unfixed> (bug #895997) - mysql-5.5 <removed> NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL @@ -20228,7 +20246,7 @@ CVE-2018-2762 (Vulnerability in the MySQL Server component of Oracle MySQL ...) - mysql-5.5 <not-affected> (Only affects MySQL 5.7) NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL CVE-2018-2761 (Vulnerability in the MySQL Server component of Oracle MySQL ...) - {DLA-1355-1} + {DSA-4176-1 DLA-1355-1} - mysql-5.7 <unfixed> (bug #895997) - mysql-5.5 <removed> NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL @@ -20247,7 +20265,7 @@ CVE-2018-2757 CVE-2018-2756 (Vulnerability in the Oracle Communications Order and Service ...) NOT-FOR-US: Oracle CVE-2018-2755 (Vulnerability in the MySQL Server component of Oracle MySQL ...) - {DLA-1355-1} + {DSA-4176-1 DLA-1355-1} - mysql-5.7 <unfixed> (bug #895997) - mysql-5.5 <removed> NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL @@ -24079,17 +24097,13 @@ CVE-2018-1294 (If a user of Commons-Email (typically an application programmer) NOTE: Fixed by: https://svn.apache.org/viewvc?view=revision&revision=1777030 CVE-2018-1293 RESERVED -CVE-2018-1292 - RESERVED +CVE-2018-1292 (Within the 'getReportType' method in Apache Fineract 1.0.0, ...) NOT-FOR-US: Apache Fineract -CVE-2018-1291 - RESERVED +CVE-2018-1291 (Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, ...) NOT-FOR-US: Apache Fineract -CVE-2018-1290 - RESERVED +CVE-2018-1290 (In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, ...) NOT-FOR-US: Apache Fineract -CVE-2018-1289 - RESERVED +CVE-2018-1289 (In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, ...) NOT-FOR-US: Apache Fineract CVE-2018-1288 RESERVED @@ -26838,8 +26852,8 @@ CVE-2018-0566 RESERVED CVE-2018-0565 RESERVED -CVE-2018-0564 - RESERVED +CVE-2018-0564 (Session fixation vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE ...) + TODO: check CVE-2018-0563 RESERVED CVE-2018-0562 (Untrusted search path vulnerability in Installer of SoundEngine Free ...) @@ -36026,20 +36040,21 @@ CVE-2017-14451 RESERVED CVE-2017-14450 [Simple DirectMedia Layer SDL2_Image LWZ Decompression Buffer Overflow Vulnerability] RESERVED - {DLA-1341-1} + {DSA-4177-1 DLA-1341-1} - libsdl2-image 2.0.3+dfsg1-1 - sdl-image1.2 1.2.12-8 NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0499 NOTE: https://hg.libsdl.org/SDL_image/rev/45e750f92c84 CVE-2017-14449 [Simple DirectMedia Layer SDL2_image do_layer_surface Double-Free Vulnerability] RESERVED + {DSA-4177-1} - libsdl2-image 2.0.3+dfsg1-1 - sdl-image1.2 <not-affected> (Vulnerable code not present) NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0498 NOTE: https://hg.libsdl.org/SDL_image/rev/d0142861559c CVE-2017-14448 [Simple DirectMedia Layer SDL2_image load_xcf_tile_rle Decompression Code Execution Vulnerability] RESERVED - {DLA-1341-1} + {DSA-4177-1 DLA-1341-1} - libsdl2-image 2.0.3+dfsg1-1 - sdl-image1.2 1.2.12-8 NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0497 @@ -36056,21 +36071,21 @@ CVE-2017-14443 RESERVED CVE-2017-14442 [Simple DirectMedia Layer SDL2_image Image Palette Population Code Execution Vulnerability] RESERVED - {DLA-1341-1} + {DSA-4177-1 DLA-1341-1} - libsdl2-image 2.0.3+dfsg1-1 - sdl-image1.2 1.2.12-8 NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0491 NOTE: https://hg.libsdl.org/SDL_image/rev/37445f6180a8 CVE-2017-14441 [Simple DirectMedia Layer SDL2_image ICO Pitch Handling Code Execution Vulnerability] RESERVED - {DLA-1341-1} + {DSA-4177-1 DLA-1341-1} - libsdl2-image 2.0.3+dfsg1-1 - sdl-image1.2 1.2.12-8 NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0490 NOTE: https://hg.libsdl.org/SDL_image/rev/a1e9b624ca10 CVE-2017-14440 [Simple DirectMedia Layer SDL2_image ILBM CMAP Parsing Code Execution Vulnerability] RESERVED - {DLA-1341-1} + {DSA-4177-1 DLA-1341-1} - libsdl2-image 2.0.3+dfsg1-1 - sdl-image1.2 1.2.12-8 NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0489 @@ -43027,7 +43042,7 @@ CVE-2017-12123 RESERVED CVE-2017-12122 [Simple DirectMedia Layer SDL2_Image IMG_LoadLBM_RW Code Execution Vulnerability] RESERVED - {DLA-1341-1} + {DSA-4177-1 DLA-1341-1} - libsdl2-image 2.0.3+dfsg1-1 - sdl-image1.2 1.2.12-8 NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0488 @@ -54289,8 +54304,8 @@ CVE-2017-8317 RESERVED CVE-2017-8316 RESERVED -CVE-2017-8315 - RESERVED +CVE-2017-8315 (Eclipse XML parser for the Eclipse IDE versions 2017.2.5 and earlier ...) + TODO: check CVE-2017-8314 (Directory Traversal in Zip Extraction built-in function in Kodi 17.1 ...) {DLA-1243-1} - kodi 2:17.1+dfsg1-3 (bug #863230) @@ -71722,7 +71737,7 @@ CVE-2017-2888 (An exploitable integer overflow vulnerability exists when creatin NOTE: https://hg.libsdl.org/SDL/rev/7e0f1498ddb5 NOTE: https://hg.libsdl.org/SDL/rev/81a4950907a0 CVE-2017-2887 (An exploitable buffer overflow vulnerability exists in the XCF ...) - {DLA-1134-1} + {DSA-4177-1 DLA-1134-1} - libsdl2-image 2.0.1+dfsg-4 (bug #878266) - sdl-image1.2 1.2.12-7 (bug #878267) NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0394 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3c281f820fce65c74ef472b992cc82bbff317d0f --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3c281f820fce65c74ef472b992cc82bbff317d0f You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits