Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3ac58c53 by security tracker role at 2018-05-05T08:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,11 @@
+CVE-2018-10754 (In ncurses before 6.1.20180414, there is a NULL Pointer
Dereference in ...)
+ TODO: check
+CVE-2018-10753 (Stack-based buffer overflow in the delayed_output function in
music.c ...)
+ TODO: check
+CVE-2018-10752 (The Tagregator plugin 0.6 for WordPress has stored XSS via the
title ...)
+ TODO: check
+CVE-2018-10751
+ RESERVED
CVE-2018-10750 (An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An
...)
NOT-FOR-US: D-Link
CVE-2018-10749 (An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An
...)
@@ -1162,8 +1170,8 @@ CVE-2018-10253 (Paessler PRTG Network Monitor before
18.1.39.1648 mishandles sta
NOT-FOR-US: Paessler PRTG Network Monitor
CVE-2018-10252
RESERVED
-CVE-2018-10251
- RESERVED
+CVE-2018-10251 (A vulnerability in Sierra Wireless AirLink GX400, GX440,
ES440, and ...)
+ TODO: check
CVE-2018-10250 (iCMS V7.0.8 has XSS via the admincp.php keywords parameter in
a ...)
NOT-FOR-US: iCMS
CVE-2018-10249 (baijiacms V3 has CSRF via ...)
@@ -1212,8 +1220,8 @@ CVE-2018-10231
RESERVED
CVE-2018-10230 (Zend Debugger in Zend Server before 9.1.3 has XSS, aka
ZSR-2455. ...)
NOT-FOR-US: Zend Server
-CVE-2018-10229
- RESERVED
+CVE-2018-10229 (A hardware vulnerability in GPU memory modules allows
attackers to ...)
+ TODO: check
CVE-2018-10228
RESERVED
CVE-2018-10227 (MiniCMS v1.10 has XSS via the mc-admin/conf.php site_link
parameter. ...)
@@ -3760,8 +3768,8 @@ CVE-2018-9156 (** DISPUTED ** An issue was discovered on
AXIS P1354 (IP camera)
NOT-FOR-US: AXIS
CVE-2018-9155 (Cross-site scripting (XSS) vulnerability in Open-AudIT
Professional ...)
NOT-FOR-US: Open-AudIT Professional
-CVE-2018-9154
- RESERVED
+CVE-2018-9154 (There is a reachable abort in the function jpc_dec_process_sot
in ...)
+ TODO: check
CVE-2018-9153 (The plugin upload component in Z-BlogPHP 1.5.1 allows remote
attackers ...)
NOT-FOR-US: Z-BlogPHP
CVE-2017-18255 (The perf_cpu_time_max_percent_handler function in
kernel/events/core.c ...)
@@ -35581,8 +35589,8 @@ CVE-2017-15045 (LAME 3.99.5 has a heap-based buffer
over-read in fill_buffer in
NOTE: severity:unimportant for stretch onwards, but we don't have
suite-specific severity annotations
CVE-2017-15044 (The default installation of DocuWare Fulltext Search server
through ...)
NOT-FOR-US: DocuWare Fulltext Search server
-CVE-2017-15043
- RESERVED
+CVE-2017-15043 (A vulnerability in Sierra Wireless AirLink GX400, GX440,
ES440, and ...)
+ TODO: check
CVE-2017-15042 (An unintended cleartext issue exists in Go before 1.8.4 and
1.9.x ...)
- golang-1.9 1.9.1-1
- golang-1.8 1.8.4-1
@@ -55572,17 +55580,20 @@ CVE-2017-8376 (GeniXCMS 1.0.2 has XSS triggered by an
authenticated comment that
CVE-2017-8375
RESERVED
CVE-2017-8374 (The mad_bit_skip function in bit.c in Underbit MAD libmad
0.15.1b ...)
+ {DSA-4192-1}
- libmad 0.15.1b-9
NOTE:
https://blogs.gentoo.org/ago/2017/04/30/libmad-heap-based-buffer-overflow-in-mad_bit_skip-bit-c/
NOTE: The patch from #508133 fixed things related to this, but did not
fix this.
NOTE: Patch in 0.15.1b-9:
libmad-0.15.1b/debian/patches/length-check.patch
CVE-2017-8373 (The mad_layer_III function in layer3.c in Underbit MAD libmad
0.15.1b ...)
+ {DSA-4192-1}
- libmad 0.15.1b-9 (bug #287519)
NOTE:
https://blogs.gentoo.org/ago/2017/04/30/libmad-heap-based-buffer-overflow-in-mad_layer_iii-layer3-c/
NOTE: The patch from #508133 applied in 0.15.1b-4 only partially fixed
it
NOTE: "Duplicate with"/basically same as CVE-2017-8372
NOTE: Patch in 0.15.1b-9: libmad-0.15.1b/debian/patches/md_size.diff
CVE-2017-8372 (The mad_layer_III function in layer3.c in Underbit MAD libmad
0.15.1b, ...)
+ {DSA-4192-1}
- libmad 0.15.1b-9 (bug #287519)
NOTE:
https://blogs.gentoo.org/ago/2017/04/30/libmad-assertion-failure-in-layer3-c/
NOTE: The patch from #508133 applied in 0.15.1b-4 only partially fixed
it
@@ -174952,8 +174963,7 @@ CVE-2013-2234 (The (1) key_notify_sa_flush and (2)
key_notify_policy_flush funct
{DSA-2766-1 DSA-2745-1}
- linux-2.6 <removed>
- linux 3.10.1-1
-CVE-2013-2233 [not caching SSH host keys]
- RESERVED
+CVE-2013-2233 (Ansible before 1.2.1 makes it easier for remote attackers to
conduct ...)
- ansible 1.3.4+dfsg-1 (bug #714822)
NOTE: https://github.com/ansible/ansible/issues/857
CVE-2013-2232 (The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the
Linux ...)
@@ -183867,8 +183877,7 @@ CVE-2012-5630 [TOCTOU race conditions by copying and
removing directory trees]
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=884685#c31
CVE-2012-5629 (The default configuration of the (1) LdapLoginModule and (2)
...)
- jbossas4 <not-affected> (Only builds a few libraries, not the full
application server, #581226)
-CVE-2012-5628
- RESERVED
+CVE-2012-5628 (gofer before 0.68 uses world-writable permissions for ...)
NOT-FOR-US: gofer component of PULP project
CVE-2012-5627 (Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before
5.3.12, and ...)
- mariadb-5.5 <not-affected> (Fixed before initial upload to archive)
@@ -211583,8 +211592,7 @@ CVE-2011-0706 (The JNLPClassLoader class in
IcedTea-Web before 1.0.1, as used in
CVE-2011-0705 [path traversal in SimpleHTTPServer]
RESERVED
NOTE: Will be rejected
-CVE-2011-0704
- RESERVED
+CVE-2011-0704 (389 Directory Server 1.2.7.5, when built with mozldap, allows
remote ...)
NOT-FOR-US: 389 Directory Server
CVE-2011-0703
RESERVED
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3ac58c53d41412c5926a6c7ba8b1c427c74572bf
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3ac58c53d41412c5926a6c7ba8b1c427c74572bf
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
