Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e9e160e3 by security tracker role at 2018-11-21T08:10:18Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,49 @@
+CVE-2018-19408
+ RESERVED
+CVE-2018-19407 (The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the
Linux kernel ...)
+ TODO: check
+CVE-2018-19406 (kvm_pv_send_ipi in arch/x86/kvm/lapic.c in the Linux kernel
through ...)
+ TODO: check
+CVE-2018-19405
+ RESERVED
+CVE-2018-19404 (In YXcms 1.4.7,
protected/apps/appmanage/controller/indexController.php ...)
+ TODO: check
+CVE-2018-19403
+ RESERVED
+CVE-2018-19402
+ RESERVED
+CVE-2018-19401
+ RESERVED
+CVE-2018-19400
+ RESERVED
+CVE-2018-19399
+ RESERVED
+CVE-2018-19398
+ RESERVED
+CVE-2018-19397
+ RESERVED
+CVE-2018-19396 (ext/standard/var_unserializer.c in PHP 5.x through 7.1.24
allows ...)
+ TODO: check
+CVE-2018-19395 (ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows
...)
+ TODO: check
+CVE-2018-19394
+ RESERVED
+CVE-2018-19393
+ RESERVED
+CVE-2018-19392
+ RESERVED
+CVE-2018-19391
+ RESERVED
+CVE-2018-19390 (FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote
attackers to ...)
+ TODO: check
+CVE-2018-19389 (FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote
attackers to ...)
+ TODO: check
+CVE-2018-19388 (FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote
attackers to ...)
+ TODO: check
+CVE-2018-19387 (format_cb_pane_tabs in format.c in tmux 2.7 through 2.8 might
allow ...)
+ TODO: check
+CVE-2018-19386
+ RESERVED
CVE-2018-19385
RESERVED
CVE-2018-19384
@@ -16,8 +62,8 @@ CVE-2018-19378
RESERVED
CVE-2018-19377
RESERVED
-CVE-2018-19376
- RESERVED
+CVE-2018-19376 (An issue was discovered in GreenCMS v2.3.0603. There is a CSRF
...)
+ TODO: check
CVE-2018-19375
RESERVED
CVE-2018-19374
@@ -2308,7 +2354,7 @@ CVE-2018-18546 (ThinkPHP 3.2.4 has SQL Injection via the
order parameter because
NOT-FOR-US: ThinkPHP
CVE-2018-18545 (Fiyo CMS 2.0.7 has XSS via the
dapur\apps\app_user\edit_user.php name ...)
NOT-FOR-US: Fiyo CMS
-CVE-2018-18544 (There is a memory leak in the function WriteMSLImage of
coders/msl.c in ...)
+CVE-2018-18544 (There is a memory leak in the function WriteMSLImage of
coders/msl.c ...)
- imagemagick 8:6.9.10.14+dfsg-1 (unimportant)
- graphicsmagick 1.3.31-1 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1360
@@ -41265,6 +41311,7 @@ CVE-2018-4015
CVE-2018-4014
RESERVED
CVE-2018-4013 (An exploitable code execution vulnerability exists in the HTTP
...)
+ {DLA-1582-1}
- liblivemedia 2018.10.17-1
NOTE:
http://lists.live555.com/pipermail/live-devel/2018-October/021071.html
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0684
@@ -62607,6 +62654,7 @@ CVE-2017-14134 (A Reflected XSS Vulnerability affects
the forgotten password pag
CVE-2017-14133
RESERVED
CVE-2017-14132 (JasPer 2.0.13 allows remote attackers to cause a denial of
service ...)
+ {DLA-1583-1}
- jasper <removed> (low)
[wheezy] - jasper <ignored> (Minor issue)
NOTE: https://github.com/mdadams/jasper/issues/147
@@ -63639,6 +63687,7 @@ CVE-2017-13749 (There is a reachable assertion abort in
the function jpc_pi_next
- jasper <removed> (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1485285
CVE-2017-13748 (There are lots of memory leaks in JasPer 2.0.12, triggered in
the ...)
+ {DLA-1583-1}
- jasper <removed> (low)
[wheezy] - jasper <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1485287
@@ -106728,6 +106777,7 @@ CVE-2016-8691 (The jpc_dec_process_siz function in
libjasper/jpc/jpc_dec.c in Ja
NOTE: Fixed by:
https://github.com/mdadams/jasper/commit/d8c2604cd438c41ec72aff52c16ebd8183068020
(version-1.900.4)
NOTE: Not suitable for code injection, hardly denial of service
CVE-2016-8690 (The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer
before ...)
+ {DLA-1583-1}
- jasper <removed> (low; bug #841112)
[wheezy] - jasper <no-dsa> (Minor issue)
NOTE: CVE ID for the first and fifth items of
http://www.openwall.com/lists/oss-security/2016/08/23/6 post
@@ -144739,6 +144789,7 @@ CVE-2015-5223 (OpenStack Object Storage (Swift)
before 2.4.0 allows attackers to
CVE-2015-5222 (Red Hat OpenShift Enterprise 3.0.0.0 does not properly check
...)
NOT-FOR-US: OpenShift
CVE-2015-5221 (Use-after-free vulnerability in the mif_process_cmpt function
in ...)
+ {DLA-1583-1}
- jasper <removed> (bug #796253)
[wheezy] - jasper <no-dsa> (Minor issue)
[squeeze] - jasper <no-dsa> (Minor issue)
@@ -144803,6 +144854,7 @@ CVE-2015-5205
CVE-2015-5204 (CRLF injection vulnerability in the Apache Cordova File
Transfer ...)
NOT-FOR-US: Apache Cordova Android File Transfer Plugin
CVE-2015-5203 (Double free vulnerability in the jasper_image_stop_load
function in ...)
+ {DLA-1583-1}
- jasper <removed> (bug #796107)
[wheezy] - jasper <no-dsa> (Minor issue)
[squeeze] - jasper <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e9e160e344a0ca94bdbf166990b5b4b64bb0a27a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e9e160e344a0ca94bdbf166990b5b4b64bb0a27a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
