Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
12f63dfd by security tracker role at 2018-01-30T21:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,7 @@
+CVE-2018-6404
+ RESERVED
+CVE-2018-6403
+ RESERVED
CVE-2018-6402
RESERVED
CVE-2018-6401
@@ -6,14 +10,14 @@ CVE-2018-6400
RESERVED
CVE-2018-6399
RESERVED
-CVE-2018-6398
- RESERVED
-CVE-2018-6397
- RESERVED
+CVE-2018-6398 (SQL Injection exists in the CP Event Calendar 3.0.1 component
for ...)
+ TODO: check
+CVE-2018-6397 (Directory Traversal exists in the Picture Calendar 3.1.4
component for ...)
+ TODO: check
CVE-2018-6396
RESERVED
-CVE-2018-6395
- RESERVED
+CVE-2018-6395 (SQL Injection exists in the Visual Calendar 3.1.3 component for
Joomla! ...)
+ TODO: check
CVE-2018-6394
RESERVED
CVE-2018-6393 (FreePBX 10.13.66-32bit allows post-authentication SQL injection
via the ...)
@@ -46,16 +50,16 @@ CVE-2018-6381 (In ZZIPlib 0.13.67, there is a segmentation
fault caused by inval
- zziplib <unfixed>
[wheezy] - zziplib <ignored> (Minor issue)
NOTE: https://github.com/gdraheim/zziplib/issues/12
-CVE-2018-6380
- RESERVED
-CVE-2018-6379
- RESERVED
+CVE-2018-6380 (In Joomla! before 3.8.4, lack of escaping in the module chromes
leads ...)
+ TODO: check
+CVE-2018-6379 (In Joomla! before 3.8.4, inadequate input filtering in the Uri
class ...)
+ TODO: check
CVE-2018-6378
RESERVED
-CVE-2018-6377
- RESERVED
-CVE-2018-6376
- RESERVED
+CVE-2018-6377 (In Joomla! before 3.8.4, inadequate input filtering in
com_fields leads ...)
+ TODO: check
+CVE-2018-6376 (In Joomla! before 3.8.4, the lack of type casting of a variable
in a ...)
+ TODO: check
CVE-2018-1000029
RESERVED
CVE-2018-1000026
@@ -140,8 +144,8 @@ CVE-2018-6357 (The acx_asmw_saveorder_callback function in
function.php in the .
NOT-FOR-US: acurax-social-media-widget plugin for WordPress
CVE-2018-6356
RESERVED
-CVE-2018-6355
- RESERVED
+CVE-2018-6355 (/goform/setLang on iBall 300M devices with
"iB-WRB302N_1.0.1-Sep 8 ...)
+ TODO: check
CVE-2018-6354 (templates/forms/thanks.html in Formspree before 2018-01-23
allows XSS ...)
NOT-FOR-US: Formspree
CVE-2018-6353 (The Python console in Electrum through 2.9.4 and 3.x through
3.0.5 ...)
@@ -489,11 +493,9 @@ CVE-2018-6200 (vBulletin 3.x.x and 4.2.x through 4.2.5 has
an open redirect via
NOT-FOR-US: vBulletin
CVE-2018-6199
RESERVED
-CVE-2018-6195
- RESERVED
+CVE-2018-6195 (admin/partials/wp-splashing-admin-main.php in the Splashing
Images ...)
NOT-FOR-US: WordPress plugin wp-splashing-images
-CVE-2018-6194
- RESERVED
+CVE-2018-6194 (A cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: WordPress plugin wp-splashing-images
CVE-2018-6193 (A Cross-Site Scripting (XSS) vulnerability was found in
Routers2 2.24, ...)
NOT-FOR-US: Routers2
@@ -2411,8 +2413,8 @@ CVE-2018-5443 (A SQL Injection issue was discovered in
Advantech WebAccess/SCADA
NOT-FOR-US: Advantech WebAccess/SCADA
CVE-2018-5442
RESERVED
-CVE-2018-5441
- RESERVED
+CVE-2018-5441 (An Improper Validation of Integrity Check Value issue was
discovered in ...)
+ TODO: check
CVE-2018-5440
RESERVED
CVE-2018-5439
@@ -3265,7 +3267,7 @@ CVE-2018-5118
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5118
CVE-2018-5117
RESERVED
- {DSA-4096-1 DLA-1262-1 DLA-1256-1}
+ {DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
- thunderbird 1:52.6.0-1
@@ -3322,7 +3324,7 @@ CVE-2018-5105
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5105
CVE-2018-5104
RESERVED
- {DSA-4096-1 DLA-1262-1 DLA-1256-1}
+ {DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
- thunderbird 1:52.6.0-1
@@ -3331,7 +3333,7 @@ CVE-2018-5104
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5104
CVE-2018-5103
RESERVED
- {DSA-4096-1 DLA-1262-1 DLA-1256-1}
+ {DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
- thunderbird 1:52.6.0-1
@@ -3340,7 +3342,7 @@ CVE-2018-5103
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5103
CVE-2018-5102
RESERVED
- {DSA-4096-1 DLA-1262-1 DLA-1256-1}
+ {DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
- thunderbird 1:52.6.0-1
@@ -3357,7 +3359,7 @@ CVE-2018-5100
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5100
CVE-2018-5099
RESERVED
- {DSA-4096-1 DLA-1262-1 DLA-1256-1}
+ {DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
- thunderbird 1:52.6.0-1
@@ -3366,7 +3368,7 @@ CVE-2018-5099
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5099
CVE-2018-5098
RESERVED
- {DSA-4096-1 DLA-1262-1 DLA-1256-1}
+ {DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
- thunderbird 1:52.6.0-1
@@ -3375,7 +3377,7 @@ CVE-2018-5098
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5098
CVE-2018-5097
RESERVED
- {DSA-4096-1 DLA-1262-1 DLA-1256-1}
+ {DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
- thunderbird 1:52.6.0-1
@@ -3384,14 +3386,14 @@ CVE-2018-5097
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5097
CVE-2018-5096
RESERVED
- {DSA-4096-1 DLA-1262-1 DLA-1256-1}
+ {DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
- firefox-esr 52.6.0esr-1
- thunderbird 1:52.6.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5096
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5096
CVE-2018-5095
RESERVED
- {DSA-4096-1 DLA-1262-1 DLA-1256-1}
+ {DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
- skia <itp> (bug #818180)
@@ -3413,7 +3415,7 @@ CVE-2018-5092
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5092
CVE-2018-5091
RESERVED
- {DSA-4096-1 DLA-1256-1}
+ {DSA-4102-1 DSA-4096-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5091
@@ -3424,7 +3426,7 @@ CVE-2018-5090
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5090
CVE-2018-5089
RESERVED
- {DSA-4096-1 DLA-1262-1 DLA-1256-1}
+ {DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
- thunderbird 1:52.6.0-1
@@ -3938,7 +3940,7 @@ CVE-2017-1000482 (A member of the Plone 2.5-5.1rc1 site
could set javascript in
CVE-2017-1000481 (When you visit a page where you need to login, Plone
2.5-5.1rc1 sends ...)
NOT-FOR-US: Plone
CVE-2017-1000480 (Smarty 3 before 3.1.32 is vulnerable to a PHP code injection
when ...)
- {DSA-4094-1 DLA-1249-1}
+ {DSA-4094-2 DSA-4094-1 DLA-1249-1}
- smarty <removed>
- smarty3 3.1.31+20161214.1.c7d42e4+selfpack1-3 (bug #886460)
NOTE:
https://github.com/smarty-php/smarty/commit/614ad1f8b9b00086efc123e49b7bb8efbfa81b61
@@ -6578,8 +6580,7 @@ CVE-2018-3710 [Remote Code Execution Vulnerability in
GitLab Projects Import]
NOTE:
https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
CVE-2017-17970 (Multiple SQL injection vulnerabilities in Muviko 1.1 allow
remote ...)
NOT-FOR-US: Muviko
-CVE-2017-17969 [ZIP Shrink: Heap Buffer Overflow]
- RESERVED
+CVE-2017-17969 (Heap-based buffer overflow in the ...)
- p7zip 16.02+dfsg-5 (bug #888297)
NOTE:
https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/
NOTE: fixed in upstream 18.00-beta, backport available for testing in
bug#888297
@@ -18514,7 +18515,7 @@ CVE-2017-1000143 (Mahara 1.8 before 1.8.7 and 1.9
before 1.9.5 and 1.10 before 1
CVE-2017-1000142 (Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before
1.10.3 ...)
- mahara <removed>
CVE-2017-1000141
- RESERVED
+ REJECTED
CVE-2017-1000140 (Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before
1.10.3 ...)
- mahara <removed>
CVE-2017-1000139 (Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before
1.10.3 ...)
@@ -22526,6 +22527,7 @@ CVE-2017-15107 (A vulnerability was found in the
implementation of DNSSEC in Dns
CVE-2017-15106
RESERVED
CVE-2017-15105 (A flaw was found in the way unbound before 1.6.8 validated ...)
+ {DLA-1264-1}
- unbound <unfixed> (bug #887733)
NOTE: https://unbound.net/downloads/CVE-2017-15105.txt
NOTE: https://unbound.net/downloads/patch_cve_2017_15105.diff
@@ -62992,8 +62994,8 @@ CVE-2017-1733
RESERVED
CVE-2017-1732
RESERVED
-CVE-2017-1731
- RESERVED
+CVE-2017-1731 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could
provide ...)
+ TODO: check
CVE-2017-1730
RESERVED
CVE-2017-1729
@@ -76646,10 +76648,10 @@ CVE-2016-6601 (Directory traversal vulnerability in
the file download functional
NOT-FOR-US: ZOHO WebNMS
CVE-2016-6600 (Directory traversal vulnerability in the file upload
functionality in ...)
NOT-FOR-US: ZOHO WebNMS
-CVE-2016-6599
- RESERVED
-CVE-2016-6598
- RESERVED
+CVE-2016-6599 (BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated
.NET ...)
+ TODO: check
+CVE-2016-6598 (BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated
.NET ...)
+ TODO: check
CVE-2016-6597 (Sophos EAS Proxy before 6.2.0 for Sophos Mobile Control, when
Lotus ...)
NOT-FOR-US: Sophos EAS Proxy
NOTE:
https://www.pallas.com/advisories/sophos_eas_open_reverse_proxy_vulnerability
@@ -136104,8 +136106,8 @@ CVE-2014-4707 (Huawei Campus S7700 with software
V200R001C00SPC300, ...)
NOT-FOR-US: Huawei
CVE-2014-4706 (Huawei Campus S3700HI with software V200R001C00SPC300; Campus
S5700 ...)
NOT-FOR-US: Huawei
-CVE-2014-4705
- RESERVED
+CVE-2014-4705 (Multiple heap-based buffer overflows in the eSap software
platform in ...)
+ TODO: check
CVE-2014-4704
RESERVED
CVE-2013-7388 (Heap-based buffer overflow in paintlib, as used in Trimble
SketchUp ...)
@@ -192262,8 +192264,7 @@ CVE-2011-2904 (Cross-site scripting (XSS)
vulnerability in acknow.php in Zabbix
CVE-2011-2903 (Heap-based buffer overflow in tcptrack before 1.4.2 might allow
...)
- tcptrack 1.4.2-1 (unimportant; bug #551092)
NOTE: https://bugs.gentoo.org/show_bug.cgi?id=377917
-CVE-2011-2902 [xpdf: insecure tempfile usage]
- RESERVED
+CVE-2011-2902 (zxpdf in xpdf before 3.02-19 as packaged in Debian unstable and
...)
- xpdf 3.02-19 (low; bug #635849)
[lenny] - xpdf <no-dsa> (zxpdf script is indeed affected, but it's not
associated with pdf handling by default, so not a concern for remote abuse)
[squeeze] - xpdf 3.02-12+squeeze1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/12f63dfde81f7ab402b4df693adba46569f4cd89
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/12f63dfde81f7ab402b4df693adba46569f4cd89
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
