Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 642a20f1 by security tracker role at 2018-02-23T21:10:17+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,33 @@ +CVE-2018-7443 + RESERVED +CVE-2018-7434 + RESERVED +CVE-2018-7433 + RESERVED +CVE-2018-7432 + RESERVED +CVE-2018-7431 + RESERVED +CVE-2018-7430 + RESERVED +CVE-2018-7429 + RESERVED +CVE-2018-7428 + RESERVED +CVE-2018-7427 + RESERVED +CVE-2018-7426 + RESERVED +CVE-2018-7425 + RESERVED +CVE-2018-7424 + RESERVED +CVE-2018-7423 + RESERVED +CVE-2017-18195 + RESERVED +CVE-2012-6709 (ELinks 0.12 and Twibright Links 2.3 have Missing SSL Certificate ...) + TODO: check CVE-2018-7422 RESERVED CVE-2018-7421 @@ -13,18 +43,23 @@ CVE-2018-7417 CVE-2018-7416 RESERVED CVE-2018-7439 [heap-buffer-overflow in freexl.c:3912 read_mini_biff_next_record] + RESERVED - freexl 1.0.5-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547892 CVE-2018-7438 [heap-buffer-overflow in freexl.c:383 parse_unicode_string] + RESERVED - freexl 1.0.5-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547889 CVE-2018-7437 [heap-buffer-overflow in freexl.c:1866 parse_SST] + RESERVED - freexl 1.0.5-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547885 CVE-2018-7436 [heap-buffer-overflow in freexl.c:1805 parse_SST parse_SST] + RESERVED - freexl 1.0.5-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547883 CVE-2018-7435 [heap-buffer-overflow in freexl::destroy_cell] + RESERVED - freexl 1.0.5-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547879 CVE-2018-7415 @@ -179,8 +214,8 @@ CVE-2018-7341 RESERVED CVE-2018-7340 RESERVED -CVE-2018-7339 - RESERVED +CVE-2018-7339 (The MP4Atom class in mp4atom.cpp in MP4v2 through 2.0.0 mishandles ...) + TODO: check CVE-2017-18194 (SQL injection vulnerability in users/signup.php in the "signup" ...) NOT-FOR-US: HamayeshNegar CMS CVE-2017-18193 (fs/f2fs/extent_cache.c in the Linux kernel before 4.13 mishandles ...) @@ -1491,12 +1526,12 @@ CVE-2018-6869 (In ZZIPlib 0.13.68, there is an uncontrolled memory allocation an [stretch] - zziplib <no-dsa> (Minor issue) [jessie] - zziplib <no-dsa> (Minor issue) NOTE: https://github.com/gdraheim/zziplib/issues/22 -CVE-2018-6868 - RESERVED -CVE-2018-6867 - RESERVED -CVE-2018-6866 - RESERVED +CVE-2018-6868 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Slickdeals / ...) + TODO: check +CVE-2018-6867 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Alibaba Clone ...) + TODO: check +CVE-2018-6866 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Learning and ...) + TODO: check CVE-2018-6865 RESERVED CVE-2018-6864 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Multi religion ...) @@ -1509,8 +1544,8 @@ CVE-2018-6861 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Lawyer Sear NOT-FOR-US: PHP Scripts Mall Lawyer Search Script CVE-2018-6860 (Arbitrary File Upload and Remote Code Execution exist in PHP Scripts ...) NOT-FOR-US: PHP Scripts Mall Schools Alert Management Script -CVE-2018-6859 - RESERVED +CVE-2018-6859 (SQL Injection exists in PHP Scripts Mall Schools Alert Management ...) + TODO: check CVE-2018-6858 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Facebook Clone ...) NOT-FOR-US: PHP Scripts Mall Facebook Clone Script CVE-2018-6857 @@ -1743,8 +1778,7 @@ CVE-2018-6767 (A stack-based buffer over-read in the ParseRiffHeaderConfig funct [wheezy] - wavpack <not-affected> (Vulnerable code introduced later in 4.80.0) NOTE: https://github.com/dbry/WavPack/issues/27 NOTE: https://github.com/dbry/WavPack/commit/d5bf76b5a88d044a1be1d5656698e3ba737167e5 -CVE-2018-6764 [guest could inject executable code via libnss_dns.so loaded by libvirt_lxc before init] - RESERVED +CVE-2018-6764 (util/virlog.c in libvirt does not properly determine the hostname on ...) - libvirt 4.0.0-2 (bug #889839) [stretch] - libvirt <no-dsa> (Minor issue) [jessie] - libvirt <no-dsa> (Minor issue) @@ -9030,14 +9064,17 @@ CVE-2018-3838 CVE-2018-3837 RESERVED CVE-2018-7442 [path traversal or file overwrite] + RESERVED - leptonlib <unfixed> NOTE: https://lists.debian.org/debian-lts/2018/02/msg00086.html CVE-2018-7441 [insecure use of /tmp] + RESERVED - leptonlib <unfixed> NOTE: https://lists.debian.org/debian-lts/2018/02/msg00054.html CVE-2017-18196 - leptonlib 1.74.4-2 (bug #885704) CVE-2018-7440 [command injection via $(command)] + RESERVED - leptonlib <unfixed> NOTE: https://github.com/DanBloomberg/leptonica/issues/303#issuecomment-366472212 NOTE: https://github.com/DanBloomberg/leptonica/pull/313/commits/49ecb6c2dfd6ed5078c62f4a8eeff03e3beced3b @@ -18781,12 +18818,12 @@ CVE-2018-0522 RESERVED CVE-2018-0521 RESERVED -CVE-2018-0520 - RESERVED -CVE-2018-0519 - RESERVED -CVE-2018-0518 - RESERVED +CVE-2018-0520 (Cross-site request forgery (CSRF) vulnerability in FS010W firmware ...) + TODO: check +CVE-2018-0519 (Cross-site scripting vulnerability in FS010W firmware FS010W_00_V1.3.0 ...) + TODO: check +CVE-2018-0518 (LINE for iOS version 7.1.3 to 7.1.5 does not verify X.509 certificates ...) + TODO: check CVE-2018-0517 (Untrusted search path vulnerability in Anshin net security for Windows ...) NOT-FOR-US: Anshin net security for Windows CVE-2018-0516 (Untrusted search path vulnerability in FLET'S v4 / v6 address ...) @@ -20029,7 +20066,7 @@ CVE-2017-16908 (In Horde Groupware 5.2.19, there is XSS via the Name field durin - php-horde <undetermined> NOTE: http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html TODO: check -CVE-2017-16907 (In Horde Groupware 5.2.19, there is XSS via the Color field in a Create ...) +CVE-2017-16907 (In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field ...) - php-horde <undetermined> NOTE: http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html TODO: check @@ -48946,7 +48983,7 @@ CVE-2017-7495 (fs/ext4/inode.c in the Linux kernel before 4.6.2, when ext4 ...) [jessie] - linux 3.16.39-1 [wheezy] - linux <not-affected> (Vulnerable code introduced later) NOTE: Fixed by: https://git.kernel.org/linus/06bd3c36a733ac27962fea7d6f47168841376824 -CVE-2017-7494 (Samba since version 3.5.0 is vulnerable to remote code execution ...) +CVE-2017-7494 (Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is ...) {DSA-3860-1 DLA-951-1} - samba 2:4.5.8+dfsg-2 NOTE: https://www.samba.org/samba/security/CVE-2017-7494.html @@ -143359,10 +143396,10 @@ CVE-2014-3210 (SQL injection vulnerability in dopbs-backend-forms.php in the Boo NOT-FOR-US: WordPress plugin Booking System CVE-2014-3208 RESERVED -CVE-2014-3206 - RESERVED -CVE-2014-3205 - RESERVED +CVE-2014-3206 (Seagate BlackArmor NAS allows remote attackers to execute arbitrary ...) + TODO: check +CVE-2014-3205 (backupmgt/pre_connect_check.php in Seagate BlackArmor NAS contains a ...) + TODO: check CVE-2014-3204 (Unity before 7.2.1, as used in Ubuntu 14.04, does not properly handle ...) NOT-FOR-US: Unity CVE-2014-3203 (Unity before 7.2.1, as used in Ubuntu 14.04, does not properly ...) @@ -166248,7 +166285,7 @@ CVE-2013-1937 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOTE: http://seclists.org/fulldisclosure/2013/Apr/100 NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/79089c9bc02c82c15419fd9d6496b8781ae08a5a CVE-2013-1936 - RESERVED + REJECTED CVE-2013-1935 (A certain Red Hat patch to the KVM subsystem in the kernel package ...) - linux <not-affected> (RHEL-specific backport regression) - linux-2.6 <not-affected> (RHEL-specific backport regression) @@ -260998,7 +261035,7 @@ CVE-2007-1349 (PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm [etch] - libapache2-mod-perl2 <no-dsa> (Minor issue) [etch] - apache 1.3.34-4.1+etch1 CVE-2007-1348 - RESERVED + REJECTED CVE-2007-1347 (Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and ...) NOT-FOR-US: Microsoft Windows Explorer CVE-2007-1346 (Unspecified vulnerability in ipmitool for Sun Fire X2100M2 and X2200M2 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/642a20f183e76f797f329371173b1662169482ac --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/642a20f183e76f797f329371173b1662169482ac You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits