Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
49218f03 by security tracker role at 2018-02-24T09:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,7 +1,55 @@
-CVE-2018-7443
+CVE-2018-7464
RESERVED
-CVE-2018-7434
+CVE-2018-7463
RESERVED
+CVE-2018-7462
+ RESERVED
+CVE-2018-7461
+ RESERVED
+CVE-2018-7460
+ RESERVED
+CVE-2018-7459
+ RESERVED
+CVE-2018-7458
+ RESERVED
+CVE-2018-7457
+ RESERVED
+CVE-2018-7456 (A NULL Pointer Dereference occurs in the function
TIFFPrintDirectory in ...)
+ TODO: check
+CVE-2018-7455 (An out-of-bounds read in JPXStream::readTilePart in
JPXStream.cc in ...)
+ TODO: check
+CVE-2018-7454 (A NULL pointer dereference in XFAForm::scanFields in XFAForm.cc
in xpdf ...)
+ TODO: check
+CVE-2018-7453 (Infinite recursion in AcroForm::scanField in AcroForm.cc in
xpdf 4.00 ...)
+ TODO: check
+CVE-2018-7452 (A NULL pointer dereference in JPXStream::fillReadBuf in
JPXStream.cc in ...)
+ TODO: check
+CVE-2018-7451
+ RESERVED
+CVE-2018-7450
+ RESERVED
+CVE-2018-7449
+ RESERVED
+CVE-2018-7448
+ RESERVED
+CVE-2018-7447 (mojoPortal through 2.6.0.0 is prone to multiple persistent
cross-site ...)
+ TODO: check
+CVE-2018-7446
+ RESERVED
+CVE-2018-7445
+ RESERVED
+CVE-2018-7444
+ RESERVED
+CVE-2017-18199 (realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows
remote ...)
+ TODO: check
+CVE-2017-18198 (print_iso9660_recurse in iso-info.c in GNU libcdio before
1.0.0 allows ...)
+ TODO: check
+CVE-2017-18197 (In mxGraphViewImageReader.java in mxGraph before 3.7.6, the
...)
+ TODO: check
+CVE-2018-7443 (The ReadTIFFImage function in coders/tiff.c in ImageMagick
7.0.7-23 Q16 ...)
+ TODO: check
+CVE-2018-7434 (zzcms 8.2 allows remote attackers to discover the full path via
a ...)
+ TODO: check
CVE-2018-7433
RESERVED
CVE-2018-7432
@@ -33,36 +81,31 @@ CVE-2012-6709 (ELinks 0.12 and Twibright Links 2.3 have
Missing SSL Certificate
TODO: Check elinks, we compile with GnuTLS
CVE-2018-7422
RESERVED
-CVE-2018-7421
- RESERVED
-CVE-2018-7420
- RESERVED
-CVE-2018-7419
- RESERVED
-CVE-2018-7418
- RESERVED
-CVE-2018-7417
- RESERVED
+CVE-2018-7421 (In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the DMP
dissector ...)
+ TODO: check
+CVE-2018-7420 (In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the pcapng
file parser ...)
+ TODO: check
+CVE-2018-7419 (In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the NBAP
dissector ...)
+ TODO: check
+CVE-2018-7418 (In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP
dissector ...)
+ TODO: check
+CVE-2018-7417 (In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the IPMI
dissector ...)
+ TODO: check
CVE-2018-7416
RESERVED
-CVE-2018-7439 [heap-buffer-overflow in freexl.c:3912
read_mini_biff_next_record]
- RESERVED
+CVE-2018-7439 (An issue was discovered in FreeXL before 1.0.5. There is a
heap-based ...)
- freexl 1.0.5-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547892
-CVE-2018-7438 [heap-buffer-overflow in freexl.c:383 parse_unicode_string]
- RESERVED
+CVE-2018-7438 (An issue was discovered in FreeXL before 1.0.5. There is a
heap-based ...)
- freexl 1.0.5-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547889
-CVE-2018-7437 [heap-buffer-overflow in freexl.c:1866 parse_SST]
- RESERVED
+CVE-2018-7437 (An issue was discovered in FreeXL before 1.0.5. There is a
heap-based ...)
- freexl 1.0.5-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547885
-CVE-2018-7436 [heap-buffer-overflow in freexl.c:1805 parse_SST parse_SST]
- RESERVED
+CVE-2018-7436 (An issue was discovered in FreeXL before 1.0.5. There is a
heap-based ...)
- freexl 1.0.5-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547883
-CVE-2018-7435 [heap-buffer-overflow in freexl::destroy_cell]
- RESERVED
+CVE-2018-7435 (An issue was discovered in FreeXL before 1.0.5. There is a
heap-based ...)
- freexl 1.0.5-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547879
CVE-2018-7415
@@ -238,42 +281,42 @@ CVE-2018-XXXX [SA-CORE-2018-001: JavaScript cross-site
scripting prevention is i
NOTE: https://www.drupal.org/sa-core-2018-001
CVE-2018-7338
RESERVED
-CVE-2018-7337
- RESERVED
-CVE-2018-7336
- RESERVED
-CVE-2018-7335
- RESERVED
-CVE-2018-7334
- RESERVED
-CVE-2018-7333
- RESERVED
-CVE-2018-7332
- RESERVED
-CVE-2018-7331
- RESERVED
-CVE-2018-7330
- RESERVED
-CVE-2018-7329
- RESERVED
-CVE-2018-7328
- RESERVED
-CVE-2018-7327
- RESERVED
-CVE-2018-7326
- RESERVED
-CVE-2018-7325
- RESERVED
-CVE-2018-7324
- RESERVED
-CVE-2018-7323
- RESERVED
-CVE-2018-7322
- RESERVED
-CVE-2018-7321
- RESERVED
-CVE-2018-7320
- RESERVED
+CVE-2018-7337 (In Wireshark 2.4.0 to 2.4.4, the DOCSIS protocol dissector
could crash. ...)
+ TODO: check
+CVE-2018-7336 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the FCP
protocol ...)
+ TODO: check
+CVE-2018-7335 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the IEEE
802.11 ...)
+ TODO: check
+CVE-2018-7334 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the UMTS MAC
dissector ...)
+ TODO: check
+CVE-2018-7333 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, ...)
+ TODO: check
+CVE-2018-7332 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, ...)
+ TODO: check
+CVE-2018-7331 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, ...)
+ TODO: check
+CVE-2018-7330 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, ...)
+ TODO: check
+CVE-2018-7329 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, ...)
+ TODO: check
+CVE-2018-7328 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, ...)
+ TODO: check
+CVE-2018-7327 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, ...)
+ TODO: check
+CVE-2018-7326 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, ...)
+ TODO: check
+CVE-2018-7325 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, ...)
+ TODO: check
+CVE-2018-7324 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, ...)
+ TODO: check
+CVE-2018-7323 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, ...)
+ TODO: check
+CVE-2018-7322 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, ...)
+ TODO: check
+CVE-2018-7321 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, ...)
+ TODO: check
+CVE-2018-7320 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the SIGCOMP
protocol ...)
+ TODO: check
CVE-2018-7319 (SQL Injection exists in the OS Property Real Estate 3.12.7
component ...)
NOT-FOR-US: OS Property Real Estate component for Joomla!
CVE-2018-7318 (SQL Injection exists in the CheckList 1.1.1 component for
Joomla! via ...)
@@ -9069,18 +9112,15 @@ CVE-2018-3838
RESERVED
CVE-2018-3837
RESERVED
-CVE-2018-7442 [path traversal or file overwrite]
- RESERVED
+CVE-2018-7442 (An issue was discovered in Leptonica through 1.75.3. The ...)
- leptonlib <unfixed>
NOTE: https://lists.debian.org/debian-lts/2018/02/msg00086.html
-CVE-2018-7441 [insecure use of /tmp]
- RESERVED
+CVE-2018-7441 (Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which
might ...)
- leptonlib <unfixed>
NOTE: https://lists.debian.org/debian-lts/2018/02/msg00054.html
-CVE-2017-18196
+CVE-2017-18196 (Leptonica 1.74.4 constructs unintended pathnames (containing
duplicated ...)
- leptonlib 1.74.4-2 (bug #885704)
-CVE-2018-7440 [command injection via $(command)]
- RESERVED
+CVE-2018-7440 (An issue was discovered in Leptonica through 1.75.3. The ...)
- leptonlib <unfixed>
NOTE:
https://github.com/DanBloomberg/leptonica/issues/303#issuecomment-366472212
NOTE:
https://github.com/DanBloomberg/leptonica/pull/313/commits/49ecb6c2dfd6ed5078c62f4a8eeff03e3beced3b
@@ -10556,17 +10596,14 @@ CVE-2017-17769
NOT-FOR-US: Qualcomm component for Android
CVE-2017-17768
RESERVED
-CVE-2017-17767
- RESERVED
+CVE-2017-17767 (In all Qualcomm products with Android releases from CAF using
the ...)
NOT-FOR-US: Qualcomm component for Android
CVE-2017-17766
RESERVED
NOT-FOR-US: Qualcomm component for Android
-CVE-2017-17765
- RESERVED
+CVE-2017-17765 (In all Qualcomm products with Android releases from CAF using
the ...)
NOT-FOR-US: Qualcomm component for Android
-CVE-2017-17764
- RESERVED
+CVE-2017-17764 (In all Qualcomm products with Android releases from CAF using
the ...)
NOT-FOR-US: Qualcomm component for Android
CVE-2017-17763 (SuperBeam through 4.1.3, when using the LAN or WiFi Direct
Share ...)
NOT-FOR-US: SuperBeam
@@ -16107,8 +16144,7 @@ CVE-2018-1307 (In Apache jUDDI 3.2 through 3.3.4, if
using the WADL2Java or WSDL
NOT-FOR-US: Apache juddi-client
CVE-2018-1306
RESERVED
-CVE-2018-1305 [Security constraint annotations applied too late]
- RESERVED
+CVE-2018-1305 (Security constraints defined by annotations of Servlets in
Apache ...)
- tomcat9 <itp> (bug #802312)
- tomcat8 8.5.28-1
- tomcat8.0 <unfixed> (unimportant)
@@ -20920,8 +20956,8 @@ CVE-2017-16771
RESERVED
CVE-2017-16770
RESERVED
-CVE-2017-16769
- RESERVED
+CVE-2017-16769 (Exposure of private information vulnerability in Photo Viewer
in ...)
+ TODO: check
CVE-2017-16768 (Cross-site scripting (XSS) vulnerability in User Policy editor
in ...)
NOT-FOR-US: Synology MailPlus Server
CVE-2017-16767
@@ -23562,12 +23598,12 @@ CVE-2016-10517 (networking.c in Redis before 3.2.7
allows "Cross Protocol S
NOTE:
https://github.com/antirez/redis/commit/874804da0c014a7d704b3d285aa500098a931f50
CVE-2017-15863 (Cross Site Scripting (XSS) exists in the wp-noexternallinks
plugin ...)
NOT-FOR-US: WordPress plugin wp-noexternallinks
-CVE-2017-15862
- RESERVED
-CVE-2017-15861
- RESERVED
-CVE-2017-15860
- RESERVED
+CVE-2017-15862 (In all Qualcomm products with Android releases from CAF using
the ...)
+ TODO: check
+CVE-2017-15861 (In all Qualcomm products with Android releases from CAF using
the ...)
+ TODO: check
+CVE-2017-15860 (In all Qualcomm products with Android releases from CAF using
the ...)
+ TODO: check
CVE-2017-15859
RESERVED
NOT-FOR-US: Qualcomm component for Android
@@ -23631,8 +23667,7 @@ CVE-2017-15831
RESERVED
CVE-2017-15830
RESERVED
-CVE-2017-15829
- RESERVED
+CVE-2017-15829 (In all Qualcomm products with Android releases from CAF using
the ...)
NOT-FOR-US: Qualcomm component for Android
CVE-2017-15828
RESERVED
@@ -23652,15 +23687,13 @@ CVE-2017-15822
RESERVED
CVE-2017-15821
RESERVED
-CVE-2017-15820
- RESERVED
+CVE-2017-15820 (In all Qualcomm products with Android releases from CAF using
the ...)
NOT-FOR-US: Qualcomm component for Android
CVE-2017-15819
RESERVED
CVE-2017-15818
RESERVED
-CVE-2017-15817
- RESERVED
+CVE-2017-15817 (In all Qualcomm products with Android releases from CAF using
the ...)
NOT-FOR-US: Qualcomm component for Android
CVE-2017-15816
RESERVED
@@ -24345,8 +24378,8 @@ CVE-2017-15520
REJECTED
CVE-2017-15519
RESERVED
-CVE-2017-15518
- RESERVED
+CVE-2017-15518 (All versions of OnCommand API Services prior to 2.1 and NetApp
Service ...)
+ TODO: check
CVE-2017-15517 (AltaVault OST Plug-in versions prior to 1.2.2 may allow
attackers to ...)
NOT-FOR-US: AltaVault OST Plug-in
CVE-2017-15516 (NetApp SnapCenter Server versions 1.1 through 2.x are
susceptible to a ...)
@@ -26487,8 +26520,7 @@ CVE-2017-14912
CVE-2017-14911
RESERVED
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-14910
- RESERVED
+CVE-2017-14910 (In all Qualcomm products with Android releases from CAF using
the ...)
NOT-FOR-US: Qualcomm component for Android
CVE-2017-14909 (In Android for MSM, Firefox OS for MSM, QRD Android, with all
Android ...)
NOT-FOR-US: Qualcomm component for Android
@@ -26543,8 +26575,7 @@ CVE-2017-14886
RESERVED
CVE-2017-14885
RESERVED
-CVE-2017-14884
- RESERVED
+CVE-2017-14884 (In all Qualcomm products with Android releases from CAF using
the ...)
NOT-FOR-US: Qualcomm component for Android
CVE-2017-14883
RESERVED
@@ -33072,7 +33103,7 @@ CVE-2017-12738 (An issue was discovered on Siemens
SICAM RTUs SM-2556 COM Module
NOT-FOR-US: Siemens
CVE-2017-12737 (An issue was discovered on Siemens SICAM RTUs SM-2556 COM
Modules with ...)
NOT-FOR-US: Siemens
-CVE-2017-12736 (A vulnerability has been identified in the following Siemens
products: ...)
+CVE-2017-12736 (A vulnerability has been identified in RUGGEDCOM ROS for
RSL910 ...)
NOT-FOR-US: Siemens
CVE-2017-12735 (A vulnerability has been identified in Siemens LOGO! devices.
An ...)
NOT-FOR-US: Siemens
@@ -50077,7 +50108,7 @@ CVE-2016-10261
RESERVED
CVE-2016-10260
RESERVED
-CVE-2016-10259 (Blue Coat SSL Visibility (SSLV) 3.x before 3.11.3.1 is
susceptible to ...)
+CVE-2016-10259 (Symantec SSL Visibility (SSLV) 3.8.4FC, 3.9, 3.10 before
3.10.4.1, and ...)
NOT-FOR-US: Blue Coat
CVE-2016-10258
RESERVED
@@ -63982,9 +64013,9 @@ CVE-2017-2683 (A non-privileged user of the Siemens web
application RUGGEDCOM NM
NOT-FOR-US: Siemens
CVE-2017-2682 (The Siemens web application RUGGEDCOM NMS < V1.2 on port
8080/TCP and ...)
NOT-FOR-US: Siemens
-CVE-2017-2681 (A vulnerability has been identified in Development/Evaluation
Kit DK ...)
+CVE-2017-2681 (A vulnerability has been identified in SIMATIC CP 343-1 Std,
SIMATIC ...)
NOT-FOR-US: Siemens
-CVE-2017-2680 (A vulnerability has been identified in Development/Evaluation
Kit DK ...)
+CVE-2017-2680 (A vulnerability has been identified in SIMATIC CP 343-1 Std,
SIMATIC ...)
NOT-FOR-US: Siemens
CVE-2017-2679
RESERVED
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/49218f034d22df0aa3dcbbc03ff8712a1b655105
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/49218f034d22df0aa3dcbbc03ff8712a1b655105
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
