Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
82607b72 by security tracker role at 2018-03-06T21:10:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,39 @@
+CVE-2018-7735 (Afian FileRun (before 2018.02.13) suffers from a remote SQL
injection ...)
+ TODO: check
+CVE-2018-7734 (Afian FileRun (before 2018.02.13) suffers from a remote SQL
injection ...)
+ TODO: check
+CVE-2018-7733 (An issue was discovered in YxtCMF 3.1. RbacController.class.php
has ...)
+ TODO: check
+CVE-2018-7732 (An issue was discovered in YxtCMF 3.1. SQL Injection exists in
...)
+ TODO: check
+CVE-2018-7731 (An issue was discovered in Exempi through 2.4.4. ...)
+ TODO: check
+CVE-2018-7730 (An issue was discovered in Exempi through 2.4.4. A certain case
of a ...)
+ TODO: check
+CVE-2018-7729 (An issue was discovered in Exempi through 2.4.4. There is a
stack-based ...)
+ TODO: check
+CVE-2018-7728 (An issue was discovered in Exempi through 2.4.4. ...)
+ TODO: check
+CVE-2018-7727 (An issue was discovered in ZZIPlib 0.13.68. There is a memory
leak ...)
+ TODO: check
+CVE-2018-7726 (An issue was discovered in ZZIPlib 0.13.68. There is a bus
error caused ...)
+ TODO: check
+CVE-2018-7725 (An issue was discovered in ZZIPlib 0.13.68. An invalid memory
address ...)
+ TODO: check
+CVE-2018-7724 (The management panel in Piwigo 2.9.3 has stored XSS via the
name ...)
+ TODO: check
+CVE-2018-7723 (The management panel in Piwigo 2.9.3 has stored XSS via the ...)
+ TODO: check
+CVE-2018-7722 (The management panel in Piwigo 2.9.3 has stored XSS via the
name ...)
+ TODO: check
+CVE-2018-7721
+ RESERVED
+CVE-2018-7720
+ RESERVED
+CVE-2018-7719
+ RESERVED
+CVE-2018-1000100 (GPAC MP4Box version 0.7.1 and earlier contains a Buffer
Overflow ...)
+ TODO: check
CVE-2018-XXXX [code execution in bash-completion for umount]
- bash-completion <unfixed> (unimportant)
- util-linux <unfixed> (bug #892179)
@@ -204,8 +240,8 @@ CVE-2018-1000115 (Memcached version 1.5.5 contains an
Insufficient Control of Ne
NOTE: issues: "Specify which IP address to listen on. The default
NOTE: (upstream) is to listen on all IP addresses. [...] so make sure
NOTE: it's listening on a firewalled interface."
-CVE-2018-7650
- RESERVED
+CVE-2018-7650 (PHP Scripts Mall Hot Scripts Clone:Script Classified Version
3.1 ...)
+ TODO: check
CVE-2018-7649
RESERVED
CVE-2018-7648 (An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG
2.3.0. The ...)
@@ -744,7 +780,7 @@ CVE-2018-1000098 [AST-2018-002: Crash when given an invalid
SDP media format des
- pjproject 2.7.2~dfsg-1
NOTE: http://downloads.asterisk.org/pub/security/AST-2018-002.html
NOTE: https://trac.pjsip.org/repos/ticket/2093
-CVE-2018-1000101 [Improper null termination in stdio/[v]snprintf.c can result
in memory corruption in subsequent string functions]
+CVE-2018-1000101 (Mingw-w64 version 5.0.3 and earlier contains an Improper
Null ...)
- mingw-w64 <unfixed> (low)
[stretch] - mingw-w64 <no-dsa> (Minor issue)
[jessie] - mingw-w64 <no-dsa> (Minor issue)
@@ -1289,8 +1325,8 @@ CVE-2018-7309
RESERVED
CVE-2018-7308 (A CSRF issue was found in var/www/html/files.php in DanWin
hosting ...)
NOT-FOR-US: DanWin hosting
-CVE-2018-7307
- RESERVED
+CVE-2018-7307 (The Auth0 Auth0.js library before 9.3 has CSRF because it
mishandles ...)
+ TODO: check
CVE-2018-7306
RESERVED
CVE-2018-7305 (MyBB 1.8.14 is not checking for a valid CSRF token, leading to
...)
@@ -17196,6 +17232,7 @@ CVE-2018-1307 (In Apache jUDDI 3.2 through 3.3.4, if
using the WADL2Java or WSDL
CVE-2018-1306
RESERVED
CVE-2018-1305 (Security constraints defined by annotations of Servlets in
Apache ...)
+ {DLA-1301-1}
- tomcat9 <itp> (bug #802312)
- tomcat8 8.5.28-1
- tomcat8.0 <unfixed> (unimportant)
@@ -17209,6 +17246,7 @@ CVE-2018-1305 (Security constraints defined by
annotations of Servlets in Apache
NOTE: https://svn.apache.org/r1823322 (7.0.x)
NOTE: https://svn.apache.org/r1824360 (7.0.x)
CVE-2018-1304 (The URL pattern of "" (the empty string) which
exactly maps to the ...)
+ {DLA-1301-1}
- tomcat9 <itp> (bug #802312)
- tomcat8 8.5.28-1
- tomcat8.0 <unfixed> (unimportant)
@@ -17978,8 +18016,8 @@ CVE-2018-1064
CVE-2018-1063 (Context relabeling of filesystems is vulnerable to symbolic
link ...)
- policycoreutils <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1550122
-CVE-2018-1062
- RESERVED
+CVE-2018-1062 (A vulnerability was discovered in oVirt 4.1.x before 4.1.9,
where the ...)
+ TODO: check
CVE-2018-1061
RESERVED
CVE-2018-1060
@@ -41040,14 +41078,14 @@ CVE-2017-9787 (When using a Spring AOP functionality
to secure Struts actions it
- libstruts1.2-java <not-affected> (Vulnerable code not present)
NOTE: Issue is specific to Struts 2.x.
NOTE: https://struts.apache.org/docs/s2-049.html
-CVE-2017-9786
- RESERVED
+CVE-2017-9786 (Cross-site scripting (XSS) vulnerability in ProjectSend
(formerly ...)
+ TODO: check
CVE-2017-9785 (Csrf.cs in NancyFX Nancy before 1.4.4 and 2.x before
2.0-dangermouse ...)
NOT-FOR-US: NancyFX Nancy
CVE-2017-9784
RESERVED
-CVE-2017-9783
- RESERVED
+CVE-2017-9783 (Cross-site scripting (XSS) vulnerability in ProjectSend
(formerly ...)
+ TODO: check
CVE-2017-10599
RESERVED
CVE-2017-10598
@@ -54141,10 +54179,10 @@ CVE-2017-6298 (An issue was discovered in ytnef
before 1.9.1. This is related to
NOTE: fixed in
https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910
CVE-2017-6297 (The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4
does ...)
NOT-FOR-US: MikroTik RouterOS
-CVE-2017-6296
- RESERVED
-CVE-2017-6295
- RESERVED
+CVE-2017-6296 (NVIDIA TrustZone Software contains a TOCTOU issue in the DRM
...)
+ TODO: check
+CVE-2017-6295 (NVIDIA TrustZone Software contains a vulnerability in the
Keymaster ...)
+ TODO: check
CVE-2017-6294
RESERVED
CVE-2017-6293
@@ -54165,16 +54203,15 @@ CVE-2017-6286
RESERVED
CVE-2017-6285
RESERVED
-CVE-2017-6284
- RESERVED
-CVE-2017-6283
- RESERVED
-CVE-2017-6282
- RESERVED
+CVE-2017-6284 (NVIDIA Security Engine contains a vulnerability in the
Deterministic ...)
+ TODO: check
+CVE-2017-6283 (NVIDIA Security Engine contains a vulnerability in the RSA
function ...)
+ TODO: check
+CVE-2017-6282 (NVIDIA Tegra kernel driver contains a vulnerability in NVMAP
where an ...)
+ TODO: check
CVE-2017-6281
RESERVED
-CVE-2017-6280
- RESERVED
+CVE-2017-6280 (NIVIDIA driver contains a possible out-of-bounds read
vulnerability ...)
NOT-FOR-US: Nvidia component for Android
CVE-2017-6279 (NVIDIA libnvmmlite_audio.so contains an elevation of privilege
...)
NOT-FOR-US: Nvidia component for Android
@@ -65183,7 +65220,7 @@ CVE-2017-2682 (The Siemens web application RUGGEDCOM
NMS < V1.2 on port 8080/
NOT-FOR-US: Siemens
CVE-2017-2681 (A vulnerability has been identified in SIMATIC CP 343-1 Std
(All ...)
NOT-FOR-US: Siemens
-CVE-2017-2680 (A vulnerability has been identified in SIMATIC CP 343-1 Std
(All ...)
+CVE-2017-2680 (SIEMENS SIMATIC CP 343-1 Std, CP 343-1 Lean (All versions),
SIMATIC CP ...)
NOT-FOR-US: Siemens
CVE-2017-2679
RESERVED
@@ -148176,7 +148213,7 @@ CVE-2014-1869 (Multiple cross-site scripting (XSS)
vulnerabilities in ...)
- db4o <unfixed> (unimportant)
- jenkins 1.565.3-1 (bug #763899)
NOTE: in -doc package
-CVE-2013-7329 (The CGI::Application module 4.50 and earlier for Perl, when run
modes ...)
+CVE-2013-7329 (The CGI::Application module before 4.50_50 and 4.50_51 for
Perl, when ...)
- libcgi-application-perl 4.50-2 (bug #739505)
[wheezy] - libcgi-application-perl <no-dsa> (Minor issue)
[squeeze] - libcgi-application-perl <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/82607b72f7d2d80e2eb4d37e70b5b87dd08e4b24
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/82607b72f7d2d80e2eb4d37e70b5b87dd08e4b24
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
