Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 82607b72 by security tracker role at 2018-03-06T21:10:24+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,39 @@ +CVE-2018-7735 (Afian FileRun (before 2018.02.13) suffers from a remote SQL injection ...) + TODO: check +CVE-2018-7734 (Afian FileRun (before 2018.02.13) suffers from a remote SQL injection ...) + TODO: check +CVE-2018-7733 (An issue was discovered in YxtCMF 3.1. RbacController.class.php has ...) + TODO: check +CVE-2018-7732 (An issue was discovered in YxtCMF 3.1. SQL Injection exists in ...) + TODO: check +CVE-2018-7731 (An issue was discovered in Exempi through 2.4.4. ...) + TODO: check +CVE-2018-7730 (An issue was discovered in Exempi through 2.4.4. A certain case of a ...) + TODO: check +CVE-2018-7729 (An issue was discovered in Exempi through 2.4.4. There is a stack-based ...) + TODO: check +CVE-2018-7728 (An issue was discovered in Exempi through 2.4.4. ...) + TODO: check +CVE-2018-7727 (An issue was discovered in ZZIPlib 0.13.68. There is a memory leak ...) + TODO: check +CVE-2018-7726 (An issue was discovered in ZZIPlib 0.13.68. There is a bus error caused ...) + TODO: check +CVE-2018-7725 (An issue was discovered in ZZIPlib 0.13.68. An invalid memory address ...) + TODO: check +CVE-2018-7724 (The management panel in Piwigo 2.9.3 has stored XSS via the name ...) + TODO: check +CVE-2018-7723 (The management panel in Piwigo 2.9.3 has stored XSS via the ...) + TODO: check +CVE-2018-7722 (The management panel in Piwigo 2.9.3 has stored XSS via the name ...) + TODO: check +CVE-2018-7721 + RESERVED +CVE-2018-7720 + RESERVED +CVE-2018-7719 + RESERVED +CVE-2018-1000100 (GPAC MP4Box version 0.7.1 and earlier contains a Buffer Overflow ...) + TODO: check CVE-2018-XXXX [code execution in bash-completion for umount] - bash-completion <unfixed> (unimportant) - util-linux <unfixed> (bug #892179) @@ -204,8 +240,8 @@ CVE-2018-1000115 (Memcached version 1.5.5 contains an Insufficient Control of Ne NOTE: issues: "Specify which IP address to listen on. The default NOTE: (upstream) is to listen on all IP addresses. [...] so make sure NOTE: it's listening on a firewalled interface." -CVE-2018-7650 - RESERVED +CVE-2018-7650 (PHP Scripts Mall Hot Scripts Clone:Script Classified Version 3.1 ...) + TODO: check CVE-2018-7649 RESERVED CVE-2018-7648 (An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The ...) @@ -744,7 +780,7 @@ CVE-2018-1000098 [AST-2018-002: Crash when given an invalid SDP media format des - pjproject 2.7.2~dfsg-1 NOTE: http://downloads.asterisk.org/pub/security/AST-2018-002.html NOTE: https://trac.pjsip.org/repos/ticket/2093 -CVE-2018-1000101 [Improper null termination in stdio/[v]snprintf.c can result in memory corruption in subsequent string functions] +CVE-2018-1000101 (Mingw-w64 version 5.0.3 and earlier contains an Improper Null ...) - mingw-w64 <unfixed> (low) [stretch] - mingw-w64 <no-dsa> (Minor issue) [jessie] - mingw-w64 <no-dsa> (Minor issue) @@ -1289,8 +1325,8 @@ CVE-2018-7309 RESERVED CVE-2018-7308 (A CSRF issue was found in var/www/html/files.php in DanWin hosting ...) NOT-FOR-US: DanWin hosting -CVE-2018-7307 - RESERVED +CVE-2018-7307 (The Auth0 Auth0.js library before 9.3 has CSRF because it mishandles ...) + TODO: check CVE-2018-7306 RESERVED CVE-2018-7305 (MyBB 1.8.14 is not checking for a valid CSRF token, leading to ...) @@ -17196,6 +17232,7 @@ CVE-2018-1307 (In Apache jUDDI 3.2 through 3.3.4, if using the WADL2Java or WSDL CVE-2018-1306 RESERVED CVE-2018-1305 (Security constraints defined by annotations of Servlets in Apache ...) + {DLA-1301-1} - tomcat9 <itp> (bug #802312) - tomcat8 8.5.28-1 - tomcat8.0 <unfixed> (unimportant) @@ -17209,6 +17246,7 @@ CVE-2018-1305 (Security constraints defined by annotations of Servlets in Apache NOTE: https://svn.apache.org/r1823322 (7.0.x) NOTE: https://svn.apache.org/r1824360 (7.0.x) CVE-2018-1304 (The URL pattern of "" (the empty string) which exactly maps to the ...) + {DLA-1301-1} - tomcat9 <itp> (bug #802312) - tomcat8 8.5.28-1 - tomcat8.0 <unfixed> (unimportant) @@ -17978,8 +18016,8 @@ CVE-2018-1064 CVE-2018-1063 (Context relabeling of filesystems is vulnerable to symbolic link ...) - policycoreutils <undetermined> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1550122 -CVE-2018-1062 - RESERVED +CVE-2018-1062 (A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the ...) + TODO: check CVE-2018-1061 RESERVED CVE-2018-1060 @@ -41040,14 +41078,14 @@ CVE-2017-9787 (When using a Spring AOP functionality to secure Struts actions it - libstruts1.2-java <not-affected> (Vulnerable code not present) NOTE: Issue is specific to Struts 2.x. NOTE: https://struts.apache.org/docs/s2-049.html -CVE-2017-9786 - RESERVED +CVE-2017-9786 (Cross-site scripting (XSS) vulnerability in ProjectSend (formerly ...) + TODO: check CVE-2017-9785 (Csrf.cs in NancyFX Nancy before 1.4.4 and 2.x before 2.0-dangermouse ...) NOT-FOR-US: NancyFX Nancy CVE-2017-9784 RESERVED -CVE-2017-9783 - RESERVED +CVE-2017-9783 (Cross-site scripting (XSS) vulnerability in ProjectSend (formerly ...) + TODO: check CVE-2017-10599 RESERVED CVE-2017-10598 @@ -54141,10 +54179,10 @@ CVE-2017-6298 (An issue was discovered in ytnef before 1.9.1. This is related to NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910 CVE-2017-6297 (The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does ...) NOT-FOR-US: MikroTik RouterOS -CVE-2017-6296 - RESERVED -CVE-2017-6295 - RESERVED +CVE-2017-6296 (NVIDIA TrustZone Software contains a TOCTOU issue in the DRM ...) + TODO: check +CVE-2017-6295 (NVIDIA TrustZone Software contains a vulnerability in the Keymaster ...) + TODO: check CVE-2017-6294 RESERVED CVE-2017-6293 @@ -54165,16 +54203,15 @@ CVE-2017-6286 RESERVED CVE-2017-6285 RESERVED -CVE-2017-6284 - RESERVED -CVE-2017-6283 - RESERVED -CVE-2017-6282 - RESERVED +CVE-2017-6284 (NVIDIA Security Engine contains a vulnerability in the Deterministic ...) + TODO: check +CVE-2017-6283 (NVIDIA Security Engine contains a vulnerability in the RSA function ...) + TODO: check +CVE-2017-6282 (NVIDIA Tegra kernel driver contains a vulnerability in NVMAP where an ...) + TODO: check CVE-2017-6281 RESERVED -CVE-2017-6280 - RESERVED +CVE-2017-6280 (NIVIDIA driver contains a possible out-of-bounds read vulnerability ...) NOT-FOR-US: Nvidia component for Android CVE-2017-6279 (NVIDIA libnvmmlite_audio.so contains an elevation of privilege ...) NOT-FOR-US: Nvidia component for Android @@ -65183,7 +65220,7 @@ CVE-2017-2682 (The Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/ NOT-FOR-US: Siemens CVE-2017-2681 (A vulnerability has been identified in SIMATIC CP 343-1 Std (All ...) NOT-FOR-US: Siemens -CVE-2017-2680 (A vulnerability has been identified in SIMATIC CP 343-1 Std (All ...) +CVE-2017-2680 (SIEMENS SIMATIC CP 343-1 Std, CP 343-1 Lean (All versions), SIMATIC CP ...) NOT-FOR-US: Siemens CVE-2017-2679 RESERVED @@ -148176,7 +148213,7 @@ CVE-2014-1869 (Multiple cross-site scripting (XSS) vulnerabilities in ...) - db4o <unfixed> (unimportant) - jenkins 1.565.3-1 (bug #763899) NOTE: in -doc package -CVE-2013-7329 (The CGI::Application module 4.50 and earlier for Perl, when run modes ...) +CVE-2013-7329 (The CGI::Application module before 4.50_50 and 4.50_51 for Perl, when ...) - libcgi-application-perl 4.50-2 (bug #739505) [wheezy] - libcgi-application-perl <no-dsa> (Minor issue) [squeeze] - libcgi-application-perl <no-dsa> (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/82607b72f7d2d80e2eb4d37e70b5b87dd08e4b24 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/82607b72f7d2d80e2eb4d37e70b5b87dd08e4b24 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits