Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
72668f32 by security tracker role at 2018-03-07T21:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,9 +1,35 @@
+CVE-2018-7751
+ RESERVED
+CVE-2018-7750
+ RESERVED
+CVE-2018-7749
+ RESERVED
+CVE-2018-7748
+ RESERVED
+CVE-2018-7747
+ RESERVED
+CVE-2018-7746 (An issue was discovered in Western Bridge Cobub Razor 0.7.2.
...)
+ TODO: check
+CVE-2018-7745 (An issue was discovered in Western Bridge Cobub Razor 0.7.2.
...)
+ TODO: check
+CVE-2018-7744
+ RESERVED
+CVE-2018-7743
+ RESERVED
+CVE-2018-7742
+ RESERVED
+CVE-2018-7741 (Eramba e1.0.6.033 has Reflected XSS in the Date Filter via the
created ...)
+ TODO: check
+CVE-2018-1000118 (Github Electron version Electron 1.8.2-beta.4 and earlier
contains a ...)
+ TODO: check
+CVE-2018-1000116 (NET-SNMP version 5.7.2 contains a heap corruption
vulnerability in the ...)
+ TODO: check
CVE-2018-XXXX [URI values with character entities not properly sanitized]
- python-bleach 2.1.3-1 (bug #892252)
[stretch] - python-bleach <not-affected> (Vulnerable code introduced
later)
[jessie] - python-bleach <not-affected> (Vulnerable code introduced
later)
NOTE: https://github.com/mozilla/bleach/pull/356
-CVE-2018-1000117 [Buffer overflow vulnerability in os.symlink on Windows]
+CVE-2018-1000117 (Python Software Foundation CPython version From 3.2 until
3.6.4 on ...)
- python3.7 <not-affected> (Windows-specific)
- python3.6 <not-affected> (Windows-specific)
- python3.5 <not-affected> (Windows-specific)
@@ -274,7 +300,7 @@ CVE-2018-7651 (index.js in the ssri module before 5.2.2 for
Node.js is prone to
NOTE: https://github.com/zkat/ssri/issues/10
NOTE: https://nodesecurity.io/advisories/565
NOTE: nodejs not covered by security support
-CVE-2018-1000119 [Timing attack in authenticity_token.rb]
+CVE-2018-1000119 (Sinatra rack-protection version 2.0.0.rc3 and earlier
contains a ...)
- ruby-rack-protection <unfixed> (bug #892250)
NOTE: https://snyk.io/vuln/SNYK-RUBY-SINATRA-20470
NOTE: https://snyk.io/vuln/SNYK-RUBY-RACKPROTECTION-20395
@@ -559,7 +585,7 @@ CVE-2018-1000105
NOT-FOR-US: Jenkins plugin
CVE-2018-1000104
NOT-FOR-US: Jenkins plugin
-CVE-2018-7567 (In the Admin Package Manager in Open Ticket Request System
(OTRS) 5.0.0 ...)
+CVE-2018-7567 (** DISPUTED ** In the Admin Package Manager in Open Ticket
Request ...)
- otrs2 <unfixed> (unimportant)
NOTE: PoC https://0day.today/exploit/29938
NOTE: Admin Package Manager works as designed and warns if a package is
beeing
@@ -569,10 +595,10 @@ CVE-2018-7566 [ALSA: seq: Fix racy pool initializations]
RESERVED
- linux <unfixed>
NOTE: Fixed by:
https://git.kernel.org/linus/d15d662e89fc667b90cd294b0eb45694e33144da
-CVE-2018-7565
- RESERVED
-CVE-2018-7564
- RESERVED
+CVE-2018-7565 (CSRF exists on Polycom QDX 6000 devices. ...)
+ TODO: check
+CVE-2018-7564 (Stored XSS exists on Polycom QDX 6000 devices. ...)
+ TODO: check
CVE-2018-7563
RESERVED
CVE-2018-7562
@@ -856,8 +882,8 @@ CVE-2018-7475
RESERVED
CVE-2018-7474
RESERVED
-CVE-2018-7473
- RESERVED
+CVE-2018-7473 (Open redirect vulnerability in the SO Connect SO WIFI hotspot
web ...)
+ TODO: check
CVE-2018-7472 (INVT Studio 1.2 allows remote attackers to cause a denial of
service ...)
NOT-FOR-US: INVT Studio
CVE-2018-7471 (KingView 7.5SP1 has an integer overflow during stgopenstorage
API read ...)
@@ -1771,8 +1797,8 @@ CVE-2018-7206 (An issue was discovered in Project Jupyter
JupyterHub OAuthentica
TODO: check
CVE-2018-7205 (** DISPUTED ** Reflected Cross-Site Scripting vulnerability in
...)
NOT-FOR-US: Kentico
-CVE-2018-7204
- RESERVED
+CVE-2018-7204 (inc/logger.php in the Giribaz File Manager plugin before 5.0.2
for ...)
+ TODO: check
CVE-2018-7203
RESERVED
CVE-2018-7202
@@ -6537,8 +6563,8 @@ CVE-2018-5454
RESERVED
CVE-2018-5453 (An Improper Handling of Length Parameter Inconsistency issue
was ...)
NOT-FOR-US: Moxa
-CVE-2018-5452
- RESERVED
+CVE-2018-5452 (A Stack-based Buffer Overflow issue was discovered in Emerson
Process ...)
+ TODO: check
CVE-2018-5451
RESERVED
CVE-2018-5450
@@ -18095,8 +18121,7 @@ CVE-2018-1056 [heap buffer overflow while running
advzip]
NOTE:
https://github.com/amadvance/advancecomp/commit/7deeafc02b29cc51d51079e66f4f43f986ff9cc5
CVE-2018-1055
REJECTED
-CVE-2018-1054 [remote Denial of Service (DoS) via search filters in
SetUnicodeStringFromUTF_8 in collate.c]
- RESERVED
+CVE-2018-1054 (An out-of-bounds memory read flaw was found in the way
389-ds-base ...)
- 389-ds-base <unfixed> (bug #892124)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1537314
NOTE: https://pagure.io/389-ds-base/issue/49545
@@ -26099,8 +26124,8 @@ CVE-2017-15368 (The wasm_dis function in
libr/asm/arch/wasm/wasm.c in radare2 2.
[wheezy] - radare2 <not-affected> (Vulnerable code introduced in 2.0.0)
NOTE: https://github.com/radare/radare2/issues/8673
NOTE:
https://github.com/radare/radare2/commit/52b1526443c1f433087928291d1c3d37a5600515
-CVE-2017-15367
- RESERVED
+CVE-2017-15367 (Bacula-web before 8.0.0-rc2 is affected by multiple SQL
Injection ...)
+ TODO: check
CVE-2017-15366 (Before Thornberry NDoc version 8.0, laptop clients and the
server have ...)
NOT-FOR-US: Thornberry NDoc
CVE-2017-15365 (sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x
before ...)
@@ -50897,7 +50922,7 @@ CVE-2017-7312 (An issue was discovered in Personify360
e-Business 7.5.2 through
NOT-FOR-US: Personify360 e-Business
CVE-2017-7311
RESERVED
-CVE-2017-7310 (A buffer overflow vulnerability in Import Command in Sync
Breeze ...)
+CVE-2017-7310 (A buffer overflow vulnerability in Import Command in SyncBreeze
before ...)
NOT-FOR-US: Sync Breeze Enterprise
CVE-2017-7309 (A cross-site scripting (XSS) vulnerability in the MantisBT ...)
- mantis <removed>
@@ -82018,7 +82043,7 @@ CVE-2016-6274
RESERVED
CVE-2016-6273 (The lmadmin component in Flexera FlexNet Publisher (aka Flex
License ...)
NOT-FOR-US: Flexera
-CVE-2016-6272 (SQL injection vulnerability in EPIC MyChart allows remote
attackers to ...)
+CVE-2016-6272 (XPath injection vulnerability in Epic MyChart allows remote
attackers ...)
NOT-FOR-US: EPIC MyChart
CVE-2016-6297 (Integer overflow in the php_stream_zip_opener function in ...)
{DSA-3631-1 DLA-628-1}
@@ -130474,8 +130499,8 @@ CVE-2014-8782
RESERVED
CVE-2014-8781
RESERVED
-CVE-2014-8780
- RESERVED
+CVE-2014-8780 (Cross-site scripting (XSS) vulnerability in Jease 2.11 allows
remote ...)
+ TODO: check
CVE-2014-8779 (Pexip Infinity before 8 uses the same SSH host keys across
different ...)
NOT-FOR-US: Pexip Infinity
CVE-2014-8778 (Checkmarx CxSAST (formerly CxSuite) before 7.1.8 allows remote
...)
@@ -139816,8 +139841,7 @@ CVE-2014-5045 (The mountpoint_last function in
fs/namei.c in the Linux kernel be
[wheezy] - linux <not-affected> (Introduced in 3.12)
- linux-2.6 <not-affected> (Introduced in 3.12)
NOTE: https://lkml.org/lkml/2014/7/21/98
-CVE-2014-5044 [gfortran integer overflows]
- RESERVED
+CVE-2014-5044 (Multiple integer overflows in libgfortran might allow remote
attackers ...)
- gcc-4.9 4.9.1-4 (bug #756325)
- gcc-4.8 4.8.3-7 (bug #756325)
- gcc-4.7 <removed> (bug #756325)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/72668f326530b4e4c0fa8faf6fc0a3af270af3dc
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/72668f326530b4e4c0fa8faf6fc0a3af270af3dc
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
