Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 72668f32 by security tracker role at 2018-03-07T21:10:16+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,9 +1,35 @@ +CVE-2018-7751 + RESERVED +CVE-2018-7750 + RESERVED +CVE-2018-7749 + RESERVED +CVE-2018-7748 + RESERVED +CVE-2018-7747 + RESERVED +CVE-2018-7746 (An issue was discovered in Western Bridge Cobub Razor 0.7.2. ...) + TODO: check +CVE-2018-7745 (An issue was discovered in Western Bridge Cobub Razor 0.7.2. ...) + TODO: check +CVE-2018-7744 + RESERVED +CVE-2018-7743 + RESERVED +CVE-2018-7742 + RESERVED +CVE-2018-7741 (Eramba e1.0.6.033 has Reflected XSS in the Date Filter via the created ...) + TODO: check +CVE-2018-1000118 (Github Electron version Electron 1.8.2-beta.4 and earlier contains a ...) + TODO: check +CVE-2018-1000116 (NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the ...) + TODO: check CVE-2018-XXXX [URI values with character entities not properly sanitized] - python-bleach 2.1.3-1 (bug #892252) [stretch] - python-bleach <not-affected> (Vulnerable code introduced later) [jessie] - python-bleach <not-affected> (Vulnerable code introduced later) NOTE: https://github.com/mozilla/bleach/pull/356 -CVE-2018-1000117 [Buffer overflow vulnerability in os.symlink on Windows] +CVE-2018-1000117 (Python Software Foundation CPython version From 3.2 until 3.6.4 on ...) - python3.7 <not-affected> (Windows-specific) - python3.6 <not-affected> (Windows-specific) - python3.5 <not-affected> (Windows-specific) @@ -274,7 +300,7 @@ CVE-2018-7651 (index.js in the ssri module before 5.2.2 for Node.js is prone to NOTE: https://github.com/zkat/ssri/issues/10 NOTE: https://nodesecurity.io/advisories/565 NOTE: nodejs not covered by security support -CVE-2018-1000119 [Timing attack in authenticity_token.rb] +CVE-2018-1000119 (Sinatra rack-protection version 2.0.0.rc3 and earlier contains a ...) - ruby-rack-protection <unfixed> (bug #892250) NOTE: https://snyk.io/vuln/SNYK-RUBY-SINATRA-20470 NOTE: https://snyk.io/vuln/SNYK-RUBY-RACKPROTECTION-20395 @@ -559,7 +585,7 @@ CVE-2018-1000105 NOT-FOR-US: Jenkins plugin CVE-2018-1000104 NOT-FOR-US: Jenkins plugin -CVE-2018-7567 (In the Admin Package Manager in Open Ticket Request System (OTRS) 5.0.0 ...) +CVE-2018-7567 (** DISPUTED ** In the Admin Package Manager in Open Ticket Request ...) - otrs2 <unfixed> (unimportant) NOTE: PoC https://0day.today/exploit/29938 NOTE: Admin Package Manager works as designed and warns if a package is beeing @@ -569,10 +595,10 @@ CVE-2018-7566 [ALSA: seq: Fix racy pool initializations] RESERVED - linux <unfixed> NOTE: Fixed by: https://git.kernel.org/linus/d15d662e89fc667b90cd294b0eb45694e33144da -CVE-2018-7565 - RESERVED -CVE-2018-7564 - RESERVED +CVE-2018-7565 (CSRF exists on Polycom QDX 6000 devices. ...) + TODO: check +CVE-2018-7564 (Stored XSS exists on Polycom QDX 6000 devices. ...) + TODO: check CVE-2018-7563 RESERVED CVE-2018-7562 @@ -856,8 +882,8 @@ CVE-2018-7475 RESERVED CVE-2018-7474 RESERVED -CVE-2018-7473 - RESERVED +CVE-2018-7473 (Open redirect vulnerability in the SO Connect SO WIFI hotspot web ...) + TODO: check CVE-2018-7472 (INVT Studio 1.2 allows remote attackers to cause a denial of service ...) NOT-FOR-US: INVT Studio CVE-2018-7471 (KingView 7.5SP1 has an integer overflow during stgopenstorage API read ...) @@ -1771,8 +1797,8 @@ CVE-2018-7206 (An issue was discovered in Project Jupyter JupyterHub OAuthentica TODO: check CVE-2018-7205 (** DISPUTED ** Reflected Cross-Site Scripting vulnerability in ...) NOT-FOR-US: Kentico -CVE-2018-7204 - RESERVED +CVE-2018-7204 (inc/logger.php in the Giribaz File Manager plugin before 5.0.2 for ...) + TODO: check CVE-2018-7203 RESERVED CVE-2018-7202 @@ -6537,8 +6563,8 @@ CVE-2018-5454 RESERVED CVE-2018-5453 (An Improper Handling of Length Parameter Inconsistency issue was ...) NOT-FOR-US: Moxa -CVE-2018-5452 - RESERVED +CVE-2018-5452 (A Stack-based Buffer Overflow issue was discovered in Emerson Process ...) + TODO: check CVE-2018-5451 RESERVED CVE-2018-5450 @@ -18095,8 +18121,7 @@ CVE-2018-1056 [heap buffer overflow while running advzip] NOTE: https://github.com/amadvance/advancecomp/commit/7deeafc02b29cc51d51079e66f4f43f986ff9cc5 CVE-2018-1055 REJECTED -CVE-2018-1054 [remote Denial of Service (DoS) via search filters in SetUnicodeStringFromUTF_8 in collate.c] - RESERVED +CVE-2018-1054 (An out-of-bounds memory read flaw was found in the way 389-ds-base ...) - 389-ds-base <unfixed> (bug #892124) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1537314 NOTE: https://pagure.io/389-ds-base/issue/49545 @@ -26099,8 +26124,8 @@ CVE-2017-15368 (The wasm_dis function in libr/asm/arch/wasm/wasm.c in radare2 2. [wheezy] - radare2 <not-affected> (Vulnerable code introduced in 2.0.0) NOTE: https://github.com/radare/radare2/issues/8673 NOTE: https://github.com/radare/radare2/commit/52b1526443c1f433087928291d1c3d37a5600515 -CVE-2017-15367 - RESERVED +CVE-2017-15367 (Bacula-web before 8.0.0-rc2 is affected by multiple SQL Injection ...) + TODO: check CVE-2017-15366 (Before Thornberry NDoc version 8.0, laptop clients and the server have ...) NOT-FOR-US: Thornberry NDoc CVE-2017-15365 (sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before ...) @@ -50897,7 +50922,7 @@ CVE-2017-7312 (An issue was discovered in Personify360 e-Business 7.5.2 through NOT-FOR-US: Personify360 e-Business CVE-2017-7311 RESERVED -CVE-2017-7310 (A buffer overflow vulnerability in Import Command in Sync Breeze ...) +CVE-2017-7310 (A buffer overflow vulnerability in Import Command in SyncBreeze before ...) NOT-FOR-US: Sync Breeze Enterprise CVE-2017-7309 (A cross-site scripting (XSS) vulnerability in the MantisBT ...) - mantis <removed> @@ -82018,7 +82043,7 @@ CVE-2016-6274 RESERVED CVE-2016-6273 (The lmadmin component in Flexera FlexNet Publisher (aka Flex License ...) NOT-FOR-US: Flexera -CVE-2016-6272 (SQL injection vulnerability in EPIC MyChart allows remote attackers to ...) +CVE-2016-6272 (XPath injection vulnerability in Epic MyChart allows remote attackers ...) NOT-FOR-US: EPIC MyChart CVE-2016-6297 (Integer overflow in the php_stream_zip_opener function in ...) {DSA-3631-1 DLA-628-1} @@ -130474,8 +130499,8 @@ CVE-2014-8782 RESERVED CVE-2014-8781 RESERVED -CVE-2014-8780 - RESERVED +CVE-2014-8780 (Cross-site scripting (XSS) vulnerability in Jease 2.11 allows remote ...) + TODO: check CVE-2014-8779 (Pexip Infinity before 8 uses the same SSH host keys across different ...) NOT-FOR-US: Pexip Infinity CVE-2014-8778 (Checkmarx CxSAST (formerly CxSuite) before 7.1.8 allows remote ...) @@ -139816,8 +139841,7 @@ CVE-2014-5045 (The mountpoint_last function in fs/namei.c in the Linux kernel be [wheezy] - linux <not-affected> (Introduced in 3.12) - linux-2.6 <not-affected> (Introduced in 3.12) NOTE: https://lkml.org/lkml/2014/7/21/98 -CVE-2014-5044 [gfortran integer overflows] - RESERVED +CVE-2014-5044 (Multiple integer overflows in libgfortran might allow remote attackers ...) - gcc-4.9 4.9.1-4 (bug #756325) - gcc-4.8 4.8.3-7 (bug #756325) - gcc-4.7 <removed> (bug #756325) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/72668f326530b4e4c0fa8faf6fc0a3af270af3dc --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/72668f326530b4e4c0fa8faf6fc0a3af270af3dc You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits