Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b6c4c3e0 by security tracker role at 2018-03-13T09:10:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,19 @@
+CVE-2018-8087 (Memory leak in the hwsim_new_radio_nl function in ...)
+       TODO: check
+CVE-2018-8086 (The basename implementation in string/basename.c in the GNU C 
Library ...)
+       TODO: check
+CVE-2018-8085
+       RESERVED
+CVE-2018-1000097 (Sharutils sharutils (unshar command) version 4.15.2 contains 
a Buffer ...)
+       TODO: check
+CVE-2018-1000096 (brianleroux tiny-json-http version all versions since commit 
...)
+       TODO: check
+CVE-2018-1000095 (oVirt version 4.2.0 to 4.2.2 contains a Cross Site Scripting 
(XSS) ...)
+       TODO: check
+CVE-2018-1000094 (CMS Made Simple version 2.2.5 contains a Remote Code 
Execution ...)
+       TODO: check
+CVE-2017-18228 (Remedy Mid Tier in BMC Remedy AR System 9.1 allows XSS via the 
ATTKey ...)
+       TODO: check
 CVE-2018-8084
        RESERVED
 CVE-2018-8083
@@ -10,8 +26,8 @@ CVE-2018-8080
        RESERVED
 CVE-2018-8079
        RESERVED
-CVE-2018-8078
-       RESERVED
+CVE-2018-8078 (YzmCMS 3.7 has Stored XSS via the title parameter to ...)
+       TODO: check
 CVE-2018-8077
        RESERVED
 CVE-2018-8076
@@ -507,8 +523,7 @@ CVE-2018-7860
        RESERVED
 CVE-2018-7859
        RESERVED
-CVE-2018-7858 [cirrus: OOB access when updating vga display]
-       RESERVED
+CVE-2018-7858 (Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx 
VGA ...)
        - qemu <unfixed> (bug #892497)
        [stretch] - qemu <not-affected> (Vulnerable code not present)
        [jessie] - qemu <not-affected> (Vulnerable code not present)
@@ -1377,10 +1392,10 @@ CVE-2018-7565 (CSRF exists on Polycom QDX 6000 devices. 
...)
        NOT-FOR-US: Polycom QDX 6000 devices
 CVE-2018-7564 (Stored XSS exists on Polycom QDX 6000 devices. ...)
        NOT-FOR-US: Polycom QDX 6000 devices
-CVE-2018-7563
-       RESERVED
-CVE-2018-7562
-       RESERVED
+CVE-2018-7563 (An issue was discovered in GLPI through 9.2.1. The application 
is ...)
+       TODO: check
+CVE-2018-7562 (A remote code execution issue was discovered in GLPI through 
9.2.1. ...)
+       TODO: check
 CVE-2018-7561 (Stack-based Buffer Overflow in httpd on Tenda AC9 devices ...)
        NOT-FOR-US: Tenda AC9 devices
 CVE-2018-7560 (index.js in the Anton Myshenin aws-lambda-multipart-parser NPM 
package ...)
@@ -1460,8 +1475,8 @@ CVE-2018-7543
        RESERVED
 CVE-2018-7539
        RESERVED
-CVE-2018-7538
-       RESERVED
+CVE-2018-7538 (A SQL injection vulnerability in the tracker functionality of 
Enalean ...)
+       TODO: check
 CVE-2018-7542 (An issue was discovered in Xen 4.8.x through 4.10.x allowing 
x86 PVH ...)
        {DSA-4131-1}
        - xen 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5
@@ -1635,11 +1650,11 @@ CVE-2018-7482 (** DISPUTED ** The K2 component 2.8.0 
for Joomla! has Incorrect A
        NOT-FOR-US: K2 component for Joomla!
 CVE-2017-18200 (The f2fs implementation in the Linux kernel before 4.14 
mishandles ...)
        - linux <not-affected> (Vulnerable code not present)
-CVE-2018-1000099 [AST-2018-003: Crash with an invalid SDP fmtp attribute]
+CVE-2018-1000099 (Teluu PJSIP version 2.7.1 and earlier contains a Access of 
...)
        - pjproject 2.7.2~dfsg-1
        NOTE: http://downloads.asterisk.org/pub/security/AST-2018-003.html
        NOTE: https://trac.pjsip.org/repos/ticket/2092
-CVE-2018-1000098 [AST-2018-002: Crash when given an invalid SDP media format 
description]
+CVE-2018-1000098 (Teluu PJSIP version 2.7.1 and earlier contains a Integer 
Overflow ...)
        - pjproject 2.7.2~dfsg-1
        NOTE: http://downloads.asterisk.org/pub/security/AST-2018-002.html
        NOTE: https://trac.pjsip.org/repos/ticket/2093
@@ -4031,8 +4046,8 @@ CVE-2018-6625 (In WatchDog Anti-Malware 2.74.186.150, the 
driver file (ZAMGUARD3
        NOT-FOR-US: WatchDog Anti-Malware
 CVE-2018-6624 (OMRON NS devices 1.1 through 1.3 allow remote attackers to 
bypass ...)
        NOT-FOR-US: OMRON NS devices
-CVE-2018-6623
-       RESERVED
+CVE-2018-6623 (An issue was discovered in Hola 1.79.859. An unprivileged user 
could ...)
+       TODO: check
 CVE-2018-1000058 (Jenkins Pipeline: Supporting APIs Plugin 2.17 and earlier 
have an ...)
        NOT-FOR-US: jenkins-plugin-workflow-support
 CVE-2018-1000057 (Jenkins Credentials Binding Plugin 1.14 and earlier masks 
passwords it ...)
@@ -4884,8 +4899,8 @@ CVE-2018-6402
        RESERVED
 CVE-2018-6401
        RESERVED
-CVE-2018-6400
-       RESERVED
+CVE-2018-6400 (Kingsoft WPS Office Free 10.2.0.5978 allows local users to gain 
...)
+       TODO: check
 CVE-2018-6399
        RESERVED
 CVE-2018-6398 (SQL Injection exists in the CP Event Calendar 3.0.1 component 
for ...)
@@ -5164,10 +5179,10 @@ CVE-2018-6323 (The elf_object_p function in elfcode.h 
in the Binary File Descrip
        [wheezy] - binutils <ignored> (Minor issue)
        NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22746
        NOTE: 
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=38e64b0ecc7f4ee64a02514b8d532782ac057fa2
-CVE-2018-6322
-       RESERVED
-CVE-2018-6321
-       RESERVED
+CVE-2018-6322 (Panda Global Protection 17.0.1 allows local users to gain 
privileges ...)
+       TODO: check
+CVE-2018-6321 (Unquoted Windows search path vulnerability in the 
panda_url_filtering ...)
+       TODO: check
 CVE-2018-6320
        RESERVED
 CVE-2018-6319 (In Sophos Tester Tool 3.2.0.7 Beta, the driver accepts a 
special ...)
@@ -5485,8 +5500,8 @@ CVE-2018-6185
        RESERVED
 CVE-2018-6184 (ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the 
/_next ...)
        NOT-FOR-US: ZEIT Next.js
-CVE-2018-6183
-       RESERVED
+CVE-2018-6183 (BitDefender Total Security 2018 allows local users to gain 
privileges ...)
+       TODO: check
 CVE-2018-6182
        RESERVED
 CVE-2018-6181
@@ -6032,8 +6047,8 @@ CVE-2018-6018 (Fixed sizes of HTTPS responses in Tinder 
iOS app and Tinder Andro
        NOT-FOR-US: Tinder
 CVE-2018-6017 (Unencrypted transmission of images in Tinder iOS app and Tinder 
...)
        NOT-FOR-US: Tinder
-CVE-2018-6016
-       RESERVED
+CVE-2018-6016 (Unquoted Windows search path vulnerability in the ...)
+       TODO: check
 CVE-2018-6015 (An issue was discovered in the &quot;Email Subscribers &amp; 
Newsletters&quot; ...)
        NOT-FOR-US: "Email Subscribers & Newsletters" plugin for WordPress
 CVE-2018-6014 (Subsonic v6.1.3 has an insecure allow-access-from 
domain=&quot;*&quot; Flash ...)
@@ -6728,8 +6743,8 @@ CVE-2018-5760
        RESERVED
 CVE-2018-5759 (jsparse.c in Artifex MuJS through 1.0.2 does not properly 
maintain the ...)
        NOT-FOR-US: MuJS
-CVE-2018-5758
-       RESERVED
+CVE-2018-5758 (The Upload File functionality in upload.jspa in Aurea Jive 
Jive-n ...)
+       TODO: check
 CVE-2018-5757
        RESERVED
 CVE-2018-5756
@@ -62824,10 +62839,10 @@ CVE-2016-9954 (The backtrack compilation code in the 
Irregex package (aka IrRegu
        NOTE: http://www.openwall.com/lists/oss-security/2016/12/14/18
        NOTE: 
https://github.com/ashinn/irregex/commit/a16ffc86eca15fca9e40607d41de3cea9cf868f1
        NOTE: For chicken vulnerable code in ./irregex-core.scm
-CVE-2016-9953
-       RESERVED
-CVE-2016-9952
-       RESERVED
+CVE-2016-9953 (The verify_certificate function in lib/vtls/schannel.c in 
libcurl ...)
+       TODO: check
+CVE-2016-9952 (The verify_certificate function in lib/vtls/schannel.c in 
libcurl ...)
+       TODO: check
 CVE-2016-10008 (SQL injection vulnerability in the &quot;Content Types &gt; 
Content Types&quot; ...)
        NOT-FOR-US: dotCMS
 CVE-2016-10007 (SQL injection vulnerability in the &quot;Marketing &gt; 
Forms&quot; screen in ...)
@@ -103324,8 +103339,8 @@ CVE-2016-0263 (IBM Spectrum Scale 4.1 before 4.1.1.5 
and 4.2 before 4.2.0.2 and 
        NOT-FOR-US: IBM
 CVE-2016-0262 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset 
...)
        NOT-FOR-US: IBM
-CVE-2016-0261
-       RESERVED
+CVE-2016-0261 (Cross-site scripting (XSS) vulnerability in IBM Curam Social 
Program ...)
+       TODO: check
 CVE-2016-0260 (Memory leak in queue-manager agents in IBM WebSphere MQ 8.x 
before ...)
        NOT-FOR-US: IBM
 CVE-2016-0259 (runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local 
users to ...)
@@ -103346,8 +103361,8 @@ CVE-2016-0252 (IBM Control Center 6.x before 6.0.0.1 
iFix06 and Sterling Control
        NOT-FOR-US: IBM
 CVE-2016-0251
        RESERVED
-CVE-2016-0250
-       RESERVED
+CVE-2016-0250 (XML external entity (XXE) vulnerability in IBM InfoSphere 
Information ...)
+       TODO: check
 CVE-2016-0249 (SQL injection vulnerability in IBM Security Guardium Database 
Activity ...)
        NOT-FOR-US: IBM
 CVE-2016-0248 (IBM Security Guardium 9.0 before p700 and 10.0 before p100 
allows ...)
@@ -103372,12 +103387,12 @@ CVE-2016-0239 (IBM Security Guardium Database 
Activity Monitor 9.x through 9.5 b
        NOT-FOR-US: IBM
 CVE-2016-0238 (IBM Security Guardium 9.0, 9.1, 9.5, 10.0, and 10.1 transmits 
...)
        NOT-FOR-US: IBM
-CVE-2016-0237
-       RESERVED
+CVE-2016-0237 (IBM Security Guardium Database Activity Monitor 10 allows local 
users ...)
+       TODO: check
 CVE-2016-0236 (IBM Security Guardium Database Activity Monitor 8.2 before 
p310, 9.x ...)
        NOT-FOR-US: IBM
-CVE-2016-0235
-       RESERVED
+CVE-2016-0235 (IBM Security Guardium Database Activity Monitor 10 allows local 
users ...)
+       TODO: check
 CVE-2016-0234
        RESERVED
 CVE-2016-0233 (SQL injection vulnerability in IBM Marketing Platform 8.5.x, 
8.6.x, ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b6c4c3e075d47bb25d6390930c506d5504a1aa47

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b6c4c3e075d47bb25d6390930c506d5504a1aa47
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to