Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
994745b7 by security tracker role at 2018-03-21T09:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,113 @@
+CVE-2018-8884
+ RESERVED
+CVE-2018-8883 (Netwide Assembler (NASM) 2.13.02rc2 has a buffer over-read in
the ...)
+ TODO: check
+CVE-2018-8882 (Netwide Assembler (NASM) 2.13.02rc2 has a stack-based buffer
under-read ...)
+ TODO: check
+CVE-2018-8881 (Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer
over-read ...)
+ TODO: check
+CVE-2018-8880
+ RESERVED
+CVE-2018-8879
+ RESERVED
+CVE-2018-8878
+ RESERVED
+CVE-2018-8877
+ RESERVED
+CVE-2018-8876 (In 2345 Security Guard 3.6, the driver file (2345Wrath.sys)
allows ...)
+ TODO: check
+CVE-2018-8875 (In 2345 Security Guard 3.6, the driver file (2345Wrath.sys)
allows ...)
+ TODO: check
+CVE-2018-8874 (In 2345 Security Guard 3.6, the driver file (2345Wrath.sys)
allows ...)
+ TODO: check
+CVE-2018-8873 (In 2345 Security Guard 3.6, the driver file
(2345NetFirewall.sys) ...)
+ TODO: check
+CVE-2018-8872
+ RESERVED
+CVE-2018-8871
+ RESERVED
+CVE-2018-8870
+ RESERVED
+CVE-2018-8869
+ RESERVED
+CVE-2018-8868
+ RESERVED
+CVE-2018-8867
+ RESERVED
+CVE-2018-8866
+ RESERVED
+CVE-2018-8865
+ RESERVED
+CVE-2018-8864
+ RESERVED
+CVE-2018-8863
+ RESERVED
+CVE-2018-8862
+ RESERVED
+CVE-2018-8861
+ RESERVED
+CVE-2018-8860
+ RESERVED
+CVE-2018-8859
+ RESERVED
+CVE-2018-8858
+ RESERVED
+CVE-2018-8857
+ RESERVED
+CVE-2018-8856
+ RESERVED
+CVE-2018-8855
+ RESERVED
+CVE-2018-8854
+ RESERVED
+CVE-2018-8853
+ RESERVED
+CVE-2018-8852
+ RESERVED
+CVE-2018-8851
+ RESERVED
+CVE-2018-8850
+ RESERVED
+CVE-2018-8849
+ RESERVED
+CVE-2018-8848
+ RESERVED
+CVE-2018-8847
+ RESERVED
+CVE-2018-8846
+ RESERVED
+CVE-2018-8845
+ RESERVED
+CVE-2018-8844
+ RESERVED
+CVE-2018-8843
+ RESERVED
+CVE-2018-8842
+ RESERVED
+CVE-2018-8841
+ RESERVED
+CVE-2018-8840
+ RESERVED
+CVE-2018-8839
+ RESERVED
+CVE-2018-8838
+ RESERVED
+CVE-2018-8837
+ RESERVED
+CVE-2018-8836
+ RESERVED
+CVE-2018-8835
+ RESERVED
+CVE-2018-8834
+ RESERVED
+CVE-2018-8833
+ RESERVED
+CVE-2018-8832 (enhavo 0.4.0 has XSS via a user-group that contains executable
...)
+ TODO: check
+CVE-2018-8831
+ RESERVED
+CVE-2018-8830
+ RESERVED
CVE-2018-8829
RESERVED
CVE-2018-8828 (A Buffer Overflow issue was discovered in Kamailio before
4.4.7, 5.0.x ...)
@@ -109085,14 +109195,14 @@ CVE-2015-7463 (IBM Business Process Manager 7.5.x,
8.0.x, 8.5.0, 8.5.5, and 8.5.
NOT-FOR-US: IBM
CVE-2015-7462 (IBM WebSphere MQ 8.0.0.4 on IBM i platforms allows local users
to ...)
NOT-FOR-US: IBM
-CVE-2015-7461
- RESERVED
-CVE-2015-7460
- RESERVED
-CVE-2015-7459
- RESERVED
-CVE-2015-7458
- RESERVED
+CVE-2015-7461 (XML external entity (XXE) vulnerability in IBM Connections
3.0.1.1 and ...)
+ TODO: check
+CVE-2015-7460 (Cross-site scripting (XSS) vulnerability in IBM Connections
3.0.1.1 ...)
+ TODO: check
+CVE-2015-7459 (Cross-site scripting (XSS) vulnerability in IBM Connections
3.0.1.1 ...)
+ TODO: check
+CVE-2015-7458 (Cross-site scripting (XSS) vulnerability in IBM Connections
3.0.1.1 ...)
+ TODO: check
CVE-2015-7457 (Cross-site scripting (XSS) vulnerability in IBM WebSphere
Portal 8.0.x ...)
NOT-FOR-US: IBM
CVE-2015-7456 (IBM Spectrum Scale 4.1.1 before 4.1.1.4, and 4.2.0.0, allows
remote ...)
@@ -109109,8 +109219,8 @@ CVE-2015-7451 (Cross-site scripting (XSS)
vulnerability in IBM Maximo Asset ...)
NOT-FOR-US: IBM
CVE-2015-7450 (Serialized-object interfaces in certain IBM analytics, business
...)
NOT-FOR-US: IBM
-CVE-2015-7449
- RESERVED
+CVE-2015-7449 (IBM Rational Collaborative Lifecycle Management (CLM) 4.0.x
before ...)
+ TODO: check
CVE-2015-7448 (SQL injection vulnerability in IBM Maximo Asset Management 7.1
through ...)
NOT-FOR-US: IBM
CVE-2015-7447 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through
6.1.5.3 ...)
@@ -142902,8 +143012,8 @@ CVE-2014-4930 (Multiple cross-site scripting (XSS)
vulnerabilities in event/inde
CVE-2014-4929 (Directory traversal vulnerability in the routing component in
ownCloud ...)
- owncloud 6.0.4~beta1+dfsg-1
NOTE:
https://github.com/owncloud/security-advisories/blob/master/server/oc-sa-2014-018.json
-CVE-2014-4928
- RESERVED
+CVE-2014-4928 (SQL injection vulnerability in Invision Power Board (aka IPB or
...)
+ TODO: check
CVE-2014-4927 (Buffer overflow in ACME micro_httpd, as used in D-Link DSL2750U
and ...)
NOT-FOR-US: ACME micro_httpd
CVE-2014-4926
@@ -145134,8 +145244,8 @@ CVE-2014-3992 (Multiple SQL injection vulnerabilities
in Dolibarr ERP/CRM 3.5.3
- dolibarr 3.5.4+dfsg2-1 (bug #755531)
CVE-2014-3991 (Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr
...)
- dolibarr 3.5.5+dfsg1-1
-CVE-2014-3990
- RESERVED
+CVE-2014-3990 (The Cart::getProducts method in system/library/cart.php in
OpenCart ...)
+ TODO: check
CVE-2014-3989
RESERVED
CVE-2014-3988 (Cross-site scripting (XSS) vulnerability in index.php in
SunHater ...)
@@ -150912,12 +151022,10 @@ CVE-2014-2039 (arch/s390/kernel/head64.S in the
Linux kernel before 3.13.5 on th
NOTE:
https://git.kernel.org/linus/8d7f6690cedb83456edd41c9bd583783f0703bf0
CVE-2014-2037 (Openswan 2.6.40 allows remote attackers to cause a denial of
service ...)
- openswan <not-affected> (Incomplete fix was never applied)
-CVE-2014-2032 [missing input validation]
- RESERVED
+CVE-2014-2032 (Deadwood before 2.3.09, 3.x before 3.2.05, and as used in
MaraDNS ...)
- maradns <not-affected> (Deadwood resolver not enabled)
NOTE:
https://github.com/samboy/MaraDNS/commit/2cfcd2397cb8168d4aa4594839fabe88420d03c3
-CVE-2014-2031 [logic error]
- RESERVED
+CVE-2014-2031 (Deadwood before 2.3.09, 3.x before 3.2.05, and as used in
MaraDNS ...)
- maradns <not-affected> (Deadwood resolver not enabled)
NOTE:
https://github.com/samboy/MaraDNS/commit/f015495d221f1c2b2f10db38e87cecf3839d6093
CVE-2014-2030
@@ -151861,8 +151969,8 @@ CVE-2014-1668
RESERVED
CVE-2014-1667
RESERVED
-CVE-2014-1665
- RESERVED
+CVE-2014-1665 (Cross-site scripting (XSS) vulnerability in ownCloud before
6.0.1 ...)
+ TODO: check
CVE-2014-1663 (Unspecified vulnerability in Citrix XenMobile Device Manager
server ...)
NOT-FOR-US: Citrix XenMobile Device Manager server
CVE-2014-1662
@@ -152747,8 +152855,8 @@ CVE-2014-1459 (SQL injection vulnerability in
dg-admin/index.php in doorGets CMS
NOT-FOR-US: doorGets CMS
CVE-2014-1458 (Cross-site scripting (XSS) vulnerability in the web
administration ...)
NOT-FOR-US: FortiGuard FortiWeb
-CVE-2014-1457
- RESERVED
+CVE-2014-1457 (Open Web Analytics (OWA) before 1.5.6 improperly generates
random ...)
+ TODO: check
CVE-2014-1456 (Cross-site scripting (XSS) vulnerability in the login page in
Open Web ...)
NOT-FOR-US: Open Web Analytics
CVE-2014-1455 (SQL injection vulnerability in the password reset functionality
in ...)
@@ -153289,8 +153397,7 @@ CVE-2014-1217 (Livetecs Timelive before 6.2.8 does
not properly restrict access
NOT-FOR-US: Livetecs Timelive
CVE-2014-1216 (FitNesse Wiki 20131110, 20140201, and earlier allows remote
attackers ...)
NOT-FOR-US: Fitnesse Wiki
-CVE-2014-1215
- RESERVED
+CVE-2014-1215 (Multiple buffer overflows in Core FTP Server before 1.2 build
508 ...)
NOT-FOR-US: Core FTP Server
CVE-2014-1214
RESERVED
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/994745b7c87093f8cac86741f1bd0ceec42875c3
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/994745b7c87093f8cac86741f1bd0ceec42875c3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
