[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Aug 28 21:10:41 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f258acd1 by security tracker role at 2018-08-28T20:10:33Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,282 @@
-CVE-2018-15919 [OpenSSH user enumeration]
+CVE-2018-16051
+ RESERVED
+CVE-2018-16050
+ RESERVED
+CVE-2018-16049
+ RESERVED
+CVE-2018-16048
+ RESERVED
+CVE-2018-16047
+ RESERVED
+CVE-2018-16046
+ RESERVED
+CVE-2018-16045
+ RESERVED
+CVE-2018-16044
+ RESERVED
+CVE-2018-16043
+ RESERVED
+CVE-2018-16042
+ RESERVED
+CVE-2018-16041
+ RESERVED
+CVE-2018-16040
+ RESERVED
+CVE-2018-16039
+ RESERVED
+CVE-2018-16038
+ RESERVED
+CVE-2018-16037
+ RESERVED
+CVE-2018-16036
+ RESERVED
+CVE-2018-16035
+ RESERVED
+CVE-2018-16034
+ RESERVED
+CVE-2018-16033
+ RESERVED
+CVE-2018-16032
+ RESERVED
+CVE-2018-16031
+ RESERVED
+CVE-2018-16030
+ RESERVED
+CVE-2018-16029
+ RESERVED
+CVE-2018-16028
+ RESERVED
+CVE-2018-16027
+ RESERVED
+CVE-2018-16026
+ RESERVED
+CVE-2018-16025
+ RESERVED
+CVE-2018-16024
+ RESERVED
+CVE-2018-16023
+ RESERVED
+CVE-2018-16022
+ RESERVED
+CVE-2018-16021
+ RESERVED
+CVE-2018-16020
+ RESERVED
+CVE-2018-16019
+ RESERVED
+CVE-2018-16018
+ RESERVED
+CVE-2018-16017
+ RESERVED
+CVE-2018-16016
+ RESERVED
+CVE-2018-16015
+ RESERVED
+CVE-2018-16014
+ RESERVED
+CVE-2018-16013
+ RESERVED
+CVE-2018-16012
+ RESERVED
+CVE-2018-16011
+ RESERVED
+CVE-2018-16010
+ RESERVED
+CVE-2018-16009
+ RESERVED
+CVE-2018-16008
+ RESERVED
+CVE-2018-16007
+ RESERVED
+CVE-2018-16006
+ RESERVED
+CVE-2018-16005
+ RESERVED
+CVE-2018-16004
+ RESERVED
+CVE-2018-16003
+ RESERVED
+CVE-2018-16002
+ RESERVED
+CVE-2018-16001
+ RESERVED
+CVE-2018-16000
+ RESERVED
+CVE-2018-15999
+ RESERVED
+CVE-2018-15998
+ RESERVED
+CVE-2018-15997
+ RESERVED
+CVE-2018-15996
+ RESERVED
+CVE-2018-15995
+ RESERVED
+CVE-2018-15994
+ RESERVED
+CVE-2018-15993
+ RESERVED
+CVE-2018-15992
+ RESERVED
+CVE-2018-15991
+ RESERVED
+CVE-2018-15990
+ RESERVED
+CVE-2018-15989
+ RESERVED
+CVE-2018-15988
+ RESERVED
+CVE-2018-15987
+ RESERVED
+CVE-2018-15986
+ RESERVED
+CVE-2018-15985
+ RESERVED
+CVE-2018-15984
+ RESERVED
+CVE-2018-15983
+ RESERVED
+CVE-2018-15982
+ RESERVED
+CVE-2018-15981
+ RESERVED
+CVE-2018-15980
+ RESERVED
+CVE-2018-15979
+ RESERVED
+CVE-2018-15978
+ RESERVED
+CVE-2018-15977
+ RESERVED
+CVE-2018-15976
+ RESERVED
+CVE-2018-15975
+ RESERVED
+CVE-2018-15974
+ RESERVED
+CVE-2018-15973
+ RESERVED
+CVE-2018-15972
+ RESERVED
+CVE-2018-15971
+ RESERVED
+CVE-2018-15970
+ RESERVED
+CVE-2018-15969
+ RESERVED
+CVE-2018-15968
+ RESERVED
+CVE-2018-15967
+ RESERVED
+CVE-2018-15966
+ RESERVED
+CVE-2018-15965
+ RESERVED
+CVE-2018-15964
+ RESERVED
+CVE-2018-15963
+ RESERVED
+CVE-2018-15962
+ RESERVED
+CVE-2018-15961
+ RESERVED
+CVE-2018-15960
+ RESERVED
+CVE-2018-15959
+ RESERVED
+CVE-2018-15958
+ RESERVED
+CVE-2018-15957
+ RESERVED
+CVE-2018-15956
+ RESERVED
+CVE-2018-15955
+ RESERVED
+CVE-2018-15954
+ RESERVED
+CVE-2018-15953
+ RESERVED
+CVE-2018-15952
+ RESERVED
+CVE-2018-15951
+ RESERVED
+CVE-2018-15950
+ RESERVED
+CVE-2018-15949
+ RESERVED
+CVE-2018-15948
+ RESERVED
+CVE-2018-15947
+ RESERVED
+CVE-2018-15946
+ RESERVED
+CVE-2018-15945
+ RESERVED
+CVE-2018-15944
+ RESERVED
+CVE-2018-15943
+ RESERVED
+CVE-2018-15942
+ RESERVED
+CVE-2018-15941
+ RESERVED
+CVE-2018-15940
+ RESERVED
+CVE-2018-15939
+ RESERVED
+CVE-2018-15938
+ RESERVED
+CVE-2018-15937
+ RESERVED
+CVE-2018-15936
+ RESERVED
+CVE-2018-15935
+ RESERVED
+CVE-2018-15934
+ RESERVED
+CVE-2018-15933
+ RESERVED
+CVE-2018-15932
+ RESERVED
+CVE-2018-15931
+ RESERVED
+CVE-2018-15930
+ RESERVED
+CVE-2018-15929
+ RESERVED
+CVE-2018-15928
+ RESERVED
+CVE-2018-15927
+ RESERVED
+CVE-2018-15926
+ RESERVED
+CVE-2018-15925
+ RESERVED
+CVE-2018-15924
+ RESERVED
+CVE-2018-15923
+ RESERVED
+CVE-2018-15922
+ RESERVED
+CVE-2018-15921
+ RESERVED
+CVE-2018-15920
+ RESERVED
+CVE-2018-15918
+ RESERVED
+CVE-2018-15917
+ RESERVED
+CVE-2018-15916
+ RESERVED
+CVE-2018-15915
+ RESERVED
+CVE-2018-15914
+ RESERVED
+CVE-2018-15913
+ RESERVED
+CVE-2018-15912
+ RESERVED
+CVE-2018-15919 (Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 ...)
- openssh <unfixed>
[stretch] - openssh <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2018/08/27/2
@@ -32,8 +310,8 @@ CVE-2018-15903
RESERVED
CVE-2018-15902
RESERVED
-CVE-2018-15901
- RESERVED
+CVE-2018-15901 (e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing ...)
+ TODO: check
CVE-2018-15900
RESERVED
CVE-2018-15899 (An issue was discovered in MiniCMS 1.10. There is a post.php?date= XSS ...)
@@ -77,8 +355,8 @@ CVE-2018-15886
RESERVED
CVE-2018-15885 (Ovation FindMe 1.4-1083-1 is intended to support transmission of ...)
NOT-FOR-US: Ovation FindMe
-CVE-2018-15884
- RESERVED
+CVE-2018-15884 (RICOH MP C4504ex devices allow HTML Injection via the ...)
+ TODO: check
CVE-2018-15883
RESERVED
CVE-2018-15882
@@ -112,8 +390,8 @@ CVE-2018-15875 (Cross-site scripting (XSS) vulnerability on D-Link DIR-615 route
NOT-FOR-US: D-Link
CVE-2018-15874 (Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers ...)
NOT-FOR-US: D-Link
-CVE-2018-15873
- RESERVED
+CVE-2018-15873 (A SQL Injection issue was discovered in Sentrifugo 3.2 via the deptid ...)
+ TODO: check
CVE-2018-15872
RESERVED
CVE-2018-15871 (An invalid memory address dereference was discovered in ...)
@@ -218,8 +496,8 @@ CVE-2018-15841
RESERVED
CVE-2018-15840
RESERVED
-CVE-2018-15839
- RESERVED
+CVE-2018-15839 (D-Link DIR-615 devices have a buffer overflow via a long Authorization ...)
+ TODO: check
CVE-2018-15838
RESERVED
CVE-2018-15837
@@ -423,8 +701,8 @@ CVE-2018-15742
RESERVED
CVE-2018-15741
RESERVED
-CVE-2018-15740
- RESERVED
+CVE-2018-15740 (Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the "Workflow ...)
+ TODO: check
CVE-2018-15739
RESERVED
CVE-2018-15738
@@ -701,8 +979,8 @@ CVE-2018-15610
RESERVED
CVE-2018-15609
RESERVED
-CVE-2018-15608
- RESERVED
+CVE-2018-15608 (Zoho ManageEngine ADManager Plus 6.5.7 allows HTML Injection on the ...)
+ TODO: check
CVE-2018-15607 (In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 ...)
- imagemagick <unfixed> (low)
[stretch] - imagemagick <ignored> (Minor issue)
@@ -741,8 +1019,8 @@ CVE-2018-15598 (Containous Traefik 1.6.x before 1.6.6, when --api is used, expos
NOT-FOR-US: Traefik
CVE-2018-15597
RESERVED
-CVE-2018-15596
- RESERVED
+CVE-2018-15596 (An issue was discovered in inc/class_feedgeneration.php in MyBB ...)
+ TODO: check
CVE-2018-1000226 (Cobbler version Verified as present in Cobbler versions 2.6.11+, but ...)
- cobbler <removed>
CVE-2018-1000225 (Cobbler version Verified as present in Cobbler versions 2.6.11+, but ...)
@@ -900,8 +1178,8 @@ CVE-2018-15594 (arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mis
CVE-2018-15572 (The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c ...)
- linux 4.17.15-1
NOTE: https://git.kernel.org/linus/fdf82a7856b32d905c39afc85e34364491e46346
-CVE-2018-15571
- RESERVED
+CVE-2018-15571 (The Export Users to CSV plugin through 1.1.1 for WordPress allows CSV ...)
+ TODO: check
CVE-2018-15570 (In waimai Super Cms 20150505, there is stored XSS via the ...)
NOT-FOR-US: waimai Super Cms
CVE-2018-15569 (my little forum 2.4.12 allows CSRF for deletion of users. ...)
@@ -987,8 +1265,8 @@ CVE-2018-15531
RESERVED
CVE-2018-15530
RESERVED
-CVE-2018-15529
- RESERVED
+CVE-2018-15529 (A command injection vulnerability in maintenance.cgi in Mutiny ...)
+ TODO: check
CVE-2018-15528 (Reflected Cross-Site Scripting exists in the Java System Solutions SSO ...)
NOT-FOR-US: Java System Solutions SSO plugin
CVE-2018-15527
@@ -3154,8 +3432,8 @@ CVE-2018-14574 (django.middleware.common.CommonMiddleware in Django 1.11.x befor
NOTE: https://github.com/django/django/commit/434d309ef6dbecbfd2b322d3a1da78aa5cb05fa8 (vuln. introduced here?)
CVE-2018-14573 (A Local File Inclusion (LFI) vulnerability exists in the Web Interface ...)
NOT-FOR-US: TightRope Media Carousel Digital Signage
-CVE-2018-14572
- RESERVED
+CVE-2018-14572 (In conference-scheduler-cli, a pickle.load call on imported data ...)
+ TODO: check
CVE-2018-14571
RESERVED
CVE-2018-14570 (A file upload vulnerability in application/shop/controller/member.php ...)
@@ -3655,8 +3933,8 @@ CVE-2018-14402 (axmldec 1.2.0 has an out-of-bounds write in the ...)
NOT-FOR-US: axmldec
CVE-2018-14401 (CopyData in AxmlParser.c in AXML Parser through 2018-01-04 has an ...)
NOT-FOR-US: AXML Parser
-CVE-2018-14400
- RESERVED
+CVE-2018-14400 (In pycparser, a pickle.load call (within the read_pickle function of ...)
+ TODO: check
CVE-2018-14399 (libs\classes\attachment.class.php in PHPCMS 9.6.0 allows remote ...)
NOT-FOR-US: PHPCMS
CVE-2018-14398
@@ -6034,16 +6312,16 @@ CVE-2018-13397
RESERVED
CVE-2018-13396
RESERVED
-CVE-2018-13395
- RESERVED
+CVE-2018-13395 (Various resources in Atlassian Jira before version 7.6.8, from version ...)
+ TODO: check
CVE-2018-13394 (The acceptAnswer resource in Atlassian Confluence Questions before ...)
NOT-FOR-US: Atlassian Confluence Questions
CVE-2018-13393 (The convertCommentToAnswer resource in Atlassian Confluence Questions ...)
NOT-FOR-US: Atlassian Confluence Questions
CVE-2018-13392 (Several resources in Atlassian Fisheye and Crucible before version ...)
NOT-FOR-US: Atlassian
-CVE-2018-13391
- RESERVED
+CVE-2018-13391 (The ProfileLinkUserFormat component of Jira Server before version ...)
+ TODO: check
CVE-2018-13390 (Unauthenticated access to cloudtoken daemon on Linux via network from ...)
NOT-FOR-US: Atlassian
CVE-2018-13389 (The attachment resource in Atlassian Confluence before version 6.6.1 ...)
@@ -24030,8 +24308,8 @@ CVE-2018-6645
RESERVED
CVE-2018-6644 (SBLIM Small Footprint CIM Broker (SFCB) 1.4.9 has a null pointer (DoS) ...)
- sblim-sfcb <itp> (bug #754493)
-CVE-2018-6643
- RESERVED
+CVE-2018-6643 (Infoblox NetMRI 7.1.1 has Reflected Cross-Site Scripting via the ...)
+ TODO: check
CVE-2018-6642
RESERVED
CVE-2018-6641 (An Arbitrary Free (Remote Code Execution) issue was discovered in ...)
@@ -31907,8 +32185,8 @@ CVE-2018-3928
RESERVED
CVE-2018-3927 (An exploitable information disclosure vulnerability exists in the ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
-CVE-2018-3926
- RESERVED
+CVE-2018-3926 (An exploitable integer underflow vulnerability exists in the ZigBee ...)
+ TODO: check
CVE-2018-3925 (An exploitable buffer overflow vulnerability exists in the remote ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3924 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
@@ -31943,8 +32221,8 @@ CVE-2018-3910
RESERVED
CVE-2018-3909 (An exploitable vulnerability exists in the REST parser of video-core's ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
-CVE-2018-3908
- RESERVED
+CVE-2018-3908 (An exploitable vulnerability exists in the REST parser of video-core's ...)
+ TODO: check
CVE-2018-3907 (An exploitable vulnerability exists in the REST parser of video-core's ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3906
@@ -31969,8 +32247,8 @@ CVE-2018-3897
RESERVED
CVE-2018-3896
RESERVED
-CVE-2018-3895
- RESERVED
+CVE-2018-3895 (An exploitable buffer overflow vulnerability exists in the ...)
+ TODO: check
CVE-2018-3894
RESERVED
CVE-2018-3893 (An exploitable buffer overflow vulnerability exists in the ...)
@@ -32866,7 +33144,7 @@ CVE-2018-3648
CVE-2018-3647
RESERVED
CVE-2018-3646 (Systems with microprocessors utilizing speculative execution and ...)
- {DSA-4279-1 DSA-4274-1}
+ {DSA-4279-1 DSA-4274-1 DLA-1481-1}
- linux 4.17.15-1
- xen <unfixed>
- intel-microcode 3.20180703.1
@@ -32944,7 +33222,7 @@ CVE-2018-3622
CVE-2018-3621
RESERVED
CVE-2018-3620 (Systems with microprocessors utilizing speculative execution and ...)
- {DSA-4279-1 DSA-4274-1}
+ {DSA-4279-1 DSA-4274-1 DLA-1481-1}
- linux 4.17.15-1
- xen <unfixed>
- intel-microcode 3.20180703.1
@@ -38112,8 +38390,8 @@ CVE-2018-1707
RESERVED
CVE-2018-1706
RESERVED
-CVE-2018-1705
- RESERVED
+CVE-2018-1705 (IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum ...)
+ TODO: check
CVE-2018-1704
RESERVED
CVE-2018-1703
@@ -48612,8 +48890,8 @@ CVE-2017-15432
REJECTED
CVE-2017-15431
RESERVED
-CVE-2017-15430
- RESERVED
+CVE-2017-15430 (Unsafe navigation in Chromecast in Google Chrome prior to 63.0.3239.84 ...)
+ TODO: check
CVE-2017-15429
RESERVED
{DSA-4103-1}
@@ -48624,38 +48902,32 @@ CVE-2017-15429
NOTE: libv8 not covered by security support
CVE-2017-15428
RESERVED
-CVE-2017-15427
- RESERVED
+CVE-2017-15427 (Insufficient policy enforcement in Omnibox in Google Chrome prior to ...)
{DSA-4064-1}
- chromium-browser 63.0.3239.84-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-15426
- RESERVED
+CVE-2017-15426 (Insufficient policy enforcement in Omnibox in Google Chrome prior to ...)
{DSA-4064-1}
- chromium-browser 63.0.3239.84-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-15425
- RESERVED
+CVE-2017-15425 (Insufficient policy enforcement in Omnibox in Google Chrome prior to ...)
{DSA-4064-1}
- chromium-browser 63.0.3239.84-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-15424
- RESERVED
+CVE-2017-15424 (Insufficient policy enforcement in Omnibox in Google Chrome prior to ...)
{DSA-4064-1}
- chromium-browser 63.0.3239.84-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-15423
- RESERVED
+CVE-2017-15423 (Inappropriate implementation in BoringSSL SPAKE2 in Google Chrome prior ...)
{DSA-4064-1}
- chromium-browser 63.0.3239.84-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-15422 [integer overflow in icu]
- RESERVED
+CVE-2017-15422 (Integer overflow in international date handling in International ...)
{DSA-4150-1}
- icu 57.1-9 (bug #892766)
[wheezy] - icu <not-affected> (Vulnerable code not present)
@@ -48664,83 +48936,70 @@ CVE-2017-15422 [integer overflow in icu]
NOTE: Issue fixed in: https://ssl.icu-project.org/trac/changeset/40654
CVE-2017-15421
RESERVED
-CVE-2017-15420
- RESERVED
+CVE-2017-15420 (Inappropriate implementation in browser navigation in Google Chrome ...)
{DSA-4103-1 DSA-4064-1}
- chromium-browser 63.0.3239.84-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-15419
- RESERVED
+CVE-2017-15419 (Insufficient policy enforcement in Resource Timing API in Google Chrome ...)
{DSA-4064-1}
- chromium-browser 63.0.3239.84-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-15418
- RESERVED
+CVE-2017-15418 (Use of uninitialized memory in Skia in Google Chrome prior to ...)
{DSA-4064-1}
- chromium-browser 63.0.3239.84-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-15417
- RESERVED
+CVE-2017-15417 (Inappropriate implementation in Skia canvas composite operations in ...)
{DSA-4064-1}
- chromium-browser 63.0.3239.84-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-15416
- RESERVED
+CVE-2017-15416 (Heap buffer overflow in Blob API in Google Chrome prior to 63.0.3239.84 ...)
{DSA-4064-1}
- chromium-browser 63.0.3239.84-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-15415
- RESERVED
+CVE-2017-15415 (Incorrect serialization in IPC in Google Chrome prior to 63.0.3239.84 ...)
{DSA-4064-1}
- chromium-browser 63.0.3239.84-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15414
RESERVED
-CVE-2017-15413
- RESERVED
+CVE-2017-15413 (Type confusion in WebAssembly in V8 in Google Chrome prior to ...)
{DSA-4064-1}
- chromium-browser 63.0.3239.84-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-15412 [use after free]
- RESERVED
+CVE-2017-15412 (Use after free in libxml2 before 2.9.5, as used in Google Chrome prior ...)
{DSA-4086-1 DLA-1211-1}
- libxml2 2.9.4+dfsg1-5.2 (bug #883790)
NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=727039
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=783160 (not public)
NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=0f3b843b3534784ef57a4f9b874238aa1fda5a73
-CVE-2017-15411
- RESERVED
+CVE-2017-15411 (Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed ...)
{DSA-4064-1}
- chromium-browser 63.0.3239.84-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-15410
- RESERVED
+CVE-2017-15410 (Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed ...)
{DSA-4064-1}
- chromium-browser 63.0.3239.84-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-15409
- RESERVED
+CVE-2017-15409 (Heap buffer overflow in Skia in Google Chrome prior to 63.0.3239.84 ...)
{DSA-4064-1}
- chromium-browser 63.0.3239.84-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-15408
- RESERVED
+CVE-2017-15408 (Heap buffer overflow in Omnibox in Google Chrome prior to 63.0.3239.84 ...)
{DSA-4064-1}
- chromium-browser 63.0.3239.84-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-15407
- RESERVED
+CVE-2017-15407 (Out-of-bounds Write in the QUIC networking stack in Google Chrome prior ...)
{DSA-4064-1}
- chromium-browser 63.0.3239.84-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -69964,7 +70223,7 @@ CVE-2017-8400 (In SWFTools 0.9.2, an out-of-bounds write of heap data can occur
[jessie] - swftools <no-dsa> (Minor issue)
NOTE: https://github.com/matthiaskramm/swftools/issues/13
NOTE: https://github.com/matthiaskramm/swftools/commit/7139f3cf7c8bc576bea1dbd07c58ce1ad92b774a
-CVE-2017-8399 (PCRE2 before 2017-03-10 has an out-of-bounds write caused by a ...)
+CVE-2017-8399 (PCRE2 before 10.30 has an out-of-bounds write caused by a stack-based ...)
- pcre2 <not-affected> (Did only affect revision after r670 upstream; not in a released version)
NOTE: Fixed by: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=783
NOTE: https://vcs.pcre.org/pcre2?view=revision&revision=674
@@ -160091,18 +160350,18 @@ CVE-2014-6051 (Integer overflow in the MallocFrameBuffer function in vncviewer.c
{DSA-3081-1 DLA-197-1}
- libvncserver 0.9.9+dfsg-6.1 (bug #762745)
NOTE: https://github.com/newsoft/libvncserver/commit/045a044e8ae79db9244593fbce154cdf6e843273
-CVE-2014-6050
- RESERVED
-CVE-2014-6049
- RESERVED
-CVE-2014-6048
- RESERVED
-CVE-2014-6047
- RESERVED
-CVE-2014-6046
- RESERVED
-CVE-2014-6045
- RESERVED
+CVE-2014-6050 (phpMyFAQ before 2.8.13 allows remote attackers to bypass the CAPTCHA ...)
+ TODO: check
+CVE-2014-6049 (phpMyFAQ before 2.8.13 allows remote authenticated users with admin ...)
+ TODO: check
+CVE-2014-6048 (phpMyFAQ before 2.8.13 allows remote attackers to read arbitrary ...)
+ TODO: check
+CVE-2014-6047 (phpMyFAQ before 2.8.13 allows remote authenticated users with certain ...)
+ TODO: check
+CVE-2014-6046 (Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyFAQ ...)
+ TODO: check
+CVE-2014-6045 (SQL injection vulnerability in phpMyFAQ before 2.8.13 allows remote ...)
+ TODO: check
CVE-2014-6044
RESERVED
CVE-2014-6043 (ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 ...)
@@ -162751,8 +163010,8 @@ CVE-2014-4934
RESERVED
CVE-2014-4933
RESERVED
-CVE-2014-4932
- RESERVED
+CVE-2014-4932 (Cross-site scripting (XSS) vulnerability in the Wordfence Security ...)
+ TODO: check
CVE-2014-4931
RESERVED
CVE-2014-4930 (Multiple cross-site scripting (XSS) vulnerabilities in event/index2.do ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f258acd1f9831f400a7207f67a625712f7dd51a0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f258acd1f9831f400a7207f67a625712f7dd51a0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180828/bcdb3ced/attachment.html>
More information about the debian-security-tracker-commits
mailing list