[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Feb 21 21:10:26 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ad81ed36 by security tracker role at 2018-02-21T21:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,107 @@
+CVE-2018-7306
+ RESERVED
+CVE-2018-7305 (MyBB 1.8.14 is not checking for a valid CSRF token, leading to ...)
+ TODO: check
+CVE-2018-7304 (Tiki 17.1 does not validate user input for special characters; ...)
+ TODO: check
+CVE-2018-7303 (The Calendar component in Tiki 17.1 allows HTML injection. ...)
+ TODO: check
+CVE-2018-7302 (Tiki 17.1 allows upload of a .PNG file that actually has SVG content, ...)
+ TODO: check
+CVE-2018-7301
+ RESERVED
+CVE-2018-7300
+ RESERVED
+CVE-2018-7299
+ RESERVED
+CVE-2018-7298
+ RESERVED
+CVE-2018-7297
+ RESERVED
+CVE-2018-7296
+ RESERVED
+CVE-2018-7295
+ RESERVED
+CVE-2018-7294
+ RESERVED
+CVE-2018-7293
+ RESERVED
+CVE-2018-7292
+ RESERVED
+CVE-2018-7291
+ RESERVED
+CVE-2018-7290
+ RESERVED
+CVE-2018-7289 (An issue was discovered in armadito-windows-driver/src/communication.c ...)
+ TODO: check
+CVE-2018-7288
+ RESERVED
+CVE-2018-7287
+ RESERVED
+CVE-2018-7286
+ RESERVED
+CVE-2018-7285
+ RESERVED
+CVE-2018-7284
+ RESERVED
+CVE-2018-7283
+ RESERVED
+CVE-2018-7282
+ RESERVED
+CVE-2018-7281
+ RESERVED
+CVE-2018-7280 (The Ninja Forms plugin before 3.2.14 for WordPress has XSS. ...)
+ TODO: check
+CVE-2018-1000093
+ RESERVED
+CVE-2018-1000092
+ RESERVED
+CVE-2018-1000091
+ RESERVED
+CVE-2018-1000090
+ RESERVED
+CVE-2018-1000089
+ RESERVED
+CVE-2018-1000088
+ RESERVED
+CVE-2018-1000087
+ RESERVED
+CVE-2018-1000086
+ RESERVED
+CVE-2018-1000085
+ RESERVED
+CVE-2018-1000084
+ RESERVED
+CVE-2018-1000083
+ RESERVED
+CVE-2018-1000082
+ RESERVED
+CVE-2018-1000081
+ RESERVED
+CVE-2018-1000080
+ RESERVED
+CVE-2018-1000079
+ RESERVED
+CVE-2018-1000078
+ RESERVED
+CVE-2018-1000077
+ RESERVED
+CVE-2018-1000076
+ RESERVED
+CVE-2018-1000075
+ RESERVED
+CVE-2018-1000074
+ RESERVED
+CVE-2018-1000073
+ RESERVED
+CVE-2018-1000072
+ RESERVED
+CVE-2018-1000071
+ RESERVED
+CVE-2018-1000070
+ RESERVED
+CVE-2018-1000069
+ RESERVED
CVE-2018-7279
RESERVED
CVE-2018-7278 (An issue was discovered on RLE Protocol Converter FDS-PC / FDS-PC-DP ...)
@@ -43,10 +147,10 @@ CVE-2018-7263 (The mad_decoder_run() function in decoder.c in Underbit libmad th
TODO: clarify with MITRE why this CVE was additionally assigned
CVE-2018-7262
RESERVED
-CVE-2018-7261
- RESERVED
-CVE-2018-7260
- RESERVED
+CVE-2018-7261 (There are multiple Persistent XSS vulnerabilities in Radiant CMS ...)
+ TODO: check
+CVE-2018-7260 (Cross-site scripting (XSS) vulnerability in db_central_columns.php in ...)
+ TODO: check
CVE-2018-7259 (The FSX / P3Dv4 installer 2.0.1.231 for Flight Sim Labs A320-X sends a ...)
NOT-FOR-US: Flight Sim Labs
CVE-2018-7258
@@ -4289,8 +4393,8 @@ CVE-2018-5718
RESERVED
CVE-2018-5717
RESERVED
-CVE-2018-5716
- RESERVED
+CVE-2018-5716 (An issue was discovered in Reprise License Manager 11.0. This ...)
+ TODO: check
CVE-2018-5715 (phprint.php in SugarCRM 3.5.1 has XSS via a parameter name in the query ...)
NOT-FOR-US: SugarCRM
CVE-2018-5714 (In Malwarefox Anti-Malware 2.72.169, the driver file (zam64.sys) allows ...)
@@ -16034,16 +16138,16 @@ CVE-2018-1170
RESERVED
CVE-2018-1169
RESERVED
-CVE-2018-1168
- RESERVED
+CVE-2018-1168 (This vulnerability allows local attackers to escalate privileges on ...)
+ TODO: check
CVE-2018-1167
RESERVED
-CVE-2018-1166
- RESERVED
-CVE-2018-1165
- RESERVED
-CVE-2018-1164
- RESERVED
+CVE-2018-1166 (This vulnerability allows local attackers to escalate privileges on ...)
+ TODO: check
+CVE-2018-1165 (This vulnerability allows local attackers to escalate privileges on ...)
+ TODO: check
+CVE-2018-1164 (This vulnerability allows remote attackers to cause a ...)
+ TODO: check
CVE-2018-1163 (This vulnerability allows remote attackers to bypass authentication on ...)
NOT-FOR-US: Quest NetVault Backup
CVE-2018-1162 (This vulnerability allows remote attackers to create a ...)
@@ -34140,8 +34244,7 @@ CVE-2017-12163 [Server memory information leak over SMB1]
NOTE: https://www.samba.org/samba/security/CVE-2017-12163.html
CVE-2017-12162
RESERVED
-CVE-2017-12161
- RESERVED
+CVE-2017-12161 (It was found that keycloak before 3.4.2 final would permit misuse of a ...)
NOT-FOR-US: Keycloak
CVE-2017-12160 (It was found that Keycloak oauth would permit an authenticated ...)
NOT-FOR-US: Keycloak
@@ -100325,14 +100428,14 @@ CVE-2016-0371 (The Tivoli Storage Manager (TSM) password may be displayed in pla
NOT-FOR-US: IBM
CVE-2016-0370 (Cross-site scripting (XSS) vulnerability in IBM Forms Experience ...)
NOT-FOR-US: IBM
-CVE-2016-0369
- RESERVED
+CVE-2016-0369 (XML external entity (XXE) vulnerability in IBM Forms Experience ...)
+ TODO: check
CVE-2016-0368
RESERVED
-CVE-2016-0367
- RESERVED
-CVE-2016-0366
- RESERVED
+CVE-2016-0367 (IBM Security Identity Manager Virtual Appliance 7.0.x before ...)
+ TODO: check
+CVE-2016-0366 (IBM Security Identity Manager Virtual Appliance 7.0.x before ...)
+ TODO: check
CVE-2016-0365 (IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and ...)
NOT-FOR-US: IBM
CVE-2016-0364 (IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and ...)
@@ -100361,24 +100464,24 @@ CVE-2016-0353 (IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, wh
NOT-FOR-US: IBM
CVE-2016-0352
RESERVED
-CVE-2016-0351
- RESERVED
+CVE-2016-0351 (IBM Security Identity Manager Virtual Appliance 7.0.x before ...)
+ TODO: check
CVE-2016-0350 (Cross-site scripting (XSS) vulnerability in the Report Builder and ...)
NOT-FOR-US: IBM
CVE-2016-0349 (IBM Business Process Manager 8.5.6 through 8.5.6.2 and 8.5.7 before ...)
NOT-FOR-US: IBM
-CVE-2016-0348
- RESERVED
+CVE-2016-0348 (Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA ...)
+ TODO: check
CVE-2016-0347
RESERVED
CVE-2016-0346 (Cross-site scripting (XSS) vulnerability in IBM Cognos Business ...)
NOT-FOR-US: IBM
-CVE-2016-0345
- RESERVED
-CVE-2016-0344
- RESERVED
-CVE-2016-0343
- RESERVED
+CVE-2016-0345 (IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before ...)
+ TODO: check
+CVE-2016-0344 (Cross-site scripting (XSS) vulnerability in the My Reports component ...)
+ TODO: check
+CVE-2016-0343 (IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before ...)
+ TODO: check
CVE-2016-0342 (IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before ...)
NOT-FOR-US: IBM TRIRIGA Application Platform
CVE-2016-0341 (IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B ...)
@@ -106780,8 +106883,8 @@ CVE-2015-6571
RESERVED
CVE-2015-6570
RESERVED
-CVE-2015-6569
- RESERVED
+CVE-2015-6569 (Race condition in the LoadBalancer module in the Atlassian Floodlight ...)
+ TODO: check
CVE-2015-6568 (Wolf CMS before 0.8.3.1 allows unrestricted file rename and PHP Code ...)
NOT-FOR-US: Wolf CMS
CVE-2015-6567 (Wolf CMS before 0.8.3.1 allows unrestricted file upload and PHP Code ...)
@@ -108710,8 +108813,8 @@ CVE-2015-5726 (The BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before
- botan1.10 1.10.10-1
NOTE: Fixed in 1.11.19 and 1.10.10, affected all previous versions of 1.10 and 1.11
NOTE: http://botan.randombit.net/security.html
-CVE-2015-5725
- RESERVED
+CVE-2015-5725 (SQL injection vulnerability in the offset method in the Active Record ...)
+ TODO: check
CVE-2014-9742 (The Miller-Rabin primality check in Botan before 1.10.8 and 1.11.x ...)
{DLA-449-1}
- botan1.10 1.10.8-1
@@ -110062,8 +110165,7 @@ CVE-2015-5318 (Jenkins before 1.638 and LTS before 1.625.2 uses a publicly acces
CVE-2015-5317 (The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 ...)
- jenkins <removed>
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
-CVE-2015-5316 [EAP-pwd peer error path failure on unexpected Confirm message]
- RESERVED
+CVE-2015-5316 (The eap_pwd_perform_confirm_exchange function in eap_peer/eap_pwd.c in ...)
{DSA-3397-1}
- wpa 2.3-2.3 (bug #804710)
[wheezy] - wpa <not-affected> (v2.3-v2.5 with CONFIG_EAP_PWD=y)
@@ -110072,8 +110174,7 @@ CVE-2015-5316 [EAP-pwd peer error path failure on unexpected Confirm message]
NOTE: http://w1.fi/security/2015-8/
NOTE: https://w1.fi/security/2015-8/eap-pwd-unexpected-confirm.txt
NOTE: https://w1.fi/security/2015-8/0001-EAP-pwd-peer-Fix-error-path-for-unexpected-Confirm-m.patch
-CVE-2015-5315 [wpa_supplicant: EAP-pwd missing last fragment length validation]
- RESERVED
+CVE-2015-5315 (The eap_pwd_process function in eap_peer/eap_pwd.c in wpa_supplicant ...)
{DSA-3397-1}
- wpa 2.3-2.3 (bug #804708)
[wheezy] - wpa <not-affected> (v2.0-v2.5 with CONFIG_EAP_PWD=y)
@@ -110082,8 +110183,7 @@ CVE-2015-5315 [wpa_supplicant: EAP-pwd missing last fragment length validation]
NOTE: http://w1.fi/security/2015-7/
NOTE: https://w1.fi/security/2015-7/eap-pwd-missing-last-fragment-length-validation.txt
NOTE: https://w1.fi/security/2015-7/0001-EAP-pwd-peer-Fix-last-fragment-length-validation.patch
-CVE-2015-5314 [hostapd: EAP-pwd missing last fragment length validation]
- RESERVED
+CVE-2015-5314 (The eap_pwd_process function in eap_server/eap_server_pwd.c in hostapd ...)
{DSA-3397-1}
- wpa 2.3-2.3 (bug #804708)
[wheezy] - wpa <not-affected> (v2.0-v2.5 with CONFIG_EAP_PWD=y)
@@ -110112,7 +110212,7 @@ CVE-2015-5311 (PowerDNS (aka pdns) Authoritative Server 3.4.4 before 3.4.7 allow
[squeeze] - pdns <not-affected> (Only 3.4.4 and later affected)
- pdns-recursor <not-affected> (recursor not affected)
NOTE: http://www.openwall.com/lists/oss-security/2015/11/09/3
-CVE-2015-5310 (Wi-Fi in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows ...)
+CVE-2015-5310 (The WNM Sleep Mode code in wpa_supplicant 2.x before 2.6 does not ...)
{DSA-3397-1}
- wpa 2.3-2.3 (bug #804707)
[wheezy] - wpa <not-affected> (v2.0-v2.5 with CONFIG_WNM=y)
@@ -127542,7 +127642,7 @@ CVE-2015-0264 (Multiple XML external entity (XXE) vulnerabilities in ...)
CVE-2015-0263 (XML external entity (XXE) vulnerability in the XML converter setup in ...)
NOT-FOR-US: Apache Camel
CVE-2015-0262
- RESERVED
+ REJECTED
CVE-2015-0261 (Integer signedness error in the mobility_opt_print function in the ...)
{DSA-3193-1 DLA-174-1}
- tcpdump 4.6.2-4
@@ -127772,8 +127872,7 @@ CVE-2015-0204 (The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before
{DSA-3125-1 DLA-132-1}
- openssl 1.0.1k-1
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=37580f43b5a39f5f4e920d17273fab9713d3a744
-CVE-2015-0203
- RESERVED
+CVE-2015-0203 (The qpidd broker in Apache Qpid 0.30 and earlier allows remote ...)
- qpid-cpp <removed> (bug #775359)
[wheezy] - qpid-cpp <no-dsa> (Minor issue)
CVE-2015-0202 (The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows ...)
@@ -157536,8 +157635,8 @@ CVE-2013-4893
RESERVED
CVE-2013-4892
RESERVED
-CVE-2013-4891
- RESERVED
+CVE-2013-4891 (The xss_clean function in CodeIgniter before 2.1.4 might allow remote ...)
+ TODO: check
CVE-2013-4889 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
NOT-FOR-US: Digital Signage Xibo
CVE-2013-4888 (Cross-site scripting (XSS) vulnerability in index.php in Digital ...)
@@ -171022,8 +171121,7 @@ CVE-2013-0269 (The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1
CVE-2013-0268 (The msr_open function in arch/x86/kernel/msr.c in the Linux kernel ...)
- linux 3.2.39-1
- linux-2.6 2.6.32-48squeeze1
-CVE-2013-0267
- RESERVED
+CVE-2013-0267 (The Privileges portion of the web GUI and the XMLRPC API in Apache VCL ...)
NOT-FOR-US: Apache VCL
CVE-2013-0266 (manifests/base.pp in the puppetlabs-cinder module, as used in ...)
NOT-FOR-US: Openstack Packstack
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ad81ed3655fba6fd06afe38feac92838f2a23791
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ad81ed3655fba6fd06afe38feac92838f2a23791
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180221/fa56a8b3/attachment.html>
More information about the Secure-testing-commits
mailing list