[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue Mar 6 21:10:29 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
82607b72 by security tracker role at 2018-03-06T21:10:24+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,39 @@
+CVE-2018-7735 (Afian FileRun (before 2018.02.13) suffers from a remote SQL injection ...)
+	TODO: check
+CVE-2018-7734 (Afian FileRun (before 2018.02.13) suffers from a remote SQL injection ...)
+	TODO: check
+CVE-2018-7733 (An issue was discovered in YxtCMF 3.1. RbacController.class.php has ...)
+	TODO: check
+CVE-2018-7732 (An issue was discovered in YxtCMF 3.1. SQL Injection exists in ...)
+	TODO: check
+CVE-2018-7731 (An issue was discovered in Exempi through 2.4.4. ...)
+	TODO: check
+CVE-2018-7730 (An issue was discovered in Exempi through 2.4.4. A certain case of a ...)
+	TODO: check
+CVE-2018-7729 (An issue was discovered in Exempi through 2.4.4. There is a stack-based ...)
+	TODO: check
+CVE-2018-7728 (An issue was discovered in Exempi through 2.4.4. ...)
+	TODO: check
+CVE-2018-7727 (An issue was discovered in ZZIPlib 0.13.68. There is a memory leak ...)
+	TODO: check
+CVE-2018-7726 (An issue was discovered in ZZIPlib 0.13.68. There is a bus error caused ...)
+	TODO: check
+CVE-2018-7725 (An issue was discovered in ZZIPlib 0.13.68. An invalid memory address ...)
+	TODO: check
+CVE-2018-7724 (The management panel in Piwigo 2.9.3 has stored XSS via the name ...)
+	TODO: check
+CVE-2018-7723 (The management panel in Piwigo 2.9.3 has stored XSS via the ...)
+	TODO: check
+CVE-2018-7722 (The management panel in Piwigo 2.9.3 has stored XSS via the name ...)
+	TODO: check
+CVE-2018-7721
+	RESERVED
+CVE-2018-7720
+	RESERVED
+CVE-2018-7719
+	RESERVED
+CVE-2018-1000100 (GPAC MP4Box version 0.7.1 and earlier contains a Buffer Overflow ...)
+	TODO: check
 CVE-2018-XXXX [code execution in bash-completion for umount]
 	- bash-completion <unfixed> (unimportant)
 	- util-linux <unfixed> (bug #892179)
@@ -204,8 +240,8 @@ CVE-2018-1000115 (Memcached version 1.5.5 contains an Insufficient Control of Ne
 	NOTE: issues: "Specify which IP address to listen on. The default
 	NOTE: (upstream) is to listen on all IP addresses. [...] so make sure
 	NOTE: it's listening on a firewalled interface."
-CVE-2018-7650
-	RESERVED
+CVE-2018-7650 (PHP Scripts Mall Hot Scripts Clone:Script Classified Version 3.1 ...)
+	TODO: check
 CVE-2018-7649
 	RESERVED
 CVE-2018-7648 (An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The ...)
@@ -744,7 +780,7 @@ CVE-2018-1000098 [AST-2018-002: Crash when given an invalid SDP media format des
 	- pjproject 2.7.2~dfsg-1
 	NOTE: http://downloads.asterisk.org/pub/security/AST-2018-002.html
 	NOTE: https://trac.pjsip.org/repos/ticket/2093
-CVE-2018-1000101 [Improper null termination in stdio/[v]snprintf.c can result in memory corruption in subsequent string functions]
+CVE-2018-1000101 (Mingw-w64 version 5.0.3 and earlier contains an Improper Null ...)
 	- mingw-w64 <unfixed> (low)
 	[stretch] - mingw-w64 <no-dsa> (Minor issue)
 	[jessie] - mingw-w64 <no-dsa> (Minor issue)
@@ -1289,8 +1325,8 @@ CVE-2018-7309
 	RESERVED
 CVE-2018-7308 (A CSRF issue was found in var/www/html/files.php in DanWin hosting ...)
 	NOT-FOR-US: DanWin hosting
-CVE-2018-7307
-	RESERVED
+CVE-2018-7307 (The Auth0 Auth0.js library before 9.3 has CSRF because it mishandles ...)
+	TODO: check
 CVE-2018-7306
 	RESERVED
 CVE-2018-7305 (MyBB 1.8.14 is not checking for a valid CSRF token, leading to ...)
@@ -17196,6 +17232,7 @@ CVE-2018-1307 (In Apache jUDDI 3.2 through 3.3.4, if using the WADL2Java or WSDL
 CVE-2018-1306
 	RESERVED
 CVE-2018-1305 (Security constraints defined by annotations of Servlets in Apache ...)
+	{DLA-1301-1}
 	- tomcat9 <itp> (bug #802312)
 	- tomcat8 8.5.28-1
 	- tomcat8.0 <unfixed> (unimportant)
@@ -17209,6 +17246,7 @@ CVE-2018-1305 (Security constraints defined by annotations of Servlets in Apache
 	NOTE: https://svn.apache.org/r1823322 (7.0.x)
 	NOTE: https://svn.apache.org/r1824360 (7.0.x)
 CVE-2018-1304 (The URL pattern of "" (the empty string) which exactly maps to the ...)
+	{DLA-1301-1}
 	- tomcat9 <itp> (bug #802312)
 	- tomcat8 8.5.28-1
 	- tomcat8.0 <unfixed> (unimportant)
@@ -17978,8 +18016,8 @@ CVE-2018-1064
 CVE-2018-1063 (Context relabeling of filesystems is vulnerable to symbolic link ...)
 	- policycoreutils <undetermined>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1550122
-CVE-2018-1062
-	RESERVED
+CVE-2018-1062 (A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the ...)
+	TODO: check
 CVE-2018-1061
 	RESERVED
 CVE-2018-1060
@@ -41040,14 +41078,14 @@ CVE-2017-9787 (When using a Spring AOP functionality to secure Struts actions it
 	- libstruts1.2-java <not-affected> (Vulnerable code not present)
 	NOTE: Issue is specific to Struts 2.x.
 	NOTE: https://struts.apache.org/docs/s2-049.html
-CVE-2017-9786
-	RESERVED
+CVE-2017-9786 (Cross-site scripting (XSS) vulnerability in ProjectSend (formerly ...)
+	TODO: check
 CVE-2017-9785 (Csrf.cs in NancyFX Nancy before 1.4.4 and 2.x before 2.0-dangermouse ...)
 	NOT-FOR-US: NancyFX Nancy
 CVE-2017-9784
 	RESERVED
-CVE-2017-9783
-	RESERVED
+CVE-2017-9783 (Cross-site scripting (XSS) vulnerability in ProjectSend (formerly ...)
+	TODO: check
 CVE-2017-10599
 	RESERVED
 CVE-2017-10598
@@ -54141,10 +54179,10 @@ CVE-2017-6298 (An issue was discovered in ytnef before 1.9.1. This is related to
 	NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910
 CVE-2017-6297 (The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does ...)
 	NOT-FOR-US: MikroTik RouterOS
-CVE-2017-6296
-	RESERVED
-CVE-2017-6295
-	RESERVED
+CVE-2017-6296 (NVIDIA TrustZone Software contains a TOCTOU issue in the DRM ...)
+	TODO: check
+CVE-2017-6295 (NVIDIA TrustZone Software contains a vulnerability in the Keymaster ...)
+	TODO: check
 CVE-2017-6294
 	RESERVED
 CVE-2017-6293
@@ -54165,16 +54203,15 @@ CVE-2017-6286
 	RESERVED
 CVE-2017-6285
 	RESERVED
-CVE-2017-6284
-	RESERVED
-CVE-2017-6283
-	RESERVED
-CVE-2017-6282
-	RESERVED
+CVE-2017-6284 (NVIDIA Security Engine contains a vulnerability in the Deterministic ...)
+	TODO: check
+CVE-2017-6283 (NVIDIA Security Engine contains a vulnerability in the RSA function ...)
+	TODO: check
+CVE-2017-6282 (NVIDIA Tegra kernel driver contains a vulnerability in NVMAP where an ...)
+	TODO: check
 CVE-2017-6281
 	RESERVED
-CVE-2017-6280
-	RESERVED
+CVE-2017-6280 (NIVIDIA driver contains a possible out-of-bounds read vulnerability ...)
 	NOT-FOR-US: Nvidia component for Android
 CVE-2017-6279 (NVIDIA libnvmmlite_audio.so contains an elevation of privilege ...)
 	NOT-FOR-US: Nvidia component for Android
@@ -65183,7 +65220,7 @@ CVE-2017-2682 (The Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/
 	NOT-FOR-US: Siemens
 CVE-2017-2681 (A vulnerability has been identified in SIMATIC CP 343-1 Std (All ...)
 	NOT-FOR-US: Siemens
-CVE-2017-2680 (A vulnerability has been identified in SIMATIC CP 343-1 Std (All ...)
+CVE-2017-2680 (SIEMENS SIMATIC CP 343-1 Std, CP 343-1 Lean (All versions), SIMATIC CP ...)
 	NOT-FOR-US: Siemens
 CVE-2017-2679
 	RESERVED
@@ -148176,7 +148213,7 @@ CVE-2014-1869 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	- db4o <unfixed> (unimportant)
 	- jenkins 1.565.3-1 (bug #763899)
 	NOTE: in -doc package
-CVE-2013-7329 (The CGI::Application module 4.50 and earlier for Perl, when run modes ...)
+CVE-2013-7329 (The CGI::Application module before 4.50_50 and 4.50_51 for Perl, when ...)
 	- libcgi-application-perl 4.50-2 (bug #739505)
 	[wheezy] - libcgi-application-perl <no-dsa> (Minor issue)
 	[squeeze] - libcgi-application-perl <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/82607b72f7d2d80e2eb4d37e70b5b87dd08e4b24

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/82607b72f7d2d80e2eb4d37e70b5b87dd08e4b24
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180306/17a543fa/attachment-0001.html>

More information about the Secure-testing-commits mailing list