[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Mar 13 09:10:22 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b6c4c3e0 by security tracker role at 2018-03-13T09:10:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,19 @@
+CVE-2018-8087 (Memory leak in the hwsim_new_radio_nl function in ...)
+ TODO: check
+CVE-2018-8086 (The basename implementation in string/basename.c in the GNU C Library ...)
+ TODO: check
+CVE-2018-8085
+ RESERVED
+CVE-2018-1000097 (Sharutils sharutils (unshar command) version 4.15.2 contains a Buffer ...)
+ TODO: check
+CVE-2018-1000096 (brianleroux tiny-json-http version all versions since commit ...)
+ TODO: check
+CVE-2018-1000095 (oVirt version 4.2.0 to 4.2.2 contains a Cross Site Scripting (XSS) ...)
+ TODO: check
+CVE-2018-1000094 (CMS Made Simple version 2.2.5 contains a Remote Code Execution ...)
+ TODO: check
+CVE-2017-18228 (Remedy Mid Tier in BMC Remedy AR System 9.1 allows XSS via the ATTKey ...)
+ TODO: check
CVE-2018-8084
RESERVED
CVE-2018-8083
@@ -10,8 +26,8 @@ CVE-2018-8080
RESERVED
CVE-2018-8079
RESERVED
-CVE-2018-8078
- RESERVED
+CVE-2018-8078 (YzmCMS 3.7 has Stored XSS via the title parameter to ...)
+ TODO: check
CVE-2018-8077
RESERVED
CVE-2018-8076
@@ -507,8 +523,7 @@ CVE-2018-7860
RESERVED
CVE-2018-7859
RESERVED
-CVE-2018-7858 [cirrus: OOB access when updating vga display]
- RESERVED
+CVE-2018-7858 (Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA ...)
- qemu <unfixed> (bug #892497)
[stretch] - qemu <not-affected> (Vulnerable code not present)
[jessie] - qemu <not-affected> (Vulnerable code not present)
@@ -1377,10 +1392,10 @@ CVE-2018-7565 (CSRF exists on Polycom QDX 6000 devices. ...)
NOT-FOR-US: Polycom QDX 6000 devices
CVE-2018-7564 (Stored XSS exists on Polycom QDX 6000 devices. ...)
NOT-FOR-US: Polycom QDX 6000 devices
-CVE-2018-7563
- RESERVED
-CVE-2018-7562
- RESERVED
+CVE-2018-7563 (An issue was discovered in GLPI through 9.2.1. The application is ...)
+ TODO: check
+CVE-2018-7562 (A remote code execution issue was discovered in GLPI through 9.2.1. ...)
+ TODO: check
CVE-2018-7561 (Stack-based Buffer Overflow in httpd on Tenda AC9 devices ...)
NOT-FOR-US: Tenda AC9 devices
CVE-2018-7560 (index.js in the Anton Myshenin aws-lambda-multipart-parser NPM package ...)
@@ -1460,8 +1475,8 @@ CVE-2018-7543
RESERVED
CVE-2018-7539
RESERVED
-CVE-2018-7538
- RESERVED
+CVE-2018-7538 (A SQL injection vulnerability in the tracker functionality of Enalean ...)
+ TODO: check
CVE-2018-7542 (An issue was discovered in Xen 4.8.x through 4.10.x allowing x86 PVH ...)
{DSA-4131-1}
- xen 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5
@@ -1635,11 +1650,11 @@ CVE-2018-7482 (** DISPUTED ** The K2 component 2.8.0 for Joomla! has Incorrect A
NOT-FOR-US: K2 component for Joomla!
CVE-2017-18200 (The f2fs implementation in the Linux kernel before 4.14 mishandles ...)
- linux <not-affected> (Vulnerable code not present)
-CVE-2018-1000099 [AST-2018-003: Crash with an invalid SDP fmtp attribute]
+CVE-2018-1000099 (Teluu PJSIP version 2.7.1 and earlier contains a Access of ...)
- pjproject 2.7.2~dfsg-1
NOTE: http://downloads.asterisk.org/pub/security/AST-2018-003.html
NOTE: https://trac.pjsip.org/repos/ticket/2092
-CVE-2018-1000098 [AST-2018-002: Crash when given an invalid SDP media format description]
+CVE-2018-1000098 (Teluu PJSIP version 2.7.1 and earlier contains a Integer Overflow ...)
- pjproject 2.7.2~dfsg-1
NOTE: http://downloads.asterisk.org/pub/security/AST-2018-002.html
NOTE: https://trac.pjsip.org/repos/ticket/2093
@@ -4031,8 +4046,8 @@ CVE-2018-6625 (In WatchDog Anti-Malware 2.74.186.150, the driver file (ZAMGUARD3
NOT-FOR-US: WatchDog Anti-Malware
CVE-2018-6624 (OMRON NS devices 1.1 through 1.3 allow remote attackers to bypass ...)
NOT-FOR-US: OMRON NS devices
-CVE-2018-6623
- RESERVED
+CVE-2018-6623 (An issue was discovered in Hola 1.79.859. An unprivileged user could ...)
+ TODO: check
CVE-2018-1000058 (Jenkins Pipeline: Supporting APIs Plugin 2.17 and earlier have an ...)
NOT-FOR-US: jenkins-plugin-workflow-support
CVE-2018-1000057 (Jenkins Credentials Binding Plugin 1.14 and earlier masks passwords it ...)
@@ -4884,8 +4899,8 @@ CVE-2018-6402
RESERVED
CVE-2018-6401
RESERVED
-CVE-2018-6400
- RESERVED
+CVE-2018-6400 (Kingsoft WPS Office Free 10.2.0.5978 allows local users to gain ...)
+ TODO: check
CVE-2018-6399
RESERVED
CVE-2018-6398 (SQL Injection exists in the CP Event Calendar 3.0.1 component for ...)
@@ -5164,10 +5179,10 @@ CVE-2018-6323 (The elf_object_p function in elfcode.h in the Binary File Descrip
[wheezy] - binutils <ignored> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22746
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=38e64b0ecc7f4ee64a02514b8d532782ac057fa2
-CVE-2018-6322
- RESERVED
-CVE-2018-6321
- RESERVED
+CVE-2018-6322 (Panda Global Protection 17.0.1 allows local users to gain privileges ...)
+ TODO: check
+CVE-2018-6321 (Unquoted Windows search path vulnerability in the panda_url_filtering ...)
+ TODO: check
CVE-2018-6320
RESERVED
CVE-2018-6319 (In Sophos Tester Tool 3.2.0.7 Beta, the driver accepts a special ...)
@@ -5485,8 +5500,8 @@ CVE-2018-6185
RESERVED
CVE-2018-6184 (ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next ...)
NOT-FOR-US: ZEIT Next.js
-CVE-2018-6183
- RESERVED
+CVE-2018-6183 (BitDefender Total Security 2018 allows local users to gain privileges ...)
+ TODO: check
CVE-2018-6182
RESERVED
CVE-2018-6181
@@ -6032,8 +6047,8 @@ CVE-2018-6018 (Fixed sizes of HTTPS responses in Tinder iOS app and Tinder Andro
NOT-FOR-US: Tinder
CVE-2018-6017 (Unencrypted transmission of images in Tinder iOS app and Tinder ...)
NOT-FOR-US: Tinder
-CVE-2018-6016
- RESERVED
+CVE-2018-6016 (Unquoted Windows search path vulnerability in the ...)
+ TODO: check
CVE-2018-6015 (An issue was discovered in the "Email Subscribers & Newsletters" ...)
NOT-FOR-US: "Email Subscribers & Newsletters" plugin for WordPress
CVE-2018-6014 (Subsonic v6.1.3 has an insecure allow-access-from domain="*" Flash ...)
@@ -6728,8 +6743,8 @@ CVE-2018-5760
RESERVED
CVE-2018-5759 (jsparse.c in Artifex MuJS through 1.0.2 does not properly maintain the ...)
NOT-FOR-US: MuJS
-CVE-2018-5758
- RESERVED
+CVE-2018-5758 (The Upload File functionality in upload.jspa in Aurea Jive Jive-n ...)
+ TODO: check
CVE-2018-5757
RESERVED
CVE-2018-5756
@@ -62824,10 +62839,10 @@ CVE-2016-9954 (The backtrack compilation code in the Irregex package (aka IrRegu
NOTE: http://www.openwall.com/lists/oss-security/2016/12/14/18
NOTE: https://github.com/ashinn/irregex/commit/a16ffc86eca15fca9e40607d41de3cea9cf868f1
NOTE: For chicken vulnerable code in ./irregex-core.scm
-CVE-2016-9953
- RESERVED
-CVE-2016-9952
- RESERVED
+CVE-2016-9953 (The verify_certificate function in lib/vtls/schannel.c in libcurl ...)
+ TODO: check
+CVE-2016-9952 (The verify_certificate function in lib/vtls/schannel.c in libcurl ...)
+ TODO: check
CVE-2016-10008 (SQL injection vulnerability in the "Content Types > Content Types" ...)
NOT-FOR-US: dotCMS
CVE-2016-10007 (SQL injection vulnerability in the "Marketing > Forms" screen in ...)
@@ -103324,8 +103339,8 @@ CVE-2016-0263 (IBM Spectrum Scale 4.1 before 4.1.1.5 and 4.2 before 4.2.0.2 and
NOT-FOR-US: IBM
CVE-2016-0262 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...)
NOT-FOR-US: IBM
-CVE-2016-0261
- RESERVED
+CVE-2016-0261 (Cross-site scripting (XSS) vulnerability in IBM Curam Social Program ...)
+ TODO: check
CVE-2016-0260 (Memory leak in queue-manager agents in IBM WebSphere MQ 8.x before ...)
NOT-FOR-US: IBM
CVE-2016-0259 (runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to ...)
@@ -103346,8 +103361,8 @@ CVE-2016-0252 (IBM Control Center 6.x before 6.0.0.1 iFix06 and Sterling Control
NOT-FOR-US: IBM
CVE-2016-0251
RESERVED
-CVE-2016-0250
- RESERVED
+CVE-2016-0250 (XML external entity (XXE) vulnerability in IBM InfoSphere Information ...)
+ TODO: check
CVE-2016-0249 (SQL injection vulnerability in IBM Security Guardium Database Activity ...)
NOT-FOR-US: IBM
CVE-2016-0248 (IBM Security Guardium 9.0 before p700 and 10.0 before p100 allows ...)
@@ -103372,12 +103387,12 @@ CVE-2016-0239 (IBM Security Guardium Database Activity Monitor 9.x through 9.5 b
NOT-FOR-US: IBM
CVE-2016-0238 (IBM Security Guardium 9.0, 9.1, 9.5, 10.0, and 10.1 transmits ...)
NOT-FOR-US: IBM
-CVE-2016-0237
- RESERVED
+CVE-2016-0237 (IBM Security Guardium Database Activity Monitor 10 allows local users ...)
+ TODO: check
CVE-2016-0236 (IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x ...)
NOT-FOR-US: IBM
-CVE-2016-0235
- RESERVED
+CVE-2016-0235 (IBM Security Guardium Database Activity Monitor 10 allows local users ...)
+ TODO: check
CVE-2016-0234
RESERVED
CVE-2016-0233 (SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b6c4c3e075d47bb25d6390930c506d5504a1aa47
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b6c4c3e075d47bb25d6390930c506d5504a1aa47
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180313/ebd65aff/attachment.html>
More information about the Secure-testing-commits
mailing list