[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Mar 20 09:10:24 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7a94df74 by security tracker role at 2018-03-20T09:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,45 @@
+CVE-2018-8821 (windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers ...)
+ TODO: check
+CVE-2018-8820
+ RESERVED
+CVE-2018-8819
+ RESERVED
+CVE-2018-8818
+ RESERVED
+CVE-2018-8817
+ RESERVED
+CVE-2018-8816
+ RESERVED
+CVE-2018-8815 (Cross-site scripting (XSS) vulnerability in the gallery function in ...)
+ TODO: check
+CVE-2018-8814
+ RESERVED
+CVE-2018-8813
+ RESERVED
+CVE-2018-8812
+ RESERVED
+CVE-2018-8811 (Cross-site request forgery (CSRF) vulnerability in ...)
+ TODO: check
+CVE-2018-8810 (In radare2 2.4.0, there is a heap-based buffer over-read in the ...)
+ TODO: check
+CVE-2018-8809 (In radare2 2.4.0, there is a heap-based buffer over-read in the ...)
+ TODO: check
+CVE-2018-8808 (In radare2 2.4.0, there is a heap-based buffer over-read in the ...)
+ TODO: check
+CVE-2018-8807 (In libming 0.4.8, these is a use-after-free in the function ...)
+ TODO: check
+CVE-2018-8806 (In libming 0.4.8, there is a use-after-free in the ...)
+ TODO: check
+CVE-2018-8805 (Yxcms building system (compatible cell phone) v1.4.7 has XSS via the ...)
+ TODO: check
+CVE-2018-8804 (WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remote ...)
+ TODO: check
+CVE-2018-8803
+ RESERVED
+CVE-2018-8802
+ RESERVED
+CVE-2018-8801
+ RESERVED
CVE-2018-8800
RESERVED
CVE-2018-8799
@@ -3360,8 +3402,8 @@ CVE-2018-7447 (mojoPortal through 2.6.0.0 is prone to multiple persistent cross-
NOT-FOR-US: mojoPortal
CVE-2018-7446
RESERVED
-CVE-2018-7445
- RESERVED
+CVE-2018-7445 (A buffer overflow was found in the MikroTik RouterOS SMB service when ...)
+ TODO: check
CVE-2018-7444
RESERVED
CVE-2017-18199 (realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote ...)
@@ -4045,8 +4087,7 @@ CVE-2018-7263 (The mad_decoder_run() function in decoder.c in Underbit libmad th
NOTE: https://bugs.debian.org/870608
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1081784
TODO: clarify with MITRE why this CVE was additionally assigned
-CVE-2018-7262 [Malformed HTTP requests handled in rgw_civetweb.cc:RGW::init_env() can lead to NULL pointer dereference]
- RESERVED
+CVE-2018-7262 (In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc ...)
- ceph <not-affected> (Issue introduced later)
NOTE: See details in https://bugs.debian.org/891963#15 . Ceph as present in
NOTE: Debian up to 10.2.5-7.2 is not vulnerable as they contain an older
@@ -9740,8 +9781,7 @@ CVE-2017-18022 (In ImageMagick 7.0.7-12 Q16, there are memory leaks in ...)
CVE-2018-5244 (In Xen 4.10, new infrastructure was introduced as part of an overhaul ...)
- xen <not-affected> (Only affects Xen 4.10 onwards)
NOTE: https://xenbits.xen.org/xsa/advisory-253.html
-CVE-2018-5233
- RESERVED
+CVE-2018-5233 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: Grav CMS admin plugin
CVE-2018-5232
RESERVED
@@ -141543,8 +141583,7 @@ CVE-2014-5459 (The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allo
NOTE: Although #682157 and #759282 got closed the issues with unsafe use of
NOTE: /tmp are not yet resolved, cf. https://bugs.debian.org/682157#36
NOTE: Neutralised by kernel hardening
-CVE-2014-5450
- RESERVED
+CVE-2014-5450 (Zarafa Collaboration Platform 4.1 uses world-readable permissions for ...)
- zarafa <itp> (bug #658433)
CVE-2014-5449 (Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for ...)
- zarafa <itp> (bug #658433)
@@ -141552,8 +141591,7 @@ CVE-2014-5448 (Zarafa 5.00 uses world-readable permissions for the files in the
- zarafa <itp> (bug #658433)
CVE-2014-5447 (Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions ...)
- zarafa <itp> (bug #658433)
-CVE-2014-5443
- RESERVED
+CVE-2014-5443 (Seafile Server before 3.1.2 and Server Professional Edition before ...)
- seafile <not-affected> (Fixed before initial upload to the archive)
CVE-2014-5388 (Off-by-one error in the pci_read function in the ACPI PCI hotplug ...)
- qemu 2.1+dfsg-5
@@ -144928,8 +144966,8 @@ CVE-2014-4026
RESERVED
CVE-2014-4025
RESERVED
-CVE-2014-4024
- RESERVED
+CVE-2014-4024 (SSL virtual servers in F5 BIG-IP systems 10.x before 10.2.4 HF9, 11.x ...)
+ TODO: check
CVE-2014-4023 (Cross-site scripting (XSS) vulnerability in tmui/dashboard/echo.jsp in ...)
NOT-FOR-US: F5 BIG-IP
CVE-2014-4022 (The alloc_domain_struct function in arch/arm/domain.c in Xen 4.4.x, ...)
@@ -148336,11 +148374,9 @@ CVE-2014-2890 (Cross-site scripting (XSS) vulnerability in the wrap_html functio
- phpmyid <itp> (bug #492325)
CVE-2014-2888 (lib/sfpagent/bsig.rb in the sfpagent gem before 0.4.15 for Ruby allows ...)
NOT-FOR-US: Ruby Gem sfpagent
-CVE-2014-2885
- RESERVED
+CVE-2014-2885 (Multiple integer overflows in TrueCrypt 7.1a allow local users to (1) ...)
- truecrypt <itp> (bug #364034)
-CVE-2014-2884
- RESERVED
+CVE-2014-2884 (The ProcessVolumeDeviceControlIrp function in Ntdriver.c in TrueCrypt ...)
- truecrypt <itp> (bug #364034)
CVE-2014-2874 (PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote ...)
NOT-FOR-US: PaperThin CommonSpot
@@ -148882,10 +148918,10 @@ CVE-2014-2677
RESERVED
CVE-2014-2676
RESERVED
-CVE-2014-2675
- RESERVED
-CVE-2014-2674
- RESERVED
+CVE-2014-2675 (Cross-site request forgery (CSRF) vulnerability in inc/AdminPage.php ...)
+ TODO: check
+CVE-2014-2674 (Directory traversal vulnerability in the Ajax Pagination (twitter ...)
+ TODO: check
CVE-2014-2671 (Microsoft Windows Media Player (WMP) 11.0.5721.5230 allows remote ...)
NOT-FOR-US: Microsoft Windows Media Player
CVE-2014-2670 (Cross-site scripting (XSS) vulnerability in Properties.do in ZOHO ...)
@@ -148993,8 +149029,8 @@ CVE-2014-2655 (SQL injection vulnerability in the gen_show_status function in ..
CVE-2014-2653 (The verify_host_key function in sshconnect.c in the client in OpenSSH ...)
{DSA-2894-1}
- openssh 1:6.6p1-1 (low; bug #742513)
-CVE-2014-2652
- RESERVED
+CVE-2014-2652 (SQL injection vulnerability in OpenScape Deployment Service (DLS) ...)
+ TODO: check
CVE-2014-2651
RESERVED
CVE-2014-2650
@@ -149187,8 +149223,8 @@ CVE-2014-2552
RESERVED
CVE-2014-2551
RESERVED
-CVE-2014-2550
- RESERVED
+CVE-2014-2550 (Cross-site request forgery (CSRF) vulnerability in the Disable ...)
+ TODO: check
CVE-2014-2549
RESERVED
CVE-2014-2548
@@ -149942,8 +149978,8 @@ CVE-2014-2299 (Buffer overflow in the mpeg_read function in wiretap/mpeg.c in th
NOTE: http://www.wireshark.org/security/wnpa-sec-2014-04.html
CVE-2014-2298
RESERVED
-CVE-2014-2297
- RESERVED
+CVE-2014-2297 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
+ TODO: check
CVE-2014-2296
RESERVED
CVE-2014-2295
@@ -150023,8 +150059,8 @@ CVE-2014-2276 (The FileUploadController servlet in EMC Connectrix Manager Conver
NOT-FOR-US: EMC
CVE-2014-2275
RESERVED
-CVE-2014-2274
- RESERVED
+CVE-2014-2274 (Cross-site request forgery (CSRF) vulnerability in the Subscribe To ...)
+ TODO: check
CVE-2014-2273 (The hx170dec device driver in Huawei P2-6011 before V100R001C00B043 ...)
NOT-FOR-US: Huawei Router
CVE-2014-2272
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7a94df74102cb4c9ed64b8fd503f8ee5867efd5e
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7a94df74102cb4c9ed64b8fd503f8ee5867efd5e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180320/9e96bf0e/attachment.html>
More information about the Secure-testing-commits
mailing list