[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue Mar 20 09:10:24 UTC 2018


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7a94df74 by security tracker role at 2018-03-20T09:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,45 @@
+CVE-2018-8821 (windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers ...)
+	TODO: check
+CVE-2018-8820
+	RESERVED
+CVE-2018-8819
+	RESERVED
+CVE-2018-8818
+	RESERVED
+CVE-2018-8817
+	RESERVED
+CVE-2018-8816
+	RESERVED
+CVE-2018-8815 (Cross-site scripting (XSS) vulnerability in the gallery function in ...)
+	TODO: check
+CVE-2018-8814
+	RESERVED
+CVE-2018-8813
+	RESERVED
+CVE-2018-8812
+	RESERVED
+CVE-2018-8811 (Cross-site request forgery (CSRF) vulnerability in ...)
+	TODO: check
+CVE-2018-8810 (In radare2 2.4.0, there is a heap-based buffer over-read in the ...)
+	TODO: check
+CVE-2018-8809 (In radare2 2.4.0, there is a heap-based buffer over-read in the ...)
+	TODO: check
+CVE-2018-8808 (In radare2 2.4.0, there is a heap-based buffer over-read in the ...)
+	TODO: check
+CVE-2018-8807 (In libming 0.4.8, these is a use-after-free in the function ...)
+	TODO: check
+CVE-2018-8806 (In libming 0.4.8, there is a use-after-free in the ...)
+	TODO: check
+CVE-2018-8805 (Yxcms building system (compatible cell phone) v1.4.7 has XSS via the ...)
+	TODO: check
+CVE-2018-8804 (WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remote ...)
+	TODO: check
+CVE-2018-8803
+	RESERVED
+CVE-2018-8802
+	RESERVED
+CVE-2018-8801
+	RESERVED
 CVE-2018-8800
 	RESERVED
 CVE-2018-8799
@@ -3360,8 +3402,8 @@ CVE-2018-7447 (mojoPortal through 2.6.0.0 is prone to multiple persistent cross-
 	NOT-FOR-US: mojoPortal
 CVE-2018-7446
 	RESERVED
-CVE-2018-7445
-	RESERVED
+CVE-2018-7445 (A buffer overflow was found in the MikroTik RouterOS SMB service when ...)
+	TODO: check
 CVE-2018-7444
 	RESERVED
 CVE-2017-18199 (realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote ...)
@@ -4045,8 +4087,7 @@ CVE-2018-7263 (The mad_decoder_run() function in decoder.c in Underbit libmad th
 	NOTE: https://bugs.debian.org/870608
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1081784
 	TODO: clarify with MITRE why this CVE was additionally assigned
-CVE-2018-7262 [Malformed HTTP requests handled in rgw_civetweb.cc:RGW::init_env() can lead to NULL pointer dereference]
-	RESERVED
+CVE-2018-7262 (In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc ...)
 	- ceph <not-affected> (Issue introduced later)
 	NOTE: See details in https://bugs.debian.org/891963#15 . Ceph as present in
 	NOTE: Debian up to 10.2.5-7.2 is not vulnerable as they contain an older
@@ -9740,8 +9781,7 @@ CVE-2017-18022 (In ImageMagick 7.0.7-12 Q16, there are memory leaks in ...)
 CVE-2018-5244 (In Xen 4.10, new infrastructure was introduced as part of an overhaul ...)
 	- xen <not-affected> (Only affects Xen 4.10 onwards)
 	NOTE: https://xenbits.xen.org/xsa/advisory-253.html
-CVE-2018-5233
-	RESERVED
+CVE-2018-5233 (Cross-site scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: Grav CMS admin plugin
 CVE-2018-5232
 	RESERVED
@@ -141543,8 +141583,7 @@ CVE-2014-5459 (The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allo
 	NOTE: Although #682157 and #759282 got closed the issues with unsafe use of
 	NOTE: /tmp are not yet resolved, cf. https://bugs.debian.org/682157#36
 	NOTE: Neutralised by kernel hardening
-CVE-2014-5450
-	RESERVED
+CVE-2014-5450 (Zarafa Collaboration Platform 4.1 uses world-readable permissions for ...)
 	- zarafa <itp> (bug #658433)
 CVE-2014-5449 (Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for ...)
 	- zarafa <itp> (bug #658433)
@@ -141552,8 +141591,7 @@ CVE-2014-5448 (Zarafa 5.00 uses world-readable permissions for the files in the 
 	- zarafa <itp> (bug #658433)
 CVE-2014-5447 (Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions ...)
 	- zarafa <itp> (bug #658433)
-CVE-2014-5443
-	RESERVED
+CVE-2014-5443 (Seafile Server before 3.1.2 and Server Professional Edition before ...)
 	- seafile <not-affected> (Fixed before initial upload to the archive)
 CVE-2014-5388 (Off-by-one error in the pci_read function in the ACPI PCI hotplug ...)
 	- qemu 2.1+dfsg-5
@@ -144928,8 +144966,8 @@ CVE-2014-4026
 	RESERVED
 CVE-2014-4025
 	RESERVED
-CVE-2014-4024
-	RESERVED
+CVE-2014-4024 (SSL virtual servers in F5 BIG-IP systems 10.x before 10.2.4 HF9, 11.x ...)
+	TODO: check
 CVE-2014-4023 (Cross-site scripting (XSS) vulnerability in tmui/dashboard/echo.jsp in ...)
 	NOT-FOR-US: F5 BIG-IP
 CVE-2014-4022 (The alloc_domain_struct function in arch/arm/domain.c in Xen 4.4.x, ...)
@@ -148336,11 +148374,9 @@ CVE-2014-2890 (Cross-site scripting (XSS) vulnerability in the wrap_html functio
 	- phpmyid <itp> (bug #492325)
 CVE-2014-2888 (lib/sfpagent/bsig.rb in the sfpagent gem before 0.4.15 for Ruby allows ...)
 	NOT-FOR-US: Ruby Gem sfpagent
-CVE-2014-2885
-	RESERVED
+CVE-2014-2885 (Multiple integer overflows in TrueCrypt 7.1a allow local users to (1) ...)
 	- truecrypt <itp> (bug #364034)
-CVE-2014-2884
-	RESERVED
+CVE-2014-2884 (The ProcessVolumeDeviceControlIrp function in Ntdriver.c in TrueCrypt ...)
 	- truecrypt <itp> (bug #364034)
 CVE-2014-2874 (PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote ...)
 	NOT-FOR-US: PaperThin CommonSpot
@@ -148882,10 +148918,10 @@ CVE-2014-2677
 	RESERVED
 CVE-2014-2676
 	RESERVED
-CVE-2014-2675
-	RESERVED
-CVE-2014-2674
-	RESERVED
+CVE-2014-2675 (Cross-site request forgery (CSRF) vulnerability in inc/AdminPage.php ...)
+	TODO: check
+CVE-2014-2674 (Directory traversal vulnerability in the Ajax Pagination (twitter ...)
+	TODO: check
 CVE-2014-2671 (Microsoft Windows Media Player (WMP) 11.0.5721.5230 allows remote ...)
 	NOT-FOR-US: Microsoft Windows Media Player
 CVE-2014-2670 (Cross-site scripting (XSS) vulnerability in Properties.do in ZOHO ...)
@@ -148993,8 +149029,8 @@ CVE-2014-2655 (SQL injection vulnerability in the gen_show_status function in ..
 CVE-2014-2653 (The verify_host_key function in sshconnect.c in the client in OpenSSH ...)
 	{DSA-2894-1}
 	- openssh 1:6.6p1-1 (low; bug #742513)
-CVE-2014-2652
-	RESERVED
+CVE-2014-2652 (SQL injection vulnerability in OpenScape Deployment Service (DLS) ...)
+	TODO: check
 CVE-2014-2651
 	RESERVED
 CVE-2014-2650
@@ -149187,8 +149223,8 @@ CVE-2014-2552
 	RESERVED
 CVE-2014-2551
 	RESERVED
-CVE-2014-2550
-	RESERVED
+CVE-2014-2550 (Cross-site request forgery (CSRF) vulnerability in the Disable ...)
+	TODO: check
 CVE-2014-2549
 	RESERVED
 CVE-2014-2548
@@ -149942,8 +149978,8 @@ CVE-2014-2299 (Buffer overflow in the mpeg_read function in wiretap/mpeg.c in th
 	NOTE: http://www.wireshark.org/security/wnpa-sec-2014-04.html
 CVE-2014-2298
 	RESERVED
-CVE-2014-2297
-	RESERVED
+CVE-2014-2297 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
+	TODO: check
 CVE-2014-2296
 	RESERVED
 CVE-2014-2295
@@ -150023,8 +150059,8 @@ CVE-2014-2276 (The FileUploadController servlet in EMC Connectrix Manager Conver
 	NOT-FOR-US: EMC
 CVE-2014-2275
 	RESERVED
-CVE-2014-2274
-	RESERVED
+CVE-2014-2274 (Cross-site request forgery (CSRF) vulnerability in the Subscribe To ...)
+	TODO: check
 CVE-2014-2273 (The hx170dec device driver in Huawei P2-6011 before V100R001C00B043 ...)
 	NOT-FOR-US: Huawei Router
 CVE-2014-2272



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7a94df74102cb4c9ed64b8fd503f8ee5867efd5e

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7a94df74102cb4c9ed64b8fd503f8ee5867efd5e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180320/9e96bf0e/attachment.html>


More information about the Secure-testing-commits mailing list