[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Mar 21 09:10:27 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
994745b7 by security tracker role at 2018-03-21T09:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,113 @@
+CVE-2018-8884
+ RESERVED
+CVE-2018-8883 (Netwide Assembler (NASM) 2.13.02rc2 has a buffer over-read in the ...)
+ TODO: check
+CVE-2018-8882 (Netwide Assembler (NASM) 2.13.02rc2 has a stack-based buffer under-read ...)
+ TODO: check
+CVE-2018-8881 (Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer over-read ...)
+ TODO: check
+CVE-2018-8880
+ RESERVED
+CVE-2018-8879
+ RESERVED
+CVE-2018-8878
+ RESERVED
+CVE-2018-8877
+ RESERVED
+CVE-2018-8876 (In 2345 Security Guard 3.6, the driver file (2345Wrath.sys) allows ...)
+ TODO: check
+CVE-2018-8875 (In 2345 Security Guard 3.6, the driver file (2345Wrath.sys) allows ...)
+ TODO: check
+CVE-2018-8874 (In 2345 Security Guard 3.6, the driver file (2345Wrath.sys) allows ...)
+ TODO: check
+CVE-2018-8873 (In 2345 Security Guard 3.6, the driver file (2345NetFirewall.sys) ...)
+ TODO: check
+CVE-2018-8872
+ RESERVED
+CVE-2018-8871
+ RESERVED
+CVE-2018-8870
+ RESERVED
+CVE-2018-8869
+ RESERVED
+CVE-2018-8868
+ RESERVED
+CVE-2018-8867
+ RESERVED
+CVE-2018-8866
+ RESERVED
+CVE-2018-8865
+ RESERVED
+CVE-2018-8864
+ RESERVED
+CVE-2018-8863
+ RESERVED
+CVE-2018-8862
+ RESERVED
+CVE-2018-8861
+ RESERVED
+CVE-2018-8860
+ RESERVED
+CVE-2018-8859
+ RESERVED
+CVE-2018-8858
+ RESERVED
+CVE-2018-8857
+ RESERVED
+CVE-2018-8856
+ RESERVED
+CVE-2018-8855
+ RESERVED
+CVE-2018-8854
+ RESERVED
+CVE-2018-8853
+ RESERVED
+CVE-2018-8852
+ RESERVED
+CVE-2018-8851
+ RESERVED
+CVE-2018-8850
+ RESERVED
+CVE-2018-8849
+ RESERVED
+CVE-2018-8848
+ RESERVED
+CVE-2018-8847
+ RESERVED
+CVE-2018-8846
+ RESERVED
+CVE-2018-8845
+ RESERVED
+CVE-2018-8844
+ RESERVED
+CVE-2018-8843
+ RESERVED
+CVE-2018-8842
+ RESERVED
+CVE-2018-8841
+ RESERVED
+CVE-2018-8840
+ RESERVED
+CVE-2018-8839
+ RESERVED
+CVE-2018-8838
+ RESERVED
+CVE-2018-8837
+ RESERVED
+CVE-2018-8836
+ RESERVED
+CVE-2018-8835
+ RESERVED
+CVE-2018-8834
+ RESERVED
+CVE-2018-8833
+ RESERVED
+CVE-2018-8832 (enhavo 0.4.0 has XSS via a user-group that contains executable ...)
+ TODO: check
+CVE-2018-8831
+ RESERVED
+CVE-2018-8830
+ RESERVED
CVE-2018-8829
RESERVED
CVE-2018-8828 (A Buffer Overflow issue was discovered in Kamailio before 4.4.7, 5.0.x ...)
@@ -109085,14 +109195,14 @@ CVE-2015-7463 (IBM Business Process Manager 7.5.x, 8.0.x, 8.5.0, 8.5.5, and 8.5.
NOT-FOR-US: IBM
CVE-2015-7462 (IBM WebSphere MQ 8.0.0.4 on IBM i platforms allows local users to ...)
NOT-FOR-US: IBM
-CVE-2015-7461
- RESERVED
-CVE-2015-7460
- RESERVED
-CVE-2015-7459
- RESERVED
-CVE-2015-7458
- RESERVED
+CVE-2015-7461 (XML external entity (XXE) vulnerability in IBM Connections 3.0.1.1 and ...)
+ TODO: check
+CVE-2015-7460 (Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 ...)
+ TODO: check
+CVE-2015-7459 (Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 ...)
+ TODO: check
+CVE-2015-7458 (Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 ...)
+ TODO: check
CVE-2015-7457 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x ...)
NOT-FOR-US: IBM
CVE-2015-7456 (IBM Spectrum Scale 4.1.1 before 4.1.1.4, and 4.2.0.0, allows remote ...)
@@ -109109,8 +109219,8 @@ CVE-2015-7451 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...)
NOT-FOR-US: IBM
CVE-2015-7450 (Serialized-object interfaces in certain IBM analytics, business ...)
NOT-FOR-US: IBM
-CVE-2015-7449
- RESERVED
+CVE-2015-7449 (IBM Rational Collaborative Lifecycle Management (CLM) 4.0.x before ...)
+ TODO: check
CVE-2015-7448 (SQL injection vulnerability in IBM Maximo Asset Management 7.1 through ...)
NOT-FOR-US: IBM
CVE-2015-7447 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...)
@@ -142902,8 +143012,8 @@ CVE-2014-4930 (Multiple cross-site scripting (XSS) vulnerabilities in event/inde
CVE-2014-4929 (Directory traversal vulnerability in the routing component in ownCloud ...)
- owncloud 6.0.4~beta1+dfsg-1
NOTE: https://github.com/owncloud/security-advisories/blob/master/server/oc-sa-2014-018.json
-CVE-2014-4928
- RESERVED
+CVE-2014-4928 (SQL injection vulnerability in Invision Power Board (aka IPB or ...)
+ TODO: check
CVE-2014-4927 (Buffer overflow in ACME micro_httpd, as used in D-Link DSL2750U and ...)
NOT-FOR-US: ACME micro_httpd
CVE-2014-4926
@@ -145134,8 +145244,8 @@ CVE-2014-3992 (Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM 3.5.3
- dolibarr 3.5.4+dfsg2-1 (bug #755531)
CVE-2014-3991 (Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ...)
- dolibarr 3.5.5+dfsg1-1
-CVE-2014-3990
- RESERVED
+CVE-2014-3990 (The Cart::getProducts method in system/library/cart.php in OpenCart ...)
+ TODO: check
CVE-2014-3989
RESERVED
CVE-2014-3988 (Cross-site scripting (XSS) vulnerability in index.php in SunHater ...)
@@ -150912,12 +151022,10 @@ CVE-2014-2039 (arch/s390/kernel/head64.S in the Linux kernel before 3.13.5 on th
NOTE: https://git.kernel.org/linus/8d7f6690cedb83456edd41c9bd583783f0703bf0
CVE-2014-2037 (Openswan 2.6.40 allows remote attackers to cause a denial of service ...)
- openswan <not-affected> (Incomplete fix was never applied)
-CVE-2014-2032 [missing input validation]
- RESERVED
+CVE-2014-2032 (Deadwood before 2.3.09, 3.x before 3.2.05, and as used in MaraDNS ...)
- maradns <not-affected> (Deadwood resolver not enabled)
NOTE: https://github.com/samboy/MaraDNS/commit/2cfcd2397cb8168d4aa4594839fabe88420d03c3
-CVE-2014-2031 [logic error]
- RESERVED
+CVE-2014-2031 (Deadwood before 2.3.09, 3.x before 3.2.05, and as used in MaraDNS ...)
- maradns <not-affected> (Deadwood resolver not enabled)
NOTE: https://github.com/samboy/MaraDNS/commit/f015495d221f1c2b2f10db38e87cecf3839d6093
CVE-2014-2030
@@ -151861,8 +151969,8 @@ CVE-2014-1668
RESERVED
CVE-2014-1667
RESERVED
-CVE-2014-1665
- RESERVED
+CVE-2014-1665 (Cross-site scripting (XSS) vulnerability in ownCloud before 6.0.1 ...)
+ TODO: check
CVE-2014-1663 (Unspecified vulnerability in Citrix XenMobile Device Manager server ...)
NOT-FOR-US: Citrix XenMobile Device Manager server
CVE-2014-1662
@@ -152747,8 +152855,8 @@ CVE-2014-1459 (SQL injection vulnerability in dg-admin/index.php in doorGets CMS
NOT-FOR-US: doorGets CMS
CVE-2014-1458 (Cross-site scripting (XSS) vulnerability in the web administration ...)
NOT-FOR-US: FortiGuard FortiWeb
-CVE-2014-1457
- RESERVED
+CVE-2014-1457 (Open Web Analytics (OWA) before 1.5.6 improperly generates random ...)
+ TODO: check
CVE-2014-1456 (Cross-site scripting (XSS) vulnerability in the login page in Open Web ...)
NOT-FOR-US: Open Web Analytics
CVE-2014-1455 (SQL injection vulnerability in the password reset functionality in ...)
@@ -153289,8 +153397,7 @@ CVE-2014-1217 (Livetecs Timelive before 6.2.8 does not properly restrict access
NOT-FOR-US: Livetecs Timelive
CVE-2014-1216 (FitNesse Wiki 20131110, 20140201, and earlier allows remote attackers ...)
NOT-FOR-US: Fitnesse Wiki
-CVE-2014-1215
- RESERVED
+CVE-2014-1215 (Multiple buffer overflows in Core FTP Server before 1.2 build 508 ...)
NOT-FOR-US: Core FTP Server
CVE-2014-1214
RESERVED
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/994745b7c87093f8cac86741f1bd0ceec42875c3
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/994745b7c87093f8cac86741f1bd0ceec42875c3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180321/be8e40cd/attachment-0001.html>
More information about the Secure-testing-commits
mailing list