[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sun Mar 25 20:10:26 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
50608f14 by security tracker role at 2018-03-25T20:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,19 @@
+CVE-2018-9017 (dsmall v20180320 allows XSS via the member search box at the ...)
+ TODO: check
+CVE-2018-9016 (dsmall v20180320 allows XSS via the main page search box at the ...)
+ TODO: check
+CVE-2018-9015 (dsmall v20180320 allows XSS via the ...)
+ TODO: check
+CVE-2018-9014 (dsmall v20180320 allows physical path leakage via a ...)
+ TODO: check
+CVE-2018-9013
+ RESERVED
+CVE-2018-9012
+ RESERVED
+CVE-2018-9011
+ RESERVED
+CVE-2018-9010 (Intelbras TELEFONE IP TIP200/200 LITE 60.0.75.29 devices allow remote ...)
+ TODO: check
CVE-2018-9009 (In libming 0.4.8, there is a use-after-free in the decompileJUMP ...)
- ming <removed>
NOTE: https://github.com/libming/libming/issues/131
@@ -59,10 +75,10 @@ CVE-2018-8981
RESERVED
CVE-2018-8980
RESERVED
-CVE-2018-8979
- RESERVED
-CVE-2018-8978
- RESERVED
+CVE-2018-8979 (Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifying a ...)
+ TODO: check
+CVE-2018-8978 (Open-AudIT Professional 2.1 has XSS via a crafted src attribute of an ...)
+ TODO: check
CVE-2018-8977 (In Exiv2 0.26, the Exiv2::Internal::printCsLensFFFF function in ...)
TODO: check
CVE-2018-8976 (In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial ...)
@@ -130,8 +146,8 @@ CVE-2018-8949 (An issue was discovered in app/Model/Attribute.php in MISP before
NOT-FOR-US: MISP
CVE-2018-8948 (In MISP before 2.4.89, app/View/Events/resolved_attributes.ctp has ...)
NOT-FOR-US: MISP
-CVE-2018-8947
- RESERVED
+CVE-2018-8947 (rap2hpoutre Laravel Log Viewer before v0.13.0 relies on Base64 encoding ...)
+ TODO: check
CVE-2018-1000141 (I, Librarian version 4.9 and earlier contains an Incorrect Access ...)
- i-librarian <itp> (bug #649291)
NOTE: https://github.com/mkucej/i-librarian/issues/124
@@ -457,8 +473,8 @@ CVE-2018-8819
RESERVED
CVE-2018-8818
RESERVED
-CVE-2018-8817
- RESERVED
+CVE-2018-8817 (Wampserver before 3.1.3 has CSRF in add_vhost.php. ...)
+ TODO: check
CVE-2018-8816
RESERVED
CVE-2018-8815 (Cross-site scripting (XSS) vulnerability in the gallery function in ...)
@@ -2987,8 +3003,8 @@ CVE-2018-7721 (Cross Site Scripting (XSS) exists in MetInfo 6.0.0 via ...)
NOT-FOR-US: MetInfo
CVE-2018-7720 (A cross-site request forgery (CSRF) vulnerability exists in Western ...)
NOT-FOR-US: Western Bridge Cobub Razor
-CVE-2018-7719
- RESERVED
+CVE-2018-7719 (Acrolinx Server before 5.2.5 on Windows allows Directory Traversal. ...)
+ TODO: check
CVE-2018-7752 (GPAC through 0.7.1 has a Buffer Overflow in the gf_media_avc_read_sps ...)
- gpac <unfixed> (bug #892526)
[wheezy] - gpac <not-affected> (vulnerable code not present)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/50608f147a7b202caeb7931b50abb34f0527aa49
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/50608f147a7b202caeb7931b50abb34f0527aa49
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180325/490a28f2/attachment.html>
More information about the Secure-testing-commits
mailing list