[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Mar 26 20:10:22 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6d7e19b7 by security tracker role at 2018-03-26T20:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,5 @@
+CVE-2017-18248 (The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when ...)
+ TODO: check
CVE-2018-9020 (The Events Manager plugin before 5.8.1.2 for WordPress allows XSS via ...)
NOT-FOR-US: Wordpress plugin
CVE-2018-9019
@@ -221,8 +223,8 @@ CVE-2018-8939
RESERVED
CVE-2018-8938
RESERVED
-CVE-2018-8937
- RESERVED
+CVE-2018-8937 (An issue was discovered in Open-AudIT Professional 2.1. It is possible ...)
+ TODO: check
CVE-2018-8936 (The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips ...)
NOT-FOR-US: AMD
CVE-2018-8935 (The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, ...)
@@ -2923,6 +2925,7 @@ CVE-2018-7741 (Eramba e1.0.6.033 has Reflected XSS in the Date Filter via the cr
CVE-2018-1000118 (Github Electron version Electron 1.8.2-beta.4 and earlier contains a ...)
- electron <itp> (bug #842420)
CVE-2018-1000116 (NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the ...)
+ {DLA-1317-1}
- net-snmp 5.7.3+dfsg-1.1 (bug #894110)
NOTE: https://sourceforge.net/p/net-snmp/bugs/2821/
NOTE: https://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791/
@@ -3153,8 +3156,8 @@ CVE-2018-7675 (In NetIQ Sentinel before 8.1.x, a Sentinel user is logged into th
NOT-FOR-US: NetIQ Sentinel
CVE-2018-7674
RESERVED
-CVE-2018-7673
- RESERVED
+CVE-2018-7673 (The NetIQ Identity Manager communication channel, in versions prior to ...)
+ TODO: check
CVE-2017-18218 (In drivers/net/ethernet/hisilicon/hns/hns_enet.c in the Linux kernel ...)
- linux 4.13.4-1
[jessie] - linux <not-affected> (Vulnerable code not present)
@@ -3652,8 +3655,8 @@ CVE-2018-7544 (** DISPUTED ** A cross-protocol scripting issue was discovered in
NOTE: Not a security issue per se, later versions might explicitly warn in
NOTE: affected problematic configurations in both the documentation and with
NOTE: a runtime warning.
-CVE-2018-7543
- RESERVED
+CVE-2018-7543 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
CVE-2018-7539
RESERVED
CVE-2018-7538 (A SQL injection vulnerability in the tracker functionality of Enalean ...)
@@ -3751,7 +3754,7 @@ CVE-2018-7504 (A Protection Mechanism Failure issue was discovered in OSIsoft PI
NOT-FOR-US: OSIsoft PI
CVE-2018-7503
RESERVED
-CVE-2018-7502 (Kernal drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 ...)
+CVE-2018-7502 (Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 ...)
NOT-FOR-US: Beckhoff TwinCAT
CVE-2018-7501
RESERVED
@@ -5193,7 +5196,7 @@ CVE-2018-7052 (An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.
NOTE: https://irssi.org/security/irssi_sa_2018_02.txt
NOTE: Fixed by: https://github.com/irssi/irssi/commit/5b5bfef03596d95079c728f65f523570dd7b03aa
CVE-2018-7051 (An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. ...)
- {DLA-1289-1}
+ {DLA-1318-1}
- irssi 1.0.7-1 (bug #890677)
NOTE: https://irssi.org/security/irssi_sa_2018_02.txt
NOTE: Fixed by: https://github.com/irssi/irssi/commit/e32e9d63c67ab95ef0576154680a6c52334b97af
@@ -9063,7 +9066,7 @@ CVE-2018-1000005 (libcurl 7.49.0 to and including 7.57.0 contains an out bounds
NOTE: https://curl.haxx.se/docs/adv_2018-824a.html
NOTE: Introduced by: https://github.com/curl/curl/commit/0761a51ee0551ad9e5
NOTE: Patch: https://github.com/curl/curl/commit/fa3dbb9a147488a294.patch
-CVE-2018-5731 (An issue was discovered in Heimdal PRO 2.2.190. As part of the scanning ...)
+CVE-2018-5731 (An issue was discovered in Heimdal PRO 2.2.190. As part of the ...)
NOT-FOR-US: Heimdal PRO
CVE-2018-5730 (MIT krb5 1.6 or later allows an authenticated kadmin with permission ...)
- krb5 <unfixed> (bug #891869)
@@ -9658,48 +9661,48 @@ CVE-2018-5476 (A Stack-based Buffer Overflow issue was discovered in Delta Elect
NOT-FOR-US: Delta Electronics Delta Industrial Automation DOPSoft
CVE-2018-5475 (A Stack-based Buffer Overflow issue was discovered in GE D60 Line ...)
NOT-FOR-US: GE D60 Line Distance Relay devices
-CVE-2018-5474
- RESERVED
+CVE-2018-5474 (Philips Intellispace Portal all versions 7.0.x and 8.0.x have an input ...)
+ TODO: check
CVE-2018-5473 (An Improper Restriction of Operations within the Bounds of a Memory ...)
NOT-FOR-US: GE D60 Line Distance Relay devices
-CVE-2018-5472
- RESERVED
+CVE-2018-5472 (Philips Intellispace Portal all versions 7.0.x and 8.0.x have an ...)
+ TODO: check
CVE-2018-5471 (A Cleartext Transmission of Sensitive Information issue was discovered ...)
NOT-FOR-US: Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches
-CVE-2018-5470
- RESERVED
+CVE-2018-5470 (Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an ...)
+ TODO: check
CVE-2018-5469 (An Improper Restriction of Excessive Authentication Attempts issue was ...)
NOT-FOR-US: Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches
-CVE-2018-5468
- RESERVED
+CVE-2018-5468 (Philips Intellispace Portal all versions 7.0.x and 8.0.x have a remote ...)
+ TODO: check
CVE-2018-5467 (An Information Exposure Through Query Strings in GET Request issue was ...)
NOT-FOR-US: Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches
-CVE-2018-5466
- RESERVED
+CVE-2018-5466 (Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a ...)
+ TODO: check
CVE-2018-5465 (A Session Fixation issue was discovered in Belden Hirschmann RS, RSR, ...)
NOT-FOR-US: Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches
-CVE-2018-5464
- RESERVED
+CVE-2018-5464 (Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an ...)
+ TODO: check
CVE-2018-5463
RESERVED
-CVE-2018-5462
- RESERVED
+CVE-2018-5462 (Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an ...)
+ TODO: check
CVE-2018-5461 (An Inadequate Encryption Strength issue was discovered in Belden ...)
NOT-FOR-US: Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches
CVE-2018-5460
RESERVED
CVE-2018-5459 (An Improper Authentication issue was discovered in WAGO PFC200 Series ...)
NOT-FOR-US: WAGO PFC200
-CVE-2018-5458
- RESERVED
+CVE-2018-5458 (Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a ...)
+ TODO: check
CVE-2018-5457 (A uncontrolled search path element issue was discovered in Vyaire ...)
NOT-FOR-US: Vyaire Medical CareFusion Upgrade Utility
CVE-2018-5456
RESERVED
CVE-2018-5455 (A Reliance on Cookies without Validation and Integrity Checking issue ...)
NOT-FOR-US: Moxa
-CVE-2018-5454
- RESERVED
+CVE-2018-5454 (Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a ...)
+ TODO: check
CVE-2018-5453 (An Improper Handling of Length Parameter Inconsistency issue was ...)
NOT-FOR-US: Moxa
CVE-2018-5452 (A Stack-based Buffer Overflow issue was discovered in Emerson Process ...)
@@ -20162,12 +20165,12 @@ CVE-2017-17538 (MikroTik v6.40.5 devices allow remote attackers to cause a denia
NOT-FOR-US: MikroTik
CVE-2017-17537 (MikroTik RouterBOARD v6.39.2 and v6.40.5 allows an unauthenticated ...)
NOT-FOR-US: MikroTik
-CVE-2018-1350
- RESERVED
-CVE-2018-1349
- RESERVED
-CVE-2018-1348
- RESERVED
+CVE-2018-1350 (The NetIQ Identity Manager driver log file, in versions prior to 4.7, ...)
+ TODO: check
+CVE-2018-1349 (The NetIQ Identity Manager driver log file, in versions prior to 4.7, ...)
+ TODO: check
+CVE-2018-1348 (NetIQ Identity Manager driver, in versions prior to 4.7, allows for an ...)
+ TODO: check
CVE-2018-1347 (The administrative web interface in NetIQ iManager, versions prior to ...)
NOT-FOR-US: NetIQ
CVE-2018-1346 (Addresses denial of service attack to eDirectory versions prior to ...)
@@ -20541,8 +20544,7 @@ CVE-2018-1314
RESERVED
CVE-2018-1313
RESERVED
-CVE-2018-1312 [Weak Digest auth nonce generation in mod_auth_digest]
- RESERVED
+CVE-2018-1312 (In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest ...)
- apache2 <unfixed>
NOTE: http://www.openwall.com/lists/oss-security/2018/03/24/7
CVE-2018-1311
@@ -20583,19 +20585,16 @@ CVE-2018-1304 (The URL pattern of "" (the empty string) which exactly
NOTE: https://svn.apache.org/r1823308 (8.0.x)
NOTE: https://svn.apache.org/r1823309 (7.0.x)
NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=62067
-CVE-2018-1303 [Possible out of bound read in mod_cache_socache]
- RESERVED
+CVE-2018-1303 (A specially crafted HTTP request header could have crashed the Apache ...)
- apache2 <unfixed>
NOTE: http://www.openwall.com/lists/oss-security/2018/03/24/3
-CVE-2018-1302 [Possible write of after free on HTTP/2 stream shutdown]
- RESERVED
+CVE-2018-1302 (When an HTTP/2 stream was destroyed after being handled, the Apache ...)
- apache2 <unfixed>
[jessie] - apache2 <not-affected> (Vulnerable code not present)
[wheezy] - apache2 <not-affected> (Vulnerable code not present)
NOTE: HTTP/2 support introduced in 2.4.17
NOTE: http://www.openwall.com/lists/oss-security/2018/03/24/5
-CVE-2018-1301 [Possible out of bound access after failure in reading the HTTP request]
- RESERVED
+CVE-2018-1301 (A specially crafted request could have crashed the Apache HTTP Server ...)
- apache2 <unfixed>
NOTE: http://www.openwall.com/lists/oss-security/2018/03/24/2
CVE-2018-1300
@@ -20648,8 +20647,7 @@ CVE-2018-1285
RESERVED
CVE-2018-1284
RESERVED
-CVE-2018-1283 [Tampering of mod_session data for CGI applications]
- RESERVED
+CVE-2018-1283 (In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to ...)
- apache2 <unfixed>
NOTE: http://www.openwall.com/lists/oss-security/2018/03/24/4
CVE-2018-1282
@@ -20847,8 +20845,8 @@ CVE-2018-1215 (An arbitrary file upload vulnerability was discovered in vApp Man
NOT-FOR-US: EMC
CVE-2018-1214 (Dell EMC SupportAssist Enterprise version 1.1 creates a local Windows ...)
NOT-FOR-US: EMC
-CVE-2018-1213
- RESERVED
+CVE-2018-1213 (Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - ...)
+ TODO: check
CVE-2018-1212
RESERVED
CVE-2018-1211 (Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a path ...)
@@ -20865,14 +20863,14 @@ CVE-2018-1206 (Dell EMC Data Protection Advisor versions prior to 6.3 Patch 159
NOT-FOR-US: EMC Data Protection Advisor
CVE-2018-1205
RESERVED
-CVE-2018-1204
- RESERVED
-CVE-2018-1203
- RESERVED
-CVE-2018-1202
- RESERVED
-CVE-2018-1201
- RESERVED
+CVE-2018-1204 (Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - ...)
+ TODO: check
+CVE-2018-1203 (In Dell EMC Isilon OneFS, the compadmin is able to run tcpdump binary ...)
+ TODO: check
+CVE-2018-1202 (Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, ...)
+ TODO: check
+CVE-2018-1201 (Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, ...)
+ TODO: check
CVE-2018-1200 (Apps Manager for PCF (Pivotal Application Service 1.11.x before ...)
NOT-FOR-US: Pivotal
CVE-2018-1199 (Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before ...)
@@ -20897,14 +20895,14 @@ CVE-2018-1191
RESERVED
CVE-2018-1190 (An issue was discovered in these Pivotal Cloud Foundry products: all ...)
NOT-FOR-US: Pivotal
-CVE-2018-1189
- RESERVED
-CVE-2018-1188
- RESERVED
-CVE-2018-1187
- RESERVED
-CVE-2018-1186
- RESERVED
+CVE-2018-1189 (Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, ...)
+ TODO: check
+CVE-2018-1188 (Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, ...)
+ TODO: check
+CVE-2018-1187 (Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, ...)
+ TODO: check
+CVE-2018-1186 (Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, ...)
+ TODO: check
CVE-2018-1185 (An issue was discovered in EMC RecoverPoint for Virtual Machines ...)
NOT-FOR-US: EMC
CVE-2018-1184 (An issue was discovered in EMC RecoverPoint for Virtual Machines ...)
@@ -28444,8 +28442,7 @@ CVE-2017-15717 (A flaw in the way URLs are escaped and encoded in the ...)
NOT-FOR-US: Apache Sling
CVE-2017-15716
RESERVED
-CVE-2017-15715 [<FilesMatch> bypass with a trailing newline in the file name]
- RESERVED
+CVE-2017-15715 (In Apache httpd 2.4.0 to 2.4.29, the expression specified in ...)
- apache2 <unfixed>
NOTE: http://www.openwall.com/lists/oss-security/2018/03/24/6
CVE-2017-15714 (The BIRT plugin in Apache OFBiz 16.11.01 to 16.11.03 does not escape ...)
@@ -28456,8 +28453,7 @@ CVE-2017-15712 (Vulnerability allows a user of Apache Oozie 3.1.3-incubating to
NOT-FOR-US: Oozie
CVE-2017-15711
REJECTED
-CVE-2017-15710 [Out of bound write in mod_authnz_ldap when using too small Accept-Language values]
- RESERVED
+CVE-2017-15710 (In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to ...)
- apache2 <unfixed>
NOTE: http://www.openwall.com/lists/oss-security/2018/03/24/8
CVE-2017-15709 (When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 ...)
@@ -28869,8 +28865,8 @@ CVE-2017-15536 (An issue was discovered in Cloudera Data Science Workbench (CDSW
CVE-2017-15535 (MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a ...)
- mongodb <not-affected> (wire protocol compression introduced in 3.4.x and disabled by default)
NOTE: https://jira.mongodb.org/browse/SERVER-31273
-CVE-2017-15534
- RESERVED
+CVE-2017-15534 (The Norton App Lock prior to version 1.3.0.13 can be susceptible to an ...)
+ TODO: check
CVE-2017-15533
RESERVED
CVE-2017-15532 (Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a ...)
@@ -57639,8 +57635,8 @@ CVE-2017-6280 (NVIDIA driver contains a possible out-of-bounds read vulnerabilit
NOT-FOR-US: Nvidia component for Android
CVE-2017-6279 (NVIDIA libnvmmlite_audio.so contains an elevation of privilege ...)
NOT-FOR-US: Nvidia component for Android
-CVE-2017-6278
- RESERVED
+CVE-2017-6278 (NVIDIA Tegra kernel contains a vulnerability in the CORE DVFS Thermal ...)
+ TODO: check
CVE-2017-6277 (NVIDIA Windows GPU Display Driver contains a vulnerability in the ...)
NOT-FOR-US: NVIDIA Windows GPU Display Driver
CVE-2017-6276 (NVIDIA mediaserver contains a vulnerability where it is possible a use ...)
@@ -109688,12 +109684,12 @@ CVE-2015-7436 (IBM Tivoli Common Reporting (TCR) 2.1 before IF14, 2.1.1 before I
NOT-FOR-US: IBM
CVE-2015-7435 (IBM Tivoli Common Reporting (TCR) 2.1 before IF14, 2.1.1 before IF22, ...)
NOT-FOR-US: IBM
-CVE-2015-7434
- RESERVED
-CVE-2015-7433
- RESERVED
-CVE-2015-7432
- RESERVED
+CVE-2015-7434 (IBM Capacity Management Analytics 2.1.0.0 allows local users to ...)
+ TODO: check
+CVE-2015-7433 (IBM Capacity Management Analytics 2.1.0.0 allows local users to ...)
+ TODO: check
+CVE-2015-7432 (IBM Capacity Management Analytics 2.1.0.0 allows local users to ...)
+ TODO: check
CVE-2015-7431 (Cross-site scripting (XSS) vulnerability in Queue Watcher in IBM ...)
NOT-FOR-US: IBM
CVE-2015-7430 (The Hadoop connector 1.1.1, 2.4, 2.5, and 2.7.0-0 before 2.7.0-3 for ...)
@@ -109708,10 +109704,10 @@ CVE-2015-7426 (The Data Protection extension in the VMware GUI in IBM Tivoli Sto
NOT-FOR-US: IBM
CVE-2015-7425 (The Data Protection component in the VMware vSphere GUI in IBM Tivoli ...)
NOT-FOR-US: IBM
-CVE-2015-7424
- RESERVED
-CVE-2015-7423
- RESERVED
+CVE-2015-7424 (IBM InfoSphere Master Data Management (MDM) - Collaborative Edition ...)
+ TODO: check
+CVE-2015-7423 (Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere ...)
+ TODO: check
CVE-2015-7422 (Buffer overflow in IBM i Access 7.1 on Windows allows local users to ...)
NOT-FOR-US: IBM i Access
CVE-2015-7421 (Unspecified vulnerability in GSKit on IBM MQ M2000 appliances before ...)
@@ -109754,8 +109750,8 @@ CVE-2015-7403 (IBM Spectrum Scale 4.1.1.x before 4.1.1.3 and General Parallel Fi
NOT-FOR-US: IBM
CVE-2015-7402 (Cross-site scripting (XSS) vulnerability in IBM Curam Social Program ...)
NOT-FOR-US: IBM
-CVE-2015-7401
- RESERVED
+CVE-2015-7401 (IBM Curam Social Program Management 6.1.x before 6.1.1.1 allows remote ...)
+ TODO: check
CVE-2015-7400 (The Lotus Mashups component in IBM Mashup Center 3.0.0.1 allows remote ...)
NOT-FOR-US: IBM
CVE-2015-7399 (IBM WebSphere Message Broker 7 before 7.0.0.8 and 8 before 8.0.0.6 and ...)
@@ -116225,8 +116221,8 @@ CVE-2015-5047
RESERVED
CVE-2015-5046
RESERVED
-CVE-2015-5045
- RESERVED
+CVE-2015-5045 (The Administration and Reporting tool in IBM Rational License Key ...)
+ TODO: check
CVE-2015-5044 (The Flow Collector in IBM Security QRadar QFLOW 7.1.x before 7.1 MR2 ...)
NOT-FOR-US: IBM QRadar
CVE-2015-5043 (diag in IBM Security Guardium 8.2 before p6015, 9.0 before p6015, 9.1, ...)
@@ -116237,8 +116233,8 @@ CVE-2015-5041 (The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20
NOT-FOR-US: IBM JDK
CVE-2015-5040 (Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 ...)
NOT-FOR-US: IBM Domino
-CVE-2015-5039
- RESERVED
+CVE-2015-5039 (The Remote Client and change management integrations in IBM Rational ...)
+ TODO: check
CVE-2015-5038 (IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before ...)
NOT-FOR-US: IBM
CVE-2015-5037 (Cross-site request forgery (CSRF) vulnerability in IBM Connections 3.x ...)
@@ -122052,6 +122048,7 @@ CVE-2015-3310 (Buffer overflow in the rc_mksid function in plugins/radius/util.c
NOTE: http://www.openwall.com/lists/oss-security/2015/04/13/4
NOTE: Patch: https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=17;filename=ppp_2.4.6-3.1-nmu.diff;att=1;bug=782450
CVE-2015-5621 (The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and ...)
+ {DLA-1317-1}
- net-snmp 5.7.3+dfsg-1.1 (bug #788964)
[squeeze] - net-snmp <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2015/04/13/1
@@ -150538,8 +150535,7 @@ CVE-2014-2320
CVE-2014-2319 (The Encrypt Files feature in ConeXware PowerArchiver before 14.02.05 ...)
NOTE: Non issue
NOTE: http://seclists.org/oss-sec/2014/q1/550
-CVE-2014-2312 [thermald: insecure tmp file]
- RESERVED
+CVE-2014-2312 (The main function in android_main.cpp in thermald allows local users ...)
- thermald <not-affected> (android_main.cpp not used for Debian build)
CVE-2014-2311 (SQL injection vulnerability in modx.class.php in MODX Revolution 2.0.0 ...)
NOT-FOR-US: MODx Revolution
@@ -150576,8 +150572,8 @@ CVE-2014-2295
RESERVED
CVE-2014-2294
RESERVED
-CVE-2014-2293
- RESERVED
+CVE-2014-2293 (Zikula Application Framework before 1.3.7 build 11 allows remote ...)
+ TODO: check
CVE-2014-2292 (Unspecified vulnerability in the Linux Network Connect client in ...)
NOT-FOR-US: Junos Pulse Secure Access Service
CVE-2014-2291 (Cross-site scripting (XSS) vulnerability in the Pulse Collaboration ...)
@@ -151235,8 +151231,8 @@ CVE-2014-2050
RESERVED
CVE-2014-2049 (The default Flash Cross Domain policies in ownCloud before 5.0.15 and ...)
- owncloud 6.0.0+dfsg-1
-CVE-2014-2048
- RESERVED
+CVE-2014-2048 (The user_openid app in ownCloud Server before 5.0.15 allows remote ...)
+ TODO: check
CVE-2014-2047 (Session fixation vulnerability in ownCloud before 6.0.2, when PHP is ...)
- owncloud 6.0.2+dfsg-1
CVE-2014-2046 (cgi-bin/rpcBridge in the web interface 1.1 on Broadcom Ltd PIPA C211 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6d7e19b7367241da03c864886c72093998bdacf5
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6d7e19b7367241da03c864886c72093998bdacf5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180326/ae78e0a3/attachment.html>
More information about the Secure-testing-commits
mailing list