Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 53206d0d by security tracker role at 2018-01-14T09:10:12+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,8 +1,38 @@ +CVE-2018-5698 (libreadstat.a in WizardMac ReadStat 0.1.1 has a heap-based buffer ...) + TODO: check +CVE-2018-5697 (Icy Phoenix 2.2.0.105 allows SQL injection via an unapprove request to ...) + TODO: check +CVE-2018-5696 (The iJoomla com_adagency plugin 6.0.9 for Joomla! allows SQL injection ...) + TODO: check +CVE-2018-5695 (The WpJobBoard plugin 4.4.4 for WordPress allows SQL injection via the ...) + TODO: check +CVE-2018-5694 (The callforward module in User Control Panel (UCP) in Nicolas Gudino ...) + TODO: check +CVE-2018-5693 (The LinuxMagic MagicSpam extension 2.0.13 for Plesk allows local users ...) + TODO: check +CVE-2018-5692 (Piwigo v2.8.2 has XSS via the `tab`, `to`, `section`, `mode`, ...) + TODO: check +CVE-2018-5691 (SonicWall Global Management System (GMS) 8.1 has XSS via the `newName` ...) + TODO: check +CVE-2018-5690 (Cross-site scripting (XSS) vulnerability in admin/users.php in Dotclear ...) + TODO: check +CVE-2018-5689 (Cross-site scripting (XSS) vulnerability in admin/auth.php in Dotclear ...) + TODO: check +CVE-2018-5688 + RESERVED +CVE-2018-5687 (NewsBee allows XSS via the Company Name field in the Settings under ...) + TODO: check +CVE-2018-5686 (In MuPDF 1.12.0, there is an infinite loop vulnerability and ...) + TODO: check +CVE-2018-5685 (In GraphicsMagick 1.3.27, there is an infinite loop and application ...) + TODO: check +CVE-2018-5684 (In Libav through 12.2, there is an invalid memcpy call in the ...) + TODO: check CVE-2018-5683 RESERVED CVE-2017-18030 RESERVED -CVE-2018-5682 (PrestaShop 1.7.2.4 allow user enumeration via the Reset Password ...) +CVE-2018-5682 (PrestaShop 1.7.2.4 allows user enumeration via the Reset Password ...) NOT-FOR-US: PrestaShop CVE-2018-5681 (PrestaShop 1.7.2.4 has XSS via source-code editing on the "Pages > Edit ...) NOT-FOR-US: PrestaShop @@ -683,8 +713,8 @@ CVE-2018-5362 (The WPGlobus plugin 1.9.6 for WordPress has XSS via the ...) NOT-FOR-US: WPGlobus plugin for WordPress CVE-2018-5361 (The WPGlobus plugin 1.9.6 for WordPress has CSRF via ...) NOT-FOR-US: WPGlobus plugin for WordPress -CVE-2018-5360 - RESERVED +CVE-2018-5360 (LibTIFF before 4.0.6 mishandles the reading of TIFF files, as ...) + TODO: check CVE-2018-5359 RESERVED CVE-2018-5358 (ImageMagick 7.0.7-22 Q16 has memory leaks in the EncodeImageAttributes ...) @@ -20102,22 +20132,19 @@ CVE-2017-15130 CVE-2017-15129 (A use-after-free vulnerability was found in network namespaces code ...) - linux 4.14.12-1 NOTE: Fixed by: https://git.kernel.org/linus/21b5944350052d2583e82dd59b19a9ba94a007f0 -CVE-2017-15128 [Out of bound access in hugetlb_mcopy_atomic_pte function in mm/hugetlb.c] - RESERVED +CVE-2017-15128 (A flaw was found in the hugetlb_mcopy_atomic_pte function in ...) - linux 4.13.13-1 [stretch] - linux <not-affected> (Vulnerable code not present) [jessie] - linux <not-affected> (Vulnerable code not present) [wheezy] - linux <not-affected> (Vulnerable code not present) NOTE: http://post-office.corp.redhat.com/archives/rhkernel-list/2017-October/msg09574.html -CVE-2017-15127 [Improper error handling of VM_SHARED hugetlbfs mapping in mm/hugetlb.c] - RESERVED +CVE-2017-15127 (A flaw was found in the hugetlb_mcopy_atomic_pte function in ...) - linux 3.13.4-1 [stretch] - linux <not-affected> (Vulnerable code not present) [jessie] - linux <not-affected> (Vulnerable code not present) [wheezy] - linux <not-affected> (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/5af10dfd0afc559bb4b0f7e3e8227a1578333995 -CVE-2017-15126 [Use-after-free in userfaultfd_event_wait_completion function in userfaultfd.c] - RESERVED +CVE-2017-15126 (A use-after-free flaw was found in fs/userfaultfd.c in the Linux kernel ...) - linux 4.13.10-1 [stretch] - linux <not-affected> (Vulnerable code not present) [jessie] - linux <not-affected> (Vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/53206d0d5aac5a9396db67e338e44124088feb87 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/53206d0d5aac5a9396db67e338e44124088feb87 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits