Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
87baaf23 by security tracker role at 2018-02-07T09:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,8 +1,101 @@
-CVE-2018-6767 [wavpack: stack buffer overflow via crafted wav file]
+CVE-2018-6807
+ RESERVED
+CVE-2018-6806 (Marked 2 through 2.5.11 allows remote attackers to read
arbitrary files ...)
+ TODO: check
+CVE-2018-6805
+ RESERVED
+CVE-2018-6804
+ RESERVED
+CVE-2018-6803
+ RESERVED
+CVE-2018-6802
+ RESERVED
+CVE-2018-6801
+ RESERVED
+CVE-2018-6800
+ RESERVED
+CVE-2018-6799 (The AcquireCacheNexus function in magick/pixel_cache.c in ...)
+ TODO: check
+CVE-2018-6798
+ RESERVED
+CVE-2018-6797
+ RESERVED
+CVE-2018-6796
+ RESERVED
+CVE-2018-6795
+ RESERVED
+CVE-2018-6794 (Suricata before 4.1 is prone to an HTTP detection bypass
vulnerability ...)
+ TODO: check
+CVE-2018-6793
+ RESERVED
+CVE-2018-6792 (Multiple SQL injection vulnerabilities in Saifor CVMS HUB 1.3.1
allow ...)
+ TODO: check
+CVE-2018-6791 (An issue was discovered in
soliduiserver/deviceserviceaction.cpp in KDE ...)
+ TODO: check
+CVE-2018-6790 (An issue was discovered in KDE Plasma Workspace before 5.12.0.
...)
+ TODO: check
+CVE-2018-6789
+ RESERVED
+CVE-2018-6788 (In Jiangmin Antivirus 16.0.0.100, the driver file (KVFG.sys)
allows ...)
+ TODO: check
+CVE-2018-6787 (In Jiangmin Antivirus 16.0.0.100, the driver file (KVFG.sys)
allows ...)
+ TODO: check
+CVE-2018-6786 (In Jiangmin Antivirus 16.0.0.100, the driver file (KVFG.sys)
allows ...)
+ TODO: check
+CVE-2018-6785 (In Jiangmin Antivirus 16.0.0.100, the driver file
(KSysCall.sys) allows ...)
+ TODO: check
+CVE-2018-6784 (In Jiangmin Antivirus 16.0.0.100, the driver file
(KSysCall.sys) allows ...)
+ TODO: check
+CVE-2018-6783 (In Jiangmin Antivirus 16.0.0.100, the driver file
(KSysCall.sys) allows ...)
+ TODO: check
+CVE-2018-6782 (In Jiangmin Antivirus 16.0.0.100, the driver file
(KSysCall.sys) allows ...)
+ TODO: check
+CVE-2018-6781 (In Jiangmin Antivirus 16.0.0.100, the driver file
(KSysCall.sys) allows ...)
+ TODO: check
+CVE-2018-6780 (In Jiangmin Antivirus 16.0.0.100, the driver file
(KSysCall.sys) allows ...)
+ TODO: check
+CVE-2018-6779 (In Jiangmin Antivirus 16.0.0.100, the driver file
(KSysCall.sys) allows ...)
+ TODO: check
+CVE-2018-6778 (In Jiangmin Antivirus 16.0.0.100, the driver file
(KSysCall.sys) allows ...)
+ TODO: check
+CVE-2018-6777 (In Jiangmin Antivirus 16.0.0.100, the driver file (KVFG.sys)
allows ...)
+ TODO: check
+CVE-2018-6776 (In Jiangmin Antivirus 16.0.0.100, the driver file
(KSysCall.sys) allows ...)
+ TODO: check
+CVE-2018-6775 (In Jiangmin Antivirus 16.0.0.100, the driver file
(KrnlCall.sys) allows ...)
+ TODO: check
+CVE-2018-6774 (In Jiangmin Antivirus 16.0.0.100, the driver file
(KSysCall.sys) allows ...)
+ TODO: check
+CVE-2018-6773 (In Jiangmin Antivirus 16.0.0.100, the driver file
(KSysCall.sys) allows ...)
+ TODO: check
+CVE-2018-6772 (In Jiangmin Antivirus 16.0.0.100, the driver file
(KrnlCall.sys) allows ...)
+ TODO: check
+CVE-2018-6771 (In Jiangmin Antivirus 16.0.0.100, the driver file
(KrnlCall.sys) allows ...)
+ TODO: check
+CVE-2018-6770 (In Jiangmin Antivirus 16.0.0.100, the driver file
(KrnlCall.sys) allows ...)
+ TODO: check
+CVE-2018-6769 (In Jiangmin Antivirus 16.0.0.100, the driver file
(KrnlCall.sys) allows ...)
+ TODO: check
+CVE-2018-6768 (In Jiangmin Antivirus 16.0.0.100, the driver file
(KSysCall.sys) allows ...)
+ TODO: check
+CVE-2018-6766
+ RESERVED
+CVE-2018-6765
+ RESERVED
+CVE-2018-6763
+ RESERVED
+CVE-2018-6762
+ RESERVED
+CVE-2018-6761
+ RESERVED
+CVE-2018-6760
+ RESERVED
+CVE-2018-6767 (A stack-based buffer over-read in the ParseRiffHeaderConfig
function of ...)
- wavpack <unfixed> (bug #889276)
NOTE: https://github.com/dbry/WavPack/issues/27
NOTE:
https://github.com/dbry/WavPack/commit/d5bf76b5a88d044a1be1d5656698e3ba737167e5
CVE-2018-6764 [guest could inject executable code via libnss_dns.so loaded by
libvirt_lxc before init]
+ RESERVED
- libvirt <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1541444
TODO: check, Red Hat does not provide much references
@@ -469,8 +562,8 @@ CVE-2018-6605 (SQL Injection exists in the Zh BaiduMap
3.0.0.1 component for Joo
NOT-FOR-US: Zh BaiduMap component for Joomla!
CVE-2018-6604 (SQL Injection exists in the Zh YandexMap 6.2.1.0 component for
Joomla! ...)
NOT-FOR-US: Zh YandexMap component for Joomla!
-CVE-2018-6603
- RESERVED
+CVE-2018-6603 (Promise Technology WebPam Pro-E devices allow remote attackers
to ...)
+ TODO: check
CVE-2018-6602
RESERVED
CVE-2018-6601
@@ -1229,6 +1322,7 @@ CVE-2018-6362
CVE-2018-6361
RESERVED
CVE-2018-6360 (mpv through 0.28.0 allows remote attackers to execute arbitrary
code ...)
+ {DSA-4105-1}
- mpv 0.27.0-3 (bug #888654)
[jessie] - mpv <not-affected> (Vulnerable code not present, youtube-dl
hook script added in 0.7.0)
NOTE: https://github.com/mpv-player/mpv/issues/5456
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/87baaf23091d0e75766c5784099ec5c1779e8af9
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/87baaf23091d0e75766c5784099ec5c1779e8af9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
