Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d1f90040 by security tracker role at 2018-02-17T09:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,5 @@
+CVE-2018-7191
+ RESERVED
CVE-2018-7190
RESERVED
CVE-2018-7189
@@ -32,14 +34,14 @@ CVE-2017-18190 (A localhost.localdomain whitelist entry in
valid_host() in ...)
CVE-2018-7186 (Leptonica before 1.75.3 does not limit the number of characters
in a %s ...)
- leptonlib 1.75.3-2 (bug #890548)
NOTE:
https://github.com/DanBloomberg/leptonica/commit/ee301cb2029db8a6289c5295daa42bba7715e99a
-CVE-2018-7180
- RESERVED
-CVE-2018-7179
- RESERVED
-CVE-2018-7178
- RESERVED
-CVE-2018-7177
- RESERVED
+CVE-2018-7180 (SQL Injection exists in the Saxum Astro 4.0.14 component for
Joomla! ...)
+ TODO: check
+CVE-2018-7179 (SQL Injection exists in the SquadManagement 1.0.3 component for
Joomla! ...)
+ TODO: check
+CVE-2018-7178 (SQL Injection exists in the Saxum Picker 3.2.10 component for
Joomla! ...)
+ TODO: check
+CVE-2018-7177 (SQL Injection exists in the Saxum Numerology 3.0.4 component
for ...)
+ TODO: check
CVE-2018-7176 (FrontAccounting 2.4.3 suffers from a CSRF flaw, which leads to
adding a ...)
- frontaccounting <removed> (bug #890604)
[wheezy] - frontaccounting <end-of-life> (unsupported in wheezy,
already vulnerable to SQL injection in CVE-2014-3973)
@@ -1615,12 +1617,12 @@ CVE-2017-18123 (The call parameter of /lib/exe/ajax.php
in DokuWiki through 2017
- dokuwiki <unfixed> (bug #889281)
NOTE: https://github.com/splitbrain/dokuwiki/issues/2029
NOTE:
https://github.com/splitbrain/dokuwiki/commit/238b8e878ad48f370903465192b57c2072f65d86
-CVE-2018-6585
- RESERVED
-CVE-2018-6584
- RESERVED
-CVE-2018-6583
- RESERVED
+CVE-2018-6585 (SQL Injection exists in the JTicketing 2.0.16 component for
Joomla! via ...)
+ TODO: check
+CVE-2018-6584 (SQL Injection exists in the DT Register 3.2.7 component for
Joomla! via ...)
+ TODO: check
+CVE-2018-6583 (SQL Injection exists in the Timetable Responsive Schedule 1.5
component ...)
+ TODO: check
CVE-2018-6582 (SQL Injection exists in the Zh GoogleMap 8.4.0.0 component for
Joomla! ...)
NOT-FOR-US: Zh GoogleMap component for Joomla!
CVE-2018-6581 (SQL Injection exists in the JMS Music 1.1.1 component for
Joomla! via a ...)
@@ -2180,12 +2182,12 @@ CVE-2018-6398 (SQL Injection exists in the CP Event
Calendar 3.0.1 component for
NOT-FOR-US: CP Event Calendar component for Joomla!
CVE-2018-6397 (Directory Traversal exists in the Picture Calendar 3.1.4
component for ...)
NOT-FOR-US: Picture Calendar component for Joomla!
-CVE-2018-6396
- RESERVED
+CVE-2018-6396 (SQL Injection exists in the Google Map Landkarten through 4.2.3
...)
+ TODO: check
CVE-2018-6395 (SQL Injection exists in the Visual Calendar 3.1.3 component for
Joomla! ...)
NOT-FOR-US: Visual Calendar component for Joomla!
-CVE-2018-6394
- RESERVED
+CVE-2018-6394 (SQL Injection exists in the InviteX 3.0.5 component for Joomla!
via the ...)
+ TODO: check
CVE-2018-6393 (** DISPUTED ** FreePBX 10.13.66-32bit and 14.0.1.24 ...)
NOT-FOR-US: FreePBX
CVE-2018-6392 (The filter_slice function in libavfilter/vf_transpose.c in
FFmpeg ...)
@@ -2305,18 +2307,18 @@ CVE-2018-6375
RESERVED
CVE-2018-6374 (The GUI component (aka PulseUI) in Pulse Secure Desktop Linux
clients ...)
NOT-FOR-US: PulseUI in Pulse Secure Desktop Linux clients
-CVE-2018-6373
- RESERVED
-CVE-2018-6372
- RESERVED
+CVE-2018-6373 (SQL Injection exists in the Fastball 2.5 component for Joomla!
via the ...)
+ TODO: check
+CVE-2018-6372 (SQL Injection exists in the JB Bus 2.3 component for Joomla!
via the ...)
+ TODO: check
CVE-2018-6371
RESERVED
-CVE-2018-6370
- RESERVED
+CVE-2018-6370 (SQL Injection exists in the NeoRecruit 4.1 component for
Joomla! via ...)
+ TODO: check
CVE-2018-6369
RESERVED
-CVE-2018-6368
- RESERVED
+CVE-2018-6368 (SQL Injection exists in the JomEstate PRO through 3.7 component
for ...)
+ TODO: check
CVE-2018-6367 (SQL Injection exists in Vastal I-Tech Buddy Zone Facebook Clone
2.9.9 ...)
NOT-FOR-US: Vastal I-Tech Buddy Zone Facebook Clone
CVE-2018-6366
@@ -2669,8 +2671,8 @@ CVE-2018-6220
RESERVED
CVE-2018-6219
RESERVED
-CVE-2018-6218
- RESERVED
+CVE-2018-6218 (A DLL Hijacking vulnerability in Trend Micro's User-Mode
Hooking ...)
+ TODO: check
CVE-2018-6217 (The WStr::_alloc_iostr_data() function in kso.dll in Kingsoft
WPS ...)
NOT-FOR-US: Kingsoft WPS Office
CVE-2018-6216
@@ -3251,12 +3253,12 @@ CVE-2018-6008 (Arbitrary File Download exists in the
Jtag Members Directory 5.3.
NOT-FOR-US: Jtag Members Directory component for Joomla!
CVE-2018-6007 (CSRF exists in the JS Support Ticket 1.1.0 component for
Joomla! and ...)
NOT-FOR-US: Support Ticket component for Joomla!
-CVE-2018-6006
- RESERVED
-CVE-2018-6005
- RESERVED
-CVE-2018-6004
- RESERVED
+CVE-2018-6006 (SQL Injection exists in the JS Autoz 1.0.9 component for
Joomla! via ...)
+ TODO: check
+CVE-2018-6005 (SQL Injection exists in the Realpin through 1.5.04 component
for ...)
+ TODO: check
+CVE-2018-6004 (SQL Injection exists in the File Download Tracker 3.0 component
for ...)
+ TODO: check
CVE-2017-18074
RESERVED
CVE-2017-18073
@@ -3349,36 +3351,36 @@ CVE-2018-5996 (Insufficient exception handling in the
method ...)
NOTE:
https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/
CVE-2018-5995
RESERVED
-CVE-2018-5994
- RESERVED
-CVE-2018-5993
- RESERVED
-CVE-2018-5992
- RESERVED
-CVE-2018-5991
- RESERVED
-CVE-2018-5990
- RESERVED
-CVE-2018-5989
- RESERVED
+CVE-2018-5994 (SQL Injection exists in the JS Jobs 1.1.9 component for Joomla!
via the ...)
+ TODO: check
+CVE-2018-5993 (SQL Injection exists in the Aist through 2.0 component for
Joomla! via ...)
+ TODO: check
+CVE-2018-5992 (SQL Injection exists in the Staff Master through 1.0 RC 1
component for ...)
+ TODO: check
+CVE-2018-5991 (SQL Injection exists in the Form Maker 3.6.12 component for
Joomla! via ...)
+ TODO: check
+CVE-2018-5990 (SQL Injection exists in the AllVideos Reloaded 1.2.x component
for ...)
+ TODO: check
+CVE-2018-5989 (SQL Injection exists in the ccNewsletter 2.x component for
Joomla! via ...)
+ TODO: check
CVE-2018-5988 (SQL Injection exists in Flexible Poll 1.2 via the id parameter
to ...)
NOT-FOR-US: Flexible Poll
-CVE-2018-5987
- RESERVED
+CVE-2018-5987 (SQL Injection exists in the Pinterest Clone Social Pinboard 2.0
...)
+ TODO: check
CVE-2018-5986 (SQL Injection exists in Easy Car Script 2014 via the s_order or
s_row ...)
NOT-FOR-US: Easy Car Script
CVE-2018-5985 (SQL Injection exists in the LiveCRM SaaS Cloud 1.0 component
for ...)
NOT-FOR-US: LiveCRM SaaS Cloud
CVE-2018-5984 (SQL Injection exists in the Tumder (An Arcade Games Platform)
2.1 ...)
NOT-FOR-US: Tumder
-CVE-2018-5983
- RESERVED
-CVE-2018-5982
- RESERVED
-CVE-2018-5981
- RESERVED
-CVE-2018-5980
- RESERVED
+CVE-2018-5983 (SQL Injection exists in the JquickContact 1.3.2.2.1 component
for ...)
+ TODO: check
+CVE-2018-5982 (SQL Injection exists in the Advertisement Board 3.1.0 component
for ...)
+ TODO: check
+CVE-2018-5981 (SQL Injection exists in the Gallery WD 1.3.6 component for
Joomla! via ...)
+ TODO: check
+CVE-2018-5980 (SQL Injection exists in the Solidres 2.5.1 component for
Joomla! via ...)
+ TODO: check
CVE-2018-5979 (SQL Injection exists in Wchat Fully Responsive PHP AJAX Chat
Script 1.5 ...)
NOT-FOR-US: Wchat Fully Responsive PHP AJAX Chat Script
CVE-2018-5978 (SQL Injection exists in Facebook Style Php Ajax Chat Zechat 1.5
via the ...)
@@ -3387,18 +3389,18 @@ CVE-2018-5977 (SQL Injection exists in Affiligator
Affiliate Webshop Management
NOT-FOR-US: Affiligator Affiliate Webshop Management System
CVE-2018-5976 (Cross Site Request Forgery (CSRF) exists in RSVP Invitation
Online 1.0 ...)
NOT-FOR-US: RSVP Invitation Online
-CVE-2018-5975
- RESERVED
-CVE-2018-5974
- RESERVED
+CVE-2018-5975 (SQL Injection exists in the Smart Shoutbox 3.0.0 component for
Joomla! ...)
+ TODO: check
+CVE-2018-5974 (SQL Injection exists in the SimpleCalendar 3.1.9 component for
Joomla! ...)
+ TODO: check
CVE-2018-5973 (SQL Injection exists in Professional Local Directory Script 1.0
via ...)
NOT-FOR-US: Professional Local Directory Script
CVE-2018-5972 (SQL Injection exists in Classified Ads CMS Quickad 4.0 via the
...)
NOT-FOR-US: Classified Ads CMS Quickad
-CVE-2018-5971
- RESERVED
-CVE-2018-5970
- RESERVED
+CVE-2018-5971 (SQL Injection exists in the MediaLibrary Free 4.0.12 component
for ...)
+ TODO: check
+CVE-2018-5970 (SQL Injection exists in the JGive 2.0.9 component for Joomla!
via the ...)
+ TODO: check
CVE-2018-5969 (Cross Site Request Forgery (CSRF) exists in Photography CMS 1.0
via ...)
NOT-FOR-US: Photography CMS
CVE-2018-5968 (FasterXML jackson-databind through 2.8.11 and 2.9.x through
2.9.3 ...)
@@ -3990,6 +3992,7 @@ CVE-2018-5736
RESERVED
CVE-2018-5735 [assertion failure in validator.c:1858]
RESERVED
+ {DLA-1285-1}
- bind9 1:9.9.3.dfsg.P2-1 (bug #889285)
NOTE: Issue similar/closely related to the CVE-2017-3139 issue in Red
Hat.
NOTE: Mark as fixed version the 1:9.9.3.dfsg.P2-1 as the related code
was
@@ -4790,19 +4793,19 @@ CVE-2018-5382
RESERVED
CVE-2018-5381 [fix infinite loop on certain invalid OPEN messages]
RESERVED
- {DSA-4115-1}
+ {DSA-4115-1 DLA-1286-1}
- quagga <unfixed> (bug #890563)
NOTE: https://www.quagga.net/security/Quagga-2018-1975.txt
NOTE:
https://git.savannah.gnu.org/cgit/quagga.git/commit/?id=ce07207c50a3d1f05d6dd49b5294282e59749787
CVE-2018-5380 [debug print of received NOTIFY data can over-read msg array]
RESERVED
- {DSA-4115-1}
+ {DSA-4115-1 DLA-1286-1}
- quagga <unfixed> (bug #890563)
NOTE: https://www.quagga.net/security/Quagga-2018-1550.txt
NOTE:
https://git.savannah.gnu.org/cgit/quagga.git/commit/?id=9e5251151894aefdf8e9392a2371615222119ad8
CVE-2018-5379 [Fix double free of unknown attribute]
RESERVED
- {DSA-4115-1}
+ {DSA-4115-1 DLA-1286-1}
- quagga <unfixed> (bug #890563)
NOTE: https://www.quagga.net/security/Quagga-2018-1114.txt
NOTE:
https://git.savannah.gnu.org/cgit/quagga.git/commit/?id=e69b535f92eafb599329bf725d9b4c6fd5d7fded
@@ -9158,8 +9161,8 @@ CVE-2017-17937 (Vanguard Marketplace Digital Products PHP
has XSS via the phps_q
NOT-FOR-US: Vanguard Marketplace Digital Products PHP
CVE-2017-17936 (Vanguard Marketplace Digital Products PHP has CSRF via
/search. ...)
NOT-FOR-US: Vanguard Marketplace Digital Products PHP
-CVE-2018-3609
- RESERVED
+CVE-2018-3609 (A vulnerability in the Trend Micro InterScan Messaging Security
...)
+ TODO: check
CVE-2018-3608
RESERVED
CVE-2018-3607 (XXXTreeNode method SQL injection remote code execution (RCE)
...)
@@ -16177,8 +16180,7 @@ CVE-2018-1051 (It was found that the fix for
CVE-2016-9606 in versions 3.0.22 an
TODO: check
CVE-2018-1050
RESERVED
-CVE-2018-1049 [automount: access to automounted volumes can lock up]
- RESERVED
+CVE-2018-1049 (In systemd prior to 234 a race condition exists between .mount
and ...)
- systemd 234-1
[stretch] - systemd <postponed> (Minor issue, can either be included in
future DSA or point release)
[jessie] - systemd <postponed> (Minor issue, can either be included in
future DSA or point release)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d1f9004048865ee433a1d99ce34f31c8ab1f4595
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d1f9004048865ee433a1d99ce34f31c8ab1f4595
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
