Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 525c8455 by security tracker role at 2018-02-20T09:10:14+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,10 +1,40 @@ -CVE-2018-7254 [global buffer overflow while running wavpack] +CVE-2018-7261 + RESERVED +CVE-2018-7260 + RESERVED +CVE-2018-7259 (The FSX / P3Dv4 installer 2.0.1.231 for Flight Sim Labs A320-X sends a ...) + TODO: check +CVE-2018-7258 + RESERVED +CVE-2018-7257 + RESERVED +CVE-2018-7256 + RESERVED +CVE-2018-7255 + RESERVED +CVE-2018-7252 + RESERVED +CVE-2018-7251 (An issue was discovered in config/error.php in Anchor 0.12.3. The error ...) + TODO: check +CVE-2018-7250 + RESERVED +CVE-2018-7249 + RESERVED +CVE-2017-18192 (smart/calculator/gallerylock/CalculatorActivity.java in the ...) + TODO: check +CVE-2015-9256 (Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive ...) + TODO: check +CVE-2015-9255 (Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive ...) + TODO: check +CVE-2015-9254 (Datto ALTO and SIRIS devices have a default VNC password. ...) + TODO: check +CVE-2018-7254 (The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack ...) - wavpack <unfixed> (bug #889274) [jessie] - wavpack <not-affected> (Vulnerable code not present) [wheezy] - wavpack <not-affected> (Vulnerable code not present) NOTE: https://github.com/dbry/WavPack/issues/26 NOTE: https://github.com/dbry/WavPack/commit/8e3fe45a7bac31d9a3b558ae0079e2d92a04799e -CVE-2018-7253 [heap buffer overflow while running wavpack] +CVE-2018-7253 (The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of ...) - wavpack <unfixed> (bug #889559) [jessie] - wavpack <not-affected> (Vulnerable code not present) [wheezy] - wavpack <not-affected> (Vulnerable code not present) @@ -949,7 +979,7 @@ CVE-2018-6872 (The elf_parse_notes function in elf.c in the Binary File Descript [wheezy] - binutils <ignored> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22788 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=ef135d4314fd4c2d7da66b9d7b59af4a85b0f7e6 -CVE-2018-6871 (LibreOffice through 6.0.1 allows remote attackers to read arbitrary ...) +CVE-2018-6871 (LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers ...) {DSA-4111-2 DSA-4111-1} - libreoffice 1:6.0.1-1 [wheezy] - libreoffice <not-affected> (Vulnerable code not present) @@ -1059,7 +1089,7 @@ CVE-2018-6826 (An issue was discovered on VOBOT CLOCK before 0.99.30 devices. .. NOT-FOR-US: VOBOT CLOCK CVE-2018-6825 (An issue was discovered on VOBOT CLOCK before 0.99.30 devices. An SSH ...) NOT-FOR-US: VOBOT CLOCK -CVE-2018-6824 (Cozy has XSS allowing remote attackers to obtain administrative access ...) +CVE-2018-6824 (Cozy version 2 has XSS allowing remote attackers to obtain ...) NOT-FOR-US: Cozy CVE-2018-6823 (In the VPN client in Mailbutler Shimo before 4.1.5.1 on macOS, the ...) NOT-FOR-US: Mailbutler Shimo @@ -4067,8 +4097,8 @@ CVE-2018-5764 (The parse_arguments function in options.c in rsyncd in rsync befo [stretch] - rsync <no-dsa> (Minor issue) [jessie] - rsync <no-dsa> (Minor issue) NOTE: https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=7706303828fcde524222babb2833864a4bd09e07 -CVE-2018-5763 - RESERVED +CVE-2018-5763 (An issue was discovered in OXID eShop Enterprise Edition before 5.3.7 ...) + TODO: check CVE-2018-5762 RESERVED CVE-2018-5761 (A man-in-the-middle vulnerability related to vCenter access was found ...) @@ -20065,8 +20095,8 @@ CVE-2017-16837 (Certain function pointers in Trusted Boot (tboot) through 1.9.6 - tboot <itp> (bug #803180) CVE-2017-16836 (Arris TG1682G devices with Comcast TG1682_2.0s7_PRODse ...) NOT-FOR-US: Arris TG1682G devices -CVE-2017-16835 - RESERVED +CVE-2017-16835 (The "Photo,Video Locker-Calculator" application 12.0 for Android has ...) + TODO: check CVE-2017-16834 (PNP4Nagios through 0.6.26 has /usr/bin/npcd and npcd.cfg owned by an ...) - pnp4nagios <not-affected> (/etc/pnp4nagios and its content is installed as root by the Debian package) NOTE: https://github.com/lingej/pnp4nagios/issues/140 @@ -20200,6 +20230,7 @@ CVE-2017-16805 (In radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to ca NOTE: https://github.com/radare/radare2/commit/2ca9ab45891b6ae8e32b6c28c81eebca059cbe5d NOTE: https://github.com/radare/radare2/issues/8813 CVE-2017-16803 (In Libav through 11.11 and 12.x through 12.1, the smacker_decode_tree ...) + {DSA-4119-1} - libav <removed> (low) - ffmpeg 7:2.2.1-1 NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1098 @@ -48266,7 +48297,7 @@ CVE-2017-7518 [debug exception via syscall emulation] CVE-2017-7517 RESERVED NOT-FOR-US: OpenShift -CVE-2017-7516 (It was found that the cpio --no-absolute-filenames option since ...) +CVE-2017-7516 (DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-1197. Reason: This ...) - cpio 2.11+dfsg-4.1 (low) [wheezy] - cpio <ignored> (Minor issue, same motivation as CVE-2015-1197) NOTE: https://lists.gnu.org/archive/html/bug-cpio/2017-06/msg00001.html @@ -59951,10 +59982,10 @@ CVE-2016-9953 RESERVED CVE-2016-9952 RESERVED -CVE-2016-10008 - RESERVED -CVE-2016-10007 - RESERVED +CVE-2016-10008 (SQL injection vulnerability in the "Content Types > Content Types" ...) + TODO: check +CVE-2016-10007 (SQL injection vulnerability in the "Marketing > Forms" screen in ...) + TODO: check CVE-2016-10006 (In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input ...) NOT-FOR-US: OWASP AntiSamy CVE-2016-10005 (Webdynpro in SAP Solman 7.1 through 7.31 allows remote attackers to ...) @@ -119716,8 +119747,8 @@ CVE-2015-2083 (Cross-site request forgery (CSRF) vulnerability in Ilch CMS allow NOT-FOR-US: Ilch CMS CVE-2015-2082 (Cross-site scripting (XSS) vulnerability in Login.aspx in UNIT4 ...) NOT-FOR-US: UNIT4 Prosoft HRMS -CVE-2015-2081 - RESERVED +CVE-2015-2081 (Datto ALTO and SIRIS devices allow Remote Code Execution via ...) + TODO: check CVE-2014-9685 (Multiple cross-site scripting (XSS) vulnerabilities in Vanilla Forums ...) NOT-FOR-US: Vanilla Forums CVE-2015-8985 (The pop_fail_stack function in the GNU C Library (aka glibc or libc6) ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/525c8455f437e77c5af1d3c22c56c256b620bdc8 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/525c8455f437e77c5af1d3c22c56c256b620bdc8 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits