Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
525c8455 by security tracker role at 2018-02-20T09:10:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,10 +1,40 @@
-CVE-2018-7254 [global buffer overflow while running wavpack]
+CVE-2018-7261
+ RESERVED
+CVE-2018-7260
+ RESERVED
+CVE-2018-7259 (The FSX / P3Dv4 installer 2.0.1.231 for Flight Sim Labs A320-X
sends a ...)
+ TODO: check
+CVE-2018-7258
+ RESERVED
+CVE-2018-7257
+ RESERVED
+CVE-2018-7256
+ RESERVED
+CVE-2018-7255
+ RESERVED
+CVE-2018-7252
+ RESERVED
+CVE-2018-7251 (An issue was discovered in config/error.php in Anchor 0.12.3.
The error ...)
+ TODO: check
+CVE-2018-7250
+ RESERVED
+CVE-2018-7249
+ RESERVED
+CVE-2017-18192 (smart/calculator/gallerylock/CalculatorActivity.java in the
...)
+ TODO: check
+CVE-2015-9256 (Datto ALTO and SIRIS devices allow remote attackers to obtain
sensitive ...)
+ TODO: check
+CVE-2015-9255 (Datto ALTO and SIRIS devices allow remote attackers to obtain
sensitive ...)
+ TODO: check
+CVE-2015-9254 (Datto ALTO and SIRIS devices have a default VNC password. ...)
+ TODO: check
+CVE-2018-7254 (The ParseCaffHeaderConfig function of the cli/caff.c file of
WavPack ...)
- wavpack <unfixed> (bug #889274)
[jessie] - wavpack <not-affected> (Vulnerable code not present)
[wheezy] - wavpack <not-affected> (Vulnerable code not present)
NOTE: https://github.com/dbry/WavPack/issues/26
NOTE:
https://github.com/dbry/WavPack/commit/8e3fe45a7bac31d9a3b558ae0079e2d92a04799e
-CVE-2018-7253 [heap buffer overflow while running wavpack]
+CVE-2018-7253 (The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file
of ...)
- wavpack <unfixed> (bug #889559)
[jessie] - wavpack <not-affected> (Vulnerable code not present)
[wheezy] - wavpack <not-affected> (Vulnerable code not present)
@@ -949,7 +979,7 @@ CVE-2018-6872 (The elf_parse_notes function in elf.c in the
Binary File Descript
[wheezy] - binutils <ignored> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22788
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=ef135d4314fd4c2d7da66b9d7b59af4a85b0f7e6
-CVE-2018-6871 (LibreOffice through 6.0.1 allows remote attackers to read
arbitrary ...)
+CVE-2018-6871 (LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote
attackers ...)
{DSA-4111-2 DSA-4111-1}
- libreoffice 1:6.0.1-1
[wheezy] - libreoffice <not-affected> (Vulnerable code not present)
@@ -1059,7 +1089,7 @@ CVE-2018-6826 (An issue was discovered on VOBOT CLOCK
before 0.99.30 devices. ..
NOT-FOR-US: VOBOT CLOCK
CVE-2018-6825 (An issue was discovered on VOBOT CLOCK before 0.99.30 devices.
An SSH ...)
NOT-FOR-US: VOBOT CLOCK
-CVE-2018-6824 (Cozy has XSS allowing remote attackers to obtain administrative
access ...)
+CVE-2018-6824 (Cozy version 2 has XSS allowing remote attackers to obtain ...)
NOT-FOR-US: Cozy
CVE-2018-6823 (In the VPN client in Mailbutler Shimo before 4.1.5.1 on macOS,
the ...)
NOT-FOR-US: Mailbutler Shimo
@@ -4067,8 +4097,8 @@ CVE-2018-5764 (The parse_arguments function in options.c
in rsyncd in rsync befo
[stretch] - rsync <no-dsa> (Minor issue)
[jessie] - rsync <no-dsa> (Minor issue)
NOTE:
https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=7706303828fcde524222babb2833864a4bd09e07
-CVE-2018-5763
- RESERVED
+CVE-2018-5763 (An issue was discovered in OXID eShop Enterprise Edition before
5.3.7 ...)
+ TODO: check
CVE-2018-5762
RESERVED
CVE-2018-5761 (A man-in-the-middle vulnerability related to vCenter access was
found ...)
@@ -20065,8 +20095,8 @@ CVE-2017-16837 (Certain function pointers in Trusted
Boot (tboot) through 1.9.6
- tboot <itp> (bug #803180)
CVE-2017-16836 (Arris TG1682G devices with Comcast TG1682_2.0s7_PRODse ...)
NOT-FOR-US: Arris TG1682G devices
-CVE-2017-16835
- RESERVED
+CVE-2017-16835 (The "Photo,Video Locker-Calculator" application 12.0
for Android has ...)
+ TODO: check
CVE-2017-16834 (PNP4Nagios through 0.6.26 has /usr/bin/npcd and npcd.cfg owned
by an ...)
- pnp4nagios <not-affected> (/etc/pnp4nagios and its content is
installed as root by the Debian package)
NOTE: https://github.com/lingej/pnp4nagios/issues/140
@@ -20200,6 +20230,7 @@ CVE-2017-16805 (In radare2 2.0.1, libr/bin/dwarf.c
allows remote attackers to ca
NOTE:
https://github.com/radare/radare2/commit/2ca9ab45891b6ae8e32b6c28c81eebca059cbe5d
NOTE: https://github.com/radare/radare2/issues/8813
CVE-2017-16803 (In Libav through 11.11 and 12.x through 12.1, the
smacker_decode_tree ...)
+ {DSA-4119-1}
- libav <removed> (low)
- ffmpeg 7:2.2.1-1
NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1098
@@ -48266,7 +48297,7 @@ CVE-2017-7518 [debug exception via syscall emulation]
CVE-2017-7517
RESERVED
NOT-FOR-US: OpenShift
-CVE-2017-7516 (It was found that the cpio --no-absolute-filenames option since
...)
+CVE-2017-7516 (DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-1197.
Reason: This ...)
- cpio 2.11+dfsg-4.1 (low)
[wheezy] - cpio <ignored> (Minor issue, same motivation as
CVE-2015-1197)
NOTE: https://lists.gnu.org/archive/html/bug-cpio/2017-06/msg00001.html
@@ -59951,10 +59982,10 @@ CVE-2016-9953
RESERVED
CVE-2016-9952
RESERVED
-CVE-2016-10008
- RESERVED
-CVE-2016-10007
- RESERVED
+CVE-2016-10008 (SQL injection vulnerability in the "Content Types >
Content Types" ...)
+ TODO: check
+CVE-2016-10007 (SQL injection vulnerability in the "Marketing >
Forms" screen in ...)
+ TODO: check
CVE-2016-10006 (In OWASP AntiSamy before 1.5.5, by submitting a specially
crafted input ...)
NOT-FOR-US: OWASP AntiSamy
CVE-2016-10005 (Webdynpro in SAP Solman 7.1 through 7.31 allows remote
attackers to ...)
@@ -119716,8 +119747,8 @@ CVE-2015-2083 (Cross-site request forgery (CSRF)
vulnerability in Ilch CMS allow
NOT-FOR-US: Ilch CMS
CVE-2015-2082 (Cross-site scripting (XSS) vulnerability in Login.aspx in UNIT4
...)
NOT-FOR-US: UNIT4 Prosoft HRMS
-CVE-2015-2081
- RESERVED
+CVE-2015-2081 (Datto ALTO and SIRIS devices allow Remote Code Execution via
...)
+ TODO: check
CVE-2014-9685 (Multiple cross-site scripting (XSS) vulnerabilities in Vanilla
Forums ...)
NOT-FOR-US: Vanilla Forums
CVE-2015-8985 (The pop_fail_stack function in the GNU C Library (aka glibc or
libc6) ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/525c8455f437e77c5af1d3c22c56c256b620bdc8
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/525c8455f437e77c5af1d3c22c56c256b620bdc8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
