Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: ad81ed36 by security tracker role at 2018-02-21T21:10:20+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,107 @@ +CVE-2018-7306 + RESERVED +CVE-2018-7305 (MyBB 1.8.14 is not checking for a valid CSRF token, leading to ...) + TODO: check +CVE-2018-7304 (Tiki 17.1 does not validate user input for special characters; ...) + TODO: check +CVE-2018-7303 (The Calendar component in Tiki 17.1 allows HTML injection. ...) + TODO: check +CVE-2018-7302 (Tiki 17.1 allows upload of a .PNG file that actually has SVG content, ...) + TODO: check +CVE-2018-7301 + RESERVED +CVE-2018-7300 + RESERVED +CVE-2018-7299 + RESERVED +CVE-2018-7298 + RESERVED +CVE-2018-7297 + RESERVED +CVE-2018-7296 + RESERVED +CVE-2018-7295 + RESERVED +CVE-2018-7294 + RESERVED +CVE-2018-7293 + RESERVED +CVE-2018-7292 + RESERVED +CVE-2018-7291 + RESERVED +CVE-2018-7290 + RESERVED +CVE-2018-7289 (An issue was discovered in armadito-windows-driver/src/communication.c ...) + TODO: check +CVE-2018-7288 + RESERVED +CVE-2018-7287 + RESERVED +CVE-2018-7286 + RESERVED +CVE-2018-7285 + RESERVED +CVE-2018-7284 + RESERVED +CVE-2018-7283 + RESERVED +CVE-2018-7282 + RESERVED +CVE-2018-7281 + RESERVED +CVE-2018-7280 (The Ninja Forms plugin before 3.2.14 for WordPress has XSS. ...) + TODO: check +CVE-2018-1000093 + RESERVED +CVE-2018-1000092 + RESERVED +CVE-2018-1000091 + RESERVED +CVE-2018-1000090 + RESERVED +CVE-2018-1000089 + RESERVED +CVE-2018-1000088 + RESERVED +CVE-2018-1000087 + RESERVED +CVE-2018-1000086 + RESERVED +CVE-2018-1000085 + RESERVED +CVE-2018-1000084 + RESERVED +CVE-2018-1000083 + RESERVED +CVE-2018-1000082 + RESERVED +CVE-2018-1000081 + RESERVED +CVE-2018-1000080 + RESERVED +CVE-2018-1000079 + RESERVED +CVE-2018-1000078 + RESERVED +CVE-2018-1000077 + RESERVED +CVE-2018-1000076 + RESERVED +CVE-2018-1000075 + RESERVED +CVE-2018-1000074 + RESERVED +CVE-2018-1000073 + RESERVED +CVE-2018-1000072 + RESERVED +CVE-2018-1000071 + RESERVED +CVE-2018-1000070 + RESERVED +CVE-2018-1000069 + RESERVED CVE-2018-7279 RESERVED CVE-2018-7278 (An issue was discovered on RLE Protocol Converter FDS-PC / FDS-PC-DP ...) @@ -43,10 +147,10 @@ CVE-2018-7263 (The mad_decoder_run() function in decoder.c in Underbit libmad th TODO: clarify with MITRE why this CVE was additionally assigned CVE-2018-7262 RESERVED -CVE-2018-7261 - RESERVED -CVE-2018-7260 - RESERVED +CVE-2018-7261 (There are multiple Persistent XSS vulnerabilities in Radiant CMS ...) + TODO: check +CVE-2018-7260 (Cross-site scripting (XSS) vulnerability in db_central_columns.php in ...) + TODO: check CVE-2018-7259 (The FSX / P3Dv4 installer 2.0.1.231 for Flight Sim Labs A320-X sends a ...) NOT-FOR-US: Flight Sim Labs CVE-2018-7258 @@ -4289,8 +4393,8 @@ CVE-2018-5718 RESERVED CVE-2018-5717 RESERVED -CVE-2018-5716 - RESERVED +CVE-2018-5716 (An issue was discovered in Reprise License Manager 11.0. This ...) + TODO: check CVE-2018-5715 (phprint.php in SugarCRM 3.5.1 has XSS via a parameter name in the query ...) NOT-FOR-US: SugarCRM CVE-2018-5714 (In Malwarefox Anti-Malware 2.72.169, the driver file (zam64.sys) allows ...) @@ -16034,16 +16138,16 @@ CVE-2018-1170 RESERVED CVE-2018-1169 RESERVED -CVE-2018-1168 - RESERVED +CVE-2018-1168 (This vulnerability allows local attackers to escalate privileges on ...) + TODO: check CVE-2018-1167 RESERVED -CVE-2018-1166 - RESERVED -CVE-2018-1165 - RESERVED -CVE-2018-1164 - RESERVED +CVE-2018-1166 (This vulnerability allows local attackers to escalate privileges on ...) + TODO: check +CVE-2018-1165 (This vulnerability allows local attackers to escalate privileges on ...) + TODO: check +CVE-2018-1164 (This vulnerability allows remote attackers to cause a ...) + TODO: check CVE-2018-1163 (This vulnerability allows remote attackers to bypass authentication on ...) NOT-FOR-US: Quest NetVault Backup CVE-2018-1162 (This vulnerability allows remote attackers to create a ...) @@ -34140,8 +34244,7 @@ CVE-2017-12163 [Server memory information leak over SMB1] NOTE: https://www.samba.org/samba/security/CVE-2017-12163.html CVE-2017-12162 RESERVED -CVE-2017-12161 - RESERVED +CVE-2017-12161 (It was found that keycloak before 3.4.2 final would permit misuse of a ...) NOT-FOR-US: Keycloak CVE-2017-12160 (It was found that Keycloak oauth would permit an authenticated ...) NOT-FOR-US: Keycloak @@ -100325,14 +100428,14 @@ CVE-2016-0371 (The Tivoli Storage Manager (TSM) password may be displayed in pla NOT-FOR-US: IBM CVE-2016-0370 (Cross-site scripting (XSS) vulnerability in IBM Forms Experience ...) NOT-FOR-US: IBM -CVE-2016-0369 - RESERVED +CVE-2016-0369 (XML external entity (XXE) vulnerability in IBM Forms Experience ...) + TODO: check CVE-2016-0368 RESERVED -CVE-2016-0367 - RESERVED -CVE-2016-0366 - RESERVED +CVE-2016-0367 (IBM Security Identity Manager Virtual Appliance 7.0.x before ...) + TODO: check +CVE-2016-0366 (IBM Security Identity Manager Virtual Appliance 7.0.x before ...) + TODO: check CVE-2016-0365 (IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and ...) NOT-FOR-US: IBM CVE-2016-0364 (IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and ...) @@ -100361,24 +100464,24 @@ CVE-2016-0353 (IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, wh NOT-FOR-US: IBM CVE-2016-0352 RESERVED -CVE-2016-0351 - RESERVED +CVE-2016-0351 (IBM Security Identity Manager Virtual Appliance 7.0.x before ...) + TODO: check CVE-2016-0350 (Cross-site scripting (XSS) vulnerability in the Report Builder and ...) NOT-FOR-US: IBM CVE-2016-0349 (IBM Business Process Manager 8.5.6 through 8.5.6.2 and 8.5.7 before ...) NOT-FOR-US: IBM -CVE-2016-0348 - RESERVED +CVE-2016-0348 (Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA ...) + TODO: check CVE-2016-0347 RESERVED CVE-2016-0346 (Cross-site scripting (XSS) vulnerability in IBM Cognos Business ...) NOT-FOR-US: IBM -CVE-2016-0345 - RESERVED -CVE-2016-0344 - RESERVED -CVE-2016-0343 - RESERVED +CVE-2016-0345 (IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before ...) + TODO: check +CVE-2016-0344 (Cross-site scripting (XSS) vulnerability in the My Reports component ...) + TODO: check +CVE-2016-0343 (IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before ...) + TODO: check CVE-2016-0342 (IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before ...) NOT-FOR-US: IBM TRIRIGA Application Platform CVE-2016-0341 (IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B ...) @@ -106780,8 +106883,8 @@ CVE-2015-6571 RESERVED CVE-2015-6570 RESERVED -CVE-2015-6569 - RESERVED +CVE-2015-6569 (Race condition in the LoadBalancer module in the Atlassian Floodlight ...) + TODO: check CVE-2015-6568 (Wolf CMS before 0.8.3.1 allows unrestricted file rename and PHP Code ...) NOT-FOR-US: Wolf CMS CVE-2015-6567 (Wolf CMS before 0.8.3.1 allows unrestricted file upload and PHP Code ...) @@ -108710,8 +108813,8 @@ CVE-2015-5726 (The BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before - botan1.10 1.10.10-1 NOTE: Fixed in 1.11.19 and 1.10.10, affected all previous versions of 1.10 and 1.11 NOTE: http://botan.randombit.net/security.html -CVE-2015-5725 - RESERVED +CVE-2015-5725 (SQL injection vulnerability in the offset method in the Active Record ...) + TODO: check CVE-2014-9742 (The Miller-Rabin primality check in Botan before 1.10.8 and 1.11.x ...) {DLA-449-1} - botan1.10 1.10.8-1 @@ -110062,8 +110165,7 @@ CVE-2015-5318 (Jenkins before 1.638 and LTS before 1.625.2 uses a publicly acces CVE-2015-5317 (The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 ...) - jenkins <removed> NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11 -CVE-2015-5316 [EAP-pwd peer error path failure on unexpected Confirm message] - RESERVED +CVE-2015-5316 (The eap_pwd_perform_confirm_exchange function in eap_peer/eap_pwd.c in ...) {DSA-3397-1} - wpa 2.3-2.3 (bug #804710) [wheezy] - wpa <not-affected> (v2.3-v2.5 with CONFIG_EAP_PWD=y) @@ -110072,8 +110174,7 @@ CVE-2015-5316 [EAP-pwd peer error path failure on unexpected Confirm message] NOTE: http://w1.fi/security/2015-8/ NOTE: https://w1.fi/security/2015-8/eap-pwd-unexpected-confirm.txt NOTE: https://w1.fi/security/2015-8/0001-EAP-pwd-peer-Fix-error-path-for-unexpected-Confirm-m.patch -CVE-2015-5315 [wpa_supplicant: EAP-pwd missing last fragment length validation] - RESERVED +CVE-2015-5315 (The eap_pwd_process function in eap_peer/eap_pwd.c in wpa_supplicant ...) {DSA-3397-1} - wpa 2.3-2.3 (bug #804708) [wheezy] - wpa <not-affected> (v2.0-v2.5 with CONFIG_EAP_PWD=y) @@ -110082,8 +110183,7 @@ CVE-2015-5315 [wpa_supplicant: EAP-pwd missing last fragment length validation] NOTE: http://w1.fi/security/2015-7/ NOTE: https://w1.fi/security/2015-7/eap-pwd-missing-last-fragment-length-validation.txt NOTE: https://w1.fi/security/2015-7/0001-EAP-pwd-peer-Fix-last-fragment-length-validation.patch -CVE-2015-5314 [hostapd: EAP-pwd missing last fragment length validation] - RESERVED +CVE-2015-5314 (The eap_pwd_process function in eap_server/eap_server_pwd.c in hostapd ...) {DSA-3397-1} - wpa 2.3-2.3 (bug #804708) [wheezy] - wpa <not-affected> (v2.0-v2.5 with CONFIG_EAP_PWD=y) @@ -110112,7 +110212,7 @@ CVE-2015-5311 (PowerDNS (aka pdns) Authoritative Server 3.4.4 before 3.4.7 allow [squeeze] - pdns <not-affected> (Only 3.4.4 and later affected) - pdns-recursor <not-affected> (recursor not affected) NOTE: http://www.openwall.com/lists/oss-security/2015/11/09/3 -CVE-2015-5310 (Wi-Fi in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows ...) +CVE-2015-5310 (The WNM Sleep Mode code in wpa_supplicant 2.x before 2.6 does not ...) {DSA-3397-1} - wpa 2.3-2.3 (bug #804707) [wheezy] - wpa <not-affected> (v2.0-v2.5 with CONFIG_WNM=y) @@ -127542,7 +127642,7 @@ CVE-2015-0264 (Multiple XML external entity (XXE) vulnerabilities in ...) CVE-2015-0263 (XML external entity (XXE) vulnerability in the XML converter setup in ...) NOT-FOR-US: Apache Camel CVE-2015-0262 - RESERVED + REJECTED CVE-2015-0261 (Integer signedness error in the mobility_opt_print function in the ...) {DSA-3193-1 DLA-174-1} - tcpdump 4.6.2-4 @@ -127772,8 +127872,7 @@ CVE-2015-0204 (The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before {DSA-3125-1 DLA-132-1} - openssl 1.0.1k-1 NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=37580f43b5a39f5f4e920d17273fab9713d3a744 -CVE-2015-0203 - RESERVED +CVE-2015-0203 (The qpidd broker in Apache Qpid 0.30 and earlier allows remote ...) - qpid-cpp <removed> (bug #775359) [wheezy] - qpid-cpp <no-dsa> (Minor issue) CVE-2015-0202 (The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows ...) @@ -157536,8 +157635,8 @@ CVE-2013-4893 RESERVED CVE-2013-4892 RESERVED -CVE-2013-4891 - RESERVED +CVE-2013-4891 (The xss_clean function in CodeIgniter before 2.1.4 might allow remote ...) + TODO: check CVE-2013-4889 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) NOT-FOR-US: Digital Signage Xibo CVE-2013-4888 (Cross-site scripting (XSS) vulnerability in index.php in Digital ...) @@ -171022,8 +171121,7 @@ CVE-2013-0269 (The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1 CVE-2013-0268 (The msr_open function in arch/x86/kernel/msr.c in the Linux kernel ...) - linux 3.2.39-1 - linux-2.6 2.6.32-48squeeze1 -CVE-2013-0267 - RESERVED +CVE-2013-0267 (The Privileges portion of the web GUI and the XMLRPC API in Apache VCL ...) NOT-FOR-US: Apache VCL CVE-2013-0266 (manifests/base.pp in the puppetlabs-cinder module, as used in ...) NOT-FOR-US: Openstack Packstack View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ad81ed3655fba6fd06afe38feac92838f2a23791 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ad81ed3655fba6fd06afe38feac92838f2a23791 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits