Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7a94df74 by security tracker role at 2018-03-20T09:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,45 @@
+CVE-2018-8821 (windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows
attackers ...)
+ TODO: check
+CVE-2018-8820
+ RESERVED
+CVE-2018-8819
+ RESERVED
+CVE-2018-8818
+ RESERVED
+CVE-2018-8817
+ RESERVED
+CVE-2018-8816
+ RESERVED
+CVE-2018-8815 (Cross-site scripting (XSS) vulnerability in the gallery
function in ...)
+ TODO: check
+CVE-2018-8814
+ RESERVED
+CVE-2018-8813
+ RESERVED
+CVE-2018-8812
+ RESERVED
+CVE-2018-8811 (Cross-site request forgery (CSRF) vulnerability in ...)
+ TODO: check
+CVE-2018-8810 (In radare2 2.4.0, there is a heap-based buffer over-read in the
...)
+ TODO: check
+CVE-2018-8809 (In radare2 2.4.0, there is a heap-based buffer over-read in the
...)
+ TODO: check
+CVE-2018-8808 (In radare2 2.4.0, there is a heap-based buffer over-read in the
...)
+ TODO: check
+CVE-2018-8807 (In libming 0.4.8, these is a use-after-free in the function ...)
+ TODO: check
+CVE-2018-8806 (In libming 0.4.8, there is a use-after-free in the ...)
+ TODO: check
+CVE-2018-8805 (Yxcms building system (compatible cell phone) v1.4.7 has XSS
via the ...)
+ TODO: check
+CVE-2018-8804 (WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16
allows remote ...)
+ TODO: check
+CVE-2018-8803
+ RESERVED
+CVE-2018-8802
+ RESERVED
+CVE-2018-8801
+ RESERVED
CVE-2018-8800
RESERVED
CVE-2018-8799
@@ -3360,8 +3402,8 @@ CVE-2018-7447 (mojoPortal through 2.6.0.0 is prone to
multiple persistent cross-
NOT-FOR-US: mojoPortal
CVE-2018-7446
RESERVED
-CVE-2018-7445
- RESERVED
+CVE-2018-7445 (A buffer overflow was found in the MikroTik RouterOS SMB
service when ...)
+ TODO: check
CVE-2018-7444
RESERVED
CVE-2017-18199 (realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows
remote ...)
@@ -4045,8 +4087,7 @@ CVE-2018-7263 (The mad_decoder_run() function in
decoder.c in Underbit libmad th
NOTE: https://bugs.debian.org/870608
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1081784
TODO: clarify with MITRE why this CVE was additionally assigned
-CVE-2018-7262 [Malformed HTTP requests handled in
rgw_civetweb.cc:RGW::init_env() can lead to NULL pointer dereference]
- RESERVED
+CVE-2018-7262 (In Ceph before 12.2.3 and 13.x through 13.0.1, the
rgw_civetweb.cc ...)
- ceph <not-affected> (Issue introduced later)
NOTE: See details in https://bugs.debian.org/891963#15 . Ceph as
present in
NOTE: Debian up to 10.2.5-7.2 is not vulnerable as they contain an older
@@ -9740,8 +9781,7 @@ CVE-2017-18022 (In ImageMagick 7.0.7-12 Q16, there are
memory leaks in ...)
CVE-2018-5244 (In Xen 4.10, new infrastructure was introduced as part of an
overhaul ...)
- xen <not-affected> (Only affects Xen 4.10 onwards)
NOTE: https://xenbits.xen.org/xsa/advisory-253.html
-CVE-2018-5233
- RESERVED
+CVE-2018-5233 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: Grav CMS admin plugin
CVE-2018-5232
RESERVED
@@ -141543,8 +141583,7 @@ CVE-2014-5459 (The PEAR_REST class in REST.php in
PEAR in PHP through 5.6.0 allo
NOTE: Although #682157 and #759282 got closed the issues with unsafe
use of
NOTE: /tmp are not yet resolved, cf. https://bugs.debian.org/682157#36
NOTE: Neutralised by kernel hardening
-CVE-2014-5450
- RESERVED
+CVE-2014-5450 (Zarafa Collaboration Platform 4.1 uses world-readable
permissions for ...)
- zarafa <itp> (bug #658433)
CVE-2014-5449 (Zarafa WebAccess 4.1 and WebApp uses world-readable permissions
for ...)
- zarafa <itp> (bug #658433)
@@ -141552,8 +141591,7 @@ CVE-2014-5448 (Zarafa 5.00 uses world-readable
permissions for the files in the
- zarafa <itp> (bug #658433)
CVE-2014-5447 (Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak
permissions ...)
- zarafa <itp> (bug #658433)
-CVE-2014-5443
- RESERVED
+CVE-2014-5443 (Seafile Server before 3.1.2 and Server Professional Edition
before ...)
- seafile <not-affected> (Fixed before initial upload to the archive)
CVE-2014-5388 (Off-by-one error in the pci_read function in the ACPI PCI
hotplug ...)
- qemu 2.1+dfsg-5
@@ -144928,8 +144966,8 @@ CVE-2014-4026
RESERVED
CVE-2014-4025
RESERVED
-CVE-2014-4024
- RESERVED
+CVE-2014-4024 (SSL virtual servers in F5 BIG-IP systems 10.x before 10.2.4
HF9, 11.x ...)
+ TODO: check
CVE-2014-4023 (Cross-site scripting (XSS) vulnerability in
tmui/dashboard/echo.jsp in ...)
NOT-FOR-US: F5 BIG-IP
CVE-2014-4022 (The alloc_domain_struct function in arch/arm/domain.c in Xen
4.4.x, ...)
@@ -148336,11 +148374,9 @@ CVE-2014-2890 (Cross-site scripting (XSS)
vulnerability in the wrap_html functio
- phpmyid <itp> (bug #492325)
CVE-2014-2888 (lib/sfpagent/bsig.rb in the sfpagent gem before 0.4.15 for Ruby
allows ...)
NOT-FOR-US: Ruby Gem sfpagent
-CVE-2014-2885
- RESERVED
+CVE-2014-2885 (Multiple integer overflows in TrueCrypt 7.1a allow local users
to (1) ...)
- truecrypt <itp> (bug #364034)
-CVE-2014-2884
- RESERVED
+CVE-2014-2884 (The ProcessVolumeDeviceControlIrp function in Ntdriver.c in
TrueCrypt ...)
- truecrypt <itp> (bug #364034)
CVE-2014-2874 (PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows
remote ...)
NOT-FOR-US: PaperThin CommonSpot
@@ -148882,10 +148918,10 @@ CVE-2014-2677
RESERVED
CVE-2014-2676
RESERVED
-CVE-2014-2675
- RESERVED
-CVE-2014-2674
- RESERVED
+CVE-2014-2675 (Cross-site request forgery (CSRF) vulnerability in
inc/AdminPage.php ...)
+ TODO: check
+CVE-2014-2674 (Directory traversal vulnerability in the Ajax Pagination
(twitter ...)
+ TODO: check
CVE-2014-2671 (Microsoft Windows Media Player (WMP) 11.0.5721.5230 allows
remote ...)
NOT-FOR-US: Microsoft Windows Media Player
CVE-2014-2670 (Cross-site scripting (XSS) vulnerability in Properties.do in
ZOHO ...)
@@ -148993,8 +149029,8 @@ CVE-2014-2655 (SQL injection vulnerability in the
gen_show_status function in ..
CVE-2014-2653 (The verify_host_key function in sshconnect.c in the client in
OpenSSH ...)
{DSA-2894-1}
- openssh 1:6.6p1-1 (low; bug #742513)
-CVE-2014-2652
- RESERVED
+CVE-2014-2652 (SQL injection vulnerability in OpenScape Deployment Service
(DLS) ...)
+ TODO: check
CVE-2014-2651
RESERVED
CVE-2014-2650
@@ -149187,8 +149223,8 @@ CVE-2014-2552
RESERVED
CVE-2014-2551
RESERVED
-CVE-2014-2550
- RESERVED
+CVE-2014-2550 (Cross-site request forgery (CSRF) vulnerability in the Disable
...)
+ TODO: check
CVE-2014-2549
RESERVED
CVE-2014-2548
@@ -149942,8 +149978,8 @@ CVE-2014-2299 (Buffer overflow in the mpeg_read
function in wiretap/mpeg.c in th
NOTE: http://www.wireshark.org/security/wnpa-sec-2014-04.html
CVE-2014-2298
RESERVED
-CVE-2014-2297
- RESERVED
+CVE-2014-2297 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
+ TODO: check
CVE-2014-2296
RESERVED
CVE-2014-2295
@@ -150023,8 +150059,8 @@ CVE-2014-2276 (The FileUploadController servlet in
EMC Connectrix Manager Conver
NOT-FOR-US: EMC
CVE-2014-2275
RESERVED
-CVE-2014-2274
- RESERVED
+CVE-2014-2274 (Cross-site request forgery (CSRF) vulnerability in the
Subscribe To ...)
+ TODO: check
CVE-2014-2273 (The hx170dec device driver in Huawei P2-6011 before
V100R001C00B043 ...)
NOT-FOR-US: Huawei Router
CVE-2014-2272
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7a94df74102cb4c9ed64b8fd503f8ee5867efd5e
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7a94df74102cb4c9ed64b8fd503f8ee5867efd5e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
