Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 994745b7 by security tracker role at 2018-03-21T09:10:23+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,113 @@ +CVE-2018-8884 + RESERVED +CVE-2018-8883 (Netwide Assembler (NASM) 2.13.02rc2 has a buffer over-read in the ...) + TODO: check +CVE-2018-8882 (Netwide Assembler (NASM) 2.13.02rc2 has a stack-based buffer under-read ...) + TODO: check +CVE-2018-8881 (Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer over-read ...) + TODO: check +CVE-2018-8880 + RESERVED +CVE-2018-8879 + RESERVED +CVE-2018-8878 + RESERVED +CVE-2018-8877 + RESERVED +CVE-2018-8876 (In 2345 Security Guard 3.6, the driver file (2345Wrath.sys) allows ...) + TODO: check +CVE-2018-8875 (In 2345 Security Guard 3.6, the driver file (2345Wrath.sys) allows ...) + TODO: check +CVE-2018-8874 (In 2345 Security Guard 3.6, the driver file (2345Wrath.sys) allows ...) + TODO: check +CVE-2018-8873 (In 2345 Security Guard 3.6, the driver file (2345NetFirewall.sys) ...) + TODO: check +CVE-2018-8872 + RESERVED +CVE-2018-8871 + RESERVED +CVE-2018-8870 + RESERVED +CVE-2018-8869 + RESERVED +CVE-2018-8868 + RESERVED +CVE-2018-8867 + RESERVED +CVE-2018-8866 + RESERVED +CVE-2018-8865 + RESERVED +CVE-2018-8864 + RESERVED +CVE-2018-8863 + RESERVED +CVE-2018-8862 + RESERVED +CVE-2018-8861 + RESERVED +CVE-2018-8860 + RESERVED +CVE-2018-8859 + RESERVED +CVE-2018-8858 + RESERVED +CVE-2018-8857 + RESERVED +CVE-2018-8856 + RESERVED +CVE-2018-8855 + RESERVED +CVE-2018-8854 + RESERVED +CVE-2018-8853 + RESERVED +CVE-2018-8852 + RESERVED +CVE-2018-8851 + RESERVED +CVE-2018-8850 + RESERVED +CVE-2018-8849 + RESERVED +CVE-2018-8848 + RESERVED +CVE-2018-8847 + RESERVED +CVE-2018-8846 + RESERVED +CVE-2018-8845 + RESERVED +CVE-2018-8844 + RESERVED +CVE-2018-8843 + RESERVED +CVE-2018-8842 + RESERVED +CVE-2018-8841 + RESERVED +CVE-2018-8840 + RESERVED +CVE-2018-8839 + RESERVED +CVE-2018-8838 + RESERVED +CVE-2018-8837 + RESERVED +CVE-2018-8836 + RESERVED +CVE-2018-8835 + RESERVED +CVE-2018-8834 + RESERVED +CVE-2018-8833 + RESERVED +CVE-2018-8832 (enhavo 0.4.0 has XSS via a user-group that contains executable ...) + TODO: check +CVE-2018-8831 + RESERVED +CVE-2018-8830 + RESERVED CVE-2018-8829 RESERVED CVE-2018-8828 (A Buffer Overflow issue was discovered in Kamailio before 4.4.7, 5.0.x ...) @@ -109085,14 +109195,14 @@ CVE-2015-7463 (IBM Business Process Manager 7.5.x, 8.0.x, 8.5.0, 8.5.5, and 8.5. NOT-FOR-US: IBM CVE-2015-7462 (IBM WebSphere MQ 8.0.0.4 on IBM i platforms allows local users to ...) NOT-FOR-US: IBM -CVE-2015-7461 - RESERVED -CVE-2015-7460 - RESERVED -CVE-2015-7459 - RESERVED -CVE-2015-7458 - RESERVED +CVE-2015-7461 (XML external entity (XXE) vulnerability in IBM Connections 3.0.1.1 and ...) + TODO: check +CVE-2015-7460 (Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 ...) + TODO: check +CVE-2015-7459 (Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 ...) + TODO: check +CVE-2015-7458 (Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 ...) + TODO: check CVE-2015-7457 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x ...) NOT-FOR-US: IBM CVE-2015-7456 (IBM Spectrum Scale 4.1.1 before 4.1.1.4, and 4.2.0.0, allows remote ...) @@ -109109,8 +109219,8 @@ CVE-2015-7451 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...) NOT-FOR-US: IBM CVE-2015-7450 (Serialized-object interfaces in certain IBM analytics, business ...) NOT-FOR-US: IBM -CVE-2015-7449 - RESERVED +CVE-2015-7449 (IBM Rational Collaborative Lifecycle Management (CLM) 4.0.x before ...) + TODO: check CVE-2015-7448 (SQL injection vulnerability in IBM Maximo Asset Management 7.1 through ...) NOT-FOR-US: IBM CVE-2015-7447 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...) @@ -142902,8 +143012,8 @@ CVE-2014-4930 (Multiple cross-site scripting (XSS) vulnerabilities in event/inde CVE-2014-4929 (Directory traversal vulnerability in the routing component in ownCloud ...) - owncloud 6.0.4~beta1+dfsg-1 NOTE: https://github.com/owncloud/security-advisories/blob/master/server/oc-sa-2014-018.json -CVE-2014-4928 - RESERVED +CVE-2014-4928 (SQL injection vulnerability in Invision Power Board (aka IPB or ...) + TODO: check CVE-2014-4927 (Buffer overflow in ACME micro_httpd, as used in D-Link DSL2750U and ...) NOT-FOR-US: ACME micro_httpd CVE-2014-4926 @@ -145134,8 +145244,8 @@ CVE-2014-3992 (Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM 3.5.3 - dolibarr 3.5.4+dfsg2-1 (bug #755531) CVE-2014-3991 (Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ...) - dolibarr 3.5.5+dfsg1-1 -CVE-2014-3990 - RESERVED +CVE-2014-3990 (The Cart::getProducts method in system/library/cart.php in OpenCart ...) + TODO: check CVE-2014-3989 RESERVED CVE-2014-3988 (Cross-site scripting (XSS) vulnerability in index.php in SunHater ...) @@ -150912,12 +151022,10 @@ CVE-2014-2039 (arch/s390/kernel/head64.S in the Linux kernel before 3.13.5 on th NOTE: https://git.kernel.org/linus/8d7f6690cedb83456edd41c9bd583783f0703bf0 CVE-2014-2037 (Openswan 2.6.40 allows remote attackers to cause a denial of service ...) - openswan <not-affected> (Incomplete fix was never applied) -CVE-2014-2032 [missing input validation] - RESERVED +CVE-2014-2032 (Deadwood before 2.3.09, 3.x before 3.2.05, and as used in MaraDNS ...) - maradns <not-affected> (Deadwood resolver not enabled) NOTE: https://github.com/samboy/MaraDNS/commit/2cfcd2397cb8168d4aa4594839fabe88420d03c3 -CVE-2014-2031 [logic error] - RESERVED +CVE-2014-2031 (Deadwood before 2.3.09, 3.x before 3.2.05, and as used in MaraDNS ...) - maradns <not-affected> (Deadwood resolver not enabled) NOTE: https://github.com/samboy/MaraDNS/commit/f015495d221f1c2b2f10db38e87cecf3839d6093 CVE-2014-2030 @@ -151861,8 +151969,8 @@ CVE-2014-1668 RESERVED CVE-2014-1667 RESERVED -CVE-2014-1665 - RESERVED +CVE-2014-1665 (Cross-site scripting (XSS) vulnerability in ownCloud before 6.0.1 ...) + TODO: check CVE-2014-1663 (Unspecified vulnerability in Citrix XenMobile Device Manager server ...) NOT-FOR-US: Citrix XenMobile Device Manager server CVE-2014-1662 @@ -152747,8 +152855,8 @@ CVE-2014-1459 (SQL injection vulnerability in dg-admin/index.php in doorGets CMS NOT-FOR-US: doorGets CMS CVE-2014-1458 (Cross-site scripting (XSS) vulnerability in the web administration ...) NOT-FOR-US: FortiGuard FortiWeb -CVE-2014-1457 - RESERVED +CVE-2014-1457 (Open Web Analytics (OWA) before 1.5.6 improperly generates random ...) + TODO: check CVE-2014-1456 (Cross-site scripting (XSS) vulnerability in the login page in Open Web ...) NOT-FOR-US: Open Web Analytics CVE-2014-1455 (SQL injection vulnerability in the password reset functionality in ...) @@ -153289,8 +153397,7 @@ CVE-2014-1217 (Livetecs Timelive before 6.2.8 does not properly restrict access NOT-FOR-US: Livetecs Timelive CVE-2014-1216 (FitNesse Wiki 20131110, 20140201, and earlier allows remote attackers ...) NOT-FOR-US: Fitnesse Wiki -CVE-2014-1215 - RESERVED +CVE-2014-1215 (Multiple buffer overflows in Core FTP Server before 1.2 build 508 ...) NOT-FOR-US: Core FTP Server CVE-2014-1214 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/994745b7c87093f8cac86741f1bd0ceec42875c3 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/994745b7c87093f8cac86741f1bd0ceec42875c3 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits