[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Sun, 25 Mar 2018 13:10:47 -0700 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
50608f14 by security tracker role at 2018-03-25T20:10:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,19 @@
+CVE-2018-9017 (dsmall v20180320 allows XSS via the member search box at the 
...)
+       TODO: check
+CVE-2018-9016 (dsmall v20180320 allows XSS via the main page search box at the 
...)
+       TODO: check
+CVE-2018-9015 (dsmall v20180320 allows XSS via the ...)
+       TODO: check
+CVE-2018-9014 (dsmall v20180320 allows physical path leakage via a ...)
+       TODO: check
+CVE-2018-9013
+       RESERVED
+CVE-2018-9012
+       RESERVED
+CVE-2018-9011
+       RESERVED
+CVE-2018-9010 (Intelbras TELEFONE IP TIP200/200 LITE 60.0.75.29 devices allow 
remote ...)
+       TODO: check
 CVE-2018-9009 (In libming 0.4.8, there is a use-after-free in the 
decompileJUMP ...)
        - ming <removed>
        NOTE: https://github.com/libming/libming/issues/131
@@ -59,10 +75,10 @@ CVE-2018-8981
        RESERVED
 CVE-2018-8980
        RESERVED
-CVE-2018-8979
-       RESERVED
-CVE-2018-8978
-       RESERVED
+CVE-2018-8979 (Open-AudIT Professional 2.1 has CSRF, as demonstrated by 
modifying a ...)
+       TODO: check
+CVE-2018-8978 (Open-AudIT Professional 2.1 has XSS via a crafted src attribute 
of an ...)
+       TODO: check
 CVE-2018-8977 (In Exiv2 0.26, the Exiv2::Internal::printCsLensFFFF function in 
...)
        TODO: check
 CVE-2018-8976 (In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a 
denial ...)
@@ -130,8 +146,8 @@ CVE-2018-8949 (An issue was discovered in 
app/Model/Attribute.php in MISP before
        NOT-FOR-US: MISP
 CVE-2018-8948 (In MISP before 2.4.89, app/View/Events/resolved_attributes.ctp 
has ...)
        NOT-FOR-US: MISP
-CVE-2018-8947
-       RESERVED
+CVE-2018-8947 (rap2hpoutre Laravel Log Viewer before v0.13.0 relies on Base64 
encoding ...)
+       TODO: check
 CVE-2018-1000141 (I, Librarian version 4.9 and earlier contains an Incorrect 
Access ...)
        - i-librarian <itp> (bug #649291)
        NOTE: https://github.com/mkucej/i-librarian/issues/124
@@ -457,8 +473,8 @@ CVE-2018-8819
        RESERVED
 CVE-2018-8818
        RESERVED
-CVE-2018-8817
-       RESERVED
+CVE-2018-8817 (Wampserver before 3.1.3 has CSRF in add_vhost.php. ...)
+       TODO: check
 CVE-2018-8816
        RESERVED
 CVE-2018-8815 (Cross-site scripting (XSS) vulnerability in the gallery 
function in ...)
@@ -2987,8 +3003,8 @@ CVE-2018-7721 (Cross Site Scripting (XSS) exists in 
MetInfo 6.0.0 via ...)
        NOT-FOR-US: MetInfo
 CVE-2018-7720 (A cross-site request forgery (CSRF) vulnerability exists in 
Western ...)
        NOT-FOR-US: Western Bridge Cobub Razor
-CVE-2018-7719
-       RESERVED
+CVE-2018-7719 (Acrolinx Server before 5.2.5 on Windows allows Directory 
Traversal. ...)
+       TODO: check
 CVE-2018-7752 (GPAC through 0.7.1 has a Buffer Overflow in the 
gf_media_avc_read_sps ...)
        - gpac <unfixed> (bug #892526)
        [wheezy] - gpac <not-affected> (vulnerable code not present)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/50608f147a7b202caeb7931b50abb34f0527aa49

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/50608f147a7b202caeb7931b50abb34f0527aa49
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to