Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a1779b2c by security tracker role at 2018-03-28T08:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,107 @@
+CVE-2018-9109 (Studio 42 elFinder before 2.1.36 has Directory Traversal via
the ...)
+ TODO: check
+CVE-2018-9108 (CSRF in /admin/user/manage/add in QuickAppsCMS 2.0.0-beta2
allows an ...)
+ TODO: check
+CVE-2018-9107 (CSV Injection (aka Excel Macro Injection or Formula Injection)
exists ...)
+ TODO: check
+CVE-2018-9106 (CSV Injection (aka Excel Macro Injection or Formula Injection)
exists ...)
+ TODO: check
+CVE-2018-9105 (NordVPN 3.3.10 for macOS suffers from a root privilege
escalation ...)
+ TODO: check
+CVE-2018-9104
+ RESERVED
+CVE-2018-9103
+ RESERVED
+CVE-2018-9102
+ RESERVED
+CVE-2018-9101
+ RESERVED
+CVE-2018-9100
+ RESERVED
+CVE-2018-9099
+ RESERVED
+CVE-2018-9098
+ RESERVED
+CVE-2018-9097
+ RESERVED
+CVE-2018-9096
+ RESERVED
+CVE-2018-9095
+ RESERVED
+CVE-2018-9094
+ RESERVED
+CVE-2018-9093
+ RESERVED
+CVE-2018-9092 (There is a CSRF vulnerability in mc-admin/conf.php in MiniCMS
1.10 that ...)
+ TODO: check
+CVE-2018-9091
+ RESERVED
+CVE-2018-9090
+ RESERVED
+CVE-2018-9089
+ RESERVED
+CVE-2018-9088
+ RESERVED
+CVE-2018-9087
+ RESERVED
+CVE-2018-9086
+ RESERVED
+CVE-2018-9085
+ RESERVED
+CVE-2018-9084
+ RESERVED
+CVE-2018-9083
+ RESERVED
+CVE-2018-9082
+ RESERVED
+CVE-2018-9081
+ RESERVED
+CVE-2018-9080
+ RESERVED
+CVE-2018-9079
+ RESERVED
+CVE-2018-9078
+ RESERVED
+CVE-2018-9077
+ RESERVED
+CVE-2018-9076
+ RESERVED
+CVE-2018-9075
+ RESERVED
+CVE-2018-9074
+ RESERVED
+CVE-2018-9073
+ RESERVED
+CVE-2018-9072
+ RESERVED
+CVE-2018-9071
+ RESERVED
+CVE-2018-9070
+ RESERVED
+CVE-2018-9069
+ RESERVED
+CVE-2018-9068
+ RESERVED
+CVE-2018-9067
+ RESERVED
+CVE-2018-9066
+ RESERVED
+CVE-2018-9065
+ RESERVED
+CVE-2018-9064
+ RESERVED
+CVE-2018-9063
+ RESERVED
+CVE-2018-9062
+ RESERVED
+CVE-2018-9061
+ RESERVED
+CVE-2018-9060
+ RESERVED
+CVE-2018-9059
+ RESERVED
+CVE-2018-9058 (In Long Range Zip (aka lrzip) 0.631, there is an infinite loop
in the ...)
+ TODO: check
CVE-2018-XXXX [DRUPAL-PSA-2018-001]
- drupal7 <unfixed> (bug #894259)
NOTE: https://www.drupal.org/psa-2018-001
@@ -594,8 +698,8 @@ CVE-2018-8825
RESERVED
CVE-2018-8824
RESERVED
-CVE-2018-8823
- RESERVED
+CVE-2018-8823 (modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu
...)
+ TODO: check
CVE-2018-8822 (Incorrect buffer length handling in the ncp_read_kernel
function in ...)
- linux <unfixed>
CVE-2018-1000135 (GNOME NetworkManager version 1.10.2 and earlier contains a
Information ...)
@@ -10654,6 +10758,7 @@ CVE-2018-5149
RESERVED
CVE-2018-5148 [Use-after-free in compositor]
RESERVED
+ {DSA-4153-1 DLA-1321-1}
- firefox 59.0.2-1
- firefox-esr 52.7.3esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-10/
@@ -20635,8 +20740,7 @@ CVE-2018-1329
RESERVED
CVE-2018-1328
RESERVED
-CVE-2018-1327 [A crafted XML request can be used to perform a DoS attack when
using the Struts REST plugin]
- RESERVED
+CVE-2018-1327 (The Apache Struts REST Plugin is using XStream library which is
...)
- libstruts1.2-java <not-affected> (Specific to 2.x)
NOTE: https://cwiki.apache.org/confluence/display/WW/S2-056
CVE-2018-1326
@@ -20925,10 +21029,10 @@ CVE-2018-1240
RESERVED
CVE-2018-1239
RESERVED
-CVE-2018-1238
- RESERVED
-CVE-2018-1237
- RESERVED
+CVE-2018-1238 (Dell EMC ScaleIO versions prior to 2.5, contain a command
injection ...)
+ TODO: check
+CVE-2018-1237 (Dell EMC ScaleIO versions prior to 2.5, contain improper
restriction ...)
+ TODO: check
CVE-2018-1236
RESERVED
CVE-2018-1235
@@ -20991,8 +21095,8 @@ CVE-2018-1207 (Dell EMC iDRAC7/iDRAC8, versions prior
to 2.52.52.52, contain CGI
NOT-FOR-US: Dell EMC iDRAC7/iDRAC8
CVE-2018-1206 (Dell EMC Data Protection Advisor versions prior to 6.3 Patch
159 and ...)
NOT-FOR-US: EMC Data Protection Advisor
-CVE-2018-1205
- RESERVED
+CVE-2018-1205 (Dell EMC ScaleIO, versions prior to 2.5, do not properly handle
some ...)
+ TODO: check
CVE-2018-1204 (Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1,
8.0.1.0 - ...)
NOT-FOR-US: Dell
CVE-2018-1203 (In Dell EMC Isilon OneFS, the compadmin is able to run tcpdump
binary ...)
@@ -21432,8 +21536,7 @@ CVE-2018-1092 [NULL pointer dereference in
ext4/mballoc.c:ext4_process_freed_dat
RESERVED
- linux <unfixed>
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199179
-CVE-2018-1091 [KVM guest kernel crash during core dump on POWER9 host]
- RESERVED
+CVE-2018-1091 (In the flush_tmregs_to_thread function in
arch/powerpc/kernel/ptrace.c ...)
- linux 4.13.10-1
[stretch] - linux 4.9.65-1
NOTE: Fixed by:
https://git.kernel.org/linus/c1fa0768a8713b135848f78fd43ffc208d8ded70
@@ -22912,8 +23015,7 @@ CVE-2017-17080 (elf.c in the Binary File Descriptor
(BFD) library (aka libbfd),
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22421
CVE-2018-0740
RESERVED
-CVE-2018-0739 [Constructed ASN.1 types with a recursive definition could
exceed the stack]
- RESERVED
+CVE-2018-0739 (Constructed ASN.1 types with a recursive definition (such as
can be ...)
- openssl 1.1.0h-1
- openssl1.0 1.0.2o-1
NOTE: https://www.openssl.org/news/secadv/20180327.txt
@@ -22929,8 +23031,7 @@ CVE-2018-0735
RESERVED
CVE-2018-0734
RESERVED
-CVE-2018-0733 [Incorrect CRYPTO_memcmp on HP-UX PA-RISC]
- RESERVED
+CVE-2018-0733 (Because of an implementation bug the PA-RISC CRYPTO_memcmp
function is ...)
- openssl 1.1.0h-1 (unimportant)
[jessie] - openssl <not-affected> (vulnerable code not present)
[wheezy] - openssl <not-affected> (vulnerable code not present)
@@ -53200,12 +53301,12 @@ CVE-2017-7634 (Cross-site scripting (XSS)
vulnerability in QNAP NAS application
NOT-FOR-US: QNAP NAS application Media Streaming add-on
CVE-2017-7633 (QNAP Qfinder Pro 6.1.0.0317 and earlier may expose sensitive
...)
NOT-FOR-US: QNAP
-CVE-2017-7632
- RESERVED
-CVE-2017-7631
- RESERVED
-CVE-2017-7630
- RESERVED
+CVE-2017-7632 (Cross-site scripting (XSS) vulnerability in File Station of
QNAP QTS ...)
+ TODO: check
+CVE-2017-7631 (Cross-site scripting (XSS) vulnerability in the share link
function of ...)
+ TODO: check
+CVE-2017-7630 (QNAP QTS 4.2.6 build 20171026, QTS 4.3.3 build 20170727 and
earlier ...)
+ TODO: check
CVE-2017-7629 (QNAP QTS before 4.2.6 build 20170517 has a flaw in the change
password ...)
NOT-FOR-US: QNAP QTS
CVE-2017-7628 (The "Smart related articles" extension 1.1 for
Joomla! has SQL ...)
@@ -143062,14 +143163,11 @@ CVE-2014-5134
RESERVED
CVE-2014-5133
RESERVED
-CVE-2014-5132
- RESERVED
+CVE-2014-5132 (Avolve Software ProjectDox 8.1 allows remote attackers to
enumerate ...)
NOT-FOR-US: ProjectDox
-CVE-2014-5131
- RESERVED
+CVE-2014-5131 (Avolve Software ProjectDox 8.1 makes it easier for remote ...)
NOT-FOR-US: ProjectDox
-CVE-2014-5130
- RESERVED
+CVE-2014-5130 (Avolve Software ProjectDox 8.1 allows remote authenticated
users to ...)
NOT-FOR-US: ProjectDox
CVE-2014-5129 (Cross-site scripting (XSS) vulnerability in Avolve Software
ProjectDox ...)
NOT-FOR-US: ProjectDox
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a1779b2cb037390e7c3428a9542e16bf3f2a6b35
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a1779b2cb037390e7c3428a9542e16bf3f2a6b35
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
