Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: a1779b2c by security tracker role at 2018-03-28T08:10:17+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,107 @@ +CVE-2018-9109 (Studio 42 elFinder before 2.1.36 has Directory Traversal via the ...) + TODO: check +CVE-2018-9108 (CSRF in /admin/user/manage/add in QuickAppsCMS 2.0.0-beta2 allows an ...) + TODO: check +CVE-2018-9107 (CSV Injection (aka Excel Macro Injection or Formula Injection) exists ...) + TODO: check +CVE-2018-9106 (CSV Injection (aka Excel Macro Injection or Formula Injection) exists ...) + TODO: check +CVE-2018-9105 (NordVPN 3.3.10 for macOS suffers from a root privilege escalation ...) + TODO: check +CVE-2018-9104 + RESERVED +CVE-2018-9103 + RESERVED +CVE-2018-9102 + RESERVED +CVE-2018-9101 + RESERVED +CVE-2018-9100 + RESERVED +CVE-2018-9099 + RESERVED +CVE-2018-9098 + RESERVED +CVE-2018-9097 + RESERVED +CVE-2018-9096 + RESERVED +CVE-2018-9095 + RESERVED +CVE-2018-9094 + RESERVED +CVE-2018-9093 + RESERVED +CVE-2018-9092 (There is a CSRF vulnerability in mc-admin/conf.php in MiniCMS 1.10 that ...) + TODO: check +CVE-2018-9091 + RESERVED +CVE-2018-9090 + RESERVED +CVE-2018-9089 + RESERVED +CVE-2018-9088 + RESERVED +CVE-2018-9087 + RESERVED +CVE-2018-9086 + RESERVED +CVE-2018-9085 + RESERVED +CVE-2018-9084 + RESERVED +CVE-2018-9083 + RESERVED +CVE-2018-9082 + RESERVED +CVE-2018-9081 + RESERVED +CVE-2018-9080 + RESERVED +CVE-2018-9079 + RESERVED +CVE-2018-9078 + RESERVED +CVE-2018-9077 + RESERVED +CVE-2018-9076 + RESERVED +CVE-2018-9075 + RESERVED +CVE-2018-9074 + RESERVED +CVE-2018-9073 + RESERVED +CVE-2018-9072 + RESERVED +CVE-2018-9071 + RESERVED +CVE-2018-9070 + RESERVED +CVE-2018-9069 + RESERVED +CVE-2018-9068 + RESERVED +CVE-2018-9067 + RESERVED +CVE-2018-9066 + RESERVED +CVE-2018-9065 + RESERVED +CVE-2018-9064 + RESERVED +CVE-2018-9063 + RESERVED +CVE-2018-9062 + RESERVED +CVE-2018-9061 + RESERVED +CVE-2018-9060 + RESERVED +CVE-2018-9059 + RESERVED +CVE-2018-9058 (In Long Range Zip (aka lrzip) 0.631, there is an infinite loop in the ...) + TODO: check CVE-2018-XXXX [DRUPAL-PSA-2018-001] - drupal7 <unfixed> (bug #894259) NOTE: https://www.drupal.org/psa-2018-001 @@ -594,8 +698,8 @@ CVE-2018-8825 RESERVED CVE-2018-8824 RESERVED -CVE-2018-8823 - RESERVED +CVE-2018-8823 (modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu ...) + TODO: check CVE-2018-8822 (Incorrect buffer length handling in the ncp_read_kernel function in ...) - linux <unfixed> CVE-2018-1000135 (GNOME NetworkManager version 1.10.2 and earlier contains a Information ...) @@ -10654,6 +10758,7 @@ CVE-2018-5149 RESERVED CVE-2018-5148 [Use-after-free in compositor] RESERVED + {DSA-4153-1 DLA-1321-1} - firefox 59.0.2-1 - firefox-esr 52.7.3esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-10/ @@ -20635,8 +20740,7 @@ CVE-2018-1329 RESERVED CVE-2018-1328 RESERVED -CVE-2018-1327 [A crafted XML request can be used to perform a DoS attack when using the Struts REST plugin] - RESERVED +CVE-2018-1327 (The Apache Struts REST Plugin is using XStream library which is ...) - libstruts1.2-java <not-affected> (Specific to 2.x) NOTE: https://cwiki.apache.org/confluence/display/WW/S2-056 CVE-2018-1326 @@ -20925,10 +21029,10 @@ CVE-2018-1240 RESERVED CVE-2018-1239 RESERVED -CVE-2018-1238 - RESERVED -CVE-2018-1237 - RESERVED +CVE-2018-1238 (Dell EMC ScaleIO versions prior to 2.5, contain a command injection ...) + TODO: check +CVE-2018-1237 (Dell EMC ScaleIO versions prior to 2.5, contain improper restriction ...) + TODO: check CVE-2018-1236 RESERVED CVE-2018-1235 @@ -20991,8 +21095,8 @@ CVE-2018-1207 (Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI NOT-FOR-US: Dell EMC iDRAC7/iDRAC8 CVE-2018-1206 (Dell EMC Data Protection Advisor versions prior to 6.3 Patch 159 and ...) NOT-FOR-US: EMC Data Protection Advisor -CVE-2018-1205 - RESERVED +CVE-2018-1205 (Dell EMC ScaleIO, versions prior to 2.5, do not properly handle some ...) + TODO: check CVE-2018-1204 (Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - ...) NOT-FOR-US: Dell CVE-2018-1203 (In Dell EMC Isilon OneFS, the compadmin is able to run tcpdump binary ...) @@ -21432,8 +21536,7 @@ CVE-2018-1092 [NULL pointer dereference in ext4/mballoc.c:ext4_process_freed_dat RESERVED - linux <unfixed> NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199179 -CVE-2018-1091 [KVM guest kernel crash during core dump on POWER9 host] - RESERVED +CVE-2018-1091 (In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c ...) - linux 4.13.10-1 [stretch] - linux 4.9.65-1 NOTE: Fixed by: https://git.kernel.org/linus/c1fa0768a8713b135848f78fd43ffc208d8ded70 @@ -22912,8 +23015,7 @@ CVE-2017-17080 (elf.c in the Binary File Descriptor (BFD) library (aka libbfd), NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22421 CVE-2018-0740 RESERVED -CVE-2018-0739 [Constructed ASN.1 types with a recursive definition could exceed the stack] - RESERVED +CVE-2018-0739 (Constructed ASN.1 types with a recursive definition (such as can be ...) - openssl 1.1.0h-1 - openssl1.0 1.0.2o-1 NOTE: https://www.openssl.org/news/secadv/20180327.txt @@ -22929,8 +23031,7 @@ CVE-2018-0735 RESERVED CVE-2018-0734 RESERVED -CVE-2018-0733 [Incorrect CRYPTO_memcmp on HP-UX PA-RISC] - RESERVED +CVE-2018-0733 (Because of an implementation bug the PA-RISC CRYPTO_memcmp function is ...) - openssl 1.1.0h-1 (unimportant) [jessie] - openssl <not-affected> (vulnerable code not present) [wheezy] - openssl <not-affected> (vulnerable code not present) @@ -53200,12 +53301,12 @@ CVE-2017-7634 (Cross-site scripting (XSS) vulnerability in QNAP NAS application NOT-FOR-US: QNAP NAS application Media Streaming add-on CVE-2017-7633 (QNAP Qfinder Pro 6.1.0.0317 and earlier may expose sensitive ...) NOT-FOR-US: QNAP -CVE-2017-7632 - RESERVED -CVE-2017-7631 - RESERVED -CVE-2017-7630 - RESERVED +CVE-2017-7632 (Cross-site scripting (XSS) vulnerability in File Station of QNAP QTS ...) + TODO: check +CVE-2017-7631 (Cross-site scripting (XSS) vulnerability in the share link function of ...) + TODO: check +CVE-2017-7630 (QNAP QTS 4.2.6 build 20171026, QTS 4.3.3 build 20170727 and earlier ...) + TODO: check CVE-2017-7629 (QNAP QTS before 4.2.6 build 20170517 has a flaw in the change password ...) NOT-FOR-US: QNAP QTS CVE-2017-7628 (The "Smart related articles" extension 1.1 for Joomla! has SQL ...) @@ -143062,14 +143163,11 @@ CVE-2014-5134 RESERVED CVE-2014-5133 RESERVED -CVE-2014-5132 - RESERVED +CVE-2014-5132 (Avolve Software ProjectDox 8.1 allows remote attackers to enumerate ...) NOT-FOR-US: ProjectDox -CVE-2014-5131 - RESERVED +CVE-2014-5131 (Avolve Software ProjectDox 8.1 makes it easier for remote ...) NOT-FOR-US: ProjectDox -CVE-2014-5130 - RESERVED +CVE-2014-5130 (Avolve Software ProjectDox 8.1 allows remote authenticated users to ...) NOT-FOR-US: ProjectDox CVE-2014-5129 (Cross-site scripting (XSS) vulnerability in Avolve Software ProjectDox ...) NOT-FOR-US: ProjectDox View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a1779b2cb037390e7c3428a9542e16bf3f2a6b35 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a1779b2cb037390e7c3428a9542e16bf3f2a6b35 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits