Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 88c3d339 by security tracker role at 2018-03-28T20:10:21+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,13 @@ +CVE-2018-9114 + RESERVED +CVE-2018-9113 + RESERVED +CVE-2018-9112 + RESERVED +CVE-2018-9111 + RESERVED +CVE-2018-9110 (Studio 42 elFinder before 2.1.37 on Windows has Directory Traversal via ...) + TODO: check CVE-2018-9109 (Studio 42 elFinder before 2.1.36 has Directory Traversal via the ...) NOT-FOR-US: Studio 42 elFinder CVE-2018-9108 (CSRF in /admin/user/manage/add in QuickAppsCMS 2.0.0-beta2 allows an ...) @@ -107,6 +117,7 @@ CVE-2018-9058 (In Long Range Zip (aka lrzip) 0.631, there is an infinite loop in [wheezy] - lrzip <ignored> (Minor issue) NOTE: https://github.com/ckolivas/lrzip/issues/93 CVE-2018-7600 [SA-CORE-2018-002] + RESERVED - drupal7 <unfixed> (bug #894259) NOTE: https://www.drupal.org/sa-core-2018-002 NOTE: https://groups.drupal.org/security/faq-2018-002 @@ -225,6 +236,7 @@ CVE-2018-9020 (The Events Manager plugin before 5.8.1.2 for WordPress allows XSS CVE-2018-9019 RESERVED CVE-2018-9018 (In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage ...) + {DLA-1322-1} - graphicsmagick <unfixed> NOTE: https://sourceforge.net/p/graphicsmagick/bugs/554/ NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/84040fada1ee @@ -2334,14 +2346,17 @@ CVE-2018-1000124 (I Librarian I-librarian version 4.8 and earlier contains a XML CVE-2018-1000123 (Ionic Team Cordova plugin iOS Keychain version before commit ...) NOT-FOR-US: Ionic Team Cordova plugin iOS Keychain CVE-2017-18231 (An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer ...) + {DLA-1322-1} - graphicsmagick 1.3.27-1 NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/ea074081678b NOTE: https://sourceforge.net/p/graphicsmagick/bugs/475/ CVE-2017-18230 (An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer ...) + {DLA-1322-1} - graphicsmagick 1.3.27-1 NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/53a4d841e90f NOTE: https://sourceforge.net/p/graphicsmagick/bugs/473/ CVE-2017-18229 (An issue was discovered in GraphicsMagick 1.3.26. An allocation failure ...) + {DLA-1322-1} - graphicsmagick 1.3.27-1 NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/752c0b41fa32 NOTE: https://sourceforge.net/p/graphicsmagick/bugs/461/ @@ -3159,7 +3174,7 @@ CVE-2018-7741 (Eramba e1.0.6.033 has Reflected XSS in the Date Filter via the cr CVE-2018-1000118 (Github Electron version Electron 1.8.2-beta.4 and earlier contains a ...) - electron <itp> (bug #842420) CVE-2018-1000116 (NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the ...) - {DLA-1317-1} + {DSA-4154-1 DLA-1317-1} - net-snmp 5.7.3+dfsg-1.1 (bug #894110) NOTE: https://sourceforge.net/p/net-snmp/bugs/2821/ NOTE: https://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791/ @@ -3327,12 +3342,14 @@ CVE-2018-7702 (SecurEnvoy SecurMail before 9.2.501 allows remote attackers to sp CVE-2018-7701 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) NOT-FOR-US: SecurEnvoy SecurMail CVE-2017-18220 (The ReadOneJNGImage and ReadJNGImage functions in coders/png.c in ...) + {DLA-1322-1} - graphicsmagick 1.3.26-8 NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/98721124e51f NOTE: https://sourceforge.net/p/graphicsmagick/bugs/438/ NOTE: Issue is related to CVE-2017-11403 but not the same issue. TODO: check, needs clarification, the issue is CloseBlob use-after-free CVE-2017-18219 (An issue was discovered in GraphicsMagick 1.3.26. An allocation failure ...) + {DLA-1322-1} - graphicsmagick 1.3.27-1 NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/cadd4b0522fa NOTE: https://sourceforge.net/p/graphicsmagick/bugs/459/ @@ -3384,12 +3401,12 @@ CVE-2018-7678 (A cross site scripting vulnerability exist in the Administration NOT-FOR-US: NetIQ Access Manager CVE-2018-7677 (A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 Identity ...) NOT-FOR-US: NetIQ Access Manager -CVE-2018-7676 - RESERVED +CVE-2018-7676 (The NetIQ Identity Manager, in versions prior to 4.7, userapp with log ...) + TODO: check CVE-2018-7675 (In NetIQ Sentinel before 8.1.x, a Sentinel user is logged into the ...) NOT-FOR-US: NetIQ Sentinel -CVE-2018-7674 - RESERVED +CVE-2018-7674 (The NetIQ Identity Manager user console, in versions prior to 4.7, is ...) + TODO: check CVE-2018-7673 (The NetIQ Identity Manager communication channel, in versions prior to ...) NOT-FOR-US: NetIQ Identity Manager CVE-2017-18218 (In drivers/net/ethernet/hisilicon/hns/hns_enet.c in the Linux kernel ...) @@ -3994,8 +4011,8 @@ CVE-2018-7500 (A Permissions, Privileges, and Access Controls issue was discover NOT-FOR-US: OSIsoft PI CVE-2018-7499 RESERVED -CVE-2018-7498 - RESERVED +CVE-2018-7498 (In Philips Alice 6 System version R8.0.2 or prior, the lack of proper ...) + TODO: check CVE-2018-7497 RESERVED CVE-2018-7496 (An Information Exposure issue was discovered in OSIsoft PI Vision ...) @@ -9946,8 +9963,8 @@ CVE-2018-5453 (An Improper Handling of Length Parameter Inconsistency issue was NOT-FOR-US: Moxa CVE-2018-5452 (A Stack-based Buffer Overflow issue was discovered in Emerson Process ...) NOT-FOR-US: Emerson Process Management ControlWave Micro Process Automation Controller -CVE-2018-5451 - RESERVED +CVE-2018-5451 (In Philips Alice 6 System version R8.0.2 or prior, when an actor ...) + TODO: check CVE-2018-5450 RESERVED CVE-2018-5449 (A NULL Pointer Dereference issue was discovered in Moxa OnCell ...) @@ -21329,8 +21346,8 @@ CVE-2018-1144 RESERVED CVE-2018-1143 RESERVED -CVE-2018-1142 - RESERVED +CVE-2018-1142 (Tenable Appliance versions 4.6.1 and earlier have been found to ...) + TODO: check CVE-2018-1141 (When installing Nessus to a directory outside of the default location, ...) NOT-FOR-US: Nessus CVE-2017-17425 (This vulnerability allows remote attackers to execute arbitrary code ...) @@ -21568,8 +21585,7 @@ CVE-2018-1085 NOT-FOR-US: openshift-ansible CVE-2018-1084 RESERVED -CVE-2018-1083 [check bounds on PATH_MAX-sized buffer used for file completion candidates] - RESERVED +CVE-2018-1083 (Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in ...) - zsh <unfixed> (low; bug #894043) [stretch] - zsh <no-dsa> (Minor issue) [jessie] - zsh <no-dsa> (Minor issue) @@ -21626,8 +21642,7 @@ CVE-2018-1065 (The netfilter subsystem in the Linux kernel through 4.15.7 mishan [jessie] - linux <not-affected> (Vulnerable code introduced later) [wheezy] - linux <not-affected> (Vulnerable code introduced later) NOTE: Fixed by: https://git.kernel.org/linus/57ebd808a97d7c5b1e1afb937c2db22beba3c1f8 -CVE-2018-1064 [qemu: avoid denial of service reading from QEMU guest agent] - RESERVED +CVE-2018-1064 (libvirt version before 4.2.0-rc1 is vulnerable to a resource ...) {DSA-4137-1 DLA-1315-1} - libvirt 4.1.0-1 NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=fbf31e1a4cd19d6f6e33e0937a009775cd7d9513 @@ -41429,10 +41444,10 @@ CVE-2017-11512 (The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary NOT-FOR-US: ManageEngine ServiceDesk CVE-2017-11511 (The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file ...) NOT-FOR-US: ManageEngine ServiceDesk -CVE-2017-11510 - RESERVED -CVE-2017-11509 - RESERVED +CVE-2017-11510 (An information leak exists in Wanscam's HW0021 network camera that ...) + TODO: check +CVE-2017-11509 (An authenticated remote attacker can execute arbitrary code in ...) + TODO: check CVE-2017-11508 (SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection ...) NOT-FOR-US: SecurityCenter CVE-2017-11507 (A cross site scripting (XSS) vulnerability exists in Check_MK versions ...) @@ -122318,7 +122333,7 @@ CVE-2015-3310 (Buffer overflow in the rc_mksid function in plugins/radius/util.c NOTE: http://www.openwall.com/lists/oss-security/2015/04/13/4 NOTE: Patch: https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=17;filename=ppp_2.4.6-3.1-nmu.diff;att=1;bug=782450 CVE-2015-5621 (The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and ...) - {DLA-1317-1} + {DSA-4154-1 DLA-1317-1} - net-snmp 5.7.3+dfsg-1.1 (bug #788964) [squeeze] - net-snmp <no-dsa> (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2015/04/13/1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/88c3d339465f0740404cd5e489228c37326b249d --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/88c3d339465f0740404cd5e489228c37326b249d You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits