diff options
author | security tracker role <sectracker@soriano.debian.org> | 2018-02-23 21:10:17 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2018-02-23 21:10:17 +0000 |
commit | dfcb20e17b5649ccf180df2659738f77eeefe9a3 (patch) | |
tree | 216de55bf1ee28df5fddbbaa9a7b5a4646628a2d | |
parent | 8df2b81523ca09edac78fa3b102f99c02f320db9 (diff) |
automatic update
-rw-r--r-- | data/CVE/2007.list | 2 | ||||
-rw-r--r-- | data/CVE/2012.list | 2 | ||||
-rw-r--r-- | data/CVE/2013.list | 2 | ||||
-rw-r--r-- | data/CVE/2014.list | 8 | ||||
-rw-r--r-- | data/CVE/2017.list | 6 | ||||
-rw-r--r-- | data/CVE/2018.list | 69 |
6 files changed, 63 insertions, 26 deletions
diff --git a/data/CVE/2007.list b/data/CVE/2007.list index 9bcd0abbc6..0ec0aa8229 100644 --- a/data/CVE/2007.list +++ b/data/CVE/2007.list @@ -12883,7 +12883,7 @@ CVE-2007-1349 (PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm [etch] - libapache2-mod-perl2 <no-dsa> (Minor issue) [etch] - apache 1.3.34-4.1+etch1 CVE-2007-1348 - RESERVED + REJECTED CVE-2007-1347 (Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and ...) NOT-FOR-US: Microsoft Windows Explorer CVE-2007-1346 (Unspecified vulnerability in ipmitool for Sun Fire X2100M2 and X2200M2 ...) diff --git a/data/CVE/2012.list b/data/CVE/2012.list index 8e27faf676..7b3d30e6d3 100644 --- a/data/CVE/2012.list +++ b/data/CVE/2012.list @@ -1,3 +1,5 @@ +CVE-2012-6709 (ELinks 0.12 and Twibright Links 2.3 have Missing SSL Certificate ...) + TODO: check CVE-2012-6708 (jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) ...) - jquery 1.11.3+dfsg-1 [wheezy] - jquery <ignored> (Too invasive to fix) diff --git a/data/CVE/2013.list b/data/CVE/2013.list index 4b012c3a4b..6427c3c20c 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -14691,7 +14691,7 @@ CVE-2013-1937 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOTE: http://seclists.org/fulldisclosure/2013/Apr/100 NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/79089c9bc02c82c15419fd9d6496b8781ae08a5a CVE-2013-1936 - RESERVED + REJECTED CVE-2013-1935 (A certain Red Hat patch to the KVM subsystem in the kernel package ...) - linux <not-affected> (RHEL-specific backport regression) - linux-2.6 <not-affected> (RHEL-specific backport regression) diff --git a/data/CVE/2014.list b/data/CVE/2014.list index ecb0992e08..c95860290c 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -17740,10 +17740,10 @@ CVE-2014-3210 (SQL injection vulnerability in dopbs-backend-forms.php in the Boo NOT-FOR-US: WordPress plugin Booking System CVE-2014-3208 RESERVED -CVE-2014-3206 - RESERVED -CVE-2014-3205 - RESERVED +CVE-2014-3206 (Seagate BlackArmor NAS allows remote attackers to execute arbitrary ...) + TODO: check +CVE-2014-3205 (backupmgt/pre_connect_check.php in Seagate BlackArmor NAS contains a ...) + TODO: check CVE-2014-3204 (Unity before 7.2.1, as used in Ubuntu 14.04, does not properly handle ...) NOT-FOR-US: Unity CVE-2014-3203 (Unity before 7.2.1, as used in Ubuntu 14.04, does not properly ...) diff --git a/data/CVE/2017.list b/data/CVE/2017.list index 7485fcc0a2..e8065bc3b1 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -1,3 +1,5 @@ +CVE-2017-18195 + RESERVED CVE-2017-18194 (SQL injection vulnerability in users/signup.php in the "signup" ...) NOT-FOR-US: HamayeshNegar CMS CVE-2017-18193 (fs/f2fs/extent_cache.c in the Linux kernel before 4.13 mishandles ...) @@ -3829,7 +3831,7 @@ CVE-2017-16908 (In Horde Groupware 5.2.19, there is XSS via the Name field durin - php-horde <undetermined> NOTE: http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html TODO: check -CVE-2017-16907 (In Horde Groupware 5.2.19, there is XSS via the Color field in a Create ...) +CVE-2017-16907 (In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field ...) - php-horde <undetermined> NOTE: http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html TODO: check @@ -31043,7 +31045,7 @@ CVE-2017-7495 (fs/ext4/inode.c in the Linux kernel before 4.6.2, when ext4 ...) [jessie] - linux 3.16.39-1 [wheezy] - linux <not-affected> (Vulnerable code introduced later) NOTE: Fixed by: https://git.kernel.org/linus/06bd3c36a733ac27962fea7d6f47168841376824 -CVE-2017-7494 (Samba since version 3.5.0 is vulnerable to remote code execution ...) +CVE-2017-7494 (Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is ...) {DSA-3860-1 DLA-951-1} - samba 2:4.5.8+dfsg-2 NOTE: https://www.samba.org/samba/security/CVE-2017-7494.html diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 08d95bebb1..3d4a86fadf 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -1,3 +1,29 @@ +CVE-2018-7443 + RESERVED +CVE-2018-7434 + RESERVED +CVE-2018-7433 + RESERVED +CVE-2018-7432 + RESERVED +CVE-2018-7431 + RESERVED +CVE-2018-7430 + RESERVED +CVE-2018-7429 + RESERVED +CVE-2018-7428 + RESERVED +CVE-2018-7427 + RESERVED +CVE-2018-7426 + RESERVED +CVE-2018-7425 + RESERVED +CVE-2018-7424 + RESERVED +CVE-2018-7423 + RESERVED CVE-2018-7422 RESERVED CVE-2018-7421 @@ -13,18 +39,23 @@ CVE-2018-7417 CVE-2018-7416 RESERVED CVE-2018-7439 [heap-buffer-overflow in freexl.c:3912 read_mini_biff_next_record] + RESERVED - freexl 1.0.5-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547892 CVE-2018-7438 [heap-buffer-overflow in freexl.c:383 parse_unicode_string] + RESERVED - freexl 1.0.5-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547889 CVE-2018-7437 [heap-buffer-overflow in freexl.c:1866 parse_SST] + RESERVED - freexl 1.0.5-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547885 CVE-2018-7436 [heap-buffer-overflow in freexl.c:1805 parse_SST parse_SST] + RESERVED - freexl 1.0.5-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547883 CVE-2018-7435 [heap-buffer-overflow in freexl::destroy_cell] + RESERVED - freexl 1.0.5-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547879 CVE-2018-7415 @@ -179,8 +210,8 @@ CVE-2018-7341 RESERVED CVE-2018-7340 RESERVED -CVE-2018-7339 - RESERVED +CVE-2018-7339 (The MP4Atom class in mp4atom.cpp in MP4v2 through 2.0.0 mishandles ...) + TODO: check CVE-2018-XXXX [SA-CORE-2018-001: External link injection on 404 pages when linking to the current page] - drupal7 7.57-1 (bug #891154) NOTE: https://www.drupal.org/sa-core-2018-001 @@ -1387,12 +1418,12 @@ CVE-2018-6869 (In ZZIPlib 0.13.68, there is an uncontrolled memory allocation an [stretch] - zziplib <no-dsa> (Minor issue) [jessie] - zziplib <no-dsa> (Minor issue) NOTE: https://github.com/gdraheim/zziplib/issues/22 -CVE-2018-6868 - RESERVED -CVE-2018-6867 - RESERVED -CVE-2018-6866 - RESERVED +CVE-2018-6868 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Slickdeals / ...) + TODO: check +CVE-2018-6867 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Alibaba Clone ...) + TODO: check +CVE-2018-6866 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Learning and ...) + TODO: check CVE-2018-6865 RESERVED CVE-2018-6864 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Multi religion ...) @@ -1405,8 +1436,8 @@ CVE-2018-6861 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Lawyer Sear NOT-FOR-US: PHP Scripts Mall Lawyer Search Script CVE-2018-6860 (Arbitrary File Upload and Remote Code Execution exist in PHP Scripts ...) NOT-FOR-US: PHP Scripts Mall Schools Alert Management Script -CVE-2018-6859 - RESERVED +CVE-2018-6859 (SQL Injection exists in PHP Scripts Mall Schools Alert Management ...) + TODO: check CVE-2018-6858 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Facebook Clone ...) NOT-FOR-US: PHP Scripts Mall Facebook Clone Script CVE-2018-6857 @@ -1639,8 +1670,7 @@ CVE-2018-6767 (A stack-based buffer over-read in the ParseRiffHeaderConfig funct [wheezy] - wavpack <not-affected> (Vulnerable code introduced later in 4.80.0) NOTE: https://github.com/dbry/WavPack/issues/27 NOTE: https://github.com/dbry/WavPack/commit/d5bf76b5a88d044a1be1d5656698e3ba737167e5 -CVE-2018-6764 [guest could inject executable code via libnss_dns.so loaded by libvirt_lxc before init] - RESERVED +CVE-2018-6764 (util/virlog.c in libvirt does not properly determine the hostname on ...) - libvirt 4.0.0-2 (bug #889839) [stretch] - libvirt <no-dsa> (Minor issue) [jessie] - libvirt <no-dsa> (Minor issue) @@ -8348,12 +8378,15 @@ CVE-2018-3838 CVE-2018-3837 RESERVED CVE-2018-7442 [path traversal or file overwrite] + RESERVED - leptonlib <unfixed> NOTE: https://lists.debian.org/debian-lts/2018/02/msg00086.html CVE-2018-7441 [insecure use of /tmp] + RESERVED - leptonlib <unfixed> NOTE: https://lists.debian.org/debian-lts/2018/02/msg00054.html CVE-2018-7440 [command injection via $(command)] + RESERVED - leptonlib <unfixed> NOTE: https://github.com/DanBloomberg/leptonica/issues/303#issuecomment-366472212 NOTE: https://github.com/DanBloomberg/leptonica/pull/313/commits/49ecb6c2dfd6ed5078c62f4a8eeff03e3beced3b @@ -15212,12 +15245,12 @@ CVE-2018-0522 RESERVED CVE-2018-0521 RESERVED -CVE-2018-0520 - RESERVED -CVE-2018-0519 - RESERVED -CVE-2018-0518 - RESERVED +CVE-2018-0520 (Cross-site request forgery (CSRF) vulnerability in FS010W firmware ...) + TODO: check +CVE-2018-0519 (Cross-site scripting vulnerability in FS010W firmware FS010W_00_V1.3.0 ...) + TODO: check +CVE-2018-0518 (LINE for iOS version 7.1.3 to 7.1.5 does not verify X.509 certificates ...) + TODO: check CVE-2018-0517 (Untrusted search path vulnerability in Anshin net security for Windows ...) NOT-FOR-US: Anshin net security for Windows CVE-2018-0516 (Untrusted search path vulnerability in FLET'S v4 / v6 address ...) |