[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Dec 29 20:27:43 UTC 2017
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
62d7505d by security tracker role at 2017-12-29T20:27:32+00:00
automatic update
- - - - -
2 changed files:
- + data/CVE/allitems.html
- data/CVE/list
Changes:
=====================================
data/CVE/allitems.html
=====================================
The diff for this file was not included because it is too large.
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,5 @@
+CVE-2017-17971 (The test_sql_and_script_inject function in htdocs/main.inc.php in ...)
+ TODO: check
CVE-2018-3809
RESERVED
CVE-2018-3808
@@ -402,8 +404,8 @@ CVE-2018-3611
RESERVED
CVE-2018-3610
RESERVED
-CVE-2017-17968
- RESERVED
+CVE-2017-17968 (A buffer overflow vulnerability in NetTransport.exe in NetTransport ...)
+ TODO: check
CVE-2017-17967 (pptreader.dll in Kingsoft WPS Office 10.1.0.6930 allows remote ...)
NOT-FOR-US: Kingsoft WPS Office
CVE-2017-17966
@@ -504,8 +506,8 @@ CVE-2017-17934 (ImageMagick 7.0.7-17 Q16 x86_64 has memory leaks in coders/msl.c
NOTE: https://github.com/ImageMagick/ImageMagick/issues/920
NOTE: https://github.com/ImageMagick/ImageMagick/commit/3755d2289b032919c065f6ab11ef570063f7f828
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/08278c7cf1c0b4f1da4cdcfaa857ff6b2373a1b2
-CVE-2017-17933
- RESERVED
+CVE-2017-17933 (cgi/surgeftpmgr.cgi (aka the Web Manager interface on TCP port 7021 or ...)
+ TODO: check
CVE-2017-17932 (A buffer overflow vulnerability exists in MediaServer.exe in ALLPlayer ...)
NOT-FOR-US: ALLPlayer
CVE-2017-17931 (PHP Scripts Mall Resume Clone Script has SQL Injection via the ...)
@@ -530,16 +532,16 @@ CVE-2017-17922
RESERVED
CVE-2017-17921
RESERVED
-CVE-2017-17920
- RESERVED
-CVE-2017-17919
- RESERVED
+CVE-2017-17920 (SQL injection vulnerability in the 'reorder' method in Ruby on Rails ...)
+ TODO: check
+CVE-2017-17919 (SQL injection vulnerability in the 'order' method in Ruby on Rails ...)
+ TODO: check
CVE-2017-17918
RESERVED
-CVE-2017-17917
- RESERVED
-CVE-2017-17916
- RESERVED
+CVE-2017-17917 (SQL injection vulnerability in the 'where' method in Ruby on Rails ...)
+ TODO: check
+CVE-2017-17916 (SQL injection vulnerability in the 'find_by' method in Ruby on Rails ...)
+ TODO: check
CVE-2017-17915 (In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based ...)
- graphicsmagick 1.3.27-3
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/1721f1b7e67a
@@ -562,8 +564,8 @@ CVE-2017-17912 (In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-base
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/533/
CVE-2017-17911 (packages/core/contact.php in Archon 3.21 rev-1 has XSS in the referer ...)
NOT-FOR-US: Archon
-CVE-2017-17910
- RESERVED
+CVE-2017-17910 (On Hoermann BiSecur devices before 2018, a vulnerability can be ...)
+ TODO: check
CVE-2017-17909 (PHP Scripts Mall Responsive Realestate Script has XSS via the ...)
NOT-FOR-US: PHP Scripts Mall Responsive Realestate Script
CVE-2017-17908 (PHP Scripts Mall Responsive Realestate Script has CSRF via ...)
@@ -1159,8 +1161,8 @@ CVE-2017-17787 (In GIMP 2.8.22, there is a heap-based buffer over-read in ...)
NOTE: https://git.gnome.org/browse/GIMP/commit/?id=87ba505fff85989af795f4ab6a047713f4d9381d (gimp-2-8)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=790853
NOTE: Crash in desktop tool, no/negligable security impact
-CVE-2017-17760
- RESERVED
+CVE-2017-17760 (OpenCV 3.3.1 has a Buffer Overflow in the cv::PxMDecoder::readData ...)
+ TODO: check
CVE-2017-17759 (Conarc iChannel allows remote attackers to obtain sensitive ...)
NOT-FOR-US: Conarc iChannel
CVE-2017-17758 (TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to ...)
@@ -10517,8 +10519,7 @@ CVE-2017-16878
RESERVED
CVE-2017-16877 (ZEIT Next.js before 2.4.1 has directory traversal under the /_next and ...)
NOT-FOR-US: ZEIT Next.js
-CVE-2017-16876
- RESERVED
+CVE-2017-16876 (Cross-site scripting (XSS) vulnerability in the _keyify function in ...)
- mistune 0.8.1-1
[stretch] - mistune <no-dsa> (Minor issue)
NOTE: https://github.com/lepture/mistune/commit/5f06d724bc05580e7f203db2d4a4905fc1127f98
@@ -79510,8 +79511,7 @@ CVE-2016-3697 (libcontainer/user/user.go in runC before 0.1.0, as used in Docker
NOTE: https://github.com/docker/docker/commit/da38ac6c79fe902ed0687afc73d731c95c6d491a (docker)
CVE-2016-3696 (The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users ...)
NOT-FOR-US: Pulp (Red Hat)
-CVE-2016-3695
- RESERVED
+CVE-2016-3695 (The einj_error_inject function in drivers/acpi/apei/einj.c in the ...)
- linux 4.5.1-1
[jessie] - linux <not-affected> (Vulnerable code not present)
[wheezy] - linux <not-affected> (Vulnerable code not present)
@@ -125599,8 +125599,7 @@ CVE-2014-6254 (Multiple cross-site scripting (XSS) vulnerabilities in Zenoss Cor
- zenoss <itp> (bug #361253)
CVE-2014-6253 (Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss ...)
- zenoss <itp> (bug #361253)
-CVE-2013-7400
- RESERVED
+CVE-2013-7400 (The Direct Mail (direct_mail) extension before 3.1.2 for TYPO3 allows ...)
NOT-FOR-US: TYPO3 extension direct_mail
CVE-2014-6387 (gpc_api.php in MantisBT 1.2.17 and earlier allows remote attackers to ...)
{DSA-3120-1}
@@ -129213,8 +129212,7 @@ CVE-2014-4724 (Cross-site scripting (XSS) vulnerability in the Custom Banners pl
CVE-2014-4722 (Multiple cross-site scripting (XSS) vulnerabilities in the OCS Reports ...)
- ocsinventory-server <unfixed> (unimportant)
NOTE: Authentication is needed, only supported in trusted environments, see debtags
-CVE-2014-4914 [ZF2014-04: Potential SQL injection in the ORDER implementation of Zend_Db_Select]
- RESERVED
+CVE-2014-4914 (The Zend_Db_Select::order function in Zend Framework before 1.12.7 ...)
{DSA-3265-1 DLA-251-1}
- zendframework 1.12.7-0.1 (bug #754201)
NOTE: http://framework.zend.com/security/advisory/ZF2014-04
@@ -131876,8 +131874,7 @@ CVE-2014-3653 (Cross-site scripting (XSS) vulnerability in the template preview
CVE-2014-3652
RESERVED
NOT-FOR-US: JBoss KeyCloak
-CVE-2014-3651
- RESERVED
+CVE-2014-3651 (JBoss KeyCloak before 1.0.3.Final allows remote attackers to cause a ...)
NOT-FOR-US: JBoss KeyCloak
CVE-2014-3650
RESERVED
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/62d7505d5e37107e86b8d41a7631d224d71393ea
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/62d7505d5e37107e86b8d41a7631d224d71393ea
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20171229/945922bf/attachment.html>
More information about the Secure-testing-commits
mailing list