[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sat Dec 30 09:10:25 UTC 2017
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
adb01442 by security tracker role at 2017-12-30T09:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,70 @@
+CVE-2017-17998
+ RESERVED
+CVE-2017-17997 (In Wireshark 2.2.11 and before, the MRDISC dissector misuses a NULL ...)
+ TODO: check
+CVE-2017-17996
+ RESERVED
+CVE-2017-17995 (Biometric Shift Employee Management System has XSS via the Last_Name ...)
+ TODO: check
+CVE-2017-17994 (Biometric Shift Employee Management System has XSS via the criteria ...)
+ TODO: check
+CVE-2017-17993 (Biometric Shift Employee Management System has XSS via the amount ...)
+ TODO: check
+CVE-2017-17992 (Biometric Shift Employee Management System allows Arbitrary File ...)
+ TODO: check
+CVE-2017-17991 (Biometric Shift Employee Management System has XSS via the expense_name ...)
+ TODO: check
+CVE-2017-17990 (Biometric Shift Employee Management System has CSRF via index.php in an ...)
+ TODO: check
+CVE-2017-17989 (Biometric Shift Employee Management System has XSS via the index.php ...)
+ TODO: check
+CVE-2017-17988 (PHP Scripts Mall Muslim Matrimonial Script has XSS via the ...)
+ TODO: check
+CVE-2017-17987 (PHP Scripts Mall Muslim Matrimonial Script allows arbitrary file upload ...)
+ TODO: check
+CVE-2017-17986 (PHP Scripts Mall Muslim Matrimonial Script has XSS via the ...)
+ TODO: check
+CVE-2017-17985 (PHP Scripts Mall Muslim Matrimonial Script has XSS via the ...)
+ TODO: check
+CVE-2017-17984 (PHP Scripts Mall Muslim Matrimonial Script has XSS via the ...)
+ TODO: check
+CVE-2017-17983 (PHP Scripts Mall Muslim Matrimonial Script has SQL injection via the ...)
+ TODO: check
+CVE-2017-17982 (PHP Scripts Mall Muslim Matrimonial Script has CSRF via ...)
+ TODO: check
+CVE-2017-17981 (PHP Scripts Mall Muslim Matrimonial Script has XSS via the ...)
+ TODO: check
+CVE-2017-17980
+ RESERVED
+CVE-2017-17979
+ RESERVED
+CVE-2017-17978
+ RESERVED
+CVE-2017-17977
+ RESERVED
+CVE-2017-17976
+ RESERVED
+CVE-2017-17975 (Use-after-free in the usbtv_probe function in ...)
+ TODO: check
+CVE-2017-17974 (BA SYSTEMS BAS Web on BAS920 devices (with Firmware 01.01.00*, HTTPserv ...)
+ TODO: check
+CVE-2017-17973 (In LibTIFF 4.0.8, there is a heap-based use-after-free in the ...)
+ TODO: check
+CVE-2017-1000447
+ REJECTED
+ TODO: check
+CVE-2017-1000446
+ REJECTED
+ TODO: check
+CVE-2017-1000440
+ REJECTED
+ TODO: check
+CVE-2017-1000436
+ REJECTED
+ TODO: check
+CVE-2017-1000435
+ REJECTED
+ TODO: check
CVE-2017-1000501 [Path traversal flaws]
- awstats <unfixed>
NOTE: https://github.com/eldy/awstats/commit/cf219843a74c951bf5986f3a7fffa3dcf99c3899
@@ -599,8 +666,8 @@ CVE-2017-17903 (FS Lynda Clone has CSRF via user/edit_profile, as demonstrated b
NOT-FOR-US: FS Lynda Clone
CVE-2017-17902
RESERVED
-CVE-2017-17901
- RESERVED
+CVE-2017-17901 (ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of ...)
+ TODO: check
CVE-2017-17900 (SQL injection vulnerability in fourn/index.php in Dolibarr ERP/CRM ...)
- dolibarr <unfixed> (bug #885321)
[stretch] - dolibarr <no-dsa> (Minor issue)
@@ -23003,14 +23070,14 @@ CVE-2017-12815
CVE-2017-12814 (Stack-based buffer overflow in the CPerlHost::Add method in ...)
- perl <not-affected> (Windows specific issue)
NOTE: https://rt.perl.org/Public/Bug/Display.html?id=131665 (not yet public)
-CVE-2017-12813
- RESERVED
-CVE-2017-12812
- RESERVED
-CVE-2017-12811
- RESERVED
-CVE-2017-12810
- RESERVED
+CVE-2017-12813 (PHPJabbers File Sharing Script 1.0 has stored XSS in the comments ...)
+ TODO: check
+CVE-2017-12812 (PHPJabbers Night Club Booking Software has stored XSS in the name ...)
+ TODO: check
+CVE-2017-12811 (PHPJabbers Star Rating Script 4.0 has stored XSS via a rating item. ...)
+ TODO: check
+CVE-2017-12810 (PHPJabbers PHP Newsletter Script 4.2 has stored XSS in lists in the ...)
+ TODO: check
CVE-2017-12809 (QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROM ...)
{DSA-3991-1}
- qemu 1:2.10.0-1 (bug #873849)
@@ -93132,8 +93199,7 @@ CVE-2015-8014
RESERVED
CVE-2015-8009 (The MWOAuthDataStore::lookup_token function in Extension:OAuth for ...)
NOT-FOR-US: Mediawiki extension OAuth
-CVE-2015-8008
- RESERVED
+CVE-2015-8008 (The OAuth extension for MediaWiki improperly negotiates a new client ...)
NOT-FOR-US: Mediawiki extension OAuth
CVE-2015-8007 (The Echo extension for MediWiki does not properly implement the ...)
NOT-FOR-US: Mediawiki extension Echo
@@ -106337,8 +106403,8 @@ CVE-2015-3304
RESERVED
CVE-2015-3303
RESERVED
-CVE-2015-3302
- RESERVED
+CVE-2015-3302 (The TheCartPress eCommerce Shopping Cart (aka The Professional ...)
+ TODO: check
CVE-2015-3301 (Directory traversal vulnerability in the TheCartPress eCommerce ...)
NOT-FOR-US: TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress
CVE-2015-3300 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
@@ -115587,8 +115653,8 @@ CVE-2014-9517 (Cross-site scripting (XSS) vulnerability in D-link IP camera DCS-
NOT-FOR-US: D-link IP camera DCS-2103
CVE-2014-9516 (Cross-site scripting (XSS) vulnerability in Social Microblogging PRO ...)
NOT-FOR-US: Social Microblogging PRO
-CVE-2014-9515
- RESERVED
+CVE-2014-9515 (Dozer improperly uses a reflection-based approach to type conversion, ...)
+ TODO: check
CVE-2014-9514 (Cross-site scripting (XSS) vulnerability in BMC Footprints Service ...)
NOT-FOR-US: BMC
CVE-2014-9512 (rsync 3.1.1 allows remote attackers to write to arbitrary files via a ...)
@@ -121098,8 +121164,7 @@ CVE-2014-8121 (DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NS
NOTE: Patch: https://sourceware.org/git/?p=glibc.git;a=commit;h=03d2730b44cc2236318fd978afa2651753666c55
CVE-2014-8120 (The agent in Thermostat before 1.0.6, when using unspecified ...)
NOT-FOR-US: Thermostat Hotspot instrumentation
-CVE-2014-8119 [augeas path expression injection via interface name]
- RESERVED
+CVE-2014-8119 (The find_ifcfg_path function in netcf before 0.2.7 might allow ...)
- netcf <not-affected> (suse and redhat driver are not built on Debian)
NOTE: Issue is in the way the netcf's find_ifcfg_path() function processed
NOTE: certain XPath expressions according to Red Hat bugzilla.
@@ -129208,8 +129273,7 @@ CVE-2014-4726 (Unspecified vulnerability in the MailPoet Newsletters ...)
NOT-FOR-US: wysija-newsletters
CVE-2014-4725 (The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for ...)
NOT-FOR-US: wysija-newsletters
-CVE-2014-4978 [insecure use of temporary files]
- RESERVED
+CVE-2014-4978 (The rs_filter_graph function in librawstudio/rs-filter.c in rawstudio ...)
- rawstudio <removed> (low; bug #754899)
[wheezy] - rawstudio <no-dsa> (Minor issue)
[squeeze] - rawstudio <not-affected> (Vulnerable code not present)
@@ -131986,8 +132050,8 @@ CVE-2014-3631 (The assoc_array_gc function in the associative-array implementati
- linux-2.6 <not-affected> (Vulnerable code introduced later)
NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b2a4df200d570b2c33a57e1ebfa5896e4bc81b69 (v3.13)
NOTE: Fixed by http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=95389b08d93d5c06ec63ab49bd732b0069b7c35e
-CVE-2014-3630
- RESERVED
+CVE-2014-3630 (XML external entity (XXE) vulnerability in the Java XML processing ...)
+ TODO: check
CVE-2014-3629 (XML external entity (XXE) vulnerability in the XML Exchange module in ...)
- qpid-cpp <removed> (low; bug #772794)
[wheezy] - qpid-cpp <no-dsa> (Minor issue)
@@ -142523,11 +142587,9 @@ CVE-2014-0122 (mod/chat/chat_ajax.php in Moodle through 2.3.11, 2.4.x before 2.4
- moodle 2.6.2-1
[squeeze] - moodle <not-affected> (Vulnerable code not present)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-44082
-CVE-2014-0121
- RESERVED
+CVE-2014-0121 (The admin terminal in Hawt.io does not require authentication, which ...)
NOT-FOR-US: hawtio-karaf-terminal
-CVE-2014-0120
- RESERVED
+CVE-2014-0120 (Cross-site request forgery (CSRF) vulnerability in the admin terminal ...)
NOT-FOR-US: hawtio-karaf-terminal
CVE-2014-0119 (Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 ...)
{DSA-3530-1}
@@ -148844,8 +148906,7 @@ CVE-2013-4579 (The ath9k_htc_set_bssid_mask function in ...)
- linux 3.12.8-1 (bug #729573)
[wheezy] - linux 3.2.54-1
NOTE: http://www.mathyvanhoef.com/2013/11/unmasking-spoofed-mac-address.html
-CVE-2013-4578
- RESERVED
+CVE-2013-4578 (jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote ...)
- openjdk-7 7u51-2.4.4-1
- openjdk-6 6b30-1.13.1-1
CVE-2013-4577 (A certain Debian patch for GNU GRUB uses world-readable permissions ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/adb014429917788a3f0427889ce9e6ca29a6c188
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/adb014429917788a3f0427889ce9e6ca29a6c188
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20171230/1cccd938/attachment.html>
More information about the Secure-testing-commits
mailing list