[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Apr 11 20:10:26 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7b8836e2 by security tracker role at 2018-04-11T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,61 @@
+CVE-2018-10047
+ RESERVED
+CVE-2018-10046
+ RESERVED
+CVE-2018-10045
+ RESERVED
+CVE-2018-10044
+ RESERVED
+CVE-2018-10043
+ RESERVED
+CVE-2018-10042
+ RESERVED
+CVE-2018-10041
+ RESERVED
+CVE-2018-10040
+ RESERVED
+CVE-2018-10039
+ RESERVED
+CVE-2018-10038
+ RESERVED
+CVE-2018-10037
+ RESERVED
+CVE-2018-10036
+ RESERVED
+CVE-2018-10035
+ RESERVED
+CVE-2018-10034
+ RESERVED
+CVE-2018-10033 (CMS Made Simple (aka CMSMS) 2.2.7 has Stored XSS in admin/siteprefs.php ...)
+ TODO: check
+CVE-2018-10032 (CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in ...)
+ TODO: check
+CVE-2018-10031 (CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in ...)
+ TODO: check
+CVE-2018-10030 (CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/siteprefs.php. ...)
+ TODO: check
+CVE-2018-10029 (CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in ...)
+ TODO: check
+CVE-2018-10028 (joyplus-cms 1.6.0 allows remote attackers to obtain sensitive ...)
+ TODO: check
+CVE-2018-10027
+ RESERVED
+CVE-2018-10026 (The WeChat module in YzmCMS 3.7.1 has reflected XSS via the ...)
+ TODO: check
+CVE-2018-10025
+ RESERVED
+CVE-2018-10024 (ubiQuoss Switch VP5208A creates a bcm_password file at /cgi-bin/ with ...)
+ TODO: check
+CVE-2018-10023 (Catfish CMS V4.7.21 allows XSS via the pinglun parameter to ...)
+ TODO: check
+CVE-2018-10022
+ RESERVED
+CVE-2018-10021 (drivers/scsi/libsas/sas_scsi_host.c in the Linux kernel before 4.16 ...)
+ TODO: check
+CVE-2018-10020
+ RESERVED
+CVE-2018-10019
+ RESERVED
CVE-2018-9999
RESERVED
CVE-2018-9998
@@ -2451,10 +2509,10 @@ CVE-2018-8956
RESERVED
CVE-2018-8955
RESERVED
-CVE-2018-8954
- RESERVED
-CVE-2018-8953
- RESERVED
+CVE-2018-8954 (CA Workload Control Center before r11.4 SP6 allows remote attackers to ...)
+ TODO: check
+CVE-2018-8953 (CA Workload Automation AE before r11.3.6 SP7 allows remote attackers ...)
+ TODO: check
CVE-2018-8952
RESERVED
CVE-2018-8951
@@ -3047,7 +3105,7 @@ CVE-2018-8768 (In Jupyter Notebook before 5.4.1, a maliciously forged notebook f
NOTE: in Wheezy is still affected, a fix appears to be to intrusive though. We recommend to
NOTE: upgrade to a newer version instead.
CVE-2018-8741 (A directory traversal flaw in SquirrelMail 1.4.22 allows an ...)
- {DSA-4168-1}
+ {DSA-4168-1 DLA-1344-1}
- squirrelmail <removed> (bug #893202)
NOTE: http://www.openwall.com/lists/oss-security/2018/03/17/2
NOTE: https://sourceforge.net/p/squirrelmail/bugs/2846/
@@ -4863,8 +4921,8 @@ CVE-2018-7932
RESERVED
CVE-2018-7931
RESERVED
-CVE-2018-7930
- RESERVED
+CVE-2018-7930 (The Near Field Communication (NFC) module in Mate 9 Huawei mobile ...)
+ TODO: check
CVE-2018-7929
RESERVED
CVE-2018-7928
@@ -8793,50 +8851,50 @@ CVE-2017-18148
RESERVED
CVE-2017-18147 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18146
- RESERVED
-CVE-2017-18145
- RESERVED
-CVE-2017-18144
- RESERVED
-CVE-2017-18143
- RESERVED
-CVE-2017-18142
- RESERVED
+CVE-2017-18146 (In Android before security patch level 2018-04-05 on Qualcomm ...)
+ TODO: check
+CVE-2017-18145 (In Android before security patch level 2018-04-05 on Qualcomm ...)
+ TODO: check
+CVE-2017-18144 (In Android before security patch level 2018-04-05 on Qualcomm ...)
+ TODO: check
+CVE-2017-18143 (In Android before security patch level 2018-04-05 on Qualcomm ...)
+ TODO: check
+CVE-2017-18142 (In Android before security patch level 2018-04-05 on Qualcomm ...)
+ TODO: check
CVE-2017-18141
RESERVED
-CVE-2017-18140
- RESERVED
-CVE-2017-18139
- RESERVED
-CVE-2017-18138
- RESERVED
-CVE-2017-18137
- RESERVED
-CVE-2017-18136
- RESERVED
-CVE-2017-18135
- RESERVED
-CVE-2017-18134
- RESERVED
-CVE-2017-18133
- RESERVED
-CVE-2017-18132
- RESERVED
+CVE-2017-18140 (In Android before security patch level 2018-04-05 on Qualcomm ...)
+ TODO: check
+CVE-2017-18139 (In Android before security patch level 2018-04-05 on Qualcomm ...)
+ TODO: check
+CVE-2017-18138 (In Android before security patch level 2018-04-05 on Qualcomm ...)
+ TODO: check
+CVE-2017-18137 (In Android before security patch level 2018-04-05 on Qualcomm ...)
+ TODO: check
+CVE-2017-18136 (In Android before security patch level 2018-04-05 on Qualcomm ...)
+ TODO: check
+CVE-2017-18135 (In Android before security patch level 2018-04-05 on Qualcomm ...)
+ TODO: check
+CVE-2017-18134 (In Android before security patch level 2018-04-05 on Qualcomm ...)
+ TODO: check
+CVE-2017-18133 (In Android before security patch level 2018-04-05 on Qualcomm ...)
+ TODO: check
+CVE-2017-18132 (In Android before security patch level 2018-04-05 on Qualcomm ...)
+ TODO: check
CVE-2017-18131
RESERVED
-CVE-2017-18130
- RESERVED
-CVE-2017-18129
- RESERVED
-CVE-2017-18128
- RESERVED
-CVE-2017-18127
- RESERVED
-CVE-2017-18126
- RESERVED
-CVE-2017-18125
- RESERVED
+CVE-2017-18130 (In Android before security patch level 2018-04-05 on Qualcomm ...)
+ TODO: check
+CVE-2017-18129 (In Android before security patch level 2018-04-05 on Qualcomm ...)
+ TODO: check
+CVE-2017-18128 (In Android before security patch level 2018-04-05 on Qualcomm ...)
+ TODO: check
+CVE-2017-18127 (In Android before security patch level 2018-04-05 on Qualcomm ...)
+ TODO: check
+CVE-2017-18126 (In Android before security patch level 2018-04-05 on Qualcomm ...)
+ TODO: check
+CVE-2017-18125 (In Android before security patch level 2018-04-05 on Qualcomm ...)
+ TODO: check
CVE-2017-18124
RESERVED
CVE-2018-6622
@@ -10755,14 +10813,14 @@ CVE-2018-6005 (SQL Injection exists in the Realpin through 1.5.04 component for
NOT-FOR-US: Realpin component for Joomla!
CVE-2018-6004 (SQL Injection exists in the File Download Tracker 3.0 component for ...)
NOT-FOR-US: File Download Tracker component for Joomla!
-CVE-2017-18074
- RESERVED
-CVE-2017-18073
- RESERVED
-CVE-2017-18072
- RESERVED
-CVE-2017-18071
- RESERVED
+CVE-2017-18074 (In Android before security patch level 2018-04-05 on Qualcomm ...)
+ TODO: check
+CVE-2017-18073 (In Android before security patch level 2018-04-05 on Qualcomm ...)
+ TODO: check
+CVE-2017-18072 (In Android before security patch level 2018-04-05 on Qualcomm ...)
+ TODO: check
+CVE-2017-18071 (In Android before security patch level 2018-04-05 on Qualcomm ...)
+ TODO: check
CVE-2017-18070
RESERVED
CVE-2017-18069 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
@@ -17352,18 +17410,18 @@ CVE-2018-3596 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android
NOT-FOR-US: Qualcomm components for Android
CVE-2018-3595
RESERVED
-CVE-2018-3594
- RESERVED
-CVE-2018-3593
- RESERVED
-CVE-2018-3592
- RESERVED
-CVE-2018-3591
- RESERVED
-CVE-2018-3590
- RESERVED
-CVE-2018-3589
- RESERVED
+CVE-2018-3594 (In Android before security patch level 2018-04-05 on Qualcomm ...)
+ TODO: check
+CVE-2018-3593 (In Android before security patch level 2018-04-05 on Qualcomm ...)
+ TODO: check
+CVE-2018-3592 (In Android before security patch level 2018-04-05 on Qualcomm ...)
+ TODO: check
+CVE-2018-3591 (In Android before security patch level 2018-04-05 on Qualcomm ...)
+ TODO: check
+CVE-2018-3590 (In Android before security patch level 2018-04-05 on Qualcomm ...)
+ TODO: check
+CVE-2018-3589 (In Android before security patch level 2018-04-05 on Qualcomm ...)
+ TODO: check
CVE-2018-3588
RESERVED
CVE-2018-3587
@@ -22102,8 +22160,8 @@ CVE-2018-1485
RESERVED
CVE-2018-1484
RESERVED
-CVE-2018-1483
- RESERVED
+CVE-2018-1483 (IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site ...)
+ TODO: check
CVE-2018-1482
RESERVED
CVE-2018-1481
@@ -22234,7 +22292,7 @@ CVE-2018-1419
RESERVED
CVE-2018-1418
RESERVED
-CVE-2018-1417 (Under certain circumstances, a flaw in the J9 JVM (IBM Runtimes for ...)
+CVE-2018-1417 (Under certain circumstances, a flaw in the J9 JVM (IBM SDK, Java ...)
NOT-FOR-US: IBM Runtimes for Java Technology
CVE-2018-1416 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to ...)
NOT-FOR-US: IBM WebSphere Portal
@@ -23288,15 +23346,13 @@ CVE-2018-1277
RESERVED
CVE-2018-1276
RESERVED
-CVE-2018-1275 [Address partial fix for CVE-2018-1270]
- RESERVED
+CVE-2018-1275 (Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior ...)
- libspring-java <not-affected> (Partial fix for CVE-2018-1270 not applied)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1565307
CVE-2018-1274
RESERVED
NOT-FOR-US: Spring Data Commons
-CVE-2018-1273
- RESERVED
+CVE-2018-1273 (Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, ...)
NOT-FOR-US: Spring Data Commons
CVE-2018-1272 (Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior ...)
- libspring-java <unfixed> (bug #895114)
@@ -23853,8 +23909,7 @@ CVE-2018-1102
RESERVED
CVE-2018-1101
RESERVED
-CVE-2018-1100 [check bounds on buffer in mail checking]
- RESERVED
+CVE-2018-1100 (zsh through version 5.4.2 is vulnerable to a stack-based buffer ...)
- zsh 5.5-1 (bug #895225)
[stretch] - zsh <no-dsa> (Minor issue)
[jessie] - zsh <no-dsa> (Minor issue)
@@ -24273,8 +24328,8 @@ CVE-2017-17310
RESERVED
CVE-2017-17309
RESERVED
-CVE-2017-17308
- RESERVED
+CVE-2017-17308 (SCCPX module in Huawei DP300 V500R002C00, RP200 V500R002C00, ...)
+ TODO: check
CVE-2017-17307 (Some Huawei Smartphones with software of VNS-L21AUTC555B141 have an ...)
NOT-FOR-US: Huawei
CVE-2017-17306 (Some Huawei Smartphones with software of VNS-L21AUTC555B141, ...)
@@ -27786,22 +27841,22 @@ CVE-2018-0025
RESERVED
CVE-2018-0024
RESERVED
-CVE-2018-0023
- RESERVED
-CVE-2018-0022
- RESERVED
-CVE-2018-0021
- RESERVED
-CVE-2018-0020
- RESERVED
-CVE-2018-0019
- RESERVED
-CVE-2018-0018
- RESERVED
-CVE-2018-0017
- RESERVED
-CVE-2018-0016
- RESERVED
+CVE-2018-0023 (JSNAPy is an open source python version of Junos Snapshot ...)
+ TODO: check
+CVE-2018-0022 (A Junos device with VPLS routing-instances configured on one or more ...)
+ TODO: check
+CVE-2018-0021 (If all 64 digits of the connectivity association name (CKN) key or all ...)
+ TODO: check
+CVE-2018-0020 (Junos OS may be impacted by the receipt of a malformed BGP UPDATE ...)
+ TODO: check
+CVE-2018-0019 (A vulnerability in Junos OS SNMP MIB-II subagent daemon (mib2d) may ...)
+ TODO: check
+CVE-2018-0018 (On SRX Series devices during compilation of IDP policies, an attacker ...)
+ TODO: check
+CVE-2018-0017 (A vulnerability in the Network Address Translation - Protocol ...)
+ TODO: check
+CVE-2018-0016 (Receipt of a specially crafted Connectionless Network Protocol (CLNP) ...)
+ TODO: check
CVE-2018-0015 (A malicious user with unrestricted access to the AppFormix application ...)
NOT-FOR-US: AppFormix
CVE-2018-0014 (Juniper Networks ScreenOS devices do not pad Ethernet packets with ...)
@@ -32195,8 +32250,8 @@ CVE-2017-15329 (Huawei UMA V200R001C00 has a SQL injection vulnerability in the
NOT-FOR-US: Huawei
CVE-2017-15328 (Huawei HG8245H version earlier than V300R018C00SPC110 has an ...)
NOT-FOR-US: Huawei
-CVE-2017-15327
- RESERVED
+CVE-2017-15327 (S12700 V200R005C00, V200R006C00, V200R006C01, V200R007C00, ...)
+ TODO: check
CVE-2017-15326 (DBS3900 TDD LTE V100R003C00, V100R004C10 have a weak encryption ...)
NOT-FOR-US: Huawei
CVE-2017-15325 (The Bdat driver of Prague smart phones with software versions earlier ...)
@@ -35076,8 +35131,8 @@ CVE-2017-14461 (A specially crafted email delivered over SMTP and passed on to D
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0510
CVE-2017-14460 (An exploitable overly permissive cross-domain (CORS) whitelist ...)
- parity <itp> (bug #890550)
-CVE-2017-14459
- RESERVED
+CVE-2017-14459 (An exploitable OS Command Injection vulnerability exists in the ...)
+ TODO: check
CVE-2017-14458
RESERVED
CVE-2017-14457 (An exploitable information leak/denial of service vulnerability exists ...)
@@ -37424,10 +37479,10 @@ CVE-2017-13680 (Prior to SEP 12.1 RU6 MP9 & SEP 14 RU1 Symantec Endpoint Pro
NOT-FOR-US: Symantec Endpoint Protection
CVE-2017-13679 (A denial of service (DoS) attack in Symantec Encryption Desktop before ...)
NOT-FOR-US: Symantec
-CVE-2017-13678
- RESERVED
-CVE-2017-13677
- RESERVED
+CVE-2017-13678 (Stored XSS vulnerability in the Symantec Advanced Secure Gateway (ASG) ...)
+ TODO: check
+CVE-2017-13677 (Denial-of-service (DoS) vulnerability in the Symantec Advanced Secure ...)
+ TODO: check
CVE-2017-13676 (Norton Remove & Reinstall can be susceptible to a DLL preloading ...)
NOT-FOR-US: Symantec
CVE-2017-13675 (A denial of service (DoS) attack in Symantec Endpoint Encryption ...)
@@ -45411,8 +45466,8 @@ CVE-2017-11013 (In android for MSM, Firefox OS for MSM, QRD Android, with all An
NOT-FOR-US: Qualcomm components for Android
CVE-2017-11012 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-11011
- RESERVED
+CVE-2017-11011 (In Android before security patch level 2018-04-05 on Qualcomm ...)
+ TODO: check
CVE-2017-11010 (In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-11009
@@ -53486,10 +53541,10 @@ CVE-2017-8277 (In all Qualcomm products with Android releases from CAF using the
NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8276
RESERVED
-CVE-2017-8275
- RESERVED
-CVE-2017-8274
- RESERVED
+CVE-2017-8275 (In Android before security patch level 2018-04-05 on Qualcomm ...)
+ TODO: check
+CVE-2017-8274 (In Android before security patch level 2018-04-05 on Qualcomm ...)
+ TODO: check
CVE-2017-8273 (In all Qualcomm products with Android release from CAF using the Linux ...)
NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8272 (In all Qualcomm products with Android releases from CAF using the ...)
@@ -53733,8 +53788,8 @@ CVE-2017-8156 (The outdoor unit of Customer Premise Equipment (CPE) product B233
NOT-FOR-US: Huawei
CVE-2017-8155 (The outdoor unit of Customer Premise Equipment (CPE) product B2338-168 ...)
NOT-FOR-US: Huawei
-CVE-2017-8154
- RESERVED
+CVE-2017-8154 (The Themes App Honor 8 Lite Huawei mobile phones with software of ...)
+ TODO: check
CVE-2017-8153 (Huawei VMall (for Android) with the versions before 1.5.8.5 have a ...)
NOT-FOR-US: Huawei
CVE-2017-8152 (Huawei Honor 5S smart phones with software the versions before ...)
@@ -56103,8 +56158,7 @@ CVE-2017-7536 (In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x
CVE-2017-7535
RESERVED
- foreman <itp> (bug #663101)
-CVE-2017-7534
- RESERVED
+CVE-2017-7534 (OpenShift Enterprise version 3.x is vulnerable to a stored XSS via the ...)
NOT-FOR-US: OpenShift
CVE-2017-7533 (Race condition in the fsnotify implementation in the Linux kernel ...)
{DSA-3945-1 DSA-3927-1}
@@ -57379,8 +57433,8 @@ CVE-2016-10260
RESERVED
CVE-2016-10259 (Symantec SSL Visibility (SSLV) 3.8.4FC, 3.9, 3.10 before 3.10.4.1, and ...)
NOT-FOR-US: Blue Coat
-CVE-2016-10258
- RESERVED
+CVE-2016-10258 (Unrestricted file upload vulnerability in the Symantec Advanced Secure ...)
+ TODO: check
CVE-2016-10257 (The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to ...)
NOT-FOR-US: Symantec
CVE-2016-10256 (The Symantec ProxySG 6.5 (prior to 6.5.10.6), 6.6, and 6.7 (prior to ...)
@@ -71605,8 +71659,7 @@ CVE-2017-2600
RESERVED
- jenkins <removed>
NOTE: https://jenkins.io/security/advisory/2017-02-01/
-CVE-2017-2599
- RESERVED
+CVE-2017-2599 (Jenkins before versions 2.44 and 2.32.2 is vulnerable to an ...)
- jenkins <removed>
NOTE: https://jenkins.io/security/advisory/2017-02-01/
CVE-2017-2598
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7b8836e298b517a512f8cb409da7e3db1b697175
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7b8836e298b517a512f8cb409da7e3db1b697175
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180411/233971fb/attachment-0001.html>
More information about the Secure-testing-commits
mailing list