[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Feb 8 09:10:28 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
615d1353 by security tracker role at 2018-02-08T09:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,37 @@
+CVE-2018-6844 (MyBB 1.8.14 has XSS via the Title or Description field on the Edit ...)
+ TODO: check
+CVE-2018-6843
+ RESERVED
+CVE-2018-6842
+ RESERVED
+CVE-2018-6841
+ RESERVED
+CVE-2018-6840
+ RESERVED
+CVE-2018-6839
+ RESERVED
+CVE-2018-6838
+ RESERVED
+CVE-2018-6837
+ RESERVED
+CVE-2018-6836 (The netmonrec_comment_destroy function in wiretap/netmon.c in Wireshark ...)
+ TODO: check
+CVE-2018-6835 (node/hooks/express/apicalls.js in Etherpad Lite before v1.6.3 ...)
+ TODO: check
+CVE-2018-6834 (static/js/pad_utils.js in Etherpad Lite before v1.6.3 has XSS via ...)
+ TODO: check
+CVE-2018-6833
+ RESERVED
+CVE-2018-6832
+ RESERVED
+CVE-2018-6831
+ RESERVED
+CVE-2018-6830
+ RESERVED
+CVE-2018-6829 (cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt ...)
+ TODO: check
+CVE-2018-6828
+ RESERVED
CVE-2018-6827
RESERVED
CVE-2018-6826
@@ -61,10 +95,10 @@ CVE-2018-6798
RESERVED
CVE-2018-6797
RESERVED
-CVE-2018-6796
- RESERVED
-CVE-2018-6795
- RESERVED
+CVE-2018-6796 (PHP Scripts Mall Multilanguage Real Estate MLM Script 3.0 has Stored ...)
+ TODO: check
+CVE-2018-6795 (PHP Scripts Mall Naukri Clone Script 3.0.3 has Stored XSS via every ...)
+ TODO: check
CVE-2018-6794 (Suricata before 4.1 is prone to an HTTP detection bypass vulnerability ...)
- suricata <unfixed> (bug #889842)
NOTE: https://redmine.openinfosecfoundation.org/issues/2427
@@ -369,8 +403,8 @@ CVE-2018-6657
RESERVED
CVE-2018-6656 (Z-BlogPHP 1.5.1 has CSRF via zb_users/plugin/AppCentre/app_del.php, as ...)
NOT-FOR-US: Z-BlogPHP
-CVE-2018-6655
- RESERVED
+CVE-2018-6655 (PHP Scripts Mall Doctor Search Script 1.0.2 has Stored XSS via an ...)
+ TODO: check
CVE-2018-6654 (The Grammarly extension before 2018-02-02 for Chrome allows remote ...)
TODO: check
CVE-2018-6653
@@ -635,6 +669,7 @@ CVE-2018-6598
CVE-2018-6597
RESERVED
CVE-2018-6596 (webhooks/base.py in Anymail (aka django-anymail) before 1.2.1 is prone ...)
+ {DSA-4107-1}
- django-anymail 1.3-1 (bug #889450)
NOTE: https://github.com/anymail/django-anymail/commit/db586ede1fbb41dce21310ea28ae15a1cf1286c5 (v1.3)
NOTE: https://github.com/anymail/django-anymail/commit/c07998304b4a31df4c61deddcb03d3607a04691b (v1.2.x-branch)
@@ -723,8 +758,8 @@ CVE-2018-6576 (SQL Injection exists in Event Manager 1.0 via the event.php id ..
NOT-FOR-US: Event Manager
CVE-2018-6575 (SQL Injection exists in the JEXTN Classified 1.0.0 component for ...)
NOT-FOR-US: JEXTN Membership component for Joomla!
-CVE-2018-6574
- RESERVED
+CVE-2018-6574 (Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before ...)
+ TODO: check
CVE-2018-6573
RESERVED
CVE-2018-6572
@@ -17907,62 +17942,62 @@ CVE-2018-0142
RESERVED
CVE-2018-0141
RESERVED
-CVE-2018-0140
- RESERVED
+CVE-2018-0140 (A vulnerability in the spam quarantine of Cisco Email Security ...)
+ TODO: check
CVE-2018-0139
RESERVED
-CVE-2018-0138
- RESERVED
-CVE-2018-0137
- RESERVED
+CVE-2018-0138 (A vulnerability in the detection engine of Cisco Firepower System ...)
+ TODO: check
+CVE-2018-0137 (A vulnerability in the TCP throttling process of Cisco Prime Network ...)
+ TODO: check
CVE-2018-0136 (A vulnerability in the IPv6 subsystem of Cisco IOS XR Software Release ...)
NOT-FOR-US: Cisco
-CVE-2018-0135
- RESERVED
-CVE-2018-0134
- RESERVED
+CVE-2018-0135 (A vulnerability in Cisco Unified Communications Manager could allow an ...)
+ TODO: check
+CVE-2018-0134 (A vulnerability in the RADIUS authentication module of Cisco Policy ...)
+ TODO: check
CVE-2018-0133
RESERVED
-CVE-2018-0132
- RESERVED
+CVE-2018-0132 (A vulnerability in the forwarding information base (FIB) code of Cisco ...)
+ TODO: check
CVE-2018-0131
RESERVED
CVE-2018-0130
RESERVED
-CVE-2018-0129
- RESERVED
-CVE-2018-0128
- RESERVED
-CVE-2018-0127
- RESERVED
+CVE-2018-0129 (A vulnerability in the web-based management interface of Cisco Data ...)
+ TODO: check
+CVE-2018-0128 (A vulnerability in the web-based management interface of Cisco Data ...)
+ TODO: check
+CVE-2018-0127 (A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N ...)
+ TODO: check
CVE-2018-0126
RESERVED
-CVE-2018-0125
- RESERVED
+CVE-2018-0125 (A vulnerability in the web interface of the Cisco RV132W ADSL2+ ...)
+ TODO: check
CVE-2018-0124
RESERVED
-CVE-2018-0123
- RESERVED
-CVE-2018-0122
- RESERVED
+CVE-2018-0123 (A Path Traversal vulnerability in the diagnostic shell for Cisco IOS ...)
+ TODO: check
+CVE-2018-0122 (A vulnerability in the CLI of the Cisco StarOS operating system for ...)
+ TODO: check
CVE-2018-0121
RESERVED
-CVE-2018-0120
- RESERVED
-CVE-2018-0119
- RESERVED
+CVE-2018-0120 (A vulnerability in the web framework of Cisco Unified Communications ...)
+ TODO: check
+CVE-2018-0119 (A vulnerability in certain authentication controls in the account ...)
+ TODO: check
CVE-2018-0118 (A vulnerability in the web-based management interface of Cisco Unified ...)
NOT-FOR-US: Cisco
-CVE-2018-0117
- RESERVED
-CVE-2018-0116
- RESERVED
+CVE-2018-0117 (A vulnerability in the ingress packet processing functionality of the ...)
+ TODO: check
+CVE-2018-0116 (A vulnerability in the RADIUS authentication module of Cisco Policy ...)
+ TODO: check
CVE-2018-0115 (A vulnerability in the CLI of the Cisco StarOS operating system for ...)
NOT-FOR-US: Cisco
CVE-2018-0114 (A vulnerability in the Cisco node-jose open source library before ...)
NOT-FOR-US: Cisco node-jose
-CVE-2018-0113
- RESERVED
+CVE-2018-0113 (A vulnerability in an operations script of Cisco UCS Central could ...)
+ TODO: check
CVE-2018-0112
RESERVED
CVE-2018-0111 (A vulnerability in Cisco WebEx Meetings Server could allow an ...)
@@ -22925,8 +22960,8 @@ CVE-2017-15402
RESERVED
CVE-2017-15401
RESERVED
-CVE-2017-15400
- RESERVED
+CVE-2017-15400 (Insufficient restriction of IPP filters in CUPS in Google Chrome OS ...)
+ TODO: check
CVE-2017-15399
RESERVED
{DSA-4024-1}
@@ -22941,8 +22976,8 @@ CVE-2017-15398
- chromium-browser 62.0.3202.89-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-15397
- RESERVED
+CVE-2017-15397 (Inappropriate implementation in ChromeVox in Google Chrome OS prior to ...)
+ TODO: check
CVE-2017-15396
RESERVED
{DSA-4020-1}
@@ -22951,62 +22986,52 @@ CVE-2017-15396
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
- libv8 <unfixed> (unimportant)
NOTE: libv8 not covered by security support
-CVE-2017-15395
- RESERVED
+CVE-2017-15395 (A use after free in Blink in Google Chrome prior to 62.0.3202.62 ...)
{DSA-4020-1}
- chromium-browser 62.0.3202.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-15394
- RESERVED
+CVE-2017-15394 (Insufficient Policy Enforcement in Extensions in Google Chrome prior to ...)
{DSA-4020-1}
- chromium-browser 62.0.3202.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-15393
- RESERVED
+CVE-2017-15393 (Insufficient Policy Enforcement in Devtools remote debugging in Google ...)
{DSA-4020-1}
- chromium-browser 62.0.3202.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-15392
- RESERVED
+CVE-2017-15392 (Insufficient data validation in V8 in Google Chrome prior to ...)
{DSA-4020-1}
- chromium-browser 62.0.3202.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-15391
- RESERVED
+CVE-2017-15391 (Insufficient Policy Enforcement in Extensions in Google Chrome prior to ...)
{DSA-4020-1}
- chromium-browser 62.0.3202.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-15390
- RESERVED
+CVE-2017-15390 (Insufficient Policy Enforcement in Omnibox in Google Chrome prior to ...)
{DSA-4020-1}
- chromium-browser 62.0.3202.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-15389
- RESERVED
+CVE-2017-15389 (An insufficient watchdog timer in navigation in Google Chrome prior to ...)
{DSA-4020-1}
- chromium-browser 62.0.3202.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-15388
- RESERVED
+CVE-2017-15388 (Iteration through non-finite points in Skia in Google Chrome prior to ...)
{DSA-4020-1}
- chromium-browser 62.0.3202.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-15387
- RESERVED
+CVE-2017-15387 (Insufficient enforcement of Content Security Policy in Blink in Google ...)
{DSA-4020-1}
- chromium-browser 62.0.3202.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-15386
- RESERVED
+CVE-2017-15386 (Incorrect implementation in Blink in Google Chrome prior to ...)
{DSA-4020-1}
- chromium-browser 62.0.3202.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -55206,26 +55231,22 @@ CVE-2017-5135 (Certain Technicolor devices have an SNMP access-control bypass, .
NOT-FOR-US: Technicolor
CVE-2017-5134
RESERVED
-CVE-2017-5133
- RESERVED
+CVE-2017-5133 (Off-by-one read/write on the heap in Blink in Google Chrome prior to ...)
{DSA-4020-1}
- chromium-browser 62.0.3202.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-5132
- RESERVED
+CVE-2017-5132 (Inappropriate implementation in V8 in Google Chrome prior to ...)
{DSA-4020-1}
- chromium-browser 62.0.3202.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-5131
- RESERVED
+CVE-2017-5131 (An integer overflow in Skia in Google Chrome prior to 62.0.3202.62 ...)
{DSA-4020-1}
- chromium-browser 62.0.3202.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-5130
- RESERVED
+CVE-2017-5130 (An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in ...)
{DLA-1188-1}
- libxml2 2.9.4+dfsg1-5.1 (bug #880000)
[stretch] - libxml2 <no-dsa> (Minor issue)
@@ -55238,38 +55259,32 @@ CVE-2017-5130
NOTE: with --maxmem. Similar issue for xmlMallocLoc and xmlReallocLoc.
NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=897dffbae322b46b83f99a607d527058a72c51ed
NOTE: Needs follow up: https://git.gnome.org/browse/libxml2/commit/?id=ed48d65b4d6c5cec7be035ad5eebeba873b4b955
-CVE-2017-5129
- RESERVED
+CVE-2017-5129 (A use after free in WebAudio in Blink in Google Chrome prior to ...)
{DSA-4020-1}
- chromium-browser 62.0.3202.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-5128
- RESERVED
+CVE-2017-5128 (Heap buffer overflow in Blink in Google Chrome prior to 62.0.3202.62 ...)
{DSA-4020-1}
- chromium-browser 62.0.3202.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-5127
- RESERVED
+CVE-2017-5127 (Use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed ...)
{DSA-4020-1}
- chromium-browser 62.0.3202.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-5126
- RESERVED
+CVE-2017-5126 (A use after free in PDFium in Google Chrome prior to 62.0.3202.62 ...)
{DSA-4020-1}
- chromium-browser 62.0.3202.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-5125
- RESERVED
+CVE-2017-5125 (Heap buffer overflow in Skia in Google Chrome prior to 62.0.3202.62 ...)
{DSA-4020-1}
- chromium-browser 62.0.3202.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-5124
- RESERVED
+CVE-2017-5124 (Incorrect application of sandboxing in Blink in Google Chrome prior to ...)
{DSA-4020-1}
- chromium-browser 62.0.3202.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/615d1353a57c42845a00f7be92c9b127ab4e73bc
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/615d1353a57c42845a00f7be92c9b127ab4e73bc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180208/b50a433e/attachment.html>
More information about the Secure-testing-commits
mailing list