[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Feb 14 21:10:28 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
104fb8a2 by security tracker role at 2018-02-14T21:10:24+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,4 +1,192 @@
-CVE-2018-7032 [webcheckout: missing URL sanitization]
+CVE-2018-7049
+	RESERVED
+CVE-2018-7048
+	RESERVED
+CVE-2018-7047
+	RESERVED
+CVE-2018-7046
+	RESERVED
+CVE-2018-7045
+	RESERVED
+CVE-2018-7044
+	RESERVED
+CVE-2018-7043
+	RESERVED
+CVE-2018-7042
+	RESERVED
+CVE-2018-7041
+	RESERVED
+CVE-2018-7040
+	RESERVED
+CVE-2018-7039 (CCN-lite 2.0.0 Beta allows remote attackers to cause a denial of ...)
+	TODO: check
+CVE-2018-7038
+	RESERVED
+CVE-2018-7037
+	RESERVED
+CVE-2018-7036
+	RESERVED
+CVE-2018-7035
+	RESERVED
+CVE-2018-7034 (TRENDnet TEW-751DR v1.03B03, TEW-752DRU v1.03B01, and TEW733GR v1.03B01 ...)
+	TODO: check
+CVE-2018-7033
+	RESERVED
+CVE-2018-7031
+	RESERVED
+CVE-2018-7030
+	RESERVED
+CVE-2018-7029
+	RESERVED
+CVE-2018-7028
+	RESERVED
+CVE-2018-7027
+	RESERVED
+CVE-2018-7026
+	RESERVED
+CVE-2018-7025
+	RESERVED
+CVE-2018-7024
+	RESERVED
+CVE-2018-7023
+	RESERVED
+CVE-2018-7022
+	RESERVED
+CVE-2018-7021
+	RESERVED
+CVE-2018-7020
+	RESERVED
+CVE-2018-7019
+	RESERVED
+CVE-2018-7018
+	RESERVED
+CVE-2018-7017
+	RESERVED
+CVE-2018-7016
+	RESERVED
+CVE-2018-7015
+	RESERVED
+CVE-2018-7014
+	RESERVED
+CVE-2018-7013
+	RESERVED
+CVE-2018-7012
+	RESERVED
+CVE-2018-7011
+	RESERVED
+CVE-2018-7010
+	RESERVED
+CVE-2018-7009
+	RESERVED
+CVE-2018-7008
+	RESERVED
+CVE-2018-7007
+	RESERVED
+CVE-2018-7006
+	RESERVED
+CVE-2018-7005
+	RESERVED
+CVE-2018-7004
+	RESERVED
+CVE-2018-7003
+	RESERVED
+CVE-2018-7002
+	RESERVED
+CVE-2018-7001
+	RESERVED
+CVE-2018-7000
+	RESERVED
+CVE-2018-6999
+	RESERVED
+CVE-2018-6998
+	RESERVED
+CVE-2018-6997
+	RESERVED
+CVE-2018-6996
+	RESERVED
+CVE-2018-6995
+	RESERVED
+CVE-2018-6994
+	RESERVED
+CVE-2018-6993
+	RESERVED
+CVE-2018-6992
+	RESERVED
+CVE-2018-6991
+	RESERVED
+CVE-2018-6990
+	RESERVED
+CVE-2018-6989
+	RESERVED
+CVE-2018-6988
+	RESERVED
+CVE-2018-6987
+	RESERVED
+CVE-2018-6986
+	RESERVED
+CVE-2018-6985
+	RESERVED
+CVE-2018-6984
+	RESERVED
+CVE-2018-6983
+	RESERVED
+CVE-2018-6982
+	RESERVED
+CVE-2018-6981
+	RESERVED
+CVE-2018-6980
+	RESERVED
+CVE-2018-6979
+	RESERVED
+CVE-2018-6978
+	RESERVED
+CVE-2018-6977
+	RESERVED
+CVE-2018-6976
+	RESERVED
+CVE-2018-6975
+	RESERVED
+CVE-2018-6974
+	RESERVED
+CVE-2018-6973
+	RESERVED
+CVE-2018-6972
+	RESERVED
+CVE-2018-6971
+	RESERVED
+CVE-2018-6970
+	RESERVED
+CVE-2018-6969
+	RESERVED
+CVE-2018-6968
+	RESERVED
+CVE-2018-6967
+	RESERVED
+CVE-2018-6966
+	RESERVED
+CVE-2018-6965
+	RESERVED
+CVE-2018-6964
+	RESERVED
+CVE-2018-6963
+	RESERVED
+CVE-2018-6962
+	RESERVED
+CVE-2018-6961
+	RESERVED
+CVE-2018-6960
+	RESERVED
+CVE-2018-6959
+	RESERVED
+CVE-2018-6958
+	RESERVED
+CVE-2018-6957
+	RESERVED
+CVE-2017-18188 (OpenRC opentmpfiles through 0.1.3, when the fs.protected_hardlinks ...)
+	TODO: check
+CVE-2017-18187 (In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an ...)
+	TODO: check
+CVE-2018-7032 (webcheckout in myrepos through 1.20171231 does not sanitize URLs that ...)
 	- myrepos <unfixed> (bug #840014)
 	[stretch] - myrepos <no-dsa> (Minor issue)
 	[jessie] - myrepos <no-dsa> (Minor issue)
@@ -11915,62 +12103,62 @@ CVE-2018-2398
 	RESERVED
 CVE-2018-2397
 	RESERVED
-CVE-2018-2396
-	RESERVED
-CVE-2018-2395
-	RESERVED
-CVE-2018-2394
-	RESERVED
-CVE-2018-2393
-	RESERVED
-CVE-2018-2392
-	RESERVED
-CVE-2018-2391
-	RESERVED
-CVE-2018-2390
-	RESERVED
-CVE-2018-2389
-	RESERVED
-CVE-2018-2388
-	RESERVED
-CVE-2018-2387
-	RESERVED
-CVE-2018-2386
-	RESERVED
-CVE-2018-2385
-	RESERVED
-CVE-2018-2384
-	RESERVED
-CVE-2018-2383
-	RESERVED
-CVE-2018-2382
-	RESERVED
-CVE-2018-2381
-	RESERVED
+CVE-2018-2396 (Under certain conditions a malicious user can prevent legitimate users ...)
+	TODO: check
+CVE-2018-2395 (Under certain conditions a malicious user may retrieve information on ...)
+	TODO: check
+CVE-2018-2394 (Under certain conditions an unauthenticated malicious user can prevent ...)
+	TODO: check
+CVE-2018-2393 (Under certain conditions SAP Internet Graphics Server (IGS) 7.20, ...)
+	TODO: check
+CVE-2018-2392 (Under certain conditions SAP Internet Graphics Server (IGS) 7.20, ...)
+	TODO: check
+CVE-2018-2391 (Under certain conditions a malicious user can prevent legitimate users ...)
+	TODO: check
+CVE-2018-2390 (Under certain conditions a malicious user can prevent legitimate users ...)
+	TODO: check
+CVE-2018-2389 (Under certain conditions a malicious user can inject log files of SAP ...)
+	TODO: check
+CVE-2018-2388 (Stored cross-site scripting vulnerability in SAP internet Graphics ...)
+	TODO: check
+CVE-2018-2387 (A vulnerability in the SAP internet Graphics Server, 7.20, 7.20EXT, ...)
+	TODO: check
+CVE-2018-2386 (Under certain conditions a malicious user provoking an out of bounds ...)
+	TODO: check
+CVE-2018-2385 (Under certain conditions a malicious user provoking a divide by zero ...)
+	TODO: check
+CVE-2018-2384 (Under certain conditions a malicious user provoking a Null Pointer ...)
+	TODO: check
+CVE-2018-2383 (Reflected cross-site scripting vulnerability in SAP internet Graphics ...)
+	TODO: check
+CVE-2018-2382 (A vulnerability in the SAP internet Graphics Server, 7.20, 7.20EXT, ...)
+	TODO: check
+CVE-2018-2381 (SAP ERP Financials Information System (SAP_APPL 6.00, 6.02, 6.03, ...)
+	TODO: check
 CVE-2018-2380
 	RESERVED
-CVE-2018-2379
-	RESERVED
-CVE-2018-2378
-	RESERVED
-CVE-2018-2377
-	RESERVED
-CVE-2018-2376
-	RESERVED
-CVE-2018-2375
-	RESERVED
-CVE-2018-2374
-	RESERVED
-CVE-2018-2373
-	RESERVED
-CVE-2018-2372
-	RESERVED
-CVE-2018-2371
-	RESERVED
-CVE-2018-2370
-	RESERVED
-CVE-2018-2369
-	RESERVED
+CVE-2018-2379 (In SAP HANA Extended Application Services, 1.0, an unauthenticated ...)
+	TODO: check
+CVE-2018-2378 (In SAP HANA Extended Application Services, 1.0, unauthorized users can ...)
+	TODO: check
+CVE-2018-2377 (In SAP HANA Extended Application Services, 1.0, some general server ...)
+	TODO: check
+CVE-2018-2376 (In SAP HANA Extended Application Services, 1.0, a controller user who ...)
+	TODO: check
+CVE-2018-2375 (In SAP HANA Extended Application Services, 1.0, a controller user who ...)
+	TODO: check
+CVE-2018-2374 (In SAP HANA Extended Application Services, 1.0, a controller user who ...)
+	TODO: check
+CVE-2018-2373 (Under certain circumstances, a specific endpoint of the Controller's ...)
+	TODO: check
+CVE-2018-2372 (A plain keystore password is written to a system log file in SAP HANA ...)
+	TODO: check
+CVE-2018-2371 (The SAML 2.0 service provider of SAP Netweaver AS Java Web ...)
+	TODO: check
+CVE-2018-2370 (Server Side Request Forgery (SSRF) vulnerability in SAP Central ...)
+	TODO: check
+CVE-2018-2369 (Under certain conditions SAP HANA, 1.00, 2.00, allows an ...)
+	TODO: check
 CVE-2018-2368
 	RESERVED
 CVE-2018-2367
@@ -11979,8 +12167,8 @@ CVE-2018-2366
 	RESERVED
 CVE-2018-2365
 	RESERVED
-CVE-2018-2364
-	RESERVED
+CVE-2018-2364 (SAP CRM WebClient UI 7.01, 7.31, 7.46, 7.47, 7.48, 8.00, 8.01, S4FND ...)
+	TODO: check
 CVE-2018-2363 (SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, ...)
 	NOT-FOR-US: SAP NetWeaver
 CVE-2018-2362 (A remote unauthenticated attacker, SAP HANA 1.00 and 2.00, could send ...)
@@ -14828,8 +15016,7 @@ CVE-2018-1289
 	RESERVED
 CVE-2018-1288
 	RESERVED
-CVE-2018-1287 [Apache JMeter binds RMI server to wildcard in distributed mode (based on RMI)]
-	RESERVED
+CVE-2018-1287 (In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI ...)
 	- jakarta-jmeter <unfixed>
 	NOTE: http://www.openwall.com/lists/oss-security/2018/02/11/2
 	NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=62039
@@ -26250,9 +26437,9 @@ CVE-2017-14525 (Multiple open redirect vulnerabilities in OpenText Documentum We
 	NOT-FOR-US: OpenText Documentum Webtop
 CVE-2017-14524 (Multiple open redirect vulnerabilities in OpenText Documentum ...)
 	NOT-FOR-US: OpenText Documentum Administrator
-CVE-2017-14523 (WonderCMS 2.3.1 is vulnerable to an HTTP Host header injection attack. ...)
+CVE-2017-14523 (** DISPUTED **  ...)
 	NOT-FOR-US: WonderCMS
-CVE-2017-14522 (In WonderCMS 2.3.1, the application's input fields accept arbitrary ...)
+CVE-2017-14522 (** DISPUTED **  ...)
 	NOT-FOR-US: WonderCMS
 CVE-2017-14521 (In WonderCMS 2.3.1, the upload functionality accepts random ...)
 	NOT-FOR-US: WonderCMS
@@ -51819,10 +52006,10 @@ CVE-2017-6232
 	RESERVED
 CVE-2017-6231
 	RESERVED
-CVE-2017-6230
-	RESERVED
-CVE-2017-6229
-	RESERVED
+CVE-2017-6230 (Ruckus Networks Solo APs firmware releases R110.x or before and Ruckus ...)
+	TODO: check
+CVE-2017-6229 (Ruckus Networks Unleashed AP firmware releases before 200.6.10.1.x and ...)
+	TODO: check
 CVE-2017-6228
 	RESERVED
 CVE-2017-6227 (A vulnerability in the IPv6 stack on Brocade Fibre Channel SAN ...)
@@ -65000,8 +65187,8 @@ CVE-2017-1684
 	RESERVED
 CVE-2017-1683 (IBM Connections Engagement Center 6.0 is vulnerable to cross-site ...)
 	NOT-FOR-US: IBM Connections Engagement Center
-CVE-2017-1682
-	RESERVED
+CVE-2017-1682 (IBM Connections 4.0, 4.5, 5.0, 5.5, and 6.0 is vulnerable to ...)
+	TODO: check
 CVE-2017-1681 (IBM WebSphere Application Server (IBM Liberty for Java for Bluemix ...)
 	NOT-FOR-US: IBM WebSphere Application Server
 CVE-2017-1680
@@ -65366,8 +65553,8 @@ CVE-2017-1501 (IBM WebSphere Application Server 8.0, 8.5, and 9.0 could provide 
 	NOT-FOR-US: IBM
 CVE-2017-1500 (A Reflected Cross Site Scripting (XSS) vulnerability exists in the ...)
 	NOT-FOR-US: IBM
-CVE-2017-1499
-	RESERVED
+CVE-2017-1499 (IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker ...)
+	TODO: check
 CVE-2017-1498 (IBM Connections 5.5 is vulnerable to cross-site scripting. This ...)
 	NOT-FOR-US: IBM
 CVE-2017-1497 (IBM Sterling File Gateway 2.2 could allow an unauthorized user to view ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/104fb8a21e450b4ff7dc5fc69cda98d43fa8a2db

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/104fb8a21e450b4ff7dc5fc69cda98d43fa8a2db
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180214/9adf90a2/attachment-0001.html>

More information about the Secure-testing-commits mailing list