[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Feb 16 09:10:34 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
27445bde by security tracker role at 2018-02-16T09:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,6 +1,22 @@
-CVE-2018-1000068
+CVE-2018-7180
+ RESERVED
+CVE-2018-7179
+ RESERVED
+CVE-2018-7178
+ RESERVED
+CVE-2018-7177
+ RESERVED
+CVE-2018-7176 (FrontAccounting 2.4.3 suffers from a CSRF flaw, which leads to adding a ...)
+ TODO: check
+CVE-2018-7175 (An issue was discovered in xpdf 4.00. A NULL pointer dereference in ...)
+ TODO: check
+CVE-2018-7174 (An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref ...)
+ TODO: check
+CVE-2018-7173 (A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an ...)
+ TODO: check
+CVE-2018-1000068 (An improper input validation vulnerability exists in Jenkins versions ...)
- jenkins <removed>
-CVE-2018-1000067
+CVE-2018-1000067 (An improper authorization vulnerability exists in Jenkins versions ...)
- jenkins <removed>
CVE-2018-7172
RESERVED
@@ -2357,8 +2373,8 @@ CVE-2017-18076 (In strategy.rb in OmniAuth before 1.3.2, the authenticity_token
[experimental] - ruby-omniauth 1.6.1-1
- ruby-omniauth 1.3.1-2 (bug #888523)
NOTE: https://github.com/omniauth/omniauth/pull/867
-CVE-2018-6324
- RESERVED
+CVE-2018-6324 (F-Secure Radar (on-premises) before 2018-02-15 has an Unvalidated ...)
+ TODO: check
CVE-2018-6323 (The elf_object_p function in elfcode.h in the Binary File Descriptor ...)
- binutils 2.30-3
[stretch] - binutils <ignored> (Minor issue)
@@ -2378,8 +2394,8 @@ CVE-2018-6318 (In Sophos Tester Tool 3.2.0.7 Beta, the driver loads (in the cont
NOT-FOR-US: Sophos Tester Tool
CVE-2018-6317 (The remote management interface in Claymore Dual Miner 10.5 and ...)
NOT-FOR-US: Claymore's Dual Ethereum
-CVE-2018-6316
- RESERVED
+CVE-2018-6316 (Ivanti Endpoint Security (formerly HEAT Endpoint Management and ...)
+ TODO: check
CVE-2018-6315 (The outputSWF_TEXT_RECORD function (util/outputscript.c) in libming ...)
- ming <removed>
NOTE: https://github.com/libming/libming/issues/101
@@ -2666,8 +2682,8 @@ CVE-2018-6196 (w3m through 0.5.3 is prone to an infinite recursion flaw in ...)
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/88
NOTE: https://github.com/tats/w3m/commit/8354763b90490d4105695df52674d0fcef823e92
-CVE-2018-6189
- RESERVED
+CVE-2018-6189 (F-Secure Radar (on-premises) before 2018-02-15 has XSS via vectors ...)
+ TODO: check
CVE-2018-6188 (django.contrib.auth.forms.AuthenticationForm in Django 2.0 before ...)
- python-django 1:1.11.10-1
[stretch] - python-django <not-affected> (Issue introduced in 1.11.8 and 2.0)
@@ -3803,8 +3819,8 @@ CVE-2018-5769
RESERVED
CVE-2018-5768
RESERVED
-CVE-2018-5767
- RESERVED
+CVE-2018-5767 (An issue was discovered on Tenda AC15 V15.03.1.16_multi devices. A ...)
+ TODO: check
CVE-2018-5766 (In Libav through 12.2, there is an invalid memcpy in the av_packet_ref ...)
- libav <removed>
[jessie] - libav <ignored> (Minor issue)
@@ -4701,16 +4717,19 @@ CVE-2018-5382
RESERVED
CVE-2018-5381 [fix infinite loop on certain invalid OPEN messages]
RESERVED
+ {DSA-4115-1}
- quagga <unfixed> (bug #890563)
NOTE: https://www.quagga.net/security/Quagga-2018-1975.txt
NOTE: https://git.savannah.gnu.org/cgit/quagga.git/commit/?id=ce07207c50a3d1f05d6dd49b5294282e59749787
CVE-2018-5380 [debug print of received NOTIFY data can over-read msg array]
RESERVED
+ {DSA-4115-1}
- quagga <unfixed> (bug #890563)
NOTE: https://www.quagga.net/security/Quagga-2018-1550.txt
NOTE: https://git.savannah.gnu.org/cgit/quagga.git/commit/?id=9e5251151894aefdf8e9392a2371615222119ad8
CVE-2018-5379 [Fix double free of unknown attribute]
RESERVED
+ {DSA-4115-1}
- quagga <unfixed> (bug #890563)
NOTE: https://www.quagga.net/security/Quagga-2018-1114.txt
NOTE: https://git.savannah.gnu.org/cgit/quagga.git/commit/?id=e69b535f92eafb599329bf725d9b4c6fd5d7fded
@@ -26694,12 +26713,12 @@ CVE-2017-14539 (IrfanView 4.44 - 32bit allows attackers to cause a denial of ser
NOT-FOR-US: IrfanView
CVE-2017-14538 (XnView Classic for Windows Version 2.40 allows attackers to execute ...)
NOT-FOR-US: XnView
-CVE-2017-14537
- RESERVED
-CVE-2017-14536
- RESERVED
-CVE-2017-14535
- RESERVED
+CVE-2017-14537 (trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to ...)
+ TODO: check
+CVE-2017-14536 (trixbox 2.8.0.4 has XSS via the PATH_INFO to /maint/index.php or ...)
+ TODO: check
+CVE-2017-14535 (trixbox 2.8.0.4 has OS command injection via shell metacharacters in ...)
+ TODO: check
CVE-2017-14534 (Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via ...)
NOT-FOR-US: NexusPHP
CVE-2017-14533 (ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/mat.c. ...)
@@ -32815,156 +32834,156 @@ CVE-2017-12563 (In ImageMagick 7.0.6-2, a memory exhaustion vulnerability was fo
NOTE: https://github.com/ImageMagick/ImageMagick/issues/599
NOTE: https://github.com/ImageMagick/ImageMagick/commit/82b53bd74df1489332e4043035a51b43f54d43f1
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/7d3af83d8b946f952bfd028451e6dfb1f7ace07a
-CVE-2017-12561
- RESERVED
-CVE-2017-12560
- RESERVED
-CVE-2017-12559
- RESERVED
-CVE-2017-12558
- RESERVED
-CVE-2017-12557
- RESERVED
-CVE-2017-12556
- RESERVED
-CVE-2017-12555
- RESERVED
-CVE-2017-12554
- RESERVED
-CVE-2017-12553
- RESERVED
-CVE-2017-12552
- RESERVED
-CVE-2017-12551
- RESERVED
-CVE-2017-12550
- RESERVED
-CVE-2017-12549
- RESERVED
-CVE-2017-12548
- RESERVED
-CVE-2017-12547
- RESERVED
-CVE-2017-12546
- RESERVED
-CVE-2017-12545
- RESERVED
-CVE-2017-12544
- RESERVED
-CVE-2017-12543
- RESERVED
-CVE-2017-12542
- RESERVED
-CVE-2017-12541
- RESERVED
-CVE-2017-12540
- RESERVED
-CVE-2017-12539
- RESERVED
-CVE-2017-12538
- RESERVED
-CVE-2017-12537
- RESERVED
-CVE-2017-12536
- RESERVED
-CVE-2017-12535
- RESERVED
-CVE-2017-12534
- RESERVED
-CVE-2017-12533
- RESERVED
-CVE-2017-12532
- RESERVED
-CVE-2017-12531
- RESERVED
-CVE-2017-12530
- RESERVED
-CVE-2017-12529
- RESERVED
-CVE-2017-12528
- RESERVED
-CVE-2017-12527
- RESERVED
-CVE-2017-12526
- RESERVED
-CVE-2017-12525
- RESERVED
-CVE-2017-12524
- RESERVED
-CVE-2017-12523
- RESERVED
-CVE-2017-12522
- RESERVED
-CVE-2017-12521
- RESERVED
-CVE-2017-12520
- RESERVED
-CVE-2017-12519
- RESERVED
-CVE-2017-12518
- RESERVED
-CVE-2017-12517
- RESERVED
-CVE-2017-12516
- RESERVED
-CVE-2017-12515
- RESERVED
-CVE-2017-12514
- RESERVED
-CVE-2017-12513
- RESERVED
-CVE-2017-12512
- RESERVED
-CVE-2017-12511
- RESERVED
-CVE-2017-12510
- RESERVED
-CVE-2017-12509
- RESERVED
-CVE-2017-12508
- RESERVED
-CVE-2017-12507
- RESERVED
-CVE-2017-12506
- RESERVED
-CVE-2017-12505
- RESERVED
-CVE-2017-12504
- RESERVED
-CVE-2017-12503
- RESERVED
-CVE-2017-12502
- RESERVED
-CVE-2017-12501
- RESERVED
-CVE-2017-12500
- RESERVED
-CVE-2017-12499
- RESERVED
-CVE-2017-12498
- RESERVED
-CVE-2017-12497
- RESERVED
-CVE-2017-12496
- RESERVED
-CVE-2017-12495
- RESERVED
-CVE-2017-12494
- RESERVED
-CVE-2017-12493
- RESERVED
-CVE-2017-12492
- RESERVED
-CVE-2017-12491
- RESERVED
-CVE-2017-12490
- RESERVED
-CVE-2017-12489
- RESERVED
-CVE-2017-12488
- RESERVED
-CVE-2017-12487
- RESERVED
+CVE-2017-12561 (A remote code execution vulnerability in HPE intelligent Management ...)
+ TODO: check
+CVE-2017-12560 (A Remote Denial of Service vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-12559 (A Remote Denial of Service vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-12558 (A Remote Code Execution vulnerability in HPE intelligent Management ...)
+ TODO: check
+CVE-2017-12557 (A Remote Code Execution vulnerability in HPE intelligent Management ...)
+ TODO: check
+CVE-2017-12556 (A Remote Code Execution vulnerability in HPE intelligent Management ...)
+ TODO: check
+CVE-2017-12555 (A remote arbitrary file download and disclosure of information ...)
+ TODO: check
+CVE-2017-12554 (A remote code execution vulnerability in HPE intelligent Management ...)
+ TODO: check
+CVE-2017-12553 (A local authentication bypass vulnerability in HPE System Management ...)
+ TODO: check
+CVE-2017-12552 (A local arbitrary execution of commands vulnerability in HPE System ...)
+ TODO: check
+CVE-2017-12551 (A local arbitrary execution of commands vulnerability in HPE System ...)
+ TODO: check
+CVE-2017-12550 (A local security misconfiguration vulnerability in HPE System ...)
+ TODO: check
+CVE-2017-12549 (A local authentication bypass vulnerability in HPE System Management ...)
+ TODO: check
+CVE-2017-12548 (A local arbitrary command execution vulnerability in HPE System ...)
+ TODO: check
+CVE-2017-12547 (A local arbitrary command execution vulnerability in HPE System ...)
+ TODO: check
+CVE-2017-12546 (A local buffer overflow vulnerability in HPE System Management ...)
+ TODO: check
+CVE-2017-12545 (A remote denial of service vulnerability in HPE System Management ...)
+ TODO: check
+CVE-2017-12544 (A cross-site scripting vulnerability in HPE System Management Homepage ...)
+ TODO: check
+CVE-2017-12543 (A remote disclosure of information vulnerability in Moonshot Remote ...)
+ TODO: check
+CVE-2017-12542 (A authentication bypass and execution of code vulnerability in HPE ...)
+ TODO: check
+CVE-2017-12541 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-12540 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-12539 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-12538 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-12537 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-12536 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-12535 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-12534 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-12533 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-12532 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-12531 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-12530 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-12529 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-12528 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-12527 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-12526 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-12525 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-12524 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-12523 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-12522 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-12521 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-12520 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-12519 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-12518 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-12517 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-12516 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-12515 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-12514 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-12513 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-12512 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-12511 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-12510 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-12509 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-12508 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-12507 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-12506 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-12505 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-12504 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-12503 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-12502 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-12501 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-12500 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-12499 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-12498 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-12497 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-12496 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-12495 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-12494 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-12493 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-12492 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-12491 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-12490 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-12489 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-12488 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-12487 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
CVE-2017-12486
RESERVED
CVE-2017-12485
@@ -43411,8 +43430,8 @@ CVE-2017-8995
RESERVED
CVE-2017-8994 (A input validation vulnerability in HPE Operations Orchestration ...)
NOT-FOR-US: HPE
-CVE-2017-8993
- RESERVED
+CVE-2017-8993 (A Remote Cross-Site Scripting vulnerability in HPE Project and ...)
+ TODO: check
CVE-2017-8992
RESERVED
CVE-2017-8991
@@ -43427,92 +43446,89 @@ CVE-2017-8987
RESERVED
CVE-2017-8986
RESERVED
-CVE-2017-8985
- RESERVED
-CVE-2017-8984
- RESERVED
-CVE-2017-8983
- RESERVED
-CVE-2017-8982
- RESERVED
-CVE-2017-8981
- RESERVED
-CVE-2017-8980
- RESERVED
-CVE-2017-8979
- RESERVED
-CVE-2017-8978
- RESERVED
-CVE-2017-8977
- RESERVED
-CVE-2017-8976
- RESERVED
-CVE-2017-8975
- RESERVED
-CVE-2017-8974
- RESERVED
-CVE-2017-8973
- RESERVED
-CVE-2017-8972
- RESERVED
-CVE-2017-8971
- RESERVED
-CVE-2017-8970
- RESERVED
-CVE-2017-8969
- RESERVED
+CVE-2017-8985 (HPE XP Storage using Hitachi Global Link Manager (HGLM) has a local ...)
+ TODO: check
+CVE-2017-8984 (A remote code execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-8983 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-8982 (A Remote Authentication Restriction Bypass vulnerability in HPE ...)
+ TODO: check
+CVE-2017-8981 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-8980 (A Remote Disclosure of Information vulnerability in HPE Intelligent ...)
+ TODO: check
+CVE-2017-8979 (Security vulnerabilities in the HPE Integrated Lights-Out 2 (iLO 2) ...)
+ TODO: check
+CVE-2017-8978 (A Remote Unauthorized Disclosure of Information vulnerability in HPE ...)
+ TODO: check
+CVE-2017-8977 (A Remote Denial of Service vulnerability in Hewlett Packard Enterprise ...)
+ TODO: check
+CVE-2017-8976 (A Remote Code Execution vulnerability in Hewlett Packard Enterprise ...)
+ TODO: check
+CVE-2017-8975 (A Remote Code Execution vulnerability in Hewlett Packard Enterprise ...)
+ TODO: check
+CVE-2017-8974 (A Local Authentication Restriction Bypass vulnerability in HPE NonStop ...)
+ TODO: check
+CVE-2017-8973 (An improper input validation vulnerability in HPE Matrix Operating ...)
+ TODO: check
+CVE-2017-8972 (A clickjacking vulnerability in HPE Matrix Operating Environment ...)
+ TODO: check
+CVE-2017-8971 (A clickjacking vulnerability in HPE Matrix Operating Environment ...)
+ TODO: check
+CVE-2017-8970 (A remote unauthenticated disclosure of information vulnerability in ...)
+ TODO: check
+CVE-2017-8969 (An improper input validation vulnerability in HPE Insight Control ...)
+ TODO: check
CVE-2017-8968
RESERVED
-CVE-2017-8967
- RESERVED
-CVE-2017-8966
- RESERVED
-CVE-2017-8965
- RESERVED
-CVE-2017-8964
- RESERVED
-CVE-2017-8963
- RESERVED
-CVE-2017-8962
- RESERVED
-CVE-2017-8961
- RESERVED
-CVE-2017-8960
- RESERVED
-CVE-2017-8959
- RESERVED
-CVE-2017-8958
- RESERVED
-CVE-2017-8957
- RESERVED
-CVE-2017-8956
- RESERVED
-CVE-2017-8955
- RESERVED
-CVE-2017-8954
- RESERVED
-CVE-2017-8953
- RESERVED
-CVE-2017-8952
- RESERVED
-CVE-2017-8951
- RESERVED
-CVE-2017-8950
- RESERVED
-CVE-2017-8949
- RESERVED
-CVE-2017-8948
- RESERVED
-CVE-2017-8947
- RESERVED
+CVE-2017-8967 (A Deserialization of Untrusted Data vulnerability in Hewlett Packard ...)
+ TODO: check
+CVE-2017-8966 (A Deserialization of Untrusted Data vulnerability in Hewlett Packard ...)
+ TODO: check
+CVE-2017-8965 (A Deserialization of Untrusted Data vulnerability in Hewlett Packard ...)
+ TODO: check
+CVE-2017-8964 (A Deserialization of Untrusted Data vulnerability in Hewlett Packard ...)
+ TODO: check
+CVE-2017-8963 (A Deserialization of Untrusted Data vulnerability in Hewlett Packard ...)
+ TODO: check
+CVE-2017-8962 (A Deserialization of Untrusted Data vulnerability in Hewlett Packard ...)
+ TODO: check
+CVE-2017-8961 (A directory traversal vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-8960 (An Authentication Bypass vulnerability in HPE MSA 1040 and MSA 2040 ...)
+ TODO: check
+CVE-2017-8959 (An Authentication Bypass vulnerability in HPE MSA 1040 and HPE MSA ...)
+ TODO: check
+CVE-2017-8958 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-8957 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-8956 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-8955 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-8954 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-8953 (A Remote Cross-Site Scripting (XSS) vulnerability in HPE LoadRunner ...)
+ TODO: check
+CVE-2017-8952 (A Disclosure of Sensitive Information vulnerability in HPE SiteScope ...)
+ TODO: check
+CVE-2017-8951 (A Disclosure of Sensitive Information vulnerability in HPE SiteScope ...)
+ TODO: check
+CVE-2017-8950 (A Disclosure of Sensitive Information vulnerability in HPE SiteScope ...)
+ TODO: check
+CVE-2017-8949 (A Disclosure of Sensitive Information vulnerability in HPE SiteScope ...)
+ TODO: check
+CVE-2017-8948 (A Remote Bypass Security Restriction vulnerability in HPE Network Node ...)
+ TODO: check
+CVE-2017-8947 (A Remote Code Execution vulnerability in HPE UCMDB version v10.10, ...)
NOT-FOR-US: HPE UCMDB
-CVE-2017-8946
- RESERVED
+CVE-2017-8946 (A Remote Code Execution vulnerability in HPE Aruba AirWave Glass ...)
NOT-FOR-US: HPE Aruba AirWave Glass
-CVE-2017-8945
- RESERVED
-CVE-2017-8944
- RESERVED
+CVE-2017-8945 (A Remote Unauthorized Disclosure of Information vulnerability in HPE ...)
+ TODO: check
+CVE-2017-8944 (A Remote Disclosure of Information vulnerability in HPE Cloud ...)
NOT-FOR-US: HPE Cloud Optimizer
CVE-2017-8943 (The PUMA PUMATRAC app 3.0.2 for iOS does not verify X.509 certificates ...)
NOT-FOR-US: PUMA PUMATRAC app
@@ -53447,126 +53463,108 @@ CVE-2017-5834 (The parse_dict_node function in bplist.c in libplist allows attac
[jessie] - libplist <no-dsa> (Minor issue)
NOTE: https://github.com/libimobiledevice/libplist/issues/89
NOTE: http://www.openwall.com/lists/oss-security/2017/01/31/6
-CVE-2017-5829
- RESERVED
+CVE-2017-5829 (An access restriction bypass vulnerability in HPE Aruba ClearPass ...)
NOT-FOR-US: HPE Aruba ClearPass Policy Manager
-CVE-2017-5828
- RESERVED
+CVE-2017-5828 (An arbitrary command execution vulnerability in HPE Aruba ClearPass ...)
NOT-FOR-US: HPE Aruba ClearPass Policy Manager
-CVE-2017-5827
- RESERVED
+CVE-2017-5827 (A reflected cross site scripting vulnerability in HPE Aruba ClearPass ...)
NOT-FOR-US: HPE Aruba ClearPass Policy Manager
-CVE-2017-5826
- RESERVED
+CVE-2017-5826 (An authenticated remote code execution vulnerability in HPE Aruba ...)
NOT-FOR-US: HPE Aruba ClearPass Policy Manager
-CVE-2017-5825
- RESERVED
+CVE-2017-5825 (A privilege escalation vulnerability in HPE Aruba ClearPass Policy ...)
NOT-FOR-US: HPE Aruba ClearPass Policy Manager
-CVE-2017-5824
- RESERVED
+CVE-2017-5824 (An unauthenticated remote code execution vulnerability in HPE Aruba ...)
NOT-FOR-US: HPE Aruba ClearPass Policy Manager
-CVE-2017-5823
- RESERVED
+CVE-2017-5823 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
NOT-FOR-US: HPE Intelligent Management Center
-CVE-2017-5822
- RESERVED
+CVE-2017-5822 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
NOT-FOR-US: HPE Intelligent Management Center
-CVE-2017-5821
- RESERVED
+CVE-2017-5821 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
NOT-FOR-US: HPE Intelligent Management Center
-CVE-2017-5820
- RESERVED
+CVE-2017-5820 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
NOT-FOR-US: HPE Intelligent Management Center
-CVE-2017-5819
- RESERVED
+CVE-2017-5819 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
NOT-FOR-US: HPE Intelligent Management Center
-CVE-2017-5818
- RESERVED
+CVE-2017-5818 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
NOT-FOR-US: HPE Intelligent Management Center
-CVE-2017-5817
- RESERVED
+CVE-2017-5817 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
NOT-FOR-US: HPE Intelligent Management Center
-CVE-2017-5816
- RESERVED
+CVE-2017-5816 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
NOT-FOR-US: HPE Intelligent Management Center
-CVE-2017-5815
- RESERVED
-CVE-2017-5814
- RESERVED
-CVE-2017-5813
- RESERVED
-CVE-2017-5812
- RESERVED
-CVE-2017-5811
- RESERVED
-CVE-2017-5810
- RESERVED
-CVE-2017-5809
- RESERVED
-CVE-2017-5808
- RESERVED
-CVE-2017-5807
- RESERVED
-CVE-2017-5806
- RESERVED
+CVE-2017-5815 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
+CVE-2017-5814 (A remote sql injection authentication bypass in HPE Network Automation ...)
+ TODO: check
+CVE-2017-5813 (A remote unauthenticated access vulnerability in HPE Network ...)
+ TODO: check
+CVE-2017-5812 (A remote sql information disclosure vulnerability in HPE Network ...)
+ TODO: check
+CVE-2017-5811 (A remote code execution vulnerability in HPE Network Automation ...)
+ TODO: check
+CVE-2017-5810 (A remote sql injection vulnerability in HPE Network Automation version ...)
+ TODO: check
+CVE-2017-5809 (A Remote Arbitrary Code Execution vulnerability in HPE Data Protector ...)
+ TODO: check
+CVE-2017-5808 (A Remote Arbitrary Code Execution vulnerability in HPE Data Protector ...)
+ TODO: check
+CVE-2017-5807 (A Remote Arbitrary Code Execution vulnerability in HPE Data Protector ...)
+ TODO: check
+CVE-2017-5806 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
NOT-FOR-US: HPE Intelligent Management Center
-CVE-2017-5805
- RESERVED
+CVE-2017-5805 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
NOT-FOR-US: HPE Intelligent Management Center
-CVE-2017-5804
- RESERVED
+CVE-2017-5804 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
NOT-FOR-US: HPE Intelligent Management Center
-CVE-2017-5803
- RESERVED
-CVE-2017-5802
- RESERVED
-CVE-2017-5801
- RESERVED
-CVE-2017-5800
- RESERVED
-CVE-2017-5799
- RESERVED
-CVE-2017-5798
- RESERVED
-CVE-2017-5797
- RESERVED
-CVE-2017-5796
- RESERVED
+CVE-2017-5803 (A Remote Disclosure of Information vulnerability in HPE NonStop ...)
+ TODO: check
+CVE-2017-5802 (A Remote Gain Privileged Access vulnerability in HPE Vertica Analytics ...)
+ TODO: check
+CVE-2017-5801 (A Remote Unauthorized Access to Data vulnerability in HPE Business ...)
+ TODO: check
+CVE-2017-5800 (A Remote Cross-Site Scripting (XSS) vulnerability in HPE Operations ...)
+ TODO: check
+CVE-2017-5799 (A Remote Code Execution vulnerability in HPE OpenCall Media Platform ...)
+ TODO: check
+CVE-2017-5798 (A Remote Code Execution vulnerability in HPE OpenCall Media Platform ...)
+ TODO: check
+CVE-2017-5797 (A Remote Unauthenticated Disclosure of Information vulnerability in ...)
+ TODO: check
+CVE-2017-5796 (A Remote Cross Site Request Forgery (CSRF) vulnerability in HPE 2620 ...)
NOT-FOR-US: HPE 2620 Series Network Switches
-CVE-2017-5795
- RESERVED
-CVE-2017-5794
- RESERVED
-CVE-2017-5793
- RESERVED
-CVE-2017-5792
- RESERVED
+CVE-2017-5795 (A Local Arbitrary File Download vulnerability in HPE Intelligent ...)
+ TODO: check
+CVE-2017-5794 (A Remote Arbitrary File Download vulnerability in HPE Intelligent ...)
+ TODO: check
+CVE-2017-5793 (A Remote Arbitrary Code Execution vulnerability in HPE Intelligent ...)
+ TODO: check
+CVE-2017-5792 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
+ TODO: check
CVE-2017-5791 (The doFilter method in UrlAccessController in HPE Intelligent ...)
NOT-FOR-US: HPE Intelligent Management Center
NOTE: it appears that it was incorrectly used for an issue in JanTek JTC-200
-CVE-2017-5790
- RESERVED
+CVE-2017-5790 (A remote deserialization of untrusted data vulnerability in HPE ...)
+ TODO: check
CVE-2017-5789 (HPE LoadRunner before 12.53 Patch 4 and HPE Performance Center before ...)
NOT-FOR-US: HPE LoadRunner
NOTE: it appears that it was incorrectly used for an issue in JanTek JTC-200
-CVE-2017-5788
- RESERVED
-CVE-2017-5787
- RESERVED
-CVE-2017-5786
- RESERVED
-CVE-2017-5785
- RESERVED
-CVE-2017-5784
- RESERVED
-CVE-2017-5783
- RESERVED
-CVE-2017-5782
- RESERVED
-CVE-2017-5781
- RESERVED
-CVE-2017-5780
- RESERVED
+CVE-2017-5788 (A Local Disclosure of Sensitive Information vulnerability in HPE ...)
+ TODO: check
+CVE-2017-5787 (A remote denial of service vulnerability in HPE Version Control ...)
+ TODO: check
+CVE-2017-5786 (A local Unauthorized Data Modification vulnerability in HPE ...)
+ TODO: check
+CVE-2017-5785 (A remote information disclosure vulnerability in HPE Matrix Operating ...)
+ TODO: check
+CVE-2017-5784 (A missing HSTS Header vulnerability in HPE Matrix Operating ...)
+ TODO: check
+CVE-2017-5783 (A remote clickjacking vulnerability in HPE Matrix Operating ...)
+ TODO: check
+CVE-2017-5782 (A missing HSTS Header vulnerability in HPE Matrix Operating ...)
+ TODO: check
+CVE-2017-5781 (A CSRF vulnerability in HPE Matrix Operating Environment version v7.6 ...)
+ TODO: check
+CVE-2017-5780 (A remote clickjacking vulnerability in HPE Matrix Operating ...)
+ TODO: check
CVE-2017-5779
RESERVED
CVE-2017-5778
@@ -72724,66 +72722,56 @@ CVE-2016-8537
REJECTED
CVE-2016-8536
REJECTED
-CVE-2016-8535
- RESERVED
-CVE-2016-8534
- RESERVED
-CVE-2016-8533
- RESERVED
-CVE-2016-8532
- RESERVED
-CVE-2016-8531
- RESERVED
-CVE-2016-8530
- RESERVED
-CVE-2016-8529
- RESERVED
+CVE-2016-8535 (A remote HTTP parameter Pollution vulnerability in HPE Matrix ...)
+ TODO: check
+CVE-2016-8534 (A remote privilege elevation vulnerability in HPE Matrix Operating ...)
+ TODO: check
+CVE-2016-8533 (A remote priviledge escalation vulnerability in HPE Matrix Operating ...)
+ TODO: check
+CVE-2016-8532 (A cross site scripting vulnerability in HPE Matrix Operating ...)
+ TODO: check
+CVE-2016-8531 (A remote information disclosure vulnerability in HPE Matrix Operating ...)
+ TODO: check
+CVE-2016-8530 (A remote denial of service vulnerability in HPE iMC PLAT version v7.2 ...)
+ TODO: check
+CVE-2016-8529 (A Remote Arbitrary Command Execution vulnerability in HPE StoreVirtual ...)
NOT-FOR-US: HPE StoreVirtual
-CVE-2016-8528
- RESERVED
+CVE-2016-8528 (A Remote Escalation of Privilege vulnerability in HPE Helion ...)
NOT-FOR-US: HPE Helion Eucalyptus
CVE-2016-8527
RESERVED
CVE-2016-8526
RESERVED
-CVE-2016-8525
- RESERVED
+CVE-2016-8525 (A Remote Disclosure of Information vulnerability in HPE iMC PLAT ...)
NOT-FOR-US: HPE iMC PLAT
CVE-2016-8524
REJECTED
-CVE-2016-8523
- RESERVED
+CVE-2016-8523 (A Remote Arbitrary Code Execution vulnerability in HPE Smart Storage ...)
NOT-FOR-US: HP Smart Storage Administrator
-CVE-2016-8522
- RESERVED
+CVE-2016-8522 (A cross-site scripting vulnerability in HPE Diagnostics version 9.24 ...)
NOT-FOR-US: HPE Diagnostics
-CVE-2016-8521
- RESERVED
+CVE-2016-8521 (A Remote click jacking vulnerability in HPE Diagnostics version 9.24 ...)
NOT-FOR-US: HPE Diagnostics
-CVE-2016-8520
- RESERVED
-CVE-2016-8519
- RESERVED
+CVE-2016-8520 (HPE Helion Eucalyptus v4.3.0 and earlier does not correctly check IAM ...)
+ TODO: check
+CVE-2016-8519 (A remote code execution vulnerability in HPE Operations Orchestration ...)
NOT-FOR-US: HPE Operations Orchestration
-CVE-2016-8518
- RESERVED
-CVE-2016-8517
- RESERVED
-CVE-2016-8516
- RESERVED
-CVE-2016-8515
- RESERVED
+CVE-2016-8518 (A remote denial of service vulnerability in HPE Systems Insight ...)
+ TODO: check
+CVE-2016-8517 (A cross site scripting vulnerability in HPE Systems Insight Manager in ...)
+ TODO: check
+CVE-2016-8516 (A remote denial of service vulnerability in HPE Systems Insight ...)
+ TODO: check
+CVE-2016-8515 (A remote malicious file upload vulnerability in HPE Version Control ...)
NOT-FOR-US: HPE Version Control Repository Manager
-CVE-2016-8514
- RESERVED
+CVE-2016-8514 (A remote information disclosure in HPE Version Control Repository ...)
NOT-FOR-US: HPE Version Control Repository Manager
-CVE-2016-8513
- RESERVED
+CVE-2016-8513 (A Cross-Site Request Forgery (CSRF) vulnerability in HPE Version ...)
NOT-FOR-US: HPE Version Control Repository Manager
-CVE-2016-8512
- RESERVED
-CVE-2016-8511
- RESERVED
+CVE-2016-8512 (A Remote Code Execution vulnerability in all versions of HPE ...)
+ TODO: check
+CVE-2016-8511 (A Remote Code Execution vulnerability in HPE Network Automation using ...)
+ TODO: check
CVE-2016-8510
REJECTED
CVE-2016-8509
@@ -152139,10 +152127,10 @@ CVE-2014-0016 (stunnel before 5.00, when using fork threading, does not properly
CVE-2014-0015 (cURL and libcurl 7.10.6 through 7.34.0, when more than one ...)
{DSA-2849-1}
- curl 7.35.0-1
-CVE-2014-0014
- RESERVED
-CVE-2014-0013
- RESERVED
+CVE-2014-0014 (Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, ...)
+ TODO: check
+CVE-2014-0013 (Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, ...)
+ TODO: check
CVE-2014-0012 (FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create ...)
- jinja2 2.7.2-2 (bug #734956)
[squeeze] - jinja2 <not-affected> (introduced by fix in 2.7.2)
@@ -187708,8 +187696,7 @@ CVE-2011-4975
RESERVED
CVE-2011-4974
RESERVED
-CVE-2011-4973 [mod_nss FakeBasicAuth authentication bypass]
- RESERVED
+CVE-2011-4973 (Authentication bypass vulnerability in mod_nss 1.0.8 allows remote ...)
- libapache2-mod-nss 1.0.8-4 (low; bug #729626)
[wheezy] - libapache2-mod-nss <no-dsa> (Minor issue)
NOTE: https://www.redhat.com/archives/mod_nss-list/2011-May/msg00001.html
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/27445bdea281f0f93e0147502b09d71a113af764
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/27445bdea281f0f93e0147502b09d71a113af764
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180216/9149c455/attachment-0001.html>
More information about the Secure-testing-commits
mailing list