[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Feb 22 21:10:23 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
02977357 by security tracker role at 2018-02-22T21:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,161 @@
+CVE-2018-7415
+ RESERVED
+CVE-2018-7414
+ RESERVED
+CVE-2018-7413
+ RESERVED
+CVE-2018-7412
+ RESERVED
+CVE-2018-7411
+ RESERVED
+CVE-2018-7410
+ RESERVED
+CVE-2018-7409 (In unixODBC before 2.3.5, there is a buffer overflow in the ...)
+ TODO: check
+CVE-2018-7408 (An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked ...)
+ TODO: check
+CVE-2018-7407
+ RESERVED
+CVE-2018-7406
+ RESERVED
+CVE-2018-7405
+ RESERVED
+CVE-2018-7404
+ RESERVED
+CVE-2018-7403
+ RESERVED
+CVE-2018-7402
+ RESERVED
+CVE-2018-7401
+ RESERVED
+CVE-2018-7400
+ RESERVED
+CVE-2018-7399
+ RESERVED
+CVE-2018-7398
+ RESERVED
+CVE-2018-7397
+ RESERVED
+CVE-2018-7396
+ RESERVED
+CVE-2018-7395
+ RESERVED
+CVE-2018-7394
+ RESERVED
+CVE-2018-7393
+ RESERVED
+CVE-2018-7392
+ RESERVED
+CVE-2018-7391
+ RESERVED
+CVE-2018-7390
+ RESERVED
+CVE-2018-7389
+ RESERVED
+CVE-2018-7388
+ RESERVED
+CVE-2018-7387
+ RESERVED
+CVE-2018-7386
+ RESERVED
+CVE-2018-7385
+ RESERVED
+CVE-2018-7384
+ RESERVED
+CVE-2018-7383
+ RESERVED
+CVE-2018-7382
+ RESERVED
+CVE-2018-7381
+ RESERVED
+CVE-2018-7380
+ RESERVED
+CVE-2018-7379
+ RESERVED
+CVE-2018-7378
+ RESERVED
+CVE-2018-7377
+ RESERVED
+CVE-2018-7376
+ RESERVED
+CVE-2018-7375
+ RESERVED
+CVE-2018-7374
+ RESERVED
+CVE-2018-7373
+ RESERVED
+CVE-2018-7372
+ RESERVED
+CVE-2018-7371
+ RESERVED
+CVE-2018-7370
+ RESERVED
+CVE-2018-7369
+ RESERVED
+CVE-2018-7368
+ RESERVED
+CVE-2018-7367
+ RESERVED
+CVE-2018-7366
+ RESERVED
+CVE-2018-7365
+ RESERVED
+CVE-2018-7364
+ RESERVED
+CVE-2018-7363
+ RESERVED
+CVE-2018-7362
+ RESERVED
+CVE-2018-7361
+ RESERVED
+CVE-2018-7360
+ RESERVED
+CVE-2018-7359
+ RESERVED
+CVE-2018-7358
+ RESERVED
+CVE-2018-7357
+ RESERVED
+CVE-2018-7356
+ RESERVED
+CVE-2018-7355
+ RESERVED
+CVE-2018-7354
+ RESERVED
+CVE-2018-7353
+ RESERVED
+CVE-2018-7352
+ RESERVED
+CVE-2018-7351
+ RESERVED
+CVE-2018-7350
+ RESERVED
+CVE-2018-7349
+ RESERVED
+CVE-2018-7348
+ RESERVED
+CVE-2018-7347
+ RESERVED
+CVE-2018-7346
+ RESERVED
+CVE-2018-7345
+ RESERVED
+CVE-2018-7344
+ RESERVED
+CVE-2018-7343
+ RESERVED
+CVE-2018-7342
+ RESERVED
+CVE-2018-7341
+ RESERVED
+CVE-2018-7340
+ RESERVED
+CVE-2018-7339
+ RESERVED
+CVE-2017-18194 (SQL injection vulnerability in users/signup.php in the "signup" ...)
+ TODO: check
+CVE-2017-18193 (fs/f2fs/extent_cache.c in the Linux kernel before 4.13 mishandles ...)
+ TODO: check
CVE-2018-XXXX [SA-CORE-2018-001: External link injection on 404 pages when linking to the current page]
- drupal7 <unfixed> (bug #891154)
NOTE: https://www.drupal.org/sa-core-2018-001
@@ -48,22 +206,22 @@ CVE-2018-7321
RESERVED
CVE-2018-7320
RESERVED
-CVE-2018-7319
- RESERVED
-CVE-2018-7318
- RESERVED
-CVE-2018-7317
- RESERVED
-CVE-2018-7316
- RESERVED
-CVE-2018-7315
- RESERVED
-CVE-2018-7314
- RESERVED
-CVE-2018-7313
- RESERVED
-CVE-2018-7312
- RESERVED
+CVE-2018-7319 (SQL Injection exists in the OS Property Real Estate 3.12.7 component ...)
+ TODO: check
+CVE-2018-7318 (SQL Injection exists in the CheckList 1.1.1 component for Joomla! via ...)
+ TODO: check
+CVE-2018-7317 (Backup Download exists in the Proclaim 9.1.1 component for Joomla! via ...)
+ TODO: check
+CVE-2018-7316 (Arbitrary File Upload exists in the Proclaim 9.1.1 component for ...)
+ TODO: check
+CVE-2018-7315 (SQL Injection exists in the Ek Rishta 2.9 component for Joomla! via the ...)
+ TODO: check
+CVE-2018-7314 (SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! ...)
+ TODO: check
+CVE-2018-7313 (SQL Injection exists in the CW Tags 2.0.6 component for Joomla! via the ...)
+ TODO: check
+CVE-2018-7312 (SQL Injection exists in the Alexandria Book Library 3.1.2 component for ...)
+ TODO: check
CVE-2018-7311 (** DISPUTED ** PrivateVPN 2.0.31 for macOS suffers from a root ...)
NOT-FOR-US: PrivateVPN for macOS
CVE-2018-7310
@@ -84,18 +242,18 @@ CVE-2018-7303 (The Calendar component in Tiki 17.1 allows HTML injection. ...)
NOT-FOR-US: Tiki
CVE-2018-7302 (Tiki 17.1 allows upload of a .PNG file that actually has SVG content, ...)
NOT-FOR-US: Tiki
-CVE-2018-7301
- RESERVED
-CVE-2018-7300
- RESERVED
-CVE-2018-7299
- RESERVED
-CVE-2018-7298
- RESERVED
-CVE-2018-7297
- RESERVED
-CVE-2018-7296
- RESERVED
+CVE-2018-7301 (eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC port ...)
+ TODO: check
+CVE-2018-7300 (Directory Traversal / Arbitrary File Write / Remote Code Execution in ...)
+ TODO: check
+CVE-2018-7299 (Remote Code Execution in the addon installation process in eQ-3 AG ...)
+ TODO: check
+CVE-2018-7298 (In /usr/local/etc/config/addons/mh/loopupd.sh on eQ-3 AG HomeMatic ...)
+ TODO: check
+CVE-2018-7297 (Remote Code Execution in the TCL script interpreter in eQ-3 AG ...)
+ TODO: check
+CVE-2018-7296 (Directory Traversal / Arbitrary File Read in User.getLanguage method ...)
+ TODO: check
CVE-2018-7295
RESERVED
CVE-2018-7294
@@ -497,6 +655,7 @@ CVE-2018-7182
CVE-2018-7181
RESERVED
CVE-2017-18190 (A localhost.localdomain whitelist entry in valid_host() in ...)
+ {DLA-1288-1}
- cups 2.2.3-2
[stretch] - cups <no-dsa> (Minor issue, can be fixed via pu)
[jessie] - cups <no-dsa> (Minor issue, can be fixed via pu)
@@ -1225,8 +1384,8 @@ CVE-2018-6892 (An issue was discovered in CloudMe before 1.11.0. An unauthentica
NOT-FOR-US: CloudMe
CVE-2018-6891 (Bookly #1 WordPress Booking Plugin Lite before 14.5 has XSS via a ...)
NOT-FOR-US: Bookly #1 WordPress Booking Plugin Lite
-CVE-2018-6890
- RESERVED
+CVE-2018-6890 (Cross-site scripting (XSS) vulnerability in Wolf CMS 0.8.3.1 via the ...)
+ TODO: check
CVE-2018-6889 (An issue was discovered in Typesetter 5.1. It suffers from a Host ...)
NOT-FOR-US: Typesetter CMS
CVE-2018-6888 (An issue was discovered in Typesetter 5.1. The User Permissions page ...)
@@ -4445,6 +4604,7 @@ CVE-2017-18034 (The source browse resource in Atlassian FishEye and Crucible bef
CVE-2017-18033 (The Jira-importers-plugin in Atlassian Jira before version 7.6.1 ...)
NOT-FOR-US: Jira-importers-plugin in Atlassian Jira
CVE-2018-5750 (The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux ...)
+ {DSA-4120-1}
- linux 4.15.4-1
NOTE: https://patchwork.kernel.org/patch/10174835/
CVE-2018-5749 (install.php in Minecraft Servers List Lite before commit c1cd164 and ...)
@@ -14977,14 +15137,14 @@ CVE-2018-1419
RESERVED
CVE-2018-1418
RESERVED
-CVE-2018-1417
- RESERVED
+CVE-2018-1417 (Under certain circumstances, a flaw in the J9 JVM (IBM Runtimes for ...)
+ TODO: check
CVE-2018-1416
RESERVED
-CVE-2018-1415
- RESERVED
-CVE-2018-1414
- RESERVED
+CVE-2018-1415 (IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. ...)
+ TODO: check
+CVE-2018-1414 (IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to SQL ...)
+ TODO: check
CVE-2018-1413
RESERVED
CVE-2018-1412
@@ -15027,10 +15187,10 @@ CVE-2018-1394
RESERVED
CVE-2018-1393
RESERVED
-CVE-2018-1392
- RESERVED
-CVE-2018-1391
- RESERVED
+CVE-2018-1392 (IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for ...)
+ TODO: check
+CVE-2018-1391 (IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for ...)
+ TODO: check
CVE-2018-1390
RESERVED
CVE-2018-1389
@@ -30939,6 +31099,7 @@ CVE-2017-13168 (An elevation of privilege vulnerability in the kernel scsi drive
CVE-2017-13167 (An elevation of privilege vulnerability in the kernel sound timer. ...)
NOT-FOR-US: Android kernel components (no source release, so apparently not present in mainline)
CVE-2017-13166 (An elevation of privilege vulnerability in the kernel v4l2 video ...)
+ {DSA-4120-1}
- linux 4.15.4-1
NOTE: https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13166.html
NOTE: https://git.kernel.org/linus/a1dfb4c48cc1e64eeb7800a27c66a6f7e88d075a
@@ -54114,7 +54275,7 @@ CVE-2017-5756
CVE-2017-5755
RESERVED
CVE-2017-5754 (Systems with microprocessors utilizing speculative execution and ...)
- {DSA-4082-1 DSA-4078-1 DLA-1232-1}
+ {DSA-4120-1 DSA-4082-1 DSA-4078-1 DLA-1232-1}
- linux 4.14.12-1
- nvidia-graphics-drivers 384.111-1 (bug #886852)
[stretch] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
@@ -54224,6 +54385,7 @@ CVE-2017-5717 (Type Confusion in Content Protection HECI Service in Intel Graphi
CVE-2017-5716
REJECTED
CVE-2017-5715 (Systems with microprocessors utilizing speculative execution and ...)
+ {DSA-4120-1}
- linux 4.14.17-1
NOTE: https://spectreattack.com/
NOTE: https://xenbits.xen.org/xsa/advisory-254.html
@@ -56318,12 +56480,12 @@ CVE-2017-5253
RESERVED
CVE-2017-5252
RESERVED
-CVE-2017-5251
- RESERVED
-CVE-2017-5250
- RESERVED
-CVE-2017-5249
- RESERVED
+CVE-2017-5251 (In version 1012 and prior of Insteon's Insteon Hub, the radio ...)
+ TODO: check
+CVE-2017-5250 (In version 1.9.7 and prior of Insteon's Insteon for Hub Android app, ...)
+ TODO: check
+CVE-2017-5249 (In version 6.1.0.19 and prior of Wink Labs's Wink - Smart Home Android ...)
+ TODO: check
CVE-2017-5248
RESERVED
CVE-2017-5247 (Biscom Secure File Transfer is vulnerable to cross-site scripting in ...)
@@ -86449,7 +86611,7 @@ CVE-2016-4660 (An issue was discovered in certain Apple products. iOS before 10.
NOT-FOR-US: Apple
CVE-2016-4659
REJECTED
-CVE-2016-4658 (libxml2 in Apple iOS before 10, OS X before 10.12, tvOS before 10, and ...)
+CVE-2016-4658 (xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS ...)
{DSA-3744-1 DLA-691-1}
- libxml2 2.9.4+dfsg1-2.1 (bug #840553)
NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/02977357c5272d1dcc03fe34054a46e7838033b9
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/02977357c5272d1dcc03fe34054a46e7838033b9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180222/36b04784/attachment.html>
More information about the Secure-testing-commits
mailing list