[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Thu Jan 4 21:10:22 UTC 2018


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4e7e7293 by security tracker role at 2018-01-04T21:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,23 @@
+CVE-2018-5220 (In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local ...)
+	TODO: check
+CVE-2018-5219 (In K7 Antivirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local ...)
+	TODO: check
+CVE-2018-5218 (In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local ...)
+	TODO: check
+CVE-2018-5217 (In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local ...)
+	TODO: check
+CVE-2018-5216 (Radiant CMS 1.1.4 has XSS via crafted Markdown input in the ...)
+	TODO: check
+CVE-2018-5215 (Fork CMS 5.0.7 has XSS in /private/en/pages/edit via the title ...)
+	TODO: check
+CVE-2018-5214 (The "Add Link to Facebook" plugin through 2.3 for WordPress has XSS via ...)
+	TODO: check
+CVE-2018-5213 (The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS ...)
+	TODO: check
+CVE-2018-5212 (The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS ...)
+	TODO: check
+CVE-2018-5211
+	RESERVED
 CVE-2018-5210 (On Samsung mobile devices with N(7.x) software and Exynos chipsets, ...)
 	NOT-FOR-US: Samsung mobile devices
 CVE-2018-5209
@@ -37,7 +57,7 @@ CVE-2018-5193
 CVE-2018-5192
 	RESERVED
 CVE-2018-5191
-	RESERVED
+	REJECTED
 CVE-2018-5190
 	RESERVED
 CVE-2018-5189
@@ -731,13 +751,14 @@ CVE-2017-1000481 (When you visit a page where you need to login, Plone 2.5-5.1rc
 	TODO: check
 CVE-2017-1000480 (Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when ...)
 	TODO: check
-CVE-2017-1000479 (pfSense versions 2.4.1 and lower are vulnerable to a clickjacking ...)
+CVE-2017-1000479 (pfSense versions 2.4.1 and lower are vulnerable to clickjacking ...)
 	TODO: check
 CVE-2017-1000478 (ELabftw version 1.7.8 is vulnerable to stored cross-site scripting in ...)
 	TODO: check
 CVE-2017-1000477 (XMLBundle version 0.1.7 is vulnerable to XXE attacks which can result ...)
 	TODO: check
 CVE-2017-1000476 (ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in ...)
+	{DLA-1229-1}
 	- imagemagick <unfixed>
 	[stretch] - imagemagick <ignored> (Minor issue)
 	[jessie] - imagemagick <ignored> (Minor issue)
@@ -2930,6 +2951,7 @@ CVE-2017-1000449
 CVE-2017-1000448 (Structured Data Linter versions 2.4.1 and older are vulnerable to a ...)
 	TODO: check
 CVE-2017-1000445 (ImageMagick 7.0.7-1 and older version are vulnerable to null pointer ...)
+	{DLA-1229-1}
 	- imagemagick <unfixed> (bug #886281)
 	[stretch] - imagemagick <ignored> (Minor issue)
 	[jessie] - imagemagick <ignored> (Minor issue)
@@ -2995,7 +3017,7 @@ CVE-2017-18012 (The Z-URL Preview plugin 1.6.1 for WordPress has XSS via the ...
 	NOT-FOR-US: Z-URL Preview plugin for WordPress
 CVE-2017-18011 (The MyCBGenie Affiliate Ads for Clickbank Products plugin through 1.6 ...)
 	NOT-FOR-US: MyCBGenie Affiliate Ads for Clickbank Products plugin WordPress
-CVE-2017-18010 (The E-goi Smart Marketing SMS and Newsletters Forms plugin 1.1.1 for ...)
+CVE-2017-18010 (The E-goi Smart Marketing SMS and Newsletters Forms plugin before ...)
 	NOT-FOR-US: E-goi Smart Marketing SMS and Newsletters Forms plugin for WordPress
 CVE-2017-18009 (In OpenCV 3.3.1, a heap-based buffer over-read exists in the function ...)
 	- opencv <unfixed>
@@ -3821,8 +3843,8 @@ CVE-2017-17869 (The mgl-instagram-gallery plugin for WordPress has XSS via the .
 	NOT-FOR-US: mgl-instagram-gallery plugin for WordPress
 CVE-2017-17868 (In Liferay Portal 6.1.0, the tags section has XSS via a Public Render ...)
 	NOT-FOR-US: Liferay Portal
-CVE-2017-17867
-	RESERVED
+CVE-2017-17867 (Inteno iopsys 2.0-3.14 and 4.0 devices allow remote authenticated users ...)
+	TODO: check
 CVE-2017-17866 (pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain ...)
 	- mupdf <unfixed> (bug #885120)
 	NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=520cc26d18c9ee245b56e9e91f9d4fcae02be5f0
@@ -3922,8 +3944,8 @@ CVE-2017-17839
 	RESERVED
 CVE-2017-17838
 	RESERVED
-CVE-2017-17837
-	RESERVED
+CVE-2017-17837 (The Apache DeltaSpike-JSF 1.8.0 module has a XSS injection leak in the ...)
+	TODO: check
 CVE-2017-17836
 	RESERVED
 CVE-2017-17835
@@ -9137,15 +9159,19 @@ CVE-2017-17560 (An issue was discovered on Western Digital MyCloud PR4100 2.30.1
 CVE-2017-17559
 	RESERVED
 CVE-2017-17565 (An issue was discovered in Xen through 4.9.x allowing PV guest OS users ...)
+	{DLA-1230-1}
 	- xen <unfixed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-251.html
 CVE-2017-17564 (An issue was discovered in Xen through 4.9.x allowing guest OS users to ...)
+	{DLA-1230-1}
 	- xen <unfixed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-250.html
 CVE-2017-17563 (An issue was discovered in Xen through 4.9.x allowing guest OS users to ...)
+	{DLA-1230-1}
 	- xen <unfixed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-249.html
 CVE-2017-17566 (An issue was discovered in Xen through 4.9.x allowing PV guest OS users ...)
+	{DLA-1230-1}
 	- xen <unfixed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-248.html
 CVE-2017-17558 (The usb_destroy_configuration function in drivers/usb/core/config.c in ...)
@@ -11488,14 +11514,14 @@ CVE-2018-0805
 	RESERVED
 CVE-2018-0804
 	RESERVED
-CVE-2018-0803
-	RESERVED
+CVE-2018-0803 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, ...)
+	TODO: check
 CVE-2018-0802
 	RESERVED
 CVE-2018-0801
 	RESERVED
-CVE-2018-0800
-	RESERVED
+CVE-2018-0800 (Microsoft Edge in Microsoft Windows 10 1709 allows an attacker to ...)
+	TODO: check
 CVE-2018-0799
 	RESERVED
 CVE-2018-0798
@@ -11518,8 +11544,8 @@ CVE-2018-0790
 	RESERVED
 CVE-2018-0789
 	RESERVED
-CVE-2018-0788
-	RESERVED
+CVE-2018-0788 (The Windows Adobe Type Manager Font Driver (Atmfd.dll) in Windows 7 ...)
+	TODO: check
 CVE-2018-0787
 	RESERVED
 CVE-2018-0786
@@ -11532,88 +11558,88 @@ CVE-2018-0783
 	RESERVED
 CVE-2018-0782
 	RESERVED
-CVE-2018-0781
-	RESERVED
-CVE-2018-0780
-	RESERVED
+CVE-2018-0781 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows ...)
+	TODO: check
+CVE-2018-0780 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, ...)
+	TODO: check
 CVE-2018-0779
 	RESERVED
-CVE-2018-0778
-	RESERVED
-CVE-2018-0777
-	RESERVED
-CVE-2018-0776
-	RESERVED
-CVE-2018-0775
-	RESERVED
-CVE-2018-0774
-	RESERVED
-CVE-2018-0773
-	RESERVED
-CVE-2018-0772
-	RESERVED
+CVE-2018-0778 (Microsoft Edge in Windows 10 1709 allows an attacker to execute ...)
+	TODO: check
+CVE-2018-0777 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows ...)
+	TODO: check
+CVE-2018-0776 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows ...)
+	TODO: check
+CVE-2018-0775 (Microsoft Edge in Windows 10 1709 allows an attacker to execute ...)
+	TODO: check
+CVE-2018-0774 (Microsoft Edge in Windows 10 1709 allows an attacker to execute ...)
+	TODO: check
+CVE-2018-0773 (Microsoft Edge in Windows 10 1709 allows an attacker to execute ...)
+	TODO: check
+CVE-2018-0772 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and ...)
+	TODO: check
 CVE-2018-0771
 	RESERVED
-CVE-2018-0770
-	RESERVED
-CVE-2018-0769
-	RESERVED
-CVE-2018-0768
-	RESERVED
-CVE-2018-0767
-	RESERVED
-CVE-2018-0766
-	RESERVED
+CVE-2018-0770 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows ...)
+	TODO: check
+CVE-2018-0769 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows ...)
+	TODO: check
+CVE-2018-0768 (Microsoft Edge in Windows 10 1709 allows an attacker to execute ...)
+	TODO: check
+CVE-2018-0767 (Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, 1709, and ...)
+	TODO: check
+CVE-2018-0766 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, ...)
+	TODO: check
 CVE-2018-0765
 	RESERVED
 CVE-2018-0764
 	RESERVED
 CVE-2018-0763
 	RESERVED
-CVE-2018-0762
-	RESERVED
+CVE-2018-0762 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and ...)
+	TODO: check
 CVE-2018-0761
 	RESERVED
 CVE-2018-0760
 	RESERVED
 CVE-2018-0759
 	RESERVED
-CVE-2018-0758
-	RESERVED
+CVE-2018-0758 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows ...)
+	TODO: check
 CVE-2018-0757
 	RESERVED
 CVE-2018-0756
 	RESERVED
 CVE-2018-0755
 	RESERVED
-CVE-2018-0754
-	RESERVED
-CVE-2018-0753
-	RESERVED
-CVE-2018-0752
-	RESERVED
-CVE-2018-0751
-	RESERVED
-CVE-2018-0750
-	RESERVED
-CVE-2018-0749
-	RESERVED
-CVE-2018-0748
-	RESERVED
-CVE-2018-0747
-	RESERVED
-CVE-2018-0746
-	RESERVED
-CVE-2018-0745
-	RESERVED
-CVE-2018-0744
-	RESERVED
-CVE-2018-0743
-	RESERVED
+CVE-2018-0754 (The Windows Adobe Type Manager Font Driver (Atmfd.dll) in Windows 7 ...)
+	TODO: check
+CVE-2018-0753 (Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, ...)
+	TODO: check
+CVE-2018-0752 (The Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012 ...)
+	TODO: check
+CVE-2018-0751 (The Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012 ...)
+	TODO: check
+CVE-2018-0750 (The Windows GDI component in Windows 7 SP1 and Windows Server 2008 SP2 ...)
+	TODO: check
+CVE-2018-0749 (The Microsoft Server Message Block (SMB) Server in Windows 7 SP1, ...)
+	TODO: check
+CVE-2018-0748 (The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows ...)
+	TODO: check
+CVE-2018-0747 (The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows ...)
+	TODO: check
+CVE-2018-0746 (The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 and ...)
+	TODO: check
+CVE-2018-0745 (The Windows kernel in Windows 10 version 1703. Windows 10 version ...)
+	TODO: check
+CVE-2018-0744 (The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 and ...)
+	TODO: check
+CVE-2018-0743 (Windows Subsystem for Linux in Windows 10 version 1703, Windows 10 ...)
+	TODO: check
 CVE-2018-0742
 	RESERVED
-CVE-2018-0741
-	RESERVED
+CVE-2018-0741 (The Color Management Module (Icm32.dll) in Windows 7 SP1 and Windows ...)
+	TODO: check
 CVE-2017-17089 (custom/run.cgi in Webmin before 1.870 allows remote authenticated ...)
 	- webmin <removed>
 CVE-2017-17091 (wp-admin/user-new.php in WordPress before 4.9.1 sets the newbloguser ...)
@@ -11876,11 +11902,11 @@ CVE-2017-17028 (A buffer overflow vulnerability in external device function in Q
 CVE-2017-17027 (A buffer overflow vulnerability in FTP service in QNAP QTS version ...)
 	NOT-FOR-US: QNAP QTS
 CVE-2017-17045 (An issue was discovered in Xen through 4.9.x allowing HVM guest OS ...)
-	{DSA-4050-1}
+	{DSA-4050-1 DLA-1230-1}
 	- xen 4.8.2+xsa245-0+deb9u1
 	NOTE: https://xenbits.xen.org/xsa/advisory-247.html
 CVE-2017-17044 (An issue was discovered in Xen through 4.9.x allowing HVM guest OS ...)
-	{DSA-4050-1}
+	{DSA-4050-1 DLA-1230-1}
 	- xen 4.8.2+xsa245-0+deb9u1
 	NOTE: https://xenbits.xen.org/xsa/advisory-246.html
 CVE-2017-17046 (An issue was discovered in Xen through 4.9.x on the ARM platform ...)
@@ -12362,29 +12388,29 @@ CVE-2017-17011
 CVE-2017-17010 (Untrusted search path vulnerability in Content Manager Assistant for ...)
 	NOT-FOR-US: Content Manager Assistant for PlayStation
 CVE-2017-17009
-	RESERVED
+	REJECTED
 CVE-2017-17008
-	RESERVED
+	REJECTED
 CVE-2017-17007
-	RESERVED
+	REJECTED
 CVE-2017-17006
-	RESERVED
+	REJECTED
 CVE-2017-17005
-	RESERVED
+	REJECTED
 CVE-2017-17004
-	RESERVED
+	REJECTED
 CVE-2017-17003
-	RESERVED
+	REJECTED
 CVE-2017-17002
-	RESERVED
+	REJECTED
 CVE-2017-17001
-	RESERVED
+	REJECTED
 CVE-2017-17000
-	RESERVED
+	REJECTED
 CVE-2017-16999
-	RESERVED
+	REJECTED
 CVE-2017-16998
-	RESERVED
+	REJECTED
 CVE-2017-16997 (elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through ...)
 	- glibc 2.25-6 (bug #884615)
 	[stretch] - glibc <no-dsa> (Minor issue)
@@ -17292,8 +17318,8 @@ CVE-2017-15716
 	RESERVED
 CVE-2017-15715
 	RESERVED
-CVE-2017-15714
-	RESERVED
+CVE-2017-15714 (The BIRT plugin in Apache OFBiz 16.11.01 to 16.11.03 does not escape ...)
+	TODO: check
 CVE-2017-15713
 	RESERVED
 CVE-2017-15712
@@ -19652,8 +19678,8 @@ CVE-2017-14962 (In IKARUS anti.virus before 2.16.18, the ntguard.sys driver cont
 	NOT-FOR-US: IKARUS anti.virus
 CVE-2017-14961 (In IKARUS anti.virus 2.16.7, the ntguard.sys driver contains an ...)
 	NOT-FOR-US: IKARUS anti.virus
-CVE-2017-14960
-	RESERVED
+CVE-2017-14960 (xDashboard in OpenText Document Sciences xPression (formerly EMC ...)
+	TODO: check
 CVE-2017-14959
 	RESERVED
 CVE-2017-14958 (lib.php in PivotX 2.3.11 does not properly block uploads of dangerous ...)
@@ -47606,8 +47632,8 @@ CVE-2017-5756
 	RESERVED
 CVE-2017-5755
 	RESERVED
-CVE-2017-5754
-	RESERVED
+CVE-2017-5754 (Systems with microprocessors utilizing speculative execution and ...)
+	{DSA-4078-1}
 	- linux <unfixed>
 	NOTE: https://meltdownattack.com/
 	NOTE: https://xenbits.xen.org/xsa/advisory-254.html
@@ -47615,8 +47641,7 @@ CVE-2017-5754
 	NOTE: http://blog.cyberus-technology.de/posts/2018-01-03-meltdown.html
 	NOTE: Paper: https://meltdownattack.com/meltdown.pdf
 	NOTE: https://01.org/security/advisories/intel-oss-10003
-CVE-2017-5753
-	RESERVED
+CVE-2017-5753 (Systems with microprocessors utilizing speculative execution and ...)
 	- linux <unfixed>
 	NOTE: https://spectreattack.com/
 	NOTE: https://xenbits.xen.org/xsa/advisory-254.html
@@ -47697,8 +47722,7 @@ CVE-2017-5717 (Type Confusion in Content Protection HECI Service in Intel Graphi
 	NOT-FOR-US: Intel graphics driver
 CVE-2017-5716
 	REJECTED
-CVE-2017-5715
-	RESERVED
+CVE-2017-5715 (Systems with microprocessors utilizing speculative execution and ...)
 	- linux <unfixed>
 	NOTE: https://spectreattack.com/
 	NOTE: https://xenbits.xen.org/xsa/advisory-254.html
@@ -59356,8 +59380,8 @@ CVE-2017-1729
 	RESERVED
 CVE-2017-1728
 	RESERVED
-CVE-2017-1727
-	RESERVED
+CVE-2017-1727 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 discloses sensitive ...)
+	TODO: check
 CVE-2017-1726
 	RESERVED
 CVE-2017-1725
@@ -59412,8 +59436,8 @@ CVE-2017-1701
 	RESERVED
 CVE-2017-1700
 	RESERVED
-CVE-2017-1699
-	RESERVED
+CVE-2017-1699 (IBM MQ Managed File Transfer Agent 8.0 and 9.0 sets insecure ...)
+	TODO: check
 CVE-2017-1698 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could reveal sensitive ...)
 	NOT-FOR-US: IBM WebSphere Portal
 CVE-2017-1697
@@ -59464,26 +59488,26 @@ CVE-2017-1675
 	RESERVED
 CVE-2017-1674
 	RESERVED
-CVE-2017-1673
-	RESERVED
-CVE-2017-1672
-	RESERVED
+CVE-2017-1673 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to ...)
+	TODO: check
+CVE-2017-1672 (IBM Tivoli Key Lifecycle Manager 2.6 and 2.7 is vulnerable to ...)
+	TODO: check
 CVE-2017-1671
 	RESERVED
 CVE-2017-1670
 	RESERVED
-CVE-2017-1669
-	RESERVED
+CVE-2017-1669 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 stores sensitive ...)
+	TODO: check
 CVE-2017-1668
 	RESERVED
 CVE-2017-1667
 	RESERVED
 CVE-2017-1666
 	RESERVED
-CVE-2017-1665
-	RESERVED
-CVE-2017-1664
-	RESERVED
+CVE-2017-1665 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than ...)
+	TODO: check
+CVE-2017-1664 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than ...)
+	TODO: check
 CVE-2017-1663
 	RESERVED
 CVE-2017-1662
@@ -124995,8 +125019,8 @@ CVE-2014-7864 (Multiple SQL injection vulnerabilities in the FailOverHelperServl
 	NOT-FOR-US: ZOHO ManageEngine OpManager
 CVE-2014-7863
 	RESERVED
-CVE-2014-7862
-	RESERVED
+CVE-2014-7862 (The DCPluginServelet servlet in ManageEngine Desktop Central and ...)
+	TODO: check
 CVE-2014-7861 (The IOHIDSecurePromptClient function in Apple OS X does not properly ...)
 	NOT-FOR-US: Apple OS X
 CVE-2011-5282



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4e7e72937b4d6111d500a0bf7ebf13eadc3a809f

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4e7e72937b4d6111d500a0bf7ebf13eadc3a809f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180104/007205ef/attachment.html>


More information about the Secure-testing-commits mailing list