[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Jan 10 09:10:22 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fdedb1b7 by security tracker role at 2018-01-10T09:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,45 @@
+CVE-2018-5331
+ RESERVED
+CVE-2018-5330
+ RESERVED
+CVE-2018-5329
+ RESERVED
+CVE-2018-5328
+ RESERVED
+CVE-2018-5327
+ RESERVED
+CVE-2018-5326
+ RESERVED
+CVE-2018-5325
+ RESERVED
+CVE-2018-5324
+ RESERVED
+CVE-2018-5323
+ RESERVED
+CVE-2018-5322
+ RESERVED
+CVE-2018-5321
+ RESERVED
+CVE-2018-5320
+ RESERVED
+CVE-2018-5319
+ RESERVED
+CVE-2018-5318
+ RESERVED
+CVE-2018-5317
+ RESERVED
+CVE-2018-5316 (The "SagePay Server Gateway for WooCommerce" plugin before 1.0.9 for ...)
+ TODO: check
+CVE-2018-5315
+ RESERVED
+CVE-2018-5314
+ RESERVED
+CVE-2017-1000465 (Sulu-standard version 1.6.6 is vulnerable to stored cross-site ...)
+ TODO: check
+CVE-2017-1000429 (rui Li finecms 5.0.10 is vulnerable to a reflected XSS in the file ...)
+ TODO: check
+CVE-2017-1000428 (flatCore-CMS 1.4.6 is vulnerable to reflected XSS in ...)
+ TODO: check
CVE-2017-18026 [Remote command execution through mercurial adapter]
- redmine <unfixed>
[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
@@ -952,14 +994,13 @@ CVE-2018-4873
RESERVED
CVE-2018-4872
RESERVED
-CVE-2018-4871
- RESERVED
+CVE-2018-4871 (An Out-of-bounds Read issue was discovered in Adobe Flash Player before ...)
NOT-FOR-US: Adobe Flash Player
CVE-2018-4870
RESERVED
CVE-2018-4869
RESERVED
-CVE-2018-4868 (** DISPUTED ** The Exiv2::Jp2Image::readMetadata function in ...)
+CVE-2018-4868 (The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 ...)
- exiv2 <unfixed>
[stretch] - exiv2 <no-dsa> (Minor issue)
[jessie] - exiv2 <no-dsa> (Minor issue)
@@ -3410,6 +3451,7 @@ CVE-2017-1000436
CVE-2017-1000435
REJECTED
CVE-2017-1000501 (Awstats version 7.6 and earlier is vulnerable to a path traversal flaw ...)
+ {DLA-1238-1}
- awstats <unfixed> (bug #885835)
NOTE: https://github.com/eldy/awstats/commit/cf219843a74c951bf5986f3a7fffa3dcf99c3899
NOTE: https://github.com/eldy/awstats/commit/06c0ab29c1e5059d9e0279c6b64d573d619e1651
@@ -3822,8 +3864,8 @@ CVE-2018-3612
RESERVED
CVE-2018-3611
RESERVED
-CVE-2018-3610
- RESERVED
+CVE-2018-3610 (SEMA driver in Intel Driver and Support Assistant before version 3.1.1 ...)
+ TODO: check
CVE-2017-17968 (A buffer overflow vulnerability in NetTransport.exe in NetTransport ...)
NOT-FOR-US: NetTransport Download Manager
CVE-2017-17967 (pptreader.dll in Kingsoft WPS Office 10.1.0.6930 allows remote ...)
@@ -11772,10 +11814,10 @@ CVE-2018-0821
RESERVED
CVE-2018-0820
RESERVED
-CVE-2018-0819
- RESERVED
-CVE-2018-0818
- RESERVED
+CVE-2018-0819 (Microsoft Office 2016 for Mac allows an attacker to send a specially ...)
+ TODO: check
+CVE-2018-0818 (Microsoft ChakraCore allows an attacker to bypass Control Flow Guard ...)
+ TODO: check
CVE-2018-0817
RESERVED
CVE-2018-0816
@@ -11786,8 +11828,8 @@ CVE-2018-0814
RESERVED
CVE-2018-0813
RESERVED
-CVE-2018-0812
- RESERVED
+CVE-2018-0812 (Equation Editor in Microsoft Office 2003, Microsoft Office 2007, ...)
+ TODO: check
CVE-2018-0811
RESERVED
CVE-2018-0810
@@ -11796,54 +11838,54 @@ CVE-2018-0809
RESERVED
CVE-2018-0808
RESERVED
-CVE-2018-0807
- RESERVED
-CVE-2018-0806
- RESERVED
-CVE-2018-0805
- RESERVED
-CVE-2018-0804
- RESERVED
+CVE-2018-0807 (Equation Editor in Microsoft Office 2003, Microsoft Office 2007, ...)
+ TODO: check
+CVE-2018-0806 (Equation Editor in Microsoft Office 2003, Microsoft Office 2007, ...)
+ TODO: check
+CVE-2018-0805 (Equation Editor in Microsoft Office 2003, Microsoft Office 2007, ...)
+ TODO: check
+CVE-2018-0804 (Equation Editor in Microsoft Office 2003, Microsoft Office 2007, ...)
+ TODO: check
CVE-2018-0803 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, ...)
NOT-FOR-US: Microsoft
-CVE-2018-0802
- RESERVED
-CVE-2018-0801
- RESERVED
+CVE-2018-0802 (Equation Editor in Microsoft Office 2007, Microsoft Office 2010, ...)
+ TODO: check
+CVE-2018-0801 (Equation Editor in Microsoft Office 2007, Microsoft Office 2010, ...)
+ TODO: check
CVE-2018-0800 (Microsoft Edge in Microsoft Windows 10 1709 allows an attacker to ...)
NOT-FOR-US: Microsoft
-CVE-2018-0799
- RESERVED
-CVE-2018-0798
- RESERVED
-CVE-2018-0797
- RESERVED
-CVE-2018-0796
- RESERVED
-CVE-2018-0795
- RESERVED
-CVE-2018-0794
- RESERVED
-CVE-2018-0793
- RESERVED
-CVE-2018-0792
- RESERVED
-CVE-2018-0791
- RESERVED
-CVE-2018-0790
- RESERVED
-CVE-2018-0789
- RESERVED
+CVE-2018-0799 (Microsoft Access in Microsoft SharePoint Enterprise Server 2013 and ...)
+ TODO: check
+CVE-2018-0798 (Equation Editor in Microsoft Office 2007, Microsoft Office 2010, ...)
+ TODO: check
+CVE-2018-0797 (Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office ...)
+ TODO: check
+CVE-2018-0796 (Microsoft Excel in Microsoft Office 2007, Microsoft Office 2010, ...)
+ TODO: check
+CVE-2018-0795 (Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office ...)
+ TODO: check
+CVE-2018-0794 (Microsoft Word in Microsoft Office 2007, Microsoft Office 2010, ...)
+ TODO: check
+CVE-2018-0793 (Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook ...)
+ TODO: check
+CVE-2018-0792 (Microsoft Word 2016 in Microsoft Office 2016 allows a remote code ...)
+ TODO: check
+CVE-2018-0791 (Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook ...)
+ TODO: check
+CVE-2018-0790 (Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 ...)
+ TODO: check
+CVE-2018-0789 (Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 ...)
+ TODO: check
CVE-2018-0788 (The Windows Adobe Type Manager Font Driver (Atmfd.dll) in Windows 7 ...)
NOT-FOR-US: Microsoft
CVE-2018-0787
RESERVED
-CVE-2018-0786
- RESERVED
-CVE-2018-0785
- RESERVED
-CVE-2018-0784
- RESERVED
+CVE-2018-0786 (Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, ...)
+ TODO: check
+CVE-2018-0785 (ASP.NET Core 1.0. 1.1, and 2.0 allow a cross site request forgery ...)
+ TODO: check
+CVE-2018-0784 (ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege ...)
+ TODO: check
CVE-2018-0783
RESERVED
CVE-2018-0782
@@ -11882,8 +11924,8 @@ CVE-2018-0766 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 17
NOT-FOR-US: Microsoft
CVE-2018-0765
RESERVED
-CVE-2018-0764
- RESERVED
+CVE-2018-0764 (Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, ...)
+ TODO: check
CVE-2018-0763
RESERVED
CVE-2018-0762 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and ...)
@@ -14711,8 +14753,8 @@ CVE-2017-16742
RESERVED
CVE-2017-16741
RESERVED
-CVE-2017-16740
- RESERVED
+CVE-2017-16740 (A Buffer Overflow issue was discovered in Rockwell Automation ...)
+ TODO: check
CVE-2017-16739
RESERVED
CVE-2017-16738
@@ -19260,8 +19302,8 @@ CVE-2017-15133
RESERVED
CVE-2017-15132
RESERVED
-CVE-2017-15131
- RESERVED
+CVE-2017-15131 (It was found that system umask policy is not being honored when ...)
+ TODO: check
CVE-2017-15130
RESERVED
CVE-2017-15129 (A use-after-free vulnerability was found in network namespaces code ...)
@@ -19291,8 +19333,7 @@ CVE-2017-15126 [Use-after-free in userfaultfd_event_wait_completion function in
CVE-2017-15125
RESERVED
NOT-FOR-US: Red Hat CloudForms
-CVE-2017-15124 [memory exhaustion through framebuffer update request message in VNC server]
- RESERVED
+CVE-2017-15124 (VNC server implementation in Quick Emulator (QEMU) before 2.14.3 was ...)
- qemu <unfixed> (bug #884806)
[stretch] - qemu <postponed> (Can be fixed along in later update)
[jessie] - qemu <postponed> (Can be fixed along in later update)
@@ -26768,12 +26809,12 @@ CVE-2017-12699 (An Incorrect Default Permissions issue was discovered in AzeoTec
NOT-FOR-US: AzeoTech DAQFactory
CVE-2017-12698 (An Improper Authentication issue was discovered in Advantech WebAccess ...)
NOT-FOR-US: Advantech WebAccess
-CVE-2017-12697
- RESERVED
+CVE-2017-12697 (A Man-in-the-Middle issue was discovered in General Motors (GM) and ...)
+ TODO: check
CVE-2017-12696
RESERVED
-CVE-2017-12695
- RESERVED
+CVE-2017-12695 (An Improper Authentication issue was discovered in General Motors (GM) ...)
+ TODO: check
CVE-2017-12694 (A Directory Traversal issue was discovered in SpiderControl SCADA Web ...)
NOT-FOR-US: SpiderControl SCADA Web Server
CVE-2017-1000101 (curl supports "globbing" of URLs, in which a user can pass a numerical ...)
@@ -27014,8 +27055,8 @@ CVE-2017-12624 (Apache CXF supports sending and receiving attachments via either
NOT-FOR-US: Apache CXF
CVE-2017-12623 (An authorized user could upload a template which contained malicious ...)
NOT-FOR-US: Apache NiFi
-CVE-2017-12622
- RESERVED
+CVE-2017-12622 (When an Apache Geode cluster before v1.3.0 is operating in secure mode ...)
+ TODO: check
CVE-2017-12621 (During Jelly (xml) file parsing with Apache Xerces, if a custom ...)
- jenkins-commons-jelly <removed>
[jessie] - jenkins-commons-jelly <ignored> (Minor issue, only used by Jenkins which got removed)
@@ -33372,10 +33413,10 @@ CVE-2017-9798 (Apache httpd allows remote attackers to read secret data from pro
NOTE: Patch backport for 2.2: https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch
CVE-2017-9797 (When an Apache Geode cluster before v1.2.1 is operating in secure ...)
NOT-FOR-US: Apache Geode
-CVE-2017-9796
- RESERVED
-CVE-2017-9795
- RESERVED
+CVE-2017-9796 (When an Apache Geode cluster before v1.3.0 is operating in secure ...)
+ TODO: check
+CVE-2017-9795 (When an Apache Geode cluster before v1.3.0 is operating in secure ...)
+ TODO: check
CVE-2017-9794 (When a cluster is operating in secure mode, a user with read ...)
NOT-FOR-US: Apache Geode
CVE-2017-9793 (The REST Plugin in Apache Struts 2.3.7 through 2.3.33 and 2.5 through ...)
@@ -35472,8 +35513,8 @@ CVE-2017-9665
RESERVED
CVE-2017-9664
RESERVED
-CVE-2017-9663
- RESERVED
+CVE-2017-9663 (An Cleartext Storage of Sensitive Information issue was discovered in ...)
+ TODO: check
CVE-2017-9662 (An Improper Privilege Management issue was discovered in Fuji Electric ...)
NOT-FOR-US: Fuji Electric Monitouch V-SFT
CVE-2017-9661 (An Uncontrolled Search Path Element issue was discovered in SIMPlight ...)
@@ -43617,10 +43658,10 @@ CVE-2016-10259 (Blue Coat SSL Visibility (SSLV) 3.x before 3.11.3.1 is susceptib
NOT-FOR-US: Blue Coat
CVE-2016-10258
RESERVED
-CVE-2016-10257
- RESERVED
-CVE-2016-10256
- RESERVED
+CVE-2016-10257 (The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to ...)
+ TODO: check
+CVE-2016-10256 (The Symantec ProxySG 6.5 (prior to 6.5.10.6), 6.6, and 6.7 (prior to ...)
+ TODO: check
CVE-2017-7235 (An issue was discovered in cloudflare-scrape 1.6.6 through 1.7.1. A ...)
NOT-FOR-US: cloudflare-scrape
CVE-2017-7234 (A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before ...)
@@ -65187,10 +65228,10 @@ CVE-2016-9111 (Incorrect access control mechanisms in Citrix Receiver Desktop Lo
NOT-FOR-US: Citrix
CVE-2016-9110
RESERVED
-CVE-2016-9100
- REJECTED
-CVE-2016-9099
- REJECTED
+CVE-2016-9100 (Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.13, ASG 6.7 ...)
+ TODO: check
+CVE-2016-9099 (Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 prior to 6.7.2.1, ...)
+ TODO: check
CVE-2016-9098
REJECTED
CVE-2016-9097 (The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, ...)
@@ -67072,8 +67113,8 @@ CVE-2016-8495 (An improper certificate validation vulnerability in Fortinet ...)
NOT-FOR-US: FortiManager
CVE-2016-8494 (Insufficient verification of uploaded files allows attackers with ...)
NOT-FOR-US: Fortiguard
-CVE-2016-8493
- REJECTED
+CVE-2016-8493 (In FortiClientWindows 5.4.1 and 5.4.2, an attacker may escalate ...)
+ TODO: check
CVE-2016-8492 (The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows ...)
NOT-FOR-US: Fortinet FortiWLC
CVE-2016-8491 (The presence of a hardcoded account named 'core' in Fortinet FortiWLC ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fdedb1b7ed8d6f7a82853bf1c0a5f68405315a87
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fdedb1b7ed8d6f7a82853bf1c0a5f68405315a87
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180110/9c35d857/attachment.html>
More information about the Secure-testing-commits
mailing list