[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Jan 11 21:10:21 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fabf37f5 by security tracker role at 2018-01-11T21:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,7 @@
+CVE-2018-5344
+ RESERVED
+CVE-2018-5343
+ RESERVED
CVE-2018-5342
RESERVED
CVE-2018-5341
@@ -372,8 +376,8 @@ CVE-2018-5191
REJECTED
CVE-2018-5190
RESERVED
-CVE-2018-5189
- RESERVED
+CVE-2018-5189 (Race condition in Jungo Windriver 12.5.1 allows local users to cause a ...)
+ TODO: check
CVE-2018-5188
RESERVED
CVE-2018-5187
@@ -3220,8 +3224,7 @@ CVE-2017-18017 (The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c i
- linux 4.11.6-1
[stretch] - linux 4.9.47-1
NOTE: Fixed by: https://git.kernel.org/linus/2638fd0f92d4397884fd991d8f4925cb3f081901
-CVE-2017-18016
- RESERVED
+CVE-2017-18016 (Parity Browser 1.6.10 and earlier allows remote attackers to bypass ...)
NOT-FOR-US: Paritytech Parity Ethereum
CVE-2017-1000493 (Rocket.Chat Server version 0.59 and prior is vulnerable to a NoSQL ...)
NOT-FOR-US: Rocket.Chat Server
@@ -9243,8 +9246,8 @@ CVE-2018-1363
RESERVED
CVE-2018-1362
RESERVED
-CVE-2018-1361
- RESERVED
+CVE-2018-1361 (IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site ...)
+ TODO: check
CVE-2017-17684 (Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c04 ...)
NOT-FOR-US: Panda Global Protection
CVE-2017-17683 (Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c44 ...)
@@ -13551,8 +13554,8 @@ CVE-2018-0120
RESERVED
CVE-2018-0119
RESERVED
-CVE-2018-0118
- RESERVED
+CVE-2018-0118 (A vulnerability in the web-based management interface of Cisco Unified ...)
+ TODO: check
CVE-2018-0117
RESERVED
CVE-2018-0116
@@ -13897,6 +13900,7 @@ CVE-2017-16899 (An array index error in the fig2dev program in Xfig 3.2.6a allow
[jessie] - transfig 1:3.2.5.e-4+deb8u1
[wheezy] - transfig <no-dsa> (Minor issue)
CVE-2017-16898 (The printMP3Headers function in util/listmp3.c in libming v0.4.8 or ...)
+ {DLA-1240-1}
- ming <removed>
NOTE: https://github.com/libming/libming/issues/75
CVE-2017-16897 (A vulnerability has been discovered in the Auth0 passport-wsfed-saml2 ...)
@@ -14002,6 +14006,7 @@ CVE-2017-1000386
CVE-2017-16884 (Cross-site scripting (XSS) vulnerability in MistServer before 2.13 ...)
NOT-FOR-US: MistServer
CVE-2017-16883 (The outputSWF_TEXT_RECORD function in util/outputscript.c in libming <= ...)
+ {DLA-1240-1}
- ming <removed>
NOTE: https://github.com/libming/libming/issues/77
CVE-2017-16882 (Icinga Core through 1.14.0 initially executes bin/icinga as root but ...)
@@ -17879,56 +17884,56 @@ CVE-2012-6707 (WordPress through 4.8.2 uses a weak MD5-based password hashing ..
NOTE: https://core.trac.wordpress.org/ticket/21022
NOTE: Proposed patch (but not merged): https://core.trac.wordpress.org/attachment/ticket/21022/21022.3.diff
NOTE: Cf. https://core.trac.wordpress.org/ticket/21022#comment:80 and following.
-CVE-2017-15637
- RESERVED
-CVE-2017-15636
- RESERVED
-CVE-2017-15635
- RESERVED
-CVE-2017-15634
- RESERVED
-CVE-2017-15633
- RESERVED
-CVE-2017-15632
- RESERVED
-CVE-2017-15631
- RESERVED
-CVE-2017-15630
- RESERVED
-CVE-2017-15629
- RESERVED
-CVE-2017-15628
- RESERVED
-CVE-2017-15627
- RESERVED
-CVE-2017-15626
- RESERVED
-CVE-2017-15625
- RESERVED
-CVE-2017-15624
- RESERVED
-CVE-2017-15623
- RESERVED
-CVE-2017-15622
- RESERVED
-CVE-2017-15621
- RESERVED
-CVE-2017-15620
- RESERVED
-CVE-2017-15619
- RESERVED
-CVE-2017-15618
- RESERVED
-CVE-2017-15617
- RESERVED
-CVE-2017-15616
- RESERVED
-CVE-2017-15615
- RESERVED
-CVE-2017-15614
- RESERVED
-CVE-2017-15613
- RESERVED
+CVE-2017-15637 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
+ TODO: check
+CVE-2017-15636 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
+ TODO: check
+CVE-2017-15635 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
+ TODO: check
+CVE-2017-15634 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
+ TODO: check
+CVE-2017-15633 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
+ TODO: check
+CVE-2017-15632 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
+ TODO: check
+CVE-2017-15631 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
+ TODO: check
+CVE-2017-15630 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
+ TODO: check
+CVE-2017-15629 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
+ TODO: check
+CVE-2017-15628 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
+ TODO: check
+CVE-2017-15627 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
+ TODO: check
+CVE-2017-15626 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
+ TODO: check
+CVE-2017-15625 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
+ TODO: check
+CVE-2017-15624 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
+ TODO: check
+CVE-2017-15623 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
+ TODO: check
+CVE-2017-15622 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
+ TODO: check
+CVE-2017-15621 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
+ TODO: check
+CVE-2017-15620 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
+ TODO: check
+CVE-2017-15619 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
+ TODO: check
+CVE-2017-15618 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
+ TODO: check
+CVE-2017-15617 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
+ TODO: check
+CVE-2017-15616 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
+ TODO: check
+CVE-2017-15615 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
+ TODO: check
+CVE-2017-15614 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
+ TODO: check
+CVE-2017-15613 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
+ TODO: check
CVE-2017-15612 (mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such ...)
- mistune 0.8-1 (bug #879098)
[stretch] - mistune <no-dsa> (Minor issue)
@@ -29358,6 +29363,7 @@ CVE-2017-11733 (A null pointer dereference vulnerability was found in the functi
- ming <removed>
NOTE: https://github.com/libming/libming/issues/78
CVE-2017-11732 (A heap-based buffer overflow vulnerability was found in the function ...)
+ {DLA-1240-1}
- ming <removed>
NOTE: https://github.com/libming/libming/issues/80
CVE-2017-11731 (An invalid memory read vulnerability was found in the function OpCode ...)
@@ -51453,10 +51459,10 @@ CVE-2017-4952
RESERVED
CVE-2017-4951
RESERVED
-CVE-2017-4950
- RESERVED
-CVE-2017-4949
- RESERVED
+CVE-2017-4950 (VMware Workstation and Fusion contain an integer overflow ...)
+ TODO: check
+CVE-2017-4949 (VMware Workstation and Fusion contain a use-after-free vulnerability ...)
+ TODO: check
CVE-2017-4948 (VMware Workstation (14.x before 14.1.0 and 12.x) and Horizon View ...)
NOT-FOR-US: VMware
CVE-2017-4947
@@ -59741,10 +59747,10 @@ CVE-2017-1742
RESERVED
CVE-2017-1741
RESERVED
-CVE-2017-1740
- RESERVED
-CVE-2017-1739
- RESERVED
+CVE-2017-1740 (IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and ...)
+ TODO: check
+CVE-2017-1739 (IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 is ...)
+ TODO: check
CVE-2017-1738
RESERVED
CVE-2017-1737
@@ -59859,8 +59865,8 @@ CVE-2017-1683 (IBM Connections Engagement Center 6.0 is vulnerable to cross-site
NOT-FOR-US: IBM Connections Engagement Center
CVE-2017-1682
RESERVED
-CVE-2017-1681
- RESERVED
+CVE-2017-1681 (IBM WebSphere Application Server (IBM Liberty for Java for Bluemix ...)
+ TODO: check
CVE-2017-1680
RESERVED
CVE-2017-1679
@@ -60265,8 +60271,8 @@ CVE-2017-1480
RESERVED
CVE-2017-1479
RESERVED
-CVE-2017-1478
- RESERVED
+CVE-2017-1478 (IBM Security Access Manager Appliance 9.0.0 allows web pages to be ...)
+ TODO: check
CVE-2017-1477 (IBM Security Access Manager Appliance 9.0.3 is vulnerable to a XML ...)
NOT-FOR-US: IBM
CVE-2017-1476
@@ -121196,8 +121202,8 @@ CVE-2012-6684 (Cross-site scripting (XSS) vulnerability in the RedCloth library
NOTE: http://co3k.org/blog/redcloth-unfixed-xss-en
CVE-2012-6683
RESERVED
-CVE-2012-6682
- RESERVED
+CVE-2012-6682 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
CVE-2012-6681
RESERVED
CVE-2012-6680
@@ -121218,16 +121224,16 @@ CVE-2012-6673
RESERVED
CVE-2012-6672
RESERVED
-CVE-2012-6671
- RESERVED
-CVE-2012-6670
- RESERVED
+CVE-2012-6671 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2012-6670 (Multiple cross-site scripting (XSS) vulnerabilities in the DragonByte ...)
+ TODO: check
CVE-2012-6669
RESERVED
-CVE-2012-6668
- RESERVED
-CVE-2012-6667
- RESERVED
+CVE-2012-6668 (Multiple cross-site scripting (XSS) vulnerabilities in the Shout ...)
+ TODO: check
+CVE-2012-6667 (Cross-site scripting (XSS) vulnerability in vbshout.php in DragonByte ...)
+ TODO: check
CVE-2012-6666
RESERVED
CVE-2010-5313 (Race condition in arch/x86/kvm/x86.c in the Linux kernel before 2.6.38 ...)
@@ -131947,12 +131953,12 @@ CVE-2014-5072
RESERVED
CVE-2014-5071 (SQL injection vulnerability in the checkPassword function in ...)
TODO: check
-CVE-2014-5070
- RESERVED
+CVE-2014-5070 (Symmetricom s350i 2.70.15 allows remote authenticated users to gain ...)
+ TODO: check
CVE-2014-5069 (Cross-site scripting (XSS) vulnerability in Symmetricom s350i 2.70.15 ...)
TODO: check
-CVE-2014-5068
- RESERVED
+CVE-2014-5068 (Directory traversal vulnerability in the web application in ...)
+ TODO: check
CVE-2014-5067
RESERVED
CVE-2014-5066
@@ -146207,8 +146213,7 @@ CVE-2014-0089 (Cross-site scripting (XSS) vulnerability in ...)
- foreman <itp> (bug #663101)
CVE-2014-0088 (The SPDY implementation in the ngx_http_spdy_module module in nginx ...)
- nginx <not-affected> (Only affects 1.5.10)
-CVE-2014-0087
- RESERVED
+CVE-2014-0087 (The check_privileges method in ...)
NOT-FOR-US: RedHat CloudForms Management Engine
CVE-2014-0086 (The doFilter function in webapp/PushHandlerFilter.java in JBoss ...)
NOT-FOR-US: RichFaces
@@ -180616,8 +180621,8 @@ CVE-2012-0701 (The client applications in the DataStage Administrator client in
NOT-FOR-US: IBM InfoSphere Information Server
CVE-2012-0700 (The client in InfoSphere FastTrack 8.1 through 8.7 in IBM InfoSphere ...)
NOT-FOR-US: IBM InfoSphere Information Server
-CVE-2012-0699
- RESERVED
+CVE-2012-0699 (Multiple cross-site request forgery (CSRF) vulnerabilities in Family ...)
+ TODO: check
CVE-2012-0698 (tcsd in TrouSerS before 0.3.10 allows remote attackers to cause a ...)
{DSA-2576-1}
- trousers 0.3.9-1 (low; bug #692649)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fabf37f5be6000d507faabb42676bc82fd1839a5
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fabf37f5be6000d507faabb42676bc82fd1839a5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180111/9ba46dbf/attachment.html>
More information about the Secure-testing-commits
mailing list