[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Jan 16 21:10:30 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
439a5396 by security tracker role at 2018-01-16T21:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,11 +1,46 @@
-CVE-2018-5704
+CVE-2018-5720
RESERVED
-CVE-2018-5703 [KASAN: slab-out-of-bounds Write in tcp_v6_syn_recv_sock]
+CVE-2018-5719
RESERVED
+CVE-2018-5718
+ RESERVED
+CVE-2018-5717
+ RESERVED
+CVE-2018-5716
+ RESERVED
+CVE-2018-5715 (phprint.php in SugarCRM 3.5.1 has XSS via a parameter name in the query ...)
+ TODO: check
+CVE-2018-5714 (In Malwarefox Anti-Malware 2.72.169, the driver file (zam64.sys) allows ...)
+ TODO: check
+CVE-2018-5713 (In Malwarefox Anti-Malware 2.72.169, the driver file (zam64.sys) allows ...)
+ TODO: check
+CVE-2018-5712 (An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, ...)
+ TODO: check
+CVE-2018-5711 (gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP ...)
+ TODO: check
+CVE-2018-5710 (An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The ...)
+ TODO: check
+CVE-2018-5709 (An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. ...)
+ TODO: check
+CVE-2018-5708
+ RESERVED
+CVE-2018-5707
+ RESERVED
+CVE-2018-5706 (An issue was discovered in Octopus Deploy before 4.1.9. Any user with ...)
+ TODO: check
+CVE-2018-5705
+ RESERVED
+CVE-2018-1000003
+ RESERVED
+CVE-2018-1000002
+ RESERVED
+CVE-2018-5704 (Open On-Chip Debugger (OpenOCD) 0.10.0 does not block attempts to use ...)
+ TODO: check
+CVE-2018-5703 (The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux ...)
- linux <unfixed>
NOTE: https://lkml.org/lkml/2018/1/16/53
-CVE-2017-18032
- RESERVED
+CVE-2017-18032 (The download-manager plugin before 2.9.52 for WordPress has XSS via the ...)
+ TODO: check
CVE-2018-5701
RESERVED
CVE-2018-5700 (Winmail Server through 6.2 allows remote code execution by ...)
@@ -732,8 +767,8 @@ CVE-2018-5372 (The Testimonial Slider plugin through 1.2.4 for WordPress has SQL
NOT-FOR-US: Testimonial Slider plugin for WordPress
CVE-2018-5371 (diag_ping.cmd on D-Link DSL-2640U devices with firmware IM_1.00 and ...)
NOT-FOR-US: D-Link
-CVE-2018-5370
- RESERVED
+CVE-2018-5370 (BizLogic xnami 1.0 has XSS via the comment parameter in an addComment ...)
+ TODO: check
CVE-2018-5369 (The SrbTransLatin plugin 1.46 for WordPress has XSS via an ...)
NOT-FOR-US: SrbTransLatin plugin for WordPress
CVE-2018-5368 (The SrbTransLatin plugin 1.46 for WordPress has CSRF via an ...)
@@ -793,9 +828,10 @@ CVE-2018-5347 (Seagate Media Server in Seagate Personal Cloud has unauthenticate
NOT-FOR-US: Seagate Media Server in Seagate Personal Cloud
CVE-2018-5346
RESERVED
-CVE-2018-1000004 [ALSA: seq: Make ioctls race-free]
+CVE-2018-1000004 (In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a ...)
- linux <unfixed>
CVE-2018-1000001 [Libc Realpath Buffer Underflow]
+ RESERVED
- glibc 2.26-4 (bug #887001)
[stretch] - glibc <postponed> (Minor issue, can be fixed along in next DSA or preferably point release)
[jessie] - glibc <postponed> (Minor issue, can be fixed along in next DSA or preferably point release)
@@ -856,8 +892,8 @@ CVE-2017-1000439
REJECTED
CVE-2018-5331 (Discuz! DiscuzX X3.4 has XSS via the view parameter to ...)
NOT-FOR-US: Discuz!
-CVE-2018-5330
- RESERVED
+CVE-2018-5330 (ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of ...)
+ TODO: check
CVE-2018-5329 (ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 is vulnerable to Cross-Site ...)
NOT-FOR-US: ZUUSE BEIMS ContractorWeb .NET
CVE-2018-5328 (ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows access to various ...)
@@ -11195,8 +11231,8 @@ CVE-2017-17431 (GeniXCMS 1.1.5 has XSS via the from, id, lang, menuid, mod, q, s
NOT-FOR-US: GeniXCMS
CVE-2017-17430 (Sangoma NetBorder / Vega Session Controller before 2.3.12-80-GA allows ...)
NOT-FOR-US: Sangoma NetBorder / Vega Session Controller
-CVE-2017-17429
- RESERVED
+CVE-2017-17429 (In K7 Antivirus Premium before 15.1.0.53, user-controlled input to the ...)
+ TODO: check
CVE-2017-17428
RESERVED
NOT-FOR-US: Cisco ACE
@@ -16103,24 +16139,24 @@ CVE-2017-16559
RESERVED
CVE-2017-16558
RESERVED
-CVE-2017-16557
- RESERVED
-CVE-2017-16556
- RESERVED
-CVE-2017-16555
- RESERVED
-CVE-2017-16554
- RESERVED
-CVE-2017-16553
- RESERVED
-CVE-2017-16552
- RESERVED
-CVE-2017-16551
- RESERVED
-CVE-2017-16550
- RESERVED
-CVE-2017-16549
- RESERVED
+CVE-2017-16557 (K7 Antivirus Premium before 15.1.0.53 allows local users to gain ...)
+ TODO: check
+CVE-2017-16556 (In K7 Antivirus Premium before 15.1.0.53, user-controlled input can be ...)
+ TODO: check
+CVE-2017-16555 (K7 Antivirus Premium before 15.1.0.53 allows local users to gain ...)
+ TODO: check
+CVE-2017-16554 (K7 Antivirus Premium before 15.1.0.53 allows local users to write to ...)
+ TODO: check
+CVE-2017-16553 (K7 Antivirus Premium before 15.1.0.53 allows local users to gain ...)
+ TODO: check
+CVE-2017-16552 (K7 Antivirus Premium before 15.1.0.53 allows local users to write to ...)
+ TODO: check
+CVE-2017-16551 (K7 Antivirus Premium before 15.1.0.53 allows local users to gain ...)
+ TODO: check
+CVE-2017-16550 (K7 Antivirus Premium before 15.1.0.53 allows local users to write to ...)
+ TODO: check
+CVE-2017-16549 (K7 Antivirus Premium before 15.1.0.53 allows local users to write to ...)
+ TODO: check
CVE-2017-16548 (The receive_xattr function in xattrs.c in rsync 3.1.2 and ...)
{DSA-4068-1 DLA-1218-1}
- rsync 3.1.2-2.1 (bug #880954)
@@ -19595,7 +19631,7 @@ CVE-2017-15326
RESERVED
CVE-2017-15325
RESERVED
-CVE-2017-15324 (Huawei S12700 V200R006C00, V200R007C00, V200R007C01, V200R007C20, ...)
+CVE-2017-15324 (Huawei S5700 and S6700 with software of V200R005C00 have a DoS ...)
NOT-FOR-US: Huawei
CVE-2017-15323
RESERVED
@@ -20222,7 +20258,7 @@ CVE-2017-15126 (A use-after-free flaw was found in fs/userfaultfd.c in the Linux
CVE-2017-15125
RESERVED
NOT-FOR-US: Red Hat CloudForms
-CVE-2017-15124 (VNC server implementation in Quick Emulator (QEMU) before 2.14.3 was ...)
+CVE-2017-15124 (VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older ...)
- qemu <unfixed> (bug #884806)
[stretch] - qemu <postponed> (Can be fixed along in later update)
[jessie] - qemu <postponed> (Can be fixed along in later update)
@@ -32502,8 +32538,8 @@ CVE-2017-11074
RESERVED
CVE-2017-11073 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-11072
- RESERVED
+CVE-2017-11072 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
+ TODO: check
CVE-2017-11071
RESERVED
CVE-2017-11070
@@ -39336,8 +39372,8 @@ CVE-2017-8804 (The xdr_bytes and xdr_string functions in the GNU C Library (aka
NOTE: Proposed patch: https://sourceware.org/ml/libc-alpha/2017-05/msg00105.html
CVE-2017-8803 (Notepad++ 7.3.3 (32-bit) with Hex Editor Plugin v0.9.5 might allow ...)
NOT-FOR-US: Notepad++
-CVE-2017-8802
- RESERVED
+CVE-2017-8802 (Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite ...)
+ TODO: check
CVE-2017-8801 (Trend Micro OfficeScan 11.0 before SP1 CP 6325 (with Agent Module Build ...)
NOT-FOR-US: Trend Micro
CVE-2017-8800
@@ -95612,16 +95648,16 @@ CVE-2016-0221 (Cross-site scripting (XSS) vulnerability in IBM Cognos TM1, as us
NOT-FOR-US: IBM
CVE-2016-0220
RESERVED
-CVE-2016-0219
- RESERVED
+CVE-2016-0219 (XML external entity (XXE) vulnerability in IBM Rational Team Concert ...)
+ TODO: check
CVE-2016-0218 (IBM Cognos Business Intelligence and IBM Cognos Analytics are ...)
NOT-FOR-US: IBM
CVE-2016-0217 (IBM Cognos Business Intelligence and IBM Cognos Analytics are ...)
NOT-FOR-US: IBM
CVE-2016-0216 (Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 ...)
NOT-FOR-US: IBM
-CVE-2016-0215
- RESERVED
+CVE-2016-0215 (IBM DB2 9.7, 10.1 before FP6, and 10.5 before FP8 on AIX, Linux, HP, ...)
+ TODO: check
CVE-2016-0214 (IBM Tivoli Endpoint Manager could allow a remote attacker to upload ...)
NOT-FOR-US: IBM
CVE-2016-0213 (Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 ...)
@@ -95636,8 +95672,8 @@ CVE-2016-0209 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal
NOT-FOR-US: IBM
CVE-2016-0208 (IBM WebSphere Commerce 6.x through 6.0.0.11, 7.x through 7.0.0.9, and ...)
NOT-FOR-US: IBM
-CVE-2016-0207
- RESERVED
+CVE-2016-0207 (IBM Algorithmics One-Algo Risk Application (ARA) 4.9.1 through 5.1.0 ...)
+ TODO: check
CVE-2016-0206 (IBM Cloud Orchestrator could allow a local authenticated attacker to ...)
NOT-FOR-US: IBM
CVE-2016-0205
@@ -99361,12 +99397,12 @@ CVE-2015-7488 (IBM Spectrum Scale 4.1.1.x before 4.1.1.4 and 4.2.x before 4.2.0.
NOT-FOR-US: IBM
CVE-2015-7487 (IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 ...)
NOT-FOR-US: IBM
-CVE-2015-7486
- RESERVED
-CVE-2015-7485
- RESERVED
-CVE-2015-7484
- RESERVED
+CVE-2015-7486 (Cross-site scripting (XSS) vulnerability in IBM Rational Engineering ...)
+ TODO: check
+CVE-2015-7485 (Cross-site scripting (XSS) vulnerability in IBM Rational Engineering ...)
+ TODO: check
+CVE-2015-7484 (IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 ...)
+ TODO: check
CVE-2015-7483
RESERVED
CVE-2015-7482
@@ -99385,8 +99421,8 @@ CVE-2015-7476
RESERVED
CVE-2015-7475
RESERVED
-CVE-2015-7474
- RESERVED
+CVE-2015-7474 (Cross-site scripting (XSS) vulnerability in Jazz Foundation in IBM ...)
+ TODO: check
CVE-2015-7473 (runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to ...)
NOT-FOR-US: IBM
CVE-2015-7472 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...)
@@ -120412,8 +120448,7 @@ CVE-2014-XXXX [denial of service with specific packets]
NOTE: https://redmine.openinfosecfoundation.org/issues/1272
NOTE: https://github.com/inliniac/libhtp/commit/4acebf251bb6c8343dd5f37f1b48cb38fec4fed4
NOTE: CVE Request: http://seclists.org/oss-sec/2014/q4/1035
-CVE-2014-9485 [miniunzip directory traversal]
- RESERVED
+CVE-2014-9485 (Directory traversal vulnerability in the do_extract_currentfile ...)
- minizip 1.1-5 (low; bug #774321)
CVE-2014-9426 (** DISPUTED ** The apprentice_load function in libmagic/apprentice.c ...)
NOTE: Disputed PHP issue to be rejected, code wasn't present in squeeze/wheezy or file (PHP-specific)
@@ -120438,8 +120473,7 @@ CVE-2014-9414 (The W3 Total Cache plugin before 0.9.4.1 for WordPress does not .
NOT-FOR-US: WordPress plugin W3 Total Cache
CVE-2014-9413 (Multiple cross-site request forgery (CSRF) vulnerabilities in the IP ...)
NOT-FOR-US: IP Ban (simple-ip-ban) plugin for WordPress
-CVE-2014-9482 [dwarfdump use after free]
- RESERVED
+CVE-2014-9482 (Use-after-free vulnerability in dwarfdump in libdwarf 20130126 through ...)
- dwarfutils <not-affected> (Vulnerable code introduced later, see bug #774530)
NOTE: http://www.openwall.com/lists/oss-security/2014/12/31/3
CVE-2014-9427 (sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x ...)
@@ -130522,8 +130556,7 @@ CVE-2014-6073
RESERVED
CVE-2014-6072
RESERVED
-CVE-2014-6071 [cross-site scripting flaw]
- RESERVED
+CVE-2014-6071 (jQuery 1.4.2 allows remote attackers to conduct cross-site scripting ...)
- jquery 1.6.1-1
[squeeze] - jquery <no-dsa> (Only exploitable when following anti-patterns)
NOTE: see https://bugzilla.redhat.com/show_bug.cgi?id=1136683#c2
@@ -131782,8 +131815,7 @@ CVE-2014-6028 (TorrentFlux 2.4 allows remote authenticated users to obtain other
- torrentflux <removed> (bug #759573)
[wheezy] - torrentflux <no-dsa> (Minor issue)
[squeeze] - torrentflux <no-dsa> (Minor issue)
-CVE-2014-6027 [XSS]
- RESERVED
+CVE-2014-6027 (Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.4 ...)
- torrentflux <removed> (bug #759574)
[wheezy] - torrentflux <no-dsa> (Minor issue)
[squeeze] - torrentflux <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/439a53961182eb6108b887c4867d700b705cf07a
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/439a53961182eb6108b887c4867d700b705cf07a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180116/d2d79490/attachment-0001.html>
More information about the Secure-testing-commits
mailing list