[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Jan 31 21:10:20 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a83985ce by security tracker role at 2018-01-31T21:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,139 @@
+CVE-2018-6480 (A type confusion issue was discovered in CCN-lite 2, leading to a ...)
+ TODO: check
+CVE-2018-6479 (An issue was discovered on Netwave IP Camera devices. An ...)
+ TODO: check
+CVE-2018-6478
+ RESERVED
+CVE-2018-6477
+ RESERVED
+CVE-2018-6476 (In SUPERAntiSpyware Professional Trial 6.0.1254, the SASKUTIL.SYS ...)
+ TODO: check
+CVE-2018-6475 (In SUPERAntiSpyware Professional Trial 6.0.1254, SUPERAntiSpyware.exe ...)
+ TODO: check
+CVE-2018-6474 (In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file ...)
+ TODO: check
+CVE-2018-6473 (In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file ...)
+ TODO: check
+CVE-2018-6472 (In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file ...)
+ TODO: check
+CVE-2018-6471 (In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file ...)
+ TODO: check
+CVE-2018-6470
+ RESERVED
+CVE-2018-6469
+ RESERVED
+CVE-2018-6468
+ RESERVED
+CVE-2018-6467
+ RESERVED
+CVE-2018-6466
+ RESERVED
+CVE-2018-6465 (The PropertyHive plugin before 1.4.15 for WordPress has XSS via the ...)
+ TODO: check
+CVE-2018-6464 (Simditor v2.3.11 allows XSS via crafted use of svg/onload=alert in a ...)
+ TODO: check
+CVE-2018-6463
+ RESERVED
+CVE-2018-6462 (Tracker PDF-XChange Viewer and Viewer AX SDK before 2.5.322.8 mishandle ...)
+ TODO: check
+CVE-2018-6461
+ RESERVED
+CVE-2018-6460 (Hotspot Shield runs a webserver with a static IP address 127.0.0.1 and ...)
+ TODO: check
+CVE-2018-6459
+ RESERVED
+CVE-2018-6458
+ RESERVED
+CVE-2018-6457
+ RESERVED
+CVE-2018-6456
+ RESERVED
+CVE-2018-6455
+ RESERVED
+CVE-2018-6454
+ RESERVED
+CVE-2018-6453
+ RESERVED
+CVE-2018-6452
+ RESERVED
+CVE-2018-6451
+ RESERVED
+CVE-2018-6450
+ RESERVED
+CVE-2018-6449
+ RESERVED
+CVE-2018-6448
+ RESERVED
+CVE-2018-6447
+ RESERVED
+CVE-2018-6446
+ RESERVED
+CVE-2018-6445
+ RESERVED
+CVE-2018-6444
+ RESERVED
+CVE-2018-6443
+ RESERVED
+CVE-2018-6442
+ RESERVED
+CVE-2018-6441
+ RESERVED
+CVE-2018-6440
+ RESERVED
+CVE-2018-6439
+ RESERVED
+CVE-2018-6438
+ RESERVED
+CVE-2018-6437
+ RESERVED
+CVE-2018-6436
+ RESERVED
+CVE-2018-6435
+ RESERVED
+CVE-2018-6434
+ RESERVED
+CVE-2018-6433
+ RESERVED
+CVE-2018-6432
+ RESERVED
+CVE-2018-6431
+ RESERVED
+CVE-2018-6430
+ RESERVED
+CVE-2018-6429
+ RESERVED
+CVE-2018-6428
+ RESERVED
+CVE-2018-6427
+ RESERVED
+CVE-2018-6426
+ RESERVED
+CVE-2018-6425
+ RESERVED
+CVE-2018-6424
+ RESERVED
+CVE-2018-6423
+ RESERVED
+CVE-2018-6422
+ RESERVED
+CVE-2018-6421
+ RESERVED
+CVE-2018-6420
+ RESERVED
+CVE-2018-6419
+ RESERVED
+CVE-2018-6418
+ RESERVED
+CVE-2018-6417
+ RESERVED
+CVE-2018-6416
+ RESERVED
+CVE-2018-6415
+ RESERVED
+CVE-2018-6414
+ RESERVED
+CVE-2018-6413
+ RESERVED
CVE-2018-6412 (In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c ...)
- linux <unfixed>
NOTE: https://marc.info/?l=linux-fbdev&m=151734425901499&w=2
@@ -62,8 +198,8 @@ CVE-2018-6386
RESERVED
CVE-2018-6385
RESERVED
-CVE-2018-6384
- RESERVED
+CVE-2018-6384 (Unquoted Windows search path vulnerability in NSClient++ before ...)
+ TODO: check
CVE-2018-6383 (Monstra CMS through 3.0.4 has an incomplete "forbidden types" list that ...)
NOT-FOR-US: Monstra CMS
CVE-2018-6382 (MantisBT 2.10.0 allows local users to conduct SQL Injection attacks via ...)
@@ -1116,8 +1252,7 @@ CVE-2018-1000007 (libcurl 7.1 through 7.57.0 might accidentally leak authenticat
- curl 7.58.0-1
NOTE: https://curl.haxx.se/docs/adv_2018-b3bf.html
NOTE: Patch: https://github.com/curl/curl/commit/af32cd3859336ab.patch
-CVE-2018-5996 [Memory Corruptions via RAR PPMd]
- RESERVED
+CVE-2018-5996 (Insufficient exception handling in the method ...)
- p7zip-rar 16.02-2 (bug #888314)
[stretch] - p7zip-rar <no-dsa> (Non-free not supported)
[jessie] - p7zip-rar <no-dsa> (Non-free not supported)
@@ -1604,8 +1739,7 @@ CVE-2018-5774
RESERVED
CVE-2018-5773 (An issue was discovered in markdown2 (aka python-markdown2) through ...)
NOT-FOR-US: python-markdown2 (not our markdown, different code base)
-CVE-2017-18043 [integer overflow in ROUND_UP macro could result in DoS]
- RESERVED
+CVE-2017-18043 (Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) ...)
- qemu 1:2.10.0+dfsg-2
[stretch] - qemu <postponed> (Can be fixed along in a future DSA)
[jessie] - qemu <postponed> (Can be fixed along in a future DSA)
@@ -1875,8 +2009,8 @@ CVE-2018-5703 (The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the L
NOTE: https://lkml.org/lkml/2018/1/16/53
CVE-2017-18032 (The download-manager plugin before 2.9.52 for WordPress has XSS via the ...)
NOT-FOR-US: download-manager plugin for WordPress
-CVE-2018-5701
- RESERVED
+CVE-2018-5701 (In Iolo System Shield AntiVirus and AntiSpyware 5.0.0.136, the amp.sys ...)
+ TODO: check
CVE-2018-5700 (Winmail Server through 6.2 allows remote code execution by ...)
NOT-FOR-US: Winmail Server
CVE-2018-5699
@@ -2670,8 +2804,7 @@ CVE-2018-5346
RESERVED
CVE-2018-1000004 (In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a ...)
- linux <unfixed>
-CVE-2018-1000001 [Libc Realpath Buffer Underflow]
- RESERVED
+CVE-2018-1000001 (In glibc 2.26 and earlier there is confusion in the usage of getcwd() ...)
- glibc 2.26-4 (bug #887001)
[stretch] - glibc <postponed> (Minor issue, can be fixed along in next DSA or preferably point release)
[jessie] - glibc <postponed> (Minor issue, can be fixed along in next DSA or preferably point release)
@@ -6855,8 +6988,7 @@ CVE-2017-17948 (Cells Blog 3.5 has XSS via the jfdname parameter in an act=showp
NOT-FOR-US: Cells Blog
CVE-2017-17947 (A cross site scripting issue has been found in custompage.cgi in Pulse ...)
NOT-FOR-US: Pulse Secure Pulse Connect Secure
-CVE-2017-1000411
- RESERVED
+CVE-2017-1000411 (OpenFlow Plugin and OpenDayLight Controller versions Nitrogen, Carbon, ...)
NOT-FOR-US: OpenDayLight
CVE-2017-17946 (A buffer overflow in Handy Password 4.9.3 allows remote attackers to ...)
NOT-FOR-US: Handy Password
@@ -16606,8 +16738,8 @@ CVE-2018-0138
RESERVED
CVE-2018-0137
RESERVED
-CVE-2018-0136
- RESERVED
+CVE-2018-0136 (A vulnerability in the IPv6 subsystem of Cisco IOS XR Software Release ...)
+ TODO: check
CVE-2018-0135
RESERVED
CVE-2018-0134
@@ -16810,8 +16942,8 @@ CVE-2017-16947
RESERVED
CVE-2017-16946 (The admin_edit function in app/Controller/UsersController.php in MISP ...)
NOT-FOR-US: MISP
-CVE-2017-16945
- RESERVED
+CVE-2017-16945 (The standardrestorer binary in Arq 5.10 and earlier for Mac allows ...)
+ TODO: check
CVE-2017-16942 (In libsndfile 1.0.25 (fixed in 1.0.26), a divide-by-zero error exists ...)
- libsndfile 1.0.27-1
[jessie] - libsndfile <no-dsa> (Minor issue)
@@ -16891,8 +17023,8 @@ CVE-2017-16930 (The remote management interface on the Claymore Dual GPU miner 1
NOT-FOR-US: Claymore's Dual Ethereum+Decred AMD+NVIDIA GPU Miner
CVE-2017-16929 (The remote management interface on the Claymore Dual GPU miner 10.1 is ...)
NOT-FOR-US: Claymore's Dual Ethereum+Decred AMD+NVIDIA GPU Miner
-CVE-2017-16928
- RESERVED
+CVE-2017-16928 (The arq_updater binary in Arq 5.10 and earlier for Mac allows local ...)
+ TODO: check
CVE-2017-16927 (The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session ...)
{DLA-1203-1}
- xrdp 0.9.4-3 (bug #882463)
@@ -17523,8 +17655,8 @@ CVE-2017-16860
RESERVED
CVE-2017-16859
RESERVED
-CVE-2017-16858
- RESERVED
+CVE-2017-16858 (The 'crowd-application' plugin module (notably used by the Google Apps ...)
+ TODO: check
CVE-2017-16857 (It is possible to bypass the bitbucket auto-unapprove plugin via ...)
NOT-FOR-US: Atlassian
CVE-2017-16856 (The RSS Feed macro in Atlassian Confluence before version 6.5.2 allows ...)
@@ -20785,8 +20917,8 @@ CVE-2017-15708 (In Apache Synapse, by default no authentication is required for
NOT-FOR-US: Apache Synapse
CVE-2017-15707 (In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated ...)
- libstruts1.2-java <not-affected> (Specific to 2.x)
-CVE-2017-15706
- RESERVED
+CVE-2017-15706 (As part of the fix for bug 61201, the documentation for Apache Tomcat ...)
+ TODO: check
CVE-2017-15705
RESERVED
CVE-2017-15704
@@ -20802,8 +20934,8 @@ CVE-2017-15700 (A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectVali
CVE-2017-15699
RESERVED
TODO: check, this is possibly specific to AMQ Interconnect as used by Red Hat JBoss, although based on Apache Qpid project
-CVE-2017-15698
- RESERVED
+CVE-2017-15698 (When parsing the AIA-Extension field of a client certificate, Apache ...)
+ TODO: check
CVE-2017-15697 (A malicious X-ProxyContextPath or X-Forwarded-Context header ...)
NOT-FOR-US: Apache NiFi
CVE-2017-15696
@@ -20910,14 +21042,14 @@ CVE-2017-15658
RESERVED
CVE-2017-15657
RESERVED
-CVE-2017-15656
- RESERVED
-CVE-2017-15655
- RESERVED
-CVE-2017-15654
- RESERVED
-CVE-2017-15653
- RESERVED
+CVE-2017-15656 (Password are stored in plaintext in nvram in the HTTPd server in all ...)
+ TODO: check
+CVE-2017-15655 (Multiple buffer overflow vulnerabilities exist in the HTTPd server in ...)
+ TODO: check
+CVE-2017-15654 (Highly predictable session tokens in the HTTPd server in all current ...)
+ TODO: check
+CVE-2017-15653 (Improper administrator IP validation after his login in the HTTPd ...)
+ TODO: check
CVE-2017-15652
RESERVED
CVE-2017-15651 (PRTG Network Monitor 17.3.33.2830 allows remote authenticated ...)
@@ -41244,8 +41376,8 @@ CVE-2017-8918 (XXE in Dive Assistant - Template Builder in Blackwave Dive Assist
NOT-FOR-US: Dive Assistant
CVE-2017-8917 (SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows ...)
NOT-FOR-US: Joomla
-CVE-2017-8916
- RESERVED
+CVE-2017-8916 (In Center for Internet Security CIS-CAT Pro Dashboard before 1.0.4, an ...)
+ TODO: check
CVE-2017-8915 (sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers ...)
NOT-FOR-US: SAP
CVE-2017-8914 (sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers ...)
@@ -62956,8 +63088,8 @@ CVE-2017-1775
RESERVED
CVE-2017-1774
RESERVED
-CVE-2017-1773
- RESERVED
+CVE-2017-1773 (IBM DataPower Gateways 7.1, 7,2, 7.5, and 7.6 could allow an attacker ...)
+ TODO: check
CVE-2017-1772
RESERVED
CVE-2017-1771
@@ -64036,8 +64168,8 @@ CVE-2017-1235 (IBM WebSphere MQ 8.0 could allow an authenticated user to cause a
NOT-FOR-US: IBM
CVE-2017-1234 (IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. This ...)
NOT-FOR-US: IBM
-CVE-2017-1233
- RESERVED
+CVE-2017-1233 (IBM Remote Control v9 could allow a local user to use the component to ...)
+ TODO: check
CVE-2017-1232 (IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) ...)
NOT-FOR-US: IBM Tivoli Endpoint Manager
CVE-2017-1231
@@ -87843,11 +87975,13 @@ CVE-2016-3122
CVE-2016-3121
RESERVED
CVE-2016-3120 (The validate_as_request function in kdc_util.c in the Key Distribution ...)
+ {DLA-1265-1}
- krb5 1.14.3+dfsg-1 (bug #832572)
[jessie] - krb5 1.12.1+dfsg-19+deb8u3
NOTE: https://github.com/krb5/krb5/commit/93b4a6306a0026cf1cc31ac4bd8a49ba5d034ba7
NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8458
CVE-2016-3119 (The process_db_args function in ...)
+ {DLA-1265-1}
- krb5 1.14.2+dfsg-1 (bug #819468)
[jessie] - krb5 1.12.1+dfsg-19+deb8u3
NOTE: https://github.com/krb5/krb5/commit/08c642c09c38a9c6454ab43a9b53b2a89b9eef99
@@ -134460,6 +134594,7 @@ CVE-2014-5358
CVE-2014-5357
RESERVED
CVE-2014-5355 (MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a ...)
+ {DLA-1265-1}
- krb5 1.12.1+dfsg-18 (bug #778647)
[squeeze] - krb5 <no-dsa> (Minor issue)
NOTE: Upstream commit: https://github.com/krb5/krb5/commit/102bb6ebf20f9174130c85c3b052ae104e5073ec
@@ -134469,6 +134604,7 @@ CVE-2014-5354 (plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5
[squeeze] - krb5 <not-affected> (do not expose a way for principal entries to have no long-term key material)
NOTE: Upstream commit: https://github.com/krb5/krb5/commit/04038bf3633c4b909b5ded3072dc88c8c419bf16
CVE-2014-5353 (The krb5_ldap_get_password_policy_from_dn function in ...)
+ {DLA-1265-1}
- krb5 1.12.1+dfsg-16 (bug #773226)
[squeeze] - krb5 <no-dsa> (Minor issue, needs elevated privileges to trigger crash)
NOTE: Upstream commit: https://github.com/krb5/krb5/commit/d1f707024f1d0af6e54a18885322d70fa15ec4d3
@@ -134476,6 +134612,7 @@ CVE-2014-5352 (The krb5_gss_process_context_token function in ...)
{DSA-3153-1 DLA-146-1}
- krb5 1.12.1+dfsg-17
CVE-2014-5351 (The kadm5_randkey_principal_3 function in ...)
+ {DLA-1265-1}
- krb5 1.12.1+dfsg-10 (bug #762479)
[squeeze] - krb5 <no-dsa> (Minor issue)
NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8018
@@ -144713,11 +144850,9 @@ CVE-2014-1634
RESERVED
CVE-2014-1633
RESERVED
-CVE-2014-1632
- RESERVED
+CVE-2014-1632 (htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers ...)
NOT-FOR-US: Eventum
-CVE-2014-1631
- RESERVED
+CVE-2014-1631 (Eventum before 2.3.5 allows remote attackers to reinstall the ...)
NOT-FOR-US: Eventum
CVE-2014-1630
RESERVED
@@ -165093,6 +165228,7 @@ CVE-2013-1420
CVE-2013-1419
RESERVED
CVE-2013-1418 (The setup_server_realm function in main.c in the Key Distribution ...)
+ {DLA-1265-1}
- krb5 1.11.3+dfsg-3+nmu1 (low; bug #728845)
[squeeze] - krb5 <no-dsa> (Minor issue)
NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=7757
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a83985ce70341268b0eba21619acf04863efc926
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a83985ce70341268b0eba21619acf04863efc926
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180131/0e2b30e8/attachment-0001.html>
More information about the Secure-testing-commits
mailing list