[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Jun 1 21:10:27 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
139997ae by security tracker role at 2018-06-01T20:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,4 +1,56 @@
-CVE-2018-11645 [ghostscript: lack of dSafer validation for status command]
+CVE-2018-11671 (An issue was discovered in GreenCMS v2.3.0603. There is a CSRF ...)
+ TODO: check
+CVE-2018-11670 (An issue was discovered in GreenCMS v2.3.0603. There is a CSRF ...)
+ TODO: check
+CVE-2018-11669
+ RESERVED
+CVE-2018-11668
+ RESERVED
+CVE-2018-11667
+ RESERVED
+CVE-2018-11666
+ RESERVED
+CVE-2018-11665
+ RESERVED
+CVE-2018-11664
+ RESERVED
+CVE-2018-11663
+ RESERVED
+CVE-2018-11662
+ RESERVED
+CVE-2018-11661
+ RESERVED
+CVE-2018-11660
+ RESERVED
+CVE-2018-11659
+ RESERVED
+CVE-2018-11658
+ RESERVED
+CVE-2018-11657 (ngiflib.c in MiniUPnP ngiflib 0.4 has an infinite loop in DecodeGifImg ...)
+ TODO: check
+CVE-2018-11656 (In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was ...)
+ TODO: check
+CVE-2018-11655 (In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was ...)
+ TODO: check
+CVE-2018-11654
+ RESERVED
+CVE-2018-11653
+ RESERVED
+CVE-2018-11652 (CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote ...)
+ TODO: check
+CVE-2018-11651 (Graylog before v2.4.4 has an XSS security issue with unescaped text in ...)
+ TODO: check
+CVE-2018-11650 (Graylog before v2.4.4 has an XSS security issue with unescaped text in ...)
+ TODO: check
+CVE-2018-11649 (Hue 3.12 has XSS via the /pig/save/ name and script parameters. ...)
+ TODO: check
+CVE-2018-11648
+ RESERVED
+CVE-2018-11647
+ RESERVED
+CVE-2018-11646 (webkitFaviconDatabaseSetIconForPageURL and ...)
+ TODO: check
+CVE-2018-11645 (psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status ...)
- ghostscript 9.21~dfsg-1 (low)
[stretch] - ghostscript <postponed> (Be be fixed along in future update)
[jessie] - ghostscript <postponed> (Be be fixed along in future update)
@@ -36,8 +88,8 @@ CVE-2018-11630
RESERVED
CVE-2018-11629
RESERVED
-CVE-2018-11628
- RESERVED
+CVE-2018-11628 (Data input into EMS Master Calendar before 8.0.0.201805210 via URL ...)
+ TODO: check
CVE-2018-11627 (Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs ...)
TODO: check
CVE-2018-11626 (SELA (aka SimplE Lossless Audio) v0.1.2-alpha has a stack-based buffer ...)
@@ -135,8 +187,8 @@ CVE-2018-11583 (SeaCMS 6.61 has stored XSS in admin_collect.php via the siteurl
NOT-FOR-US: SeaCMS
CVE-2018-11582
RESERVED
-CVE-2018-11581
- RESERVED
+CVE-2018-11581 (Cross-site scripting (XSS) vulnerability on Brother HL-L2340D and ...)
+ TODO: check
CVE-2018-11580 (An issue was discovered in mass-pages-posts-creator.php in the ...)
NOT-FOR-US: MULTIDOTS Mass Pages/Posts Creator plugin for WordPress
CVE-2018-11579 (class-woo-banner-management.php in the MULTIDOTS WooCommerce Category ...)
@@ -195,10 +247,10 @@ CVE-2018-11554
RESERVED
CVE-2018-11553
RESERVED
-CVE-2018-11552
- RESERVED
-CVE-2018-11551
- RESERVED
+CVE-2018-11552 (There is a reflected XSS vulnerability in AXON PBX 2.02 via the ...)
+ TODO: check
+CVE-2018-11551 (AXON PBX 2.02 contains a DLL hijacking vulnerability that could allow ...)
+ TODO: check
CVE-2018-11550
REJECTED
CVE-2018-11549 (An issue was discovered in WUZHI CMS 4.1.0 There is a Stored XSS ...)
@@ -250,8 +302,8 @@ CVE-2018-11540
RESERVED
CVE-2018-11539
RESERVED
-CVE-2018-11538
- RESERVED
+CVE-2018-11538 (servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, ...)
+ TODO: check
CVE-2018-11537
RESERVED
CVE-2018-11536 (md4c before 0.2.5 has a heap-based buffer overflow because ...)
@@ -377,10 +429,10 @@ CVE-2018-11488 (A stack exhaustion vulnerability in the search function of dtSea
NOT-FOR-US: dtSearch
CVE-2018-11487 (PHPMyWind 5.5 has XSS via the cid parameter to newsshow.php, or the ...)
NOT-FOR-US: PHPMyWind
-CVE-2018-11486
- RESERVED
-CVE-2018-11485
- RESERVED
+CVE-2018-11486 (An issue was discovered in the MULTIDOTS Advance Search for ...)
+ TODO: check
+CVE-2018-11485 (The MULTIDOTS WooCommerce Quick Reports plugin 1.0.6 and earlier for ...)
+ TODO: check
CVE-2018-11484
RESERVED
CVE-2018-11483
@@ -1179,10 +1231,10 @@ CVE-2018-11198
RESERVED
CVE-2018-11197
RESERVED
-CVE-2018-11196
- RESERVED
-CVE-2018-11195
- RESERVED
+CVE-2018-11196 (Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before ...)
+ TODO: check
+CVE-2018-11195 (Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before ...)
+ TODO: check
CVE-2018-11194
RESERVED
CVE-2018-11193
@@ -3109,8 +3161,8 @@ CVE-2018-10384
RESERVED
CVE-2018-10383
RESERVED
-CVE-2018-10382
- RESERVED
+CVE-2018-10382 (MODX Revolution 2.6.3 has XSS. ...)
+ TODO: check
CVE-2018-10381 (TunnelBear 3.2.0.6 for Windows suffers from a SYSTEM privilege ...)
NOT-FOR-US: TunnelBear for Windows
CVE-2018-10380 (kwallet-pam in KDE KWallet before 5.12.6 allows local users to obtain ...)
@@ -6716,10 +6768,10 @@ CVE-2018-8924
RESERVED
CVE-2018-8923
RESERVED
-CVE-2018-8922
- RESERVED
-CVE-2018-8921
- RESERVED
+CVE-2018-8922 (Improper access control vulnerability in Synology Drive before ...)
+ TODO: check
+CVE-2018-8921 (Cross-site scripting (XSS) vulnerability in File Sharing Notify Toast ...)
+ TODO: check
CVE-2018-8920
RESERVED
CVE-2018-8919
@@ -8999,8 +9051,8 @@ CVE-2018-7978
RESERVED
CVE-2018-7977
RESERVED
-CVE-2018-7976
- RESERVED
+CVE-2018-7976 (There is a stored cross-site scripting (XSS) vulnerability in Huawei ...)
+ TODO: check
CVE-2018-7975
RESERVED
CVE-2018-7974
@@ -9049,12 +9101,12 @@ CVE-2018-7953
RESERVED
CVE-2018-7952
RESERVED
-CVE-2018-7951
- RESERVED
-CVE-2018-7950
- RESERVED
-CVE-2018-7949
- RESERVED
+CVE-2018-7951 (The iBMC (Intelligent Baseboard Management Controller) of some Huawei ...)
+ TODO: check
+CVE-2018-7950 (The iBMC (Intelligent Baseboard Management Controller) of some Huawei ...)
+ TODO: check
+CVE-2018-7949 (The iBMC (Intelligent Baseboard Management Controller) of some Huawei ...)
+ TODO: check
CVE-2018-7948
RESERVED
CVE-2018-7947
@@ -16689,18 +16741,18 @@ CVE-2018-5528
RESERVED
CVE-2018-5527
RESERVED
-CVE-2018-5526
- RESERVED
-CVE-2018-5525
- RESERVED
-CVE-2018-5524
- RESERVED
-CVE-2018-5523
- RESERVED
-CVE-2018-5522
- RESERVED
-CVE-2018-5521
- RESERVED
+CVE-2018-5526 (Under certain conditions, on F5 BIG-IP ASM 13.1.0-13.1.0.5, Behavioral ...)
+ TODO: check
+CVE-2018-5525 (A local file vulnerability exists in the F5 BIG-IP Configuration ...)
+ TODO: check
+CVE-2018-5524 (Under certain conditions, on F5 BIG-IP 13.0.0-13.1.0.5, ...)
+ TODO: check
+CVE-2018-5523 (On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.1, ...)
+ TODO: check
+CVE-2018-5522 (On F5 BIG-IP 13.0.0, 12.0.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or ...)
+ TODO: check
+CVE-2018-5521 (On F5 BIG-IP 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or ...)
+ TODO: check
CVE-2018-5520 (On an F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.2.1-11.6.3.1 ...)
NOT-FOR-US: F5 BIG-IP
CVE-2018-5519 (On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.3, or 11.2.1-11.6.3.1, ...)
@@ -16715,8 +16767,8 @@ CVE-2018-5515 (On F5 BIG-IP 13.0.0-13.1.0.5, using RADIUS authentication respons
NOT-FOR-US: F5 BIG-IP
CVE-2018-5514 (On F5 BIG-IP 13.1.0-13.1.0.5, maliciously crafted HTTP/2 request ...)
NOT-FOR-US: F5 BIG-IP
-CVE-2018-5513
- RESERVED
+CVE-2018-5513 (On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.3, ...)
+ TODO: check
CVE-2018-5512 (On F5 BIG-IP 13.1.0-13.1.0.5, when Large Receive Offload (LRO) and SYN ...)
NOT-FOR-US: F5 BIG-IP
CVE-2018-5511 (On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated ...)
@@ -21174,8 +21226,8 @@ CVE-2017-17971 (The test_sql_and_script_inject function in htdocs/main.inc.php i
- dolibarr <removed> (bug #885828)
[jessie] - dolibarr <no-dsa> (Minor issue)
NOTE: https://github.com/Dolibarr/dolibarr/issues/8000
-CVE-2018-3809
- RESERVED
+CVE-2018-3809 (Information exposure through directory listings in serve 6.5.3 allows ...)
+ TODO: check
CVE-2018-3808
RESERVED
CVE-2018-3807
@@ -21278,12 +21330,12 @@ CVE-2018-3759
RESERVED
CVE-2018-3758
RESERVED
-CVE-2018-3757
- RESERVED
-CVE-2018-3756
- RESERVED
-CVE-2018-3755
- RESERVED
+CVE-2018-3757 (Command injection exists in pdf-image v2.0.0 due to an unescaped ...)
+ TODO: check
+CVE-2018-3756 (Hyperledger Iroha versions v1.0_beta and v1.0.0_beta-1 are vulnerable ...)
+ TODO: check
+CVE-2018-3755 (XSS in sexstatic <=0.6.2 causes HTML injection in directory name(s) ...)
+ TODO: check
CVE-2018-3754
RESERVED
CVE-2018-3753
@@ -21303,16 +21355,16 @@ CVE-2018-3748
RESERVED
CVE-2018-3747
RESERVED
-CVE-2018-3746
- RESERVED
+CVE-2018-3746 (The pdfinfojs NPM module versions <= 0.3.6 has a command injection ...)
+ TODO: check
CVE-2018-3745 (atob 2.0.3 and earlier allocates uninitialized Buffers when number is ...)
TODO: check
CVE-2018-3744 (The html-pages node module contains a path traversal vulnerabilities ...)
TODO: check
-CVE-2018-3743
- RESERVED
+CVE-2018-3743 (Open redirect in hekto <=0.2.3 when target domain name is used as html ...)
+ TODO: check
CVE-2018-3742
- RESERVED
+ REJECTED
CVE-2018-3741 (There is a possible XSS vulnerability in all rails-html-sanitizer gem ...)
- ruby-rails-html-sanitizer 1.0.4-1 (bug #893994)
NOTE: https://github.com/rails/rails-html-sanitizer/commit/f3ba1a839a35f2ba7f941c15e239a1cb379d56ae
@@ -29722,8 +29774,8 @@ CVE-2017-17173
RESERVED
CVE-2017-17172
RESERVED
-CVE-2017-17171
- RESERVED
+CVE-2017-17171 (Some Huawei smart phones have the denial of service (DoS) ...)
+ TODO: check
CVE-2017-17170 (The CIDAM Protocol on Huawei DP300 V500R002C00; V500R002C00B010; ...)
NOT-FOR-US: Huawei
CVE-2017-17169 (The CIDAM Protocol on Huawei DP300 V500R002C00; V500R002C00B010; ...)
@@ -35377,128 +35429,128 @@ CVE-2016-10636
RESERVED
CVE-2016-10635 (broccoli-closure is a Closure compiler plugin for Broccoli. ...)
TODO: check
-CVE-2016-10634
- RESERVED
-CVE-2016-10633
- RESERVED
-CVE-2016-10632
- RESERVED
-CVE-2016-10631
- RESERVED
-CVE-2016-10630
- RESERVED
-CVE-2016-10629
- RESERVED
-CVE-2016-10628
- RESERVED
+CVE-2016-10634 (scala-standalone-bin is a Binary wrapper for ScalaJS. ...)
+ TODO: check
+CVE-2016-10633 (dwebp-bin is a dwebp node.js wrapper that convert WebP into PNG. ...)
+ TODO: check
+CVE-2016-10632 (apk-parser2 is a module which extracts Android Manifest info from an ...)
+ TODO: check
+CVE-2016-10631 (jvminstall is a module for downloading and unpacking jvm to local ...)
+ TODO: check
+CVE-2016-10630 (install-g-test downloads resources over HTTP, which leaves it ...)
+ TODO: check
+CVE-2016-10629 (nw-with-arm is a NW Installer including ARM-Build. nw-with-arm ...)
+ TODO: check
+CVE-2016-10628 (selenium-wrapper is a selenium server wrapper, including installation ...)
+ TODO: check
CVE-2016-10627 (scala-bin is a binary wrapper for Scala. scala-bin downloads binary ...)
TODO: check
-CVE-2016-10626
- RESERVED
-CVE-2016-10625
- RESERVED
-CVE-2016-10624
- RESERVED
-CVE-2016-10623
- RESERVED
-CVE-2016-10622
- RESERVED
-CVE-2016-10621
- RESERVED
-CVE-2016-10620
- RESERVED
-CVE-2016-10619
- RESERVED
-CVE-2016-10618
- RESERVED
-CVE-2016-10617
- RESERVED
-CVE-2016-10616
- RESERVED
-CVE-2016-10615
- RESERVED
-CVE-2016-10614
- RESERVED
-CVE-2016-10613
- RESERVED
-CVE-2016-10612
- RESERVED
+CVE-2016-10626 (mystem3 is a NodeJS wrapper for the Yandex MyStem 3. mystem3 downloads ...)
+ TODO: check
+CVE-2016-10625 (headless-browser-lite is a minimal npm installer for phantomjs and ...)
+ TODO: check
+CVE-2016-10624 (selenium-chromedriver is a simple utility for downloading the Selenium ...)
+ TODO: check
+CVE-2016-10623 (macaca-chromedriver-zxa is a Node.js wrapper for the selenium ...)
+ TODO: check
+CVE-2016-10622 (nodeschnaps is a NodeJS compatibility layer for Java (Rhino). ...)
+ TODO: check
+CVE-2016-10621 (fibjs is a runtime for javascript applictions built on google v8 JS. ...)
+ TODO: check
+CVE-2016-10620 (atom-node-module-installer installs node modules for atom-shell ...)
+ TODO: check
+CVE-2016-10619 (pennyworth is a natural language templating engine. pennyworth ...)
+ TODO: check
+CVE-2016-10618 (node-browser is a wrapper webdriver by nodejs. node-browser downloads ...)
+ TODO: check
+CVE-2016-10617 (box2d-native downloads binary resources over HTTP, which leaves it ...)
+ TODO: check
+CVE-2016-10616 (openframe-image is an Openframe extension which adds support for ...)
+ TODO: check
+CVE-2016-10615 (curses is bindings for the native curses library, a full featured ...)
+ TODO: check
+CVE-2016-10614 (httpsync is a port of libcurl to node.js. httpsync downloads binary ...)
+ TODO: check
+CVE-2016-10613 (bionode-sra is a Node.js wrapper for SRA Toolkit. bionode-sra ...)
+ TODO: check
+CVE-2016-10612 (dalek-browser-ie-canary is Internet Explorer bindings for DalekJS. ...)
+ TODO: check
CVE-2016-10611 (strider-sauce is Sauce Labs / Selenium support for Strider. ...)
TODO: check
-CVE-2016-10610
- RESERVED
-CVE-2016-10609
- RESERVED
-CVE-2016-10608
- RESERVED
-CVE-2016-10607
- RESERVED
-CVE-2016-10606
- RESERVED
-CVE-2016-10605
- RESERVED
-CVE-2016-10604
- RESERVED
-CVE-2016-10603
- RESERVED
-CVE-2016-10602
- RESERVED
+CVE-2016-10610 (unicode-json is a unicode lookup table. unicode-json before 2.0.0 ...)
+ TODO: check
+CVE-2016-10609 (chromedriver126 is chromedriver version 1.26 for linux OS. ...)
+ TODO: check
+CVE-2016-10608 (robot-js is a module for native system automation for node.js. ...)
+ TODO: check
+CVE-2016-10607 (openframe-glsviewer is a Openframe extension which adds support for ...)
+ TODO: check
+CVE-2016-10606 (grunt-webdriver-qunit is a grunt plugin to run qunit with webdriver in ...)
+ TODO: check
+CVE-2016-10605 (dalek-browser-ie is Internet Explorer bindings for DalekJS. ...)
+ TODO: check
+CVE-2016-10604 (dalek-browser-chrome is Google Chrome bindings for DalekJS. ...)
+ TODO: check
+CVE-2016-10603 (air-sdk is a NPM wrapper for the Adobe AIR SDK. air-sdk downloads ...)
+ TODO: check
+CVE-2016-10602 (haxe is a cross-platform toolkit haxe downloads zipped resources over ...)
+ TODO: check
CVE-2016-10601 (webdrvr is a npm wrapper for Selenium Webdriver including Chromedriver ...)
TODO: check
-CVE-2016-10600
- RESERVED
-CVE-2016-10599
- RESERVED
-CVE-2016-10598
- RESERVED
-CVE-2016-10597
- RESERVED
-CVE-2016-10596
- RESERVED
-CVE-2016-10595
- RESERVED
-CVE-2016-10594
- RESERVED
+CVE-2016-10600 (webrtc-native uses WebRTC from chromium project. webrtc-native ...)
+ TODO: check
+CVE-2016-10599 (sauce-connect is a Node.js wrapper over the SauceLabs SauceConnect.jar ...)
+ TODO: check
+CVE-2016-10598 (arrayfire-js is a module for ArrayFire for the Node.js platform. ...)
+ TODO: check
+CVE-2016-10597 (cobalt-cli downloads resources over HTTP, which leaves it vulnerable ...)
+ TODO: check
+CVE-2016-10596 (imageoptim is a Node.js wrapper for some images compression ...)
+ TODO: check
+CVE-2016-10595 (jdf-sass is a fork from node-sass, jdf use only. jdf-sass downloads ...)
+ TODO: check
+CVE-2016-10594 (ipip is a Node.js module to query geolocation information for an IP or ...)
+ TODO: check
CVE-2016-10593 (ibapi is an Interactive Brokers API addon for NodeJS. ibapi downloads ...)
TODO: check
-CVE-2016-10592
- RESERVED
+CVE-2016-10592 (jser-stat is a JSer.info stat library. jser-stat downloads data ...)
+ TODO: check
CVE-2016-10591 (Prince is a Node API for executing XML/HTML to PDF renderer PrinceXML ...)
TODO: check
CVE-2016-10590 (cue-sdk-node is a Corsair Cue SDK wrapper for node.js. cue-sdk-node ...)
TODO: check
CVE-2016-10589 (selenium-binaries downloads Selenium related binaries for your OS. ...)
TODO: check
-CVE-2016-10588
- RESERVED
-CVE-2016-10587
- RESERVED
+CVE-2016-10588 (nw is an installer for nw.js. nw downloads zipped resources over HTTP, ...)
+ TODO: check
+CVE-2016-10587 (wasdk is a toolkit for creating WebAssembly modules. wasdk downloads ...)
+ TODO: check
CVE-2016-10586 (macaca-chromedriver is a Node.js wrapper for the selenium ...)
TODO: check
-CVE-2016-10585
- RESERVED
+CVE-2016-10585 (libxl provides Node bindings for the libxl library for reading and ...)
+ TODO: check
CVE-2016-10584 (dalek-browser-chrome-canary provides Google Chrome bindings for ...)
TODO: check
-CVE-2016-10583
- RESERVED
-CVE-2016-10582
- RESERVED
-CVE-2016-10581
- RESERVED
-CVE-2016-10580
- RESERVED
-CVE-2016-10579
- RESERVED
+CVE-2016-10583 (closure-utils is Utilities for Closure Library based projects. ...)
+ TODO: check
+CVE-2016-10582 (closurecompiler is a Closure Compiler for node.js. closurecompiler ...)
+ TODO: check
+CVE-2016-10581 (Steroids is PhoneGap on Steroids, providing native UI elements, ...)
+ TODO: check
+CVE-2016-10580 (nodewebkit is an installer for node-webkit. nodewebkit downloads ...)
+ TODO: check
+CVE-2016-10579 (Chromedriver is an NPM wrapper for selenium ChromeDriver. Chromedriver ...)
+ TODO: check
CVE-2016-10578 (unicode loads unicode data downloaded from unicode.org into nodejs. ...)
NOT-FOR-US: nodejs unicode module
CVE-2016-10577 (ibm_db is an asynchronous/synchronous interface for node.js to IBM DB2 ...)
NOT-FOR-US: ibm_db node.js module
-CVE-2016-10576
- RESERVED
-CVE-2016-10575
- RESERVED
-CVE-2016-10574
- RESERVED
+CVE-2016-10576 (Fuseki server wrapper and management API in fuseki before 1.0.1 ...)
+ TODO: check
+CVE-2016-10575 (Kindlegen is a simple Node.js wrapper of the official kindlegen ...)
+ TODO: check
+CVE-2016-10574 (apk-parser3 is a module to extract Android Manifest info from an APK ...)
+ TODO: check
CVE-2016-10573 (baryton-saxophone is a module to install and launch Selenium Server ...)
TODO: check
CVE-2016-10572 (mongodb-instance before 0.0.3 installs mongodb locally. ...)
@@ -35539,13 +35591,13 @@ CVE-2016-10555 (Since "algorithm" isn't enforced in jwt.decode()in jwt
NOT-FOR-US: nodejs-jwt-simple
CVE-2016-10554 (sequelize is an Object-relational mapping, or a middleman to convert ...)
TODO: check
-CVE-2016-10553 (sequalize is an Object-relational mapping, or a middleman to convert ...)
+CVE-2016-10553 (sequelize is an Object-relational mapping, or a middleman to convert ...)
TODO: check
CVE-2016-10552 (igniteui 0.0.5 and earlier downloads JavaScript and CSS resources over ...)
TODO: check
CVE-2016-10551 (waterline-sequel is a module that helps generate SQL statements for ...)
TODO: check
-CVE-2016-10550 (sequalize is an Object-relational mapping, or a middleman to convert ...)
+CVE-2016-10550 (sequelize is an Object-relational mapping, or a middleman to convert ...)
TODO: check
CVE-2016-10549 (Sails is an MVC style framework for building realtime web ...)
TODO: check
@@ -65902,8 +65954,8 @@ CVE-2017-6155 (On F5 BIG-IP 13.0.0, 12.0.0-12.1.3.1, 11.6.0-11.6.2, 11.4.1-11.5.
NOT-FOR-US: F5 BIG-IP
CVE-2017-6154 (On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - ...)
NOT-FOR-US: F5 BIG-IP
-CVE-2017-6153
- RESERVED
+CVE-2017-6153 (Features in F5 BIG-IP 13.0.0-13.1.0.3, 12.1.0-12.1.3.1, ...)
+ TODO: check
CVE-2017-6152 (A local user on F5 BIG-IQ Centralized Management 5.1.0-5.2.0 with the ...)
NOT-FOR-US: F5 BIG-IQ Centralized Management
CVE-2017-6151 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, ...)
@@ -76222,12 +76274,12 @@ CVE-2017-2862 (An exploitable heap overflow vulnerability exists in the ...)
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0366
CVE-2017-2861 (An exploitable Denial of Service vulnerability exists in the use of a ...)
NOT-FOR-US: Natus Xltek NeuroWorks
-CVE-2017-2860
- RESERVED
+CVE-2017-2860 (An exploitable denial-of-service vulnerability exists in the lookup ...)
+ TODO: check
CVE-2017-2859
RESERVED
-CVE-2017-2858
- RESERVED
+CVE-2017-2858 (An exploitable denial-of-service vulnerability exists in the traversal ...)
+ TODO: check
CVE-2017-2857
RESERVED
CVE-2017-2856
@@ -76238,8 +76290,8 @@ CVE-2017-2854
RESERVED
CVE-2017-2853 (An exploitable Code Execution vulnerability exists in the ...)
NOT-FOR-US: Natus Xltek NeuroWorks
-CVE-2017-2852
- RESERVED
+CVE-2017-2852 (An exploitable denial-of-service vulnerability exists in the ...)
+ TODO: check
CVE-2017-2851 (In the web management interface in Foscam C1 Indoor HD cameras with ...)
NOT-FOR-US: Foscam C1 Indoor HD cameras
CVE-2017-2850 (In the web management interface in Foscam C1 Indoor HD cameras with ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/139997aea97df799c0969beb1ce28053c364b72e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/139997aea97df799c0969beb1ce28053c364b72e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180601/f8e005c2/attachment.html>
More information about the debian-security-tracker-commits
mailing list