[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Mar 1 21:10:28 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
84c37613 by security tracker role at 2018-03-01T21:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,5 +1,23 @@
-CVE-2018-7579
+CVE-2018-7585
RESERVED
+CVE-2018-7584 (In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and ...)
+ TODO: check
+CVE-2018-7583
+ RESERVED
+CVE-2018-7582
+ RESERVED
+CVE-2018-7581
+ RESERVED
+CVE-2018-7580
+ RESERVED
+CVE-2017-18211 (In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was ...)
+ TODO: check
+CVE-2017-18210 (In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was ...)
+ TODO: check
+CVE-2017-18209 (In the GetOpenCLCachedFilesDirectory function in magick/opencl.c in ...)
+ TODO: check
+CVE-2018-7579 (\application\admin\controller\update_urls.class.php in YzmCMS 3.6 has ...)
+ TODO: check
CVE-2018-7578
RESERVED
CVE-2018-7577
@@ -10,8 +28,8 @@ CVE-2018-7575
RESERVED
CVE-2018-7574
RESERVED
-CVE-2018-7573
- RESERVED
+CVE-2018-7573 (An issue was discovered in FTPShell Client 6.7. A remote FTP server can ...)
+ TODO: check
CVE-2018-7572
RESERVED
CVE-2018-7571
@@ -78,8 +96,8 @@ CVE-2018-7563
RESERVED
CVE-2018-7562
RESERVED
-CVE-2018-7561
- RESERVED
+CVE-2018-7561 (Stack-based Buffer Overflow in httpd on Tenda AC9 devices ...)
+ TODO: check
CVE-2018-7560
RESERVED
CVE-2018-7559
@@ -106,8 +124,7 @@ CVE-2018-7552 (There is an invalid free in Mapping::DoubleHash::clear in mapping
CVE-2018-7551 (There is an invalid free in MiniPS::delete0 in minips.cpp that leads to ...)
- sam2p <removed>
NOTE: https://github.com/pts/sam2p/issues/28
-CVE-2018-7550 [i386: multiboot OOB access while loading kernel image]
- RESERVED
+CVE-2018-7550 (The load_multiboot function in hw/i386/multiboot.c in Quick Emulator ...)
- qemu <unfixed>
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-02/msg06890.html
@@ -1645,12 +1662,12 @@ CVE-2017-18189 (In the startread function in xa.c in Sound eXchange (SoX) throug
[stretch] - sox <no-dsa> (Minor issue)
[jessie] - sox <no-dsa> (Minor issue)
NOTE: https://public-inbox.org/sox-devel/20171109114554.16297-1-mans@mansr.com/raw
-CVE-2018-7049
- RESERVED
-CVE-2018-7048
- RESERVED
-CVE-2018-7047
- RESERVED
+CVE-2018-7049 (An issue was discovered in Wowza Streaming Engine before 4.7.1. There ...)
+ TODO: check
+CVE-2018-7048 (An issue was discovered in Wowza Streaming Engine before 4.7.1. There ...)
+ TODO: check
+CVE-2018-7047 (An issue was discovered in the MBeans Server in Wowza Streaming Engine ...)
+ TODO: check
CVE-2018-7046 (** DISPUTED ** Arbitrary code execution vulnerability in Kentico 9 ...)
NOT-FOR-US: Kentico
CVE-2018-7045
@@ -5917,10 +5934,10 @@ CVE-2018-5503
RESERVED
CVE-2018-5502
RESERVED
-CVE-2018-5501
- RESERVED
-CVE-2018-5500
- RESERVED
+CVE-2018-5501 (In some circumstances, on F5 BIG-IP systems running 13.0.0, 12.1.0 - ...)
+ TODO: check
+CVE-2018-5500 (On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - ...)
+ TODO: check
CVE-2018-5499
RESERVED
CVE-2018-5498
@@ -6384,8 +6401,8 @@ CVE-2018-5316 (The "SagePay Server Gateway for WooCommerce" plugin bef
NOT-FOR-US: "SagePay Server Gateway for WooCommerce" plugin for WordPress
CVE-2018-5315 (The Wachipi WP Events Calendar plugin 1.0 for WordPress has SQL ...)
NOT-FOR-US: Wachipi WP Events Calendar plugin for WordPress
-CVE-2018-5314
- RESERVED
+CVE-2018-5314 (Command injection vulnerability in Citrix NetScaler ADC and NetScaler ...)
+ TODO: check
CVE-2017-1000465 (Sulu-standard version 1.6.6 is vulnerable to stored cross-site ...)
NOT-FOR-US: Sulu-standard
CVE-2017-1000429 (rui Li finecms 5.0.10 is vulnerable to a reflected XSS in the file ...)
@@ -13902,8 +13919,8 @@ CVE-2018-2382 (A vulnerability in the SAP internet Graphics Server, 7.20, 7.20EX
NOT-FOR-US: SAP internet Graphics Server
CVE-2018-2381 (SAP ERP Financials Information System (SAP_APPL 6.00, 6.02, 6.03, ...)
NOT-FOR-US: SAP ERP Financials Information System
-CVE-2018-2380
- RESERVED
+CVE-2018-2380 (SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to ...)
+ TODO: check
CVE-2018-2379 (In SAP HANA Extended Application Services, 1.0, an unauthenticated ...)
NOT-FOR-US: SAP HANA Extended Application Services
CVE-2018-2378 (In SAP HANA Extended Application Services, 1.0, unauthorized users can ...)
@@ -13926,14 +13943,14 @@ CVE-2018-2370 (Server Side Request Forgery (SSRF) vulnerability in SAP Central .
NOT-FOR-US: SAP Central Management Console
CVE-2018-2369 (Under certain conditions SAP HANA, 1.00, 2.00, allows an ...)
NOT-FOR-US: SAP HANA
-CVE-2018-2368
- RESERVED
-CVE-2018-2367
- RESERVED
+CVE-2018-2368 (SAP NetWeaver System Landscape Directory, LM-CORE 7.10, 7.20, 7.30, ...)
+ TODO: check
+CVE-2018-2367 (ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to ...)
+ TODO: check
CVE-2018-2366
RESERVED
-CVE-2018-2365
- RESERVED
+CVE-2018-2365 (SAP NetWeaver Portal, WebDynpro Java, 7.30, 7.31, 7.40, 7.50, does not ...)
+ TODO: check
CVE-2018-2364 (SAP CRM WebClient UI 7.01, 7.31, 7.46, 7.47, 7.48, 8.00, 8.01, S4FND ...)
NOT-FOR-US: SAP
CVE-2018-2363 (SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, ...)
@@ -27423,8 +27440,7 @@ CVE-2017-14806
RESERVED
CVE-2017-14805
RESERVED
-CVE-2017-14804 [build: Exploit extractbuild to write to files in the host system]
- RESERVED
+CVE-2017-14804 (The build package before 20171128 did not check directory names during ...)
- obs-build <unfixed> (bug #887306)
[stretch] - obs-build <no-dsa> (Minor issue)
[jessie] - obs-build <no-dsa> (Minor issue)
@@ -27435,12 +27451,12 @@ CVE-2017-14802
RESERVED
CVE-2017-14801
RESERVED
-CVE-2017-14800
- RESERVED
-CVE-2017-14799
- RESERVED
-CVE-2017-14798
- RESERVED
+CVE-2017-14800 (A reflected cross site scripting attack in the NetIQ Access Manager ...)
+ TODO: check
+CVE-2017-14799 (A cross site scripting attack in handling the ESP login parameter ...)
+ TODO: check
+CVE-2017-14798 (A race condition in the postgresql init script could be used by ...)
+ TODO: check
CVE-2017-14797 (Lack of Transport Encryption in the public API in Philips Hue Bridge ...)
NOT-FOR-US: Philips Hue
CVE-2017-14796 (The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote ...)
@@ -34046,8 +34062,7 @@ CVE-2017-12629 (Remote code execution occurs in Apache Solr before 7.1 with Apac
NOTE: Patch disallowing XXE: https://github.com/apache/lucene-solr/commit/926cc4d65b6d2cc40ff07f76d50ddeda947e3cc4
CVE-2017-12628 (The JMX server embedded in Apache James, also used by the command line ...)
NOT-FOR-US: Apache James
-CVE-2017-12627 [Apache Xerces-C DTD vulnerability processing external paths]
- RESERVED
+CVE-2017-12627 (In Apache Xerces-C XML Parser library before 3.2.1, processing of ...)
- xerces-c <unfixed>
NOTE: https://svn.apache.org/viewvc?view=revision&revision=1819998
NOTE: https://xerces.apache.org/xerces-c/secadv/CVE-2017-12627.txt
@@ -43858,8 +43873,8 @@ CVE-2017-9289 (Bram Korsten Note through 1.2.0 is vulnerable to a reflected XSS
NOT-FOR-US: Bram Korsten Note
CVE-2017-9288 (The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a reflected ...)
NOT-FOR-US: Wordpress plugin
-CVE-2017-9286
- RESERVED
+CVE-2017-9286 (The packaging of NextCloud in openSUSE used /srv/www/htdocs in an ...)
+ TODO: check
CVE-2017-9285
RESERVED
CVE-2017-9284
@@ -43882,8 +43897,7 @@ CVE-2017-9276
RESERVED
CVE-2017-9275
RESERVED
-CVE-2017-9274 [osc executes spec code during "osc commit"]
- RESERVED
+CVE-2017-9274 (A shell command injection in the obs-service-source_validator before ...)
- osc 0.162.1-1 (bug #887391)
[stretch] - osc <no-dsa> (Minor issue)
[jessie] - osc <no-dsa> (Minor issue)
@@ -43896,14 +43910,14 @@ CVE-2017-9273 (The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be ...)
NOT-FOR-US: IDM
CVE-2017-9272 (The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be ...)
NOT-FOR-US: IDM
-CVE-2017-9271
- RESERVED
-CVE-2017-9270
- RESERVED
-CVE-2017-9269
- RESERVED
-CVE-2017-9268
- RESERVED
+CVE-2017-9271 (The commandline package update tool zypper writes HTTP proxy ...)
+ TODO: check
+CVE-2017-9270 (In cryptctl before version 2.0 a malicious server could send RPC ...)
+ TODO: check
+CVE-2017-9269 (In libzypp before August 2018 GPG keys attached to YUM repositories ...)
+ TODO: check
+CVE-2017-9268 (In the open build service before 201707022 the wipetrigger and rebuild ...)
+ TODO: check
CVE-2017-9267
RESERVED
CVE-2016-10379 (The VirtueMart com_virtuemart component 3.0.14 for Joomla! allows SQL ...)
@@ -49897,10 +49911,10 @@ CVE-2017-7438
RESERVED
CVE-2017-7437
RESERVED
-CVE-2017-7436
- RESERVED
-CVE-2017-7435
- RESERVED
+CVE-2017-7436 (In libzypp before 20170803 it was possible to retrieve unsigned ...)
+ TODO: check
+CVE-2017-7435 (In libzypp before 20170803 it was possible to add unsigned YUM ...)
+ TODO: check
CVE-2017-7434
RESERVED
CVE-2017-7433 (An absolute path traversal vulnerability (CWE-36) in Micro Focus Vibe ...)
@@ -49917,8 +49931,8 @@ CVE-2017-7428 (NetIQ iManager 3.x before 3.0.3.1 has an issue in the renegotiati
NOT-FOR-US: NetIQ iManager
CVE-2017-7427
RESERVED
-CVE-2017-7426
- RESERVED
+CVE-2017-7426 (The NetIQ Identity Manager Plugins before 4.6.1 contained various XML ...)
+ TODO: check
CVE-2017-7425 (Multiple potential reflected XSS issues exist in NetIQ iManager ...)
NOT-FOR-US: NetIQ
CVE-2017-7424 (A Path Traversal (CWE-22) vulnerability in esfadmingui in Micro Focus ...)
@@ -53955,16 +53969,16 @@ CVE-2017-6156
RESERVED
CVE-2017-6155
RESERVED
-CVE-2017-6154
- RESERVED
+CVE-2017-6154 (On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - ...)
+ TODO: check
CVE-2017-6153
RESERVED
CVE-2017-6152
RESERVED
CVE-2017-6151 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, ...)
NOT-FOR-US: F5 BIG-IP
-CVE-2017-6150
- RESERVED
+CVE-2017-6150 (Under certain conditions for F5 BIG-IP systems 13.0.0 or 12.1.0 - ...)
+ TODO: check
CVE-2017-6149
RESERVED
CVE-2017-6148
@@ -57491,8 +57505,8 @@ CVE-2017-5190 (NetIQ Access Manager 4.2 before SP3 HF1 and 4.3 before SP1 HF1, w
NOT-FOR-US: NetIQ Access Manager
CVE-2017-5189
RESERVED
-CVE-2017-5188
- RESERVED
+CVE-2017-5188 (The bs_worker code in open build service before 20170320 followed ...)
+ TODO: check
CVE-2017-5187 (A Cross-Site Request Forgery (CWE-352) vulnerability in Directory ...)
NOT-FOR-US: Micro Focus
CVE-2017-5186 (Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before ...)
@@ -84437,7 +84451,7 @@ CVE-2016-5696 (net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not prop
NOTE: Fixed by: https://github.com/torvalds/linux/commit/75ff39ccc1bd5d3c455b6822ab09e533c551f758
CVE-2016-5389
REJECTED
-CVE-2016-5388 (Apache Tomcat through 8.5.4, when the CGI Servlet is enabled, follows ...)
+CVE-2016-5388 (Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI ...)
- tomcat9 <itp> (bug #802312)
- tomcat8 8.0.37-1 (unimportant)
- tomcat7 7.0.72-1 (unimportant)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/84c376139570f5ed0b046b5eaa208c72f3e48b85
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/84c376139570f5ed0b046b5eaa208c72f3e48b85
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180301/d0b08e78/attachment-0001.html>
More information about the Secure-testing-commits
mailing list