[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Mar 23 21:10:32 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e0422238 by security tracker role at 2018-03-23T21:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,41 @@
+CVE-2018-8957 (CoverCMS v1.1.6 has XSS via the fourth input box to index.php, related ...)
+ TODO: check
+CVE-2018-8956
+ RESERVED
+CVE-2018-8955
+ RESERVED
+CVE-2018-8954
+ RESERVED
+CVE-2018-8953
+ RESERVED
+CVE-2018-8952
+ RESERVED
+CVE-2018-8951
+ RESERVED
+CVE-2018-8950
+ RESERVED
+CVE-2018-8949 (An issue was discovered in app/Model/Attribute.php in MISP before ...)
+ TODO: check
+CVE-2018-8948 (In MISP before 2.4.89, app/View/Events/resolved_attributes.ctp has ...)
+ TODO: check
+CVE-2018-8947
+ RESERVED
+CVE-2018-1000141 (I, Librarian version 4.9 and earlier contains an Incorrect Access ...)
+ TODO: check
+CVE-2018-1000140 (rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow ...)
+ TODO: check
+CVE-2018-1000139 (I, Librarian version 4.8 and earlier contains a Cross Site Scripting ...)
+ TODO: check
+CVE-2018-1000138 (I, Librarian version 4.8 and earlier contains a SSRF vulnerability in ...)
+ TODO: check
+CVE-2018-1000137 (I, Librarian version 4.8 and earlier contains a Cross site Request ...)
+ TODO: check
+CVE-2017-18247 (The av_audio_fifo_size function in libavutil/audio_fifo.c in Libav 12.2 ...)
+ TODO: check
+CVE-2017-18246 (The pcm_encode_frame function in libavcodec/pcm.c in Libav 12.2 allows ...)
+ TODO: check
+CVE-2017-18245 (The mpc8_probe function in libavformat/mpc8.c in Libav 12.2 allows ...)
+ TODO: check
CVE-2018-XXXX [Gitlab Auth0 integration issue]
- gitlab <unfixed> (bug #893905)
NOTE: https://about.gitlab.com/2018/03/20/critical-security-release-gitlab-10-dot-5-dot-6-released/
@@ -142,8 +180,8 @@ CVE-2018-8886
RESERVED
CVE-2018-8885
RESERVED
-CVE-2018-1000136
- RESERVED
+CVE-2018-1000136 (Electron version 1.7 up to 1.7.12; 1.8 up to 1.8.3 and 2.0.0 up to ...)
+ TODO: check
CVE-2017-18241 (fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users to ...)
- linux 4.13.4-1
NOTE: https://git.kernel.org/linus/d4fdf8ba0e5808ba9ad6b44337783bd9935e0982
@@ -3004,6 +3042,7 @@ CVE-2018-7660
CVE-2018-7659
RESERVED
CVE-2018-7711 (HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 ...)
+ {DLA-1314-1}
- simplesamlphp 1.15.4-1
[stretch] - simplesamlphp <no-dsa> (Minor issue)
[jessie] - simplesamlphp <no-dsa> (Minor issue)
@@ -3548,8 +3587,8 @@ CVE-2018-7504 (A Protection Mechanism Failure issue was discovered in OSIsoft PI
NOT-FOR-US: OSIsoft PI
CVE-2018-7503
RESERVED
-CVE-2018-7502
- RESERVED
+CVE-2018-7502 (Kernal drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 ...)
+ TODO: check
CVE-2018-7501
RESERVED
CVE-2018-7500 (A Permissions, Privileges, and Access Controls issue was discovered in ...)
@@ -14883,8 +14922,8 @@ CVE-2017-17738 (The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 a
NOT-FOR-US: BrightSign Digital Signage
CVE-2017-17737 (The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and ...)
NOT-FOR-US: BrightSign Digital Signage
-CVE-2017-17736
- RESERVED
+CVE-2017-17736 (Kentico 9.0 before 9.0.51 and 10.0 before 10.0.48 allows remote ...)
+ TODO: check
CVE-2017-17735 (CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login ...)
NOT-FOR-US: CMS Made Simple (CMSMS)
CVE-2017-17734 (CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login ...)
@@ -19425,8 +19464,8 @@ CVE-2018-1431
RESERVED
CVE-2018-1430
RESERVED
-CVE-2018-1429
- RESERVED
+CVE-2018-1429 (IBM MQ Appliance 9.0.1, 9.0.2, 9.0.3, amd 9.0.4 is vulnerable to ...)
+ TODO: check
CVE-2018-1428 (IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and ...)
NOT-FOR-US: IBM
CVE-2018-1427 (IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and ...)
@@ -20612,16 +20651,16 @@ CVE-2018-1213
RESERVED
CVE-2018-1212
RESERVED
-CVE-2018-1211
- RESERVED
+CVE-2018-1211 (Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a path ...)
+ TODO: check
CVE-2018-1210
REJECTED
CVE-2018-1209
REJECTED
CVE-2018-1208
REJECTED
-CVE-2018-1207
- RESERVED
+CVE-2018-1207 (Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI ...)
+ TODO: check
CVE-2018-1206 (Dell EMC Data Protection Advisor versions prior to 6.3 Patch 159 and ...)
NOT-FOR-US: EMC Data Protection Advisor
CVE-2018-1205
@@ -28943,6 +28982,7 @@ CVE-2017-15423
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15422 [integer overflow in icu]
RESERVED
+ {DSA-4150-1}
- icu 57.1-9 (bug #892766)
[wheezy] - icu <not-affected> (Vulnerable code not present)
NOTE: https://code.google.com/p/chromium/issues/detail?id=774382
@@ -29284,10 +29324,10 @@ CVE-2017-15328 (Huawei HG8245H version earlier than V300R018C00SPC110 has an ...
NOT-FOR-US: Huawei
CVE-2017-15327
RESERVED
-CVE-2017-15326
- RESERVED
-CVE-2017-15325
- RESERVED
+CVE-2017-15326 (DBS3900 TDD LTE V100R003C00, V100R004C10 have a weak encryption ...)
+ TODO: check
+CVE-2017-15325 (The Bdat driver of Prague smart phones with software versions earlier ...)
+ TODO: check
CVE-2017-15324 (Huawei S5700 and S6700 with software of V200R005C00 have a DoS ...)
NOT-FOR-US: Huawei
CVE-2017-15323 (Huawei DP300 V500R002C00, NIP6600 V500R001C00, V500R001C20, ...)
@@ -70533,8 +70573,8 @@ CVE-2017-1764
RESERVED
CVE-2017-1763
RESERVED
-CVE-2017-1762
- RESERVED
+CVE-2017-1762 (IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management ...)
+ TODO: check
CVE-2017-1761 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to ...)
NOT-FOR-US: IBM WebSphere Portal
CVE-2017-1760 (IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a local user to crash ...)
@@ -70747,8 +70787,8 @@ CVE-2017-1657
RESERVED
CVE-2017-1656
RESERVED
-CVE-2017-1655
- RESERVED
+CVE-2017-1655 (IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management ...)
+ TODO: check
CVE-2017-1654 (IBM Spectrum Scale 4.1.1 and 4.2.0 - 4.2.3 could allow a local ...)
NOT-FOR-US: IBM
CVE-2017-1653 (IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management ...)
@@ -70799,8 +70839,8 @@ CVE-2017-1631 (IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is
NOT-FOR-US: IBM Jazz for Service Management
CVE-2017-1630
RESERVED
-CVE-2017-1629
- RESERVED
+CVE-2017-1629 (IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management ...)
+ TODO: check
CVE-2017-1628 (IBM Business Process Manager 8.6.0.0 allows authenticated users to ...)
NOT-FOR-US: IBM
CVE-2017-1627
@@ -70853,8 +70893,8 @@ CVE-2017-1604 (IBM Maximo Anywhere 7.5 and 7.6 is vulnerable to cross-site scrip
NOT-FOR-US: IBM Maximo Anywhere
CVE-2017-1603
RESERVED
-CVE-2017-1602
- RESERVED
+CVE-2017-1602 (IBM RSA DM (IBM Rational Collaborative Lifecycle Management 5.0 and ...)
+ TODO: check
CVE-2017-1601
RESERVED
CVE-2017-1600 (IBM Security Guardium 10.0 Database Activity Monitor is vulnerable to ...)
@@ -71009,8 +71049,8 @@ CVE-2017-1526
RESERVED
CVE-2017-1525
RESERVED
-CVE-2017-1524
- RESERVED
+CVE-2017-1524 (IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management ...)
+ TODO: check
CVE-2017-1523 (IBM InfoSphere Master Data Management - Collaborative Edition 11.5 ...)
NOT-FOR-US: IBM
CVE-2017-1522 (IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e0422238e8b64deec3ce8689e88abc47dce7b1bc
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e0422238e8b64deec3ce8689e88abc47dce7b1bc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180323/cc582370/attachment.html>
More information about the Secure-testing-commits
mailing list