Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
81276d56 by security tracker role at 2018-01-19T21:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,31 @@
+CVE-2018-5799
+ RESERVED
+CVE-2018-5798
+ RESERVED
+CVE-2018-5797
+ RESERVED
+CVE-2018-5796
+ RESERVED
+CVE-2018-5795
+ RESERVED
+CVE-2018-5794
+ RESERVED
+CVE-2018-5793
+ RESERVED
+CVE-2018-5792
+ RESERVED
+CVE-2018-5791
+ RESERVED
+CVE-2018-5790
+ RESERVED
+CVE-2018-5789
+ RESERVED
+CVE-2018-5788
+ RESERVED
+CVE-2018-5787
+ RESERVED
+CVE-2017-18044 (A Command Injection issue was discovered in ...)
+ TODO: check
CVE-2018-5786 (In Long Range Zip (aka lrzip) 0.631, there is an infinite loop
and ...)
- lrzip <unfixed>
NOTE: https://github.com/ckolivas/lrzip/issues/91
@@ -38,7 +66,7 @@ CVE-2017-18043 [integer overflow in ROUND_UP macro could
result in DoS]
NOTE: Fixed by:
https://git.qemu.org/?p=qemu.git;a=commit;h=2098b073f398cd628c09c5a78537a6854
NOTE: Broken since:
https://git.qemu.org/?p=qemu.git;a=object;h=292c8e50 (v1.5.0)
NOTE: Fix included in 1:2.10.0+dfsg-2 via
debian/patches/qemu-2.10.1.diff patch
-CVE-2016-10707 (jQuery before 3.0.0 is vulnerable to Denial of Service (DoS)
due to ...)
+CVE-2016-10707 (jQuery 3.0.0-rc.1 is vulnerable to Denial of Service (DoS) due
to ...)
- jquery <not-affected> (Vulnerable code never in unstable; only
experimental)
NOTE: https://github.com/jquery/jquery/issues/3133
NOTE: https://github.com/jquery/jquery/pull/3134
@@ -57,7 +85,7 @@ CVE-2012-6708 (jQuery before 1.9.0 is vulnerable to
Cross-site Scripting (XSS) .
NOTE:
https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d
NOTE: https://snyk.io/vuln/npm:jquery:20120206
NOTE: 1.9 release introduced backwards incompatible changes to fix
this, so may be too invasive to fix
-CVE-2018-5776 [XSS vulnerability in MediaElement]
+CVE-2018-5776 (WordPress before 4.9.2 has XSS in the Flash fallback files in
...)
- wordpress <unfixed> (bug #887596)
NOTE:
https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release/
NOTE:
https://github.com/WordPress/WordPress/commit/3fe9cb61ee71fcfadb5e002399296fcc1198d850
@@ -2172,6 +2200,7 @@ CVE-2017-1000482 (A member of the Plone 2.5-5.1rc1 site
could set javascript in
CVE-2017-1000481 (When you visit a page where you need to login, Plone
2.5-5.1rc1 sends ...)
NOT-FOR-US: Plone
CVE-2017-1000480 (Smarty 3 before 3.1.32 is vulnerable to a PHP code injection
when ...)
+ {DLA-1249-1}
- smarty <removed>
- smarty3 3.1.31+20161214.1.c7d42e4+selfpack1-3 (bug #886460)
NOTE:
https://github.com/smarty-php/smarty/commit/614ad1f8b9b00086efc123e49b7bb8efbfa81b61
@@ -7738,7 +7767,7 @@ CVE-2018-2670 (Vulnerability in the Oracle Financial
Services Profitability ...)
CVE-2018-2669 (Vulnerability in the Oracle Hospitality Reporting and Analytics
...)
NOT-FOR-US: Oracle
CVE-2018-2668 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DSA-4091-1}
+ {DSA-4091-1 DLA-1250-1}
- mysql-5.7 <unfixed> (bug #887477)
- mysql-5.5 <removed>
NOTE:
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
@@ -7749,7 +7778,7 @@ CVE-2018-2667 (Vulnerability in the MySQL Server
component of Oracle MySQL ...)
CVE-2018-2666 (Vulnerability in the Oracle Hospitality Labor Management
component of ...)
NOT-FOR-US: Oracle
CVE-2018-2665 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DSA-4091-1}
+ {DSA-4091-1 DLA-1250-1}
- mysql-5.7 <unfixed> (bug #887477)
- mysql-5.5 <removed>
NOTE:
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
@@ -7820,7 +7849,7 @@ CVE-2018-2641 (Vulnerability in the Java SE, Java SE
Embedded component of Oracl
- openjdk-6 <removed>
[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2640 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DSA-4091-1}
+ {DSA-4091-1 DLA-1250-1}
- mysql-5.7 <unfixed> (bug #887477)
- mysql-5.5 <removed>
NOTE:
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
@@ -7878,7 +7907,7 @@ CVE-2018-2624 (Vulnerability in the Sun ZFS Storage
Appliance Kit (AK) component
CVE-2018-2623 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK)
component of ...)
NOT-FOR-US: Oracle
CVE-2018-2622 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DSA-4091-1}
+ {DSA-4091-1 DLA-1250-1}
- mysql-5.7 <unfixed> (bug #887477)
- mysql-5.5 <removed>
NOTE:
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
@@ -8048,7 +8077,7 @@ CVE-2018-2564 (Vulnerability in the Oracle WebCenter
Content component of Oracle
CVE-2018-2563
RESERVED
CVE-2018-2562 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- {DSA-4091-1}
+ {DSA-4091-1 DLA-1250-1}
- mysql-5.7 5.7.20-1
- mysql-5.5 <removed>
NOTE:
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
@@ -10486,8 +10515,8 @@ CVE-2018-1364
RESERVED
CVE-2018-1363
RESERVED
-CVE-2018-1362
- RESERVED
+CVE-2018-1362 (IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and
7.0.1 ...)
+ TODO: check
CVE-2018-1361 (IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site
...)
NOT-FOR-US: IBM WebSphere Portal
CVE-2017-17684 (Panda Global Protection 17.0.1 allows a system crash via a
0xb3702c04 ...)
@@ -18946,8 +18975,8 @@ CVE-2017-15715
RESERVED
CVE-2017-15714 (The BIRT plugin in Apache OFBiz 16.11.01 to 16.11.03 does not
escape ...)
NOT-FOR-US: BIRT plugin in Apache OFBiz
-CVE-2017-15713
- RESERVED
+CVE-2017-15713 (Vulnerability in Apache Hadoop 0.23.x, 2.x before 2.7.5, 2.8.x
before ...)
+ TODO: check
CVE-2017-15712
RESERVED
CVE-2017-15711
@@ -23919,14 +23948,14 @@ CVE-2017-14102 (MIMEDefang 2.80 and earlier creates a
PID file after dropping ..
NOTE:
http://lists.roaringpenguin.com/pipermail/mimedefang/2017-August/038085.html
CVE-2017-14101 (A security researcher found an XML External Entity (XXE)
vulnerability ...)
NOT-FOR-US: Conserus Image Repository
-CVE-2017-14097
- RESERVED
-CVE-2017-14096
- RESERVED
-CVE-2017-14095
- RESERVED
-CVE-2017-14094
- RESERVED
+CVE-2017-14097 (An improper access control vulnerability in Trend Micro Smart
...)
+ TODO: check
+CVE-2017-14096 (A stored cross site scripting (XSS) vulnerability in Trend
Micro Smart ...)
+ TODO: check
+CVE-2017-14095 (A vulnerability in Trend Micro Smart Protection Server
(Standalone) ...)
+ TODO: check
+CVE-2017-14094 (A vulnerability in Trend Micro Smart Protection Server
(Standalone) ...)
+ TODO: check
CVE-2017-14093 (The Log Query and Quarantine Query pages in Trend Micro
ScanMail for ...)
NOT-FOR-US: Trend Micro ScanMail for Exchange
CVE-2017-14092 (The absence of Anti-CSRF tokens in Trend Micro ScanMail for
Exchange ...)
@@ -23949,8 +23978,8 @@ CVE-2017-14084 (A potential Man-in-the-Middle (MitM)
attack vulnerability in Tre
NOT-FOR-US: Trend Micro
CVE-2017-14083 (A vulnerability in Trend Micro OfficeScan 11.0 and XG allows
remote ...)
NOT-FOR-US: Trend Micro
-CVE-2017-14082
- RESERVED
+CVE-2017-14082 (An uninitialized pointer information disclosure vulnerability
in Trend ...)
+ TODO: check
CVE-2017-14081 (Proxy command injection vulnerabilities in Trend Micro Mobile
Security ...)
NOT-FOR-US: Trend Micro Mobile Security
CVE-2017-14080 (Authentication bypass vulnerability in Trend Micro Mobile
Security ...)
@@ -29819,10 +29848,10 @@ CVE-2017-12100
RESERVED
CVE-2017-12099
RESERVED
-CVE-2017-12098
- RESERVED
-CVE-2017-12097
- RESERVED
+CVE-2017-12098 (An exploitable cross site scripting (XSS) vulnerability exists
in the ...)
+ TODO: check
+CVE-2017-12097 (An exploitable cross site scripting (XSS) vulnerability exists
in the ...)
+ TODO: check
CVE-2017-12096 (An exploitable vulnerability exists in the WiFi management of
Circle ...)
NOT-FOR-US: Circle of Disney
CVE-2017-12095
@@ -31814,8 +31843,8 @@ CVE-2017-11399 (Integer overflow in the
ape_decode_frame function in ...)
- ffmpeg 7:3.3.3-1
NOTE:
https://github.com/FFmpeg/FFmpeg/commit/ba4beaf6149f7241c8bd85fe853318c2f6837ad0
NOTE: Fixed in 3.2.7
-CVE-2017-11398
- RESERVED
+CVE-2017-11398 (A session hijacking via log disclosure vulnerability in Trend
Micro ...)
+ TODO: check
CVE-2017-11397 (A service DLL preloading vulnerability in Trend Micro
Encryption for ...)
NOT-FOR-US: Trend Micro
CVE-2017-11396 (Vulnerability issues with the web service inspection of input
...)
@@ -44485,12 +44514,12 @@ CVE-2017-7329
RESERVED
CVE-2017-7328
RESERVED
-CVE-2017-7327
- RESERVED
-CVE-2017-7326
- RESERVED
-CVE-2017-7325
- RESERVED
+CVE-2017-7327 (Yandex Browser installer for Desktop before 17.4.1 has a DLL
Hijacking ...)
+ TODO: check
+CVE-2017-7326 (Race condition issue in Yandex Browser for Android before
17.4.0.16 ...)
+ TODO: check
+CVE-2017-7325 (Yandex Browser before 16.9.0 allows remote attackers to spoof
the ...)
+ TODO: check
CVE-2017-7324 (setup/templates/findcore.php in MODX Revolution 2.5.4-pl and
earlier ...)
NOT-FOR-US: MODX Revolution
CVE-2017-7323 (The (1) update and (2) package-installation features in MODX
...)
@@ -48220,8 +48249,8 @@ CVE-2017-6144 (In F5 BIG-IP PEM 12.1.0 through 12.1.2
when downloading the Type
NOT-FOR-US: F5 BIG-IP
CVE-2017-6143
RESERVED
-CVE-2017-6142
- RESERVED
+CVE-2017-6142 (X509 certificate verification was not correctly implemented in
the ...)
+ TODO: check
CVE-2017-6141 (In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, and
...)
NOT-FOR-US: F5 BIG-IP
CVE-2017-6140 (On the BIG-IP 2000s, 2200s, 4000s, 4200v, i5600, i5800, i7600,
i7800, ...)
@@ -61159,8 +61188,8 @@ CVE-2017-1695
RESERVED
CVE-2017-1694 (IBM Integration Bus 9.0 and 10.0 transmits user credentials in
plain ...)
NOT-FOR-US: IBM Integration Bus
-CVE-2017-1693
- RESERVED
+CVE-2017-1693 (IBM Integration Bus 9.0 and 10.0 could allow an attacker that
has ...)
+ TODO: check
CVE-2017-1692
RESERVED
CVE-2017-1691
@@ -101170,8 +101199,8 @@ CVE-2015-6929 (Multiple cross-site scripting (XSS)
vulnerabilities in Nokia Netw
NOT-FOR-US: Nokia
CVE-2015-6928 (classes/admin.class.php in CubeCart 5.2.12 through 5.2.16 and
6.x ...)
NOT-FOR-US: CubeCart
-CVE-2015-6926
- RESERVED
+CVE-2015-6926 (The OpenID Single Sign-On authentication functionality in OXID
eShop ...)
+ TODO: check
CVE-2015-6925 (wolfSSL (formerly CyaSSL) before 3.6.8 allows remote attackers
to ...)
- wolfssl 3.9.10+dfsg-1 (bug #801120)
CVE-2015-6924
@@ -133725,8 +133754,8 @@ CVE-2014-4921
RESERVED
CVE-2014-4920
RESERVED
-CVE-2014-4919
- RESERVED
+CVE-2014-4919 (OXID eShop Professional Edition before 4.7.13 and 4.8.x before
4.8.7, ...)
+ TODO: check
CVE-2014-4918
RESERVED
NOT-FOR-US: TR-069 Auto Configuration Servers
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/81276d56930521a50bcf6a9043dcb1984ffd3678
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/81276d56930521a50bcf6a9043dcb1984ffd3678
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
