Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 3369e6e6 by security tracker role at 2018-01-24T21:10:17+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,6 +1,30 @@ -CVE-2017-18075 +CVE-2018-6189 RESERVED -CVE-2018-1000018 +CVE-2018-6188 + RESERVED +CVE-2018-6187 (In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow ...) + TODO: check +CVE-2018-6186 + RESERVED +CVE-2018-6185 + RESERVED +CVE-2018-6184 (ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next ...) + TODO: check +CVE-2018-6183 + RESERVED +CVE-2018-6182 + RESERVED +CVE-2018-6181 + RESERVED +CVE-2018-6180 + RESERVED +CVE-2018-1000017 + RESERVED +CVE-2017-1000475 (FreeSSHd 1.3.1 version is vulnerable to an Unquoted Path Service ...) + TODO: check +CVE-2017-18075 (crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing ...) + TODO: check +CVE-2018-1000018 (An information disclosure in ovirt-hosted-engine-setup prior to 2.2.7 ...) NOT-FOR-US: ovirt-engine CVE-2018-6179 RESERVED @@ -344,10 +368,10 @@ CVE-2018-6020 RESERVED CVE-2018-6019 RESERVED -CVE-2018-6018 - RESERVED -CVE-2018-6017 - RESERVED +CVE-2018-6018 (Fixed sizes of HTTPS responses in Tinder iOS app and Tinder Android ...) + TODO: check +CVE-2018-6017 (Unencrypted transmission of images in Tinder iOS app and Tinder ...) + TODO: check CVE-2018-6016 RESERVED CVE-2018-6015 @@ -472,16 +496,16 @@ CVE-2018-5990 RESERVED CVE-2018-5989 RESERVED -CVE-2018-5988 - RESERVED +CVE-2018-5988 (SQL Injection exists in Flexible Poll 1.2 via the id parameter to ...) + TODO: check CVE-2018-5987 RESERVED -CVE-2018-5986 - RESERVED -CVE-2018-5985 - RESERVED -CVE-2018-5984 - RESERVED +CVE-2018-5986 (SQL Injection exists in Easy Car Script 2014 via the s_order or s_row ...) + TODO: check +CVE-2018-5985 (SQL Injection exists in the LiveCRM SaaS Cloud 1.0 component for ...) + TODO: check +CVE-2018-5984 (SQL Injection exists in the Tumder (An Arcade Games Platform) 2.1 ...) + TODO: check CVE-2018-5983 RESERVED CVE-2018-5982 @@ -490,28 +514,28 @@ CVE-2018-5981 RESERVED CVE-2018-5980 RESERVED -CVE-2018-5979 - RESERVED -CVE-2018-5978 - RESERVED -CVE-2018-5977 - RESERVED -CVE-2018-5976 - RESERVED +CVE-2018-5979 (SQL Injection exists in Wchat Fully Responsive PHP AJAX Chat Script 1.5 ...) + TODO: check +CVE-2018-5978 (SQL Injection exists in Facebook Style Php Ajax Chat Zechat 1.5 via the ...) + TODO: check +CVE-2018-5977 (SQL Injection exists in Affiligator Affiliate Webshop Management System ...) + TODO: check +CVE-2018-5976 (Cross Site Request Forgery (CSRF) exists in RSVP Invitation Online 1.0 ...) + TODO: check CVE-2018-5975 RESERVED CVE-2018-5974 RESERVED CVE-2018-5973 RESERVED -CVE-2018-5972 - RESERVED +CVE-2018-5972 (SQL Injection exists in Classified Ads CMS Quickad 4.0 via the ...) + TODO: check CVE-2018-5971 RESERVED CVE-2018-5970 RESERVED -CVE-2018-5969 - RESERVED +CVE-2018-5969 (Cross Site Request Forgery (CSRF) exists in Photography CMS 1.0 via ...) + TODO: check CVE-2018-5968 (FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 ...) TODO: check CVE-2018-5967 @@ -917,10 +941,10 @@ CVE-2018-5780 RESERVED CVE-2018-5779 RESERVED -CVE-2018-5778 - RESERVED -CVE-2018-5777 - RESERVED +CVE-2018-5778 (An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 ...) + TODO: check +CVE-2018-5777 (An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 ...) + TODO: check CVE-2018-5775 RESERVED CVE-2018-5774 @@ -1161,8 +1185,8 @@ CVE-2018-5707 RESERVED CVE-2018-5706 (An issue was discovered in Octopus Deploy before 4.1.9. Any user with ...) NOT-FOR-US: Octopus Deploy -CVE-2018-5705 - RESERVED +CVE-2018-5705 (Reservo Image Hosting 1.6 is vulnerable to XSS attacks. The affected ...) + TODO: check CVE-2018-1000003 (Improper input validation bugs in DNSSEC validators components in ...) - pdns-recursor 4.1.1-1 [stretch] - pdns-recursor <not-affected> (Only affects 4.1) @@ -1987,6 +2011,7 @@ CVE-2018-1000001 [Libc Realpath Buffer Underflow] NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22679 NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=52a713fdd0a30e1bd79818e2e3c4ab44ddca1a94 CVE-2018-5345 (A stack-based buffer overflow within GNOME gcab through 0.7.4 can be ...) + {DSA-4095-1} - gcab 0.7-7 (bug #887776) NOTE: https://git.gnome.org/browse/gcab/commit/?id=bd2abee5f0a9b5cbe3a1ab1f338c4fb8f6ca797b CVE-2018-5344 (In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles ...) @@ -2060,8 +2085,8 @@ CVE-2018-5321 RESERVED CVE-2018-5320 RESERVED -CVE-2018-5319 - RESERVED +CVE-2018-5319 (RAVPower FileHub 2.000.056 allows remote users to steal sensitive ...) + TODO: check CVE-2018-5318 RESERVED CVE-2018-5317 @@ -3283,8 +3308,8 @@ CVE-2018-4836 RESERVED CVE-2018-4835 RESERVED -CVE-2018-4834 - RESERVED +CVE-2018-4834 (A vulnerability has been identified in Desigo Automation Controllers ...) + TODO: check CVE-2018-4833 RESERVED CVE-2018-4832 @@ -19943,8 +19968,7 @@ CVE-2017-15720 RESERVED CVE-2017-15719 RESERVED -CVE-2017-15718 - RESERVED +CVE-2017-15718 (The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak the ...) - hadoop <itp> (bug #793644) CVE-2017-15717 (A flaw in the way URLs are escaped and encoded in the ...) NOT-FOR-US: Apache Sling @@ -21596,8 +21620,7 @@ CVE-2017-15137 RESERVED CVE-2017-15136 RESERVED -CVE-2017-15135 [Authentication bypass due to lack of size check in slapi_ct_memcmp function in ch_malloc.c] - RESERVED +CVE-2017-15135 (It was found that 389-ds-base since 1.3.6.1 up to and including ...) - 389-ds-base <unfixed> CVE-2017-15134 [Remote DoS via search filters in slapi_filter_sprintf in slapd/util.c] RESERVED @@ -26098,8 +26121,8 @@ CVE-2017-13698 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 dev NOT-FOR-US: MOXA CVE-2017-13697 (controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to ...) NOT-FOR-US: FineCMS -CVE-2017-13696 - RESERVED +CVE-2017-13696 (The vulnerability lies in the web server component of Dup Scout ...) + TODO: check CVE-2017-1000122 (The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, ...) - webkit2gtk 2.16.3-2 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2017-0007.html @@ -30506,65 +30529,53 @@ CVE-2017-12188 (arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nest [wheezy] - linux <not-affected> (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1500380 NOTE: https://www.spinics.net/lists/kvm/msg156651.html -CVE-2017-12187 - RESERVED +CVE-2017-12187 (xorg-x11-server before 1.19.5 was missing length validation in RENDER ...) {DSA-4000-1 DLA-1186-1} - xorg-server 2:1.19.5-1 NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e -CVE-2017-12186 - RESERVED +CVE-2017-12186 (xorg-x11-server before 1.19.5 was missing length validation in ...) {DSA-4000-1} - xorg-server 2:1.19.5-1 [wheezy] - xorg-server <not-affected> (Vulnerable code introduced later) NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e -CVE-2017-12185 - RESERVED +CVE-2017-12185 (xorg-x11-server before 1.19.5 was missing length validation in ...) {DSA-4000-1 DLA-1186-1} - xorg-server 2:1.19.5-1 NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e -CVE-2017-12184 [Unvalidated lengths] - RESERVED +CVE-2017-12184 (xorg-x11-server before 1.19.5 was missing length validation in ...) {DSA-4000-1 DLA-1186-1} - xorg-server 2:1.19.5-1 NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e -CVE-2017-12183 [xfixes: unvalidated lengths] - RESERVED +CVE-2017-12183 (xorg-x11-server before 1.19.5 was missing length validation in XFIXES ...) {DSA-4000-1 DLA-1186-1} - xorg-server 2:1.19.5-1 NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=55caa8b08c84af2b50fbc936cf334a5a93dd7db5 -CVE-2017-12182 [hw/xfree86: unvalidated lengths] - RESERVED +CVE-2017-12182 (xorg-x11-server before 1.19.5 was missing length validation in XFree86 ...) {DSA-4000-1 DLA-1186-1} - xorg-server 2:1.19.5-1 NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=1b1d4c04695dced2463404174b50b3581dbd857b -CVE-2017-12181 [hw/xfree86: unvalidated lengths] - RESERVED +CVE-2017-12181 (xorg-x11-server before 1.19.5 was missing length validation in XFree86 ...) {DSA-4000-1} - xorg-server 2:1.19.5-1 [wheezy] - xorg-server <not-affected> (Vulnerable code introduced later) NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=1b1d4c04695dced2463404174b50b3581dbd857b -CVE-2017-12180 [hw/xfree86: unvalidated lengths] - RESERVED +CVE-2017-12180 (xorg-x11-server before 1.19.5 was missing length validation in XFree86 ...) {DSA-4000-1 DLA-1186-1} - xorg-server 2:1.19.5-1 NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=1b1d4c04695dced2463404174b50b3581dbd857b -CVE-2017-12179 [Xi: integer overflow and unvalidated length in (S)ProcXIBarrierReleasePointer] - RESERVED +CVE-2017-12179 (xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ...) {DSA-4000-1} - xorg-server 2:1.19.5-1 [wheezy] - xorg-server <not-affected> (Vulnerable code introduced later) -CVE-2017-12178 [Xi: fix wrong extra length check in ProcXIChangeHierarchy] - RESERVED +CVE-2017-12178 (xorg-x11-server before 1.19.5 had wrong extra length check in ...) {DSA-4000-1 DLA-1186-1} - xorg-server 2:1.19.5-1 NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=859b08d523307eebde7724fd1a0789c44813e821 -CVE-2017-12177 [dbe: Unvalidated variable-length request in ProcDbeGetVisualInfo] - RESERVED +CVE-2017-12177 (xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ...) {DSA-4000-1 DLA-1186-1} - xorg-server 2:1.19.5-1 NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=4ca68b878e851e2136c234f40a25008297d8d831 -CVE-2017-12176 [Unvalidated extra length in ProcEstablishConnection] - RESERVED +CVE-2017-12176 (xorg-x11-server before 1.19.5 was missing extra length validation in ...) {DSA-4000-1 DLA-1186-1} - xorg-server 2:1.19.5-1 NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=b747da5e25be944337a9cd1415506fc06b70aa81 @@ -59923,7 +59934,7 @@ CVE-2017-2682 (The Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/ NOT-FOR-US: Siemens CVE-2017-2681 (A vulnerability has been identified in Development/Evaluation Kit DK ...) NOT-FOR-US: Siemens -CVE-2017-2680 (A vulnerability has been identified in Extension Unit 12" PROFINET, ...) +CVE-2017-2680 (A vulnerability has been identified in Development/Evaluation Kit DK ...) NOT-FOR-US: Siemens CVE-2017-2679 RESERVED @@ -62050,8 +62061,8 @@ CVE-2017-1771 RESERVED CVE-2017-1770 RESERVED -CVE-2017-1769 - RESERVED +CVE-2017-1769 (IBM Business Process Manager 8.6 is vulnerable to cross-site request ...) + TODO: check CVE-2017-1768 RESERVED CVE-2017-1767 @@ -67455,9 +67466,9 @@ CVE-2016-9161 REJECTED CVE-2016-9160 (A vulnerability in SIEMENS SIMATIC WinCC (All versions < SIMATIC WinCC ...) NOT-FOR-US: Siemens SIMATIC WinCC -CVE-2016-9159 (A vulnerability in SIEMENS SIMATIC S7-300 PN CPUs (all versions ...) +CVE-2016-9159 (A vulnerability has been identified in SIMATIC S7-300 CPU family, ...) NOT-FOR-US: Siemens SIMATIC -CVE-2016-9158 (A vulnerability in SIEMENS SIMATIC S7-300 PN CPUs before V3.X.14 and ...) +CVE-2016-9158 (A vulnerability has been identified in SIMATIC S7-300 CPU family, ...) NOT-FOR-US: Siemens SIMATIC CVE-2016-9157 (A vulnerability in Siemens SICAM PAS (all versions before V8.09) could ...) NOT-FOR-US: Siemens SICAM PAS View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3369e6e6e524e5190597b7397251d05dbf39bcb8 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3369e6e6e524e5190597b7397251d05dbf39bcb8 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits