Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3369e6e6 by security tracker role at 2018-01-24T21:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,6 +1,30 @@
-CVE-2017-18075
+CVE-2018-6189
RESERVED
-CVE-2018-1000018
+CVE-2018-6188
+ RESERVED
+CVE-2018-6187 (In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow
...)
+ TODO: check
+CVE-2018-6186
+ RESERVED
+CVE-2018-6185
+ RESERVED
+CVE-2018-6184 (ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the
/_next ...)
+ TODO: check
+CVE-2018-6183
+ RESERVED
+CVE-2018-6182
+ RESERVED
+CVE-2018-6181
+ RESERVED
+CVE-2018-6180
+ RESERVED
+CVE-2018-1000017
+ RESERVED
+CVE-2017-1000475 (FreeSSHd 1.3.1 version is vulnerable to an Unquoted Path
Service ...)
+ TODO: check
+CVE-2017-18075 (crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles
freeing ...)
+ TODO: check
+CVE-2018-1000018 (An information disclosure in ovirt-hosted-engine-setup prior
to 2.2.7 ...)
NOT-FOR-US: ovirt-engine
CVE-2018-6179
RESERVED
@@ -344,10 +368,10 @@ CVE-2018-6020
RESERVED
CVE-2018-6019
RESERVED
-CVE-2018-6018
- RESERVED
-CVE-2018-6017
- RESERVED
+CVE-2018-6018 (Fixed sizes of HTTPS responses in Tinder iOS app and Tinder
Android ...)
+ TODO: check
+CVE-2018-6017 (Unencrypted transmission of images in Tinder iOS app and Tinder
...)
+ TODO: check
CVE-2018-6016
RESERVED
CVE-2018-6015
@@ -472,16 +496,16 @@ CVE-2018-5990
RESERVED
CVE-2018-5989
RESERVED
-CVE-2018-5988
- RESERVED
+CVE-2018-5988 (SQL Injection exists in Flexible Poll 1.2 via the id parameter
to ...)
+ TODO: check
CVE-2018-5987
RESERVED
-CVE-2018-5986
- RESERVED
-CVE-2018-5985
- RESERVED
-CVE-2018-5984
- RESERVED
+CVE-2018-5986 (SQL Injection exists in Easy Car Script 2014 via the s_order or
s_row ...)
+ TODO: check
+CVE-2018-5985 (SQL Injection exists in the LiveCRM SaaS Cloud 1.0 component
for ...)
+ TODO: check
+CVE-2018-5984 (SQL Injection exists in the Tumder (An Arcade Games Platform)
2.1 ...)
+ TODO: check
CVE-2018-5983
RESERVED
CVE-2018-5982
@@ -490,28 +514,28 @@ CVE-2018-5981
RESERVED
CVE-2018-5980
RESERVED
-CVE-2018-5979
- RESERVED
-CVE-2018-5978
- RESERVED
-CVE-2018-5977
- RESERVED
-CVE-2018-5976
- RESERVED
+CVE-2018-5979 (SQL Injection exists in Wchat Fully Responsive PHP AJAX Chat
Script 1.5 ...)
+ TODO: check
+CVE-2018-5978 (SQL Injection exists in Facebook Style Php Ajax Chat Zechat 1.5
via the ...)
+ TODO: check
+CVE-2018-5977 (SQL Injection exists in Affiligator Affiliate Webshop
Management System ...)
+ TODO: check
+CVE-2018-5976 (Cross Site Request Forgery (CSRF) exists in RSVP Invitation
Online 1.0 ...)
+ TODO: check
CVE-2018-5975
RESERVED
CVE-2018-5974
RESERVED
CVE-2018-5973
RESERVED
-CVE-2018-5972
- RESERVED
+CVE-2018-5972 (SQL Injection exists in Classified Ads CMS Quickad 4.0 via the
...)
+ TODO: check
CVE-2018-5971
RESERVED
CVE-2018-5970
RESERVED
-CVE-2018-5969
- RESERVED
+CVE-2018-5969 (Cross Site Request Forgery (CSRF) exists in Photography CMS 1.0
via ...)
+ TODO: check
CVE-2018-5968 (FasterXML jackson-databind through 2.8.11 and 2.9.x through
2.9.3 ...)
TODO: check
CVE-2018-5967
@@ -917,10 +941,10 @@ CVE-2018-5780
RESERVED
CVE-2018-5779
RESERVED
-CVE-2018-5778
- RESERVED
-CVE-2018-5777
- RESERVED
+CVE-2018-5778 (An issue was discovered in Ipswitch WhatsUp Gold before 2017
Plus SP1 ...)
+ TODO: check
+CVE-2018-5777 (An issue was discovered in Ipswitch WhatsUp Gold before 2017
Plus SP1 ...)
+ TODO: check
CVE-2018-5775
RESERVED
CVE-2018-5774
@@ -1161,8 +1185,8 @@ CVE-2018-5707
RESERVED
CVE-2018-5706 (An issue was discovered in Octopus Deploy before 4.1.9. Any
user with ...)
NOT-FOR-US: Octopus Deploy
-CVE-2018-5705
- RESERVED
+CVE-2018-5705 (Reservo Image Hosting 1.6 is vulnerable to XSS attacks. The
affected ...)
+ TODO: check
CVE-2018-1000003 (Improper input validation bugs in DNSSEC validators
components in ...)
- pdns-recursor 4.1.1-1
[stretch] - pdns-recursor <not-affected> (Only affects 4.1)
@@ -1987,6 +2011,7 @@ CVE-2018-1000001 [Libc Realpath Buffer Underflow]
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22679
NOTE:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=52a713fdd0a30e1bd79818e2e3c4ab44ddca1a94
CVE-2018-5345 (A stack-based buffer overflow within GNOME gcab through 0.7.4
can be ...)
+ {DSA-4095-1}
- gcab 0.7-7 (bug #887776)
NOTE:
https://git.gnome.org/browse/gcab/commit/?id=bd2abee5f0a9b5cbe3a1ab1f338c4fb8f6ca797b
CVE-2018-5344 (In the Linux kernel through 4.14.13, drivers/block/loop.c
mishandles ...)
@@ -2060,8 +2085,8 @@ CVE-2018-5321
RESERVED
CVE-2018-5320
RESERVED
-CVE-2018-5319
- RESERVED
+CVE-2018-5319 (RAVPower FileHub 2.000.056 allows remote users to steal
sensitive ...)
+ TODO: check
CVE-2018-5318
RESERVED
CVE-2018-5317
@@ -3283,8 +3308,8 @@ CVE-2018-4836
RESERVED
CVE-2018-4835
RESERVED
-CVE-2018-4834
- RESERVED
+CVE-2018-4834 (A vulnerability has been identified in Desigo Automation
Controllers ...)
+ TODO: check
CVE-2018-4833
RESERVED
CVE-2018-4832
@@ -19943,8 +19968,7 @@ CVE-2017-15720
RESERVED
CVE-2017-15719
RESERVED
-CVE-2017-15718
- RESERVED
+CVE-2017-15718 (The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak
the ...)
- hadoop <itp> (bug #793644)
CVE-2017-15717 (A flaw in the way URLs are escaped and encoded in the ...)
NOT-FOR-US: Apache Sling
@@ -21596,8 +21620,7 @@ CVE-2017-15137
RESERVED
CVE-2017-15136
RESERVED
-CVE-2017-15135 [Authentication bypass due to lack of size check in
slapi_ct_memcmp function in ch_malloc.c]
- RESERVED
+CVE-2017-15135 (It was found that 389-ds-base since 1.3.6.1 up to and
including ...)
- 389-ds-base <unfixed>
CVE-2017-15134 [Remote DoS via search filters in slapi_filter_sprintf in
slapd/util.c]
RESERVED
@@ -26098,8 +26121,8 @@ CVE-2017-13698 (An issue was discovered on MOXA
EDS-G512E 5.1 build 16072215 dev
NOT-FOR-US: MOXA
CVE-2017-13697 (controllers/member/api.php in dayrui FineCms 5.0.11 has XSS
related to ...)
NOT-FOR-US: FineCMS
-CVE-2017-13696
- RESERVED
+CVE-2017-13696 (The vulnerability lies in the web server component of Dup
Scout ...)
+ TODO: check
CVE-2017-1000122 (The UNIX IPC layer in WebKit, including WebKitGTK+ prior to
2.16.3, ...)
- webkit2gtk 2.16.3-2 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2017-0007.html
@@ -30506,65 +30529,53 @@ CVE-2017-12188 (arch/x86/kvm/mmu.c in the Linux
kernel through 4.13.5, when nest
[wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1500380
NOTE: https://www.spinics.net/lists/kvm/msg156651.html
-CVE-2017-12187
- RESERVED
+CVE-2017-12187 (xorg-x11-server before 1.19.5 was missing length validation in
RENDER ...)
{DSA-4000-1 DLA-1186-1}
- xorg-server 2:1.19.5-1
NOTE:
https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e
-CVE-2017-12186
- RESERVED
+CVE-2017-12186 (xorg-x11-server before 1.19.5 was missing length validation in
...)
{DSA-4000-1}
- xorg-server 2:1.19.5-1
[wheezy] - xorg-server <not-affected> (Vulnerable code introduced later)
NOTE:
https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e
-CVE-2017-12185
- RESERVED
+CVE-2017-12185 (xorg-x11-server before 1.19.5 was missing length validation in
...)
{DSA-4000-1 DLA-1186-1}
- xorg-server 2:1.19.5-1
NOTE:
https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e
-CVE-2017-12184 [Unvalidated lengths]
- RESERVED
+CVE-2017-12184 (xorg-x11-server before 1.19.5 was missing length validation in
...)
{DSA-4000-1 DLA-1186-1}
- xorg-server 2:1.19.5-1
NOTE:
https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e
-CVE-2017-12183 [xfixes: unvalidated lengths]
- RESERVED
+CVE-2017-12183 (xorg-x11-server before 1.19.5 was missing length validation in
XFIXES ...)
{DSA-4000-1 DLA-1186-1}
- xorg-server 2:1.19.5-1
NOTE:
https://cgit.freedesktop.org/xorg/xserver/commit/?id=55caa8b08c84af2b50fbc936cf334a5a93dd7db5
-CVE-2017-12182 [hw/xfree86: unvalidated lengths]
- RESERVED
+CVE-2017-12182 (xorg-x11-server before 1.19.5 was missing length validation in
XFree86 ...)
{DSA-4000-1 DLA-1186-1}
- xorg-server 2:1.19.5-1
NOTE:
https://cgit.freedesktop.org/xorg/xserver/commit/?id=1b1d4c04695dced2463404174b50b3581dbd857b
-CVE-2017-12181 [hw/xfree86: unvalidated lengths]
- RESERVED
+CVE-2017-12181 (xorg-x11-server before 1.19.5 was missing length validation in
XFree86 ...)
{DSA-4000-1}
- xorg-server 2:1.19.5-1
[wheezy] - xorg-server <not-affected> (Vulnerable code introduced later)
NOTE:
https://cgit.freedesktop.org/xorg/xserver/commit/?id=1b1d4c04695dced2463404174b50b3581dbd857b
-CVE-2017-12180 [hw/xfree86: unvalidated lengths]
- RESERVED
+CVE-2017-12180 (xorg-x11-server before 1.19.5 was missing length validation in
XFree86 ...)
{DSA-4000-1 DLA-1186-1}
- xorg-server 2:1.19.5-1
NOTE:
https://cgit.freedesktop.org/xorg/xserver/commit/?id=1b1d4c04695dced2463404174b50b3581dbd857b
-CVE-2017-12179 [Xi: integer overflow and unvalidated length in
(S)ProcXIBarrierReleasePointer]
- RESERVED
+CVE-2017-12179 (xorg-x11-server before 1.19.5 was vulnerable to integer
overflow in ...)
{DSA-4000-1}
- xorg-server 2:1.19.5-1
[wheezy] - xorg-server <not-affected> (Vulnerable code introduced later)
-CVE-2017-12178 [Xi: fix wrong extra length check in ProcXIChangeHierarchy]
- RESERVED
+CVE-2017-12178 (xorg-x11-server before 1.19.5 had wrong extra length check in
...)
{DSA-4000-1 DLA-1186-1}
- xorg-server 2:1.19.5-1
NOTE:
https://cgit.freedesktop.org/xorg/xserver/commit/?id=859b08d523307eebde7724fd1a0789c44813e821
-CVE-2017-12177 [dbe: Unvalidated variable-length request in
ProcDbeGetVisualInfo]
- RESERVED
+CVE-2017-12177 (xorg-x11-server before 1.19.5 was vulnerable to integer
overflow in ...)
{DSA-4000-1 DLA-1186-1}
- xorg-server 2:1.19.5-1
NOTE:
https://cgit.freedesktop.org/xorg/xserver/commit/?id=4ca68b878e851e2136c234f40a25008297d8d831
-CVE-2017-12176 [Unvalidated extra length in ProcEstablishConnection]
- RESERVED
+CVE-2017-12176 (xorg-x11-server before 1.19.5 was missing extra length
validation in ...)
{DSA-4000-1 DLA-1186-1}
- xorg-server 2:1.19.5-1
NOTE:
https://cgit.freedesktop.org/xorg/xserver/commit/?id=b747da5e25be944337a9cd1415506fc06b70aa81
@@ -59923,7 +59934,7 @@ CVE-2017-2682 (The Siemens web application RUGGEDCOM
NMS < V1.2 on port 8080/
NOT-FOR-US: Siemens
CVE-2017-2681 (A vulnerability has been identified in Development/Evaluation
Kit DK ...)
NOT-FOR-US: Siemens
-CVE-2017-2680 (A vulnerability has been identified in Extension Unit 12"
PROFINET, ...)
+CVE-2017-2680 (A vulnerability has been identified in Development/Evaluation
Kit DK ...)
NOT-FOR-US: Siemens
CVE-2017-2679
RESERVED
@@ -62050,8 +62061,8 @@ CVE-2017-1771
RESERVED
CVE-2017-1770
RESERVED
-CVE-2017-1769
- RESERVED
+CVE-2017-1769 (IBM Business Process Manager 8.6 is vulnerable to cross-site
request ...)
+ TODO: check
CVE-2017-1768
RESERVED
CVE-2017-1767
@@ -67455,9 +67466,9 @@ CVE-2016-9161
REJECTED
CVE-2016-9160 (A vulnerability in SIEMENS SIMATIC WinCC (All versions <
SIMATIC WinCC ...)
NOT-FOR-US: Siemens SIMATIC WinCC
-CVE-2016-9159 (A vulnerability in SIEMENS SIMATIC S7-300 PN CPUs (all versions
...)
+CVE-2016-9159 (A vulnerability has been identified in SIMATIC S7-300 CPU
family, ...)
NOT-FOR-US: Siemens SIMATIC
-CVE-2016-9158 (A vulnerability in SIEMENS SIMATIC S7-300 PN CPUs before
V3.X.14 and ...)
+CVE-2016-9158 (A vulnerability has been identified in SIMATIC S7-300 CPU
family, ...)
NOT-FOR-US: Siemens SIMATIC
CVE-2016-9157 (A vulnerability in Siemens SICAM PAS (all versions before
V8.09) could ...)
NOT-FOR-US: Siemens SICAM PAS
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3369e6e6e524e5190597b7397251d05dbf39bcb8
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3369e6e6e524e5190597b7397251d05dbf39bcb8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
