Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d8c5dfb1 by security tracker role at 2018-01-25T09:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,14 +1,262 @@
-CVE-2018-6198 [insecure temporary files creation when ~/.w3m is unwritable]
+CVE-2018-6312
+ RESERVED
+CVE-2018-6311
+ RESERVED
+CVE-2018-6310
+ RESERVED
+CVE-2018-6309
+ RESERVED
+CVE-2018-6308 (Multiple SQL injections exist in SugarCRM Community Edition
6.5.26 and ...)
+ TODO: check
+CVE-2018-6307
+ RESERVED
+CVE-2018-6306
+ RESERVED
+CVE-2018-6305
+ RESERVED
+CVE-2018-6304
+ RESERVED
+CVE-2018-6303
+ RESERVED
+CVE-2018-6302
+ RESERVED
+CVE-2018-6301
+ RESERVED
+CVE-2018-6300
+ RESERVED
+CVE-2018-6299
+ RESERVED
+CVE-2018-6298
+ RESERVED
+CVE-2018-6297
+ RESERVED
+CVE-2018-6296
+ RESERVED
+CVE-2018-6295
+ RESERVED
+CVE-2018-6294
+ RESERVED
+CVE-2018-6293
+ RESERVED
+CVE-2018-6292
+ RESERVED
+CVE-2018-6291
+ RESERVED
+CVE-2018-6290
+ RESERVED
+CVE-2018-6289
+ RESERVED
+CVE-2018-6288
+ RESERVED
+CVE-2018-6287
+ RESERVED
+CVE-2018-6286
+ RESERVED
+CVE-2018-6285
+ RESERVED
+CVE-2018-6284
+ RESERVED
+CVE-2018-6283
+ RESERVED
+CVE-2018-6282
+ RESERVED
+CVE-2018-6281
+ RESERVED
+CVE-2018-6280
+ RESERVED
+CVE-2018-6279
+ RESERVED
+CVE-2018-6278
+ RESERVED
+CVE-2018-6277
+ RESERVED
+CVE-2018-6276
+ RESERVED
+CVE-2018-6275
+ RESERVED
+CVE-2018-6274
+ RESERVED
+CVE-2018-6273
+ RESERVED
+CVE-2018-6272
+ RESERVED
+CVE-2018-6271
+ RESERVED
+CVE-2018-6270
+ RESERVED
+CVE-2018-6269
+ RESERVED
+CVE-2018-6268
+ RESERVED
+CVE-2018-6267
+ RESERVED
+CVE-2018-6266
+ RESERVED
+CVE-2018-6265
+ RESERVED
+CVE-2018-6264
+ RESERVED
+CVE-2018-6263
+ RESERVED
+CVE-2018-6262
+ RESERVED
+CVE-2018-6261
+ RESERVED
+CVE-2018-6260
+ RESERVED
+CVE-2018-6259
+ RESERVED
+CVE-2018-6258
+ RESERVED
+CVE-2018-6257
+ RESERVED
+CVE-2018-6256
+ RESERVED
+CVE-2018-6255
+ RESERVED
+CVE-2018-6254
+ RESERVED
+CVE-2018-6253
+ RESERVED
+CVE-2018-6252
+ RESERVED
+CVE-2018-6251
+ RESERVED
+CVE-2018-6250
+ RESERVED
+CVE-2018-6249
+ RESERVED
+CVE-2018-6248
+ RESERVED
+CVE-2018-6247
+ RESERVED
+CVE-2018-6246
+ RESERVED
+CVE-2018-6245
+ RESERVED
+CVE-2018-6244
+ RESERVED
+CVE-2018-6243
+ RESERVED
+CVE-2018-6242
+ RESERVED
+CVE-2018-6241
+ RESERVED
+CVE-2018-6240
+ RESERVED
+CVE-2018-6239
+ RESERVED
+CVE-2018-6238
+ RESERVED
+CVE-2018-6237
+ RESERVED
+CVE-2018-6236
+ RESERVED
+CVE-2018-6235
+ RESERVED
+CVE-2018-6234
+ RESERVED
+CVE-2018-6233
+ RESERVED
+CVE-2018-6232
+ RESERVED
+CVE-2018-6231
+ RESERVED
+CVE-2018-6230
+ RESERVED
+CVE-2018-6229
+ RESERVED
+CVE-2018-6228
+ RESERVED
+CVE-2018-6227
+ RESERVED
+CVE-2018-6226
+ RESERVED
+CVE-2018-6225
+ RESERVED
+CVE-2018-6224
+ RESERVED
+CVE-2018-6223
+ RESERVED
+CVE-2018-6222
+ RESERVED
+CVE-2018-6221
+ RESERVED
+CVE-2018-6220
+ RESERVED
+CVE-2018-6219
+ RESERVED
+CVE-2018-6218
+ RESERVED
+CVE-2018-6217 (The WStr::_alloc_iostr_data() function in kso.dll in Kingsoft
WPS ...)
+ TODO: check
+CVE-2018-6216
+ RESERVED
+CVE-2018-6215
+ RESERVED
+CVE-2018-6214
+ RESERVED
+CVE-2018-6213
+ RESERVED
+CVE-2018-6212
+ RESERVED
+CVE-2018-6211
+ RESERVED
+CVE-2018-6210
+ RESERVED
+CVE-2018-6209 (In Max Secure Anti Virus 19.0.3.019,, the driver file
(MaxCryptMon.sys) ...)
+ TODO: check
+CVE-2018-6208 (In Max Secure Anti Virus 19.0.3.019,, the driver file ...)
+ TODO: check
+CVE-2018-6207 (In Max Secure Anti Virus 19.0.3.019,, the driver file ...)
+ TODO: check
+CVE-2018-6206 (In Max Secure Anti Virus 19.0.3.019,, the driver file ...)
+ TODO: check
+CVE-2018-6205 (In Max Secure Anti Virus 19.0.3.019,, the driver file ...)
+ TODO: check
+CVE-2018-6204 (In Max Secure Anti Virus 19.0.3.019,, the driver file
(SDActMon.sys) ...)
+ TODO: check
+CVE-2018-6203 (In eScan Antivirus 14.0.1400.2029, the driver file
(econceal.sys) ...)
+ TODO: check
+CVE-2018-6202 (In eScan Antivirus 14.0.1400.2029, the driver file
(econceal.sys) ...)
+ TODO: check
+CVE-2018-6201 (In eScan Antivirus 14.0.1400.2029, the driver file
(econceal.sys) ...)
+ TODO: check
+CVE-2018-6200 (vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect
via the ...)
+ TODO: check
+CVE-2018-6199
+ RESERVED
+CVE-2018-6195
+ RESERVED
+CVE-2018-6194
+ RESERVED
+CVE-2018-6193 (A Cross-Site Scripting (XSS) vulnerability was found in
Routers2 2.24, ...)
+ TODO: check
+CVE-2018-6192 (In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in ...)
+ TODO: check
+CVE-2018-6191 (The js_strtod function in jsdtoa.c in Artifex MuJS through
1.0.2 has an ...)
+ TODO: check
+CVE-2018-6190 (Netis WF2419 V3.2.41381 devices allow XSS via the Description
field on ...)
+ TODO: check
+CVE-2017-1000504 (A race condition during Jenkins 2.94 and earlier; 2.89.1 and
earlier ...)
+ TODO: check
+CVE-2017-1000503 (A race condition during Jenkins 2.81 through 2.94
(inclusive); 2.89.1 ...)
+ TODO: check
+CVE-2017-1000502 (Users with permission to create or configure agents in
Jenkins 1.37 ...)
+ TODO: check
+CVE-2017-1000474 (Soyket Chowdhury Vehicle Sales Management System version
2017-07-30 is ...)
+ TODO: check
+CVE-2018-6198 (w3m through 0.5.3 does not properly handle temporary files when
the ...)
- w3m <unfixed> (bug #888097; unimportant)
NOTE:
https://github.com/tats/w3m/commit/18dcbadf2771cdb0c18509b14e4e73505b242753
NOTE: Neutralised by kernel hardening
-CVE-2018-6197 [segv in columnPos]
+CVE-2018-6197 (w3m through 0.5.3 is prone to a NULL pointer dereference flaw
in ...)
- w3m <unfixed>
[stretch] - w3m <no-dsa> (Minor issue)
[jessie] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/89
NOTE:
https://github.com/tats/w3m/commit/7fdc83b0364005a0b5ed869230dd81752ba022e8
-CVE-2018-6196 [infinite recursion in HTMLlineproc0]
+CVE-2018-6196 (w3m through 0.5.3 is prone to an infinite recursion flaw in ...)
- w3m <unfixed>
[stretch] - w3m <no-dsa> (Minor issue)
[jessie] - w3m <no-dsa> (Minor issue)
@@ -495,8 +743,7 @@ CVE-2018-5998
RESERVED
CVE-2018-5997
RESERVED
-CVE-2018-1000007 [HTTP authentication leak in redirects]
- RESERVED
+CVE-2018-1000007 (libcurl 7.1 through 7.57.0 might accidentally leak
authentication data ...)
- curl 7.58.0-1
NOTE: https://curl.haxx.se/docs/adv_2018-b3bf.html
NOTE: Patch: https://github.com/curl/curl/commit/af32cd3859336ab.patch
@@ -562,8 +809,8 @@ CVE-2018-5968 (FasterXML jackson-databind through 2.8.11
and 2.9.x through 2.9.3
- jackson-databind <unfixed> (bug #888316)
NOTE: https://github.com/FasterXML/jackson-databind/issues/1899
NOTE:
https://github.com/FasterXML/jackson-databind/commit/038b471e2efde2e8f96b4e0be958d3e5a1ff1d05
-CVE-2018-5967
- RESERVED
+CVE-2018-5967 (Netis WF2419 V2.2.36123 devices allow XSS via the Description
parameter ...)
+ TODO: check
CVE-2018-5966
RESERVED
CVE-2018-5965
@@ -911,8 +1158,8 @@ CVE-2018-5801
RESERVED
CVE-2018-5800
RESERVED
-CVE-2018-1000006
- RESERVED
+CVE-2018-1000006 (GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10
and earlier, ...)
+ TODO: check
CVE-2018-5799
RESERVED
CVE-2018-5798
@@ -1045,8 +1292,8 @@ CVE-2018-5761 (A man-in-the-middle vulnerability related
to vCenter access was f
NOT-FOR-US: Rubrik CDM
CVE-2018-5760
RESERVED
-CVE-2018-5759
- RESERVED
+CVE-2018-5759 (jsparse.c in Artifex MuJS through 1.0.2 does not properly
maintain the ...)
+ TODO: check
CVE-2018-5758
RESERVED
CVE-2018-5757
@@ -1131,8 +1378,7 @@ CVE-2018-5733
RESERVED
CVE-2018-5732
RESERVED
-CVE-2018-1000005 [HTTP/2 trailer out-of-bounds read]
- RESERVED
+CVE-2018-1000005 (libcurl 7.49.0 to and including 7.57.0 contains an out
bounds read in ...)
- curl 7.58.0-1
[jessie] - curl <not-affected> (Vulnerable code introduce later)
[wheezy] - curl <not-affected> (Vulnerable code introduce later)
@@ -1788,12 +2034,12 @@ CVE-2018-5447
RESERVED
CVE-2018-5446
RESERVED
-CVE-2018-5445
- RESERVED
+CVE-2018-5445 (A Path Traversal issue was discovered in Advantech
WebAccess/SCADA ...)
+ TODO: check
CVE-2018-5444
RESERVED
-CVE-2018-5443
- RESERVED
+CVE-2018-5443 (A SQL Injection issue was discovered in Advantech
WebAccess/SCADA ...)
+ TODO: check
CVE-2018-5442
RESERVED
CVE-2018-5441
@@ -2588,6 +2834,7 @@ CVE-2018-5118
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5118
CVE-2018-5117
RESERVED
+ {DSA-4096-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5117
@@ -2642,18 +2889,21 @@ CVE-2018-5105
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5105
CVE-2018-5104
RESERVED
+ {DSA-4096-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5104
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5104
CVE-2018-5103
RESERVED
+ {DSA-4096-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5103
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5103
CVE-2018-5102
RESERVED
+ {DSA-4096-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5102
@@ -2668,28 +2918,33 @@ CVE-2018-5100
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5100
CVE-2018-5099
RESERVED
+ {DSA-4096-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5099
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5099
CVE-2018-5098
RESERVED
+ {DSA-4096-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5098
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5098
CVE-2018-5097
RESERVED
+ {DSA-4096-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5097
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5097
CVE-2018-5096
RESERVED
+ {DSA-4096-1 DLA-1256-1}
- firefox-esr 52.6.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5096
CVE-2018-5095
RESERVED
+ {DSA-4096-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
- skia <itp> (bug #818180)
@@ -2709,6 +2964,7 @@ CVE-2018-5092
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5092
CVE-2018-5091
RESERVED
+ {DSA-4096-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5091
@@ -2719,6 +2975,7 @@ CVE-2018-5090
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5090
CVE-2018-5089
RESERVED
+ {DSA-4096-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5089
@@ -13095,13 +13352,11 @@ CVE-2018-1049 [automount: access to automounted
volumes can lock up]
NOTE: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1709649
NOTE: https://github.com/systemd/systemd/pull/5916
NOTE:
https://github.com/systemd/systemd/commit/e7d54bf58789545a9eb0b3964233defa0b007318
-CVE-2018-1048 [ALLOW_ENCODED_SLASH option not taken into account in the
AjpRequestParser]
- RESERVED
+CVE-2018-1048 (It was found that the AJP connector in undertow, as shipped in
Jboss ...)
- undertow <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1534343
TODO: check
-CVE-2018-1047 [Path traversal in ServletResourceManager class]
- RESERVED
+CVE-2018-1047 (A flaw was found in Wildfly 9.x. A path traversal vulnerability
...)
- undertow <undetermined>
NOTE: https://issues.jboss.org/browse/WFLY-9620
NOTE: https://developer.jboss.org/thread/276826
@@ -20389,8 +20644,8 @@ CVE-2017-15548 (An issue was discovered in EMC Avamar
Server 7.1.x, 7.2.x, 7.3.x
NOT-FOR-US: EMC Avamar Server
CVE-2017-15547
RESERVED
-CVE-2017-15546
- RESERVED
+CVE-2017-15546 (The Security Console in EMC RSA Authentication Manager 8.2 SP1
P6 and ...)
+ TODO: check
CVE-2017-15545
REJECTED
CVE-2017-15544
@@ -33581,14 +33836,14 @@ CVE-2017-11145 (In PHP before 5.6.31, 7.x before
7.0.21, and 7.1.x before 7.1.7,
NOTE: http://openwall.com/lists/oss-security/2017/07/10/6
CVE-2017-1000362 (The re-key admin monitor was introduced in Jenkins 1.498 and
...)
- jenkins <removed>
-CVE-2017-1000081
- REJECTED
-CVE-2017-1000080
- REJECTED
-CVE-2017-1000079
- REJECTED
-CVE-2017-1000078
- REJECTED
+CVE-2017-1000081 (Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated
upload of ...)
+ TODO: check
+CVE-2017-1000080 (Linux foundation ONOS 1.9.0 allows unauthenticated use of
websockets. ...)
+ TODO: check
+CVE-2017-1000079 (Linux foundation ONOS 1.9.0 is vulnerable to a DoS. ...)
+ TODO: check
+CVE-2017-1000078 (Linux foundation ONOS 1.9 is vulnerable to XSS in the
device. ...)
+ TODO: check
CVE-2017-1000077
REJECTED
CVE-2017-1000076
@@ -46328,6 +46583,7 @@ CVE-2017-7163 (An issue was discovered in certain Apple
products. macOS before .
CVE-2017-7162 (An issue was discovered in certain Apple products. iOS before
11.2 is ...)
NOT-FOR-US: Apple
CVE-2017-7161
+ RESERVED
- webkit2gtk 2.18.6-1 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2018-0002.html
NOTE: Not covered by security support
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d8c5dfb1f011ffe3884e2f86e9680b88b02564ed
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d8c5dfb1f011ffe3884e2f86e9680b88b02564ed
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
