Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: d8c5dfb1 by security tracker role at 2018-01-25T09:10:15+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,14 +1,262 @@ -CVE-2018-6198 [insecure temporary files creation when ~/.w3m is unwritable] +CVE-2018-6312 + RESERVED +CVE-2018-6311 + RESERVED +CVE-2018-6310 + RESERVED +CVE-2018-6309 + RESERVED +CVE-2018-6308 (Multiple SQL injections exist in SugarCRM Community Edition 6.5.26 and ...) + TODO: check +CVE-2018-6307 + RESERVED +CVE-2018-6306 + RESERVED +CVE-2018-6305 + RESERVED +CVE-2018-6304 + RESERVED +CVE-2018-6303 + RESERVED +CVE-2018-6302 + RESERVED +CVE-2018-6301 + RESERVED +CVE-2018-6300 + RESERVED +CVE-2018-6299 + RESERVED +CVE-2018-6298 + RESERVED +CVE-2018-6297 + RESERVED +CVE-2018-6296 + RESERVED +CVE-2018-6295 + RESERVED +CVE-2018-6294 + RESERVED +CVE-2018-6293 + RESERVED +CVE-2018-6292 + RESERVED +CVE-2018-6291 + RESERVED +CVE-2018-6290 + RESERVED +CVE-2018-6289 + RESERVED +CVE-2018-6288 + RESERVED +CVE-2018-6287 + RESERVED +CVE-2018-6286 + RESERVED +CVE-2018-6285 + RESERVED +CVE-2018-6284 + RESERVED +CVE-2018-6283 + RESERVED +CVE-2018-6282 + RESERVED +CVE-2018-6281 + RESERVED +CVE-2018-6280 + RESERVED +CVE-2018-6279 + RESERVED +CVE-2018-6278 + RESERVED +CVE-2018-6277 + RESERVED +CVE-2018-6276 + RESERVED +CVE-2018-6275 + RESERVED +CVE-2018-6274 + RESERVED +CVE-2018-6273 + RESERVED +CVE-2018-6272 + RESERVED +CVE-2018-6271 + RESERVED +CVE-2018-6270 + RESERVED +CVE-2018-6269 + RESERVED +CVE-2018-6268 + RESERVED +CVE-2018-6267 + RESERVED +CVE-2018-6266 + RESERVED +CVE-2018-6265 + RESERVED +CVE-2018-6264 + RESERVED +CVE-2018-6263 + RESERVED +CVE-2018-6262 + RESERVED +CVE-2018-6261 + RESERVED +CVE-2018-6260 + RESERVED +CVE-2018-6259 + RESERVED +CVE-2018-6258 + RESERVED +CVE-2018-6257 + RESERVED +CVE-2018-6256 + RESERVED +CVE-2018-6255 + RESERVED +CVE-2018-6254 + RESERVED +CVE-2018-6253 + RESERVED +CVE-2018-6252 + RESERVED +CVE-2018-6251 + RESERVED +CVE-2018-6250 + RESERVED +CVE-2018-6249 + RESERVED +CVE-2018-6248 + RESERVED +CVE-2018-6247 + RESERVED +CVE-2018-6246 + RESERVED +CVE-2018-6245 + RESERVED +CVE-2018-6244 + RESERVED +CVE-2018-6243 + RESERVED +CVE-2018-6242 + RESERVED +CVE-2018-6241 + RESERVED +CVE-2018-6240 + RESERVED +CVE-2018-6239 + RESERVED +CVE-2018-6238 + RESERVED +CVE-2018-6237 + RESERVED +CVE-2018-6236 + RESERVED +CVE-2018-6235 + RESERVED +CVE-2018-6234 + RESERVED +CVE-2018-6233 + RESERVED +CVE-2018-6232 + RESERVED +CVE-2018-6231 + RESERVED +CVE-2018-6230 + RESERVED +CVE-2018-6229 + RESERVED +CVE-2018-6228 + RESERVED +CVE-2018-6227 + RESERVED +CVE-2018-6226 + RESERVED +CVE-2018-6225 + RESERVED +CVE-2018-6224 + RESERVED +CVE-2018-6223 + RESERVED +CVE-2018-6222 + RESERVED +CVE-2018-6221 + RESERVED +CVE-2018-6220 + RESERVED +CVE-2018-6219 + RESERVED +CVE-2018-6218 + RESERVED +CVE-2018-6217 (The WStr::_alloc_iostr_data() function in kso.dll in Kingsoft WPS ...) + TODO: check +CVE-2018-6216 + RESERVED +CVE-2018-6215 + RESERVED +CVE-2018-6214 + RESERVED +CVE-2018-6213 + RESERVED +CVE-2018-6212 + RESERVED +CVE-2018-6211 + RESERVED +CVE-2018-6210 + RESERVED +CVE-2018-6209 (In Max Secure Anti Virus 19.0.3.019,, the driver file (MaxCryptMon.sys) ...) + TODO: check +CVE-2018-6208 (In Max Secure Anti Virus 19.0.3.019,, the driver file ...) + TODO: check +CVE-2018-6207 (In Max Secure Anti Virus 19.0.3.019,, the driver file ...) + TODO: check +CVE-2018-6206 (In Max Secure Anti Virus 19.0.3.019,, the driver file ...) + TODO: check +CVE-2018-6205 (In Max Secure Anti Virus 19.0.3.019,, the driver file ...) + TODO: check +CVE-2018-6204 (In Max Secure Anti Virus 19.0.3.019,, the driver file (SDActMon.sys) ...) + TODO: check +CVE-2018-6203 (In eScan Antivirus 14.0.1400.2029, the driver file (econceal.sys) ...) + TODO: check +CVE-2018-6202 (In eScan Antivirus 14.0.1400.2029, the driver file (econceal.sys) ...) + TODO: check +CVE-2018-6201 (In eScan Antivirus 14.0.1400.2029, the driver file (econceal.sys) ...) + TODO: check +CVE-2018-6200 (vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect via the ...) + TODO: check +CVE-2018-6199 + RESERVED +CVE-2018-6195 + RESERVED +CVE-2018-6194 + RESERVED +CVE-2018-6193 (A Cross-Site Scripting (XSS) vulnerability was found in Routers2 2.24, ...) + TODO: check +CVE-2018-6192 (In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in ...) + TODO: check +CVE-2018-6191 (The js_strtod function in jsdtoa.c in Artifex MuJS through 1.0.2 has an ...) + TODO: check +CVE-2018-6190 (Netis WF2419 V3.2.41381 devices allow XSS via the Description field on ...) + TODO: check +CVE-2017-1000504 (A race condition during Jenkins 2.94 and earlier; 2.89.1 and earlier ...) + TODO: check +CVE-2017-1000503 (A race condition during Jenkins 2.81 through 2.94 (inclusive); 2.89.1 ...) + TODO: check +CVE-2017-1000502 (Users with permission to create or configure agents in Jenkins 1.37 ...) + TODO: check +CVE-2017-1000474 (Soyket Chowdhury Vehicle Sales Management System version 2017-07-30 is ...) + TODO: check +CVE-2018-6198 (w3m through 0.5.3 does not properly handle temporary files when the ...) - w3m <unfixed> (bug #888097; unimportant) NOTE: https://github.com/tats/w3m/commit/18dcbadf2771cdb0c18509b14e4e73505b242753 NOTE: Neutralised by kernel hardening -CVE-2018-6197 [segv in columnPos] +CVE-2018-6197 (w3m through 0.5.3 is prone to a NULL pointer dereference flaw in ...) - w3m <unfixed> [stretch] - w3m <no-dsa> (Minor issue) [jessie] - w3m <no-dsa> (Minor issue) NOTE: https://github.com/tats/w3m/issues/89 NOTE: https://github.com/tats/w3m/commit/7fdc83b0364005a0b5ed869230dd81752ba022e8 -CVE-2018-6196 [infinite recursion in HTMLlineproc0] +CVE-2018-6196 (w3m through 0.5.3 is prone to an infinite recursion flaw in ...) - w3m <unfixed> [stretch] - w3m <no-dsa> (Minor issue) [jessie] - w3m <no-dsa> (Minor issue) @@ -495,8 +743,7 @@ CVE-2018-5998 RESERVED CVE-2018-5997 RESERVED -CVE-2018-1000007 [HTTP authentication leak in redirects] - RESERVED +CVE-2018-1000007 (libcurl 7.1 through 7.57.0 might accidentally leak authentication data ...) - curl 7.58.0-1 NOTE: https://curl.haxx.se/docs/adv_2018-b3bf.html NOTE: Patch: https://github.com/curl/curl/commit/af32cd3859336ab.patch @@ -562,8 +809,8 @@ CVE-2018-5968 (FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 - jackson-databind <unfixed> (bug #888316) NOTE: https://github.com/FasterXML/jackson-databind/issues/1899 NOTE: https://github.com/FasterXML/jackson-databind/commit/038b471e2efde2e8f96b4e0be958d3e5a1ff1d05 -CVE-2018-5967 - RESERVED +CVE-2018-5967 (Netis WF2419 V2.2.36123 devices allow XSS via the Description parameter ...) + TODO: check CVE-2018-5966 RESERVED CVE-2018-5965 @@ -911,8 +1158,8 @@ CVE-2018-5801 RESERVED CVE-2018-5800 RESERVED -CVE-2018-1000006 - RESERVED +CVE-2018-1000006 (GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, ...) + TODO: check CVE-2018-5799 RESERVED CVE-2018-5798 @@ -1045,8 +1292,8 @@ CVE-2018-5761 (A man-in-the-middle vulnerability related to vCenter access was f NOT-FOR-US: Rubrik CDM CVE-2018-5760 RESERVED -CVE-2018-5759 - RESERVED +CVE-2018-5759 (jsparse.c in Artifex MuJS through 1.0.2 does not properly maintain the ...) + TODO: check CVE-2018-5758 RESERVED CVE-2018-5757 @@ -1131,8 +1378,7 @@ CVE-2018-5733 RESERVED CVE-2018-5732 RESERVED -CVE-2018-1000005 [HTTP/2 trailer out-of-bounds read] - RESERVED +CVE-2018-1000005 (libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in ...) - curl 7.58.0-1 [jessie] - curl <not-affected> (Vulnerable code introduce later) [wheezy] - curl <not-affected> (Vulnerable code introduce later) @@ -1788,12 +2034,12 @@ CVE-2018-5447 RESERVED CVE-2018-5446 RESERVED -CVE-2018-5445 - RESERVED +CVE-2018-5445 (A Path Traversal issue was discovered in Advantech WebAccess/SCADA ...) + TODO: check CVE-2018-5444 RESERVED -CVE-2018-5443 - RESERVED +CVE-2018-5443 (A SQL Injection issue was discovered in Advantech WebAccess/SCADA ...) + TODO: check CVE-2018-5442 RESERVED CVE-2018-5441 @@ -2588,6 +2834,7 @@ CVE-2018-5118 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5118 CVE-2018-5117 RESERVED + {DSA-4096-1 DLA-1256-1} - firefox 58.0-1 - firefox-esr 52.6.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5117 @@ -2642,18 +2889,21 @@ CVE-2018-5105 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5105 CVE-2018-5104 RESERVED + {DSA-4096-1 DLA-1256-1} - firefox 58.0-1 - firefox-esr 52.6.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5104 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5104 CVE-2018-5103 RESERVED + {DSA-4096-1 DLA-1256-1} - firefox 58.0-1 - firefox-esr 52.6.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5103 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5103 CVE-2018-5102 RESERVED + {DSA-4096-1 DLA-1256-1} - firefox 58.0-1 - firefox-esr 52.6.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5102 @@ -2668,28 +2918,33 @@ CVE-2018-5100 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5100 CVE-2018-5099 RESERVED + {DSA-4096-1 DLA-1256-1} - firefox 58.0-1 - firefox-esr 52.6.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5099 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5099 CVE-2018-5098 RESERVED + {DSA-4096-1 DLA-1256-1} - firefox 58.0-1 - firefox-esr 52.6.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5098 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5098 CVE-2018-5097 RESERVED + {DSA-4096-1 DLA-1256-1} - firefox 58.0-1 - firefox-esr 52.6.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5097 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5097 CVE-2018-5096 RESERVED + {DSA-4096-1 DLA-1256-1} - firefox-esr 52.6.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5096 CVE-2018-5095 RESERVED + {DSA-4096-1 DLA-1256-1} - firefox 58.0-1 - firefox-esr 52.6.0esr-1 - skia <itp> (bug #818180) @@ -2709,6 +2964,7 @@ CVE-2018-5092 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5092 CVE-2018-5091 RESERVED + {DSA-4096-1 DLA-1256-1} - firefox 58.0-1 - firefox-esr 52.6.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5091 @@ -2719,6 +2975,7 @@ CVE-2018-5090 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5090 CVE-2018-5089 RESERVED + {DSA-4096-1 DLA-1256-1} - firefox 58.0-1 - firefox-esr 52.6.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5089 @@ -13095,13 +13352,11 @@ CVE-2018-1049 [automount: access to automounted volumes can lock up] NOTE: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1709649 NOTE: https://github.com/systemd/systemd/pull/5916 NOTE: https://github.com/systemd/systemd/commit/e7d54bf58789545a9eb0b3964233defa0b007318 -CVE-2018-1048 [ALLOW_ENCODED_SLASH option not taken into account in the AjpRequestParser] - RESERVED +CVE-2018-1048 (It was found that the AJP connector in undertow, as shipped in Jboss ...) - undertow <undetermined> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1534343 TODO: check -CVE-2018-1047 [Path traversal in ServletResourceManager class] - RESERVED +CVE-2018-1047 (A flaw was found in Wildfly 9.x. A path traversal vulnerability ...) - undertow <undetermined> NOTE: https://issues.jboss.org/browse/WFLY-9620 NOTE: https://developer.jboss.org/thread/276826 @@ -20389,8 +20644,8 @@ CVE-2017-15548 (An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x NOT-FOR-US: EMC Avamar Server CVE-2017-15547 RESERVED -CVE-2017-15546 - RESERVED +CVE-2017-15546 (The Security Console in EMC RSA Authentication Manager 8.2 SP1 P6 and ...) + TODO: check CVE-2017-15545 REJECTED CVE-2017-15544 @@ -33581,14 +33836,14 @@ CVE-2017-11145 (In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, NOTE: http://openwall.com/lists/oss-security/2017/07/10/6 CVE-2017-1000362 (The re-key admin monitor was introduced in Jenkins 1.498 and ...) - jenkins <removed> -CVE-2017-1000081 - REJECTED -CVE-2017-1000080 - REJECTED -CVE-2017-1000079 - REJECTED -CVE-2017-1000078 - REJECTED +CVE-2017-1000081 (Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of ...) + TODO: check +CVE-2017-1000080 (Linux foundation ONOS 1.9.0 allows unauthenticated use of websockets. ...) + TODO: check +CVE-2017-1000079 (Linux foundation ONOS 1.9.0 is vulnerable to a DoS. ...) + TODO: check +CVE-2017-1000078 (Linux foundation ONOS 1.9 is vulnerable to XSS in the device. ...) + TODO: check CVE-2017-1000077 REJECTED CVE-2017-1000076 @@ -46328,6 +46583,7 @@ CVE-2017-7163 (An issue was discovered in certain Apple products. macOS before . CVE-2017-7162 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) NOT-FOR-US: Apple CVE-2017-7161 + RESERVED - webkit2gtk 2.18.6-1 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2018-0002.html NOTE: Not covered by security support View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d8c5dfb1f011ffe3884e2f86e9680b88b02564ed --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d8c5dfb1f011ffe3884e2f86e9680b88b02564ed You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits