[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Thu, 25 Jan 2018 13:10:51 -0800

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
4bcd2e22 by security tracker role at 2018-01-25T21:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,13 @@
+CVE-2017-1000505 (In Jenkins Script Security Plugin version 1.36 and earlier, 
users with ...)
+       TODO: check
+CVE-2017-1000468
+       REJECTED
+       TODO: check
+CVE-2017-1000464
+       REJECTED
+       TODO: check
+CVE-2017-1000414 (ImpulseAdventure JPEGsnoop version 1.7.5 is vulnerable to a 
division ...)
+       TODO: check
 CVE-2018-6312
        RESERVED
 CVE-2018-6311
@@ -817,8 +827,8 @@ CVE-2018-5999 (An issue was discovered in AsusWRT before 
3.0.0.4.384_10007. In t
        NOT-FOR-US: AsusWRT
 CVE-2018-5998
        RESERVED
-CVE-2018-5997
-       RESERVED
+CVE-2018-5997 (An issue was discovered in the HTTP Server in RAVPower Filehub 
...)
+       TODO: check
 CVE-2018-1000007 (libcurl 7.1 through 7.57.0 might accidentally leak 
authentication data ...)
        - curl 7.58.0-1
        NOTE: https://curl.haxx.se/docs/adv_2018-b3bf.html
@@ -873,8 +883,8 @@ CVE-2018-5975
        RESERVED
 CVE-2018-5974
        RESERVED
-CVE-2018-5973
-       RESERVED
+CVE-2018-5973 (SQL Injection exists in Professional Local Directory Script 1.0 
via ...)
+       TODO: check
 CVE-2018-5972 (SQL Injection exists in Classified Ads CMS Quickad 4.0 via the 
...)
        NOT-FOR-US: Classified Ads CMS Quickad
 CVE-2018-5971
@@ -891,12 +901,12 @@ CVE-2018-5967 (Netis WF2419 V2.2.36123 devices allow XSS 
via the Description par
        NOT-FOR-US: Netis WF2419 V2.2.36123 devices
 CVE-2018-5966
        RESERVED
-CVE-2018-5965
-       RESERVED
-CVE-2018-5964
-       RESERVED
-CVE-2018-5963
-       RESERVED
+CVE-2018-5965 (CMS Made Simple (CMSMS) 2.2.5 has XSS in 
admin/moduleinterface.php via ...)
+       TODO: check
+CVE-2018-5964 (CMS Made Simple (CMSMS) 2.2.5 has XSS in 
admin/moduleinterface.php via ...)
+       TODO: check
+CVE-2018-5963 (CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/addbookmark.php 
via the ...)
+       TODO: check
 CVE-2018-5962 (index.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel 
through ...)
        NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
 CVE-2018-5961 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 
v0.9.8.12 has ...)
@@ -923,8 +933,8 @@ CVE-2016-10708 (sshd in OpenSSH before 7.4 allows remote 
attackers to cause a de
        - openssh 1:7.4p1-1
        NOTE: 
https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737
        NOTE: http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html
-CVE-2018-5954
-       RESERVED
+CVE-2018-5954 (phpFreeChat 1.7 and earlier allows remote attackers to cause a 
denial ...)
+       TODO: check
 CVE-2018-5953
        RESERVED
 CVE-2018-5952
@@ -1412,8 +1422,7 @@ CVE-2018-5750
        RESERVED
 CVE-2018-5749 (install.php in Minecraft Servers List Lite before commit 
c1cd164 and ...)
        NOT-FOR-US: Minecraft Servers List Lite
-CVE-2018-5748 [resource exhaustion via qemuMonitorIORead() method]
-       RESERVED
+CVE-2018-5748 (qemu/qemu_monitor.c in libvirt allows attackers to cause a 
denial of ...)
        - libvirt 4.0.0-1 (bug #887700)
        [stretch] - libvirt <no-dsa> (Minor issue)
        [jessie] - libvirt <no-dsa> (Minor issue)
@@ -3671,12 +3680,12 @@ CVE-2018-4839
        RESERVED
 CVE-2018-4838
        RESERVED
-CVE-2018-4837
-       RESERVED
-CVE-2018-4836
-       RESERVED
-CVE-2018-4835
-       RESERVED
+CVE-2018-4837 (A vulnerability has been identified in TeleControl Server Basic 
&lt; ...)
+       TODO: check
+CVE-2018-4836 (A vulnerability has been identified in TeleControl Server Basic 
&lt; ...)
+       TODO: check
+CVE-2018-4835 (A vulnerability has been identified in TeleControl Server Basic 
&lt; ...)
+       TODO: check
 CVE-2018-4834 (A vulnerability has been identified in Desigo Automation 
Controllers ...)
        NOT-FOR-US: Desigo
 CVE-2018-4833
@@ -5773,7 +5782,7 @@ CVE-2017-1000458 (Bro before Bro v2.5.2 is vulnerable to 
an out of bounds write 
 CVE-2017-1000457 (Cross-site scripting (XSS) vulnerability in Help.aspx in 
mojoPortal ...)
        NOT-FOR-US: mojoPortal
 CVE-2017-1000456 (freedesktop.org libpoppler 0.60.1 fails to validate 
boundaries in ...)
-       {DLA-1228-1}
+       {DSA-4097-1 DLA-1228-1}
        - poppler 0.61.1-2
        NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=103116
        NOTE: Fixed by: 
https://cgit.freedesktop.org/poppler/poppler/commit/?id=7ee9dadef37b20bca707a6b1e858e17d191e368b
@@ -13426,8 +13435,8 @@ CVE-2018-1053
        RESERVED
 CVE-2018-1052
        RESERVED
-CVE-2018-1051
-       RESERVED
+CVE-2018-1051 (It was found that the fix for CVE-2016-9606 in versions 3.0.22 
and ...)
+       TODO: check
 CVE-2018-1050
        RESERVED
 CVE-2018-1049 [automount: access to automounted volumes can lock up]
@@ -21338,8 +21347,7 @@ CVE-2017-15367
        RESERVED
 CVE-2017-15366 (Before Thornberry NDoc version 8.0, laptop clients and the 
server have ...)
        NOT-FOR-US: Thornberry NDoc
-CVE-2017-15365 [Replication in sql/event_data_objects.cc occurs before ACL 
checks]
-       RESERVED
+CVE-2017-15365 (sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x 
before ...)
        - mariadb-10.2 <unfixed> (bug #884065)
        - mariadb-10.1 <unfixed> (bug #885345)
        - mariadb-10.0 <undetermined>
@@ -22015,8 +22023,7 @@ CVE-2017-15134 [Remote DoS via search filters in 
slapi_filter_sprintf in slapd/u
        - 389-ds-base <unfixed> (bug #888452)
 CVE-2017-15133
        RESERVED
-CVE-2017-15132 [dovecot: auth client leaks memory if SASL authentication is 
aborted]
-       RESERVED
+CVE-2017-15132 (A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An 
abort of ...)
        - dovecot <unfixed> (bug #888432)
        NOTE: 
https://github.com/dovecot/core/commit/1a29ed2f96da1be22fa5a4d96c7583aa81b8b060.patch
 CVE-2017-15131 (It was found that system umask policy is not being honored 
when ...)
@@ -54146,7 +54153,7 @@ CVE-2017-4964 (Cloud Foundry Foundation BOSH Azure CPI 
v22 could potentially all
 CVE-2017-4963 (An issue was discovered in Cloud Foundry Foundation Cloud 
Foundry ...)
        NOT-FOR-US: Cloud Foundry
 CVE-2017-4962
-       RESERVED
+       REJECTED
 CVE-2017-4961 (An issue was discovered in Cloud Foundry Foundation BOSH 
Release 261.x ...)
        NOT-FOR-US: Cloud Foundry
 CVE-2017-4960 (An issue was discovered in Cloud Foundry release v247 through 
v252, UAA ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4bcd2e221f60a7ffd8fa43abc8fc052b345bdc6a

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4bcd2e221f60a7ffd8fa43abc8fc052b345bdc6a
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to