Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 4bcd2e22 by security tracker role at 2018-01-25T21:10:21+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,13 @@ +CVE-2017-1000505 (In Jenkins Script Security Plugin version 1.36 and earlier, users with ...) + TODO: check +CVE-2017-1000468 + REJECTED + TODO: check +CVE-2017-1000464 + REJECTED + TODO: check +CVE-2017-1000414 (ImpulseAdventure JPEGsnoop version 1.7.5 is vulnerable to a division ...) + TODO: check CVE-2018-6312 RESERVED CVE-2018-6311 @@ -817,8 +827,8 @@ CVE-2018-5999 (An issue was discovered in AsusWRT before 3.0.0.4.384_10007. In t NOT-FOR-US: AsusWRT CVE-2018-5998 RESERVED -CVE-2018-5997 - RESERVED +CVE-2018-5997 (An issue was discovered in the HTTP Server in RAVPower Filehub ...) + TODO: check CVE-2018-1000007 (libcurl 7.1 through 7.57.0 might accidentally leak authentication data ...) - curl 7.58.0-1 NOTE: https://curl.haxx.se/docs/adv_2018-b3bf.html @@ -873,8 +883,8 @@ CVE-2018-5975 RESERVED CVE-2018-5974 RESERVED -CVE-2018-5973 - RESERVED +CVE-2018-5973 (SQL Injection exists in Professional Local Directory Script 1.0 via ...) + TODO: check CVE-2018-5972 (SQL Injection exists in Classified Ads CMS Quickad 4.0 via the ...) NOT-FOR-US: Classified Ads CMS Quickad CVE-2018-5971 @@ -891,12 +901,12 @@ CVE-2018-5967 (Netis WF2419 V2.2.36123 devices allow XSS via the Description par NOT-FOR-US: Netis WF2419 V2.2.36123 devices CVE-2018-5966 RESERVED -CVE-2018-5965 - RESERVED -CVE-2018-5964 - RESERVED -CVE-2018-5963 - RESERVED +CVE-2018-5965 (CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via ...) + TODO: check +CVE-2018-5964 (CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via ...) + TODO: check +CVE-2018-5963 (CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/addbookmark.php via the ...) + TODO: check CVE-2018-5962 (index.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through ...) NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel CVE-2018-5961 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has ...) @@ -923,8 +933,8 @@ CVE-2016-10708 (sshd in OpenSSH before 7.4 allows remote attackers to cause a de - openssh 1:7.4p1-1 NOTE: https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737 NOTE: http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html -CVE-2018-5954 - RESERVED +CVE-2018-5954 (phpFreeChat 1.7 and earlier allows remote attackers to cause a denial ...) + TODO: check CVE-2018-5953 RESERVED CVE-2018-5952 @@ -1412,8 +1422,7 @@ CVE-2018-5750 RESERVED CVE-2018-5749 (install.php in Minecraft Servers List Lite before commit c1cd164 and ...) NOT-FOR-US: Minecraft Servers List Lite -CVE-2018-5748 [resource exhaustion via qemuMonitorIORead() method] - RESERVED +CVE-2018-5748 (qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of ...) - libvirt 4.0.0-1 (bug #887700) [stretch] - libvirt <no-dsa> (Minor issue) [jessie] - libvirt <no-dsa> (Minor issue) @@ -3671,12 +3680,12 @@ CVE-2018-4839 RESERVED CVE-2018-4838 RESERVED -CVE-2018-4837 - RESERVED -CVE-2018-4836 - RESERVED -CVE-2018-4835 - RESERVED +CVE-2018-4837 (A vulnerability has been identified in TeleControl Server Basic < ...) + TODO: check +CVE-2018-4836 (A vulnerability has been identified in TeleControl Server Basic < ...) + TODO: check +CVE-2018-4835 (A vulnerability has been identified in TeleControl Server Basic < ...) + TODO: check CVE-2018-4834 (A vulnerability has been identified in Desigo Automation Controllers ...) NOT-FOR-US: Desigo CVE-2018-4833 @@ -5773,7 +5782,7 @@ CVE-2017-1000458 (Bro before Bro v2.5.2 is vulnerable to an out of bounds write CVE-2017-1000457 (Cross-site scripting (XSS) vulnerability in Help.aspx in mojoPortal ...) NOT-FOR-US: mojoPortal CVE-2017-1000456 (freedesktop.org libpoppler 0.60.1 fails to validate boundaries in ...) - {DLA-1228-1} + {DSA-4097-1 DLA-1228-1} - poppler 0.61.1-2 NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=103116 NOTE: Fixed by: https://cgit.freedesktop.org/poppler/poppler/commit/?id=7ee9dadef37b20bca707a6b1e858e17d191e368b @@ -13426,8 +13435,8 @@ CVE-2018-1053 RESERVED CVE-2018-1052 RESERVED -CVE-2018-1051 - RESERVED +CVE-2018-1051 (It was found that the fix for CVE-2016-9606 in versions 3.0.22 and ...) + TODO: check CVE-2018-1050 RESERVED CVE-2018-1049 [automount: access to automounted volumes can lock up] @@ -21338,8 +21347,7 @@ CVE-2017-15367 RESERVED CVE-2017-15366 (Before Thornberry NDoc version 8.0, laptop clients and the server have ...) NOT-FOR-US: Thornberry NDoc -CVE-2017-15365 [Replication in sql/event_data_objects.cc occurs before ACL checks] - RESERVED +CVE-2017-15365 (sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before ...) - mariadb-10.2 <unfixed> (bug #884065) - mariadb-10.1 <unfixed> (bug #885345) - mariadb-10.0 <undetermined> @@ -22015,8 +22023,7 @@ CVE-2017-15134 [Remote DoS via search filters in slapi_filter_sprintf in slapd/u - 389-ds-base <unfixed> (bug #888452) CVE-2017-15133 RESERVED -CVE-2017-15132 [dovecot: auth client leaks memory if SASL authentication is aborted] - RESERVED +CVE-2017-15132 (A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of ...) - dovecot <unfixed> (bug #888432) NOTE: https://github.com/dovecot/core/commit/1a29ed2f96da1be22fa5a4d96c7583aa81b8b060.patch CVE-2017-15131 (It was found that system umask policy is not being honored when ...) @@ -54146,7 +54153,7 @@ CVE-2017-4964 (Cloud Foundry Foundation BOSH Azure CPI v22 could potentially all CVE-2017-4963 (An issue was discovered in Cloud Foundry Foundation Cloud Foundry ...) NOT-FOR-US: Cloud Foundry CVE-2017-4962 - RESERVED + REJECTED CVE-2017-4961 (An issue was discovered in Cloud Foundry Foundation BOSH Release 261.x ...) NOT-FOR-US: Cloud Foundry CVE-2017-4960 (An issue was discovered in Cloud Foundry release v247 through v252, UAA ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4bcd2e221f60a7ffd8fa43abc8fc052b345bdc6a --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4bcd2e221f60a7ffd8fa43abc8fc052b345bdc6a You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits