Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
712d9cbc by security tracker role at 2018-01-26T09:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,29 @@
+CVE-2018-6324
+ RESERVED
+CVE-2018-6323 (The elf_object_p function in elfcode.h in the Binary File
Descriptor ...)
+ TODO: check
+CVE-2018-6322
+ RESERVED
+CVE-2018-6321
+ RESERVED
+CVE-2018-6320
+ RESERVED
+CVE-2018-6319
+ RESERVED
+CVE-2018-6318
+ RESERVED
+CVE-2018-6317
+ RESERVED
+CVE-2018-6316
+ RESERVED
+CVE-2018-6315 (The outputSWF_TEXT_RECORD function (util/outputscript.c) in
libming ...)
+ TODO: check
+CVE-2018-6314
+ RESERVED
+CVE-2018-6313 (Cross-site scripting (XSS) in WBCE CMS 1.3.1 allows remote ...)
+ TODO: check
+CVE-2016-10710 (Biscom Secure File Transfer (SFT) 5.0.1000 through 5.0.1048
does not ...)
+ TODO: check
CVE-2017-1000505 (In Jenkins Script Security Plugin version 1.36 and earlier,
users with ...)
NOT-FOR-US: Jenkins Script Security Plugin
CVE-2017-1000468
@@ -296,7 +322,7 @@ CVE-2018-6181
CVE-2018-6180
RESERVED
CVE-2018-1000017
- RESERVED
+ REJECTED
CVE-2017-1000475 (FreeSSHd 1.3.1 version is vulnerable to an Unquoted Path
Service ...)
NOT-FOR-US: FreeSSHd
CVE-2017-18075 (crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles
freeing ...)
@@ -2118,8 +2144,8 @@ CVE-2018-5449
RESERVED
CVE-2018-5448
RESERVED
-CVE-2018-5447
- RESERVED
+CVE-2018-5447 (An Improper Input Validation issue was discovered in Nari
PCS-9611 ...)
+ TODO: check
CVE-2018-5446
RESERVED
CVE-2018-5445 (A Path Traversal issue was discovered in Advantech
WebAccess/SCADA ...)
@@ -12323,8 +12349,8 @@ CVE-2018-1344
RESERVED
CVE-2018-1343
RESERVED
-CVE-2018-1342
- RESERVED
+CVE-2018-1342 (A Vulnerability exists on Admin Console where an attacker can
upload ...)
+ TODO: check
CVE-2018-1341
RESERVED
CVE-2017-17536 (Phabricator before 2017-11-10 does not block the --config and
...)
@@ -16657,62 +16683,43 @@ CVE-2017-1000405 (The Linux Kernel versions 2.6.38
through 4.14 have a problemat
NOTE: Fixed by:
https://git.kernel.org/linus/a8f97366452ed491d13cf1e44241bc0b5740b1f0
NOTE: http://www.openwall.com/lists/oss-security/2017/11/30/1
NOTE: https://github.com/bindecy/HugeDirtyCowPOC
-CVE-2017-1000404
- RESERVED
+CVE-2017-1000404 (The Jenkins Delivery Pipeline Plugin version 1.0.7 and
earlier used ...)
NOT-FOR-US: Jenkins plugin
-CVE-2017-1000403
- RESERVED
+CVE-2017-1000403 (Jenkins Speaks! Plugin, all current versions, allows users
with ...)
NOT-FOR-US: Jenkins plugin
-CVE-2017-1000402
- RESERVED
+CVE-2017-1000402 (Jenkins Swarm Plugin Client 3.4 and earlier bundled a
version of the ...)
NOT-FOR-US: Jenkins plugin
-CVE-2017-1000401
- RESERVED
+CVE-2017-1000401 (The Jenkins 2.73.1 and earlier, 2.83 and earlier default
form control ...)
NOT-FOR-US: Jenkins
-CVE-2017-1000400
- RESERVED
+CVE-2017-1000400 (The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API
at ...)
NOT-FOR-US: Jenkins
-CVE-2017-1000399
- RESERVED
+CVE-2017-1000399 (The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API
at ...)
NOT-FOR-US: Jenkins
-CVE-2017-1000398
- RESERVED
+CVE-2017-1000398 (The remote API in Jenkins 2.73.1 and earlier, 2.83 and
earlier at ...)
NOT-FOR-US: Jenkins
-CVE-2017-1000397
- RESERVED
+CVE-2017-1000397 (Jenkins Maven Plugin 2.17 and earlier bundled a version of
the ...)
NOT-FOR-US: Jenkins plugin
-CVE-2017-1000396
- RESERVED
+CVE-2017-1000396 (Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a
version of the ...)
NOT-FOR-US: Jenkins
-CVE-2017-1000395
- RESERVED
+CVE-2017-1000395 (Jenkins 2.73.1 and earlier, 2.83 and earlier provides
information ...)
NOT-FOR-US: Jenkins
-CVE-2017-1000394
- RESERVED
+CVE-2017-1000394 (Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a
version of the ...)
NOT-FOR-US: Jenkins
-CVE-2017-1000393
- RESERVED
+CVE-2017-1000393 (Jenkins 2.73.1 and earlier, 2.83 and earlier users with
permission to ...)
NOT-FOR-US: Jenkins
-CVE-2017-1000392
- RESERVED
+CVE-2017-1000392 (Jenkins 2.88 and earlier; 2.73.2 and earlier Autocompletion
...)
NOT-FOR-US: Jenkins
-CVE-2017-1000391
- RESERVED
+CVE-2017-1000391 (Jenkins versions 2.88 and earlier and 2.73.2 and earlier
stores ...)
NOT-FOR-US: Jenkins
-CVE-2017-1000390
- RESERVED
+CVE-2017-1000390 (Jenkins Multijob plugin version 1.25 and earlier did not
check ...)
NOT-FOR-US: Jenkins plugin
-CVE-2017-1000389
- RESERVED
+CVE-2017-1000389 (Some URLs provided by Jenkins global-build-stats plugin
version 1.4 ...)
NOT-FOR-US: Jenkins plugin
-CVE-2017-1000388
- RESERVED
+CVE-2017-1000388 (Jenkins Dependency Graph Viewer plugin 0.12 and earlier did
not ...)
NOT-FOR-US: Jenkins plugin
-CVE-2017-1000387
- RESERVED
+CVE-2017-1000387 (Jenkins Build-Publisher plugin version 1.21 and earlier
stores ...)
NOT-FOR-US: Jenkins plugin
-CVE-2017-1000386
- RESERVED
+CVE-2017-1000386 (Jenkins Active Choices plugin version 1.5.3 and earlier
allowed users ...)
NOT-FOR-US: Jenkins plugin
CVE-2017-16884 (Cross-site scripting (XSS) vulnerability in MistServer before
2.13 ...)
NOT-FOR-US: MistServer
@@ -20421,8 +20428,7 @@ CVE-2017-15705
RESERVED
CVE-2017-15704
REJECTED
-CVE-2017-15703
- RESERVED
+CVE-2017-15703 (Any authenticated user (valid client certificate but without
ACL ...)
NOT-FOR-US: Apache NiFi
CVE-2017-15702 (In Apache Qpid Broker-J 0.18 through 0.32, if the broker is
configured ...)
- qpid-java <itp> (bug #840131)
@@ -23884,10 +23890,10 @@ CVE-2017-14595 (In Joomla! before 3.8.0, a logic bug
in a SQL query could lead t
NOT-FOR-US: Joomla!
CVE-2017-14594 (The printable searchrequest issue resource in Atlassian Jira
before ...)
NOT-FOR-US: Atlassian Jira
-CVE-2017-14593
- RESERVED
-CVE-2017-14592
- RESERVED
+CVE-2017-14593 (Sourcetree for Windows had several argument and command
injection bugs ...)
+ TODO: check
+CVE-2017-14592 (Sourcetree for macOS had several argument and command
injection bugs ...)
+ TODO: check
CVE-2017-14591 (Atlassian Fisheye and Crucible versions less than 4.4.3 and
version ...)
NOT-FOR-US: Atlassian
CVE-2017-14590 (Bamboo did not check that the name of a branch in a Mercurial
...)
@@ -56791,8 +56797,8 @@ CVE-2017-3764 (A vulnerability was identified in Lenovo
XClarity Administrator (
NOT-FOR-US: Lenovo XClarity Administrator
CVE-2017-3763 (An attacker who obtains access to the location where the LXCA
file ...)
NOT-FOR-US: Lenovo LXCA
-CVE-2017-3762
- RESERVED
+CVE-2017-3762 (Sensitive data stored by Lenovo Fingerprint Manager Pro,
version ...)
+ TODO: check
CVE-2017-3761 (The Lenovo Service Framework Android application executes some
system ...)
NOT-FOR-US: Lenovo
CVE-2017-3760 (The Lenovo Service Framework Android application uses a set of
...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/712d9cbc0f45254e692f3d54357ce5535b357073
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/712d9cbc0f45254e692f3d54357ce5535b357073
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
