Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 615d1353 by security tracker role at 2018-02-08T09:10:19+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,37 @@ +CVE-2018-6844 (MyBB 1.8.14 has XSS via the Title or Description field on the Edit ...) + TODO: check +CVE-2018-6843 + RESERVED +CVE-2018-6842 + RESERVED +CVE-2018-6841 + RESERVED +CVE-2018-6840 + RESERVED +CVE-2018-6839 + RESERVED +CVE-2018-6838 + RESERVED +CVE-2018-6837 + RESERVED +CVE-2018-6836 (The netmonrec_comment_destroy function in wiretap/netmon.c in Wireshark ...) + TODO: check +CVE-2018-6835 (node/hooks/express/apicalls.js in Etherpad Lite before v1.6.3 ...) + TODO: check +CVE-2018-6834 (static/js/pad_utils.js in Etherpad Lite before v1.6.3 has XSS via ...) + TODO: check +CVE-2018-6833 + RESERVED +CVE-2018-6832 + RESERVED +CVE-2018-6831 + RESERVED +CVE-2018-6830 + RESERVED +CVE-2018-6829 (cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt ...) + TODO: check +CVE-2018-6828 + RESERVED CVE-2018-6827 RESERVED CVE-2018-6826 @@ -61,10 +95,10 @@ CVE-2018-6798 RESERVED CVE-2018-6797 RESERVED -CVE-2018-6796 - RESERVED -CVE-2018-6795 - RESERVED +CVE-2018-6796 (PHP Scripts Mall Multilanguage Real Estate MLM Script 3.0 has Stored ...) + TODO: check +CVE-2018-6795 (PHP Scripts Mall Naukri Clone Script 3.0.3 has Stored XSS via every ...) + TODO: check CVE-2018-6794 (Suricata before 4.1 is prone to an HTTP detection bypass vulnerability ...) - suricata <unfixed> (bug #889842) NOTE: https://redmine.openinfosecfoundation.org/issues/2427 @@ -369,8 +403,8 @@ CVE-2018-6657 RESERVED CVE-2018-6656 (Z-BlogPHP 1.5.1 has CSRF via zb_users/plugin/AppCentre/app_del.php, as ...) NOT-FOR-US: Z-BlogPHP -CVE-2018-6655 - RESERVED +CVE-2018-6655 (PHP Scripts Mall Doctor Search Script 1.0.2 has Stored XSS via an ...) + TODO: check CVE-2018-6654 (The Grammarly extension before 2018-02-02 for Chrome allows remote ...) TODO: check CVE-2018-6653 @@ -635,6 +669,7 @@ CVE-2018-6598 CVE-2018-6597 RESERVED CVE-2018-6596 (webhooks/base.py in Anymail (aka django-anymail) before 1.2.1 is prone ...) + {DSA-4107-1} - django-anymail 1.3-1 (bug #889450) NOTE: https://github.com/anymail/django-anymail/commit/db586ede1fbb41dce21310ea28ae15a1cf1286c5 (v1.3) NOTE: https://github.com/anymail/django-anymail/commit/c07998304b4a31df4c61deddcb03d3607a04691b (v1.2.x-branch) @@ -723,8 +758,8 @@ CVE-2018-6576 (SQL Injection exists in Event Manager 1.0 via the event.php id .. NOT-FOR-US: Event Manager CVE-2018-6575 (SQL Injection exists in the JEXTN Classified 1.0.0 component for ...) NOT-FOR-US: JEXTN Membership component for Joomla! -CVE-2018-6574 - RESERVED +CVE-2018-6574 (Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before ...) + TODO: check CVE-2018-6573 RESERVED CVE-2018-6572 @@ -17907,62 +17942,62 @@ CVE-2018-0142 RESERVED CVE-2018-0141 RESERVED -CVE-2018-0140 - RESERVED +CVE-2018-0140 (A vulnerability in the spam quarantine of Cisco Email Security ...) + TODO: check CVE-2018-0139 RESERVED -CVE-2018-0138 - RESERVED -CVE-2018-0137 - RESERVED +CVE-2018-0138 (A vulnerability in the detection engine of Cisco Firepower System ...) + TODO: check +CVE-2018-0137 (A vulnerability in the TCP throttling process of Cisco Prime Network ...) + TODO: check CVE-2018-0136 (A vulnerability in the IPv6 subsystem of Cisco IOS XR Software Release ...) NOT-FOR-US: Cisco -CVE-2018-0135 - RESERVED -CVE-2018-0134 - RESERVED +CVE-2018-0135 (A vulnerability in Cisco Unified Communications Manager could allow an ...) + TODO: check +CVE-2018-0134 (A vulnerability in the RADIUS authentication module of Cisco Policy ...) + TODO: check CVE-2018-0133 RESERVED -CVE-2018-0132 - RESERVED +CVE-2018-0132 (A vulnerability in the forwarding information base (FIB) code of Cisco ...) + TODO: check CVE-2018-0131 RESERVED CVE-2018-0130 RESERVED -CVE-2018-0129 - RESERVED -CVE-2018-0128 - RESERVED -CVE-2018-0127 - RESERVED +CVE-2018-0129 (A vulnerability in the web-based management interface of Cisco Data ...) + TODO: check +CVE-2018-0128 (A vulnerability in the web-based management interface of Cisco Data ...) + TODO: check +CVE-2018-0127 (A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N ...) + TODO: check CVE-2018-0126 RESERVED -CVE-2018-0125 - RESERVED +CVE-2018-0125 (A vulnerability in the web interface of the Cisco RV132W ADSL2+ ...) + TODO: check CVE-2018-0124 RESERVED -CVE-2018-0123 - RESERVED -CVE-2018-0122 - RESERVED +CVE-2018-0123 (A Path Traversal vulnerability in the diagnostic shell for Cisco IOS ...) + TODO: check +CVE-2018-0122 (A vulnerability in the CLI of the Cisco StarOS operating system for ...) + TODO: check CVE-2018-0121 RESERVED -CVE-2018-0120 - RESERVED -CVE-2018-0119 - RESERVED +CVE-2018-0120 (A vulnerability in the web framework of Cisco Unified Communications ...) + TODO: check +CVE-2018-0119 (A vulnerability in certain authentication controls in the account ...) + TODO: check CVE-2018-0118 (A vulnerability in the web-based management interface of Cisco Unified ...) NOT-FOR-US: Cisco -CVE-2018-0117 - RESERVED -CVE-2018-0116 - RESERVED +CVE-2018-0117 (A vulnerability in the ingress packet processing functionality of the ...) + TODO: check +CVE-2018-0116 (A vulnerability in the RADIUS authentication module of Cisco Policy ...) + TODO: check CVE-2018-0115 (A vulnerability in the CLI of the Cisco StarOS operating system for ...) NOT-FOR-US: Cisco CVE-2018-0114 (A vulnerability in the Cisco node-jose open source library before ...) NOT-FOR-US: Cisco node-jose -CVE-2018-0113 - RESERVED +CVE-2018-0113 (A vulnerability in an operations script of Cisco UCS Central could ...) + TODO: check CVE-2018-0112 RESERVED CVE-2018-0111 (A vulnerability in Cisco WebEx Meetings Server could allow an ...) @@ -22925,8 +22960,8 @@ CVE-2017-15402 RESERVED CVE-2017-15401 RESERVED -CVE-2017-15400 - RESERVED +CVE-2017-15400 (Insufficient restriction of IPP filters in CUPS in Google Chrome OS ...) + TODO: check CVE-2017-15399 RESERVED {DSA-4024-1} @@ -22941,8 +22976,8 @@ CVE-2017-15398 - chromium-browser 62.0.3202.89-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-15397 - RESERVED +CVE-2017-15397 (Inappropriate implementation in ChromeVox in Google Chrome OS prior to ...) + TODO: check CVE-2017-15396 RESERVED {DSA-4020-1} @@ -22951,62 +22986,52 @@ CVE-2017-15396 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) - libv8 <unfixed> (unimportant) NOTE: libv8 not covered by security support -CVE-2017-15395 - RESERVED +CVE-2017-15395 (A use after free in Blink in Google Chrome prior to 62.0.3202.62 ...) {DSA-4020-1} - chromium-browser 62.0.3202.75-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-15394 - RESERVED +CVE-2017-15394 (Insufficient Policy Enforcement in Extensions in Google Chrome prior to ...) {DSA-4020-1} - chromium-browser 62.0.3202.75-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-15393 - RESERVED +CVE-2017-15393 (Insufficient Policy Enforcement in Devtools remote debugging in Google ...) {DSA-4020-1} - chromium-browser 62.0.3202.75-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-15392 - RESERVED +CVE-2017-15392 (Insufficient data validation in V8 in Google Chrome prior to ...) {DSA-4020-1} - chromium-browser 62.0.3202.75-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-15391 - RESERVED +CVE-2017-15391 (Insufficient Policy Enforcement in Extensions in Google Chrome prior to ...) {DSA-4020-1} - chromium-browser 62.0.3202.75-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-15390 - RESERVED +CVE-2017-15390 (Insufficient Policy Enforcement in Omnibox in Google Chrome prior to ...) {DSA-4020-1} - chromium-browser 62.0.3202.75-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-15389 - RESERVED +CVE-2017-15389 (An insufficient watchdog timer in navigation in Google Chrome prior to ...) {DSA-4020-1} - chromium-browser 62.0.3202.75-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-15388 - RESERVED +CVE-2017-15388 (Iteration through non-finite points in Skia in Google Chrome prior to ...) {DSA-4020-1} - chromium-browser 62.0.3202.75-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-15387 - RESERVED +CVE-2017-15387 (Insufficient enforcement of Content Security Policy in Blink in Google ...) {DSA-4020-1} - chromium-browser 62.0.3202.75-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-15386 - RESERVED +CVE-2017-15386 (Incorrect implementation in Blink in Google Chrome prior to ...) {DSA-4020-1} - chromium-browser 62.0.3202.75-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) @@ -55206,26 +55231,22 @@ CVE-2017-5135 (Certain Technicolor devices have an SNMP access-control bypass, . NOT-FOR-US: Technicolor CVE-2017-5134 RESERVED -CVE-2017-5133 - RESERVED +CVE-2017-5133 (Off-by-one read/write on the heap in Blink in Google Chrome prior to ...) {DSA-4020-1} - chromium-browser 62.0.3202.75-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5132 - RESERVED +CVE-2017-5132 (Inappropriate implementation in V8 in Google Chrome prior to ...) {DSA-4020-1} - chromium-browser 62.0.3202.75-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5131 - RESERVED +CVE-2017-5131 (An integer overflow in Skia in Google Chrome prior to 62.0.3202.62 ...) {DSA-4020-1} - chromium-browser 62.0.3202.75-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5130 - RESERVED +CVE-2017-5130 (An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in ...) {DLA-1188-1} - libxml2 2.9.4+dfsg1-5.1 (bug #880000) [stretch] - libxml2 <no-dsa> (Minor issue) @@ -55238,38 +55259,32 @@ CVE-2017-5130 NOTE: with --maxmem. Similar issue for xmlMallocLoc and xmlReallocLoc. NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=897dffbae322b46b83f99a607d527058a72c51ed NOTE: Needs follow up: https://git.gnome.org/browse/libxml2/commit/?id=ed48d65b4d6c5cec7be035ad5eebeba873b4b955 -CVE-2017-5129 - RESERVED +CVE-2017-5129 (A use after free in WebAudio in Blink in Google Chrome prior to ...) {DSA-4020-1} - chromium-browser 62.0.3202.75-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5128 - RESERVED +CVE-2017-5128 (Heap buffer overflow in Blink in Google Chrome prior to 62.0.3202.62 ...) {DSA-4020-1} - chromium-browser 62.0.3202.75-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5127 - RESERVED +CVE-2017-5127 (Use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed ...) {DSA-4020-1} - chromium-browser 62.0.3202.75-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5126 - RESERVED +CVE-2017-5126 (A use after free in PDFium in Google Chrome prior to 62.0.3202.62 ...) {DSA-4020-1} - chromium-browser 62.0.3202.75-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5125 - RESERVED +CVE-2017-5125 (Heap buffer overflow in Skia in Google Chrome prior to 62.0.3202.62 ...) {DSA-4020-1} - chromium-browser 62.0.3202.75-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2017-5124 - RESERVED +CVE-2017-5124 (Incorrect application of sandboxing in Blink in Google Chrome prior to ...) {DSA-4020-1} - chromium-browser 62.0.3202.75-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/615d1353a57c42845a00f7be92c9b127ab4e73bc --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/615d1353a57c42845a00f7be92c9b127ab4e73bc You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits