Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e0b41caf by security tracker role at 2018-02-12T21:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,43 @@
+CVE-2018-6927 (The futex_requeue function in kernel/futex.c in the Linux
kernel before ...)
+ TODO: check
+CVE-2018-6926 (In app/Controller/ServersController.php in MISP 2.4.87, a
server ...)
+ TODO: check
+CVE-2018-6925
+ RESERVED
+CVE-2018-6924
+ RESERVED
+CVE-2018-6923
+ RESERVED
+CVE-2018-6922
+ RESERVED
+CVE-2018-6921
+ RESERVED
+CVE-2018-6920
+ RESERVED
+CVE-2018-6919
+ RESERVED
+CVE-2018-6918
+ RESERVED
+CVE-2018-6917
+ RESERVED
+CVE-2018-6916
+ RESERVED
+CVE-2018-6915
+ RESERVED
+CVE-2018-6914
+ RESERVED
+CVE-2018-1000063
+ RESERVED
+CVE-2017-18179 (Progress Sitefinity 9.1 uses wrap_access_token as a
non-expiring ...)
+ TODO: check
+CVE-2017-18178 (Authenticate/SWT in Progress Sitefinity 9.1 has an open
redirect issue ...)
+ TODO: check
+CVE-2017-18177 (Progress Sitefinity 9.1 has XSS via the Last name, First name,
and ...)
+ TODO: check
+CVE-2017-18176 (Progress Sitefinity 9.1 has XSS via file upload, because
JavaScript ...)
+ TODO: check
+CVE-2017-18175 (Progress Sitefinity 9.1 has XSS via the Content Management
Template ...)
+ TODO: check
CVE-2018-6913
RESERVED
CVE-2018-6912 (The decode_plane function in libavcodec/utvideodec.c in FFmpeg
through ...)
@@ -41,8 +81,8 @@ CVE-2018-6895
RESERVED
CVE-2018-6894
RESERVED
-CVE-2018-6893
- RESERVED
+CVE-2018-6893 (controllers/member/Api.php in dayrui FineCms 5.2.0 has SQL
Injection: a ...)
+ TODO: check
CVE-2018-6892 (An issue was discovered in CloudMe before 1.11.0. An
unauthenticated ...)
NOT-FOR-US: CloudMe
CVE-2018-6891 (Bookly #1 WordPress Booking Plugin Lite before 14.5 has XSS via
a ...)
@@ -690,6 +730,7 @@ CVE-2018-1000043 (Security Onion Solutions Squert version
1.0.1 through 1.6.7 co
CVE-2018-1000042 (Security Onion Solutions Squert version 1.3.0 through 1.6.7
contains a ...)
NOT-FOR-US: Security Onion Solutions Squert
CVE-2018-1000041 (GNOME librsvg version before commit ...)
+ {DLA-1278-1}
- librsvg 2.40.20-1
NOTE: Fixed by:
https://github.com/GNOME/librsvg/commit/4de19d9fdddf81773125b04a4defe1ffd0d3bfe0
CVE-2017-18174 (In the Linux kernel before 4.7, the amd_gpio_remove function
in ...)
@@ -895,22 +936,22 @@ CVE-2018-1000037
RESERVED
CVE-2018-1000036
RESERVED
-CVE-2018-1000035 (A heap-based buffer overflow exists in InfoZip UnZip version
<= 6.00 ...)
+CVE-2018-1000035 (A heap-based buffer overflow exists in Info-Zip UnZip
version <= 6.00 ...)
- unzip <unfixed> (bug #889838)
[stretch] - unzip <no-dsa> (Harmless crash, builds with fortified
source)
[jessie] - unzip <no-dsa> (Harmless crash, builds with fortified source)
[wheezy] - unzip <no-dsa> (Harmless crash, builds with fortified source)
NOTE:
https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html
-CVE-2018-1000034 (An out-of-bounds read exists in InfoZip UnZip version
6.10c22 that ...)
+CVE-2018-1000034 (An out-of-bounds read exists in Info-Zip UnZip version
6.10c22 that ...)
- unzip <not-affected> (Only affects 6.1c22)
NOTE:
https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html
-CVE-2018-1000033 (An out-of-bounds read exists in InfoZip UnZip version
6.10c22 that ...)
+CVE-2018-1000033 (An out-of-bounds read exists in Info-Zip UnZip version
6.10c22 that ...)
- unzip <not-affected> (Only affects 6.1c22)
NOTE:
https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html
-CVE-2018-1000032 (A heap-based buffer overflow exists in InfoZip UnZip version
6.10c22 ...)
+CVE-2018-1000032 (A heap-based buffer overflow exists in Info-Zip UnZip
version 6.10c22 ...)
- unzip <not-affected> (Only affects 6.1c22)
NOTE:
https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html
-CVE-2018-1000031 (A heap-based buffer overflow exists in InfoZip UnZip version
6.10c22 ...)
+CVE-2018-1000031 (A heap-based buffer overflow exists in Info-Zip UnZip
version 6.10c22 ...)
- unzip <not-affected> (Only affects 6.1c22)
NOTE:
https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html
CVE-2017-18123 (The call parameter of /lib/exe/ajax.php in DokuWiki through
2017-02-19e ...)
@@ -29548,64 +29589,45 @@ CVE-2017-13249
RESERVED
CVE-2017-13248
RESERVED
-CVE-2017-13247
- RESERVED
+CVE-2017-13247 (In the Pixel 2 bootloader, there is a missing permission check
which ...)
NOT-FOR-US: HTC Android components
-CVE-2017-13246
- RESERVED
+CVE-2017-13246 (A information disclosure vulnerability in the Upstream kernel
network ...)
NOT-FOR-US: Closed source network driver for Pixel phones
-CVE-2017-13245
- RESERVED
+CVE-2017-13245 (A elevation of privilege vulnerability in the Upstream kernel
audio ...)
NOT-FOR-US: Closed source audio driver for Pixel phones
-CVE-2017-13244
- RESERVED
+CVE-2017-13244 (A elevation of privilege vulnerability in the Upstream kernel
easel. ...)
NOT-FOR-US: Easel driver for Pixel phones
-CVE-2017-13243
- RESERVED
+CVE-2017-13243 (A information disclosure vulnerability in the Android system
(ui). ...)
NOT-FOR-US: Android
-CVE-2017-13242
- RESERVED
+CVE-2017-13242 (A information disclosure vulnerability in the Android system
...)
NOT-FOR-US: Android
-CVE-2017-13241
- RESERVED
+CVE-2017-13241 (A information disclosure vulnerability in the Android media
framework ...)
NOT-FOR-US: Android Media Framework
-CVE-2017-13240
- RESERVED
+CVE-2017-13240 (A information disclosure vulnerability in the Android
framework ...)
NOT-FOR-US: Android
-CVE-2017-13239
- RESERVED
+CVE-2017-13239 (A information disclosure vulnerability in the Android
framework (ui ...)
NOT-FOR-US: Android
-CVE-2017-13238
- RESERVED
+CVE-2017-13238 (In XBLRamDump mode, there is a debug feature that can be used
to dump ...)
NOT-FOR-US: HTC Android components
CVE-2017-13237
RESERVED
-CVE-2017-13236
- RESERVED
+CVE-2017-13236 (In the KeyStore service, there is a permissions bypass that
allows ...)
NOT-FOR-US: Android
-CVE-2017-13235
- RESERVED
+CVE-2017-13235 (A other vulnerability in the Android media framework (n/a).
Product: ...)
NOT-FOR-US: Android Media Framework
-CVE-2017-13234
- RESERVED
+CVE-2017-13234 (In DLSParser of the sonivox library, there is possible
resource ...)
NOT-FOR-US: Android Media Framework
-CVE-2017-13233
- RESERVED
+CVE-2017-13233 (In ihevcd_ctb_boundary_strength_pbslice of libhevc, there is
possible ...)
NOT-FOR-US: Android Media Framework
-CVE-2017-13232
- RESERVED
+CVE-2017-13232 (In audioserver, there is an out-of-bounds write due to a log
statement ...)
NOT-FOR-US: Android Media Framework
-CVE-2017-13231
- RESERVED
+CVE-2017-13231 (In libmediadrm, there is an out-of-bounds write due to
improper input ...)
NOT-FOR-US: Android Media Framework
-CVE-2017-13230
- RESERVED
+CVE-2017-13230 (In hevc codec, there is an out-of-bounds write due to an
incorrect ...)
NOT-FOR-US: Android Media Framework
-CVE-2017-13229
- RESERVED
+CVE-2017-13229 (A remote code execution vulnerability in the Android media
framework ...)
NOT-FOR-US: Android Media Framework
-CVE-2017-13228
- RESERVED
+CVE-2017-13228 (In function ih264d_ref_idx_reordering of libavc, there is an
...)
NOT-FOR-US: Android Media Framework
CVE-2017-13227
RESERVED
@@ -68454,10 +68476,10 @@ CVE-2016-9572
NOTE:
https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d
CVE-2016-9571
REJECTED
-CVE-2016-9570
- RESERVED
-CVE-2016-9569
- RESERVED
+CVE-2016-9570 (cb.exe in Carbon Black 5.1.1.60603 allows attackers to cause a
denial ...)
+ TODO: check
+CVE-2016-9569 (The cbstream.sys driver in Carbon Black 5.1.1.60603 allows
local users ...)
+ TODO: check
CVE-2016-9568
RESERVED
CVE-2016-9567 (The mDNIe system service on Samsung Mobile S7 devices with
M(6.0) ...)
@@ -71180,8 +71202,8 @@ CVE-2016-8743 (Apache HTTP Server, in all releases
prior to 2.2.32 and 2.4.25, w
NOTE: Affects: 2.2.0 to 2.4.23.
NOTE: Fixed in 2.4.25.
NOTE: For 2.2 preparation is done in
http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x-merge-http-strict/
-CVE-2016-8742
- RESERVED
+CVE-2016-8742 (The Windows installer that the Apache CouchDB team provides was
...)
+ TODO: check
CVE-2016-8741 (The Apache Qpid Broker for Java can be configured to use
different so ...)
- qpid-java <itp> (bug #840131)
CVE-2016-8740 (The mod_http2 module in the Apache HTTP Server 2.4.17 through
2.4.23, ...)
@@ -82299,8 +82321,8 @@ CVE-2016-5399 (The bzread function in ext/bz2/bz2.c in
PHP before 5.5.38, 5.6.x
NOTE: underlying bzip2 library is at fault.
CVE-2016-5398 (Cross-site scripting (XSS) vulnerability in Business Process
Editor in ...)
NOT-FOR-US: JBoss BPMS
-CVE-2016-5397
- RESERVED
+CVE-2016-5397 (The Apache Thrift Go client library exposed the potential
during code ...)
+ TODO: check
CVE-2016-5396 (Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK
Bomb ...)
- trafficserver 7.0.0-1
[wheezy] - trafficserver <not-affected> (Vulnerable code not present)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e0b41cafa3de278a1417db206a00358bd9cf18ce
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e0b41cafa3de278a1417db206a00358bd9cf18ce
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
