Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 02977357 by security tracker role at 2018-02-22T21:10:18+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,161 @@ +CVE-2018-7415 + RESERVED +CVE-2018-7414 + RESERVED +CVE-2018-7413 + RESERVED +CVE-2018-7412 + RESERVED +CVE-2018-7411 + RESERVED +CVE-2018-7410 + RESERVED +CVE-2018-7409 (In unixODBC before 2.3.5, there is a buffer overflow in the ...) + TODO: check +CVE-2018-7408 (An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked ...) + TODO: check +CVE-2018-7407 + RESERVED +CVE-2018-7406 + RESERVED +CVE-2018-7405 + RESERVED +CVE-2018-7404 + RESERVED +CVE-2018-7403 + RESERVED +CVE-2018-7402 + RESERVED +CVE-2018-7401 + RESERVED +CVE-2018-7400 + RESERVED +CVE-2018-7399 + RESERVED +CVE-2018-7398 + RESERVED +CVE-2018-7397 + RESERVED +CVE-2018-7396 + RESERVED +CVE-2018-7395 + RESERVED +CVE-2018-7394 + RESERVED +CVE-2018-7393 + RESERVED +CVE-2018-7392 + RESERVED +CVE-2018-7391 + RESERVED +CVE-2018-7390 + RESERVED +CVE-2018-7389 + RESERVED +CVE-2018-7388 + RESERVED +CVE-2018-7387 + RESERVED +CVE-2018-7386 + RESERVED +CVE-2018-7385 + RESERVED +CVE-2018-7384 + RESERVED +CVE-2018-7383 + RESERVED +CVE-2018-7382 + RESERVED +CVE-2018-7381 + RESERVED +CVE-2018-7380 + RESERVED +CVE-2018-7379 + RESERVED +CVE-2018-7378 + RESERVED +CVE-2018-7377 + RESERVED +CVE-2018-7376 + RESERVED +CVE-2018-7375 + RESERVED +CVE-2018-7374 + RESERVED +CVE-2018-7373 + RESERVED +CVE-2018-7372 + RESERVED +CVE-2018-7371 + RESERVED +CVE-2018-7370 + RESERVED +CVE-2018-7369 + RESERVED +CVE-2018-7368 + RESERVED +CVE-2018-7367 + RESERVED +CVE-2018-7366 + RESERVED +CVE-2018-7365 + RESERVED +CVE-2018-7364 + RESERVED +CVE-2018-7363 + RESERVED +CVE-2018-7362 + RESERVED +CVE-2018-7361 + RESERVED +CVE-2018-7360 + RESERVED +CVE-2018-7359 + RESERVED +CVE-2018-7358 + RESERVED +CVE-2018-7357 + RESERVED +CVE-2018-7356 + RESERVED +CVE-2018-7355 + RESERVED +CVE-2018-7354 + RESERVED +CVE-2018-7353 + RESERVED +CVE-2018-7352 + RESERVED +CVE-2018-7351 + RESERVED +CVE-2018-7350 + RESERVED +CVE-2018-7349 + RESERVED +CVE-2018-7348 + RESERVED +CVE-2018-7347 + RESERVED +CVE-2018-7346 + RESERVED +CVE-2018-7345 + RESERVED +CVE-2018-7344 + RESERVED +CVE-2018-7343 + RESERVED +CVE-2018-7342 + RESERVED +CVE-2018-7341 + RESERVED +CVE-2018-7340 + RESERVED +CVE-2018-7339 + RESERVED +CVE-2017-18194 (SQL injection vulnerability in users/signup.php in the "signup" ...) + TODO: check +CVE-2017-18193 (fs/f2fs/extent_cache.c in the Linux kernel before 4.13 mishandles ...) + TODO: check CVE-2018-XXXX [SA-CORE-2018-001: External link injection on 404 pages when linking to the current page] - drupal7 <unfixed> (bug #891154) NOTE: https://www.drupal.org/sa-core-2018-001 @@ -48,22 +206,22 @@ CVE-2018-7321 RESERVED CVE-2018-7320 RESERVED -CVE-2018-7319 - RESERVED -CVE-2018-7318 - RESERVED -CVE-2018-7317 - RESERVED -CVE-2018-7316 - RESERVED -CVE-2018-7315 - RESERVED -CVE-2018-7314 - RESERVED -CVE-2018-7313 - RESERVED -CVE-2018-7312 - RESERVED +CVE-2018-7319 (SQL Injection exists in the OS Property Real Estate 3.12.7 component ...) + TODO: check +CVE-2018-7318 (SQL Injection exists in the CheckList 1.1.1 component for Joomla! via ...) + TODO: check +CVE-2018-7317 (Backup Download exists in the Proclaim 9.1.1 component for Joomla! via ...) + TODO: check +CVE-2018-7316 (Arbitrary File Upload exists in the Proclaim 9.1.1 component for ...) + TODO: check +CVE-2018-7315 (SQL Injection exists in the Ek Rishta 2.9 component for Joomla! via the ...) + TODO: check +CVE-2018-7314 (SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! ...) + TODO: check +CVE-2018-7313 (SQL Injection exists in the CW Tags 2.0.6 component for Joomla! via the ...) + TODO: check +CVE-2018-7312 (SQL Injection exists in the Alexandria Book Library 3.1.2 component for ...) + TODO: check CVE-2018-7311 (** DISPUTED ** PrivateVPN 2.0.31 for macOS suffers from a root ...) NOT-FOR-US: PrivateVPN for macOS CVE-2018-7310 @@ -84,18 +242,18 @@ CVE-2018-7303 (The Calendar component in Tiki 17.1 allows HTML injection. ...) NOT-FOR-US: Tiki CVE-2018-7302 (Tiki 17.1 allows upload of a .PNG file that actually has SVG content, ...) NOT-FOR-US: Tiki -CVE-2018-7301 - RESERVED -CVE-2018-7300 - RESERVED -CVE-2018-7299 - RESERVED -CVE-2018-7298 - RESERVED -CVE-2018-7297 - RESERVED -CVE-2018-7296 - RESERVED +CVE-2018-7301 (eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC port ...) + TODO: check +CVE-2018-7300 (Directory Traversal / Arbitrary File Write / Remote Code Execution in ...) + TODO: check +CVE-2018-7299 (Remote Code Execution in the addon installation process in eQ-3 AG ...) + TODO: check +CVE-2018-7298 (In /usr/local/etc/config/addons/mh/loopupd.sh on eQ-3 AG HomeMatic ...) + TODO: check +CVE-2018-7297 (Remote Code Execution in the TCL script interpreter in eQ-3 AG ...) + TODO: check +CVE-2018-7296 (Directory Traversal / Arbitrary File Read in User.getLanguage method ...) + TODO: check CVE-2018-7295 RESERVED CVE-2018-7294 @@ -497,6 +655,7 @@ CVE-2018-7182 CVE-2018-7181 RESERVED CVE-2017-18190 (A localhost.localdomain whitelist entry in valid_host() in ...) + {DLA-1288-1} - cups 2.2.3-2 [stretch] - cups <no-dsa> (Minor issue, can be fixed via pu) [jessie] - cups <no-dsa> (Minor issue, can be fixed via pu) @@ -1225,8 +1384,8 @@ CVE-2018-6892 (An issue was discovered in CloudMe before 1.11.0. An unauthentica NOT-FOR-US: CloudMe CVE-2018-6891 (Bookly #1 WordPress Booking Plugin Lite before 14.5 has XSS via a ...) NOT-FOR-US: Bookly #1 WordPress Booking Plugin Lite -CVE-2018-6890 - RESERVED +CVE-2018-6890 (Cross-site scripting (XSS) vulnerability in Wolf CMS 0.8.3.1 via the ...) + TODO: check CVE-2018-6889 (An issue was discovered in Typesetter 5.1. It suffers from a Host ...) NOT-FOR-US: Typesetter CMS CVE-2018-6888 (An issue was discovered in Typesetter 5.1. The User Permissions page ...) @@ -4445,6 +4604,7 @@ CVE-2017-18034 (The source browse resource in Atlassian FishEye and Crucible bef CVE-2017-18033 (The Jira-importers-plugin in Atlassian Jira before version 7.6.1 ...) NOT-FOR-US: Jira-importers-plugin in Atlassian Jira CVE-2018-5750 (The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux ...) + {DSA-4120-1} - linux 4.15.4-1 NOTE: https://patchwork.kernel.org/patch/10174835/ CVE-2018-5749 (install.php in Minecraft Servers List Lite before commit c1cd164 and ...) @@ -14977,14 +15137,14 @@ CVE-2018-1419 RESERVED CVE-2018-1418 RESERVED -CVE-2018-1417 - RESERVED +CVE-2018-1417 (Under certain circumstances, a flaw in the J9 JVM (IBM Runtimes for ...) + TODO: check CVE-2018-1416 RESERVED -CVE-2018-1415 - RESERVED -CVE-2018-1414 - RESERVED +CVE-2018-1415 (IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. ...) + TODO: check +CVE-2018-1414 (IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to SQL ...) + TODO: check CVE-2018-1413 RESERVED CVE-2018-1412 @@ -15027,10 +15187,10 @@ CVE-2018-1394 RESERVED CVE-2018-1393 RESERVED -CVE-2018-1392 - RESERVED -CVE-2018-1391 - RESERVED +CVE-2018-1392 (IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for ...) + TODO: check +CVE-2018-1391 (IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for ...) + TODO: check CVE-2018-1390 RESERVED CVE-2018-1389 @@ -30939,6 +31099,7 @@ CVE-2017-13168 (An elevation of privilege vulnerability in the kernel scsi drive CVE-2017-13167 (An elevation of privilege vulnerability in the kernel sound timer. ...) NOT-FOR-US: Android kernel components (no source release, so apparently not present in mainline) CVE-2017-13166 (An elevation of privilege vulnerability in the kernel v4l2 video ...) + {DSA-4120-1} - linux 4.15.4-1 NOTE: https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13166.html NOTE: https://git.kernel.org/linus/a1dfb4c48cc1e64eeb7800a27c66a6f7e88d075a @@ -54114,7 +54275,7 @@ CVE-2017-5756 CVE-2017-5755 RESERVED CVE-2017-5754 (Systems with microprocessors utilizing speculative execution and ...) - {DSA-4082-1 DSA-4078-1 DLA-1232-1} + {DSA-4120-1 DSA-4082-1 DSA-4078-1 DLA-1232-1} - linux 4.14.12-1 - nvidia-graphics-drivers 384.111-1 (bug #886852) [stretch] - nvidia-graphics-drivers <no-dsa> (Non-free not supported) @@ -54224,6 +54385,7 @@ CVE-2017-5717 (Type Confusion in Content Protection HECI Service in Intel Graphi CVE-2017-5716 REJECTED CVE-2017-5715 (Systems with microprocessors utilizing speculative execution and ...) + {DSA-4120-1} - linux 4.14.17-1 NOTE: https://spectreattack.com/ NOTE: https://xenbits.xen.org/xsa/advisory-254.html @@ -56318,12 +56480,12 @@ CVE-2017-5253 RESERVED CVE-2017-5252 RESERVED -CVE-2017-5251 - RESERVED -CVE-2017-5250 - RESERVED -CVE-2017-5249 - RESERVED +CVE-2017-5251 (In version 1012 and prior of Insteon's Insteon Hub, the radio ...) + TODO: check +CVE-2017-5250 (In version 1.9.7 and prior of Insteon's Insteon for Hub Android app, ...) + TODO: check +CVE-2017-5249 (In version 6.1.0.19 and prior of Wink Labs's Wink - Smart Home Android ...) + TODO: check CVE-2017-5248 RESERVED CVE-2017-5247 (Biscom Secure File Transfer is vulnerable to cross-site scripting in ...) @@ -86449,7 +86611,7 @@ CVE-2016-4660 (An issue was discovered in certain Apple products. iOS before 10. NOT-FOR-US: Apple CVE-2016-4659 REJECTED -CVE-2016-4658 (libxml2 in Apple iOS before 10, OS X before 10.12, tvOS before 10, and ...) +CVE-2016-4658 (xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS ...) {DSA-3744-1 DLA-691-1} - libxml2 2.9.4+dfsg1-2.1 (bug #840553) NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/02977357c5272d1dcc03fe34054a46e7838033b9 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/02977357c5272d1dcc03fe34054a46e7838033b9 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits