Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: e6800e5d by Moritz Muehlenhoff at 2018-02-28T18:46:08+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -36584,13 +36584,13 @@ CVE-2017-11636 (GraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage() - graphicsmagick 1.3.26-4 (bug #870149) NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/39961adf974c CVE-2017-11635 (An issue was discovered on Wireless IP Camera 360 devices. Attackers ...) - TODO: check + NOT-FOR-US: Wireless IP Camera 360 devices CVE-2017-11634 (An issue was discovered on Wireless IP Camera 360 devices. Remote ...) - TODO: check + NOT-FOR-US: Wireless IP Camera 360 devices CVE-2017-11633 (An issue was discovered on Wireless IP Camera 360 devices. Remote ...) - TODO: check + NOT-FOR-US: Wireless IP Camera 360 devices CVE-2017-11632 (An issue was discovered on Wireless IP Camera 360 devices. A root ...) - TODO: check + NOT-FOR-US: Wireless IP Camera 360 devices CVE-2017-11631 (dapur/app/app_user/controller/status.php in Fiyo CMS 2.0.7 has SQL ...) NOT-FOR-US: Fiyo CMS CVE-2017-11630 (dapur\apps\app_config\controller\backuper.php in Fiyo CMS 2.0.7 allows ...) @@ -41055,7 +41055,7 @@ CVE-2017-10303 (Vulnerability in the Oracle Interaction Center Intelligence comp CVE-2017-10302 (Vulnerability in the Siebel UI Framework component of Oracle Siebel ...) NOT-FOR-US: Oracle CVE-2017-10301 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub ...) - TODO: check + NOT-FOR-US: Oracle CVE-2017-10300 (Vulnerability in the Siebel CRM Desktop component of Oracle Siebel CRM ...) NOT-FOR-US: Oracle CVE-2017-10299 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...) @@ -41118,7 +41118,7 @@ CVE-2017-10283 (Vulnerability in the MySQL Server component of Oracle MySQL ...) - mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7) NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL CVE-2017-10282 (Vulnerability in the Core RDBMS component of Oracle Database Server. ...) - TODO: check + NOT-FOR-US: Oracle CVE-2017-10281 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...) {DSA-4048-1 DSA-4015-1 DLA-1187-1} - openjdk-9 9.0.1+11-1 @@ -41155,7 +41155,7 @@ CVE-2017-10274 (Vulnerability in the Java SE component of Oracle Java SE ...) - openjdk-6 <removed> [wheezy] - openjdk-6 <end-of-life> CVE-2017-10273 (Vulnerability in the Oracle JDeveloper component of Oracle Fusion ...) - TODO: check + NOT-FOR-US: Oracle CVE-2017-10272 (Vulnerability in the Oracle Tuxedo component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2017-10271 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...) @@ -41185,7 +41185,7 @@ CVE-2017-10264 (Vulnerability in the Siebel UI Framework component of Oracle Sie CVE-2017-10263 (Vulnerability in the Siebel UI Framework component of Oracle Siebel ...) NOT-FOR-US: Oracle CVE-2017-10262 (Vulnerability in the Oracle Access Manager component of Oracle Fusion ...) - TODO: check + NOT-FOR-US: Oracle CVE-2017-10261 (Vulnerability in the XML Database component of Oracle Database Server. ...) NOT-FOR-US: Oracle CVE-2017-10260 (Vulnerability in the Oracle Integrated Lights Out Manager (ILOM) ...) @@ -41732,7 +41732,7 @@ CVE-2017-10070 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub CVE-2017-10069 (Vulnerability in the Oracle Payment Interface component of Oracle ...) NOT-FOR-US: Oracle CVE-2017-10068 (Vulnerability in the Oracle Business Intelligence Enterprise Edition ...) - TODO: check + NOT-FOR-US: Oracle CVE-2017-10067 (Vulnerability in the Java SE component of Oracle Java SE ...) {DSA-3954-1 DSA-3919-1 DLA-1073-1} - openjdk-8 8u141-b15-1 @@ -50026,7 +50026,7 @@ CVE-2017-7353 CVE-2017-7352 (Stored Cross-site scripting (XSS) vulnerability in Pure Storage Purity ...) NOT-FOR-US: Pure Storage Purity CVE-2017-7351 (A SQL injection issue exists in a file upload handler in REDCap 7.x ...) - TODO: check + NOT-FOR-US: REDCap CVE-2017-7350 RESERVED CVE-2017-7349 @@ -53682,13 +53682,13 @@ CVE-2017-6203 CVE-2017-6202 RESERVED CVE-2017-6201 (A Server Side Request Forgery vulnerability exists in the install app ...) - TODO: check + NOT-FOR-US: Sandstorm CVE-2017-6200 (Sandstorm before build 0.203 allows remote attackers to read any ...) - TODO: check + NOT-FOR-US: Sandstorm CVE-2017-6199 (A remote attacker could bypass the Sandstorm organization restriction ...) - TODO: check + NOT-FOR-US: Sandstorm CVE-2017-6198 (The Supervisor in Sandstorm doesn't set and enforce the resource ...) - TODO: check + NOT-FOR-US: Sandstorm CVE-2017-6197 (The r_read_* functions in libr/include/r_endian.h in radare2 1.2.1 ...) {DLA-837-1} - radare2 1.1.0+dfsg-2 (bug #856063) @@ -53714,9 +53714,9 @@ CVE-2017-6194 (The relocs function in libr/bin/p/bin_bflt.c in radare2 1.2.1 all NOTE: https://github.com/radare/radare2/commit/72794dc3523bbd5bb370de3c5857cb736c387e18 (1.3.0-git) NOTE: https://github.com/radare/radare2/issues/6829 CVE-2017-6193 (Buffer overflow in APNGDis 2.8 and earlier allows remote attackers to ...) - TODO: check + NOT-FOR-US: APNGDis CVE-2017-6192 (Buffer overflow in APNGDis 2.8 and earlier allows a remote attackers ...) - TODO: check + NOT-FOR-US: APNGDis CVE-2017-6191 (Buffer overflow in APNGDis 2.8 and below allows a remote attacker to ...) NOT-FOR-US: APNGDis CVE-2017-6190 (Directory traversal vulnerability in the web interface on the D-Link ...) @@ -54986,7 +54986,7 @@ CVE-2017-5729 (Frame replay vulnerability in Wi-Fi subsystem in Intel Dual-Band CVE-2017-5728 RESERVED CVE-2017-5727 (Pointer dereference in subsystem in Intel Graphics Driver 15.40.x.x, ...) - TODO: check + NOT-FOR-US: Intel CVE-2017-5726 RESERVED CVE-2017-5725 @@ -55077,7 +55077,7 @@ CVE-2017-5698 (Intel Active Management Technology, Intel Standard Manageability, CVE-2017-5697 (Insufficient clickjacking protection in the Web User Interface of ...) NOT-FOR-US: Intel CVE-2017-5696 (Untrusted search path in Intel Graphics Driver 15.40.x.x, 15.45.x.x, ...) - TODO: check + NOT-FOR-US: Intel CVE-2017-5695 (Data corruption vulnerability in firmware in Intel Solid-State Drive ...) NOT-FOR-US: Intel CVE-2017-5694 (Data corruption vulnerability in firmware in Intel Solid-State Drive ...) @@ -57107,11 +57107,11 @@ CVE-2017-5253 CVE-2017-5252 RESERVED CVE-2017-5251 (In version 1012 and prior of Insteon's Insteon Hub, the radio ...) - TODO: check + NOT-FOR-US: Insteon CVE-2017-5250 (In version 1.9.7 and prior of Insteon's Insteon for Hub Android app, ...) - TODO: check + NOT-FOR-US: Insteon CVE-2017-5249 (In version 6.1.0.19 and prior of Wink Labs's Wink - Smart Home Android ...) - TODO: check + NOT-FOR-US: Wink CVE-2017-5248 RESERVED CVE-2017-5247 (Biscom Secure File Transfer is vulnerable to cross-site scripting in ...) @@ -63073,7 +63073,7 @@ CVE-2017-3162 (HDFS clients interact with a servlet on the DataNode to browse th CVE-2017-3161 (The HDFS web UI in Apache Hadoop before 2.7.0 is vulnerable to a ...) - hadoop <itp> (bug #793644) CVE-2017-3160 (After the Android platform is added to Cordova the first time, or ...) - TODO: check + NOT-FOR-US: Apache Cordova CVE-2017-3159 (Apache Camel's camel-snakeyaml component is vulnerable to Java object ...) NOT-FOR-US: Apache Camel CVE-2017-3158 (A race condition in Guacamole's terminal emulator in versions 0.9.5 ...) @@ -68689,11 +68689,11 @@ CVE-2017-0847 (An elevation of privilege vulnerability in the Android media fram CVE-2017-0846 (An information disclosure vulnerability in the Android framework ...) NOT-FOR-US: Android CVE-2017-0845 (A denial of service vulnerability in the Android framework ...) - TODO: check + NOT-FOR-US: Android CVE-2017-0844 RESERVED CVE-2017-0843 (An elevation of privilege vulnerability in the MediaTek ccci. Product: ...) - TODO: check + NOT-FOR-US: MediaTek component for Android CVE-2017-0842 (An elevation of privilege vulnerability in the Android system ...) NOT-FOR-US: Fluoride Bluetooth stack in Android CVE-2017-0841 (A remote code execution vulnerability in the Android system ...) @@ -79381,7 +79381,7 @@ CVE-2016-6814 (When an application with unsupported Codehaus versions of Groovy - groovy2 <removed> [jessie] - groovy2 2.2.2+dfsg-3+deb8u2 CVE-2016-6813 (Apache CloudStack 4.1 to 4.8.1.0 and 4.9.0.0 contain an API call ...) - TODO: check + NOT-FOR-US: Apache CloudStack CVE-2016-6812 (The HTTP transport module in Apache CXF prior to 3.0.12 and 3.1.x ...) NOT-FOR-US: Apache CXF CVE-2016-6811 @@ -107886,7 +107886,7 @@ CVE-2015-6546 (The vCMP host in F5 BIG-IP Analytics, APM, ASM, GTM, Link Control CVE-2015-6545 (Cross-site request forgery (CSRF) vulnerability in ajax.php in Cerb ...) NOT-FOR-US: Cerb CVE-2015-6544 (Cross-site scripting (XSS) vulnerability in ...) - TODO: check + NOT-FOR-US: Combodo CVE-2015-6543 RESERVED CVE-2015-6542 @@ -139332,7 +139332,7 @@ CVE-2014-4921 CVE-2014-4920 RESERVED CVE-2014-4919 (OXID eShop Professional Edition before 4.7.13 and 4.8.x before 4.8.7, ...) - TODO: check + NOT-FOR-US: OXID eShop CVE-2014-4918 RESERVED NOT-FOR-US: TR-069 Auto Configuration Servers View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e6800e5dc997605ffb8a2dddba009166a0f8e25d --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e6800e5dc997605ffb8a2dddba009166a0f8e25d You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits