Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
797bf2a5 by security tracker role at 2018-03-05T21:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,67 @@
+CVE-2018-7700
+ RESERVED
+CVE-2018-7699
+ RESERVED
+CVE-2018-7698 (An issue was discovered in D-Link mydlink+ 3.8.5 build 259 for
DCS-933L ...)
+ TODO: check
+CVE-2018-7697
+ RESERVED
+CVE-2018-7696
+ RESERVED
+CVE-2018-7695
+ RESERVED
+CVE-2018-7694
+ RESERVED
+CVE-2018-7693
+ RESERVED
+CVE-2018-7692
+ RESERVED
+CVE-2018-7691
+ RESERVED
+CVE-2018-7690
+ RESERVED
+CVE-2018-7689
+ RESERVED
+CVE-2018-7688
+ RESERVED
+CVE-2018-7687
+ RESERVED
+CVE-2018-7686
+ RESERVED
+CVE-2018-7685
+ RESERVED
+CVE-2018-7684
+ RESERVED
+CVE-2018-7683
+ RESERVED
+CVE-2018-7682
+ RESERVED
+CVE-2018-7681
+ RESERVED
+CVE-2018-7680
+ RESERVED
+CVE-2018-7679
+ RESERVED
+CVE-2018-7678
+ RESERVED
+CVE-2018-7677
+ RESERVED
+CVE-2018-7676
+ RESERVED
+CVE-2018-7675
+ RESERVED
+CVE-2018-7674
+ RESERVED
+CVE-2018-7673
+ RESERVED
+CVE-2017-18218 (In drivers/net/ethernet/hisilicon/hns/hns_enet.c in the Linux
kernel ...)
+ TODO: check
+CVE-2017-18217 (An issue was discovered in InvoicePlane before 1.5.5. It was
observed ...)
+ TODO: check
+CVE-2017-18216 (In fs/ocfs2/cluster/nodemanager.c in the Linux kernel before
4.15, ...)
+ TODO: check
+CVE-2017-18215 (xvpng.c in xv 3.10a has memory corruption (out-of-bounds
write) when ...)
+ TODO: check
CVE-2018-7672
RESERVED
CVE-2018-7671
@@ -66,7 +130,7 @@ CVE-2018-7651 (index.js in the ssri module before 5.2.2 for
Node.js is prone to
NOTE: https://github.com/zkat/ssri/issues/10
NOTE: https://nodesecurity.io/advisories/565
NOTE: nodejs not covered by security support
-CVE-2018-1000115 [Insufficient Control of Network Message Volume]
+CVE-2018-1000115 (Memcached version 1.5.5 contains an Insufficient Control of
Network ...)
- memcached <unfixed>
[stretch] - memcached <no-dsa> (Minor issue; Debian defaults to listen
only on localhost)
[jessie] - memcached <no-dsa> (Minor issue; Debian defaults to listen
only on localhost)
@@ -443,15 +507,14 @@ CVE-2018-7542 (An issue was discovered in Xen 4.8.x
through 4.10.x allowing x86
[wheezy] - xen <not-affected> (Vulnerable code introduced later)
NOTE: https://xenbits.xen.org/xsa/advisory-256.html
CVE-2018-7541 (An issue was discovered in Xen through 4.10.x allowing guest OS
users ...)
- {DSA-4131-1}
+ {DSA-4131-1 DLA-1300-1}
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-255.html
CVE-2018-7540 (An issue was discovered in Xen through 4.10.x allowing x86 PV
guest OS ...)
- {DSA-4131-1}
+ {DSA-4131-1 DLA-1300-1}
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-252.html
-CVE-2018-7644 [SSPSA 201802-01: Check for supported signature algorithms when
casting a key]
- RESERVED
+CVE-2018-7644 (The XmlSecLibs library as used in the saml2 library in
SimpleSAMLphp ...)
{DSA-4127-1 DLA-1298-1}
- simplesamlphp 1.15.3-1
NOTE: https://simplesamlphp.org/security/201802-01
@@ -544,8 +607,8 @@ CVE-2018-7495
RESERVED
CVE-2018-7494
RESERVED
-CVE-2018-7493
- RESERVED
+CVE-2018-7493 (CactusVPN through 6.0 for macOS suffers from a root privilege
...)
+ TODO: check
CVE-2017-18204 (The ocfs2_setattr function in fs/ocfs2/file.c in the Linux
kernel ...)
- linux 4.14.2-1
[stretch] - linux 4.9.65-1
@@ -1666,7 +1729,7 @@ CVE-2018-1000068 (An improper input validation
vulnerability exists in Jenkins v
- jenkins <removed>
CVE-2018-1000067 (An improper authorization vulnerability exists in Jenkins
versions ...)
- jenkins <removed>
-CVE-2018-7172 (In index.php in WonderCMS 2.4.0, remote attackers can delete
arbitrary ...)
+CVE-2018-7172 (In index.php in WonderCMS before 2.4.1, remote attackers can
delete ...)
NOT-FOR-US: WonderCMS
CVE-2018-7171
RESERVED
@@ -6318,20 +6381,20 @@ CVE-2018-5457 (A uncontrolled search path element issue
was discovered in Vyaire
NOT-FOR-US: Vyaire Medical CareFusion Upgrade Utility
CVE-2018-5456
RESERVED
-CVE-2018-5455
- RESERVED
+CVE-2018-5455 (A Reliance on Cookies without Validation and Integrity Checking
issue ...)
+ TODO: check
CVE-2018-5454
RESERVED
-CVE-2018-5453
- RESERVED
+CVE-2018-5453 (An Improper Handling of Length Parameter Inconsistency issue
was ...)
+ TODO: check
CVE-2018-5452
RESERVED
CVE-2018-5451
RESERVED
CVE-2018-5450
RESERVED
-CVE-2018-5449
- RESERVED
+CVE-2018-5449 (A NULL Pointer Dereference issue was discovered in Moxa OnCell
...)
+ TODO: check
CVE-2018-5448
RESERVED
CVE-2018-5447 (An Improper Input Validation issue was discovered in Nari
PCS-9611 ...)
@@ -6893,8 +6956,8 @@ CVE-2018-5256
RESERVED
CVE-2014-10069 (Hitron CVE-30360 devices use a 578A958E3DD933FC DES key that
is shared ...)
NOT-FOR-US: Hitron CVE-30360 devices
-CVE-2018-5255
- RESERVED
+CVE-2018-5255 (The Mlag agent in Arista EOS 4.19 before 4.19.4M and 4.20
before ...)
+ TODO: check
CVE-2018-5254
RESERVED
CVE-2018-5253 (The AP4_FtypAtom class in Core/Ap4FtypAtom.cpp in Bento4
1.5.1.0 has an ...)
@@ -17043,8 +17106,8 @@ CVE-2018-1318
RESERVED
CVE-2018-1317
RESERVED
-CVE-2018-1316
- RESERVED
+CVE-2018-1316 (The ODE process deployment web service was sensible to
deployment ...)
+ TODO: check
CVE-2018-1315
RESERVED
CVE-2018-1314
@@ -17462,8 +17525,7 @@ CVE-2017-17430 (Sangoma NetBorder / Vega Session
Controller before 2.3.12-80-GA
NOT-FOR-US: Sangoma NetBorder / Vega Session Controller
CVE-2017-17429 (In K7 Antivirus Premium before 15.1.0.53, user-controlled
input to the ...)
NOT-FOR-US: K7 Antivirus
-CVE-2017-17428
- RESERVED
+CVE-2017-17428 (Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software
development ...)
NOT-FOR-US: Cisco ACE
NOTE:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher
NOTE: https://robotattack.org/
@@ -18411,34 +18473,34 @@ CVE-2017-17146
RESERVED
CVE-2017-17145
RESERVED
-CVE-2017-17144
- RESERVED
-CVE-2017-17143
- RESERVED
-CVE-2017-17142
- RESERVED
-CVE-2017-17141
- RESERVED
-CVE-2017-17140
- RESERVED
-CVE-2017-17139
- RESERVED
-CVE-2017-17138
- RESERVED
-CVE-2017-17137
- RESERVED
-CVE-2017-17136
- RESERVED
-CVE-2017-17135
- RESERVED
-CVE-2017-17134
- RESERVED
-CVE-2017-17133
- RESERVED
-CVE-2017-17132
- RESERVED
-CVE-2017-17131
- RESERVED
+CVE-2017-17144 (Backup feature of SIP module in Huawei DP300 V500R002C00; ...)
+ TODO: check
+CVE-2017-17143 (SIP module in Huawei DP300 V500R002C00; V500R002C00SPC100; ...)
+ TODO: check
+CVE-2017-17142 (SIP module in Huawei DP300 V500R002C00; V500R002C00SPC100; ...)
+ TODO: check
+CVE-2017-17141 (Huawei S12700 V200R005C00; V200R006C00; V200R007C00;
V200R007C01; ...)
+ TODO: check
+CVE-2017-17140 (Huawei Enjoy 5s and Y6 Pro smartphones with software the
versions ...)
+ TODO: check
+CVE-2017-17139 (Huawei Mate 9 and Mate 9 pro smart phones with software the
versions ...)
+ TODO: check
+CVE-2017-17138 (PEM module of DP300 V500R002C00; IPS Module V500R001C00;
V500R001C30; ...)
+ TODO: check
+CVE-2017-17137 (PEM module of Huawei DP300 V500R002C00; IPS Module
V500R001C00; ...)
+ TODO: check
+CVE-2017-17136 (PEM module of Huawei DP300 V500R002C00; IPS Module
V500R001C00; ...)
+ TODO: check
+CVE-2017-17135 (PEM module of Huawei DP300 V500R002C00; IPS Module
V500R001C00; ...)
+ TODO: check
+CVE-2017-17134 (XML parser in Huawei DP300 V500R002C00; RP200
V500R002C00SPC200; ...)
+ TODO: check
+CVE-2017-17133 (Huawei VP9660 V500R002C10 has a null pointer reference
vulnerability ...)
+ TODO: check
+CVE-2017-17132 (Huawei VP9660 V500R002C10 has a uncontrolled format string ...)
+ TODO: check
+CVE-2017-17131 (Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30
...)
+ TODO: check
CVE-2017-17130 (The ff_free_picture_tables function in
libavcodec/mpegpicture.c in ...)
- libav <removed>
NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1100
@@ -19858,14 +19920,12 @@ CVE-2018-0493
RESERVED
CVE-2018-0492
RESERVED
-CVE-2018-0491 [TROVE-2018-002: KIST use-after-free can be remotely triggered]
- RESERVED
+CVE-2018-0491 (A use-after-free issue was discovered in Tor 0.3.2.x before
0.3.2.10. ...)
- tor 0.3.2.10-1
NOTE: https://trac.torproject.org/projects/tor/ticket/25117
NOTE: https://trac.torproject.org/projects/tor/ticket/24700
NOTE:
https://blog.torproject.org/new-stable-tor-releases-security-fixes-and-dos-prevention-03210-03110-02915
-CVE-2018-0490 [TROVE-2018-001: null-pointer crash in directory authority
protocol list code]
- RESERVED
+CVE-2018-0490 (An issue was discovered in Tor before 0.2.9.15, 0.3.1.x before
...)
- tor 0.3.2.10-1
NOTE: https://trac.torproject.org/projects/tor/ticket/25074
NOTE:
https://blog.torproject.org/new-stable-tor-releases-security-fixes-and-dos-prevention-03210-03110-02915
@@ -21015,8 +21075,8 @@ CVE-2017-16924 (Remote Information Disclosure and
Escalation of Privileges in ..
NOT-FOR-US: ManageEngine Desktop Central
CVE-2017-16923 (Command Injection vulnerability in app_data_center on Shenzhen
Tenda ...)
NOT-FOR-US: Shenzhen Tenda
-CVE-2017-16922
- RESERVED
+CVE-2017-16922 (In com.wowza.wms.timedtext.http.HTTPProviderCaptionFile in
Wowza ...)
+ TODO: check
CVE-2017-16921 (In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and
including ...)
{DSA-4066-1 DLA-1212-1}
- otrs2 6.0.2-1 (bug #883774)
@@ -47484,10 +47544,10 @@ CVE-2017-8167 (Huawei firewall products USG9500
V500R001C50 has a DoS vulnerabil
NOT-FOR-US: Huawei
CVE-2017-8166 (Huawei mobile phones Honor V9 with the software versions before
...)
NOT-FOR-US: Huawei
-CVE-2017-8165
- RESERVED
-CVE-2017-8164
- RESERVED
+CVE-2017-8165 (Mate 9 Huawei smart phones with versions earlier than
MHA-AL00BC00B233 ...)
+ TODO: check
+CVE-2017-8164 (Some Huawei smart phones with software EVA-L09C34B142;
EVA-L09C40B196; ...)
+ TODO: check
CVE-2017-8163 (AR120-S with software V200R006C10, V200R007C00, V200R008C20,
...)
NOT-FOR-US: Huawei
CVE-2017-8162 (AR120-S with software V200R006C10, V200R007C00, V200R008C20,
...)
@@ -49463,8 +49523,8 @@ CVE-2017-7635
RESERVED
CVE-2017-7634
RESERVED
-CVE-2017-7633
- RESERVED
+CVE-2017-7633 (QNAP Qfinder Pro 6.1.0.0317 and earlier may expose sensitive
...)
+ TODO: check
CVE-2017-7632
RESERVED
CVE-2017-7631
@@ -50302,8 +50362,8 @@ CVE-2017-7439 (NetApp OnCommand Unified Manager Core
Package 5.x before 5.2.2P1
NOT-FOR-US: NetApp
CVE-2017-7438 (NetIQ Privileged Account Manager before 3.1 Patch Update 3
allowed ...)
NOT-FOR-US: NetIQ Privileged Account Manager
-CVE-2017-7437
- RESERVED
+CVE-2017-7437 (NetIQ Privileged Account Manager before 3.1 Patch Update 3
allowed ...)
+ TODO: check
CVE-2017-7436 (In libzypp before 20170803 it was possible to retrieve unsigned
...)
- libzypp <unfixed>
CVE-2017-7435 (In libzypp before 20170803 it was possible to add unsigned YUM
...)
@@ -50322,8 +50382,8 @@ CVE-2017-7429 (The certificate upload in NetIQ
eDirectory PKI plugin before 8.8.
NOT-FOR-US: NetIQ eDirectory PKI plugin
CVE-2017-7428 (NetIQ iManager 3.x before 3.0.3.1 has an issue in the
renegotiation of ...)
NOT-FOR-US: NetIQ iManager
-CVE-2017-7427
- RESERVED
+CVE-2017-7427 (Multiple cross site scripting attacks were found in the
Identity ...)
+ TODO: check
CVE-2017-7426 (The NetIQ Identity Manager Plugins before 4.6.1 contained
various XML ...)
NOT-FOR-US: NetIQ Identity Manager Plugins
CVE-2017-7425 (Multiple potential reflected XSS issues exist in NetIQ iManager
...)
@@ -225381,7 +225441,7 @@ CVE-2009-2414 (Stack consumption vulnerability in
libxml2 2.5.10, 2.6.16, 2.6.26
- libxml2 2.7.3.dfsg-2.1 (medium; bug #540865)
- libxml <removed>
CVE-2009-2413
- RESERVED
+ REJECTED
CVE-2009-2412 (Multiple integer overflows in the Apache Portable Runtime (APR)
...)
{DSA-1854-1}
- apr 1.3.8-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/797bf2a5acb02e00fa099181049f8bf433dfef26
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/797bf2a5acb02e00fa099181049f8bf433dfef26
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
