Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 797bf2a5 by security tracker role at 2018-03-05T21:10:19+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,67 @@ +CVE-2018-7700 + RESERVED +CVE-2018-7699 + RESERVED +CVE-2018-7698 (An issue was discovered in D-Link mydlink+ 3.8.5 build 259 for DCS-933L ...) + TODO: check +CVE-2018-7697 + RESERVED +CVE-2018-7696 + RESERVED +CVE-2018-7695 + RESERVED +CVE-2018-7694 + RESERVED +CVE-2018-7693 + RESERVED +CVE-2018-7692 + RESERVED +CVE-2018-7691 + RESERVED +CVE-2018-7690 + RESERVED +CVE-2018-7689 + RESERVED +CVE-2018-7688 + RESERVED +CVE-2018-7687 + RESERVED +CVE-2018-7686 + RESERVED +CVE-2018-7685 + RESERVED +CVE-2018-7684 + RESERVED +CVE-2018-7683 + RESERVED +CVE-2018-7682 + RESERVED +CVE-2018-7681 + RESERVED +CVE-2018-7680 + RESERVED +CVE-2018-7679 + RESERVED +CVE-2018-7678 + RESERVED +CVE-2018-7677 + RESERVED +CVE-2018-7676 + RESERVED +CVE-2018-7675 + RESERVED +CVE-2018-7674 + RESERVED +CVE-2018-7673 + RESERVED +CVE-2017-18218 (In drivers/net/ethernet/hisilicon/hns/hns_enet.c in the Linux kernel ...) + TODO: check +CVE-2017-18217 (An issue was discovered in InvoicePlane before 1.5.5. It was observed ...) + TODO: check +CVE-2017-18216 (In fs/ocfs2/cluster/nodemanager.c in the Linux kernel before 4.15, ...) + TODO: check +CVE-2017-18215 (xvpng.c in xv 3.10a has memory corruption (out-of-bounds write) when ...) + TODO: check CVE-2018-7672 RESERVED CVE-2018-7671 @@ -66,7 +130,7 @@ CVE-2018-7651 (index.js in the ssri module before 5.2.2 for Node.js is prone to NOTE: https://github.com/zkat/ssri/issues/10 NOTE: https://nodesecurity.io/advisories/565 NOTE: nodejs not covered by security support -CVE-2018-1000115 [Insufficient Control of Network Message Volume] +CVE-2018-1000115 (Memcached version 1.5.5 contains an Insufficient Control of Network ...) - memcached <unfixed> [stretch] - memcached <no-dsa> (Minor issue; Debian defaults to listen only on localhost) [jessie] - memcached <no-dsa> (Minor issue; Debian defaults to listen only on localhost) @@ -443,15 +507,14 @@ CVE-2018-7542 (An issue was discovered in Xen 4.8.x through 4.10.x allowing x86 [wheezy] - xen <not-affected> (Vulnerable code introduced later) NOTE: https://xenbits.xen.org/xsa/advisory-256.html CVE-2018-7541 (An issue was discovered in Xen through 4.10.x allowing guest OS users ...) - {DSA-4131-1} + {DSA-4131-1 DLA-1300-1} - xen <unfixed> NOTE: https://xenbits.xen.org/xsa/advisory-255.html CVE-2018-7540 (An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS ...) - {DSA-4131-1} + {DSA-4131-1 DLA-1300-1} - xen <unfixed> NOTE: https://xenbits.xen.org/xsa/advisory-252.html -CVE-2018-7644 [SSPSA 201802-01: Check for supported signature algorithms when casting a key] - RESERVED +CVE-2018-7644 (The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp ...) {DSA-4127-1 DLA-1298-1} - simplesamlphp 1.15.3-1 NOTE: https://simplesamlphp.org/security/201802-01 @@ -544,8 +607,8 @@ CVE-2018-7495 RESERVED CVE-2018-7494 RESERVED -CVE-2018-7493 - RESERVED +CVE-2018-7493 (CactusVPN through 6.0 for macOS suffers from a root privilege ...) + TODO: check CVE-2017-18204 (The ocfs2_setattr function in fs/ocfs2/file.c in the Linux kernel ...) - linux 4.14.2-1 [stretch] - linux 4.9.65-1 @@ -1666,7 +1729,7 @@ CVE-2018-1000068 (An improper input validation vulnerability exists in Jenkins v - jenkins <removed> CVE-2018-1000067 (An improper authorization vulnerability exists in Jenkins versions ...) - jenkins <removed> -CVE-2018-7172 (In index.php in WonderCMS 2.4.0, remote attackers can delete arbitrary ...) +CVE-2018-7172 (In index.php in WonderCMS before 2.4.1, remote attackers can delete ...) NOT-FOR-US: WonderCMS CVE-2018-7171 RESERVED @@ -6318,20 +6381,20 @@ CVE-2018-5457 (A uncontrolled search path element issue was discovered in Vyaire NOT-FOR-US: Vyaire Medical CareFusion Upgrade Utility CVE-2018-5456 RESERVED -CVE-2018-5455 - RESERVED +CVE-2018-5455 (A Reliance on Cookies without Validation and Integrity Checking issue ...) + TODO: check CVE-2018-5454 RESERVED -CVE-2018-5453 - RESERVED +CVE-2018-5453 (An Improper Handling of Length Parameter Inconsistency issue was ...) + TODO: check CVE-2018-5452 RESERVED CVE-2018-5451 RESERVED CVE-2018-5450 RESERVED -CVE-2018-5449 - RESERVED +CVE-2018-5449 (A NULL Pointer Dereference issue was discovered in Moxa OnCell ...) + TODO: check CVE-2018-5448 RESERVED CVE-2018-5447 (An Improper Input Validation issue was discovered in Nari PCS-9611 ...) @@ -6893,8 +6956,8 @@ CVE-2018-5256 RESERVED CVE-2014-10069 (Hitron CVE-30360 devices use a 578A958E3DD933FC DES key that is shared ...) NOT-FOR-US: Hitron CVE-30360 devices -CVE-2018-5255 - RESERVED +CVE-2018-5255 (The Mlag agent in Arista EOS 4.19 before 4.19.4M and 4.20 before ...) + TODO: check CVE-2018-5254 RESERVED CVE-2018-5253 (The AP4_FtypAtom class in Core/Ap4FtypAtom.cpp in Bento4 1.5.1.0 has an ...) @@ -17043,8 +17106,8 @@ CVE-2018-1318 RESERVED CVE-2018-1317 RESERVED -CVE-2018-1316 - RESERVED +CVE-2018-1316 (The ODE process deployment web service was sensible to deployment ...) + TODO: check CVE-2018-1315 RESERVED CVE-2018-1314 @@ -17462,8 +17525,7 @@ CVE-2017-17430 (Sangoma NetBorder / Vega Session Controller before 2.3.12-80-GA NOT-FOR-US: Sangoma NetBorder / Vega Session Controller CVE-2017-17429 (In K7 Antivirus Premium before 15.1.0.53, user-controlled input to the ...) NOT-FOR-US: K7 Antivirus -CVE-2017-17428 - RESERVED +CVE-2017-17428 (Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development ...) NOT-FOR-US: Cisco ACE NOTE: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher NOTE: https://robotattack.org/ @@ -18411,34 +18473,34 @@ CVE-2017-17146 RESERVED CVE-2017-17145 RESERVED -CVE-2017-17144 - RESERVED -CVE-2017-17143 - RESERVED -CVE-2017-17142 - RESERVED -CVE-2017-17141 - RESERVED -CVE-2017-17140 - RESERVED -CVE-2017-17139 - RESERVED -CVE-2017-17138 - RESERVED -CVE-2017-17137 - RESERVED -CVE-2017-17136 - RESERVED -CVE-2017-17135 - RESERVED -CVE-2017-17134 - RESERVED -CVE-2017-17133 - RESERVED -CVE-2017-17132 - RESERVED -CVE-2017-17131 - RESERVED +CVE-2017-17144 (Backup feature of SIP module in Huawei DP300 V500R002C00; ...) + TODO: check +CVE-2017-17143 (SIP module in Huawei DP300 V500R002C00; V500R002C00SPC100; ...) + TODO: check +CVE-2017-17142 (SIP module in Huawei DP300 V500R002C00; V500R002C00SPC100; ...) + TODO: check +CVE-2017-17141 (Huawei S12700 V200R005C00; V200R006C00; V200R007C00; V200R007C01; ...) + TODO: check +CVE-2017-17140 (Huawei Enjoy 5s and Y6 Pro smartphones with software the versions ...) + TODO: check +CVE-2017-17139 (Huawei Mate 9 and Mate 9 pro smart phones with software the versions ...) + TODO: check +CVE-2017-17138 (PEM module of DP300 V500R002C00; IPS Module V500R001C00; V500R001C30; ...) + TODO: check +CVE-2017-17137 (PEM module of Huawei DP300 V500R002C00; IPS Module V500R001C00; ...) + TODO: check +CVE-2017-17136 (PEM module of Huawei DP300 V500R002C00; IPS Module V500R001C00; ...) + TODO: check +CVE-2017-17135 (PEM module of Huawei DP300 V500R002C00; IPS Module V500R001C00; ...) + TODO: check +CVE-2017-17134 (XML parser in Huawei DP300 V500R002C00; RP200 V500R002C00SPC200; ...) + TODO: check +CVE-2017-17133 (Huawei VP9660 V500R002C10 has a null pointer reference vulnerability ...) + TODO: check +CVE-2017-17132 (Huawei VP9660 V500R002C10 has a uncontrolled format string ...) + TODO: check +CVE-2017-17131 (Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 ...) + TODO: check CVE-2017-17130 (The ff_free_picture_tables function in libavcodec/mpegpicture.c in ...) - libav <removed> NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1100 @@ -19858,14 +19920,12 @@ CVE-2018-0493 RESERVED CVE-2018-0492 RESERVED -CVE-2018-0491 [TROVE-2018-002: KIST use-after-free can be remotely triggered] - RESERVED +CVE-2018-0491 (A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10. ...) - tor 0.3.2.10-1 NOTE: https://trac.torproject.org/projects/tor/ticket/25117 NOTE: https://trac.torproject.org/projects/tor/ticket/24700 NOTE: https://blog.torproject.org/new-stable-tor-releases-security-fixes-and-dos-prevention-03210-03110-02915 -CVE-2018-0490 [TROVE-2018-001: null-pointer crash in directory authority protocol list code] - RESERVED +CVE-2018-0490 (An issue was discovered in Tor before 0.2.9.15, 0.3.1.x before ...) - tor 0.3.2.10-1 NOTE: https://trac.torproject.org/projects/tor/ticket/25074 NOTE: https://blog.torproject.org/new-stable-tor-releases-security-fixes-and-dos-prevention-03210-03110-02915 @@ -21015,8 +21075,8 @@ CVE-2017-16924 (Remote Information Disclosure and Escalation of Privileges in .. NOT-FOR-US: ManageEngine Desktop Central CVE-2017-16923 (Command Injection vulnerability in app_data_center on Shenzhen Tenda ...) NOT-FOR-US: Shenzhen Tenda -CVE-2017-16922 - RESERVED +CVE-2017-16922 (In com.wowza.wms.timedtext.http.HTTPProviderCaptionFile in Wowza ...) + TODO: check CVE-2017-16921 (In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including ...) {DSA-4066-1 DLA-1212-1} - otrs2 6.0.2-1 (bug #883774) @@ -47484,10 +47544,10 @@ CVE-2017-8167 (Huawei firewall products USG9500 V500R001C50 has a DoS vulnerabil NOT-FOR-US: Huawei CVE-2017-8166 (Huawei mobile phones Honor V9 with the software versions before ...) NOT-FOR-US: Huawei -CVE-2017-8165 - RESERVED -CVE-2017-8164 - RESERVED +CVE-2017-8165 (Mate 9 Huawei smart phones with versions earlier than MHA-AL00BC00B233 ...) + TODO: check +CVE-2017-8164 (Some Huawei smart phones with software EVA-L09C34B142; EVA-L09C40B196; ...) + TODO: check CVE-2017-8163 (AR120-S with software V200R006C10, V200R007C00, V200R008C20, ...) NOT-FOR-US: Huawei CVE-2017-8162 (AR120-S with software V200R006C10, V200R007C00, V200R008C20, ...) @@ -49463,8 +49523,8 @@ CVE-2017-7635 RESERVED CVE-2017-7634 RESERVED -CVE-2017-7633 - RESERVED +CVE-2017-7633 (QNAP Qfinder Pro 6.1.0.0317 and earlier may expose sensitive ...) + TODO: check CVE-2017-7632 RESERVED CVE-2017-7631 @@ -50302,8 +50362,8 @@ CVE-2017-7439 (NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 NOT-FOR-US: NetApp CVE-2017-7438 (NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed ...) NOT-FOR-US: NetIQ Privileged Account Manager -CVE-2017-7437 - RESERVED +CVE-2017-7437 (NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed ...) + TODO: check CVE-2017-7436 (In libzypp before 20170803 it was possible to retrieve unsigned ...) - libzypp <unfixed> CVE-2017-7435 (In libzypp before 20170803 it was possible to add unsigned YUM ...) @@ -50322,8 +50382,8 @@ CVE-2017-7429 (The certificate upload in NetIQ eDirectory PKI plugin before 8.8. NOT-FOR-US: NetIQ eDirectory PKI plugin CVE-2017-7428 (NetIQ iManager 3.x before 3.0.3.1 has an issue in the renegotiation of ...) NOT-FOR-US: NetIQ iManager -CVE-2017-7427 - RESERVED +CVE-2017-7427 (Multiple cross site scripting attacks were found in the Identity ...) + TODO: check CVE-2017-7426 (The NetIQ Identity Manager Plugins before 4.6.1 contained various XML ...) NOT-FOR-US: NetIQ Identity Manager Plugins CVE-2017-7425 (Multiple potential reflected XSS issues exist in NetIQ iManager ...) @@ -225381,7 +225441,7 @@ CVE-2009-2414 (Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26 - libxml2 2.7.3.dfsg-2.1 (medium; bug #540865) - libxml <removed> CVE-2009-2413 - RESERVED + REJECTED CVE-2009-2412 (Multiple integer overflows in the Apache Portable Runtime (APR) ...) {DSA-1854-1} - apr 1.3.8-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/797bf2a5acb02e00fa099181049f8bf433dfef26 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/797bf2a5acb02e00fa099181049f8bf433dfef26 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits