Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: af8d7294 by security tracker role at 2018-03-29T20:10:19+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,7 @@ +CVE-2018-9125 + RESERVED +CVE-2018-9124 + RESERVED CVE-2018-9123 (In Crea8social 2018.2, there is Stored Cross-Site Scripting via a User ...) TODO: check CVE-2018-9122 (In Crea8social 2018.2, there is Reflected Cross-Site Scripting via the ...) @@ -196,8 +200,8 @@ CVE-2018-9033 RESERVED CVE-2018-9032 (An authentication bypass vulnerability on D-Link DIR-850L Wireless ...) NOT-FOR-US: D-Link -CVE-2018-9031 - RESERVED +CVE-2018-9031 (The login interface on TNLSoftSolutions Sentry Vision 3.x devices ...) + TODO: check CVE-2018-9030 RESERVED CVE-2018-9029 @@ -3716,6 +3720,7 @@ CVE-2017-18212 (An issue was discovered in JerryScript 1.0. There is a heap-base CVE-2018-7585 RESERVED CVE-2018-7584 (In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and ...) + {DLA-1326-1} - php7.2 7.2.3-1 - php7.1 7.1.15-1 - php7.0 7.0.28-1 @@ -6762,12 +6767,12 @@ CVE-2018-6590 RESERVED CVE-2018-6589 RESERVED -CVE-2018-6588 - RESERVED -CVE-2018-6587 - RESERVED -CVE-2018-6586 - RESERVED +CVE-2018-6588 (CA API Developer Portal 3.5 up to and including 3.5 CR5 has a ...) + TODO: check +CVE-2018-6587 (CA API Developer Portal 3.5 up to and including 3.5 CR6 has a ...) + TODO: check +CVE-2018-6586 (CA API Developer Portal 3.5 up to and including 3.5 CR6 has a stored ...) + TODO: check CVE-2018-1000040 RESERVED CVE-2018-1000039 @@ -10657,10 +10662,10 @@ CVE-2018-5226 RESERVED CVE-2018-5225 (In browser editing in Atlassian Bitbucket Server from version 4.13.0 ...) NOT-FOR-US: Atlassian Bitbucket Server -CVE-2018-5224 - RESERVED -CVE-2018-5223 - RESERVED +CVE-2018-5224 (Bamboo did not correctly check if a configured Mercurial repository ...) + TODO: check +CVE-2018-5223 (Fisheye and Crucible did not correctly check if a configured Mercurial ...) + TODO: check CVE-2018-5222 RESERVED CVE-2018-5221 (Multiple buffer overflows in BarCodeWiz BarCode before 6.7 ActiveX ...) @@ -10845,7 +10850,7 @@ CVE-2018-5147 [out-of-bound write] NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-08/ CVE-2018-5146 [out-of-bound write] RESERVED - {DSA-4155-1 DSA-4143-1 DSA-4140-1 DLA-1319-1} + {DSA-4155-1 DSA-4143-1 DSA-4140-1 DLA-1327-1 DLA-1319-1} - firefox 59.0.1-1 - firefox-esr 52.7.2esr-1 - thunderbird 1:52.7.0-1 @@ -10855,14 +10860,14 @@ CVE-2018-5146 [out-of-bound write] NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/ CVE-2018-5145 RESERVED - {DSA-4155-1 DSA-4139-1 DLA-1308-1} + {DSA-4155-1 DSA-4139-1 DLA-1327-1 DLA-1308-1} - firefox-esr 52.7.0esr-1 - thunderbird 1:52.7.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/ CVE-2018-5144 RESERVED - {DSA-4155-1 DSA-4139-1 DLA-1308-1} + {DSA-4155-1 DSA-4139-1 DLA-1327-1 DLA-1308-1} - firefox-esr 52.7.0esr-1 - thunderbird 1:52.7.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/ @@ -10929,7 +10934,7 @@ CVE-2018-5130 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/ CVE-2018-5129 RESERVED - {DSA-4155-1 DSA-4139-1 DLA-1308-1} + {DSA-4155-1 DSA-4139-1 DLA-1327-1 DLA-1308-1} - firefox 59.0-1 - firefox-esr 52.7.0esr-1 - thunderbird 1:52.7.0-1 @@ -10942,7 +10947,7 @@ CVE-2018-5128 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/ CVE-2018-5127 RESERVED - {DSA-4155-1 DSA-4139-1 DLA-1308-1} + {DSA-4155-1 DSA-4139-1 DLA-1327-1 DLA-1308-1} - firefox 59.0-1 - firefox-esr 52.7.0esr-1 - thunderbird 1:52.7.0-1 @@ -10955,7 +10960,7 @@ CVE-2018-5126 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/ CVE-2018-5125 RESERVED - {DSA-4155-1 DSA-4139-1 DLA-1308-1} + {DSA-4155-1 DSA-4139-1 DLA-1327-1 DLA-1308-1} - firefox 59.0-1 - firefox-esr 52.7.0esr-1 - thunderbird 1:52.7.0-1 @@ -11760,8 +11765,8 @@ CVE-2018-4843 (A vulnerability has been identified in SIMATIC CP 343-1 Advanced NOT-FOR-US: SIMATIC CVE-2018-4842 RESERVED -CVE-2018-4841 - RESERVED +CVE-2018-4841 (A vulnerability has been identified in TIM 1531 IRC (All versions < ...) + TODO: check CVE-2018-4840 (A vulnerability has been identified in Siemens DIGSI 4 (All versions < ...) NOT-FOR-US: Siemens CVE-2018-4839 (A vulnerability has been identified in Siemens DIGSI 4 (All versions < ...) @@ -58858,8 +58863,8 @@ CVE-2017-5949 (JavaScriptCore in WebKit, as distributed in Safari Technology Pre NOTE: Not covered by security support CVE-2017-5948 (An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. ...) NOT-FOR-US: OnePlus One -CVE-2017-5947 - RESERVED +CVE-2017-5947 (An issue was discovered in OnePlus One, X, 2, 3, 3T, and 5 devices ...) + TODO: check CVE-2017-5946 (The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a ...) {DSA-3801-1 DLA-846-1} - ruby-zip 1.2.0-1.1 (bug #856269) @@ -65332,31 +65337,31 @@ CVE-2016-10029 (The virtio_gpu_set_scanout function in QEMU (aka Quick Emulator) NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=2fe760554eb3769d70f608a158474f (v2.7.0-rc0) NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/2 CVE-2017-3789 - RESERVED + REJECTED CVE-2017-3788 - RESERVED + REJECTED CVE-2017-3787 - RESERVED + REJECTED CVE-2017-3786 - RESERVED + REJECTED CVE-2017-3785 - RESERVED + REJECTED CVE-2017-3784 - RESERVED + REJECTED CVE-2017-3783 - RESERVED + REJECTED CVE-2017-3782 - RESERVED + REJECTED CVE-2017-3781 - RESERVED + REJECTED CVE-2017-3780 - RESERVED + REJECTED CVE-2017-3779 - RESERVED + REJECTED CVE-2017-3778 - RESERVED + REJECTED CVE-2017-3777 - RESERVED + REJECTED CVE-2017-3776 RESERVED CVE-2017-3775 @@ -116742,10 +116747,10 @@ CVE-2015-4955 (Cross-site scripting (XSS) vulnerability in IBM Business Process NOT-FOR-US: IBM CVE-2015-4954 (IBM BigFix Remote Control before Interim Fix pack ...) NOT-FOR-US: IBM -CVE-2015-4953 - RESERVED -CVE-2015-4952 - RESERVED +CVE-2015-4953 (IBM BigFix Remote Control before Interim Fix pack ...) + TODO: check +CVE-2015-4952 (The on-demand plugin in IBM Endpoint Manager for Remote Control 9.0.1 ...) + TODO: check CVE-2015-4951 (Client Acceptor Daemon (CAD) in the client in IBM Spectrum Protect ...) NOT-FOR-US: IBM Spectrum Protect CVE-2015-4950 (The mailbox-restore feature in IBM Tivoli Storage Manager for Mail: ...) @@ -125506,8 +125511,8 @@ CVE-2015-2022 RESERVED CVE-2015-2021 RESERVED -CVE-2015-2020 - RESERVED +CVE-2015-2020 (The MyScript SDK before 1.3 for Android might allow attackers to ...) + TODO: check CVE-2015-2019 (IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before ...) NOT-FOR-US: IBM CVE-2015-2018 (IBM Integration Bus 9 and 10 before 10.0.0.1 and WebSphere Message ...) @@ -125528,8 +125533,8 @@ CVE-2015-2011 (The xmlrpc.cgi Webmin script in IBM QRadar SIEM 7.1 MR2 before Pa NOT-FOR-US: IBM CVE-2015-2010 REJECTED -CVE-2015-2009 - RESERVED +CVE-2015-2009 (Cross-site request forgery (CSRF) vulnerability in the xmlrpc.cgi ...) + TODO: check CVE-2015-2008 (IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 and 7.2.x ...) NOT-FOR-US: IBM Security QRadar SIEM CVE-2015-2007 (Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x ...) @@ -125538,16 +125543,16 @@ CVE-2015-2006 RESERVED CVE-2015-2005 (IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 and 7.2.x ...) NOT-FOR-US: IBM Security QRadar SIEM -CVE-2015-2004 - RESERVED -CVE-2015-2003 - RESERVED -CVE-2015-2002 - RESERVED -CVE-2015-2001 - RESERVED -CVE-2015-2000 - RESERVED +CVE-2015-2004 (The GraceNote GNSDK SDK before SVN Changeset 1.1.7 for Android might ...) + TODO: check +CVE-2015-2003 (The PJSIP PJSUA2 SDK before SVN Changeset 51322 for Android might ...) + TODO: check +CVE-2015-2002 (The ESRI ArcGis Runtime SDK before 10.2.6-2 for Android might allow ...) + TODO: check +CVE-2015-2001 (The MetaIO SDK before 6.0.2.1 for Android might allow attackers to ...) + TODO: check +CVE-2015-2000 (The Jumio SDK before 1.5.0 for Android might allow attackers to ...) + TODO: check CVE-2015-1999 (IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 ...) NOT-FOR-US: IBM QRadar CVE-2015-1998 @@ -139634,8 +139639,8 @@ CVE-2014-6606 RESERVED CVE-2014-6605 RESERVED -CVE-2014-6604 - RESERVED +CVE-2014-6604 (Cross-site scripting (XSS) vulnerability in class-s2-list-table.php in ...) + TODO: check CVE-2014-6603 (The SSHParseBanner function in SSH parser (app-layer-ssh.c) in ...) [squeeze] - suricata <not-affected> (Vulnerable code not yet present) [wheezy] - suricata <not-affected> (Vulnerable code not yet present) @@ -143147,8 +143152,8 @@ CVE-2014-5177 (libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained acces [wheezy] - libvirt <not-affected> (Not exploitable in that version) [squeeze] - libvirt <not-affected> (Not exploitable in that version) NOTE: http://security.libvirt.org/2014/0003.html -CVE-2014-5170 - RESERVED +CVE-2014-5170 (The Storage API module 7.x before 7.x-1.6 for Drupal might allow ...) + TODO: check CVE-2014-5169 (Cross-site scripting (XSS) vulnerability in the Date module before ...) NOT-FOR-US: Drupal module Date CVE-2014-5168 @@ -143541,8 +143546,7 @@ CVE-2014-5029 (The web interface in CUPS 1.7.4 allows local users in the lp grou - cups 1.7.4-2 [squeeze] - cups 1.4.4-7+squeeze6 NOTE: https://cups.org/str.php?L4455 -CVE-2014-5028 - RESERVED +CVE-2014-5028 (The Original File and Patched File resources in Review Board 1.7.x ...) - reviewboard <itp> (bug #653113) CVE-2014-5027 (Cross-site scripting (XSS) vulnerability in Review Board 1.7.x before ...) - reviewboard <itp> (bug #653113) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/af8d72946d09d4edb159f924c92b88734c056781 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/af8d72946d09d4edb159f924c92b88734c056781 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits