Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 4def6811 by security tracker role at 2018-04-05T20:10:25+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,26 +1,70 @@ -CVE-2018-1000142 +CVE-2018-9330 + RESERVED +CVE-2018-9329 + RESERVED +CVE-2018-9328 (PHP Scripts Mall Redbus Clone Script 3.0.6 has XSS via the ter_from ...) + TODO: check +CVE-2018-9327 + RESERVED +CVE-2018-9326 + RESERVED +CVE-2018-9325 + RESERVED +CVE-2018-9324 + RESERVED +CVE-2018-9323 + RESERVED +CVE-2018-9322 + RESERVED +CVE-2018-9321 + RESERVED +CVE-2018-9320 + RESERVED +CVE-2018-9319 + RESERVED +CVE-2018-9318 + RESERVED +CVE-2018-9317 + RESERVED +CVE-2018-9316 + RESERVED +CVE-2018-9315 + RESERVED +CVE-2018-9314 + RESERVED +CVE-2018-9313 + RESERVED +CVE-2018-9312 + RESERVED +CVE-2018-9311 + RESERVED +CVE-2018-1000155 + RESERVED +CVE-2018-1000154 (Zammad GmbH Zammad version 2.3.0 and earlier contains a Improper ...) + TODO: check +CVE-2018-1000142 (An exposure of sensitive information vulnerability exists in Jenkins ...) NOT-FOR-US: Jenkins plugin -CVE-2018-1000143 +CVE-2018-1000143 (An exposure of sensitive information vulnerability exists in Jenkins ...) NOT-FOR-US: Jenkins plugin -CVE-2018-1000144 +CVE-2018-1000144 (A cross site scripting vulnerability exists in Jenkins Cucumber Living ...) NOT-FOR-US: Jenkins plugin -CVE-2018-1000145 +CVE-2018-1000145 (An exposure of sensitive information vulnerability exists in Jenkins ...) NOT-FOR-US: Jenkins plugin -CVE-2018-1000146 +CVE-2018-1000146 (An arbitrary code execution vulnerability exists in Liquibase Runner ...) NOT-FOR-US: Jenkins plugin -CVE-2018-1000147 +CVE-2018-1000147 (An exposure of sensitive information vulnerability exists in Jenkins ...) NOT-FOR-US: Jenkins plugin -CVE-2018-1000148 +CVE-2018-1000148 (An exposure of sensitive information vulnerability exists in Jenkins ...) NOT-FOR-US: Jenkins plugin -CVE-2018-1000149 +CVE-2018-1000149 (A man in the middle vulnerability exists in Jenkins Ansible Plugin 0.8 ...) NOT-FOR-US: Jenkins plugin -CVE-2018-1000150 +CVE-2018-1000150 (An exposure of sensitive information vulnerability exists in Jenkins ...) NOT-FOR-US: Jenkins plugin -CVE-2018-1000151 +CVE-2018-1000151 (A man in the middle vulnerability exists in Jenkins vSphere Plugin ...) NOT-FOR-US: Jenkins plugin -CVE-2018-1000152 +CVE-2018-1000152 (An improper authorization vulnerability exists in Jenkins vSphere ...) NOT-FOR-US: Jenkins plugin -CVE-2018-1000153 +CVE-2018-1000153 (A cross-site request forgery vulnerability exists in Jenkins vSphere ...) NOT-FOR-US: Jenkins plugin CVE-2018-9310 RESERVED @@ -78,10 +122,10 @@ CVE-2018-9287 RESERVED CVE-2018-9286 RESERVED -CVE-2018-9243 [Persistent XSS in filename of merge request] +CVE-2018-9243 (GitLab Community and Enterprise Editions version 8.4 up to 10.4 are ...) - gitlab <unfixed> (bug #894869) NOTE: https://about.gitlab.com/2018/04/04/security-release-gitlab-10-dot-6-dot-3-released/ -CVE-2018-9244 [Persistent XSS in milestones data-milestone-id] +CVE-2018-9244 (GitLab Community and Enterprise Editions version 9.2 up to 10.4 are ...) - gitlab <unfixed> (bug #894868) NOTE: https://about.gitlab.com/2018/04/04/security-release-gitlab-10-dot-6-dot-3-released/ CVE-2018-XXXX [Confidential issue comments in Slack, Mattermost, and webhook integrations] @@ -280,8 +324,8 @@ CVE-2018-9240 (ncmpc through 0.29 is prone to a NULL pointer dereference flaw. I [stretch] - ncmpc <no-dsa> (Minor issue) [jessie] - ncmpc <no-dsa> (Minor issue) [wheezy] - ncmpc <no-dsa> (Minor issue) -CVE-2018-9233 - RESERVED +CVE-2018-9233 (Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for ...) + TODO: check CVE-2018-9232 RESERVED CVE-2018-9231 @@ -2976,6 +3020,7 @@ CVE-2018-8086 CVE-2018-8085 RESERVED CVE-2018-1000097 (Sharutils sharutils (unshar command) version 4.15.2 contains a Buffer ...) + {DSA-4167-1} - sharutils 1:4.15.2-3 (bug #893525) NOTE: http://seclists.org/bugtraq/2018/Feb/54 CVE-2018-1000096 (brianleroux tiny-json-http version all versions since commit ...) @@ -6118,8 +6163,8 @@ CVE-2018-7037 RESERVED CVE-2018-7036 RESERVED -CVE-2018-7035 - RESERVED +CVE-2018-7035 (Cross-site scripting (XSS) vulnerability in Gleez CMS 1.2.0 and 2.0 ...) + TODO: check CVE-2018-7034 (TRENDnet TEW-751DR v1.03B03, TEW-752DRU v1.03B01, and TEW733GR v1.03B01 ...) NOT-FOR-US: TRENDnet devices CVE-2018-7033 (SchedMD Slurm before 17.02.10 and 17.11.x before 17.11.5 allows SQL ...) @@ -12334,8 +12379,8 @@ CVE-2018-4865 RESERVED CVE-2018-4864 RESERVED -CVE-2018-4863 - RESERVED +CVE-2018-4863 (Sophos Endpoint Protection 10.7 allows local users to bypass an ...) + TODO: check CVE-2018-4862 (In Octopus Deploy versions 3.2.11 - 4.1.5 (fixed in 4.1.6), an ...) NOT-FOR-US: Octopus Deploy CVE-2018-4861 @@ -15193,8 +15238,8 @@ CVE-2018-3626 (Edger8r tool in the Intel SGX SDK before version 2.1.2 (Linux) an NOT-FOR-US: Intel CVE-2018-3625 RESERVED -CVE-2018-3624 - RESERVED +CVE-2018-3624 (Buffer overflow in ETWS processing module Intel XMM71xx, XMM72xx, ...) + TODO: check CVE-2018-3623 RESERVED CVE-2018-3622 @@ -21510,8 +21555,7 @@ CVE-2018-1317 RESERVED CVE-2018-1316 (The ODE process deployment web service was sensible to deployment ...) NOT-FOR-US: Apache ODE -CVE-2018-1315 - RESERVED +CVE-2018-1315 (In Apache Hive 2.1.0 to 2.3.2, when 'COPY FROM FTP' statement is run ...) NOT-FOR-US: Apache Hive CVE-2018-1314 RESERVED @@ -21622,15 +21666,13 @@ CVE-2018-1286 (In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileg NOT-FOR-US: Apache OpenMeetings CVE-2018-1285 RESERVED -CVE-2018-1284 - RESERVED +CVE-2018-1284 (In Apache Hive 0.6.0 to 2.3.2, malicious user might use any xpath UDFs ...) NOT-FOR-US: Apache Hive CVE-2018-1283 (In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to ...) {DSA-4164-1} - apache2 2.4.33-1 NOTE: http://www.openwall.com/lists/oss-security/2018/03/24/4 -CVE-2018-1282 - RESERVED +CVE-2018-1282 (This vulnerability in Apache Hive JDBC driver 0.7.1 to 2.3.2 allows ...) NOT-FOR-US: Apache Hive CVE-2018-1281 RESERVED @@ -40536,8 +40578,8 @@ CVE-2017-12097 (An exploitable cross site scripting (XSS) vulnerability exists i NOT-FOR-US: delayed_job_web rails gem CVE-2017-12096 (An exploitable vulnerability exists in the WiFi management of Circle ...) NOT-FOR-US: Circle of Disney -CVE-2017-12095 - RESERVED +CVE-2017-12095 (An exploitable vulnerability exists in the WiFi Access Point feature ...) + TODO: check CVE-2017-12094 (An exploitable vulnerability exists in the WiFi Channel parsing of ...) NOT-FOR-US: Circle with Disney CVE-2017-12093 @@ -55447,8 +55489,7 @@ CVE-2015-9018 RESERVED CVE-2015-9017 RESERVED -CVE-2015-9016 [blk-mq: fix race between timeout and freeing request] - RESERVED +CVE-2015-9016 (In blk_mq_tag_to_rq in blk-mq.c in the upstream kernel, there is a ...) - linux 4.2.3-1 [wheezy] - linux <not-affected> (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/0048b4837affd153897ed1222283492070027aa9 (4.3-rc1) @@ -69192,12 +69233,12 @@ CVE-2017-2870 (An exploitable integer overflow vulnerability exists in the ...) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=770986 NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=780269 NOTE: Built with GCC in Debian, which doesn't remove the check -CVE-2017-2869 - RESERVED -CVE-2017-2868 - RESERVED -CVE-2017-2867 - RESERVED +CVE-2017-2869 (An exploitable code execution vulnerability exists in the OpenProducer ...) + TODO: check +CVE-2017-2868 (An exploitable code execution vulnerability exists in the ...) + TODO: check +CVE-2017-2867 (An exploitable code execution vulnerability exists in the ...) + TODO: check CVE-2017-2866 (An exploitable vulnerability exists in the /api/CONFIG/backup ...) NOT-FOR-US: Circle with Disney CVE-2017-2865 (An exploitable vulnerability exists in the firmware update ...) @@ -69213,8 +69254,8 @@ CVE-2017-2862 (An exploitable heap overflow vulnerability exists in the ...) NOTE: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=6dd89e126a277460faafc1f679db44ccf78446fb NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=784866 NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0366 -CVE-2017-2861 - RESERVED +CVE-2017-2861 (An exploitable Denial of Service vulnerability exists in the use of a ...) + TODO: check CVE-2017-2860 RESERVED CVE-2017-2859 @@ -69229,8 +69270,8 @@ CVE-2017-2855 RESERVED CVE-2017-2854 RESERVED -CVE-2017-2853 - RESERVED +CVE-2017-2853 (An exploitable Code Execution vulnerability exists in the ...) + TODO: check CVE-2017-2852 RESERVED CVE-2017-2851 (In the web management interface in Foscam C1 Indoor HD cameras with ...) @@ -74050,8 +74091,7 @@ CVE-2017-0753 (A remote code execution vulnerability in the Android libraries .. CVE-2017-0752 (A elevation of privilege vulnerability in the Android framework ...) - android-framework-23 <unfixed> (unimportant) NOTE: Fixed by https://android.googlesource.com/platform/frameworks/base/+/6ca2eccdbbd4f11698bd5312812b4d171ff3c8ce%5E%21/ -CVE-2017-0751 - RESERVED +CVE-2017-0751 (An elevation of privilege vulnerability in the Qualcomm QCE driver. ...) NOT-FOR-US: Google drivers for Android CVE-2017-0750 (A elevation of privilege vulnerability in the Upstream Linux file ...) - linux <not-affected> (Android-specific change) @@ -74059,8 +74099,7 @@ CVE-2017-0750 (A elevation of privilege vulnerability in the Upstream Linux file CVE-2017-0749 (A elevation of privilege vulnerability in the Upstream Linux linux ...) - linux <not-affected> (Android-specific change) NOTE: https://source.android.com/security/bulletin/2017-08-01 -CVE-2017-0748 - RESERVED +CVE-2017-0748 (An information disclosure vulnerability in the Qualcomm audio driver. ...) NOT-FOR-US: Google drivers for Android CVE-2017-0747 (A elevation of privilege vulnerability in the Qualcomm proprietary ...) NOT-FOR-US: Qualcomm driver for Android @@ -74068,8 +74107,7 @@ CVE-2017-0746 (A elevation of privilege vulnerability in the Qualcomm ipa driver NOT-FOR-US: Qualcomm driver for Android CVE-2017-0745 (A remote code execution vulnerability in the Android media framework ...) NOT-FOR-US: libstagefright -CVE-2017-0744 - RESERVED +CVE-2017-0744 (An elevation of privilege vulnerability in the NVIDIA firmware ...) NOT-FOR-US: Google drivers for Android CVE-2017-0743 RESERVED @@ -74720,8 +74758,8 @@ CVE-2017-0433 (An elevation of privilege vulnerability in the Synaptics touchscr NOT-FOR-US: Synaptics driver for Android CVE-2017-0432 (An elevation of privilege vulnerability in the MediaTek driver could ...) NOT-FOR-US: Mediatek driver for Android -CVE-2017-0431 - RESERVED +CVE-2017-0431 (An elevation of privilege vulnerability in Qualcomm closed source ...) + TODO: check CVE-2017-0430 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver ...) NOT-FOR-US: Broadcom driver for Android CVE-2017-0429 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...) @@ -79380,8 +79418,8 @@ CVE-2016-8484 (An elevation of privilege vulnerability in Qualcomm closed source NOT-FOR-US: Qualcomm components for Android CVE-2016-8483 (An information disclosure vulnerability in the Qualcomm power driver ...) NOT-FOR-US: Qualcomm driver for Android -CVE-2016-8482 - RESERVED +CVE-2016-8482 (An elevation of privilege vulnerability in the NVIDIA GPU driver. ...) + TODO: check CVE-2016-8481 (An elevation of privilege vulnerability in the Qualcomm sound driver ...) NOT-FOR-US: Qualcomm driver for Android CVE-2016-8480 (An elevation of privilege vulnerability in the Qualcomm Secure ...) @@ -79660,8 +79698,8 @@ CVE-2016-8382 RESERVED CVE-2016-8381 RESERVED -CVE-2016-8380 - RESERVED +CVE-2016-8380 (The web server in Phoenix Contact ILC PLCs allows access to read and ...) + TODO: check CVE-2016-8379 (An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 ...) NOT-FOR-US: Moxa CVE-2016-8378 (An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 ...) @@ -79678,8 +79716,8 @@ CVE-2016-8373 RESERVED CVE-2016-8372 (An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 ...) NOT-FOR-US: Moxa -CVE-2016-8371 - RESERVED +CVE-2016-8371 (The web server in Phoenix Contact ILC PLCs can be accessed without ...) + TODO: check CVE-2016-8370 (An issue was discovered in Mitsubishi Electric Automation MELSEC-Q ...) NOT-FOR-US: Mitsubishi CVE-2016-8369 (An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 ...) @@ -79688,8 +79726,8 @@ CVE-2016-8368 (An issue was discovered in Mitsubishi Electric Automation MELSEC- NOT-FOR-US: Mitsubishi CVE-2016-8367 (An issue was discovered in Schneider Electric Magelis HMI Magelis GTO ...) NOT-FOR-US: Schneider -CVE-2016-8366 - RESERVED +CVE-2016-8366 (Webvisit in Phoenix Contact ILC PLCs offers a password macro to ...) + TODO: check CVE-2016-8365 (OSIsoft PI System software (Applications using PI Asset Framework (AF) ...) NOT-FOR-US: OSIsoft PI CVE-2016-8364 (An issue was discovered in IBHsoftec S7-SoftPLC prior to 4.12b. Object ...) @@ -148556,8 +148594,8 @@ CVE-2014-3415 (SQL injection vulnerability in Sharetronix before 3.4 allows remo NOT-FOR-US: Sharetronix CVE-2014-3414 (Cross-site request forgery (CSRF) vulnerability in Sharetronix before ...) NOT-FOR-US: Sharetronix -CVE-2014-3413 - RESERVED +CVE-2014-3413 (The MySQL server in Juniper Networks Junos Space before 13.3R1.8 has ...) + TODO: check CVE-2014-3412 (Unspecified vulnerability in Juniper Junos Space before 13.3R1.8, when ...) NOT-FOR-US: Juniper Junos Space CVE-2014-3411 (Unspecified vulnerability in the NSM XDB service in Juniper NSM before ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4def68110a8cc05f30fc69b4240b3bc4c12f9539 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4def68110a8cc05f30fc69b4240b3bc4c12f9539 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits