Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4def6811 by security tracker role at 2018-04-05T20:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,26 +1,70 @@
-CVE-2018-1000142
+CVE-2018-9330
+ RESERVED
+CVE-2018-9329
+ RESERVED
+CVE-2018-9328 (PHP Scripts Mall Redbus Clone Script 3.0.6 has XSS via the
ter_from ...)
+ TODO: check
+CVE-2018-9327
+ RESERVED
+CVE-2018-9326
+ RESERVED
+CVE-2018-9325
+ RESERVED
+CVE-2018-9324
+ RESERVED
+CVE-2018-9323
+ RESERVED
+CVE-2018-9322
+ RESERVED
+CVE-2018-9321
+ RESERVED
+CVE-2018-9320
+ RESERVED
+CVE-2018-9319
+ RESERVED
+CVE-2018-9318
+ RESERVED
+CVE-2018-9317
+ RESERVED
+CVE-2018-9316
+ RESERVED
+CVE-2018-9315
+ RESERVED
+CVE-2018-9314
+ RESERVED
+CVE-2018-9313
+ RESERVED
+CVE-2018-9312
+ RESERVED
+CVE-2018-9311
+ RESERVED
+CVE-2018-1000155
+ RESERVED
+CVE-2018-1000154 (Zammad GmbH Zammad version 2.3.0 and earlier contains a
Improper ...)
+ TODO: check
+CVE-2018-1000142 (An exposure of sensitive information vulnerability exists in
Jenkins ...)
NOT-FOR-US: Jenkins plugin
-CVE-2018-1000143
+CVE-2018-1000143 (An exposure of sensitive information vulnerability exists in
Jenkins ...)
NOT-FOR-US: Jenkins plugin
-CVE-2018-1000144
+CVE-2018-1000144 (A cross site scripting vulnerability exists in Jenkins
Cucumber Living ...)
NOT-FOR-US: Jenkins plugin
-CVE-2018-1000145
+CVE-2018-1000145 (An exposure of sensitive information vulnerability exists in
Jenkins ...)
NOT-FOR-US: Jenkins plugin
-CVE-2018-1000146
+CVE-2018-1000146 (An arbitrary code execution vulnerability exists in
Liquibase Runner ...)
NOT-FOR-US: Jenkins plugin
-CVE-2018-1000147
+CVE-2018-1000147 (An exposure of sensitive information vulnerability exists in
Jenkins ...)
NOT-FOR-US: Jenkins plugin
-CVE-2018-1000148
+CVE-2018-1000148 (An exposure of sensitive information vulnerability exists in
Jenkins ...)
NOT-FOR-US: Jenkins plugin
-CVE-2018-1000149
+CVE-2018-1000149 (A man in the middle vulnerability exists in Jenkins Ansible
Plugin 0.8 ...)
NOT-FOR-US: Jenkins plugin
-CVE-2018-1000150
+CVE-2018-1000150 (An exposure of sensitive information vulnerability exists in
Jenkins ...)
NOT-FOR-US: Jenkins plugin
-CVE-2018-1000151
+CVE-2018-1000151 (A man in the middle vulnerability exists in Jenkins vSphere
Plugin ...)
NOT-FOR-US: Jenkins plugin
-CVE-2018-1000152
+CVE-2018-1000152 (An improper authorization vulnerability exists in Jenkins
vSphere ...)
NOT-FOR-US: Jenkins plugin
-CVE-2018-1000153
+CVE-2018-1000153 (A cross-site request forgery vulnerability exists in Jenkins
vSphere ...)
NOT-FOR-US: Jenkins plugin
CVE-2018-9310
RESERVED
@@ -78,10 +122,10 @@ CVE-2018-9287
RESERVED
CVE-2018-9286
RESERVED
-CVE-2018-9243 [Persistent XSS in filename of merge request]
+CVE-2018-9243 (GitLab Community and Enterprise Editions version 8.4 up to 10.4
are ...)
- gitlab <unfixed> (bug #894869)
NOTE:
https://about.gitlab.com/2018/04/04/security-release-gitlab-10-dot-6-dot-3-released/
-CVE-2018-9244 [Persistent XSS in milestones data-milestone-id]
+CVE-2018-9244 (GitLab Community and Enterprise Editions version 9.2 up to 10.4
are ...)
- gitlab <unfixed> (bug #894868)
NOTE:
https://about.gitlab.com/2018/04/04/security-release-gitlab-10-dot-6-dot-3-released/
CVE-2018-XXXX [Confidential issue comments in Slack, Mattermost, and webhook
integrations]
@@ -280,8 +324,8 @@ CVE-2018-9240 (ncmpc through 0.29 is prone to a NULL
pointer dereference flaw. I
[stretch] - ncmpc <no-dsa> (Minor issue)
[jessie] - ncmpc <no-dsa> (Minor issue)
[wheezy] - ncmpc <no-dsa> (Minor issue)
-CVE-2018-9233
- RESERVED
+CVE-2018-9233 (Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for
...)
+ TODO: check
CVE-2018-9232
RESERVED
CVE-2018-9231
@@ -2976,6 +3020,7 @@ CVE-2018-8086
CVE-2018-8085
RESERVED
CVE-2018-1000097 (Sharutils sharutils (unshar command) version 4.15.2 contains
a Buffer ...)
+ {DSA-4167-1}
- sharutils 1:4.15.2-3 (bug #893525)
NOTE: http://seclists.org/bugtraq/2018/Feb/54
CVE-2018-1000096 (brianleroux tiny-json-http version all versions since commit
...)
@@ -6118,8 +6163,8 @@ CVE-2018-7037
RESERVED
CVE-2018-7036
RESERVED
-CVE-2018-7035
- RESERVED
+CVE-2018-7035 (Cross-site scripting (XSS) vulnerability in Gleez CMS 1.2.0 and
2.0 ...)
+ TODO: check
CVE-2018-7034 (TRENDnet TEW-751DR v1.03B03, TEW-752DRU v1.03B01, and TEW733GR
v1.03B01 ...)
NOT-FOR-US: TRENDnet devices
CVE-2018-7033 (SchedMD Slurm before 17.02.10 and 17.11.x before 17.11.5 allows
SQL ...)
@@ -12334,8 +12379,8 @@ CVE-2018-4865
RESERVED
CVE-2018-4864
RESERVED
-CVE-2018-4863
- RESERVED
+CVE-2018-4863 (Sophos Endpoint Protection 10.7 allows local users to bypass an
...)
+ TODO: check
CVE-2018-4862 (In Octopus Deploy versions 3.2.11 - 4.1.5 (fixed in 4.1.6), an
...)
NOT-FOR-US: Octopus Deploy
CVE-2018-4861
@@ -15193,8 +15238,8 @@ CVE-2018-3626 (Edger8r tool in the Intel SGX SDK before
version 2.1.2 (Linux) an
NOT-FOR-US: Intel
CVE-2018-3625
RESERVED
-CVE-2018-3624
- RESERVED
+CVE-2018-3624 (Buffer overflow in ETWS processing module Intel XMM71xx,
XMM72xx, ...)
+ TODO: check
CVE-2018-3623
RESERVED
CVE-2018-3622
@@ -21510,8 +21555,7 @@ CVE-2018-1317
RESERVED
CVE-2018-1316 (The ODE process deployment web service was sensible to
deployment ...)
NOT-FOR-US: Apache ODE
-CVE-2018-1315
- RESERVED
+CVE-2018-1315 (In Apache Hive 2.1.0 to 2.3.2, when 'COPY FROM FTP' statement
is run ...)
NOT-FOR-US: Apache Hive
CVE-2018-1314
RESERVED
@@ -21622,15 +21666,13 @@ CVE-2018-1286 (In Apache OpenMeetings 3.0.0 - 4.0.1,
CRUD operations on privileg
NOT-FOR-US: Apache OpenMeetings
CVE-2018-1285
RESERVED
-CVE-2018-1284
- RESERVED
+CVE-2018-1284 (In Apache Hive 0.6.0 to 2.3.2, malicious user might use any
xpath UDFs ...)
NOT-FOR-US: Apache Hive
CVE-2018-1283 (In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured
to ...)
{DSA-4164-1}
- apache2 2.4.33-1
NOTE: http://www.openwall.com/lists/oss-security/2018/03/24/4
-CVE-2018-1282
- RESERVED
+CVE-2018-1282 (This vulnerability in Apache Hive JDBC driver 0.7.1 to 2.3.2
allows ...)
NOT-FOR-US: Apache Hive
CVE-2018-1281
RESERVED
@@ -40536,8 +40578,8 @@ CVE-2017-12097 (An exploitable cross site scripting
(XSS) vulnerability exists i
NOT-FOR-US: delayed_job_web rails gem
CVE-2017-12096 (An exploitable vulnerability exists in the WiFi management of
Circle ...)
NOT-FOR-US: Circle of Disney
-CVE-2017-12095
- RESERVED
+CVE-2017-12095 (An exploitable vulnerability exists in the WiFi Access Point
feature ...)
+ TODO: check
CVE-2017-12094 (An exploitable vulnerability exists in the WiFi Channel
parsing of ...)
NOT-FOR-US: Circle with Disney
CVE-2017-12093
@@ -55447,8 +55489,7 @@ CVE-2015-9018
RESERVED
CVE-2015-9017
RESERVED
-CVE-2015-9016 [blk-mq: fix race between timeout and freeing request]
- RESERVED
+CVE-2015-9016 (In blk_mq_tag_to_rq in blk-mq.c in the upstream kernel, there
is a ...)
- linux 4.2.3-1
[wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: Fixed by:
https://git.kernel.org/linus/0048b4837affd153897ed1222283492070027aa9 (4.3-rc1)
@@ -69192,12 +69233,12 @@ CVE-2017-2870 (An exploitable integer overflow
vulnerability exists in the ...)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=770986
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=780269
NOTE: Built with GCC in Debian, which doesn't remove the check
-CVE-2017-2869
- RESERVED
-CVE-2017-2868
- RESERVED
-CVE-2017-2867
- RESERVED
+CVE-2017-2869 (An exploitable code execution vulnerability exists in the
OpenProducer ...)
+ TODO: check
+CVE-2017-2868 (An exploitable code execution vulnerability exists in the ...)
+ TODO: check
+CVE-2017-2867 (An exploitable code execution vulnerability exists in the ...)
+ TODO: check
CVE-2017-2866 (An exploitable vulnerability exists in the /api/CONFIG/backup
...)
NOT-FOR-US: Circle with Disney
CVE-2017-2865 (An exploitable vulnerability exists in the firmware update ...)
@@ -69213,8 +69254,8 @@ CVE-2017-2862 (An exploitable heap overflow
vulnerability exists in the ...)
NOTE:
https://git.gnome.org/browse/gdk-pixbuf/commit/?id=6dd89e126a277460faafc1f679db44ccf78446fb
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=784866
NOTE:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0366
-CVE-2017-2861
- RESERVED
+CVE-2017-2861 (An exploitable Denial of Service vulnerability exists in the
use of a ...)
+ TODO: check
CVE-2017-2860
RESERVED
CVE-2017-2859
@@ -69229,8 +69270,8 @@ CVE-2017-2855
RESERVED
CVE-2017-2854
RESERVED
-CVE-2017-2853
- RESERVED
+CVE-2017-2853 (An exploitable Code Execution vulnerability exists in the ...)
+ TODO: check
CVE-2017-2852
RESERVED
CVE-2017-2851 (In the web management interface in Foscam C1 Indoor HD cameras
with ...)
@@ -74050,8 +74091,7 @@ CVE-2017-0753 (A remote code execution vulnerability in
the Android libraries ..
CVE-2017-0752 (A elevation of privilege vulnerability in the Android framework
...)
- android-framework-23 <unfixed> (unimportant)
NOTE: Fixed by
https://android.googlesource.com/platform/frameworks/base/+/6ca2eccdbbd4f11698bd5312812b4d171ff3c8ce%5E%21/
-CVE-2017-0751
- RESERVED
+CVE-2017-0751 (An elevation of privilege vulnerability in the Qualcomm QCE
driver. ...)
NOT-FOR-US: Google drivers for Android
CVE-2017-0750 (A elevation of privilege vulnerability in the Upstream Linux
file ...)
- linux <not-affected> (Android-specific change)
@@ -74059,8 +74099,7 @@ CVE-2017-0750 (A elevation of privilege vulnerability
in the Upstream Linux file
CVE-2017-0749 (A elevation of privilege vulnerability in the Upstream Linux
linux ...)
- linux <not-affected> (Android-specific change)
NOTE: https://source.android.com/security/bulletin/2017-08-01
-CVE-2017-0748
- RESERVED
+CVE-2017-0748 (An information disclosure vulnerability in the Qualcomm audio
driver. ...)
NOT-FOR-US: Google drivers for Android
CVE-2017-0747 (A elevation of privilege vulnerability in the Qualcomm
proprietary ...)
NOT-FOR-US: Qualcomm driver for Android
@@ -74068,8 +74107,7 @@ CVE-2017-0746 (A elevation of privilege vulnerability
in the Qualcomm ipa driver
NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0745 (A remote code execution vulnerability in the Android media
framework ...)
NOT-FOR-US: libstagefright
-CVE-2017-0744
- RESERVED
+CVE-2017-0744 (An elevation of privilege vulnerability in the NVIDIA firmware
...)
NOT-FOR-US: Google drivers for Android
CVE-2017-0743
RESERVED
@@ -74720,8 +74758,8 @@ CVE-2017-0433 (An elevation of privilege vulnerability
in the Synaptics touchscr
NOT-FOR-US: Synaptics driver for Android
CVE-2017-0432 (An elevation of privilege vulnerability in the MediaTek driver
could ...)
NOT-FOR-US: Mediatek driver for Android
-CVE-2017-0431
- RESERVED
+CVE-2017-0431 (An elevation of privilege vulnerability in Qualcomm closed
source ...)
+ TODO: check
CVE-2017-0430 (An elevation of privilege vulnerability in the Broadcom Wi-Fi
driver ...)
NOT-FOR-US: Broadcom driver for Android
CVE-2017-0429 (An elevation of privilege vulnerability in the NVIDIA GPU
driver could ...)
@@ -79380,8 +79418,8 @@ CVE-2016-8484 (An elevation of privilege vulnerability
in Qualcomm closed source
NOT-FOR-US: Qualcomm components for Android
CVE-2016-8483 (An information disclosure vulnerability in the Qualcomm power
driver ...)
NOT-FOR-US: Qualcomm driver for Android
-CVE-2016-8482
- RESERVED
+CVE-2016-8482 (An elevation of privilege vulnerability in the NVIDIA GPU
driver. ...)
+ TODO: check
CVE-2016-8481 (An elevation of privilege vulnerability in the Qualcomm sound
driver ...)
NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8480 (An elevation of privilege vulnerability in the Qualcomm Secure
...)
@@ -79660,8 +79698,8 @@ CVE-2016-8382
RESERVED
CVE-2016-8381
RESERVED
-CVE-2016-8380
- RESERVED
+CVE-2016-8380 (The web server in Phoenix Contact ILC PLCs allows access to
read and ...)
+ TODO: check
CVE-2016-8379 (An issue was discovered in Moxa ioLogik E1210, firmware Version
V2.4 ...)
NOT-FOR-US: Moxa
CVE-2016-8378 (An issue was discovered in Lynxspring JENEsys BAS Bridge
versions 1.1.8 ...)
@@ -79678,8 +79716,8 @@ CVE-2016-8373
RESERVED
CVE-2016-8372 (An issue was discovered in Moxa ioLogik E1210, firmware Version
V2.4 ...)
NOT-FOR-US: Moxa
-CVE-2016-8371
- RESERVED
+CVE-2016-8371 (The web server in Phoenix Contact ILC PLCs can be accessed
without ...)
+ TODO: check
CVE-2016-8370 (An issue was discovered in Mitsubishi Electric Automation
MELSEC-Q ...)
NOT-FOR-US: Mitsubishi
CVE-2016-8369 (An issue was discovered in Lynxspring JENEsys BAS Bridge
versions 1.1.8 ...)
@@ -79688,8 +79726,8 @@ CVE-2016-8368 (An issue was discovered in Mitsubishi
Electric Automation MELSEC-
NOT-FOR-US: Mitsubishi
CVE-2016-8367 (An issue was discovered in Schneider Electric Magelis HMI
Magelis GTO ...)
NOT-FOR-US: Schneider
-CVE-2016-8366
- RESERVED
+CVE-2016-8366 (Webvisit in Phoenix Contact ILC PLCs offers a password macro to
...)
+ TODO: check
CVE-2016-8365 (OSIsoft PI System software (Applications using PI Asset
Framework (AF) ...)
NOT-FOR-US: OSIsoft PI
CVE-2016-8364 (An issue was discovered in IBHsoftec S7-SoftPLC prior to 4.12b.
Object ...)
@@ -148556,8 +148594,8 @@ CVE-2014-3415 (SQL injection vulnerability in
Sharetronix before 3.4 allows remo
NOT-FOR-US: Sharetronix
CVE-2014-3414 (Cross-site request forgery (CSRF) vulnerability in Sharetronix
before ...)
NOT-FOR-US: Sharetronix
-CVE-2014-3413
- RESERVED
+CVE-2014-3413 (The MySQL server in Juniper Networks Junos Space before
13.3R1.8 has ...)
+ TODO: check
CVE-2014-3412 (Unspecified vulnerability in Juniper Junos Space before
13.3R1.8, when ...)
NOT-FOR-US: Juniper Junos Space
CVE-2014-3411 (Unspecified vulnerability in the NSM XDB service in Juniper NSM
before ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4def68110a8cc05f30fc69b4240b3bc4c12f9539
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4def68110a8cc05f30fc69b4240b3bc4c12f9539
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
