Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
add10d8e by security tracker role at 2018-04-24T20:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,43 @@
+CVE-2018-10349
+ RESERVED
+CVE-2018-10348
+ RESERVED
+CVE-2018-10347
+ RESERVED
+CVE-2018-10346
+ RESERVED
+CVE-2018-10345
+ RESERVED
+CVE-2018-10344
+ RESERVED
+CVE-2018-10343
+ RESERVED
+CVE-2018-10342
+ RESERVED
+CVE-2018-10341
+ RESERVED
+CVE-2018-10340
+ RESERVED
+CVE-2018-10339
+ RESERVED
+CVE-2018-10338
+ RESERVED
+CVE-2018-10337
+ RESERVED
+CVE-2018-10336
+ RESERVED
+CVE-2018-10335
+ RESERVED
+CVE-2018-10334
+ RESERVED
+CVE-2018-10333
+ RESERVED
+CVE-2018-10332
+ RESERVED
+CVE-2018-10331
+ RESERVED
+CVE-2018-10330
+ RESERVED
CVE-2018-XXXX [ktexteditor privilege escalation]
- ktexteditor <unfixed> (bug #896836)
[stretch] - ktexteditor <not-affected> (Introduced in 5.34.0)
@@ -197,6 +237,7 @@ CVE-2018-10243
CVE-2018-10242
RESERVED
CVE-2014-10073 (The create_response function in server/server.c in Psensor
before 1.1.4 ...)
+ {DLA-1361-1}
- psensor 1.1.5-1 (low; bug #896195)
[jessie] - psensor <no-dsa> (Minor issue)
NOTE:
http://git.wpitchoune.net/gitweb/?p=psensor.git;a=commitdiff;h=8b10426dcc0246c1712a99460dd470dcb1cc4d9c
@@ -2797,8 +2838,8 @@ CVE-2018-9133 (ImageMagick 7.0.7-26 Q16 has excessive
iteration in the DecodeLab
CVE-2018-9132 (libming 0.4.8 has a NULL pointer dereference in the getInt
function of ...)
- ming <removed>
NOTE: https://github.com/libming/libming/issues/133
-CVE-2018-9131
- RESERVED
+CVE-2018-9131 (Reaper 5.78 suffers from a local buffer overflow that allows
code ...)
+ TODO: check
CVE-2018-9130 (IBOS 4.4.3 has XSS via a company full name. ...)
NOT-FOR-US: IBOS
CVE-2018-9129
@@ -2939,8 +2980,8 @@ CVE-2018-9062
RESERVED
CVE-2018-9061
RESERVED
-CVE-2018-9060
- RESERVED
+CVE-2018-9060 (R 3.4.4 suffers from a local buffer overflow that allows code
...)
+ TODO: check
CVE-2018-9059 (Stack-based buffer overflow in Easy File Sharing (EFS) Web
Server 7.2 ...)
NOT-FOR-US: Easy File Sharing (EFS)
CVE-2018-9058 (In Long Range Zip (aka lrzip) 0.631, there is an infinite loop
in the ...)
@@ -5648,10 +5689,10 @@ CVE-2018-7934
RESERVED
CVE-2018-7933
RESERVED
-CVE-2018-7932
- RESERVED
-CVE-2018-7931
- RESERVED
+CVE-2018-7932 (Huawei AppGallery versions before 8.0.4.301 has an arbitrary
...)
+ TODO: check
+CVE-2018-7931 (Huawei AppGallery versions before 8.0.4.301 has a whitelist
mechanism ...)
+ TODO: check
CVE-2018-7930 (The Near Field Communication (NFC) module in Mate 9 Huawei
mobile ...)
NOT-FOR-US: Mate 9 Huawei mobile phones
CVE-2018-7929
@@ -10106,7 +10147,7 @@ CVE-2018-6493
RESERVED
CVE-2018-6492
RESERVED
-CVE-2018-6491 (Local Escalation of Priviledge vulnerability to Micro Focus
Universal ...)
+CVE-2018-6491 (Local Escalation of Privilege vulnerability to Micro Focus
Universal ...)
NOT-FOR-US: Micro Focus Universal CMDB
CVE-2018-6490 (Denial of Service vulnerability in Micro Focus Operations ...)
NOT-FOR-US: Micro Focus Operations Orchestration Software
@@ -13787,8 +13828,8 @@ CVE-2018-5230
RESERVED
CVE-2018-5229
RESERVED
-CVE-2018-5228
- RESERVED
+CVE-2018-5228 (The /browse/~raw resource in Atlassian Fisheye and Crucible
before ...)
+ TODO: check
CVE-2018-5227 (Various administrative application link resources in Atlassian
...)
NOT-FOR-US: Atlassian
CVE-2018-5226
@@ -14922,8 +14963,8 @@ CVE-2018-4834 (A vulnerability has been identified in
Desigo Automation Controll
NOT-FOR-US: Desigo
CVE-2018-4833
RESERVED
-CVE-2018-4832
- RESERVED
+CVE-2018-4832 (A vulnerability has been identified in OpenPCS 7 V7.1 and
earlier (All ...)
+ TODO: check
CVE-2018-4831
RESERVED
CVE-2018-4830
@@ -17007,8 +17048,7 @@ CVE-2018-7440 (An issue was discovered in Leptonica
through 1.75.3. The ...)
[jessie] - leptonlib <not-affected> (Incomplete fix for CVE-2018-3836
not applied)
NOTE:
https://github.com/DanBloomberg/leptonica/issues/303#issuecomment-366472212
NOTE:
https://github.com/DanBloomberg/leptonica/pull/313/commits/49ecb6c2dfd6ed5078c62f4a8eeff03e3beced3b
-CVE-2018-3836 [gplotMakeOutput Command Injection Vulnerability]
- RESERVED
+CVE-2018-3836 (An exploitable command injection vulnerability exists in the
...)
{DLA-1284-1}
- leptonlib 1.75.3-1 (bug #889759)
[stretch] - leptonlib <no-dsa> (Minor issue)
@@ -24221,6 +24261,7 @@ CVE-2018-1310
CVE-2018-1309
RESERVED
CVE-2018-1308 (This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to
7.2.1 ...)
+ {DLA-1360-1}
- lucene-solr <unfixed> (bug #896604)
NOTE: http://www.openwall.com/lists/oss-security/2018/04/08/3
NOTE: https://issues.apache.org/jira/browse/SOLR-11971
@@ -25179,8 +25220,7 @@ CVE-2018-1060 [DOS via regular expression catastrophic
backtracking in apop() me
NOTE:
https://github.com/python/cpython/commit/937ac1fe069a4dc8471dff205f553d82e724015b
(3.5)
NOTE:
https://github.com/python/cpython/commit/942cc04ae44825ea120e3a19a80c9b348b8194d0
(3.4)
NOTE:
https://github.com/python/cpython/commit/e052d40cea15f582b50947f7d906b39744dc62a2
(2.7)
-CVE-2018-1059
- RESERVED
+CVE-2018-1059 (The DPDK vhost-user interface does not check to verify that all
the ...)
- dpdk 17.11.2-1 (bug #896688)
[stretch] - dpdk <no-dsa> (Minor issue; can be fixed via point release)
CVE-2018-1058 (A flaw was found in the way Postgresql allowed a user to modify
the ...)
@@ -25519,22 +25559,22 @@ CVE-2017-17260
RESERVED
CVE-2017-17259
RESERVED
-CVE-2017-17258
- RESERVED
-CVE-2017-17257
- RESERVED
-CVE-2017-17256
- RESERVED
-CVE-2017-17255
- RESERVED
-CVE-2017-17254
- RESERVED
-CVE-2017-17253
- RESERVED
-CVE-2017-17252
- RESERVED
-CVE-2017-17251
- RESERVED
+CVE-2017-17258 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20,
V200R008C30, ...)
+ TODO: check
+CVE-2017-17257 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20,
V200R008C30, ...)
+ TODO: check
+CVE-2017-17256 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20,
V200R008C30, ...)
+ TODO: check
+CVE-2017-17255 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20,
V200R008C30, ...)
+ TODO: check
+CVE-2017-17254 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20,
V200R008C30, ...)
+ TODO: check
+CVE-2017-17253 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20,
V200R008C30, ...)
+ TODO: check
+CVE-2017-17252 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20,
V200R008C30, ...)
+ TODO: check
+CVE-2017-17251 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20,
V200R008C30, ...)
+ TODO: check
CVE-2017-17250 (Huawei AR120-S V200R005C32; AR1200 V200R005C32; AR1200-S
V200R005C32; ...)
NOT-FOR-US: Huawei
CVE-2017-17249
@@ -36259,22 +36299,19 @@ CVE-2017-14452
RESERVED
CVE-2017-14451
RESERVED
-CVE-2017-14450 [Simple DirectMedia Layer SDL2_Image LWZ Decompression Buffer
Overflow Vulnerability]
- RESERVED
+CVE-2017-14450 (A buffer overflow vulnerability exists in the GIF image
parsing ...)
{DSA-4177-1 DLA-1341-1}
- libsdl2-image 2.0.3+dfsg1-1
- sdl-image1.2 1.2.12-8
NOTE:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0499
NOTE: https://hg.libsdl.org/SDL_image/rev/45e750f92c84
-CVE-2017-14449 [Simple DirectMedia Layer SDL2_image do_layer_surface
Double-Free Vulnerability]
- RESERVED
+CVE-2017-14449 (A double-Free vulnerability exists in the XCF image rendering
...)
{DSA-4177-1}
- libsdl2-image 2.0.3+dfsg1-1
- sdl-image1.2 <not-affected> (Vulnerable code not present)
NOTE:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0498
NOTE: https://hg.libsdl.org/SDL_image/rev/d0142861559c
-CVE-2017-14448 [Simple DirectMedia Layer SDL2_image load_xcf_tile_rle
Decompression Code Execution Vulnerability]
- RESERVED
+CVE-2017-14448 (An exploitable code execution vulnerability exists in the XCF
image ...)
{DSA-4177-1 DLA-1341-1}
- libsdl2-image 2.0.3+dfsg1-1
- sdl-image1.2 1.2.12-8
@@ -36290,22 +36327,19 @@ CVE-2017-14444
RESERVED
CVE-2017-14443
RESERVED
-CVE-2017-14442 [Simple DirectMedia Layer SDL2_image Image Palette Population
Code Execution Vulnerability]
- RESERVED
+CVE-2017-14442 (An exploitable code execution vulnerability exists in the BMP
image ...)
{DSA-4177-1 DLA-1341-1}
- libsdl2-image 2.0.3+dfsg1-1
- sdl-image1.2 1.2.12-8
NOTE:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0491
NOTE: https://hg.libsdl.org/SDL_image/rev/37445f6180a8
-CVE-2017-14441 [Simple DirectMedia Layer SDL2_image ICO Pitch Handling Code
Execution Vulnerability]
- RESERVED
+CVE-2017-14441 (An exploitable code execution vulnerability exists in the ICO
image ...)
{DSA-4177-1 DLA-1341-1}
- libsdl2-image 2.0.3+dfsg1-1
- sdl-image1.2 1.2.12-8
NOTE:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0490
NOTE: https://hg.libsdl.org/SDL_image/rev/a1e9b624ca10
-CVE-2017-14440 [Simple DirectMedia Layer SDL2_image ILBM CMAP Parsing Code
Execution Vulnerability]
- RESERVED
+CVE-2017-14440 (An exploitable code execution vulnerability exists in the ILBM
image ...)
{DSA-4177-1 DLA-1341-1}
- libsdl2-image 2.0.3+dfsg1-1
- sdl-image1.2 1.2.12-8
@@ -43261,8 +43295,7 @@ CVE-2017-12124
RESERVED
CVE-2017-12123
RESERVED
-CVE-2017-12122 [Simple DirectMedia Layer SDL2_Image IMG_LoadLBM_RW Code
Execution Vulnerability]
- RESERVED
+CVE-2017-12122 (An exploitable code execution vulnerability exists in the ILBM
image ...)
{DSA-4177-1 DLA-1341-1}
- libsdl2-image 2.0.3+dfsg1-1
- sdl-image1.2 1.2.12-8
@@ -43297,28 +43330,28 @@ CVE-2017-12110 (An exploitable integer overflow
vulnerability exists in the ...)
{DSA-4173-1}
- r-cran-readxl 1.0.0-2 (bug #895564)
NOTE:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0462
-CVE-2017-12109
- RESERVED
-CVE-2017-12108
- RESERVED
-CVE-2017-12107
- RESERVED
+CVE-2017-12109 (An exploitable integer overflow vulnerability exists in the
...)
+ TODO: check
+CVE-2017-12108 (An exploitable integer overflow vulnerability exists in the
...)
+ TODO: check
+CVE-2017-12107 (An memory corruption vulnerability exists in the .PCX parsing
...)
+ TODO: check
CVE-2017-12106 (A memory corruption vulnerability exists in the .TGA parsing
...)
NOT-FOR-US: Computerinsel Photoline
-CVE-2017-12105
- RESERVED
-CVE-2017-12104
- RESERVED
-CVE-2017-12103
- RESERVED
-CVE-2017-12102
- RESERVED
-CVE-2017-12101
- RESERVED
-CVE-2017-12100
- RESERVED
-CVE-2017-12099
- RESERVED
+CVE-2017-12105 (An exploitable integer overflow exists in the way that the
Blender ...)
+ TODO: check
+CVE-2017-12104 (An exploitable integer overflow exists in the way that the
Blender ...)
+ TODO: check
+CVE-2017-12103 (An exploitable integer overflow exists in the way that the
Blender ...)
+ TODO: check
+CVE-2017-12102 (An exploitable integer overflow exists in the way that the
Blender ...)
+ TODO: check
+CVE-2017-12101 (An exploitable integer overflow exists in the ...)
+ TODO: check
+CVE-2017-12100 (An exploitable integer overflow exists in the
'multires_load_old_dm' ...)
+ TODO: check
+CVE-2017-12099 (An exploitable integer overflow exists in the upgrade of the
legacy ...)
+ TODO: check
CVE-2017-12098 (An exploitable cross site scripting (XSS) vulnerability exists
in the ...)
- ruby-rails-admin <unfixed>
[stretch] - ruby-rails-admin <no-dsa> (Minor issue)
@@ -43343,23 +43376,22 @@ CVE-2017-12089 (An exploitable denial of service
vulnerability exists in the pro
NOT-FOR-US: Allen Bradley Micrologix
CVE-2017-12088 (An exploitable denial of service vulnerability exists in the
Ethernet ...)
NOT-FOR-US: Allen Bradley Micrologix
-CVE-2017-12087
- RESERVED
+CVE-2017-12087 (An exploitable heap overflow vulnerability exists in the
tinysvcmdns ...)
- shairport-sync 3.1.4-1 (unimportant; bug #882508)
NOTE: Debian build uses Avahi instead
NOTE:
https://bugs.launchpad.net/ubuntu/+source/shairport-sync/+bug/1729668
-CVE-2017-12086
- RESERVED
+CVE-2017-12086 (An exploitable integer overflow exists in the ...)
+ TODO: check
CVE-2017-12085 (An exploitable routing vulnerability exists in the Circle with
Disney ...)
NOT-FOR-US: Circle with Disney
CVE-2017-12084 (A backdoor vulnerability exists in remote control
functionality of ...)
NOT-FOR-US: Circle with Disney
CVE-2017-12083 (An exploitable information disclosure vulnerability exists in
the apid ...)
NOT-FOR-US: Circle with Disney
-CVE-2017-12082
- RESERVED
-CVE-2017-12081
- RESERVED
+CVE-2017-12082 (An exploitable integer overflow exists in the 'CustomData'
Mesh ...)
+ TODO: check
+CVE-2017-12081 (An exploitable integer overflow exists in the upgrade of a
legacy Mesh ...)
+ TODO: check
CVE-2017-12080 (An information exposure vulnerability in default HTTP
configuration ...)
NOT-FOR-US: Synology Photo Station
CVE-2017-12079 (Files or directories accessible to external parties
vulnerability in ...)
@@ -50391,12 +50423,12 @@ CVE-2017-9658
RESERVED
CVE-2017-9657
RESERVED
-CVE-2017-9656
- RESERVED
+CVE-2017-9656 (The backend database of the Philips DoseWise Portal application
...)
+ TODO: check
CVE-2017-9655 (A Cross-Site Scripting issue was discovered in OSIsoft PI
Integrator ...)
NOT-FOR-US: OSIsoft
-CVE-2017-9654
- RESERVED
+CVE-2017-9654 (The Philips DoseWise Portal web-based application versions
1.1.7.333 ...)
+ TODO: check
CVE-2017-9653 (An Improper Authorization issue was discovered in OSIsoft PI
...)
NOT-FOR-US: OSIsoft
CVE-2017-9652
@@ -56817,8 +56849,7 @@ CVE-2017-7652
- mosquitto 1.4.15-1
NOTE: Patches: https://mosquitto.org/files/cve/2017-7652
NOTE:
http://mosquitto.org/blog/2018/02/security-advisory-cve-2017-7651-cve-2017-7652/
-CVE-2017-7651
- RESERVED
+CVE-2017-7651 (In Eclipse Mosquitto 1.4.14, a user can shutdown the Mosquitto
server ...)
{DLA-1334-1}
- mosquitto 1.4.15-1
NOTE: Patches: https://mosquitto.org/files/cve/2017-7651
@@ -71842,14 +71873,12 @@ CVE-2016-9814 (The validateSignature method in the
SAML2\Utils class in SimpleSA
NOTE:
https://github.com/simplesamlphp/saml2/commit/7008b0916426212c1cc2fc238b38ab9ebff0748c
NOTE: only exploitable in hard to achieve conditions
NOTE: http://www.openwall.com/lists/oss-security/2016/12/03/5
-CVE-2017-2924 [Heap-based buffer overflow in the read_legacy_biff function]
- RESERVED
+CVE-2017-2924 (An exploitable heap-based buffer overflow vulnerability exists
in the ...)
{DSA-3976-1 DLA-1098-1}
- freexl 1.0.4-1 (bug #875691)
NOTE:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0431
NOTE: https://www.gaia-gis.it/fossil/freexl/ci/40c17539ea56f0d8
-CVE-2017-2923 [Heap-based buffer overflow in the read_biff_next_record
function]
- RESERVED
+CVE-2017-2923 (An exploitable heap based buffer overflow vulnerability exists
in the ...)
{DSA-3976-1 DLA-1098-1}
- freexl 1.0.4-1 (bug #875690)
NOTE:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0430
@@ -71870,8 +71899,8 @@ CVE-2017-2919 (An exploitable stack based buffer
overflow vulnerability exists i
{DSA-4173-1}
- r-cran-readxl 1.0.0-2 (bug #895564)
NOTE:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0426
-CVE-2017-2918
- RESERVED
+CVE-2017-2918 (An exploitable integer overflow exists in the Image loading ...)
+ TODO: check
CVE-2017-2917 (An exploitable vulnerability exists in the notifications
functionality ...)
NOT-FOR-US: Circle with Disney
CVE-2017-2916 (An exploitable vulnerability exists in the /api/CONFIG/restore
...)
@@ -71893,26 +71922,26 @@ CVE-2017-2909 (An infinite loop programming error
exists in the DNS server ...)
[stretch] - smplayer <not-affected> (Vulnerable code not present)
[jessie] - smplayer <not-affected> (Vulnerable code not present)
[wheezy] - smplayer <not-affected> (Vulnerable code not present)
-CVE-2017-2908
- RESERVED
-CVE-2017-2907
- RESERVED
-CVE-2017-2906
- RESERVED
-CVE-2017-2905
- RESERVED
-CVE-2017-2904
- RESERVED
-CVE-2017-2903
- RESERVED
-CVE-2017-2902
- RESERVED
-CVE-2017-2901
- RESERVED
-CVE-2017-2900
- RESERVED
-CVE-2017-2899
- RESERVED
+CVE-2017-2908 (An exploitable integer overflow exists in the thumbnail
functionality ...)
+ TODO: check
+CVE-2017-2907 (An exploitable integer overflow exists in the animation playing
...)
+ TODO: check
+CVE-2017-2906 (An exploitable integer overflow exists in the animation playing
...)
+ TODO: check
+CVE-2017-2905 (An exploitable integer overflow exists in the bmp loading ...)
+ TODO: check
+CVE-2017-2904 (An exploitable integer overflow exists in the RADIANCE loading
...)
+ TODO: check
+CVE-2017-2903 (An exploitable integer overflow exists in the DPX loading ...)
+ TODO: check
+CVE-2017-2902 (An exploitable integer overflow exists in the DPX loading ...)
+ TODO: check
+CVE-2017-2901 (An exploitable integer overflow exists in the IRIS loading ...)
+ TODO: check
+CVE-2017-2900 (An exploitable integer overflow exists in the PNG loading ...)
+ TODO: check
+CVE-2017-2899 (An exploitable integer overflow exists in the TIFF loading ...)
+ TODO: check
CVE-2017-2898 (An exploitable vulnerability exists in the signature
verification of ...)
NOT-FOR-US: Circle with Disney
CVE-2017-2897 (An exploitable out-of-bounds write vulnerability exists in the
...)
@@ -71968,8 +71997,7 @@ CVE-2017-2887 (An exploitable buffer overflow
vulnerability exists in the XCF ..
NOTE: https://hg.libsdl.org/SDL_image/rev/318484db0705
CVE-2017-2886 (A memory corruption vulnerability exists in the .PSD parsing
...)
NOT-FOR-US: ACDSee Ultimate
-CVE-2017-2885 [stack based buffer overflow with HTTP Chunked Encoding]
- RESERVED
+CVE-2017-2885 (An exploitable stack based buffer overflow vulnerability exists
in the ...)
{DSA-3929-1}
- libsoup2.4 2.56.1-1 (bug #871650)
[wheezy] - libsoup2.4 <not-affected> (Vulnerable code not present)
@@ -72071,55 +72099,49 @@ CVE-2017-2842 (In the web management interface in
Foscam C1 Indoor HD Camera run
NOT-FOR-US: Foscam C1 Indoor HD Camera
CVE-2017-2841 (An exploitable command injection vulnerability exists in the
web ...)
NOT-FOR-US: Foscam C1 Indoor HD Camera
-CVE-2017-2840
- RESERVED
-CVE-2017-2839 [Rdp Client License Read Challenge Packet Denial of Service]
- RESERVED
+CVE-2017-2840 (A buffer overflow vulnerability exists in the ISO parsing ...)
+ TODO: check
+CVE-2017-2839 (An exploitable denial of service vulnerability exists within
the ...)
{DSA-3923-1 DLA-1095-1}
- freerdp 1.1.0~git20140921.1.440916e+dfsg1-14 (bug #869880)
NOTE:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0341
NOTE:
http://blog.talosintelligence.com/2017/07/vulnerbility-spotlight-freerdp-multiple.html
NOTE:
https://github.com/FreeRDP/FreeRDP/commit/03ab68318966c3a22935a02838daaea7b7fbe96c
(1.1)
-CVE-2017-2838 [Rdp Client License Read Product Info Denial of Service]
- RESERVED
+CVE-2017-2838 (An exploitable denial of service vulnerability exists within
the ...)
{DSA-3923-1 DLA-1095-1}
- freerdp 1.1.0~git20140921.1.440916e+dfsg1-14 (bug #869880)
NOTE:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0340
NOTE:
http://blog.talosintelligence.com/2017/07/vulnerbility-spotlight-freerdp-multiple.html
NOTE:
https://github.com/FreeRDP/FreeRDP/commit/03ab68318966c3a22935a02838daaea7b7fbe96c
(1.1)
-CVE-2017-2837 [Rdp Client GCC Read Server Security Data Denial of Service]
- RESERVED
+CVE-2017-2837 (An exploitable denial of service vulnerability exists within
the ...)
{DSA-3923-1 DLA-1095-1}
- freerdp 1.1.0~git20140921.1.440916e+dfsg1-14 (bug #869880)
NOTE:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0339
NOTE:
http://blog.talosintelligence.com/2017/07/vulnerbility-spotlight-freerdp-multiple.html
NOTE:
https://github.com/FreeRDP/FreeRDP/commit/03ab68318966c3a22935a02838daaea7b7fbe96c
(1.1)
-CVE-2017-2836 [Rdp Client Read Server Proprietary Certificate Denial of
Service]
- RESERVED
+CVE-2017-2836 (An exploitable denial of service vulnerability exists within
the ...)
{DSA-3923-1 DLA-1095-1}
- freerdp 1.1.0~git20140921.1.440916e+dfsg1-14 (bug #869880)
NOTE:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0338
NOTE:
http://blog.talosintelligence.com/2017/07/vulnerbility-spotlight-freerdp-multiple.html
NOTE:
https://github.com/FreeRDP/FreeRDP/commit/03ab68318966c3a22935a02838daaea7b7fbe96c
(1.1)
-CVE-2017-2835 [Out-of-bounds write in rdp_recv_tpkt_pdu]
- RESERVED
+CVE-2017-2835 (An exploitable code execution vulnerability exists in the RDP
receive ...)
{DSA-3923-1 DLA-1095-1}
- freerdp 1.1.0~git20140921.1.440916e+dfsg1-14 (bug #869880)
NOTE:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0337
NOTE:
http://blog.talosintelligence.com/2017/07/vulnerbility-spotlight-freerdp-multiple.html
NOTE:
https://github.com/FreeRDP/FreeRDP/commit/03ab68318966c3a22935a02838daaea7b7fbe96c
(1.1)
-CVE-2017-2834 [Out-of-bounds write in license_recv()]
- RESERVED
+CVE-2017-2834 (An exploitable code execution vulnerability exists in the ...)
{DSA-3923-1}
- freerdp 1.1.0~git20140921.1.440916e+dfsg1-14 (bug #869880)
[wheezy] - freerdp <not-affected> (vulnerable code not present)
NOTE:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0336
NOTE:
http://blog.talosintelligence.com/2017/07/vulnerbility-spotlight-freerdp-multiple.html
NOTE:
https://github.com/FreeRDP/FreeRDP/commit/03ab68318966c3a22935a02838daaea7b7fbe96c
(1.1)
-CVE-2017-2833
- RESERVED
-CVE-2017-2832
- RESERVED
+CVE-2017-2833 (An exploitable command injection vulnerability exists in the
web ...)
+ TODO: check
+CVE-2017-2832 (An exploitable command injection vulnerability exists in the
web ...)
+ TODO: check
CVE-2017-2831 (An exploitable buffer overflow vulnerability exists in the web
...)
NOT-FOR-US: Foscam C1 Indoor HD Camera
CVE-2017-2830 (An exploitable buffer overflow vulnerability exists in the web
...)
@@ -72182,10 +72204,10 @@ CVE-2017-2814 (An exploitable heap overflow
vulnerability exists in the image ..
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2017-0319
CVE-2017-2813 (An exploitable integer overflow vulnerability exists in the
JPEG 2000 ...)
NOT-FOR-US: IrfanView
-CVE-2017-2812
- RESERVED
-CVE-2017-2811
- RESERVED
+CVE-2017-2812 (A code execution vulnerability exists in the
kdu_buffered_expand ...)
+ TODO: check
+CVE-2017-2811 (A code execution vulnerability exists in the Kakadu SDK 7.9's
parsing ...)
+ TODO: check
CVE-2017-2810 (An exploitable vulnerability exists in the Databook loading ...)
- python-tablib 0.9.11-3 (bug #864818)
[stretch] - python-tablib 0.9.11-2+deb8u1
@@ -72210,12 +72232,12 @@ CVE-2017-2806 (An exploitable arbitrary read exists
in the XLS parsing of the Le
NOT-FOR-US: Lexmark Perspective Document Filters conversion
functionality
CVE-2017-2805 (An exploitable stack-based buffer overflow vulnerability exists
in the ...)
NOT-FOR-US: Foscam C1 Indoor HD Camera
-CVE-2017-2804
- RESERVED
-CVE-2017-2803
- RESERVED
-CVE-2017-2802
- RESERVED
+CVE-2017-2804 (A remote out of bound write vulnerability exists in the TIFF
parsing ...)
+ TODO: check
+CVE-2017-2803 (A remote out of bound write vulnerability exists in the TIFF
parsing ...)
+ TODO: check
+CVE-2017-2802 (An exploitable dll hijacking vulnerability exists in the ...)
+ TODO: check
CVE-2017-2801 (A programming error exists in a way Randombit Botan
cryptographic ...)
{DSA-3939-1 DLA-915-1}
- botan1.10 1.10.16-1 (bug #860072)
@@ -74664,8 +74686,8 @@ CVE-2017-1736
RESERVED
CVE-2017-1735
RESERVED
-CVE-2017-1734
- RESERVED
+CVE-2017-1734 (IBM Jazz Team Server affecting the following IBM Rational
Products: ...)
+ TODO: check
CVE-2017-1733 (IBM QRadar 7.3 stores potentially sensitive information in log
files ...)
NOT-FOR-US: IBM
CVE-2017-1732
@@ -74682,8 +74704,8 @@ CVE-2017-1727 (IBM Tivoli Key Lifecycle Manager 2.5,
2.6, and 2.7 discloses sens
NOT-FOR-US: IBM Tivoli Key Lifecycle Manager
CVE-2017-1726
RESERVED
-CVE-2017-1725
- RESERVED
+CVE-2017-1725 (IBM Jazz Team Server affecting the following IBM Rational
Products: ...)
+ TODO: check
CVE-2017-1724
RESERVED
CVE-2017-1723
@@ -74732,8 +74754,8 @@ CVE-2017-1702
RESERVED
CVE-2017-1701 (IBM Team Concert (RTC) 5.0, 5.0.1, 5.0.2, 6.0, 6.0.1, 6.0.2,
6.0.3, ...)
NOT-FOR-US: IBM
-CVE-2017-1700
- RESERVED
+CVE-2017-1700 (IBM Jazz Team Server affecting the following IBM Rational
Products: ...)
+ TODO: check
CVE-2017-1699 (IBM MQ Managed File Transfer Agent 8.0 and 9.0 sets insecure
...)
NOT-FOR-US: IBM MQ Managed File Transfer Agent
CVE-2017-1698 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could reveal
sensitive ...)
@@ -78255,8 +78277,7 @@ CVE-2016-9588 (arch/x86/kvm/vmx.c in the Linux kernel
through 4.9 mismanages the
- linux 4.8.15-2
NOTE: https://www.spinics.net/lists/kvm/msg142495.html
NOTE: Fixed by:
https://git.kernel.org/linus/ef85b67385436ddc1998f45f1d6a210f935b3388
-CVE-2016-9587 [Compromised remote hosts can lead to running commands on the
Ansible controller]
- RESERVED
+CVE-2016-9587 (Ansible before versions 2.1.4, 2.2.1 is vulnerable to an
improper ...)
- ansible 2.2.0.0-3 (bug #850846)
[jessie] - ansible <not-affected> (Vulnerable code not present, way ssh
commands was reworked in 2.x branch)
NOTE: Fixed by:
https://github.com/ansible/ansible/commit/ec84ff6de6eca9224bf3f22b752bb8da806611ed
(v2.2.1.0-0.3.rc3)
@@ -80406,8 +80427,8 @@ CVE-2016-9045
RESERVED
CVE-2016-9044
RESERVED
-CVE-2016-9043
- RESERVED
+CVE-2016-9043 (An out of bound write vulnerability exists in the EMF parsing
...)
+ TODO: check
CVE-2016-9042
RESERVED
- ntp 1:4.2.8p10+dfsg-1
@@ -80425,8 +80446,8 @@ CVE-2016-9040
RESERVED
CVE-2016-9039 (An exploitable denial of service exists in the Joyent SmartOS
...)
NOT-FOR-US: Joyent
-CVE-2016-9038
- RESERVED
+CVE-2016-9038 (An exploitable double fetch vulnerability exists in the
SboxDrv.sys ...)
+ TODO: check
CVE-2016-9037 (An exploitable out-of-bounds array access vulnerability exists
in the ...)
- tarantool 1.7.2.385.g952d79e-1
[jessie] - tarantool <not-affected> (Vulnerable code not present)
@@ -81125,21 +81146,19 @@ CVE-2016-8734 (Subversion's mod_dontdothat module and
HTTP clients 1.4.0 through
NOTE: https://subversion.apache.org/security/CVE-2016-8734-advisory.txt
CVE-2016-8733 (An exploitable integer overflow exists in the Joyent SmartOS
...)
NOT-FOR-US: Joyent SmartOS
-CVE-2016-8732
- RESERVED
+CVE-2016-8732 (Multiple security flaws exists in InvProtectDrv.sys which is a
part of ...)
+ TODO: check
CVE-2016-8731 (Hard-coded FTP credentials (r:r) are included in the Foscam C1
running ...)
NOT-FOR-US: Foscam C1
-CVE-2016-8730
- RESERVED
-CVE-2016-8729
- RESERVED
+CVE-2016-8730 (An of bound write / memory corruption vulnerability exists in
the GIF ...)
+ TODO: check
+CVE-2016-8729 (An exploitable memory corruption vulnerability exists in the
JBIG2 ...)
{DSA-3817-1 DLA-874-1}
- jbig2dec 0.13-4 (bug #863886)
NOTE:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0243
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698438
NOTE:
http://git.ghostscript.com/?p=jbig2dec.git;h=e698d5c11d27212aa1098bc5b1673a3378563092
-CVE-2016-8728
- RESERVED
+CVE-2016-8728 (An exploitable heap out of bounds write vulnerability exists in
the ...)
- mupdf <not-affected> (Vulnerable code introduced in 1.10, cf. #863545)
NOTE:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0242%20
CVE-2016-8727 (An exploitable information disclosure vulnerability exists in
the Web ...)
@@ -82448,12 +82467,12 @@ CVE-2016-8386 (An exploitable heap-based buffer
overflow exists in Iceni Argus.
NOT-FOR-US: Iceni Argus
CVE-2016-8385 (An exploitable uninitialized variable vulnerability which leads
to a ...)
NOT-FOR-US: Iceni Argus
-CVE-2016-8384
- RESERVED
-CVE-2016-8383
- RESERVED
-CVE-2016-8382
- RESERVED
+CVE-2016-8384 (An exploitable heap corruption vulnerability exists in the
DHFSummary ...)
+ TODO: check
+CVE-2016-8383 (An exploitable heap corruption vulnerability exists in the ...)
+ TODO: check
+CVE-2016-8382 (An exploitable heap corruption vulnerability exists in the ...)
+ TODO: check
CVE-2016-8381
RESERVED
CVE-2016-8380 (The web server in Phoenix Contact ILC PLCs allows access to
read and ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/add10d8e96a23993b082e18a7bd3912736eceed1
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/add10d8e96a23993b082e18a7bd3912736eceed1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
