Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
876aa2ff by security tracker role at 2018-06-07T08:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -4058,8 +4058,7 @@ CVE-2017-18261 (The arch_timer_reg_read_stable macro in
...)
NOTE: Fixed by:
https://git.kernel.org/linus/adb4f11e0a8f4e29900adb2b7af28b6bbd5c1fa4 (4.13-rc6)
CVE-2018-10200
RESERVED
-CVE-2018-10198 [OSA-2018-01: Information Disclosure]
- RESERVED
+CVE-2018-10198 (An issue was discovered in OTRS 6.0.x before 6.0.7. An
attacker who is ...)
- otrs2 6.0.7-1
[stretch] - otrs2 <not-affected> (Specific to OTRS 6)
[jessie] - otrs2 <not-affected> (Specific to OTRS 6)
@@ -10932,8 +10931,8 @@ CVE-2018-7512 (A cross-site scripting vulnerability has
been identified in Geute
NOT-FOR-US: IP Geutebruck and Topline IP cameras
CVE-2018-7511 (In Eaton ELCSoft versions 2.04.02 and prior, there are multiple
cases ...)
NOT-FOR-US: Eaton ELCSoft
-CVE-2018-7510
- RESERVED
+CVE-2018-7510 (In the web application in BeaconMedaes TotalAlert Scroll
Medical Air ...)
+ TODO: check
CVE-2018-7509 (WPLSoft in Delta Electronics versions 2.45.0 and prior writes
data ...)
NOT-FOR-US: Delta Electronics
CVE-2018-7508 (A Cross-site Scripting issue was discovered in OSIsoft PI Web
API ...)
@@ -13646,8 +13645,8 @@ CVE-2017-18156
RESERVED
CVE-2017-18155
RESERVED
-CVE-2017-18154
- RESERVED
+CVE-2017-18154 (A crafted binder request can cause an arbitrary unmap in
MediaServer ...)
+ TODO: check
CVE-2017-18153
RESERVED
NOT-FOR-US: Qualcomm components for Android
@@ -16315,8 +16314,8 @@ CVE-2018-5852
CVE-2018-5851
RESERVED
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-5850
- RESERVED
+CVE-2018-5850 (In the function csr_update_fils_params_rso(), insufficient
validation ...)
+ TODO: check
CVE-2018-5849
RESERVED
NOT-FOR-US: Qualcomm components for Android
@@ -16326,10 +16325,10 @@ CVE-2018-5848
CVE-2018-5847
RESERVED
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-5846
- RESERVED
-CVE-2018-5845
- RESERVED
+CVE-2018-5846 (A Use After Free condition can occur in the IPA driver whenever
the ...)
+ TODO: check
+CVE-2018-5845 (A race condition in drm_atomic_nonblocking_commit() in the
display ...)
+ TODO: check
CVE-2018-5844
RESERVED
NOT-FOR-US: Qualcomm components for Android
@@ -16339,10 +16338,10 @@ CVE-2018-5843
CVE-2018-5842
RESERVED
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-5841
- RESERVED
-CVE-2018-5840
- RESERVED
+CVE-2018-5841 (dcc_curr_list is initialized with a default invalid value that
is ...)
+ TODO: check
+CVE-2018-5840 (Buffer Copy without Checking Size of Input can occur during the
DRM ...)
+ TODO: check
CVE-2018-5839
RESERVED
CVE-2018-5838
@@ -21304,8 +21303,8 @@ CVE-2018-3854
RESERVED
CVE-2018-3853 (An exploitable use-after-free vulnerability exists in the
JavaScript ...)
NOT-FOR-US: Foxit PDF Reader
-CVE-2018-3852
- RESERVED
+CVE-2018-3852 (An exploitable denial of service vulnerability exists in the
Ocularis ...)
+ TODO: check
CVE-2018-3851 (In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 ...)
NOT-FOR-US: Hyland Perceptive Document Filters
CVE-2018-3850 (An exploitable use-after-free vulnerability exists in the
JavaScript ...)
@@ -21865,28 +21864,28 @@ CVE-2018-3740 (A specially crafted HTML fragment can
cause Sanitize gem for Ruby
NOTE: Only an issue in combination with libxml2 >= 2.9.2
NOTE: The 'fragment' method was renamed from 'clean' method in earlier
version
NOTE: in v3.0.0
-CVE-2018-3739
- RESERVED
-CVE-2018-3738
- RESERVED
-CVE-2018-3737
- RESERVED
-CVE-2018-3736
- RESERVED
-CVE-2018-3735
- RESERVED
+CVE-2018-3739 (https-proxy-agent before 2.1.1 passes auth option to the Buffer
...)
+ TODO: check
+CVE-2018-3738 (protobufjs is vulnerable to ReDoS when parsing crafted invalid
.proto ...)
+ TODO: check
+CVE-2018-3737 (sshpk is vulnerable to ReDoS when parsing crafted invalid
public keys. ...)
+ TODO: check
+CVE-2018-3736 (https-proxy-agent passes unsanitized options to Buffer(arg)
resulting ...)
+ TODO: check
+CVE-2018-3735 (bracket-template suffers from reflected XSS possible when
variable ...)
+ TODO: check
CVE-2018-3734 (stattic node module suffers from a Path Traversal vulnerability
due to ...)
NOT-FOR-US: stattic nodejs module
CVE-2018-3733 (crud-file-server node module before 0.9.0 suffers from a Path
...)
NOT-FOR-US: crud-file-server nodejs module
-CVE-2018-3732
- RESERVED
-CVE-2018-3731
- RESERVED
-CVE-2018-3730
- RESERVED
-CVE-2018-3729
- RESERVED
+CVE-2018-3732 (resolve-path node module before 1.4.0 suffers from a Path
Traversal ...)
+ TODO: check
+CVE-2018-3731 (public node module suffers from a Path Traversal vulnerability
due to ...)
+ TODO: check
+CVE-2018-3730 (mcstatic node module suffers from a Path Traversal
vulnerability due ...)
+ TODO: check
+CVE-2018-3729 (localhost-now node module suffers from a Path Traversal
vulnerability ...)
+ TODO: check
CVE-2018-3728 (hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers
from a Modification of ...)
- node-hoek <unfixed> (unimportant)
NOTE: fixed in 4.2.1
@@ -21895,53 +21894,49 @@ CVE-2018-3728 (hoek node module before 4.2.0 and
5.0.x before 5.0.3 suffers from
NOTE: https://snyk.io/vuln/npm:hoek:20180212
NOTE: https://nodesecurity.io/advisories/566
NOTE: nodejs not covered by security support
-CVE-2018-3727
- RESERVED
-CVE-2018-3726
- RESERVED
-CVE-2018-3725
- RESERVED
-CVE-2018-3724
- RESERVED
-CVE-2018-3723
- RESERVED
-CVE-2018-3722
- RESERVED
-CVE-2018-3721 [Prototype pollution in utilities function]
- RESERVED
+CVE-2018-3727 (626 node module suffers from a Path Traversal vulnerability due
to ...)
+ TODO: check
+CVE-2018-3726 (crud-file-server node module before 0.8.0 suffers from a
Cross-Site ...)
+ TODO: check
+CVE-2018-3725 (hekto node module suffers from a Path Traversal vulnerability
due to ...)
+ TODO: check
+CVE-2018-3724 (general-file-server node module suffers from a Path Traversal
...)
+ TODO: check
+CVE-2018-3723 (defaults-deep node module before 0.2.4 suffers from a
Modification of ...)
+ TODO: check
+CVE-2018-3722 (merge-deep node module before 3.0.1 suffers from a Modification
of ...)
+ TODO: check
+CVE-2018-3721 (lodash node module before 4.17.5 suffers from a Modification of
...)
- node-lodash <unfixed> (unimportant; bug #890575)
NOTE: https://snyk.io/vuln/npm:lodash:20180130
NOTE:
https://github.com/lodash/lodash/commit/d8e069cc3410082e44eb18fcf8e7f3d08ebe1d4a
NOTE: nodejs not covered by security support
-CVE-2018-3720
- RESERVED
-CVE-2018-3719 [Prototype pollution via merging functions]
- RESERVED
+CVE-2018-3720 (assign-deep node module before 0.4.7 suffers from a
Modification of ...)
+ TODO: check
+CVE-2018-3719 (mixin-deep node module before 1.3.1 suffers from a Modification
of ...)
- node-mixin-deep <unfixed> (unimportant; bug #898315)
NOTE: https://nodesecurity.io/advisories/578
NOTE: nodejs not covered by security support
-CVE-2018-3718
- RESERVED
-CVE-2018-3717
- RESERVED
-CVE-2018-3716
- RESERVED
-CVE-2018-3715
- RESERVED
-CVE-2018-3714
- RESERVED
-CVE-2018-3713
- RESERVED
-CVE-2018-3712
- RESERVED
+CVE-2018-3718 (serve node module suffers from Improper Handling of URL
Encoding by ...)
+ TODO: check
+CVE-2018-3717 (connect node module before 2.14.0 suffers from a Cross-Site
Scripting ...)
+ TODO: check
+CVE-2018-3716 (simplehttpserver node module suffers from a Cross-Site
Scripting ...)
+ TODO: check
+CVE-2018-3715 (glance node module before 3.0.4 suffers from a Path Traversal
...)
+ TODO: check
+CVE-2018-3714 (node-srv node module suffers from a Path Traversal
vulnerability due ...)
+ TODO: check
+CVE-2018-3713 (angular-http-server node module suffers from a Path Traversal
...)
+ TODO: check
+CVE-2018-3712 (serve node module before 6.4.9 suffers from a Path Traversal
...)
NOT-FOR-US: npm serve
NOTE: fixed in 6.4.9 upstream
NOTE:
https://github.com/zeit/serve/commit/6adad6881c61991da61ebc857857c53409544575
NOTE: https://github.com/zeit/serve/pull/316
NOTE: https://hackerone.com/reports/307666
NOTE: https://nodesecurity.io/advisories/561
-CVE-2018-3711
- RESERVED
+CVE-2018-3711 (Fastify node module before 0.38.0 is vulnerable to a
denial-of-service ...)
NOT-FOR-US: Fastify
NOTE: fixed in 0.38.0 upstream
NOTE:
https://github.com/fastify/fastify/commit/fabd2a011f2ffbb877394abe699f549513ffbd76
@@ -22758,13 +22753,13 @@ CVE-2018-3582
CVE-2018-3581
RESERVED
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-3580
- RESERVED
+CVE-2018-3580 (Stack-based buffer overflow can occur In the WLAN driver if the
...)
+ TODO: check
CVE-2018-3579
RESERVED
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-3578
- RESERVED
+CVE-2018-3578 (Type mismatch for ie_len can cause the WLAN driver to allocate
less ...)
+ TODO: check
CVE-2018-3577
RESERVED
CVE-2018-3576
@@ -22791,14 +22786,14 @@ CVE-2018-3567 (In Qualcomm Android for MSM, Firefox
OS for MSM, and QRD Android
NOT-FOR-US: Qualcomm components for Android
CVE-2018-3566 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD
Android with ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-3565
- RESERVED
+CVE-2018-3565 (While sending a probe request indication in ...)
+ TODO: check
CVE-2018-3564
RESERVED
CVE-2018-3563 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD
Android with ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-3562
- RESERVED
+CVE-2018-3562 (Buffer over -read can occur while processing a FILS
authentication ...)
+ TODO: check
CVE-2018-3561 (In Android for MSM, Firefox OS for MSM, QRD Android, with all
Android ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-3560 (In Android for MSM, Firefox OS for MSM, QRD Android, with all
Android ...)
@@ -28901,16 +28896,16 @@ CVE-2018-1270 (Spring Framework, versions 5.0 prior
to 5.0.5 and versions 4.3 pr
NOTE: https://pivotal.io/security/cve-2018-1270
NOTE: when addressing this issue make sure to not only apply a partial
fix but
NOTE: make it complete, cf.
https://bugzilla.redhat.com/show_bug.cgi?id=1565307
-CVE-2018-1269
- RESERVED
-CVE-2018-1268
- RESERVED
+CVE-2018-1269 (Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x
prior ...)
+ TODO: check
+CVE-2018-1268 (Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x
prior ...)
+ TODO: check
CVE-2018-1267 (Cloud Foundry Silk CNI plugin, versions prior to 0.2.0,
contains an ...)
NOT-FOR-US: Cloud Foundry
CVE-2018-1266 (Cloud Foundry Cloud Controller, versions prior to 1.52.0,
contains ...)
NOT-FOR-US: Cloud Foundry
-CVE-2018-1265
- RESERVED
+CVE-2018-1265 (Cloud Foundry Diego, release versions prior to 2.8.0, does not
...)
+ TODO: check
CVE-2018-1264
RESERVED
CVE-2018-1263 (Addresses partial fix in CVE-2018-1261. Pivotal ...)
@@ -35325,348 +35320,348 @@ CVE-2017-16227 (The aspath_put function in
bgpd/bgp_aspath.c in Quagga before 1.
- quagga 1.2.2-1 (bug #879474)
NOTE:
https://lists.quagga.net/pipermail/quagga-dev/2017-September/033284.html
NOTE:
http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=7a42b78be9a4108d98833069a88e6fddb9285008
-CVE-2017-16226
- RESERVED
-CVE-2017-16225
- RESERVED
-CVE-2017-16224
- RESERVED
-CVE-2017-16223
- RESERVED
-CVE-2017-16222
- RESERVED
-CVE-2017-16221
- RESERVED
-CVE-2017-16220
- RESERVED
-CVE-2017-16219
- RESERVED
-CVE-2017-16218
- RESERVED
-CVE-2017-16217
- RESERVED
-CVE-2017-16216
- RESERVED
-CVE-2017-16215
- RESERVED
-CVE-2017-16214
- RESERVED
-CVE-2017-16213
- RESERVED
-CVE-2017-16212
- RESERVED
-CVE-2017-16211
- RESERVED
-CVE-2017-16210
- RESERVED
-CVE-2017-16209
- RESERVED
-CVE-2017-16208
- RESERVED
-CVE-2017-16207
- RESERVED
-CVE-2017-16206
- RESERVED
-CVE-2017-16205
- RESERVED
-CVE-2017-16204
- RESERVED
-CVE-2017-16203
- RESERVED
-CVE-2017-16202
- RESERVED
-CVE-2017-16201
- RESERVED
-CVE-2017-16200
- RESERVED
-CVE-2017-16199
- RESERVED
-CVE-2017-16198
- RESERVED
-CVE-2017-16197
- RESERVED
-CVE-2017-16196
- RESERVED
-CVE-2017-16195
- RESERVED
-CVE-2017-16194
- RESERVED
-CVE-2017-16193
- RESERVED
-CVE-2017-16192
- RESERVED
-CVE-2017-16191
- RESERVED
-CVE-2017-16190
- RESERVED
-CVE-2017-16189
- RESERVED
-CVE-2017-16188
- RESERVED
-CVE-2017-16187
- RESERVED
-CVE-2017-16186
- RESERVED
-CVE-2017-16185
- RESERVED
-CVE-2017-16184
- RESERVED
-CVE-2017-16183
- RESERVED
-CVE-2017-16182
- RESERVED
-CVE-2017-16181
- RESERVED
-CVE-2017-16180
- RESERVED
-CVE-2017-16179
- RESERVED
-CVE-2017-16178
- RESERVED
-CVE-2017-16177
- RESERVED
-CVE-2017-16176
- RESERVED
-CVE-2017-16175
- RESERVED
-CVE-2017-16174
- RESERVED
-CVE-2017-16173
- RESERVED
-CVE-2017-16172
- RESERVED
-CVE-2017-16171
- RESERVED
-CVE-2017-16170
- RESERVED
-CVE-2017-16169
- RESERVED
-CVE-2017-16168
- RESERVED
-CVE-2017-16167
- RESERVED
-CVE-2017-16166
- RESERVED
-CVE-2017-16165
- RESERVED
-CVE-2017-16164
- RESERVED
-CVE-2017-16163
- RESERVED
-CVE-2017-16162
- RESERVED
-CVE-2017-16161
- RESERVED
-CVE-2017-16160
- RESERVED
-CVE-2017-16159
- RESERVED
-CVE-2017-16158
- RESERVED
-CVE-2017-16157
- RESERVED
-CVE-2017-16156
- RESERVED
-CVE-2017-16155
- RESERVED
-CVE-2017-16154
- RESERVED
+CVE-2017-16226 (The static-eval module is intended to evaluate
statically-analyzable ...)
+ TODO: check
+CVE-2017-16225 (aegir is a module to help automate JavaScript project
management. ...)
+ TODO: check
+CVE-2017-16224 (st is a module for serving static files. An attacker is able
to craft ...)
+ TODO: check
+CVE-2017-16223 (nodeaaaaa is a static file server. nodeaaaaa is vulnerable to
a ...)
+ TODO: check
+CVE-2017-16222 (elding is a simple web server. elding is vulnerable to a
directory ...)
+ TODO: check
+CVE-2017-16221 (yzt is a simple file server. yzt is vulnerable to a directory
...)
+ TODO: check
+CVE-2017-16220 (wind-mvc is an mvc framework. wind-mvc is vulnerable to a
directory ...)
+ TODO: check
+CVE-2017-16219 (yttivy is a static file server. yttivy is vulnerable to a
directory ...)
+ TODO: check
+CVE-2017-16218 (dgard8.lab6 is a static file server. dgard8.lab6 is vulnerable
to a ...)
+ TODO: check
+CVE-2017-16217 (fbr-client sends files through sockets via socket.io and
webRTC. ...)
+ TODO: check
+CVE-2017-16216 (tencent-server is a simple web server. tencent-server is
vulnerable to ...)
+ TODO: check
+CVE-2017-16215 (sgqserve is a simple file server. sgqserve is vulnerable to a
...)
+ TODO: check
+CVE-2017-16214 (peiserver is a static file server. peiserver is vulnerable to
a ...)
+ TODO: check
+CVE-2017-16213 (mfrserver is a simple file server. mfrserver is vulnerable to
a ...)
+ TODO: check
+CVE-2017-16212 (ltt is a static file server. ltt is vulnerable to a directory
...)
+ TODO: check
+CVE-2017-16211 (lessindex is a static file server. lessindex is vulnerable to
a ...)
+ TODO: check
+CVE-2017-16210 (jn_jj_server is a static file server. jn_jj_server is
vulnerable to a ...)
+ TODO: check
+CVE-2017-16209 (enserver is a simple web server. enserver is vulnerable to a
directory ...)
+ TODO: check
+CVE-2017-16208 (dmmcquay.lab6 is a REST server. dmmcquay.lab6 is vulnerable to
a ...)
+ TODO: check
+CVE-2017-16207 (discordi.js is a malicious module based on the discord.js
library that ...)
+ TODO: check
+CVE-2017-16206 (The cofee-script module exfiltrates sensitive data such as a
user's ...)
+ TODO: check
+CVE-2017-16205 (The coffescript module exfiltrates sensitive data such as a
user's ...)
+ TODO: check
+CVE-2017-16204 (The jquey module exfiltrates sensitive data such as a user's
private ...)
+ TODO: check
+CVE-2017-16203 (The coffe-script module exfiltrates sensitive data such as a
user's ...)
+ TODO: check
+CVE-2017-16202 (The cofeescript module exfiltrates sensitive data such as a
user's ...)
+ TODO: check
+CVE-2017-16201 (zjjserver is a static file server. zjjserver is vulnerable to
a ...)
+ TODO: check
+CVE-2017-16200 (uv-tj-demo is a static file server. uv-tj-demo is vulnerable
to a ...)
+ TODO: check
+CVE-2017-16199 (susu-sum is a static file server. susu-sum is vulnerable to a
...)
+ TODO: check
+CVE-2017-16198 (ritp is a static web server. ritp is vulnerable to a directory
...)
+ TODO: check
+CVE-2017-16197 (qinserve is a static file server. qinserve is vulnerable to a
...)
+ TODO: check
+CVE-2017-16196 (quickserver is a simple static file server. quickserver is
vulnerable ...)
+ TODO: check
+CVE-2017-16195 (pytservce is a static file server. pytservce is vulnerable to
a ...)
+ TODO: check
+CVE-2017-16194 (picard is a micro framework. picard is vulnerable to a
directory ...)
+ TODO: check
+CVE-2017-16193 (mfrs is a static file server. mfrs is vulnerable to a
directory ...)
+ TODO: check
+CVE-2017-16192 (getcityapi.yoehoehne is a web server. getcityapi.yoehoehne is
...)
+ TODO: check
+CVE-2017-16191 (cypserver is a static file server. cypserver is vulnerable to
a ...)
+ TODO: check
+CVE-2017-16190 (dcdcdcdcdc is a static file server. dcdcdcdcdc is vulnerable
to a ...)
+ TODO: check
+CVE-2017-16189 (sly07 is an API for censoring text. sly07 is vulnerable to a
directory ...)
+ TODO: check
+CVE-2017-16188 (reecerver is a web server. reecerver is vulnerable to a
directory ...)
+ TODO: check
+CVE-2017-16187 (open-device creates a web interface for any device.
open-device is ...)
+ TODO: check
+CVE-2017-16186 (360class.jansenhm is a static file server. 360class.jansenhm
is ...)
+ TODO: check
+CVE-2017-16185 (uekw1511server is a static file server. uekw1511server is
vulnerable ...)
+ TODO: check
+CVE-2017-16184 (scott-blanch-weather-app is a sample Node.js app using Express
4. ...)
+ TODO: check
+CVE-2017-16183 (iter-server is a static file server. iter-server is vulnerable
to a ...)
+ TODO: check
+CVE-2017-16182 (serverxxx is a static file server. serverxxx is vulnerable to
a ...)
+ TODO: check
+CVE-2017-16181 (wintiwebdev is a static file server. wintiwebdev is vulnerable
to a ...)
+ TODO: check
+CVE-2017-16180 (serverabc is a static file server. serverabc is vulnerable to
a ...)
+ TODO: check
+CVE-2017-16179 (dasafio is a web server. dasafio is vulnerable to a directory
...)
+ TODO: check
+CVE-2017-16178 (intsol-package is a file server. intsol-package is vulnerable
to a ...)
+ TODO: check
+CVE-2017-16177 (chatbyvista is a file server. chatbyvista is vulnerable to a
directory ...)
+ TODO: check
+CVE-2017-16176 (jansenstuffpleasework is a file server. jansenstuffpleasework
is ...)
+ TODO: check
+CVE-2017-16175 (ewgaddis.lab6 is a file server. ewgaddis.lab6 is vulnerable to
a ...)
+ TODO: check
+CVE-2017-16174 (whispercast is a file server. whispercast is vulnerable to a
directory ...)
+ TODO: check
+CVE-2017-16173 (utahcityfinder constructs lists of Utah cities with a certiain
prefix. ...)
+ TODO: check
+CVE-2017-16172 (section2.madisonjbrooks12 is a simple web server. ...)
+ TODO: check
+CVE-2017-16171 (hcbserver is a static file server. hcbserver is vulnerable to
a ...)
+ TODO: check
+CVE-2017-16170 (liuyaserver is a static file server. liuyaserver is vulnerable
to a ...)
+ TODO: check
+CVE-2017-16169 (looppake is a simple http server. looppake is vulnerable to a
...)
+ TODO: check
+CVE-2017-16168 (wffserve is vulnerable to a directory traversal issue, giving
an ...)
+ TODO: check
+CVE-2017-16167 (yyooopack is a simple file server. yyooopack is vulnerable to
a ...)
+ TODO: check
+CVE-2017-16166 (byucslabsix is an http server. byucslabsix is vulnerable to a
...)
+ TODO: check
+CVE-2017-16165 (calmquist.static-server is a static file server. ...)
+ TODO: check
+CVE-2017-16164 (desafio is a simple web server. desafio is vulnerable to a
directory ...)
+ TODO: check
+CVE-2017-16163 (dylmomo is a simple file server. dylmomo is vulnerable to a
directory ...)
+ TODO: check
+CVE-2017-16162 (22lixian is a simple file server. 22lixian is vulnerable to a
...)
+ TODO: check
+CVE-2017-16161 (shenliru is a simple file server. shenliru is vulnerable to a
...)
+ TODO: check
+CVE-2017-16160 (11xiaoli is a simple file server. 11xiaoli is vulnerable to a
...)
+ TODO: check
+CVE-2017-16159 (caolilinode is a simple file server. caolilinode is vulnerable
to a ...)
+ TODO: check
+CVE-2017-16158 (dcserver is a static file server. dcserver is vulnerable to a
...)
+ TODO: check
+CVE-2017-16157 (censorify.tanisjr is a simple web server and API RESTful
service. ...)
+ TODO: check
+CVE-2017-16156 (myprolyz is a static file server. myprolyz is vulnerable to a
...)
+ TODO: check
+CVE-2017-16155 (fast-http-cli is the command line interface for fast-http, a
simple ...)
+ TODO: check
+CVE-2017-16154 (earlybird is a web server module for early development.
earlybird is ...)
+ TODO: check
CVE-2017-16153 (gaoxuyan is vulnerable to a directory traversal issue, giving
an ...)
NOT-FOR-US: gaoxuyan
-CVE-2017-16152
- RESERVED
-CVE-2017-16151
- RESERVED
-CVE-2017-16150
- RESERVED
-CVE-2017-16149
- RESERVED
-CVE-2017-16148
- RESERVED
-CVE-2017-16147
- RESERVED
-CVE-2017-16146
- RESERVED
-CVE-2017-16145
- RESERVED
-CVE-2017-16144
- RESERVED
-CVE-2017-16143
- RESERVED
-CVE-2017-16142
- RESERVED
-CVE-2017-16141
- RESERVED
-CVE-2017-16140
- RESERVED
-CVE-2017-16139
- RESERVED
-CVE-2017-16138
- RESERVED
-CVE-2017-16137
- RESERVED
-CVE-2017-16136
- RESERVED
-CVE-2017-16135
- RESERVED
-CVE-2017-16134
- RESERVED
-CVE-2017-16133
- RESERVED
-CVE-2017-16132
- RESERVED
-CVE-2017-16131
- RESERVED
-CVE-2017-16130
- RESERVED
-CVE-2017-16129
- RESERVED
-CVE-2017-16128
- RESERVED
-CVE-2017-16127
- RESERVED
-CVE-2017-16126
- RESERVED
-CVE-2017-16125
- RESERVED
-CVE-2017-16124
- RESERVED
-CVE-2017-16123
- RESERVED
-CVE-2017-16122
- RESERVED
-CVE-2017-16121
- RESERVED
-CVE-2017-16120
- RESERVED
-CVE-2017-16119
- RESERVED
-CVE-2017-16118
- RESERVED
-CVE-2017-16117
- RESERVED
-CVE-2017-16116
- RESERVED
-CVE-2017-16115
- RESERVED
-CVE-2017-16114
- RESERVED
-CVE-2017-16113
- RESERVED
+CVE-2017-16152 (static-html-server is a static file server. static-html-server
is ...)
+ TODO: check
+CVE-2017-16151 (Based on details posted by the ElectronJS team; A remote code
...)
+ TODO: check
+CVE-2017-16150 (wanggoujing123 is a simple webserver. wanggoujing123 is
vulnerable to ...)
+ TODO: check
+CVE-2017-16149 (zwserver is a weather web server. zwserver is vulnerable to a
...)
+ TODO: check
+CVE-2017-16148 (serve46 is a static file server. serve46 is vulnerable to a
directory ...)
+ TODO: check
+CVE-2017-16147 (shit-server is a file server. shit-server is vulnerable to a
directory ...)
+ TODO: check
+CVE-2017-16146 (mockserve is a file server. mockserve is vulnerable to a
directory ...)
+ TODO: check
+CVE-2017-16145 (sspa is a server dedicated to single-page apps. sspa is
vulnerable to ...)
+ TODO: check
+CVE-2017-16144 (myserver.alexcthomas18 is a file server.
myserver.alexcthomas18 is ...)
+ TODO: check
+CVE-2017-16143 (commentapp.stetsonwood is an http server.
commentapp.stetsonwood is ...)
+ TODO: check
+CVE-2017-16142 (infraserver is a RESTful server. infraserver is vulnerable to
a ...)
+ TODO: check
+CVE-2017-16141 (lab6drewfusbyu is an http server. lab6drewfusbyu is vulnerable
to a ...)
+ TODO: check
+CVE-2017-16140 (lab6.brit95 is a file server. lab6.brit95 is vulnerable to a
directory ...)
+ TODO: check
+CVE-2017-16139 (jikes is a file server. jikes is vulnerable to a directory
traversal ...)
+ TODO: check
+CVE-2017-16138 (The mime module is vulnerable to regular expression denial of
service ...)
+ TODO: check
+CVE-2017-16137 (The debug module is vulnerable to regular expression denial of
service ...)
+ TODO: check
+CVE-2017-16136 (method-override is a module used by the Express.js framework
to let ...)
+ TODO: check
+CVE-2017-16135 (serverzyy is a static file server. serverzyy is vulnerable to
a ...)
+ TODO: check
+CVE-2017-16134 (http_static_simple is an http server. http_static_simple is
vulnerable ...)
+ TODO: check
+CVE-2017-16133 (goserv is an http server. goserv is vulnerable to a directory
...)
+ TODO: check
+CVE-2017-16132 (simple-npm-registry is a local npm package cache.
simple-npm-registry ...)
+ TODO: check
+CVE-2017-16131 (unicorn-list is a web framework. unicorn-list is vulnerable to
a ...)
+ TODO: check
+CVE-2017-16130 (exxxxxxxxxxx is an Http eX Frame Google Style JavaScript
Guide. ...)
+ TODO: check
+CVE-2017-16129 (The HTTP client module superagent is vulnerable to ZIP bomb
attacks. ...)
+ TODO: check
+CVE-2017-16128 (The module npm-script-demo opened a connection to a command
and ...)
+ TODO: check
+CVE-2017-16127 (The module pandora-doomsday infects other modules. It's since
been ...)
+ TODO: check
+CVE-2017-16126 (The module botbait is a tool to be used to track bot and
automated ...)
+ TODO: check
+CVE-2017-16125 (rtcmulticonnection-client is a signaling implementation for
...)
+ TODO: check
+CVE-2017-16124 (node-server-forfront is a simple static file server. ...)
+ TODO: check
+CVE-2017-16123 (welcomyzt is a simple file server. welcomyzt is vulnerable to
a ...)
+ TODO: check
+CVE-2017-16122 (cuciuci is a simple fileserver. cuciuci is vulnerable to a
directory ...)
+ TODO: check
+CVE-2017-16121 (datachannel-client is a signaling implementation for
DataChannel.js. ...)
+ TODO: check
+CVE-2017-16120 (liyujing is a static file server. liyujing is vulnerable to a
...)
+ TODO: check
+CVE-2017-16119 (Fresh is a module used by the Express.js framework for HTTP
response ...)
+ TODO: check
+CVE-2017-16118 (The forwarded module is used by the Express.js framework to
handle the ...)
+ TODO: check
+CVE-2017-16117 (slug is a module to slugify strings, even if they contain
unicode. ...)
+ TODO: check
+CVE-2017-16116 (The string module is a module that provides extra string
operations. ...)
+ TODO: check
+CVE-2017-16115 (The timespan module is vulnerable to regular expression denial
of ...)
+ TODO: check
+CVE-2017-16114 (The marked module is vulnerable to a regular expression denial
of ...)
+ TODO: check
+CVE-2017-16113 (The parsejson module is vulnerable to regular expression
denial of ...)
+ TODO: check
CVE-2017-16112
RESERVED
-CVE-2017-16111
- RESERVED
-CVE-2017-16110
- RESERVED
-CVE-2017-16109
- RESERVED
-CVE-2017-16108
- RESERVED
-CVE-2017-16107
- RESERVED
-CVE-2017-16106
- RESERVED
-CVE-2017-16105
- RESERVED
-CVE-2017-16104
- RESERVED
-CVE-2017-16103
- RESERVED
-CVE-2017-16102
- RESERVED
-CVE-2017-16101
- RESERVED
-CVE-2017-16100
- RESERVED
-CVE-2017-16099
- RESERVED
-CVE-2017-16098
- RESERVED
-CVE-2017-16097
- RESERVED
-CVE-2017-16096
- RESERVED
-CVE-2017-16095
- RESERVED
-CVE-2017-16094
- RESERVED
-CVE-2017-16093
- RESERVED
-CVE-2017-16092
- RESERVED
-CVE-2017-16091
- RESERVED
-CVE-2017-16090
- RESERVED
-CVE-2017-16089
- RESERVED
-CVE-2017-16088
- RESERVED
+CVE-2017-16111 (The content module is a module to parse HTTP Content-*
headers. It is ...)
+ TODO: check
+CVE-2017-16110 (weather.swlyons is a simple web server for weather updates.
...)
+ TODO: check
+CVE-2017-16109 (easyquick is a simple web server. easyquick is vulnerable to a
...)
+ TODO: check
+CVE-2017-16108 (gaoxiaotingtingting is an HTTP server. gaoxiaotingtingting is
...)
+ TODO: check
+CVE-2017-16107 (pooledwebsocket is vulnerable to a directory traversal issue,
giving ...)
+ TODO: check
+CVE-2017-16106 (tmock is a static file server. tmock is vulnerable to a
directory ...)
+ TODO: check
+CVE-2017-16105 (serverwzl is a simple http server. serverwzl is vulnerable to
a ...)
+ TODO: check
+CVE-2017-16104 (citypredict.whauwiller is vulnerable to a directory traversal
issue, ...)
+ TODO: check
+CVE-2017-16103 (serveryztyzt is a simple http server. serveryztyzt is
vulnerable to a ...)
+ TODO: check
+CVE-2017-16102 (serverhuwenhui is a simple http server. serverhuwenhui is
vulnerable ...)
+ TODO: check
+CVE-2017-16101 (serverwg is a simple http server. serverwg is vulnerable to a
...)
+ TODO: check
+CVE-2017-16100 (dns-sync is a sync/blocking dns resolver. If untrusted user
input is ...)
+ TODO: check
+CVE-2017-16099 (The no-case module is vulnerable to regular expression denial
of ...)
+ TODO: check
+CVE-2017-16098 (charset 1.0.0 and below are vulnerable to regular expression
denial of ...)
+ TODO: check
+CVE-2017-16097 (tiny-http is a simple http server. tiny-http is vulnerable to
a ...)
+ TODO: check
+CVE-2017-16096 (serveryaozeyan is a simple HTTP server. serveryaozeyan is
vulnerable ...)
+ TODO: check
+CVE-2017-16095 (serverliujiayi1 is a simple http server. serverliujiayi1 is
vulnerable ...)
+ TODO: check
+CVE-2017-16094 (iter-http is a server for static files. iter-http is
vulnerable to a ...)
+ TODO: check
+CVE-2017-16093 (cyber-js is a simple http server. A cyberjs server is
vulnerable to a ...)
+ TODO: check
+CVE-2017-16092 (Sencisho is a simple http server for local development.
Sencisho is ...)
+ TODO: check
+CVE-2017-16091 (xtalk helps your browser talk to nodex, a simple web
framework. xtalk ...)
+ TODO: check
+CVE-2017-16090 (fsk-server is a simple http server. fsk-server is vulnerable
to a ...)
+ TODO: check
+CVE-2017-16089 (serverlyr is a simple http server. serverlyr is vulnerable to
a ...)
+ TODO: check
+CVE-2017-16088 (The safe-eval module describes itself as a safer version of
eval. By ...)
+ TODO: check
CVE-2017-16087
RESERVED
-CVE-2017-16086
- RESERVED
-CVE-2017-16085
- RESERVED
-CVE-2017-16084
- RESERVED
-CVE-2017-16083
- RESERVED
-CVE-2017-16082
- RESERVED
-CVE-2017-16081
- RESERVED
-CVE-2017-16080
- RESERVED
-CVE-2017-16079
- RESERVED
-CVE-2017-16078
- RESERVED
-CVE-2017-16077
- RESERVED
-CVE-2017-16076
- RESERVED
-CVE-2017-16075
- RESERVED
-CVE-2017-16074
- RESERVED
-CVE-2017-16073
- RESERVED
-CVE-2017-16072
- RESERVED
-CVE-2017-16071
- RESERVED
-CVE-2017-16070
- RESERVED
-CVE-2017-16069
- RESERVED
-CVE-2017-16068
- RESERVED
-CVE-2017-16067
- RESERVED
-CVE-2017-16066
- RESERVED
-CVE-2017-16065
- RESERVED
-CVE-2017-16064
- RESERVED
-CVE-2017-16063
- RESERVED
+CVE-2017-16086 (ua-parser is a port of Browserscope's user agent parser.
ua-parser is ...)
+ TODO: check
+CVE-2017-16085 (tinyserver2 is a webserver for static files. tinyserver2 is
vulnerable ...)
+ TODO: check
+CVE-2017-16084 (list-n-stream is a server for static files to list and stream
local ...)
+ TODO: check
+CVE-2017-16083 (node-simple-router is a minimalistic router for Node. ...)
+ TODO: check
+CVE-2017-16082 (A remote code execution vulnerability was found within the pg
module ...)
+ TODO: check
+CVE-2017-16081 (cross-env.js was a malicious module published with the intent
to ...)
+ TODO: check
+CVE-2017-16080 (nodesass was a malicious module published with the intent to
hijack ...)
+ TODO: check
+CVE-2017-16079 (smb was a malicious module published with the intent to hijack
...)
+ TODO: check
+CVE-2017-16078 (shadowsock was a malicious module published with the intent to
hijack ...)
+ TODO: check
+CVE-2017-16077 (mongose was a malicious module published with the intent to
hijack ...)
+ TODO: check
+CVE-2017-16076 (proxy.js was a malicious module published with the intent to
hijack ...)
+ TODO: check
+CVE-2017-16075 (http-proxy.js was a malicious module published with the intent
to ...)
+ TODO: check
+CVE-2017-16074 (crossenv was a malicious module published with the intent to
hijack ...)
+ TODO: check
+CVE-2017-16073 (noderequest was a malicious module published with the intent
to hijack ...)
+ TODO: check
+CVE-2017-16072 (nodemailer.js was a malicious module published with the intent
to ...)
+ TODO: check
+CVE-2017-16071 (nodemailer-js was a malicious module published with the intent
to ...)
+ TODO: check
+CVE-2017-16070 (nodecaffe was a malicious module published with the intent to
hijack ...)
+ TODO: check
+CVE-2017-16069 (nodeffmpeg was a malicious module published with the intent to
hijack ...)
+ TODO: check
+CVE-2017-16068 (ffmepg was a malicious module published with the intent to
hijack ...)
+ TODO: check
+CVE-2017-16067 (node-opencv was a malicious module published with the intent
to hijack ...)
+ TODO: check
+CVE-2017-16066 (opencv.js was a malicious module published with the intent to
hijack ...)
+ TODO: check
+CVE-2017-16065 (openssl.js was a malicious module published with the intent to
hijack ...)
+ TODO: check
+CVE-2017-16064 (node-openssl was a malicious module published with the intent
to ...)
+ TODO: check
+CVE-2017-16063 (node-opensl was a malicious module published with the intent
to hijack ...)
+ TODO: check
CVE-2017-16062 (node-tkinter was a malicious module published with the intent
to ...)
TODO: check
CVE-2017-16061 (tkinter was a malicious module published with the intent to
hijack ...)
TODO: check
-CVE-2017-16060
- RESERVED
-CVE-2017-16059
- RESERVED
-CVE-2017-16058
- RESERVED
-CVE-2017-16057
- RESERVED
-CVE-2017-16056
- RESERVED
+CVE-2017-16060 (babelcli was a malicious module published with the intent to
hijack ...)
+ TODO: check
+CVE-2017-16059 (mssql-node was a malicious module published with the intent to
hijack ...)
+ TODO: check
+CVE-2017-16058 (gruntcli was a malicious module published with the intent to
hijack ...)
+ TODO: check
+CVE-2017-16057 (nodemssql was a malicious module published with the intent to
hijack ...)
+ TODO: check
+CVE-2017-16056 (mssql.js was a malicious module published with the intent to
hijack ...)
+ TODO: check
CVE-2017-16055 (`sqlserver` was a malicious module published with the intent
to hijack ...)
TODO: check
CVE-2017-16054 (`nodefabric` was a malicious module published with the intent
to ...)
@@ -60227,12 +60222,12 @@ CVE-2017-7935 (A Resource Exhaustion issue was
discovered in Phoenix Contact Gmb
NOT-FOR-US: Phoenix Contact
CVE-2017-7934 (An Improper Authentication issue was discovered in OSIsoft PI
Server ...)
NOT-FOR-US: OSIsoft
-CVE-2017-7933
- RESERVED
+CVE-2017-7933 (In ABB IP GATEWAY 3.39 and prior, some configuration files
contain ...)
+ TODO: check
CVE-2017-7932 (An improper certificate validation issue was discovered in NXP
i.MX 28 ...)
NOT-FOR-US: NXP i.MX devices
-CVE-2017-7931
- RESERVED
+CVE-2017-7931 (In ABB IP GATEWAY 3.39 and prior, by accessing a specific
uniform ...)
+ TODO: check
CVE-2017-7930 (An Improper Authentication issue was discovered in OSIsoft PI
Server ...)
NOT-FOR-US: OSIsoft
CVE-2017-7929 (An Absolute Path Traversal issue was discovered in Advantech
WebAccess ...)
@@ -60281,8 +60276,8 @@ CVE-2017-7908
RESERVED
CVE-2017-7907 (An Improper XML Parser Configuration issue was discovered in
Schneider ...)
NOT-FOR-US: Schneider
-CVE-2017-7906
- RESERVED
+CVE-2017-7906 (In ABB IP GATEWAY 3.39 and prior, the web server does not
sufficiently ...)
+ TODO: check
CVE-2017-7905 (A Weak Cryptography for Passwords issue was discovered in
General ...)
NOT-FOR-US: General Electric
CVE-2017-7904
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/876aa2fff9bd1d69d2c60e90a431ea09ba08d2a9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/876aa2fff9bd1d69d2c60e90a431ea09ba08d2a9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
