Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: f8300fe2 by security tracker role at 2018-08-13T20:10:22Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -330,20 +330,20 @@ CVE-2018-15147 RESERVED CVE-2018-15146 RESERVED -CVE-2018-15145 - RESERVED -CVE-2018-15144 - RESERVED -CVE-2018-15143 - RESERVED -CVE-2018-15142 - RESERVED -CVE-2018-15141 - RESERVED -CVE-2018-15140 - RESERVED -CVE-2018-15139 - RESERVED +CVE-2018-15145 (Multiple SQL injection vulnerabilities in ...) + TODO: check +CVE-2018-15144 (SQL injection vulnerability in ...) + TODO: check +CVE-2018-15143 (Multiple SQL injection vulnerabilities in ...) + TODO: check +CVE-2018-15142 (Directory traversal in portal/import_template.php in versions of ...) + TODO: check +CVE-2018-15141 (Directory traversal in portal/import_template.php in versions of ...) + TODO: check +CVE-2018-15140 (Directory traversal in portal/import_template.php in versions of ...) + TODO: check +CVE-2018-15139 (Unrestricted file upload in interface/super/manage_site_files.php in ...) + TODO: check CVE-2018-15138 RESERVED CVE-2018-15137 (CeLa Link CLR-M20 devices allow unauthorized users to upload any file ...) @@ -896,8 +896,8 @@ CVE-2018-XXXX [Default KeyInfo resolver doesn't check for empty element content. [jessie] - xml-security-c 1.7.2-3+deb8u1 NOTE: https://issues.apache.org/jira/projects/SANTUARIO/issues/SANTUARIO-491 NOTE: https://shibboleth.net/community/advisories/secadv_20180803.txt -CVE-2018-14878 - RESERVED +CVE-2018-14878 (JetBrains dotPeek before 2018.2 and ReSharper Ultimate before 2018.1.4 ...) + TODO: check CVE-2018-14877 (An issue was discovered in WeaselCMS v0.3.5. XSS exists via Site ...) NOT-FOR-US: WeaselCMS CVE-2018-14876 (An issue was discovered in image_save_png in image/image-png.cpp in ...) @@ -959,12 +959,10 @@ CVE-2018-14851 (exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5 - php5 <removed> NOTE: Fixed in 5.6.37, 7.0.31, 7.1.20, 7.2.8 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=76557 -CVE-2018-14850 - RESERVED +CVE-2018-14850 (Stored XSS vulnerabilities in Tiki before 18.2, 15.7 and 12.14 allow ...) - tikiwiki <removed> NOTE: https://sourceforge.net/p/tikiwiki/code/66990 -CVE-2018-14849 - RESERVED +CVE-2018-14849 (Tiki before 18.2, 15.7 and 12.14 has XSS via link attributes, related ...) - tikiwiki <removed> NOTE: https://sourceforge.net/p/tikiwiki/code/66809 CVE-2018-14848 @@ -2106,6 +2104,7 @@ CVE-2016-10727 (camel/providers/imapx/camel-imapx-server.c in the IMAPx componen NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/commit/f26a6f67 CVE-2018-14424 [use-after-free of disposed transient displays] RESERVED + {DSA-4270-1} - gdm3 3.28.2-4 NOTE: https://gitlab.gnome.org/GNOME/gdm/issues/401 NOTE: https://gitlab.gnome.org/GNOME/gdm/commit/6060db704a19b0db68f2e9e6a2d020c0c78b6bba @@ -4480,12 +4479,12 @@ CVE-2018-13419 (An issue has been found in libsndfile 1.0.28. There is a memory NOTE: https://github.com/erikd/libsndfile/issues/398 CVE-2018-13418 RESERVED -CVE-2018-13417 - RESERVED +CVE-2018-13417 (In Vuze Bittorrent Client 5.7.6.0, the XML parsing engine for ...) + TODO: check CVE-2018-13416 (In Universal Media Server (UMS) 7.1.0, the XML parsing engine for ...) NOT-FOR-US: Universal Media Server -CVE-2018-13415 - RESERVED +CVE-2018-13415 (In Plex Media Server 1.13.2.5154, the XML parsing engine for SSDP/UPnP ...) + TODO: check CVE-2018-13414 RESERVED CVE-2018-13413 @@ -4509,7 +4508,7 @@ CVE-2018-13406 (An integer overflow in the uvesafb_setcmap function in ...) - linux 4.17.6-1 NOTE: https://git.kernel.org/linus/9f645bcc566a1e9f921bdae7528a01ced5bc3713 CVE-2018-13405 (The inode_init_owner function in fs/inode.c in the Linux kernel through ...) - {DSA-4266-1} + {DSA-4266-1 DLA-1466-1} - linux 4.17.6-1 NOTE: https://git.kernel.org/linus/0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7 NOTE: http://www.openwall.com/lists/oss-security/2018/07/13/2 @@ -4537,8 +4536,8 @@ CVE-2018-13394 RESERVED CVE-2018-13393 RESERVED -CVE-2018-13392 - RESERVED +CVE-2018-13392 (Several resources in Atlassian Fisheye and Crucible before version ...) + TODO: check CVE-2018-13391 RESERVED CVE-2018-13390 (Unauthenticated access to cloudtoken daemon on Linux via network from ...) @@ -6542,8 +6541,8 @@ CVE-2018-12589 (Polaris Office 2017 8.1 allows attackers to execute arbitrary co NOT-FOR-US: Polaris Office CVE-2018-12588 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: Public Knowledge Project (PKP) Open Monograph Press (OMP) -CVE-2018-12587 - RESERVED +CVE-2018-12587 (A cross-site scripting (XSS) vulnerability was found in valeuraddons ...) + TODO: check CVE-2018-12586 RESERVED CVE-2018-12585 @@ -8678,8 +8677,7 @@ CVE-2018-11772 RESERVED CVE-2018-11771 RESERVED -CVE-2018-11770 - RESERVED +CVE-2018-11770 (From version 1.3.0 onward, Apache Spark's standalone master exposes a ...) NOT-FOR-US: Apache Spark CVE-2018-11769 (CouchDB administrative users before 2.2.0 can configure the database ...) - couchdb <removed> @@ -11197,8 +11195,7 @@ CVE-2018-10866 CVE-2018-10865 RESERVED NOT-FOR-US: Red Hat Certification -CVE-2018-10864 - RESERVED +CVE-2018-10864 (An uncontrolled resource consumption flaw has been discovered in ...) NOT-FOR-US: Red Hat Certification CVE-2018-10863 RESERVED @@ -11274,8 +11271,7 @@ CVE-2018-10844 RESERVED CVE-2018-10843 (source-to-image component of Openshift Container Platform before ...) NOT-FOR-US: source-to-image in OpenShift -CVE-2018-10842 - RESERVED +CVE-2018-10842 (It was found that an authenticated user could manipulate user session ...) NOT-FOR-US: Keycloak CVE-2018-10841 (glusterfs is vulnerable to privilege escalation on gluster server ...) - glusterfs 4.1.2-1 (bug #901968) @@ -11953,8 +11949,8 @@ CVE-2018-10571 (Multiple reflected cross-site scripting (XSS) vulnerabilities in NOT-FOR-US: OpenEMR CVE-2018-10570 (Frog CMS 0.9.5 has XSS in /install/index.php via the ...) NOT-FOR-US: Frog CMS -CVE-2018-10569 - RESERVED +CVE-2018-10569 (An issue was discovered in Edimax EW-7438RPn Mini v2 before version ...) + TODO: check CVE-2018-10568 (XSS exists in Flexense DiskSorter Enterprise from v9.5.12 to v10.7. ...) NOT-FOR-US: Flexense DiskSorter Enterprise CVE-2018-10567 (XSS exists in Flexense VX Search Enterprise from v10.1.12 to v10.7. ...) @@ -23386,8 +23382,8 @@ CVE-2018-6416 RESERVED CVE-2018-6415 RESERVED -CVE-2018-6414 - RESERVED +CVE-2018-6414 (A buffer overflow vulnerability in the web server of some Hikvision IP ...) + TODO: check CVE-2018-6413 (There is a buffer overflow in the Hikvision Camera DS-2CD9111-S of ...) NOT-FOR-US: Hikvision Camera DS-2CD9111-S CVE-2018-6412 (In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c ...) @@ -25259,10 +25255,10 @@ CVE-2018-5927 RESERVED CVE-2018-5926 RESERVED -CVE-2018-5925 - RESERVED -CVE-2018-5924 - RESERVED +CVE-2018-5925 (A security vulnerability has been identified with certain HP Inkjet ...) + TODO: check +CVE-2018-5924 (A security vulnerability has been identified with certain HP Inkjet ...) + TODO: check CVE-2018-5923 RESERVED CVE-2018-5922 @@ -26669,7 +26665,7 @@ CVE-2018-5392 [mingw-w64 by default produces executables that opt in to ASLR, bu CVE-2018-5391 RESERVED CVE-2018-5390 (Linux kernel versions 4.9+ can be forced to make very expensive calls ...) - {DSA-4266-1} + {DSA-4266-1 DLA-1466-1} - linux 4.17.14-1 (bug #905751) [jessie] - linux <not-affected> (Vulnerable code introduced later) NOTE: https://www.kb.cert.org/vuls/id/962459 @@ -30938,11 +30934,11 @@ CVE-2018-3784 CVE-2018-3783 RESERVED CVE-2018-3782 - RESERVED -CVE-2018-3781 - RESERVED -CVE-2018-3780 - RESERVED + REJECTED +CVE-2018-3781 (A missing sanitization of search results for an autocomplete field in ...) + TODO: check +CVE-2018-3780 (A missing sanitization of search results for an autocomplete field in ...) + TODO: check CVE-2018-3779 (active-support ruby gem 5.2.0 could allow a remote attacker to execute ...) NOT-FOR-US: Trojaned gem release CVE-2018-3778 (Improper authorization in aedes version <0.35.0 will publish a LWT in ...) @@ -38193,7 +38189,7 @@ CVE-2018-1260 (Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to NOT-FOR-US: Spring Security OAuth CVE-2018-1259 (Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to ...) NOT-FOR-US: Spring Data Commons -CVE-2018-1258 (Spring Security in combination with Spring Framework versions prior to ...) +CVE-2018-1258 (Spring Framework version 5.0.5 when used in combination with any ...) - libspring-security-2.0-java <removed> NOTE: https://pivotal.io/security/cve-2018-1258 CVE-2018-1257 (Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior ...) @@ -40581,8 +40577,8 @@ CVE-2018-0716 RESERVED CVE-2018-0715 RESERVED -CVE-2018-0714 - RESERVED +CVE-2018-0714 (Command injection vulnerability in Helpdesk versions 1.1.21 and ...) + TODO: check CVE-2018-0713 RESERVED CVE-2018-0712 (Command injection vulnerability in LDAP Server in QNAP QTS 4.2.6 build ...) @@ -47950,8 +47946,7 @@ CVE-2017-15140 RESERVED CVE-2017-15139 RESERVED -CVE-2017-15138 - RESERVED +CVE-2017-15138 (The OpenShift Enterprise cluster-read can access webhook tokens which ...) NOT-FOR-US: atomic-openshift CVE-2017-15137 (The OpenShift image import whitelist failed to enforce restrictions ...) NOT-FOR-US: atomic-openshift @@ -57348,43 +57343,43 @@ CVE-2017-12107 (An memory corruption vulnerability exists in the .PCX parsing .. CVE-2017-12106 (A memory corruption vulnerability exists in the .TGA parsing ...) NOT-FOR-US: Computerinsel Photoline CVE-2017-12105 (An exploitable integer overflow exists in the way that the Blender ...) - {DSA-4248-1} + {DSA-4248-1 DLA-1465-1} - blender 2.79.a+dfsg0-1 [wheezy] - blender <ignored> (Vulnerable but not ignored) NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581 NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0457 CVE-2017-12104 (An exploitable integer overflow exists in the way that the Blender ...) - {DSA-4248-1} + {DSA-4248-1 DLA-1465-1} - blender 2.79.a+dfsg0-1 [wheezy] - blender <ignored> (Vulnerable but not ignored) NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e6df02861e17f75d4dd243776f35208681b78465 NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0456 CVE-2017-12103 (An exploitable integer overflow exists in the way that the Blender ...) - {DSA-4248-1} + {DSA-4248-1 DLA-1465-1} - blender 2.79.a+dfsg0-1 [wheezy] - blender <ignored> (Vulnerable but not ignored) NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e6df02861e17f75d4dd243776f35208681b78465 NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0455 CVE-2017-12102 (An exploitable integer overflow exists in the way that the Blender ...) - {DSA-4248-1} + {DSA-4248-1 DLA-1465-1} - blender 2.79.a+dfsg0-1 [wheezy] - blender <ignored> (Vulnerable but not ignored) NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e6df02861e17f75d4dd243776f35208681b78465 NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0454 CVE-2017-12101 (An exploitable integer overflow exists in the ...) - {DSA-4248-1} + {DSA-4248-1 DLA-1465-1} - blender 2.79.a+dfsg0-1 [wheezy] - blender <ignored> (Vulnerable but not ignored) NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581 NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0453 CVE-2017-12100 (An exploitable integer overflow exists in the 'multires_load_old_dm' ...) - {DSA-4248-1} + {DSA-4248-1 DLA-1465-1} - blender 2.79.a+dfsg0-1 [wheezy] - blender <ignored> (Vulnerable but not ignored) NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581 NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0452 CVE-2017-12099 (An exploitable integer overflow exists in the upgrade of the legacy ...) - {DSA-4248-1} + {DSA-4248-1 DLA-1465-1} - blender 2.79.a+dfsg0-1 [wheezy] - blender <ignored> (Vulnerable but not ignored) NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581 @@ -57420,7 +57415,7 @@ CVE-2017-12087 (An exploitable heap overflow vulnerability exists in the tinysvc NOTE: Debian build uses Avahi instead NOTE: https://bugs.launchpad.net/ubuntu/+source/shairport-sync/+bug/1729668 CVE-2017-12086 (An exploitable integer overflow exists in the ...) - {DSA-4248-1} + {DSA-4248-1 DLA-1465-1} - blender 2.79.a+dfsg0-1 [wheezy] - blender <ignored> (Vulnerable but not ignored) NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581 @@ -57432,13 +57427,13 @@ CVE-2017-12084 (A backdoor vulnerability exists in remote control functionality CVE-2017-12083 (An exploitable information disclosure vulnerability exists in the apid ...) NOT-FOR-US: Circle with Disney CVE-2017-12082 (An exploitable integer overflow exists in the 'CustomData' Mesh ...) - {DSA-4248-1} + {DSA-4248-1 DLA-1465-1} - blender 2.79.a+dfsg0-1 [wheezy] - blender <ignored> (Vulnerable but not ignored) NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581 NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0434 CVE-2017-12081 (An exploitable integer overflow exists in the upgrade of a legacy Mesh ...) - {DSA-4248-1} + {DSA-4248-1 DLA-1465-1} - blender 2.79.a+dfsg0-1 [wheezy] - blender <ignored> (Vulnerable but not ignored) NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581 @@ -71472,8 +71467,7 @@ CVE-2017-7501 (It was found that versions of rpm before 4.13.0.2 use temporary f - rpm <unfixed> (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1452133 NOTE: Not supported for installations in Debian (and an unprivileged attacker would not have permissions for systems directories anyway) -CVE-2017-7500 [Following symlinks to directories when installing packages allows privilege escalation] - RESERVED +CVE-2017-7500 (It was found that rpm did not properly handle RPM installations when a ...) - rpm <unfixed> (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1450369 NOTE: Not supported for installations in Debian (and an unprivileged attacker would not have permissions for systems directories anyway) @@ -85799,7 +85793,7 @@ CVE-2017-2919 (An exploitable stack based buffer overflow vulnerability exists i - r-cran-readxl 1.0.0-2 (bug #895564) NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0426 CVE-2017-2918 (An exploitable integer overflow exists in the Image loading ...) - {DSA-4248-1} + {DSA-4248-1 DLA-1465-1} - blender 2.79.a+dfsg0-1 [wheezy] - blender <ignored> (Vulnerable but not ignored) NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c @@ -85827,62 +85821,62 @@ CVE-2017-2909 (An infinite loop programming error exists in the DNS server ...) [wheezy] - smplayer <not-affected> (Vulnerable code not present) NOTE: 18.5.0~ds1-1 isn't fixed on the source level, but no longer builds the Chromecast support CVE-2017-2908 (An exploitable integer overflow exists in the thumbnail functionality ...) - {DSA-4248-1} + {DSA-4248-1 DLA-1465-1} - blender 2.79.a+dfsg0-1 [wheezy] - blender <ignored> (Vulnerable but not ignored) NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/07aed404cfb2759f97c60b9f64d8a9392dabaf1a NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0415 CVE-2017-2907 (An exploitable integer overflow exists in the animation playing ...) - {DSA-4248-1} + {DSA-4248-1 DLA-1465-1} - blender 2.79.a+dfsg0-1 [wheezy] - blender <ignored> (Vulnerable but not ignored) NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0414 CVE-2017-2906 (An exploitable integer overflow exists in the animation playing ...) - {DSA-4248-1} + {DSA-4248-1 DLA-1465-1} - blender 2.79.a+dfsg0-1 [wheezy] - blender <ignored> (Vulnerable but not ignored) NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0413 CVE-2017-2905 (An exploitable integer overflow exists in the bmp loading ...) - {DSA-4248-1} + {DSA-4248-1 DLA-1465-1} - blender 2.79.a+dfsg0-1 [wheezy] - blender <ignored> (Vulnerable but not ignored) NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0412 CVE-2017-2904 (An exploitable integer overflow exists in the RADIANCE loading ...) - {DSA-4248-1} + {DSA-4248-1 DLA-1465-1} - blender 2.79.a+dfsg0-1 [wheezy] - blender <ignored> (Vulnerable but not ignored) NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0411 CVE-2017-2903 (An exploitable integer overflow exists in the DPX loading ...) - {DSA-4248-1} + {DSA-4248-1 DLA-1465-1} - blender 2.79.a+dfsg0-1 [wheezy] - blender <ignored> (Vulnerable but not ignored) NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0410 CVE-2017-2902 (An exploitable integer overflow exists in the DPX loading ...) - {DSA-4248-1} + {DSA-4248-1 DLA-1465-1} - blender 2.79.a+dfsg0-1 [wheezy] - blender <ignored> (Vulnerable but not ignored) NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0409 CVE-2017-2901 (An exploitable integer overflow exists in the IRIS loading ...) - {DSA-4248-1} + {DSA-4248-1 DLA-1465-1} - blender 2.79.a+dfsg0-1 [wheezy] - blender <ignored> (Vulnerable but not ignored) NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/829916f4e57a2d1580ff3b625f6bb909b9144a20 NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0408 CVE-2017-2900 (An exploitable integer overflow exists in the PNG loading ...) - {DSA-4248-1} + {DSA-4248-1 DLA-1465-1} - blender 2.79.a+dfsg0-1 [wheezy] - blender <ignored> (Vulnerable but not ignored) NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0407 CVE-2017-2899 (An exploitable integer overflow exists in the TIFF loading ...) - {DSA-4248-1} + {DSA-4248-1 DLA-1465-1} - blender 2.79.a+dfsg0-1 [wheezy] - blender <ignored> (Vulnerable but not ignored) NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c @@ -88550,8 +88544,8 @@ CVE-2017-1751 (IBM Robotic Process Automation with Automation Anywhere 10.0.0 is NOT-FOR-US: IBM Robotic Process Automation with Automation Anywhere CVE-2017-1750 (IBM Jazz Reporting Service (JRS) 5.0 through 5.0.2 and 6.0 through ...) NOT-FOR-US: IBM Jazz Reporting Service -CVE-2017-1749 - RESERVED +CVE-2017-1749 (IBM UrbanCode Deploy 6.1 through 6.9.6.0 could allow a remote attacker ...) + TODO: check CVE-2017-1748 (IBM Connections 5.0, 5.5, and 6.0 could allow a remote attacker to ...) NOT-FOR-US: IBM CVE-2017-1747 (A specially crafted message could cause a denial of service in IBM ...) @@ -89476,8 +89470,8 @@ CVE-2017-1288 RESERVED CVE-2017-1287 (IBM Rhapsody DM 5.0 and 6.0 could allow a remote attacker to conduct ...) NOT-FOR-US: IBM -CVE-2017-1286 - RESERVED +CVE-2017-1286 (Sensitive information about the configuration of the IBM UrbanCode ...) + TODO: check CVE-2017-1285 (IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user ...) NOT-FOR-US: IBM CVE-2017-1284 (IBM WebSphere MQ 9.0.1 and 9.0.2 could allow a local user with ability ...) @@ -113838,8 +113832,8 @@ CVE-2016-2924 (IBM Infosphere BigInsights is vulnerable to cross-site scripting, NOT-FOR-US: IBM CVE-2016-2923 (IBM WebSphere Application Server (WAS) 8.5 through 8.5.5.9 Liberty ...) NOT-FOR-US: IBM -CVE-2016-2922 - RESERVED +CVE-2016-2922 (IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 ...) + TODO: check CVE-2016-2921 RESERVED CVE-2016-2920 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f8300fe274f20f7152ca7a1f8461b70d7872e0bc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f8300fe274f20f7152ca7a1f8461b70d7872e0bc You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits