[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: a209a309 by Moritz Muehlenhoff at 2018-04-11T14:05:57+02:00 NFUs - - - - - bdd1de62 by Moritz Muehlenhoff at 2018-04-11T14:06:15+02:00 Merge branch master of https://salsa.debian.org/security-tracker-team/security-tracker - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -34562,7 +34562,7 @@ CVE-2017-14613 CVE-2017-14612 RESERVED CVE-2017-14611 (SSRF (Server Side Request Forgery) in Cockpit 0.13.0 allows remote ...) - TODO: check + NOT-FOR-US: Cockpit CMS (different from src:cockpit) CVE-2017-14610 (bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 ...) - bareos (bug #877334) [stretch] - bareos (Minor issue) @@ -35415,7 +35415,7 @@ CVE-2017-14324 (In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was foun NOTE: https://github.com/ImageMagick/ImageMagick/issues/739 NOTE: https://github.com/ImageMagick/ImageMagick/commit/399631650b38eaf21c2f3c306b8b74e66be6a0d2 CVE-2017-14323 (SSRF (Server Side Request Forgery) in getRemoteImage.php in Ueditor in ...) - TODO: check + NOT-FOR-US: Onethink CVE-2017-14322 (The function in charge to check whether the user is already logged in ...) NOT-FOR-US: Interspire Email Marketer CVE-2017-14321 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) @@ -76328,7 +76328,7 @@ CVE-2017-0433 (An elevation of privilege vulnerability in the Synaptics touchscr CVE-2017-0432 (An elevation of privilege vulnerability in the MediaTek driver could ...) NOT-FOR-US: Mediatek driver for Android CVE-2017-0431 (An elevation of privilege vulnerability in Qualcomm closed source ...) - TODO: check + NOT-FOR-US: Qualcomm component for Android CVE-2017-0430 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver ...) NOT-FOR-US: Broadcom driver for Android CVE-2017-0429 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...) @@ -80988,7 +80988,7 @@ CVE-2016-8484 (An elevation of privilege vulnerability in Qualcomm closed source CVE-2016-8483 (An information disclosure vulnerability in the Qualcomm power driver ...) NOT-FOR-US: Qualcomm driver for Android CVE-2016-8482 (An elevation of privilege vulnerability in the NVIDIA GPU driver. ...) - TODO: check + NOT-FOR-US: NVIDIA driver for Android CVE-2016-8481 (An elevation of privilege vulnerability in the Qualcomm sound driver ...) NOT-FOR-US: Qualcomm driver for Android CVE-2016-8480 (An elevation of privilege vulnerability in the Qualcomm Secure ...) @@ -153773,7 +153773,7 @@ CVE-2014-2075 (TIBCO Enterprise Administrator 1.0.0 and Enterprise Administrator CVE-2014-2074 RESERVED CVE-2014-2073 (Stack-based buffer overflow in Dassault Systemes CATIA V5-6R2013 ...) - TODO: check + NOT-FOR-US: Dassault Systemes Catia CVE-2014-2072 RESERVED NOT-FOR-US: Dassault Systemes Catia @@ -154041,7 +154041,7 @@ CVE-2014-1952 CVE-2014-1951 RESERVED CVE-2014-1946 (OpenDocMan 1.2.7 and earlier does not properly validate allowed ...) - TODO: check + NOT-FOR-US: OpenDocMan CVE-2014-1945 (SQL injection vulnerability in ajax_udf.php in OpenDocMan before ...) NOT-FOR-US: OpenDocMan CVE-2014-1944 (Cross-site scripting (XSS) vulnerability in Ilch CMS 2.0 and earlier ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/2c32160880a776e48f7b1051d5c59106598d85f2...bdd1de62c2618453a8f9dccf14f810930d5a8893 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/2c32160880a776e48f7b1051d5c59106598d85f2...bdd1de62c2618453a8f9dccf14f810930d5a8893 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 1d97aac7 by Moritz Muehlenhoff at 2018-04-04T21:37:22+02:00 NFUs - - - - - 45f7bec1 by Moritz Muehlenhoff at 2018-04-04T21:38:28+02:00 Merge branch master of salsa.debian.org:security-tracker-team/security-tracker - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -124,7 +124,7 @@ CVE-2018-9249 CVE-2018-9248 RESERVED CVE-2018-9247 (The upsql function in \Lib\Lib\Action\Admin\DataAction.class.php in ...) - TODO: check + NOT-FOR-US: Gxlcms QY CVE-2018-9246 RESERVED CVE-2018-9245 @@ -140,17 +140,17 @@ CVE-2018-9241 CVE-2018-9239 RESERVED CVE-2018-9238 (proberv.php in Yahei-PHP Proberv 0.4.7 has XSS via the funName ...) - TODO: check + NOT-FOR-US: Yahei-PHP Proberv CVE-2018-9237 (iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the Site ...) - TODO: check + NOT-FOR-US: iScripts EasyCreate CVE-2018-9236 (iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the Site ...) - TODO: check + NOT-FOR-US: iScripts EasyCreate CVE-2018-9235 (iScripts SonicBB 1.0 has Reflected Cross-Site Scripting via the query ...) - TODO: check + NOT-FOR-US: iScripts SonicBB CVE-2017-18256 (Brave Browser before 0.13.0 allows remote attackers to cause a denial ...) - TODO: check + NOT-FOR-US: Brave Browser CVE-2016-10718 (Brave Browser before 0.13.0 allows a tab to close itself even if the ...) - TODO: check + NOT-FOR-US: Brave Browser CVE-2018-9234 (GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key ...) TODO: check CVE-2018-9240 (ncmpc through 0.29 is prone to a NULL pointer dereference flaw. If a ...) @@ -60108,7 +60108,7 @@ CVE-2017-5705 (Multiple buffer overflows in kernel in Intel Manageability Engine CVE-2017-5704 RESERVED CVE-2017-5703 (Configuration of SPI Flash in platforms based on multiple Intel ...) - TODO: check + NOT-FOR-US: Intel CVE-2017-5702 RESERVED CVE-2017-5701 (Insecure platform configuration in system firmware for Intel ...) @@ -65265,7 +65265,7 @@ CVE-2017-4030 CVE-2017-4029 REJECTED CVE-2017-4028 (Maliciously misconfigured registry vulnerability in all Microsoft ...) - TODO: check + NOT-FOR-US: MacAfee CVE-2017-4027 REJECTED CVE-2017-4026 @@ -65377,7 +65377,7 @@ CVE-2017-3974 CVE-2017-3973 REJECTED CVE-2017-3972 (Infrastructure-based foot printing vulnerability in the web interface ...) - TODO: check + NOT-FOR-US: McAfee CVE-2017-3971 RESERVED CVE-2017-3970 @@ -70160,9 +70160,9 @@ CVE-2017-2495 (An issue was discovered in certain Apple products. iOS before 10. CVE-2017-2494 (An issue was discovered in certain Apple products. macOS before ...) NOT-FOR-US: Apple CVE-2017-2493 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) - TODO: check + NOT-FOR-US: Apple CVE-2017-2492 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) - TODO: check + NOT-FOR-US: Apple CVE-2017-2491 (Use after free vulnerability in the String.replace method ...) NOT-FOR-US: Apple Safari CVE-2017-2490 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/d0b51f99e2801e54a124c83f33f2ba58093413cb...45f7bec184eac47adad361ac9117519d5fea5331 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/d0b51f99e2801e54a124c83f33f2ba58093413cb...45f7bec184eac47adad361ac9117519d5fea5331 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c7e2519b by Moritz Muehlenhoff at 2018-04-01T22:24:57+02:00
NFUs
- - - - -
554aa805 by Moritz Muehlenhoff at 2018-04-01T22:26:37+02:00
irssi DSA
- - - - -
2 changed files:
- data/CVE/list
- data/DSA/list
Changes:
=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -20,11 +20,11 @@ CVE-2018-9160 (SickRage before v2018.03.09-1 includes
cleartext credentials in H
CVE-2018-9159 (In Spark before 2.7.2, a remote attacker can read unintended
static ...)
NOT-FOR-US: Spark Java framework (unrelated to src:spark)
CVE-2018-9158 (An issue was discovered on AXIS M1033-W (IP camera) Firmware
version ...)
- TODO: check
+ NOT-FOR-US: AXIS
CVE-2018-9157 (** DISPUTED ** An issue was discovered on AXIS M1033-W (IP
camera) ...)
- TODO: check
+ NOT-FOR-US: AXIS
CVE-2018-9156 (** DISPUTED ** An issue was discovered on AXIS P1354 (IP
camera) ...)
- TODO: check
+ NOT-FOR-US: AXIS
CVE-2018-9155
RESERVED
CVE-2018-9154
@@ -45,7 +45,7 @@ CVE-2018-9151 (A NULL pointer dereference bug in the function
...)
CVE-2018-9150
RESERVED
CVE-2018-9149 (The Zyxel Multy X (AC3000 Tri-Band WiFi System) device doesn't
use a ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2018-9148 (Western Digital WD My Cloud v04.05.00-320 devices embed the
session ...)
NOT-FOR-US: Western Digital WD My Cloud
CVE-2018-9147 (Cross-site scripting (XSS) vulnerabilities in version 7.5.7 of
Gespage ...)
@@ -6180,7 +6180,7 @@ CVE-2018-6851
CVE-2018-6850
RESERVED
CVE-2018-6849 (In the WebRTC component in DuckDuckGo 4.2.0, after visiting a
web site ...)
- TODO: check
+ NOT-FOR-US: DuckDuckGo
CVE-2018-6848
RESERVED
CVE-2018-6847
=
data/DSA/list
=
--- a/data/DSA/list
+++ b/data/DSA/list
@@ -1,3 +1,6 @@
+[01 Apr 2018] DSA-4162-1 irssi - security update
+ {CVE-2018-5205 CVE-2018-5206 CVE-2018-5207 CVE-2018-5208 CVE-2018-7050
CVE-2018-7051 CVE-2018-7052 CVE-2018-7053 CVE-2018-7054}
+ [stretch] - irssi 1.0.7-1~deb9u1
[01 Apr 2018] DSA-4161-1 python-django - security update
{CVE-2018-7536 CVE-2018-7537}
[jessie] - python-django 1.7.11-1+deb8u3
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/252a0809a6fbbe0aa5cca66cc2491c625366619c...554aa805580ef153d20be1fc83d39bdef5ddabe5
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/252a0809a6fbbe0aa5cca66cc2491c625366619c...554aa805580ef153d20be1fc83d39bdef5ddabe5
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 3cb23bb7 by Moritz Muehlenhoff at 2018-04-01T14:57:14+02:00 NFUs - - - - - 9be04ab5 by Moritz Muehlenhoff at 2018-04-01T14:57:52+02:00 historic docker notary issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -3,13 +3,13 @@ CVE-2018-9164 CVE-2018-9163 RESERVED CVE-2018-9162 (Contec Smart Home 4.15 devices do not require authentication for ...) - TODO: check + NOT-FOR-US: Contec Smart Home CVE-2018-9161 (Prisma Industriale Checkweigher PrismaWEB 1.21 allows remote attackers ...) - TODO: check + NOT-FOR-US: Prisma Industriale Checkweigher PrismaWEB CVE-2018-9160 (SickRage before v2018.03.09-1 includes cleartext credentials in HTTP ...) - TODO: check + NOT-FOR-US: SickRage CVE-2018-9159 (In Spark before 2.7.2, a remote attacker can read unintended static ...) - TODO: check + NOT-FOR-US: Spark Java framework (unrelated to src:spark) CVE-2018-9158 RESERVED CVE-2018-9157 @@ -26,9 +26,9 @@ CVE-2017-18255 (The perf_cpu_time_max_percent_handler function in kernel/events/ - linux 4.11.6-1 NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1572e45a924f254d9570093abde46430c3172e3d CVE-2015-9259 (In Docker Notary before 0.1, the checkRoot function in ...) - TODO: check + - notary 0.1~ds1-1 CVE-2015-9258 (In Docker Notary before 0.1, gotuf/signed/verify.go has a Signature ...) - TODO: check + - notary 0.1~ds1-1 CVE-2018-9152 RESERVED CVE-2018-9151 (A NULL pointer dereference bug in the function ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/102bc397f860f951d2a2163fe65095581c6e7c08...9be04ab568cbfcec122c448433bdf91215d9c088 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/102bc397f860f951d2a2163fe65095581c6e7c08...9be04ab568cbfcec122c448433bdf91215d9c088 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: b0ea37f1 by Moritz Muehlenhoff at 2018-03-26T19:26:04+02:00 NFUs - - - - - f411120e by Moritz Muehlenhoff at 2018-03-26T19:26:40+02:00 Merge branch master of https://salsa.debian.org/security-tracker-team/security-tracker - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,18 +1,18 @@ CVE-2018-9020 (The Events Manager plugin before 5.8.1.2 for WordPress allows XSS via ...) - TODO: check + NOT-FOR-US: Wordpress plugin CVE-2018-9019 RESERVED CVE-2018-9018 (In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage ...) - graphicsmagick NOTE: https://sourceforge.net/p/graphicsmagick/bugs/554/ CVE-2018-9017 (dsmall v20180320 allows XSS via the member search box at the ...) - TODO: check + NOT-FOR-US: dsmall CVE-2018-9016 (dsmall v20180320 allows XSS via the main page search box at the ...) - TODO: check + NOT-FOR-US: dsmall CVE-2018-9015 (dsmall v20180320 allows XSS via the ...) - TODO: check + NOT-FOR-US: dsmall CVE-2018-9014 (dsmall v20180320 allows physical path leakage via a ...) - TODO: check + NOT-FOR-US: dsmall CVE-2018-9013 RESERVED CVE-2018-9012 @@ -20,7 +20,7 @@ CVE-2018-9012 CVE-2018-9011 RESERVED CVE-2018-9010 (Intelbras TELEFONE IP TIP200/200 LITE 60.0.75.29 devices allow remote ...) - TODO: check + NOT-FOR-US: Intelbras CVE-2018-9009 (In libming 0.4.8, there is a use-after-free in the decompileJUMP ...) - ming NOTE: https://github.com/libming/libming/issues/131 @@ -83,9 +83,9 @@ CVE-2018-8981 CVE-2018-8980 RESERVED CVE-2018-8979 (Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifying a ...) - TODO: check + NOT-FOR-US: Open-AudIT Professional CVE-2018-8978 (Open-AudIT Professional 2.1 has XSS via a crafted src attribute of an ...) - TODO: check + NOT-FOR-US: Open-AudIT Professional CVE-2018-8977 (In Exiv2 0.26, the Exiv2::Internal::printCsLens function in ...) TODO: check CVE-2018-8976 (In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial ...) @@ -154,7 +154,7 @@ CVE-2018-8949 (An issue was discovered in app/Model/Attribute.php in MISP before CVE-2018-8948 (In MISP before 2.4.89, app/View/Events/resolved_attributes.ctp has ...) NOT-FOR-US: MISP CVE-2018-8947 (rap2hpoutre Laravel Log Viewer before v0.13.0 relies on Base64 encoding ...) - TODO: check + NOT-FOR-US: rap2hpoutre Laravel Log Viewer CVE-2018-1000141 (I, Librarian version 4.9 and earlier contains an Incorrect Access ...) - i-librarian (bug #649291) NOTE: https://github.com/mkucej/i-librarian/issues/124 @@ -489,7 +489,7 @@ CVE-2018-8819 CVE-2018-8818 RESERVED CVE-2018-8817 (Wampserver before 3.1.3 has CSRF in add_vhost.php. ...) - TODO: check + NOT-FOR-US: Wampserver CVE-2018-8816 RESERVED CVE-2018-8815 (Cross-site scripting (XSS) vulnerability in the gallery function in ...) @@ -3019,7 +3019,7 @@ CVE-2018-7721 (Cross Site Scripting (XSS) exists in MetInfo 6.0.0 via ...) CVE-2018-7720 (A cross-site request forgery (CSRF) vulnerability exists in Western ...) NOT-FOR-US: Western Bridge Cobub Razor CVE-2018-7719 (Acrolinx Server before 5.2.5 on Windows allows Directory Traversal. ...) - TODO: check + NOT-FOR-US: Acrolinx Server CVE-2018-7752 (GPAC through 0.7.1 has a Buffer Overflow in the gf_media_avc_read_sps ...) - gpac (bug #892526) [wheezy] - gpac (vulnerable code not present) @@ -20831,7 +20831,7 @@ CVE-2018-1223 CVE-2018-1222 RESERVED CVE-2018-1221 (In cf-deployment before 1.14.0 and routing-release before 0.172.0, the ...) - TODO: check + NOT-FOR-US: Cloud Foundry CVE-2018-1220 (EMC RSA Archer, versions prior to 6.2.0.8, contains a redirect ...) NOT-FOR-US: EMC RSA Archer CVE-2018-1219 (EMC RSA Archer, versions prior to 6.2.0.8, contains an improper access ...) @@ -20885,7 +20885,7 @@ CVE-2018-1197 (In Windows Stemcells versions prior to 1200.14, apps running insi CVE-2018-1196 (Spring Boot supports an embedded launch script that can be used to ...) NOT-FOR-US: Spring Boot CVE-2018-1195 (In Cloud Controller versions prior to 1.46.0, cf-deployment versions ...) - TODO: check + NOT-FOR-US: Cloud Foundry CVE-2018-1194 RESERVED CVE-2018-1193 @@ -23303,9 +23303,9 @@ CVE-2018-0544 (Untrusted search path vulnerability in WinShot 1.53a and earlier CVE-2018-0543 (Untrusted search path vulnerability in Jtrim 1.53c and earlier ...) NOT-FOR-US: Jtrim installer CVE-2018-0542 (Directory traversal vulnerability in WebProxy version 1.7.8 allows an ...) - TODO:
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 62980471 by Moritz Muehlenhoff at 2018-02-28T12:59:59+01:00 NFUs - - - - - 2faae3ca by Moritz Muehlenhoff at 2018-02-28T13:00:35+01:00 Merge branch master of https://salsa.debian.org/security-tracker-team/security-tracker - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -16491,7 +16491,7 @@ CVE-2017-17479 (In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered NOTE: https://github.com/uclouvain/openjpeg/issues/1044 NOTE: Debian packaging does not build JPWL, has BUILD_JPWL:BOOL=OFF CVE-2017-17478 (An XSS issue was discovered in Designer Studio in Pegasystems Pega ...) - TODO: check + NOT-FOR-US: Pegasystems Pega Platform CVE-2017-17477 RESERVED CVE-2017-17475 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a ...) @@ -21422,13 +21422,13 @@ CVE-2017-16772 CVE-2017-16771 RESERVED CVE-2017-16770 (File and directory information exposure vulnerability in ...) - TODO: check + NOT-FOR-US: Synology Surveillance Station CVE-2017-16769 (Exposure of private information vulnerability in Photo Viewer in ...) - TODO: check + NOT-FOR-US: Synology Photo Station CVE-2017-16768 (Cross-site scripting (XSS) vulnerability in User Policy editor in ...) NOT-FOR-US: Synology MailPlus Server CVE-2017-16767 (Cross-site scripting (XSS) vulnerability in User Profile in Synology ...) - TODO: check + NOT-FOR-US: Synology Surveillance Station CVE-2017-16766 (An improper access control vulnerability in synodsmnotify in Synology ...) NOT-FOR-US: Synology DiskStation Manager CVE-2017-16765 (XSS exists on D-Link DWR-933 1.00(WW)B17 devices via cgi-bin/gui.cgi. ...) @@ -66597,7 +66597,7 @@ CVE-2017-1776 CVE-2017-1775 RESERVED CVE-2017-1774 (IBM Security Guardium Big Data Intelligence (SonarG) 3.1 discloses ...) - TODO: check + NOT-FOR-US: IBM Security Guardium Big Data Intelligence CVE-2017-1773 (IBM DataPower Gateways 7.1, 7,2, 7.5, and 7.6 could allow an attacker ...) NOT-FOR-US: IBM DataPower Gateways CVE-2017-1772 @@ -80333,9 +80333,9 @@ CVE-2016-6601 (Directory traversal vulnerability in the file download functional CVE-2016-6600 (Directory traversal vulnerability in the file upload functionality in ...) NOT-FOR-US: ZOHO WebNMS CVE-2016-6599 (BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET ...) - TODO: check + NOT-FOR-US: BMC Track-It! CVE-2016-6598 (BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET ...) - TODO: check + NOT-FOR-US: BMC Track-It! CVE-2016-6597 (Sophos EAS Proxy before 6.2.0 for Sophos Mobile Control, when Lotus ...) NOT-FOR-US: Sophos EAS Proxy NOTE: https://www.pallas.com/advisories/sophos_eas_open_reverse_proxy_vulnerability @@ -106787,7 +106787,7 @@ CVE-2015-6929 (Multiple cross-site scripting (XSS) vulnerabilities in Nokia Netw CVE-2015-6928 (classes/admin.class.php in CubeCart 5.2.12 through 5.2.16 and 6.x ...) NOT-FOR-US: CubeCart CVE-2015-6926 (The OpenID Single Sign-On authentication functionality in OXID eShop ...) - TODO: check + NOT-FOR-US: OXID eShop CVE-2015-6925 (wolfSSL (formerly CyaSSL) before 3.6.8 allows remote attackers to ...) - wolfssl 3.9.10+dfsg-1 (bug #801120) CVE-2015-6924 @@ -107837,7 +107837,7 @@ CVE-2015-6571 CVE-2015-6570 RESERVED CVE-2015-6569 (Race condition in the LoadBalancer module in the Atlassian Floodlight ...) - TODO: check + NOT-FOR-US: Atlassian CVE-2015-6568 (Wolf CMS before 0.8.3.1 allows unrestricted file rename and PHP Code ...) NOT-FOR-US: Wolf CMS CVE-2015-6567 (Wolf CMS before 0.8.3.1 allows unrestricted file upload and PHP Code ...) @@ -113673,7 +113673,7 @@ CVE-2015-4463 (The file_manager component in eFront CMS before 3.6.15.5 allows r CVE-2015-4462 (Absolute path traversal vulnerability in the file_manager component of ...) NOT-FOR-US: eFront CMS CVE-2015-4461 (Absolute path traversal vulnerability in eFront CMS 3.6.15.4 and ...) - TODO: check + NOT-FOR-US: eFront CMS CVE-2015-4460 (Cross-site request forgery (CSRF) vulnerability in ...) NOT-FOR-US: C2Box CVE-2015-4459 @@ -113851,7 +113851,7 @@ CVE-2015-4402 CVE-2015-4401 RESERVED CVE-2015-4400 (Ring (formerly DoorBot) video doorbells allow remote attackers to ...) - TODO: check + NOT-FOR-US: Ring video doorbells CVE-2015-4399 RESERVED CVE-2015-4398 (Open redirect vulnerability in the Chaos tool suite (ctools) module ...) @@ -116024,9 +116024,9 @@ CVE-2015-3621 (Untrusted search path vulnerability in SAP Enterprise Central ... CVE-2015-3620 (Cross-site scripting (XSS)
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7c8a8757 by Moritz Muehlenhoff at 2018-02-20T13:27:05+01:00
NFUs
- - - - -
9c1b232c by Moritz Muehlenhoff at 2018-02-20T13:28:19+01:00
new android-libziparchive issue
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -30597,7 +30597,7 @@ CVE-2017-13176 (In the parseURL function of
URLStreamHandler, there is improper
CVE-2017-13175 (An information disclosure vulnerability in the NVIDIA
libwilhelm. ...)
NOT-FOR-US: NVIDIA driver for Android
CVE-2017-13174 (An elevation of privilege vulnerability in the kernel edl.
Product: ...)
- TODO: check
+ NOT-FOR-US: Android kernel components (no source release, so apparently
not present in mainline)
CVE-2017-13173 (An elevation of privilege vulnerability in the MediaTek system
server. ...)
NOT-FOR-US: MediaTek driver for Android
CVE-2017-13172 (An elevation of privilege vulnerability in the MediaTek
bluetooth ...)
@@ -30623,35 +30623,35 @@ CVE-2017-13164 (An information disclosure
vulnerability in the kernel binder dri
CVE-2017-13163 (An elevation of privilege vulnerability in the kernel mtp usb
driver. ...)
NOT-FOR-US: Android kernel components (no source release, so apparently
not present in mainline)
CVE-2017-13162 (An elevation of privilege vulnerability in the kernel binder.
Product: ...)
- TODO: check
+ NOT-FOR-US: Android kernel components (no source release, so apparently
not present in mainline)
CVE-2017-13161 (An elevation of privilege vulnerability in the Broadcom
wireless ...)
NOT-FOR-US: Broadcom components for Android
CVE-2017-13160 (A remote code execution vulnerability in the Android system
...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2017-13159 (An information disclosure vulnerability in the Android system
...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2017-13158 (An information disclosure vulnerability in the Android system
...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2017-13157 (An information disclosure vulnerability in the Android system
...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2017-13156 (An elevation of privilege vulnerability in the Android system
(art). ...)
- TODO: check
+ - android-platform-system-core
CVE-2017-13155
RESERVED
CVE-2017-13154 (An elevation of privilege vulnerability in the Android media
framework ...)
NOT-FOR-US: Android Media Framework
CVE-2017-13153 (An elevation of privilege vulnerability in the Android media
framework ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2017-13152 (An information disclosure vulnerability in the Android media
framework ...)
NOT-FOR-US: Android Media Framework
CVE-2017-13151 (A remote code execution vulnerability in the Android media
framework ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2017-13150 (An information disclosure vulnerability in the Android media
framework ...)
NOT-FOR-US: Android Media Framework
CVE-2017-13149 (An information disclosure vulnerability in the Android media
framework ...)
NOT-FOR-US: Android Media Framework
CVE-2017-13148 (A denial of service vulnerability in the Android media
framework ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2017-13147 (In GraphicsMagick 1.3.26, an allocation failure vulnerability
was found ...)
- graphicsmagick (unimportant)
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/446/
@@ -52548,7 +52548,7 @@ CVE-2017-6213
CVE-2017-6212
REJECTED
CVE-2017-6211 (In Android for MSM, Firefox OS for MSM, QRD Android, with all
Android ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2017-6214 (The tcp_splice_read function in net/ipv4/tcp.c in the Linux
kernel ...)
{DSA-3804-1 DLA-849-1}
- linux 4.9.13-1
@@ -67507,23 +67507,23 @@ CVE-2017-0880 (A denial of service vulnerability in
the Android media framework
CVE-2017-0879 (An information disclosure vulnerability in the Android media
framework ...)
NOT-FOR-US: Android Media Framework
CVE-2017-0878 (A remote code execution vulnerability in the Android media
framework ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2017-0877 (A remote code execution vulnerability in the Android media
framework ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2017-0876 (A remote code execution vulnerability in the Android media
framework ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2017-0875
RESERVED
CVE-2017-0874 (A denial of service vulnerability in the Android media
framework ...)
- TODO: check
+ NOT-FOR-US:
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 1c8c13ba by Moritz Muehlenhoff at 2018-02-20T13:07:34+01:00 NFUs - - - - - 82a31b74 by Moritz Muehlenhoff at 2018-02-20T13:09:00+01:00 Merge branch master of salsa.debian.org:security-tracker-team/security-tracker - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -33049,123 +33049,123 @@ CVE-2017-12547 (A local arbitrary command execution vulnerability in HPE System CVE-2017-12546 (A local buffer overflow vulnerability in HPE System Management ...) NOT-FOR-US: HPE System Management Homepage CVE-2017-12545 (A remote denial of service vulnerability in HPE System Management ...) - TODO: check + NOT-FOR-US: HPE System Management Homepage CVE-2017-12544 (A cross-site scripting vulnerability in HPE System Management Homepage ...) - TODO: check + NOT-FOR-US: HPE System Management Homepage CVE-2017-12543 (A remote disclosure of information vulnerability in Moonshot Remote ...) - TODO: check + NOT-FOR-US: Moonshot Remote Console Administrator Pro CVE-2017-12542 (A authentication bypass and execution of code vulnerability in HPE ...) - TODO: check + NOT-FOR-US: HPE ILO 4 CVE-2017-12541 (A Remote Code Execution vulnerability in HPE Intelligent Management ...) - TODO: check + NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12540 (A Remote Code Execution vulnerability in HPE Intelligent Management ...) - TODO: check + NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12539 (A Remote Code Execution vulnerability in HPE Intelligent Management ...) - TODO: check + NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12538 (A Remote Code Execution vulnerability in HPE Intelligent Management ...) - TODO: check + NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12537 (A Remote Code Execution vulnerability in HPE Intelligent Management ...) - TODO: check + NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12536 (A Remote Code Execution vulnerability in HPE Intelligent Management ...) - TODO: check + NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12535 (A Remote Code Execution vulnerability in HPE Intelligent Management ...) - TODO: check + NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12534 (A Remote Code Execution vulnerability in HPE Intelligent Management ...) - TODO: check + NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12533 (A Remote Code Execution vulnerability in HPE Intelligent Management ...) - TODO: check + NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12532 (A Remote Code Execution vulnerability in HPE Intelligent Management ...) - TODO: check + NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12531 (A Remote Code Execution vulnerability in HPE Intelligent Management ...) - TODO: check + NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12530 (A Remote Code Execution vulnerability in HPE Intelligent Management ...) - TODO: check + NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12529 (A Remote Code Execution vulnerability in HPE Intelligent Management ...) - TODO: check + NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12528 (A Remote Code Execution vulnerability in HPE Intelligent Management ...) - TODO: check + NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12527 (A Remote Code Execution vulnerability in HPE Intelligent Management ...) - TODO: check + NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12526 (A Remote Code Execution vulnerability in HPE Intelligent Management ...) - TODO: check + NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12525 (A Remote Code Execution vulnerability in HPE Intelligent Management ...) - TODO: check + NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12524 (A Remote Code Execution vulnerability in HPE Intelligent Management ...) - TODO: check + NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12523 (A Remote Code Execution vulnerability in HPE Intelligent Management ...) - TODO: check + NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12522 (A Remote Code Execution vulnerability in HPE Intelligent Management ...) - TODO: check + NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12521 (A Remote Code Execution vulnerability in HPE Intelligent Management ...) - TODO: check + NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12520 (A Remote Code Execution vulnerability in HPE Intelligent Management ...) - TODO: check + NOT-FOR-US: HPE
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 11407338 by Moritz Muehlenhoff at 2018-02-15T22:41:41+01:00 NFUs - - - - - 9c37f384 by Moritz Muehlenhoff at 2018-02-15T22:42:08+01:00 Merge branch master of salsa.debian.org:security-tracker-team/security-tracker - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -233,11 +233,11 @@ CVE-2018-7059 CVE-2018-7058 RESERVED CVE-2018-7057 (RoomWizard before 4.4.x allows XSS via the HelpAction.action pageName ...) - TODO: check + NOT-FOR-US: RoomWizard CVE-2018-7056 (RoomWizard before 4.4.x allows remote attackers to obtain potentially ...) - TODO: check + NOT-FOR-US: RoomWizard CVE-2018-7055 (GroupViewProxyServlet in RoomWizard before 4.4.x allows SSRF via the ...) - TODO: check + NOT-FOR-US: RoomWizard CVE-2018-7054 (An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. ...) - irssi NOTE: https://irssi.org/security/irssi_sa_2018_02.txt @@ -1877,9 +1877,9 @@ CVE-2017-18090 CVE-2017-18089 RESERVED CVE-2017-18088 (Various plugin servlet resources in Atlassian Bitbucket Server before ...) - TODO: check + NOT-FOR-US: Atlassian Bitbucket Server CVE-2017-18087 (The download commit resource in Atlassian Bitbucket Server from ...) - TODO: check + NOT-FOR-US: Atlassian Bitbucket Server CVE-2017-18086 (Various resources in Atlassian Confluence Server before version 6.4.2 ...) NOT-FOR-US: Atlassian Confluence CVE-2017-18085 (The viewdefaultdecorator resource in Atlassian Confluence Server ...) @@ -4537,7 +4537,7 @@ CVE-2018-5461 CVE-2018-5460 RESERVED CVE-2018-5459 (An Improper Authentication issue was discovered in WAGO PFC200 Series ...) - TODO: check + NOT-FOR-US: WAGO PFC200 CVE-2018-5458 RESERVED CVE-2018-5457 (A uncontrolled search path element issue was discovered in Vyaire ...) @@ -4575,7 +4575,7 @@ CVE-2018-5442 (A Stack-based Buffer Overflow issue was discovered in Fuji Electr CVE-2018-5441 (An Improper Validation of Integrity Check Value issue was discovered in ...) NOT-FOR-US: PHOENIX CONTACT mGuard firmware CVE-2018-5440 (A Stack-based Buffer Overflow issue was discovered in 3S-Smart CODESYS ...) - TODO: check + NOT-FOR-US: 3S-Smart CVE-2018-5439 RESERVED CVE-2018-5438 @@ -12448,7 +12448,7 @@ CVE-2018-2366 CVE-2018-2365 RESERVED CVE-2018-2364 (SAP CRM WebClient UI 7.01, 7.31, 7.46, 7.47, 7.48, 8.00, 8.01, S4FND ...) - TODO: check + NOT-FOR-US: SAP CVE-2018-2363 (SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, ...) NOT-FOR-US: SAP NetWeaver CVE-2018-2362 (A remote unauthenticated attacker, SAP HANA 1.00 and 2.00, could send ...) @@ -16244,45 +16244,45 @@ CVE-2017-17304 CVE-2017-17303 RESERVED CVE-2017-17302 (Huawei DP300 V500R002C00, RP200 V600R006C00, TE30 V100R001C10, ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-17301 (Huawei AR120-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-17300 (Huawei S12700 V200R008C00, V200R009C00, S5700 V200R007C00, ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-17299 (Huawei AR120-S V200R006C10, V200R007C00, AR1200 V200R006C10, ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-17298 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-17297 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-17296 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-17295 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-17294 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-17293 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-17292 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-17291 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-17290 (The Light Directory Access Protocol (LDAP) clients of Huawei TE60 with ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-17289 (Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 ...) - TODO: check + NOT-FOR-US: Huawei CVE-2017-17288 (Huawei DP300 V500R002C00, RP200
