Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 62d7505d by security tracker role at 2017-12-29T20:27:32+00:00 automatic update - - - - - 2 changed files: - + data/CVE/allitems.html - data/CVE/list Changes: ===================================== data/CVE/allitems.html ===================================== The diff for this file was not included because it is too large. ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,5 @@ +CVE-2017-17971 (The test_sql_and_script_inject function in htdocs/main.inc.php in ...) + TODO: check CVE-2018-3809 RESERVED CVE-2018-3808 @@ -402,8 +404,8 @@ CVE-2018-3611 RESERVED CVE-2018-3610 RESERVED -CVE-2017-17968 - RESERVED +CVE-2017-17968 (A buffer overflow vulnerability in NetTransport.exe in NetTransport ...) + TODO: check CVE-2017-17967 (pptreader.dll in Kingsoft WPS Office 10.1.0.6930 allows remote ...) NOT-FOR-US: Kingsoft WPS Office CVE-2017-17966 @@ -504,8 +506,8 @@ CVE-2017-17934 (ImageMagick 7.0.7-17 Q16 x86_64 has memory leaks in coders/msl.c NOTE: https://github.com/ImageMagick/ImageMagick/issues/920 NOTE: https://github.com/ImageMagick/ImageMagick/commit/3755d2289b032919c065f6ab11ef570063f7f828 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/08278c7cf1c0b4f1da4cdcfaa857ff6b2373a1b2 -CVE-2017-17933 - RESERVED +CVE-2017-17933 (cgi/surgeftpmgr.cgi (aka the Web Manager interface on TCP port 7021 or ...) + TODO: check CVE-2017-17932 (A buffer overflow vulnerability exists in MediaServer.exe in ALLPlayer ...) NOT-FOR-US: ALLPlayer CVE-2017-17931 (PHP Scripts Mall Resume Clone Script has SQL Injection via the ...) @@ -530,16 +532,16 @@ CVE-2017-17922 RESERVED CVE-2017-17921 RESERVED -CVE-2017-17920 - RESERVED -CVE-2017-17919 - RESERVED +CVE-2017-17920 (SQL injection vulnerability in the 'reorder' method in Ruby on Rails ...) + TODO: check +CVE-2017-17919 (SQL injection vulnerability in the 'order' method in Ruby on Rails ...) + TODO: check CVE-2017-17918 RESERVED -CVE-2017-17917 - RESERVED -CVE-2017-17916 - RESERVED +CVE-2017-17917 (SQL injection vulnerability in the 'where' method in Ruby on Rails ...) + TODO: check +CVE-2017-17916 (SQL injection vulnerability in the 'find_by' method in Ruby on Rails ...) + TODO: check CVE-2017-17915 (In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based ...) - graphicsmagick 1.3.27-3 NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/1721f1b7e67a @@ -562,8 +564,8 @@ CVE-2017-17912 (In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-base NOTE: https://sourceforge.net/p/graphicsmagick/bugs/533/ CVE-2017-17911 (packages/core/contact.php in Archon 3.21 rev-1 has XSS in the referer ...) NOT-FOR-US: Archon -CVE-2017-17910 - RESERVED +CVE-2017-17910 (On Hoermann BiSecur devices before 2018, a vulnerability can be ...) + TODO: check CVE-2017-17909 (PHP Scripts Mall Responsive Realestate Script has XSS via the ...) NOT-FOR-US: PHP Scripts Mall Responsive Realestate Script CVE-2017-17908 (PHP Scripts Mall Responsive Realestate Script has CSRF via ...) @@ -1159,8 +1161,8 @@ CVE-2017-17787 (In GIMP 2.8.22, there is a heap-based buffer over-read in ...) NOTE: https://git.gnome.org/browse/GIMP/commit/?id=87ba505fff85989af795f4ab6a047713f4d9381d (gimp-2-8) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=790853 NOTE: Crash in desktop tool, no/negligable security impact -CVE-2017-17760 - RESERVED +CVE-2017-17760 (OpenCV 3.3.1 has a Buffer Overflow in the cv::PxMDecoder::readData ...) + TODO: check CVE-2017-17759 (Conarc iChannel allows remote attackers to obtain sensitive ...) NOT-FOR-US: Conarc iChannel CVE-2017-17758 (TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to ...) @@ -10517,8 +10519,7 @@ CVE-2017-16878 RESERVED CVE-2017-16877 (ZEIT Next.js before 2.4.1 has directory traversal under the /_next and ...) NOT-FOR-US: ZEIT Next.js -CVE-2017-16876 - RESERVED +CVE-2017-16876 (Cross-site scripting (XSS) vulnerability in the _keyify function in ...) - mistune 0.8.1-1 [stretch] - mistune <no-dsa> (Minor issue) NOTE: https://github.com/lepture/mistune/commit/5f06d724bc05580e7f203db2d4a4905fc1127f98 @@ -79510,8 +79511,7 @@ CVE-2016-3697 (libcontainer/user/user.go in runC before 0.1.0, as used in Docker NOTE: https://github.com/docker/docker/commit/da38ac6c79fe902ed0687afc73d731c95c6d491a (docker) CVE-2016-3696 (The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users ...) NOT-FOR-US: Pulp (Red Hat) -CVE-2016-3695 - RESERVED +CVE-2016-3695 (The einj_error_inject function in drivers/acpi/apei/einj.c in the ...) - linux 4.5.1-1 [jessie] - linux <not-affected> (Vulnerable code not present) [wheezy] - linux <not-affected> (Vulnerable code not present) @@ -125599,8 +125599,7 @@ CVE-2014-6254 (Multiple cross-site scripting (XSS) vulnerabilities in Zenoss Cor - zenoss <itp> (bug #361253) CVE-2014-6253 (Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss ...) - zenoss <itp> (bug #361253) -CVE-2013-7400 - RESERVED +CVE-2013-7400 (The Direct Mail (direct_mail) extension before 3.1.2 for TYPO3 allows ...) NOT-FOR-US: TYPO3 extension direct_mail CVE-2014-6387 (gpc_api.php in MantisBT 1.2.17 and earlier allows remote attackers to ...) {DSA-3120-1} @@ -129213,8 +129212,7 @@ CVE-2014-4724 (Cross-site scripting (XSS) vulnerability in the Custom Banners pl CVE-2014-4722 (Multiple cross-site scripting (XSS) vulnerabilities in the OCS Reports ...) - ocsinventory-server <unfixed> (unimportant) NOTE: Authentication is needed, only supported in trusted environments, see debtags -CVE-2014-4914 [ZF2014-04: Potential SQL injection in the ORDER implementation of Zend_Db_Select] - RESERVED +CVE-2014-4914 (The Zend_Db_Select::order function in Zend Framework before 1.12.7 ...) {DSA-3265-1 DLA-251-1} - zendframework 1.12.7-0.1 (bug #754201) NOTE: http://framework.zend.com/security/advisory/ZF2014-04 @@ -131876,8 +131874,7 @@ CVE-2014-3653 (Cross-site scripting (XSS) vulnerability in the template preview CVE-2014-3652 RESERVED NOT-FOR-US: JBoss KeyCloak -CVE-2014-3651 - RESERVED +CVE-2014-3651 (JBoss KeyCloak before 1.0.3.Final allows remote attackers to cause a ...) NOT-FOR-US: JBoss KeyCloak CVE-2014-3650 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/62d7505d5e37107e86b8d41a7631d224d71393ea --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/62d7505d5e37107e86b8d41a7631d224d71393ea You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits