[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Fri, 29 Dec 2017 13:16:06 -0800

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
62d7505d by security tracker role at 2017-12-29T20:27:32+00:00
automatic update

- - - - -


2 changed files:

- + data/CVE/allitems.html
- data/CVE/list


Changes:

=====================================
data/CVE/allitems.html
=====================================
The diff for this file was not included because it is too large.

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,5 @@
+CVE-2017-17971 (The test_sql_and_script_inject function in htdocs/main.inc.php 
in ...)
+       TODO: check
 CVE-2018-3809
        RESERVED
 CVE-2018-3808
@@ -402,8 +404,8 @@ CVE-2018-3611
        RESERVED
 CVE-2018-3610
        RESERVED
-CVE-2017-17968
-       RESERVED
+CVE-2017-17968 (A buffer overflow vulnerability in NetTransport.exe in 
NetTransport ...)
+       TODO: check
 CVE-2017-17967 (pptreader.dll in Kingsoft WPS Office 10.1.0.6930 allows remote 
...)
        NOT-FOR-US: Kingsoft WPS Office
 CVE-2017-17966
@@ -504,8 +506,8 @@ CVE-2017-17934 (ImageMagick 7.0.7-17 Q16 x86_64 has memory 
leaks in coders/msl.c
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/920
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/3755d2289b032919c065f6ab11ef570063f7f828
        NOTE: ImageMagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/08278c7cf1c0b4f1da4cdcfaa857ff6b2373a1b2
-CVE-2017-17933
-       RESERVED
+CVE-2017-17933 (cgi/surgeftpmgr.cgi (aka the Web Manager interface on TCP port 
7021 or ...)
+       TODO: check
 CVE-2017-17932 (A buffer overflow vulnerability exists in MediaServer.exe in 
ALLPlayer ...)
        NOT-FOR-US: ALLPlayer
 CVE-2017-17931 (PHP Scripts Mall Resume Clone Script has SQL Injection via the 
...)
@@ -530,16 +532,16 @@ CVE-2017-17922
        RESERVED
 CVE-2017-17921
        RESERVED
-CVE-2017-17920
-       RESERVED
-CVE-2017-17919
-       RESERVED
+CVE-2017-17920 (SQL injection vulnerability in the 'reorder' method in Ruby on 
Rails ...)
+       TODO: check
+CVE-2017-17919 (SQL injection vulnerability in the 'order' method in Ruby on 
Rails ...)
+       TODO: check
 CVE-2017-17918
        RESERVED
-CVE-2017-17917
-       RESERVED
-CVE-2017-17916
-       RESERVED
+CVE-2017-17917 (SQL injection vulnerability in the 'where' method in Ruby on 
Rails ...)
+       TODO: check
+CVE-2017-17916 (SQL injection vulnerability in the 'find_by' method in Ruby on 
Rails ...)
+       TODO: check
 CVE-2017-17915 (In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a 
heap-based ...)
        - graphicsmagick 1.3.27-3
        NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/1721f1b7e67a
@@ -562,8 +564,8 @@ CVE-2017-17912 (In GraphicsMagick 1.4 snapshot-20171217 Q8, 
there is a heap-base
        NOTE: https://sourceforge.net/p/graphicsmagick/bugs/533/
 CVE-2017-17911 (packages/core/contact.php in Archon 3.21 rev-1 has XSS in the 
referer ...)
        NOT-FOR-US: Archon
-CVE-2017-17910
-       RESERVED
+CVE-2017-17910 (On Hoermann BiSecur devices before 2018, a vulnerability can 
be ...)
+       TODO: check
 CVE-2017-17909 (PHP Scripts Mall Responsive Realestate Script has XSS via the 
...)
        NOT-FOR-US: PHP Scripts Mall Responsive Realestate Script
 CVE-2017-17908 (PHP Scripts Mall Responsive Realestate Script has CSRF via ...)
@@ -1159,8 +1161,8 @@ CVE-2017-17787 (In GIMP 2.8.22, there is a heap-based 
buffer over-read in ...)
        NOTE: 
https://git.gnome.org/browse/GIMP/commit/?id=87ba505fff85989af795f4ab6a047713f4d9381d
 (gimp-2-8)
        NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=790853
        NOTE: Crash in desktop tool, no/negligable security impact
-CVE-2017-17760
-       RESERVED
+CVE-2017-17760 (OpenCV 3.3.1 has a Buffer Overflow in the 
cv::PxMDecoder::readData ...)
+       TODO: check
 CVE-2017-17759 (Conarc iChannel allows remote attackers to obtain sensitive 
...)
        NOT-FOR-US: Conarc iChannel
 CVE-2017-17758 (TP-Link TL-WVR and TL-WAR devices allow remote authenticated 
users to ...)
@@ -10517,8 +10519,7 @@ CVE-2017-16878
        RESERVED
 CVE-2017-16877 (ZEIT Next.js before 2.4.1 has directory traversal under the 
/_next and ...)
        NOT-FOR-US: ZEIT Next.js
-CVE-2017-16876
-       RESERVED
+CVE-2017-16876 (Cross-site scripting (XSS) vulnerability in the _keyify 
function in ...)
        - mistune 0.8.1-1
        [stretch] - mistune <no-dsa> (Minor issue)
        NOTE: 
https://github.com/lepture/mistune/commit/5f06d724bc05580e7f203db2d4a4905fc1127f98
@@ -79510,8 +79511,7 @@ CVE-2016-3697 (libcontainer/user/user.go in runC before 
0.1.0, as used in Docker
        NOTE: 
https://github.com/docker/docker/commit/da38ac6c79fe902ed0687afc73d731c95c6d491a
 (docker)
 CVE-2016-3696 (The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local 
users ...)
        NOT-FOR-US: Pulp (Red Hat)
-CVE-2016-3695
-       RESERVED
+CVE-2016-3695 (The einj_error_inject function in drivers/acpi/apei/einj.c in 
the ...)
        - linux 4.5.1-1
        [jessie] - linux <not-affected> (Vulnerable code not present)
        [wheezy] - linux <not-affected> (Vulnerable code not present)
@@ -125599,8 +125599,7 @@ CVE-2014-6254 (Multiple cross-site scripting (XSS) 
vulnerabilities in Zenoss Cor
        - zenoss <itp> (bug #361253)
 CVE-2014-6253 (Multiple cross-site request forgery (CSRF) vulnerabilities in 
Zenoss ...)
        - zenoss <itp> (bug #361253)
-CVE-2013-7400
-       RESERVED
+CVE-2013-7400 (The Direct Mail (direct_mail) extension before 3.1.2 for TYPO3 
allows ...)
        NOT-FOR-US: TYPO3 extension direct_mail
 CVE-2014-6387 (gpc_api.php in MantisBT 1.2.17 and earlier allows remote 
attackers to ...)
        {DSA-3120-1}
@@ -129213,8 +129212,7 @@ CVE-2014-4724 (Cross-site scripting (XSS) 
vulnerability in the Custom Banners pl
 CVE-2014-4722 (Multiple cross-site scripting (XSS) vulnerabilities in the OCS 
Reports ...)
        - ocsinventory-server <unfixed> (unimportant)
        NOTE: Authentication is needed, only supported in trusted environments, 
see debtags
-CVE-2014-4914 [ZF2014-04: Potential SQL injection in the ORDER implementation 
of Zend_Db_Select]
-       RESERVED
+CVE-2014-4914 (The Zend_Db_Select::order function in Zend Framework before 
1.12.7 ...)
        {DSA-3265-1 DLA-251-1}
        - zendframework 1.12.7-0.1 (bug #754201)
        NOTE: http://framework.zend.com/security/advisory/ZF2014-04
@@ -131876,8 +131874,7 @@ CVE-2014-3653 (Cross-site scripting (XSS) 
vulnerability in the template preview 
 CVE-2014-3652
        RESERVED
        NOT-FOR-US: JBoss KeyCloak
-CVE-2014-3651
-       RESERVED
+CVE-2014-3651 (JBoss KeyCloak before 1.0.3.Final allows remote attackers to 
cause a ...)
        NOT-FOR-US: JBoss KeyCloak
 CVE-2014-3650
        RESERVED



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/62d7505d5e37107e86b8d41a7631d224d71393ea

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/62d7505d5e37107e86b8d41a7631d224d71393ea
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to