Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4e7e7293 by security tracker role at 2018-01-04T21:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,23 @@
+CVE-2018-5220 (In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys)
allows local ...)
+ TODO: check
+CVE-2018-5219 (In K7 Antivirus 15.1.0306, the driver file (K7FWHlpr.sys)
allows local ...)
+ TODO: check
+CVE-2018-5218 (In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys)
allows local ...)
+ TODO: check
+CVE-2018-5217 (In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys)
allows local ...)
+ TODO: check
+CVE-2018-5216 (Radiant CMS 1.1.4 has XSS via crafted Markdown input in the ...)
+ TODO: check
+CVE-2018-5215 (Fork CMS 5.0.7 has XSS in /private/en/pages/edit via the title
...)
+ TODO: check
+CVE-2018-5214 (The "Add Link to Facebook" plugin through 2.3 for
WordPress has XSS via ...)
+ TODO: check
+CVE-2018-5213 (The Simple Download Monitor plugin before 3.5.4 for WordPress
has XSS ...)
+ TODO: check
+CVE-2018-5212 (The Simple Download Monitor plugin before 3.5.4 for WordPress
has XSS ...)
+ TODO: check
+CVE-2018-5211
+ RESERVED
CVE-2018-5210 (On Samsung mobile devices with N(7.x) software and Exynos
chipsets, ...)
NOT-FOR-US: Samsung mobile devices
CVE-2018-5209
@@ -37,7 +57,7 @@ CVE-2018-5193
CVE-2018-5192
RESERVED
CVE-2018-5191
- RESERVED
+ REJECTED
CVE-2018-5190
RESERVED
CVE-2018-5189
@@ -731,13 +751,14 @@ CVE-2017-1000481 (When you visit a page where you need to
login, Plone 2.5-5.1rc
TODO: check
CVE-2017-1000480 (Smarty 3 before 3.1.32 is vulnerable to a PHP code injection
when ...)
TODO: check
-CVE-2017-1000479 (pfSense versions 2.4.1 and lower are vulnerable to a
clickjacking ...)
+CVE-2017-1000479 (pfSense versions 2.4.1 and lower are vulnerable to
clickjacking ...)
TODO: check
CVE-2017-1000478 (ELabftw version 1.7.8 is vulnerable to stored cross-site
scripting in ...)
TODO: check
CVE-2017-1000477 (XMLBundle version 0.1.7 is vulnerable to XXE attacks which
can result ...)
TODO: check
CVE-2017-1000476 (ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was
found in ...)
+ {DLA-1229-1}
- imagemagick <unfixed>
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
@@ -2930,6 +2951,7 @@ CVE-2017-1000449
CVE-2017-1000448 (Structured Data Linter versions 2.4.1 and older are
vulnerable to a ...)
TODO: check
CVE-2017-1000445 (ImageMagick 7.0.7-1 and older version are vulnerable to null
pointer ...)
+ {DLA-1229-1}
- imagemagick <unfixed> (bug #886281)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
@@ -2995,7 +3017,7 @@ CVE-2017-18012 (The Z-URL Preview plugin 1.6.1 for
WordPress has XSS via the ...
NOT-FOR-US: Z-URL Preview plugin for WordPress
CVE-2017-18011 (The MyCBGenie Affiliate Ads for Clickbank Products plugin
through 1.6 ...)
NOT-FOR-US: MyCBGenie Affiliate Ads for Clickbank Products plugin
WordPress
-CVE-2017-18010 (The E-goi Smart Marketing SMS and Newsletters Forms plugin
1.1.1 for ...)
+CVE-2017-18010 (The E-goi Smart Marketing SMS and Newsletters Forms plugin
before ...)
NOT-FOR-US: E-goi Smart Marketing SMS and Newsletters Forms plugin for
WordPress
CVE-2017-18009 (In OpenCV 3.3.1, a heap-based buffer over-read exists in the
function ...)
- opencv <unfixed>
@@ -3821,8 +3843,8 @@ CVE-2017-17869 (The mgl-instagram-gallery plugin for
WordPress has XSS via the .
NOT-FOR-US: mgl-instagram-gallery plugin for WordPress
CVE-2017-17868 (In Liferay Portal 6.1.0, the tags section has XSS via a Public
Render ...)
NOT-FOR-US: Liferay Portal
-CVE-2017-17867
- RESERVED
+CVE-2017-17867 (Inteno iopsys 2.0-3.14 and 4.0 devices allow remote
authenticated users ...)
+ TODO: check
CVE-2017-17866 (pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles
certain ...)
- mupdf <unfixed> (bug #885120)
NOTE: Fixed by:
http://git.ghostscript.com/?p=mupdf.git;h=520cc26d18c9ee245b56e9e91f9d4fcae02be5f0
@@ -3922,8 +3944,8 @@ CVE-2017-17839
RESERVED
CVE-2017-17838
RESERVED
-CVE-2017-17837
- RESERVED
+CVE-2017-17837 (The Apache DeltaSpike-JSF 1.8.0 module has a XSS injection
leak in the ...)
+ TODO: check
CVE-2017-17836
RESERVED
CVE-2017-17835
@@ -9137,15 +9159,19 @@ CVE-2017-17560 (An issue was discovered on Western
Digital MyCloud PR4100 2.30.1
CVE-2017-17559
RESERVED
CVE-2017-17565 (An issue was discovered in Xen through 4.9.x allowing PV guest
OS users ...)
+ {DLA-1230-1}
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-251.html
CVE-2017-17564 (An issue was discovered in Xen through 4.9.x allowing guest OS
users to ...)
+ {DLA-1230-1}
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-250.html
CVE-2017-17563 (An issue was discovered in Xen through 4.9.x allowing guest OS
users to ...)
+ {DLA-1230-1}
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-249.html
CVE-2017-17566 (An issue was discovered in Xen through 4.9.x allowing PV guest
OS users ...)
+ {DLA-1230-1}
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-248.html
CVE-2017-17558 (The usb_destroy_configuration function in
drivers/usb/core/config.c in ...)
@@ -11488,14 +11514,14 @@ CVE-2018-0805
RESERVED
CVE-2018-0804
RESERVED
-CVE-2018-0803
- RESERVED
+CVE-2018-0803 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703,
1709, ...)
+ TODO: check
CVE-2018-0802
RESERVED
CVE-2018-0801
RESERVED
-CVE-2018-0800
- RESERVED
+CVE-2018-0800 (Microsoft Edge in Microsoft Windows 10 1709 allows an attacker
to ...)
+ TODO: check
CVE-2018-0799
RESERVED
CVE-2018-0798
@@ -11518,8 +11544,8 @@ CVE-2018-0790
RESERVED
CVE-2018-0789
RESERVED
-CVE-2018-0788
- RESERVED
+CVE-2018-0788 (The Windows Adobe Type Manager Font Driver (Atmfd.dll) in
Windows 7 ...)
+ TODO: check
CVE-2018-0787
RESERVED
CVE-2018-0786
@@ -11532,88 +11558,88 @@ CVE-2018-0783
RESERVED
CVE-2018-0782
RESERVED
-CVE-2018-0781
- RESERVED
-CVE-2018-0780
- RESERVED
+CVE-2018-0781 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and
Windows ...)
+ TODO: check
+CVE-2018-0780 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703,
1709, ...)
+ TODO: check
CVE-2018-0779
RESERVED
-CVE-2018-0778
- RESERVED
-CVE-2018-0777
- RESERVED
-CVE-2018-0776
- RESERVED
-CVE-2018-0775
- RESERVED
-CVE-2018-0774
- RESERVED
-CVE-2018-0773
- RESERVED
-CVE-2018-0772
- RESERVED
+CVE-2018-0778 (Microsoft Edge in Windows 10 1709 allows an attacker to execute
...)
+ TODO: check
+CVE-2018-0777 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and
Windows ...)
+ TODO: check
+CVE-2018-0776 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and
Windows ...)
+ TODO: check
+CVE-2018-0775 (Microsoft Edge in Windows 10 1709 allows an attacker to execute
...)
+ TODO: check
+CVE-2018-0774 (Microsoft Edge in Windows 10 1709 allows an attacker to execute
...)
+ TODO: check
+CVE-2018-0773 (Microsoft Edge in Windows 10 1709 allows an attacker to execute
...)
+ TODO: check
+CVE-2018-0772 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server
2008 and ...)
+ TODO: check
CVE-2018-0771
RESERVED
-CVE-2018-0770
- RESERVED
-CVE-2018-0769
- RESERVED
-CVE-2018-0768
- RESERVED
-CVE-2018-0767
- RESERVED
-CVE-2018-0766
- RESERVED
+CVE-2018-0770 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and
Windows ...)
+ TODO: check
+CVE-2018-0769 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and
Windows ...)
+ TODO: check
+CVE-2018-0768 (Microsoft Edge in Windows 10 1709 allows an attacker to execute
...)
+ TODO: check
+CVE-2018-0767 (Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, 1709,
and ...)
+ TODO: check
+CVE-2018-0766 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703,
1709, ...)
+ TODO: check
CVE-2018-0765
RESERVED
CVE-2018-0764
RESERVED
CVE-2018-0763
RESERVED
-CVE-2018-0762
- RESERVED
+CVE-2018-0762 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server
2008 and ...)
+ TODO: check
CVE-2018-0761
RESERVED
CVE-2018-0760
RESERVED
CVE-2018-0759
RESERVED
-CVE-2018-0758
- RESERVED
+CVE-2018-0758 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and
Windows ...)
+ TODO: check
CVE-2018-0757
RESERVED
CVE-2018-0756
RESERVED
CVE-2018-0755
RESERVED
-CVE-2018-0754
- RESERVED
-CVE-2018-0753
- RESERVED
-CVE-2018-0752
- RESERVED
-CVE-2018-0751
- RESERVED
-CVE-2018-0750
- RESERVED
-CVE-2018-0749
- RESERVED
-CVE-2018-0748
- RESERVED
-CVE-2018-0747
- RESERVED
-CVE-2018-0746
- RESERVED
-CVE-2018-0745
- RESERVED
-CVE-2018-0744
- RESERVED
-CVE-2018-0743
- RESERVED
+CVE-2018-0754 (The Windows Adobe Type Manager Font Driver (Atmfd.dll) in
Windows 7 ...)
+ TODO: check
+CVE-2018-0753 (Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10
Gold, ...)
+ TODO: check
+CVE-2018-0752 (The Windows Kernel API in Windows 8.1 and RT 8.1, Windows
Server 2012 ...)
+ TODO: check
+CVE-2018-0751 (The Windows Kernel API in Windows 8.1 and RT 8.1, Windows
Server 2012 ...)
+ TODO: check
+CVE-2018-0750 (The Windows GDI component in Windows 7 SP1 and Windows Server
2008 SP2 ...)
+ TODO: check
+CVE-2018-0749 (The Microsoft Server Message Block (SMB) Server in Windows 7
SP1, ...)
+ TODO: check
+CVE-2018-0748 (The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1,
Windows ...)
+ TODO: check
+CVE-2018-0747 (The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1,
Windows ...)
+ TODO: check
+CVE-2018-0746 (The Windows kernel in Windows 8.1 and RT 8.1, Windows Server
2012 and ...)
+ TODO: check
+CVE-2018-0745 (The Windows kernel in Windows 10 version 1703. Windows 10
version ...)
+ TODO: check
+CVE-2018-0744 (The Windows kernel in Windows 8.1 and RT 8.1, Windows Server
2012 and ...)
+ TODO: check
+CVE-2018-0743 (Windows Subsystem for Linux in Windows 10 version 1703, Windows
10 ...)
+ TODO: check
CVE-2018-0742
RESERVED
-CVE-2018-0741
- RESERVED
+CVE-2018-0741 (The Color Management Module (Icm32.dll) in Windows 7 SP1 and
Windows ...)
+ TODO: check
CVE-2017-17089 (custom/run.cgi in Webmin before 1.870 allows remote
authenticated ...)
- webmin <removed>
CVE-2017-17091 (wp-admin/user-new.php in WordPress before 4.9.1 sets the
newbloguser ...)
@@ -11876,11 +11902,11 @@ CVE-2017-17028 (A buffer overflow vulnerability in
external device function in Q
CVE-2017-17027 (A buffer overflow vulnerability in FTP service in QNAP QTS
version ...)
NOT-FOR-US: QNAP QTS
CVE-2017-17045 (An issue was discovered in Xen through 4.9.x allowing HVM
guest OS ...)
- {DSA-4050-1}
+ {DSA-4050-1 DLA-1230-1}
- xen 4.8.2+xsa245-0+deb9u1
NOTE: https://xenbits.xen.org/xsa/advisory-247.html
CVE-2017-17044 (An issue was discovered in Xen through 4.9.x allowing HVM
guest OS ...)
- {DSA-4050-1}
+ {DSA-4050-1 DLA-1230-1}
- xen 4.8.2+xsa245-0+deb9u1
NOTE: https://xenbits.xen.org/xsa/advisory-246.html
CVE-2017-17046 (An issue was discovered in Xen through 4.9.x on the ARM
platform ...)
@@ -12362,29 +12388,29 @@ CVE-2017-17011
CVE-2017-17010 (Untrusted search path vulnerability in Content Manager
Assistant for ...)
NOT-FOR-US: Content Manager Assistant for PlayStation
CVE-2017-17009
- RESERVED
+ REJECTED
CVE-2017-17008
- RESERVED
+ REJECTED
CVE-2017-17007
- RESERVED
+ REJECTED
CVE-2017-17006
- RESERVED
+ REJECTED
CVE-2017-17005
- RESERVED
+ REJECTED
CVE-2017-17004
- RESERVED
+ REJECTED
CVE-2017-17003
- RESERVED
+ REJECTED
CVE-2017-17002
- RESERVED
+ REJECTED
CVE-2017-17001
- RESERVED
+ REJECTED
CVE-2017-17000
- RESERVED
+ REJECTED
CVE-2017-16999
- RESERVED
+ REJECTED
CVE-2017-16998
- RESERVED
+ REJECTED
CVE-2017-16997 (elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19
through ...)
- glibc 2.25-6 (bug #884615)
[stretch] - glibc <no-dsa> (Minor issue)
@@ -17292,8 +17318,8 @@ CVE-2017-15716
RESERVED
CVE-2017-15715
RESERVED
-CVE-2017-15714
- RESERVED
+CVE-2017-15714 (The BIRT plugin in Apache OFBiz 16.11.01 to 16.11.03 does not
escape ...)
+ TODO: check
CVE-2017-15713
RESERVED
CVE-2017-15712
@@ -19652,8 +19678,8 @@ CVE-2017-14962 (In IKARUS anti.virus before 2.16.18,
the ntguard.sys driver cont
NOT-FOR-US: IKARUS anti.virus
CVE-2017-14961 (In IKARUS anti.virus 2.16.7, the ntguard.sys driver contains
an ...)
NOT-FOR-US: IKARUS anti.virus
-CVE-2017-14960
- RESERVED
+CVE-2017-14960 (xDashboard in OpenText Document Sciences xPression (formerly
EMC ...)
+ TODO: check
CVE-2017-14959
RESERVED
CVE-2017-14958 (lib.php in PivotX 2.3.11 does not properly block uploads of
dangerous ...)
@@ -47606,8 +47632,8 @@ CVE-2017-5756
RESERVED
CVE-2017-5755
RESERVED
-CVE-2017-5754
- RESERVED
+CVE-2017-5754 (Systems with microprocessors utilizing speculative execution
and ...)
+ {DSA-4078-1}
- linux <unfixed>
NOTE: https://meltdownattack.com/
NOTE: https://xenbits.xen.org/xsa/advisory-254.html
@@ -47615,8 +47641,7 @@ CVE-2017-5754
NOTE: http://blog.cyberus-technology.de/posts/2018-01-03-meltdown.html
NOTE: Paper: https://meltdownattack.com/meltdown.pdf
NOTE: https://01.org/security/advisories/intel-oss-10003
-CVE-2017-5753
- RESERVED
+CVE-2017-5753 (Systems with microprocessors utilizing speculative execution
and ...)
- linux <unfixed>
NOTE: https://spectreattack.com/
NOTE: https://xenbits.xen.org/xsa/advisory-254.html
@@ -47697,8 +47722,7 @@ CVE-2017-5717 (Type Confusion in Content Protection
HECI Service in Intel Graphi
NOT-FOR-US: Intel graphics driver
CVE-2017-5716
REJECTED
-CVE-2017-5715
- RESERVED
+CVE-2017-5715 (Systems with microprocessors utilizing speculative execution
and ...)
- linux <unfixed>
NOTE: https://spectreattack.com/
NOTE: https://xenbits.xen.org/xsa/advisory-254.html
@@ -59356,8 +59380,8 @@ CVE-2017-1729
RESERVED
CVE-2017-1728
RESERVED
-CVE-2017-1727
- RESERVED
+CVE-2017-1727 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 discloses
sensitive ...)
+ TODO: check
CVE-2017-1726
RESERVED
CVE-2017-1725
@@ -59412,8 +59436,8 @@ CVE-2017-1701
RESERVED
CVE-2017-1700
RESERVED
-CVE-2017-1699
- RESERVED
+CVE-2017-1699 (IBM MQ Managed File Transfer Agent 8.0 and 9.0 sets insecure
...)
+ TODO: check
CVE-2017-1698 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could reveal
sensitive ...)
NOT-FOR-US: IBM WebSphere Portal
CVE-2017-1697
@@ -59464,26 +59488,26 @@ CVE-2017-1675
RESERVED
CVE-2017-1674
RESERVED
-CVE-2017-1673
- RESERVED
-CVE-2017-1672
- RESERVED
+CVE-2017-1673 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is
vulnerable to ...)
+ TODO: check
+CVE-2017-1672 (IBM Tivoli Key Lifecycle Manager 2.6 and 2.7 is vulnerable to
...)
+ TODO: check
CVE-2017-1671
RESERVED
CVE-2017-1670
RESERVED
-CVE-2017-1669
- RESERVED
+CVE-2017-1669 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 stores
sensitive ...)
+ TODO: check
CVE-2017-1668
RESERVED
CVE-2017-1667
RESERVED
CVE-2017-1666
RESERVED
-CVE-2017-1665
- RESERVED
-CVE-2017-1664
- RESERVED
+CVE-2017-1665 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker
than ...)
+ TODO: check
+CVE-2017-1664 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker
than ...)
+ TODO: check
CVE-2017-1663
RESERVED
CVE-2017-1662
@@ -124995,8 +125019,8 @@ CVE-2014-7864 (Multiple SQL injection vulnerabilities
in the FailOverHelperServl
NOT-FOR-US: ZOHO ManageEngine OpManager
CVE-2014-7863
RESERVED
-CVE-2014-7862
- RESERVED
+CVE-2014-7862 (The DCPluginServelet servlet in ManageEngine Desktop Central
and ...)
+ TODO: check
CVE-2014-7861 (The IOHIDSecurePromptClient function in Apple OS X does not
properly ...)
NOT-FOR-US: Apple OS X
CVE-2011-5282
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4e7e72937b4d6111d500a0bf7ebf13eadc3a809f
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4e7e72937b4d6111d500a0bf7ebf13eadc3a809f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
