Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 4e7e7293 by security tracker role at 2018-01-04T21:10:18+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,23 @@ +CVE-2018-5220 (In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local ...) + TODO: check +CVE-2018-5219 (In K7 Antivirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local ...) + TODO: check +CVE-2018-5218 (In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local ...) + TODO: check +CVE-2018-5217 (In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local ...) + TODO: check +CVE-2018-5216 (Radiant CMS 1.1.4 has XSS via crafted Markdown input in the ...) + TODO: check +CVE-2018-5215 (Fork CMS 5.0.7 has XSS in /private/en/pages/edit via the title ...) + TODO: check +CVE-2018-5214 (The "Add Link to Facebook" plugin through 2.3 for WordPress has XSS via ...) + TODO: check +CVE-2018-5213 (The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS ...) + TODO: check +CVE-2018-5212 (The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS ...) + TODO: check +CVE-2018-5211 + RESERVED CVE-2018-5210 (On Samsung mobile devices with N(7.x) software and Exynos chipsets, ...) NOT-FOR-US: Samsung mobile devices CVE-2018-5209 @@ -37,7 +57,7 @@ CVE-2018-5193 CVE-2018-5192 RESERVED CVE-2018-5191 - RESERVED + REJECTED CVE-2018-5190 RESERVED CVE-2018-5189 @@ -731,13 +751,14 @@ CVE-2017-1000481 (When you visit a page where you need to login, Plone 2.5-5.1rc TODO: check CVE-2017-1000480 (Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when ...) TODO: check -CVE-2017-1000479 (pfSense versions 2.4.1 and lower are vulnerable to a clickjacking ...) +CVE-2017-1000479 (pfSense versions 2.4.1 and lower are vulnerable to clickjacking ...) TODO: check CVE-2017-1000478 (ELabftw version 1.7.8 is vulnerable to stored cross-site scripting in ...) TODO: check CVE-2017-1000477 (XMLBundle version 0.1.7 is vulnerable to XXE attacks which can result ...) TODO: check CVE-2017-1000476 (ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in ...) + {DLA-1229-1} - imagemagick <unfixed> [stretch] - imagemagick <ignored> (Minor issue) [jessie] - imagemagick <ignored> (Minor issue) @@ -2930,6 +2951,7 @@ CVE-2017-1000449 CVE-2017-1000448 (Structured Data Linter versions 2.4.1 and older are vulnerable to a ...) TODO: check CVE-2017-1000445 (ImageMagick 7.0.7-1 and older version are vulnerable to null pointer ...) + {DLA-1229-1} - imagemagick <unfixed> (bug #886281) [stretch] - imagemagick <ignored> (Minor issue) [jessie] - imagemagick <ignored> (Minor issue) @@ -2995,7 +3017,7 @@ CVE-2017-18012 (The Z-URL Preview plugin 1.6.1 for WordPress has XSS via the ... NOT-FOR-US: Z-URL Preview plugin for WordPress CVE-2017-18011 (The MyCBGenie Affiliate Ads for Clickbank Products plugin through 1.6 ...) NOT-FOR-US: MyCBGenie Affiliate Ads for Clickbank Products plugin WordPress -CVE-2017-18010 (The E-goi Smart Marketing SMS and Newsletters Forms plugin 1.1.1 for ...) +CVE-2017-18010 (The E-goi Smart Marketing SMS and Newsletters Forms plugin before ...) NOT-FOR-US: E-goi Smart Marketing SMS and Newsletters Forms plugin for WordPress CVE-2017-18009 (In OpenCV 3.3.1, a heap-based buffer over-read exists in the function ...) - opencv <unfixed> @@ -3821,8 +3843,8 @@ CVE-2017-17869 (The mgl-instagram-gallery plugin for WordPress has XSS via the . NOT-FOR-US: mgl-instagram-gallery plugin for WordPress CVE-2017-17868 (In Liferay Portal 6.1.0, the tags section has XSS via a Public Render ...) NOT-FOR-US: Liferay Portal -CVE-2017-17867 - RESERVED +CVE-2017-17867 (Inteno iopsys 2.0-3.14 and 4.0 devices allow remote authenticated users ...) + TODO: check CVE-2017-17866 (pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain ...) - mupdf <unfixed> (bug #885120) NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=520cc26d18c9ee245b56e9e91f9d4fcae02be5f0 @@ -3922,8 +3944,8 @@ CVE-2017-17839 RESERVED CVE-2017-17838 RESERVED -CVE-2017-17837 - RESERVED +CVE-2017-17837 (The Apache DeltaSpike-JSF 1.8.0 module has a XSS injection leak in the ...) + TODO: check CVE-2017-17836 RESERVED CVE-2017-17835 @@ -9137,15 +9159,19 @@ CVE-2017-17560 (An issue was discovered on Western Digital MyCloud PR4100 2.30.1 CVE-2017-17559 RESERVED CVE-2017-17565 (An issue was discovered in Xen through 4.9.x allowing PV guest OS users ...) + {DLA-1230-1} - xen <unfixed> NOTE: https://xenbits.xen.org/xsa/advisory-251.html CVE-2017-17564 (An issue was discovered in Xen through 4.9.x allowing guest OS users to ...) + {DLA-1230-1} - xen <unfixed> NOTE: https://xenbits.xen.org/xsa/advisory-250.html CVE-2017-17563 (An issue was discovered in Xen through 4.9.x allowing guest OS users to ...) + {DLA-1230-1} - xen <unfixed> NOTE: https://xenbits.xen.org/xsa/advisory-249.html CVE-2017-17566 (An issue was discovered in Xen through 4.9.x allowing PV guest OS users ...) + {DLA-1230-1} - xen <unfixed> NOTE: https://xenbits.xen.org/xsa/advisory-248.html CVE-2017-17558 (The usb_destroy_configuration function in drivers/usb/core/config.c in ...) @@ -11488,14 +11514,14 @@ CVE-2018-0805 RESERVED CVE-2018-0804 RESERVED -CVE-2018-0803 - RESERVED +CVE-2018-0803 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, ...) + TODO: check CVE-2018-0802 RESERVED CVE-2018-0801 RESERVED -CVE-2018-0800 - RESERVED +CVE-2018-0800 (Microsoft Edge in Microsoft Windows 10 1709 allows an attacker to ...) + TODO: check CVE-2018-0799 RESERVED CVE-2018-0798 @@ -11518,8 +11544,8 @@ CVE-2018-0790 RESERVED CVE-2018-0789 RESERVED -CVE-2018-0788 - RESERVED +CVE-2018-0788 (The Windows Adobe Type Manager Font Driver (Atmfd.dll) in Windows 7 ...) + TODO: check CVE-2018-0787 RESERVED CVE-2018-0786 @@ -11532,88 +11558,88 @@ CVE-2018-0783 RESERVED CVE-2018-0782 RESERVED -CVE-2018-0781 - RESERVED -CVE-2018-0780 - RESERVED +CVE-2018-0781 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows ...) + TODO: check +CVE-2018-0780 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, ...) + TODO: check CVE-2018-0779 RESERVED -CVE-2018-0778 - RESERVED -CVE-2018-0777 - RESERVED -CVE-2018-0776 - RESERVED -CVE-2018-0775 - RESERVED -CVE-2018-0774 - RESERVED -CVE-2018-0773 - RESERVED -CVE-2018-0772 - RESERVED +CVE-2018-0778 (Microsoft Edge in Windows 10 1709 allows an attacker to execute ...) + TODO: check +CVE-2018-0777 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows ...) + TODO: check +CVE-2018-0776 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows ...) + TODO: check +CVE-2018-0775 (Microsoft Edge in Windows 10 1709 allows an attacker to execute ...) + TODO: check +CVE-2018-0774 (Microsoft Edge in Windows 10 1709 allows an attacker to execute ...) + TODO: check +CVE-2018-0773 (Microsoft Edge in Windows 10 1709 allows an attacker to execute ...) + TODO: check +CVE-2018-0772 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and ...) + TODO: check CVE-2018-0771 RESERVED -CVE-2018-0770 - RESERVED -CVE-2018-0769 - RESERVED -CVE-2018-0768 - RESERVED -CVE-2018-0767 - RESERVED -CVE-2018-0766 - RESERVED +CVE-2018-0770 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows ...) + TODO: check +CVE-2018-0769 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows ...) + TODO: check +CVE-2018-0768 (Microsoft Edge in Windows 10 1709 allows an attacker to execute ...) + TODO: check +CVE-2018-0767 (Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, 1709, and ...) + TODO: check +CVE-2018-0766 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, ...) + TODO: check CVE-2018-0765 RESERVED CVE-2018-0764 RESERVED CVE-2018-0763 RESERVED -CVE-2018-0762 - RESERVED +CVE-2018-0762 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and ...) + TODO: check CVE-2018-0761 RESERVED CVE-2018-0760 RESERVED CVE-2018-0759 RESERVED -CVE-2018-0758 - RESERVED +CVE-2018-0758 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows ...) + TODO: check CVE-2018-0757 RESERVED CVE-2018-0756 RESERVED CVE-2018-0755 RESERVED -CVE-2018-0754 - RESERVED -CVE-2018-0753 - RESERVED -CVE-2018-0752 - RESERVED -CVE-2018-0751 - RESERVED -CVE-2018-0750 - RESERVED -CVE-2018-0749 - RESERVED -CVE-2018-0748 - RESERVED -CVE-2018-0747 - RESERVED -CVE-2018-0746 - RESERVED -CVE-2018-0745 - RESERVED -CVE-2018-0744 - RESERVED -CVE-2018-0743 - RESERVED +CVE-2018-0754 (The Windows Adobe Type Manager Font Driver (Atmfd.dll) in Windows 7 ...) + TODO: check +CVE-2018-0753 (Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, ...) + TODO: check +CVE-2018-0752 (The Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012 ...) + TODO: check +CVE-2018-0751 (The Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012 ...) + TODO: check +CVE-2018-0750 (The Windows GDI component in Windows 7 SP1 and Windows Server 2008 SP2 ...) + TODO: check +CVE-2018-0749 (The Microsoft Server Message Block (SMB) Server in Windows 7 SP1, ...) + TODO: check +CVE-2018-0748 (The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows ...) + TODO: check +CVE-2018-0747 (The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows ...) + TODO: check +CVE-2018-0746 (The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 and ...) + TODO: check +CVE-2018-0745 (The Windows kernel in Windows 10 version 1703. Windows 10 version ...) + TODO: check +CVE-2018-0744 (The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 and ...) + TODO: check +CVE-2018-0743 (Windows Subsystem for Linux in Windows 10 version 1703, Windows 10 ...) + TODO: check CVE-2018-0742 RESERVED -CVE-2018-0741 - RESERVED +CVE-2018-0741 (The Color Management Module (Icm32.dll) in Windows 7 SP1 and Windows ...) + TODO: check CVE-2017-17089 (custom/run.cgi in Webmin before 1.870 allows remote authenticated ...) - webmin <removed> CVE-2017-17091 (wp-admin/user-new.php in WordPress before 4.9.1 sets the newbloguser ...) @@ -11876,11 +11902,11 @@ CVE-2017-17028 (A buffer overflow vulnerability in external device function in Q CVE-2017-17027 (A buffer overflow vulnerability in FTP service in QNAP QTS version ...) NOT-FOR-US: QNAP QTS CVE-2017-17045 (An issue was discovered in Xen through 4.9.x allowing HVM guest OS ...) - {DSA-4050-1} + {DSA-4050-1 DLA-1230-1} - xen 4.8.2+xsa245-0+deb9u1 NOTE: https://xenbits.xen.org/xsa/advisory-247.html CVE-2017-17044 (An issue was discovered in Xen through 4.9.x allowing HVM guest OS ...) - {DSA-4050-1} + {DSA-4050-1 DLA-1230-1} - xen 4.8.2+xsa245-0+deb9u1 NOTE: https://xenbits.xen.org/xsa/advisory-246.html CVE-2017-17046 (An issue was discovered in Xen through 4.9.x on the ARM platform ...) @@ -12362,29 +12388,29 @@ CVE-2017-17011 CVE-2017-17010 (Untrusted search path vulnerability in Content Manager Assistant for ...) NOT-FOR-US: Content Manager Assistant for PlayStation CVE-2017-17009 - RESERVED + REJECTED CVE-2017-17008 - RESERVED + REJECTED CVE-2017-17007 - RESERVED + REJECTED CVE-2017-17006 - RESERVED + REJECTED CVE-2017-17005 - RESERVED + REJECTED CVE-2017-17004 - RESERVED + REJECTED CVE-2017-17003 - RESERVED + REJECTED CVE-2017-17002 - RESERVED + REJECTED CVE-2017-17001 - RESERVED + REJECTED CVE-2017-17000 - RESERVED + REJECTED CVE-2017-16999 - RESERVED + REJECTED CVE-2017-16998 - RESERVED + REJECTED CVE-2017-16997 (elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through ...) - glibc 2.25-6 (bug #884615) [stretch] - glibc <no-dsa> (Minor issue) @@ -17292,8 +17318,8 @@ CVE-2017-15716 RESERVED CVE-2017-15715 RESERVED -CVE-2017-15714 - RESERVED +CVE-2017-15714 (The BIRT plugin in Apache OFBiz 16.11.01 to 16.11.03 does not escape ...) + TODO: check CVE-2017-15713 RESERVED CVE-2017-15712 @@ -19652,8 +19678,8 @@ CVE-2017-14962 (In IKARUS anti.virus before 2.16.18, the ntguard.sys driver cont NOT-FOR-US: IKARUS anti.virus CVE-2017-14961 (In IKARUS anti.virus 2.16.7, the ntguard.sys driver contains an ...) NOT-FOR-US: IKARUS anti.virus -CVE-2017-14960 - RESERVED +CVE-2017-14960 (xDashboard in OpenText Document Sciences xPression (formerly EMC ...) + TODO: check CVE-2017-14959 RESERVED CVE-2017-14958 (lib.php in PivotX 2.3.11 does not properly block uploads of dangerous ...) @@ -47606,8 +47632,8 @@ CVE-2017-5756 RESERVED CVE-2017-5755 RESERVED -CVE-2017-5754 - RESERVED +CVE-2017-5754 (Systems with microprocessors utilizing speculative execution and ...) + {DSA-4078-1} - linux <unfixed> NOTE: https://meltdownattack.com/ NOTE: https://xenbits.xen.org/xsa/advisory-254.html @@ -47615,8 +47641,7 @@ CVE-2017-5754 NOTE: http://blog.cyberus-technology.de/posts/2018-01-03-meltdown.html NOTE: Paper: https://meltdownattack.com/meltdown.pdf NOTE: https://01.org/security/advisories/intel-oss-10003 -CVE-2017-5753 - RESERVED +CVE-2017-5753 (Systems with microprocessors utilizing speculative execution and ...) - linux <unfixed> NOTE: https://spectreattack.com/ NOTE: https://xenbits.xen.org/xsa/advisory-254.html @@ -47697,8 +47722,7 @@ CVE-2017-5717 (Type Confusion in Content Protection HECI Service in Intel Graphi NOT-FOR-US: Intel graphics driver CVE-2017-5716 REJECTED -CVE-2017-5715 - RESERVED +CVE-2017-5715 (Systems with microprocessors utilizing speculative execution and ...) - linux <unfixed> NOTE: https://spectreattack.com/ NOTE: https://xenbits.xen.org/xsa/advisory-254.html @@ -59356,8 +59380,8 @@ CVE-2017-1729 RESERVED CVE-2017-1728 RESERVED -CVE-2017-1727 - RESERVED +CVE-2017-1727 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 discloses sensitive ...) + TODO: check CVE-2017-1726 RESERVED CVE-2017-1725 @@ -59412,8 +59436,8 @@ CVE-2017-1701 RESERVED CVE-2017-1700 RESERVED -CVE-2017-1699 - RESERVED +CVE-2017-1699 (IBM MQ Managed File Transfer Agent 8.0 and 9.0 sets insecure ...) + TODO: check CVE-2017-1698 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could reveal sensitive ...) NOT-FOR-US: IBM WebSphere Portal CVE-2017-1697 @@ -59464,26 +59488,26 @@ CVE-2017-1675 RESERVED CVE-2017-1674 RESERVED -CVE-2017-1673 - RESERVED -CVE-2017-1672 - RESERVED +CVE-2017-1673 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to ...) + TODO: check +CVE-2017-1672 (IBM Tivoli Key Lifecycle Manager 2.6 and 2.7 is vulnerable to ...) + TODO: check CVE-2017-1671 RESERVED CVE-2017-1670 RESERVED -CVE-2017-1669 - RESERVED +CVE-2017-1669 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 stores sensitive ...) + TODO: check CVE-2017-1668 RESERVED CVE-2017-1667 RESERVED CVE-2017-1666 RESERVED -CVE-2017-1665 - RESERVED -CVE-2017-1664 - RESERVED +CVE-2017-1665 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than ...) + TODO: check +CVE-2017-1664 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than ...) + TODO: check CVE-2017-1663 RESERVED CVE-2017-1662 @@ -124995,8 +125019,8 @@ CVE-2014-7864 (Multiple SQL injection vulnerabilities in the FailOverHelperServl NOT-FOR-US: ZOHO ManageEngine OpManager CVE-2014-7863 RESERVED -CVE-2014-7862 - RESERVED +CVE-2014-7862 (The DCPluginServelet servlet in ManageEngine Desktop Central and ...) + TODO: check CVE-2014-7861 (The IOHIDSecurePromptClient function in Apple OS X does not properly ...) NOT-FOR-US: Apple OS X CVE-2011-5282 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4e7e72937b4d6111d500a0bf7ebf13eadc3a809f --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4e7e72937b4d6111d500a0bf7ebf13eadc3a809f You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits