Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: fdedb1b7 by security tracker role at 2018-01-10T09:10:16+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,45 @@ +CVE-2018-5331 + RESERVED +CVE-2018-5330 + RESERVED +CVE-2018-5329 + RESERVED +CVE-2018-5328 + RESERVED +CVE-2018-5327 + RESERVED +CVE-2018-5326 + RESERVED +CVE-2018-5325 + RESERVED +CVE-2018-5324 + RESERVED +CVE-2018-5323 + RESERVED +CVE-2018-5322 + RESERVED +CVE-2018-5321 + RESERVED +CVE-2018-5320 + RESERVED +CVE-2018-5319 + RESERVED +CVE-2018-5318 + RESERVED +CVE-2018-5317 + RESERVED +CVE-2018-5316 (The "SagePay Server Gateway for WooCommerce" plugin before 1.0.9 for ...) + TODO: check +CVE-2018-5315 + RESERVED +CVE-2018-5314 + RESERVED +CVE-2017-1000465 (Sulu-standard version 1.6.6 is vulnerable to stored cross-site ...) + TODO: check +CVE-2017-1000429 (rui Li finecms 5.0.10 is vulnerable to a reflected XSS in the file ...) + TODO: check +CVE-2017-1000428 (flatCore-CMS 1.4.6 is vulnerable to reflected XSS in ...) + TODO: check CVE-2017-18026 [Remote command execution through mercurial adapter] - redmine <unfixed> [wheezy] - redmine <end-of-life> (Not supported in wheezy LTS) @@ -952,14 +994,13 @@ CVE-2018-4873 RESERVED CVE-2018-4872 RESERVED -CVE-2018-4871 - RESERVED +CVE-2018-4871 (An Out-of-bounds Read issue was discovered in Adobe Flash Player before ...) NOT-FOR-US: Adobe Flash Player CVE-2018-4870 RESERVED CVE-2018-4869 RESERVED -CVE-2018-4868 (** DISPUTED ** The Exiv2::Jp2Image::readMetadata function in ...) +CVE-2018-4868 (The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 ...) - exiv2 <unfixed> [stretch] - exiv2 <no-dsa> (Minor issue) [jessie] - exiv2 <no-dsa> (Minor issue) @@ -3410,6 +3451,7 @@ CVE-2017-1000436 CVE-2017-1000435 REJECTED CVE-2017-1000501 (Awstats version 7.6 and earlier is vulnerable to a path traversal flaw ...) + {DLA-1238-1} - awstats <unfixed> (bug #885835) NOTE: https://github.com/eldy/awstats/commit/cf219843a74c951bf5986f3a7fffa3dcf99c3899 NOTE: https://github.com/eldy/awstats/commit/06c0ab29c1e5059d9e0279c6b64d573d619e1651 @@ -3822,8 +3864,8 @@ CVE-2018-3612 RESERVED CVE-2018-3611 RESERVED -CVE-2018-3610 - RESERVED +CVE-2018-3610 (SEMA driver in Intel Driver and Support Assistant before version 3.1.1 ...) + TODO: check CVE-2017-17968 (A buffer overflow vulnerability in NetTransport.exe in NetTransport ...) NOT-FOR-US: NetTransport Download Manager CVE-2017-17967 (pptreader.dll in Kingsoft WPS Office 10.1.0.6930 allows remote ...) @@ -11772,10 +11814,10 @@ CVE-2018-0821 RESERVED CVE-2018-0820 RESERVED -CVE-2018-0819 - RESERVED -CVE-2018-0818 - RESERVED +CVE-2018-0819 (Microsoft Office 2016 for Mac allows an attacker to send a specially ...) + TODO: check +CVE-2018-0818 (Microsoft ChakraCore allows an attacker to bypass Control Flow Guard ...) + TODO: check CVE-2018-0817 RESERVED CVE-2018-0816 @@ -11786,8 +11828,8 @@ CVE-2018-0814 RESERVED CVE-2018-0813 RESERVED -CVE-2018-0812 - RESERVED +CVE-2018-0812 (Equation Editor in Microsoft Office 2003, Microsoft Office 2007, ...) + TODO: check CVE-2018-0811 RESERVED CVE-2018-0810 @@ -11796,54 +11838,54 @@ CVE-2018-0809 RESERVED CVE-2018-0808 RESERVED -CVE-2018-0807 - RESERVED -CVE-2018-0806 - RESERVED -CVE-2018-0805 - RESERVED -CVE-2018-0804 - RESERVED +CVE-2018-0807 (Equation Editor in Microsoft Office 2003, Microsoft Office 2007, ...) + TODO: check +CVE-2018-0806 (Equation Editor in Microsoft Office 2003, Microsoft Office 2007, ...) + TODO: check +CVE-2018-0805 (Equation Editor in Microsoft Office 2003, Microsoft Office 2007, ...) + TODO: check +CVE-2018-0804 (Equation Editor in Microsoft Office 2003, Microsoft Office 2007, ...) + TODO: check CVE-2018-0803 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, ...) NOT-FOR-US: Microsoft -CVE-2018-0802 - RESERVED -CVE-2018-0801 - RESERVED +CVE-2018-0802 (Equation Editor in Microsoft Office 2007, Microsoft Office 2010, ...) + TODO: check +CVE-2018-0801 (Equation Editor in Microsoft Office 2007, Microsoft Office 2010, ...) + TODO: check CVE-2018-0800 (Microsoft Edge in Microsoft Windows 10 1709 allows an attacker to ...) NOT-FOR-US: Microsoft -CVE-2018-0799 - RESERVED -CVE-2018-0798 - RESERVED -CVE-2018-0797 - RESERVED -CVE-2018-0796 - RESERVED -CVE-2018-0795 - RESERVED -CVE-2018-0794 - RESERVED -CVE-2018-0793 - RESERVED -CVE-2018-0792 - RESERVED -CVE-2018-0791 - RESERVED -CVE-2018-0790 - RESERVED -CVE-2018-0789 - RESERVED +CVE-2018-0799 (Microsoft Access in Microsoft SharePoint Enterprise Server 2013 and ...) + TODO: check +CVE-2018-0798 (Equation Editor in Microsoft Office 2007, Microsoft Office 2010, ...) + TODO: check +CVE-2018-0797 (Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office ...) + TODO: check +CVE-2018-0796 (Microsoft Excel in Microsoft Office 2007, Microsoft Office 2010, ...) + TODO: check +CVE-2018-0795 (Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office ...) + TODO: check +CVE-2018-0794 (Microsoft Word in Microsoft Office 2007, Microsoft Office 2010, ...) + TODO: check +CVE-2018-0793 (Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook ...) + TODO: check +CVE-2018-0792 (Microsoft Word 2016 in Microsoft Office 2016 allows a remote code ...) + TODO: check +CVE-2018-0791 (Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook ...) + TODO: check +CVE-2018-0790 (Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 ...) + TODO: check +CVE-2018-0789 (Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 ...) + TODO: check CVE-2018-0788 (The Windows Adobe Type Manager Font Driver (Atmfd.dll) in Windows 7 ...) NOT-FOR-US: Microsoft CVE-2018-0787 RESERVED -CVE-2018-0786 - RESERVED -CVE-2018-0785 - RESERVED -CVE-2018-0784 - RESERVED +CVE-2018-0786 (Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, ...) + TODO: check +CVE-2018-0785 (ASP.NET Core 1.0. 1.1, and 2.0 allow a cross site request forgery ...) + TODO: check +CVE-2018-0784 (ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege ...) + TODO: check CVE-2018-0783 RESERVED CVE-2018-0782 @@ -11882,8 +11924,8 @@ CVE-2018-0766 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 17 NOT-FOR-US: Microsoft CVE-2018-0765 RESERVED -CVE-2018-0764 - RESERVED +CVE-2018-0764 (Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, ...) + TODO: check CVE-2018-0763 RESERVED CVE-2018-0762 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and ...) @@ -14711,8 +14753,8 @@ CVE-2017-16742 RESERVED CVE-2017-16741 RESERVED -CVE-2017-16740 - RESERVED +CVE-2017-16740 (A Buffer Overflow issue was discovered in Rockwell Automation ...) + TODO: check CVE-2017-16739 RESERVED CVE-2017-16738 @@ -19260,8 +19302,8 @@ CVE-2017-15133 RESERVED CVE-2017-15132 RESERVED -CVE-2017-15131 - RESERVED +CVE-2017-15131 (It was found that system umask policy is not being honored when ...) + TODO: check CVE-2017-15130 RESERVED CVE-2017-15129 (A use-after-free vulnerability was found in network namespaces code ...) @@ -19291,8 +19333,7 @@ CVE-2017-15126 [Use-after-free in userfaultfd_event_wait_completion function in CVE-2017-15125 RESERVED NOT-FOR-US: Red Hat CloudForms -CVE-2017-15124 [memory exhaustion through framebuffer update request message in VNC server] - RESERVED +CVE-2017-15124 (VNC server implementation in Quick Emulator (QEMU) before 2.14.3 was ...) - qemu <unfixed> (bug #884806) [stretch] - qemu <postponed> (Can be fixed along in later update) [jessie] - qemu <postponed> (Can be fixed along in later update) @@ -26768,12 +26809,12 @@ CVE-2017-12699 (An Incorrect Default Permissions issue was discovered in AzeoTec NOT-FOR-US: AzeoTech DAQFactory CVE-2017-12698 (An Improper Authentication issue was discovered in Advantech WebAccess ...) NOT-FOR-US: Advantech WebAccess -CVE-2017-12697 - RESERVED +CVE-2017-12697 (A Man-in-the-Middle issue was discovered in General Motors (GM) and ...) + TODO: check CVE-2017-12696 RESERVED -CVE-2017-12695 - RESERVED +CVE-2017-12695 (An Improper Authentication issue was discovered in General Motors (GM) ...) + TODO: check CVE-2017-12694 (A Directory Traversal issue was discovered in SpiderControl SCADA Web ...) NOT-FOR-US: SpiderControl SCADA Web Server CVE-2017-1000101 (curl supports "globbing" of URLs, in which a user can pass a numerical ...) @@ -27014,8 +27055,8 @@ CVE-2017-12624 (Apache CXF supports sending and receiving attachments via either NOT-FOR-US: Apache CXF CVE-2017-12623 (An authorized user could upload a template which contained malicious ...) NOT-FOR-US: Apache NiFi -CVE-2017-12622 - RESERVED +CVE-2017-12622 (When an Apache Geode cluster before v1.3.0 is operating in secure mode ...) + TODO: check CVE-2017-12621 (During Jelly (xml) file parsing with Apache Xerces, if a custom ...) - jenkins-commons-jelly <removed> [jessie] - jenkins-commons-jelly <ignored> (Minor issue, only used by Jenkins which got removed) @@ -33372,10 +33413,10 @@ CVE-2017-9798 (Apache httpd allows remote attackers to read secret data from pro NOTE: Patch backport for 2.2: https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch CVE-2017-9797 (When an Apache Geode cluster before v1.2.1 is operating in secure ...) NOT-FOR-US: Apache Geode -CVE-2017-9796 - RESERVED -CVE-2017-9795 - RESERVED +CVE-2017-9796 (When an Apache Geode cluster before v1.3.0 is operating in secure ...) + TODO: check +CVE-2017-9795 (When an Apache Geode cluster before v1.3.0 is operating in secure ...) + TODO: check CVE-2017-9794 (When a cluster is operating in secure mode, a user with read ...) NOT-FOR-US: Apache Geode CVE-2017-9793 (The REST Plugin in Apache Struts 2.3.7 through 2.3.33 and 2.5 through ...) @@ -35472,8 +35513,8 @@ CVE-2017-9665 RESERVED CVE-2017-9664 RESERVED -CVE-2017-9663 - RESERVED +CVE-2017-9663 (An Cleartext Storage of Sensitive Information issue was discovered in ...) + TODO: check CVE-2017-9662 (An Improper Privilege Management issue was discovered in Fuji Electric ...) NOT-FOR-US: Fuji Electric Monitouch V-SFT CVE-2017-9661 (An Uncontrolled Search Path Element issue was discovered in SIMPlight ...) @@ -43617,10 +43658,10 @@ CVE-2016-10259 (Blue Coat SSL Visibility (SSLV) 3.x before 3.11.3.1 is susceptib NOT-FOR-US: Blue Coat CVE-2016-10258 RESERVED -CVE-2016-10257 - RESERVED -CVE-2016-10256 - RESERVED +CVE-2016-10257 (The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to ...) + TODO: check +CVE-2016-10256 (The Symantec ProxySG 6.5 (prior to 6.5.10.6), 6.6, and 6.7 (prior to ...) + TODO: check CVE-2017-7235 (An issue was discovered in cloudflare-scrape 1.6.6 through 1.7.1. A ...) NOT-FOR-US: cloudflare-scrape CVE-2017-7234 (A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before ...) @@ -65187,10 +65228,10 @@ CVE-2016-9111 (Incorrect access control mechanisms in Citrix Receiver Desktop Lo NOT-FOR-US: Citrix CVE-2016-9110 RESERVED -CVE-2016-9100 - REJECTED -CVE-2016-9099 - REJECTED +CVE-2016-9100 (Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.13, ASG 6.7 ...) + TODO: check +CVE-2016-9099 (Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 prior to 6.7.2.1, ...) + TODO: check CVE-2016-9098 REJECTED CVE-2016-9097 (The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, ...) @@ -67072,8 +67113,8 @@ CVE-2016-8495 (An improper certificate validation vulnerability in Fortinet ...) NOT-FOR-US: FortiManager CVE-2016-8494 (Insufficient verification of uploaded files allows attackers with ...) NOT-FOR-US: Fortiguard -CVE-2016-8493 - REJECTED +CVE-2016-8493 (In FortiClientWindows 5.4.1 and 5.4.2, an attacker may escalate ...) + TODO: check CVE-2016-8492 (The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows ...) NOT-FOR-US: Fortinet FortiWLC CVE-2016-8491 (The presence of a hardcoded account named 'core' in Fortinet FortiWLC ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fdedb1b7ed8d6f7a82853bf1c0a5f68405315a87 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fdedb1b7ed8d6f7a82853bf1c0a5f68405315a87 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits