Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fdedb1b7 by security tracker role at 2018-01-10T09:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,45 @@
+CVE-2018-5331
+ RESERVED
+CVE-2018-5330
+ RESERVED
+CVE-2018-5329
+ RESERVED
+CVE-2018-5328
+ RESERVED
+CVE-2018-5327
+ RESERVED
+CVE-2018-5326
+ RESERVED
+CVE-2018-5325
+ RESERVED
+CVE-2018-5324
+ RESERVED
+CVE-2018-5323
+ RESERVED
+CVE-2018-5322
+ RESERVED
+CVE-2018-5321
+ RESERVED
+CVE-2018-5320
+ RESERVED
+CVE-2018-5319
+ RESERVED
+CVE-2018-5318
+ RESERVED
+CVE-2018-5317
+ RESERVED
+CVE-2018-5316 (The "SagePay Server Gateway for WooCommerce" plugin
before 1.0.9 for ...)
+ TODO: check
+CVE-2018-5315
+ RESERVED
+CVE-2018-5314
+ RESERVED
+CVE-2017-1000465 (Sulu-standard version 1.6.6 is vulnerable to stored
cross-site ...)
+ TODO: check
+CVE-2017-1000429 (rui Li finecms 5.0.10 is vulnerable to a reflected XSS in
the file ...)
+ TODO: check
+CVE-2017-1000428 (flatCore-CMS 1.4.6 is vulnerable to reflected XSS in ...)
+ TODO: check
CVE-2017-18026 [Remote command execution through mercurial adapter]
- redmine <unfixed>
[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
@@ -952,14 +994,13 @@ CVE-2018-4873
RESERVED
CVE-2018-4872
RESERVED
-CVE-2018-4871
- RESERVED
+CVE-2018-4871 (An Out-of-bounds Read issue was discovered in Adobe Flash
Player before ...)
NOT-FOR-US: Adobe Flash Player
CVE-2018-4870
RESERVED
CVE-2018-4869
RESERVED
-CVE-2018-4868 (** DISPUTED ** The Exiv2::Jp2Image::readMetadata function in
...)
+CVE-2018-4868 (The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in
Exiv2 ...)
- exiv2 <unfixed>
[stretch] - exiv2 <no-dsa> (Minor issue)
[jessie] - exiv2 <no-dsa> (Minor issue)
@@ -3410,6 +3451,7 @@ CVE-2017-1000436
CVE-2017-1000435
REJECTED
CVE-2017-1000501 (Awstats version 7.6 and earlier is vulnerable to a path
traversal flaw ...)
+ {DLA-1238-1}
- awstats <unfixed> (bug #885835)
NOTE:
https://github.com/eldy/awstats/commit/cf219843a74c951bf5986f3a7fffa3dcf99c3899
NOTE:
https://github.com/eldy/awstats/commit/06c0ab29c1e5059d9e0279c6b64d573d619e1651
@@ -3822,8 +3864,8 @@ CVE-2018-3612
RESERVED
CVE-2018-3611
RESERVED
-CVE-2018-3610
- RESERVED
+CVE-2018-3610 (SEMA driver in Intel Driver and Support Assistant before
version 3.1.1 ...)
+ TODO: check
CVE-2017-17968 (A buffer overflow vulnerability in NetTransport.exe in
NetTransport ...)
NOT-FOR-US: NetTransport Download Manager
CVE-2017-17967 (pptreader.dll in Kingsoft WPS Office 10.1.0.6930 allows remote
...)
@@ -11772,10 +11814,10 @@ CVE-2018-0821
RESERVED
CVE-2018-0820
RESERVED
-CVE-2018-0819
- RESERVED
-CVE-2018-0818
- RESERVED
+CVE-2018-0819 (Microsoft Office 2016 for Mac allows an attacker to send a
specially ...)
+ TODO: check
+CVE-2018-0818 (Microsoft ChakraCore allows an attacker to bypass Control Flow
Guard ...)
+ TODO: check
CVE-2018-0817
RESERVED
CVE-2018-0816
@@ -11786,8 +11828,8 @@ CVE-2018-0814
RESERVED
CVE-2018-0813
RESERVED
-CVE-2018-0812
- RESERVED
+CVE-2018-0812 (Equation Editor in Microsoft Office 2003, Microsoft Office
2007, ...)
+ TODO: check
CVE-2018-0811
RESERVED
CVE-2018-0810
@@ -11796,54 +11838,54 @@ CVE-2018-0809
RESERVED
CVE-2018-0808
RESERVED
-CVE-2018-0807
- RESERVED
-CVE-2018-0806
- RESERVED
-CVE-2018-0805
- RESERVED
-CVE-2018-0804
- RESERVED
+CVE-2018-0807 (Equation Editor in Microsoft Office 2003, Microsoft Office
2007, ...)
+ TODO: check
+CVE-2018-0806 (Equation Editor in Microsoft Office 2003, Microsoft Office
2007, ...)
+ TODO: check
+CVE-2018-0805 (Equation Editor in Microsoft Office 2003, Microsoft Office
2007, ...)
+ TODO: check
+CVE-2018-0804 (Equation Editor in Microsoft Office 2003, Microsoft Office
2007, ...)
+ TODO: check
CVE-2018-0803 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703,
1709, ...)
NOT-FOR-US: Microsoft
-CVE-2018-0802
- RESERVED
-CVE-2018-0801
- RESERVED
+CVE-2018-0802 (Equation Editor in Microsoft Office 2007, Microsoft Office
2010, ...)
+ TODO: check
+CVE-2018-0801 (Equation Editor in Microsoft Office 2007, Microsoft Office
2010, ...)
+ TODO: check
CVE-2018-0800 (Microsoft Edge in Microsoft Windows 10 1709 allows an attacker
to ...)
NOT-FOR-US: Microsoft
-CVE-2018-0799
- RESERVED
-CVE-2018-0798
- RESERVED
-CVE-2018-0797
- RESERVED
-CVE-2018-0796
- RESERVED
-CVE-2018-0795
- RESERVED
-CVE-2018-0794
- RESERVED
-CVE-2018-0793
- RESERVED
-CVE-2018-0792
- RESERVED
-CVE-2018-0791
- RESERVED
-CVE-2018-0790
- RESERVED
-CVE-2018-0789
- RESERVED
+CVE-2018-0799 (Microsoft Access in Microsoft SharePoint Enterprise Server 2013
and ...)
+ TODO: check
+CVE-2018-0798 (Equation Editor in Microsoft Office 2007, Microsoft Office
2010, ...)
+ TODO: check
+CVE-2018-0797 (Microsoft Office 2010, Microsoft Office 2013, and Microsoft
Office ...)
+ TODO: check
+CVE-2018-0796 (Microsoft Excel in Microsoft Office 2007, Microsoft Office
2010, ...)
+ TODO: check
+CVE-2018-0795 (Microsoft Office 2010, Microsoft Office 2013, and Microsoft
Office ...)
+ TODO: check
+CVE-2018-0794 (Microsoft Word in Microsoft Office 2007, Microsoft Office 2010,
...)
+ TODO: check
+CVE-2018-0793 (Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft
Outlook ...)
+ TODO: check
+CVE-2018-0792 (Microsoft Word 2016 in Microsoft Office 2016 allows a remote
code ...)
+ TODO: check
+CVE-2018-0791 (Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft
Outlook ...)
+ TODO: check
+CVE-2018-0790 (Microsoft SharePoint Foundation 2010, Microsoft SharePoint
Server 2013 ...)
+ TODO: check
+CVE-2018-0789 (Microsoft SharePoint Foundation 2010, Microsoft SharePoint
Server 2013 ...)
+ TODO: check
CVE-2018-0788 (The Windows Adobe Type Manager Font Driver (Atmfd.dll) in
Windows 7 ...)
NOT-FOR-US: Microsoft
CVE-2018-0787
RESERVED
-CVE-2018-0786
- RESERVED
-CVE-2018-0785
- RESERVED
-CVE-2018-0784
- RESERVED
+CVE-2018-0786 (Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5,
4.5.1, ...)
+ TODO: check
+CVE-2018-0785 (ASP.NET Core 1.0. 1.1, and 2.0 allow a cross site request
forgery ...)
+ TODO: check
+CVE-2018-0784 (ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege
...)
+ TODO: check
CVE-2018-0783
RESERVED
CVE-2018-0782
@@ -11882,8 +11924,8 @@ CVE-2018-0766 (Microsoft Edge in Microsoft Windows 10
Gold, 1511, 1607, 1703, 17
NOT-FOR-US: Microsoft
CVE-2018-0765
RESERVED
-CVE-2018-0764
- RESERVED
+CVE-2018-0764 (Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5,
4.5.1, ...)
+ TODO: check
CVE-2018-0763
RESERVED
CVE-2018-0762 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server
2008 and ...)
@@ -14711,8 +14753,8 @@ CVE-2017-16742
RESERVED
CVE-2017-16741
RESERVED
-CVE-2017-16740
- RESERVED
+CVE-2017-16740 (A Buffer Overflow issue was discovered in Rockwell Automation
...)
+ TODO: check
CVE-2017-16739
RESERVED
CVE-2017-16738
@@ -19260,8 +19302,8 @@ CVE-2017-15133
RESERVED
CVE-2017-15132
RESERVED
-CVE-2017-15131
- RESERVED
+CVE-2017-15131 (It was found that system umask policy is not being honored
when ...)
+ TODO: check
CVE-2017-15130
RESERVED
CVE-2017-15129 (A use-after-free vulnerability was found in network namespaces
code ...)
@@ -19291,8 +19333,7 @@ CVE-2017-15126 [Use-after-free in
userfaultfd_event_wait_completion function in
CVE-2017-15125
RESERVED
NOT-FOR-US: Red Hat CloudForms
-CVE-2017-15124 [memory exhaustion through framebuffer update request message
in VNC server]
- RESERVED
+CVE-2017-15124 (VNC server implementation in Quick Emulator (QEMU) before
2.14.3 was ...)
- qemu <unfixed> (bug #884806)
[stretch] - qemu <postponed> (Can be fixed along in later update)
[jessie] - qemu <postponed> (Can be fixed along in later update)
@@ -26768,12 +26809,12 @@ CVE-2017-12699 (An Incorrect Default Permissions
issue was discovered in AzeoTec
NOT-FOR-US: AzeoTech DAQFactory
CVE-2017-12698 (An Improper Authentication issue was discovered in Advantech
WebAccess ...)
NOT-FOR-US: Advantech WebAccess
-CVE-2017-12697
- RESERVED
+CVE-2017-12697 (A Man-in-the-Middle issue was discovered in General Motors
(GM) and ...)
+ TODO: check
CVE-2017-12696
RESERVED
-CVE-2017-12695
- RESERVED
+CVE-2017-12695 (An Improper Authentication issue was discovered in General
Motors (GM) ...)
+ TODO: check
CVE-2017-12694 (A Directory Traversal issue was discovered in SpiderControl
SCADA Web ...)
NOT-FOR-US: SpiderControl SCADA Web Server
CVE-2017-1000101 (curl supports "globbing" of URLs, in which a user
can pass a numerical ...)
@@ -27014,8 +27055,8 @@ CVE-2017-12624 (Apache CXF supports sending and
receiving attachments via either
NOT-FOR-US: Apache CXF
CVE-2017-12623 (An authorized user could upload a template which contained
malicious ...)
NOT-FOR-US: Apache NiFi
-CVE-2017-12622
- RESERVED
+CVE-2017-12622 (When an Apache Geode cluster before v1.3.0 is operating in
secure mode ...)
+ TODO: check
CVE-2017-12621 (During Jelly (xml) file parsing with Apache Xerces, if a
custom ...)
- jenkins-commons-jelly <removed>
[jessie] - jenkins-commons-jelly <ignored> (Minor issue, only used by
Jenkins which got removed)
@@ -33372,10 +33413,10 @@ CVE-2017-9798 (Apache httpd allows remote attackers
to read secret data from pro
NOTE: Patch backport for 2.2:
https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch
CVE-2017-9797 (When an Apache Geode cluster before v1.2.1 is operating in
secure ...)
NOT-FOR-US: Apache Geode
-CVE-2017-9796
- RESERVED
-CVE-2017-9795
- RESERVED
+CVE-2017-9796 (When an Apache Geode cluster before v1.3.0 is operating in
secure ...)
+ TODO: check
+CVE-2017-9795 (When an Apache Geode cluster before v1.3.0 is operating in
secure ...)
+ TODO: check
CVE-2017-9794 (When a cluster is operating in secure mode, a user with read
...)
NOT-FOR-US: Apache Geode
CVE-2017-9793 (The REST Plugin in Apache Struts 2.3.7 through 2.3.33 and 2.5
through ...)
@@ -35472,8 +35513,8 @@ CVE-2017-9665
RESERVED
CVE-2017-9664
RESERVED
-CVE-2017-9663
- RESERVED
+CVE-2017-9663 (An Cleartext Storage of Sensitive Information issue was
discovered in ...)
+ TODO: check
CVE-2017-9662 (An Improper Privilege Management issue was discovered in Fuji
Electric ...)
NOT-FOR-US: Fuji Electric Monitouch V-SFT
CVE-2017-9661 (An Uncontrolled Search Path Element issue was discovered in
SIMPlight ...)
@@ -43617,10 +43658,10 @@ CVE-2016-10259 (Blue Coat SSL Visibility (SSLV) 3.x
before 3.11.3.1 is susceptib
NOT-FOR-US: Blue Coat
CVE-2016-10258
RESERVED
-CVE-2016-10257
- RESERVED
-CVE-2016-10256
- RESERVED
+CVE-2016-10257 (The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior
to ...)
+ TODO: check
+CVE-2016-10256 (The Symantec ProxySG 6.5 (prior to 6.5.10.6), 6.6, and 6.7
(prior to ...)
+ TODO: check
CVE-2017-7235 (An issue was discovered in cloudflare-scrape 1.6.6 through
1.7.1. A ...)
NOT-FOR-US: cloudflare-scrape
CVE-2017-7234 (A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9
before ...)
@@ -65187,10 +65228,10 @@ CVE-2016-9111 (Incorrect access control mechanisms in
Citrix Receiver Desktop Lo
NOT-FOR-US: Citrix
CVE-2016-9110
RESERVED
-CVE-2016-9100
- REJECTED
-CVE-2016-9099
- REJECTED
+CVE-2016-9100 (Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.13,
ASG 6.7 ...)
+ TODO: check
+CVE-2016-9099 (Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 prior to
6.7.2.1, ...)
+ TODO: check
CVE-2016-9098
REJECTED
CVE-2016-9097 (The Symantec Advanced Secure Gateway (ASG) 6.6 prior to
6.6.5.8, ...)
@@ -67072,8 +67113,8 @@ CVE-2016-8495 (An improper certificate validation
vulnerability in Fortinet ...)
NOT-FOR-US: FortiManager
CVE-2016-8494 (Insufficient verification of uploaded files allows attackers
with ...)
NOT-FOR-US: Fortiguard
-CVE-2016-8493
- REJECTED
+CVE-2016-8493 (In FortiClientWindows 5.4.1 and 5.4.2, an attacker may escalate
...)
+ TODO: check
CVE-2016-8492 (The implementation of an ANSI X9.31 RNG in Fortinet FortiGate
allows ...)
NOT-FOR-US: Fortinet FortiWLC
CVE-2016-8491 (The presence of a hardcoded account named 'core' in Fortinet
FortiWLC ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fdedb1b7ed8d6f7a82853bf1c0a5f68405315a87
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fdedb1b7ed8d6f7a82853bf1c0a5f68405315a87
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
