[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Wed, 10 Jan 2018 01:10:59 -0800

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
fdedb1b7 by security tracker role at 2018-01-10T09:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,45 @@
+CVE-2018-5331
+       RESERVED
+CVE-2018-5330
+       RESERVED
+CVE-2018-5329
+       RESERVED
+CVE-2018-5328
+       RESERVED
+CVE-2018-5327
+       RESERVED
+CVE-2018-5326
+       RESERVED
+CVE-2018-5325
+       RESERVED
+CVE-2018-5324
+       RESERVED
+CVE-2018-5323
+       RESERVED
+CVE-2018-5322
+       RESERVED
+CVE-2018-5321
+       RESERVED
+CVE-2018-5320
+       RESERVED
+CVE-2018-5319
+       RESERVED
+CVE-2018-5318
+       RESERVED
+CVE-2018-5317
+       RESERVED
+CVE-2018-5316 (The &quot;SagePay Server Gateway for WooCommerce&quot; plugin 
before 1.0.9 for ...)
+       TODO: check
+CVE-2018-5315
+       RESERVED
+CVE-2018-5314
+       RESERVED
+CVE-2017-1000465 (Sulu-standard version 1.6.6 is vulnerable to stored 
cross-site ...)
+       TODO: check
+CVE-2017-1000429 (rui Li finecms 5.0.10 is vulnerable to a reflected XSS in 
the file ...)
+       TODO: check
+CVE-2017-1000428 (flatCore-CMS 1.4.6 is vulnerable to reflected XSS in ...)
+       TODO: check
 CVE-2017-18026 [Remote command execution through mercurial adapter]
        - redmine <unfixed>
        [wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
@@ -952,14 +994,13 @@ CVE-2018-4873
        RESERVED
 CVE-2018-4872
        RESERVED
-CVE-2018-4871
-       RESERVED
+CVE-2018-4871 (An Out-of-bounds Read issue was discovered in Adobe Flash 
Player before ...)
        NOT-FOR-US: Adobe Flash Player
 CVE-2018-4870
        RESERVED
 CVE-2018-4869
        RESERVED
-CVE-2018-4868 (** DISPUTED ** The Exiv2::Jp2Image::readMetadata function in 
...)
+CVE-2018-4868 (The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in 
Exiv2 ...)
        - exiv2 <unfixed>
        [stretch] - exiv2 <no-dsa> (Minor issue)
        [jessie] - exiv2 <no-dsa> (Minor issue)
@@ -3410,6 +3451,7 @@ CVE-2017-1000436
 CVE-2017-1000435
        REJECTED
 CVE-2017-1000501 (Awstats version 7.6 and earlier is vulnerable to a path 
traversal flaw ...)
+       {DLA-1238-1}
        - awstats <unfixed> (bug #885835)
        NOTE: 
https://github.com/eldy/awstats/commit/cf219843a74c951bf5986f3a7fffa3dcf99c3899
        NOTE: 
https://github.com/eldy/awstats/commit/06c0ab29c1e5059d9e0279c6b64d573d619e1651
@@ -3822,8 +3864,8 @@ CVE-2018-3612
        RESERVED
 CVE-2018-3611
        RESERVED
-CVE-2018-3610
-       RESERVED
+CVE-2018-3610 (SEMA driver in Intel Driver and Support Assistant before 
version 3.1.1 ...)
+       TODO: check
 CVE-2017-17968 (A buffer overflow vulnerability in NetTransport.exe in 
NetTransport ...)
        NOT-FOR-US: NetTransport Download Manager
 CVE-2017-17967 (pptreader.dll in Kingsoft WPS Office 10.1.0.6930 allows remote 
...)
@@ -11772,10 +11814,10 @@ CVE-2018-0821
        RESERVED
 CVE-2018-0820
        RESERVED
-CVE-2018-0819
-       RESERVED
-CVE-2018-0818
-       RESERVED
+CVE-2018-0819 (Microsoft Office 2016 for Mac allows an attacker to send a 
specially ...)
+       TODO: check
+CVE-2018-0818 (Microsoft ChakraCore allows an attacker to bypass Control Flow 
Guard ...)
+       TODO: check
 CVE-2018-0817
        RESERVED
 CVE-2018-0816
@@ -11786,8 +11828,8 @@ CVE-2018-0814
        RESERVED
 CVE-2018-0813
        RESERVED
-CVE-2018-0812
-       RESERVED
+CVE-2018-0812 (Equation Editor in Microsoft Office 2003, Microsoft Office 
2007, ...)
+       TODO: check
 CVE-2018-0811
        RESERVED
 CVE-2018-0810
@@ -11796,54 +11838,54 @@ CVE-2018-0809
        RESERVED
 CVE-2018-0808
        RESERVED
-CVE-2018-0807
-       RESERVED
-CVE-2018-0806
-       RESERVED
-CVE-2018-0805
-       RESERVED
-CVE-2018-0804
-       RESERVED
+CVE-2018-0807 (Equation Editor in Microsoft Office 2003, Microsoft Office 
2007, ...)
+       TODO: check
+CVE-2018-0806 (Equation Editor in Microsoft Office 2003, Microsoft Office 
2007, ...)
+       TODO: check
+CVE-2018-0805 (Equation Editor in Microsoft Office 2003, Microsoft Office 
2007, ...)
+       TODO: check
+CVE-2018-0804 (Equation Editor in Microsoft Office 2003, Microsoft Office 
2007, ...)
+       TODO: check
 CVE-2018-0803 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 
1709, ...)
        NOT-FOR-US: Microsoft
-CVE-2018-0802
-       RESERVED
-CVE-2018-0801
-       RESERVED
+CVE-2018-0802 (Equation Editor in Microsoft Office 2007, Microsoft Office 
2010, ...)
+       TODO: check
+CVE-2018-0801 (Equation Editor in Microsoft Office 2007, Microsoft Office 
2010, ...)
+       TODO: check
 CVE-2018-0800 (Microsoft Edge in Microsoft Windows 10 1709 allows an attacker 
to ...)
        NOT-FOR-US: Microsoft
-CVE-2018-0799
-       RESERVED
-CVE-2018-0798
-       RESERVED
-CVE-2018-0797
-       RESERVED
-CVE-2018-0796
-       RESERVED
-CVE-2018-0795
-       RESERVED
-CVE-2018-0794
-       RESERVED
-CVE-2018-0793
-       RESERVED
-CVE-2018-0792
-       RESERVED
-CVE-2018-0791
-       RESERVED
-CVE-2018-0790
-       RESERVED
-CVE-2018-0789
-       RESERVED
+CVE-2018-0799 (Microsoft Access in Microsoft SharePoint Enterprise Server 2013 
and ...)
+       TODO: check
+CVE-2018-0798 (Equation Editor in Microsoft Office 2007, Microsoft Office 
2010, ...)
+       TODO: check
+CVE-2018-0797 (Microsoft Office 2010, Microsoft Office 2013, and Microsoft 
Office ...)
+       TODO: check
+CVE-2018-0796 (Microsoft Excel in Microsoft Office 2007, Microsoft Office 
2010, ...)
+       TODO: check
+CVE-2018-0795 (Microsoft Office 2010, Microsoft Office 2013, and Microsoft 
Office ...)
+       TODO: check
+CVE-2018-0794 (Microsoft Word in Microsoft Office 2007, Microsoft Office 2010, 
...)
+       TODO: check
+CVE-2018-0793 (Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft 
Outlook ...)
+       TODO: check
+CVE-2018-0792 (Microsoft Word 2016 in Microsoft Office 2016 allows a remote 
code ...)
+       TODO: check
+CVE-2018-0791 (Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft 
Outlook ...)
+       TODO: check
+CVE-2018-0790 (Microsoft SharePoint Foundation 2010, Microsoft SharePoint 
Server 2013 ...)
+       TODO: check
+CVE-2018-0789 (Microsoft SharePoint Foundation 2010, Microsoft SharePoint 
Server 2013 ...)
+       TODO: check
 CVE-2018-0788 (The Windows Adobe Type Manager Font Driver (Atmfd.dll) in 
Windows 7 ...)
        NOT-FOR-US: Microsoft
 CVE-2018-0787
        RESERVED
-CVE-2018-0786
-       RESERVED
-CVE-2018-0785
-       RESERVED
-CVE-2018-0784
-       RESERVED
+CVE-2018-0786 (Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 
4.5.1, ...)
+       TODO: check
+CVE-2018-0785 (ASP.NET Core 1.0. 1.1, and 2.0 allow a cross site request 
forgery ...)
+       TODO: check
+CVE-2018-0784 (ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege 
...)
+       TODO: check
 CVE-2018-0783
        RESERVED
 CVE-2018-0782
@@ -11882,8 +11924,8 @@ CVE-2018-0766 (Microsoft Edge in Microsoft Windows 10 
Gold, 1511, 1607, 1703, 17
        NOT-FOR-US: Microsoft
 CVE-2018-0765
        RESERVED
-CVE-2018-0764
-       RESERVED
+CVE-2018-0764 (Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 
4.5.1, ...)
+       TODO: check
 CVE-2018-0763
        RESERVED
 CVE-2018-0762 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 
2008 and ...)
@@ -14711,8 +14753,8 @@ CVE-2017-16742
        RESERVED
 CVE-2017-16741
        RESERVED
-CVE-2017-16740
-       RESERVED
+CVE-2017-16740 (A Buffer Overflow issue was discovered in Rockwell Automation 
...)
+       TODO: check
 CVE-2017-16739
        RESERVED
 CVE-2017-16738
@@ -19260,8 +19302,8 @@ CVE-2017-15133
        RESERVED
 CVE-2017-15132
        RESERVED
-CVE-2017-15131
-       RESERVED
+CVE-2017-15131 (It was found that system umask policy is not being honored 
when ...)
+       TODO: check
 CVE-2017-15130
        RESERVED
 CVE-2017-15129 (A use-after-free vulnerability was found in network namespaces 
code ...)
@@ -19291,8 +19333,7 @@ CVE-2017-15126 [Use-after-free in 
userfaultfd_event_wait_completion function in 
 CVE-2017-15125
        RESERVED
        NOT-FOR-US: Red Hat CloudForms
-CVE-2017-15124 [memory exhaustion through framebuffer update request message 
in VNC server]
-       RESERVED
+CVE-2017-15124 (VNC server implementation in Quick Emulator (QEMU) before 
2.14.3 was ...)
        - qemu <unfixed> (bug #884806)
        [stretch] - qemu <postponed> (Can be fixed along in later update)
        [jessie] - qemu <postponed> (Can be fixed along in later update)
@@ -26768,12 +26809,12 @@ CVE-2017-12699 (An Incorrect Default Permissions 
issue was discovered in AzeoTec
        NOT-FOR-US: AzeoTech DAQFactory
 CVE-2017-12698 (An Improper Authentication issue was discovered in Advantech 
WebAccess ...)
        NOT-FOR-US: Advantech WebAccess
-CVE-2017-12697
-       RESERVED
+CVE-2017-12697 (A Man-in-the-Middle issue was discovered in General Motors 
(GM) and ...)
+       TODO: check
 CVE-2017-12696
        RESERVED
-CVE-2017-12695
-       RESERVED
+CVE-2017-12695 (An Improper Authentication issue was discovered in General 
Motors (GM) ...)
+       TODO: check
 CVE-2017-12694 (A Directory Traversal issue was discovered in SpiderControl 
SCADA Web ...)
        NOT-FOR-US: SpiderControl SCADA Web Server
 CVE-2017-1000101 (curl supports &quot;globbing&quot; of URLs, in which a user 
can pass a numerical ...)
@@ -27014,8 +27055,8 @@ CVE-2017-12624 (Apache CXF supports sending and 
receiving attachments via either
        NOT-FOR-US: Apache CXF
 CVE-2017-12623 (An authorized user could upload a template which contained 
malicious ...)
        NOT-FOR-US: Apache NiFi
-CVE-2017-12622
-       RESERVED
+CVE-2017-12622 (When an Apache Geode cluster before v1.3.0 is operating in 
secure mode ...)
+       TODO: check
 CVE-2017-12621 (During Jelly (xml) file parsing with Apache Xerces, if a 
custom ...)
        - jenkins-commons-jelly <removed>
        [jessie] - jenkins-commons-jelly <ignored> (Minor issue, only used by 
Jenkins which got removed)
@@ -33372,10 +33413,10 @@ CVE-2017-9798 (Apache httpd allows remote attackers 
to read secret data from pro
        NOTE: Patch backport for 2.2: 
https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch
 CVE-2017-9797 (When an Apache Geode cluster before v1.2.1 is operating in 
secure ...)
        NOT-FOR-US: Apache Geode
-CVE-2017-9796
-       RESERVED
-CVE-2017-9795
-       RESERVED
+CVE-2017-9796 (When an Apache Geode cluster before v1.3.0 is operating in 
secure ...)
+       TODO: check
+CVE-2017-9795 (When an Apache Geode cluster before v1.3.0 is operating in 
secure ...)
+       TODO: check
 CVE-2017-9794 (When a cluster is operating in secure mode, a user with read 
...)
        NOT-FOR-US: Apache Geode
 CVE-2017-9793 (The REST Plugin in Apache Struts 2.3.7 through 2.3.33 and 2.5 
through ...)
@@ -35472,8 +35513,8 @@ CVE-2017-9665
        RESERVED
 CVE-2017-9664
        RESERVED
-CVE-2017-9663
-       RESERVED
+CVE-2017-9663 (An Cleartext Storage of Sensitive Information issue was 
discovered in ...)
+       TODO: check
 CVE-2017-9662 (An Improper Privilege Management issue was discovered in Fuji 
Electric ...)
        NOT-FOR-US: Fuji Electric Monitouch V-SFT
 CVE-2017-9661 (An Uncontrolled Search Path Element issue was discovered in 
SIMPlight ...)
@@ -43617,10 +43658,10 @@ CVE-2016-10259 (Blue Coat SSL Visibility (SSLV) 3.x 
before 3.11.3.1 is susceptib
        NOT-FOR-US: Blue Coat
 CVE-2016-10258
        RESERVED
-CVE-2016-10257
-       RESERVED
-CVE-2016-10256
-       RESERVED
+CVE-2016-10257 (The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior 
to ...)
+       TODO: check
+CVE-2016-10256 (The Symantec ProxySG 6.5 (prior to 6.5.10.6), 6.6, and 6.7 
(prior to ...)
+       TODO: check
 CVE-2017-7235 (An issue was discovered in cloudflare-scrape 1.6.6 through 
1.7.1. A ...)
        NOT-FOR-US: cloudflare-scrape
 CVE-2017-7234 (A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 
before ...)
@@ -65187,10 +65228,10 @@ CVE-2016-9111 (Incorrect access control mechanisms in 
Citrix Receiver Desktop Lo
        NOT-FOR-US: Citrix
 CVE-2016-9110
        RESERVED
-CVE-2016-9100
-       REJECTED
-CVE-2016-9099
-       REJECTED
+CVE-2016-9100 (Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.13, 
ASG 6.7 ...)
+       TODO: check
+CVE-2016-9099 (Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 prior to 
6.7.2.1, ...)
+       TODO: check
 CVE-2016-9098
        REJECTED
 CVE-2016-9097 (The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 
6.6.5.8, ...)
@@ -67072,8 +67113,8 @@ CVE-2016-8495 (An improper certificate validation 
vulnerability in Fortinet ...)
        NOT-FOR-US: FortiManager
 CVE-2016-8494 (Insufficient verification of uploaded files allows attackers 
with ...)
        NOT-FOR-US: Fortiguard
-CVE-2016-8493
-       REJECTED
+CVE-2016-8493 (In FortiClientWindows 5.4.1 and 5.4.2, an attacker may escalate 
...)
+       TODO: check
 CVE-2016-8492 (The implementation of an ANSI X9.31 RNG in Fortinet FortiGate 
allows ...)
        NOT-FOR-US: Fortinet FortiWLC
 CVE-2016-8491 (The presence of a hardcoded account named 'core' in Fortinet 
FortiWLC ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fdedb1b7ed8d6f7a82853bf1c0a5f68405315a87

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fdedb1b7ed8d6f7a82853bf1c0a5f68405315a87
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to