Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: fabf37f5 by security tracker role at 2018-01-11T21:10:16+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,7 @@ +CVE-2018-5344 + RESERVED +CVE-2018-5343 + RESERVED CVE-2018-5342 RESERVED CVE-2018-5341 @@ -372,8 +376,8 @@ CVE-2018-5191 REJECTED CVE-2018-5190 RESERVED -CVE-2018-5189 - RESERVED +CVE-2018-5189 (Race condition in Jungo Windriver 12.5.1 allows local users to cause a ...) + TODO: check CVE-2018-5188 RESERVED CVE-2018-5187 @@ -3220,8 +3224,7 @@ CVE-2017-18017 (The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c i - linux 4.11.6-1 [stretch] - linux 4.9.47-1 NOTE: Fixed by: https://git.kernel.org/linus/2638fd0f92d4397884fd991d8f4925cb3f081901 -CVE-2017-18016 - RESERVED +CVE-2017-18016 (Parity Browser 1.6.10 and earlier allows remote attackers to bypass ...) NOT-FOR-US: Paritytech Parity Ethereum CVE-2017-1000493 (Rocket.Chat Server version 0.59 and prior is vulnerable to a NoSQL ...) NOT-FOR-US: Rocket.Chat Server @@ -9243,8 +9246,8 @@ CVE-2018-1363 RESERVED CVE-2018-1362 RESERVED -CVE-2018-1361 - RESERVED +CVE-2018-1361 (IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site ...) + TODO: check CVE-2017-17684 (Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c04 ...) NOT-FOR-US: Panda Global Protection CVE-2017-17683 (Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c44 ...) @@ -13551,8 +13554,8 @@ CVE-2018-0120 RESERVED CVE-2018-0119 RESERVED -CVE-2018-0118 - RESERVED +CVE-2018-0118 (A vulnerability in the web-based management interface of Cisco Unified ...) + TODO: check CVE-2018-0117 RESERVED CVE-2018-0116 @@ -13897,6 +13900,7 @@ CVE-2017-16899 (An array index error in the fig2dev program in Xfig 3.2.6a allow [jessie] - transfig 1:3.2.5.e-4+deb8u1 [wheezy] - transfig <no-dsa> (Minor issue) CVE-2017-16898 (The printMP3Headers function in util/listmp3.c in libming v0.4.8 or ...) + {DLA-1240-1} - ming <removed> NOTE: https://github.com/libming/libming/issues/75 CVE-2017-16897 (A vulnerability has been discovered in the Auth0 passport-wsfed-saml2 ...) @@ -14002,6 +14006,7 @@ CVE-2017-1000386 CVE-2017-16884 (Cross-site scripting (XSS) vulnerability in MistServer before 2.13 ...) NOT-FOR-US: MistServer CVE-2017-16883 (The outputSWF_TEXT_RECORD function in util/outputscript.c in libming <= ...) + {DLA-1240-1} - ming <removed> NOTE: https://github.com/libming/libming/issues/77 CVE-2017-16882 (Icinga Core through 1.14.0 initially executes bin/icinga as root but ...) @@ -17879,56 +17884,56 @@ CVE-2012-6707 (WordPress through 4.8.2 uses a weak MD5-based password hashing .. NOTE: https://core.trac.wordpress.org/ticket/21022 NOTE: Proposed patch (but not merged): https://core.trac.wordpress.org/attachment/ticket/21022/21022.3.diff NOTE: Cf. https://core.trac.wordpress.org/ticket/21022#comment:80 and following. -CVE-2017-15637 - RESERVED -CVE-2017-15636 - RESERVED -CVE-2017-15635 - RESERVED -CVE-2017-15634 - RESERVED -CVE-2017-15633 - RESERVED -CVE-2017-15632 - RESERVED -CVE-2017-15631 - RESERVED -CVE-2017-15630 - RESERVED -CVE-2017-15629 - RESERVED -CVE-2017-15628 - RESERVED -CVE-2017-15627 - RESERVED -CVE-2017-15626 - RESERVED -CVE-2017-15625 - RESERVED -CVE-2017-15624 - RESERVED -CVE-2017-15623 - RESERVED -CVE-2017-15622 - RESERVED -CVE-2017-15621 - RESERVED -CVE-2017-15620 - RESERVED -CVE-2017-15619 - RESERVED -CVE-2017-15618 - RESERVED -CVE-2017-15617 - RESERVED -CVE-2017-15616 - RESERVED -CVE-2017-15615 - RESERVED -CVE-2017-15614 - RESERVED -CVE-2017-15613 - RESERVED +CVE-2017-15637 (TP-Link WVR, WAR and ER devices allow remote authenticated ...) + TODO: check +CVE-2017-15636 (TP-Link WVR, WAR and ER devices allow remote authenticated ...) + TODO: check +CVE-2017-15635 (TP-Link WVR, WAR and ER devices allow remote authenticated ...) + TODO: check +CVE-2017-15634 (TP-Link WVR, WAR and ER devices allow remote authenticated ...) + TODO: check +CVE-2017-15633 (TP-Link WVR, WAR and ER devices allow remote authenticated ...) + TODO: check +CVE-2017-15632 (TP-Link WVR, WAR and ER devices allow remote authenticated ...) + TODO: check +CVE-2017-15631 (TP-Link WVR, WAR and ER devices allow remote authenticated ...) + TODO: check +CVE-2017-15630 (TP-Link WVR, WAR and ER devices allow remote authenticated ...) + TODO: check +CVE-2017-15629 (TP-Link WVR, WAR and ER devices allow remote authenticated ...) + TODO: check +CVE-2017-15628 (TP-Link WVR, WAR and ER devices allow remote authenticated ...) + TODO: check +CVE-2017-15627 (TP-Link WVR, WAR and ER devices allow remote authenticated ...) + TODO: check +CVE-2017-15626 (TP-Link WVR, WAR and ER devices allow remote authenticated ...) + TODO: check +CVE-2017-15625 (TP-Link WVR, WAR and ER devices allow remote authenticated ...) + TODO: check +CVE-2017-15624 (TP-Link WVR, WAR and ER devices allow remote authenticated ...) + TODO: check +CVE-2017-15623 (TP-Link WVR, WAR and ER devices allow remote authenticated ...) + TODO: check +CVE-2017-15622 (TP-Link WVR, WAR and ER devices allow remote authenticated ...) + TODO: check +CVE-2017-15621 (TP-Link WVR, WAR and ER devices allow remote authenticated ...) + TODO: check +CVE-2017-15620 (TP-Link WVR, WAR and ER devices allow remote authenticated ...) + TODO: check +CVE-2017-15619 (TP-Link WVR, WAR and ER devices allow remote authenticated ...) + TODO: check +CVE-2017-15618 (TP-Link WVR, WAR and ER devices allow remote authenticated ...) + TODO: check +CVE-2017-15617 (TP-Link WVR, WAR and ER devices allow remote authenticated ...) + TODO: check +CVE-2017-15616 (TP-Link WVR, WAR and ER devices allow remote authenticated ...) + TODO: check +CVE-2017-15615 (TP-Link WVR, WAR and ER devices allow remote authenticated ...) + TODO: check +CVE-2017-15614 (TP-Link WVR, WAR and ER devices allow remote authenticated ...) + TODO: check +CVE-2017-15613 (TP-Link WVR, WAR and ER devices allow remote authenticated ...) + TODO: check CVE-2017-15612 (mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such ...) - mistune 0.8-1 (bug #879098) [stretch] - mistune <no-dsa> (Minor issue) @@ -29358,6 +29363,7 @@ CVE-2017-11733 (A null pointer dereference vulnerability was found in the functi - ming <removed> NOTE: https://github.com/libming/libming/issues/78 CVE-2017-11732 (A heap-based buffer overflow vulnerability was found in the function ...) + {DLA-1240-1} - ming <removed> NOTE: https://github.com/libming/libming/issues/80 CVE-2017-11731 (An invalid memory read vulnerability was found in the function OpCode ...) @@ -51453,10 +51459,10 @@ CVE-2017-4952 RESERVED CVE-2017-4951 RESERVED -CVE-2017-4950 - RESERVED -CVE-2017-4949 - RESERVED +CVE-2017-4950 (VMware Workstation and Fusion contain an integer overflow ...) + TODO: check +CVE-2017-4949 (VMware Workstation and Fusion contain a use-after-free vulnerability ...) + TODO: check CVE-2017-4948 (VMware Workstation (14.x before 14.1.0 and 12.x) and Horizon View ...) NOT-FOR-US: VMware CVE-2017-4947 @@ -59741,10 +59747,10 @@ CVE-2017-1742 RESERVED CVE-2017-1741 RESERVED -CVE-2017-1740 - RESERVED -CVE-2017-1739 - RESERVED +CVE-2017-1740 (IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and ...) + TODO: check +CVE-2017-1739 (IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 is ...) + TODO: check CVE-2017-1738 RESERVED CVE-2017-1737 @@ -59859,8 +59865,8 @@ CVE-2017-1683 (IBM Connections Engagement Center 6.0 is vulnerable to cross-site NOT-FOR-US: IBM Connections Engagement Center CVE-2017-1682 RESERVED -CVE-2017-1681 - RESERVED +CVE-2017-1681 (IBM WebSphere Application Server (IBM Liberty for Java for Bluemix ...) + TODO: check CVE-2017-1680 RESERVED CVE-2017-1679 @@ -60265,8 +60271,8 @@ CVE-2017-1480 RESERVED CVE-2017-1479 RESERVED -CVE-2017-1478 - RESERVED +CVE-2017-1478 (IBM Security Access Manager Appliance 9.0.0 allows web pages to be ...) + TODO: check CVE-2017-1477 (IBM Security Access Manager Appliance 9.0.3 is vulnerable to a XML ...) NOT-FOR-US: IBM CVE-2017-1476 @@ -121196,8 +121202,8 @@ CVE-2012-6684 (Cross-site scripting (XSS) vulnerability in the RedCloth library NOTE: http://co3k.org/blog/redcloth-unfixed-xss-en CVE-2012-6683 RESERVED -CVE-2012-6682 - RESERVED +CVE-2012-6682 (Cross-site scripting (XSS) vulnerability in ...) + TODO: check CVE-2012-6681 RESERVED CVE-2012-6680 @@ -121218,16 +121224,16 @@ CVE-2012-6673 RESERVED CVE-2012-6672 RESERVED -CVE-2012-6671 - RESERVED -CVE-2012-6670 - RESERVED +CVE-2012-6671 (Multiple cross-site scripting (XSS) vulnerabilities in ...) + TODO: check +CVE-2012-6670 (Multiple cross-site scripting (XSS) vulnerabilities in the DragonByte ...) + TODO: check CVE-2012-6669 RESERVED -CVE-2012-6668 - RESERVED -CVE-2012-6667 - RESERVED +CVE-2012-6668 (Multiple cross-site scripting (XSS) vulnerabilities in the Shout ...) + TODO: check +CVE-2012-6667 (Cross-site scripting (XSS) vulnerability in vbshout.php in DragonByte ...) + TODO: check CVE-2012-6666 RESERVED CVE-2010-5313 (Race condition in arch/x86/kvm/x86.c in the Linux kernel before 2.6.38 ...) @@ -131947,12 +131953,12 @@ CVE-2014-5072 RESERVED CVE-2014-5071 (SQL injection vulnerability in the checkPassword function in ...) TODO: check -CVE-2014-5070 - RESERVED +CVE-2014-5070 (Symmetricom s350i 2.70.15 allows remote authenticated users to gain ...) + TODO: check CVE-2014-5069 (Cross-site scripting (XSS) vulnerability in Symmetricom s350i 2.70.15 ...) TODO: check -CVE-2014-5068 - RESERVED +CVE-2014-5068 (Directory traversal vulnerability in the web application in ...) + TODO: check CVE-2014-5067 RESERVED CVE-2014-5066 @@ -146207,8 +146213,7 @@ CVE-2014-0089 (Cross-site scripting (XSS) vulnerability in ...) - foreman <itp> (bug #663101) CVE-2014-0088 (The SPDY implementation in the ngx_http_spdy_module module in nginx ...) - nginx <not-affected> (Only affects 1.5.10) -CVE-2014-0087 - RESERVED +CVE-2014-0087 (The check_privileges method in ...) NOT-FOR-US: RedHat CloudForms Management Engine CVE-2014-0086 (The doFilter function in webapp/PushHandlerFilter.java in JBoss ...) NOT-FOR-US: RichFaces @@ -180616,8 +180621,8 @@ CVE-2012-0701 (The client applications in the DataStage Administrator client in NOT-FOR-US: IBM InfoSphere Information Server CVE-2012-0700 (The client in InfoSphere FastTrack 8.1 through 8.7 in IBM InfoSphere ...) NOT-FOR-US: IBM InfoSphere Information Server -CVE-2012-0699 - RESERVED +CVE-2012-0699 (Multiple cross-site request forgery (CSRF) vulnerabilities in Family ...) + TODO: check CVE-2012-0698 (tcsd in TrouSerS before 0.3.10 allows remote attackers to cause a ...) {DSA-2576-1} - trousers 0.3.9-1 (low; bug #692649) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fabf37f5be6000d507faabb42676bc82fd1839a5 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fabf37f5be6000d507faabb42676bc82fd1839a5 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits