[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Tue, 16 Jan 2018 13:10:53 -0800

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
439a5396 by security tracker role at 2018-01-16T21:10:25+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,11 +1,46 @@
-CVE-2018-5704
+CVE-2018-5720
        RESERVED
-CVE-2018-5703 [KASAN: slab-out-of-bounds Write in tcp_v6_syn_recv_sock]
+CVE-2018-5719
        RESERVED
+CVE-2018-5718
+       RESERVED
+CVE-2018-5717
+       RESERVED
+CVE-2018-5716
+       RESERVED
+CVE-2018-5715 (phprint.php in SugarCRM 3.5.1 has XSS via a parameter name in 
the query ...)
+       TODO: check
+CVE-2018-5714 (In Malwarefox Anti-Malware 2.72.169, the driver file 
(zam64.sys) allows ...)
+       TODO: check
+CVE-2018-5713 (In Malwarefox Anti-Malware 2.72.169, the driver file 
(zam64.sys) allows ...)
+       TODO: check
+CVE-2018-5712 (An issue was discovered in PHP before 5.6.33, 7.0.x before 
7.0.27, ...)
+       TODO: check
+CVE-2018-5711 (gd_gif_in.c in the GD Graphics Library (aka libgd), as used in 
PHP ...)
+       TODO: check
+CVE-2018-5710 (An issue was discovered in MIT Kerberos 5 (aka krb5) through 
1.16. The ...)
+       TODO: check
+CVE-2018-5709 (An issue was discovered in MIT Kerberos 5 (aka krb5) through 
1.16. ...)
+       TODO: check
+CVE-2018-5708
+       RESERVED
+CVE-2018-5707
+       RESERVED
+CVE-2018-5706 (An issue was discovered in Octopus Deploy before 4.1.9. Any 
user with ...)
+       TODO: check
+CVE-2018-5705
+       RESERVED
+CVE-2018-1000003
+       RESERVED
+CVE-2018-1000002
+       RESERVED
+CVE-2018-5704 (Open On-Chip Debugger (OpenOCD) 0.10.0 does not block attempts 
to use ...)
+       TODO: check
+CVE-2018-5703 (The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the 
Linux ...)
        - linux <unfixed>
        NOTE: https://lkml.org/lkml/2018/1/16/53
-CVE-2017-18032
-       RESERVED
+CVE-2017-18032 (The download-manager plugin before 2.9.52 for WordPress has 
XSS via the ...)
+       TODO: check
 CVE-2018-5701
        RESERVED
 CVE-2018-5700 (Winmail Server through 6.2 allows remote code execution by ...)
@@ -732,8 +767,8 @@ CVE-2018-5372 (The Testimonial Slider plugin through 1.2.4 
for WordPress has SQL
        NOT-FOR-US: Testimonial Slider plugin for WordPress
 CVE-2018-5371 (diag_ping.cmd on D-Link DSL-2640U devices with firmware IM_1.00 
and ...)
        NOT-FOR-US: D-Link
-CVE-2018-5370
-       RESERVED
+CVE-2018-5370 (BizLogic xnami 1.0 has XSS via the comment parameter in an 
addComment ...)
+       TODO: check
 CVE-2018-5369 (The SrbTransLatin plugin 1.46 for WordPress has XSS via an ...)
        NOT-FOR-US: SrbTransLatin plugin for WordPress
 CVE-2018-5368 (The SrbTransLatin plugin 1.46 for WordPress has CSRF via an ...)
@@ -793,9 +828,10 @@ CVE-2018-5347 (Seagate Media Server in Seagate Personal 
Cloud has unauthenticate
        NOT-FOR-US: Seagate Media Server in Seagate Personal Cloud
 CVE-2018-5346
        RESERVED
-CVE-2018-1000004 [ALSA: seq: Make ioctls race-free]
+CVE-2018-1000004 (In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier 
versions a ...)
        - linux <unfixed>
 CVE-2018-1000001 [Libc Realpath Buffer Underflow]
+       RESERVED
        - glibc 2.26-4 (bug #887001)
        [stretch] - glibc <postponed> (Minor issue, can be fixed along in next 
DSA or preferably point release)
        [jessie] - glibc <postponed> (Minor issue, can be fixed along in next 
DSA or preferably point release)
@@ -856,8 +892,8 @@ CVE-2017-1000439
        REJECTED
 CVE-2018-5331 (Discuz! DiscuzX X3.4 has XSS via the view parameter to ...)
        NOT-FOR-US: Discuz!
-CVE-2018-5330
-       RESERVED
+CVE-2018-5330 (ZyXEL P-660HW v3 devices allow remote attackers to cause a 
denial of ...)
+       TODO: check
 CVE-2018-5329 (ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 is vulnerable to 
Cross-Site ...)
        NOT-FOR-US: ZUUSE BEIMS ContractorWeb .NET
 CVE-2018-5328 (ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows access to 
various ...)
@@ -11195,8 +11231,8 @@ CVE-2017-17431 (GeniXCMS 1.1.5 has XSS via the from, 
id, lang, menuid, mod, q, s
        NOT-FOR-US: GeniXCMS
 CVE-2017-17430 (Sangoma NetBorder / Vega Session Controller before 
2.3.12-80-GA allows ...)
        NOT-FOR-US: Sangoma NetBorder / Vega Session Controller
-CVE-2017-17429
-       RESERVED
+CVE-2017-17429 (In K7 Antivirus Premium before 15.1.0.53, user-controlled 
input to the ...)
+       TODO: check
 CVE-2017-17428
        RESERVED
        NOT-FOR-US: Cisco ACE
@@ -16103,24 +16139,24 @@ CVE-2017-16559
        RESERVED
 CVE-2017-16558
        RESERVED
-CVE-2017-16557
-       RESERVED
-CVE-2017-16556
-       RESERVED
-CVE-2017-16555
-       RESERVED
-CVE-2017-16554
-       RESERVED
-CVE-2017-16553
-       RESERVED
-CVE-2017-16552
-       RESERVED
-CVE-2017-16551
-       RESERVED
-CVE-2017-16550
-       RESERVED
-CVE-2017-16549
-       RESERVED
+CVE-2017-16557 (K7 Antivirus Premium before 15.1.0.53 allows local users to 
gain ...)
+       TODO: check
+CVE-2017-16556 (In K7 Antivirus Premium before 15.1.0.53, user-controlled 
input can be ...)
+       TODO: check
+CVE-2017-16555 (K7 Antivirus Premium before 15.1.0.53 allows local users to 
gain ...)
+       TODO: check
+CVE-2017-16554 (K7 Antivirus Premium before 15.1.0.53 allows local users to 
write to ...)
+       TODO: check
+CVE-2017-16553 (K7 Antivirus Premium before 15.1.0.53 allows local users to 
gain ...)
+       TODO: check
+CVE-2017-16552 (K7 Antivirus Premium before 15.1.0.53 allows local users to 
write to ...)
+       TODO: check
+CVE-2017-16551 (K7 Antivirus Premium before 15.1.0.53 allows local users to 
gain ...)
+       TODO: check
+CVE-2017-16550 (K7 Antivirus Premium before 15.1.0.53 allows local users to 
write to ...)
+       TODO: check
+CVE-2017-16549 (K7 Antivirus Premium before 15.1.0.53 allows local users to 
write to ...)
+       TODO: check
 CVE-2017-16548 (The receive_xattr function in xattrs.c in rsync 3.1.2 and ...)
        {DSA-4068-1 DLA-1218-1}
        - rsync 3.1.2-2.1 (bug #880954)
@@ -19595,7 +19631,7 @@ CVE-2017-15326
        RESERVED
 CVE-2017-15325
        RESERVED
-CVE-2017-15324 (Huawei S12700 V200R006C00, V200R007C00, V200R007C01, 
V200R007C20, ...)
+CVE-2017-15324 (Huawei S5700 and S6700 with software of V200R005C00 have a DoS 
...)
        NOT-FOR-US: Huawei
 CVE-2017-15323
        RESERVED
@@ -20222,7 +20258,7 @@ CVE-2017-15126 (A use-after-free flaw was found in 
fs/userfaultfd.c in the Linux
 CVE-2017-15125
        RESERVED
        NOT-FOR-US: Red Hat CloudForms
-CVE-2017-15124 (VNC server implementation in Quick Emulator (QEMU) before 
2.14.3 was ...)
+CVE-2017-15124 (VNC server implementation in Quick Emulator (QEMU) 2.11.0 and 
older ...)
        - qemu <unfixed> (bug #884806)
        [stretch] - qemu <postponed> (Can be fixed along in later update)
        [jessie] - qemu <postponed> (Can be fixed along in later update)
@@ -32502,8 +32538,8 @@ CVE-2017-11074
        RESERVED
 CVE-2017-11073 (In android for MSM, Firefox OS for MSM, QRD Android, with all 
Android ...)
        NOT-FOR-US: Qualcomm components for Android
-CVE-2017-11072
-       RESERVED
+CVE-2017-11072 (In Android for MSM, Firefox OS for MSM, QRD Android, with all 
Android ...)
+       TODO: check
 CVE-2017-11071
        RESERVED
 CVE-2017-11070
@@ -39336,8 +39372,8 @@ CVE-2017-8804 (The xdr_bytes and xdr_string functions 
in the GNU C Library (aka 
        NOTE: Proposed patch: 
https://sourceware.org/ml/libc-alpha/2017-05/msg00105.html
 CVE-2017-8803 (Notepad++ 7.3.3 (32-bit) with Hex Editor Plugin v0.9.5 might 
allow ...)
        NOT-FOR-US: Notepad++
-CVE-2017-8802
-       RESERVED
+CVE-2017-8802 (Cross-site scripting (XSS) vulnerability in Zimbra 
Collaboration Suite ...)
+       TODO: check
 CVE-2017-8801 (Trend Micro OfficeScan 11.0 before SP1 CP 6325 (with Agent 
Module Build ...)
        NOT-FOR-US: Trend Micro
 CVE-2017-8800
@@ -95612,16 +95648,16 @@ CVE-2016-0221 (Cross-site scripting (XSS) 
vulnerability in IBM Cognos TM1, as us
        NOT-FOR-US: IBM
 CVE-2016-0220
        RESERVED
-CVE-2016-0219
-       RESERVED
+CVE-2016-0219 (XML external entity (XXE) vulnerability in IBM Rational Team 
Concert ...)
+       TODO: check
 CVE-2016-0218 (IBM Cognos Business Intelligence and IBM Cognos Analytics are 
...)
        NOT-FOR-US: IBM
 CVE-2016-0217 (IBM Cognos Business Intelligence and IBM Cognos Analytics are 
...)
        NOT-FOR-US: IBM
 CVE-2016-0216 (Stack-based buffer overflow in IBM Tivoli Storage Manager 
FastBack 5.5 ...)
        NOT-FOR-US: IBM
-CVE-2016-0215
-       RESERVED
+CVE-2016-0215 (IBM DB2 9.7, 10.1 before FP6, and 10.5 before FP8 on AIX, 
Linux, HP, ...)
+       TODO: check
 CVE-2016-0214 (IBM Tivoli Endpoint Manager could allow a remote attacker to 
upload ...)
        NOT-FOR-US: IBM
 CVE-2016-0213 (Stack-based buffer overflow in IBM Tivoli Storage Manager 
FastBack 5.5 ...)
@@ -95636,8 +95672,8 @@ CVE-2016-0209 (Cross-site scripting (XSS) vulnerability 
in IBM WebSphere Portal 
        NOT-FOR-US: IBM
 CVE-2016-0208 (IBM WebSphere Commerce 6.x through 6.0.0.11, 7.x through 
7.0.0.9, and ...)
        NOT-FOR-US: IBM
-CVE-2016-0207
-       RESERVED
+CVE-2016-0207 (IBM Algorithmics One-Algo Risk Application (ARA) 4.9.1 through 
5.1.0 ...)
+       TODO: check
 CVE-2016-0206 (IBM Cloud Orchestrator could allow a local authenticated 
attacker to ...)
        NOT-FOR-US: IBM
 CVE-2016-0205
@@ -99361,12 +99397,12 @@ CVE-2015-7488 (IBM Spectrum Scale 4.1.1.x before 
4.1.1.4 and 4.2.x before 4.2.0.
        NOT-FOR-US: IBM
 CVE-2015-7487 (IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 
7.5.0.9 ...)
        NOT-FOR-US: IBM
-CVE-2015-7486
-       RESERVED
-CVE-2015-7485
-       RESERVED
-CVE-2015-7484
-       RESERVED
+CVE-2015-7486 (Cross-site scripting (XSS) vulnerability in IBM Rational 
Engineering ...)
+       TODO: check
+CVE-2015-7485 (Cross-site scripting (XSS) vulnerability in IBM Rational 
Engineering ...)
+       TODO: check
+CVE-2015-7484 (IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 
iFix7 ...)
+       TODO: check
 CVE-2015-7483
        RESERVED
 CVE-2015-7482
@@ -99385,8 +99421,8 @@ CVE-2015-7476
        RESERVED
 CVE-2015-7475
        RESERVED
-CVE-2015-7474
-       RESERVED
+CVE-2015-7474 (Cross-site scripting (XSS) vulnerability in Jazz Foundation in 
IBM ...)
+       TODO: check
 CVE-2015-7473 (runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local 
users to ...)
        NOT-FOR-US: IBM
 CVE-2015-7472 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 
6.1.5.3 ...)
@@ -120412,8 +120448,7 @@ CVE-2014-XXXX [denial of service with specific 
packets]
        NOTE: https://redmine.openinfosecfoundation.org/issues/1272
        NOTE: 
https://github.com/inliniac/libhtp/commit/4acebf251bb6c8343dd5f37f1b48cb38fec4fed4
        NOTE: CVE Request: http://seclists.org/oss-sec/2014/q4/1035
-CVE-2014-9485 [miniunzip directory traversal]
-       RESERVED
+CVE-2014-9485 (Directory traversal vulnerability in the do_extract_currentfile 
...)
        - minizip 1.1-5 (low; bug #774321)
 CVE-2014-9426 (** DISPUTED ** The apprentice_load function in 
libmagic/apprentice.c ...)
        NOTE: Disputed PHP issue to be rejected, code wasn't present in 
squeeze/wheezy or file (PHP-specific)
@@ -120438,8 +120473,7 @@ CVE-2014-9414 (The W3 Total Cache plugin before 
0.9.4.1 for WordPress does not .
        NOT-FOR-US: WordPress plugin W3 Total Cache
 CVE-2014-9413 (Multiple cross-site request forgery (CSRF) vulnerabilities in 
the IP ...)
        NOT-FOR-US: IP Ban (simple-ip-ban) plugin for WordPress
-CVE-2014-9482 [dwarfdump use after free]
-       RESERVED
+CVE-2014-9482 (Use-after-free vulnerability in dwarfdump in libdwarf 20130126 
through ...)
        - dwarfutils <not-affected> (Vulnerable code introduced later, see bug 
#774530)
        NOTE: http://www.openwall.com/lists/oss-security/2014/12/31/3
 CVE-2014-9427 (sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 
5.5.x ...)
@@ -130522,8 +130556,7 @@ CVE-2014-6073
        RESERVED
 CVE-2014-6072
        RESERVED
-CVE-2014-6071 [cross-site scripting flaw]
-       RESERVED
+CVE-2014-6071 (jQuery 1.4.2 allows remote attackers to conduct cross-site 
scripting ...)
        - jquery 1.6.1-1
        [squeeze] - jquery <no-dsa> (Only exploitable when following 
anti-patterns)
        NOTE: see https://bugzilla.redhat.com/show_bug.cgi?id=1136683#c2
@@ -131782,8 +131815,7 @@ CVE-2014-6028 (TorrentFlux 2.4 allows remote 
authenticated users to obtain other
        - torrentflux <removed> (bug #759573)
        [wheezy] - torrentflux <no-dsa> (Minor issue)
        [squeeze] - torrentflux <no-dsa> (Minor issue)
-CVE-2014-6027 [XSS]
-       RESERVED
+CVE-2014-6027 (Multiple cross-site scripting (XSS) vulnerabilities in 
TorrentFlux 2.4 ...)
        - torrentflux <removed> (bug #759574)
        [wheezy] - torrentflux <no-dsa> (Minor issue)
        [squeeze] - torrentflux <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/439a53961182eb6108b887c4867d700b705cf07a

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/439a53961182eb6108b887c4867d700b705cf07a
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to