Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: ec09ebd4 by security tracker role at 2018-01-18T21:10:22+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -68,8 +68,8 @@ CVE-2017-18035 RESERVED CVE-2017-18034 RESERVED -CVE-2017-18033 - RESERVED +CVE-2017-18033 (The Jira-importers-plugin in Atlassian Jira before version 7.6.1 ...) + TODO: check CVE-2018-5750 RESERVED CVE-2018-5749 @@ -5336,9 +5336,9 @@ CVE-2017-17840 (An issue was discovered in Open-iSCSI through 2.0.875. A local a NOTE: Not marking the issue as unimportant, since vulnerable source is present, but NOTE: not in all suites iscsiuio is built. CVE-2017-17839 - RESERVED + REJECTED CVE-2017-17838 - RESERVED + REJECTED CVE-2017-17837 (The Apache DeltaSpike-JSF 1.8.0 module has a XSS injection leak in the ...) NOT-FOR-US: Apache DeltaSpike-JSF module CVE-2017-17836 @@ -7669,6 +7669,7 @@ CVE-2018-2670 (Vulnerability in the Oracle Financial Services Profitability ...) CVE-2018-2669 (Vulnerability in the Oracle Hospitality Reporting and Analytics ...) NOT-FOR-US: Oracle CVE-2018-2668 (Vulnerability in the MySQL Server component of Oracle MySQL ...) + {DSA-4091-1} - mysql-5.7 <unfixed> (bug #887477) - mysql-5.5 <removed> NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL @@ -7679,6 +7680,7 @@ CVE-2018-2667 (Vulnerability in the MySQL Server component of Oracle MySQL ...) CVE-2018-2666 (Vulnerability in the Oracle Hospitality Labor Management component of ...) NOT-FOR-US: Oracle CVE-2018-2665 (Vulnerability in the MySQL Server component of Oracle MySQL ...) + {DSA-4091-1} - mysql-5.7 <unfixed> (bug #887477) - mysql-5.5 <removed> NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL @@ -7749,6 +7751,7 @@ CVE-2018-2641 (Vulnerability in the Java SE, Java SE Embedded component of Oracl - openjdk-6 <removed> [wheezy] - openjdk-6 <end-of-life> CVE-2018-2640 (Vulnerability in the MySQL Server component of Oracle MySQL ...) + {DSA-4091-1} - mysql-5.7 <unfixed> (bug #887477) - mysql-5.5 <removed> NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL @@ -7806,6 +7809,7 @@ CVE-2018-2624 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component CVE-2018-2623 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of ...) NOT-FOR-US: Oracle CVE-2018-2622 (Vulnerability in the MySQL Server component of Oracle MySQL ...) + {DSA-4091-1} - mysql-5.7 <unfixed> (bug #887477) - mysql-5.5 <removed> NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL @@ -7972,6 +7976,7 @@ CVE-2018-2564 (Vulnerability in the Oracle WebCenter Content component of Oracle CVE-2018-2563 RESERVED CVE-2018-2562 (Vulnerability in the MySQL Server component of Oracle MySQL ...) + {DSA-4091-1} - mysql-5.7 5.7.20-1 - mysql-5.5 <removed> NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL @@ -15614,8 +15619,8 @@ CVE-2017-16865 (The Trello importer in Atlassian Jira before version 7.6.1 allow NOT-FOR-US: Atlassian Jira CVE-2017-16864 (The issue search resource in Atlassian Jira before version 7.4.2 ...) NOT-FOR-US: Atlassian Jira -CVE-2017-16863 - RESERVED +CVE-2017-16863 (The PieChart gadget in Atlassian Jira before version 7.5.3 allows ...) + TODO: check CVE-2017-16862 (The IncomingMailServers resource in Atlassian Jira before version ...) NOT-FOR-US: Atlassian Jira CVE-2017-16861 @@ -18514,8 +18519,8 @@ CVE-2017-15871 (** DISPUTED ** The deserialize function in serialize-to-js throu NOT-FOR-US: Disputed serialize-to-js issue CVE-2017-15870 (Palo Alto Networks GlobalProtect Agent before 4.0.3 allows attackers ...) NOT-FOR-US: Palo Alto Networks GlobalProtect Agent -CVE-2017-15869 - RESERVED +CVE-2017-15869 (Cross-site scripting (XSS) vulnerability in knowledgebase.php in ...) + TODO: check CVE-2017-15868 (The bnep_add_connection function in net/bluetooth/bnep/core.c in the ...) {DSA-4082-1 DLA-1200-1} - linux 4.0.2-1 @@ -19286,13 +19291,13 @@ CVE-2017-15525 (Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be ... CVE-2017-15524 (The Application Firewall Pack (AFP, aka Web Application Firewall) ...) NOT-FOR-US: Kemp Load Balancer CVE-2017-15523 - RESERVED + REJECTED CVE-2017-15522 - RESERVED + REJECTED CVE-2017-15521 - RESERVED + REJECTED CVE-2017-15520 - RESERVED + REJECTED CVE-2017-15519 RESERVED CVE-2017-15518 @@ -27959,7 +27964,7 @@ CVE-2017-12743 RESERVED CVE-2017-12742 RESERVED -CVE-2017-12741 (A vulnerability has been identified in the following Siemens industrial ...) +CVE-2017-12741 (A vulnerability has been identified in SIMATIC S7-200 Smart, SIMATIC ...) NOT-FOR-US: Siemens CVE-2017-12740 (Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity ...) NOT-FOR-US: Siemens @@ -27983,8 +27988,8 @@ CVE-2017-12731 (A SQL Injection issue was discovered in OPW Fuel Management Syst NOT-FOR-US: SiteSentinel CVE-2017-12730 (An Unquoted Search Path issue was discovered in mySCADA myPRO Versions ...) NOT-FOR-US: mySCADA myPRO -CVE-2017-12729 - RESERVED +CVE-2017-12729 (A SQL Injection issue was discovered in Moxa SoftCMS Live Viewer ...) + TODO: check CVE-2017-12728 (An Improper Privilege Management issue was discovered in SpiderControl ...) NOT-FOR-US: SpiderControl SCADA Web Server CVE-2017-12727 @@ -45948,7 +45953,7 @@ CVE-2017-6867 (A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 bef NOT-FOR-US: Siemens CVE-2017-6866 (A vulnerability was discovered in Siemens XHQ server 4 and 5 (4 before ...) NOT-FOR-US: Siemens -CVE-2017-6865 (Siemens SIMATIC WinCC (TIA Portal) (V13 all versions before SP2 and ...) +CVE-2017-6865 (A vulnerability has been identified in Primary Setup Tool (PST), ...) NOT-FOR-US: Siemens CVE-2017-6864 (The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at ...) NOT-FOR-US: Siemens @@ -51699,8 +51704,8 @@ CVE-2017-5172 RESERVED CVE-2017-5171 RESERVED -CVE-2017-5170 - RESERVED +CVE-2017-5170 (An Uncontrolled Search Path Element issue was discovered in Moxa ...) + TODO: check CVE-2017-5169 (An issue was discovered in Hanwha Techwin Smart Security Manager ...) NOT-FOR-US: Hanwha Techwin CVE-2017-5168 (An issue was discovered in Hanwha Techwin Smart Security Manager ...) @@ -57394,8 +57399,8 @@ CVE-2017-3160 RESERVED CVE-2017-3159 (Apache Camel's camel-snakeyaml component is vulnerable to Java object ...) NOT-FOR-US: Apache Camel -CVE-2017-3158 - RESERVED +CVE-2017-3158 (A race condition in Guacamole's terminal emulator in versions 0.9.5 ...) + TODO: check CVE-2017-3157 (By exploiting the way Apache OpenOffice before 4.1.4 renders embedded ...) {DSA-3792-1 DLA-910-1} - libreoffice 1:5.2.3-1 @@ -58797,9 +58802,9 @@ CVE-2017-2683 (A non-privileged user of the Siemens web application RUGGEDCOM NM NOT-FOR-US: Siemens CVE-2017-2682 (The Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and ...) NOT-FOR-US: Siemens -CVE-2017-2681 (Siemens SIMATIC S7-300 incl. F and T (All versions before V3.X.14), ...) +CVE-2017-2681 (A vulnerability has been identified in Development/Evaluation Kit DK ...) NOT-FOR-US: Siemens -CVE-2017-2680 (Siemens SIMATIC CP 343-1 Std, CP 343-1 Lean (All versions), SIMATIC CP ...) +CVE-2017-2680 (A vulnerability has been identified in Extension Unit 12" PROFINET, ...) NOT-FOR-US: Siemens CVE-2017-2679 RESERVED @@ -72560,7 +72565,7 @@ CVE-2016-7167 (Multiple integer overflows in the (1) curl_escape, (2) ...) NOTE: Upstream patch: https://curl.haxx.se/CVE-2016-7167.patch NOTE: Affected versions: libcurl 7.11.1 to and including 7.50.2 NOTE: Not affected versions: libcurl < 7.11.1 and libcurl >= 7.50.3 -CVE-2016-7165 (Unquoted Windows search path vulnerability in Siemens SIMATIC WinCC ...) +CVE-2016-7165 (A vulnerability has been identified in Primary Setup Tool (PST), ...) NOT-FOR-US: Microsoft CVE-2016-7162 (The _g_file_remove_directory function in file-utils.c in File Roller ...) - file-roller 3.20.3-1 @@ -73696,8 +73701,7 @@ CVE-2016-6816 (The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, NOTE: Fixed by: http://svn.apache.org/r1767683 (6.0.x) CVE-2016-6815 (In Apache Ranger before 0.6.2, users with "keyadmin" role should not ...) NOT-FOR-US: Apache Ranger -CVE-2016-6814 - RESERVED +CVE-2016-6814 (When an application with unsupported Codehaus versions of Groovy from ...) {DLA-794-1} - groovy 2.4.8-1 (bug #851408) [jessie] - groovy 1.8.6-4+deb8u2 @@ -141472,8 +141476,8 @@ CVE-2014-2019 (The iCloud subsystem in Apple iOS before 7.1 allows physically .. CVE-2014-2018 (Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x ...) - icedove 24.2.0-1 [squeeze] - icedove <end-of-life> -CVE-2014-2017 - RESERVED +CVE-2014-2017 (CRLF injection vulnerability in OXID eShop Professional Edition before ...) + TODO: check CVE-2014-2016 (Multiple cross-site scripting (XSS) vulnerabilities in OXID eShop ...) NOT-FOR-US: OXID eShop CVE-2014-2012 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ec09ebd4db48642bb7413af44f6515d47e1f9384 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ec09ebd4db48642bb7413af44f6515d47e1f9384 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits