Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: a4e804ae by security tracker role at 2018-01-29T21:10:28+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,65 @@ +CVE-2018-6393 (FreePBX 10.13.66-32bit allows post-authentication SQL injection via the ...) + TODO: check +CVE-2018-6392 (The filter_slice function in libavfilter/vf_transpose.c in FFmpeg ...) + TODO: check +CVE-2018-6391 (A cross-site request forgery web vulnerability has been discovered on ...) + TODO: check +CVE-2018-6390 (The WStr::assign function in kso.dll in Kingsoft WPS Office 10.1.0.7106 ...) + TODO: check +CVE-2018-6389 + RESERVED +CVE-2018-6388 (iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices allow remote ...) + TODO: check +CVE-2018-6387 (iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices have a hardcoded ...) + TODO: check +CVE-2018-6386 + RESERVED +CVE-2018-6385 + RESERVED +CVE-2018-6384 + RESERVED +CVE-2018-6383 (Monstra CMS through 3.0.4 has an incomplete "forbidden types" list that ...) + TODO: check +CVE-2018-6382 + RESERVED +CVE-2018-6381 (In ZZIPlib 0.13.67, there is a segmentation fault caused by invalid ...) + TODO: check +CVE-2018-6380 + RESERVED +CVE-2018-6379 + RESERVED +CVE-2018-6378 + RESERVED +CVE-2018-6377 + RESERVED +CVE-2018-6376 + RESERVED +CVE-2018-1000029 + RESERVED +CVE-2018-1000026 + RESERVED +CVE-2018-1000025 + RESERVED +CVE-2018-1000023 + RESERVED +CVE-2018-1000021 + RESERVED +CVE-2018-1000020 + RESERVED +CVE-2018-1000019 + RESERVED +CVE-2017-1000510 + RESERVED +CVE-2017-1000509 + RESERVED +CVE-2017-1000508 + RESERVED +CVE-2017-1000507 + RESERVED +CVE-2017-1000506 + RESERVED +CVE-2016-10711 (Apsis Pound before 2.8a allows request smuggling via crafted headers, a ...) + TODO: check CVE-2018-6375 RESERVED CVE-2018-6374 @@ -2706,6 +2768,7 @@ CVE-2017-18024 (AvantFAX 3.3.3 has XSS via an arbitrary parameter name to the de CVE-2017-18023 (Office Tracker 11.2.5 has XSS via the logincount parameter to the ...) NOT-FOR-US: Office Tracker CVE-2018-1000028 [nfsd: auth: Fix gid sorting when rootsquash enabled] + RESERVED - linux <unfixed> [stretch] - linux <not-affected> (Vulnerable code introduced later) [jessie] - linux <not-affected> (Vulnerable code introduced later) @@ -2714,6 +2777,7 @@ CVE-2018-1000028 [nfsd: auth: Fix gid sorting when rootsquash enabled] NOTE: Introducing commit backported to 4.14.8 and 4.9.76. But Debian stretch NOTE: did never contain the vulnerable code alone without the fix. CVE-2018-1000027 [SQUID-2018:2 Denial of Service issue in HTTP Message processing] + RESERVED [experimental] - squid 4.0.23-1~exp8 - squid <removed> - squid3 <unfixed> (bug #888720) @@ -2722,6 +2786,7 @@ CVE-2018-1000027 [SQUID-2018:2 Denial of Service issue in HTTP Message processin NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2018_2.patch NOTE: http://www.squid-cache.org/Advisories/SQUID-2018_2.txt CVE-2018-1000024 [SQUID-2018:1 Denial of Service issue in ESI Response processing] + RESERVED [experimental] - squid 4.0.23-1~exp8 - squid <removed> - squid3 <unfixed> (bug #888719) @@ -2730,6 +2795,7 @@ CVE-2018-1000024 [SQUID-2018:1 Denial of Service issue in ESI Response processin NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2018_1.patch NOTE: http://www.squid-cache.org/Advisories/SQUID-2018_1.txt CVE-2018-1000022 [Password protect the JSONRPC interface] + RESERVED - electrum 3.0.5-1 (bug #886683) [stretch] - electrum <ignored> (Unable to connect to current Etherum servers and thus not exploitable, scheduled for removal at #887412) [jessie] - electrum <not-affected> (Only affects >= 2.6) @@ -3161,7 +3227,7 @@ CVE-2018-5118 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5118 CVE-2018-5117 RESERVED - {DSA-4096-1 DLA-1256-1} + {DSA-4096-1 DLA-1262-1 DLA-1256-1} - firefox 58.0-1 - firefox-esr 52.6.0esr-1 - thunderbird 1:52.6.0-1 @@ -3218,7 +3284,7 @@ CVE-2018-5105 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5105 CVE-2018-5104 RESERVED - {DSA-4096-1 DLA-1256-1} + {DSA-4096-1 DLA-1262-1 DLA-1256-1} - firefox 58.0-1 - firefox-esr 52.6.0esr-1 - thunderbird 1:52.6.0-1 @@ -3227,7 +3293,7 @@ CVE-2018-5104 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5104 CVE-2018-5103 RESERVED - {DSA-4096-1 DLA-1256-1} + {DSA-4096-1 DLA-1262-1 DLA-1256-1} - firefox 58.0-1 - firefox-esr 52.6.0esr-1 - thunderbird 1:52.6.0-1 @@ -3236,7 +3302,7 @@ CVE-2018-5103 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5103 CVE-2018-5102 RESERVED - {DSA-4096-1 DLA-1256-1} + {DSA-4096-1 DLA-1262-1 DLA-1256-1} - firefox 58.0-1 - firefox-esr 52.6.0esr-1 - thunderbird 1:52.6.0-1 @@ -3253,7 +3319,7 @@ CVE-2018-5100 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5100 CVE-2018-5099 RESERVED - {DSA-4096-1 DLA-1256-1} + {DSA-4096-1 DLA-1262-1 DLA-1256-1} - firefox 58.0-1 - firefox-esr 52.6.0esr-1 - thunderbird 1:52.6.0-1 @@ -3262,7 +3328,7 @@ CVE-2018-5099 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5099 CVE-2018-5098 RESERVED - {DSA-4096-1 DLA-1256-1} + {DSA-4096-1 DLA-1262-1 DLA-1256-1} - firefox 58.0-1 - firefox-esr 52.6.0esr-1 - thunderbird 1:52.6.0-1 @@ -3271,7 +3337,7 @@ CVE-2018-5098 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5098 CVE-2018-5097 RESERVED - {DSA-4096-1 DLA-1256-1} + {DSA-4096-1 DLA-1262-1 DLA-1256-1} - firefox 58.0-1 - firefox-esr 52.6.0esr-1 - thunderbird 1:52.6.0-1 @@ -3280,14 +3346,14 @@ CVE-2018-5097 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5097 CVE-2018-5096 RESERVED - {DSA-4096-1 DLA-1256-1} + {DSA-4096-1 DLA-1262-1 DLA-1256-1} - firefox-esr 52.6.0esr-1 - thunderbird 1:52.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5096 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5096 CVE-2018-5095 RESERVED - {DSA-4096-1 DLA-1256-1} + {DSA-4096-1 DLA-1262-1 DLA-1256-1} - firefox 58.0-1 - firefox-esr 52.6.0esr-1 - skia <itp> (bug #818180) @@ -3320,7 +3386,7 @@ CVE-2018-5090 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5090 CVE-2018-5089 RESERVED - {DSA-4096-1 DLA-1256-1} + {DSA-4096-1 DLA-1262-1 DLA-1256-1} - firefox 58.0-1 - firefox-esr 52.6.0esr-1 - thunderbird 1:52.6.0-1 @@ -5948,8 +6014,8 @@ CVE-2018-3837 RESERVED CVE-2018-3836 RESERVED -CVE-2018-3835 - RESERVED +CVE-2018-3835 (An exploitable out of bounds write vulnerability exists in version 2.2 ...) + TODO: check CVE-2018-3834 RESERVED CVE-2018-3833 @@ -12169,8 +12235,8 @@ CVE-2018-1366 RESERVED CVE-2018-1365 RESERVED -CVE-2018-1364 - RESERVED +CVE-2018-1364 (IBM Content Navigator 2.0 and 3.0 is vulnerable to a XML External ...) + TODO: check CVE-2018-1363 RESERVED CVE-2018-1362 (IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 ...) @@ -15039,25 +15105,25 @@ CVE-2018-0732 CVE-2018-0731 RESERVED CVE-2017-17079 - RESERVED + REJECTED CVE-2017-17078 - RESERVED + REJECTED CVE-2017-17077 - RESERVED + REJECTED CVE-2017-17076 - RESERVED + REJECTED CVE-2017-17075 - RESERVED + REJECTED CVE-2017-17074 - RESERVED + REJECTED CVE-2017-17073 - RESERVED + REJECTED CVE-2017-17072 - RESERVED + REJECTED CVE-2017-17071 - RESERVED + REJECTED CVE-2017-17070 - RESERVED + REJECTED CVE-2017-17069 (ActiveSetupN.exe in Amazon Audible for Windows before November 2017 ...) NOT-FOR-US: ActiveSetupN.exe in Amazon Audible for Windows CVE-2017-17068 (A cross-origin vulnerability has been discovered in the Auth0 auth0.js ...) @@ -16537,8 +16603,8 @@ CVE-2018-0103 (A Buffer Overflow vulnerability in Cisco WebEx Network Recording NOT-FOR-US: Cisco CVE-2018-0102 (A vulnerability in the Pong tool of Cisco NX-OS Software could allow an ...) NOT-FOR-US: Cisco -CVE-2018-0101 - RESERVED +CVE-2018-0101 (A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of ...) + TODO: check CVE-2018-0100 (A vulnerability in the Profile Editor of the Cisco AnyConnect Secure ...) NOT-FOR-US: Cisco CVE-2018-0099 (A vulnerability in the web management GUI of the Cisco D9800 Network ...) @@ -22275,8 +22341,7 @@ CVE-2017-15135 (It was found that 389-ds-base since 1.3.6.1 up to and including CVE-2017-15134 [Remote DoS via search filters in slapi_filter_sprintf in slapd/util.c] RESERVED - 389-ds-base <unfixed> (bug #888452) -CVE-2017-15133 [TCP denial of service] - RESERVED +CVE-2017-15133 (A denial of service flaw was found in miekg-dns before 1.0.4. A remote ...) - golang-github-miekg-dns <unfixed> (bug #888777) [stretch] - golang-github-miekg-dns <no-dsa> (Minor issue) NOTE: https://github.com/miekg/dns/issues/627 @@ -23771,10 +23836,10 @@ CVE-2017-14701 RESERVED CVE-2017-14700 RESERVED -CVE-2017-14699 - RESERVED -CVE-2017-14698 - RESERVED +CVE-2017-14699 (Multiple XML external entity (XXE) vulnerabilities in the AiCloud ...) + TODO: check +CVE-2017-14698 (ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, ...) + TODO: check CVE-2017-14697 RESERVED CVE-2017-14696 (SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and ...) @@ -25258,8 +25323,8 @@ CVE-2017-14192 (The checktitle function in controllers/member/api.php in dayrui NOT-FOR-US: dayrui FineCms CVE-2017-14191 RESERVED -CVE-2017-14190 - RESERVED +CVE-2017-14190 (A Cross-site Scripting vulnerability in Fortinet FortiOS 5.6.0 to ...) + TODO: check CVE-2017-14189 (An improper access control vulnerability in Fortinet FortiWebManager ...) NOT-FOR-US: Fortinet CVE-2017-14188 @@ -30079,8 +30144,7 @@ CVE-2017-12628 (The JMX server embedded in Apache James, also used by the comman NOT-FOR-US: Apache James CVE-2017-12627 RESERVED -CVE-2017-12626 [Denial of Service Vulnerabilities] - RESERVED +CVE-2017-12626 (Apache POI in versions prior to release 3.17 are vulnerable to Denial ...) - libapache-poi-java <unfixed> (bug #888651) [stretch] - libapache-poi-java <no-dsa> (Minor issue) [jessie] - libapache-poi-java <no-dsa> (Minor issue) @@ -38991,8 +39055,8 @@ CVE-2017-9515 RESERVED CVE-2017-9514 (Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a ...) NOT-FOR-US: Atlassian Bamboo -CVE-2017-9513 - RESERVED +CVE-2017-9513 (Several rest inline action resources of Atlassian Activity Streams ...) + TODO: check CVE-2017-9512 (The mostActiveCommitters.do resource in Atlassian FishEye and ...) NOT-FOR-US: Atlassian CVE-2017-9511 (The MultiPathResource class in Atlassian FishEye and Crucible, before ...) @@ -43300,13 +43364,13 @@ CVE-2017-1000358 (Controller throws an exception and does not allow user to add NOT-FOR-US: OpenDaylight CVE-2017-1000357 (Denial of Service attack when the switch rejects to receive packets ...) NOT-FOR-US: OpenDaylight -CVE-2017-1000356 +CVE-2017-1000356 (Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier ...) - jenkins <removed> -CVE-2017-1000355 +CVE-2017-1000355 (Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier ...) - jenkins <removed> -CVE-2017-1000354 +CVE-2017-1000354 (Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier ...) - jenkins <removed> -CVE-2017-1000353 +CVE-2017-1000353 (Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier ...) - jenkins <removed> CVE-2017-8084 RESERVED @@ -45580,8 +45644,8 @@ CVE-2017-7518 [debug exception via syscall emulation] CVE-2017-7517 RESERVED NOT-FOR-US: OpenShift -CVE-2017-7516 - RESERVED +CVE-2017-7516 (It was found that the cpio --no-absolute-filenames option since ...) + TODO: check CVE-2017-7515 (poppler through version 0.55.0 is vulnerable to an uncontrolled ...) - poppler 0.57.0-2 (unimportant) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101208 @@ -54564,16 +54628,16 @@ CVE-2017-4953 RESERVED CVE-2017-4952 RESERVED -CVE-2017-4951 - RESERVED +CVE-2017-4951 (VMware AirWatch Console (9.2.x before 9.2.2 and 9.1.x before 9.1.5) ...) + TODO: check CVE-2017-4950 (VMware Workstation and Fusion contain an integer overflow ...) NOT-FOR-US: VMware CVE-2017-4949 (VMware Workstation and Fusion contain a use-after-free vulnerability ...) NOT-FOR-US: VMware CVE-2017-4948 (VMware Workstation (14.x before 14.1.0 and 12.x) and Horizon View ...) NOT-FOR-US: VMware -CVE-2017-4947 - RESERVED +CVE-2017-4947 (VMware Realize Automation (7.3 and 7.2) and vSphere Integrated ...) + TODO: check CVE-2017-4946 (The VMware V4H and V4PA desktop agents (6.x before 6.5.1) contain a ...) NOT-FOR-US: VMware CVE-2017-4945 (VMware Workstation (14.x and 12.x) and Fusion (10.x and 8.x) contain a ...) @@ -57139,7 +57203,7 @@ CVE-2017-3741 (In the Lenovo Power Management driver before 1.67.12.24, a local CVE-2017-3740 (In Lenovo Active Protection System before 1.82.0.14, an attacker with ...) NOT-FOR-US: Lenovo CVE-2017-3739 - RESERVED + REJECTED CVE-2017-3738 (There is an overflow bug in the AVX2 Montgomery multiplication ...) {DSA-4065-1} - openssl <unfixed> (low) @@ -62777,18 +62841,18 @@ CVE-2017-1786 RESERVED CVE-2017-1785 RESERVED -CVE-2017-1784 - RESERVED -CVE-2017-1783 - RESERVED +CVE-2017-1784 (IBM Cognos Analytics 11.0 could produce results in temporary files ...) + TODO: check +CVE-2017-1783 (IBM Cognos Analytics 11.0 could allow a local user to change ...) + TODO: check CVE-2017-1782 RESERVED CVE-2017-1781 RESERVED CVE-2017-1780 RESERVED -CVE-2017-1779 - RESERVED +CVE-2017-1779 (IBM Cognos Analytics 11.0 could store cached credentials locally that ...) + TODO: check CVE-2017-1778 RESERVED CVE-2017-1777 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a4e804ae2dc90197d4044c17d8ae1f30c3422a5c --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a4e804ae2dc90197d4044c17d8ae1f30c3422a5c You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits