Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a4e804ae by security tracker role at 2018-01-29T21:10:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,65 @@
+CVE-2018-6393 (FreePBX 10.13.66-32bit allows post-authentication SQL injection
via the ...)
+ TODO: check
+CVE-2018-6392 (The filter_slice function in libavfilter/vf_transpose.c in
FFmpeg ...)
+ TODO: check
+CVE-2018-6391 (A cross-site request forgery web vulnerability has been
discovered on ...)
+ TODO: check
+CVE-2018-6390 (The WStr::assign function in kso.dll in Kingsoft WPS Office
10.1.0.7106 ...)
+ TODO: check
+CVE-2018-6389
+ RESERVED
+CVE-2018-6388 (iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices allow
remote ...)
+ TODO: check
+CVE-2018-6387 (iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices have a
hardcoded ...)
+ TODO: check
+CVE-2018-6386
+ RESERVED
+CVE-2018-6385
+ RESERVED
+CVE-2018-6384
+ RESERVED
+CVE-2018-6383 (Monstra CMS through 3.0.4 has an incomplete "forbidden
types" list that ...)
+ TODO: check
+CVE-2018-6382
+ RESERVED
+CVE-2018-6381 (In ZZIPlib 0.13.67, there is a segmentation fault caused by
invalid ...)
+ TODO: check
+CVE-2018-6380
+ RESERVED
+CVE-2018-6379
+ RESERVED
+CVE-2018-6378
+ RESERVED
+CVE-2018-6377
+ RESERVED
+CVE-2018-6376
+ RESERVED
+CVE-2018-1000029
+ RESERVED
+CVE-2018-1000026
+ RESERVED
+CVE-2018-1000025
+ RESERVED
+CVE-2018-1000023
+ RESERVED
+CVE-2018-1000021
+ RESERVED
+CVE-2018-1000020
+ RESERVED
+CVE-2018-1000019
+ RESERVED
+CVE-2017-1000510
+ RESERVED
+CVE-2017-1000509
+ RESERVED
+CVE-2017-1000508
+ RESERVED
+CVE-2017-1000507
+ RESERVED
+CVE-2017-1000506
+ RESERVED
+CVE-2016-10711 (Apsis Pound before 2.8a allows request smuggling via crafted
headers, a ...)
+ TODO: check
CVE-2018-6375
RESERVED
CVE-2018-6374
@@ -2706,6 +2768,7 @@ CVE-2017-18024 (AvantFAX 3.3.3 has XSS via an arbitrary
parameter name to the de
CVE-2017-18023 (Office Tracker 11.2.5 has XSS via the logincount parameter to
the ...)
NOT-FOR-US: Office Tracker
CVE-2018-1000028 [nfsd: auth: Fix gid sorting when rootsquash enabled]
+ RESERVED
- linux <unfixed>
[stretch] - linux <not-affected> (Vulnerable code introduced later)
[jessie] - linux <not-affected> (Vulnerable code introduced later)
@@ -2714,6 +2777,7 @@ CVE-2018-1000028 [nfsd: auth: Fix gid sorting when
rootsquash enabled]
NOTE: Introducing commit backported to 4.14.8 and 4.9.76. But Debian
stretch
NOTE: did never contain the vulnerable code alone without the fix.
CVE-2018-1000027 [SQUID-2018:2 Denial of Service issue in HTTP Message
processing]
+ RESERVED
[experimental] - squid 4.0.23-1~exp8
- squid <removed>
- squid3 <unfixed> (bug #888720)
@@ -2722,6 +2786,7 @@ CVE-2018-1000027 [SQUID-2018:2 Denial of Service issue in
HTTP Message processin
NOTE: Squid 4:
http://www.squid-cache.org/Versions/v4/changesets/SQUID-2018_2.patch
NOTE: http://www.squid-cache.org/Advisories/SQUID-2018_2.txt
CVE-2018-1000024 [SQUID-2018:1 Denial of Service issue in ESI Response
processing]
+ RESERVED
[experimental] - squid 4.0.23-1~exp8
- squid <removed>
- squid3 <unfixed> (bug #888719)
@@ -2730,6 +2795,7 @@ CVE-2018-1000024 [SQUID-2018:1 Denial of Service issue in
ESI Response processin
NOTE: Squid 4:
http://www.squid-cache.org/Versions/v4/changesets/SQUID-2018_1.patch
NOTE: http://www.squid-cache.org/Advisories/SQUID-2018_1.txt
CVE-2018-1000022 [Password protect the JSONRPC interface]
+ RESERVED
- electrum 3.0.5-1 (bug #886683)
[stretch] - electrum <ignored> (Unable to connect to current Etherum
servers and thus not exploitable, scheduled for removal at #887412)
[jessie] - electrum <not-affected> (Only affects >= 2.6)
@@ -3161,7 +3227,7 @@ CVE-2018-5118
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5118
CVE-2018-5117
RESERVED
- {DSA-4096-1 DLA-1256-1}
+ {DSA-4096-1 DLA-1262-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
- thunderbird 1:52.6.0-1
@@ -3218,7 +3284,7 @@ CVE-2018-5105
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5105
CVE-2018-5104
RESERVED
- {DSA-4096-1 DLA-1256-1}
+ {DSA-4096-1 DLA-1262-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
- thunderbird 1:52.6.0-1
@@ -3227,7 +3293,7 @@ CVE-2018-5104
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5104
CVE-2018-5103
RESERVED
- {DSA-4096-1 DLA-1256-1}
+ {DSA-4096-1 DLA-1262-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
- thunderbird 1:52.6.0-1
@@ -3236,7 +3302,7 @@ CVE-2018-5103
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5103
CVE-2018-5102
RESERVED
- {DSA-4096-1 DLA-1256-1}
+ {DSA-4096-1 DLA-1262-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
- thunderbird 1:52.6.0-1
@@ -3253,7 +3319,7 @@ CVE-2018-5100
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5100
CVE-2018-5099
RESERVED
- {DSA-4096-1 DLA-1256-1}
+ {DSA-4096-1 DLA-1262-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
- thunderbird 1:52.6.0-1
@@ -3262,7 +3328,7 @@ CVE-2018-5099
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5099
CVE-2018-5098
RESERVED
- {DSA-4096-1 DLA-1256-1}
+ {DSA-4096-1 DLA-1262-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
- thunderbird 1:52.6.0-1
@@ -3271,7 +3337,7 @@ CVE-2018-5098
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5098
CVE-2018-5097
RESERVED
- {DSA-4096-1 DLA-1256-1}
+ {DSA-4096-1 DLA-1262-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
- thunderbird 1:52.6.0-1
@@ -3280,14 +3346,14 @@ CVE-2018-5097
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5097
CVE-2018-5096
RESERVED
- {DSA-4096-1 DLA-1256-1}
+ {DSA-4096-1 DLA-1262-1 DLA-1256-1}
- firefox-esr 52.6.0esr-1
- thunderbird 1:52.6.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5096
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5096
CVE-2018-5095
RESERVED
- {DSA-4096-1 DLA-1256-1}
+ {DSA-4096-1 DLA-1262-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
- skia <itp> (bug #818180)
@@ -3320,7 +3386,7 @@ CVE-2018-5090
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5090
CVE-2018-5089
RESERVED
- {DSA-4096-1 DLA-1256-1}
+ {DSA-4096-1 DLA-1262-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
- thunderbird 1:52.6.0-1
@@ -5948,8 +6014,8 @@ CVE-2018-3837
RESERVED
CVE-2018-3836
RESERVED
-CVE-2018-3835
- RESERVED
+CVE-2018-3835 (An exploitable out of bounds write vulnerability exists in
version 2.2 ...)
+ TODO: check
CVE-2018-3834
RESERVED
CVE-2018-3833
@@ -12169,8 +12235,8 @@ CVE-2018-1366
RESERVED
CVE-2018-1365
RESERVED
-CVE-2018-1364
- RESERVED
+CVE-2018-1364 (IBM Content Navigator 2.0 and 3.0 is vulnerable to a XML
External ...)
+ TODO: check
CVE-2018-1363
RESERVED
CVE-2018-1362 (IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and
7.0.1 ...)
@@ -15039,25 +15105,25 @@ CVE-2018-0732
CVE-2018-0731
RESERVED
CVE-2017-17079
- RESERVED
+ REJECTED
CVE-2017-17078
- RESERVED
+ REJECTED
CVE-2017-17077
- RESERVED
+ REJECTED
CVE-2017-17076
- RESERVED
+ REJECTED
CVE-2017-17075
- RESERVED
+ REJECTED
CVE-2017-17074
- RESERVED
+ REJECTED
CVE-2017-17073
- RESERVED
+ REJECTED
CVE-2017-17072
- RESERVED
+ REJECTED
CVE-2017-17071
- RESERVED
+ REJECTED
CVE-2017-17070
- RESERVED
+ REJECTED
CVE-2017-17069 (ActiveSetupN.exe in Amazon Audible for Windows before November
2017 ...)
NOT-FOR-US: ActiveSetupN.exe in Amazon Audible for Windows
CVE-2017-17068 (A cross-origin vulnerability has been discovered in the Auth0
auth0.js ...)
@@ -16537,8 +16603,8 @@ CVE-2018-0103 (A Buffer Overflow vulnerability in Cisco
WebEx Network Recording
NOT-FOR-US: Cisco
CVE-2018-0102 (A vulnerability in the Pong tool of Cisco NX-OS Software could
allow an ...)
NOT-FOR-US: Cisco
-CVE-2018-0101
- RESERVED
+CVE-2018-0101 (A vulnerability in the Secure Sockets Layer (SSL) VPN
functionality of ...)
+ TODO: check
CVE-2018-0100 (A vulnerability in the Profile Editor of the Cisco AnyConnect
Secure ...)
NOT-FOR-US: Cisco
CVE-2018-0099 (A vulnerability in the web management GUI of the Cisco D9800
Network ...)
@@ -22275,8 +22341,7 @@ CVE-2017-15135 (It was found that 389-ds-base since
1.3.6.1 up to and including
CVE-2017-15134 [Remote DoS via search filters in slapi_filter_sprintf in
slapd/util.c]
RESERVED
- 389-ds-base <unfixed> (bug #888452)
-CVE-2017-15133 [TCP denial of service]
- RESERVED
+CVE-2017-15133 (A denial of service flaw was found in miekg-dns before 1.0.4.
A remote ...)
- golang-github-miekg-dns <unfixed> (bug #888777)
[stretch] - golang-github-miekg-dns <no-dsa> (Minor issue)
NOTE: https://github.com/miekg/dns/issues/627
@@ -23771,10 +23836,10 @@ CVE-2017-14701
RESERVED
CVE-2017-14700
RESERVED
-CVE-2017-14699
- RESERVED
-CVE-2017-14698
- RESERVED
+CVE-2017-14699 (Multiple XML external entity (XXE) vulnerabilities in the
AiCloud ...)
+ TODO: check
+CVE-2017-14698 (ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1,
...)
+ TODO: check
CVE-2017-14697
RESERVED
CVE-2017-14696 (SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8,
and ...)
@@ -25258,8 +25323,8 @@ CVE-2017-14192 (The checktitle function in
controllers/member/api.php in dayrui
NOT-FOR-US: dayrui FineCms
CVE-2017-14191
RESERVED
-CVE-2017-14190
- RESERVED
+CVE-2017-14190 (A Cross-site Scripting vulnerability in Fortinet FortiOS 5.6.0
to ...)
+ TODO: check
CVE-2017-14189 (An improper access control vulnerability in Fortinet
FortiWebManager ...)
NOT-FOR-US: Fortinet
CVE-2017-14188
@@ -30079,8 +30144,7 @@ CVE-2017-12628 (The JMX server embedded in Apache
James, also used by the comman
NOT-FOR-US: Apache James
CVE-2017-12627
RESERVED
-CVE-2017-12626 [Denial of Service Vulnerabilities]
- RESERVED
+CVE-2017-12626 (Apache POI in versions prior to release 3.17 are vulnerable to
Denial ...)
- libapache-poi-java <unfixed> (bug #888651)
[stretch] - libapache-poi-java <no-dsa> (Minor issue)
[jessie] - libapache-poi-java <no-dsa> (Minor issue)
@@ -38991,8 +39055,8 @@ CVE-2017-9515
RESERVED
CVE-2017-9514 (Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1
had a ...)
NOT-FOR-US: Atlassian Bamboo
-CVE-2017-9513
- RESERVED
+CVE-2017-9513 (Several rest inline action resources of Atlassian Activity
Streams ...)
+ TODO: check
CVE-2017-9512 (The mostActiveCommitters.do resource in Atlassian FishEye and
...)
NOT-FOR-US: Atlassian
CVE-2017-9511 (The MultiPathResource class in Atlassian FishEye and Crucible,
before ...)
@@ -43300,13 +43364,13 @@ CVE-2017-1000358 (Controller throws an exception and
does not allow user to add
NOT-FOR-US: OpenDaylight
CVE-2017-1000357 (Denial of Service attack when the switch rejects to receive
packets ...)
NOT-FOR-US: OpenDaylight
-CVE-2017-1000356
+CVE-2017-1000356 (Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and
earlier ...)
- jenkins <removed>
-CVE-2017-1000355
+CVE-2017-1000355 (Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and
earlier ...)
- jenkins <removed>
-CVE-2017-1000354
+CVE-2017-1000354 (Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and
earlier ...)
- jenkins <removed>
-CVE-2017-1000353
+CVE-2017-1000353 (Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and
earlier ...)
- jenkins <removed>
CVE-2017-8084
RESERVED
@@ -45580,8 +45644,8 @@ CVE-2017-7518 [debug exception via syscall emulation]
CVE-2017-7517
RESERVED
NOT-FOR-US: OpenShift
-CVE-2017-7516
- RESERVED
+CVE-2017-7516 (It was found that the cpio --no-absolute-filenames option since
...)
+ TODO: check
CVE-2017-7515 (poppler through version 0.55.0 is vulnerable to an uncontrolled
...)
- poppler 0.57.0-2 (unimportant)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101208
@@ -54564,16 +54628,16 @@ CVE-2017-4953
RESERVED
CVE-2017-4952
RESERVED
-CVE-2017-4951
- RESERVED
+CVE-2017-4951 (VMware AirWatch Console (9.2.x before 9.2.2 and 9.1.x before
9.1.5) ...)
+ TODO: check
CVE-2017-4950 (VMware Workstation and Fusion contain an integer overflow ...)
NOT-FOR-US: VMware
CVE-2017-4949 (VMware Workstation and Fusion contain a use-after-free
vulnerability ...)
NOT-FOR-US: VMware
CVE-2017-4948 (VMware Workstation (14.x before 14.1.0 and 12.x) and Horizon
View ...)
NOT-FOR-US: VMware
-CVE-2017-4947
- RESERVED
+CVE-2017-4947 (VMware Realize Automation (7.3 and 7.2) and vSphere Integrated
...)
+ TODO: check
CVE-2017-4946 (The VMware V4H and V4PA desktop agents (6.x before 6.5.1)
contain a ...)
NOT-FOR-US: VMware
CVE-2017-4945 (VMware Workstation (14.x and 12.x) and Fusion (10.x and 8.x)
contain a ...)
@@ -57139,7 +57203,7 @@ CVE-2017-3741 (In the Lenovo Power Management driver
before 1.67.12.24, a local
CVE-2017-3740 (In Lenovo Active Protection System before 1.82.0.14, an
attacker with ...)
NOT-FOR-US: Lenovo
CVE-2017-3739
- RESERVED
+ REJECTED
CVE-2017-3738 (There is an overflow bug in the AVX2 Montgomery multiplication
...)
{DSA-4065-1}
- openssl <unfixed> (low)
@@ -62777,18 +62841,18 @@ CVE-2017-1786
RESERVED
CVE-2017-1785
RESERVED
-CVE-2017-1784
- RESERVED
-CVE-2017-1783
- RESERVED
+CVE-2017-1784 (IBM Cognos Analytics 11.0 could produce results in temporary
files ...)
+ TODO: check
+CVE-2017-1783 (IBM Cognos Analytics 11.0 could allow a local user to change
...)
+ TODO: check
CVE-2017-1782
RESERVED
CVE-2017-1781
RESERVED
CVE-2017-1780
RESERVED
-CVE-2017-1779
- RESERVED
+CVE-2017-1779 (IBM Cognos Analytics 11.0 could store cached credentials
locally that ...)
+ TODO: check
CVE-2017-1778
RESERVED
CVE-2017-1777
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a4e804ae2dc90197d4044c17d8ae1f30c3422a5c
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a4e804ae2dc90197d4044c17d8ae1f30c3422a5c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
