Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a83985ce by security tracker role at 2018-01-31T21:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,139 @@
+CVE-2018-6480 (A type confusion issue was discovered in CCN-lite 2, leading to
a ...)
+ TODO: check
+CVE-2018-6479 (An issue was discovered on Netwave IP Camera devices. An ...)
+ TODO: check
+CVE-2018-6478
+ RESERVED
+CVE-2018-6477
+ RESERVED
+CVE-2018-6476 (In SUPERAntiSpyware Professional Trial 6.0.1254, the
SASKUTIL.SYS ...)
+ TODO: check
+CVE-2018-6475 (In SUPERAntiSpyware Professional Trial 6.0.1254,
SUPERAntiSpyware.exe ...)
+ TODO: check
+CVE-2018-6474 (In SUPERAntiSpyware Professional Trial 6.0.1254, the driver
file ...)
+ TODO: check
+CVE-2018-6473 (In SUPERAntiSpyware Professional Trial 6.0.1254, the driver
file ...)
+ TODO: check
+CVE-2018-6472 (In SUPERAntiSpyware Professional Trial 6.0.1254, the driver
file ...)
+ TODO: check
+CVE-2018-6471 (In SUPERAntiSpyware Professional Trial 6.0.1254, the driver
file ...)
+ TODO: check
+CVE-2018-6470
+ RESERVED
+CVE-2018-6469
+ RESERVED
+CVE-2018-6468
+ RESERVED
+CVE-2018-6467
+ RESERVED
+CVE-2018-6466
+ RESERVED
+CVE-2018-6465 (The PropertyHive plugin before 1.4.15 for WordPress has XSS via
the ...)
+ TODO: check
+CVE-2018-6464 (Simditor v2.3.11 allows XSS via crafted use of svg/onload=alert
in a ...)
+ TODO: check
+CVE-2018-6463
+ RESERVED
+CVE-2018-6462 (Tracker PDF-XChange Viewer and Viewer AX SDK before 2.5.322.8
mishandle ...)
+ TODO: check
+CVE-2018-6461
+ RESERVED
+CVE-2018-6460 (Hotspot Shield runs a webserver with a static IP address
127.0.0.1 and ...)
+ TODO: check
+CVE-2018-6459
+ RESERVED
+CVE-2018-6458
+ RESERVED
+CVE-2018-6457
+ RESERVED
+CVE-2018-6456
+ RESERVED
+CVE-2018-6455
+ RESERVED
+CVE-2018-6454
+ RESERVED
+CVE-2018-6453
+ RESERVED
+CVE-2018-6452
+ RESERVED
+CVE-2018-6451
+ RESERVED
+CVE-2018-6450
+ RESERVED
+CVE-2018-6449
+ RESERVED
+CVE-2018-6448
+ RESERVED
+CVE-2018-6447
+ RESERVED
+CVE-2018-6446
+ RESERVED
+CVE-2018-6445
+ RESERVED
+CVE-2018-6444
+ RESERVED
+CVE-2018-6443
+ RESERVED
+CVE-2018-6442
+ RESERVED
+CVE-2018-6441
+ RESERVED
+CVE-2018-6440
+ RESERVED
+CVE-2018-6439
+ RESERVED
+CVE-2018-6438
+ RESERVED
+CVE-2018-6437
+ RESERVED
+CVE-2018-6436
+ RESERVED
+CVE-2018-6435
+ RESERVED
+CVE-2018-6434
+ RESERVED
+CVE-2018-6433
+ RESERVED
+CVE-2018-6432
+ RESERVED
+CVE-2018-6431
+ RESERVED
+CVE-2018-6430
+ RESERVED
+CVE-2018-6429
+ RESERVED
+CVE-2018-6428
+ RESERVED
+CVE-2018-6427
+ RESERVED
+CVE-2018-6426
+ RESERVED
+CVE-2018-6425
+ RESERVED
+CVE-2018-6424
+ RESERVED
+CVE-2018-6423
+ RESERVED
+CVE-2018-6422
+ RESERVED
+CVE-2018-6421
+ RESERVED
+CVE-2018-6420
+ RESERVED
+CVE-2018-6419
+ RESERVED
+CVE-2018-6418
+ RESERVED
+CVE-2018-6417
+ RESERVED
+CVE-2018-6416
+ RESERVED
+CVE-2018-6415
+ RESERVED
+CVE-2018-6414
+ RESERVED
+CVE-2018-6413
+ RESERVED
CVE-2018-6412 (In the function sbusfb_ioctl_helper() in
drivers/video/fbdev/sbuslib.c ...)
- linux <unfixed>
NOTE: https://marc.info/?l=linux-fbdev&m=151734425901499&w=2
@@ -62,8 +198,8 @@ CVE-2018-6386
RESERVED
CVE-2018-6385
RESERVED
-CVE-2018-6384
- RESERVED
+CVE-2018-6384 (Unquoted Windows search path vulnerability in NSClient++ before
...)
+ TODO: check
CVE-2018-6383 (Monstra CMS through 3.0.4 has an incomplete "forbidden
types" list that ...)
NOT-FOR-US: Monstra CMS
CVE-2018-6382 (MantisBT 2.10.0 allows local users to conduct SQL Injection
attacks via ...)
@@ -1116,8 +1252,7 @@ CVE-2018-1000007 (libcurl 7.1 through 7.57.0 might
accidentally leak authenticat
- curl 7.58.0-1
NOTE: https://curl.haxx.se/docs/adv_2018-b3bf.html
NOTE: Patch: https://github.com/curl/curl/commit/af32cd3859336ab.patch
-CVE-2018-5996 [Memory Corruptions via RAR PPMd]
- RESERVED
+CVE-2018-5996 (Insufficient exception handling in the method ...)
- p7zip-rar 16.02-2 (bug #888314)
[stretch] - p7zip-rar <no-dsa> (Non-free not supported)
[jessie] - p7zip-rar <no-dsa> (Non-free not supported)
@@ -1604,8 +1739,7 @@ CVE-2018-5774
RESERVED
CVE-2018-5773 (An issue was discovered in markdown2 (aka python-markdown2)
through ...)
NOT-FOR-US: python-markdown2 (not our markdown, different code base)
-CVE-2017-18043 [integer overflow in ROUND_UP macro could result in DoS]
- RESERVED
+CVE-2017-18043 (Integer overflow in the macro ROUND_UP (n, d) in Quick
Emulator (Qemu) ...)
- qemu 1:2.10.0+dfsg-2
[stretch] - qemu <postponed> (Can be fixed along in a future DSA)
[jessie] - qemu <postponed> (Can be fixed along in a future DSA)
@@ -1875,8 +2009,8 @@ CVE-2018-5703 (The tcp_v6_syn_recv_sock function in
net/ipv6/tcp_ipv6.c in the L
NOTE: https://lkml.org/lkml/2018/1/16/53
CVE-2017-18032 (The download-manager plugin before 2.9.52 for WordPress has
XSS via the ...)
NOT-FOR-US: download-manager plugin for WordPress
-CVE-2018-5701
- RESERVED
+CVE-2018-5701 (In Iolo System Shield AntiVirus and AntiSpyware 5.0.0.136, the
amp.sys ...)
+ TODO: check
CVE-2018-5700 (Winmail Server through 6.2 allows remote code execution by ...)
NOT-FOR-US: Winmail Server
CVE-2018-5699
@@ -2670,8 +2804,7 @@ CVE-2018-5346
RESERVED
CVE-2018-1000004 (In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier
versions a ...)
- linux <unfixed>
-CVE-2018-1000001 [Libc Realpath Buffer Underflow]
- RESERVED
+CVE-2018-1000001 (In glibc 2.26 and earlier there is confusion in the usage of
getcwd() ...)
- glibc 2.26-4 (bug #887001)
[stretch] - glibc <postponed> (Minor issue, can be fixed along in next
DSA or preferably point release)
[jessie] - glibc <postponed> (Minor issue, can be fixed along in next
DSA or preferably point release)
@@ -6855,8 +6988,7 @@ CVE-2017-17948 (Cells Blog 3.5 has XSS via the jfdname
parameter in an act=showp
NOT-FOR-US: Cells Blog
CVE-2017-17947 (A cross site scripting issue has been found in custompage.cgi
in Pulse ...)
NOT-FOR-US: Pulse Secure Pulse Connect Secure
-CVE-2017-1000411
- RESERVED
+CVE-2017-1000411 (OpenFlow Plugin and OpenDayLight Controller versions
Nitrogen, Carbon, ...)
NOT-FOR-US: OpenDayLight
CVE-2017-17946 (A buffer overflow in Handy Password 4.9.3 allows remote
attackers to ...)
NOT-FOR-US: Handy Password
@@ -16606,8 +16738,8 @@ CVE-2018-0138
RESERVED
CVE-2018-0137
RESERVED
-CVE-2018-0136
- RESERVED
+CVE-2018-0136 (A vulnerability in the IPv6 subsystem of Cisco IOS XR Software
Release ...)
+ TODO: check
CVE-2018-0135
RESERVED
CVE-2018-0134
@@ -16810,8 +16942,8 @@ CVE-2017-16947
RESERVED
CVE-2017-16946 (The admin_edit function in app/Controller/UsersController.php
in MISP ...)
NOT-FOR-US: MISP
-CVE-2017-16945
- RESERVED
+CVE-2017-16945 (The standardrestorer binary in Arq 5.10 and earlier for Mac
allows ...)
+ TODO: check
CVE-2017-16942 (In libsndfile 1.0.25 (fixed in 1.0.26), a divide-by-zero error
exists ...)
- libsndfile 1.0.27-1
[jessie] - libsndfile <no-dsa> (Minor issue)
@@ -16891,8 +17023,8 @@ CVE-2017-16930 (The remote management interface on the
Claymore Dual GPU miner 1
NOT-FOR-US: Claymore's Dual Ethereum+Decred AMD+NVIDIA GPU Miner
CVE-2017-16929 (The remote management interface on the Claymore Dual GPU miner
10.1 is ...)
NOT-FOR-US: Claymore's Dual Ethereum+Decred AMD+NVIDIA GPU Miner
-CVE-2017-16928
- RESERVED
+CVE-2017-16928 (The arq_updater binary in Arq 5.10 and earlier for Mac allows
local ...)
+ TODO: check
CVE-2017-16927 (The scp_v0s_accept function in sesman/libscp/libscp_v0.c in
the session ...)
{DLA-1203-1}
- xrdp 0.9.4-3 (bug #882463)
@@ -17523,8 +17655,8 @@ CVE-2017-16860
RESERVED
CVE-2017-16859
RESERVED
-CVE-2017-16858
- RESERVED
+CVE-2017-16858 (The 'crowd-application' plugin module (notably used by the
Google Apps ...)
+ TODO: check
CVE-2017-16857 (It is possible to bypass the bitbucket auto-unapprove plugin
via ...)
NOT-FOR-US: Atlassian
CVE-2017-16856 (The RSS Feed macro in Atlassian Confluence before version
6.5.2 allows ...)
@@ -20785,8 +20917,8 @@ CVE-2017-15708 (In Apache Synapse, by default no
authentication is required for
NOT-FOR-US: Apache Synapse
CVE-2017-15707 (In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an
outdated ...)
- libstruts1.2-java <not-affected> (Specific to 2.x)
-CVE-2017-15706
- RESERVED
+CVE-2017-15706 (As part of the fix for bug 61201, the documentation for Apache
Tomcat ...)
+ TODO: check
CVE-2017-15705
RESERVED
CVE-2017-15704
@@ -20802,8 +20934,8 @@ CVE-2017-15700 (A flaw in the
org.apache.sling.auth.core.AuthUtil#isRedirectVali
CVE-2017-15699
RESERVED
TODO: check, this is possibly specific to AMQ Interconnect as used by
Red Hat JBoss, although based on Apache Qpid project
-CVE-2017-15698
- RESERVED
+CVE-2017-15698 (When parsing the AIA-Extension field of a client certificate,
Apache ...)
+ TODO: check
CVE-2017-15697 (A malicious X-ProxyContextPath or X-Forwarded-Context header
...)
NOT-FOR-US: Apache NiFi
CVE-2017-15696
@@ -20910,14 +21042,14 @@ CVE-2017-15658
RESERVED
CVE-2017-15657
RESERVED
-CVE-2017-15656
- RESERVED
-CVE-2017-15655
- RESERVED
-CVE-2017-15654
- RESERVED
-CVE-2017-15653
- RESERVED
+CVE-2017-15656 (Password are stored in plaintext in nvram in the HTTPd server
in all ...)
+ TODO: check
+CVE-2017-15655 (Multiple buffer overflow vulnerabilities exist in the HTTPd
server in ...)
+ TODO: check
+CVE-2017-15654 (Highly predictable session tokens in the HTTPd server in all
current ...)
+ TODO: check
+CVE-2017-15653 (Improper administrator IP validation after his login in the
HTTPd ...)
+ TODO: check
CVE-2017-15652
RESERVED
CVE-2017-15651 (PRTG Network Monitor 17.3.33.2830 allows remote authenticated
...)
@@ -41244,8 +41376,8 @@ CVE-2017-8918 (XXE in Dive Assistant - Template Builder
in Blackwave Dive Assist
NOT-FOR-US: Dive Assistant
CVE-2017-8917 (SQL injection vulnerability in Joomla! 3.7.x before 3.7.1
allows ...)
NOT-FOR-US: Joomla
-CVE-2017-8916
- RESERVED
+CVE-2017-8916 (In Center for Internet Security CIS-CAT Pro Dashboard before
1.0.4, an ...)
+ TODO: check
CVE-2017-8915 (sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote
attackers ...)
NOT-FOR-US: SAP
CVE-2017-8914 (sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote
attackers ...)
@@ -62956,8 +63088,8 @@ CVE-2017-1775
RESERVED
CVE-2017-1774
RESERVED
-CVE-2017-1773
- RESERVED
+CVE-2017-1773 (IBM DataPower Gateways 7.1, 7,2, 7.5, and 7.6 could allow an
attacker ...)
+ TODO: check
CVE-2017-1772
RESERVED
CVE-2017-1771
@@ -64036,8 +64168,8 @@ CVE-2017-1235 (IBM WebSphere MQ 8.0 could allow an
authenticated user to cause a
NOT-FOR-US: IBM
CVE-2017-1234 (IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting.
This ...)
NOT-FOR-US: IBM
-CVE-2017-1233
- RESERVED
+CVE-2017-1233 (IBM Remote Control v9 could allow a local user to use the
component to ...)
+ TODO: check
CVE-2017-1232 (IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5)
...)
NOT-FOR-US: IBM Tivoli Endpoint Manager
CVE-2017-1231
@@ -87843,11 +87975,13 @@ CVE-2016-3122
CVE-2016-3121
RESERVED
CVE-2016-3120 (The validate_as_request function in kdc_util.c in the Key
Distribution ...)
+ {DLA-1265-1}
- krb5 1.14.3+dfsg-1 (bug #832572)
[jessie] - krb5 1.12.1+dfsg-19+deb8u3
NOTE:
https://github.com/krb5/krb5/commit/93b4a6306a0026cf1cc31ac4bd8a49ba5d034ba7
NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8458
CVE-2016-3119 (The process_db_args function in ...)
+ {DLA-1265-1}
- krb5 1.14.2+dfsg-1 (bug #819468)
[jessie] - krb5 1.12.1+dfsg-19+deb8u3
NOTE:
https://github.com/krb5/krb5/commit/08c642c09c38a9c6454ab43a9b53b2a89b9eef99
@@ -134460,6 +134594,7 @@ CVE-2014-5358
CVE-2014-5357
RESERVED
CVE-2014-5355 (MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects
that a ...)
+ {DLA-1265-1}
- krb5 1.12.1+dfsg-18 (bug #778647)
[squeeze] - krb5 <no-dsa> (Minor issue)
NOTE: Upstream commit:
https://github.com/krb5/krb5/commit/102bb6ebf20f9174130c85c3b052ae104e5073ec
@@ -134469,6 +134604,7 @@ CVE-2014-5354
(plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5
[squeeze] - krb5 <not-affected> (do not expose a way for principal
entries to have no long-term key material)
NOTE: Upstream commit:
https://github.com/krb5/krb5/commit/04038bf3633c4b909b5ded3072dc88c8c419bf16
CVE-2014-5353 (The krb5_ldap_get_password_policy_from_dn function in ...)
+ {DLA-1265-1}
- krb5 1.12.1+dfsg-16 (bug #773226)
[squeeze] - krb5 <no-dsa> (Minor issue, needs elevated privileges to
trigger crash)
NOTE: Upstream commit:
https://github.com/krb5/krb5/commit/d1f707024f1d0af6e54a18885322d70fa15ec4d3
@@ -134476,6 +134612,7 @@ CVE-2014-5352 (The krb5_gss_process_context_token
function in ...)
{DSA-3153-1 DLA-146-1}
- krb5 1.12.1+dfsg-17
CVE-2014-5351 (The kadm5_randkey_principal_3 function in ...)
+ {DLA-1265-1}
- krb5 1.12.1+dfsg-10 (bug #762479)
[squeeze] - krb5 <no-dsa> (Minor issue)
NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8018
@@ -144713,11 +144850,9 @@ CVE-2014-1634
RESERVED
CVE-2014-1633
RESERVED
-CVE-2014-1632
- RESERVED
+CVE-2014-1632 (htdocs/setup/index.php in Eventum before 2.3.5 allows remote
attackers ...)
NOT-FOR-US: Eventum
-CVE-2014-1631
- RESERVED
+CVE-2014-1631 (Eventum before 2.3.5 allows remote attackers to reinstall the
...)
NOT-FOR-US: Eventum
CVE-2014-1630
RESERVED
@@ -165093,6 +165228,7 @@ CVE-2013-1420
CVE-2013-1419
RESERVED
CVE-2013-1418 (The setup_server_realm function in main.c in the Key
Distribution ...)
+ {DLA-1265-1}
- krb5 1.11.3+dfsg-3+nmu1 (low; bug #728845)
[squeeze] - krb5 <no-dsa> (Minor issue)
NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=7757
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a83985ce70341268b0eba21619acf04863efc926
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a83985ce70341268b0eba21619acf04863efc926
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
