Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
104fb8a2 by security tracker role at 2018-02-14T21:10:24+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,4 +1,192 @@
-CVE-2018-7032 [webcheckout: missing URL sanitization]
+CVE-2018-7049
+       RESERVED
+CVE-2018-7048
+       RESERVED
+CVE-2018-7047
+       RESERVED
+CVE-2018-7046
+       RESERVED
+CVE-2018-7045
+       RESERVED
+CVE-2018-7044
+       RESERVED
+CVE-2018-7043
+       RESERVED
+CVE-2018-7042
+       RESERVED
+CVE-2018-7041
+       RESERVED
+CVE-2018-7040
+       RESERVED
+CVE-2018-7039 (CCN-lite 2.0.0 Beta allows remote attackers to cause a denial 
of ...)
+       TODO: check
+CVE-2018-7038
+       RESERVED
+CVE-2018-7037
+       RESERVED
+CVE-2018-7036
+       RESERVED
+CVE-2018-7035
+       RESERVED
+CVE-2018-7034 (TRENDnet TEW-751DR v1.03B03, TEW-752DRU v1.03B01, and TEW733GR 
v1.03B01 ...)
+       TODO: check
+CVE-2018-7033
+       RESERVED
+CVE-2018-7031
+       RESERVED
+CVE-2018-7030
+       RESERVED
+CVE-2018-7029
+       RESERVED
+CVE-2018-7028
+       RESERVED
+CVE-2018-7027
+       RESERVED
+CVE-2018-7026
+       RESERVED
+CVE-2018-7025
+       RESERVED
+CVE-2018-7024
+       RESERVED
+CVE-2018-7023
+       RESERVED
+CVE-2018-7022
+       RESERVED
+CVE-2018-7021
+       RESERVED
+CVE-2018-7020
+       RESERVED
+CVE-2018-7019
+       RESERVED
+CVE-2018-7018
+       RESERVED
+CVE-2018-7017
+       RESERVED
+CVE-2018-7016
+       RESERVED
+CVE-2018-7015
+       RESERVED
+CVE-2018-7014
+       RESERVED
+CVE-2018-7013
+       RESERVED
+CVE-2018-7012
+       RESERVED
+CVE-2018-7011
+       RESERVED
+CVE-2018-7010
+       RESERVED
+CVE-2018-7009
+       RESERVED
+CVE-2018-7008
+       RESERVED
+CVE-2018-7007
+       RESERVED
+CVE-2018-7006
+       RESERVED
+CVE-2018-7005
+       RESERVED
+CVE-2018-7004
+       RESERVED
+CVE-2018-7003
+       RESERVED
+CVE-2018-7002
+       RESERVED
+CVE-2018-7001
+       RESERVED
+CVE-2018-7000
+       RESERVED
+CVE-2018-6999
+       RESERVED
+CVE-2018-6998
+       RESERVED
+CVE-2018-6997
+       RESERVED
+CVE-2018-6996
+       RESERVED
+CVE-2018-6995
+       RESERVED
+CVE-2018-6994
+       RESERVED
+CVE-2018-6993
+       RESERVED
+CVE-2018-6992
+       RESERVED
+CVE-2018-6991
+       RESERVED
+CVE-2018-6990
+       RESERVED
+CVE-2018-6989
+       RESERVED
+CVE-2018-6988
+       RESERVED
+CVE-2018-6987
+       RESERVED
+CVE-2018-6986
+       RESERVED
+CVE-2018-6985
+       RESERVED
+CVE-2018-6984
+       RESERVED
+CVE-2018-6983
+       RESERVED
+CVE-2018-6982
+       RESERVED
+CVE-2018-6981
+       RESERVED
+CVE-2018-6980
+       RESERVED
+CVE-2018-6979
+       RESERVED
+CVE-2018-6978
+       RESERVED
+CVE-2018-6977
+       RESERVED
+CVE-2018-6976
+       RESERVED
+CVE-2018-6975
+       RESERVED
+CVE-2018-6974
+       RESERVED
+CVE-2018-6973
+       RESERVED
+CVE-2018-6972
+       RESERVED
+CVE-2018-6971
+       RESERVED
+CVE-2018-6970
+       RESERVED
+CVE-2018-6969
+       RESERVED
+CVE-2018-6968
+       RESERVED
+CVE-2018-6967
+       RESERVED
+CVE-2018-6966
+       RESERVED
+CVE-2018-6965
+       RESERVED
+CVE-2018-6964
+       RESERVED
+CVE-2018-6963
+       RESERVED
+CVE-2018-6962
+       RESERVED
+CVE-2018-6961
+       RESERVED
+CVE-2018-6960
+       RESERVED
+CVE-2018-6959
+       RESERVED
+CVE-2018-6958
+       RESERVED
+CVE-2018-6957
+       RESERVED
+CVE-2017-18188 (OpenRC opentmpfiles through 0.1.3, when the 
fs.protected_hardlinks ...)
+       TODO: check
+CVE-2017-18187 (In ARM mbed TLS before 2.7.0, there is a bounds-check bypass 
through an ...)
+       TODO: check
+CVE-2018-7032 (webcheckout in myrepos through 1.20171231 does not sanitize 
URLs that ...)
        - myrepos <unfixed> (bug #840014)
        [stretch] - myrepos <no-dsa> (Minor issue)
        [jessie] - myrepos <no-dsa> (Minor issue)
@@ -11915,62 +12103,62 @@ CVE-2018-2398
        RESERVED
 CVE-2018-2397
        RESERVED
-CVE-2018-2396
-       RESERVED
-CVE-2018-2395
-       RESERVED
-CVE-2018-2394
-       RESERVED
-CVE-2018-2393
-       RESERVED
-CVE-2018-2392
-       RESERVED
-CVE-2018-2391
-       RESERVED
-CVE-2018-2390
-       RESERVED
-CVE-2018-2389
-       RESERVED
-CVE-2018-2388
-       RESERVED
-CVE-2018-2387
-       RESERVED
-CVE-2018-2386
-       RESERVED
-CVE-2018-2385
-       RESERVED
-CVE-2018-2384
-       RESERVED
-CVE-2018-2383
-       RESERVED
-CVE-2018-2382
-       RESERVED
-CVE-2018-2381
-       RESERVED
+CVE-2018-2396 (Under certain conditions a malicious user can prevent 
legitimate users ...)
+       TODO: check
+CVE-2018-2395 (Under certain conditions a malicious user may retrieve 
information on ...)
+       TODO: check
+CVE-2018-2394 (Under certain conditions an unauthenticated malicious user can 
prevent ...)
+       TODO: check
+CVE-2018-2393 (Under certain conditions SAP Internet Graphics Server (IGS) 
7.20, ...)
+       TODO: check
+CVE-2018-2392 (Under certain conditions SAP Internet Graphics Server (IGS) 
7.20, ...)
+       TODO: check
+CVE-2018-2391 (Under certain conditions a malicious user can prevent 
legitimate users ...)
+       TODO: check
+CVE-2018-2390 (Under certain conditions a malicious user can prevent 
legitimate users ...)
+       TODO: check
+CVE-2018-2389 (Under certain conditions a malicious user can inject log files 
of SAP ...)
+       TODO: check
+CVE-2018-2388 (Stored cross-site scripting vulnerability in SAP internet 
Graphics ...)
+       TODO: check
+CVE-2018-2387 (A vulnerability in the SAP internet Graphics Server, 7.20, 
7.20EXT, ...)
+       TODO: check
+CVE-2018-2386 (Under certain conditions a malicious user provoking an out of 
bounds ...)
+       TODO: check
+CVE-2018-2385 (Under certain conditions a malicious user provoking a divide by 
zero ...)
+       TODO: check
+CVE-2018-2384 (Under certain conditions a malicious user provoking a Null 
Pointer ...)
+       TODO: check
+CVE-2018-2383 (Reflected cross-site scripting vulnerability in SAP internet 
Graphics ...)
+       TODO: check
+CVE-2018-2382 (A vulnerability in the SAP internet Graphics Server, 7.20, 
7.20EXT, ...)
+       TODO: check
+CVE-2018-2381 (SAP ERP Financials Information System (SAP_APPL 6.00, 6.02, 
6.03, ...)
+       TODO: check
 CVE-2018-2380
        RESERVED
-CVE-2018-2379
-       RESERVED
-CVE-2018-2378
-       RESERVED
-CVE-2018-2377
-       RESERVED
-CVE-2018-2376
-       RESERVED
-CVE-2018-2375
-       RESERVED
-CVE-2018-2374
-       RESERVED
-CVE-2018-2373
-       RESERVED
-CVE-2018-2372
-       RESERVED
-CVE-2018-2371
-       RESERVED
-CVE-2018-2370
-       RESERVED
-CVE-2018-2369
-       RESERVED
+CVE-2018-2379 (In SAP HANA Extended Application Services, 1.0, an 
unauthenticated ...)
+       TODO: check
+CVE-2018-2378 (In SAP HANA Extended Application Services, 1.0, unauthorized 
users can ...)
+       TODO: check
+CVE-2018-2377 (In SAP HANA Extended Application Services, 1.0, some general 
server ...)
+       TODO: check
+CVE-2018-2376 (In SAP HANA Extended Application Services, 1.0, a controller 
user who ...)
+       TODO: check
+CVE-2018-2375 (In SAP HANA Extended Application Services, 1.0, a controller 
user who ...)
+       TODO: check
+CVE-2018-2374 (In SAP HANA Extended Application Services, 1.0, a controller 
user who ...)
+       TODO: check
+CVE-2018-2373 (Under certain circumstances, a specific endpoint of the 
Controller's ...)
+       TODO: check
+CVE-2018-2372 (A plain keystore password is written to a system log file in 
SAP HANA ...)
+       TODO: check
+CVE-2018-2371 (The SAML 2.0 service provider of SAP Netweaver AS Java Web ...)
+       TODO: check
+CVE-2018-2370 (Server Side Request Forgery (SSRF) vulnerability in SAP Central 
...)
+       TODO: check
+CVE-2018-2369 (Under certain conditions SAP HANA, 1.00, 2.00, allows an ...)
+       TODO: check
 CVE-2018-2368
        RESERVED
 CVE-2018-2367
@@ -11979,8 +12167,8 @@ CVE-2018-2366
        RESERVED
 CVE-2018-2365
        RESERVED
-CVE-2018-2364
-       RESERVED
+CVE-2018-2364 (SAP CRM WebClient UI 7.01, 7.31, 7.46, 7.47, 7.48, 8.00, 8.01, 
S4FND ...)
+       TODO: check
 CVE-2018-2363 (SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 
7.30, ...)
        NOT-FOR-US: SAP NetWeaver
 CVE-2018-2362 (A remote unauthenticated attacker, SAP HANA 1.00 and 2.00, 
could send ...)
@@ -14828,8 +15016,7 @@ CVE-2018-1289
        RESERVED
 CVE-2018-1288
        RESERVED
-CVE-2018-1287 [Apache JMeter binds RMI server to wildcard in distributed mode 
(based on RMI)]
-       RESERVED
+CVE-2018-1287 (In Apache JMeter 2.X and 3.X, when using Distributed Test only 
(RMI ...)
        - jakarta-jmeter <unfixed>
        NOTE: http://www.openwall.com/lists/oss-security/2018/02/11/2
        NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=62039
@@ -26250,9 +26437,9 @@ CVE-2017-14525 (Multiple open redirect vulnerabilities 
in OpenText Documentum We
        NOT-FOR-US: OpenText Documentum Webtop
 CVE-2017-14524 (Multiple open redirect vulnerabilities in OpenText Documentum 
...)
        NOT-FOR-US: OpenText Documentum Administrator
-CVE-2017-14523 (WonderCMS 2.3.1 is vulnerable to an HTTP Host header injection 
attack. ...)
+CVE-2017-14523 (** DISPUTED **  ...)
        NOT-FOR-US: WonderCMS
-CVE-2017-14522 (In WonderCMS 2.3.1, the application's input fields accept 
arbitrary ...)
+CVE-2017-14522 (** DISPUTED **  ...)
        NOT-FOR-US: WonderCMS
 CVE-2017-14521 (In WonderCMS 2.3.1, the upload functionality accepts random 
...)
        NOT-FOR-US: WonderCMS
@@ -51819,10 +52006,10 @@ CVE-2017-6232
        RESERVED
 CVE-2017-6231
        RESERVED
-CVE-2017-6230
-       RESERVED
-CVE-2017-6229
-       RESERVED
+CVE-2017-6230 (Ruckus Networks Solo APs firmware releases R110.x or before and 
Ruckus ...)
+       TODO: check
+CVE-2017-6229 (Ruckus Networks Unleashed AP firmware releases before 
200.6.10.1.x and ...)
+       TODO: check
 CVE-2017-6228
        RESERVED
 CVE-2017-6227 (A vulnerability in the IPv6 stack on Brocade Fibre Channel SAN 
...)
@@ -65000,8 +65187,8 @@ CVE-2017-1684
        RESERVED
 CVE-2017-1683 (IBM Connections Engagement Center 6.0 is vulnerable to 
cross-site ...)
        NOT-FOR-US: IBM Connections Engagement Center
-CVE-2017-1682
-       RESERVED
+CVE-2017-1682 (IBM Connections 4.0, 4.5, 5.0, 5.5, and 6.0 is vulnerable to 
...)
+       TODO: check
 CVE-2017-1681 (IBM WebSphere Application Server (IBM Liberty for Java for 
Bluemix ...)
        NOT-FOR-US: IBM WebSphere Application Server
 CVE-2017-1680
@@ -65366,8 +65553,8 @@ CVE-2017-1501 (IBM WebSphere Application Server 8.0, 
8.5, and 9.0 could provide 
        NOT-FOR-US: IBM
 CVE-2017-1500 (A Reflected Cross Site Scripting (XSS) vulnerability exists in 
the ...)
        NOT-FOR-US: IBM
-CVE-2017-1499
-       RESERVED
+CVE-2017-1499 (IBM Maximo Asset Management 7.5 and 7.6 could allow a remote 
attacker ...)
+       TODO: check
 CVE-2017-1498 (IBM Connections 5.5 is vulnerable to cross-site scripting. This 
...)
        NOT-FOR-US: IBM
 CVE-2017-1497 (IBM Sterling File Gateway 2.2 could allow an unauthorized user 
to view ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/104fb8a21e450b4ff7dc5fc69cda98d43fa8a2db

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/104fb8a21e450b4ff7dc5fc69cda98d43fa8a2db
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to