Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
84c37613 by security tracker role at 2018-03-01T21:10:25+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,5 +1,23 @@
-CVE-2018-7579
+CVE-2018-7585
        RESERVED
+CVE-2018-7584 (In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 
7.1.14, and ...)
+       TODO: check
+CVE-2018-7583
+       RESERVED
+CVE-2018-7582
+       RESERVED
+CVE-2018-7581
+       RESERVED
+CVE-2018-7580
+       RESERVED
+CVE-2017-18211 (In ImageMagick 7.0.7, a NULL pointer dereference vulnerability 
was ...)
+       TODO: check
+CVE-2017-18210 (In ImageMagick 7.0.7, a NULL pointer dereference vulnerability 
was ...)
+       TODO: check
+CVE-2017-18209 (In the GetOpenCLCachedFilesDirectory function in 
magick/opencl.c in ...)
+       TODO: check
+CVE-2018-7579 (\application\admin\controller\update_urls.class.php in YzmCMS 
3.6 has ...)
+       TODO: check
 CVE-2018-7578
        RESERVED
 CVE-2018-7577
@@ -10,8 +28,8 @@ CVE-2018-7575
        RESERVED
 CVE-2018-7574
        RESERVED
-CVE-2018-7573
-       RESERVED
+CVE-2018-7573 (An issue was discovered in FTPShell Client 6.7. A remote FTP 
server can ...)
+       TODO: check
 CVE-2018-7572
        RESERVED
 CVE-2018-7571
@@ -78,8 +96,8 @@ CVE-2018-7563
        RESERVED
 CVE-2018-7562
        RESERVED
-CVE-2018-7561
-       RESERVED
+CVE-2018-7561 (Stack-based Buffer Overflow in httpd on Tenda AC9 devices ...)
+       TODO: check
 CVE-2018-7560
        RESERVED
 CVE-2018-7559
@@ -106,8 +124,7 @@ CVE-2018-7552 (There is an invalid free in 
Mapping::DoubleHash::clear in mapping
 CVE-2018-7551 (There is an invalid free in MiniPS::delete0 in minips.cpp that 
leads to ...)
        - sam2p <removed>
        NOTE: https://github.com/pts/sam2p/issues/28
-CVE-2018-7550 [i386: multiboot OOB access while loading kernel image]
-       RESERVED
+CVE-2018-7550 (The load_multiboot function in hw/i386/multiboot.c in Quick 
Emulator ...)
        - qemu <unfixed>
        - qemu-kvm <removed>
        NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2018-02/msg06890.html
@@ -1645,12 +1662,12 @@ CVE-2017-18189 (In the startread function in xa.c in 
Sound eXchange (SoX) throug
        [stretch] - sox <no-dsa> (Minor issue)
        [jessie] - sox <no-dsa> (Minor issue)
        NOTE: 
https://public-inbox.org/sox-devel/20171109114554.16297-1-m...@mansr.com/raw
-CVE-2018-7049
-       RESERVED
-CVE-2018-7048
-       RESERVED
-CVE-2018-7047
-       RESERVED
+CVE-2018-7049 (An issue was discovered in Wowza Streaming Engine before 4.7.1. 
There ...)
+       TODO: check
+CVE-2018-7048 (An issue was discovered in Wowza Streaming Engine before 4.7.1. 
There ...)
+       TODO: check
+CVE-2018-7047 (An issue was discovered in the MBeans Server in Wowza Streaming 
Engine ...)
+       TODO: check
 CVE-2018-7046 (** DISPUTED ** Arbitrary code execution vulnerability in 
Kentico 9 ...)
        NOT-FOR-US: Kentico
 CVE-2018-7045
@@ -5917,10 +5934,10 @@ CVE-2018-5503
        RESERVED
 CVE-2018-5502
        RESERVED
-CVE-2018-5501
-       RESERVED
-CVE-2018-5500
-       RESERVED
+CVE-2018-5501 (In some circumstances, on F5 BIG-IP systems running 13.0.0, 
12.1.0 - ...)
+       TODO: check
+CVE-2018-5500 (On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 
11.6.1 - ...)
+       TODO: check
 CVE-2018-5499
        RESERVED
 CVE-2018-5498
@@ -6384,8 +6401,8 @@ CVE-2018-5316 (The &quot;SagePay Server Gateway for 
WooCommerce&quot; plugin bef
        NOT-FOR-US: "SagePay Server Gateway for WooCommerce" plugin for 
WordPress
 CVE-2018-5315 (The Wachipi WP Events Calendar plugin 1.0 for WordPress has SQL 
...)
        NOT-FOR-US: Wachipi WP Events Calendar plugin for WordPress
-CVE-2018-5314
-       RESERVED
+CVE-2018-5314 (Command injection vulnerability in Citrix NetScaler ADC and 
NetScaler ...)
+       TODO: check
 CVE-2017-1000465 (Sulu-standard version 1.6.6 is vulnerable to stored 
cross-site ...)
        NOT-FOR-US: Sulu-standard
 CVE-2017-1000429 (rui Li finecms 5.0.10 is vulnerable to a reflected XSS in 
the file ...)
@@ -13902,8 +13919,8 @@ CVE-2018-2382 (A vulnerability in the SAP internet 
Graphics Server, 7.20, 7.20EX
        NOT-FOR-US: SAP internet Graphics Server
 CVE-2018-2381 (SAP ERP Financials Information System (SAP_APPL 6.00, 6.02, 
6.03, ...)
        NOT-FOR-US: SAP ERP Financials Information System
-CVE-2018-2380
-       RESERVED
+CVE-2018-2380 (SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker 
to ...)
+       TODO: check
 CVE-2018-2379 (In SAP HANA Extended Application Services, 1.0, an 
unauthenticated ...)
        NOT-FOR-US: SAP HANA Extended Application Services
 CVE-2018-2378 (In SAP HANA Extended Application Services, 1.0, unauthorized 
users can ...)
@@ -13926,14 +13943,14 @@ CVE-2018-2370 (Server Side Request Forgery (SSRF) 
vulnerability in SAP Central .
        NOT-FOR-US: SAP Central Management Console
 CVE-2018-2369 (Under certain conditions SAP HANA, 1.00, 2.00, allows an ...)
        NOT-FOR-US: SAP HANA
-CVE-2018-2368
-       RESERVED
-CVE-2018-2367
-       RESERVED
+CVE-2018-2368 (SAP NetWeaver System Landscape Directory, LM-CORE 7.10, 7.20, 
7.30, ...)
+       TODO: check
+CVE-2018-2367 (ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 
to ...)
+       TODO: check
 CVE-2018-2366
        RESERVED
-CVE-2018-2365
-       RESERVED
+CVE-2018-2365 (SAP NetWeaver Portal, WebDynpro Java, 7.30, 7.31, 7.40, 7.50, 
does not ...)
+       TODO: check
 CVE-2018-2364 (SAP CRM WebClient UI 7.01, 7.31, 7.46, 7.47, 7.48, 8.00, 8.01, 
S4FND ...)
        NOT-FOR-US: SAP
 CVE-2018-2363 (SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 
7.30, ...)
@@ -27423,8 +27440,7 @@ CVE-2017-14806
        RESERVED
 CVE-2017-14805
        RESERVED
-CVE-2017-14804 [build: Exploit extractbuild to write to files in the host 
system]
-       RESERVED
+CVE-2017-14804 (The build package before 20171128 did not check directory 
names during ...)
        - obs-build <unfixed> (bug #887306)
        [stretch] - obs-build <no-dsa> (Minor issue)
        [jessie] - obs-build <no-dsa> (Minor issue)
@@ -27435,12 +27451,12 @@ CVE-2017-14802
        RESERVED
 CVE-2017-14801
        RESERVED
-CVE-2017-14800
-       RESERVED
-CVE-2017-14799
-       RESERVED
-CVE-2017-14798
-       RESERVED
+CVE-2017-14800 (A reflected cross site scripting attack in the NetIQ Access 
Manager ...)
+       TODO: check
+CVE-2017-14799 (A cross site scripting attack in handling the ESP login 
parameter ...)
+       TODO: check
+CVE-2017-14798 (A race condition in the postgresql init script could be used 
by ...)
+       TODO: check
 CVE-2017-14797 (Lack of Transport Encryption in the public API in Philips Hue 
Bridge ...)
        NOT-FOR-US: Philips Hue
 CVE-2017-14796 (The hevc_write_frame function in libbpg.c in libbpg 0.9.7 
allows remote ...)
@@ -34046,8 +34062,7 @@ CVE-2017-12629 (Remote code execution occurs in Apache 
Solr before 7.1 with Apac
        NOTE: Patch disallowing XXE: 
https://github.com/apache/lucene-solr/commit/926cc4d65b6d2cc40ff07f76d50ddeda947e3cc4
 CVE-2017-12628 (The JMX server embedded in Apache James, also used by the 
command line ...)
        NOT-FOR-US: Apache James
-CVE-2017-12627 [Apache Xerces-C DTD vulnerability processing external paths]
-       RESERVED
+CVE-2017-12627 (In Apache Xerces-C XML Parser library before 3.2.1, processing 
of ...)
        - xerces-c <unfixed>
        NOTE: https://svn.apache.org/viewvc?view=revision&revision=1819998
        NOTE: https://xerces.apache.org/xerces-c/secadv/CVE-2017-12627.txt
@@ -43858,8 +43873,8 @@ CVE-2017-9289 (Bram Korsten Note through 1.2.0 is 
vulnerable to a reflected XSS 
        NOT-FOR-US: Bram Korsten Note
 CVE-2017-9288 (The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a 
reflected ...)
        NOT-FOR-US: Wordpress plugin
-CVE-2017-9286
-       RESERVED
+CVE-2017-9286 (The packaging of NextCloud in openSUSE used /srv/www/htdocs in 
an ...)
+       TODO: check
 CVE-2017-9285
        RESERVED
 CVE-2017-9284
@@ -43882,8 +43897,7 @@ CVE-2017-9276
        RESERVED
 CVE-2017-9275
        RESERVED
-CVE-2017-9274 [osc executes spec code during "osc commit"]
-       RESERVED
+CVE-2017-9274 (A shell command injection in the obs-service-source_validator 
before ...)
        - osc 0.162.1-1 (bug #887391)
        [stretch] - osc <no-dsa> (Minor issue)
        [jessie] - osc <no-dsa> (Minor issue)
@@ -43896,14 +43910,14 @@ CVE-2017-9273 (The Bi-directional driver in IDM 4.5 
before 4.0.3.0 could be ...)
        NOT-FOR-US: IDM
 CVE-2017-9272 (The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be 
...)
        NOT-FOR-US: IDM
-CVE-2017-9271
-       RESERVED
-CVE-2017-9270
-       RESERVED
-CVE-2017-9269
-       RESERVED
-CVE-2017-9268
-       RESERVED
+CVE-2017-9271 (The commandline package update tool zypper writes HTTP proxy 
...)
+       TODO: check
+CVE-2017-9270 (In cryptctl before version 2.0 a malicious server could send 
RPC ...)
+       TODO: check
+CVE-2017-9269 (In libzypp before August 2018 GPG keys attached to YUM 
repositories ...)
+       TODO: check
+CVE-2017-9268 (In the open build service before 201707022 the wipetrigger and 
rebuild ...)
+       TODO: check
 CVE-2017-9267
        RESERVED
 CVE-2016-10379 (The VirtueMart com_virtuemart component 3.0.14 for Joomla! 
allows SQL ...)
@@ -49897,10 +49911,10 @@ CVE-2017-7438
        RESERVED
 CVE-2017-7437
        RESERVED
-CVE-2017-7436
-       RESERVED
-CVE-2017-7435
-       RESERVED
+CVE-2017-7436 (In libzypp before 20170803 it was possible to retrieve unsigned 
...)
+       TODO: check
+CVE-2017-7435 (In libzypp before 20170803 it was possible to add unsigned YUM 
...)
+       TODO: check
 CVE-2017-7434
        RESERVED
 CVE-2017-7433 (An absolute path traversal vulnerability (CWE-36) in Micro 
Focus Vibe ...)
@@ -49917,8 +49931,8 @@ CVE-2017-7428 (NetIQ iManager 3.x before 3.0.3.1 has an 
issue in the renegotiati
        NOT-FOR-US: NetIQ iManager
 CVE-2017-7427
        RESERVED
-CVE-2017-7426
-       RESERVED
+CVE-2017-7426 (The NetIQ Identity Manager Plugins before 4.6.1 contained 
various XML ...)
+       TODO: check
 CVE-2017-7425 (Multiple potential reflected XSS issues exist in NetIQ iManager 
...)
        NOT-FOR-US: NetIQ
 CVE-2017-7424 (A Path Traversal (CWE-22) vulnerability in esfadmingui in Micro 
Focus ...)
@@ -53955,16 +53969,16 @@ CVE-2017-6156
        RESERVED
 CVE-2017-6155
        RESERVED
-CVE-2017-6154
-       RESERVED
+CVE-2017-6154 (On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 
11.6.1 - ...)
+       TODO: check
 CVE-2017-6153
        RESERVED
 CVE-2017-6152
        RESERVED
 CVE-2017-6151 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge 
Gateway, ...)
        NOT-FOR-US: F5 BIG-IP
-CVE-2017-6150
-       RESERVED
+CVE-2017-6150 (Under certain conditions for F5 BIG-IP systems 13.0.0 or 12.1.0 
- ...)
+       TODO: check
 CVE-2017-6149
        RESERVED
 CVE-2017-6148
@@ -57491,8 +57505,8 @@ CVE-2017-5190 (NetIQ Access Manager 4.2 before SP3 HF1 
and 4.3 before SP1 HF1, w
        NOT-FOR-US: NetIQ Access Manager
 CVE-2017-5189
        RESERVED
-CVE-2017-5188
-       RESERVED
+CVE-2017-5188 (The bs_worker code in open build service before 20170320 
followed ...)
+       TODO: check
 CVE-2017-5187 (A Cross-Site Request Forgery (CWE-352) vulnerability in 
Directory ...)
        NOT-FOR-US: Micro Focus
 CVE-2017-5186 (Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x 
before ...)
@@ -84437,7 +84451,7 @@ CVE-2016-5696 (net/ipv4/tcp_input.c in the Linux kernel 
before 4.7 does not prop
        NOTE: Fixed by: 
https://github.com/torvalds/linux/commit/75ff39ccc1bd5d3c455b6822ab09e533c551f758
 CVE-2016-5389
        REJECTED
-CVE-2016-5388 (Apache Tomcat through 8.5.4, when the CGI Servlet is enabled, 
follows ...)
+CVE-2016-5388 (Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when 
the CGI ...)
        - tomcat9 <itp> (bug #802312)
        - tomcat8 8.0.37-1 (unimportant)
        - tomcat7 7.0.72-1 (unimportant)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/84c376139570f5ed0b046b5eaa208c72f3e48b85

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/84c376139570f5ed0b046b5eaa208c72f3e48b85
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to