Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
82146cea by security tracker role at 2018-03-07T09:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,13 @@
+CVE-2018-7740 (The resv_map_release function in mm/hugetlb.c in the Linux 
kernel ...)
+       TODO: check
+CVE-2018-7739 (antsle antman before 0.9.1a allows remote attackers to bypass 
...)
+       TODO: check
+CVE-2018-7737 (In Z-BlogPHP 1.5.1.1740, there is Web Site physical path 
leakage, as ...)
+       TODO: check
+CVE-2018-7736 (In Z-BlogPHP 1.5.1.1740, cmd.php has XSS via the 
ZC_BLOG_SUBNAME ...)
+       TODO: check
+CVE-2017-18221 (The __munlock_pagevec function in mm/mlock.c in the Linux 
kernel before ...)
+       TODO: check
 CVE-2018-7735 (Afian FileRun (before 2018.02.13) suffers from a remote SQL 
injection ...)
        NOT-FOR-US: Afian FileRun
 CVE-2018-7734 (Afian FileRun (before 2018.02.13) suffers from a remote SQL 
injection ...)
@@ -42,15 +52,15 @@ CVE-2018-7723 (The management panel in Piwigo 2.9.3 has 
stored XSS via the ...)
        - piwigo <removed>
 CVE-2018-7722 (The management panel in Piwigo 2.9.3 has stored XSS via the 
name ...)
        - piwigo <removed>
-CVE-2018-7721
-       RESERVED
-CVE-2018-7720
-       RESERVED
+CVE-2018-7721 (Cross Site Scripting (XSS) exists in MetInfo 6.0.0 via ...)
+       TODO: check
+CVE-2018-7720 (A cross-site request forgery (CSRF) vulnerability exists in 
Western ...)
+       TODO: check
 CVE-2018-7719
        RESERVED
 CVE-2018-1000100 (GPAC MP4Box version 0.7.1 and earlier contains a Buffer 
Overflow ...)
        TODO: check
-CVE-2018-7738 [code execution in bash-completion for umount]
+CVE-2018-7738 (In util-linux before 2.32-rc1, bash-completion/umount allows 
local ...)
        - bash-completion <unfixed> (unimportant)
        - util-linux 2.31.1-0.5 (bug #892179)
        [jessie] - util-linux <not-affected> (umount completion added later)
@@ -1787,14 +1797,12 @@ CVE-2018-7187 (The &quot;go get&quot; implementation in 
Go 1.9.4, when the -inse
        [jessie] - golang <ignored> (Minor issue)
        NOTE: https://github.com/golang/go/issues/23867
        NOTE: 
https://github.com/golang/go/commit/c941e27e70c3e06e1011d2dd71d72a7a06a9bcbc
-CVE-2018-7185 [Unauthenticated packet can reset authenticated interleaved 
association]
-       RESERVED
+CVE-2018-7185 (The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a 
remote ...)
        - ntp <unfixed>
        NOTE: http://www.kb.cert.org/vuls/id/961909
        NOTE: http://support.ntp.org/bin/view/Main/NtpBug3454
        NOTE: 
http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S
-CVE-2018-7184 [Interleaved symmetric mode cannot recover from bad state]
-       RESERVED
+CVE-2018-7184 (ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before 
updating ...)
        - ntp <unfixed>
        NOTE: http://www.kb.cert.org/vuls/id/961909
        NOTE: http://support.ntp.org/bin/view/Main/NtpBug3453
@@ -1805,8 +1813,7 @@ CVE-2018-7183 [ntpq:decodearr() can write beyond its 
buffer limit]
        NOTE: http://www.kb.cert.org/vuls/id/961909
        NOTE: http://support.ntp.org/bin/view/Main/NtpBug3414
        NOTE: 
http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S
-CVE-2018-7182 [ctl_getitem(): buffer read overrun leads to undefined behavior 
and information leak]
-       RESERVED
+CVE-2018-7182 (The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 
allows ...)
        - ntp <unfixed>
        NOTE: http://www.kb.cert.org/vuls/id/961909
        NOTE: http://support.ntp.org/bin/view/Main/NtpBug3412
@@ -1821,6 +1828,7 @@ CVE-2017-18190 (A localhost.localdomain whitelist entry 
in valid_host() in ...)
        NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1048
        NOTE: 
https://github.com/apple/cups/commit/afa80cb2b457bf8d64f775bed307588610476c41 
(v2.2.2)
 CVE-2018-7186 (Leptonica before 1.75.3 does not limit the number of characters 
in a %s ...)
+       {DLA-1302-1}
        - leptonlib 1.75.3-2 (bug #890548)
        NOTE: 
https://github.com/DanBloomberg/leptonica/commit/ee301cb2029db8a6289c5295daa42bba7715e99a
 CVE-2018-7180 (SQL Injection exists in the Saxum Astro 4.0.14 component for 
Joomla! ...)
@@ -1858,8 +1866,7 @@ CVE-2018-7172 (In index.php in WonderCMS before 2.4.1, 
remote attackers can dele
        NOT-FOR-US: WonderCMS
 CVE-2018-7171
        RESERVED
-CVE-2018-7170 [Multiple authenticated ephemeral associations]
-       RESERVED
+CVE-2018-7170 (nptd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows 
...)
        - ntp <unfixed>
        NOTE: http://www.kb.cert.org/vuls/id/961909
        NOTE: http://support.ntp.org/bin/view/Main/NtpBug3415
@@ -2741,14 +2748,14 @@ CVE-2018-6813
        RESERVED
 CVE-2018-6812
        RESERVED
-CVE-2018-6811
-       RESERVED
-CVE-2018-6810
-       RESERVED
-CVE-2018-6809
-       RESERVED
-CVE-2018-6808
-       RESERVED
+CVE-2018-6811 (Multiple cross-site scripting (XSS) vulnerabilities in Citrix 
...)
+       TODO: check
+CVE-2018-6810 (Directory traversal vulnerability in NetScaler ADC 10.5, 11.0, 
11.1, ...)
+       TODO: check
+CVE-2018-6809 (NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 
10.5, ...)
+       TODO: check
+CVE-2018-6808 (NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 
10.5, ...)
+       TODO: check
 CVE-2018-6807
        RESERVED
 CVE-2018-6806 (Marked 2 through 2.5.11 allows remote attackers to read 
arbitrary files ...)
@@ -3618,14 +3625,14 @@ CVE-2018-6532 (An issue was discovered in Icinga 2.x 
through 2.8.1. By sending .
        NOTE: https://github.com/Icinga/icinga2/pull/6103
 CVE-2018-6531
        RESERVED
-CVE-2018-6530
-       RESERVED
-CVE-2018-6529
-       RESERVED
-CVE-2018-6528
-       RESERVED
-CVE-2018-6527
-       RESERVED
+CVE-2018-6530 (OS command injection vulnerability in soap.cgi (soapcgi_main in 
...)
+       TODO: check
+CVE-2018-6529 (XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in 
D-Link ...)
+       TODO: check
+CVE-2018-6528 (XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in 
D-Link ...)
+       TODO: check
+CVE-2018-6527 (XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php 
in ...)
+       TODO: check
 CVE-2018-6526 (view_all_bug_page.php in MantisBT before 2018-02-02 allows 
remote ...)
        - mantis <removed>
        [wheezy] - mantis <end-of-life> (Not supported in wheezy LTS)
@@ -5067,8 +5074,8 @@ CVE-2018-6021
        RESERVED
 CVE-2018-6020
        RESERVED
-CVE-2018-6019
-       RESERVED
+CVE-2018-6019 (Samsung Display Solutions App before 3.02 for Android allows 
...)
+       TODO: check
 CVE-2018-6018 (Fixed sizes of HTTPS responses in Tinder iOS app and Tinder 
Android ...)
        NOT-FOR-US: Tinder
 CVE-2018-6017 (Unencrypted transmission of images in Tinder iOS app and Tinder 
...)
@@ -5874,12 +5881,10 @@ CVE-2018-1000005 (libcurl 7.49.0 to and including 
7.57.0 contains an out bounds 
        NOTE: Patch: 
https://github.com/curl/curl/commit/fa3dbb9a147488a294.patch
 CVE-2018-5731
        RESERVED
-CVE-2018-5730
-       RESERVED
+CVE-2018-5730 (MIT krb5 1.6 or later allows an authenticated kadmin with 
permission ...)
        - krb5 <unfixed> (bug #891869)
        NOTE: Fixed by: 
https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1
-CVE-2018-5729
-       RESERVED
+CVE-2018-5729 (MIT krb5 1.6 or later allows an authenticated kadmin with 
permission ...)
        - krb5 <unfixed> (bug #891869)
        NOTE: Fixed by: 
https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1
 CVE-2018-5728 (Cobham Sea Tel 121 build 222701 devices allow remote attackers 
to ...)
@@ -6474,28 +6479,28 @@ CVE-2018-5473 (An Improper Restriction of Operations 
within the Bounds of a Memo
        NOT-FOR-US: GE D60 Line Distance Relay devices
 CVE-2018-5472
        RESERVED
-CVE-2018-5471
-       RESERVED
+CVE-2018-5471 (A Cleartext Transmission of Sensitive Information issue was 
discovered ...)
+       TODO: check
 CVE-2018-5470
        RESERVED
-CVE-2018-5469
-       RESERVED
+CVE-2018-5469 (An Improper Restriction of Excessive Authentication Attempts 
issue was ...)
+       TODO: check
 CVE-2018-5468
        RESERVED
-CVE-2018-5467
-       RESERVED
+CVE-2018-5467 (An Information Exposure Through Query Strings in GET Request 
issue was ...)
+       TODO: check
 CVE-2018-5466
        RESERVED
-CVE-2018-5465
-       RESERVED
+CVE-2018-5465 (A Session Fixation issue was discovered in Belden Hirschmann 
RS, RSR, ...)
+       TODO: check
 CVE-2018-5464
        RESERVED
 CVE-2018-5463
        RESERVED
 CVE-2018-5462
        RESERVED
-CVE-2018-5461
-       RESERVED
+CVE-2018-5461 (An Inadequate Encryption Strength issue was discovered in 
Belden ...)
+       TODO: check
 CVE-2018-5460
        RESERVED
 CVE-2018-5459 (An Improper Authentication issue was discovered in WAGO PFC200 
Series ...)
@@ -10210,6 +10215,7 @@ CVE-2017-18196 (Leptonica 1.74.4 constructs unintended 
pathnames (containing dup
        [jessie] - leptonlib <not-affected> (Vulnerable code not present)
        [wheezy] - leptonlib <not-affected> (Vulnerable code not present)
 CVE-2018-7440 (An issue was discovered in Leptonica through 1.75.3. The ...)
+       {DLA-1302-1}
        - leptonlib 1.75.3-3 (bug #891932)
        [stretch] - leptonlib <not-affected> (Incomplete fix for CVE-2018-3836 
not applied)
        [jessie] - leptonlib <not-affected> (Incomplete fix for CVE-2018-3836 
not applied)
@@ -16884,8 +16890,8 @@ CVE-2018-1345
        RESERVED
 CVE-2018-1344
        RESERVED
-CVE-2018-1343
-       RESERVED
+CVE-2018-1343 (PAM exposure enabling unauthenticated access to remote host ...)
+       TODO: check
 CVE-2018-1342 (A Vulnerability exists on Admin Console where an attacker can 
upload ...)
        NOT-FOR-US: NetIQ Access Manager
 CVE-2018-1341
@@ -25534,8 +25540,8 @@ CVE-2017-15521
        REJECTED
 CVE-2017-15520
        REJECTED
-CVE-2017-15519
-       RESERVED
+CVE-2017-15519 (Versions of SnapCenter 2.0 through 3.0.1 allow unauthenticated 
remote ...)
+       TODO: check
 CVE-2017-15518 (All versions of OnCommand API Services prior to 2.1 and NetApp 
Service ...)
        NOT-FOR-US: NetApp
 CVE-2017-15517 (AltaVault OST Plug-in versions prior to 1.2.2 may allow 
attackers to ...)
@@ -37259,10 +37265,10 @@ CVE-2017-11652 (Razer Synapse 2.20.15.1104 and 
earlier uses weak permissions for
        NOT-FOR-US: Razer Synapse
 CVE-2017-11651 (NexusPHP V1.5 has XSS via a javascript: or data: URL in a 
UBBCode url ...)
        NOT-FOR-US: NexusPHP
-CVE-2017-11650
-       RESERVED
-CVE-2017-11649
-       RESERVED
+CVE-2017-11650 (Cross-site scripting (XSS) vulnerability in DrayTek Vigor 
AP910C ...)
+       TODO: check
+CVE-2017-11649 (Cross-site request forgery (CSRF) vulnerability in DrayTek 
Vigor ...)
+       TODO: check
 CVE-2017-11648 (Techroutes TR 1803-3G Wireless Cellular Router/Modem 2.4.25 
devices do ...)
        NOT-FOR-US: Techroutes TR 1803-3G Wireless Cellular Router/Modem 2.4.25 
devices
 CVE-2017-11647 (NetComm Wireless 4GT101W routers with Hardware: 0.01 / 
Software: ...)
@@ -50471,8 +50477,8 @@ CVE-2017-7445
        RESERVED
 CVE-2017-0887 (Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass 
in the ...)
        - nextcloud <itp> (bug #835086)
-CVE-2016-7443
-       RESERVED
+CVE-2016-7443 (Exponent CMS 2.3.0 through 2.3.9 allows remote attackers to 
have ...)
+       TODO: check
 CVE-2015-9019 (In libxslt 1.1.29 and earlier, the EXSLT math.random function 
was not ...)
        - libxslt <unfixed> (unimportant; bug #859796)
        NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=758400
@@ -86285,8 +86291,8 @@ CVE-2016-5180 (Heap-based buffer overflow in the 
ares_create_query function in c
        - c-ares 1.12.0-1 (medium; bug #839151)
        NOTE: https://c-ares.haxx.se/adv_20160929.html
        NOTE: https://c-ares.haxx.se/CVE-2016-5180.patch
-CVE-2016-5179
-       RESERVED
+CVE-2016-5179 (Chrome OS before 53.0.2785.144 allows remote attackers to 
execute ...)
+       TODO: check
 CVE-2016-5178 (Multiple unspecified vulnerabilities in Google Chrome before 
...)
        {DSA-3683-1}
        - chromium-browser 53.0.2785.143-1
@@ -111601,8 +111607,7 @@ CVE-2015-5379 (Cross-site scripting (XSS) 
vulnerability in actions.hsp in the Aj
        NOT-FOR-US: Axigen
 CVE-2015-5378 (Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows 
remote ...)
        - logstash <itp> (bug #664841)
-CVE-2015-5377 [Remote code execution vulnerability]
-       RESERVED
+CVE-2015-5377 (** DISPUTED ** Elasticsearch before 1.6.1 allows remote 
attackers to ...)
        - elasticsearch 1.6.1+dfsg-1 (bug #792617)
        [jessie] - elasticsearch <end-of-life> (No longer supported, see DSA 
3389)
        NOTE: 
https://www.elastic.co/blog/elasticsearch-1-7-0-and-1-6-1-released#security



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/82146cea4a60e23b79ce1c32c1db7767ccdc2ddf

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/82146cea4a60e23b79ce1c32c1db7767ccdc2ddf
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to