Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 65e99cea by security tracker role at 2018-03-09T21:10:22+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,4 +1,226 @@ -CVE-2018-7995 [x86/MCE: kernel panic when check_interval is changed] +CVE-2018-8002 (In PoDoFo 0.9.5, there exists an infinite loop vulnerability in ...) + TODO: check +CVE-2018-8001 (In PoDoFo 0.9.5, there exists a heap-based buffer over-read ...) + TODO: check +CVE-2018-8000 (In PoDoFo 0.9.5, there exists a heap-based buffer overflow ...) + TODO: check +CVE-2018-7999 (In libgraphite2 in graphite2 1.3.11, a NULL pointer dereference ...) + TODO: check +CVE-2018-7998 (In libvips before 8.6.3, a NULL function pointer dereference ...) + TODO: check +CVE-2018-7997 (Eramba e1.0.6.033 has Reflected XSS on the Error page of the CSV file ...) + TODO: check +CVE-2018-7996 (Eramba e1.0.6.033 has Stored XSS on the tooltip box via the ...) + TODO: check +CVE-2018-7994 + RESERVED +CVE-2018-7993 + RESERVED +CVE-2018-7992 + RESERVED +CVE-2018-7991 + RESERVED +CVE-2018-7990 + RESERVED +CVE-2018-7989 + RESERVED +CVE-2018-7988 + RESERVED +CVE-2018-7987 + RESERVED +CVE-2018-7986 + RESERVED +CVE-2018-7985 + RESERVED +CVE-2018-7984 + RESERVED +CVE-2018-7983 + RESERVED +CVE-2018-7982 + RESERVED +CVE-2018-7981 + RESERVED +CVE-2018-7980 + RESERVED +CVE-2018-7979 + RESERVED +CVE-2018-7978 + RESERVED +CVE-2018-7977 + RESERVED +CVE-2018-7976 + RESERVED +CVE-2018-7975 + RESERVED +CVE-2018-7974 + RESERVED +CVE-2018-7973 + RESERVED +CVE-2018-7972 + RESERVED +CVE-2018-7971 + RESERVED +CVE-2018-7970 + RESERVED +CVE-2018-7969 + RESERVED +CVE-2018-7968 + RESERVED +CVE-2018-7967 + RESERVED +CVE-2018-7966 + RESERVED +CVE-2018-7965 + RESERVED +CVE-2018-7964 + RESERVED +CVE-2018-7963 + RESERVED +CVE-2018-7962 + RESERVED +CVE-2018-7961 + RESERVED +CVE-2018-7960 + RESERVED +CVE-2018-7959 + RESERVED +CVE-2018-7958 + RESERVED +CVE-2018-7957 + RESERVED +CVE-2018-7956 + RESERVED +CVE-2018-7955 + RESERVED +CVE-2018-7954 + RESERVED +CVE-2018-7953 + RESERVED +CVE-2018-7952 + RESERVED +CVE-2018-7951 + RESERVED +CVE-2018-7950 + RESERVED +CVE-2018-7949 + RESERVED +CVE-2018-7948 + RESERVED +CVE-2018-7947 + RESERVED +CVE-2018-7946 + RESERVED +CVE-2018-7945 + RESERVED +CVE-2018-7944 + RESERVED +CVE-2018-7943 + RESERVED +CVE-2018-7942 + RESERVED +CVE-2018-7941 + RESERVED +CVE-2018-7940 + RESERVED +CVE-2018-7939 + RESERVED +CVE-2018-7938 + RESERVED +CVE-2018-7937 + RESERVED +CVE-2018-7936 + RESERVED +CVE-2018-7935 + RESERVED +CVE-2018-7934 + RESERVED +CVE-2018-7933 + RESERVED +CVE-2018-7932 + RESERVED +CVE-2018-7931 + RESERVED +CVE-2018-7930 + RESERVED +CVE-2018-7929 + RESERVED +CVE-2018-7928 + RESERVED +CVE-2018-7927 + RESERVED +CVE-2018-7926 + RESERVED +CVE-2018-7925 + RESERVED +CVE-2018-7924 + RESERVED +CVE-2018-7923 + RESERVED +CVE-2018-7922 + RESERVED +CVE-2018-7921 + RESERVED +CVE-2018-7920 + RESERVED +CVE-2018-7919 + RESERVED +CVE-2018-7918 + RESERVED +CVE-2018-7917 + RESERVED +CVE-2018-7916 + RESERVED +CVE-2018-7915 + RESERVED +CVE-2018-7914 + RESERVED +CVE-2018-7913 + RESERVED +CVE-2018-7912 + RESERVED +CVE-2018-7911 + RESERVED +CVE-2018-7910 + RESERVED +CVE-2018-7909 + RESERVED +CVE-2018-7908 + RESERVED +CVE-2018-7907 + RESERVED +CVE-2018-7906 + RESERVED +CVE-2018-7905 + RESERVED +CVE-2018-7904 + RESERVED +CVE-2018-7903 + RESERVED +CVE-2018-7902 + RESERVED +CVE-2018-7901 + RESERVED +CVE-2018-7900 + RESERVED +CVE-2018-7899 + RESERVED +CVE-2018-7898 + RESERVED +CVE-2018-7897 + RESERVED +CVE-2018-7896 + RESERVED +CVE-2018-7895 + RESERVED +CVE-2018-7894 (Eramba e1.0.6.033 has Reflected XSS in ...) + TODO: check +CVE-2018-7893 + RESERVED +CVE-2018-7892 + RESERVED +CVE-2018-7891 + RESERVED +CVE-2018-7995 (Race condition in the store_int_with_restart() function in ...) - linux <unfixed> NOTE: https://lkml.org/lkml/2018/3/2/970 CVE-2018-7890 (A remote code execution issue was discovered in Zoho ManageEngine ...) @@ -72,15 +294,15 @@ CVE-2018-7866 (A NULL pointer dereference was discovered in newVar3 in ...) - ming <removed> NOTE: https://github.com/libming/libming/issues/118 CVE-2018-7865 - RESERVED + REJECTED CVE-2018-7864 - RESERVED + REJECTED CVE-2018-7863 - RESERVED + REJECTED CVE-2018-7862 - RESERVED + REJECTED CVE-2018-7861 - RESERVED + REJECTED CVE-2018-7860 RESERVED CVE-2018-7859 @@ -824,10 +1046,10 @@ CVE-2018-7584 (In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, NOTE: https://github.com/php/php-src/commit/523f230c831d7b33353203fa34aee4e92ac12bba CVE-2018-7583 (Proxy.exe in DualDesk 20 allows Remote Denial Of Service (daemon crash) ...) NOT-FOR-US: Proxy.exe in DualDesk 20 -CVE-2018-7582 - RESERVED -CVE-2018-7581 - RESERVED +CVE-2018-7582 (WebLog Expert Web Server Enterprise 9.4 allows Remote Denial Of ...) + TODO: check +CVE-2018-7581 (\ProgramData\WebLog Expert\WebServer\WebServer.cfg in WebLog Expert ...) + TODO: check CVE-2018-7580 RESERVED CVE-2017-18211 (In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was ...) @@ -988,6 +1210,7 @@ CVE-2018-7546 CVE-2018-7545 RESERVED CVE-2017-18206 (In utils.c in zsh before 5.4, symlink expansion had a buffer overflow. ...) + {DLA-1304-1} - zsh 5.4.1-1 NOTE: https://sourceforge.net/p/zsh/code/ci/c7a9cf465dd620ef48d586026944d9bd7a0d5d6d CVE-2017-18205 (In builtin.c in zsh before 5.4, when sh compatibility mode is used, ...) @@ -995,16 +1218,20 @@ CVE-2017-18205 (In builtin.c in zsh before 5.4, when sh compatibility mode is us NOTE: https://sourceforge.net/p/zsh/code/ci/eb783754bdb74377f3cea4ceca9c23a02ea1bf58 NOTE: no security impact CVE-2016-10714 (In zsh before 5.3, an off-by-one error resulted in undersized buffers ...) + {DLA-1304-1} - zsh 5.3-1 NOTE: https://sourceforge.net/p/zsh/code/ci/a62e1640bcafbb82d86ea8d8ce057a83c4683d60 CVE-2014-10072 (In utils.c in zsh before 5.0.6, there is a buffer overflow when ...) + {DLA-1304-1} - zsh 5.0.6-1 NOTE: https://sourceforge.net/p/zsh/code/ci/3e06aeabd8a9e8384ebaa8b08996cd1f64737210 CVE-2014-10071 (In exec.c in zsh before 5.0.7, there is a buffer overflow for very long ...) + {DLA-1304-1} - zsh 5.0.7-3 NOTE: https://sourceforge.net/p/zsh/code/ci/49a3086bb67575435251c70ee598e2fd406ef055 NOTE: Debian needed to add cherry-pick-9982ab6f-missing-changelog-entry CVE-2014-10070 (zsh before 5.0.7 allows evaluation of the initial values of integer ...) + {DLA-1304-1} - zsh 5.0.7-3 NOTE: https://sourceforge.net/p/zsh/code/ci/546203a770cec329e73781c3c8ab1078390aee72 CVE-2018-7544 @@ -1034,13 +1261,11 @@ CVE-2018-7644 (The XmlSecLibs library as used in the saml2 library in SimpleSAML - simplesamlphp 1.15.3-1 NOTE: https://simplesamlphp.org/security/201802-01 NOTE: Fixed by: https://github.com/simplesamlphp/saml2/commit/88a9ae848c4b310b1c53b5700893d890999dd930 -CVE-2018-7537 [Denial-of-service possibility in truncatechars_html and truncatewords_html template filters] - RESERVED +CVE-2018-7537 (An issue was discovered in Django 2.0 before 2.0.3, 1.11 before ...) {DLA-1303-1} - python-django 1:1.11.11-1 NOTE: https://www.djangoproject.com/weblog/2018/mar/06/security-releases/ -CVE-2018-7536 [Denial-of-service possibility in urlize and urlizetrunc template filters] - RESERVED +CVE-2018-7536 (An issue was discovered in Django 2.0 before 2.0.3, 1.11 before ...) {DLA-1303-1} - python-django 1:1.11.11-1 NOTE: https://www.djangoproject.com/weblog/2018/mar/06/security-releases/ @@ -1783,8 +2008,7 @@ CVE-2018-7292 RESERVED CVE-2018-7291 RESERVED -CVE-2018-7290 [Stored XSS vulnerability] - RESERVED +CVE-2018-7290 (Cross Site Scripting (XSS) exists in Tiki before 12.13, 15.6, 17.2, ...) NOT-FOR-US: Tiki CVE-2018-7289 (An issue was discovered in armadito-windows-driver/src/communication.c ...) NOT-FOR-US: Armadito @@ -2896,8 +3120,8 @@ CVE-2018-6918 RESERVED CVE-2018-6917 RESERVED -CVE-2018-6916 - RESERVED +CVE-2018-6916 (In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p7, 10.4-STABLE, ...) + TODO: check CVE-2018-6915 RESERVED CVE-2018-6914 @@ -18524,14 +18748,12 @@ CVE-2018-1073 RESERVED CVE-2018-1072 RESERVED -CVE-2018-1071 [Stack-based buffer overflow in exec.c:hashcmd()] - RESERVED +CVE-2018-1071 (zsh through version 5.4.2 is vulnerable to a stack-based buffer ...) - zsh <unfixed> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1553531 CVE-2018-1070 RESERVED -CVE-2018-1069 - RESERVED +CVE-2018-1069 (Red Hat OpenShift Enterprise version 3.7 is vulnerable to access ...) NOT-FOR-US: OpenShift CVE-2018-1068 RESERVED @@ -18741,26 +18963,26 @@ CVE-2017-17332 RESERVED CVE-2017-17331 RESERVED -CVE-2017-17330 - RESERVED -CVE-2017-17329 - RESERVED -CVE-2017-17328 - RESERVED -CVE-2017-17327 - RESERVED -CVE-2017-17326 - RESERVED -CVE-2017-17325 - RESERVED -CVE-2017-17324 - RESERVED -CVE-2017-17323 - RESERVED -CVE-2017-17322 - RESERVED -CVE-2017-17321 - RESERVED +CVE-2017-17330 (Huawei AR3200 V200R005C32; V200R006C10; V200R006C11; V200R007C00; ...) + TODO: check +CVE-2017-17329 (Huawei ViewPoint 8660 V100R008C03 have a memory leak vulnerability. ...) + TODO: check +CVE-2017-17328 (Huawei smartphones with software of MHA-AL00AC00B125 have an integer ...) + TODO: check +CVE-2017-17327 (Huawei smartphones with software of MHA-AL00AC00B125 have an improper ...) + TODO: check +CVE-2017-17326 (Huawei Mate 9 Pro Smartphones with software of LON-AL00BC00B139D; ...) + TODO: check +CVE-2017-17325 (Huawei video applications HiCinema with software of 8.0.3.308; ...) + TODO: check +CVE-2017-17324 (Huawei Mate 9 Pro smartphones with software LON-AL00BC00B139D; ...) + TODO: check +CVE-2017-17323 (Huawei iBMC V200R002C10; V200R002C20; V200R002C30 have an improper ...) + TODO: check +CVE-2017-17322 (Huawei Honor Smart Scale Application with software of 1.1.1 has an ...) + TODO: check +CVE-2017-17321 (Huawei eNSP software with software of versions earlier than ...) + TODO: check CVE-2017-17320 RESERVED CVE-2017-17319 @@ -18793,10 +19015,10 @@ CVE-2017-17306 RESERVED CVE-2017-17305 RESERVED -CVE-2017-17304 - RESERVED -CVE-2017-17303 - RESERVED +CVE-2017-17304 (The CIDAM Protocol on Huawei DP300 V500R002C00; V500R002C00B010; ...) + TODO: check +CVE-2017-17303 (Huawei DP300 V500R002C00; V500R002C00B010; V500R002C00B011; ...) + TODO: check CVE-2017-17302 (Huawei DP300 V500R002C00, RP200 V600R006C00, TE30 V100R001C10, ...) NOT-FOR-US: Huawei CVE-2017-17301 (Huawei AR120-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, ...) @@ -18839,12 +19061,12 @@ CVE-2017-17283 (Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 . NOT-FOR-US: Huawei CVE-2017-17282 RESERVED -CVE-2017-17281 - RESERVED -CVE-2017-17280 - RESERVED -CVE-2017-17279 - RESERVED +CVE-2017-17281 (SFTP module in Huawei DP300 V500R002C00; RP200 V600R006C00; TE30 ...) + TODO: check +CVE-2017-17280 (NFC (Near Field Communication) module in Huawei mobile phones with ...) + TODO: check +CVE-2017-17279 (The soundtrigger module in Huawei Mate 9 Pro smart phones with ...) + TODO: check CVE-2017-17278 RESERVED CVE-2017-17277 @@ -18901,8 +19123,8 @@ CVE-2017-17252 RESERVED CVE-2017-17251 RESERVED -CVE-2017-17250 - RESERVED +CVE-2017-17250 (Huawei AR120-S V200R005C32; AR1200 V200R005C32; AR1200-S V200R005C32; ...) + TODO: check CVE-2017-17249 RESERVED CVE-2017-17248 @@ -18947,30 +19169,30 @@ CVE-2017-17229 RESERVED CVE-2017-17228 RESERVED -CVE-2017-17227 - RESERVED -CVE-2017-17226 - RESERVED -CVE-2017-17225 - RESERVED +CVE-2017-17227 (GPU driver in Huawei Mate 10 smart phones with the versions before ...) + TODO: check +CVE-2017-17226 (The TripAdvisor app with the versions before TAMobileApp-24.6.4 ...) + TODO: check +CVE-2017-17225 (The Near Field Communication (NFC) module in Huawei Mate 9 Pro mobile ...) + TODO: check CVE-2017-17224 RESERVED -CVE-2017-17223 - RESERVED -CVE-2017-17222 - RESERVED -CVE-2017-17221 - RESERVED -CVE-2017-17220 - RESERVED -CVE-2017-17219 - RESERVED -CVE-2017-17218 - RESERVED -CVE-2017-17217 - RESERVED -CVE-2017-17216 - RESERVED +CVE-2017-17223 (Huawei eSpace 7910 V200R003C30; eSpace 7950 V200R003C30; eSpace 8950 ...) + TODO: check +CVE-2017-17222 (Import Language Package function in Huawei eSpace 7950 V200R003C30; ...) + TODO: check +CVE-2017-17221 (Import Signal Tone function in Huawei eSpace 7950 V200R003C30; eSpace ...) + TODO: check +CVE-2017-17220 (SCCPX module in Huawei DP300 V500R002C00; RP200 V500R002C00; ...) + TODO: check +CVE-2017-17219 (SCCPX module in Huawei DP300 V500R002C00; RP200 V500R002C00; ...) + TODO: check +CVE-2017-17218 (SCCPX module in Huawei DP300 V500R002C00; RP200 V500R002C00; ...) + TODO: check +CVE-2017-17217 (Media Gateway Control Protocol (MGCP) in Huawei DP300 V500R002C00; ...) + TODO: check +CVE-2017-17216 (Media Gateway Control Protocol (MGCP) in Huawei DP300 V500R002C00; ...) + TODO: check CVE-2017-17215 RESERVED CVE-2017-17214 @@ -19001,10 +19223,10 @@ CVE-2017-17202 (Huawei AR120-S V200R005C32, V200R006C10, V200R007C00, V200R008C2 NOT-FOR-US: Huawei CVE-2017-17201 (Some huawei smartphones with software BTV-DL09C233B350, ...) NOT-FOR-US: Huawei -CVE-2017-17200 - RESERVED -CVE-2017-17199 - RESERVED +CVE-2017-17200 (Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 ...) + TODO: check +CVE-2017-17199 (Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 ...) + TODO: check CVE-2017-17198 RESERVED CVE-2017-17197 @@ -19061,14 +19283,14 @@ CVE-2017-17172 RESERVED CVE-2017-17171 RESERVED -CVE-2017-17170 - RESERVED -CVE-2017-17169 - RESERVED -CVE-2017-17168 - RESERVED -CVE-2017-17167 - RESERVED +CVE-2017-17170 (The CIDAM Protocol on Huawei DP300 V500R002C00; V500R002C00B010; ...) + TODO: check +CVE-2017-17169 (The CIDAM Protocol on Huawei DP300 V500R002C00; V500R002C00B010; ...) + TODO: check +CVE-2017-17168 (The CIDAM Protocol on Huawei DP300 V500R002C00; V500R002C00B010; ...) + TODO: check +CVE-2017-17167 (Huawei DP300 V500R002C00; TP3206 V100R002C00; ViewPoint 9030 ...) + TODO: check CVE-2017-17166 (Huawei DP300 V500R002C00, Secospace USG6300 V500R001C00, V500R001C20, ...) NOT-FOR-US: Huawei CVE-2017-17165 (IPv6 function in Huawei Quidway S2700 V200R003C00SPC300, Quidway S5300 ...) @@ -19101,18 +19323,18 @@ CVE-2017-17152 (IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, ...) NOT-FOR-US: Huawei CVE-2017-17151 (Huawei AR100, AR100-S, AR110-S, AR120, AR120-S, AR1200, AR1200-S, ...) NOT-FOR-US: Huawei -CVE-2017-17150 - RESERVED -CVE-2017-17149 - RESERVED -CVE-2017-17148 - RESERVED -CVE-2017-17147 - RESERVED -CVE-2017-17146 - RESERVED -CVE-2017-17145 - RESERVED +CVE-2017-17150 (Timergrp module in Huawei DP300 V500R002C00; RP200 V500R002C00; ...) + TODO: check +CVE-2017-17149 (Huawei HiWallet App with the versions before 8.0.4 has an arbitrary ...) + TODO: check +CVE-2017-17148 (Huawei DP300 V500R002C00 have a DoS vulnerability due to the lack of ...) + TODO: check +CVE-2017-17147 (Huawei DP300 V500R002C00 have an integer overflow vulnerability due to ...) + TODO: check +CVE-2017-17146 (Huawei DP300 V500R002C00 have a buffer overflow vulnerability due to ...) + TODO: check +CVE-2017-17145 (Huawei Honor V9 Play smart phones with the versions before ...) + TODO: check CVE-2017-17144 (Backup feature of SIP module in Huawei DP300 V500R002C00; ...) NOT-FOR-US: Huawei CVE-2017-17143 (SIP module in Huawei DP300 V500R002C00; V500R002C00SPC100; ...) @@ -20448,16 +20670,16 @@ CVE-2018-0549 RESERVED CVE-2018-0548 RESERVED -CVE-2018-0547 - RESERVED -CVE-2018-0546 - RESERVED +CVE-2018-0547 (Cross-site scripting vulnerability in WP All Import plugin prior to ...) + TODO: check +CVE-2018-0546 (Cross-site scripting vulnerability in WP All Import plugin prior to ...) + TODO: check CVE-2018-0545 RESERVED -CVE-2018-0544 - RESERVED -CVE-2018-0543 - RESERVED +CVE-2018-0544 (Untrusted search path vulnerability in WinShot 1.53a and earlier ...) + TODO: check +CVE-2018-0543 (Untrusted search path vulnerability in Jtrim 1.53c and earlier ...) + TODO: check CVE-2018-0542 RESERVED CVE-2018-0541 @@ -20492,16 +20714,16 @@ CVE-2018-0527 RESERVED CVE-2018-0526 RESERVED -CVE-2018-0525 - RESERVED -CVE-2018-0524 - RESERVED -CVE-2018-0523 - RESERVED -CVE-2018-0522 - RESERVED -CVE-2018-0521 - RESERVED +CVE-2018-0525 (Directory traversal vulnerability in Jubatus 1.0.2 and earlier allows ...) + TODO: check +CVE-2018-0524 (Jubatus 1.0.2 and earlier allows remote code execution via unspecified ...) + TODO: check +CVE-2018-0523 (Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker ...) + TODO: check +CVE-2018-0522 (Buffer overflow in Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier ...) + TODO: check +CVE-2018-0521 (Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker ...) + TODO: check CVE-2018-0520 (Cross-site request forgery (CSRF) vulnerability in FS010W firmware ...) NOT-FOR-US: FS010W firmware CVE-2018-0519 (Cross-site scripting vulnerability in FS010W firmware FS010W_00_V1.3.0 ...) @@ -40343,12 +40565,12 @@ CVE-2017-10856 (SEIL/X 4.60 to 5.72, SEIL/B1 4.60 to 5.72, SEIL/x86 3.20 to 5.72 NOT-FOR-US: SEIL CVE-2017-10855 (Untrusted search path vulnerability in FENCE-Explorer for Windows ...) NOT-FOR-US: FENCE-Explorer for Windows -CVE-2017-10854 - RESERVED -CVE-2017-10853 - RESERVED -CVE-2017-10852 - RESERVED +CVE-2017-10854 (Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to ...) + TODO: check +CVE-2017-10853 (Buffer overflow in Corega CG-WGR1200 firmware 2.20 and earlier allows ...) + TODO: check +CVE-2017-10852 (Buffer overflow in Corega CG-WGR1200 firmware 2.20 and earlier allows ...) + TODO: check CVE-2017-10851 (Untrusted search path vulnerability in Installer for ContentsBridge ...) NOT-FOR-US: Installer for ContentsBridge Utility for Windows CVE-2017-10850 (Untrusted search path vulnerability in Installers of ART EX Driver for ...) @@ -71475,8 +71697,7 @@ CVE-2016-9608 REJECTED CVE-2016-9607 REJECTED -CVE-2016-9606 - RESERVED +CVE-2016-9606 (JBoss RESTEasy before version 3.1.2 could be forced into parsing a ...) - resteasy 3.1.4-1 (bug #851430) [jessie] - resteasy <no-dsa> (Minor issue) - resteasy3.0 <undetermined> @@ -71553,8 +71774,7 @@ CVE-2016-9593 CVE-2016-9592 RESERVED NOT-FOR-US: OpenShift -CVE-2016-9591 [Use-after-free on heap in jas_matrix_destroy] - RESERVED +CVE-2016-9591 (JasPer before version 2.0.12 is vulnerable to a use-after-free in the ...) {DSA-3827-1 DLA-920-1} - jasper <removed> NOTE: https://github.com/mdadams/jasper/issues/105 @@ -71587,8 +71807,7 @@ CVE-2016-9586 [printf floating point buffer overflow] NOTE: Fixed by: https://github.com/curl/curl/commit/3ab3c16db6a5674f53cf23d56512a405fde0b2c9 NOTE: There are no known vulnerable applications but as this is a NOTE: library it should be fixed as we do not know the full impact. -CVE-2016-9585 - RESERVED +CVE-2016-9585 (Red Hat JBoss EAP version 5 is vulnerable to a deserialization of ...) NOT-FOR-US: JMX endpoint of Red Hat JBoss EAP 5 CVE-2016-9584 (libical allows remote attackers to cause a denial of service ...) {DLA-959-1} @@ -75091,8 +75310,7 @@ CVE-2016-8613 - foreman <itp> (bug #663101) NOTE: http://projects.theforeman.org/issues/17066/ NOTE: https://github.com/theforeman/foreman_remote_execution/pull/208 -CVE-2016-8612 - RESERVED +CVE-2016-8612 (Apache HTTP Server mod_cluster before version httpd 2.4.23 is ...) - libapache2-mod-cluster <itp> (bug #731410) CVE-2016-8611 [Glance Image service v1 and v2 api image-create vulnerability] RESERVED @@ -102819,8 +103037,8 @@ CVE-2016-0288 (IBM Security AppScan Standard 8.7.x, 8.8.x, and 9.x before 9.0.3. NOT-FOR-US: IBM CVE-2016-0287 (IBM i Access 7.1 on Windows allows local users to discover registry ...) NOT-FOR-US: IBM -CVE-2016-0286 - RESERVED +CVE-2016-0286 (IBM Tivoli Business Service Manager 6.1.0 before 6.1.0-TIV-BSM-FP0004 ...) + TODO: check CVE-2016-0285 (Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative ...) NOT-FOR-US: IBM CVE-2016-0284 (The XML parser in IBM Rational Collaborative Lifecycle Management ...) @@ -102839,24 +103057,24 @@ CVE-2016-0278 (Heap-based buffer overflow in the KeyView PDF filter in IBM Domin NOT-FOR-US: IBM CVE-2016-0277 (Heap-based buffer overflow in the KeyView PDF filter in IBM Domino ...) NOT-FOR-US: IBM -CVE-2016-0276 - RESERVED -CVE-2016-0275 - RESERVED -CVE-2016-0274 - RESERVED +CVE-2016-0276 (IBM Financial Transaction Manager (FTM) for ACH Services for ...) + TODO: check +CVE-2016-0275 (IBM Financial Transaction Manager (FTM) for ACH Services for ...) + TODO: check +CVE-2016-0274 (IBM Financial Transaction Manager (FTM) for ACH Services for ...) + TODO: check CVE-2016-0273 (Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative ...) NOT-FOR-US: IBM -CVE-2016-0272 - RESERVED +CVE-2016-0272 (Cross-site request forgery (CSRF) vulnerability in IBM Financial ...) + TODO: check CVE-2016-0271 (The agents in IBM UrbanCode Deploy 6.x before 6.0.1.14, 6.1.x before ...) NOT-FOR-US: IBM CVE-2016-0270 (IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 ...) NOT-FOR-US: IBM CVE-2016-0269 (Cross-site scripting (XSS) vulnerability in IBM BigFix Platform 9.x ...) NOT-FOR-US: IBM -CVE-2016-0268 - RESERVED +CVE-2016-0268 (XML external entity (XXE) vulnerability in IBM Financial Transaction ...) + TODO: check CVE-2016-0267 (IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and ...) NOT-FOR-US: IBM CVE-2016-0266 (IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the ...) @@ -102885,8 +103103,8 @@ CVE-2016-0255 (IBM Marketing Platform 9.1 and 10.0 is vulnerable to stored cross NOT-FOR-US: IBM CVE-2016-0254 (IBM Cognos Business Intelligence 10.1 and 10.2 is vulnerable to a ...) NOT-FOR-US: IBM -CVE-2016-0253 - RESERVED +CVE-2016-0253 (Cross-site scripting (XSS) vulnerability in IBM Financial Transaction ...) + TODO: check CVE-2016-0252 (IBM Control Center 6.x before 6.0.0.1 iFix06 and Sterling Control ...) NOT-FOR-US: IBM CVE-2016-0251 @@ -136401,8 +136619,7 @@ CVE-2014-6619 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: PizzaInn_Project Restaurant Script CVE-2014-6618 (Cross-site scripting (XSS) vulnerability in Your Online Shop allows ...) NOT-FOR-US: Your Online Shop -CVE-2014-6617 - RESERVED +CVE-2014-6617 (Softing FG-100 PB PROFIBUS firmware version FG-x00-PB_V2.02.0.00 ...) NOT-FOR-US: Softing FG-100 CVE-2014-6616 (Cross-site scripting (XSS) vulnerability in Softing FG-100 PROFIBUS ...) NOT-FOR-US: Softing FG-100 @@ -140705,8 +140922,8 @@ CVE-2014-4863 (The Arris Touchstone DG950A cable modem with software 7.10.131 ha NOT-FOR-US: Arris Touchstone DG950A cable modem CVE-2014-4862 (The Netmaster CBW700N cable modem with software 81.447.392110.729.024 ...) NOT-FOR-US: Netmaster CBW700N cable modem -CVE-2014-4861 - RESERVED +CVE-2014-4861 (The Remote Desktop Launcher in Thycotic Secret Server before ...) + TODO: check CVE-2014-4860 RESERVED - edk2 <not-affected> (No support for updates of hypervisor-supplied firmware from guests) @@ -146867,8 +147084,8 @@ CVE-2014-2594 RESERVED CVE-2014-2593 (The management console in Aruba Networks ClearPass Policy Manager ...) NOT-FOR-US: Aruba Networks ClearPass Policy Manager -CVE-2014-2592 - RESERVED +CVE-2014-2592 (Unrestricted file upload vulnerability in Aruba Web Management portal ...) + TODO: check CVE-2014-2591 (Untrusted search path vulnerability in BMC Patrol for AIX 3.9.00 ...) NOT-FOR-US: AIX CVE-2014-2590 (The web management interface in Siemens RuggedCom ROS before 3.11, ROS ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/65e99cea307d2e3d0fa0da73b24141842cc0d282 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/65e99cea307d2e3d0fa0da73b24141842cc0d282 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits