Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
65e99cea by security tracker role at 2018-03-09T21:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,4 +1,226 @@
-CVE-2018-7995 [x86/MCE: kernel panic when check_interval is changed]
+CVE-2018-8002 (In PoDoFo 0.9.5, there exists an infinite loop vulnerability in
...)
+ TODO: check
+CVE-2018-8001 (In PoDoFo 0.9.5, there exists a heap-based buffer over-read ...)
+ TODO: check
+CVE-2018-8000 (In PoDoFo 0.9.5, there exists a heap-based buffer overflow ...)
+ TODO: check
+CVE-2018-7999 (In libgraphite2 in graphite2 1.3.11, a NULL pointer dereference
...)
+ TODO: check
+CVE-2018-7998 (In libvips before 8.6.3, a NULL function pointer dereference
...)
+ TODO: check
+CVE-2018-7997 (Eramba e1.0.6.033 has Reflected XSS on the Error page of the
CSV file ...)
+ TODO: check
+CVE-2018-7996 (Eramba e1.0.6.033 has Stored XSS on the tooltip box via the ...)
+ TODO: check
+CVE-2018-7994
+ RESERVED
+CVE-2018-7993
+ RESERVED
+CVE-2018-7992
+ RESERVED
+CVE-2018-7991
+ RESERVED
+CVE-2018-7990
+ RESERVED
+CVE-2018-7989
+ RESERVED
+CVE-2018-7988
+ RESERVED
+CVE-2018-7987
+ RESERVED
+CVE-2018-7986
+ RESERVED
+CVE-2018-7985
+ RESERVED
+CVE-2018-7984
+ RESERVED
+CVE-2018-7983
+ RESERVED
+CVE-2018-7982
+ RESERVED
+CVE-2018-7981
+ RESERVED
+CVE-2018-7980
+ RESERVED
+CVE-2018-7979
+ RESERVED
+CVE-2018-7978
+ RESERVED
+CVE-2018-7977
+ RESERVED
+CVE-2018-7976
+ RESERVED
+CVE-2018-7975
+ RESERVED
+CVE-2018-7974
+ RESERVED
+CVE-2018-7973
+ RESERVED
+CVE-2018-7972
+ RESERVED
+CVE-2018-7971
+ RESERVED
+CVE-2018-7970
+ RESERVED
+CVE-2018-7969
+ RESERVED
+CVE-2018-7968
+ RESERVED
+CVE-2018-7967
+ RESERVED
+CVE-2018-7966
+ RESERVED
+CVE-2018-7965
+ RESERVED
+CVE-2018-7964
+ RESERVED
+CVE-2018-7963
+ RESERVED
+CVE-2018-7962
+ RESERVED
+CVE-2018-7961
+ RESERVED
+CVE-2018-7960
+ RESERVED
+CVE-2018-7959
+ RESERVED
+CVE-2018-7958
+ RESERVED
+CVE-2018-7957
+ RESERVED
+CVE-2018-7956
+ RESERVED
+CVE-2018-7955
+ RESERVED
+CVE-2018-7954
+ RESERVED
+CVE-2018-7953
+ RESERVED
+CVE-2018-7952
+ RESERVED
+CVE-2018-7951
+ RESERVED
+CVE-2018-7950
+ RESERVED
+CVE-2018-7949
+ RESERVED
+CVE-2018-7948
+ RESERVED
+CVE-2018-7947
+ RESERVED
+CVE-2018-7946
+ RESERVED
+CVE-2018-7945
+ RESERVED
+CVE-2018-7944
+ RESERVED
+CVE-2018-7943
+ RESERVED
+CVE-2018-7942
+ RESERVED
+CVE-2018-7941
+ RESERVED
+CVE-2018-7940
+ RESERVED
+CVE-2018-7939
+ RESERVED
+CVE-2018-7938
+ RESERVED
+CVE-2018-7937
+ RESERVED
+CVE-2018-7936
+ RESERVED
+CVE-2018-7935
+ RESERVED
+CVE-2018-7934
+ RESERVED
+CVE-2018-7933
+ RESERVED
+CVE-2018-7932
+ RESERVED
+CVE-2018-7931
+ RESERVED
+CVE-2018-7930
+ RESERVED
+CVE-2018-7929
+ RESERVED
+CVE-2018-7928
+ RESERVED
+CVE-2018-7927
+ RESERVED
+CVE-2018-7926
+ RESERVED
+CVE-2018-7925
+ RESERVED
+CVE-2018-7924
+ RESERVED
+CVE-2018-7923
+ RESERVED
+CVE-2018-7922
+ RESERVED
+CVE-2018-7921
+ RESERVED
+CVE-2018-7920
+ RESERVED
+CVE-2018-7919
+ RESERVED
+CVE-2018-7918
+ RESERVED
+CVE-2018-7917
+ RESERVED
+CVE-2018-7916
+ RESERVED
+CVE-2018-7915
+ RESERVED
+CVE-2018-7914
+ RESERVED
+CVE-2018-7913
+ RESERVED
+CVE-2018-7912
+ RESERVED
+CVE-2018-7911
+ RESERVED
+CVE-2018-7910
+ RESERVED
+CVE-2018-7909
+ RESERVED
+CVE-2018-7908
+ RESERVED
+CVE-2018-7907
+ RESERVED
+CVE-2018-7906
+ RESERVED
+CVE-2018-7905
+ RESERVED
+CVE-2018-7904
+ RESERVED
+CVE-2018-7903
+ RESERVED
+CVE-2018-7902
+ RESERVED
+CVE-2018-7901
+ RESERVED
+CVE-2018-7900
+ RESERVED
+CVE-2018-7899
+ RESERVED
+CVE-2018-7898
+ RESERVED
+CVE-2018-7897
+ RESERVED
+CVE-2018-7896
+ RESERVED
+CVE-2018-7895
+ RESERVED
+CVE-2018-7894 (Eramba e1.0.6.033 has Reflected XSS in ...)
+ TODO: check
+CVE-2018-7893
+ RESERVED
+CVE-2018-7892
+ RESERVED
+CVE-2018-7891
+ RESERVED
+CVE-2018-7995 (Race condition in the store_int_with_restart() function in ...)
- linux <unfixed>
NOTE: https://lkml.org/lkml/2018/3/2/970
CVE-2018-7890 (A remote code execution issue was discovered in Zoho
ManageEngine ...)
@@ -72,15 +294,15 @@ CVE-2018-7866 (A NULL pointer dereference was discovered
in newVar3 in ...)
- ming <removed>
NOTE: https://github.com/libming/libming/issues/118
CVE-2018-7865
- RESERVED
+ REJECTED
CVE-2018-7864
- RESERVED
+ REJECTED
CVE-2018-7863
- RESERVED
+ REJECTED
CVE-2018-7862
- RESERVED
+ REJECTED
CVE-2018-7861
- RESERVED
+ REJECTED
CVE-2018-7860
RESERVED
CVE-2018-7859
@@ -824,10 +1046,10 @@ CVE-2018-7584 (In PHP through 5.6.33, 7.0.x before
7.0.28, 7.1.x through 7.1.14,
NOTE:
https://github.com/php/php-src/commit/523f230c831d7b33353203fa34aee4e92ac12bba
CVE-2018-7583 (Proxy.exe in DualDesk 20 allows Remote Denial Of Service
(daemon crash) ...)
NOT-FOR-US: Proxy.exe in DualDesk 20
-CVE-2018-7582
- RESERVED
-CVE-2018-7581
- RESERVED
+CVE-2018-7582 (WebLog Expert Web Server Enterprise 9.4 allows Remote Denial Of
...)
+ TODO: check
+CVE-2018-7581 (\ProgramData\WebLog Expert\WebServer\WebServer.cfg in WebLog
Expert ...)
+ TODO: check
CVE-2018-7580
RESERVED
CVE-2017-18211 (In ImageMagick 7.0.7, a NULL pointer dereference vulnerability
was ...)
@@ -988,6 +1210,7 @@ CVE-2018-7546
CVE-2018-7545
RESERVED
CVE-2017-18206 (In utils.c in zsh before 5.4, symlink expansion had a buffer
overflow. ...)
+ {DLA-1304-1}
- zsh 5.4.1-1
NOTE:
https://sourceforge.net/p/zsh/code/ci/c7a9cf465dd620ef48d586026944d9bd7a0d5d6d
CVE-2017-18205 (In builtin.c in zsh before 5.4, when sh compatibility mode is
used, ...)
@@ -995,16 +1218,20 @@ CVE-2017-18205 (In builtin.c in zsh before 5.4, when sh
compatibility mode is us
NOTE:
https://sourceforge.net/p/zsh/code/ci/eb783754bdb74377f3cea4ceca9c23a02ea1bf58
NOTE: no security impact
CVE-2016-10714 (In zsh before 5.3, an off-by-one error resulted in undersized
buffers ...)
+ {DLA-1304-1}
- zsh 5.3-1
NOTE:
https://sourceforge.net/p/zsh/code/ci/a62e1640bcafbb82d86ea8d8ce057a83c4683d60
CVE-2014-10072 (In utils.c in zsh before 5.0.6, there is a buffer overflow
when ...)
+ {DLA-1304-1}
- zsh 5.0.6-1
NOTE:
https://sourceforge.net/p/zsh/code/ci/3e06aeabd8a9e8384ebaa8b08996cd1f64737210
CVE-2014-10071 (In exec.c in zsh before 5.0.7, there is a buffer overflow for
very long ...)
+ {DLA-1304-1}
- zsh 5.0.7-3
NOTE:
https://sourceforge.net/p/zsh/code/ci/49a3086bb67575435251c70ee598e2fd406ef055
NOTE: Debian needed to add cherry-pick-9982ab6f-missing-changelog-entry
CVE-2014-10070 (zsh before 5.0.7 allows evaluation of the initial values of
integer ...)
+ {DLA-1304-1}
- zsh 5.0.7-3
NOTE:
https://sourceforge.net/p/zsh/code/ci/546203a770cec329e73781c3c8ab1078390aee72
CVE-2018-7544
@@ -1034,13 +1261,11 @@ CVE-2018-7644 (The XmlSecLibs library as used in the
saml2 library in SimpleSAML
- simplesamlphp 1.15.3-1
NOTE: https://simplesamlphp.org/security/201802-01
NOTE: Fixed by:
https://github.com/simplesamlphp/saml2/commit/88a9ae848c4b310b1c53b5700893d890999dd930
-CVE-2018-7537 [Denial-of-service possibility in truncatechars_html and
truncatewords_html template filters]
- RESERVED
+CVE-2018-7537 (An issue was discovered in Django 2.0 before 2.0.3, 1.11 before
...)
{DLA-1303-1}
- python-django 1:1.11.11-1
NOTE:
https://www.djangoproject.com/weblog/2018/mar/06/security-releases/
-CVE-2018-7536 [Denial-of-service possibility in urlize and urlizetrunc
template filters]
- RESERVED
+CVE-2018-7536 (An issue was discovered in Django 2.0 before 2.0.3, 1.11 before
...)
{DLA-1303-1}
- python-django 1:1.11.11-1
NOTE:
https://www.djangoproject.com/weblog/2018/mar/06/security-releases/
@@ -1783,8 +2008,7 @@ CVE-2018-7292
RESERVED
CVE-2018-7291
RESERVED
-CVE-2018-7290 [Stored XSS vulnerability]
- RESERVED
+CVE-2018-7290 (Cross Site Scripting (XSS) exists in Tiki before 12.13, 15.6,
17.2, ...)
NOT-FOR-US: Tiki
CVE-2018-7289 (An issue was discovered in
armadito-windows-driver/src/communication.c ...)
NOT-FOR-US: Armadito
@@ -2896,8 +3120,8 @@ CVE-2018-6918
RESERVED
CVE-2018-6917
RESERVED
-CVE-2018-6916
- RESERVED
+CVE-2018-6916 (In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p7, 10.4-STABLE,
...)
+ TODO: check
CVE-2018-6915
RESERVED
CVE-2018-6914
@@ -18524,14 +18748,12 @@ CVE-2018-1073
RESERVED
CVE-2018-1072
RESERVED
-CVE-2018-1071 [Stack-based buffer overflow in exec.c:hashcmd()]
- RESERVED
+CVE-2018-1071 (zsh through version 5.4.2 is vulnerable to a stack-based buffer
...)
- zsh <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1553531
CVE-2018-1070
RESERVED
-CVE-2018-1069
- RESERVED
+CVE-2018-1069 (Red Hat OpenShift Enterprise version 3.7 is vulnerable to
access ...)
NOT-FOR-US: OpenShift
CVE-2018-1068
RESERVED
@@ -18741,26 +18963,26 @@ CVE-2017-17332
RESERVED
CVE-2017-17331
RESERVED
-CVE-2017-17330
- RESERVED
-CVE-2017-17329
- RESERVED
-CVE-2017-17328
- RESERVED
-CVE-2017-17327
- RESERVED
-CVE-2017-17326
- RESERVED
-CVE-2017-17325
- RESERVED
-CVE-2017-17324
- RESERVED
-CVE-2017-17323
- RESERVED
-CVE-2017-17322
- RESERVED
-CVE-2017-17321
- RESERVED
+CVE-2017-17330 (Huawei AR3200 V200R005C32; V200R006C10; V200R006C11;
V200R007C00; ...)
+ TODO: check
+CVE-2017-17329 (Huawei ViewPoint 8660 V100R008C03 have a memory leak
vulnerability. ...)
+ TODO: check
+CVE-2017-17328 (Huawei smartphones with software of MHA-AL00AC00B125 have an
integer ...)
+ TODO: check
+CVE-2017-17327 (Huawei smartphones with software of MHA-AL00AC00B125 have an
improper ...)
+ TODO: check
+CVE-2017-17326 (Huawei Mate 9 Pro Smartphones with software of
LON-AL00BC00B139D; ...)
+ TODO: check
+CVE-2017-17325 (Huawei video applications HiCinema with software of 8.0.3.308;
...)
+ TODO: check
+CVE-2017-17324 (Huawei Mate 9 Pro smartphones with software LON-AL00BC00B139D;
...)
+ TODO: check
+CVE-2017-17323 (Huawei iBMC V200R002C10; V200R002C20; V200R002C30 have an
improper ...)
+ TODO: check
+CVE-2017-17322 (Huawei Honor Smart Scale Application with software of 1.1.1
has an ...)
+ TODO: check
+CVE-2017-17321 (Huawei eNSP software with software of versions earlier than
...)
+ TODO: check
CVE-2017-17320
RESERVED
CVE-2017-17319
@@ -18793,10 +19015,10 @@ CVE-2017-17306
RESERVED
CVE-2017-17305
RESERVED
-CVE-2017-17304
- RESERVED
-CVE-2017-17303
- RESERVED
+CVE-2017-17304 (The CIDAM Protocol on Huawei DP300 V500R002C00;
V500R002C00B010; ...)
+ TODO: check
+CVE-2017-17303 (Huawei DP300 V500R002C00; V500R002C00B010; V500R002C00B011;
...)
+ TODO: check
CVE-2017-17302 (Huawei DP300 V500R002C00, RP200 V600R006C00, TE30 V100R001C10,
...)
NOT-FOR-US: Huawei
CVE-2017-17301 (Huawei AR120-S V200R005C32, V200R006C10, V200R007C00,
V200R008C20, ...)
@@ -18839,12 +19061,12 @@ CVE-2017-17283 (Huawei DP300 V500R002C00, RP200
V500R002C00, V600R006C00, TE30 .
NOT-FOR-US: Huawei
CVE-2017-17282
RESERVED
-CVE-2017-17281
- RESERVED
-CVE-2017-17280
- RESERVED
-CVE-2017-17279
- RESERVED
+CVE-2017-17281 (SFTP module in Huawei DP300 V500R002C00; RP200 V600R006C00;
TE30 ...)
+ TODO: check
+CVE-2017-17280 (NFC (Near Field Communication) module in Huawei mobile phones
with ...)
+ TODO: check
+CVE-2017-17279 (The soundtrigger module in Huawei Mate 9 Pro smart phones with
...)
+ TODO: check
CVE-2017-17278
RESERVED
CVE-2017-17277
@@ -18901,8 +19123,8 @@ CVE-2017-17252
RESERVED
CVE-2017-17251
RESERVED
-CVE-2017-17250
- RESERVED
+CVE-2017-17250 (Huawei AR120-S V200R005C32; AR1200 V200R005C32; AR1200-S
V200R005C32; ...)
+ TODO: check
CVE-2017-17249
RESERVED
CVE-2017-17248
@@ -18947,30 +19169,30 @@ CVE-2017-17229
RESERVED
CVE-2017-17228
RESERVED
-CVE-2017-17227
- RESERVED
-CVE-2017-17226
- RESERVED
-CVE-2017-17225
- RESERVED
+CVE-2017-17227 (GPU driver in Huawei Mate 10 smart phones with the versions
before ...)
+ TODO: check
+CVE-2017-17226 (The TripAdvisor app with the versions before
TAMobileApp-24.6.4 ...)
+ TODO: check
+CVE-2017-17225 (The Near Field Communication (NFC) module in Huawei Mate 9 Pro
mobile ...)
+ TODO: check
CVE-2017-17224
RESERVED
-CVE-2017-17223
- RESERVED
-CVE-2017-17222
- RESERVED
-CVE-2017-17221
- RESERVED
-CVE-2017-17220
- RESERVED
-CVE-2017-17219
- RESERVED
-CVE-2017-17218
- RESERVED
-CVE-2017-17217
- RESERVED
-CVE-2017-17216
- RESERVED
+CVE-2017-17223 (Huawei eSpace 7910 V200R003C30; eSpace 7950 V200R003C30;
eSpace 8950 ...)
+ TODO: check
+CVE-2017-17222 (Import Language Package function in Huawei eSpace 7950
V200R003C30; ...)
+ TODO: check
+CVE-2017-17221 (Import Signal Tone function in Huawei eSpace 7950 V200R003C30;
eSpace ...)
+ TODO: check
+CVE-2017-17220 (SCCPX module in Huawei DP300 V500R002C00; RP200 V500R002C00;
...)
+ TODO: check
+CVE-2017-17219 (SCCPX module in Huawei DP300 V500R002C00; RP200 V500R002C00;
...)
+ TODO: check
+CVE-2017-17218 (SCCPX module in Huawei DP300 V500R002C00; RP200 V500R002C00;
...)
+ TODO: check
+CVE-2017-17217 (Media Gateway Control Protocol (MGCP) in Huawei DP300
V500R002C00; ...)
+ TODO: check
+CVE-2017-17216 (Media Gateway Control Protocol (MGCP) in Huawei DP300
V500R002C00; ...)
+ TODO: check
CVE-2017-17215
RESERVED
CVE-2017-17214
@@ -19001,10 +19223,10 @@ CVE-2017-17202 (Huawei AR120-S V200R005C32,
V200R006C10, V200R007C00, V200R008C2
NOT-FOR-US: Huawei
CVE-2017-17201 (Some huawei smartphones with software BTV-DL09C233B350, ...)
NOT-FOR-US: Huawei
-CVE-2017-17200
- RESERVED
-CVE-2017-17199
- RESERVED
+CVE-2017-17200 (Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30
...)
+ TODO: check
+CVE-2017-17199 (Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30
...)
+ TODO: check
CVE-2017-17198
RESERVED
CVE-2017-17197
@@ -19061,14 +19283,14 @@ CVE-2017-17172
RESERVED
CVE-2017-17171
RESERVED
-CVE-2017-17170
- RESERVED
-CVE-2017-17169
- RESERVED
-CVE-2017-17168
- RESERVED
-CVE-2017-17167
- RESERVED
+CVE-2017-17170 (The CIDAM Protocol on Huawei DP300 V500R002C00;
V500R002C00B010; ...)
+ TODO: check
+CVE-2017-17169 (The CIDAM Protocol on Huawei DP300 V500R002C00;
V500R002C00B010; ...)
+ TODO: check
+CVE-2017-17168 (The CIDAM Protocol on Huawei DP300 V500R002C00;
V500R002C00B010; ...)
+ TODO: check
+CVE-2017-17167 (Huawei DP300 V500R002C00; TP3206 V100R002C00; ViewPoint 9030
...)
+ TODO: check
CVE-2017-17166 (Huawei DP300 V500R002C00, Secospace USG6300 V500R001C00,
V500R001C20, ...)
NOT-FOR-US: Huawei
CVE-2017-17165 (IPv6 function in Huawei Quidway S2700 V200R003C00SPC300,
Quidway S5300 ...)
@@ -19101,18 +19323,18 @@ CVE-2017-17152 (IKEv2 in Huawei IPS Module
V500R001C00, V500R001C00SPC200, ...)
NOT-FOR-US: Huawei
CVE-2017-17151 (Huawei AR100, AR100-S, AR110-S, AR120, AR120-S, AR1200,
AR1200-S, ...)
NOT-FOR-US: Huawei
-CVE-2017-17150
- RESERVED
-CVE-2017-17149
- RESERVED
-CVE-2017-17148
- RESERVED
-CVE-2017-17147
- RESERVED
-CVE-2017-17146
- RESERVED
-CVE-2017-17145
- RESERVED
+CVE-2017-17150 (Timergrp module in Huawei DP300 V500R002C00; RP200
V500R002C00; ...)
+ TODO: check
+CVE-2017-17149 (Huawei HiWallet App with the versions before 8.0.4 has an
arbitrary ...)
+ TODO: check
+CVE-2017-17148 (Huawei DP300 V500R002C00 have a DoS vulnerability due to the
lack of ...)
+ TODO: check
+CVE-2017-17147 (Huawei DP300 V500R002C00 have an integer overflow
vulnerability due to ...)
+ TODO: check
+CVE-2017-17146 (Huawei DP300 V500R002C00 have a buffer overflow vulnerability
due to ...)
+ TODO: check
+CVE-2017-17145 (Huawei Honor V9 Play smart phones with the versions before ...)
+ TODO: check
CVE-2017-17144 (Backup feature of SIP module in Huawei DP300 V500R002C00; ...)
NOT-FOR-US: Huawei
CVE-2017-17143 (SIP module in Huawei DP300 V500R002C00; V500R002C00SPC100; ...)
@@ -20448,16 +20670,16 @@ CVE-2018-0549
RESERVED
CVE-2018-0548
RESERVED
-CVE-2018-0547
- RESERVED
-CVE-2018-0546
- RESERVED
+CVE-2018-0547 (Cross-site scripting vulnerability in WP All Import plugin
prior to ...)
+ TODO: check
+CVE-2018-0546 (Cross-site scripting vulnerability in WP All Import plugin
prior to ...)
+ TODO: check
CVE-2018-0545
RESERVED
-CVE-2018-0544
- RESERVED
-CVE-2018-0543
- RESERVED
+CVE-2018-0544 (Untrusted search path vulnerability in WinShot 1.53a and
earlier ...)
+ TODO: check
+CVE-2018-0543 (Untrusted search path vulnerability in Jtrim 1.53c and earlier
...)
+ TODO: check
CVE-2018-0542
RESERVED
CVE-2018-0541
@@ -20492,16 +20714,16 @@ CVE-2018-0527
RESERVED
CVE-2018-0526
RESERVED
-CVE-2018-0525
- RESERVED
-CVE-2018-0524
- RESERVED
-CVE-2018-0523
- RESERVED
-CVE-2018-0522
- RESERVED
-CVE-2018-0521
- RESERVED
+CVE-2018-0525 (Directory traversal vulnerability in Jubatus 1.0.2 and earlier
allows ...)
+ TODO: check
+CVE-2018-0524 (Jubatus 1.0.2 and earlier allows remote code execution via
unspecified ...)
+ TODO: check
+CVE-2018-0523 (Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an
attacker ...)
+ TODO: check
+CVE-2018-0522 (Buffer overflow in Buffalo WXR-1900DHP2 firmware Ver.2.48 and
earlier ...)
+ TODO: check
+CVE-2018-0521 (Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an
attacker ...)
+ TODO: check
CVE-2018-0520 (Cross-site request forgery (CSRF) vulnerability in FS010W
firmware ...)
NOT-FOR-US: FS010W firmware
CVE-2018-0519 (Cross-site scripting vulnerability in FS010W firmware
FS010W_00_V1.3.0 ...)
@@ -40343,12 +40565,12 @@ CVE-2017-10856 (SEIL/X 4.60 to 5.72, SEIL/B1 4.60 to
5.72, SEIL/x86 3.20 to 5.72
NOT-FOR-US: SEIL
CVE-2017-10855 (Untrusted search path vulnerability in FENCE-Explorer for
Windows ...)
NOT-FOR-US: FENCE-Explorer for Windows
-CVE-2017-10854
- RESERVED
-CVE-2017-10853
- RESERVED
-CVE-2017-10852
- RESERVED
+CVE-2017-10854 (Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker
to ...)
+ TODO: check
+CVE-2017-10853 (Buffer overflow in Corega CG-WGR1200 firmware 2.20 and earlier
allows ...)
+ TODO: check
+CVE-2017-10852 (Buffer overflow in Corega CG-WGR1200 firmware 2.20 and earlier
allows ...)
+ TODO: check
CVE-2017-10851 (Untrusted search path vulnerability in Installer for
ContentsBridge ...)
NOT-FOR-US: Installer for ContentsBridge Utility for Windows
CVE-2017-10850 (Untrusted search path vulnerability in Installers of ART EX
Driver for ...)
@@ -71475,8 +71697,7 @@ CVE-2016-9608
REJECTED
CVE-2016-9607
REJECTED
-CVE-2016-9606
- RESERVED
+CVE-2016-9606 (JBoss RESTEasy before version 3.1.2 could be forced into
parsing a ...)
- resteasy 3.1.4-1 (bug #851430)
[jessie] - resteasy <no-dsa> (Minor issue)
- resteasy3.0 <undetermined>
@@ -71553,8 +71774,7 @@ CVE-2016-9593
CVE-2016-9592
RESERVED
NOT-FOR-US: OpenShift
-CVE-2016-9591 [Use-after-free on heap in jas_matrix_destroy]
- RESERVED
+CVE-2016-9591 (JasPer before version 2.0.12 is vulnerable to a use-after-free
in the ...)
{DSA-3827-1 DLA-920-1}
- jasper <removed>
NOTE: https://github.com/mdadams/jasper/issues/105
@@ -71587,8 +71807,7 @@ CVE-2016-9586 [printf floating point buffer overflow]
NOTE: Fixed by:
https://github.com/curl/curl/commit/3ab3c16db6a5674f53cf23d56512a405fde0b2c9
NOTE: There are no known vulnerable applications but as this is a
NOTE: library it should be fixed as we do not know the full impact.
-CVE-2016-9585
- RESERVED
+CVE-2016-9585 (Red Hat JBoss EAP version 5 is vulnerable to a deserialization
of ...)
NOT-FOR-US: JMX endpoint of Red Hat JBoss EAP 5
CVE-2016-9584 (libical allows remote attackers to cause a denial of service
...)
{DLA-959-1}
@@ -75091,8 +75310,7 @@ CVE-2016-8613
- foreman <itp> (bug #663101)
NOTE: http://projects.theforeman.org/issues/17066/
NOTE: https://github.com/theforeman/foreman_remote_execution/pull/208
-CVE-2016-8612
- RESERVED
+CVE-2016-8612 (Apache HTTP Server mod_cluster before version httpd 2.4.23 is
...)
- libapache2-mod-cluster <itp> (bug #731410)
CVE-2016-8611 [Glance Image service v1 and v2 api image-create vulnerability]
RESERVED
@@ -102819,8 +103037,8 @@ CVE-2016-0288 (IBM Security AppScan Standard 8.7.x,
8.8.x, and 9.x before 9.0.3.
NOT-FOR-US: IBM
CVE-2016-0287 (IBM i Access 7.1 on Windows allows local users to discover
registry ...)
NOT-FOR-US: IBM
-CVE-2016-0286
- RESERVED
+CVE-2016-0286 (IBM Tivoli Business Service Manager 6.1.0 before
6.1.0-TIV-BSM-FP0004 ...)
+ TODO: check
CVE-2016-0285 (Cross-site scripting (XSS) vulnerability in IBM Rational
Collaborative ...)
NOT-FOR-US: IBM
CVE-2016-0284 (The XML parser in IBM Rational Collaborative Lifecycle
Management ...)
@@ -102839,24 +103057,24 @@ CVE-2016-0278 (Heap-based buffer overflow in the
KeyView PDF filter in IBM Domin
NOT-FOR-US: IBM
CVE-2016-0277 (Heap-based buffer overflow in the KeyView PDF filter in IBM
Domino ...)
NOT-FOR-US: IBM
-CVE-2016-0276
- RESERVED
-CVE-2016-0275
- RESERVED
-CVE-2016-0274
- RESERVED
+CVE-2016-0276 (IBM Financial Transaction Manager (FTM) for ACH Services for
...)
+ TODO: check
+CVE-2016-0275 (IBM Financial Transaction Manager (FTM) for ACH Services for
...)
+ TODO: check
+CVE-2016-0274 (IBM Financial Transaction Manager (FTM) for ACH Services for
...)
+ TODO: check
CVE-2016-0273 (Cross-site scripting (XSS) vulnerability in IBM Rational
Collaborative ...)
NOT-FOR-US: IBM
-CVE-2016-0272
- RESERVED
+CVE-2016-0272 (Cross-site request forgery (CSRF) vulnerability in IBM
Financial ...)
+ TODO: check
CVE-2016-0271 (The agents in IBM UrbanCode Deploy 6.x before 6.0.1.14, 6.1.x
before ...)
NOT-FOR-US: IBM
CVE-2016-0270 (IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix
Pack 5 ...)
NOT-FOR-US: IBM
CVE-2016-0269 (Cross-site scripting (XSS) vulnerability in IBM BigFix Platform
9.x ...)
NOT-FOR-US: IBM
-CVE-2016-0268
- RESERVED
+CVE-2016-0268 (XML external entity (XXE) vulnerability in IBM Financial
Transaction ...)
+ TODO: check
CVE-2016-0267 (IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before
6.1.3.3, and ...)
NOT-FOR-US: IBM
CVE-2016-0266 (IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to
the ...)
@@ -102885,8 +103103,8 @@ CVE-2016-0255 (IBM Marketing Platform 9.1 and 10.0 is
vulnerable to stored cross
NOT-FOR-US: IBM
CVE-2016-0254 (IBM Cognos Business Intelligence 10.1 and 10.2 is vulnerable to
a ...)
NOT-FOR-US: IBM
-CVE-2016-0253
- RESERVED
+CVE-2016-0253 (Cross-site scripting (XSS) vulnerability in IBM Financial
Transaction ...)
+ TODO: check
CVE-2016-0252 (IBM Control Center 6.x before 6.0.0.1 iFix06 and Sterling
Control ...)
NOT-FOR-US: IBM
CVE-2016-0251
@@ -136401,8 +136619,7 @@ CVE-2014-6619 (Multiple cross-site scripting (XSS)
vulnerabilities in ...)
NOT-FOR-US: PizzaInn_Project Restaurant Script
CVE-2014-6618 (Cross-site scripting (XSS) vulnerability in Your Online Shop
allows ...)
NOT-FOR-US: Your Online Shop
-CVE-2014-6617
- RESERVED
+CVE-2014-6617 (Softing FG-100 PB PROFIBUS firmware version
FG-x00-PB_V2.02.0.00 ...)
NOT-FOR-US: Softing FG-100
CVE-2014-6616 (Cross-site scripting (XSS) vulnerability in Softing FG-100
PROFIBUS ...)
NOT-FOR-US: Softing FG-100
@@ -140705,8 +140922,8 @@ CVE-2014-4863 (The Arris Touchstone DG950A cable
modem with software 7.10.131 ha
NOT-FOR-US: Arris Touchstone DG950A cable modem
CVE-2014-4862 (The Netmaster CBW700N cable modem with software
81.447.392110.729.024 ...)
NOT-FOR-US: Netmaster CBW700N cable modem
-CVE-2014-4861
- RESERVED
+CVE-2014-4861 (The Remote Desktop Launcher in Thycotic Secret Server before
...)
+ TODO: check
CVE-2014-4860
RESERVED
- edk2 <not-affected> (No support for updates of hypervisor-supplied
firmware from guests)
@@ -146867,8 +147084,8 @@ CVE-2014-2594
RESERVED
CVE-2014-2593 (The management console in Aruba Networks ClearPass Policy
Manager ...)
NOT-FOR-US: Aruba Networks ClearPass Policy Manager
-CVE-2014-2592
- RESERVED
+CVE-2014-2592 (Unrestricted file upload vulnerability in Aruba Web Management
portal ...)
+ TODO: check
CVE-2014-2591 (Untrusted search path vulnerability in BMC Patrol for AIX
3.9.00 ...)
NOT-FOR-US: AIX
CVE-2014-2590 (The web management interface in Siemens RuggedCom ROS before
3.11, ROS ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/65e99cea307d2e3d0fa0da73b24141842cc0d282
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/65e99cea307d2e3d0fa0da73b24141842cc0d282
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
