Author: sectracker
Date: 2017-10-03 09:10:13 +0000 (Tue, 03 Oct 2017)
New Revision: 56375
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-03 07:56:37 UTC (rev 56374)
+++ data/CVE/list 2017-10-03 09:10:13 UTC (rev 56375)
@@ -1,3 +1,19 @@
+CVE-2017-14997 (GraphicsMagick 1.3.26 allows remote attackers to cause a
denial of ...)
+ TODO: check
+CVE-2017-14996
+ RESERVED
+CVE-2017-14995 (The Management Console in WSO2 Application Server 5.3.0, WSO2
Business ...)
+ TODO: check
+CVE-2017-14994 (ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows
remote ...)
+ TODO: check
+CVE-2017-14993
+ RESERVED
+CVE-2017-14992
+ RESERVED
+CVE-2017-14991 (The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel
before ...)
+ TODO: check
+CVE-2017-14758 (OpenText Document Sciences xPression (formerly EMC Document
Sciences ...)
+ TODO: check
CVE-2017-14990 (WordPress 4.8.2 stores cleartext wp_signups.activation_key
values (but ...)
- wordpress <unfixed>
NOTE: https://core.trac.wordpress.org/ticket/38474
@@ -395,8 +411,8 @@
- nodejs <not-affected> (Vulnerable code introduced in 8.5.0)
NOTE:
https://nodejs.org/en/blog/vulnerability/september-2017-path-validation/
NOTE: https://twitter.com/nodejs/status/913131152868876288
-CVE-2017-14848
- RESERVED
+CVE-2017-14848 (WPHRM Human Resource Management System for WordPress 1.0
allows SQL ...)
+ TODO: check
CVE-2017-14847 (Mojoomla WPAMS Apartment Management System for WordPress
allows SQL ...)
NOT-FOR-US: Mojoomla WPAMS Apartment Management System for WordPress
CVE-2017-14846 (Mojoomla Hospital Management System for WordPress allows SQL
Injection ...)
@@ -545,14 +561,14 @@
NOT-FOR-US: Laravel
CVE-2017-14774
RESERVED
-CVE-2017-14773
- RESERVED
-CVE-2017-14772
- RESERVED
-CVE-2017-14771
- RESERVED
-CVE-2017-14770
- RESERVED
+CVE-2017-14773 (Skybox Manager Client Application prior to 8.5.501 is prone to
an ...)
+ TODO: check
+CVE-2017-14772 (Skybox Manager Client Application is prone to information
disclosure ...)
+ TODO: check
+CVE-2017-14771 (Skybox Manager Client Application prior to 8.5.501 is prone to
an ...)
+ TODO: check
+CVE-2017-14770 (Skybox Manager Client Application prior to 8.5.501 is prone to
an ...)
+ TODO: check
CVE-2017-14769
RESERVED
CVE-2017-14768
@@ -1307,40 +1323,34 @@
[jessie] - linux <not-affected> (Vulnerable code not present)
[wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: Fixed by:
https://git.kernel.org/linus/edbd58be15a957f6a760c4a514cd475217eb97fd (v4.13)
-CVE-2017-14496
- RESERVED
+CVE-2017-14496 (Integer underflow in the add_pseudoheader function in dnsmasq
before ...)
- dnsmasq 2.78-1
[stretch] - dnsmasq 2.76-5+deb9u1
[jessie] - dnsmasq <not-affected> (Vulnerable code introduced later)
NOTE:
https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
NOTE:
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=897c113fda0886a28a986cc6ba17bb93bd6cb1c7
-CVE-2017-14495
- RESERVED
+CVE-2017-14495 (Memory leak in dnsmasq before 2.78, when the --add-mac,
--add-cpe-id ...)
- dnsmasq 2.78-1
[stretch] - dnsmasq 2.76-5+deb9u1
[jessie] - dnsmasq <not-affected> (Vulnerable code introduced later)
NOTE:
https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
NOTE:
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=51eadb692a5123b9838e5a68ecace3ac579a3a45
-CVE-2017-14494
- RESERVED
+CVE-2017-14494 (dnsmasq before 2.78, when configured as a relay, allows remote
...)
{DSA-3989-1}
- dnsmasq 2.78-1
NOTE:
https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
NOTE:
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=33e3f1029c9ec6c63e430ff51063a6301d4b2262
-CVE-2017-14493
- RESERVED
+CVE-2017-14493 (Stack-based buffer overflow in dnsmasq before 2.78 allows
remote ...)
{DSA-3989-1}
- dnsmasq 2.78-1
NOTE:
https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
NOTE:
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=3d4ff1ba8419546490b464418223132529514033
-CVE-2017-14492
- RESERVED
+CVE-2017-14492 (Heap-based buffer overflow in dnsmasq before 2.78 allows
remote ...)
{DSA-3989-1}
- dnsmasq 2.78-1
NOTE:
https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
NOTE:
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=24036ea507862c7b7898b68289c8130f85599c10
-CVE-2017-14491
- RESERVED
+CVE-2017-14491 (Heap-based buffer overflow in dnsmasq before 2.78 allows
remote ...)
{DSA-3989-1}
- dnsmasq 2.78-1
NOTE:
https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
@@ -3550,8 +3560,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2017/08/27/1
CVE-2017-13705
RESERVED
-CVE-2017-13704 [Size parameter overflow via large DNS query]
- RESERVED
+CVE-2017-13704 (In dnsmasq before 2.78, if the DNS packet size does not match
the ...)
- dnsmasq 2.78-1 (bug #877102)
[stretch] - dnsmasq <not-affected> (Vulnerable code not present;
Upstream: Regression introduced in 2.77)
[jessie] - dnsmasq <not-affected> (Vulnerable code not present;
Upstream: Regression introduced in 2.77)
@@ -6707,10 +6716,10 @@
- imagemagick 8:6.9.7.4+dfsg-15 (bug #870106)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/542
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/78d4c5db50fbab0b4beb69c46c6167f2c6513dec
-CVE-2017-12639
- RESERVED
-CVE-2017-12638
- RESERVED
+CVE-2017-12639 (Stack based buffer overflow in Ipswitch IMail server up to and
...)
+ TODO: check
+CVE-2017-12638 (Stack based buffer overflow in Ipswitch IMail server up to and
...)
+ TODO: check
CVE-2017-12637 (Directory traversal vulnerability in ...)
NOT-FOR-US: SAP
CVE-2017-12636
@@ -9715,12 +9724,12 @@
- nodejs 4.8.4~dfsg-1 (bug #868162; unimportant)
NOTE: https://nodejs.org/en/blog/release/v6.11.1/
NOTE: https://nodejs.org/en/blog/release/v4.8.4/
-CVE-2017-11498
- RESERVED
-CVE-2017-11497
- RESERVED
-CVE-2017-11496
- RESERVED
+CVE-2017-11498 (Buffer overflow in hasplms in Gemalto ACC (Admin Control
Center), all ...)
+ TODO: check
+CVE-2017-11497 (Stack buffer overflow in hasplms in Gemalto ACC (Admin Control
...)
+ TODO: check
+CVE-2017-11496 (Stack buffer overflow in hasplms in Gemalto ACC (Admin Control
...)
+ TODO: check
CVE-2017-11495 (PHICOMM K2(PSG1218) devices V22.5.11.5 and earlier allow ...)
NOT-FOR-US: PHICOMM
CVE-2017-11494 (SQL injection vulnerability in SOL.Connect ISET-mpp meter
1.2.4.2 and ...)
@@ -12913,8 +12922,8 @@
- libstruts1.2-java <removed>
[wheezy] - libstruts1.2-java <not-affected> (vulnerable code not
present)
NOTE: https://struts.apache.org/docs/s2-051.html
-CVE-2017-9792
- RESERVED
+CVE-2017-9792 (In Apache Impala (incubating) before 2.10.0, a malicious user
with ...)
+ TODO: check
CVE-2017-9791 (The Struts 1 plugin in Apache Struts 2.3.x might allow remote
code ...)
- libstruts1.2-java <not-affected> (Vulnerable code not present)
NOTE: Issue is specific to Struts 2.x.
@@ -19537,10 +19546,10 @@
NOT-FOR-US: Tenable Appliance
CVE-2017-8049
RESERVED
-CVE-2017-8048
- RESERVED
-CVE-2017-8047
- RESERVED
+CVE-2017-8048 (In Cloud Foundry capi-release versions 1.33.0 and later, prior
to ...)
+ TODO: check
+CVE-2017-8047 (In Cloud Foundry router routing-release all versions prior to
v0.163.0 ...)
+ TODO: check
CVE-2017-8046
RESERVED
CVE-2017-8045
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
