Author: sectracker
Date: 2017-10-19 09:10:14 +0000 (Thu, 19 Oct 2017)
New Revision: 56858
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-19 08:07:28 UTC (rev 56857)
+++ data/CVE/list 2017-10-19 09:10:14 UTC (rev 56858)
@@ -1,3 +1,79 @@
+CVE-2017-15637
+ RESERVED
+CVE-2017-15636
+ RESERVED
+CVE-2017-15635
+ RESERVED
+CVE-2017-15634
+ RESERVED
+CVE-2017-15633
+ RESERVED
+CVE-2017-15632
+ RESERVED
+CVE-2017-15631
+ RESERVED
+CVE-2017-15630
+ RESERVED
+CVE-2017-15629
+ RESERVED
+CVE-2017-15628
+ RESERVED
+CVE-2017-15627
+ RESERVED
+CVE-2017-15626
+ RESERVED
+CVE-2017-15625
+ RESERVED
+CVE-2017-15624
+ RESERVED
+CVE-2017-15623
+ RESERVED
+CVE-2017-15622
+ RESERVED
+CVE-2017-15621
+ RESERVED
+CVE-2017-15620
+ RESERVED
+CVE-2017-15619
+ RESERVED
+CVE-2017-15618
+ RESERVED
+CVE-2017-15617
+ RESERVED
+CVE-2017-15616
+ RESERVED
+CVE-2017-15615
+ RESERVED
+CVE-2017-15614
+ RESERVED
+CVE-2017-15613
+ RESERVED
+CVE-2017-15612 (mistune.py in Mistune 0.7.4 allows XSS via an unexpected
newline (such ...)
+ TODO: check
+CVE-2017-15611 (In Octopus before 3.17.7, an authenticated user who was
explicitly ...)
+ TODO: check
+CVE-2017-15610 (An issue was discovered in Octopus before 3.17.7. When the
special ...)
+ TODO: check
+CVE-2017-15609 (Octopus before 3.17.7 allows attackers to obtain sensitive
cleartext ...)
+ TODO: check
+CVE-2017-15608
+ RESERVED
+CVE-2017-15607
+ RESERVED
+CVE-2017-15606
+ RESERVED
+CVE-2017-15605
+ RESERVED
+CVE-2017-15604
+ RESERVED
+CVE-2017-15603
+ RESERVED
+CVE-2017-15602 (In GNU Libextractor 1.4, there is an integer signedness error
for the ...)
+ TODO: check
+CVE-2017-15601 (In GNU Libextractor 1.4, there is a heap-based buffer overflow
in the ...)
+ TODO: check
+CVE-2017-15600 (In GNU Libextractor 1.4, there is a NULL Pointer Dereference
in the ...)
+ TODO: check
CVE-2017-15599
RESERVED
CVE-2017-15598
@@ -743,6 +819,7 @@
CVE-2017-15282
RESERVED
CVE-2017-15281 (ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows
remote ...)
+ {DLA-1139-1}
- imagemagick <unfixed> (low; bug #878579)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/832
NOTE: ImageMagick-6:
https://github.com/ImageMagick/ImageMagick/commit/e9d1c2adae866861a291535997b2263f26becb1e
@@ -754,6 +831,7 @@
CVE-2017-15278 (Cross-Site Scripting (XSS) was discovered in TeamPass before
2.1.27.9. ...)
NOT-FOR-US: TeamPass
CVE-2017-15277 (ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and
GraphicsMagick ...)
+ {DLA-1140-1 DLA-1139-1}
- imagemagick <unfixed> (bug #878578)
- graphicsmagick 1.3.26-14
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/9fd10cf630832b36a588c1545d8736539b2f1fb5
@@ -1276,6 +1354,7 @@
NOTE: https://pagure.io/koji/issue/563
NOTE: https://pagure.io/koji/c/ba7b5a3cbed11ade11c3af5e834c9a6de4f6d7c3
CVE-2017-1000256 [LSN-2017-0002: TLS certificate verification disabled for
clients]
+ RESERVED
- libvirt 3.8.0-3 (bug #878799)
[jessie] - libvirt <not-affected> (Vulnerable code introduced later)
[wheezy] - libvirt <not-affected> (Vulnerable code introduced later)
@@ -3356,6 +3435,7 @@
- linux 4.12.13-1
NOTE: Fixed by:
https://git.kernel.org/linus/b31ff3cdf540110da4572e3e29bd172087af65cc
CVE-2017-14339 (The DNS packet parser in YADIFA before 2.2.6 does not check
for the ...)
+ {DSA-4001-1}
- yadifa 2.2.6-1 (bug #876315)
NOTE: https://www.tarlogic.com/blog/fuzzing-yadifa-dns/
NOTE: https://github.com/yadifa/yadifa/blob/v2.2.6/ChangeLog
@@ -5037,6 +5117,7 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484297
NOTE: Proposed fix via pull request:
https://github.com/liblouis/liblouis/pull/393/commits/edf8ee00197e5a9b062554bdca00fe1617d257a4
CVE-2017-13737 (There is an invalid free in the MagickFree function in
magick/memory.c ...)
+ {DLA-1140-1}
- graphicsmagick 1.3.26-15 (low; bug #878511)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484196
NOTE: Fixed by:
http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/3db9449e3d6a/
@@ -9273,42 +9354,42 @@
RESERVED
CVE-2017-12302
RESERVED
-CVE-2017-12301
- RESERVED
+CVE-2017-12301 (A vulnerability in the Python scripting subsystem of Cisco
NX-OS ...)
+ TODO: check
CVE-2017-12300
RESERVED
CVE-2017-12299
RESERVED
-CVE-2017-12298
- RESERVED
+CVE-2017-12298 (A vulnerability in Cisco WebEx Meeting Center could allow an
...)
+ TODO: check
CVE-2017-12297
RESERVED
-CVE-2017-12296
- RESERVED
+CVE-2017-12296 (A vulnerability in Cisco WebEx Meetings Server could allow an
...)
+ TODO: check
CVE-2017-12295
RESERVED
CVE-2017-12294
RESERVED
-CVE-2017-12293
- RESERVED
+CVE-2017-12293 (A vulnerability in Cisco WebEx Meetings Server could allow an
...)
+ TODO: check
CVE-2017-12292
RESERVED
CVE-2017-12291
RESERVED
CVE-2017-12290
RESERVED
-CVE-2017-12289
- RESERVED
-CVE-2017-12288
- RESERVED
-CVE-2017-12287
- RESERVED
-CVE-2017-12286
- RESERVED
-CVE-2017-12285
- RESERVED
-CVE-2017-12284
- RESERVED
+CVE-2017-12289 (A vulnerability in conditional, verbose debug logging for the
IPsec ...)
+ TODO: check
+CVE-2017-12288 (A vulnerability in the web-based management interface of Cisco
Unified ...)
+ TODO: check
+CVE-2017-12287 (A vulnerability in the cluster database (CDB) management
component of ...)
+ TODO: check
+CVE-2017-12286 (A vulnerability in the web interface of Cisco Jabber could
allow an ...)
+ TODO: check
+CVE-2017-12285 (A vulnerability in the web interface of Cisco Network Analysis
Module ...)
+ TODO: check
+CVE-2017-12284 (A vulnerability in the web interface of Cisco Jabber for
Windows Client ...)
+ TODO: check
CVE-2017-12283
RESERVED
CVE-2017-12282
@@ -9331,10 +9412,10 @@
RESERVED
CVE-2017-12273
RESERVED
-CVE-2017-12272
- RESERVED
-CVE-2017-12271
- RESERVED
+CVE-2017-12272 (A vulnerability in the web framework code of Cisco IOS XE
Software ...)
+ TODO: check
+CVE-2017-12271 (A vulnerability in Cisco SPA300 and SPA500 Series IP Phones
could allow ...)
+ TODO: check
CVE-2017-12270 (A vulnerability in the gRPC code of Cisco IOS XR Software for
Cisco ...)
NOT-FOR-US: Cisco
CVE-2017-12269 (A vulnerability in the web UI of Cisco Spark Messaging
Software could ...)
@@ -9355,10 +9436,10 @@
RESERVED
CVE-2017-12261
RESERVED
-CVE-2017-12260
- RESERVED
-CVE-2017-12259
- RESERVED
+CVE-2017-12260 (A vulnerability in the implementation of Session Initiation
Protocol ...)
+ TODO: check
+CVE-2017-12259 (A vulnerability in the implementation of Session Initiation
Protocol ...)
+ TODO: check
CVE-2017-12258 (A vulnerability in the web-based UI of Cisco Unified
Communications ...)
NOT-FOR-US: Cisco
CVE-2017-12257 (A vulnerability in the web framework of Cisco WebEx Meetings
Server ...)
@@ -9373,8 +9454,8 @@
NOT-FOR-US: Cisco
CVE-2017-12252 (A vulnerability in the Cisco FindIT Network Discovery Utility
could ...)
NOT-FOR-US: Cisco
-CVE-2017-12251
- RESERVED
+CVE-2017-12251 (A vulnerability in the web console of the Cisco Cloud Services
Platform ...)
+ TODO: check
CVE-2017-12250 (A vulnerability in the HTTP web interface for Cisco Wide Area
...)
NOT-FOR-US: Cisco
CVE-2017-12249 (A vulnerability in the Traversal Using Relay NAT (TURN) server
included ...)
@@ -22322,7 +22403,7 @@
- firefox 55.0-1
CVE-2017-7805
RESERVED
- {DSA-3998-1 DSA-3987-1 DLA-1118-1}
+ {DSA-3998-1 DSA-3987-1 DLA-1138-1 DLA-1118-1}
- firefox 56.0-1
- firefox-esr 52.4.0esr-2
- icedove <unfixed>
@@ -34607,8 +34688,8 @@
NOT-FOR-US: Cisco
CVE-2017-3884 (A vulnerability in the web interface of Cisco Prime
Infrastructure and ...)
NOT-FOR-US: Cisco
-CVE-2017-3883
- RESERVED
+CVE-2017-3883 (A vulnerability in the authentication, authorization, and
accounting ...)
+ TODO: check
CVE-2017-3882 (A vulnerability in the Universal Plug-and-Play (UPnP)
implementation in ...)
NOT-FOR-US: Cisco
CVE-2017-3881 (A vulnerability in the Cisco Cluster Management Protocol (CMP)
...)
@@ -80580,8 +80661,8 @@
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=946204
NOTE: http://www.spinics.net/lists/linux-nfs/msg53045.html
NOTE: http://www.openwall.com/lists/oss-security/2015/09/17/1
-CVE-2015-6961
- RESERVED
+CVE-2015-6961 (Open redirect vulnerability in gluon/tools.py in Web2py 2.9.11
allows ...)
+ TODO: check
CVE-2015-6960
RESERVED
CVE-2015-6959 (Cross-site scripting (XSS) vulnerability in Vindula 1.9. ...)
@@ -83664,15 +83745,13 @@
[wheezy] - golang <no-dsa> (Minor issue)
NOTE:
https://github.com/golang/go/commit/300d9a21583e7cf0149a778a0611e76ff7c6680f
NOTE:
https://github.com/golang/go/commit/143822585e32449860e624cace9d2e521deee62e
-CVE-2015-5740 [RFC 7230 3.3.3 4 violation]
- RESERVED
+CVE-2015-5740 (The net/http library in net/http/transfer.go in Go before 1.4.3
does ...)
- golang 2:1.4.2-4 (bug #795106)
[jessie] - golang <no-dsa> (Minor issue)
[wheezy] - golang <no-dsa> (Minor issue)
NOTE:
https://github.com/golang/go/commit/300d9a21583e7cf0149a778a0611e76ff7c6680f
NOTE:
https://github.com/golang/go/commit/143822585e32449860e624cace9d2e521deee62e
-CVE-2015-5739 [Invalid headers are parsed as valid headers]
- RESERVED
+CVE-2015-5739 (The net/http library in net/textproto/reader.go in Go before
1.4.3 ...)
- golang 2:1.4.2-4 (bug #795106)
[jessie] - golang <no-dsa> (Minor issue)
[wheezy] - golang <no-dsa> (Minor issue)
@@ -84736,8 +84815,8 @@
- elasticsearch 1.6.1+dfsg-1 (bug #792617)
[jessie] - elasticsearch <end-of-life> (No longer supported, see DSA
3389)
NOTE:
https://www.elastic.co/blog/elasticsearch-1-7-0-and-1-6-1-released#security
-CVE-2015-5376
- RESERVED
+CVE-2015-5376 (SQL injection vulnerability in the login form in GSI WiNPAT
Portal ...)
+ TODO: check
CVE-2015-5375 (Cross-site scripting (XSS) vulnerability in unspecified dialogs
for ...)
NOT-FOR-US: Open-Xchange
CVE-2015-5374 (The EN100 module with firmware before 4.25 for Siemens SIPROTEC
4 and ...)
@@ -85401,8 +85480,8 @@
CVE-2015-5228 (The service daemon in CRIU creates log and dump files
insecurely, ...)
- criu 1.8-2 (bug #797111)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1255782
-CVE-2015-5227
- RESERVED
+CVE-2015-5227 (The Landing Pages plugin before 1.9.2 for WordPress allows
remote ...)
+ TODO: check
CVE-2015-5226
REJECTED
CVE-2015-5225 (Buffer overflow in the vnc_refresh_server_surface function in
the VNC ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
