Author: sectracker
Date: 2017-10-03 21:10:13 +0000 (Tue, 03 Oct 2017)
New Revision: 56385
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-03 21:01:02 UTC (rev 56384)
+++ data/CVE/list 2017-10-03 21:10:13 UTC (rev 56385)
@@ -1,3 +1,31 @@
+CVE-2017-15011 (The named pipes in qtsingleapp in Qt 5.x, as used in
qBittorrent and ...)
+ TODO: check
+CVE-2017-15010 (A ReDoS (regular expression denial of service) flaw was found
in the ...)
+ TODO: check
+CVE-2017-15009 (PRTG Network Monitor version 17.3.33.2830 is vulnerable to
reflected ...)
+ TODO: check
+CVE-2017-15008 (PRTG Network Monitor version 17.3.33.2830 is vulnerable to
stored ...)
+ TODO: check
+CVE-2017-15007
+ RESERVED
+CVE-2017-15006
+ RESERVED
+CVE-2017-15005
+ RESERVED
+CVE-2017-15004
+ RESERVED
+CVE-2017-15003
+ RESERVED
+CVE-2017-15002
+ RESERVED
+CVE-2017-15001
+ RESERVED
+CVE-2017-15000
+ RESERVED
+CVE-2017-14999
+ RESERVED
+CVE-2017-14998
+ RESERVED
CVE-2017-14997 (GraphicsMagick 1.3.26 allows remote attackers to cause a
denial of ...)
- graphicsmagick <unfixed>
NOTE:
https://sourceforge.net/p/graphicsmagick/code/ci/0683f8724200495059606c03f04e0d589b33ebe8/
@@ -5524,7 +5552,7 @@
RESERVED
CVE-2017-12884
RESERVED
-CVE-2017-12883 (Buffer overflow in the regular expression parser in PERL
before ...)
+CVE-2017-12883 (Buffer overflow in the S_grok_bslash_N function in regcomp.c
in Perl 5 ...)
{DSA-3982-1}
- perl 5.26.0-8 (bug #875597)
[wheezy] - perl <not-affected> (Vulnerable code introduced later)
@@ -6171,7 +6199,7 @@
RESERVED
CVE-2017-12838 (Cross-site request forgery (CSRF) vulnerability in NexusPHP
1.5 allows ...)
NOT-FOR-US: NexusPHP
-CVE-2017-12837 (Heap-based buffer overflow in the regular expression compiler
in PERL ...)
+CVE-2017-12837 (Heap-based buffer overflow in the S_regatom function in
regcomp.c in ...)
{DSA-3982-1}
- perl 5.26.0-8 (bug #875596)
[wheezy] - perl <not-affected> (Vulnerable code introduced after 5.14.4)
@@ -6205,16 +6233,16 @@
RESERVED
CVE-2017-12823
RESERVED
-CVE-2017-12822
- RESERVED
-CVE-2017-12821
- RESERVED
-CVE-2017-12820
- RESERVED
-CVE-2017-12819
- RESERVED
-CVE-2017-12818
- RESERVED
+CVE-2017-12822 (Remote enabling and disabling admin interface in Gemalto's
HASP SRM, ...)
+ TODO: check
+CVE-2017-12821 (Memory corruption in Gemalto's HASP SRM, Sentinel HASP and
Sentinel ...)
+ TODO: check
+CVE-2017-12820 (Arbitrary memory read from controlled memory pointer in
Gemalto's HASP ...)
+ TODO: check
+CVE-2017-12819 (Remote manipulations with language pack updater lead to
NTLM-relay ...)
+ TODO: check
+CVE-2017-12818 (Stack overflow in custom XML-parser in Gemalto's HASP SRM,
Sentinel ...)
+ TODO: check
CVE-2017-12817 (In Kaspersky Internet Security for Android 11.12.4.1622, some
of the ...)
NOT-FOR-US: Kaspersky Internet Security for Android
CVE-2017-12816 (In Kaspersky Internet Security for Android 11.12.4.1622, some
of ...)
@@ -6768,8 +6796,7 @@
RESERVED
CVE-2017-12618
RESERVED
-CVE-2017-12617
- RESERVED
+CVE-2017-12617 (When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0
to ...)
- tomcat7 <not-affected> (Windows-specific)
CVE-2017-12616 (When using a VirtualDirContext with Apache Tomcat 7.0.0 to
7.0.80 it ...)
{DLA-1108-1}
@@ -7854,8 +7881,7 @@
CVE-2017-12167
RESERVED
TODO: check, possibly Red Hat specific issue
-CVE-2017-12166 [remote buffer overflow]
- RESERVED
+CVE-2017-12166 (OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are
vulnerable to ...)
- openvpn <unfixed> (bug #877089)
[stretch] - openvpn <no-dsa> (Minor issue)
[jessie] - openvpn <no-dsa> (Minor issue)
@@ -38972,8 +38998,8 @@
RESERVED
CVE-2017-1542
RESERVED
-CVE-2017-1541
- RESERVED
+CVE-2017-1541 (A flaw in the AIX 5.3, 6.1, 7.1, and 7.2 JRE/SDK installp and
updatep ...)
+ TODO: check
CVE-2017-1540
RESERVED
CVE-2017-1539 (IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to
...)
@@ -39802,8 +39828,8 @@
NOT-FOR-US: IBM
CVE-2017-1127 (IBM Rational DOORS Next Generation 4.0, 5.0 and 6.0 is
vulnerable to ...)
NOT-FOR-US: IBM
-CVE-2017-1126
- RESERVED
+CVE-2017-1126 (IBM WebSphere Message Broker (IBM Integration Bus 9.0 and 10.0)
could ...)
+ TODO: check
CVE-2017-1125 (IBM Cognos Analytics 10.1 and 10.2 could allow a local user to
craft a ...)
NOT-FOR-US: IBM
CVE-2017-1124 (IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a
local ...)
@@ -195416,7 +195442,7 @@
NOT-FOR-US: aspWebAlbum
CVE-2008-6977 (Cross-site scripting (XSS) vulnerability in album.asp in Full
...)
NOT-FOR-US: aspWebAlbum
-CVE-2008-6976 (MicroTik RouterOS 3.x through 3.13 and 2.x through 2.9.51
allows ...)
+CVE-2008-6976 (MikroTik RouterOS 3.x through 3.13 and 2.x through 2.9.51
allows ...)
NOT-FOR-US: MicroTik RouterOS
CVE-2009-2778 (Cross-site scripting (XSS) vulnerability in visitor/view.php in
...)
NOT-FOR-US: GarageSales script
@@ -217813,7 +217839,7 @@
NOT-FOR-US: Wordspew plugin for Wordpress
CVE-2008-0681 (SQL injection vulnerability in index.php in PHPShop 0.8.1
allows ...)
NOT-FOR-US: PHPShop
-CVE-2008-0680 (SNMPd in MicroTik RouterOS 3.2 and earlier allows remote
attackers to ...)
+CVE-2008-0680 (SNMPd in MikroTik RouterOS 3.2 and earlier allows remote
attackers to ...)
NOT-FOR-US: MicroTik RouterOS
CVE-2008-0679 (Cross-site scripting (XSS) vulnerability in index.php in
BlogPHP 2.0 ...)
NOT-FOR-US: BlogPHP
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
