Author: sectracker
Date: 2017-10-17 21:10:15 +0000 (Tue, 17 Oct 2017)
New Revision: 56787
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-17 20:45:06 UTC (rev 56786)
+++ data/CVE/list 2017-10-17 21:10:15 UTC (rev 56787)
@@ -1,3 +1,51 @@
+CVE-2017-15538 (Stored XSS vulnerability in the Media Objects component of
ILIAS before ...)
+ TODO: check
+CVE-2017-15536
+ RESERVED
+CVE-2017-15535
+ RESERVED
+CVE-2017-15534
+ RESERVED
+CVE-2017-15533
+ RESERVED
+CVE-2017-15532
+ RESERVED
+CVE-2017-15531
+ RESERVED
+CVE-2017-15530
+ RESERVED
+CVE-2017-15529
+ RESERVED
+CVE-2017-15528
+ RESERVED
+CVE-2017-15527
+ RESERVED
+CVE-2017-15526
+ RESERVED
+CVE-2017-15525
+ RESERVED
+CVE-2017-15524
+ RESERVED
+CVE-2017-15523
+ RESERVED
+CVE-2017-15522
+ RESERVED
+CVE-2017-15521
+ RESERVED
+CVE-2017-15520
+ RESERVED
+CVE-2017-15519
+ RESERVED
+CVE-2017-15518
+ RESERVED
+CVE-2017-15517
+ RESERVED
+CVE-2017-15516
+ RESERVED
+CVE-2017-15515
+ RESERVED
+CVE-2017-15514
+ RESERVED
CVE-2017-XXXX [Multiple XSS vulnerabilities]
- redmine <unfixed>
NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
@@ -41,7 +89,7 @@
- redmine 3.2.3-1
NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
NOTE: upstream fixed in 3.2.3
-CVE-2017-15537 [x86/fpu: Don't let userspace set bogus xcomp_bv]
+CVE-2017-15537 (The x86/fpu (Floating Point Unit) subsystem in the Linux
kernel before ...)
- linux <unfixed>
[jessie] - linux <not-affected> (Vulnerable code introduced later)
[wheezy] - linux <not-affected> (Vulnerable code introduced later)
@@ -6315,25 +6363,21 @@
RESERVED
CVE-2017-13089
RESERVED
-CVE-2017-13088
- RESERVED
+CVE-2017-13088 (Wi-Fi Protected Access (WPA and WPA2) that support 802.11v
allows ...)
{DSA-3999-1}
- wpa 2:2.4-1.1
NOTE: https://w1.fi/security/2017-1/
-CVE-2017-13087
- RESERVED
+CVE-2017-13087 (Wi-Fi Protected Access (WPA and WPA2) that support 802.11v
allows ...)
{DSA-3999-1}
- wpa 2:2.4-1.1
NOTE: https://w1.fi/security/2017-1/
-CVE-2017-13086
- RESERVED
+CVE-2017-13086 (Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of
the ...)
{DSA-3999-1}
- wpa 2:2.4-1.1
NOTE: https://w1.fi/security/2017-1/
CVE-2017-13085
RESERVED
-CVE-2017-13084
- RESERVED
+CVE-2017-13084 (Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of
the ...)
- wpa <unfixed> (unimportant)
NOTE: From
https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
NOTE: As far as the related CVE-2017-13084 (reinstallation of the STK
key in
@@ -6344,28 +6388,23 @@
NOTE: for IEEE 802.11e DLS is obsolete and not known to have been
deployed.
CVE-2017-13083
RESERVED
-CVE-2017-13082
- RESERVED
+CVE-2017-13082 (Wi-Fi Protected Access (WPA and WPA2) that supports IEEE
802.11r ...)
{DSA-3999-1}
- wpa 2:2.4-1.1
NOTE: https://w1.fi/security/2017-1/
-CVE-2017-13081
- RESERVED
+CVE-2017-13081 (Wi-Fi Protected Access (WPA and WPA2) that supports IEEE
802.11w ...)
{DSA-3999-1}
- wpa 2:2.4-1.1
NOTE: https://w1.fi/security/2017-1/
-CVE-2017-13080
- RESERVED
+CVE-2017-13080 (Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of
the ...)
{DSA-3999-1}
- wpa 2:2.4-1.1
NOTE: https://w1.fi/security/2017-1/
-CVE-2017-13079
- RESERVED
+CVE-2017-13079 (Wi-Fi Protected Access (WPA and WPA2) that supports IEEE
802.11w ...)
{DSA-3999-1}
- wpa 2:2.4-1.1
NOTE: https://w1.fi/security/2017-1/
-CVE-2017-13078
- RESERVED
+CVE-2017-13078 (Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of
the ...)
{DSA-3999-1}
- wpa 2:2.4-1.1
NOTE: https://w1.fi/security/2017-1/
@@ -7585,9 +7624,9 @@
{DLA-1117-1}
- opencv <unfixed> (bug #875342)
NOTE: https://github.com/opencv/opencv/issues/9370
-CVE-2017-12861 (The Epson "EasyMP" software (tested on version 2.86)
is designed to ...)
+CVE-2017-12861 (The Epson "EasyMP" software is designed to remotely
stream a users ...)
NOT-FOR-US: Epson "EasyMP"
-CVE-2017-12860 (The Epson "EasyMP" software (tested on version 2.86)
is designed to ...)
+CVE-2017-12860 (The Epson "EasyMP" software is designed to remotely
stream a users ...)
NOT-FOR-US: Epson "EasyMP"
CVE-2017-12859 (NetApp Data ONTAP before 8.2.5, when operating in 7-Mode in
NFS ...)
NOT-FOR-US: NetApp
@@ -19153,8 +19192,7 @@
RESERVED
CVE-2017-8806
RESERVED
-CVE-2017-8805 [Unsafe symlinks not filtered in Debian mirror script ftpsync]
- RESERVED
+CVE-2017-8805 (Debian ftpsync before 20171017 does not use the rsync
--safe-links ...)
- archvsync 20171017
NOTE: http://www.openwall.com/lists/oss-security/2017/10/17/2
NOTE:
https://anonscm.debian.org/cgit/mirror/archvsync.git/commit/?id=d1ca2ab2210990b6dfb664cd6776a41b71c48016
@@ -27189,8 +27227,8 @@
RESERVED
CVE-2017-6274
RESERVED
-CVE-2017-6273
- RESERVED
+CVE-2017-6273 (NVIDIA ADSP Firmware contains a vulnerability in the ADSP
Loader ...)
+ TODO: check
CVE-2017-6272 (NVIDIA GPU Display Driver contains a vulnerability in the
kernel mode ...)
[experimental] - nvidia-graphics-drivers 384.90-1
- nvidia-graphics-drivers <unfixed> (bug #876414)
@@ -29545,8 +29583,8 @@
RESERVED
CVE-2017-5532
RESERVED
-CVE-2017-5531
- RESERVED
+CVE-2017-5531 (Deployments of TIBCO Managed File Transfer Command Center
versions ...)
+ TODO: check
CVE-2017-5530
RESERVED
CVE-2017-5529 (JasperReports library components contain an information
disclosure ...)
@@ -34486,14 +34524,14 @@
NOT-FOR-US: Lenovo LXCA
CVE-2017-3762
RESERVED
-CVE-2017-3761
- RESERVED
-CVE-2017-3760
- RESERVED
-CVE-2017-3759
- RESERVED
-CVE-2017-3758
- RESERVED
+CVE-2017-3761 (The Lenovo Service Framework Android application executes some
system ...)
+ TODO: check
+CVE-2017-3760 (The Lenovo Service Framework Android application uses a set of
...)
+ TODO: check
+CVE-2017-3759 (The Lenovo Service Framework Android application accepts some
...)
+ TODO: check
+CVE-2017-3758 (Improper access controls on several Android components in the
Lenovo ...)
+ TODO: check
CVE-2017-3757 (An unquoted service path vulnerability was identified in the
driver ...)
NOT-FOR-US: Lenovo
CVE-2017-3756 (A privilege escalation vulnerability was identified in Lenovo
Active ...)
@@ -77836,8 +77874,8 @@
NOT-FOR-US: vBulletin
CVE-2015-7807
RESERVED
-CVE-2015-7806
- RESERVED
+CVE-2015-7806 (Eval injection vulnerability in the fm_saveHelperGatherItems
function ...)
+ TODO: check
CVE-2015-7805 (Heap-based buffer overflow in libsndfile 1.0.25 allows remote
...)
{DLA-928-1 DLA-356-1}
- libsndfile 1.0.25-10 (bug #804445)
@@ -87143,8 +87181,8 @@
RESERVED
CVE-2015-4458 (The TLS implementation in the Cavium cryptographic-module
firmware, as ...)
NOT-FOR-US: Cisco
-CVE-2014-9733
- RESERVED
+CVE-2014-9733 (nw.js before 0.11.5 can simulate user input events in a normal
frame, ...)
+ TODO: check
CVE-2015-4603 (The exception::getTraceAsString function in
Zend/zend_exceptions.c in ...)
- php5 5.6.9+dfsg-1
[jessie] - php5 5.6.9+dfsg-0+deb8u1
@@ -93682,8 +93720,8 @@
NOTE: Fixed by https://github.com/mantisbt/mantisbt/commit/d95f070d
(1.2.x)
NOTE: http://article.gmane.org/gmane.comp.security.oss.general/15022
NOTE: https://www.mantisbt.org/bugs/view.php?id=19493
-CVE-2014-9697
- RESERVED
+CVE-2014-9697 (Huawei USG9560/9520/9580 before V300R001C01SPC300 allows remote
...)
+ TODO: check
CVE-2014-9696 (The Hyper Module Management (HMM) software of Huawei Tecal
E9000 ...)
NOT-FOR-US: Huawei
CVE-2014-9695 (The Hyper Module Management (HMM) software of Huawei Tecal
E9000 ...)
@@ -95680,11 +95718,9 @@
NOT-FOR-US: Google Email application for Android
CVE-2013-7425
RESERVED
-CVE-2014-9678
- RESERVED
+CVE-2014-9678 (FlexPaperViewer.swf in Flexpaper before 2.3.1 allows remote
attackers ...)
NOT-FOR-US: FlexPaper
-CVE-2014-9677
- RESERVED
+CVE-2014-9677 (Cross-site scripting (XSS) vulnerability in FlexPaperViewer.swf
in ...)
NOT-FOR-US: FlexPaper
CVE-2015-1593 (The stack randomization feature in the Linux kernel before
3.19.1 on ...)
{DSA-3170-1 DLA-155-1}
@@ -99848,11 +99884,9 @@
- libquvi 0.4.1-3 (low; bug #774555)
[wheezy] - libquvi <no-dsa> (Minor issue)
[squeeze] - libquvi <no-dsa> (Minor issue)
-CVE-2014-9489
- RESERVED
+CVE-2014-9489 (The gollum-grit_adapter Ruby gem dependency in gollum before
3.1.1 and ...)
NOT-FOR-US: Gollum wiki
-CVE-2014-9487
- RESERVED
+CVE-2014-9487 (The getid3 library in MediaWiki before 1.24.1, 1.23.8, 1.22.15
and ...)
NOT-FOR-US: Mediawiki extension not packaged in src:mediawiki-extensions
CVE-2014-9481
RESERVED
@@ -101432,8 +101466,7 @@
NOT-FOR-US: Subrion CMS
CVE-2014-9119 (Directory traversal vulnerability in download.php in the DB
Backup ...)
NOT-FOR-US: WordPress plugin db-backup
-CVE-2014-9118
- RESERVED
+CVE-2014-9118 (The web administrative portal in Zhone zNID GPON 2426A before
S3.0.501 ...)
NOT-FOR-US: ZHONE Router
CVE-2014-9115 (SQL injection vulnerability in the rate_picture function in ...)
- piwigo <removed>
@@ -104336,8 +104369,7 @@
NOT-FOR-US: Huawei Mobile Partner for Windows
CVE-2014-8358
RESERVED
-CVE-2014-8357
- RESERVED
+CVE-2014-8357 (backupsettings.html in the web administrative portal in Zhone
zNID ...)
NOT-FOR-US: ZHONE Router
CVE-2014-8356
RESERVED
@@ -104388,13 +104420,11 @@
NOT-FOR-US: EspoCRM
CVE-2014-8329 (Schrack Technik microControl with firmware before 1.7.0 (937)
stores ...)
NOT-FOR-US: Schrack Technik microControl
-CVE-2014-8324 [net_get missing check for invalid values]
- RESERVED
+CVE-2014-8324 (network.c in Aircrack-ng before 1.2 Beta 3 allows remote
attackers to ...)
- aircrack-ng 1:1.2-0~beta3-2 (bug #767979)
NOTE:
https://github.com/aircrack-ng/aircrack-ng/commit/88702a3ce4c28a973bf69023cd0312f412f6193e
NOTE: https://github.com/aircrack-ng/aircrack-ng/pull/16
-CVE-2014-8323 [buddy-ng missing checkin data format]
- RESERVED
+CVE-2014-8323 (buddy-ng.c in Aircrack-ng before 1.2 Beta 3 allows remote
attackers to ...)
- aircrack-ng 1:1.2-0~beta3-2 (bug #767979)
NOTE:
https://github.com/aircrack-ng/aircrack-ng/commit/da087238963c1239fdabd47dc1b65279605aca70
NOTE: https://github.com/aircrack-ng/aircrack-ng/pull/15
@@ -118886,8 +118916,8 @@
NOT-FOR-US: ZOHO ManageEngine OpStor
CVE-2014-2666
RESERVED
-CVE-2014-2664
- RESERVED
+CVE-2014-2664 (Unrestricted file upload vulnerability in the ...)
+ TODO: check
CVE-2014-2663
RESERVED
CVE-2014-2662
@@ -120009,8 +120039,7 @@
NOT-FOR-US: SeedDMS
CVE-2014-2278 (Unrestricted file upload vulnerability in op/op.AddFile2.php in
...)
NOT-FOR-US: SeedDMS
-CVE-2014-2277 [insecure temporary file usage]
- RESERVED
+CVE-2014-2277 (The make_temporary_filename function in perltidy 20120701-1 and
...)
- perltidy 20130922-1 (bug #740670)
[wheezy] - perltidy <no-dsa> (Minor issue)
[squeeze] - perltidy <no-dsa> (Minor issue)
@@ -128615,7 +128644,7 @@
CVE-2013-6356
REJECTED
CVE-2013-6355
- RESERVED
+ REJECTED
CVE-2013-6354
RESERVED
CVE-2013-6353
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
