Author: sectracker Date: 2017-10-18 21:10:13 +0000 (Wed, 18 Oct 2017) New Revision: 56840
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-10-18 21:08:49 UTC (rev 56839) +++ data/CVE/list 2017-10-18 21:10:13 UTC (rev 56840) @@ -1,3 +1,9 @@ +CVE-2017-15599 + RESERVED +CVE-2017-15598 + RESERVED +CVE-2017-15597 + RESERVED CVE-2017-15586 RESERVED CVE-2017-15585 @@ -544,8 +550,8 @@ NOT-FOR-US: Infineon RSA library CVE-2017-15360 (PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored ...) NOT-FOR-US: PRTG Network Monitor -CVE-2017-15359 - RESERVED +CVE-2017-15359 (In the 3CX Phone System 15.5.3554.1, the Management Console typically ...) + TODO: check CVE-2017-15358 RESERVED CVE-2017-15357 @@ -1663,8 +1669,8 @@ NOT-FOR-US: PivotX CVE-2017-14957 (Stored XSS vulnerability via a comment in inc/conv.php in BlogoText ...) NOT-FOR-US: BlogoText -CVE-2017-14956 - RESERVED +CVE-2017-14956 (AlienVault USM v5.4.2 and earlier offers authenticated users the ...) + TODO: check CVE-2017-14955 (Check_MK before 1.2.8p26 mishandles certain errors within the ...) - check-mk 1.2.8p26-1 NOTE: http://mathias-kettner.com/check_mk_werks.php?edition_id=raw&branch=1.2.8 @@ -3393,8 +3399,8 @@ NOTE: https://github.com/ImageMagick/ImageMagick/commit/399631650b38eaf21c2f3c306b8b74e66be6a0d2 CVE-2017-14323 RESERVED -CVE-2017-14322 - RESERVED +CVE-2017-14322 (The function in charge to check whether the user is already logged in ...) + TODO: check CVE-2017-14321 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) NOT-FOR-US: Mirasvit Helpdesk MX CVE-2017-14320 (Mirasvit Helpdesk MX before 1.5.3 might allow remote attackers to ...) @@ -6515,8 +6521,8 @@ NOTE: installation of the key into the driver does not work. As such, this NOTE: item is not applicable in practice. Furthermore, the PeerKey handshake NOTE: for IEEE 802.11e DLS is obsolete and not known to have been deployed. -CVE-2017-13083 - RESERVED +CVE-2017-13083 (Akeo Consulting Rufus prior to version 2.17.1187 does not adequately ...) + TODO: check CVE-2017-13082 (Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r ...) {DSA-3999-1} - wpa 2:2.4-1.1 @@ -15811,6 +15817,7 @@ NOT-FOR-US: Oracle CVE-2017-10140 [Berkeley DB reads DB_CONFIG from cwd] RESERVED + {DLA-1137-1 DLA-1136-1 DLA-1135-1} - db5.3 5.3.28-13.1 (bug #872436) [stretch] - db5.3 5.3.28-12+deb9u1 [jessie] - db5.3 <no-dsa> (Minor issue; will be fixed via point release) @@ -21508,12 +21515,12 @@ RESERVED CVE-2017-8025 (RSA Archer GRC Platform prior to 6.2.0.5 is affected by an arbitrary ...) NOT-FOR-US: RSA Archer GRC Platform -CVE-2017-8024 - RESERVED +CVE-2017-8024 (EMC Isilon OneFS (versions prior to 8.1.0.1, versions prior to 8.0.1.2, ...) + TODO: check CVE-2017-8023 RESERVED -CVE-2017-8022 - RESERVED +CVE-2017-8022 (An issue was discovered in EMC NetWorker (prior to 8.2.4.9, all ...) + TODO: check CVE-2017-8021 (EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an ...) NOT-FOR-US: EMC Elastic Cloud Storage CVE-2017-8020 @@ -57196,8 +57203,8 @@ - puppet <not-affected> (Limited to Puppet Enterprise) CVE-2016-5715 (Open redirect vulnerability in the Console in Puppet Enterprise 2015.x ...) - puppet <not-affected> (Limited to Puppet Enterprise) -CVE-2016-5714 - RESERVED +CVE-2016-5714 (Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet ...) + TODO: check CVE-2016-5713 RESERVED CVE-2016-5712 @@ -77974,8 +77981,7 @@ [jessie] - phpmyadmin <no-dsa> (Minor issue) [wheezy] - phpmyadmin <not-affected> (Vulnerable code not present) [squeeze] - phpmyadmin <not-affected> (Vulnerable code not present) -CVE-2015-7943 [Open Redirect - SA-CORE-2015-004] - RESERVED +CVE-2015-7943 (Open redirect vulnerability in the Overlay module in Drupal 7.x before ...) {DLA-548-1} - drupal7 7.41-1 [jessie] - drupal7 7.32-1+deb8u9 @@ -78476,10 +78482,10 @@ NOT-FOR-US: mediaserver in Android CVE-2015-7716 (libstagefright in Android 5.x before 5.1.1 LMY48T allows remote ...) NOT-FOR-US: libstagefright in Android -CVE-2015-7715 - RESERVED -CVE-2015-7714 - RESERVED +CVE-2015-7715 (Cross-site request forgery (CSRF) vulnerability in the Realtyna RPL ...) + TODO: check +CVE-2015-7714 (Multiple SQL injection vulnerabilities in the Realtyna RPL (com_rpl) ...) + TODO: check CVE-2015-7712 (Multiple eval injection vulnerabilities in ...) NOT-FOR-US: ATutor CVE-2015-7711 (Cross-site scripting (XSS) vulnerability in popuphelp.php in ATutor ...) @@ -85640,8 +85646,7 @@ NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=c6296ea88df040054ccd781f3945fe103f8c7c17 NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=4240be45632db7831129f124bcf53c1223825b0f NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=8357946b15f0a31f73dd691b7da95f29318ed310 -CVE-2015-5164 - RESERVED +CVE-2015-5164 (The Qpid server on Red Hat Satellite 6 does not properly restrict ...) NOT-FOR-US: Qpid server on Satellite6 CVE-2015-5163 (The import task action in OpenStack Image Service (Glance) 2015.1.x ...) - glance 2015.1.0-4 (bug #795453) @@ -90605,8 +90610,7 @@ NOT-FOR-US: Ubercart Currency Conversion module for Drupal CVE-2015-3341 RESERVED -CVE-2015-3400 - RESERVED +CVE-2015-3400 (sharenfs 0.6.4, when built with commits bcdd594 and 7d08880 from the ...) - zfs-linux <not-affected> (Specific to packages on archive.zfsonlinux.org repositories) NOTE: Issue with ZFS on Linux Debian packages specific as published in the archive.zfsonlinux.org repositories NOTE: https://github.com/zfsonlinux/zfs/issues/3319 @@ -94506,8 +94510,7 @@ RESERVED CVE-2015-2159 RESERVED -CVE-2015-2156 - RESERVED +CVE-2015-2156 (Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before ...) - netty3.1 <removed> [wheezy] - netty3.1 <no-dsa> (Minor issue) - netty 1:4.0.31-1 (bug #796114) @@ -94769,8 +94772,7 @@ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=18032 NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4a28f4d55a6cc33474c0792fe93b5942d81bf185 NOTE: http://www.openwall.com/lists/oss-security/2015/02/26/5 -CVE-2011-5320 [glibc scanf implementation crashes on certain inputs] - RESERVED +CVE-2011-5320 (scanf and related functions in glibc before 2.15 allow local users to ...) {DLA-165-1} - glibc 2.15 - eglibc 2.13-25 (bug #553206) @@ -97587,8 +97589,8 @@ - chromium-browser 42.0.2311.90-1 [wheezy] - chromium-browser <end-of-life> [squeeze] - chromium-browser <end-of-life> -CVE-2015-1239 - RESERVED +CVE-2015-1239 (Double free vulnerability in the j2k_read_ppm_v3 function in OpenJPEG ...) + TODO: check CVE-2015-1238 (Skia, as used in Google Chrome before 42.0.2311.90, allows remote ...) {DSA-3238-1} - chromium-browser 42.0.2311.90-1 @@ -104361,8 +104363,8 @@ NOT-FOR-US: ZTE ZXHN H108L CVE-2014-8492 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Wordpress plugin -CVE-2014-8491 - RESERVED +CVE-2014-8491 (The Grand Flagallery plugin before 4.25 for WordPress allows remote ...) + TODO: check CVE-2014-8490 RESERVED CVE-2014-8990 (default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote ...) @@ -106465,8 +106467,7 @@ NOTE: Upstream commit: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=e6908bfe8e07f2b452e78e677da1b45b1c0f6829 CVE-2014-7814 (SQL injection vulnerability in Red Hat CloudForms 3.1 Management ...) NOT-FOR-US: Red Hat CloudForms Management Engine -CVE-2014-7813 - RESERVED +CVE-2014-7813 (Red Hat CloudForms 3 Management Engine (CFME) allows remote ...) NOT-FOR-US: Red Hat CloudForms Management Engine CVE-2014-7812 (Cross-site scripting (XSS) vulnerability in Spacewalk and Red Hat ...) NOT-FOR-US: Red Hat Satellite / Spacewalk @@ -107639,8 +107640,8 @@ REJECTED CVE-2014-7243 (LG Electronics Mobile WiFi router L-09C, L-03E, and L-04D does not ...) NOT-FOR-US: LG Routers -CVE-2014-7242 - RESERVED +CVE-2014-7242 (The SumaHo application 3.0.0 and earlier for Android and the SumaHo ...) + TODO: check CVE-2014-7241 (The TSUTAYA application 5.3 and earlier for Android allows remote ...) NOT-FOR-US: TSUTAYA application for Android CVE-2014-7240 (Cross-site scripting (XSS) vulnerability in the Easy Contact Form ...) @@ -116120,8 +116121,7 @@ - php5 5.6.3+dfsg-1 (bug #768807) NOTE: https://bugs.php.net/bug.php?id=68283 NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=1803228597e82218a8c105e67975bc50e6f5bf0d (PHP 5.4 branch) -CVE-2014-3709 - RESERVED +CVE-2014-3709 (The org.keycloak.services.resources.SocialResource.callback method in ...) NOT-FOR-US: JBoss KeyCloak CVE-2014-3708 (OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1 ...) - nova 2014.1.3-6 (low) @@ -116132,8 +116132,7 @@ - curl 7.38.0-3 NOTE: http://curl.haxx.se/docs/adv_20141105.html NOTE: Upstream commit: https://github.com/bagder/curl/commit/b3875606925536f82fc61f3114ac42f29eaf6945 -CVE-2014-3706 - RESERVED +CVE-2014-3706 (ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle ...) NOT-FOR-US: ovirt-engine CVE-2014-3705 RESERVED @@ -116871,8 +116870,7 @@ - dbus 1.8.6-1 [squeeze] - dbus <not-affected> (Fix for other kernel version) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=80163 -CVE-2014-3531 - RESERVED +CVE-2014-3531 (Multiple cross-site scripting (XSS) vulnerabilities in Foreman before ...) - foreman <itp> (bug #663101) CVE-2014-3530 (The org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory ...) NOT-FOR-US: PicketLink @@ -118010,8 +118008,8 @@ {DSA-3039-1} - chromium-browser 37.0.2062.120-1 [squeeze] - chromium-browser <end-of-life> -CVE-2014-3164 - RESERVED +CVE-2014-3164 (cmds/servicemanager/service_manager.c in Android before commit ...) + TODO: check CVE-2014-3163 RESERVED CVE-2014-3162 (Multiple unspecified vulnerabilities in Google Chrome before ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits