Author: sectracker
Date: 2017-10-18 21:10:13 +0000 (Wed, 18 Oct 2017)
New Revision: 56840
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-18 21:08:49 UTC (rev 56839)
+++ data/CVE/list 2017-10-18 21:10:13 UTC (rev 56840)
@@ -1,3 +1,9 @@
+CVE-2017-15599
+ RESERVED
+CVE-2017-15598
+ RESERVED
+CVE-2017-15597
+ RESERVED
CVE-2017-15586
RESERVED
CVE-2017-15585
@@ -544,8 +550,8 @@
NOT-FOR-US: Infineon RSA library
CVE-2017-15360 (PRTG Network Monitor version 17.3.33.2830 is vulnerable to
stored ...)
NOT-FOR-US: PRTG Network Monitor
-CVE-2017-15359
- RESERVED
+CVE-2017-15359 (In the 3CX Phone System 15.5.3554.1, the Management Console
typically ...)
+ TODO: check
CVE-2017-15358
RESERVED
CVE-2017-15357
@@ -1663,8 +1669,8 @@
NOT-FOR-US: PivotX
CVE-2017-14957 (Stored XSS vulnerability via a comment in inc/conv.php in
BlogoText ...)
NOT-FOR-US: BlogoText
-CVE-2017-14956
- RESERVED
+CVE-2017-14956 (AlienVault USM v5.4.2 and earlier offers authenticated users
the ...)
+ TODO: check
CVE-2017-14955 (Check_MK before 1.2.8p26 mishandles certain errors within the
...)
- check-mk 1.2.8p26-1
NOTE:
http://mathias-kettner.com/check_mk_werks.php?edition_id=raw&branch=1.2.8
@@ -3393,8 +3399,8 @@
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/399631650b38eaf21c2f3c306b8b74e66be6a0d2
CVE-2017-14323
RESERVED
-CVE-2017-14322
- RESERVED
+CVE-2017-14322 (The function in charge to check whether the user is already
logged in ...)
+ TODO: check
CVE-2017-14321 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
NOT-FOR-US: Mirasvit Helpdesk MX
CVE-2017-14320 (Mirasvit Helpdesk MX before 1.5.3 might allow remote attackers
to ...)
@@ -6515,8 +6521,8 @@
NOTE: installation of the key into the driver does not work. As such,
this
NOTE: item is not applicable in practice. Furthermore, the PeerKey
handshake
NOTE: for IEEE 802.11e DLS is obsolete and not known to have been
deployed.
-CVE-2017-13083
- RESERVED
+CVE-2017-13083 (Akeo Consulting Rufus prior to version 2.17.1187 does not
adequately ...)
+ TODO: check
CVE-2017-13082 (Wi-Fi Protected Access (WPA and WPA2) that supports IEEE
802.11r ...)
{DSA-3999-1}
- wpa 2:2.4-1.1
@@ -15811,6 +15817,7 @@
NOT-FOR-US: Oracle
CVE-2017-10140 [Berkeley DB reads DB_CONFIG from cwd]
RESERVED
+ {DLA-1137-1 DLA-1136-1 DLA-1135-1}
- db5.3 5.3.28-13.1 (bug #872436)
[stretch] - db5.3 5.3.28-12+deb9u1
[jessie] - db5.3 <no-dsa> (Minor issue; will be fixed via point release)
@@ -21508,12 +21515,12 @@
RESERVED
CVE-2017-8025 (RSA Archer GRC Platform prior to 6.2.0.5 is affected by an
arbitrary ...)
NOT-FOR-US: RSA Archer GRC Platform
-CVE-2017-8024
- RESERVED
+CVE-2017-8024 (EMC Isilon OneFS (versions prior to 8.1.0.1, versions prior to
8.0.1.2, ...)
+ TODO: check
CVE-2017-8023
RESERVED
-CVE-2017-8022
- RESERVED
+CVE-2017-8022 (An issue was discovered in EMC NetWorker (prior to 8.2.4.9, all
...)
+ TODO: check
CVE-2017-8021 (EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an
...)
NOT-FOR-US: EMC Elastic Cloud Storage
CVE-2017-8020
@@ -57196,8 +57203,8 @@
- puppet <not-affected> (Limited to Puppet Enterprise)
CVE-2016-5715 (Open redirect vulnerability in the Console in Puppet Enterprise
2015.x ...)
- puppet <not-affected> (Limited to Puppet Enterprise)
-CVE-2016-5714
- RESERVED
+CVE-2016-5714 (Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and
Puppet ...)
+ TODO: check
CVE-2016-5713
RESERVED
CVE-2016-5712
@@ -77974,8 +77981,7 @@
[jessie] - phpmyadmin <no-dsa> (Minor issue)
[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
-CVE-2015-7943 [Open Redirect - SA-CORE-2015-004]
- RESERVED
+CVE-2015-7943 (Open redirect vulnerability in the Overlay module in Drupal 7.x
before ...)
{DLA-548-1}
- drupal7 7.41-1
[jessie] - drupal7 7.32-1+deb8u9
@@ -78476,10 +78482,10 @@
NOT-FOR-US: mediaserver in Android
CVE-2015-7716 (libstagefright in Android 5.x before 5.1.1 LMY48T allows remote
...)
NOT-FOR-US: libstagefright in Android
-CVE-2015-7715
- RESERVED
-CVE-2015-7714
- RESERVED
+CVE-2015-7715 (Cross-site request forgery (CSRF) vulnerability in the Realtyna
RPL ...)
+ TODO: check
+CVE-2015-7714 (Multiple SQL injection vulnerabilities in the Realtyna RPL
(com_rpl) ...)
+ TODO: check
CVE-2015-7712 (Multiple eval injection vulnerabilities in ...)
NOT-FOR-US: ATutor
CVE-2015-7711 (Cross-site scripting (XSS) vulnerability in popuphelp.php in
ATutor ...)
@@ -85640,8 +85646,7 @@
NOTE:
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=c6296ea88df040054ccd781f3945fe103f8c7c17
NOTE:
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=4240be45632db7831129f124bcf53c1223825b0f
NOTE:
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=8357946b15f0a31f73dd691b7da95f29318ed310
-CVE-2015-5164
- RESERVED
+CVE-2015-5164 (The Qpid server on Red Hat Satellite 6 does not properly
restrict ...)
NOT-FOR-US: Qpid server on Satellite6
CVE-2015-5163 (The import task action in OpenStack Image Service (Glance)
2015.1.x ...)
- glance 2015.1.0-4 (bug #795453)
@@ -90605,8 +90610,7 @@
NOT-FOR-US: Ubercart Currency Conversion module for Drupal
CVE-2015-3341
RESERVED
-CVE-2015-3400
- RESERVED
+CVE-2015-3400 (sharenfs 0.6.4, when built with commits bcdd594 and 7d08880
from the ...)
- zfs-linux <not-affected> (Specific to packages on
archive.zfsonlinux.org repositories)
NOTE: Issue with ZFS on Linux Debian packages specific as published in
the archive.zfsonlinux.org repositories
NOTE: https://github.com/zfsonlinux/zfs/issues/3319
@@ -94506,8 +94510,7 @@
RESERVED
CVE-2015-2159
RESERVED
-CVE-2015-2156
- RESERVED
+CVE-2015-2156 (Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x
before ...)
- netty3.1 <removed>
[wheezy] - netty3.1 <no-dsa> (Minor issue)
- netty 1:4.0.31-1 (bug #796114)
@@ -94769,8 +94772,7 @@
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=18032
NOTE:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4a28f4d55a6cc33474c0792fe93b5942d81bf185
NOTE: http://www.openwall.com/lists/oss-security/2015/02/26/5
-CVE-2011-5320 [glibc scanf implementation crashes on certain inputs]
- RESERVED
+CVE-2011-5320 (scanf and related functions in glibc before 2.15 allow local
users to ...)
{DLA-165-1}
- glibc 2.15
- eglibc 2.13-25 (bug #553206)
@@ -97587,8 +97589,8 @@
- chromium-browser 42.0.2311.90-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1239
- RESERVED
+CVE-2015-1239 (Double free vulnerability in the j2k_read_ppm_v3 function in
OpenJPEG ...)
+ TODO: check
CVE-2015-1238 (Skia, as used in Google Chrome before 42.0.2311.90, allows
remote ...)
{DSA-3238-1}
- chromium-browser 42.0.2311.90-1
@@ -104361,8 +104363,8 @@
NOT-FOR-US: ZTE ZXHN H108L
CVE-2014-8492 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: Wordpress plugin
-CVE-2014-8491
- RESERVED
+CVE-2014-8491 (The Grand Flagallery plugin before 4.25 for WordPress allows
remote ...)
+ TODO: check
CVE-2014-8490
RESERVED
CVE-2014-8990 (default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote
...)
@@ -106465,8 +106467,7 @@
NOTE: Upstream commit:
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=e6908bfe8e07f2b452e78e677da1b45b1c0f6829
CVE-2014-7814 (SQL injection vulnerability in Red Hat CloudForms 3.1
Management ...)
NOT-FOR-US: Red Hat CloudForms Management Engine
-CVE-2014-7813
- RESERVED
+CVE-2014-7813 (Red Hat CloudForms 3 Management Engine (CFME) allows remote ...)
NOT-FOR-US: Red Hat CloudForms Management Engine
CVE-2014-7812 (Cross-site scripting (XSS) vulnerability in Spacewalk and Red
Hat ...)
NOT-FOR-US: Red Hat Satellite / Spacewalk
@@ -107639,8 +107640,8 @@
REJECTED
CVE-2014-7243 (LG Electronics Mobile WiFi router L-09C, L-03E, and L-04D does
not ...)
NOT-FOR-US: LG Routers
-CVE-2014-7242
- RESERVED
+CVE-2014-7242 (The SumaHo application 3.0.0 and earlier for Android and the
SumaHo ...)
+ TODO: check
CVE-2014-7241 (The TSUTAYA application 5.3 and earlier for Android allows
remote ...)
NOT-FOR-US: TSUTAYA application for Android
CVE-2014-7240 (Cross-site scripting (XSS) vulnerability in the Easy Contact
Form ...)
@@ -116120,8 +116121,7 @@
- php5 5.6.3+dfsg-1 (bug #768807)
NOTE: https://bugs.php.net/bug.php?id=68283
NOTE:
http://git.php.net/?p=php-src.git;a=commitdiff;h=1803228597e82218a8c105e67975bc50e6f5bf0d
(PHP 5.4 branch)
-CVE-2014-3709
- RESERVED
+CVE-2014-3709 (The org.keycloak.services.resources.SocialResource.callback
method in ...)
NOT-FOR-US: JBoss KeyCloak
CVE-2014-3708 (OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before
2014.2.1 ...)
- nova 2014.1.3-6 (low)
@@ -116132,8 +116132,7 @@
- curl 7.38.0-3
NOTE: http://curl.haxx.se/docs/adv_20141105.html
NOTE: Upstream commit:
https://github.com/bagder/curl/commit/b3875606925536f82fc61f3114ac42f29eaf6945
-CVE-2014-3706
- RESERVED
+CVE-2014-3706 (ovirt-engine, as used in Red Hat MRG 3, allows
man-in-the-middle ...)
NOT-FOR-US: ovirt-engine
CVE-2014-3705
RESERVED
@@ -116871,8 +116870,7 @@
- dbus 1.8.6-1
[squeeze] - dbus <not-affected> (Fix for other kernel version)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=80163
-CVE-2014-3531
- RESERVED
+CVE-2014-3531 (Multiple cross-site scripting (XSS) vulnerabilities in Foreman
before ...)
- foreman <itp> (bug #663101)
CVE-2014-3530 (The
org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory ...)
NOT-FOR-US: PicketLink
@@ -118010,8 +118008,8 @@
{DSA-3039-1}
- chromium-browser 37.0.2062.120-1
[squeeze] - chromium-browser <end-of-life>
-CVE-2014-3164
- RESERVED
+CVE-2014-3164 (cmds/servicemanager/service_manager.c in Android before commit
...)
+ TODO: check
CVE-2014-3163
RESERVED
CVE-2014-3162 (Multiple unspecified vulnerabilities in Google Chrome before
...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
