[Secure-testing-commits] r57041 - data/CVE

Fri, 27 Oct 2017 14:11:11 -0700 

Author: sectracker
Date: 2017-10-27 21:10:32 +0000 (Fri, 27 Oct 2017)
New Revision: 57041

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-10-27 19:59:54 UTC (rev 57040)
+++ data/CVE/list       2017-10-27 21:10:32 UTC (rev 57041)
@@ -1,3 +1,33 @@
+CVE-2017-15939
+       RESERVED
+CVE-2017-15938
+       RESERVED
+CVE-2017-15937 (Artica Pandora FMS version 7.0 leaks a full installation 
pathname via ...)
+       TODO: check
+CVE-2017-15936 (In Artica Pandora FMS version 7.0, an Attacker with write 
Permission ...)
+       TODO: check
+CVE-2017-15935 (Artica Pandora FMS version 7.0 is vulnerable to remote PHP 
code ...)
+       TODO: check
+CVE-2017-15934 (Artica Pandora FMS version 7.0 is vulnerable to stored 
Cross-Site ...)
+       TODO: check
+CVE-2017-15933 (SQL injection vulnerability vulnerability in the EyesOfNetwork 
web ...)
+       TODO: check
+CVE-2017-15932 (In radare2 2.0.1, an integer exception (negative number 
leading to an ...)
+       TODO: check
+CVE-2017-15931 (In radare2 2.0.1, an integer exception (negative number 
leading to an ...)
+       TODO: check
+CVE-2017-15930 (In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a 
Null ...)
+       TODO: check
+CVE-2017-15929
+       RESERVED
+CVE-2017-15928 (In the Ox gem 2.8.0 for Ruby, the process crashes with a 
segmentation ...)
+       TODO: check
+CVE-2017-15927
+       RESERVED
+CVE-2017-15926
+       RESERVED
+CVE-2017-15925
+       RESERVED
 CVE-2017-15923
        RESERVED
 CVE-2017-15922 (In GNU Libextractor 1.4, there is an out-of-bounds read in the 
...)
@@ -493,7 +523,7 @@
        RESERVED
 CVE-2017-15691
        RESERVED
-CVE-2017-15924 [shadowsocks-libev command execution]
+CVE-2017-15924 (In manager.c in ss-manager in shadowsocks-libev 3.1.0, 
improper parsing ...)
        - shadowsocks-libev 3.1.0+ds-2
        NOTE: 
https://www.x41-dsec.de/lab/advisories/x41-2017-010-shadowsocks-libev/
        NOTE: https://github.com/shadowsocks/shadowsocks-libev/issues/1734
@@ -722,10 +752,10 @@
        RESERVED
 CVE-2017-15583 (The embedded web server on ABB Fox515T 1.0 devices is 
vulnerable to ...)
        NOT-FOR-US: ABB Fox515T 1.0 devices
-CVE-2017-15582
-       RESERVED
-CVE-2017-15581
-       RESERVED
+CVE-2017-15582 (In net.MCrypt in the "Diary with lock" (aka 
WriteDiary) application ...)
+       TODO: check
+CVE-2017-15581 (In the "Diary with lock" (aka WriteDiary) 
application 4.72 for Android, ...)
+       TODO: check
 CVE-2017-15580 (osTicket 1.10.1 provides a functionality to upload 'html' 
files with ...)
        NOT-FOR-US: osTicket
 CVE-2017-15579 (In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via 
an ...)
@@ -2007,7 +2037,7 @@
        NOTE: https://pagure.io/koji/issue/563
        NOTE: https://pagure.io/koji/c/ba7b5a3cbed11ade11c3af5e834c9a6de4f6d7c3
 CVE-2017-1000257 [curl: IMAP FETCH response out of bounds read]
-       {DLA-1143-1}
+       {DSA-4007-1 DLA-1143-1}
        - curl 7.56.1-1
        NOTE: https://curl.haxx.se/docs/adv_20171023.html
 CVE-2017-1000256 [LSN-2017-0002: TLS certificate verification disabled for 
clients]
@@ -2098,6 +2128,7 @@
        NOTE: https://golang.org/cl/68210
        NOTE: 
https://groups.google.com/d/msg/golang-dev/RinSE3EiJBI/kYL7zb07AgAJ
 CVE-2017-15041 (Go before 1.8.4 and 1.9.x before 1.9.1 allows "go 
get" remote command ...)
+       {DLA-1148-1}
        - golang-1.9 1.9.1-1
        - golang-1.8 1.8.4-1
        [stretch] - golang-1.8 <ignored> (Minor issue)
@@ -4610,8 +4641,8 @@
        RESERVED
 CVE-2017-14183
        RESERVED
-CVE-2017-14182
-       RESERVED
+CVE-2017-14182 (A Denial of Service (DoS) vulnerability in Fortinet FortiOS 
5.4.0 to ...)
+       TODO: check
 CVE-2017-14180
        RESERVED
 CVE-2017-14179
@@ -7312,12 +7343,10 @@
        RESERVED
 CVE-2017-13091
        RESERVED
-CVE-2017-13090
-       RESERVED
+CVE-2017-13090 (The retr.c:fd_read_body() function is called when processing 
OK ...)
        - wget <unfixed> (bug #879957)
        NOTE: 
http://git.savannah.gnu.org/cgit/wget.git/commit/?id=ba6b44f6745b14dce414761a8e4b35d31b176bba
-CVE-2017-13089
-       RESERVED
+CVE-2017-13089 (The http.c:skip_short_body() function is called in some 
circumstances, ...)
        - wget <unfixed> (bug #879957)
        NOTE: 
http://git.savannah.gnu.org/cgit/wget.git/commit/?id=d892291fb8ace4c3b734ea5125770989c215df3f
 CVE-2017-13088 (Wi-Fi Protected Access (WPA and WPA2) that support 802.11v 
allows ...)
@@ -14107,7 +14136,7 @@
        RESERVED
 CVE-2017-10956
        RESERVED
-CVE-2017-10955 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
+CVE-2017-10955 (** DISPUTED ** This vulnerability allows remote attackers to 
execute ...)
        NOT-FOR-US: EMC
 CVE-2017-10954
        RESERVED
@@ -20462,7 +20491,7 @@
        NOT-FOR-US: BE126 WIFI repeater
 CVE-2017-8770 (There is LFD (local file disclosure) on BE126 WIFI repeater 1.0 
...)
        NOT-FOR-US: BE126 WIFI repeater
-CVE-2017-8769 (** DISPUTED ** Facebook WhatsApp Messenger 2.17.146 for Android 
uses ...)
+CVE-2017-8769 (** DISPUTED ** Facebook WhatsApp Messenger before 2.16.323 for 
Android ...)
        NOT-FOR-US: WhatsApp Messenger
 CVE-2017-8768 (Atlassian SourceTree v2.5c and prior are affected by a command 
...)
        NOT-FOR-US: Atlassian SourceTree
@@ -23547,8 +23576,8 @@
        NOT-FOR-US: Fortinet FortiOS
 CVE-2017-7734 (A Cross-Site Scripting vulnerability in Fortinet FortiOS 
versions ...)
        NOT-FOR-US: Fortinet FortiOS
-CVE-2017-7733
-       RESERVED
+CVE-2017-7733 (A Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 
5.4.0 ...)
+       TODO: check
 CVE-2017-7732 (A reflected Cross-Site Scripting (XSS) vulnerability in 
Fortinet ...)
        NOT-FOR-US: Fortinet
 CVE-2017-7731 (A weak password recovery vulnerability in Fortinet FortiPortal 
...)
@@ -28672,20 +28701,20 @@
        NOT-FOR-US: F5 BIG-IP
 CVE-2017-6164
        RESERVED
-CVE-2017-6163
-       RESERVED
-CVE-2017-6162
-       RESERVED
-CVE-2017-6161
-       RESERVED
-CVE-2017-6160
-       RESERVED
-CVE-2017-6159
-       RESERVED
+CVE-2017-6163 (In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, PSM 
...)
+       TODO: check
+CVE-2017-6162 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge 
Gateway, ...)
+       TODO: check
+CVE-2017-6161 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge 
Gateway, ...)
+       TODO: check
+CVE-2017-6160 (In F5 BIG-IP AAM and PEM software version 12.0.0 to 12.1.1, 
11.6.0 to ...)
+       TODO: check
+CVE-2017-6159 (F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link 
...)
+       TODO: check
 CVE-2017-6158
        RESERVED
-CVE-2017-6157
-       RESERVED
+CVE-2017-6157 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link 
...)
+       TODO: check
 CVE-2017-6156
        RESERVED
 CVE-2017-6155
@@ -46419,8 +46448,8 @@
        NOT-FOR-US: F5
 CVE-2017-0304
        RESERVED
-CVE-2017-0303
-       RESERVED
+CVE-2017-0303 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link 
...)
+       TODO: check
 CVE-2017-0302 (In F5 BIG-IP APM 12.0.0 through 12.1.2 and 13.0.0, an 
authenticated ...)
        NOT-FOR-US: F5
 CVE-2017-0301
@@ -60806,11 +60835,9 @@
        NOT-FOR-US: Apache Archiva
 CVE-2016-5004 (The Content-Encoding HTTP header feature in ws-xmlrpc 3.1.3 as 
used in ...)
        NOT-FOR-US: Apache Archiva
-CVE-2016-5003
-       RESERVED
+CVE-2016-5003 (The Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in 
Apache ...)
        NOT-FOR-US: Apache Archiva
-CVE-2016-5002
-       RESERVED
+CVE-2016-5002 (XML external entity (XXE) vulnerability in the Apache XML-RPC 
(aka ...)
        NOT-FOR-US: Apache Archiva
 CVE-2016-5001 (This is an information disclosure vulnerability in Apache 
Hadoop ...)
        - hadoop <itp> (bug #793644)
@@ -96141,8 +96168,7 @@
        RESERVED
 CVE-2015-1836 (Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 
before ...)
        NOT-FOR-US: Apache HBase
-CVE-2015-1835
-       RESERVED
+CVE-2015-1835 (Apache Cordova Android before 3.7.2 and 4.x before 4.0.2, when 
an ...)
        NOT-FOR-US: Apache Cordova
 CVE-2015-1834 (A path traversal vulnerability was identified in the Cloud 
Foundry ...)
        NOT-FOR-US: Cloud Foundry
@@ -117290,8 +117316,7 @@
        [wheezy] - linux 3.2.63-1
        - linux-2.6 <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=350b8bdd689cd2ab2c67c8a86a0be86cfa0751a7
-CVE-2014-3600
-       RESERVED
+CVE-2014-3600 (XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x 
before ...)
        - activemq 5.6.0+dfsg1-4 (low; bug #777196)
        [wheezy] - activemq 5.6.0+dfsg-1+deb7u1
        NOTE: 
http://activemq.apache.org/security-advisories.data/CVE-2014-3600-announcement.txt
@@ -117373,8 +117398,7 @@
        {DSA-3107-1 DLA-119-1}
        - subversion 1.8.10-5 (bug #773263)
        NOTE: http://subversion.apache.org/security/CVE-2014-3580-advisory.txt
-CVE-2014-3579
-       RESERVED
+CVE-2014-3579 (XML external entity (XXE) vulnerability in Apache ActiveMQ 
Apollo 1.x ...)
        NOT-FOR-US: Apache ActiveMQ Apollo
 CVE-2014-3578 (Directory traversal vulnerability in Pivotal Spring Framework 
3.x ...)
        - libspring-java 3.2.13-1 (low; bug #760733)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to