Author: sectracker Date: 2017-10-27 21:10:32 +0000 (Fri, 27 Oct 2017) New Revision: 57041
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-10-27 19:59:54 UTC (rev 57040) +++ data/CVE/list 2017-10-27 21:10:32 UTC (rev 57041) @@ -1,3 +1,33 @@ +CVE-2017-15939 + RESERVED +CVE-2017-15938 + RESERVED +CVE-2017-15937 (Artica Pandora FMS version 7.0 leaks a full installation pathname via ...) + TODO: check +CVE-2017-15936 (In Artica Pandora FMS version 7.0, an Attacker with write Permission ...) + TODO: check +CVE-2017-15935 (Artica Pandora FMS version 7.0 is vulnerable to remote PHP code ...) + TODO: check +CVE-2017-15934 (Artica Pandora FMS version 7.0 is vulnerable to stored Cross-Site ...) + TODO: check +CVE-2017-15933 (SQL injection vulnerability vulnerability in the EyesOfNetwork web ...) + TODO: check +CVE-2017-15932 (In radare2 2.0.1, an integer exception (negative number leading to an ...) + TODO: check +CVE-2017-15931 (In radare2 2.0.1, an integer exception (negative number leading to an ...) + TODO: check +CVE-2017-15930 (In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null ...) + TODO: check +CVE-2017-15929 + RESERVED +CVE-2017-15928 (In the Ox gem 2.8.0 for Ruby, the process crashes with a segmentation ...) + TODO: check +CVE-2017-15927 + RESERVED +CVE-2017-15926 + RESERVED +CVE-2017-15925 + RESERVED CVE-2017-15923 RESERVED CVE-2017-15922 (In GNU Libextractor 1.4, there is an out-of-bounds read in the ...) @@ -493,7 +523,7 @@ RESERVED CVE-2017-15691 RESERVED -CVE-2017-15924 [shadowsocks-libev command execution] +CVE-2017-15924 (In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing ...) - shadowsocks-libev 3.1.0+ds-2 NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-010-shadowsocks-libev/ NOTE: https://github.com/shadowsocks/shadowsocks-libev/issues/1734 @@ -722,10 +752,10 @@ RESERVED CVE-2017-15583 (The embedded web server on ABB Fox515T 1.0 devices is vulnerable to ...) NOT-FOR-US: ABB Fox515T 1.0 devices -CVE-2017-15582 - RESERVED -CVE-2017-15581 - RESERVED +CVE-2017-15582 (In net.MCrypt in the "Diary with lock" (aka WriteDiary) application ...) + TODO: check +CVE-2017-15581 (In the "Diary with lock" (aka WriteDiary) application 4.72 for Android, ...) + TODO: check CVE-2017-15580 (osTicket 1.10.1 provides a functionality to upload 'html' files with ...) NOT-FOR-US: osTicket CVE-2017-15579 (In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via an ...) @@ -2007,7 +2037,7 @@ NOTE: https://pagure.io/koji/issue/563 NOTE: https://pagure.io/koji/c/ba7b5a3cbed11ade11c3af5e834c9a6de4f6d7c3 CVE-2017-1000257 [curl: IMAP FETCH response out of bounds read] - {DLA-1143-1} + {DSA-4007-1 DLA-1143-1} - curl 7.56.1-1 NOTE: https://curl.haxx.se/docs/adv_20171023.html CVE-2017-1000256 [LSN-2017-0002: TLS certificate verification disabled for clients] @@ -2098,6 +2128,7 @@ NOTE: https://golang.org/cl/68210 NOTE: https://groups.google.com/d/msg/golang-dev/RinSE3EiJBI/kYL7zb07AgAJ CVE-2017-15041 (Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command ...) + {DLA-1148-1} - golang-1.9 1.9.1-1 - golang-1.8 1.8.4-1 [stretch] - golang-1.8 <ignored> (Minor issue) @@ -4610,8 +4641,8 @@ RESERVED CVE-2017-14183 RESERVED -CVE-2017-14182 - RESERVED +CVE-2017-14182 (A Denial of Service (DoS) vulnerability in Fortinet FortiOS 5.4.0 to ...) + TODO: check CVE-2017-14180 RESERVED CVE-2017-14179 @@ -7312,12 +7343,10 @@ RESERVED CVE-2017-13091 RESERVED -CVE-2017-13090 - RESERVED +CVE-2017-13090 (The retr.c:fd_read_body() function is called when processing OK ...) - wget <unfixed> (bug #879957) NOTE: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=ba6b44f6745b14dce414761a8e4b35d31b176bba -CVE-2017-13089 - RESERVED +CVE-2017-13089 (The http.c:skip_short_body() function is called in some circumstances, ...) - wget <unfixed> (bug #879957) NOTE: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=d892291fb8ace4c3b734ea5125770989c215df3f CVE-2017-13088 (Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows ...) @@ -14107,7 +14136,7 @@ RESERVED CVE-2017-10956 RESERVED -CVE-2017-10955 (This vulnerability allows remote attackers to execute arbitrary code ...) +CVE-2017-10955 (** DISPUTED ** This vulnerability allows remote attackers to execute ...) NOT-FOR-US: EMC CVE-2017-10954 RESERVED @@ -20462,7 +20491,7 @@ NOT-FOR-US: BE126 WIFI repeater CVE-2017-8770 (There is LFD (local file disclosure) on BE126 WIFI repeater 1.0 ...) NOT-FOR-US: BE126 WIFI repeater -CVE-2017-8769 (** DISPUTED ** Facebook WhatsApp Messenger 2.17.146 for Android uses ...) +CVE-2017-8769 (** DISPUTED ** Facebook WhatsApp Messenger before 2.16.323 for Android ...) NOT-FOR-US: WhatsApp Messenger CVE-2017-8768 (Atlassian SourceTree v2.5c and prior are affected by a command ...) NOT-FOR-US: Atlassian SourceTree @@ -23547,8 +23576,8 @@ NOT-FOR-US: Fortinet FortiOS CVE-2017-7734 (A Cross-Site Scripting vulnerability in Fortinet FortiOS versions ...) NOT-FOR-US: Fortinet FortiOS -CVE-2017-7733 - RESERVED +CVE-2017-7733 (A Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.4.0 ...) + TODO: check CVE-2017-7732 (A reflected Cross-Site Scripting (XSS) vulnerability in Fortinet ...) NOT-FOR-US: Fortinet CVE-2017-7731 (A weak password recovery vulnerability in Fortinet FortiPortal ...) @@ -28672,20 +28701,20 @@ NOT-FOR-US: F5 BIG-IP CVE-2017-6164 RESERVED -CVE-2017-6163 - RESERVED -CVE-2017-6162 - RESERVED -CVE-2017-6161 - RESERVED -CVE-2017-6160 - RESERVED -CVE-2017-6159 - RESERVED +CVE-2017-6163 (In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, PSM ...) + TODO: check +CVE-2017-6162 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, ...) + TODO: check +CVE-2017-6161 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, ...) + TODO: check +CVE-2017-6160 (In F5 BIG-IP AAM and PEM software version 12.0.0 to 12.1.1, 11.6.0 to ...) + TODO: check +CVE-2017-6159 (F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link ...) + TODO: check CVE-2017-6158 RESERVED -CVE-2017-6157 - RESERVED +CVE-2017-6157 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link ...) + TODO: check CVE-2017-6156 RESERVED CVE-2017-6155 @@ -46419,8 +46448,8 @@ NOT-FOR-US: F5 CVE-2017-0304 RESERVED -CVE-2017-0303 - RESERVED +CVE-2017-0303 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link ...) + TODO: check CVE-2017-0302 (In F5 BIG-IP APM 12.0.0 through 12.1.2 and 13.0.0, an authenticated ...) NOT-FOR-US: F5 CVE-2017-0301 @@ -60806,11 +60835,9 @@ NOT-FOR-US: Apache Archiva CVE-2016-5004 (The Content-Encoding HTTP header feature in ws-xmlrpc 3.1.3 as used in ...) NOT-FOR-US: Apache Archiva -CVE-2016-5003 - RESERVED +CVE-2016-5003 (The Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache ...) NOT-FOR-US: Apache Archiva -CVE-2016-5002 - RESERVED +CVE-2016-5002 (XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ...) NOT-FOR-US: Apache Archiva CVE-2016-5001 (This is an information disclosure vulnerability in Apache Hadoop ...) - hadoop <itp> (bug #793644) @@ -96141,8 +96168,7 @@ RESERVED CVE-2015-1836 (Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before ...) NOT-FOR-US: Apache HBase -CVE-2015-1835 - RESERVED +CVE-2015-1835 (Apache Cordova Android before 3.7.2 and 4.x before 4.0.2, when an ...) NOT-FOR-US: Apache Cordova CVE-2015-1834 (A path traversal vulnerability was identified in the Cloud Foundry ...) NOT-FOR-US: Cloud Foundry @@ -117290,8 +117316,7 @@ [wheezy] - linux 3.2.63-1 - linux-2.6 <not-affected> (Vulnerable code not present) NOTE: https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=350b8bdd689cd2ab2c67c8a86a0be86cfa0751a7 -CVE-2014-3600 - RESERVED +CVE-2014-3600 (XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before ...) - activemq 5.6.0+dfsg1-4 (low; bug #777196) [wheezy] - activemq 5.6.0+dfsg-1+deb7u1 NOTE: http://activemq.apache.org/security-advisories.data/CVE-2014-3600-announcement.txt @@ -117373,8 +117398,7 @@ {DSA-3107-1 DLA-119-1} - subversion 1.8.10-5 (bug #773263) NOTE: http://subversion.apache.org/security/CVE-2014-3580-advisory.txt -CVE-2014-3579 - RESERVED +CVE-2014-3579 (XML external entity (XXE) vulnerability in Apache ActiveMQ Apollo 1.x ...) NOT-FOR-US: Apache ActiveMQ Apollo CVE-2014-3578 (Directory traversal vulnerability in Pivotal Spring Framework 3.x ...) - libspring-java 3.2.13-1 (low; bug #760733) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits