Author: sectracker Date: 2017-11-02 21:10:12 +0000 (Thu, 02 Nov 2017) New Revision: 57261
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-11-02 21:07:55 UTC (rev 57260) +++ data/CVE/list 2017-11-02 21:10:12 UTC (rev 57261) @@ -1,3 +1,61 @@ +CVE-2017-16510 (WordPress before 4.8.3 is affected by an issue where $wpdb->prepare() ...) + TODO: check +CVE-2017-1000171 + RESERVED +CVE-2017-1000157 + RESERVED +CVE-2017-1000156 + RESERVED +CVE-2017-1000155 + RESERVED +CVE-2017-1000154 + RESERVED +CVE-2017-1000153 + RESERVED +CVE-2017-1000152 + RESERVED +CVE-2017-1000151 + RESERVED +CVE-2017-1000150 + RESERVED +CVE-2017-1000149 + RESERVED +CVE-2017-1000148 + RESERVED +CVE-2017-1000147 + RESERVED +CVE-2017-1000146 + RESERVED +CVE-2017-1000145 + RESERVED +CVE-2017-1000144 + RESERVED +CVE-2017-1000143 + RESERVED +CVE-2017-1000142 + RESERVED +CVE-2017-1000141 + RESERVED +CVE-2017-1000140 + RESERVED +CVE-2017-1000139 + RESERVED +CVE-2017-1000138 + RESERVED +CVE-2017-1000137 + RESERVED +CVE-2017-1000136 + RESERVED +CVE-2017-1000135 + RESERVED +CVE-2017-1000134 + RESERVED +CVE-2017-1000133 + RESERVED +CVE-2017-1000132 + RESERVED +CVE-2017-1000131 + RESERVED CVE-2017-XXXX [Unsafe queries with wpdb->prepare] - wordpress 4.8.3+dfsg-1 (bug #880528) NOTE: https://wpvulndb.com/vulnerabilities/8941 @@ -2008,9 +2066,11 @@ NOT-FOR-US: XnView CVE-2017-15772 (XnView Classic for Windows Version 2.43 allows attackers to cause a ...) NOT-FOR-US: XnView -CVE-2017-15771 (Foxit Reader 8.3.2.25013 allows attackers to execute arbitrary code or ...) +CVE-2017-15771 + REJECTED NOT-FOR-US: Foxit Reader -CVE-2017-15770 (Foxit Reader 8.3.2.25013 allows attackers to execute arbitrary code or ...) +CVE-2017-15770 + REJECTED NOT-FOR-US: Foxit Reader CVE-2017-15769 (IrfanView 4.50 - 64bit allows attackers to cause a denial of service or ...) NOT-FOR-US: IrfanView @@ -11862,10 +11922,10 @@ RESERVED CVE-2017-12296 (A vulnerability in Cisco WebEx Meetings Server could allow an ...) NOT-FOR-US: Cisco -CVE-2017-12295 - RESERVED -CVE-2017-12294 - RESERVED +CVE-2017-12295 (A vulnerability in Cisco WebEx Meetings Server could allow an ...) + TODO: check +CVE-2017-12294 (A vulnerability in Cisco WebEx Meetings Server could allow an ...) + TODO: check CVE-2017-12293 (A vulnerability in Cisco WebEx Meetings Server could allow an ...) NOT-FOR-US: Cisco CVE-2017-12292 @@ -11886,28 +11946,28 @@ NOT-FOR-US: Cisco CVE-2017-12284 (A vulnerability in the web interface of Cisco Jabber for Windows Client ...) NOT-FOR-US: Cisco -CVE-2017-12283 - RESERVED -CVE-2017-12282 - RESERVED -CVE-2017-12281 - RESERVED -CVE-2017-12280 - RESERVED -CVE-2017-12279 - RESERVED -CVE-2017-12278 - RESERVED -CVE-2017-12277 - RESERVED -CVE-2017-12276 - RESERVED -CVE-2017-12275 - RESERVED -CVE-2017-12274 - RESERVED -CVE-2017-12273 - RESERVED +CVE-2017-12283 (A vulnerability in the handling of 802.11w Protected Management Frames ...) + TODO: check +CVE-2017-12282 (A vulnerability in the Access Network Query Protocol (ANQP) ingress ...) + TODO: check +CVE-2017-12281 (A vulnerability in the implementation of Protected Extensible ...) + TODO: check +CVE-2017-12280 (A vulnerability in the Control and Provisioning of Wireless Access ...) + TODO: check +CVE-2017-12279 (A vulnerability in the packet processing code of Cisco IOS Software for ...) + TODO: check +CVE-2017-12278 (A vulnerability in the Simple Network Management Protocol (SNMP) ...) + TODO: check +CVE-2017-12277 (A vulnerability in the Smart Licensing Manager service of the Cisco ...) + TODO: check +CVE-2017-12276 (A vulnerability in the web framework code for the SQL database ...) + TODO: check +CVE-2017-12275 (A vulnerability in the implementation of 802.11v Basic Service Set ...) + TODO: check +CVE-2017-12274 (A vulnerability in Extensible Authentication Protocol (EAP) ingress ...) + TODO: check +CVE-2017-12273 (A vulnerability in 802.11 association request frame processing for the ...) + TODO: check CVE-2017-12272 (A vulnerability in the web framework code of Cisco IOS XE Software ...) NOT-FOR-US: Cisco CVE-2017-12271 (A vulnerability in Cisco SPA300 and SPA500 Series IP Phones could allow ...) @@ -11928,10 +11988,10 @@ NOT-FOR-US: Cisco CVE-2017-12263 (A vulnerability in the web interface of Cisco License Manager software ...) NOT-FOR-US: Cisco -CVE-2017-12262 - RESERVED -CVE-2017-12261 - RESERVED +CVE-2017-12262 (A vulnerability within the firewall configuration of the Cisco ...) + TODO: check +CVE-2017-12261 (A vulnerability in the restricted shell of the Cisco Identity Services ...) + TODO: check CVE-2017-12260 (A vulnerability in the implementation of Session Initiation Protocol ...) NOT-FOR-US: Cisco CVE-2017-12259 (A vulnerability in the implementation of Session Initiation Protocol ...) @@ -11966,8 +12026,8 @@ NOT-FOR-US: Cisco CVE-2017-12244 (A vulnerability in the detection engine parsing of IPv6 packets for ...) NOT-FOR-US: Cisco -CVE-2017-12243 - RESERVED +CVE-2017-12243 (A vulnerability in the Cisco Unified Computing System (UCS) Manager, ...) + TODO: check CVE-2017-12242 RESERVED CVE-2017-12241 @@ -13088,8 +13148,8 @@ NOT-FOR-US: Microsoft CVE-2017-11768 RESERVED -CVE-2017-11767 - RESERVED +CVE-2017-11767 (ChakraCore allows an attacker to gain the same user rights as the ...) + TODO: check CVE-2017-11766 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and ...) NOT-FOR-US: Microsoft CVE-2017-11765 (The Microsoft Windows Kernel component on Microsoft Windows Server ...) @@ -14043,8 +14103,8 @@ RESERVED CVE-2017-11509 RESERVED -CVE-2017-11508 - RESERVED +CVE-2017-11508 (SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection ...) + TODO: check CVE-2017-11507 RESERVED CVE-2017-11506 (When linking a Nessus scanner or agent to Tenable.io or other manager, ...) @@ -16017,14 +16077,14 @@ RESERVED CVE-2017-10874 RESERVED -CVE-2017-10873 - RESERVED +CVE-2017-10873 (OpenAM (Open Source Edition) allows an attacker to bypass ...) + TODO: check CVE-2017-10872 RESERVED CVE-2017-10871 RESERVED -CVE-2017-10870 - RESERVED +CVE-2017-10870 (Memory corruption vulnerability in Rakuraku Hagaki (Rakuraku Hagaki ...) + TODO: check CVE-2017-10869 RESERVED CVE-2017-10868 @@ -16113,8 +16173,8 @@ NOT-FOR-US: Flets Azukeru for Windows Auto Backup Tool CVE-2017-10826 (Untrusted search path vulnerability in Security Kinou Mihariban ...) NOT-FOR-US: Security Kinou Mihariban -CVE-2017-10825 - RESERVED +CVE-2017-10825 (Untrusted search path vulnerability in Installer of Flets Easy Setup ...) + TODO: check CVE-2017-10824 (Untrusted search path vulnerability in TDB CA TypeA use software ...) NOT-FOR-US: TDB CA TypeA use software CVE-2017-10823 (Untrusted search path vulnerability in Installer for Shin Kinkyuji ...) @@ -37470,7 +37530,7 @@ RESERVED CVE-2017-3737 RESERVED -CVE-2017-3736 [bn_sqrx8x_internal carry bug on x86_64] +CVE-2017-3736 (There is a carry propagating bug in the x86_64 Montgomery squaring ...) - openssl 1.1.0g-1 [jessie] - openssl <not-affected> (Vulnerable code not present) [wheezy] - openssl <not-affected> (Vulnerable code not present) @@ -37479,6 +37539,7 @@ NOTE: Fix for 1.0.2: https://git.openssl.org/?p=openssl.git;a=commit;h=38d600147331d36e74174ebbd4008b63188b321b NOTE: Fix for 1.1.0: https://git.openssl.org/?p=openssl.git;a=commit;h=4443cf7aa0099e5ce615c18cee249fff77fb0871 CVE-2017-3735 (While parsing an IPAddressFamily extension in an X.509 certificate, it ...) + {DLA-1157-1} - openssl 1.1.0g-1 - openssl1.0 1.0.2m-1 NOTE: Fix for 1.0.2: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=31c8b265591a0aaa462a1f3eb5770661aaac67db _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits