Author: sectracker
Date: 2017-11-09 21:10:15 +0000 (Thu, 09 Nov 2017)
New Revision: 57513
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-11-09 20:53:15 UTC (rev 57512)
+++ data/CVE/list 2017-11-09 21:10:15 UTC (rev 57513)
@@ -1,3 +1,161 @@
+CVE-2017-16756
+ RESERVED
+CVE-2017-16755
+ RESERVED
+CVE-2017-16754 (Bolt before 3.3.6 does not properly restrict access to
_profiler ...)
+ TODO: check
+CVE-2017-16753
+ RESERVED
+CVE-2017-16752
+ RESERVED
+CVE-2017-16751
+ RESERVED
+CVE-2017-16750
+ RESERVED
+CVE-2017-16749
+ RESERVED
+CVE-2017-16748
+ RESERVED
+CVE-2017-16747
+ RESERVED
+CVE-2017-16746
+ RESERVED
+CVE-2017-16745
+ RESERVED
+CVE-2017-16744
+ RESERVED
+CVE-2017-16743
+ RESERVED
+CVE-2017-16742
+ RESERVED
+CVE-2017-16741
+ RESERVED
+CVE-2017-16740
+ RESERVED
+CVE-2017-16739
+ RESERVED
+CVE-2017-16738
+ RESERVED
+CVE-2017-16737
+ RESERVED
+CVE-2017-16736
+ RESERVED
+CVE-2017-16735
+ RESERVED
+CVE-2017-16734
+ RESERVED
+CVE-2017-16733
+ RESERVED
+CVE-2017-16732
+ RESERVED
+CVE-2017-16731
+ RESERVED
+CVE-2017-16730
+ RESERVED
+CVE-2017-16729
+ RESERVED
+CVE-2017-16728
+ RESERVED
+CVE-2017-16727
+ RESERVED
+CVE-2017-16726
+ RESERVED
+CVE-2017-16725
+ RESERVED
+CVE-2017-16724
+ RESERVED
+CVE-2017-16723
+ RESERVED
+CVE-2017-16722
+ RESERVED
+CVE-2017-16721
+ RESERVED
+CVE-2017-16720
+ RESERVED
+CVE-2017-16719
+ RESERVED
+CVE-2017-16718
+ RESERVED
+CVE-2017-16717
+ RESERVED
+CVE-2017-16716
+ RESERVED
+CVE-2017-16715
+ RESERVED
+CVE-2017-16714
+ RESERVED
+CVE-2017-16713
+ RESERVED
+CVE-2017-16712
+ RESERVED
+CVE-2017-16711 (The swf_DefineLosslessBitsTagToImage function in
lib/modules/swfbits.c ...)
+ TODO: check
+CVE-2017-16710
+ RESERVED
+CVE-2017-16709
+ RESERVED
+CVE-2017-16708
+ RESERVED
+CVE-2017-16707
+ RESERVED
+CVE-2017-16706
+ RESERVED
+CVE-2017-16705
+ RESERVED
+CVE-2017-16704
+ RESERVED
+CVE-2017-16703
+ RESERVED
+CVE-2017-16702
+ RESERVED
+CVE-2017-16701
+ RESERVED
+CVE-2017-16700
+ RESERVED
+CVE-2017-16699
+ RESERVED
+CVE-2017-16698
+ RESERVED
+CVE-2017-16697
+ RESERVED
+CVE-2017-16696
+ RESERVED
+CVE-2017-16695
+ RESERVED
+CVE-2017-16694
+ RESERVED
+CVE-2017-16693
+ RESERVED
+CVE-2017-16692
+ RESERVED
+CVE-2017-16691
+ RESERVED
+CVE-2017-16690
+ RESERVED
+CVE-2017-16689
+ RESERVED
+CVE-2017-16688
+ RESERVED
+CVE-2017-16687
+ RESERVED
+CVE-2017-16686
+ RESERVED
+CVE-2017-16685
+ RESERVED
+CVE-2017-16684
+ RESERVED
+CVE-2017-16683
+ RESERVED
+CVE-2017-16682
+ RESERVED
+CVE-2017-16681
+ RESERVED
+CVE-2017-16680
+ RESERVED
+CVE-2017-16679
+ RESERVED
+CVE-2017-16678
+ RESERVED
CVE-2017-16677
RESERVED
CVE-2017-16676
@@ -65,8 +223,8 @@
RESERVED
CVE-2017-16652
RESERVED
-CVE-2017-16651 [file disclosure vulnerabliity]
- RESERVED
+CVE-2017-16651 (Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x
before ...)
+ {DSA-4030-1}
- roundcube 1.3.3+dfsg.1-1
NOTE: master:
https://github.com/roundcube/roundcubemail/commit/2a32f51c91d5e9c7b1a9d931846dd44c008ff36d
NOTE: release-1.3:
https://github.com/roundcube/roundcubemail/commit/c90ad5a97784fb32683b8e3c21d6c95baab6d806
@@ -124,10 +282,10 @@
NOT-FOR-US: Bludit
CVE-2017-16635 (In TinyWebGallery v2.4, an XSS vulnerability is located in the
...)
NOT-FOR-US: TinyWebGallery
-CVE-2017-16634
- RESERVED
-CVE-2017-16633
- RESERVED
+CVE-2017-16634 (In Joomla! before 3.8.2, a bug allowed third parties to bypass
a ...)
+ TODO: check
+CVE-2017-16633 (In Joomla! before 3.8.2, a logic bug in com_fields exposed
read-only ...)
+ TODO: check
CVE-2017-16632
RESERVED
CVE-2017-16631
@@ -256,10 +414,10 @@
NOT-FOR-US: KeystoneJS
CVE-2017-16569 (An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018
via an ...)
NOT-FOR-US: Zurmo
-CVE-2017-16568
- RESERVED
-CVE-2017-16567
- RESERVED
+CVE-2017-16568 (Cross-site scripting (XSS) vulnerability in Logitech Media
Server ...)
+ TODO: check
+CVE-2017-16567 (Cross-site scripting (XSS) vulnerability in Logitech Media
Server ...)
+ TODO: check
CVE-2017-16566
RESERVED
CVE-2017-16565 (Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage
...)
@@ -268,8 +426,8 @@
NOT-FOR-US: Vonage
CVE-2017-16563 (Cross-Site Request Forgery (CSRF) in the Basic Settings screen
on ...)
NOT-FOR-US: Vonage
-CVE-2017-16562
- RESERVED
+CVE-2017-16562 (The UserPro plugin before 4.9.17.1 for WordPress, when used on
a site ...)
+ TODO: check
CVE-2017-16561 (/view/friend_profile.php in Ingenious School Management System
2.3.0 is ...)
NOT-FOR-US: Ingenious School Management System
CVE-2017-16560
@@ -1025,8 +1183,8 @@
RESERVED
CVE-2017-16250
RESERVED
-CVE-2017-16249
- RESERVED
+CVE-2017-16249 (The Debut embedded http server 1.20 contains a remotely
exploitable ...)
+ TODO: check
CVE-2017-16247
RESERVED
CVE-2017-16246
@@ -2042,15 +2200,15 @@
CVE-2017-15956 (ConverTo Video Downloader & Converter 1.4.1 allows
Arbitrary File ...)
NOT-FOR-US: ConverTo Video Downloader
CVE-2017-15955 (bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable
to an ...)
- {DLA-1158-1}
+ {DSA-4026-1 DLA-1158-1}
- bchunk 1.2.0-12.1 (bug #880116)
NOTE: https://github.com/extramaster/bchunk/issues/4
CVE-2017-15954 (bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable
to a ...)
- {DLA-1158-1}
+ {DSA-4026-1 DLA-1158-1}
- bchunk 1.2.0-12.1 (bug #880116)
NOTE: https://github.com/extramaster/bchunk/issues/3
CVE-2017-15953 (bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable
to a ...)
- {DLA-1158-1}
+ {DSA-4026-1 DLA-1158-1}
- bchunk 1.2.0-12.1 (bug #880116)
NOTE: https://github.com/extramaster/bchunk/issues/2
CVE-2017-15952
@@ -2784,8 +2942,8 @@
RESERVED
CVE-2017-15639 (tasks/feed/readRSS.cfm in Mura CMS before 6.2 allows attackers
to ...)
NOT-FOR-US: Mura CMS
-CVE-2017-15638
- RESERVED
+CVE-2017-15638 (The SuSEfirewall2 package before 3.6.312-2.13.1 in SUSE Linux
...)
+ TODO: check
CVE-2012-6707 (WordPress through 4.8.2 uses a weak MD5-based password hashing
...)
- wordpress <unfixed> (bug #880868)
NOTE: https://core.trac.wordpress.org/ticket/21022
@@ -4160,12 +4318,14 @@
- foreman <itp> (bug #663101)
CVE-2017-15099
RESERVED
+ {DSA-4028-1}
- postgresql-10 10.1-1
- postgresql-9.6 <unfixed>
- postgresql-9.4 <not-affected> (ON CONFLICT DO UPDATE and RLS
introduced in 9.5)
- postgresql-9.1 <not-affected> (ON CONFLICT DO UPDATE and RLS
introduced in 9.5)
CVE-2017-15098
RESERVED
+ {DSA-4028-1 DSA-4027-1}
- postgresql-10 10.1-1
- postgresql-9.6 <unfixed>
- postgresql-9.4 <removed>
@@ -10062,8 +10222,8 @@
NOT-FOR-US: Apache2Triad
CVE-2017-12970 (Cross-site request forgery (CSRF) vulnerability in
Apache2Triad 1.5.4 ...)
NOT-FOR-US: Apache2Triad
-CVE-2017-12969
- RESERVED
+CVE-2017-12969 (Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX
control in ...)
+ TODO: check
CVE-2017-12968
RESERVED
CVE-2017-12967 (The getsym function in tekhex.c in the Binary File Descriptor
(BFD) ...)
@@ -11087,14 +11247,14 @@
RESERVED
CVE-2017-12804
RESERVED
-CVE-2017-12803
- RESERVED
-CVE-2017-12802
- RESERVED
-CVE-2017-12801
- RESERVED
-CVE-2017-12800
- RESERVED
+CVE-2017-12803 (The Node_ValidatePtr function in corec/corec/node/node.c in
mkclean ...)
+ TODO: check
+CVE-2017-12802 (The EBML_IntegerValue function in ebmlnumber.c in libebml2
through ...)
+ TODO: check
+CVE-2017-12801 (The UpdateDataSize function in ebmlmaster.c in libebml2
through ...)
+ TODO: check
+CVE-2017-12800 (The EBML_FindNextElement function in ebmlmain.c in libebml2
through ...)
+ TODO: check
CVE-2016-10405 (Session fixation vulnerability in D-Link DIR-600L routers
(rev. Ax) ...)
NOT-FOR-US: D-Link
CVE-2017-12836 (CVS 1.12.x, when configured to use SSH for remote
repositories, might ...)
@@ -11152,16 +11312,16 @@
NOT-FOR-US: NoviWare
CVE-2017-12784 (In Youngzsoft CCFile (aka CC File Transfer) 3.6, by sending a
crafted ...)
NOT-FOR-US: Youngzsoft CCFile
-CVE-2017-12783
- RESERVED
-CVE-2017-12782
- RESERVED
-CVE-2017-12781
- RESERVED
-CVE-2017-12780
- RESERVED
-CVE-2017-12779
- RESERVED
+CVE-2017-12783 (The ReadDataFloat function in ebmlnumber.c in libebml2 through
...)
+ TODO: check
+CVE-2017-12782 (The ReadData function in ebmlmaster.c in libebml2 through
2012-08-26 ...)
+ TODO: check
+CVE-2017-12781 (The EBML_BufferToID function in ebmlelement.c in libebml2
through ...)
+ TODO: check
+CVE-2017-12780 (The ReadData function in ebmlstring.c in libebml2 through
2012-08-26 ...)
+ TODO: check
+CVE-2017-12779 (The Node_GetData function in corec/corec/node/node.c in
mkvalidator ...)
+ TODO: check
CVE-2017-12778
RESERVED
CVE-2017-1000112 (Linux kernel: Exploitable memory corruption due to UFO to
non-UFO path ...)
@@ -14821,8 +14981,8 @@
[wheezy] - krb5 <ignored> (Minor issue, might lead to behaviour changes)
NOTE: Fixed by:
https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf
NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8598
-CVE-2017-11461
- RESERVED
+CVE-2017-11461 (NetApp OnCommand Unified Manager for 7-mode (core package)
versions ...)
+ TODO: check
CVE-2017-11460 (Cross-site scripting (XSS) vulnerability in the
DataArchivingService ...)
NOT-FOR-US: SAP
CVE-2017-11459 (SAP TREX 7.10 allows remote attackers to (1) read arbitrary
files via ...)
@@ -15312,8 +15472,8 @@
- imagemagick <not-affected> (Vulnerable code not present, Only affects
ImageMagick-7)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/517
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/8ca35831e91c3db8c6d281d09b605001003bec08
-CVE-2017-11309
- RESERVED
+CVE-2017-11309 (Buffer overflow in the SoftConsole client in Avaya IP Office
before ...)
+ TODO: check
CVE-2017-11308
RESERVED
CVE-2017-11307
@@ -19637,8 +19797,8 @@
RESERVED
CVE-2017-9759 (SQL Injection exists in admin/index.php in Zenbership 1.0.8 via
the ...)
NOT-FOR-US: Zenbership
-CVE-2017-9758
- RESERVED
+CVE-2017-9758 (Savitech driver packages for Windows silently install a
self-signed ...)
+ TODO: check
CVE-2017-9757 (IPFire 2.19 has a Remote Command Injection vulnerability in
ids.cgi via ...)
NOT-FOR-US: IPFire
CVE-2017-1000375 (NetBSD maps the run-time link-editor ld.so directly below
the stack ...)
@@ -22752,6 +22912,7 @@
RESERVED
CVE-2017-8806
RESERVED
+ {DSA-4029-1}
- postgresql-common <unfixed>
CVE-2017-8805 (Debian ftpsync before 20171017 does not use the rsync
--safe-links ...)
- archvsync 20171017
@@ -34499,8 +34660,8 @@
CVE-2017-5202 (The ISO CLNS parser in tcpdump before 4.9.0 has a buffer
overflow in ...)
{DSA-3775-1 DLA-809-1}
- tcpdump 4.9.0-1
-CVE-2017-5201
- RESERVED
+CVE-2017-5201 (NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2
allow ...)
+ TODO: check
CVE-2017-5200 (Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before
2016.3.5, ...)
- salt 2016.11.2+ds-1
[jessie] - salt <not-affected> (Vulnerable code not present)
@@ -80689,8 +80850,7 @@
CVE-2015-8103 (The Jenkins CLI subsystem in Jenkins before 1.638 and LTS
before ...)
- jenkins <removed> (bug #804522)
NOTE:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
-CVE-2015-7501 [java unserialisation issues]
- RESERVED
+CVE-2015-7501 (Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x;
Data ...)
- libcommons-collections3-java 3.2.2-1 (unimportant)
[jessie] - libcommons-collections3-java 3.2.1-7+deb8u1
[wheezy] - libcommons-collections3-java 3.2.1-5+deb7u1
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
