Author: sectracker
Date: 2017-11-13 21:10:16 +0000 (Mon, 13 Nov 2017)
New Revision: 57605
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-11-13 19:27:59 UTC (rev 57604)
+++ data/CVE/list 2017-11-13 21:10:16 UTC (rev 57605)
@@ -1,11 +1,15 @@
-CVE-2017-16804 [Email reminders reveal information about inaccessible issues]
+CVE-2017-16803 (In Libav through 11.11 and 12.x through 12.1, the
smacker_decode_tree ...)
+ TODO: check
+CVE-2017-16802 (In the sharingGroupPopulateOrganisations function in ...)
+ TODO: check
+CVE-2017-16804 (In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders
function ...)
- redmine <unfixed>
[wheezy] - redmine <end-of-life> (Not supported wheezy LTS)
NOTE: https://www.redmine.org/issues/25713 (private)
NOTE: upstream fixed in 3.2.7, 3.3.4 and 3.4.0
NOTE:
https://github.com/redmine/redmine/commit/0f09f161f64f4190a52166675ff380a15b72a8bc
-CVE-2017-16801
- RESERVED
+CVE-2017-16801 (Cross-site scripting (XSS) vulnerability in Octopus Deploy ...)
+ TODO: check
CVE-2017-16800
RESERVED
CVE-2017-16799 (In CMS Made Simple 2.2.3.1, in
modules/New/action.addcategory.php, ...)
@@ -26,8 +30,8 @@
CVE-2017-16793 (The wav_convert2mono function in lib/wav.c in SWFTools 0.9.2
does not ...)
- swftools <unfixed>
NOTE: https://github.com/matthiaskramm/swftools/issues/47
-CVE-2017-16792
- RESERVED
+CVE-2017-16792 (Stored cross-site scripting (XSS) vulnerability in
"geminabox" (Gem in ...)
+ TODO: check
CVE-2017-16791
RESERVED
CVE-2017-16790
@@ -5699,8 +5703,8 @@
NOT-FOR-US: EPESI
CVE-2017-14712 (In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks
Phonecall ...)
NOT-FOR-US: EPESI
-CVE-2017-14711
- RESERVED
+CVE-2017-14711 (The Kickbase GmbH "Kickbase Bundesliga Manager" app
before 2.2.1 -- aka ...)
+ TODO: check
CVE-2017-14710
RESERVED
CVE-2017-14709
@@ -6639,8 +6643,8 @@
RESERVED
CVE-2017-14389
RESERVED
-CVE-2017-14388
- RESERVED
+CVE-2017-14388 (Cloud Foundry Foundation GrootFS release 0.3.x versions prior
to 0.30.0 ...)
+ TODO: check
CVE-2017-14387
RESERVED
CVE-2017-14386
@@ -7757,16 +7761,16 @@
RESERVED
CVE-2017-14025 (An Improper Input Validation issue was discovered in ABB
FOX515T ...)
NOT-FOR-US: ABB FOX515T
-CVE-2017-14024
- RESERVED
+CVE-2017-14024 (A Stack-based Buffer Overflow issue was discovered in
Schneider ...)
+ TODO: check
CVE-2017-14023 (An Improper Input Validation issue was discovered in Siemens
SIMATIC ...)
NOT-FOR-US: Siemens
CVE-2017-14022
RESERVED
CVE-2017-14021 (A Use of Hard-coded Cryptographic Key issue was discovered in
Korenix ...)
NOT-FOR-US: Korenix
-CVE-2017-14020
- RESERVED
+CVE-2017-14020 (An Uncontrolled Search Path Element issue was discovered in
...)
+ TODO: check
CVE-2017-14019 (An Unquoted Search Path or Element issue was discovered in
Progea ...)
NOT-FOR-US: Progea Movicon
CVE-2017-14018
@@ -15962,8 +15966,8 @@
{DSA-3914-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-12 (low; bug #868184)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/472
-CVE-2017-11169
- RESERVED
+CVE-2017-11169 (Privilege Escalation on iBall iB-WRA300N3GT
iB-WRA300N3GT_1.1.1 devices ...)
+ TODO: check
CVE-2017-11168
RESERVED
CVE-2017-11167 (FineCMS 2.1.0 allows remote attackers to execute arbitrary PHP
code by ...)
@@ -16966,8 +16970,8 @@
RESERVED
CVE-2017-10886
RESERVED
-CVE-2017-10885
- RESERVED
+CVE-2017-10885 (Untrusted search path vulnerability in HYPER SBI Ver. 2.2 and
earlier ...)
+ TODO: check
CVE-2017-10884
RESERVED
CVE-2017-10883
@@ -16986,16 +16990,16 @@
RESERVED
CVE-2017-10876
RESERVED
-CVE-2017-10875
- RESERVED
+CVE-2017-10875 (I-O DATA DEVICE LAN DISK Connect Ver2.02 and earlier allows an
...)
+ TODO: check
CVE-2017-10874
RESERVED
CVE-2017-10873 (OpenAM (Open Source Edition) allows an attacker to bypass ...)
NOT-FOR-US: OpenAM
CVE-2017-10872
RESERVED
-CVE-2017-10871
- RESERVED
+CVE-2017-10871 (Buffer overflow in NTT DOCOMO Wi-Fi STATION L-02F Software
version ...)
+ TODO: check
CVE-2017-10870 (Memory corruption vulnerability in Rakuraku Hagaki (Rakuraku
Hagaki ...)
NOT-FOR-US: Rakuraku Hagaki
CVE-2017-10869
@@ -21337,8 +21341,8 @@
RESERVED
CVE-2017-9315
RESERVED
-CVE-2017-9314
- RESERVED
+CVE-2017-9314 (Authentication vulnerability found in Dahua NVR models NVR50XX,
...)
+ TODO: check
CVE-2017-9313 (Multiple Cross-site scripting (XSS) vulnerabilities in Webmin
before ...)
- webmin <removed>
CVE-2017-9312
@@ -23068,8 +23072,7 @@
RESERVED
CVE-2017-8807
RESERVED
-CVE-2017-8806
- RESERVED
+CVE-2017-8806 (The Debian pg_ctlcluster, pg_createcluster, and
pg_upgradecluster ...)
{DSA-4029-1 DLA-1169-1}
- postgresql-common 188
CVE-2017-8805 (Debian ftpsync before 20171017 does not use the rsync
--safe-links ...)
@@ -26295,8 +26298,8 @@
NOTE:
https://sources.debian.net/data/main/libs/libsndfile/1.0.27-2/debian/patches/fix_bufferoverflows.patch
CVE-2017-7740
RESERVED
-CVE-2017-7739
- RESERVED
+CVE-2017-7739 (A reflected Cross-site Scripting (XSS) vulnerability in web
proxy ...)
+ TODO: check
CVE-2017-7738
RESERVED
CVE-2017-7737 (An information disclosure vulnerability in Fortinet FortiWeb
5.8.2 and ...)
@@ -38498,8 +38501,8 @@
RESERVED
CVE-2017-3768
RESERVED
-CVE-2017-3767
- RESERVED
+CVE-2017-3767 (A local privilege escalation vulnerability was identified in
the ...)
+ TODO: check
CVE-2017-3766
RESERVED
CVE-2017-3765
@@ -40647,8 +40650,7 @@
CVE-2017-3167 (In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26,
use of ...)
{DSA-3896-1 DLA-1009-1}
- apache2 2.4.25-4
-CVE-2017-3166
- RESERVED
+CVE-2017-3166 (In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and
...)
- hadoop <itp> (bug #793644)
CVE-2017-3165 (In Apache Brooklyn before 0.10.0, the REST server is vulnerable
to ...)
NOT-FOR-US: Apache Brooklyn
@@ -45914,15 +45916,15 @@
CVE-2017-0909
RESERVED
CVE-2017-0908
- RESERVED
-CVE-2017-0907
- RESERVED
-CVE-2017-0906
- RESERVED
-CVE-2017-0905
- RESERVED
-CVE-2017-0904
- RESERVED
+ REJECTED
+CVE-2017-0907 (The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8,
1.3.2, ...)
+ TODO: check
+CVE-2017-0906 (The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22,
2.3.1, ...)
+ TODO: check
+CVE-2017-0905 (The Recurly Client Ruby Library before 2.0.13, 2.1.11, 2.2.5,
2.3.10, ...)
+ TODO: check
+CVE-2017-0904 (The private_address_check ruby gem before 0.4.0 is vulnerable
to a ...)
+ TODO: check
CVE-2017-0903 (RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a
...)
{DSA-4031-1}
- ruby2.3 <unfixed> (bug #879231)
@@ -46002,8 +46004,8 @@
- nextcloud <itp> (bug #835086)
CVE-2017-0890 (Nextcloud Server before 11.0.3 is vulnerable to an inadequate
escaping ...)
- nextcloud <itp> (bug #835086)
-CVE-2017-0889
- RESERVED
+CVE-2017-0889 (Paperclip ruby gem version 3.1.4 and later suffers from a
Server-SIde ...)
+ TODO: check
CVE-2017-0888 (Nextcloud Server before 9.0.55 and 10.0.2 suffers from a ...)
- nextcloud <itp> (bug #835086)
CVE-2017-0886 (Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Denial
of ...)
@@ -52458,7 +52460,7 @@
CVE-2016-8235 (Privilege escalation in Lenovo Customer Care Software
Development Kit ...)
NOT-FOR-US: Lenovo
CVE-2016-8234
- RESERVED
+ REJECTED
CVE-2016-8233 (Log files generated by Lenovo XClarity Administrator (LXCA)
versions ...)
NOT-FOR-US: Lenovo
CVE-2016-8232 (Document Object Model-(DOM) based cross-site scripting
vulnerability ...)
@@ -56956,8 +56958,7 @@
CVE-2016-6804
RESERVED
NOT-FOR-US: Apache OpenOffice installer for Windows
-CVE-2016-6803
- RESERVED
+CVE-2016-6803 (An installer defect known as an "unquoted Windows search
path ...)
NOT-FOR-US: Apache OpenOffice installer for Windows
CVE-2016-6802 (Apache Shiro before 1.3.2 allows attackers to bypass intended
servlet ...)
- shiro 1.3.2-1
@@ -160650,7 +160651,7 @@
CVE-2012-2457
RESERVED
CVE-2012-2456
- RESERVED
+ REJECTED
CVE-2012-2455 (Advanced Productivity Software DTE Axiom before 12.3.3 does not
...)
NOT-FOR-US: Advanced Productivity Software DTE Axiom
CVE-2012-2454
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
