Author: sectracker
Date: 2017-11-16 09:10:18 +0000 (Thu, 16 Nov 2017)
New Revision: 57675
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-11-16 08:03:57 UTC (rev 57674)
+++ data/CVE/list 2017-11-16 09:10:18 UTC (rev 57675)
@@ -1,4 +1,22 @@
-CVE-2017-16834 [root privilege escalation via insecure permissions]
+CVE-2017-16843
+ RESERVED
+CVE-2017-16842 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2017-16841 (LanSweeper 6.0.100.75 has XSS via the description parameter to
...)
+ TODO: check
+CVE-2017-16840
+ RESERVED
+CVE-2017-16839
+ RESERVED
+CVE-2017-16838
+ RESERVED
+CVE-2017-16837 (Certain function pointers in Trusted Boot (tboot) through
1.9.6 are not ...)
+ TODO: check
+CVE-2017-16836 (Arris TG1682G devices with Comcast TG1682_2.0s7_PRODse ...)
+ TODO: check
+CVE-2017-16835
+ RESERVED
+CVE-2017-16834 (PNP4Nagios through 0.6.26 has /usr/bin/npcd and npcd.cfg owned
by an ...)
- pnp4nagios <removed>
NOTE: https://github.com/lingej/pnp4nagios/issues/140
CVE-2017-16833 (Stored cross-site scripting (XSS) vulnerability in Gemirro
before ...)
@@ -4530,8 +4548,7 @@
RESERVED
CVE-2017-15116
RESERVED
-CVE-2017-15115 [sctp: use-after-free in sctp_cmp_addr_exact()]
- RESERVED
+CVE-2017-15115 (The sctp_do_peeloff function in net/sctp/socket.c in the Linux
kernel ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/df80cd9b28b9ebaa284a41df611dbf3a2d05ca74
(v4.14-rc6)
CVE-2017-15114 [Passwordless access for non-libvirt related services when
using shared certificate authority]
@@ -4563,8 +4580,7 @@
RESERVED
CVE-2017-15103
RESERVED
-CVE-2017-15102 [NULL pointer dereference due to race condition in probe
function of legousbtower driver]
- RESERVED
+CVE-2017-15102 (The tower_probe function in drivers/usb/misc/legousbtower.c in
the ...)
- linux 4.7.8-1
[jessie] - linux 3.16.43-1
[wheezy] - linux 3.2.86-1
@@ -7868,8 +7884,8 @@
NOTE: Fixed by:
https://git.kernel.org/linus/e6f77540c067b48dee10f1e33678415bfcc89017
NOTE: https://patchwork.kernel.org/patch/9929625/
NOTE: Non issue, only "exploitable" with root access
-CVE-2017-14034
- RESERVED
+CVE-2017-14034 (The restore_tqb_pixels function in hevc_filter.c in
libavcodec, as used ...)
+ TODO: check
CVE-2017-14033 (The decode method in the OpenSSL::ASN1 module in Ruby before
2.2.8, ...)
{DSA-4031-1 DLA-1114-1}
- ruby2.3 2.3.5-1 (bug #875928)
@@ -9986,10 +10002,10 @@
NOT-FOR-US: Wordpress theme
CVE-2017-13137 (The FormCraft Basic plugin 1.0.5 for WordPress has SQL
injection in the ...)
NOT-FOR-US: Wordpress plugin
-CVE-2017-13136
- RESERVED
-CVE-2017-13135
- RESERVED
+CVE-2017-13136 (The image_alloc function in bpgenc.c in libbpg 0.9.7 has an
integer ...)
+ TODO: check
+CVE-2017-13135 (A NULL Pointer Dereference exists in VideoLAN x265, as used in
libbpg ...)
+ TODO: check
CVE-2017-13134 (In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based
buffer ...)
{DSA-4032-1 DLA-1170-1 DLA-1081-1}
- imagemagick <unfixed> (bug #873099)
@@ -12826,8 +12842,8 @@
RESERVED
CVE-2017-12351
RESERVED
-CVE-2017-12350
- RESERVED
+CVE-2017-12350 (A vulnerability in Cisco Umbrella Insights Virtual Appliances
2.1.0 and ...)
+ TODO: check
CVE-2017-12349
RESERVED
CVE-2017-12348
@@ -12852,8 +12868,8 @@
RESERVED
CVE-2017-12338
RESERVED
-CVE-2017-12337
- RESERVED
+CVE-2017-12337 (A vulnerability in the upgrade mechanism of Cisco
collaboration ...)
+ TODO: check
CVE-2017-12336
RESERVED
CVE-2017-12335
@@ -12880,56 +12896,56 @@
RESERVED
CVE-2017-12324
RESERVED
-CVE-2017-12323
- RESERVED
-CVE-2017-12322
- RESERVED
-CVE-2017-12321
- RESERVED
-CVE-2017-12320
- RESERVED
+CVE-2017-12323 (Multiple vulnerabilities in the web interface of the Cisco
Registered ...)
+ TODO: check
+CVE-2017-12322 (Multiple vulnerabilities in the web interface of the Cisco
Registered ...)
+ TODO: check
+CVE-2017-12321 (Multiple vulnerabilities in the web interface of the Cisco
Registered ...)
+ TODO: check
+CVE-2017-12320 (Multiple vulnerabilities in the web interface of the Cisco
Registered ...)
+ TODO: check
CVE-2017-12319
RESERVED
-CVE-2017-12318
- RESERVED
+CVE-2017-12318 (A vulnerability in the TCP state machine of Cisco RF Gateway 1
devices ...)
+ TODO: check
CVE-2017-12317 (The Cisco AMP For Endpoints application allows an
authenticated, local ...)
NOT-FOR-US: Cisco
-CVE-2017-12316
- RESERVED
-CVE-2017-12315
- RESERVED
-CVE-2017-12314
- RESERVED
-CVE-2017-12313
- RESERVED
-CVE-2017-12312
- RESERVED
-CVE-2017-12311
- RESERVED
+CVE-2017-12316 (A vulnerability in the Guest Portal login page of Cisco
Identity ...)
+ TODO: check
+CVE-2017-12315 (A vulnerability in system logging when replication is being
configured ...)
+ TODO: check
+CVE-2017-12314 (A vulnerability in the Cisco FindIT Network Discovery Utility
could ...)
+ TODO: check
+CVE-2017-12313 (An untrusted search path (aka DLL Preload) vulnerability in
the Cisco ...)
+ TODO: check
+CVE-2017-12312 (An untrusted search path (aka DLL Preloading) vulnerability in
the ...)
+ TODO: check
+CVE-2017-12311 (A vulnerability in the H.264 decoder function of Cisco Meeting
Server ...)
+ TODO: check
CVE-2017-12310
RESERVED
-CVE-2017-12309
- RESERVED
+CVE-2017-12309 (A vulnerability in the Cisco Email Security Appliance (ESA)
could allow ...)
+ TODO: check
CVE-2017-12308
RESERVED
CVE-2017-12307
RESERVED
-CVE-2017-12306
- RESERVED
-CVE-2017-12305
- RESERVED
-CVE-2017-12304
- RESERVED
-CVE-2017-12303
- RESERVED
-CVE-2017-12302
- RESERVED
+CVE-2017-12306 (A vulnerability in the upgrade process of Cisco Spark Board
could allow ...)
+ TODO: check
+CVE-2017-12305 (A vulnerability in the debug interface of Cisco IP Phone 8800
series ...)
+ TODO: check
+CVE-2017-12304 (A vulnerability in the IOS daemon (IOSd) web-based management
interface ...)
+ TODO: check
+CVE-2017-12303 (A vulnerability in the Advanced Malware Protection (AMP) file
filtering ...)
+ TODO: check
+CVE-2017-12302 (A vulnerability in the Cisco Unified Communications Manager
SQL ...)
+ TODO: check
CVE-2017-12301 (A vulnerability in the Python scripting subsystem of Cisco
NX-OS ...)
NOT-FOR-US: Cisco
-CVE-2017-12300
- RESERVED
-CVE-2017-12299
- RESERVED
+CVE-2017-12300 (A vulnerability in the SNORT detection engine of Cisco
Firepower System ...)
+ TODO: check
+CVE-2017-12299 (A vulnerability exists in the process of creating default IP
blocks ...)
+ TODO: check
CVE-2017-12298 (A vulnerability in Cisco WebEx Meeting Center could allow an
...)
NOT-FOR-US: Cisco
CVE-2017-12297
@@ -12942,12 +12958,12 @@
NOT-FOR-US: Cisco
CVE-2017-12293 (A vulnerability in Cisco WebEx Meetings Server could allow an
...)
NOT-FOR-US: Cisco
-CVE-2017-12292
- RESERVED
-CVE-2017-12291
- RESERVED
-CVE-2017-12290
- RESERVED
+CVE-2017-12292 (Multiple vulnerabilities in the web interface of the Cisco
Registered ...)
+ TODO: check
+CVE-2017-12291 (Multiple vulnerabilities in the web interface of the Cisco
Registered ...)
+ TODO: check
+CVE-2017-12290 (Multiple vulnerabilities in the web interface of the Cisco
Registered ...)
+ TODO: check
CVE-2017-12289 (A vulnerability in conditional, verbose debug logging for the
IPsec ...)
NOT-FOR-US: Cisco
CVE-2017-12288 (A vulnerability in the web-based management interface of Cisco
Unified ...)
@@ -23196,37 +23212,43 @@
CVE-2017-8816
RESERVED
CVE-2017-8815 (The language converter in MediaWiki before 1.27.4, 1.28.x
before ...)
+ {DSA-4036-1}
- mediawiki 1:1.27.4-1
NOTE:
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html
NOTE: https://phabricator.wikimedia.org/T119158
CVE-2017-8814 (The language converter in MediaWiki before 1.27.4, 1.28.x
before ...)
+ {DSA-4036-1}
- mediawiki 1:1.27.4-1
NOTE:
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html
NOTE: https://phabricator.wikimedia.org/T124404
CVE-2017-8813
REJECTED
CVE-2017-8812 (MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x
before 1.29.2 ...)
+ {DSA-4036-1}
- mediawiki 1:1.27.4-1
NOTE:
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html
NOTE: https://phabricator.wikimedia.org/T125163
CVE-2017-8811 (The implementation of raw message parameter expansion in
MediaWiki ...)
+ {DSA-4036-1}
- mediawiki 1:1.27.4-1
NOTE:
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html
NOTE: https://phabricator.wikimedia.org/T176247
CVE-2017-8810 (MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x
before ...)
+ {DSA-4036-1}
- mediawiki 1:1.27.4-1
NOTE:
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html
NOTE: https://phabricator.wikimedia.org/T134100
CVE-2017-8809 (api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and
1.29.x ...)
+ {DSA-4036-1}
- mediawiki 1:1.27.4-1
NOTE:
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html
NOTE: https://phabricator.wikimedia.org/T128209
CVE-2017-8808 (MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x
before 1.29.2 ...)
+ {DSA-4036-1}
- mediawiki 1:1.27.4-1
NOTE:
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html
NOTE: https://phabricator.wikimedia.org/T178451
-CVE-2017-8807 [Data leak - '-sfile' Stevedore transient objects]
- RESERVED
+CVE-2017-8807 (vbf_stp_error in bin/varnishd/cache/cache_fetch.c in Varnish
HTTP Cache ...)
{DSA-4034-1}
- varnish <unfixed> (bug #881808)
[jessie] - varnish <not-affected> (Vulnerable code not present, issue
introduced in 4.1.0)
@@ -25959,6 +25981,7 @@
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7831
CVE-2017-7830
RESERVED
+ {DSA-4035-1 DLA-1172-1}
- firefox 57.0-1
- firefox-esr 52.5.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7830
@@ -25967,6 +25990,7 @@
RESERVED
CVE-2017-7828
RESERVED
+ {DSA-4035-1 DLA-1172-1}
- firefox 57.0-1
- firefox-esr 52.5.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7828
@@ -25977,6 +26001,7 @@
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7827
CVE-2017-7826
RESERVED
+ {DSA-4035-1 DLA-1172-1}
- firefox 57.0-1
- firefox-esr 52.5.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7826
@@ -33714,10 +33739,10 @@
RESERVED
CVE-2017-5534
RESERVED
-CVE-2017-5533
- RESERVED
-CVE-2017-5532
- RESERVED
+CVE-2017-5533 (A vulnerability in the server content cache of TIBCO
JasperReports ...)
+ TODO: check
+CVE-2017-5532 (A vulnerability in the report renderer component of TIBCO ...)
+ TODO: check
CVE-2017-5531 (Deployments of TIBCO Managed File Transfer Command Center
versions ...)
NOT-FOR-US: TIBCO
CVE-2017-5530
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
