Author: sectracker Date: 2017-11-16 09:10:18 +0000 (Thu, 16 Nov 2017) New Revision: 57675
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-11-16 08:03:57 UTC (rev 57674) +++ data/CVE/list 2017-11-16 09:10:18 UTC (rev 57675) @@ -1,4 +1,22 @@ -CVE-2017-16834 [root privilege escalation via insecure permissions] +CVE-2017-16843 + RESERVED +CVE-2017-16842 (Cross-site scripting (XSS) vulnerability in ...) + TODO: check +CVE-2017-16841 (LanSweeper 6.0.100.75 has XSS via the description parameter to ...) + TODO: check +CVE-2017-16840 + RESERVED +CVE-2017-16839 + RESERVED +CVE-2017-16838 + RESERVED +CVE-2017-16837 (Certain function pointers in Trusted Boot (tboot) through 1.9.6 are not ...) + TODO: check +CVE-2017-16836 (Arris TG1682G devices with Comcast TG1682_2.0s7_PRODse ...) + TODO: check +CVE-2017-16835 + RESERVED +CVE-2017-16834 (PNP4Nagios through 0.6.26 has /usr/bin/npcd and npcd.cfg owned by an ...) - pnp4nagios <removed> NOTE: https://github.com/lingej/pnp4nagios/issues/140 CVE-2017-16833 (Stored cross-site scripting (XSS) vulnerability in Gemirro before ...) @@ -4530,8 +4548,7 @@ RESERVED CVE-2017-15116 RESERVED -CVE-2017-15115 [sctp: use-after-free in sctp_cmp_addr_exact()] - RESERVED +CVE-2017-15115 (The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel ...) - linux <unfixed> NOTE: https://git.kernel.org/linus/df80cd9b28b9ebaa284a41df611dbf3a2d05ca74 (v4.14-rc6) CVE-2017-15114 [Passwordless access for non-libvirt related services when using shared certificate authority] @@ -4563,8 +4580,7 @@ RESERVED CVE-2017-15103 RESERVED -CVE-2017-15102 [NULL pointer dereference due to race condition in probe function of legousbtower driver] - RESERVED +CVE-2017-15102 (The tower_probe function in drivers/usb/misc/legousbtower.c in the ...) - linux 4.7.8-1 [jessie] - linux 3.16.43-1 [wheezy] - linux 3.2.86-1 @@ -7868,8 +7884,8 @@ NOTE: Fixed by: https://git.kernel.org/linus/e6f77540c067b48dee10f1e33678415bfcc89017 NOTE: https://patchwork.kernel.org/patch/9929625/ NOTE: Non issue, only "exploitable" with root access -CVE-2017-14034 - RESERVED +CVE-2017-14034 (The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used ...) + TODO: check CVE-2017-14033 (The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, ...) {DSA-4031-1 DLA-1114-1} - ruby2.3 2.3.5-1 (bug #875928) @@ -9986,10 +10002,10 @@ NOT-FOR-US: Wordpress theme CVE-2017-13137 (The FormCraft Basic plugin 1.0.5 for WordPress has SQL injection in the ...) NOT-FOR-US: Wordpress plugin -CVE-2017-13136 - RESERVED -CVE-2017-13135 - RESERVED +CVE-2017-13136 (The image_alloc function in bpgenc.c in libbpg 0.9.7 has an integer ...) + TODO: check +CVE-2017-13135 (A NULL Pointer Dereference exists in VideoLAN x265, as used in libbpg ...) + TODO: check CVE-2017-13134 (In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based buffer ...) {DSA-4032-1 DLA-1170-1 DLA-1081-1} - imagemagick <unfixed> (bug #873099) @@ -12826,8 +12842,8 @@ RESERVED CVE-2017-12351 RESERVED -CVE-2017-12350 - RESERVED +CVE-2017-12350 (A vulnerability in Cisco Umbrella Insights Virtual Appliances 2.1.0 and ...) + TODO: check CVE-2017-12349 RESERVED CVE-2017-12348 @@ -12852,8 +12868,8 @@ RESERVED CVE-2017-12338 RESERVED -CVE-2017-12337 - RESERVED +CVE-2017-12337 (A vulnerability in the upgrade mechanism of Cisco collaboration ...) + TODO: check CVE-2017-12336 RESERVED CVE-2017-12335 @@ -12880,56 +12896,56 @@ RESERVED CVE-2017-12324 RESERVED -CVE-2017-12323 - RESERVED -CVE-2017-12322 - RESERVED -CVE-2017-12321 - RESERVED -CVE-2017-12320 - RESERVED +CVE-2017-12323 (Multiple vulnerabilities in the web interface of the Cisco Registered ...) + TODO: check +CVE-2017-12322 (Multiple vulnerabilities in the web interface of the Cisco Registered ...) + TODO: check +CVE-2017-12321 (Multiple vulnerabilities in the web interface of the Cisco Registered ...) + TODO: check +CVE-2017-12320 (Multiple vulnerabilities in the web interface of the Cisco Registered ...) + TODO: check CVE-2017-12319 RESERVED -CVE-2017-12318 - RESERVED +CVE-2017-12318 (A vulnerability in the TCP state machine of Cisco RF Gateway 1 devices ...) + TODO: check CVE-2017-12317 (The Cisco AMP For Endpoints application allows an authenticated, local ...) NOT-FOR-US: Cisco -CVE-2017-12316 - RESERVED -CVE-2017-12315 - RESERVED -CVE-2017-12314 - RESERVED -CVE-2017-12313 - RESERVED -CVE-2017-12312 - RESERVED -CVE-2017-12311 - RESERVED +CVE-2017-12316 (A vulnerability in the Guest Portal login page of Cisco Identity ...) + TODO: check +CVE-2017-12315 (A vulnerability in system logging when replication is being configured ...) + TODO: check +CVE-2017-12314 (A vulnerability in the Cisco FindIT Network Discovery Utility could ...) + TODO: check +CVE-2017-12313 (An untrusted search path (aka DLL Preload) vulnerability in the Cisco ...) + TODO: check +CVE-2017-12312 (An untrusted search path (aka DLL Preloading) vulnerability in the ...) + TODO: check +CVE-2017-12311 (A vulnerability in the H.264 decoder function of Cisco Meeting Server ...) + TODO: check CVE-2017-12310 RESERVED -CVE-2017-12309 - RESERVED +CVE-2017-12309 (A vulnerability in the Cisco Email Security Appliance (ESA) could allow ...) + TODO: check CVE-2017-12308 RESERVED CVE-2017-12307 RESERVED -CVE-2017-12306 - RESERVED -CVE-2017-12305 - RESERVED -CVE-2017-12304 - RESERVED -CVE-2017-12303 - RESERVED -CVE-2017-12302 - RESERVED +CVE-2017-12306 (A vulnerability in the upgrade process of Cisco Spark Board could allow ...) + TODO: check +CVE-2017-12305 (A vulnerability in the debug interface of Cisco IP Phone 8800 series ...) + TODO: check +CVE-2017-12304 (A vulnerability in the IOS daemon (IOSd) web-based management interface ...) + TODO: check +CVE-2017-12303 (A vulnerability in the Advanced Malware Protection (AMP) file filtering ...) + TODO: check +CVE-2017-12302 (A vulnerability in the Cisco Unified Communications Manager SQL ...) + TODO: check CVE-2017-12301 (A vulnerability in the Python scripting subsystem of Cisco NX-OS ...) NOT-FOR-US: Cisco -CVE-2017-12300 - RESERVED -CVE-2017-12299 - RESERVED +CVE-2017-12300 (A vulnerability in the SNORT detection engine of Cisco Firepower System ...) + TODO: check +CVE-2017-12299 (A vulnerability exists in the process of creating default IP blocks ...) + TODO: check CVE-2017-12298 (A vulnerability in Cisco WebEx Meeting Center could allow an ...) NOT-FOR-US: Cisco CVE-2017-12297 @@ -12942,12 +12958,12 @@ NOT-FOR-US: Cisco CVE-2017-12293 (A vulnerability in Cisco WebEx Meetings Server could allow an ...) NOT-FOR-US: Cisco -CVE-2017-12292 - RESERVED -CVE-2017-12291 - RESERVED -CVE-2017-12290 - RESERVED +CVE-2017-12292 (Multiple vulnerabilities in the web interface of the Cisco Registered ...) + TODO: check +CVE-2017-12291 (Multiple vulnerabilities in the web interface of the Cisco Registered ...) + TODO: check +CVE-2017-12290 (Multiple vulnerabilities in the web interface of the Cisco Registered ...) + TODO: check CVE-2017-12289 (A vulnerability in conditional, verbose debug logging for the IPsec ...) NOT-FOR-US: Cisco CVE-2017-12288 (A vulnerability in the web-based management interface of Cisco Unified ...) @@ -23196,37 +23212,43 @@ CVE-2017-8816 RESERVED CVE-2017-8815 (The language converter in MediaWiki before 1.27.4, 1.28.x before ...) + {DSA-4036-1} - mediawiki 1:1.27.4-1 NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html NOTE: https://phabricator.wikimedia.org/T119158 CVE-2017-8814 (The language converter in MediaWiki before 1.27.4, 1.28.x before ...) + {DSA-4036-1} - mediawiki 1:1.27.4-1 NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html NOTE: https://phabricator.wikimedia.org/T124404 CVE-2017-8813 REJECTED CVE-2017-8812 (MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 ...) + {DSA-4036-1} - mediawiki 1:1.27.4-1 NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html NOTE: https://phabricator.wikimedia.org/T125163 CVE-2017-8811 (The implementation of raw message parameter expansion in MediaWiki ...) + {DSA-4036-1} - mediawiki 1:1.27.4-1 NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html NOTE: https://phabricator.wikimedia.org/T176247 CVE-2017-8810 (MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before ...) + {DSA-4036-1} - mediawiki 1:1.27.4-1 NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html NOTE: https://phabricator.wikimedia.org/T134100 CVE-2017-8809 (api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x ...) + {DSA-4036-1} - mediawiki 1:1.27.4-1 NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html NOTE: https://phabricator.wikimedia.org/T128209 CVE-2017-8808 (MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 ...) + {DSA-4036-1} - mediawiki 1:1.27.4-1 NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html NOTE: https://phabricator.wikimedia.org/T178451 -CVE-2017-8807 [Data leak - '-sfile' Stevedore transient objects] - RESERVED +CVE-2017-8807 (vbf_stp_error in bin/varnishd/cache/cache_fetch.c in Varnish HTTP Cache ...) {DSA-4034-1} - varnish <unfixed> (bug #881808) [jessie] - varnish <not-affected> (Vulnerable code not present, issue introduced in 4.1.0) @@ -25959,6 +25981,7 @@ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7831 CVE-2017-7830 RESERVED + {DSA-4035-1 DLA-1172-1} - firefox 57.0-1 - firefox-esr 52.5.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7830 @@ -25967,6 +25990,7 @@ RESERVED CVE-2017-7828 RESERVED + {DSA-4035-1 DLA-1172-1} - firefox 57.0-1 - firefox-esr 52.5.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7828 @@ -25977,6 +26001,7 @@ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7827 CVE-2017-7826 RESERVED + {DSA-4035-1 DLA-1172-1} - firefox 57.0-1 - firefox-esr 52.5.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7826 @@ -33714,10 +33739,10 @@ RESERVED CVE-2017-5534 RESERVED -CVE-2017-5533 - RESERVED -CVE-2017-5532 - RESERVED +CVE-2017-5533 (A vulnerability in the server content cache of TIBCO JasperReports ...) + TODO: check +CVE-2017-5532 (A vulnerability in the report renderer component of TIBCO ...) + TODO: check CVE-2017-5531 (Deployments of TIBCO Managed File Transfer Command Center versions ...) NOT-FOR-US: TIBCO CVE-2017-5530 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits