[Secure-testing-commits] r59012 - data/CVE
Author: sectracker Date: 2017-12-29 09:10:20 + (Fri, 29 Dec 2017) New Revision: 59012 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-12-29 07:38:05 UTC (rev 59011) +++ data/CVE/list 2017-12-29 09:10:20 UTC (rev 59012) @@ -1,3 +1,207 @@ +CVE-2018-3809 + RESERVED +CVE-2018-3808 + RESERVED +CVE-2018-3807 + RESERVED +CVE-2018-3806 + RESERVED +CVE-2018-3805 + RESERVED +CVE-2018-3804 + RESERVED +CVE-2018-3803 + RESERVED +CVE-2018-3802 + RESERVED +CVE-2018-3801 + RESERVED +CVE-2018-3800 + RESERVED +CVE-2018-3799 + RESERVED +CVE-2018-3798 + RESERVED +CVE-2018-3797 + RESERVED +CVE-2018-3796 + RESERVED +CVE-2018-3795 + RESERVED +CVE-2018-3794 + RESERVED +CVE-2018-3793 + RESERVED +CVE-2018-3792 + RESERVED +CVE-2018-3791 + RESERVED +CVE-2018-3790 + RESERVED +CVE-2018-3789 + RESERVED +CVE-2018-3788 + RESERVED +CVE-2018-3787 + RESERVED +CVE-2018-3786 + RESERVED +CVE-2018-3785 + RESERVED +CVE-2018-3784 + RESERVED +CVE-2018-3783 + RESERVED +CVE-2018-3782 + RESERVED +CVE-2018-3781 + RESERVED +CVE-2018-3780 + RESERVED +CVE-2018-3779 + RESERVED +CVE-2018-3778 + RESERVED +CVE-2018-3777 + RESERVED +CVE-2018-3776 + RESERVED +CVE-2018-3775 + RESERVED +CVE-2018-3774 + RESERVED +CVE-2018-3773 + RESERVED +CVE-2018-3772 + RESERVED +CVE-2018-3771 + RESERVED +CVE-2018-3770 + RESERVED +CVE-2018-3769 + RESERVED +CVE-2018-3768 + RESERVED +CVE-2018-3767 + RESERVED +CVE-2018-3766 + RESERVED +CVE-2018-3765 + RESERVED +CVE-2018-3764 + RESERVED +CVE-2018-3763 + RESERVED +CVE-2018-3762 + RESERVED +CVE-2018-3761 + RESERVED +CVE-2018-3760 + RESERVED +CVE-2018-3759 + RESERVED +CVE-2018-3758 + RESERVED +CVE-2018-3757 + RESERVED +CVE-2018-3756 + RESERVED +CVE-2018-3755 + RESERVED +CVE-2018-3754 + RESERVED +CVE-2018-3753 + RESERVED +CVE-2018-3752 + RESERVED +CVE-2018-3751 + RESERVED +CVE-2018-3750 + RESERVED +CVE-2018-3749 + RESERVED +CVE-2018-3748 + RESERVED +CVE-2018-3747 + RESERVED +CVE-2018-3746 + RESERVED +CVE-2018-3745 + RESERVED +CVE-2018-3744 + RESERVED +CVE-2018-3743 + RESERVED +CVE-2018-3742 + RESERVED +CVE-2018-3741 + RESERVED +CVE-2018-3740 + RESERVED +CVE-2018-3739 + RESERVED +CVE-2018-3738 + RESERVED +CVE-2018-3737 + RESERVED +CVE-2018-3736 + RESERVED +CVE-2018-3735 + RESERVED +CVE-2018-3734 + RESERVED +CVE-2018-3733 + RESERVED +CVE-2018-3732 + RESERVED +CVE-2018-3731 + RESERVED +CVE-2018-3730 + RESERVED +CVE-2018-3729 + RESERVED +CVE-2018-3728 + RESERVED +CVE-2018-3727 + RESERVED +CVE-2018-3726 + RESERVED +CVE-2018-3725 + RESERVED +CVE-2018-3724 + RESERVED +CVE-2018-3723 + RESERVED +CVE-2018-3722 + RESERVED +CVE-2018-3721 + RESERVED +CVE-2018-3720 + RESERVED +CVE-2018-3719 + RESERVED +CVE-2018-3718 + RESERVED +CVE-2018-3717 + RESERVED +CVE-2018-3716 + RESERVED +CVE-2018-3715 + RESERVED +CVE-2018-3714 + RESERVED +CVE-2018-3713 + RESERVED +CVE-2018-3712 + RESERVED +CVE-2018-3711 + RESERVED +CVE-2018-3710 + RESERVED +CVE-2017-17970 + RESERVED +CVE-2017-17969 + RESERVED CVE-2018-3709 RESERVED CVE-2018-3708 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r59006 - data/CVE
Author: sectracker Date: 2017-12-28 21:10:14 + (Thu, 28 Dec 2017) New Revision: 59006 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-12-28 20:44:59 UTC (rev 59005) +++ data/CVE/list 2017-12-28 21:10:14 UTC (rev 59006) @@ -1,3 +1,249 @@ +CVE-2018-3709 + RESERVED +CVE-2018-3708 + RESERVED +CVE-2018-3707 + RESERVED +CVE-2018-3706 + RESERVED +CVE-2018-3705 + RESERVED +CVE-2018-3704 + RESERVED +CVE-2018-3703 + RESERVED +CVE-2018-3702 + RESERVED +CVE-2018-3701 + RESERVED +CVE-2018-3700 + RESERVED +CVE-2018-3699 + RESERVED +CVE-2018-3698 + RESERVED +CVE-2018-3697 + RESERVED +CVE-2018-3696 + RESERVED +CVE-2018-3695 + RESERVED +CVE-2018-3694 + RESERVED +CVE-2018-3693 + RESERVED +CVE-2018-3692 + RESERVED +CVE-2018-3691 + RESERVED +CVE-2018-3690 + RESERVED +CVE-2018-3689 + RESERVED +CVE-2018-3688 + RESERVED +CVE-2018-3687 + RESERVED +CVE-2018-3686 + RESERVED +CVE-2018-3685 + RESERVED +CVE-2018-3684 + RESERVED +CVE-2018-3683 + RESERVED +CVE-2018-3682 + RESERVED +CVE-2018-3681 + RESERVED +CVE-2018-3680 + RESERVED +CVE-2018-3679 + RESERVED +CVE-2018-3678 + RESERVED +CVE-2018-3677 + RESERVED +CVE-2018-3676 + RESERVED +CVE-2018-3675 + RESERVED +CVE-2018-3674 + RESERVED +CVE-2018-3673 + RESERVED +CVE-2018-3672 + RESERVED +CVE-2018-3671 + RESERVED +CVE-2018-3670 + RESERVED +CVE-2018-3669 + RESERVED +CVE-2018-3668 + RESERVED +CVE-2018-3667 + RESERVED +CVE-2018-3666 + RESERVED +CVE-2018-3665 + RESERVED +CVE-2018-3664 + RESERVED +CVE-2018-3663 + RESERVED +CVE-2018-3662 + RESERVED +CVE-2018-3661 + RESERVED +CVE-2018-3660 + RESERVED +CVE-2018-3659 + RESERVED +CVE-2018-3658 + RESERVED +CVE-2018-3657 + RESERVED +CVE-2018-3656 + RESERVED +CVE-2018-3655 + RESERVED +CVE-2018-3654 + RESERVED +CVE-2018-3653 + RESERVED +CVE-2018-3652 + RESERVED +CVE-2018-3651 + RESERVED +CVE-2018-3650 + RESERVED +CVE-2018-3649 + RESERVED +CVE-2018-3648 + RESERVED +CVE-2018-3647 + RESERVED +CVE-2018-3646 + RESERVED +CVE-2018-3645 + RESERVED +CVE-2018-3644 + RESERVED +CVE-2018-3643 + RESERVED +CVE-2018-3642 + RESERVED +CVE-2018-3641 + RESERVED +CVE-2018-3640 + RESERVED +CVE-2018-3639 + RESERVED +CVE-2018-3638 + RESERVED +CVE-2018-3637 + RESERVED +CVE-2018-3636 + RESERVED +CVE-2018-3635 + RESERVED +CVE-2018-3634 + RESERVED +CVE-2018-3633 + RESERVED +CVE-2018-3632 + RESERVED +CVE-2018-3631 + RESERVED +CVE-2018-3630 + RESERVED +CVE-2018-3629 + RESERVED +CVE-2018-3628 + RESERVED +CVE-2018-3627 + RESERVED +CVE-2018-3626 + RESERVED +CVE-2018-3625 + RESERVED +CVE-2018-3624 + RESERVED +CVE-2018-3623 + RESERVED +CVE-2018-3622 + RESERVED +CVE-2018-3621 + RESERVED +CVE-2018-3620 + RESERVED +CVE-2018-3619 + RESERVED +CVE-2018-3618 + RESERVED +CVE-2018-3617 + RESERVED +CVE-2018-3616 + RESERVED +CVE-2018-3615 + RESERVED +CVE-2018-3614 + RESERVED +CVE-2018-3613 + RESERVED +CVE-2018-3612 + RESERVED +CVE-2018-3611 + RESERVED +CVE-2018-3610 + RESERVED +CVE-2017-17968 + RESERVED +CVE-2017-17967 (pptreader.dll in Kingsoft WPS Office 10.1.0.6930 allows remote ...) + TODO: check +CVE-2017-17966 + RESERVED +CVE-2017-17965 + RESERVED +CVE-2017-17964 + RESERVED +CVE-2017-17963 + RESERVED +CVE-2017-17962 + RESERVED +CVE-2017-17961 + RESERVED +CVE-2017-17960 (PHP Scripts Mall PHP Multivendor Ecommerce has CSRF via ...) + TODO: check +CVE-2017-17959 (PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the ...) + TODO: check +CVE-2017-17958 (PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the ...) + TODO: check +CVE-2017-17957 (PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the ...) + TODO: check +CVE-2017-17956 (PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the ...) + TODO: check +CVE-2017-17955 (PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the ...) + TODO: check +CVE-2017-17954 (PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the ...) + TODO: check +CVE-2017-17953 (PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the category.php ...) + TODO: check +CVE-2017-17952 (PHP Scripts Mall PHP Multivendor Ecommerce has a predicable ...) + TODO: check +CVE-2017-17951 (PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the ...) + TODO: check +CVE-2017-17950 (Cells Blog 3.5
[Secure-testing-commits] r58987 - data/CVE
Author: sectracker Date: 2017-12-28 09:10:14 + (Thu, 28 Dec 2017) New Revision: 58987 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-12-28 09:06:37 UTC (rev 58986) +++ data/CVE/list 2017-12-28 09:10:14 UTC (rev 58987) @@ -1,3 +1,25 @@ +CVE-2017-17946 + RESERVED +CVE-2017-17945 + RESERVED +CVE-2017-17944 + RESERVED +CVE-2017-17943 + RESERVED +CVE-2017-17942 (In LibTIFF 4.0.9, there is a heap-based buffer over-read in the ...) + TODO: check +CVE-2017-17941 (PHP Scripts Mall Single Theater Booking has SQL Injection via the ...) + TODO: check +CVE-2017-17940 (PHP Scripts Mall Single Theater Booking has XSS via the title parameter ...) + TODO: check +CVE-2017-17939 (PHP Scripts Mall Single Theater Booking has CSRF via ...) + TODO: check +CVE-2017-17938 (PHP Scripts Mall Single Theater Booking has XSS via the ...) + TODO: check +CVE-2017-17937 (Vanguard Marketplace Digital Products PHP has XSS via the phps_query ...) + TODO: check +CVE-2017-17936 (Vanguard Marketplace Digital Products PHP has CSRF via /search. ...) + TODO: check CVE-2018-3609 RESERVED CVE-2018-3608 @@ -32,8 +54,8 @@ NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/08278c7cf1c0b4f1da4cdcfaa857ff6b2373a1b2 CVE-2017-17933 RESERVED -CVE-2017-17932 - RESERVED +CVE-2017-17932 (A buffer overflow vulnerability exists in MediaServer.exe in ALLPlayer ...) + TODO: check CVE-2017-17931 (PHP Scripts Mall Resume Clone Script has SQL Injection via the ...) NOT-FOR-US: PHP Scripts Mall Resume Clone Script CVE-2017-17930 (PHP Scripts Mall Professional Service Script has CSRF via ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58969 - data/CVE
Author: sectracker Date: 2017-12-27 21:10:22 + (Wed, 27 Dec 2017) New Revision: 58969 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-12-27 18:53:50 UTC (rev 58968) +++ data/CVE/list 2017-12-27 21:10:22 UTC (rev 58969) @@ -1,3 +1,73 @@ +CVE-2018-3609 + RESERVED +CVE-2018-3608 + RESERVED +CVE-2018-3607 + RESERVED +CVE-2018-3606 + RESERVED +CVE-2018-3605 + RESERVED +CVE-2018-3604 + RESERVED +CVE-2018-3603 + RESERVED +CVE-2018-3602 + RESERVED +CVE-2018-3601 + RESERVED +CVE-2018-3600 + RESERVED +CVE-2017-17935 (The File_read_line function in epan/wslua/wslua_file.c in Wireshark ...) + TODO: check +CVE-2017-17934 (ImageMagick 7.0.7-17 Q16 x86_64 has memory leaks in coders/msl.c, ...) + TODO: check +CVE-2017-17933 + RESERVED +CVE-2017-17932 + RESERVED +CVE-2017-17931 (PHP Scripts Mall Resume Clone Script has SQL Injection via the ...) + TODO: check +CVE-2017-17930 (PHP Scripts Mall Professional Service Script has CSRF via ...) + TODO: check +CVE-2017-17929 (PHP Scripts Mall Professional Service Script has XSS via the ...) + TODO: check +CVE-2017-17928 (PHP Scripts Mall Professional Service Script has SQL injection via the ...) + TODO: check +CVE-2017-17927 (PHP Scripts Mall Professional Service Script allows remote attackers to ...) + TODO: check +CVE-2017-17926 (PHP Scripts Mall Professional Service Script has a predicable ...) + TODO: check +CVE-2017-17925 (PHP Scripts Mall Professional Service Script has XSS via the ...) + TODO: check +CVE-2017-17924 (PHP Scripts Mall Professional Service Script allows remote attackers to ...) + TODO: check +CVE-2017-17923 + RESERVED +CVE-2017-17922 + RESERVED +CVE-2017-17921 + RESERVED +CVE-2017-17920 + RESERVED +CVE-2017-17919 + RESERVED +CVE-2017-17918 + RESERVED +CVE-2017-17917 + RESERVED +CVE-2017-17916 + RESERVED +CVE-2017-17915 (In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based ...) + TODO: check +CVE-2017-17914 (In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the function ...) + TODO: check +CVE-2017-17913 (In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a stack-based ...) + TODO: check +CVE-2017-17912 (In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based ...) + TODO: check +CVE-2017-17911 (packages/core/contact.php in Archon 3.21 rev-1 has XSS in the referer ...) + TODO: check CVE-2017-17910 RESERVED CVE-2017-17909 (PHP Scripts Mall Responsive Realestate Script has XSS via the ...) @@ -107,10 +177,10 @@ NOT-FOR-US: Valve Steam Link CVE-2017-17877 (An issue was discovered in Valve Steam Link build 643. When the SSH ...) NOT-FOR-US: Valve Steam Link -CVE-2017-17876 - RESERVED -CVE-2017-17875 - RESERVED +CVE-2017-17876 (Biometric Shift Employee Management System 3.0 allows remote attackers ...) + TODO: check +CVE-2017-17875 (The JEXTN FAQ Pro extension 4.0.0 for Joomla! has SQL Injection via the ...) + TODO: check CVE-2017-17874 (Vanguard Marketplace Digital Products PHP 1.4 allows arbitrary file ...) NOT-FOR-US: Vanguard Marketplace Digital Products PHP CVE-2017-17873 (Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via the ...) @@ -10608,8 +10678,8 @@ RESERVED CVE-2017-16769 RESERVED -CVE-2017-16768 - RESERVED +CVE-2017-16768 (Cross-site scripting (XSS) vulnerability in User Policy editor in ...) + TODO: check CVE-2017-16767 RESERVED CVE-2017-16766 (An improper access control vulnerability in synodsmnotify in Synology ...) @@ -21074,8 +21144,8 @@ NOTE: https://github.com/ImageMagick/ImageMagick/issues/666 CVE-2017-13057 RESERVED -CVE-2017-13056 - RESERVED +CVE-2017-13056 (The launchURL function in PDF-XChange Viewer 2.5 (Build 314.0) might ...) + TODO: check CVE-2017-13055 (The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 @@ -25352,32 +25422,28 @@ RESERVED CVE-2017-11699 RESERVED -CVE-2017-11698 [heap-buffer-overflow (write of size 2) in __get_page (lib/dbm/src/h_page.c:704)] - RESERVED +CVE-2017-11698 (Heap-based buffer overflow in the __get_page function in ...) - nss (bug #873259; unimportant) NOTE: Issues triggered by crafted DBM databases, which would NOTE: require local user access to a machine running NSS and NOTE: crafting the local DBM files. NOTE: http://seclists.org/fulldisclosure/2017/Aug/17 NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1360779 -CVE-2017-11697 [Floating Point Exception in __hash_open (hash.c:229)] - RESERVED +CVE-2017-11697
[Secure-testing-commits] r58927 - data/CVE
Author: sectracker Date: 2017-12-26 09:10:19 + (Tue, 26 Dec 2017) New Revision: 58927 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-12-26 08:01:08 UTC (rev 58926) +++ data/CVE/list 2017-12-26 09:10:19 UTC (rev 58927) @@ -1,3 +1,5 @@ +CVE-2017-17910 + RESERVED CVE-2017-17909 (PHP Scripts Mall Responsive Realestate Script has XSS via the ...) NOT-FOR-US: PHP Scripts Mall Responsive Realestate Script CVE-2017-17908 (PHP Scripts Mall Responsive Realestate Script has CSRF via ...) @@ -18946,8 +18948,8 @@ RESERVED CVE-2017-13904 RESERVED -CVE-2017-13903 - RESERVED +CVE-2017-13903 (An issue was discovered in certain Apple products. iOS before 11.2.1 ...) + TODO: check CVE-2017-13902 RESERVED CVE-2017-13901 @@ -18986,73 +18988,70 @@ RESERVED CVE-2017-13884 RESERVED -CVE-2017-13883 - RESERVED +CVE-2017-13883 (An issue was discovered in certain Apple products. macOS before ...) + TODO: check CVE-2017-13882 RESERVED CVE-2017-13881 RESERVED CVE-2017-13880 RESERVED -CVE-2017-13879 - RESERVED -CVE-2017-13878 - RESERVED +CVE-2017-13879 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) + TODO: check +CVE-2017-13878 (An issue was discovered in certain Apple products. macOS before ...) + TODO: check CVE-2017-13877 RESERVED -CVE-2017-13876 - RESERVED -CVE-2017-13875 - RESERVED -CVE-2017-13874 - RESERVED +CVE-2017-13876 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) + TODO: check +CVE-2017-13875 (An issue was discovered in certain Apple products. macOS before ...) + TODO: check +CVE-2017-13874 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) + TODO: check CVE-2017-13873 RESERVED CVE-2017-13872 (An issue was discovered in certain Apple products. macOS High Sierra ...) NOT-FOR-US: Apple -CVE-2017-13871 - RESERVED -CVE-2017-13870 - RESERVED +CVE-2017-13871 (An issue was discovered in certain Apple products. macOS before ...) + TODO: check +CVE-2017-13870 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) - webkit2gtk 2.18.4-1 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2017-0010.html NOTE: Not covered by security support -CVE-2017-13869 - RESERVED -CVE-2017-13868 - RESERVED -CVE-2017-13867 - RESERVED -CVE-2017-13866 - RESERVED +CVE-2017-13869 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) + TODO: check +CVE-2017-13868 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) + TODO: check +CVE-2017-13867 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) + TODO: check +CVE-2017-13866 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) - webkit2gtk 2.18.4-1 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2017-0010.html NOTE: Not covered by security support -CVE-2017-13865 - RESERVED -CVE-2017-13864 - RESERVED +CVE-2017-13865 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) + TODO: check +CVE-2017-13864 (An issue was discovered in certain Apple products. iCloud before 7.2 ...) + TODO: check CVE-2017-13863 RESERVED -CVE-2017-13862 - RESERVED -CVE-2017-13861 - RESERVED -CVE-2017-13860 - RESERVED +CVE-2017-13862 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) + TODO: check +CVE-2017-13861 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) + TODO: check +CVE-2017-13860 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) + TODO: check CVE-2017-13859 RESERVED -CVE-2017-13858 - RESERVED +CVE-2017-13858 (An issue was discovered in certain Apple products. macOS before ...) + TODO: check CVE-2017-13857 RESERVED -CVE-2017-13856 - RESERVED +CVE-2017-13856 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) - webkit2gtk 2.18.4-1 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2017-0010.html NOTE: Not covered by security support -CVE-2017-13855 - RESERVED +CVE-2017-13855 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) + TODO: check CVE-2017-13854 RESERVED CVE-2017-13853 @@ -19065,10 +19064,10 @@ RESERVED CVE-2017-13849 (An issue was discovered in certain Apple products. iOS before 11.1 is ...) NOT-FOR-US: Apple -CVE-2017-13848 - RESERVED -CVE-2017-13847 - RESERVED +CVE-2017-13848 (An issue was discovered in certain Apple products.
[Secure-testing-commits] r58916 - data/CVE
Author: sectracker Date: 2017-12-25 21:10:15 + (Mon, 25 Dec 2017) New Revision: 58916 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-12-25 20:34:23 UTC (rev 58915) +++ data/CVE/list 2017-12-25 21:10:15 UTC (rev 58916) @@ -1,3 +1,17 @@ +CVE-2017-17909 (PHP Scripts Mall Responsive Realestate Script has XSS via the ...) + TODO: check +CVE-2017-17908 (PHP Scripts Mall Responsive Realestate Script has CSRF via ...) + TODO: check +CVE-2017-17907 (PHP Scripts Mall Car Rental Script has XSS via the admin/areaedit.php ...) + TODO: check +CVE-2017-17906 (PHP Scripts Mall Car Rental Script has SQL Injection via the ...) + TODO: check +CVE-2017-17905 (PHP Scripts Mall Car Rental Script has CSRF via admin/sitesettings.php. ...) + TODO: check +CVE-2017-17904 (FS Lynda Clone has XSS via the keywords parameter to tutorial/ or the ...) + TODO: check +CVE-2017-17903 (FS Lynda Clone has CSRF via user/edit_profile, as demonstrated by ...) + TODO: check CVE-2017-17902 RESERVED CVE-2017-17901 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58908 - data/CVE
Author: sectracker Date: 2017-12-25 09:10:18 + (Mon, 25 Dec 2017) New Revision: 58908 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-12-25 08:32:05 UTC (rev 58907) +++ data/CVE/list 2017-12-25 09:10:18 UTC (rev 58908) @@ -1,3 +1,5 @@ +CVE-2017-17902 + RESERVED CVE-2017-17901 RESERVED CVE-2017-17900 (SQL injection vulnerability in fourn/index.php in Dolibarr ERP/CRM ...) @@ -106,7 +108,7 @@ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698699 (not public) CVE-2017-17865 RESERVED -CVE-2017-17864 (kernel/bpf/verifier.c in the Linux kernel before 4.14 mishandles ...) +CVE-2017-17864 (kernel/bpf/verifier.c in the Linux kernel through 4.14.8 mishandles ...) {DSA-4073-1} - linux 4.14.7-1 [jessie] - linux (Vulnerable code not present) @@ -7968,7 +7970,7 @@ NOTE: https://github.com/erlang/otp/commit/3b4386dd19b7e669f557c95ace8d7ba228291927 (OTP-19.3.6.4) NOTE: https://github.com/erlang/otp/commit/de3b9cdb8521d7edd524b4e17d1e3f883f832ec0 (OTP-18.3.4.7) NOTE: https://robotattack.org/ -CVE-2017-17058 (The WooCommerce plugin through 3.x for WordPress has a Directory ...) +CVE-2017-17058 (** DISPUTED ** The WooCommerce plugin through 3.x for WordPress has a ...) NOT-FOR-US: WooCommerce plugin for WordPress CVE-2017-17057 (There is a reflected XSS vulnerability in ZKTime Web 2.0.1.12280. The ...) NOT-FOR-US: ZKTeco ZKTime Web Software ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58906 - data/CVE
Author: sectracker Date: 2017-12-24 21:10:13 + (Sun, 24 Dec 2017) New Revision: 58906 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-12-24 19:57:27 UTC (rev 58905) +++ data/CVE/list 2017-12-24 21:10:13 UTC (rev 58906) @@ -1,3 +1,31 @@ +CVE-2017-17901 + RESERVED +CVE-2017-17900 (SQL injection vulnerability in fourn/index.php in Dolibarr ERP/CRM ...) + TODO: check +CVE-2017-17899 (SQL injection vulnerability in adherents/subscription/info.php in ...) + TODO: check +CVE-2017-17898 (Dolibarr ERP/CRM version 6.0.4 does not block direct requests to ...) + TODO: check +CVE-2017-17897 (SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM ...) + TODO: check +CVE-2017-17896 (Readymade Job Site Script has XSS via the keyword parameter to the /job ...) + TODO: check +CVE-2017-17895 (Readymade Job Site Script has SQL Injection via the location_name array ...) + TODO: check +CVE-2017-17894 (Readymade Job Site Script has CSRF via the /job URI. ...) + TODO: check +CVE-2017-17893 (Readymade Video Sharing Script has XSS via the search_video.php search ...) + TODO: check +CVE-2017-17892 (Readymade Video Sharing Script has SQL Injection via the viewsubs.php ...) + TODO: check +CVE-2017-17891 (Readymade Video Sharing Script has CSRF via user-profile-edit.php. ...) + TODO: check +CVE-2017-17890 + RESERVED +CVE-2017-17889 + RESERVED +CVE-2017-17888 (cgi-bin/write.cgi in Anti-Web through 3.8.7, as used on NetBiter / HMS, ...) + TODO: check CVE-2017-17887 (In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in ...) - imagemagick (unimportant) NOTE: https://github.com/ImageMagick/ImageMagick/issues/903 @@ -105,8 +133,8 @@ - asterisk (bug #885072) NOTE: http://downloads.asterisk.org/pub/security/AST-2017-014.html NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27480 -CVE-2017-17849 - RESERVED +CVE-2017-17849 (A buffer overflow vulnerability in GetGo Download Manager 5.3.0.2712 ...) + TODO: check CVE-2017-17857 (The check_stack_boundary function in kernel/bpf/verifier.c in the Linux ...) - linux 4.14.7-1 [stretch] - linux (Vulnerable code introdued later) @@ -392,6 +420,7 @@ CVE-2017-17791 RESERVED CVE-2017-17790 (The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 ...) + {DLA-1222-1 DLA-1221-1} - ruby2.5 (bug #884878) - ruby2.3 (bug #884879) [stretch] - ruby2.3 (Minor issue, can be fixed along in future DSA) @@ -6314,6 +6343,7 @@ CVE-2017-17406 RESERVED CVE-2017-17405 (Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, ...) + {DLA-1222-1 DLA-1221-1} - ruby2.5 2.5.0~rc1-1 (bug #884437) - ruby2.3 2.3.6-1 (bug #884438) [stretch] - ruby2.3 (Minor issue, can be fixed along in a future update) @@ -36824,14 +36854,17 @@ NOT-FOR-US: Nessus CVE-2017-7848 RESERVED + {DLA-1223-1} - thunderbird 1:52.5.2-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/#CVE-2017-7848 CVE-2017-7847 RESERVED + {DLA-1223-1} - thunderbird 1:52.5.2-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/#CVE-2017-7847 CVE-2017-7846 RESERVED + {DLA-1223-1} - thunderbird 1:52.5.2-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/#CVE-2017-7846 CVE-2017-7845 @@ -36911,6 +36944,7 @@ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-26/#CVE-2017-7830 CVE-2017-7829 RESERVED + {DLA-1223-1} - thunderbird 1:52.5.2-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/#CVE-2017-7829 CVE-2017-7828 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58885 - data/CVE
Author: sectracker Date: 2017-12-24 09:10:14 + (Sun, 24 Dec 2017) New Revision: 58885 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-12-24 08:39:29 UTC (rev 58884) +++ data/CVE/list 2017-12-24 09:10:14 UTC (rev 58885) @@ -1,3 +1,45 @@ +CVE-2017-17887 (In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in ...) + TODO: check +CVE-2017-17886 (In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in ...) + TODO: check +CVE-2017-17885 (In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in ...) + TODO: check +CVE-2017-17884 (In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in ...) + TODO: check +CVE-2017-17883 (In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in ...) + TODO: check +CVE-2017-17882 (In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in ...) + TODO: check +CVE-2017-17881 (In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in ...) + TODO: check +CVE-2017-17880 (In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a stack-based ...) + TODO: check +CVE-2017-17879 (In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based ...) + TODO: check +CVE-2017-17878 (An issue was discovered in Valve Steam Link build 643. Root passwords ...) + TODO: check +CVE-2017-17877 (An issue was discovered in Valve Steam Link build 643. When the SSH ...) + TODO: check +CVE-2017-17876 + RESERVED +CVE-2017-17875 + RESERVED +CVE-2017-17874 (Vanguard Marketplace Digital Products PHP 1.4 allows arbitrary file ...) + TODO: check +CVE-2017-17873 (Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via the ...) + TODO: check +CVE-2017-17872 (The JEXTN Video Gallery extension 3.0.5 for Joomla! has SQL Injection ...) + TODO: check +CVE-2017-17871 (The JEXTN Question And Answer extension 3.1.0 for Joomla! has SQL ...) + TODO: check +CVE-2017-17870 (The JBuildozer extension 1.4.1 for Joomla! has SQL Injection via the ...) + TODO: check +CVE-2017-17869 (The mgl-instagram-gallery plugin for WordPress has XSS via the ...) + TODO: check +CVE-2017-17868 (In Liferay Portal 6.1.0, the tags section has XSS via a Public Render ...) + TODO: check +CVE-2017-17867 + RESERVED CVE-2017-17866 (pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain ...) - mupdf (bug #885120) NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=520cc26d18c9ee245b56e9e91f9d4fcae02be5f0 @@ -26,8 +68,8 @@ RESERVED CVE-2017-17860 RESERVED -CVE-2017-17859 - RESERVED +CVE-2017-17859 (Samsung Internet Browser 6.2.01.12 allows remote attackers to bypass ...) + TODO: check CVE-2017-17858 RESERVED CVE-2017-17851 @@ -9617,8 +9659,8 @@ CVE-2017-16898 (The printMP3Headers function in util/listmp3.c in libming v0.4.8 or ...) - ming NOTE: https://github.com/libming/libming/issues/75 -CVE-2017-16897 - RESERVED +CVE-2017-16897 (A vulnerability has been discovered in the Auth0 passport-wsfed-saml2 ...) + TODO: check CVE-2017-16896 (A SQL injection in classes/handler/public.php in the forgotpass ...) - tt-rss (bug #882543) NOTE: https://discourse.tt-rss.org/t/sql-injection-in-forgotpass-fixed/669 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58878 - data/CVE
Author: sectracker Date: 2017-12-23 21:10:15 + (Sat, 23 Dec 2017) New Revision: 58878 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-12-23 20:12:20 UTC (rev 58877) +++ data/CVE/list 2017-12-23 21:10:15 UTC (rev 58878) @@ -1,13 +1,20 @@ -CVE-2017-17864 [bpf/verifier: Fix states_equal() comparison of pointer and UNKNOWN] +CVE-2017-17866 (pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain ...) + TODO: check +CVE-2017-17865 + RESERVED +CVE-2017-17864 (kernel/bpf/verifier.c in the Linux kernel before 4.14 mishandles ...) + {DSA-4073-1} - linux [jessie] - linux (Vulnerable code not present) [wheezy] - linux (Vulnerable code not present) -CVE-2017-17863 [bpf: reject out-of-bounds stack pointer calculation] +CVE-2017-17863 (kernel/bpf/verifier.c in the Linux kernel 4.9.x through 4.9.71 does not ...) + {DSA-4073-1} - linux [jessie] - linux (Vulnerable code not present) [wheezy] - linux (Vulnerable code not present) NOTE: https://www.spinics.net/lists/stable/msg206985.html -CVE-2017-17862 [bpf: fix branch pruning logic] +CVE-2017-17862 (kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores ...) + {DSA-4073-1} - linux [jessie] - linux (Vulnerable code not present) [wheezy] - linux (Vulnerable code not present) @@ -98,27 +105,27 @@ CVE-2017-17832 (ServersCheck Monitoring Software before 14.2.3 is prone to a ...) TODO: check CVE-2017-17843 (An issue was discovered in Enigmail before 1.9.9 that allows remote ...) - {DSA-4070-1} + {DSA-4070-1 DLA-1219-1} - enigmail 2:1.9.9-1 NOTE: https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf CVE-2017-17844 (An issue was discovered in Enigmail before 1.9.9. A remote attacker can ...) - {DSA-4070-1} + {DSA-4070-1 DLA-1219-1} - enigmail 2:1.9.9-1 NOTE: https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf CVE-2017-17845 (An issue was discovered in Enigmail before 1.9.9. Improper Random ...) - {DSA-4070-1} + {DSA-4070-1 DLA-1219-1} - enigmail 2:1.9.9-1 NOTE: https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf CVE-2017-17846 (An issue was discovered in Enigmail before 1.9.9. Regular expressions ...) - {DSA-4070-1} + {DSA-4070-1 DLA-1219-1} - enigmail 2:1.9.9-1 NOTE: https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf CVE-2017-17847 (An issue was discovered in Enigmail before 1.9.9. Signature spoofing is ...) - {DSA-4070-1} + {DSA-4070-1 DLA-1219-1} - enigmail 2:1.9.9-1 NOTE: https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf CVE-2017-17848 (An issue was discovered in Enigmail before 1.9.9. In a variant of ...) - {DSA-4070-1} + {DSA-4070-1 DLA-1219-1} - enigmail 2:1.9.9-1 NOTE: https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf CVE-2017-17831 (GitHub Git LFS before 2.1.1 allows remote attackers to execute ...) @@ -274,12 +281,15 @@ CVE-2018-3560 RESERVED CVE-2017-17807 (The KEYS subsystem in the Linux kernel before 4.14.6 omitted an ...) + {DSA-4073-1} - linux 4.14.7-1 NOTE: Fixed by: https://git.kernel.org/linus/4dca6ea1d9432052afb06baf2e3ae78188a4410b (v4.15-rc3) CVE-2017-17806 (The HMAC implementation (crypto/hmac.c) in the Linux kernel before ...) + {DSA-4073-1} - linux 4.14.7-1 NOTE: Fixed by: https://git.kernel.org/linus/af3ff8045bbf3e32f1a448542e73abb4c8ceb6f1 (v4.15-rc4) CVE-2017-17805 (The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does ...) + {DSA-4073-1} - linux 4.14.7-1 NOTE: Fixed by: https://git.kernel.org/linus/ecaaab5649781c5a0effdaf298a925063020500e (4.15-rc4) CVE-2017-17804 (In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows ...) @@ -380,12 +390,14 @@ NOTE: OTRS-5: https://github.com/OTRS/otrs/commit/720c73fbf53e476ca7dfdf2ae1d4d3d2aad2b953 NOTE: OTRS-4: https://github.com/OTRS/otrs/commit/26707eaaa791648e6c7ad6aeaa27efd70e7c66eb CVE-2017-17785 (In GIMP 2.8.22, there is a heap-based buffer overflow in the ...) + {DLA-1220-1} - gimp (bug #884836) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=739133 NOTE: https://git.gnome.org/browse/gimp/commit/?id=edb251a7ef1602d20a5afcbf23f24afb163de63b (master) NOTE: https://git.gnome.org/browse/gimp/commit/?id=1882bac996a20ab5c15c42b0c5e8f49033a1af54 (gimp-2-8) NOTE: Can be reproduced (at least in wheezy)
[Secure-testing-commits] r58860 - data/CVE
Author: sectracker Date: 2017-12-23 09:10:23 + (Sat, 23 Dec 2017) New Revision: 58860 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-12-23 08:31:21 UTC (rev 58859) +++ data/CVE/list 2017-12-23 09:10:23 UTC (rev 58860) @@ -1,34 +1,48 @@ -CVE-2017-17857 [bpf: fix missing error return in check_stack_boundary()] +CVE-2017-17861 + RESERVED +CVE-2017-17860 + RESERVED +CVE-2017-17859 + RESERVED +CVE-2017-17858 + RESERVED +CVE-2017-17851 + RESERVED +CVE-2017-17850 (An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and ...) + TODO: check +CVE-2017-17849 + RESERVED +CVE-2017-17857 (The check_stack_boundary function in kernel/bpf/verifier.c in the Linux ...) - linux 4.14.7-1 [stretch] - linux (Vulnerable code introdued later) [jessie] - linux (Vulnerable code introdued later) [wheezy] - linux (Vulnerable code introdued later) NOTE: Fixed by: https://git.kernel.org/linus/ea25f914dc164c8d56b36147ecc86bc65f83c469 -CVE-2017-17856 [bpf: force strict alignment checks for stack pointers] +CVE-2017-17856 (kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local ...) - linux 4.14.7-1 [stretch] - linux (Vulnerable code introdued later) [jessie] - linux (Vulnerable code introdued later) [wheezy] - linux (Vulnerable code introdued later) NOTE: Fixed by: https://git.kernel.org/linus/a5ec6ae161d72f01411169a938fa5f8baea16e8f -CVE-2017-17855 [bpf: don't prune branches when a scalar is replaced with a pointer] +CVE-2017-17855 (kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local ...) - linux 4.14.7-1 [stretch] - linux (Vulnerable code introdued later) [jessie] - linux (Vulnerable code introdued later) [wheezy] - linux (Vulnerable code introdued later) NOTE: Fixed by: https://git.kernel.org/linus/179d1c5602997fef5a940c6ddcf31212cbfebd14 -CVE-2017-17854 [bpf: fix integer overflows] +CVE-2017-17854 (kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local ...) - linux 4.14.7-1 [stretch] - linux (Vulnerable code introdued later) [jessie] - linux (Vulnerable code introdued later) [wheezy] - linux (Vulnerable code introdued later) NOTE: Fixed by: https://git.kernel.org/linus/bb7f0f989ca7de1153bd128a40a71709e339fa03 -CVE-2017-17853 [bpf/verifier: fix bounds calculation on BPF_RSH] +CVE-2017-17853 (kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local ...) - linux 4.14.7-1 [stretch] - linux (Vulnerable code introdued later) [jessie] - linux (Vulnerable code introdued later) [wheezy] - linux (Vulnerable code introdued later) NOTE: Fixed by: https://git.kernel.org/linus/4374f256ce8182019353c0c639bb8d0695b4c941 -CVE-2017-17852 [bpf: fix 32-bit ALU op verification] +CVE-2017-17852 (kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local ...) - linux 4.14.7-1 [stretch] - linux (Vulnerable code introdued later) [jessie] - linux (Vulnerable code introdued later) @@ -64,22 +78,28 @@ RESERVED CVE-2017-17832 (ServersCheck Monitoring Software before 14.2.3 is prone to a ...) TODO: check -CVE-2017-17843 +CVE-2017-17843 (An issue was discovered in Enigmail before 1.9.9 that allows remote ...) + {DSA-4070-1} - enigmail 2:1.9.9-1 NOTE: https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf -CVE-2017-17844 +CVE-2017-17844 (An issue was discovered in Enigmail before 1.9.9. A remote attacker can ...) + {DSA-4070-1} - enigmail 2:1.9.9-1 NOTE: https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf -CVE-2017-17845 +CVE-2017-17845 (An issue was discovered in Enigmail before 1.9.9. Improper Random ...) + {DSA-4070-1} - enigmail 2:1.9.9-1 NOTE: https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf -CVE-2017-17846 +CVE-2017-17846 (An issue was discovered in Enigmail before 1.9.9. Regular expressions ...) + {DSA-4070-1} - enigmail 2:1.9.9-1 NOTE: https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf -CVE-2017-17847 +CVE-2017-17847 (An issue was discovered in Enigmail before 1.9.9. Signature spoofing is ...) + {DSA-4070-1} - enigmail 2:1.9.9-1 NOTE: https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf -CVE-2017-17848 +CVE-2017-17848 (An issue was discovered in Enigmail before 1.9.9. In a variant of ...) + {DSA-4070-1} - enigmail 2:1.9.9-1 NOTE:
[Secure-testing-commits] r58850 - data/CVE
Author: sectracker Date: 2017-12-22 21:10:13 + (Fri, 22 Dec 2017) New Revision: 58850 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-12-22 20:17:24 UTC (rev 58849) +++ data/CVE/list 2017-12-22 21:10:13 UTC (rev 58850) @@ -1,5 +1,25 @@ -CVE-2017-17832 +CVE-2017-17842 RESERVED +CVE-2017-17841 + RESERVED +CVE-2017-17840 (An issue was discovered in Open-iSCSI through 2.0.875. A local attacker ...) + TODO: check +CVE-2017-17839 + RESERVED +CVE-2017-17838 + RESERVED +CVE-2017-17837 + RESERVED +CVE-2017-17836 + RESERVED +CVE-2017-17835 + RESERVED +CVE-2017-17834 + RESERVED +CVE-2017-17833 + RESERVED +CVE-2017-17832 (ServersCheck Monitoring Software before 14.2.3 is prone to a ...) + TODO: check CVE-2017- [Multiple Enigmail issues] - enigmail 2:1.9.9-1 [stretch] - enigmail 2:1.9.9-1~deb9u1 @@ -8325,8 +8345,8 @@ RESERVED CVE-2017-17011 RESERVED -CVE-2017-17010 - RESERVED +CVE-2017-17010 (Untrusted search path vulnerability in Content Manager Assistant for ...) + TODO: check CVE-2017-17009 RESERVED CVE-2017-17008 @@ -8359,15 +8379,13 @@ [wheezy] - eglibc (Minor issue) NOTE: Upstream bug: https://sourceware.org/bugzilla/show_bug.cgi?id=22625 NOTE: Proposed patch: https://sourceware.org/ml/libc-alpha/2017-12/msg00528.html -CVE-2017-16996 - RESERVED +CVE-2017-16996 (kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local ...) - linux 4.14.7-1 [stretch] - linux (Vulnerable code introduced later) [jessie] - linux (Vulnerable code introduced later) [wheezy] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/0c17d1d2c61936401f4702e1846e2c19b200f958 -CVE-2017-16995 - RESERVED +CVE-2017-16995 (The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel ...) - linux 4.14.7-1 [jessie] - linux (Vulnerable code introduced later) [wheezy] - linux (Vulnerable code introduced later) @@ -10307,8 +10325,8 @@ RESERVED CVE-2017-16767 RESERVED -CVE-2017-16766 - RESERVED +CVE-2017-16766 (An improper access control vulnerability in synodsmnotify in Synology ...) + TODO: check CVE-2017-16765 (XSS exists on D-Link DWR-933 1.00(WW)B17 devices via cgi-bin/gui.cgi. ...) NOT-FOR-US: D-Link CVE-2017-16764 (An exploitable vulnerability exists in the YAML parsing functionality ...) @@ -14306,50 +14324,50 @@ RESERVED CVE-2017-15329 RESERVED -CVE-2017-15328 - RESERVED +CVE-2017-15328 (Huawei HG8245H version earlier than V300R018C00SPC110 has an ...) + TODO: check CVE-2017-15327 RESERVED CVE-2017-15326 RESERVED CVE-2017-15325 RESERVED -CVE-2017-15324 - RESERVED +CVE-2017-15324 (Huawei S12700 V200R006C00, V200R007C00, V200R007C01, V200R007C20, ...) + TODO: check CVE-2017-15323 RESERVED -CVE-2017-15322 - RESERVED -CVE-2017-15321 - RESERVED -CVE-2017-15320 - RESERVED -CVE-2017-15319 - RESERVED -CVE-2017-15318 - RESERVED -CVE-2017-15317 - RESERVED -CVE-2017-15316 - RESERVED +CVE-2017-15322 (Some Huawei smartphones with software of BGO-L03C158B003CUSTC158D001 ...) + TODO: check +CVE-2017-15321 (Huawei FusionSphere OpenStack V100R006C000SPC102 (NFV) has an ...) + TODO: check +CVE-2017-15320 (RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, ...) + TODO: check +CVE-2017-15319 (RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, ...) + TODO: check +CVE-2017-15318 (RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, ...) + TODO: check +CVE-2017-15317 (AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR1200 ...) + TODO: check +CVE-2017-15316 (The GPU driver of Mate 9 Huawei smart phones with software before ...) + TODO: check CVE-2017-15315 RESERVED CVE-2017-15314 RESERVED -CVE-2017-15313 - RESERVED -CVE-2017-15312 - RESERVED -CVE-2017-15311 - RESERVED -CVE-2017-15310 - RESERVED -CVE-2017-15309 - RESERVED -CVE-2017-15308 - RESERVED -CVE-2017-15307 - RESERVED +CVE-2017-15313 (Huawei SmartCare V200R003C10 has a CSV injection vulnerability. An ...) + TODO: check +CVE-2017-15312 (Huawei SmartCare V200R003C10 has a stored XSS (cross-site scripting) ...) + TODO: check +CVE-2017-15311 (The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro ...) + TODO: check +CVE-2017-15310 (Huawei iReader app before 8.0.2.301 has an arbitrary file deletion ...) + TODO: check +CVE-2017-15309 (Huawei iReader app before 8.0.2.301 has a path traversal vulnerability ...) + TODO: check +CVE-2017-15308 (Huawei
[Secure-testing-commits] r58834 - data/CVE
Author: sectracker Date: 2017-12-22 09:10:16 + (Fri, 22 Dec 2017) New Revision: 58834 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-12-22 08:55:48 UTC (rev 58833) +++ data/CVE/list 2017-12-22 09:10:16 UTC (rev 58834) @@ -10387,8 +10387,8 @@ RESERVED CVE-2017-16728 RESERVED -CVE-2017-16727 - RESERVED +CVE-2017-16727 (A Credentials Management issue was discovered in Moxa NPort W2150A ...) + TODO: check CVE-2017-16726 RESERVED CVE-2017-16725 (A Stack-based Buffer Overflow issue was discovered in Xiongmai ...) @@ -17343,8 +17343,8 @@ RESERVED CVE-2017-14364 RESERVED -CVE-2017-14363 - RESERVED +CVE-2017-14363 (Cross-Site Scripting (XSS) vulnerability has been identified in Micro ...) + TODO: check CVE-2017-14362 (Cross-Site Request Forgery vulnerability in Micro Focus Project and ...) NOT-FOR-US: Micro Focus Project and Portfolio Management Center CVE-2017-14361 (Man-In-The-Middle vulnerability in Micro Focus Project and Portfolio ...) @@ -20624,6 +20624,7 @@ NOTE: https://github.com/wolfSSL/wolfssl/pull/1229 NOTE: https://robotattack.org/ CVE-2017-13098 (BouncyCastle TLS prior to version 1.0.3, when configured to use the ...) + {DSA-4072-1} - bouncycastle 1.58-1 (bug #884241) [jessie] - bouncycastle (Vulnerable code introduced in 1.56 with tls API addition) [wheezy] - bouncycastle (Vulnerable code not present) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58823 - data/CVE
Author: sectracker Date: 2017-12-21 21:10:19 + (Thu, 21 Dec 2017) New Revision: 58823 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-12-21 20:20:47 UTC (rev 58822) +++ data/CVE/list 2017-12-21 21:10:19 UTC (rev 58823) @@ -1,3 +1,5 @@ +CVE-2017-17832 + RESERVED CVE-2017- [Multiple Enigmail issues] - enigmail 2:1.9.9-1 [jessie] - enigmail 2:1.9.9-1~deb8u1 @@ -2849,8 +2851,8 @@ NOT-FOR-US: Techno - Portfolio Management Panel CVE-2017-17693 (Techno - Portfolio Management Panel through 2017-11-16 does not check ...) NOT-FOR-US: Techno - Portfolio Management Panel -CVE-2017-17692 - RESERVED +CVE-2017-17692 (Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass ...) + TODO: check CVE-2017-17691 RESERVED CVE-2017-17690 @@ -5355,7 +5357,7 @@ NOTE: https://sources.debian.org/src/texlive-bin/2016.20160513.41080.dfsg-2/texk/texlive/linked_scripts/context/stubs/unix/mtxrun/#L3004 NOTE: https://sources.debian.org/src/context/2017.05.15.20170613-2/texmf-dist/scripts/context/stubs/mswin/mtxrun.lua/?hl=3424#L3424 CVE-2017-17512 (sensible-browser in sensible-utils before 0.0.11 does not validate ...) - {DLA-1209-1} + {DSA-4071-1 DLA-1209-1} - sensible-utils 0.0.11 (bug #881767) NOTE: https://anonscm.debian.org/git/collab-maint/sensible-utils.git/commit/?id=e16c937c43126df7f08d355277f99dd94cc21ce5 CVE-2017-17511 (KildClient 3.1.0 does not validate strings before launching the program ...) @@ -6086,14 +6088,14 @@ RESERVED CVE-2017-17412 RESERVED -CVE-2017-17411 - RESERVED -CVE-2017-17410 - RESERVED -CVE-2017-17409 - RESERVED -CVE-2017-17408 - RESERVED +CVE-2017-17411 (This vulnerability allows remote attackers to execute arbitrary code ...) + TODO: check +CVE-2017-17410 (This vulnerability allows remote attackers to execute arbitrary code ...) + TODO: check +CVE-2017-17409 (This vulnerability allows remote attackers to execute arbitrary code ...) + TODO: check +CVE-2017-17408 (This vulnerability allows remote attackers to execute arbitrary code ...) + TODO: check CVE-2017-17407 RESERVED CVE-2017-17406 @@ -7583,18 +7585,22 @@ CVE-2017-17089 RESERVED CVE-2017-17091 (wp-admin/user-new.php in WordPress before 4.9.1 sets the newbloguser ...) + {DLA-1216-1} - wordpress 4.9.1+dfsg-1 (bug #883314) NOTE: https://github.com/WordPress/WordPress/commit/eaf1cfdc1fe0bdffabd8d879c591b864d833326c NOTE: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/ CVE-2017-17093 (wp-includes/general-template.php in WordPress before 4.9.1 does not ...) + {DLA-1216-1} - wordpress 4.9.1+dfsg-1 (bug #883314) NOTE: https://github.com/WordPress/WordPress/commit/3713ac5ebc90fb2011e98dfd691420f43da6c09a NOTE: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/ CVE-2017-17094 (wp-includes/feed.php in WordPress before 4.9.1 does not properly ...) + {DLA-1216-1} - wordpress 4.9.1+dfsg-1 (bug #883314) NOTE: https://github.com/WordPress/WordPress/commit/f1de7e42df29395c3314bf85bff3d1f4f90541de NOTE: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/ CVE-2017-17092 (wp-includes/functions.php in WordPress before 4.9.1 does not require ...) + {DLA-1216-1} - wordpress 4.9.1+dfsg-1 (bug #883314) NOTE: https://github.com/WordPress/WordPress/commit/67d03a98c2cae5f41843c897f206adde299b0509 NOTE: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/ @@ -7822,20 +7828,20 @@ RESERVED CVE-2017-17034 RESERVED -CVE-2017-17033 - RESERVED -CVE-2017-17032 - RESERVED -CVE-2017-17031 - RESERVED -CVE-2017-17030 - RESERVED -CVE-2017-17029 - RESERVED -CVE-2017-17028 - RESERVED -CVE-2017-17027 - RESERVED +CVE-2017-17033 (A buffer overflow vulnerability in password function in QNAP QTS ...) + TODO: check +CVE-2017-17032 (A buffer overflow vulnerability in password function in QNAP QTS ...) + TODO: check +CVE-2017-17031 (A buffer overflow vulnerability in password function in QNAP QTS ...) + TODO: check +CVE-2017-17030 (A buffer overflow vulnerability in login function in QNAP QTS version ...) + TODO: check +CVE-2017-17029 (A buffer overflow vulnerability in login function in QNAP QTS version ...) + TODO: check +CVE-2017-17028 (A buffer overflow vulnerability in external device function in QNAP ...) + TODO: check +CVE-2017-17027 (A buffer overflow vulnerability in FTP service in QNAP QTS version ...) + TODO: check CVE-2017-17045 (An issue was discovered in Xen through
[Secure-testing-commits] r58770 - data/CVE
Author: sectracker Date: 2017-12-21 09:10:13 + (Thu, 21 Dec 2017) New Revision: 58770 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-12-21 09:04:18 UTC (rev 58769) +++ data/CVE/list 2017-12-21 09:10:13 UTC (rev 58770) @@ -1,3 +1,51 @@ +CVE-2017-17831 (GitHub Git LFS before 2.1.1 allows remote attackers to execute ...) + TODO: check +CVE-2017-17830 (Bus Booking Script has CSRF via admin/new_master.php. ...) + TODO: check +CVE-2017-17829 (Bus Booking Script has SQL Injection via the admin/view_seatseller.php ...) + TODO: check +CVE-2017-17828 (Bus Booking Script has XSS via the results.php datepicker parameter or ...) + TODO: check +CVE-2017-17827 (Piwigo 2.9.2 is vulnerable to Cross-Site Request Forgery via ...) + TODO: check +CVE-2017-17826 (The Configuration component of Piwigo 2.9.2 is vulnerable to Persistent ...) + TODO: check +CVE-2017-17825 (The Batch Manager component of Piwigo 2.9.2 is vulnerable to Persistent ...) + TODO: check +CVE-2017-17824 (The Batch Manager component of Piwigo 2.9.2 is vulnerable to SQL ...) + TODO: check +CVE-2017-17823 (The Configuration component of Piwigo 2.9.2 is vulnerable to SQL ...) + TODO: check +CVE-2017-17822 (The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via ...) + TODO: check +CVE-2017-17821 (WTF/wtf/FastBitVector.h in WebKit, as distributed in Safari Technology ...) + TODO: check +CVE-2017-17820 (In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in ...) + TODO: check +CVE-2017-17819 (In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access ...) + TODO: check +CVE-2017-17818 (In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer ...) + TODO: check +CVE-2017-17817 (In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in ...) + TODO: check +CVE-2017-17816 (In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in ...) + TODO: check +CVE-2017-17815 (In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access ...) + TODO: check +CVE-2017-17814 (In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in ...) + TODO: check +CVE-2017-17813 (In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in the ...) + TODO: check +CVE-2017-17812 (In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer ...) + TODO: check +CVE-2017-17811 (In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer ...) + TODO: check +CVE-2017-17810 (In Netwide Assembler (NASM) 2.14rc0, there is a SEGV on unknown ...) + TODO: check +CVE-2017-17809 (In Golden Frog VyprVPN before 2.15.0.5828 for macOS, the vyprvpnservice ...) + TODO: check +CVE-2017-17808 + RESERVED CVE-2018-3599 RESERVED CVE-2018-3598 @@ -78,13 +126,13 @@ RESERVED CVE-2018-3560 RESERVED -CVE-2017-17807 [KEYS: add missing permission check for request_key() destination] +CVE-2017-17807 (The KEYS subsystem in the Linux kernel before 4.14.6 omitted an ...) - linux NOTE: Fixed by: https://git.kernel.org/linus/4dca6ea1d9432052afb06baf2e3ae78188a4410b (v4.15-rc3) -CVE-2017-17806 [crypto: hmac - require that the underlying hash algorithm is unkeyed] +CVE-2017-17806 (The HMAC implementation (crypto/hmac.c) in the Linux kernel before ...) - linux NOTE: Fixed by: https://git.kernel.org/linus/af3ff8045bbf3e32f1a448542e73abb4c8ceb6f1 (v4.15-rc4) -CVE-2017-17805 [crypto: salsa20 - fix blkcipher_walk API usage] +CVE-2017-17805 (The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does ...) - linux NOTE: Fixed by: https://git.kernel.org/linus/ecaaab5649781c5a0effdaf298a925063020500e (4.15-rc4) CVE-2017-17804 (In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows ...) @@ -178,7 +226,7 @@ CVE-2017-17761 (An issue was discovered on Ichano AtHome IP Camera devices. The device ...) NOT-FOR-US: Ichano AtHome IP Camera CVE-2017-17476 (Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x before ...) - {DSA-4069-1} + {DSA-4069-1 DLA-1215-1} - otrs2 6.0.3-1 (bug #884801) NOTE: https://www.otrs.com/security-advisory-2017-10-security-update-otrs-framework/ NOTE: OTRS-6: https://github.com/OTRS/otrs/commit/36e3be99cfe8a9e09afa1b75fdc39f3e28f561fc @@ -5885,7 +5933,7 @@ [wheezy] - eglibc (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2017/12/11/4 CVE-2017-17432 (OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, ...) - {DSA-4067-1} + {DSA-4067-1 DLA-1213-1} - openafs 1.6.22-1 (bug #883602) NOTE: https://www.openafs.org/pages/security/OPENAFS-SA-2017-001.txt CVE-2018-1180 @@ -9913,7 +9961,8 @@
[Secure-testing-commits] r58740 - data/CVE
Author: sectracker Date: 2017-12-20 21:10:12 + (Wed, 20 Dec 2017) New Revision: 58740 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-12-20 20:37:38 UTC (rev 58739) +++ data/CVE/list 2017-12-20 21:10:12 UTC (rev 58740) @@ -78,42 +78,42 @@ RESERVED CVE-2018-3560 RESERVED -CVE-2017-17804 - RESERVED -CVE-2017-17803 - RESERVED -CVE-2017-17802 - RESERVED -CVE-2017-17801 - RESERVED -CVE-2017-17800 - RESERVED -CVE-2017-17799 - RESERVED -CVE-2017-17798 - RESERVED -CVE-2017-17797 - RESERVED -CVE-2017-17796 - RESERVED -CVE-2017-17795 - RESERVED -CVE-2017-17794 - RESERVED -CVE-2017-17793 - RESERVED -CVE-2017-17792 - RESERVED +CVE-2017-17804 (In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows ...) + TODO: check +CVE-2017-17803 (In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) ...) + TODO: check +CVE-2017-17802 (In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) ...) + TODO: check +CVE-2017-17801 (In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) ...) + TODO: check +CVE-2017-17800 (In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) ...) + TODO: check +CVE-2017-17799 (In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) ...) + TODO: check +CVE-2017-17798 (In TG Soft Vir.IT eXplorer Lite 8.5.42, the driver file (VIRAGTLT.SYS) ...) + TODO: check +CVE-2017-17797 (In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows ...) + TODO: check +CVE-2017-17796 (In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) ...) + TODO: check +CVE-2017-17795 (In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows ...) + TODO: check +CVE-2017-17794 (validate_form_preferences in admin/preferences.php in BlogoText through ...) + TODO: check +CVE-2017-17793 (Information Disclosure vulnerability in creer_fichier_zip in ...) + TODO: check +CVE-2017-17792 (Cross site scripting (XSS) vulnerability in the markup_clean_href ...) + TODO: check CVE-2017-17791 RESERVED -CVE-2017-17790 - RESERVED -CVE-2017-17783 - RESERVED -CVE-2017-17782 - RESERVED -CVE-2017-17781 - RESERVED +CVE-2017-17790 (The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 ...) + TODO: check +CVE-2017-17783 (In GraphicsMagick 1.3.27a, there is a buffer over-read in ReadPALMImage ...) + TODO: check +CVE-2017-17782 (In GraphicsMagick 1.3.27a, there is a heap-based buffer over-read in ...) + TODO: check +CVE-2017-17781 (In Horde Groupware through 5.2.22, SQL Injection exists via the group ...) + TODO: check CVE-2017-17780 (The Clockwork SMS clockwork-test-message.php component has XSS via a ...) NOT-FOR-US: Clockwork SMS plugins for WordPress CVE-2017-17779 (Paid To Read Script 2.0.5 has SQL injection via the referrals.php id ...) @@ -154,20 +154,18 @@ RESERVED CVE-2017-17761 (An issue was discovered on Ichano AtHome IP Camera devices. The device ...) NOT-FOR-US: Ichano AtHome IP Camera -CVE-2017-17476 [OSA-2017-10: Session hijacking] - RESERVED +CVE-2017-17476 (Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x before ...) + {DSA-4069-1} - otrs2 6.0.3-1 (bug #884801) NOTE: https://www.otrs.com/security-advisory-2017-10-security-update-otrs-framework/ NOTE: OTRS-6: https://github.com/OTRS/otrs/commit/36e3be99cfe8a9e09afa1b75fdc39f3e28f561fc NOTE: OTRS-5: https://github.com/OTRS/otrs/commit/720c73fbf53e476ca7dfdf2ae1d4d3d2aad2b953 NOTE: OTRS-4: https://github.com/OTRS/otrs/commit/26707eaaa791648e6c7ad6aeaa27efd70e7c66eb -CVE-2017-17785 [gimp: Heap overflow in FLI import] - RESERVED +CVE-2017-17785 (In GIMP 2.8.22, there is a heap-based buffer overflow in the ...) - gimp (bug #884836) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=739133 NOTE: Can be reproduced (at least in wheezy) with "valgrind --trace-children=yes gimp " -CVE-2017-17786 [gimp: OOB read in TGA] - RESERVED +CVE-2017-17786 (In GIMP 2.8.22, there is a heap-based buffer over-read in ReadImage in ...) - gimp (unimportant; bug #884862) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=739134 NOTE: https://git.gnome.org/browse/gimp/commit/?id=674b62ad45b6579ec6d7923dc3cb1ef4e8b5498b (master) @@ -175,27 +173,23 @@ NOTE: https://git.gnome.org/browse/gimp/commit/?h=gimp-2-8=ef9c821fff8b637a2178eab1c78cae6764c50e12 (gimp-2-8) NOTE: https://git.gnome.org/browse/gimp/commit/?h=gimp-2-8=22e2571c25425f225abdb11a566cc281fca6f366 (gimp-2-8) NOTE: Crash in desktop tool, no/negligable security impact
[Secure-testing-commits] r58716 - data/CVE
Author: sectracker Date: 2017-12-20 09:10:13 + (Wed, 20 Dec 2017) New Revision: 58716 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-12-20 05:56:12 UTC (rev 58715) +++ data/CVE/list 2017-12-20 09:10:13 UTC (rev 58716) @@ -1,3 +1,159 @@ +CVE-2018-3599 + RESERVED +CVE-2018-3598 + RESERVED +CVE-2018-3597 + RESERVED +CVE-2018-3596 + RESERVED +CVE-2018-3595 + RESERVED +CVE-2018-3594 + RESERVED +CVE-2018-3593 + RESERVED +CVE-2018-3592 + RESERVED +CVE-2018-3591 + RESERVED +CVE-2018-3590 + RESERVED +CVE-2018-3589 + RESERVED +CVE-2018-3588 + RESERVED +CVE-2018-3587 + RESERVED +CVE-2018-3586 + RESERVED +CVE-2018-3585 + RESERVED +CVE-2018-3584 + RESERVED +CVE-2018-3583 + RESERVED +CVE-2018-3582 + RESERVED +CVE-2018-3581 + RESERVED +CVE-2018-3580 + RESERVED +CVE-2018-3579 + RESERVED +CVE-2018-3578 + RESERVED +CVE-2018-3577 + RESERVED +CVE-2018-3576 + RESERVED +CVE-2018-3575 + RESERVED +CVE-2018-3574 + RESERVED +CVE-2018-3573 + RESERVED +CVE-2018-3572 + RESERVED +CVE-2018-3571 + RESERVED +CVE-2018-3570 + RESERVED +CVE-2018-3569 + RESERVED +CVE-2018-3568 + RESERVED +CVE-2018-3567 + RESERVED +CVE-2018-3566 + RESERVED +CVE-2018-3565 + RESERVED +CVE-2018-3564 + RESERVED +CVE-2018-3563 + RESERVED +CVE-2018-3562 + RESERVED +CVE-2018-3561 + RESERVED +CVE-2018-3560 + RESERVED +CVE-2017-17804 + RESERVED +CVE-2017-17803 + RESERVED +CVE-2017-17802 + RESERVED +CVE-2017-17801 + RESERVED +CVE-2017-17800 + RESERVED +CVE-2017-17799 + RESERVED +CVE-2017-17798 + RESERVED +CVE-2017-17797 + RESERVED +CVE-2017-17796 + RESERVED +CVE-2017-17795 + RESERVED +CVE-2017-17794 + RESERVED +CVE-2017-17793 + RESERVED +CVE-2017-17792 + RESERVED +CVE-2017-17791 + RESERVED +CVE-2017-17790 + RESERVED +CVE-2017-17783 + RESERVED +CVE-2017-17782 + RESERVED +CVE-2017-17781 + RESERVED +CVE-2017-17780 (The Clockwork SMS clockwork-test-message.php component has XSS via a ...) + TODO: check +CVE-2017-17779 (Paid To Read Script 2.0.5 has SQL injection via the referrals.php id ...) + TODO: check +CVE-2017-17778 (Paid To Read Script 2.0.5 has XSS via the referrals.php tier parameter ...) + TODO: check +CVE-2017-1 (Paid To Read Script 2.0.5 has authentication bypass in the admin panel ...) + TODO: check +CVE-2017-17776 (Paid To Read Script 2.0.5 has full path disclosure via an invalid ...) + TODO: check +CVE-2017-17775 (Piwigo 2.9.2 has XSS via the name parameter in an ...) + TODO: check +CVE-2017-17774 (admin/configuration.php in Piwigo 2.9.2 has CSRF. ...) + TODO: check +CVE-2017-17773 + RESERVED +CVE-2017-17772 + RESERVED +CVE-2017-17771 + RESERVED +CVE-2017-17770 + RESERVED +CVE-2017-17769 + RESERVED +CVE-2017-17768 + RESERVED +CVE-2017-17767 + RESERVED +CVE-2017-17766 + RESERVED +CVE-2017-17765 + RESERVED +CVE-2017-17764 + RESERVED +CVE-2017-17763 (SuperBeam through 4.1.3, when using the LAN or WiFi Direct Share ...) + TODO: check +CVE-2017-17762 + RESERVED +CVE-2017-17761 (An issue was discovered on Ichano AtHome IP Camera devices. The device ...) + TODO: check CVE-2017-17476 [OSA-2017-10: Session hijacking] RESERVED - otrs2 (bug #884801) @@ -6,24 +162,30 @@ NOTE: OTRS-5: https://github.com/OTRS/otrs/commit/720c73fbf53e476ca7dfdf2ae1d4d3d2aad2b953 NOTE: OTRS-4: https://github.com/OTRS/otrs/commit/26707eaaa791648e6c7ad6aeaa27efd70e7c66eb CVE-2017-17785 [gimp: Heap overflow in FLI import] + RESERVED - gimp NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=739133 CVE-2017-17786 [gimp: OOB read in TGA] + RESERVED - gimp (unimportant) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=739134 NOTE: Crash in desktop tool, no/negligable security impact CVE-2017-17788 [gimp: OOB read in XCF] + RESERVED - gimp (unimportant) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=790783 NOTE: Crash in desktop tool, no/negligable security impact CVE-2017-17784 [gimp: OOB read in GBR] + RESERVED - gimp (unimportant) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=790784 NOTE: Crash in desktop tool, no/negligable security impact CVE-2017-17789 [gimp: Heap overflow in PSP] + RESERVED - gimp NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=790849 CVE-2017-17787 [gimp: OOB read in PSP] + RESERVED - gimp (unimportant) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=790853
[Secure-testing-commits] r58704 - data/CVE
Author: sectracker Date: 2017-12-19 21:10:14 + (Tue, 19 Dec 2017) New Revision: 58704 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-12-19 21:07:14 UTC (rev 58703) +++ data/CVE/list 2017-12-19 21:10:14 UTC (rev 58704) @@ -1,4 +1,5 @@ CVE-2017-17476 [OSA-2017-10: Session hijacking] + RESERVED - otrs2 (bug #884801) NOTE: https://www.otrs.com/security-advisory-2017-10-security-update-otrs-framework/ NOTE: OTRS-6: https://github.com/OTRS/otrs/commit/36e3be99cfe8a9e09afa1b75fdc39f3e28f561fc @@ -40,8 +41,8 @@ RESERVED CVE-2017-17754 RESERVED -CVE-2017-17753 - RESERVED +CVE-2017-17753 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) + TODO: check CVE-2017-17752 RESERVED CVE-2017-17751 @@ -58,8 +59,8 @@ RESERVED CVE-2017-17745 RESERVED -CVE-2017-17744 - RESERVED +CVE-2017-17744 (A cross-site scripting (XSS) vulnerability in the custom-map plugin ...) + TODO: check CVE-2017-17743 RESERVED CVE-2017-17742 @@ -111,8 +112,8 @@ NOT-FOR-US: ZUUSE BEIMS ContractorWeb .NET CVE-2017-17720 RESERVED -CVE-2017-17719 - RESERVED +CVE-2017-17719 (A cross-site scripting (XSS) vulnerability in the wp-concours plugin ...) + TODO: check CVE-2017-17718 (The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL ...) - ruby-net-ldap (bug #884693) [jessie] - ruby-net-ldap (Doc always said that there is no validation) @@ -4976,7 +4977,7 @@ CVE-2017-17534 (uiutil.c in Mensis 0.0.080507 does not validate strings before ...) - mensis (unimportant) NOTE: https://sources.debian.org/src/mensis/0.0.080507-4/uiutil.c/?hl=293#L428 -CVE-2017-17533 (default.tcl in Tkabber 1.1 does not validate strings before launching ...) +CVE-2017-17533 (** DISPUTED ** default.tcl in Tkabber 1.1 does not validate strings ...) - tkabber NOTE: https://sources.debian.org/src/tkabber/1.1-1/default.tcl/?hl=118#L118 NOTE: TCL's exec call does not involve the shell. It does its own argument parsing which safely forwards the content of any variable. No command injection is thus possible. See https://tcl.tk/man/tcl/TclCmd/exec.htm @@ -7316,8 +7317,8 @@ - tiff3 (unimportant) NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2750 NOTE: Crash in CLI tool not treated as a security issue -CVE-2017-17088 - RESERVED +CVE-2017-17088 (The Enterprise version of SyncBreeze 10.2.12 and earlier is affected ...) + TODO: check CVE-2017-17087 (fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp ...) - vim [stretch] - vim (Minor issue) @@ -9096,7 +9097,7 @@ CVE-2017-16922 RESERVED CVE-2017-16921 (In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including ...) - {DSA-4066-1} + {DSA-4066-1 DLA-1212-1} - otrs2 6.0.2-1 (bug #883774) NOTE: https://www.otrs.com/security-advisory-2017-09-security-update-otrs-framework/ NOTE: https://bugs.otrs.org/show_bug.cgi?id=13357 @@ -9721,7 +9722,7 @@ CVE-2017-16855 (Ipsilon before 2.1.0 has a SAML2 multi-session vulnerability. ...) - ipsilon (bug #826838) CVE-2017-16854 (In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4.0.26, ...) - {DSA-4066-1} + {DSA-4066-1 DLA-1212-1} - otrs2 6.0.2-1 NOTE: https://www.otrs.com/security-advisory-2017-08-security-update-otrs-framework/ NOTE: https://bugs.otrs.org/show_bug.cgi?id=13347 @@ -9959,8 +9960,8 @@ TODO: check CVE-2017-16787 (The Web Configuration Utility in Meinberg LANTIME devices with ...) TODO: check -CVE-2017-16786 - RESERVED +CVE-2017-16786 (The Web Configuration Utility in Meinberg LANTIME devices with ...) + TODO: check CVE-2017-16784 (In CMS Made Simple 2.2.2, there is Reflected XSS via the ...) NOT-FOR-US: CMS Made Simple CVE-2017-16783 (In CMS Made Simple 2.1.6, there is Server-Side Template Injection via ...) @@ -10229,7 +10230,7 @@ CVE-2017-16665 (RemObjects Remoting SDK 9 1.0.0.0 for Delphi is vulnerable to a ...) NOT-FOR-US: RemObjects Remoting SDK CVE-2017-16664 (Code injection exists in Kernel/System/Spelling.pm in Open Ticket ...) - {DSA-4047-1} + {DSA-4047-1 DLA-1212-1} - otrs2 5.0.24-1 (bug #882370) NOTE: https://www.otrs.com/security-advisory-2017-07-security-update-otrs-framework/ NOTE: OTRS 5: https://github.com/OTRS/otrs/commit/4c36932d0c42343f21246a107e17a2ebbd9c2c7d @@ -12609,6 +12610,7 @@ CVE-2017-15865 (bgpd in FRRouting (FRR) before 2.0.2 and 3.x before 3.0.2, as used in ...) - frr (bug #863249) CVE-2017-15864 (In the Agent Frontend in Open Ticket Request System (OTRS) 3.3.x ...) + {DLA-1212-1} -
[Secure-testing-commits] r58639 - data/CVE
Author: sectracker Date: 2017-12-17 09:10:16 + (Sun, 17 Dec 2017) New Revision: 58639 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-12-17 08:30:31 UTC (rev 58638) +++ data/CVE/list 2017-12-17 09:10:16 UTC (rev 58639) @@ -8838,8 +8838,8 @@ NOT-FOR-US: K-Multimedia Player CVE-2017-16951 (Winamp Pro 5.66 Build 3512 allows remote attackers to cause a denial ...) NOT-FOR-US: Winamp -CVE-2017-16950 - RESERVED +CVE-2017-16950 (Cross - site scripting (XSS) vulnerability in UrBackup Server before ...) + TODO: check CVE-2017-16949 RESERVED CVE-2017-16948 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58564 - data/CVE
Author: sectracker Date: 2017-12-14 09:10:20 + (Thu, 14 Dec 2017) New Revision: 58564 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-12-14 08:57:08 UTC (rev 58563) +++ data/CVE/list 2017-12-14 09:10:20 UTC (rev 58564) @@ -1,3 +1,2039 @@ +CVE-2018-2359 + RESERVED +CVE-2018-2358 + RESERVED +CVE-2018-2357 + RESERVED +CVE-2018-2356 + RESERVED +CVE-2018-2355 + RESERVED +CVE-2018-2354 + RESERVED +CVE-2018-2353 + RESERVED +CVE-2018-2352 + RESERVED +CVE-2018-2351 + RESERVED +CVE-2018-2350 + RESERVED +CVE-2018-2349 + RESERVED +CVE-2018-2348 + RESERVED +CVE-2018-2347 + RESERVED +CVE-2018-2346 + RESERVED +CVE-2018-2345 + RESERVED +CVE-2018-2344 + RESERVED +CVE-2018-2343 + RESERVED +CVE-2018-2342 + RESERVED +CVE-2018-2341 + RESERVED +CVE-2018-2340 + RESERVED +CVE-2018-2339 + RESERVED +CVE-2018-2338 + RESERVED +CVE-2018-2337 + RESERVED +CVE-2018-2336 + RESERVED +CVE-2018-2335 + RESERVED +CVE-2018-2334 + RESERVED +CVE-2018-2333 + RESERVED +CVE-2018-2332 + RESERVED +CVE-2018-2331 + RESERVED +CVE-2018-2330 + RESERVED +CVE-2018-2329 + RESERVED +CVE-2018-2328 + RESERVED +CVE-2018-2327 + RESERVED +CVE-2018-2326 + RESERVED +CVE-2018-2325 + RESERVED +CVE-2018-2324 + RESERVED +CVE-2018-2323 + RESERVED +CVE-2018-2322 + RESERVED +CVE-2018-2321 + RESERVED +CVE-2018-2320 + RESERVED +CVE-2018-2319 + RESERVED +CVE-2018-2318 + RESERVED +CVE-2018-2317 + RESERVED +CVE-2018-2316 + RESERVED +CVE-2018-2315 + RESERVED +CVE-2018-2314 + RESERVED +CVE-2018-2313 + RESERVED +CVE-2018-2312 + RESERVED +CVE-2018-2311 + RESERVED +CVE-2018-2310 + RESERVED +CVE-2018-2309 + RESERVED +CVE-2018-2308 + RESERVED +CVE-2018-2307 + RESERVED +CVE-2018-2306 + RESERVED +CVE-2018-2305 + RESERVED +CVE-2018-2304 + RESERVED +CVE-2018-2303 + RESERVED +CVE-2018-2302 + RESERVED +CVE-2018-2301 + RESERVED +CVE-2018-2300 + RESERVED +CVE-2018-2299 + RESERVED +CVE-2018-2298 + RESERVED +CVE-2018-2297 + RESERVED +CVE-2018-2296 + RESERVED +CVE-2018-2295 + RESERVED +CVE-2018-2294 + RESERVED +CVE-2018-2293 + RESERVED +CVE-2018-2292 + RESERVED +CVE-2018-2291 + RESERVED +CVE-2018-2290 + RESERVED +CVE-2018-2289 + RESERVED +CVE-2018-2288 + RESERVED +CVE-2018-2287 + RESERVED +CVE-2018-2286 + RESERVED +CVE-2018-2285 + RESERVED +CVE-2018-2284 + RESERVED +CVE-2018-2283 + RESERVED +CVE-2018-2282 + RESERVED +CVE-2018-2281 + RESERVED +CVE-2018-2280 + RESERVED +CVE-2018-2279 + RESERVED +CVE-2018-2278 + RESERVED +CVE-2018-2277 + RESERVED +CVE-2018-2276 + RESERVED +CVE-2018-2275 + RESERVED +CVE-2018-2274 + RESERVED +CVE-2018-2273 + RESERVED +CVE-2018-2272 + RESERVED +CVE-2018-2271 + RESERVED +CVE-2018-2270 + RESERVED +CVE-2018-2269 + RESERVED +CVE-2018-2268 + RESERVED +CVE-2018-2267 + RESERVED +CVE-2018-2266 + RESERVED +CVE-2018-2265 + RESERVED +CVE-2018-2264 + RESERVED +CVE-2018-2263 + RESERVED +CVE-2018-2262 + RESERVED +CVE-2018-2261 + RESERVED +CVE-2018-2260 + RESERVED +CVE-2018-2259 + RESERVED +CVE-2018-2258 + RESERVED +CVE-2018-2257 + RESERVED +CVE-2018-2256 + RESERVED +CVE-2018-2255 + RESERVED +CVE-2018-2254 + RESERVED +CVE-2018-2253 + RESERVED +CVE-2018-2252 + RESERVED +CVE-2018-2251 + RESERVED +CVE-2018-2250 + RESERVED +CVE-2018-2249 + RESERVED +CVE-2018-2248 + RESERVED +CVE-2018-2247 + RESERVED +CVE-2018-2246 + RESERVED +CVE-2018-2245 + RESERVED +CVE-2018-2244 + RESERVED +CVE-2018-2243 + RESERVED +CVE-2018-2242 + RESERVED +CVE-2018-2241 + RESERVED +CVE-2018-2240 + RESERVED +CVE-2018-2239 + RESERVED +CVE-2018-2238 + RESERVED +CVE-2018-2237 + RESERVED +CVE-2018-2236 + RESERVED +CVE-2018-2235 + RESERVED +CVE-2018-2234 + RESERVED +CVE-2018-2233 + RESERVED +CVE-2018-2232 + RESERVED +CVE-2018-2231 + RESERVED +CVE-2018-2230 + RESERVED +CVE-2018-2229 + RESERVED +CVE-2018-2228 + RESERVED +CVE-2018-2227 + RESERVED +CVE-2018-2226 + RESERVED +CVE-2018-2225 + RESERVED +CVE-2018-2224 + RESERVED +CVE-2018-2223 + RESERVED +CVE-2018- + RESERVED +CVE-2018-2221 + RESERVED +CVE-2018-2220 + RESERVED +CVE-2018-2219 + RESERVED +CVE-2018-2218 + RESERVED +CVE-2018-2217 + RESERVED +CVE-2018-2216 + RESERVED +CVE-2018-2215 +
[Secure-testing-commits] r58534 - data/CVE
Author: sectracker Date: 2017-12-13 21:10:13 + (Wed, 13 Dec 2017) New Revision: 58534 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-12-13 21:09:49 UTC (rev 58533) +++ data/CVE/list 2017-12-13 21:10:13 UTC (rev 58534) @@ -1,9 +1,201 @@ -CVE-2017-17569 +CVE-2017-17665 (In Octopus Deploy before 4.1.3, the machine update process doesn't ...) + TODO: check +CVE-2017-17664 (A Remote Crash issue was discovered in Asterisk Open Source 13.x before ...) + TODO: check +CVE-2017-17663 RESERVED -CVE-2017-17568 +CVE-2017-17662 RESERVED -CVE-2017-17567 +CVE-2017-17661 RESERVED +CVE-2017-17660 + RESERVED +CVE-2017-17659 + RESERVED +CVE-2017-17658 + RESERVED +CVE-2017-17657 + RESERVED +CVE-2017-17656 + RESERVED +CVE-2017-17655 + RESERVED +CVE-2017-17654 + RESERVED +CVE-2017-17653 + RESERVED +CVE-2017-17652 + RESERVED +CVE-2017-17651 + RESERVED +CVE-2017-17650 + RESERVED +CVE-2017-17649 + RESERVED +CVE-2017-17648 (Entrepreneur Dating Script 2.0.1 has SQL Injection via the ...) + TODO: check +CVE-2017-17647 + RESERVED +CVE-2017-17646 + RESERVED +CVE-2017-17645 + RESERVED +CVE-2017-17644 + RESERVED +CVE-2017-17643 + RESERVED +CVE-2017-17642 (Basic Job Site Script 2.0.5 has SQL Injection via the keyword parameter ...) + TODO: check +CVE-2017-17641 (Resume Clone Script 2.0.5 has SQL Injection via the preview.php id ...) + TODO: check +CVE-2017-17640 (Advanced World Database 2.0.5 has SQL Injection via the city.php ...) + TODO: check +CVE-2017-17639 (Muslim Matrimonial Script 3.02 has SQL Injection via the ...) + TODO: check +CVE-2017-17638 (Groupon Clone Script 3.01 has SQL Injection via the city_ajax.php ...) + TODO: check +CVE-2017-17637 (Car Rental Script 2.0.4 has SQL Injection via the countrycode1.php val ...) + TODO: check +CVE-2017-17636 (MLM Forced Matrix 2.0.9 has SQL Injection via the news-detail.php newid ...) + TODO: check +CVE-2017-17635 (MLM Forex Market Plan Script 2.0.4 has SQL Injection via the ...) + TODO: check +CVE-2017-17634 (Single Theater Booking Script 3.2.1 has SQL Injection via the ...) + TODO: check +CVE-2017-17633 (Multiplex Movie Theater Booking Script 3.1.5 has SQL Injection via the ...) + TODO: check +CVE-2017-17632 (Responsive Events And Movie Ticket Booking Script 3.2.1 has SQL ...) + TODO: check +CVE-2017-17631 (Multireligion Responsive Matrimonial 4.7.2 has SQL Injection via the ...) + TODO: check +CVE-2017-17630 (Yoga Class Script 1.0 has SQL Injection via the /list city parameter. ...) + TODO: check +CVE-2017-17629 (Secure E-commerce Script 2.0.1 has SQL Injection via the category.php ...) + TODO: check +CVE-2017-17628 (Responsive Realestate Script 3.2 has SQL Injection via the ...) + TODO: check +CVE-2017-17627 (Readymade Video Sharing Script 3.2 has SQL Injection via the ...) + TODO: check +CVE-2017-17626 (Readymade PHP Classified Script 3.3 has SQL Injection via the ...) + TODO: check +CVE-2017-17625 (Professional Service Script 1.0 has SQL Injection via the service-list ...) + TODO: check +CVE-2017-17624 (PHP Multivendor Ecommerce 1.0 has SQL Injection via the ...) + TODO: check +CVE-2017-17623 (Opensource Classified Ads Script 3.2 has SQL Injection via the ...) + TODO: check +CVE-2017-17622 (Online Exam Test Application Script 1.6 has SQL Injection via the ...) + TODO: check +CVE-2017-17621 (Multivendor Penny Auction Clone Script 1.0 has SQL Injection via the ...) + TODO: check +CVE-2017-17620 (Lawyer Search Script 1.1 has SQL Injection via the /lawyer-list city ...) + TODO: check +CVE-2017-17619 (Laundry Booking Script 1.0 has SQL Injection via the /list city ...) + TODO: check +CVE-2017-17618 (Kickstarter Clone Script 2.0 has SQL Injection via the investcalc.php ...) + TODO: check +CVE-2017-17617 (Foodspotting Clone Script 1.0 has SQL Injection via the quicksearch.php ...) + TODO: check +CVE-2017-17616 (Event Search Script 1.0 has SQL Injection via the /event-list city ...) + TODO: check +CVE-2017-17615 (Facebook Clone Script 1.0 has SQL Injection via the friend-profile.php ...) + TODO: check +CVE-2017-17614 (Food Order Script 1.0 has SQL Injection via the /list city parameter. ...) + TODO: check +CVE-2017-17613 (Freelance Website Script 2.0.6 has SQL Injection via the jobdetails.php ...) + TODO: check +CVE-2017-17612 (Hot Scripts Clone 3.1 has SQL Injection via the /categories subctid or ...) + TODO: check +CVE-2017-17611 (Doctor Search Script 1.0 has SQL Injection via the /list city ...) + TODO: check +CVE-2017-17610 (E-commerce MLM Software 1.0 has SQL Injection via the ...) +
[Secure-testing-commits] r58410 - data/CVE
Author: sectracker Date: 2017-12-10 09:10:18 + (Sun, 10 Dec 2017) New Revision: 58410 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-12-10 07:19:30 UTC (rev 58409) +++ data/CVE/list 2017-12-10 09:10:18 UTC (rev 58410) @@ -1,3 +1,5 @@ +CVE-2017-17483 + RESERVED CVE-2017-17482 RESERVED CVE-2017-17481 @@ -6106,8 +6108,8 @@ [stretch] - libcatalyst-plugin-static-simple-perl (Minor issue) [jessie] - libcatalyst-plugin-static-simple-perl (Minor issue) NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=120558 -CVE-2017-16241 - RESERVED +CVE-2017-16241 (Incorrect access control in AMAG Symmetry Door Edge Network Controllers ...) + TODO: check CVE-2017-16240 RESERVED CVE-2017-17051 (An issue was discovered in the default FilterScheduler in OpenStack ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58381 - data/CVE
Author: sectracker Date: 2017-12-09 09:10:18 + (Sat, 09 Dec 2017) New Revision: 58381 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-12-09 09:06:37 UTC (rev 58380) +++ data/CVE/list 2017-12-09 09:10:18 UTC (rev 58381) @@ -1,3 +1,7 @@ +CVE-2017-17482 + RESERVED +CVE-2017-17481 + RESERVED CVE-2017-17480 (In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the ...) - openjpeg2 NOTE: https://github.com/uclouvain/openjpeg/issues/1044 @@ -5632,128 +5636,128 @@ RESERVED CVE-2017-16421 RESERVED -CVE-2017-16420 - RESERVED -CVE-2017-16419 - RESERVED -CVE-2017-16418 - RESERVED -CVE-2017-16417 - RESERVED -CVE-2017-16416 - RESERVED -CVE-2017-16415 - RESERVED -CVE-2017-16414 - RESERVED -CVE-2017-16413 - RESERVED -CVE-2017-16412 - RESERVED -CVE-2017-16411 - RESERVED -CVE-2017-16410 - RESERVED -CVE-2017-16409 - RESERVED -CVE-2017-16408 - RESERVED -CVE-2017-16407 - RESERVED -CVE-2017-16406 - RESERVED -CVE-2017-16405 - RESERVED -CVE-2017-16404 - RESERVED -CVE-2017-16403 - RESERVED -CVE-2017-16402 - RESERVED -CVE-2017-16401 - RESERVED -CVE-2017-16400 - RESERVED -CVE-2017-16399 - RESERVED -CVE-2017-16398 - RESERVED -CVE-2017-16397 - RESERVED -CVE-2017-16396 - RESERVED -CVE-2017-16395 - RESERVED -CVE-2017-16394 - RESERVED -CVE-2017-16393 - RESERVED -CVE-2017-16392 - RESERVED -CVE-2017-16391 - RESERVED -CVE-2017-16390 - RESERVED -CVE-2017-16389 - RESERVED -CVE-2017-16388 - RESERVED -CVE-2017-16387 - RESERVED -CVE-2017-16386 - RESERVED -CVE-2017-16385 - RESERVED -CVE-2017-16384 - RESERVED -CVE-2017-16383 - RESERVED -CVE-2017-16382 - RESERVED -CVE-2017-16381 - RESERVED -CVE-2017-16380 - RESERVED -CVE-2017-16379 - RESERVED -CVE-2017-16378 - RESERVED -CVE-2017-16377 - RESERVED -CVE-2017-16376 - RESERVED -CVE-2017-16375 - RESERVED -CVE-2017-16374 - RESERVED -CVE-2017-16373 - RESERVED -CVE-2017-16372 - RESERVED -CVE-2017-16371 - RESERVED -CVE-2017-16370 - RESERVED -CVE-2017-16369 - RESERVED -CVE-2017-16368 - RESERVED -CVE-2017-16367 - RESERVED -CVE-2017-16366 - RESERVED -CVE-2017-16365 - RESERVED -CVE-2017-16364 - RESERVED -CVE-2017-16363 - RESERVED -CVE-2017-16362 - RESERVED -CVE-2017-16361 - RESERVED -CVE-2017-16360 - RESERVED +CVE-2017-16420 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...) + TODO: check +CVE-2017-16419 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...) + TODO: check +CVE-2017-16418 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...) + TODO: check +CVE-2017-16417 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...) + TODO: check +CVE-2017-16416 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...) + TODO: check +CVE-2017-16415 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...) + TODO: check +CVE-2017-16414 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...) + TODO: check +CVE-2017-16413 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...) + TODO: check +CVE-2017-16412 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...) + TODO: check +CVE-2017-16411 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...) + TODO: check +CVE-2017-16410 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...) + TODO: check +CVE-2017-16409 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...) + TODO: check +CVE-2017-16408 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...) + TODO: check +CVE-2017-16407 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...) + TODO: check +CVE-2017-16406 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...) + TODO: check +CVE-2017-16405 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...) + TODO: check +CVE-2017-16404 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...) + TODO: check +CVE-2017-16403 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...) + TODO: check +CVE-2017-16402 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...) + TODO: check +CVE-2017-16401 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...) + TODO:
[Secure-testing-commits] r58369 - data/CVE
Author: sectracker Date: 2017-12-08 21:10:25 + (Fri, 08 Dec 2017) New Revision: 58369 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-12-08 19:20:32 UTC (rev 58368) +++ data/CVE/list 2017-12-08 21:10:25 UTC (rev 58369) @@ -1,3 +1,13 @@ +CVE-2017-17480 (In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the ...) + TODO: check +CVE-2017-17479 (In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the ...) + TODO: check +CVE-2017-17478 + RESERVED +CVE-2017-17477 + RESERVED +CVE-2017-17476 + RESERVED CVE-2017-17475 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a ...) NOT-FOR-US: TG Soft Vir.IT eXplorer Lite CVE-2017-17474 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a ...) @@ -3770,7 +3780,7 @@ - linux 4.13.13-1 NOTE: Fixed by: https://git.kernel.org/linus/1137b5e2529a8f5ca8ee709288ecba3e68044df2 CVE-2017-16938 (A global buffer overflow in OptiPNG 0.7.6 allows remote attackers to ...) - {DLA-1196-1} + {DSA-4058-1 DLA-1196-1} - optipng 0.7.6-1.1 (bug #878839) NOTE: https://sourceforge.net/p/optipng/bugs/69/ CVE-2017-16937 @@ -3831,8 +3841,7 @@ NOT-FOR-US: Shenzhen Tenda CVE-2017-16922 RESERVED -CVE-2017-16921 [OSA-2017-09: Remote code execution] - RESERVED +CVE-2017-16921 (In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including ...) - otrs2 6.0.2-1 (bug #883774) NOTE: https://www.otrs.com/security-advisory-2017-09-security-update-otrs-framework/ NOTE: https://bugs.otrs.org/show_bug.cgi?id=13357 @@ -4158,7 +4167,7 @@ NOTE: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1256 NOTE: https://git.nlnetlabs.nl/ldns/commit/?id=c8391790c96d4c8a2c10f9ab1460fda83b509fc2 CVE-2017-1000229 (Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 ...) - {DLA-1184-1} + {DSA-4058-1 DLA-1184-1} - optipng 0.7.6-1.1 (bug #882032) NOTE: https://sourceforge.net/p/optipng/bugs/65/ NOTE: Proposed patch: https://sourceforge.net/p/optipng/bugs/_discuss/thread/2a56b3aa/f6bb/attachment/0001-Prevent-integer-overflow-bug-65-CVE-2017-1000229.patch @@ -4441,8 +4450,7 @@ NOT-FOR-US: Atlassian Confluence CVE-2017-16855 (Ipsilon before 2.1.0 has a SAML2 multi-session vulnerability. ...) - ipsilon (bug #826838) -CVE-2017-16854 [OSA-2017-08: Information Disclosure] - RESERVED +CVE-2017-16854 (In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4.0.26, ...) - otrs2 6.0.2-1 NOTE: https://www.otrs.com/security-advisory-2017-08-security-update-otrs-framework/ NOTE: https://bugs.otrs.org/show_bug.cgi?id=13347 @@ -5099,6 +5107,7 @@ - swauth 1.2.0-4 (bug #882314) NOTE: https://bugs.launchpad.net/swift/+bug/1655781 CVE-2017-16612 (libXcursor before 1.1.15 has various integer overflows that could lead ...) + {DSA-4059-1} - libxcursor (bug #883792) NOTE: http://www.openwall.com/lists/oss-security/2017/11/28/6 NOTE: https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=4794b5dd34688158fb51a2943032569d3780c4b8 @@ -7196,16 +7205,16 @@ RESERVED CVE-2017-15896 RESERVED -CVE-2017-15895 - RESERVED -CVE-2017-15894 - RESERVED -CVE-2017-15893 - RESERVED +CVE-2017-15895 (Directory traversal vulnerability in the SYNO.FileStation.Extract in ...) + TODO: check +CVE-2017-15894 (Directory traversal vulnerability in the SYNO.FileStation.Extract in ...) + TODO: check +CVE-2017-15893 (Directory traversal vulnerability in the SYNO.FileStation.Extract in ...) + TODO: check CVE-2017-15892 RESERVED -CVE-2017-15891 - RESERVED +CVE-2017-15891 (Improper access control vulnerability in SYNO.Cal.EventBase in ...) + TODO: check CVE-2017-15890 RESERVED CVE-2017-15889 (Command injection vulnerability in smart.cgi in Synology DiskStation ...) @@ -16281,8 +16290,8 @@ RESERVED CVE-2017-12824 (Special crafted InPage document leads to arbitrary code execution in ...) NOT-FOR-US: InPage -CVE-2017-12823 - RESERVED +CVE-2017-12823 (Kernel pool memory corruption in one of drivers in Kaspersky Embedded ...) + TODO: check CVE-2017-12822 (Remote enabling and disabling admin interface in Gemalto's HASP SRM, ...) NOT-FOR-US: Gemalto CVE-2017-12821 (Memory corruption in Gemalto's HASP SRM, Sentinel HASP and Sentinel ...) @@ -18629,8 +18638,8 @@ RESERVED CVE-2017-11941 RESERVED -CVE-2017-11940 - RESERVED +CVE-2017-11940 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...) + TODO: check CVE-2017-11939 RESERVED CVE-2017-11938 @@ -20019,12 +20028,12 @@ RESERVED
[Secure-testing-commits] r58354 - data/CVE
Author: sectracker Date: 2017-12-08 09:10:15 + (Fri, 08 Dec 2017) New Revision: 58354 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-12-08 08:27:16 UTC (rev 58353) +++ data/CVE/list 2017-12-08 09:10:15 UTC (rev 58354) @@ -1,3 +1,35 @@ +CVE-2017-17475 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a ...) + TODO: check +CVE-2017-17474 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a ...) + TODO: check +CVE-2017-17473 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a ...) + TODO: check +CVE-2017-17472 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a ...) + TODO: check +CVE-2017-17471 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a ...) + TODO: check +CVE-2017-17470 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a ...) + TODO: check +CVE-2017-17469 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a ...) + TODO: check +CVE-2017-17468 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to gain ...) + TODO: check +CVE-2017-17467 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a ...) + TODO: check +CVE-2017-17466 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to gain ...) + TODO: check +CVE-2017-17465 (K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer ...) + TODO: check +CVE-2017-17464 (K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer ...) + TODO: check +CVE-2017-17463 (Vivo modems allow remote attackers to obtain sensitive information by ...) + TODO: check +CVE-2017-17462 + RESERVED +CVE-2017-17461 (A Regular expression Denial of Service (ReDoS) vulnerability in the ...) + TODO: check +CVE-2017-17460 + RESERVED CVE-2018-1340 RESERVED CVE-2018-1339 @@ -2139,6 +2171,7 @@ NOT-FOR-US: WordPress plugin wp-thumb-post CVE-2017-1000385 [TLS server vunlerable to Adaptive Chosen Ciphertext attack allowing plaintext recovery ot MITM attack] RESERVED + {DSA-4057-1} - erlang 1:20.1.7+dfsg-1 NOTE: https://groups.google.com/forum/#!topic/erlang-programming/J0LH-j6fRlM NOTE: https://github.com/erlang/otp/commit/38b07caa2a1c6cd3537eadd36770afa54f067562 (OTP-20.1.7) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58340 - data/CVE
Author: sectracker Date: 2017-12-07 21:10:12 + (Thu, 07 Dec 2017) New Revision: 58340 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-12-07 20:59:36 UTC (rev 58339) +++ data/CVE/list 2017-12-07 21:10:12 UTC (rev 58340) @@ -1,3 +1,131 @@ +CVE-2018-1340 + RESERVED +CVE-2018-1339 + RESERVED +CVE-2018-1338 + RESERVED +CVE-2018-1337 + RESERVED +CVE-2018-1336 + RESERVED +CVE-2018-1335 + RESERVED +CVE-2018-1334 + RESERVED +CVE-2018-1333 + RESERVED +CVE-2018-1332 + RESERVED +CVE-2018-1331 + RESERVED +CVE-2018-1330 + RESERVED +CVE-2018-1329 + RESERVED +CVE-2018-1328 + RESERVED +CVE-2018-1327 + RESERVED +CVE-2018-1326 + RESERVED +CVE-2018-1325 + RESERVED +CVE-2018-1324 + RESERVED +CVE-2018-1323 + RESERVED +CVE-2018-1322 + RESERVED +CVE-2018-1321 + RESERVED +CVE-2018-1320 + RESERVED +CVE-2018-1319 + RESERVED +CVE-2018-1318 + RESERVED +CVE-2018-1317 + RESERVED +CVE-2018-1316 + RESERVED +CVE-2018-1315 + RESERVED +CVE-2018-1314 + RESERVED +CVE-2018-1313 + RESERVED +CVE-2018-1312 + RESERVED +CVE-2018-1311 + RESERVED +CVE-2018-1310 + RESERVED +CVE-2018-1309 + RESERVED +CVE-2018-1308 + RESERVED +CVE-2018-1307 + RESERVED +CVE-2018-1306 + RESERVED +CVE-2018-1305 + RESERVED +CVE-2018-1304 + RESERVED +CVE-2018-1303 + RESERVED +CVE-2018-1302 + RESERVED +CVE-2018-1301 + RESERVED +CVE-2018-1300 + RESERVED +CVE-2018-1299 + RESERVED +CVE-2018-1298 + RESERVED +CVE-2018-1297 + RESERVED +CVE-2018-1296 + RESERVED +CVE-2018-1295 + RESERVED +CVE-2018-1294 + RESERVED +CVE-2018-1293 + RESERVED +CVE-2018-1292 + RESERVED +CVE-2018-1291 + RESERVED +CVE-2018-1290 + RESERVED +CVE-2018-1289 + RESERVED +CVE-2018-1288 + RESERVED +CVE-2018-1287 + RESERVED +CVE-2018-1286 + RESERVED +CVE-2018-1285 + RESERVED +CVE-2018-1284 + RESERVED +CVE-2018-1283 + RESERVED +CVE-2018-1282 + RESERVED +CVE-2018-1281 + RESERVED +CVE-2017-17459 (http_transport.c in Fossil before 2.4, when the SSH sync protocol is ...) + TODO: check +CVE-2017-17458 (In Mercurial before 4.4.1, it is possible that a specially malformed ...) + TODO: check +CVE-2017-1002102 + RESERVED +CVE-2017-1002101 + RESERVED CVE-2017-17457 (The function d2ulaw_array() in ulaw.c of libsndfile 1.0.29pre1 may lead ...) - libsndfile (low) [stretch] - libsndfile (Minor issue) @@ -290,7 +418,7 @@ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22375 NOTE: Introduced by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d5c3fafc4307c9b7a4c7d5cb381fcdbfad340bcc NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=34697694e8a93b325b18f25f7dcded55d6baeaf6 -CVE-2017-1000410 [Info Leak in the Linux Kernel via Bluetooth] +CVE-2017-1000410 (The Linux kernel version 3.3-rc1 and later is affected by a ...) - linux NOTE: http://www.openwall.com/lists/oss-security/2017/12/06/3 CVE-2017-1000409 @@ -5856,6 +5984,7 @@ NOTE: http://www.openwall.com/lists/oss-security/2017/12/05/5 NOTE: https://launchpad.net/bugs/1732976 CVE-2017-16239 (In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through ...) + {DSA-4056-1} - nova 2:16.0.3-1 (bug #882009) [jessie] - nova (Vulnerble code introduced later) [wheezy] - nova (Vulnerble code introduced later) @@ -11363,8 +11492,8 @@ NOT-FOR-US: Cloud Foundry Foundation GrootFS CVE-2017-14387 RESERVED -CVE-2017-14386 - RESERVED +CVE-2017-14386 (The web user interface of Dell 2335dn and 2355dn Multifunction Laser ...) + TODO: check CVE-2017-14385 RESERVED CVE-2017-14384 @@ -18455,8 +18584,8 @@ RESERVED CVE-2017-11938 RESERVED -CVE-2017-11937 - RESERVED +CVE-2017-11937 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...) + TODO: check CVE-2017-11936 RESERVED CVE-2017-11935 @@ -43487,15 +43616,13 @@ NOT-FOR-US: Lenovo CVE-2017-3739 RESERVED -CVE-2017-3738 [rsaz_1024_mul_avx2 overflow bug on x86_64] - RESERVED +CVE-2017-3738 (There is an overflow bug in the AVX2 Montgomery multiplication ...) - openssl - openssl1.0 NOTE: https://www.openssl.org/news/secadv/20171207.txt NOTE: OpenSSL_1_1_0-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=e502cc86df9dafded1694fceb3228ee34d11c11a NOTE: OpenSSL_1_0_2-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=ca51bafc1a88d8b8348f5fd97adc5d6ca93f8e76 -CVE-2017-3737 [Read/write after SSL object in error state] -
[Secure-testing-commits] r58316 - data/CVE
Author: sectracker Date: 2017-12-07 09:10:16 + (Thu, 07 Dec 2017) New Revision: 58316 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-12-07 09:10:07 UTC (rev 58315) +++ data/CVE/list 2017-12-07 09:10:16 UTC (rev 58316) @@ -1,3 +1,23 @@ +CVE-2017-17457 (The function d2ulaw_array() in ulaw.c of libsndfile 1.0.29pre1 may lead ...) + TODO: check +CVE-2017-17456 (The function d2alaw_array() in alaw.c of libsndfile 1.0.29pre1 may lead ...) + TODO: check +CVE-2017-17455 + RESERVED +CVE-2017-17454 + RESERVED +CVE-2017-17453 + RESERVED +CVE-2017-17452 + RESERVED +CVE-2017-17451 (The WP Mailster plugin before 1.5.5 for WordPress has XSS in the ...) + TODO: check +CVE-2017-17450 (net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not ...) + TODO: check +CVE-2017-17449 (The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in ...) + TODO: check +CVE-2017-17448 (net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4 ...) + TODO: check CVE-2018-1280 RESERVED CVE-2018-1279 @@ -223,6 +243,7 @@ [jessie] - libextractor (Minor issue) NOTE: Fixed by: https://gnunet.org/git/libextractor.git/commit/?id=7cc63b001ceaf81143795321379c835486d0c92e CVE-2017-17439 (In Heimdal through 7.4, remote unauthenticated attackers are able to ...) + {DSA-4055-1} - heimdal (bug #878144) [jessie] - heimdal (Vulnerability introduced in 7.0) [wheezy] - heimdal (Vulnerability introduced in 7.0) @@ -233,10 +254,10 @@ RESERVED CVE-2017-17437 RESERVED -CVE-2017-17436 - RESERVED -CVE-2017-17435 - RESERVED +CVE-2017-17436 (An issue was discovered in the software on Vaultek Gun Safe VT20i ...) + TODO: check +CVE-2017-17435 (An issue was discovered in the software on Vaultek Gun Safe VT20i ...) + TODO: check CVE-2017-17434 (The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, ...) - rsync (bug #883665) NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=5509597decdbd7b91994210f700329d8a35e70a1 @@ -246,8 +267,8 @@ NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=3e06d40029cfdce9d0f73d87cfd4edaf54be9c51 CVE-2017-17431 (GeniXCMS 1.1.5 has XSS via the from, id, lang, menuid, mod, q, status, ...) NOT-FOR-US: GeniXCMS -CVE-2017-17430 - RESERVED +CVE-2017-17430 (Sangoma NetBorder / Vega Session Controller before 2.3.12-80-GA allows ...) + TODO: check CVE-2017-17429 RESERVED CVE-2017-17428 @@ -432,8 +453,8 @@ RESERVED CVE-2017-17385 RESERVED -CVE-2017-17384 - RESERVED +CVE-2017-17384 (ISPConfig 3.x before 3.1.9 allows remote authenticated users to obtain ...) + TODO: check CVE-2017-17383 (Jenkins through 2.93 allows remote authenticated administrators to ...) - jenkins CVE-2017-17382 @@ -2629,7 +2650,7 @@ NOT-FOR-US: GitPHP CVE-2017-1000207 (A vulnerability in Swagger-Parser's version = 1.0.30 and Swagger ...) NOT-FOR-US: Swagger-Parser -CVE-2017-1000159 (Command injection in evince 3.24.8 via filename when printing to PDF ...) +CVE-2017-1000159 (Command injection in evince via filename when printing to PDF. This ...) - evince 3.25.92-1 NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=784947 NOTE: Introduced by: https://git.gnome.org/browse/evince/commit/?id=1fcca0b8041de0d6074d7e17fba174da36c65f99 (EVINCE_0_9_1) @@ -169200,7 +169221,7 @@ NOT-FOR-US: Opera CVE-2002-2483 - linux-2.6 2.4.20 -CVE-2012-1002 (Unspecified vulnerability in OpenConf 4.x before 4.12 has unknown ...) +CVE-2012-1002 (SQL injection vulnerability in author/edit.php in OpenConf 4.x before ...) NOT-FOR-US: OpenConf CVE-2012-1001 RESERVED ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58309 - data/CVE
Author: sectracker Date: 2017-12-06 21:10:18 + (Wed, 06 Dec 2017) New Revision: 58309 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-12-06 20:35:55 UTC (rev 58308) +++ data/CVE/list 2017-12-06 21:10:18 UTC (rev 58309) @@ -1,12 +1,224 @@ -CVE-2017-17446 +CVE-2018-1280 + RESERVED +CVE-2018-1279 + RESERVED +CVE-2018-1278 + RESERVED +CVE-2018-1277 + RESERVED +CVE-2018-1276 + RESERVED +CVE-2018-1275 + RESERVED +CVE-2018-1274 + RESERVED +CVE-2018-1273 + RESERVED +CVE-2018-1272 + RESERVED +CVE-2018-1271 + RESERVED +CVE-2018-1270 + RESERVED +CVE-2018-1269 + RESERVED +CVE-2018-1268 + RESERVED +CVE-2018-1267 + RESERVED +CVE-2018-1266 + RESERVED +CVE-2018-1265 + RESERVED +CVE-2018-1264 + RESERVED +CVE-2018-1263 + RESERVED +CVE-2018-1262 + RESERVED +CVE-2018-1261 + RESERVED +CVE-2018-1260 + RESERVED +CVE-2018-1259 + RESERVED +CVE-2018-1258 + RESERVED +CVE-2018-1257 + RESERVED +CVE-2018-1256 + RESERVED +CVE-2018-1255 + RESERVED +CVE-2018-1254 + RESERVED +CVE-2018-1253 + RESERVED +CVE-2018-1252 + RESERVED +CVE-2018-1251 + RESERVED +CVE-2018-1250 + RESERVED +CVE-2018-1249 + RESERVED +CVE-2018-1248 + RESERVED +CVE-2018-1247 + RESERVED +CVE-2018-1246 + RESERVED +CVE-2018-1245 + RESERVED +CVE-2018-1244 + RESERVED +CVE-2018-1243 + RESERVED +CVE-2018-1242 + RESERVED +CVE-2018-1241 + RESERVED +CVE-2018-1240 + RESERVED +CVE-2018-1239 + RESERVED +CVE-2018-1238 + RESERVED +CVE-2018-1237 + RESERVED +CVE-2018-1236 + RESERVED +CVE-2018-1235 + RESERVED +CVE-2018-1234 + RESERVED +CVE-2018-1233 + RESERVED +CVE-2018-1232 + RESERVED +CVE-2018-1231 + RESERVED +CVE-2018-1230 + RESERVED +CVE-2018-1229 + RESERVED +CVE-2018-1228 + RESERVED +CVE-2018-1227 + RESERVED +CVE-2018-1226 + RESERVED +CVE-2018-1225 + RESERVED +CVE-2018-1224 + RESERVED +CVE-2018-1223 + RESERVED +CVE-2018-1222 + RESERVED +CVE-2018-1221 + RESERVED +CVE-2018-1220 + RESERVED +CVE-2018-1219 + RESERVED +CVE-2018-1218 + RESERVED +CVE-2018-1217 + RESERVED +CVE-2018-1216 + RESERVED +CVE-2018-1215 + RESERVED +CVE-2018-1214 + RESERVED +CVE-2018-1213 + RESERVED +CVE-2018-1212 + RESERVED +CVE-2018-1211 + RESERVED +CVE-2018-1210 + RESERVED +CVE-2018-1209 + RESERVED +CVE-2018-1208 + RESERVED +CVE-2018-1207 + RESERVED +CVE-2018-1206 + RESERVED +CVE-2018-1205 + RESERVED +CVE-2018-1204 + RESERVED +CVE-2018-1203 + RESERVED +CVE-2018-1202 + RESERVED +CVE-2018-1201 + RESERVED +CVE-2018-1200 + RESERVED +CVE-2018-1199 + RESERVED +CVE-2018-1198 + RESERVED +CVE-2018-1197 + RESERVED +CVE-2018-1196 + RESERVED +CVE-2018-1195 + RESERVED +CVE-2018-1194 + RESERVED +CVE-2018-1193 + RESERVED +CVE-2018-1192 + RESERVED +CVE-2018-1191 + RESERVED +CVE-2018-1190 + RESERVED +CVE-2018-1189 + RESERVED +CVE-2018-1188 + RESERVED +CVE-2018-1187 + RESERVED +CVE-2018-1186 + RESERVED +CVE-2018-1185 + RESERVED +CVE-2018-1184 + RESERVED +CVE-2018-1183 + RESERVED +CVE-2018-1182 + RESERVED +CVE-2018-1181 + RESERVED +CVE-2017-17447 + RESERVED +CVE-2017-17445 + RESERVED +CVE-2017-17444 + RESERVED +CVE-2017-17443 + RESERVED +CVE-2017-17442 + RESERVED +CVE-2017-17441 + RESERVED +CVE-2017-17446 (The Mem_File_Reader::read_avail function in Data_Reader.cpp in the ...) - game-music-emu (bug #883691) [stretch] - game-music-emu (Minor issue) [jessie] - game-music-emu (Minor issue) NOTE: https://bitbucket.org/mpyne/game-music-emu/issues/14/addresssanitizer-negative-size-param-size -CVE-2017-17440 [various null pointer dereferences in GIF, IT, NSFE, S3M, SID and XM plugins] +CVE-2017-17440 (GNU Libextractor 1.6 allows remote attackers to cause a denial of ...) - libextractor (bug #883528) NOTE: Fixed by: https://gnunet.org/git/libextractor.git/commit/?id=7cc63b001ceaf81143795321379c835486d0c92e -CVE-2017-17439 [Remote unauthenticated DoS in Heimdal-KDC] +CVE-2017-17439 (In Heimdal through 7.4, remote unauthenticated attackers are able to ...) - heimdal (bug #878144) [jessie] - heimdal (Vulnerability introduced in 7.0) [wheezy] - heimdal (Vulnerability introduced in 7.0) @@ -223,8 +435,7 @@ - jenkins CVE-2017-17382 RESERVED -CVE-2017-17381 [virtio: divide by zero exception while updating rings] - RESERVED +CVE-2017-17381 (The Virtio Vring implementation in QEMU allows
[Secure-testing-commits] r58288 - data/CVE
Author: sectracker Date: 2017-12-06 09:10:24 + (Wed, 06 Dec 2017) New Revision: 58288 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-12-06 07:56:02 UTC (rev 58287) +++ data/CVE/list 2017-12-06 09:10:24 UTC (rev 58288) @@ -1,3 +1,17 @@ +CVE-2017-17438 + RESERVED +CVE-2017-17437 + RESERVED +CVE-2017-17436 + RESERVED +CVE-2017-17435 + RESERVED +CVE-2017-17434 (The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, ...) + TODO: check +CVE-2017-17433 (The recv_files function in receiver.c in the daemon in rsync 3.1.2, and ...) + TODO: check +CVE-2017-17431 (GeniXCMS 1.1.5 has XSS via the from, id, lang, menuid, mod, q, status, ...) + TODO: check CVE-2017-17430 RESERVED CVE-2017-17429 @@ -17,7 +31,7 @@ RESERVED CVE-2017-1000408 RESERVED -CVE-2017-17432 [OPENAFS-SA-2017-001: Rx assertion failure from insufficient input validation] +CVE-2017-17432 (OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, ...) - openafs 1.6.22-1 (bug #883602) NOTE: https://www.openafs.org/pages/security/OPENAFS-SA-2017-001.txt CVE-2018-1180 @@ -184,8 +198,8 @@ RESERVED CVE-2017-17384 RESERVED -CVE-2017-17383 - RESERVED +CVE-2017-17383 (Jenkins through 2.93 allows remote authenticated administrators to ...) + TODO: check CVE-2017-17382 RESERVED CVE-2017-17381 [virtio: divide by zero exception while updating rings] @@ -1702,8 +1716,8 @@ RESERVED CVE-2017-17070 RESERVED -CVE-2017-17069 - RESERVED +CVE-2017-17069 (ActiveSetupN.exe in Amazon Audible for Windows before November 2017 ...) + TODO: check CVE-2017-17068 RESERVED CVE-2017-17067 (Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before ...) @@ -6772,8 +6786,7 @@ RESERVED CVE-2017-15869 RESERVED -CVE-2017-15868 [Bluetooth: bnep: bnep_add_connection() should verify that it's dealing with l2cap socket] - RESERVED +CVE-2017-15868 (The bnep_add_connection function in net/bluetooth/bnep/core.c in the ...) - linux 4.0.2-1 NOTE: Fixed by: https://git.kernel.org/linus/71bb99a02b32b4cc4265118e85f6035ca72923f0 (v3.19-rc3) CVE-2017-15867 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) @@ -11024,8 +11037,8 @@ NOT-FOR-US: EMC AppSync Server CVE-2017-14375 (EMC Unisphere for VMAX Virtual Appliance (vApp) versions prior to ...) NOT-FOR-US: EMC -CVE-2017-14374 - RESERVED +CVE-2017-14374 (The SMI-S service in Dell Storage Manager versions earlier than 16.3.20 ...) + TODO: check CVE-2017-14373 (EMC RSA Authentication Manager 8.2 SP1 P4 and earlier contains a ...) NOT-FOR-US: RSA Authentication Manager CVE-2017-14372 (RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected ...) @@ -11062,8 +11075,8 @@ NOT-FOR-US: HP ArcSight CVE-2017-14356 (An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM ...) NOT-FOR-US: HP ArcSight -CVE-2017-14355 - RESERVED +CVE-2017-14355 (A potential security vulnerability has been identified in HPE ...) + TODO: check CVE-2017-14354 (A remote cross-site scripting vulnerability in HP UCMDB Foundation ...) NOT-FOR-US: HP UCMDB Foundation CVE-2017-14353 (A remote code execution vulnerability in HP UCMDB Foundation Software ...) @@ -12129,8 +12142,8 @@ NOT-FOR-US: AutomationDirect CVE-2017-14019 (An Unquoted Search Path or Element issue was discovered in Progea ...) NOT-FOR-US: Progea Movicon -CVE-2017-14018 - RESERVED +CVE-2017-14018 (An improper authentication issue was discovered in Johnson Johnson ...) + TODO: check CVE-2017-14017 (An Uncontrolled Search Path Element issue was discovered in Progea ...) NOT-FOR-US: Progea Movicon CVE-2017-14016 (A Stack-based Buffer Overflow issue was discovered in Advantech ...) @@ -40610,8 +40623,8 @@ NOT-FOR-US: VMware CVE-2017-4921 (VMware vCenter Server (6.5 prior to 6.5 U1) contains an insecure ...) NOT-FOR-US: VMware -CVE-2017-4920 - RESERVED +CVE-2017-4920 (The implementation of the OSPF protocol in VMware NSX-V Edge 6.2.x ...) + TODO: check CVE-2017-4919 (VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, ...) NOT-FOR-US: VMware vCenter Server CVE-2017-4918 (VMware Horizon View Client (2.x, 3.x and 4.x prior to 4.5.0) contains ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58277 - data/CVE
Author: sectracker Date: 2017-12-05 21:10:17 + (Tue, 05 Dec 2017) New Revision: 58277 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-12-05 21:08:45 UTC (rev 58276) +++ data/CVE/list 2017-12-05 21:10:17 UTC (rev 58277) @@ -1,3 +1,17 @@ +CVE-2017-17430 + RESERVED +CVE-2017-17429 + RESERVED +CVE-2017-17428 + RESERVED +CVE-2017-17427 + RESERVED +CVE-2017-17426 (The malloc function in the GNU C Library (aka glibc or libc6) 2.26 ...) + TODO: check +CVE-2017-1000409 + RESERVED +CVE-2017-1000408 + RESERVED CVE-2017- [OPENAFS-SA-2017-001: Rx assertion failure from insufficient input validation] - openafs 1.6.22-1 (bug #883602) NOTE: https://www.openafs.org/pages/security/OPENAFS-SA-2017-001.txt @@ -1689,8 +1703,8 @@ RESERVED CVE-2017-17067 (Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before ...) NOT-FOR-US: Splunk Web -CVE-2017-17066 - RESERVED +CVE-2017-17066 (The (1) i2pd before 2.17 and (2) kovri pre-alpha implementations of the ...) + TODO: check CVE-2017-17065 (An issue was discovered on D-Link DIR-605L Model B before ...) NOT-FOR-US: D-Link CVE-2017-17064 @@ -3335,10 +3349,10 @@ NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=766956 NOTE: https://github.com/GNOME/libxml2/commit/e26630548e7d138d2c560844c43820b6767251e3 NOTE: Not a duplicate but a variant of the issue of CVE-2017-9049 and CVE-2017-9050 -CVE-2017-16930 - RESERVED -CVE-2017-16929 - RESERVED +CVE-2017-16930 (The remote management interface on the Claymore Dual GPU miner 10.1 ...) + TODO: check +CVE-2017-16929 (The remote management interface on the Claymore Dual GPU miner 10.1 is ...) + TODO: check CVE-2017-16928 RESERVED CVE-2017-16927 (The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session ...) @@ -3446,6 +3460,7 @@ CVE-2017-16885 RESERVED CVE-2017-1000407 [DoS via write flood to I/O port 0x80] + RESERVED - linux NOTE: https://www.spinics.net/lists/kvm/msg159809.html CVE-2017-1000406 (OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a ...) @@ -3623,9 +3638,9 @@ - pjproject 2.7.1~dfsg-1 NOTE: https://trac.pjsip.org/repos/ticket/2056 NOTE: https://trac.pjsip.org/repos/changeset/5682 -CVE-2017-16871 (The UpdraftPlus plugin through 1.13.12 for WordPress allows remote PHP ...) +CVE-2017-16871 (** DISPUTED ** The UpdraftPlus plugin through 1.13.12 for WordPress ...) NOT-FOR-US: UpdraftPlus plugin for WordPress -CVE-2017-16870 (The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the ...) +CVE-2017-16870 (** DISPUTED ** The UpdraftPlus plugin through 1.13.12 for WordPress ...) NOT-FOR-US: UpdraftPlus plugin for WordPress CVE-2017-16869 (** DISPUTED ** p_mach.cpp in UPX 3.94 allows remote attackers to cause ...) - upx-ucl (bug #882041; unimportant) @@ -3942,10 +3957,10 @@ RESERVED CVE-2017-16858 RESERVED -CVE-2017-16857 - RESERVED -CVE-2017-16856 - RESERVED +CVE-2017-16857 (It is possible to bypass the bitbucket auto-unapprove plugin via ...) + TODO: check +CVE-2017-16856 (The RSS Feed macro in Atlassian Confluence before version 6.5.2 allows ...) + TODO: check CVE-2017-16855 (Ipsilon before 2.1.0 has a SAML2 multi-session vulnerability. ...) - ipsilon (bug #826838) CVE-2017-16854 @@ -5513,7 +5528,7 @@ RESERVED CVE-2017-16240 RESERVED -CVE-2017-17051 [Regression introduced with the fix for OSSA-2017-005 (CVE-2017-16239)] +CVE-2017-17051 (An issue was discovered in the default FilterScheduler in OpenStack ...) - nova (bug #883621) [stretch] - nova (Fix for CVE-2017-16239 not applied and not affecting 14.x.y) [jessie] - nova (Vulnerable code not present) @@ -6873,8 +6888,8 @@ RESERVED CVE-2017-15814 RESERVED -CVE-2017-15813 - RESERVED +CVE-2017-15813 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check CVE-2017-15812 (The Easy Appointments plugin before 1.12.0 for WordPress has XSS via a ...) NOT-FOR-US: Wordpress plugin CVE-2017-15811 (The Pootle Button plugin before 1.2.0 for WordPress has XSS via the ...) @@ -9458,16 +9473,16 @@ - nodejs (unimportant) NOTE: Debian doesn't use zlib 1.2.9 yet NOTE: https://nodejs.org/en/blog/vulnerability/oct-2017-dos/ -CVE-2017-14918 - RESERVED -CVE-2017-14917 - RESERVED -CVE-2017-14916 - RESERVED +CVE-2017-14918 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check +CVE-2017-14917 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check +CVE-2017-14916 (In Android for
[Secure-testing-commits] r58264 - data/CVE
Author: sectracker Date: 2017-12-05 09:10:17 + (Tue, 05 Dec 2017) New Revision: 58264 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-12-05 07:43:45 UTC (rev 58263) +++ data/CVE/list 2017-12-05 09:10:17 UTC (rev 58264) @@ -1,3 +1,165 @@ +CVE-2018-1180 + RESERVED +CVE-2018-1179 + RESERVED +CVE-2018-1178 + RESERVED +CVE-2018-1177 + RESERVED +CVE-2018-1176 + RESERVED +CVE-2018-1175 + RESERVED +CVE-2018-1174 + RESERVED +CVE-2018-1173 + RESERVED +CVE-2018-1172 + RESERVED +CVE-2018-1171 + RESERVED +CVE-2018-1170 + RESERVED +CVE-2018-1169 + RESERVED +CVE-2018-1168 + RESERVED +CVE-2018-1167 + RESERVED +CVE-2018-1166 + RESERVED +CVE-2018-1165 + RESERVED +CVE-2018-1164 + RESERVED +CVE-2018-1163 + RESERVED +CVE-2018-1162 + RESERVED +CVE-2018-1161 + RESERVED +CVE-2018-1160 + RESERVED +CVE-2018-1159 + RESERVED +CVE-2018-1158 + RESERVED +CVE-2018-1157 + RESERVED +CVE-2018-1156 + RESERVED +CVE-2018-1155 + RESERVED +CVE-2018-1154 + RESERVED +CVE-2018-1153 + RESERVED +CVE-2018-1152 + RESERVED +CVE-2018-1151 + RESERVED +CVE-2018-1150 + RESERVED +CVE-2018-1149 + RESERVED +CVE-2018-1148 + RESERVED +CVE-2018-1147 + RESERVED +CVE-2018-1146 + RESERVED +CVE-2018-1145 + RESERVED +CVE-2018-1144 + RESERVED +CVE-2018-1143 + RESERVED +CVE-2018-1142 + RESERVED +CVE-2018-1141 + RESERVED +CVE-2017-17425 + RESERVED +CVE-2017-17424 + RESERVED +CVE-2017-17423 + RESERVED +CVE-2017-17422 + RESERVED +CVE-2017-17421 + RESERVED +CVE-2017-17420 + RESERVED +CVE-2017-17419 + RESERVED +CVE-2017-17418 + RESERVED +CVE-2017-17417 + RESERVED +CVE-2017-17416 + RESERVED +CVE-2017-17415 + RESERVED +CVE-2017-17414 + RESERVED +CVE-2017-17413 + RESERVED +CVE-2017-17412 + RESERVED +CVE-2017-17411 + RESERVED +CVE-2017-17410 + RESERVED +CVE-2017-17409 + RESERVED +CVE-2017-17408 + RESERVED +CVE-2017-17407 + RESERVED +CVE-2017-17406 + RESERVED +CVE-2017-17405 + RESERVED +CVE-2017-17404 + RESERVED +CVE-2017-17403 + RESERVED +CVE-2017-17402 + RESERVED +CVE-2017-17401 + RESERVED +CVE-2017-17400 + RESERVED +CVE-2017-17399 + RESERVED +CVE-2017-17398 + RESERVED +CVE-2017-17397 + RESERVED +CVE-2017-17396 + RESERVED +CVE-2017-17395 + RESERVED +CVE-2017-17394 + RESERVED +CVE-2017-17393 + RESERVED +CVE-2017-17392 + RESERVED +CVE-2017-17391 + RESERVED +CVE-2017-17390 + RESERVED +CVE-2017-17389 + RESERVED +CVE-2017-17388 + RESERVED +CVE-2017-17387 + RESERVED +CVE-2017-17386 + RESERVED +CVE-2017-17385 + RESERVED CVE-2017-17384 RESERVED CVE-2017-17383 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58254 - data/CVE
Author: sectracker Date: 2017-12-04 21:10:19 + (Mon, 04 Dec 2017) New Revision: 58254 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-12-04 20:52:15 UTC (rev 58253) +++ data/CVE/list 2017-12-04 21:10:19 UTC (rev 58254) @@ -1,3 +1,11 @@ +CVE-2017-17384 + RESERVED +CVE-2017-17383 + RESERVED +CVE-2017-17382 + RESERVED +CVE-2017-17381 + RESERVED CVE-2018-1140 RESERVED CVE-2018-1139 @@ -1533,10 +1541,10 @@ RESERVED CVE-2017-17058 (The WooCommerce plugin through 3.x for WordPress has a Directory ...) NOT-FOR-US: WooCommerce plugin for WordPress -CVE-2017-17057 - RESERVED -CVE-2017-17056 - RESERVED +CVE-2017-17057 (There is a reflected XSS vulnerability in ZKTime Web 2.0.1.12280. The ...) + TODO: check +CVE-2017-17056 (The ZKTime Web Software 2.0.1.12280 allows the Administrator to ...) + TODO: check CVE-2017-17055 RESERVED CVE-2017-17054 (In aubio 0.4.6, a divide-by-zero error exists in the function ...) @@ -4118,8 +4126,8 @@ RESERVED CVE-2017-16722 RESERVED -CVE-2017-16721 - RESERVED +CVE-2017-16721 (A Cross-site Scripting issue was discovered in Geovap Reliance SCADA ...) + TODO: check CVE-2017-16720 RESERVED CVE-2017-16719 (An Injection issue was discovered in Moxa NPort 5110 Version 2.2, NPort ...) @@ -6431,6 +6439,7 @@ - konversation 1.7.3-1 (bug #881586) NOTE: https://cgit.kde.org/konversation.git/commit/?h=1.7=6a7f59ee1b9dbc6e5cf9e5f3b306504d02b73ef0 CVE-2017-15922 (In GNU Libextractor 1.4, there is an out-of-bounds read in the ...) + {DLA-1198-1} - libextractor (low; bug #880016) NOTE: http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg8.html NOTE: Fixed by: https://gnunet.org/git/libextractor.git/commit/?id=d4d488b0e5ab13dda241d688d87a07816368f117 @@ -6508,8 +6517,8 @@ RESERVED CVE-2017-15890 RESERVED -CVE-2017-15889 - RESERVED +CVE-2017-15889 (Command injection vulnerability in smart.cgi in Synology DiskStation ...) + TODO: check CVE-2017-15888 (Cross-site scripting (XSS) vulnerability in Custom Internet Radio List ...) NOT-FOR-US: Synology CVE-2017-15887 (An improper restriction of excessive authentication attempts ...) @@ -6931,7 +6940,7 @@ RESERVED CVE-2017-15702 (In Apache Qpid Broker-J 0.18 through 0.32, if the broker is configured ...) - qpid-java (bug #840131) -CVE-2017-15701 (In Apache Qpid Broker-J before 6.1.x before 6.1.5, the broker does not ...) +CVE-2017-15701 (In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 (inclusive) the ...) - qpid-java (bug #840131) CVE-2017-15700 RESERVED @@ -7172,14 +7181,17 @@ CVE-2017-15603 RESERVED CVE-2017-15602 (In GNU Libextractor 1.4, there is an integer signedness error for the ...) + {DLA-1198-1} - libextractor 1:1.6-1 NOTE: http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg5.html NOTE: Fixed by https://gnunet.org/git/libextractor.git/commit/?id=ffab889c1710c7646af9ed360c796a2a0a619efc CVE-2017-15601 (In GNU Libextractor 1.4, there is a heap-based buffer overflow in the ...) + {DLA-1198-1} - libextractor 1:1.6-1 NOTE: http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg6.html NOTE: Fixed by https://gnunet.org/git/libextractor.git/commit/?id=f813535dad4ad860b989952a46266a1469801091 CVE-2017-15600 (In GNU Libextractor 1.4, there is a NULL Pointer Dereference in the ...) + {DLA-1198-1} - libextractor 1:1.6-1 NOTE: http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg4.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1501695 @@ -8064,6 +8076,7 @@ NOTE: https://bugs.launchpad.net/bugs/1718964 NOTE: Fixed by: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=a7b20a8efa28e5f22c26c06cd06c2f12bc863493 CVE-2017-15267 (In GNU Libextractor 1.4, there is a NULL Pointer Dereference in ...) + {DLA-1198-1} - libextractor 1:1.6-1 (bug #878314) [stretch] - libextractor (Minor issue) [jessie] - libextractor (Minor issue) @@ -8072,6 +8085,7 @@ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1499600 NOTE: Fixed by: https://gnunet.org/git/libextractor.git/commit/?id=6095d7132b57fc7368fc7a40bab2a71b735724d2 CVE-2017-15266 (In GNU Libextractor 1.4, there is a Divide-By-Zero in ...) + {DLA-1198-1} - libextractor 1:1.6-1 (bug #878314) [stretch] - libextractor (Minor issue) [jessie] - libextractor (Minor issue) @@ -17566,10 +17580,10 @@ RESERVED CVE-2017-12081 RESERVED -CVE-2017-12080 - RESERVED -CVE-2017-12079 - RESERVED +CVE-2017-12080 (An information exposure vulnerability in
[Secure-testing-commits] r58236 - data/CVE
Author: sectracker Date: 2017-12-04 09:10:21 + (Mon, 04 Dec 2017) New Revision: 58236 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-12-03 23:07:15 UTC (rev 58235) +++ data/CVE/list 2017-12-04 09:10:21 UTC (rev 58236) @@ -1,7 +1,767 @@ +CVE-2018-1140 + RESERVED +CVE-2018-1139 + RESERVED +CVE-2018-1138 + RESERVED +CVE-2018-1137 + RESERVED +CVE-2018-1136 + RESERVED +CVE-2018-1135 + RESERVED +CVE-2018-1134 + RESERVED +CVE-2018-1133 + RESERVED +CVE-2018-1132 + RESERVED +CVE-2018-1131 + RESERVED +CVE-2018-1130 + RESERVED +CVE-2018-1129 + RESERVED +CVE-2018-1128 + RESERVED +CVE-2018-1127 + RESERVED +CVE-2018-1126 + RESERVED +CVE-2018-1125 + RESERVED +CVE-2018-1124 + RESERVED +CVE-2018-1123 + RESERVED +CVE-2018-1122 + RESERVED +CVE-2018-1121 + RESERVED +CVE-2018-1120 + RESERVED +CVE-2018-1119 + RESERVED +CVE-2018-1118 + RESERVED +CVE-2018-1117 + RESERVED +CVE-2018-1116 + RESERVED +CVE-2018-1115 + RESERVED +CVE-2018-1114 + RESERVED +CVE-2018-1113 + RESERVED +CVE-2018-1112 + RESERVED +CVE-2018- + RESERVED +CVE-2018-1110 + RESERVED +CVE-2018-1109 + RESERVED +CVE-2018-1108 + RESERVED +CVE-2018-1107 + RESERVED +CVE-2018-1106 + RESERVED +CVE-2018-1105 + RESERVED +CVE-2018-1104 + RESERVED +CVE-2018-1103 + RESERVED +CVE-2018-1102 + RESERVED +CVE-2018-1101 + RESERVED +CVE-2018-1100 + RESERVED +CVE-2018-1099 + RESERVED +CVE-2018-1098 + RESERVED +CVE-2018-1097 + RESERVED +CVE-2018-1096 + RESERVED +CVE-2018-1095 + RESERVED +CVE-2018-1094 + RESERVED +CVE-2018-1093 + RESERVED +CVE-2018-1092 + RESERVED +CVE-2018-1091 + RESERVED +CVE-2018-1090 + RESERVED +CVE-2018-1089 + RESERVED +CVE-2018-1088 + RESERVED +CVE-2018-1087 + RESERVED +CVE-2018-1086 + RESERVED +CVE-2018-1085 + RESERVED +CVE-2018-1084 + RESERVED +CVE-2018-1083 + RESERVED +CVE-2018-1082 + RESERVED +CVE-2018-1081 + RESERVED +CVE-2018-1080 + RESERVED +CVE-2018-1079 + RESERVED +CVE-2018-1078 + RESERVED +CVE-2018-1077 + RESERVED +CVE-2018-1076 + RESERVED +CVE-2018-1075 + RESERVED +CVE-2018-1074 + RESERVED +CVE-2018-1073 + RESERVED +CVE-2018-1072 + RESERVED +CVE-2018-1071 + RESERVED +CVE-2018-1070 + RESERVED +CVE-2018-1069 + RESERVED +CVE-2018-1068 + RESERVED +CVE-2018-1067 + RESERVED +CVE-2018-1066 + RESERVED +CVE-2018-1065 + RESERVED +CVE-2018-1064 + RESERVED +CVE-2018-1063 + RESERVED +CVE-2018-1062 + RESERVED +CVE-2018-1061 + RESERVED +CVE-2018-1060 + RESERVED +CVE-2018-1059 + RESERVED +CVE-2018-1058 + RESERVED +CVE-2018-1057 + RESERVED +CVE-2018-1056 + RESERVED +CVE-2018-1055 + RESERVED +CVE-2018-1054 + RESERVED +CVE-2018-1053 + RESERVED +CVE-2018-1052 + RESERVED +CVE-2018-1051 + RESERVED +CVE-2018-1050 + RESERVED +CVE-2018-1049 + RESERVED +CVE-2018-1048 + RESERVED +CVE-2018-1047 + RESERVED +CVE-2018-1046 + RESERVED +CVE-2018-1045 + RESERVED +CVE-2018-1044 + RESERVED +CVE-2018-1043 + RESERVED +CVE-2018-1042 + RESERVED +CVE-2018-1041 + RESERVED +CVE-2017-17380 + RESERVED +CVE-2017-17379 + RESERVED +CVE-2017-17378 + RESERVED +CVE-2017-17377 + RESERVED +CVE-2017-17376 + RESERVED +CVE-2017-17375 + RESERVED +CVE-2017-17374 + RESERVED +CVE-2017-17373 + RESERVED +CVE-2017-17372 + RESERVED +CVE-2017-17371 + RESERVED +CVE-2017-17370 + RESERVED +CVE-2017-17369 + RESERVED +CVE-2017-17368 + RESERVED +CVE-2017-17367 + RESERVED +CVE-2017-17366 + RESERVED +CVE-2017-17365 + RESERVED +CVE-2017-17364 + RESERVED +CVE-2017-17363 + RESERVED +CVE-2017-17362 + RESERVED +CVE-2017-17361 + RESERVED +CVE-2017-17360 + RESERVED +CVE-2017-17359 + RESERVED +CVE-2017-17358 + RESERVED +CVE-2017-17357 + RESERVED +CVE-2017-17356 + RESERVED +CVE-2017-17355 + RESERVED +CVE-2017-17354 + RESERVED +CVE-2017-17353 + RESERVED +CVE-2017-17352 + RESERVED +CVE-2017-17351 + RESERVED +CVE-2017-17350 + RESERVED +CVE-2017-17349 + RESERVED +CVE-2017-17348 + RESERVED +CVE-2017-17347 + RESERVED +CVE-2017-17346 + RESERVED +CVE-2017-17345 + RESERVED +CVE-2017-17344 + RESERVED +CVE-2017-17343 + RESERVED +CVE-2017-17342 + RESERVED +CVE-2017-17341 + RESERVED +CVE-2017-17340 + RESERVED +CVE-2017-17339 + RESERVED +CVE-2017-17338 + RESERVED
[Secure-testing-commits] r58233 - data/CVE
Author: sectracker Date: 2017-12-03 21:10:18 + (Sun, 03 Dec 2017) New Revision: 58233 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-12-03 18:52:55 UTC (rev 58232) +++ data/CVE/list 2017-12-03 21:10:18 UTC (rev 58233) @@ -1,3 +1,13 @@ +CVE-2017-17100 + RESERVED +CVE-2017-17099 + RESERVED +CVE-2017-17098 + RESERVED +CVE-2017-17097 + RESERVED +CVE-2017-17096 (Cross-site scripting (XSS) vulnerability in the Content Cards plugin ...) + TODO: check CVE-2017-17090 (An issue was discovered in chan_skinny.c in Asterisk Open Source ...) - asterisk (bug #883342) NOTE: http://downloads.digium.com/pub/security/AST-2017-013.html @@ -26453,22 +26463,27 @@ CVE-2017-8824 RESERVED CVE-2017-8823 (In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 ...) + {DSA-4054-1} - tor 0.3.1.9-1 NOTE: https://bugs.torproject.org/24313 NOTE: https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516 CVE-2017-8822 (In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 ...) + {DSA-4054-1} - tor 0.3.1.9-1 NOTE: https://bugs.torproject.org/21534 NOTE: https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516 CVE-2017-8821 (In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 ...) + {DSA-4054-1} - tor 0.3.1.9-1 NOTE: https://bugs.torproject.org/24246 NOTE: https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516 CVE-2017-8820 (In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 ...) + {DSA-4054-1} - tor 0.3.1.9-1 NOTE: https://bugs.torproject.org/24245 NOTE: https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516 CVE-2017-8819 (In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 ...) + {DSA-4054-1} - tor 0.3.1.9-1 NOTE: https://bugs.torproject.org/24244 NOTE: https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58223 - data/CVE
Author: sectracker Date: 2017-12-03 09:10:31 + (Sun, 03 Dec 2017) New Revision: 58223 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-12-03 08:03:43 UTC (rev 58222) +++ data/CVE/list 2017-12-03 09:10:31 UTC (rev 58223) @@ -651,7 +651,7 @@ NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=79768d63d14fbce6bf7fb4d4a1c86be0c5205eb3 NOTE: https://www.wireshark.org/security/wnpa-sec-2017-48.html CVE-2017-17082 - RESERVED + REJECTED CVE-2017-17081 (The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 3.4 ...) - ffmpeg [stretch] - ffmpeg (Can wait for the next 3.2.x release) @@ -9580,8 +9580,8 @@ [jessie] - poppler (Minor issue) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102687 NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=476394e7a025e02e4897da2e765df2c895d0708f -CVE-2017-14516 - RESERVED +CVE-2017-14516 (Cross-Site Scripting (XSS) exists in SAP Business Objects Financial ...) + TODO: check CVE-2017-14515 (Heap-based Buffer Overflow on Tenda W15E devices before 15.11.0.14 ...) NOT-FOR-US: Tenda W15E devices CVE-2017-14514 (Directory Traversal on Tenda W15E devices before 15.11.0.14 allows ...) @@ -26449,28 +26449,23 @@ NOTE: https://github.com/dinhviethoa/libetpan/issues/274 CVE-2017-8824 RESERVED -CVE-2017-8823 [TROVE-2017-013: Use-after-free in onion service v2] - RESERVED +CVE-2017-8823 (In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 ...) - tor 0.3.1.9-1 NOTE: https://bugs.torproject.org/24313 NOTE: https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516 -CVE-2017-8822 [TROVE-2017-012: Relays can pick themselves in a circuit path] - RESERVED +CVE-2017-8822 (In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 ...) - tor 0.3.1.9-1 NOTE: https://bugs.torproject.org/21534 NOTE: https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516 -CVE-2017-8821 [TROVE-2017-011: An attacker can make Tor ask for a password] - RESERVED +CVE-2017-8821 (In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 ...) - tor 0.3.1.9-1 NOTE: https://bugs.torproject.org/24246 NOTE: https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516 -CVE-2017-8820 [TROVE-2017-010: Remote DoS attack against directory authorities] - RESERVED +CVE-2017-8820 (In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 ...) - tor 0.3.1.9-1 NOTE: https://bugs.torproject.org/24245 NOTE: https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516 -CVE-2017-8819 [TROVE-2017-009: Replay-cache ineffective for v2 onion services] - RESERVED +CVE-2017-8819 (In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 ...) - tor 0.3.1.9-1 NOTE: https://bugs.torproject.org/24244 NOTE: https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58209 - data/CVE
Author: sectracker Date: 2017-12-02 09:10:16 + (Sat, 02 Dec 2017) New Revision: 58209 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-12-02 08:42:31 UTC (rev 58208) +++ data/CVE/list 2017-12-02 09:10:16 UTC (rev 58209) @@ -1,3 +1,5 @@ +CVE-2017-17090 (An issue was discovered in chan_skinny.c in Asterisk Open Source ...) + TODO: check CVE-2018-1040 RESERVED CVE-2018-1039 @@ -600,23 +602,23 @@ RESERVED CVE-2017-17089 RESERVED -CVE-2017-17091 [Use a properly generated hash for the 'newbloguser' key instead of a determinate substring] +CVE-2017-17091 (wp-admin/user-new.php in WordPress before 4.9.1 sets the newbloguser ...) - wordpress NOTE: https://github.com/WordPress/WordPress/commit/eaf1cfdc1fe0bdffabd8d879c591b864d833326c NOTE: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/ -CVE-2017-17093 [Add escaping to the language attributes used on 'html' elements] +CVE-2017-17093 (wp-includes/general-template.php in WordPress before 4.9.1 does not ...) - wordpress NOTE: https://github.com/WordPress/WordPress/commit/3713ac5ebc90fb2011e98dfd691420f43da6c09a NOTE: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/ -CVE-2017-17094 [Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds] +CVE-2017-17094 (wp-includes/feed.php in WordPress before 4.9.1 does not properly ...) - wordpress NOTE: https://github.com/WordPress/WordPress/commit/f1de7e42df29395c3314bf85bff3d1f4f90541de NOTE: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/ -CVE-2017-17092 [Remove the ability to upload JavaScript files for users who do not have the 'unfiltered_html' capability] +CVE-2017-17092 (wp-includes/functions.php in WordPress before 4.9.1 does not require ...) - wordpress NOTE: https://github.com/WordPress/WordPress/commit/67d03a98c2cae5f41843c897f206adde299b0509 NOTE: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/ -CVE-2017-17095 [heap-based buffer overflow in the pal2rgb tool] +CVE-2017-17095 (tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to ...) - tiff (unimportant) - tiff3 (unimportant) NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2750 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58195 - data/CVE
Author: sectracker Date: 2017-12-01 21:10:21 + (Fri, 01 Dec 2017) New Revision: 58195 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-12-01 19:56:17 UTC (rev 58194) +++ data/CVE/list 2017-12-01 21:10:21 UTC (rev 58195) @@ -1,3 +1,605 @@ +CVE-2018-1040 + RESERVED +CVE-2018-1039 + RESERVED +CVE-2018-1038 + RESERVED +CVE-2018-1037 + RESERVED +CVE-2018-1036 + RESERVED +CVE-2018-1035 + RESERVED +CVE-2018-1034 + RESERVED +CVE-2018-1033 + RESERVED +CVE-2018-1032 + RESERVED +CVE-2018-1031 + RESERVED +CVE-2018-1030 + RESERVED +CVE-2018-1029 + RESERVED +CVE-2018-1028 + RESERVED +CVE-2018-1027 + RESERVED +CVE-2018-1026 + RESERVED +CVE-2018-1025 + RESERVED +CVE-2018-1024 + RESERVED +CVE-2018-1023 + RESERVED +CVE-2018-1022 + RESERVED +CVE-2018-1021 + RESERVED +CVE-2018-1020 + RESERVED +CVE-2018-1019 + RESERVED +CVE-2018-1018 + RESERVED +CVE-2018-1017 + RESERVED +CVE-2018-1016 + RESERVED +CVE-2018-1015 + RESERVED +CVE-2018-1014 + RESERVED +CVE-2018-1013 + RESERVED +CVE-2018-1012 + RESERVED +CVE-2018-1011 + RESERVED +CVE-2018-1010 + RESERVED +CVE-2018-1009 + RESERVED +CVE-2018-1008 + RESERVED +CVE-2018-1007 + RESERVED +CVE-2018-1006 + RESERVED +CVE-2018-1005 + RESERVED +CVE-2018-1004 + RESERVED +CVE-2018-1003 + RESERVED +CVE-2018-1002 + RESERVED +CVE-2018-1001 + RESERVED +CVE-2018-1000 + RESERVED +CVE-2018-0999 + RESERVED +CVE-2018-0998 + RESERVED +CVE-2018-0997 + RESERVED +CVE-2018-0996 + RESERVED +CVE-2018-0995 + RESERVED +CVE-2018-0994 + RESERVED +CVE-2018-0993 + RESERVED +CVE-2018-0992 + RESERVED +CVE-2018-0991 + RESERVED +CVE-2018-0990 + RESERVED +CVE-2018-0989 + RESERVED +CVE-2018-0988 + RESERVED +CVE-2018-0987 + RESERVED +CVE-2018-0986 + RESERVED +CVE-2018-0985 + RESERVED +CVE-2018-0984 + RESERVED +CVE-2018-0983 + RESERVED +CVE-2018-0982 + RESERVED +CVE-2018-0981 + RESERVED +CVE-2018-0980 + RESERVED +CVE-2018-0979 + RESERVED +CVE-2018-0978 + RESERVED +CVE-2018-0977 + RESERVED +CVE-2018-0976 + RESERVED +CVE-2018-0975 + RESERVED +CVE-2018-0974 + RESERVED +CVE-2018-0973 + RESERVED +CVE-2018-0972 + RESERVED +CVE-2018-0971 + RESERVED +CVE-2018-0970 + RESERVED +CVE-2018-0969 + RESERVED +CVE-2018-0968 + RESERVED +CVE-2018-0967 + RESERVED +CVE-2018-0966 + RESERVED +CVE-2018-0965 + RESERVED +CVE-2018-0964 + RESERVED +CVE-2018-0963 + RESERVED +CVE-2018-0962 + RESERVED +CVE-2018-0961 + RESERVED +CVE-2018-0960 + RESERVED +CVE-2018-0959 + RESERVED +CVE-2018-0958 + RESERVED +CVE-2018-0957 + RESERVED +CVE-2018-0956 + RESERVED +CVE-2018-0955 + RESERVED +CVE-2018-0954 + RESERVED +CVE-2018-0953 + RESERVED +CVE-2018-0952 + RESERVED +CVE-2018-0951 + RESERVED +CVE-2018-0950 + RESERVED +CVE-2018-0949 + RESERVED +CVE-2018-0948 + RESERVED +CVE-2018-0947 + RESERVED +CVE-2018-0946 + RESERVED +CVE-2018-0945 + RESERVED +CVE-2018-0944 + RESERVED +CVE-2018-0943 + RESERVED +CVE-2018-0942 + RESERVED +CVE-2018-0941 + RESERVED +CVE-2018-0940 + RESERVED +CVE-2018-0939 + RESERVED +CVE-2018-0938 + RESERVED +CVE-2018-0937 + RESERVED +CVE-2018-0936 + RESERVED +CVE-2018-0935 + RESERVED +CVE-2018-0934 + RESERVED +CVE-2018-0933 + RESERVED +CVE-2018-0932 + RESERVED +CVE-2018-0931 + RESERVED +CVE-2018-0930 + RESERVED +CVE-2018-0929 + RESERVED +CVE-2018-0928 + RESERVED +CVE-2018-0927 + RESERVED +CVE-2018-0926 + RESERVED +CVE-2018-0925 + RESERVED +CVE-2018-0924 + RESERVED +CVE-2018-0923 + RESERVED +CVE-2018-0922 + RESERVED +CVE-2018-0921 + RESERVED +CVE-2018-0920 + RESERVED +CVE-2018-0919 + RESERVED +CVE-2018-0918 + RESERVED +CVE-2018-0917 + RESERVED +CVE-2018-0916 + RESERVED +CVE-2018-0915 + RESERVED +CVE-2018-0914 + RESERVED +CVE-2018-0913 + RESERVED +CVE-2018-0912 + RESERVED +CVE-2018-0911 + RESERVED +CVE-2018-0910 + RESERVED +CVE-2018-0909 + RESERVED +CVE-2018-0908 + RESERVED +CVE-2018-0907 + RESERVED +CVE-2018-0906 + RESERVED +CVE-2018-0905 + RESERVED +CVE-2018-0904 + RESERVED +CVE-2018-0903 + RESERVED +CVE-2018-0902 + RESERVED +CVE-2018-0901 + RESERVED +CVE-2018-0900 + RESERVED +CVE-2018-0899 + RESERVED +CVE-2018-0898 + RESERVED +CVE-2018-0897 + RESERVED +CVE-2018-0896 +
[Secure-testing-commits] r58166 - data/CVE
Author: sectracker Date: 2017-12-01 09:10:17 + (Fri, 01 Dec 2017) New Revision: 58166 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-12-01 07:38:45 UTC (rev 58165) +++ data/CVE/list 2017-12-01 09:10:17 UTC (rev 58166) @@ -1,3 +1,21 @@ +CVE-2017-17088 + RESERVED +CVE-2017-17087 (fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp ...) + TODO: check +CVE-2017-17086 (Indeo Otter through 1.7.4 mishandles a /script substring in an ...) + TODO: check +CVE-2017-17085 (In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety ...) + TODO: check +CVE-2017-17084 (In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the IWARP_MPA ...) + TODO: check +CVE-2017-17083 (In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dissector ...) + TODO: check +CVE-2017-17082 + RESERVED +CVE-2017-17081 (The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 3.4 ...) + TODO: check +CVE-2017-17080 (elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as ...) + TODO: check CVE-2018-0740 RESERVED CVE-2018-0739 @@ -1793,10 +1811,9 @@ RESERVED CVE-2017-16885 RESERVED -CVE-2017-1000406 +CVE-2017-1000406 (OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a ...) NOT-FOR-US: OpenDayLight -CVE-2017-1000405 ["Dirty COW" variant on transparent huge pages] - RESERVED +CVE-2017-1000405 (The Linux Kernel versions 2.6.38 through 4.14 have a problematic use ...) - linux 4.14.2-1 NOTE: Fixed by: https://git.kernel.org/linus/a8f97366452ed491d13cf1e44241bc0b5740b1f0 NOTE: http://www.openwall.com/lists/oss-security/2017/11/30/1 @@ -5609,6 +5626,7 @@ [jessie] - musl (Minor issue) NOTE: https://git.musl-libc.org/cgit/musl/patch/?id=45ca5d3fcb6f874bf5ba55d0e9651cef68515395 CVE-2017-15642 (In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is ...) + {DLA-1197-1} - sox 14.4.2-2 (bug #882144) [stretch] - sox (Minor issue) [jessie] - sox (Minor issue) @@ -5689,8 +5707,8 @@ NOT-FOR-US: Octopus Deploy CVE-2017-15608 RESERVED -CVE-2017-15607 - RESERVED +CVE-2017-15607 (Inedo Otter before 1.7.4 has directory traversal in filesystem-based ...) + TODO: check CVE-2017-15606 RESERVED CVE-2017-15605 @@ -6274,6 +6292,7 @@ CVE-2017-15373 (E-Sic 1.0 allows SQL injection via the q parameter to ...) NOT-FOR-US: E-Sic CVE-2017-15372 (There is a stack-based buffer overflow in the ...) + {DLA-1197-1} - sox 14.4.2-2 (bug #878808) [stretch] - sox (Minor issue) [jessie] - sox (Minor issue) @@ -18354,19 +18373,17 @@ RESERVED CVE-2017-11287 RESERVED -CVE-2017-11286 - RESERVED -CVE-2017-11285 - RESERVED -CVE-2017-11284 - RESERVED -CVE-2017-11283 - RESERVED -CVE-2017-11282 - RESERVED +CVE-2017-11286 (Adobe ColdFusion has an XML external entity (XXE) injection ...) + TODO: check +CVE-2017-11285 (Adobe ColdFusion has a cross-site scripting (XSS) vulnerability. This ...) + TODO: check +CVE-2017-11284 (Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. ...) + TODO: check +CVE-2017-11283 (Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. ...) + TODO: check +CVE-2017-11282 (Adobe Flash Player has an exploitable memory corruption vulnerability ...) NOT-FOR-US: Adobe -CVE-2017-11281 - RESERVED +CVE-2017-11281 (Adobe Flash Player has an exploitable memory corruption vulnerability ...) NOT-FOR-US: Adobe CVE-2017-11280 (Adobe Digital Editions 4.5.4 and earlier has an exploitable memory ...) NOT-FOR-US: Adobe @@ -43632,10 +43649,10 @@ NOT-FOR-US: Adobe CVE-2017-3106 (Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash Player -CVE-2017-3105 - RESERVED -CVE-2017-3104 - RESERVED +CVE-2017-3105 (Adobe RoboHelp has an Open Redirect vulnerability. This affects ...) + TODO: check +CVE-2017-3104 (Adobe RoboHelp has a cross-site scripting (XSS) vulnerability. This ...) + TODO: check CVE-2017-3103 (Adobe Connect versions 9.6.1 and earlier have a stored cross-site ...) NOT-FOR-US: Adobe Connect CVE-2017-3102 (Adobe Connect versions 9.6.1 and earlier have a reflected cross-site ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58158 - data/CVE
Author: sectracker Date: 2017-11-30 21:10:21 + (Thu, 30 Nov 2017) New Revision: 58158 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-30 21:08:48 UTC (rev 58157) +++ data/CVE/list 2017-11-30 21:10:21 UTC (rev 58158) @@ -1,3 +1,47 @@ +CVE-2018-0740 + RESERVED +CVE-2018-0739 + RESERVED +CVE-2018-0738 + RESERVED +CVE-2018-0737 + RESERVED +CVE-2018-0736 + RESERVED +CVE-2018-0735 + RESERVED +CVE-2018-0734 + RESERVED +CVE-2018-0733 + RESERVED +CVE-2018-0732 + RESERVED +CVE-2018-0731 + RESERVED +CVE-2017-17079 + RESERVED +CVE-2017-17078 + RESERVED +CVE-2017-17077 + RESERVED +CVE-2017-17076 + RESERVED +CVE-2017-17075 + RESERVED +CVE-2017-17074 + RESERVED +CVE-2017-17073 + RESERVED +CVE-2017-17072 + RESERVED +CVE-2017-17071 + RESERVED +CVE-2017-17070 + RESERVED +CVE-2017-17069 + RESERVED +CVE-2017-17068 + RESERVED CVE-2017-17067 (Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before ...) TODO: check CVE-2017-17066 @@ -2,4 +46,4 @@ RESERVED -CVE-2017-17065 - RESERVED +CVE-2017-17065 (An issue was discovered on D-Link DIR-605L Model B before ...) + TODO: check CVE-2017-17064 @@ -1603,6 +1647,7 @@ - linux 4.13.13-1 NOTE: Fixed by: https://git.kernel.org/linus/1137b5e2529a8f5ca8ee709288ecba3e68044df2 CVE-2017-16938 (A global buffer overflow in OptiPNG 0.7.6 allows remote attackers to ...) + {DLA-1196-1} - optipng (bug #878839) NOTE: https://sourceforge.net/p/optipng/bugs/69/ CVE-2017-16937 @@ -1624,12 +1669,14 @@ NOTE: https://github.com/Cacti/cacti/commit/69983495cd41bf0903fe02baeef84b1fa85f2846 NOTE: Fix for the incomplete fix for CVE-2016-2313 CVE-2017-16932 (parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in ...) + {DLA-1194-1} - libxml2 (bug #882613) [stretch] - libxml2 (Minor issue) [jessie] - libxml2 (Minor issue) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=759579 NOTE: https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961 CVE-2017-16931 (parser.c in libxml2 before 2.9.5 mishandles parameter-entity references ...) + {DLA-1194-1} - libxml2 2.9.4+dfsg1-3.1 [stretch] - libxml2 2.9.4+dfsg1-2.2+deb9u1 [jessie] - libxml2 2.9.1+dfsg1-5+deb8u5 @@ -6232,11 +6279,13 @@ [jessie] - sox (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1500553 CVE-2017-15371 (There is a reachable assertion abort in the function ...) + {DLA-1197-1} - sox 14.4.2-2 (bug #878809) [stretch] - sox (Minor issue) [jessie] - sox (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1500570 CVE-2017-15370 (There is a heap-based buffer overflow in the ImaExpandS function of ...) + {DLA-1197-1} - sox 14.4.2-2 (bug #878810) [stretch] - sox (Minor issue) [jessie] - sox (Minor issue) @@ -6935,8 +6984,8 @@ NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05045.html CVE-2017-15117 REJECTED -CVE-2017-15116 - RESERVED +CVE-2017-15116 (The rngapi_reset function in crypto/rng.c in the Linux kernel before ...) + TODO: check CVE-2017-15115 (The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel ...) - linux 4.13.13-1 NOTE: https://git.kernel.org/linus/df80cd9b28b9ebaa284a41df611dbf3a2d05ca74 (v4.14-rc6) @@ -7596,8 +7645,8 @@ NOT-FOR-US: Wordpress plugin CVE-2015-9233 (The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) ...) NOT-FOR-US: Wordpress plugin -CVE-2017-14949 - RESERVED +CVE-2017-14949 (Restlet Framework before 2.3.12 allows remote attackers to access ...) + TODO: check CVE-2017-14948 RESERVED CVE-2017-14947 (Artifex GSView 6.0 Beta on Windows allows attackers to execute ...) @@ -7824,8 +7873,7 @@ RESERVED CVE-2017-14869 RESERVED -CVE-2017-14868 - RESERVED +CVE-2017-14868 (Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows ...) - restlet (bug #596472) CVE-2017-14866 (There is a heap-based buffer overflow in the Exiv2::s2Data function of ...) [experimental] - exiv2 (bug #880015) @@ -14524,8 +14572,7 @@ NOT-FOR-US: Apache Camel CVE-2017-12632 RESERVED -CVE-2017-12631 - RESERVED +CVE-2017-12631 (Apache CXF Fediz ships with a number of container-specific plugins to ...) NOT-FOR-US: Apache CXF CVE-2017-12630 RESERVED @@ -15263,96 +15310,96 @@ RESERVED CVE-2017-12373 RESERVED -CVE-2017-12372 - RESERVED -CVE-2017-12371 - RESERVED -CVE-2017-12370 - RESERVED -CVE-2017-12369 -
[Secure-testing-commits] r58135 - data/CVE
Author: sectracker Date: 2017-11-30 09:10:14 + (Thu, 30 Nov 2017) New Revision: 58135 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-30 07:48:36 UTC (rev 58134) +++ data/CVE/list 2017-11-30 09:10:14 UTC (rev 58135) @@ -1,3 +1,5 @@ +CVE-2017-17067 (Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before ...) + TODO: check CVE-2017-17066 RESERVED CVE-2017-17065 @@ -1575,6 +1577,7 @@ [wheezy] - libsndfile (Minor issue) NOTE: https://github.com/erikd/libsndfile/issues/341 CVE-2017-16944 (The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 ...) + {DSA-4053-1} - exim4 4.89-13 (bug #882671) [jessie] - exim4 (ESMTP CHUNKING extension introduced in 4.88) [wheezy] - exim4 (ESMTP CHUNKING extension introduced in 4.88) @@ -1583,6 +1586,7 @@ NOTE: https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html NOTE: 4.89-10 adds a workaround which disables the affected code by default CVE-2017-16943 (The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 ...) + {DSA-4053-1} - exim4 4.89-12 (bug #882648) [jessie] - exim4 (ESMTP CHUNKING extension introduced in 4.88) [wheezy] - exim4 (ESMTP CHUNKING extension introduced in 4.88) @@ -1745,6 +1749,7 @@ CVE-2017-1000406 NOT-FOR-US: OpenDayLight CVE-2017-1000405 ["Dirty COW" variant on transparent huge pages] + RESERVED - linux NOTE: Fixed by: https://git.kernel.org/linus/a8f97366452ed491d13cf1e44241bc0b5740b1f0 NOTE: http://www.openwall.com/lists/oss-security/2017/11/30/1 @@ -8650,8 +8655,8 @@ RESERVED CVE-2017-14592 RESERVED -CVE-2017-14591 - RESERVED +CVE-2017-14591 (Atlassian Fisheye and Crucible versions less than 4.4.3 and version ...) + TODO: check CVE-2017-14590 RESERVED CVE-2017-14589 @@ -9762,12 +9767,12 @@ RESERVED CVE-2017-14199 RESERVED -CVE-2017-14198 - RESERVED -CVE-2017-14197 - RESERVED -CVE-2017-14196 - RESERVED +CVE-2017-14198 (An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before ...) + TODO: check +CVE-2017-14197 (An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before ...) + TODO: check +CVE-2017-14196 (An issue was discovered in Squiz Matrix from 5.3 through to 5.3.6.1 and ...) + TODO: check CVE-2017-14195 (The call_msg function in controllers/Form.php in dayrui FineCms 5.0.11 ...) NOT-FOR-US: dayrui FineCms CVE-2017-14194 (The out function in controllers/member/Login.php in dayrui FineCms ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58123 - data/CVE
Author: sectracker Date: 2017-11-29 21:10:19 + (Wed, 29 Nov 2017) New Revision: 58123 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-29 19:50:37 UTC (rev 58122) +++ data/CVE/list 2017-11-29 21:10:19 UTC (rev 58123) @@ -1,3 +1,21 @@ +CVE-2017-17066 + RESERVED +CVE-2017-17065 + RESERVED +CVE-2017-17064 + RESERVED +CVE-2017-17063 + RESERVED +CVE-2017-17062 + RESERVED +CVE-2017-17061 + RESERVED +CVE-2017-17060 + RESERVED +CVE-2017-17059 (XSS exists in the amtyThumb amty-thumb-recent-post (aka amtyThumb posts ...) + TODO: check +CVE-2017-1000385 + RESERVED CVE-2017-17058 (The WooCommerce plugin through 3.x for WordPress has a Directory ...) NOT-FOR-US: WooCommerce plugin for WordPress CVE-2017-17057 @@ -1727,42 +1745,61 @@ CVE-2017-1000406 NOT-FOR-US: OpenDayLight CVE-2017-1000404 + RESERVED NOT-FOR-US: Jenkins plugin CVE-2017-1000403 + RESERVED NOT-FOR-US: Jenkins plugin CVE-2017-1000402 + RESERVED NOT-FOR-US: Jenkins plugin CVE-2017-1000401 + RESERVED NOT-FOR-US: Jenkins CVE-2017-1000400 + RESERVED NOT-FOR-US: Jenkins CVE-2017-1000399 + RESERVED NOT-FOR-US: Jenkins CVE-2017-1000398 + RESERVED NOT-FOR-US: Jenkins CVE-2017-1000397 + RESERVED NOT-FOR-US: Jenkins plugin CVE-2017-1000396 + RESERVED NOT-FOR-US: Jenkins CVE-2017-1000395 + RESERVED NOT-FOR-US: Jenkins CVE-2017-1000394 + RESERVED NOT-FOR-US: Jenkins CVE-2017-1000393 + RESERVED NOT-FOR-US: Jenkins CVE-2017-1000392 + RESERVED NOT-FOR-US: Jenkins CVE-2017-1000391 + RESERVED NOT-FOR-US: Jenkins CVE-2017-1000390 + RESERVED NOT-FOR-US: Jenkins plugin CVE-2017-1000389 + RESERVED NOT-FOR-US: Jenkins plugin CVE-2017-1000388 + RESERVED NOT-FOR-US: Jenkins plugin CVE-2017-1000387 + RESERVED NOT-FOR-US: Jenkins plugin CVE-2017-1000386 + RESERVED NOT-FOR-US: Jenkins plugin CVE-2017-16884 RESERVED @@ -3737,6 +3774,7 @@ CVE-2017-16242 RESERVED CVE-2017-1000384 [Arbitrary file read] + RESERVED - passenger - ruby-passenger [jessie] - ruby-passenger (Minor issue) @@ -9203,10 +9241,10 @@ RESERVED CVE-2017-14379 (EMC RSA Authentication Manager before 8.2 SP1 P6 has a cross-site ...) NOT-FOR-US: EMC -CVE-2017-14378 - RESERVED -CVE-2017-14377 - RESERVED +CVE-2017-14378 (EMC RSA Authentication Agent API 8.5 for C and RSA Authentication Agent ...) + TODO: check +CVE-2017-14377 (EMC RSA Authentication Agent for Web: Apache Web Server version 8.0 and ...) + TODO: check CVE-2017-14376 (EMC AppSync Server prior to 3.5.0.1 contains database accounts with ...) NOT-FOR-US: EMC AppSync Server CVE-2017-14375 (EMC Unisphere for VMAX Virtual Appliance (vApp) versions prior to ...) @@ -9733,14 +9771,14 @@ RESERVED CVE-2017-14190 RESERVED -CVE-2017-14189 - RESERVED +CVE-2017-14189 (An improper access control vulnerability in Fortinet FortiWebManager ...) + TODO: check CVE-2017-14188 RESERVED CVE-2017-14187 RESERVED -CVE-2017-14186 - RESERVED +CVE-2017-14186 (A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 5.6.0 ...) + TODO: check CVE-2017-14185 RESERVED CVE-2017-14184 @@ -9836,7 +9874,7 @@ NOTE: http://www.openwall.com/lists/oss-security/2017/09/21/3 NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2330 CVE-2017-14176 (Bazaar through 2.7.0, when Subprocess SSH is used, allows remote ...) - {DLA-1107-1} + {DSA-4052-1 DLA-1107-1} - bzr 2.7.0+bzr6622-7 (bug #874429) NOTE: https://bugs.launchpad.net/bzr/+bug/1710979 CVE-2017-14159 (slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping ...) @@ -10608,8 +10646,8 @@ RESERVED CVE-2017-13873 RESERVED -CVE-2017-13872 - RESERVED +CVE-2017-13872 (An issue was discovered in certain Apple products. macOS High Sierra ...) + TODO: check CVE-2017-13871 RESERVED CVE-2017-13870 @@ -25627,21 +25665,20 @@ RESERVED CVE-2017-8819 RESERVED -CVE-2017-8818 [SSL out of buffer access] - RESERVED +CVE-2017-8818 (curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to ...) - curl [stretch] - curl (Vulnerable code not present) [jessie] - curl (Vulnerable code not present) [wheezy] - curl (Vulnerable code not present) NOTE: https://curl.haxx.se/docs/adv_2017-af0a.html NOTE: https://curl.haxx.se/CVE-2017-8818.patch -CVE-2017-8817 [FTP wildcard out of bounds read] - RESERVED +CVE-2017-8817 (The
[Secure-testing-commits] r58105 - data/CVE
Author: sectracker Date: 2017-11-29 09:10:23 + (Wed, 29 Nov 2017) New Revision: 58105 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-29 08:37:04 UTC (rev 58104) +++ data/CVE/list 2017-11-29 09:10:23 UTC (rev 58105) @@ -1,10 +1,32 @@ -CVE-2017-17053 [x86/mm: Fix use-after-free of ldt_struct] +CVE-2017-17058 (The WooCommerce plugin through 3.x for WordPress has a Directory ...) + TODO: check +CVE-2017-17057 + RESERVED +CVE-2017-17056 + RESERVED +CVE-2017-17055 + RESERVED +CVE-2017-17054 (In aubio 0.4.6, a divide-by-zero error exists in the function ...) + TODO: check +CVE-2017-17051 + RESERVED +CVE-2017-17050 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a ...) + TODO: check +CVE-2017-17049 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a ...) + TODO: check +CVE-2017-17048 + RESERVED +CVE-2017-17047 + RESERVED +CVE-2017-17043 (The Emag Marketplace Connector plugin 1.0.0 for WordPress has reflected ...) + TODO: check +CVE-2017-17053 (The init_new_context function in arch/x86/include/asm/mmu_context.h in ...) - linux 4.12.12-1 [stretch] - linux 4.9.47-1 [jessie] - linux (Vulnerable code not present) [wheezy] - linux (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/ccd5b3235180eef3cfec337df1c8554ab151b5cc -CVE-2017-17052 [fork: fix incorrect fput of ->exe_file causing use-after-free] +CVE-2017-17052 (The mm_init function in kernel/fork.c in the Linux kernel before ...) - linux 4.12.12-1 [stretch] - linux 4.9.47-1 [jessie] - linux (Vulnerable code not present) @@ -93,13 +115,16 @@ RESERVED CVE-2017-17027 RESERVED -CVE-2017-17045 [XSA-247: Missing p2m error checking in PoD code] +CVE-2017-17045 (An issue was discovered in Xen through 4.9.x allowing HVM guest OS ...) + {DSA-4050-1} - xen NOTE: https://xenbits.xen.org/xsa/advisory-247.html -CVE-2017-17044 [XSA-246: x86: infinite loop due to missing PoD error checking] +CVE-2017-17044 (An issue was discovered in Xen through 4.9.x allowing HVM guest OS ...) + {DSA-4050-1} - xen NOTE: https://xenbits.xen.org/xsa/advisory-246.html -CVE-2017-17046 [XSA-245: ARM: Some memory not scrubbed at boot] +CVE-2017-17046 (An issue was discovered in Xen through 4.9.x on the ARM platform ...) + {DSA-4050-1} - xen NOTE: https://xenbits.xen.org/xsa/advisory-245.html CVE-2018-0705 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58096 - data/CVE
Author: sectracker Date: 2017-11-28 21:10:17 + (Tue, 28 Nov 2017) New Revision: 58096 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-28 21:04:17 UTC (rev 58095) +++ data/CVE/list 2017-11-28 21:10:17 UTC (rev 58096) @@ -1,3 +1,85 @@ +CVE-2018-0730 + RESERVED +CVE-2018-0729 + RESERVED +CVE-2018-0728 + RESERVED +CVE-2018-0727 + RESERVED +CVE-2018-0726 + RESERVED +CVE-2018-0725 + RESERVED +CVE-2018-0724 + RESERVED +CVE-2018-0723 + RESERVED +CVE-2018-0722 + RESERVED +CVE-2018-0721 + RESERVED +CVE-2018-0720 + RESERVED +CVE-2018-0719 + RESERVED +CVE-2018-0718 + RESERVED +CVE-2018-0717 + RESERVED +CVE-2018-0716 + RESERVED +CVE-2018-0715 + RESERVED +CVE-2018-0714 + RESERVED +CVE-2018-0713 + RESERVED +CVE-2018-0712 + RESERVED +CVE-2018-0711 + RESERVED +CVE-2018-0710 + RESERVED +CVE-2018-0709 + RESERVED +CVE-2018-0708 + RESERVED +CVE-2018-0707 + RESERVED +CVE-2018-0706 + RESERVED +CVE-2017-17042 (lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not ...) + TODO: check +CVE-2017-17041 + RESERVED +CVE-2017-17040 + RESERVED +CVE-2017-17039 + RESERVED +CVE-2017-17038 + RESERVED +CVE-2017-17037 + RESERVED +CVE-2017-17036 + RESERVED +CVE-2017-17035 + RESERVED +CVE-2017-17034 + RESERVED +CVE-2017-17033 + RESERVED +CVE-2017-17032 + RESERVED +CVE-2017-17031 + RESERVED +CVE-2017-17030 + RESERVED +CVE-2017-17029 + RESERVED +CVE-2017-17028 + RESERVED +CVE-2017-17027 + RESERVED CVE-2017- [XSA-247: Missing p2m error checking in PoD code] - xen [stretch] - xen 4.8.2+xsa245-0+deb9u1 @@ -1419,10 +1501,10 @@ RESERVED CVE-2017-16953 RESERVED -CVE-2017-16952 - RESERVED -CVE-2017-16951 - RESERVED +CVE-2017-16952 (KMPlayer 4.2.2.4 allows remote attackers to cause a denial of service ...) + TODO: check +CVE-2017-16951 (Winamp Pro 5.66 Build 3512 allows remote attackers to cause a denial ...) + TODO: check CVE-2017-16950 RESERVED CVE-2017-16949 @@ -5309,8 +5391,8 @@ RESERVED CVE-2017-15674 RESERVED -CVE-2017-15673 - RESERVED +CVE-2017-15673 (The files function in the administration section in CS-Cart 4.6.2 and ...) + TODO: check CVE-2017-15672 (The read_header function in libavcodec/ffv1dec.c in FFmpeg 3.3.4 and ...) {DSA-4049-1} - ffmpeg 7:3.4-1 @@ -5500,6 +5582,7 @@ CVE-2017-15598 RESERVED CVE-2017-15597 (An issue was discovered in Xen through 4.9.x. Grant copying code made ...) + {DSA-4050-1} - xen NOTE: https://xenbits.xen.org/xsa/advisory-236.html CVE-2017-15586 @@ -6249,35 +6332,38 @@ CVE-2017-15290 (Mirasys Video Management System (VMS) 6.x before 6.4.6, 7.x before ...) NOT-FOR-US: Mirasys Video Management System CVE-2017-15594 (An issue was discovered in Xen through 4.9.x allowing x86 SVM PV guest ...) + {DSA-4050-1} - xen [wheezy] - xen (minor issue) NOTE: https://xenbits.xen.org/xsa/advisory-244.html CVE-2017-15592 (An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS ...) - {DLA-1181-1} + {DSA-4050-1 DLA-1181-1} - xen NOTE: https://xenbits.xen.org/xsa/advisory-243.html CVE-2017-15593 (An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS ...) - {DLA-1181-1} + {DSA-4050-1 DLA-1181-1} - xen NOTE: https://xenbits.xen.org/xsa/advisory-242.html CVE-2017-15588 (An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS ...) - {DLA-1181-1} + {DSA-4050-1 DLA-1181-1} - xen NOTE: https://xenbits.xen.org/xsa/advisory-241.html CVE-2017-15595 (An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS ...) - {DLA-1181-1} + {DSA-4050-1 DLA-1181-1} - xen NOTE: https://xenbits.xen.org/xsa/advisory-240.html CVE-2017-15589 (An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS ...) - {DLA-1181-1} + {DSA-4050-1 DLA-1181-1} - xen NOTE: https://xenbits.xen.org/xsa/advisory-239.html CVE-2017-15591 (An issue was discovered in Xen 4.5.x through 4.9.x allowing attackers ...) + {DSA-4050-1} - xen [jessie] - xen (Only affects 4.5 and later) [wheezy] - xen (Only affects 4.5 and later) NOTE: https://xenbits.xen.org/xsa/advisory-238.html CVE-2017-15590 (An issue was discovered in Xen through 4.9.x allowing x86 guest OS ...) + {DSA-4050-1} - xen NOTE: https://xenbits.xen.org/xsa/advisory-237.html CVE-2017-15289 (The mode4and5 write functions in hw/display/cirrus_vga.c in
[Secure-testing-commits] r58075 - data/CVE
Author: sectracker Date: 2017-11-28 09:10:21 + (Tue, 28 Nov 2017) New Revision: 58075 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-28 05:35:21 UTC (rev 58074) +++ data/CVE/list 2017-11-28 09:10:21 UTC (rev 58075) @@ -1,3 +1,511 @@ +CVE-2018-0705 + RESERVED +CVE-2018-0704 + RESERVED +CVE-2018-0703 + RESERVED +CVE-2018-0702 + RESERVED +CVE-2018-0701 + RESERVED +CVE-2018-0700 + RESERVED +CVE-2018-0699 + RESERVED +CVE-2018-0698 + RESERVED +CVE-2018-0697 + RESERVED +CVE-2018-0696 + RESERVED +CVE-2018-0695 + RESERVED +CVE-2018-0694 + RESERVED +CVE-2018-0693 + RESERVED +CVE-2018-0692 + RESERVED +CVE-2018-0691 + RESERVED +CVE-2018-0690 + RESERVED +CVE-2018-0689 + RESERVED +CVE-2018-0688 + RESERVED +CVE-2018-0687 + RESERVED +CVE-2018-0686 + RESERVED +CVE-2018-0685 + RESERVED +CVE-2018-0684 + RESERVED +CVE-2018-0683 + RESERVED +CVE-2018-0682 + RESERVED +CVE-2018-0681 + RESERVED +CVE-2018-0680 + RESERVED +CVE-2018-0679 + RESERVED +CVE-2018-0678 + RESERVED +CVE-2018-0677 + RESERVED +CVE-2018-0676 + RESERVED +CVE-2018-0675 + RESERVED +CVE-2018-0674 + RESERVED +CVE-2018-0673 + RESERVED +CVE-2018-0672 + RESERVED +CVE-2018-0671 + RESERVED +CVE-2018-0670 + RESERVED +CVE-2018-0669 + RESERVED +CVE-2018-0668 + RESERVED +CVE-2018-0667 + RESERVED +CVE-2018-0666 + RESERVED +CVE-2018-0665 + RESERVED +CVE-2018-0664 + RESERVED +CVE-2018-0663 + RESERVED +CVE-2018-0662 + RESERVED +CVE-2018-0661 + RESERVED +CVE-2018-0660 + RESERVED +CVE-2018-0659 + RESERVED +CVE-2018-0658 + RESERVED +CVE-2018-0657 + RESERVED +CVE-2018-0656 + RESERVED +CVE-2018-0655 + RESERVED +CVE-2018-0654 + RESERVED +CVE-2018-0653 + RESERVED +CVE-2018-0652 + RESERVED +CVE-2018-0651 + RESERVED +CVE-2018-0650 + RESERVED +CVE-2018-0649 + RESERVED +CVE-2018-0648 + RESERVED +CVE-2018-0647 + RESERVED +CVE-2018-0646 + RESERVED +CVE-2018-0645 + RESERVED +CVE-2018-0644 + RESERVED +CVE-2018-0643 + RESERVED +CVE-2018-0642 + RESERVED +CVE-2018-0641 + RESERVED +CVE-2018-0640 + RESERVED +CVE-2018-0639 + RESERVED +CVE-2018-0638 + RESERVED +CVE-2018-0637 + RESERVED +CVE-2018-0636 + RESERVED +CVE-2018-0635 + RESERVED +CVE-2018-0634 + RESERVED +CVE-2018-0633 + RESERVED +CVE-2018-0632 + RESERVED +CVE-2018-0631 + RESERVED +CVE-2018-0630 + RESERVED +CVE-2018-0629 + RESERVED +CVE-2018-0628 + RESERVED +CVE-2018-0627 + RESERVED +CVE-2018-0626 + RESERVED +CVE-2018-0625 + RESERVED +CVE-2018-0624 + RESERVED +CVE-2018-0623 + RESERVED +CVE-2018-0622 + RESERVED +CVE-2018-0621 + RESERVED +CVE-2018-0620 + RESERVED +CVE-2018-0619 + RESERVED +CVE-2018-0618 + RESERVED +CVE-2018-0617 + RESERVED +CVE-2018-0616 + RESERVED +CVE-2018-0615 + RESERVED +CVE-2018-0614 + RESERVED +CVE-2018-0613 + RESERVED +CVE-2018-0612 + RESERVED +CVE-2018-0611 + RESERVED +CVE-2018-0610 + RESERVED +CVE-2018-0609 + RESERVED +CVE-2018-0608 + RESERVED +CVE-2018-0607 + RESERVED +CVE-2018-0606 + RESERVED +CVE-2018-0605 + RESERVED +CVE-2018-0604 + RESERVED +CVE-2018-0603 + RESERVED +CVE-2018-0602 + RESERVED +CVE-2018-0601 + RESERVED +CVE-2018-0600 + RESERVED +CVE-2018-0599 + RESERVED +CVE-2018-0598 + RESERVED +CVE-2018-0597 + RESERVED +CVE-2018-0596 + RESERVED +CVE-2018-0595 + RESERVED +CVE-2018-0594 + RESERVED +CVE-2018-0593 + RESERVED +CVE-2018-0592 + RESERVED +CVE-2018-0591 + RESERVED +CVE-2018-0590 + RESERVED +CVE-2018-0589 + RESERVED +CVE-2018-0588 + RESERVED +CVE-2018-0587 + RESERVED +CVE-2018-0586 + RESERVED +CVE-2018-0585 + RESERVED +CVE-2018-0584 + RESERVED +CVE-2018-0583 + RESERVED +CVE-2018-0582 + RESERVED +CVE-2018-0581 + RESERVED +CVE-2018-0580 + RESERVED +CVE-2018-0579 + RESERVED +CVE-2018-0578 + RESERVED +CVE-2018-0577 + RESERVED +CVE-2018-0576 + RESERVED +CVE-2018-0575 + RESERVED +CVE-2018-0574 + RESERVED +CVE-2018-0573 + RESERVED +CVE-2018-0572 + RESERVED +CVE-2018-0571 + RESERVED +CVE-2018-0570 + RESERVED +CVE-2018-0569 + RESERVED +CVE-2018-0568 + RESERVED +CVE-2018-0567 + RESERVED +CVE-2018-0566 + RESERVED +CVE-2018-0565 + RESERVED +CVE-2018-0564 + RESERVED +CVE-2018-0563 + RESERVED +CVE-2018-0562 + RESERVED +CVE-2018-0561 +
[Secure-testing-commits] r58059 - data/CVE
Author: sectracker Date: 2017-11-27 21:10:20 + (Mon, 27 Nov 2017) New Revision: 58059 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-27 20:37:03 UTC (rev 58058) +++ data/CVE/list 2017-11-27 21:10:20 UTC (rev 58059) @@ -1,3 +1,15 @@ +CVE-2017-1001004 (typed-function before 0.10.6 had an arbitrary code execution in the ...) + TODO: check +CVE-2017-1001003 (math.js before 3.17.0 had an issue where private properties such as a ...) + TODO: check +CVE-2017-1001002 (math.js before 3.17.0 had an arbitrary code execution in the ...) + TODO: check +CVE-2017-1000214 (GitPHP by xiphux is vulnerable to OS Command Injections ...) + TODO: check +CVE-2017-1000207 (A vulnerability in Swagger-Parser's version = 1.0.30 and Swagger ...) + TODO: check +CVE-2017-1000159 (Command injection in evince 3.24.8 via filename when printing to PDF ...) + TODO: check CVE-2018-0485 RESERVED CVE-2018-0484 @@ -798,7 +810,7 @@ RESERVED CVE-2018-0086 RESERVED -CVE-2017-16994 +CVE-2017-16994 (The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel ...) - linux NOTE: Fixed by: https://git.kernel.org/linus/373c4557d2aa362702c4c2d41288fb1e54990b7c (4.15-rc1) CVE-2017-16993 @@ -863,22 +875,22 @@ RESERVED CVE-2017-16963 RESERVED -CVE-2017-16962 - RESERVED -CVE-2017-16961 - RESERVED -CVE-2017-16960 - RESERVED -CVE-2017-16959 - RESERVED -CVE-2017-16958 - RESERVED -CVE-2017-16957 - RESERVED -CVE-2017-16956 - RESERVED -CVE-2017-16955 - RESERVED +CVE-2017-16962 (The WebMail components (Crystal, pronto, and pronto4) in CommuniGate ...) + TODO: check +CVE-2017-16961 (A SQL injection vulnerability in core/inc/auto-modules.php in BigTree ...) + TODO: check +CVE-2017-16960 (TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote ...) + TODO: check +CVE-2017-16959 (The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, ...) + TODO: check +CVE-2017-16958 (TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote ...) + TODO: check +CVE-2017-16957 (TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote ...) + TODO: check +CVE-2017-16956 (b3log Symphony (aka Sym) 2.2.0 allows an XSS attack by sending a ...) + TODO: check +CVE-2017-16955 (SQL injection vulnerability in the InLinks plugin through 1.1 for ...) + TODO: check CVE-2017-16954 RESERVED CVE-2017-16953 @@ -6202,14 +6214,13 @@ CVE-2017-15118 RESERVED CVE-2017-15117 - RESERVED + REJECTED CVE-2017-15116 RESERVED CVE-2017-15115 (The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel ...) - linux 4.13.13-1 NOTE: https://git.kernel.org/linus/df80cd9b28b9ebaa284a41df611dbf3a2d05ca74 (v4.14-rc6) -CVE-2017-15114 [Passwordless access for non-libvirt related services when using shared certificate authority] - RESERVED +CVE-2017-15114 (When libvirtd is configured by OSP director (tripleo-heat-templates) ...) - tripleo-heat-templates (Vulnerability introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1510015 NOTE: Bug: https://bugs.launchpad.net/tripleo/+bug/1730370 @@ -6250,8 +6261,7 @@ - liblouis (Incomplete fix not applied in Debian) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1492701#c12 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1511023 -CVE-2017-15100 - RESERVED +CVE-2017-15100 (An attacker submitting facts to the Foreman server containing HTML can ...) - foreman (bug #663101) CVE-2017-15099 (INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before ...) {DSA-4028-1} @@ -6435,16 +6445,16 @@ NOTE: https://github.com/upx/upx/issues/128 NOTE: https://github.com/upx/upx/commit/ef336dbcc6dc8344482f8cf6c909ae96c3286317 NOTE: crash in CLI tool, no security impact -CVE-2017-15055 - RESERVED -CVE-2017-15054 - RESERVED -CVE-2017-15053 - RESERVED -CVE-2017-15052 - RESERVED -CVE-2017-15051 - RESERVED +CVE-2017-15055 (TeamPass before 2.1.27.9 does not properly enforce item access control ...) + TODO: check +CVE-2017-15054 (An arbitrary file upload vulnerability, present in TeamPass before ...) + TODO: check +CVE-2017-15053 (TeamPass before 2.1.27.9 does not properly enforce manager access ...) + TODO: check +CVE-2017-15052 (TeamPass before 2.1.27.9 does not properly enforce manager access ...) + TODO: check +CVE-2017-15051 (Multiple stored cross-site scripting (XSS) vulnerabilities in TeamPass ...) + TODO: check CVE-2017-15050 RESERVED CVE-2017-15049 @@ -7932,10 +7942,10 @@ NOT-FOR-US: Atlassian CVE-2017-14587 (The administration user
[Secure-testing-commits] r58047 - data/CVE
Author: sectracker Date: 2017-11-27 09:10:15 + (Mon, 27 Nov 2017) New Revision: 58047 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-27 06:38:47 UTC (rev 58046) +++ data/CVE/list 2017-11-27 09:10:15 UTC (rev 58047) @@ -1,3 +1,895 @@ +CVE-2018-0485 + RESERVED +CVE-2018-0484 + RESERVED +CVE-2018-0483 + RESERVED +CVE-2018-0482 + RESERVED +CVE-2018-0481 + RESERVED +CVE-2018-0480 + RESERVED +CVE-2018-0479 + RESERVED +CVE-2018-0478 + RESERVED +CVE-2018-0477 + RESERVED +CVE-2018-0476 + RESERVED +CVE-2018-0475 + RESERVED +CVE-2018-0474 + RESERVED +CVE-2018-0473 + RESERVED +CVE-2018-0472 + RESERVED +CVE-2018-0471 + RESERVED +CVE-2018-0470 + RESERVED +CVE-2018-0469 + RESERVED +CVE-2018-0468 + RESERVED +CVE-2018-0467 + RESERVED +CVE-2018-0466 + RESERVED +CVE-2018-0465 + RESERVED +CVE-2018-0464 + RESERVED +CVE-2018-0463 + RESERVED +CVE-2018-0462 + RESERVED +CVE-2018-0461 + RESERVED +CVE-2018-0460 + RESERVED +CVE-2018-0459 + RESERVED +CVE-2018-0458 + RESERVED +CVE-2018-0457 + RESERVED +CVE-2018-0456 + RESERVED +CVE-2018-0455 + RESERVED +CVE-2018-0454 + RESERVED +CVE-2018-0453 + RESERVED +CVE-2018-0452 + RESERVED +CVE-2018-0451 + RESERVED +CVE-2018-0450 + RESERVED +CVE-2018-0449 + RESERVED +CVE-2018-0448 + RESERVED +CVE-2018-0447 + RESERVED +CVE-2018-0446 + RESERVED +CVE-2018-0445 + RESERVED +CVE-2018-0444 + RESERVED +CVE-2018-0443 + RESERVED +CVE-2018-0442 + RESERVED +CVE-2018-0441 + RESERVED +CVE-2018-0440 + RESERVED +CVE-2018-0439 + RESERVED +CVE-2018-0438 + RESERVED +CVE-2018-0437 + RESERVED +CVE-2018-0436 + RESERVED +CVE-2018-0435 + RESERVED +CVE-2018-0434 + RESERVED +CVE-2018-0433 + RESERVED +CVE-2018-0432 + RESERVED +CVE-2018-0431 + RESERVED +CVE-2018-0430 + RESERVED +CVE-2018-0429 + RESERVED +CVE-2018-0428 + RESERVED +CVE-2018-0427 + RESERVED +CVE-2018-0426 + RESERVED +CVE-2018-0425 + RESERVED +CVE-2018-0424 + RESERVED +CVE-2018-0423 + RESERVED +CVE-2018-0422 + RESERVED +CVE-2018-0421 + RESERVED +CVE-2018-0420 + RESERVED +CVE-2018-0419 + RESERVED +CVE-2018-0418 + RESERVED +CVE-2018-0417 + RESERVED +CVE-2018-0416 + RESERVED +CVE-2018-0415 + RESERVED +CVE-2018-0414 + RESERVED +CVE-2018-0413 + RESERVED +CVE-2018-0412 + RESERVED +CVE-2018-0411 + RESERVED +CVE-2018-0410 + RESERVED +CVE-2018-0409 + RESERVED +CVE-2018-0408 + RESERVED +CVE-2018-0407 + RESERVED +CVE-2018-0406 + RESERVED +CVE-2018-0405 + RESERVED +CVE-2018-0404 + RESERVED +CVE-2018-0403 + RESERVED +CVE-2018-0402 + RESERVED +CVE-2018-0401 + RESERVED +CVE-2018-0400 + RESERVED +CVE-2018-0399 + RESERVED +CVE-2018-0398 + RESERVED +CVE-2018-0397 + RESERVED +CVE-2018-0396 + RESERVED +CVE-2018-0395 + RESERVED +CVE-2018-0394 + RESERVED +CVE-2018-0393 + RESERVED +CVE-2018-0392 + RESERVED +CVE-2018-0391 + RESERVED +CVE-2018-0390 + RESERVED +CVE-2018-0389 + RESERVED +CVE-2018-0388 + RESERVED +CVE-2018-0387 + RESERVED +CVE-2018-0386 + RESERVED +CVE-2018-0385 + RESERVED +CVE-2018-0384 + RESERVED +CVE-2018-0383 + RESERVED +CVE-2018-0382 + RESERVED +CVE-2018-0381 + RESERVED +CVE-2018-0380 + RESERVED +CVE-2018-0379 + RESERVED +CVE-2018-0378 + RESERVED +CVE-2018-0377 + RESERVED +CVE-2018-0376 + RESERVED +CVE-2018-0375 + RESERVED +CVE-2018-0374 + RESERVED +CVE-2018-0373 + RESERVED +CVE-2018-0372 + RESERVED +CVE-2018-0371 + RESERVED +CVE-2018-0370 + RESERVED +CVE-2018-0369 + RESERVED +CVE-2018-0368 + RESERVED +CVE-2018-0367 + RESERVED +CVE-2018-0366 + RESERVED +CVE-2018-0365 + RESERVED +CVE-2018-0364 + RESERVED +CVE-2018-0363 + RESERVED +CVE-2018-0362 + RESERVED +CVE-2018-0361 + RESERVED +CVE-2018-0360 + RESERVED +CVE-2018-0359 + RESERVED +CVE-2018-0358 + RESERVED +CVE-2018-0357 + RESERVED +CVE-2018-0356 + RESERVED +CVE-2018-0355 + RESERVED +CVE-2018-0354 + RESERVED +CVE-2018-0353 + RESERVED +CVE-2018-0352 + RESERVED +CVE-2018-0351 + RESERVED +CVE-2018-0350 + RESERVED +CVE-2018-0349 + RESERVED +CVE-2018-0348 + RESERVED +CVE-2018-0347 + RESERVED +CVE-2018-0346 + RESERVED +CVE-2018-0345 + RESERVED +CVE-2018-0344 + RESERVED +CVE-2018-0343 + RESERVED +CVE-2018-0342 + RESERVED +CVE-2018-0341 +
[Secure-testing-commits] r58040 - data/CVE
Author: sectracker Date: 2017-11-26 21:10:18 + (Sun, 26 Nov 2017) New Revision: 58040 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-26 20:38:31 UTC (rev 58039) +++ data/CVE/list 2017-11-26 21:10:18 UTC (rev 58040) @@ -1,3 +1,5 @@ +CVE-2017-16947 + RESERVED CVE-2017-16946 (The admin_edit function in app/Controller/UsersController.php in MISP ...) NOT-FOR-US: MISP CVE-2017-16945 @@ -6547,6 +6549,7 @@ CVE-2017-14732 RESERVED CVE-2017-14731 (ofx_proc_file in ofx_preproc.cpp in LibOFX 0.9.12 allows remote ...) + {DLA-1192-1} - libofx 1:0.9.11-5 (bug #877442) [stretch] - libofx (Minor issue) [jessie] - libofx (Minor issue) @@ -42810,6 +42813,7 @@ CVE-2017-2817 (A stack buffer overflow vulnerability exists in the ISO parsing ...) NOT-FOR-US: PowerISO CVE-2017-2816 (An exploitable buffer overflow vulnerability exists in the tag parsing ...) + {DLA-1192-1} - libofx 1:0.9.11-4 (bug #875801) [stretch] - libofx (Minor issue) [jessie] - libofx (Minor issue) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58026 - data/CVE
Author: sectracker Date: 2017-11-25 21:10:15 + (Sat, 25 Nov 2017) New Revision: 58026 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-25 18:17:17 UTC (rev 58025) +++ data/CVE/list 2017-11-25 21:10:15 UTC (rev 58026) @@ -1,11 +1,17 @@ -CVE-2017-16944 [Exim handles BDAT data incorrectly and leads to crash] +CVE-2017-16946 (The admin_edit function in app/Controller/UsersController.php in MISP ...) + TODO: check +CVE-2017-16945 + RESERVED +CVE-2017-16942 (In libsndfile 1.0.25 (fixed in 1.0.26), a divide-by-zero error exists ...) + TODO: check +CVE-2017-16944 (The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 ...) - exim4 (bug #882671) [jessie] - exim4 (ESMTP CHUNKING extension introduced in 4.88) [wheezy] - exim4 (ESMTP CHUNKING extension introduced in 4.88) NOTE: https://bugs.exim.org/show_bug.cgi?id=2201 NOTE: https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html NOTE: 4.89-10 adds a workaround which disables the affected code by default -CVE-2017-16943 [Exim use-after-free vulnerability while reading mail header] +CVE-2017-16943 (The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 ...) - exim4 (bug #882648) [jessie] - exim4 (ESMTP CHUNKING extension introduced in 4.88) [wheezy] - exim4 (ESMTP CHUNKING extension introduced in 4.88) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58010 - data/CVE
Author: sectracker Date: 2017-11-25 09:10:29 + (Sat, 25 Nov 2017) New Revision: 58010 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-25 08:27:24 UTC (rev 58009) +++ data/CVE/list 2017-11-25 09:10:29 UTC (rev 58010) @@ -1,3 +1,7 @@ +CVE-2017-16941 (** DISPUTED ** October CMS through 1.0.428 does not prevent use of ...) + TODO: check +CVE-2017-16940 + RESERVED CVE-2017-16939 (The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the ...) - linux 4.13.13-1 NOTE: Fixed by: https://git.kernel.org/linus/1137b5e2529a8f5ca8ee709288ecba3e68044df2 @@ -3528,6 +3532,7 @@ CVE-2017-15806 (The send function in the ezcMailMtaTransport class in Zeta Components ...) NOT-FOR-US: Zeta Components Mail CVE-2016-10516 (Cross-site scripting (XSS) vulnerability in the render_full function in ...) + {DLA-1191-1} - python-werkzeug 0.11.11+dfsg1-1 NOTE: http://blog.neargle.com/2016/09/21/flask-src-review-get-a-xss-from-debuger/ NOTE: https://github.com/pallets/werkzeug/pull/1001 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58004 - data/CVE
Author: sectracker Date: 2017-11-24 21:10:14 + (Fri, 24 Nov 2017) New Revision: 58004 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-24 21:08:51 UTC (rev 58003) +++ data/CVE/list 2017-11-24 21:10:14 UTC (rev 58004) @@ -1,4 +1,4 @@ -CVE-2017-16939 [ipsec: Fix aborted xfrm policy dump crash] +CVE-2017-16939 (The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the ...) - linux 4.13.13-1 NOTE: Fixed by: https://git.kernel.org/linus/1137b5e2529a8f5ca8ee709288ecba3e68044df2 CVE-2017-16938 (A global buffer overflow in OptiPNG 0.7.6 allows remote attackers to ...) @@ -402,6 +402,7 @@ CVE-2017-1000160 (EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting ...) NOT-FOR-US: EllisLab ExpressionEngine CVE-2017-1000158 (CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow ...) + {DLA-1190-1 DLA-1189-1} - python2.7 2.7.13-4 [stretch] - python2.7 (Minor issue) [jessie] - python2.7 (Minor issue) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57987 - data/CVE
Author: sectracker Date: 2017-11-24 09:10:15 + (Fri, 24 Nov 2017) New Revision: 57987 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-24 07:08:06 UTC (rev 57986) +++ data/CVE/list 2017-11-24 09:10:15 UTC (rev 57987) @@ -1,11 +1,25 @@ -CVE-2017-16932 +CVE-2017-16938 (A global buffer overflow in OptiPNG 0.7.6 allows remote attackers to ...) + TODO: check +CVE-2017-16937 + RESERVED +CVE-2017-16936 (Directory Traversal vulnerability in app_data_center on Shenzhen Tenda ...) + TODO: check +CVE-2017-16935 (Ametys before 4.0.3 requires authentication only for URIs containing a ...) + TODO: check +CVE-2017-16934 (The web server on DBL DBLTek devices allows remote attackers to execute ...) + TODO: check +CVE-2017-16933 (etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.0 has a chown ...) + TODO: check +CVE-2016-10700 (auth_login.php in Cacti before 1.0.0 allows remote authenticated users ...) + TODO: check +CVE-2017-16932 (parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in ...) - libxml2 NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=759579 NOTE: https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961 -CVE-2017-16931 +CVE-2017-16931 (parser.c in libxml2 before 2.9.5 mishandles parameter-entity references ...) - libxml2 2.9.4+dfsg1-3.1 -[stretch] - libxml2 2.9.4+dfsg1-2.2+deb9u1 -[jessie] - libxml2 2.9.1+dfsg1-5+deb8u5 + [stretch] - libxml2 2.9.4+dfsg1-2.2+deb9u1 + [jessie] - libxml2 2.9.1+dfsg1-5+deb8u5 NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=766956 NOTE: https://github.com/GNOME/libxml2/commit/e26630548e7d138d2c560844c43820b6767251e3 NOTE: Not a duplicate but a variant of the issue of CVE-2017-9049 and CVE-2017-9050 @@ -1063,6 +1077,7 @@ CVE-2017-16665 (RemObjects Remoting SDK 9 1.0.0.0 for Delphi is vulnerable to a ...) NOT-FOR-US: RemObjects Remoting SDK CVE-2017-16664 (Code injection exists in Kernel/System/Spelling.pm in Open Ticket ...) + {DSA-4047-1} - otrs2 5.0.24-1 (bug #882370) NOTE: https://www.otrs.com/security-advisory-2017-07-security-update-otrs-framework/ NOTE: OTRS 5: https://github.com/OTRS/otrs/commit/4c36932d0c42343f21246a107e17a2ebbd9c2c7d @@ -9548,14 +9563,14 @@ NOT-FOR-US: Moxa CVE-2017-13702 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. ...) NOT-FOR-US: Moxa -CVE-2017-13701 - RESERVED +CVE-2017-13701 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. ...) + TODO: check CVE-2017-13700 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. ...) NOT-FOR-US: Moxa -CVE-2017-13699 - RESERVED -CVE-2017-13698 - RESERVED +CVE-2017-13699 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. ...) + TODO: check +CVE-2017-13698 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. ...) + TODO: check CVE-2017-13697 (controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to ...) NOT-FOR-US: FineCMS CVE-2017-13696 @@ -19600,7 +19615,7 @@ CVE-2017-10389 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle ...) NOT-FOR-US: Oracle CVE-2017-10388 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...) - {DSA-4015-1 DLA-1187-1} + {DSA-4048-1 DSA-4015-1 DLA-1187-1} - openjdk-9 9.0.1+11-1 - openjdk-8 8u151-b12-1 [experimental] - openjdk-7 7u151-2.6.11-2 @@ -19685,7 +19700,7 @@ CVE-2017-10358 (Vulnerability in the Oracle Hyperion Financial Reporting component of ...) NOT-FOR-US: Oracle CVE-2017-10357 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...) - {DSA-4015-1 DLA-1187-1} + {DSA-4048-1 DSA-4015-1 DLA-1187-1} - openjdk-9 9.0.1+11-1 - openjdk-8 8u151-b12-1 [experimental] - openjdk-7 7u151-2.6.11-2 @@ -19693,7 +19708,7 @@ - openjdk-6 [wheezy] - openjdk-6 CVE-2017-10356 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...) - {DSA-4015-1 DLA-1187-1} + {DSA-4048-1 DSA-4015-1 DLA-1187-1} - openjdk-9 9.0.1+11-1 - openjdk-8 8u151-b12-1 [experimental] - openjdk-7 7u151-2.6.11-2 @@ -19701,7 +19716,7 @@ - openjdk-6 [wheezy] - openjdk-6 CVE-2017-10355 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...) - {DSA-4015-1 DLA-1187-1} + {DSA-4048-1 DSA-4015-1 DLA-1187-1} - openjdk-9 9.0.1+11-1 - openjdk-8 8u151-b12-1 [experimental] - openjdk-7 7u151-2.6.11-2 @@ -19717,13 +19732,13 @@ CVE-2017-10351 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of
[Secure-testing-commits] r57979 - data/CVE
Author: sectracker Date: 2017-11-23 21:10:12 + (Thu, 23 Nov 2017) New Revision: 57979 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-23 21:03:31 UTC (rev 57978) +++ data/CVE/list 2017-11-23 21:10:12 UTC (rev 57979) @@ -1,3 +1,7 @@ +CVE-2017-16930 + RESERVED +CVE-2017-16929 + RESERVED CVE-2017-16928 RESERVED CVE-2017-16927 (The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session ...) @@ -5321,8 +5325,7 @@ RESERVED CVE-2017-15089 RESERVED -CVE-2017-15088 - RESERVED +CVE-2017-15088 (plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka ...) - krb5 1.15.2-2 (unimportant; bug #871698) NOTE: https://github.com/krb5/krb5/pull/707 NOTE: Fixed by: https://github.com/krb5/krb5/commit/fbb687db1088ddd894d975996e5f6a4252b9a2b4 @@ -19582,7 +19585,7 @@ CVE-2017-10389 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle ...) NOT-FOR-US: Oracle CVE-2017-10388 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...) - {DSA-4015-1} + {DSA-4015-1 DLA-1187-1} - openjdk-9 9.0.1+11-1 - openjdk-8 8u151-b12-1 [experimental] - openjdk-7 7u151-2.6.11-2 @@ -19667,7 +19670,7 @@ CVE-2017-10358 (Vulnerability in the Oracle Hyperion Financial Reporting component of ...) NOT-FOR-US: Oracle CVE-2017-10357 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...) - {DSA-4015-1} + {DSA-4015-1 DLA-1187-1} - openjdk-9 9.0.1+11-1 - openjdk-8 8u151-b12-1 [experimental] - openjdk-7 7u151-2.6.11-2 @@ -19675,7 +19678,7 @@ - openjdk-6 [wheezy] - openjdk-6 CVE-2017-10356 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...) - {DSA-4015-1} + {DSA-4015-1 DLA-1187-1} - openjdk-9 9.0.1+11-1 - openjdk-8 8u151-b12-1 [experimental] - openjdk-7 7u151-2.6.11-2 @@ -19683,7 +19686,7 @@ - openjdk-6 [wheezy] - openjdk-6 CVE-2017-10355 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...) - {DSA-4015-1} + {DSA-4015-1 DLA-1187-1} - openjdk-9 9.0.1+11-1 - openjdk-8 8u151-b12-1 [experimental] - openjdk-7 7u151-2.6.11-2 @@ -19699,13 +19702,13 @@ CVE-2017-10351 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of ...) NOT-FOR-US: Oracle CVE-2017-10350 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...) - {DSA-4015-1} + {DSA-4015-1 DLA-1187-1} - openjdk-9 9.0.1+11-1 - openjdk-8 8u151-b12-1 [experimental] - openjdk-7 7u151-2.6.11-2 - openjdk-7 CVE-2017-10349 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...) - {DSA-4015-1} + {DSA-4015-1 DLA-1187-1} - openjdk-9 9.0.1+11-1 - openjdk-8 8u151-b12-1 [experimental] - openjdk-7 7u151-2.6.11-2 @@ -19713,7 +19716,7 @@ - openjdk-6 [wheezy] - openjdk-6 CVE-2017-10348 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...) - {DSA-4015-1} + {DSA-4015-1 DLA-1187-1} - openjdk-9 9.0.1+11-1 - openjdk-8 8u151-b12-1 [experimental] - openjdk-7 7u151-2.6.11-2 @@ -19721,7 +19724,7 @@ - openjdk-6 [wheezy] - openjdk-6 CVE-2017-10347 (Vulnerability in the Java SE, JRockit component of Oracle Java SE ...) - {DSA-4015-1} + {DSA-4015-1 DLA-1187-1} - openjdk-9 9.0.1+11-1 - openjdk-8 8u151-b12-1 [experimental] - openjdk-7 7u151-2.6.11-2 @@ -19729,7 +19732,7 @@ - openjdk-6 [wheezy] - openjdk-6 CVE-2017-10346 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...) - {DSA-4015-1} + {DSA-4015-1 DLA-1187-1} - openjdk-9 9.0.1+11-1 - openjdk-8 8u151-b12-1 [experimental] - openjdk-7 7u151-2.6.11-2 @@ -19737,7 +19740,7 @@ - openjdk-6 [wheezy] - openjdk-6 CVE-2017-10345 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...) - {DSA-4015-1} + {DSA-4015-1 DLA-1187-1} - openjdk-9 9.0.1+11-1 - openjdk-8 8u151-b12-1 [experimental] - openjdk-7 7u151-2.6.11-2 @@ -19854,7 +19857,7 @@ - mysql-5.5 (Only affects MySQL 5.7) NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL CVE-2017-10295 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...) - {DSA-4015-1} + {DSA-4015-1 DLA-1187-1} - openjdk-9 9.0.1+11-1 - openjdk-8 8u151-b12-1 [experimental] - openjdk-7 7u151-2.6.11-2 @@ -19886,7 +19889,7 @@ - mysql-5.5 (Only affects MySQL 5.6 and 5.7) NOTE:
[Secure-testing-commits] r57947 - data/CVE
Author: sectracker Date: 2017-11-23 09:10:18 + (Thu, 23 Nov 2017) New Revision: 57947 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-23 09:03:06 UTC (rev 57946) +++ data/CVE/list 2017-11-23 09:10:18 UTC (rev 57947) @@ -1,4 +1,6 @@ -CVE-2017-16927 [buffer oveflow in scp_v0s_accept function] +CVE-2017-16928 + RESERVED +CVE-2017-16927 (The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session ...) - xrdp (bug #882463) NOTE: Proposed pull request: https://github.com/neutrinolabs/xrdp/pull/958 NOTE: https://groups.google.com/forum/#!topic/xrdp-devel/PmVfMuy_xBA @@ -179,8 +181,8 @@ - exiv2 NOTE: http://www.openwall.com/lists/oss-security/2017/06/30/1 NOTE: Can't seem to reproduce this in wheezy. -CVE-2017-16879 - RESERVED +CVE-2017-16879 (Stack-based buffer overflow in the _nc_write_entry function in ...) + TODO: check CVE-2017-16878 RESERVED CVE-2017-16877 (ZEIT Next.js before 2.4.1 has directory traversal under the /_next and ...) @@ -9407,7 +9409,7 @@ CVE-2017-13724 (On the Axesstel MU553S MU55XS-V1.14, there is a Stored Cross Site ...) NOT-FOR-US: Axesstel MU553S MU55XS-V1.14 CVE-2017-13723 (In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local ...) - {DSA-4000-1} + {DSA-4000-1 DLA-1186-1} - xorg-server 2:1.19.4-1 NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=94f11ca5cf011ef123bd222cabeaef6f424d76ac NOTE: This is in libxkbfile in wheezy @@ -13882,7 +13884,7 @@ NOTE: https://www.spinics.net/lists/kvm/msg156651.html CVE-2017-12187 RESERVED - {DSA-4000-1} + {DSA-4000-1 DLA-1186-1} - xorg-server 2:1.19.5-1 NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e CVE-2017-12186 @@ -13893,22 +13895,22 @@ NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e CVE-2017-12185 RESERVED - {DSA-4000-1} + {DSA-4000-1 DLA-1186-1} - xorg-server 2:1.19.5-1 NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e CVE-2017-12184 [Unvalidated lengths] RESERVED - {DSA-4000-1} + {DSA-4000-1 DLA-1186-1} - xorg-server 2:1.19.5-1 NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e CVE-2017-12183 [xfixes: unvalidated lengths] RESERVED - {DSA-4000-1} + {DSA-4000-1 DLA-1186-1} - xorg-server 2:1.19.5-1 NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=55caa8b08c84af2b50fbc936cf334a5a93dd7db5 CVE-2017-12182 [hw/xfree86: unvalidated lengths] RESERVED - {DSA-4000-1} + {DSA-4000-1 DLA-1186-1} - xorg-server 2:1.19.5-1 NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=1b1d4c04695dced2463404174b50b3581dbd857b CVE-2017-12181 [hw/xfree86: unvalidated lengths] @@ -13919,7 +13921,7 @@ NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=1b1d4c04695dced2463404174b50b3581dbd857b CVE-2017-12180 [hw/xfree86: unvalidated lengths] RESERVED - {DSA-4000-1} + {DSA-4000-1 DLA-1186-1} - xorg-server 2:1.19.5-1 NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=1b1d4c04695dced2463404174b50b3581dbd857b CVE-2017-12179 [Xi: integer overflow and unvalidated length in (S)ProcXIBarrierReleasePointer] @@ -13929,17 +13931,17 @@ [wheezy] - xorg-server (Vulnerable code introduced later) CVE-2017-12178 [Xi: fix wrong extra length check in ProcXIChangeHierarchy] RESERVED - {DSA-4000-1} + {DSA-4000-1 DLA-1186-1} - xorg-server 2:1.19.5-1 NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=859b08d523307eebde7724fd1a0789c44813e821 CVE-2017-12177 [dbe: Unvalidated variable-length request in ProcDbeGetVisualInfo] RESERVED - {DSA-4000-1} + {DSA-4000-1 DLA-1186-1} - xorg-server 2:1.19.5-1 NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=4ca68b878e851e2136c234f40a25008297d8d831 CVE-2017-12176 [Unvalidated extra length in ProcEstablishConnection] RESERVED - {DSA-4000-1} + {DSA-4000-1 DLA-1186-1} - xorg-server 2:1.19.5-1 NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=b747da5e25be944337a9cd1415506fc06b70aa81 CVE-2017-12175 @@ -13955,8 +13957,7 @@ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1498173 NOTE: Fixed by: https://pagure.io/SSSD/sssd/c/1f2662c8f97c9c0fa250055d4b6750abfc6d0835 NOTE: Introduced by https://pagure.io/SSSD/sssd/c/7ecb5aea65cb1899f16e7a41bffa93d074defd4a (sssd-1_12_0) -CVE-2017-12172 - RESERVED +CVE-2017-12172
[Secure-testing-commits] r57939 - data/CVE
Author: sectracker Date: 2017-11-22 21:10:15 + (Wed, 22 Nov 2017) New Revision: 57939 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-22 20:57:18 UTC (rev 57938) +++ data/CVE/list 2017-11-22 21:10:15 UTC (rev 57939) @@ -1047,6 +1047,7 @@ NOTE: https://github.com/bit-team/backintime/issues/834 NOTE: https://github.com/bit-team/backintime/commit/cef81d0da93ff601252607df3db1a48f7f6f01b3 CVE-2017-16663 (In sam2p 0.49.4, there are integer overflows (with resultant heap-based ...) + {DLA-1185-1} - sam2p NOTE: https://github.com/pts/sam2p/issues/16 CVE-2017-16662 @@ -4059,8 +4060,8 @@ RESERVED CVE-2017-15529 RESERVED -CVE-2017-15528 - RESERVED +CVE-2017-15528 (Prior to v 7.6, the Install Norton Security (INS) product can be ...) + TODO: check CVE-2017-15527 (Prior to ITMS 8.1 RU4, the Symantec Management Console can be ...) NOT-FOR-US: Symantec CVE-2017-15526 (Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be ...) @@ -5248,15 +5249,13 @@ CVE-2017-15100 RESERVED - foreman (bug #663101) -CVE-2017-15099 - RESERVED +CVE-2017-15099 (INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before ...) {DSA-4028-1} - postgresql-10 10.1-1 - postgresql-9.6 - postgresql-9.4 (ON CONFLICT DO UPDATE and RLS introduced in 9.5) - postgresql-9.1 (ON CONFLICT DO UPDATE and RLS introduced in 9.5) -CVE-2017-15098 - RESERVED +CVE-2017-15098 (Invalid json_populate_recordset or jsonb_populate_recordset function ...) {DSA-4028-1 DSA-4027-1} - postgresql-10 10.1-1 - postgresql-9.6 @@ -10857,8 +10856,8 @@ RESERVED CVE-2017-13072 RESERVED -CVE-2017-13071 - RESERVED +CVE-2017-13071 (QNAP has already patched this vulnerability. This security concern ...) + TODO: check CVE-2017-13070 RESERVED CVE-2017-13069 (QNAP discovered a number of command injection vulnerabilities found in ...) @@ -13848,8 +13847,7 @@ RESERVED CVE-2017-12194 RESERVED -CVE-2017-12193 - RESERVED +CVE-2017-12193 (The assoc_array_insert_into_terminal_node function in lib/assoc_array.c ...) - linux 4.13.13-1 [wheezy] - linux (Vulnerable code introduced in 3.13-rc1) NOTE: Fixed by: https://git.kernel.org/linus/ea6789980fdaa610d7eb63602c746bf6ec70cd2b (4.14-rc7) @@ -13861,8 +13859,7 @@ NOTE: Introduced by: https://git.kernel.org/linus/61ea0c0ba904a55f55317d850c1072ff7835ac92 (3.13-rc1) CVE-2017-12191 RESERVED -CVE-2017-12190 [memory leak when merging buffers in SCSI IO vectors] - RESERVED +CVE-2017-12190 (The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the ...) - linux 4.13.10-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1495089 CVE-2017-12189 @@ -25984,7 +25981,7 @@ RESERVED CVE-2017-8028 RESERVED - {DLA-1180-1} + {DSA-4046-1 DLA-1180-1} - libspring-ldap-java NOTE: https://pivotal.io/security/cve-2017-8028 NOTE: https://github.com/spring-projects/spring-ldap/issues/430 @@ -27240,8 +27237,8 @@ RESERVED CVE-2017-7737 (An information disclosure vulnerability in Fortinet FortiWeb 5.8.2 and ...) NOT-FOR-US: Fortinet -CVE-2017-7736 - RESERVED +CVE-2017-7736 (A stored Cross-site Scripting (XSS) vulnerability in Fortinet FortiWeb ...) + TODO: check CVE-2017-7735 (A Cross-Site Scripting vulnerability in Fortinet FortiOS versions ...) NOT-FOR-US: Fortinet FortiOS CVE-2017-7734 (A Cross-Site Scripting vulnerability in Fortinet FortiOS versions ...) @@ -32364,8 +32361,8 @@ NOT-FOR-US: F5 BIG-IP CVE-2017-6167 RESERVED -CVE-2017-6166 - RESERVED +CVE-2017-6166 (In BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, ...) + TODO: check CVE-2017-6165 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link ...) NOT-FOR-US: F5 BIG-IP CVE-2017-6164 @@ -52120,7 +52117,7 @@ CVE-2016-8642 (In Moodle 2.x and 3.x, the question engine allows access to files that ...) - moodle 2.7.17+dfsg-1 NOTE: https://moodle.org/mod/forum/discuss.php?d=343275 -CVE-2016-10089 (Nagios 4.2.4 and earlier allows local users to gain root privileges ...) +CVE-2016-10089 (Nagios 4.3.2 and earlier allows local users to gain root privileges ...) - nagios3 (Vulnerable code not present) NOTE: Flaw in upstream damon-init.in. Debian package installs an own init-skript. CVE-2016-8641 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57923 - data/CVE
Author: sectracker Date: 2017-11-22 09:10:22 + (Wed, 22 Nov 2017) New Revision: 57923 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-22 08:33:10 UTC (rev 57922) +++ data/CVE/list 2017-11-22 09:10:22 UTC (rev 57923) @@ -1,3 +1,5 @@ +CVE-2017-16926 (Ohcount 3.0.0 is prone to a command injection via specially crafted ...) + TODO: check CVE-2017- [Command injection through file names] - ohcount (bug #882372) CVE-2017-16925 @@ -18241,6 +18243,7 @@ CVE-2017-10700 (In the medialibrary component in QNAP NAS 4.3.3.0229, an ...) NOT-FOR-US: QNAP CVE-2017-10699 (avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before ...) + {DSA-4045-1} - vlc 2.2.6-3 [wheezy] - vlc (Not supported in wheezy LTS) NOTE: http://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=6cc73bcad19da2cd2e95671173f2e0d203a57e9b @@ -22395,6 +22398,7 @@ - vlc 2.2.5.1-1 [wheezy] - vlc (Not supported in wheezy LTS) CVE-2017-9300 (plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 ...) + {DSA-4045-1} - vlc 2.2.6-3 [wheezy] - vlc (Not supported in wheezy LTS) NOTE: https://git.videolan.org/?p=vlc/vlc-2.2.git;a=commit;h=55a82442cfea9dab8b853f3a4610f2880c5fadf3 @@ -23757,16 +23761,16 @@ RESERVED CVE-2017-8865 RESERVED -CVE-2017-8864 - RESERVED -CVE-2017-8863 - RESERVED -CVE-2017-8862 - RESERVED -CVE-2017-8861 - RESERVED -CVE-2017-8860 - RESERVED +CVE-2017-8864 (Client-side enforcement using JavaScript of server-side security ...) + TODO: check +CVE-2017-8863 (Information disclosure of .esp source code on the Cohu 3960 allows an ...) + TODO: check +CVE-2017-8862 (The webupgrade function on the Cohu 3960HD does not verify the firmware ...) + TODO: check +CVE-2017-8861 (Missing authentication for the remote configuration port 1236/tcp on ...) + TODO: check +CVE-2017-8860 (Information disclosure through directory listing on the Cohu 3960HD ...) + TODO: check CVE-2017-8859 (In Veritas NetBackup Appliance 3.0 and earlier, unauthenticated users ...) NOT-FOR-US: Veritas NetBackup CVE-2017-8858 (In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57910 - data/CVE
Author: sectracker Date: 2017-11-21 21:10:13 + (Tue, 21 Nov 2017) New Revision: 57910 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-21 20:59:05 UTC (rev 57909) +++ data/CVE/list 2017-11-21 21:10:13 UTC (rev 57910) @@ -1,3 +1,15 @@ +CVE-2017-16925 + RESERVED +CVE-2017-16924 + RESERVED +CVE-2017-16923 (Command Injection vulnerability in app_data_center on Shenzhen Tenda ...) + TODO: check +CVE-2017-16922 + RESERVED +CVE-2017-16921 + RESERVED +CVE-2017-16920 (v5/config/system.php in dayrui FineCms 5.2.0 has a default SYS_KEY ...) + TODO: check CVE-2017-16919 (MapOS 3.1.11 and earlier has a Stored Cross-site Scripting (XSS) ...) NOT-FOR-US: MapOS CVE-2017-16918 @@ -180,7 +192,7 @@ - xrootd (bug #687222) CVE-2017-1000212 (Elixir's vim plugin, alchemist.vim is vulnerable to remote code ...) NOT-FOR-US: Elixir's vim plugin -CVE-2017-1000211 (Lynx version 2.8.8 and older is vulnerable to a use after free in the ...) +CVE-2017-1000211 (Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML ...) {DLA-1175-1} - lynx 2.8.9dev16-1 - lynx-cur @@ -260,6 +272,7 @@ NOTE: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1256 NOTE: https://git.nlnetlabs.nl/ldns/commit/?id=c8391790c96d4c8a2c10f9ab1460fda83b509fc2 CVE-2017-1000229 (Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 ...) + {DLA-1184-1} - optipng (bug #882032) NOTE: https://sourceforge.net/p/optipng/bugs/65/ NOTE: Proposed patch: https://sourceforge.net/p/optipng/bugs/_discuss/thread/2a56b3aa/f6bb/attachment/0001-Prevent-integer-overflow-bug-65-CVE-2017-1000229.patch @@ -1012,8 +1025,7 @@ RESERVED CVE-2017-16665 (RemObjects Remoting SDK 9 1.0.0.0 for Delphi is vulnerable to a ...) NOT-FOR-US: RemObjects Remoting SDK -CVE-2017-16664 [OSA-2017-07] - RESERVED +CVE-2017-16664 (Code injection exists in Kernel/System/Spelling.pm in Open Ticket ...) - otrs2 (bug #882370) NOTE: https://www.otrs.com/security-advisory-2017-07-security-update-otrs-framework/ NOTE: OTRS 5: https://github.com/OTRS/otrs/commit/4c36932d0c42343f21246a107e17a2ebbd9c2c7d @@ -1168,8 +1180,8 @@ NOT-FOR-US: MLAlchemy CVE-2017-16614 RESERVED -CVE-2017-16613 [Swift object/proxy server writing swauth Auth Token to log file] - RESERVED +CVE-2017-16613 (An issue was discovered in middleware.py in OpenStack Swauth through ...) + {DSA-4044-1} - swauth 1.2.0-4 (bug #882314) NOTE: https://bugs.launchpad.net/swift/+bug/1655781 CVE-2017-16612 @@ -4755,6 +4767,7 @@ NOT-FOR-US: OpenText Documentum Content Server CVE-2017-15275 [Server heap memory information leak] RESERVED + {DSA-4043-1 DLA-1183-1} - samba 2:4.7.1+dfsg-2 NOTE: https://www.samba.org/samba/security/CVE-2017-15275.html CVE-2017-15274 (security/keys/keyctl.c in the Linux kernel before 4.11.5 does not ...) @@ -5412,8 +5425,8 @@ NOTE: Starting with 3.99.5+repack1-8 libsndfile is used to read the input file, marking that as the fixed NOTE: version, although the internal lame code was only fixed in 3.100 (strictly speaking that would be NOTE: severity:unimportant for stretch onwards, but we don't have suite-specific severity annotations -CVE-2017-15044 - RESERVED +CVE-2017-15044 (The default installation of DocuWare Fulltext Search server through ...) + TODO: check CVE-2017-15043 RESERVED CVE-2017-15042 (An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x ...) @@ -6344,6 +6357,7 @@ RESERVED CVE-2017-14746 [Use-after-free vulnerability] RESERVED + {DSA-4043-1} - samba 2:4.7.1+dfsg-2 [wheezy] - samba (Issue introduced in 4.0.0) NOTE: https://www.samba.org/samba/security/CVE-2017-14746.html @@ -27804,8 +27818,7 @@ CVE-2017-7551 (389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to ...) - 389-ds-base 1.3.6.7-1 (bug #870752) NOTE: https://pagure.io/389-ds-base/issue/49336 -CVE-2017-7550 - RESERVED +CVE-2017-7550 (A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x ...) - ansible (unimportant) NOTE: Just an insecure example CVE-2017-7549 (A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat ...) @@ -33514,8 +33527,8 @@ RESERVED CVE-2017-5730 RESERVED -CVE-2017-5729 - RESERVED +CVE-2017-5729 (Frame replay vulnerability in Wi-Fi subsystem in Intel Dual-Band and ...) + TODO: check CVE-2017-5728 RESERVED CVE-2017-5727 @@ -33534,8 +33547,8 @@ NOT-FOR-US: Intel CVE-2017-5720 RESERVED -CVE-2017-5719 - RESERVED +CVE-2017-5719 (A vulnerability in the
[Secure-testing-commits] r57884 - data/CVE
Author: sectracker Date: 2017-11-21 09:10:26 + (Tue, 21 Nov 2017) New Revision: 57884 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-21 01:55:04 UTC (rev 57883) +++ data/CVE/list 2017-11-21 09:10:26 UTC (rev 57884) @@ -1,3 +1,25 @@ +CVE-2017-16919 (MapOS 3.1.11 and earlier has a Stored Cross-site Scripting (XSS) ...) + TODO: check +CVE-2017-16918 + RESERVED +CVE-2017-16917 + RESERVED +CVE-2017-16916 + RESERVED +CVE-2017-16915 + RESERVED +CVE-2017-16914 + RESERVED +CVE-2017-16913 + RESERVED +CVE-2017-16912 + RESERVED +CVE-2017-16911 + RESERVED +CVE-2017-16910 + RESERVED +CVE-2017-16909 + RESERVED CVE-2017-16908 (In Horde Groupware 5.2.19, there is XSS via the Name field during ...) - php-horde NOTE: http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html @@ -233,6 +255,7 @@ NOTE: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1257 NOTE: https://git.nlnetlabs.nl/ldns/commit/?id=3bdeed02505c9bbacb3b64a97ddcb1de967153b7 CVE-2017-1000231 (A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified ...) + {DLA-1182-1} - ldns (bug #882015) NOTE: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1256 NOTE: https://git.nlnetlabs.nl/ldns/commit/?id=c8391790c96d4c8a2c10f9ab1460fda83b509fc2 @@ -539,8 +562,8 @@ NOT-FOR-US: Yoast SEO plugin for WordPress CVE-2017-16841 (LanSweeper 6.0.100.75 has XSS via the description parameter to ...) NOT-FOR-US: LanSweeper -CVE-2017-16840 - RESERVED +CVE-2017-16840 (The VC-2 Video Compression encoder in FFmpeg 3.4 allows remote ...) + TODO: check CVE-2017-16839 RESERVED CVE-2017-16838 @@ -2006,7 +2029,7 @@ RESERVED CVE-2017-16250 RESERVED -CVE-2017-16249 (The Debut embedded http server 1.20 contains a remotely exploitable ...) +CVE-2017-16249 (The Debut embedded http server contains a remotely exploitable denial ...) NOT-FOR-US: Debut embedded http server CVE-2017-16247 RESERVED @@ -14103,10 +14126,10 @@ RESERVED CVE-2017-12112 RESERVED -CVE-2017-12111 - RESERVED -CVE-2017-12110 - RESERVED +CVE-2017-12111 (An exploitable out-of-bounds vulnerability exists in the xls_addCell ...) + TODO: check +CVE-2017-12110 (An exploitable integer overflow vulnerability exists in the ...) + TODO: check CVE-2017-12109 RESERVED CVE-2017-12108 @@ -42330,8 +42353,8 @@ TODO: check smplayer, embeds it CVE-2017-2920 (An memory corruption vulnerability exists in the .SVG parsing ...) NOT-FOR-US: Computerinsel Photoline -CVE-2017-2919 - RESERVED +CVE-2017-2919 (An exploitable stack based buffer overflow vulnerability exists in the ...) + TODO: check CVE-2017-2918 RESERVED CVE-2017-2917 (An exploitable vulnerability exists in the notifications functionality ...) @@ -42375,10 +42398,10 @@ RESERVED CVE-2017-2898 (An exploitable vulnerability exists in the signature verification of ...) NOT-FOR-US: Circle with Disney -CVE-2017-2897 - RESERVED -CVE-2017-2896 - RESERVED +CVE-2017-2897 (An exploitable out-of-bounds write vulnerability exists in the ...) + TODO: check +CVE-2017-2896 (An exploitable out-of-bounds write vulnerability exists in the ...) + TODO: check CVE-2017-2895 (An exploitable arbitrary memory read vulnerability exists in the MQTT ...) NOT-FOR-US: Cesanta Mongoose TODO: check smplayer, embeds it ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57868 - data/CVE
Author: sectracker Date: 2017-11-20 21:10:13 + (Mon, 20 Nov 2017) New Revision: 57868 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-20 20:59:32 UTC (rev 57867) +++ data/CVE/list 2017-11-20 21:10:13 UTC (rev 57868) @@ -1,3 +1,31 @@ +CVE-2017-16908 (In Horde Groupware 5.2.19, there is XSS via the Name field during ...) + TODO: check +CVE-2017-16907 (In Horde Groupware 5.2.19, there is XSS via the Color field in a Create ...) + TODO: check +CVE-2017-16906 (In Horde Groupware 5.2.19, there is XSS via the URL field in a ...) + TODO: check +CVE-2017-16905 + RESERVED +CVE-2017-16904 (The Public tologin feature in admin.php in LvyeCMS through 3.1 allows ...) + TODO: check +CVE-2017-16903 (LvyeCMS through 3.1 allows remote attackers to upload and execute ...) + TODO: check +CVE-2017-16902 (On the Vonage VDV-23 115 3.2.11-0.9.40 home router, sending a long ...) + TODO: check +CVE-2017-16901 + RESERVED +CVE-2017-16900 + RESERVED +CVE-2017-16899 (An array index error in the fig2dev program in Xfig 3.2.6a allows ...) + TODO: check +CVE-2017-16898 (The printMP3Headers function in util/listmp3.c in libming v0.4.8 or ...) + TODO: check +CVE-2017-16897 + RESERVED +CVE-2017-16896 (A SQL injection in classes/handler/public.php in the forgotpass ...) + TODO: check +CVE-2017-16895 + RESERVED CVE-2017-16894 (In Laravel framework through 5.5.21, remote attackers can obtain ...) TODO: check CVE-2017-16893 @@ -1249,8 +1277,7 @@ NOTE: The wheezy version gives an assert before the vulnerability can be triggered. Due to this NOTE: the severity of the wheezy version is low even though the vulnerable code is still present. NOTE: The patch is trivial so it may be worth fixing in combination with some other fix. -CVE-2017-16544 [missing terminal escape sequence filtering in autocompletion] - RESERVED +CVE-2017-16544 (In the add_match function in libbb/lineedit.c in BusyBox through ...) - busybox (bug #882258) [stretch] - busybox (Minor issue, can be fixed via point release) [jessie] - busybox (Minor issue, can be fixed via point release) @@ -3954,8 +3981,8 @@ RESERVED CVE-2017-15528 RESERVED -CVE-2017-15527 - RESERVED +CVE-2017-15527 (Prior to ITMS 8.1 RU4, the Symantec Management Console can be ...) + TODO: check CVE-2017-15526 (Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be ...) NOT-FOR-US: Symantec CVE-2017-15525 (Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be ...) @@ -4595,18 +4622,23 @@ [wheezy] - xen (minor issue) NOTE: https://xenbits.xen.org/xsa/advisory-244.html CVE-2017-15592 (An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS ...) + {DLA-1181-1} - xen NOTE: https://xenbits.xen.org/xsa/advisory-243.html CVE-2017-15593 (An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS ...) + {DLA-1181-1} - xen NOTE: https://xenbits.xen.org/xsa/advisory-242.html CVE-2017-15588 (An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS ...) + {DLA-1181-1} - xen NOTE: https://xenbits.xen.org/xsa/advisory-241.html CVE-2017-15595 (An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS ...) + {DLA-1181-1} - xen NOTE: https://xenbits.xen.org/xsa/advisory-240.html CVE-2017-15589 (An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS ...) + {DLA-1181-1} - xen NOTE: https://xenbits.xen.org/xsa/advisory-239.html CVE-2017-15591 (An issue was discovered in Xen 4.5.x through 4.9.x allowing attackers ...) @@ -5102,8 +5134,8 @@ RESERVED CVE-2017-15111 RESERVED -CVE-2017-15110 - RESERVED +CVE-2017-15110 (In Moodle 3.x, students can find out email addresses of other students ...) + TODO: check CVE-2017-15109 RESERVED CVE-2017-15108 @@ -12705,15 +12737,13 @@ RESERVED CVE-2017-12609 RESERVED -CVE-2017-12608 - RESERVED +CVE-2017-12608 (A vulnerability in Apache OpenOffice Writer DOC file parser before ...) {DSA-4022-1} - libreoffice 1:5.0.2-1 NOTE: https://www.talosintelligence.com/reports/TALOS-2017-0301 NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2017-12608 NOTE: https://gerrit.libreoffice.org/gitweb?p=core.git;a=commitdiff_plain;h=42a709d1ef647aab9a1c9422b4e25ecaee857aba -CVE-2017-12607 - RESERVED +CVE-2017-12607 (A vulnerability in OpenOffice's PPT file parser before 4.1.4, and ...) {DSA-4022-1} - libreoffice 1:5.0.2-1 NOTE: https://www.talosintelligence.com/reports/TALOS-2017-0300 @@ -16042,12 +16072,12 @@
[Secure-testing-commits] r57843 - data/CVE
Author: sectracker Date: 2017-11-20 09:10:15 + (Mon, 20 Nov 2017) New Revision: 57843 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-20 05:59:51 UTC (rev 57842) +++ data/CVE/list 2017-11-20 09:10:15 UTC (rev 57843) @@ -1,3 +1,5 @@ +CVE-2017-16894 (In Laravel framework through 5.5.21, remote attackers can obtain ...) + TODO: check CVE-2017-16893 RESERVED CVE-2017-16892 (In Bftpd before 4.7, there is a memory leak in the file rename ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57840 - data/CVE
Author: sectracker Date: 2017-11-19 21:10:15 + (Sun, 19 Nov 2017) New Revision: 57840 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-19 20:13:56 UTC (rev 57839) +++ data/CVE/list 2017-11-19 21:10:15 UTC (rev 57840) @@ -1,3 +1,21 @@ +CVE-2017-16893 + RESERVED +CVE-2017-16892 (In Bftpd before 4.7, there is a memory leak in the file rename ...) + TODO: check +CVE-2017-16891 + RESERVED +CVE-2017-16890 + RESERVED +CVE-2017-16889 + RESERVED +CVE-2017-16888 + RESERVED +CVE-2017-16887 + RESERVED +CVE-2017-16886 + RESERVED +CVE-2017-16885 + RESERVED CVE-2017-1000404 NOT-FOR-US: Jenkins plugin CVE-2017-1000403 @@ -18169,7 +18187,7 @@ CVE-2017-10673 (admin/profile.php in GetSimple CMS 3.x has XSS in a name field. ...) NOT-FOR-US: GetSimple CMS CVE-2017-10672 (Use-after-free in the XML-LibXML module through 2.0129 for Perl allows ...) - {DLA-1171-1} + {DSA-4042-1 DLA-1171-1} - libxml-libxml-perl 2.0128+dfsg-5 (bug #866676) NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=122246 NOTE: Pull request: https://github.com/shlomif/perl-XML-LibXML/pull/8 @@ -25802,6 +25820,7 @@ RESERVED CVE-2017-8028 RESERVED + {DLA-1180-1} - libspring-ldap-java NOTE: https://pivotal.io/security/cve-2017-8028 NOTE: https://github.com/spring-projects/spring-ldap/issues/430 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57816 - data/CVE
Author: sectracker Date: 2017-11-19 09:10:16 + (Sun, 19 Nov 2017) New Revision: 57816 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-19 08:45:39 UTC (rev 57815) +++ data/CVE/list 2017-11-19 09:10:16 UTC (rev 57816) @@ -1,3 +1,5 @@ +CVE-2017-16884 + RESERVED CVE-2017-16883 (The outputSWF_TEXT_RECORD function in util/outputscript.c in libming = ...) - ming NOTE: https://github.com/libming/libming/issues/77 @@ -423,7 +425,7 @@ - qemu-kvm NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg02982.html CVE-2017-16844 (Heap-based buffer overflow in the loadbuf function in formisc.c in ...) - {DLA-1173-1} + {DSA-4041-1 DLA-1173-1} - procmail 3.22-26 (bug #876511) CVE-2017-16843 (Vonage VDV-23 115 3.2.11-0.9.40 devices have stored XSS via the ...) NOT-FOR-US: Vonage VDV-23 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57799 - data/CVE
Author: sectracker Date: 2017-11-18 21:10:12 + (Sat, 18 Nov 2017) New Revision: 57799 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-18 20:26:51 UTC (rev 57798) +++ data/CVE/list 2017-11-18 21:10:12 UTC (rev 57799) @@ -1,3 +1,9 @@ +CVE-2017-16883 (The outputSWF_TEXT_RECORD function in util/outputscript.c in libming = ...) + TODO: check +CVE-2017-16882 (Icinga Core through 1.14.0 initially executes bin/icinga as root but ...) + TODO: check +CVE-2017-16881 (b3log Symphony (aka Sym) 2.2.0 does not properly address XSS in JSON ...) + TODO: check CVE-2017-16880 (The dump function in Util/TemplateHelper.php in filp whoops before ...) NOT-FOR-US: filp whoops CVE-2017-1000230 (The Snap7 Server version 1.4.1 can be crashed when the ItemCount field ...) @@ -440,12 +446,12 @@ CVE-2017-16833 (Stored cross-site scripting (XSS) vulnerability in Gemirro before ...) NOT-FOR-US: Gemirro CVE-2017-16853 (The DynamicMetadataProvider class in ...) - {DSA-4039-1} + {DSA-4039-1 DLA-1178-1} - opensaml2 (bug #881856) NOTE: https://git.shibboleth.net/view/?p=cpp-opensaml.git;a=commit;h=6182b0acf2df670e75423c2ed7afe6950ef11c9d NOTE: https://shibboleth.net/community/advisories/secadv_20171115.txt CVE-2017-16852 (shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic ...) - {DSA-4038-1} + {DSA-4038-1 DLA-1179-1} - shibboleth-sp2 (bug #881857) NOTE: https://git.shibboleth.net/view/?p=cpp-sp.git;a=commit;h=b66cceb0e992c351ad5e2c665229ede82f261b16 NOTE: https://shibboleth.net/community/advisories/secadv_20171115.txt @@ -3768,6 +3774,7 @@ NOTE: https://bugs.schedmd.com/show_bug.cgi?id=4228 (not public) NOTE: Fixed by: https://github.com/SchedMD/slurm/commit/b30e9e9ee2ade6951bfaf28e15ef77325a206971 CVE-2017-15565 (In Poppler 0.59.0, a NULL Pointer Dereference exists in the ...) + {DLA-1177-1} - poppler (bug #879066) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=103016 NOTE: Fixed by: https://cgit.freedesktop.org/poppler/poppler/commit/?id=19ebd40547186a8ea6da08c8d8e2a6d6b7e84f5d @@ -5508,16 +5515,19 @@ CVE-2017-14978 RESERVED CVE-2017-14977 (The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler ...) + {DLA-1177-1} - poppler (low; bug #877952) [stretch] - poppler (Minor issue) [jessie] - poppler (Minor issue) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=103045 NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=19eedc6fb693a62f305e13079501e3105f869f3c CVE-2017-14976 (The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler ...) + {DLA-1177-1} - poppler (low; bug #877954) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102724 NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=da63c35549e8852a410946ab016a3f25ac701bdf CVE-2017-14975 (The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler ...) + {DLA-1177-1} - poppler (low; bug #877957) [stretch] - poppler (Minor issue) [jessie] - poppler (Minor issue) @@ -14767,6 +14777,7 @@ - ming NOTE: https://github.com/libming/libming/issues/83 CVE-2017-11733 (A null pointer dereference vulnerability was found in the function ...) + {DLA-1176-1} - ming NOTE: https://github.com/libming/libming/issues/78 CVE-2017-11732 (A heap-based buffer overflow vulnerability was found in the function ...) @@ -18296,9 +18307,11 @@ - libav (Vulnerable code not present) NOTE: https://github.com/FFmpeg/FFmpeg/commit/cb243972b121b1ae6b60a78ff55a0506c69f3879 CVE-2017-9989 (util/outputtxt.c in libming 0.4.8 mishandles memory allocation. A ...) + {DLA-1176-1} - ming NOTE: https://github.com/libming/libming/issues/86 CVE-2017-9988 (The readEncUInt30 function in util/read.c in libming 0.4.8 mishandles ...) + {DLA-1176-1} - ming NOTE: https://github.com/libming/libming/issues/85 CVE-2017-9987 (There is a heap-based buffer overflow in the function hpel_motion in ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57776 - data/CVE
Author: sectracker Date: 2017-11-18 09:10:15 + (Sat, 18 Nov 2017) New Revision: 57776 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-18 08:08:53 UTC (rev 57775) +++ data/CVE/list 2017-11-18 09:10:15 UTC (rev 57776) @@ -1,3 +1,23 @@ +CVE-2017-16880 (The dump function in Util/TemplateHelper.php in filp whoops before ...) + TODO: check +CVE-2017-1000230 (The Snap7 Server version 1.4.1 can be crashed when the ItemCount field ...) + TODO: check +CVE-2017-1000227 (Stored XSS in Salutation Responsive WordPress + BuddyPress Theme ...) + TODO: check +CVE-2017-1000221 (In Opencast 2.2.3 and older if user names overlap, the Opencast search ...) + TODO: check +CVE-2017-1000217 (Opencast 2.3.2 and older versions are vulnerable to script injections ...) + TODO: check +CVE-2017-1000190 (SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability ...) + TODO: check +CVE-2017-1000163 (The Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through ...) + TODO: check +CVE-2017-1000128 (Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser ...) + TODO: check +CVE-2017-1000127 (Exiv2 0.26 contains a heap buffer overflow in tiff parser ...) + TODO: check +CVE-2017-1000126 (exiv2 0.26 contains a Stack out of bounds read in webp parser ...) + TODO: check CVE-2017-16879 RESERVED CVE-2017-16878 @@ -23,6 +43,7 @@ CVE-2017-1000212 (Elixir's vim plugin, alchemist.vim is vulnerable to remote code ...) NOT-FOR-US: Elixir's vim plugin CVE-2017-1000211 (Lynx version 2.8.8 and older is vulnerable to a use after free in the ...) + {DLA-1175-1} - lynx 2.8.9dev16-1 - lynx-cur NOTE: https://github.com/ThomasDickey/lynx-snapshots/commit/280a61b300a1614f6037efc0902ff7ecf17146e9 @@ -53,7 +74,7 @@ NOT-FOR-US: UpdraftPlus plugin for WordPress CVE-2017-16870 (The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the ...) NOT-FOR-US: UpdraftPlus plugin for WordPress -CVE-2017-16869 (p_mach.cpp in UPX 3.94 allows remote attackers to cause a denial of ...) +CVE-2017-16869 (** DISPUTED ** p_mach.cpp in UPX 3.94 allows remote attackers to cause ...) - upx-ucl (bug #882041; unimportant) NOTE: https://github.com/upx/upx/issues/146 NOTE: crash in CLI tool, no security impact @@ -386,6 +407,7 @@ - qemu-kvm NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg02982.html CVE-2017-16844 (Heap-based buffer overflow in the loadbuf function in formisc.c in ...) + {DLA-1173-1} - procmail 3.22-26 (bug #876511) CVE-2017-16843 (Vonage VDV-23 115 3.2.11-0.9.40 devices have stored XSS via the ...) NOT-FOR-US: Vonage VDV-23 @@ -1080,8 +1102,8 @@ NOT-FOR-US: Logitech Media Server CVE-2017-16567 (Cross-site scripting (XSS) vulnerability in Logitech Media Server ...) NOT-FOR-US: Logitech Media Server -CVE-2017-16566 - RESERVED +CVE-2017-16566 (On Jooan IP Camera A5 2.3.36 devices, an insecure FTP server does not ...) + TODO: check CVE-2017-16565 (Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage ...) NOT-FOR-US: Vonage CVE-2017-16564 (Stored Cross-site scripting (XSS) vulnerability in /cgi-bin/config2 on ...) @@ -1126,6 +1148,7 @@ NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/785758bbbfcc NOTE: https://sourceforge.net/p/graphicsmagick/bugs/517/ CVE-2017-16546 (The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does ...) + {DSA-4040-1} - imagemagick (bug #881392) [wheezy] - imagemagick (Vulnerable code not present; PoC from GitHub issue results in memory allocation exception thrown at coders/wpg.c:1109 and valgrind does not report any issues) NOTE: https://github.com/ImageMagick/ImageMagick/commit/2130bf6f89ded32ef0c88a11694f107c52566c53 @@ -2966,7 +2989,7 @@ CVE-2017-15925 RESERVED CVE-2017-15923 (Konversation 1.4.x, 1.5.x, 1.6.x, and 1.7.x before 1.7.3 allow remote ...) - {DSA-4033-1} + {DSA-4033-1 DLA-1174-1} - konversation 1.7.3-1 (bug #881586) NOTE: https://cgit.kde.org/konversation.git/commit/?h=1.7=6a7f59ee1b9dbc6e5cf9e5f3b306504d02b73ef0 CVE-2017-15922 (In GNU Libextractor 1.4, there is an out-of-bounds read in the ...) @@ -4524,7 +4547,7 @@ CVE-2017-15278 (Cross-Site Scripting (XSS) was discovered in TeamPass before 2.1.27.9. ...) NOT-FOR-US: TeamPass CVE-2017-15277 (ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick ...) - {DSA-4032-1 DLA-1140-1 DLA-1139-1} + {DSA-4040-1 DSA-4032-1 DLA-1140-1 DLA-1139-1} - imagemagick (bug #878578) - graphicsmagick 1.3.26-14 NOTE: IM6:
[Secure-testing-commits] r57745 - data/CVE
Author: sectracker Date: 2017-11-17 21:10:14 + (Fri, 17 Nov 2017) New Revision: 57745 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-17 19:45:46 UTC (rev 57744) +++ data/CVE/list 2017-11-17 21:10:14 UTC (rev 57745) @@ -1,13 +1,59 @@ -CVE-2017-16872 +CVE-2017-16879 RESERVED -CVE-2017-16871 +CVE-2017-16878 RESERVED -CVE-2017-16870 +CVE-2017-16877 (ZEIT Next.js before 2.4.1 has directory traversal under the /_next and ...) + TODO: check +CVE-2017-16876 RESERVED -CVE-2017-16869 +CVE-2017-16875 (An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in ...) + TODO: check +CVE-2017-16874 RESERVED -CVE-2017-16868 +CVE-2017-16873 RESERVED +CVE-2017-1000233 + REJECTED + TODO: check +CVE-2017-1000222 + REJECTED + TODO: check +CVE-2017-1000215 (ROOT xrootd version 4.6.0 and below is vulnerable to an ...) + TODO: check +CVE-2017-1000212 (Elixir's vim plugin, alchemist.vim is vulnerable to remote code ...) + TODO: check +CVE-2017-1000211 (Lynx version 2.8.8 and older is vulnerable to a use after free in the ...) + TODO: check +CVE-2017-1000206 (samtools htslib library version 1.4.0 and earlier is vulnerable to ...) + TODO: check +CVE-2017-1000204 + REJECTED + TODO: check +CVE-2017-1000203 (ROOT version 6.9.03 and below is vulnerable to an authenticated shell ...) + TODO: check +CVE-2017-1000192 (Cygnux sysPass version 2.1.7 and older is vulnerable to a Local File ...) + TODO: check +CVE-2017-1000191 (Jool 3.5.0-3.5.1 is vulnerable to a kernel crashing packet resulting ...) + TODO: check +CVE-2017-1000170 (jqueryFileTree 2.1.5 and older Directory Traversal ...) + TODO: check +CVE-2017-1000169 (QuickerBB version = 0.7.2 is vulnerable to arbitrary file writes ...) + TODO: check +CVE-2017-1000168 (sodiumoxide 0.0.13 and older scalarmult() vulnerable to degenerate ...) + TODO: check +CVE-2017-1000161 + REJECTED + TODO: check +CVE-2017-16872 (An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in ...) + TODO: check +CVE-2017-16871 (The UpdraftPlus plugin through 1.13.12 for WordPress allows remote PHP ...) + TODO: check +CVE-2017-16870 (The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the ...) + TODO: check +CVE-2017-16869 (p_mach.cpp in UPX 3.94 allows remote attackers to cause a denial of ...) + TODO: check +CVE-2017-16868 (In SWFTools 0.9.2, the wav_convert2mono function in lib/wav.c does not ...) + TODO: check CVE-2017-16867 (Amazon Key through 2017-11-16 mishandles Cloud Cam 802.11 ...) NOT-FOR-US: Amazon Key CVE-2017-1000248 (Redis-store =v1.3.0 allows unsafe objects to be loaded from redis ...) @@ -329,8 +375,7 @@ NOT-FOR-US: Zoho ManageEngine Applications Manager CVE-2017-16846 (Zoho ManageEngine Applications Manager 13 allows SQL injection via the ...) NOT-FOR-US: Zoho ManageEngine Applications Manager -CVE-2017-16845 [ps2: information leakage via post_load routine] - RESERVED +CVE-2017-16845 (hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values ...) - qemu - qemu-kvm NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg02982.html @@ -431,8 +476,8 @@ RESERVED CVE-2017-16821 (b3log Symphony (aka Sym) 2.2.0 has XSS in processor/AdminProcessor.java ...) NOT-FOR-US: b3log Symphony -CVE-2017-16819 - RESERVED +CVE-2017-16819 (A stored cross-site scripting vulnerability in the Icon Time Systems ...) + TODO: check CVE-2017-16818 RESERVED CVE-2017-16817 @@ -8001,8 +8046,8 @@ REJECTED CVE-2017-14112 RESERVED -CVE-2017-14111 - RESERVED +CVE-2017-14111 (The workstation logging function in Philips IntelliSpace ...) + TODO: check CVE-2017-14110 RESERVED CVE-2017-1000201 (The tcmu-runner daemon in tcmu-runner version 1.0.5 to 1.2.0 is ...) @@ -9182,14 +9227,14 @@ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1495510 NOTE: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2017q3/011729.html NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=63437ffbb58837b214b4b92cb1c54bc5f3279928 -CVE-2017-13703 - RESERVED -CVE-2017-13702 - RESERVED +CVE-2017-13703 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. A ...) + TODO: check +CVE-2017-13702 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. ...) + TODO: check CVE-2017-13701 RESERVED -CVE-2017-13700 - RESERVED +CVE-2017-13700 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. ...) + TODO: check CVE-2017-13699 RESERVED CVE-2017-13698 @@ -17467,16 +17512,16 @@ RESERVED
[Secure-testing-commits] r57697 - data/CVE
Author: sectracker Date: 2017-11-17 09:10:18 + (Fri, 17 Nov 2017) New Revision: 57697 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-17 06:20:29 UTC (rev 57696) +++ data/CVE/list 2017-11-17 09:10:18 UTC (rev 57697) @@ -1,3 +1,107 @@ +CVE-2017-16872 + RESERVED +CVE-2017-16871 + RESERVED +CVE-2017-16870 + RESERVED +CVE-2017-16869 + RESERVED +CVE-2017-16868 + RESERVED +CVE-2017-16867 (Amazon Key through 2017-11-16 mishandles Cloud Cam 802.11 ...) + TODO: check +CVE-2017-1000248 (Redis-store =v1.3.0 allows unsafe objects to be loaded from redis ...) + TODO: check +CVE-2017-1000247 (British Columbia Institute of Technology CodeIgniter 3.1.3 is ...) + TODO: check +CVE-2017-1000246 (Python package pysaml2 version 4.4.0 and earlier reuses the ...) + TODO: check +CVE-2017-1000241 (The application OpenEMR version 5.0.0, 5.0.1-dev and prior is affected ...) + TODO: check +CVE-2017-1000240 (The application OpenEMR is affected by multiple reflected stored ...) + TODO: check +CVE-2017-1000239 (InvoicePlane version 1.4.10 is vulnerable to a Stored Cross Site ...) + TODO: check +CVE-2017-1000238 (InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload ...) + TODO: check +CVE-2017-1000237 (I, Librarian version =4.6 4.7 is vulnerable to Server-Side Request ...) + TODO: check +CVE-2017-1000236 (I, Librarian version =4.6 4.7 is vulnerable to Reflected Cross-Site ...) + TODO: check +CVE-2017-1000235 (I, Librarian version =4.6 4.7 is vulnerable to OS Command Injection ...) + TODO: check +CVE-2017-1000234 (I, Librarian version =4.6 4.7 is vulnerable to Directory ...) + TODO: check +CVE-2017-1000232 (A double-free vulnerability in str2host.c in ldns 1.7.0 have ...) + TODO: check +CVE-2017-1000231 (A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified ...) + TODO: check +CVE-2017-1000229 (Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 ...) + TODO: check +CVE-2017-1000228 (nodejs ejs versions older than 2.5.3 is vulnerable to remote code ...) + TODO: check +CVE-2017-1000226 (Stop User Enumeration 1.3.8 allows user enumeration via the REST API ...) + TODO: check +CVE-2017-1000225 (Reflected XSS in Relevanssi Premium version 1.14.8 when using ...) + TODO: check +CVE-2017-1000224 (CSRF in YouTube (WordPress plugin) could allow unauthenticated ...) + TODO: check +CVE-2017-1000223 (A stored web content injection vulnerability (WCI, a.k.a XSS) is ...) + TODO: check +CVE-2017-1000220 (soyuka/pidusage =1.1.4 is vulnerable to command injection in the ...) + TODO: check +CVE-2017-1000219 (npm/KyleRoss windows-cpu all versions vulnerable to command injection ...) + TODO: check +CVE-2017-1000218 (LightFTP version 1.1 is vulnerable to a buffer overflow in the ...) + TODO: check +CVE-2017-1000213 (WBCE v1.1.11 is vulnerable to reflected XSS via the begriff POST ...) + TODO: check +CVE-2017-1000210 (picoTCP (versions 1.7.0 - 1.5.0) is vulnerable to stack buffer ...) + TODO: check +CVE-2017-1000209 (The Java WebSocket client nv-websocket-client does not verify that the ...) + TODO: check +CVE-2017-1000208 (A vulnerability in Swagger-Parser's (version = 1.0.30) yaml parsing ...) + TODO: check +CVE-2017-1000197 (October CMS build 412 is vulnerable to file path modification in asset ...) + TODO: check +CVE-2017-1000196 (October CMS build 412 is vulnerable to PHP code execution in the asset ...) + TODO: check +CVE-2017-1000195 (October CMS build 412 is vulnerable to PHP object injection in asset ...) + TODO: check +CVE-2017-1000194 (October CMS build 412 is vulnerable to Apache configuration ...) + TODO: check +CVE-2017-1000193 (October CMS build 412 is vulnerable to stored WCI (a.k.a XSS) in brand ...) + TODO: check +CVE-2017-1000189 (nodejs ejs version older than 2.5.5 is vulnerable to a ...) + TODO: check +CVE-2017-1000188 (nodejs ejs version older than 2.5.5 is vulnerable to a ...) + TODO: check +CVE-2017-1000187 (In SWFTools, an address access exception was found in pdf2swf. ...) + TODO: check +CVE-2017-1000186 (In SWFTools, a stack overflow was found in pdf2swf. ...) + TODO: check +CVE-2017-1000185 (In SWFTools, a memcpy buffer overflow was found in gif2swf. ...) + TODO: check +CVE-2017-1000182 (In SWFTools, a memory leak was found in wav2swf. ...) + TODO: check +CVE-2017-1000176 (In SWFTools, a memcpy buffer overflow was found in swfc. ...) + TODO: check +CVE-2017-1000174 (In SWFTools, an address access exception was found in swfdump ...) + TODO: check +CVE-2017-1000173 (Creolabs Gravity Version: 1.0 Heap Overflow Potential Code Execution. ...) +
[Secure-testing-commits] r57687 - data/CVE
Author: sectracker Date: 2017-11-16 21:10:13 + (Thu, 16 Nov 2017) New Revision: 57687 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-16 21:05:33 UTC (rev 57686) +++ data/CVE/list 2017-11-16 21:10:13 UTC (rev 57687) @@ -1,3 +1,215 @@ +CVE-2018-0085 + RESERVED +CVE-2018-0084 + RESERVED +CVE-2018-0083 + RESERVED +CVE-2018-0082 + RESERVED +CVE-2018-0081 + RESERVED +CVE-2018-0080 + RESERVED +CVE-2018-0079 + RESERVED +CVE-2018-0078 + RESERVED +CVE-2018-0077 + RESERVED +CVE-2018-0076 + RESERVED +CVE-2018-0075 + RESERVED +CVE-2018-0074 + RESERVED +CVE-2018-0073 + RESERVED +CVE-2018-0072 + RESERVED +CVE-2018-0071 + RESERVED +CVE-2018-0070 + RESERVED +CVE-2018-0069 + RESERVED +CVE-2018-0068 + RESERVED +CVE-2018-0067 + RESERVED +CVE-2018-0066 + RESERVED +CVE-2018-0065 + RESERVED +CVE-2018-0064 + RESERVED +CVE-2018-0063 + RESERVED +CVE-2018-0062 + RESERVED +CVE-2018-0061 + RESERVED +CVE-2018-0060 + RESERVED +CVE-2018-0059 + RESERVED +CVE-2018-0058 + RESERVED +CVE-2018-0057 + RESERVED +CVE-2018-0056 + RESERVED +CVE-2018-0055 + RESERVED +CVE-2018-0054 + RESERVED +CVE-2018-0053 + RESERVED +CVE-2018-0052 + RESERVED +CVE-2018-0051 + RESERVED +CVE-2018-0050 + RESERVED +CVE-2018-0049 + RESERVED +CVE-2018-0048 + RESERVED +CVE-2018-0047 + RESERVED +CVE-2018-0046 + RESERVED +CVE-2018-0045 + RESERVED +CVE-2018-0044 + RESERVED +CVE-2018-0043 + RESERVED +CVE-2018-0042 + RESERVED +CVE-2018-0041 + RESERVED +CVE-2018-0040 + RESERVED +CVE-2018-0039 + RESERVED +CVE-2018-0038 + RESERVED +CVE-2018-0037 + RESERVED +CVE-2018-0036 + RESERVED +CVE-2018-0035 + RESERVED +CVE-2018-0034 + RESERVED +CVE-2018-0033 + RESERVED +CVE-2018-0032 + RESERVED +CVE-2018-0031 + RESERVED +CVE-2018-0030 + RESERVED +CVE-2018-0029 + RESERVED +CVE-2018-0028 + RESERVED +CVE-2018-0027 + RESERVED +CVE-2018-0026 + RESERVED +CVE-2018-0025 + RESERVED +CVE-2018-0024 + RESERVED +CVE-2018-0023 + RESERVED +CVE-2018-0022 + RESERVED +CVE-2018-0021 + RESERVED +CVE-2018-0020 + RESERVED +CVE-2018-0019 + RESERVED +CVE-2018-0018 + RESERVED +CVE-2018-0017 + RESERVED +CVE-2018-0016 + RESERVED +CVE-2018-0015 + RESERVED +CVE-2018-0014 + RESERVED +CVE-2018-0013 + RESERVED +CVE-2018-0012 + RESERVED +CVE-2018-0011 + RESERVED +CVE-2018-0010 + RESERVED +CVE-2018-0009 + RESERVED +CVE-2018-0008 + RESERVED +CVE-2018-0007 + RESERVED +CVE-2018-0006 + RESERVED +CVE-2018-0005 + RESERVED +CVE-2018-0004 + RESERVED +CVE-2018-0003 + RESERVED +CVE-2018-0002 + RESERVED +CVE-2018-0001 + RESERVED +CVE-2017-16866 + RESERVED +CVE-2017-16865 + RESERVED +CVE-2017-16864 + RESERVED +CVE-2017-16863 + RESERVED +CVE-2017-16862 + RESERVED +CVE-2017-16861 + RESERVED +CVE-2017-16860 + RESERVED +CVE-2017-16859 + RESERVED +CVE-2017-16858 + RESERVED +CVE-2017-16857 + RESERVED +CVE-2017-16856 + RESERVED +CVE-2017-16855 (Ipsilon before 2.1.0 has a SAML2 multi-session vulnerability. ...) + TODO: check +CVE-2017-16854 + RESERVED +CVE-2017-16851 (Zoho ManageEngine Applications Manager 13 allows SQL injection via the ...) + TODO: check +CVE-2017-16850 (Zoho ManageEngine Applications Manager 13 allows SQL injection via the ...) + TODO: check +CVE-2017-16849 (Zoho ManageEngine Applications Manager 13 allows SQL injection via the ...) + TODO: check +CVE-2017-16848 (Zoho ManageEngine Applications Manager 13 allows SQL injection via the ...) + TODO: check +CVE-2017-16847 (Zoho ManageEngine Applications Manager 13 allows SQL injection via the ...) + TODO: check +CVE-2017-16846 (Zoho ManageEngine Applications Manager 13 allows SQL injection via the ...) + TODO: check +CVE-2017-16845 + RESERVED +CVE-2017-16844 (Heap-based buffer overflow in the loadbuf function in formisc.c in ...) + TODO: check CVE-2017-16843 RESERVED CVE-2017-16842 (Cross-site scripting (XSS) vulnerability in ...) @@ -21,11 +233,12 @@ NOTE: https://github.com/lingej/pnp4nagios/issues/140 CVE-2017-16833 (Stored cross-site scripting (XSS) vulnerability in Gemirro before ...) NOT-FOR-US: Gemirro -CVE-2017-16853 [CPPOST-105] +CVE-2017-16853 (The DynamicMetadataProvider class in ...) - opensaml2 (bug #881856) NOTE: https://git.shibboleth.net/view/?p=cpp-opensaml.git;a=commit;h=6182b0acf2df670e75423c2ed7afe6950ef11c9d NOTE:
[Secure-testing-commits] r57675 - data/CVE
Author: sectracker Date: 2017-11-16 09:10:18 + (Thu, 16 Nov 2017) New Revision: 57675 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-16 08:03:57 UTC (rev 57674) +++ data/CVE/list 2017-11-16 09:10:18 UTC (rev 57675) @@ -1,4 +1,22 @@ -CVE-2017-16834 [root privilege escalation via insecure permissions] +CVE-2017-16843 + RESERVED +CVE-2017-16842 (Cross-site scripting (XSS) vulnerability in ...) + TODO: check +CVE-2017-16841 (LanSweeper 6.0.100.75 has XSS via the description parameter to ...) + TODO: check +CVE-2017-16840 + RESERVED +CVE-2017-16839 + RESERVED +CVE-2017-16838 + RESERVED +CVE-2017-16837 (Certain function pointers in Trusted Boot (tboot) through 1.9.6 are not ...) + TODO: check +CVE-2017-16836 (Arris TG1682G devices with Comcast TG1682_2.0s7_PRODse ...) + TODO: check +CVE-2017-16835 + RESERVED +CVE-2017-16834 (PNP4Nagios through 0.6.26 has /usr/bin/npcd and npcd.cfg owned by an ...) - pnp4nagios NOTE: https://github.com/lingej/pnp4nagios/issues/140 CVE-2017-16833 (Stored cross-site scripting (XSS) vulnerability in Gemirro before ...) @@ -4530,8 +4548,7 @@ RESERVED CVE-2017-15116 RESERVED -CVE-2017-15115 [sctp: use-after-free in sctp_cmp_addr_exact()] - RESERVED +CVE-2017-15115 (The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel ...) - linux NOTE: https://git.kernel.org/linus/df80cd9b28b9ebaa284a41df611dbf3a2d05ca74 (v4.14-rc6) CVE-2017-15114 [Passwordless access for non-libvirt related services when using shared certificate authority] @@ -4563,8 +4580,7 @@ RESERVED CVE-2017-15103 RESERVED -CVE-2017-15102 [NULL pointer dereference due to race condition in probe function of legousbtower driver] - RESERVED +CVE-2017-15102 (The tower_probe function in drivers/usb/misc/legousbtower.c in the ...) - linux 4.7.8-1 [jessie] - linux 3.16.43-1 [wheezy] - linux 3.2.86-1 @@ -7868,8 +7884,8 @@ NOTE: Fixed by: https://git.kernel.org/linus/e6f77540c067b48dee10f1e33678415bfcc89017 NOTE: https://patchwork.kernel.org/patch/9929625/ NOTE: Non issue, only "exploitable" with root access -CVE-2017-14034 - RESERVED +CVE-2017-14034 (The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used ...) + TODO: check CVE-2017-14033 (The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, ...) {DSA-4031-1 DLA-1114-1} - ruby2.3 2.3.5-1 (bug #875928) @@ -9986,10 +10002,10 @@ NOT-FOR-US: Wordpress theme CVE-2017-13137 (The FormCraft Basic plugin 1.0.5 for WordPress has SQL injection in the ...) NOT-FOR-US: Wordpress plugin -CVE-2017-13136 - RESERVED -CVE-2017-13135 - RESERVED +CVE-2017-13136 (The image_alloc function in bpgenc.c in libbpg 0.9.7 has an integer ...) + TODO: check +CVE-2017-13135 (A NULL Pointer Dereference exists in VideoLAN x265, as used in libbpg ...) + TODO: check CVE-2017-13134 (In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based buffer ...) {DSA-4032-1 DLA-1170-1 DLA-1081-1} - imagemagick (bug #873099) @@ -12826,8 +12842,8 @@ RESERVED CVE-2017-12351 RESERVED -CVE-2017-12350 - RESERVED +CVE-2017-12350 (A vulnerability in Cisco Umbrella Insights Virtual Appliances 2.1.0 and ...) + TODO: check CVE-2017-12349 RESERVED CVE-2017-12348 @@ -12852,8 +12868,8 @@ RESERVED CVE-2017-12338 RESERVED -CVE-2017-12337 - RESERVED +CVE-2017-12337 (A vulnerability in the upgrade mechanism of Cisco collaboration ...) + TODO: check CVE-2017-12336 RESERVED CVE-2017-12335 @@ -12880,56 +12896,56 @@ RESERVED CVE-2017-12324 RESERVED -CVE-2017-12323 - RESERVED -CVE-2017-12322 - RESERVED -CVE-2017-12321 - RESERVED -CVE-2017-12320 - RESERVED +CVE-2017-12323 (Multiple vulnerabilities in the web interface of the Cisco Registered ...) + TODO: check +CVE-2017-12322 (Multiple vulnerabilities in the web interface of the Cisco Registered ...) + TODO: check +CVE-2017-12321 (Multiple vulnerabilities in the web interface of the Cisco Registered ...) + TODO: check +CVE-2017-12320 (Multiple vulnerabilities in the web interface of the Cisco Registered ...) + TODO: check CVE-2017-12319 RESERVED -CVE-2017-12318 - RESERVED +CVE-2017-12318 (A vulnerability in the TCP state machine of Cisco RF Gateway 1 devices ...) + TODO: check CVE-2017-12317 (The Cisco AMP For Endpoints application allows an authenticated, local ...) NOT-FOR-US: Cisco -CVE-2017-12316 - RESERVED -CVE-2017-12315 - RESERVED -CVE-2017-12314 - RESERVED -CVE-2017-12313 - RESERVED -CVE-2017-12312 - RESERVED
[Secure-testing-commits] r57666 - data/CVE
Author: sectracker Date: 2017-11-15 21:10:20 + (Wed, 15 Nov 2017) New Revision: 57666 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-15 20:35:45 UTC (rev 57665) +++ data/CVE/list 2017-11-15 21:10:20 UTC (rev 57666) @@ -1,3 +1,5 @@ +CVE-2017-16833 (Stored cross-site scripting (XSS) vulnerability in Gemirro before ...) + TODO: check CVE-2017- [CPPOST-105] - opensaml2 (bug #881856) NOTE: https://git.shibboleth.net/view/?p=cpp-opensaml.git;a=commit;h=6182b0acf2df670e75423c2ed7afe6950ef11c9d @@ -2540,8 +2542,7 @@ RESERVED CVE-2017-15925 RESERVED -CVE-2017-15923 [Crash in parsing IRC color formatting codes] - RESERVED +CVE-2017-15923 (Konversation 1.4.x, 1.5.x, 1.6.x, and 1.7.x before 1.7.3 allow remote ...) {DSA-4033-1} - konversation 1.7.3-1 (bug #881586) NOTE: https://cgit.kde.org/konversation.git/commit/?h=1.7=6a7f59ee1b9dbc6e5cf9e5f3b306504d02b73ef0 @@ -2804,8 +2805,8 @@ NOT-FOR-US: phpMyFaq CVE-2017-15807 RESERVED -CVE-2017-15806 - RESERVED +CVE-2017-15806 (The send function in the ezcMailMtaTransport class in Zeta Components ...) + TODO: check CVE-2016-10516 (Cross-site scripting (XSS) vulnerability in the render_full function in ...) - python-werkzeug 0.11.11+dfsg1-1 NOTE: http://blog.neargle.com/2016/09/21/flask-src-review-get-a-xss-from-debuger/ @@ -4063,8 +4064,8 @@ - qemu-kvm NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg02557.html NOTE: Fixed by: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=eb38e1bc3740725ca29a535351de94107ec58d51 -CVE-2017-15288 - RESERVED +CVE-2017-15288 (The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, ...) + TODO: check CVE-2017-15287 (There is XSS in the BouquetEditor WebPlugin for Dream Multimedia ...) NOT-FOR-US: BouquetEditor WebPlugin CVE-2017-15286 (SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in ...) @@ -4116,14 +4117,14 @@ CVE-2017-15273 (Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before ...) - mahara NOTE: https://mahara.org/interaction/forum/topic.php?id=8081 -CVE-2017-15272 - RESERVED -CVE-2017-15271 - RESERVED -CVE-2017-15270 - RESERVED -CVE-2017-15269 - RESERVED +CVE-2017-15272 (The PSFTPd 10.0.4 Build 729 server stores its configuration inside ...) + TODO: check +CVE-2017-15271 (A use-after-free issue could be triggered remotely in the SFTP ...) + TODO: check +CVE-2017-15270 (The PSFTPd 10.0.4 Build 729 server does not properly escape data ...) + TODO: check +CVE-2017-15269 (The PSFTPd 10.0.4 Build 729 server does not prevent FTP bounce scans ...) + TODO: check CVE-2017-15268 (Qemu through 2.10.0 allows remote attackers to cause a memory leak by ...) - qemu (bug #880836) [stretch] - qemu (Minor issue) @@ -5103,8 +5104,8 @@ RESERVED CVE-2017-14962 RESERVED -CVE-2017-14961 - RESERVED +CVE-2017-14961 (In IKARUS anti.virus 2.16.7, the ntguard.sys driver contains an ...) + TODO: check CVE-2017-14960 RESERVED CVE-2017-14959 @@ -12029,10 +12030,10 @@ CVE-2017-12635 (Due to differences in the Erlang-based JSON parser and ...) - couchdb NOTE: http://www.openwall.com/lists/oss-security/2017/11/14/6 -CVE-2017-12634 - RESERVED -CVE-2017-12633 - RESERVED +CVE-2017-12634 (The camel-castor component in Apache Camel 2.x before 2.19.4 and ...) + TODO: check +CVE-2017-12633 (The camel-hessian component in Apache Camel 2.x before 2.19.4 and ...) + TODO: check CVE-2017-12632 RESERVED CVE-2017-12631 @@ -12490,7 +12491,7 @@ RESERVED CVE-2017-12461 RESERVED -CVE-2017-12460 (Unspecified vulnerability in Barco ClickShare CSM-1 firmware before ...) +CVE-2017-12460 (An issue was discovered in Barco ClickShare CSM-1 firmware before ...) NOT-FOR-US: Barco ClickShare CSM-1 firmware CVE-2017-12459 (The bfd_mach_o_read_symtab_strtab function in bfd/mach-o.c in the ...) - binutils 2.29-8 @@ -23189,7 +23190,7 @@ CVE-2017-8815 (The language converter in MediaWiki before 1.27.4, 1.28.x before ...) - mediawiki 1:1.27.4-1 NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html - NOTE: https://phabricator.wikimedia.org/T119158 + NOTE: https://phabricator.wikimedia.org/T119158 CVE-2017-8814 (The language converter in MediaWiki before 1.27.4, 1.28.x before ...) - mediawiki 1:1.27.4-1 NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html @@ -23215,9 +23216,10 @@ CVE-2017-8808 (MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 ...) - mediawiki
[Secure-testing-commits] r57648 - data/CVE
Author: sectracker Date: 2017-11-15 09:10:14 + (Wed, 15 Nov 2017) New Revision: 57648 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-15 07:19:41 UTC (rev 57647) +++ data/CVE/list 2017-11-15 09:10:14 UTC (rev 57648) @@ -1,3 +1,31 @@ +CVE-2017-16832 (The pe_bfd_read_buildid function in peicode.h in the Binary File ...) + TODO: check +CVE-2017-16831 (coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as ...) + TODO: check +CVE-2017-16830 (The print_gnu_property_note function in readelf.c in GNU Binutils ...) + TODO: check +CVE-2017-16829 (The _bfd_elf_parse_gnu_properties function in elf-properties.c in the ...) + TODO: check +CVE-2017-16828 (The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 ...) + TODO: check +CVE-2017-16827 (The aout_get_external_symbols function in aoutx.h in the Binary File ...) + TODO: check +CVE-2017-16826 (The coff_slurp_line_table function in coffcode.h in the Binary File ...) + TODO: check +CVE-2017-16825 + RESERVED +CVE-2017-16824 + RESERVED +CVE-2017-16823 + RESERVED +CVE-2017-16822 + RESERVED +CVE-2017-16821 (b3log Symphony (aka Sym) 2.2.0 has XSS in processor/AdminProcessor.java ...) + TODO: check +CVE-2017-16819 + RESERVED +CVE-2017-16818 + RESERVED CVE-2017-16817 RESERVED CVE-2017-16816 @@ -4,7 +32,7 @@ RESERVED CVE-2017-16815 (installer.php in the Snap Creek Duplicator (WordPress Site Migration ...) NOT-FOR-US: Snap Creek Duplicator (WordPress Site Migration & Backup) plugin for WordPress -CVE-2017-16820 [snmp plugin: double free or heap corruption] +CVE-2017-16820 (The csnmp_read_table function in snmp.c in the SNMP plugin in collectd ...) - collectd (bug #881757) NOTE: https://github.com/collectd/collectd/issues/2291 CVE-2017-16814 @@ -11665,12 +11693,12 @@ RESERVED CVE-2017-12740 RESERVED -CVE-2017-12739 - RESERVED -CVE-2017-12738 - RESERVED -CVE-2017-12737 - RESERVED +CVE-2017-12739 (An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with ...) + TODO: check +CVE-2017-12738 (An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with ...) + TODO: check +CVE-2017-12737 (An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with ...) + TODO: check CVE-2017-12736 RESERVED CVE-2017-12735 (A vulnerability has been identified in Siemens LOGO! devices. An ...) @@ -13869,122 +13897,122 @@ RESERVED CVE-2017-11885 RESERVED -CVE-2017-11884 - RESERVED -CVE-2017-11883 - RESERVED -CVE-2017-11882 - RESERVED +CVE-2017-11884 (Microsoft Excel 2016 Click-to-Run (C2R) allows an attacker to run ...) + TODO: check +CVE-2017-11883 (.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to ...) + TODO: check +CVE-2017-11882 (Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service ...) + TODO: check CVE-2017-11881 RESERVED -CVE-2017-11880 - RESERVED -CVE-2017-11879 - RESERVED -CVE-2017-11878 - RESERVED -CVE-2017-11877 - RESERVED -CVE-2017-11876 - RESERVED +CVE-2017-11880 (Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, ...) + TODO: check +CVE-2017-11879 (ASP.NET Core 2.0 allows an attacker to steal log-in session ...) + TODO: check +CVE-2017-11878 (Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack ...) + TODO: check +CVE-2017-11877 (Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack ...) + TODO: check +CVE-2017-11876 (Microsoft Project Server and Microsoft SharePoint Enterprise Server ...) + TODO: check CVE-2017-11875 RESERVED -CVE-2017-11874 - RESERVED -CVE-2017-11873 - RESERVED -CVE-2017-11872 - RESERVED -CVE-2017-11871 - RESERVED -CVE-2017-11870 - RESERVED -CVE-2017-11869 - RESERVED +CVE-2017-11874 (Microsoft Edge in Microsoft Windows 10 1703, 1709, Windows Server, ...) + TODO: check +CVE-2017-11873 (ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, ...) + TODO: check +CVE-2017-11872 (Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server ...) + TODO: check +CVE-2017-11871 (ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows ...) + TODO: check +CVE-2017-11870 (ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows ...) + TODO: check +CVE-2017-11869 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and ...) + TODO: check CVE-2017-11868 RESERVED CVE-2017-11867 RESERVED -CVE-2017-11866 - RESERVED +CVE-2017-11866 (ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, ...) +
[Secure-testing-commits] r57638 - data/CVE
Author: sectracker Date: 2017-11-14 21:10:19 + (Tue, 14 Nov 2017) New Revision: 57638 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-14 20:55:39 UTC (rev 57637) +++ data/CVE/list 2017-11-14 21:10:19 UTC (rev 57638) @@ -1,3 +1,9 @@ +CVE-2017-16817 + RESERVED +CVE-2017-16816 + RESERVED +CVE-2017-16815 (installer.php in the Snap Creek Duplicator (WordPress Site Migration ...) + TODO: check CVE-2017-16820 [snmp plugin: double free or heap corruption] - collectd (bug #881757) NOTE: https://github.com/collectd/collectd/issues/2291 @@ -1386,8 +1392,8 @@ RESERVED CVE-2017-16240 RESERVED -CVE-2017-16239 - RESERVED +CVE-2017-16239 (In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through ...) + TODO: check CVE-2017-16238 RESERVED CVE-2017-16237 (In Vir.IT eXplorer Anti-Virus before 8.5.42, the driver file ...) @@ -11949,12 +11955,10 @@ NOT-FOR-US: Ipswitch IMail CVE-2017-12637 (Directory traversal vulnerability in ...) NOT-FOR-US: SAP -CVE-2017-12636 - RESERVED +CVE-2017-12636 (CouchDB administrative users can configure the database server via ...) - couchdb NOTE: http://www.openwall.com/lists/oss-security/2017/11/14/6 -CVE-2017-12635 - RESERVED +CVE-2017-12635 (Due to differences in the Erlang-based JSON parser and ...) - couchdb NOTE: http://www.openwall.com/lists/oss-security/2017/11/14/6 CVE-2017-12634 @@ -11982,8 +11986,8 @@ RESERVED CVE-2017-12625 (Apache Hive 2.1.x before 2.1.2, 2.2.x before 2.2.1, and 2.3.x before ...) NOT-FOR-US: Apache Hive -CVE-2017-12624 - RESERVED +CVE-2017-12624 (Apache CXF supports sending and receiving attachments via either the ...) + TODO: check CVE-2017-12623 (An authorized user could upload a template which contained malicious ...) NOT-FOR-US: Apache NiFi CVE-2017-12622 @@ -17551,6 +17555,7 @@ CVE-2017-10673 (admin/profile.php in GetSimple CMS 3.x has XSS in a name field. ...) NOT-FOR-US: GetSimple CMS CVE-2017-10672 (Use-after-free in the XML-LibXML module through 2.0129 for Perl allows ...) + {DLA-1171-1} - libxml-libxml-perl 2.0128+dfsg-5 (bug #866676) NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=122246 NOTE: Pull request: https://github.com/shlomif/perl-XML-LibXML/pull/8 @@ -22333,8 +22338,8 @@ RESERVED CVE-2017-9086 RESERVED -CVE-2017-9085 - RESERVED +CVE-2017-9085 (Multiple cross-site scripting (XSS) vulnerabilities in Kodak InSite 6.5 ...) + TODO: check CVE-2017-9084 RESERVED CVE-2017-9083 (poppler 0.54.0, as used in Evince and other products, has a NULL ...) @@ -31247,10 +31252,10 @@ NOT-FOR-US: NVIDIA Windows GPU Display Driver CVE-2017-6276 RESERVED -CVE-2017-6275 - RESERVED -CVE-2017-6274 - RESERVED +CVE-2017-6275 (An information disclosure vulnerability exists in the Thermal Driver, ...) + TODO: check +CVE-2017-6274 (An elevation of Privilege vulnerability exists in the Thermal Driver, ...) + TODO: check CVE-2017-6273 (NVIDIA ADSP Firmware contains a vulnerability in the ADSP Loader ...) NOT-FOR-US: NVIDIA ADSP Firmware CVE-2017-6272 (NVIDIA GPU Display Driver contains a vulnerability in the kernel mode ...) @@ -31290,8 +31295,8 @@ NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/4544 CVE-2017-6265 RESERVED -CVE-2017-6264 - RESERVED +CVE-2017-6264 (An elevation of privilege vulnerability exists in the NVIDIA GPU ...) + TODO: check CVE-2017-6263 RESERVED CVE-2017-6262 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57614 - data/CVE
Author: sectracker Date: 2017-11-14 09:10:13 + (Tue, 14 Nov 2017) New Revision: 57614 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-14 08:26:59 UTC (rev 57613) +++ data/CVE/list 2017-11-14 09:10:13 UTC (rev 57614) @@ -1,3 +1,23 @@ +CVE-2017-16814 + RESERVED +CVE-2017-16813 + RESERVED +CVE-2017-16812 + RESERVED +CVE-2017-16811 + RESERVED +CVE-2017-16810 (Cross-site scripting (XSS) vulnerability in the All Variables tab in ...) + TODO: check +CVE-2017-16809 + RESERVED +CVE-2017-16808 (tcpdump 4.9.2 has a heap-based buffer over-read related to aoe_print in ...) + TODO: check +CVE-2017-16807 (A cross-site Scripting (XSS) vulnerability in Kirby Panel before 2.3.3, ...) + TODO: check +CVE-2017-16806 (The Process function in RemoteTaskServer/WebServer/HttpServer.cs in ...) + TODO: check +CVE-2017-16805 (In radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to cause a ...) + TODO: check CVE-2017-16803 (In Libav through 11.11 and 12.x through 12.1, the smacker_decode_tree ...) - libav - ffmpeg @@ -588,6 +608,7 @@ NOTE: https://bugzilla.samba.org/show_bug.cgi?id=13112 NOTE: https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1 CVE-2017-16547 (The DrawImage function in magick/render.c in GraphicsMagick 1.3.26 does ...) + {DLA-1170-1} - graphicsmagick 1.3.26-18 NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/785758bbbfcc NOTE: https://sourceforge.net/p/graphicsmagick/bugs/517/ @@ -2429,6 +2450,7 @@ RESERVED CVE-2017-15923 [Crash in parsing IRC color formatting codes] RESERVED + {DSA-4033-1} - konversation 1.7.3-1 (bug #881586) NOTE: https://cgit.kde.org/konversation.git/commit/?h=1.7=6a7f59ee1b9dbc6e5cf9e5f3b306504d02b73ef0 CVE-2017-15922 (In GNU Libextractor 1.4, there is an out-of-bounds read in the ...) @@ -3283,10 +3305,10 @@ RESERVED CVE-2017-15527 RESERVED -CVE-2017-15526 - RESERVED -CVE-2017-15525 - RESERVED +CVE-2017-15526 (Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be ...) + TODO: check +CVE-2017-15525 (Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be ...) + TODO: check CVE-2017-15524 RESERVED CVE-2017-15523 @@ -9863,7 +9885,7 @@ CVE-2017-13135 RESERVED CVE-2017-13134 (In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based buffer ...) - {DSA-4032-1 DLA-1081-1} + {DSA-4032-1 DLA-1170-1 DLA-1081-1} - imagemagick (bug #873099) - graphicsmagick 1.3.26-19 (bug #881524) NOTE: https://github.com/ImageMagick/ImageMagick/issues/670 @@ -44315,8 +44337,8 @@ RESERVED CVE-2017-1711 RESERVED -CVE-2017-1710 - RESERVED +CVE-2017-1710 (A vulnerability in the Service Assistant GUI in IBM Storwize V7000 ...) + TODO: check CVE-2017-1709 RESERVED CVE-2017-1708 @@ -44781,8 +44803,8 @@ RESERVED CVE-2017-1478 RESERVED -CVE-2017-1477 - RESERVED +CVE-2017-1477 (IBM Security Access Manager Appliance 9.0.3 is vulnerable to a XML ...) + TODO: check CVE-2017-1476 RESERVED CVE-2017-1475 @@ -44829,8 +44851,8 @@ RESERVED CVE-2017-1454 RESERVED -CVE-2017-1453 - RESERVED +CVE-2017-1453 (IBM Security Access Manager Appliance 9.0.3 could allow a remote ...) + TODO: check CVE-2017-1452 (IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 ...) NOT-FOR-US: IBM CVE-2017-1451 (IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 ...) @@ -45277,8 +45299,8 @@ RESERVED CVE-2017-1230 (IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) uses ...) NOT-FOR-US: IBM Tivoli Endpoint Manager -CVE-2017-1229 - RESERVED +CVE-2017-1229 (IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) could allow a ...) + TODO: check CVE-2017-1228 (IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) could ...) NOT-FOR-US: IBM Tivoli Endpoint Manager CVE-2017-1227 (IBM Tivoli Endpoint Manager could allow a unauthorized user to consume ...) @@ -45293,8 +45315,8 @@ NOT-FOR-US: IBM CVE-2017-1222 (IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) does not ...) NOT-FOR-US: IBM Tivoli Endpoint Manager -CVE-2017-1221 - RESERVED +CVE-2017-1221 (IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) does not require ...) + TODO: check CVE-2017-1220 (IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) ...) NOT-FOR-US: IBM Tivoli Endpoint Manager CVE-2017-1219 (IBM Tivoli Endpoint Manager is vulnerable to a XML External Entity ...) @@ -51369,8 +51391,7 @@ RESERVED - glance (unimportant) NOTE:
[Secure-testing-commits] Processing r57610 failed
The error message was: data/DLA/list:3: invalid non-printable character '\x1b' Makefile:21: recipe for target 'all' failed make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57605 - data/CVE
Author: sectracker Date: 2017-11-13 21:10:16 + (Mon, 13 Nov 2017) New Revision: 57605 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-13 19:27:59 UTC (rev 57604) +++ data/CVE/list 2017-11-13 21:10:16 UTC (rev 57605) @@ -1,11 +1,15 @@ -CVE-2017-16804 [Email reminders reveal information about inaccessible issues] +CVE-2017-16803 (In Libav through 11.11 and 12.x through 12.1, the smacker_decode_tree ...) + TODO: check +CVE-2017-16802 (In the sharingGroupPopulateOrganisations function in ...) + TODO: check +CVE-2017-16804 (In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function ...) - redmine [wheezy] - redmine (Not supported wheezy LTS) NOTE: https://www.redmine.org/issues/25713 (private) NOTE: upstream fixed in 3.2.7, 3.3.4 and 3.4.0 NOTE: https://github.com/redmine/redmine/commit/0f09f161f64f4190a52166675ff380a15b72a8bc -CVE-2017-16801 - RESERVED +CVE-2017-16801 (Cross-site scripting (XSS) vulnerability in Octopus Deploy ...) + TODO: check CVE-2017-16800 RESERVED CVE-2017-16799 (In CMS Made Simple 2.2.3.1, in modules/New/action.addcategory.php, ...) @@ -26,8 +30,8 @@ CVE-2017-16793 (The wav_convert2mono function in lib/wav.c in SWFTools 0.9.2 does not ...) - swftools NOTE: https://github.com/matthiaskramm/swftools/issues/47 -CVE-2017-16792 - RESERVED +CVE-2017-16792 (Stored cross-site scripting (XSS) vulnerability in geminabox (Gem in ...) + TODO: check CVE-2017-16791 RESERVED CVE-2017-16790 @@ -5699,8 +5703,8 @@ NOT-FOR-US: EPESI CVE-2017-14712 (In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Phonecall ...) NOT-FOR-US: EPESI -CVE-2017-14711 - RESERVED +CVE-2017-14711 (The Kickbase GmbH Kickbase Bundesliga Manager app before 2.2.1 -- aka ...) + TODO: check CVE-2017-14710 RESERVED CVE-2017-14709 @@ -6639,8 +6643,8 @@ RESERVED CVE-2017-14389 RESERVED -CVE-2017-14388 - RESERVED +CVE-2017-14388 (Cloud Foundry Foundation GrootFS release 0.3.x versions prior to 0.30.0 ...) + TODO: check CVE-2017-14387 RESERVED CVE-2017-14386 @@ -7757,16 +7761,16 @@ RESERVED CVE-2017-14025 (An Improper Input Validation issue was discovered in ABB FOX515T ...) NOT-FOR-US: ABB FOX515T -CVE-2017-14024 - RESERVED +CVE-2017-14024 (A Stack-based Buffer Overflow issue was discovered in Schneider ...) + TODO: check CVE-2017-14023 (An Improper Input Validation issue was discovered in Siemens SIMATIC ...) NOT-FOR-US: Siemens CVE-2017-14022 RESERVED CVE-2017-14021 (A Use of Hard-coded Cryptographic Key issue was discovered in Korenix ...) NOT-FOR-US: Korenix -CVE-2017-14020 - RESERVED +CVE-2017-14020 (An Uncontrolled Search Path Element issue was discovered in ...) + TODO: check CVE-2017-14019 (An Unquoted Search Path or Element issue was discovered in Progea ...) NOT-FOR-US: Progea Movicon CVE-2017-14018 @@ -15962,8 +15966,8 @@ {DSA-3914-1 DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-12 (low; bug #868184) NOTE: https://github.com/ImageMagick/ImageMagick/issues/472 -CVE-2017-11169 - RESERVED +CVE-2017-11169 (Privilege Escalation on iBall iB-WRA300N3GT iB-WRA300N3GT_1.1.1 devices ...) + TODO: check CVE-2017-11168 RESERVED CVE-2017-11167 (FineCMS 2.1.0 allows remote attackers to execute arbitrary PHP code by ...) @@ -16966,8 +16970,8 @@ RESERVED CVE-2017-10886 RESERVED -CVE-2017-10885 - RESERVED +CVE-2017-10885 (Untrusted search path vulnerability in HYPER SBI Ver. 2.2 and earlier ...) + TODO: check CVE-2017-10884 RESERVED CVE-2017-10883 @@ -16986,16 +16990,16 @@ RESERVED CVE-2017-10876 RESERVED -CVE-2017-10875 - RESERVED +CVE-2017-10875 (I-O DATA DEVICE LAN DISK Connect Ver2.02 and earlier allows an ...) + TODO: check CVE-2017-10874 RESERVED CVE-2017-10873 (OpenAM (Open Source Edition) allows an attacker to bypass ...) NOT-FOR-US: OpenAM CVE-2017-10872 RESERVED -CVE-2017-10871 - RESERVED +CVE-2017-10871 (Buffer overflow in NTT DOCOMO Wi-Fi STATION L-02F Software version ...) + TODO: check CVE-2017-10870 (Memory corruption vulnerability in Rakuraku Hagaki (Rakuraku Hagaki ...) NOT-FOR-US: Rakuraku Hagaki CVE-2017-10869 @@ -21337,8 +21341,8 @@ RESERVED CVE-2017-9315 RESERVED -CVE-2017-9314 - RESERVED +CVE-2017-9314 (Authentication vulnerability found in Dahua NVR models NVR50XX, ...) + TODO: check CVE-2017-9313 (Multiple Cross-site scripting (XSS) vulnerabilities in Webmin before ...) - webmin CVE-2017-9312 @@ -23068,8 +23072,7 @@ RESERVED CVE-2017-8807 RESERVED -CVE-2017-8806 -
[Secure-testing-commits] r57595 - data/CVE
Author: sectracker Date: 2017-11-13 09:10:14 + (Mon, 13 Nov 2017) New Revision: 57595 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-13 08:36:06 UTC (rev 57594) +++ data/CVE/list 2017-11-13 09:10:14 UTC (rev 57595) @@ -1,3 +1,5 @@ +CVE-2017-16801 + RESERVED CVE-2017-16800 RESERVED CVE-2017-16799 (In CMS Made Simple 2.2.3.1, in modules/New/action.addcategory.php, ...) @@ -8089,187 +8091,174 @@ RESERVED CVE-2017-13853 RESERVED -CVE-2017-13852 - RESERVED +CVE-2017-13852 (An issue was discovered in certain Apple products. iOS before 11.1 is ...) + TODO: check CVE-2017-13851 RESERVED CVE-2017-13850 RESERVED -CVE-2017-13849 - RESERVED +CVE-2017-13849 (An issue was discovered in certain Apple products. iOS before 11.1 is ...) + TODO: check CVE-2017-13848 RESERVED CVE-2017-13847 RESERVED -CVE-2017-13846 - RESERVED +CVE-2017-13846 (An issue was discovered in certain Apple products. macOS before ...) + TODO: check CVE-2017-13845 RESERVED -CVE-2017-13844 - RESERVED -CVE-2017-13843 - RESERVED -CVE-2017-13842 - RESERVED -CVE-2017-13841 - RESERVED -CVE-2017-13840 - RESERVED +CVE-2017-13844 (An issue was discovered in certain Apple products. iOS before 11.1 is ...) + TODO: check +CVE-2017-13843 (An issue was discovered in certain Apple products. macOS before ...) + TODO: check +CVE-2017-13842 (An issue was discovered in certain Apple products. macOS before ...) + TODO: check +CVE-2017-13841 (An issue was discovered in certain Apple products. macOS before ...) + TODO: check +CVE-2017-13840 (An issue was discovered in certain Apple products. macOS before ...) + TODO: check CVE-2017-13839 RESERVED -CVE-2017-13838 - RESERVED +CVE-2017-13838 (An issue was discovered in certain Apple products. macOS before ...) + TODO: check CVE-2017-13837 RESERVED -CVE-2017-13836 - RESERVED +CVE-2017-13836 (An issue was discovered in certain Apple products. macOS before ...) + TODO: check CVE-2017-13835 RESERVED -CVE-2017-13834 - RESERVED -CVE-2017-13833 - RESERVED -CVE-2017-13832 - RESERVED -CVE-2017-13831 - RESERVED -CVE-2017-13830 - RESERVED -CVE-2017-13829 - RESERVED -CVE-2017-13828 - RESERVED +CVE-2017-13834 (An issue was discovered in certain Apple products. macOS before ...) + TODO: check +CVE-2017-13833 (An issue was discovered in certain Apple products. macOS before ...) + TODO: check +CVE-2017-13832 (An issue was discovered in certain Apple products. macOS before ...) + TODO: check +CVE-2017-13831 (An issue was discovered in certain Apple products. macOS before ...) + TODO: check +CVE-2017-13830 (An issue was discovered in certain Apple products. macOS before ...) + TODO: check +CVE-2017-13829 (An issue was discovered in certain Apple products. macOS before ...) + TODO: check +CVE-2017-13828 (An issue was discovered in certain Apple products. macOS before ...) + TODO: check CVE-2017-13827 RESERVED -CVE-2017-13826 - RESERVED -CVE-2017-13825 - RESERVED -CVE-2017-13824 - RESERVED -CVE-2017-13823 - RESERVED -CVE-2017-13822 - RESERVED -CVE-2017-13821 - RESERVED -CVE-2017-13820 - RESERVED -CVE-2017-13819 - RESERVED -CVE-2017-13818 - RESERVED -CVE-2017-13817 - RESERVED -CVE-2017-13816 - RESERVED -CVE-2017-13815 - RESERVED -CVE-2017-13814 - RESERVED -CVE-2017-13813 - RESERVED -CVE-2017-13812 - RESERVED -CVE-2017-13811 - RESERVED -CVE-2017-13810 - RESERVED -CVE-2017-13809 - RESERVED -CVE-2017-13808 - RESERVED -CVE-2017-13807 - RESERVED +CVE-2017-13826 (An issue was discovered in certain Apple products. macOS before ...) + TODO: check +CVE-2017-13825 (An issue was discovered in certain Apple products. macOS before ...) + TODO: check +CVE-2017-13824 (An issue was discovered in certain Apple products. macOS before ...) + TODO: check +CVE-2017-13823 (An issue was discovered in certain Apple products. macOS before ...) + TODO: check +CVE-2017-13822 (An issue was discovered in certain Apple products. macOS before ...) + TODO: check +CVE-2017-13821 (An issue was discovered in certain Apple products. macOS before ...) + TODO: check +CVE-2017-13820 (An issue was discovered in certain Apple products. macOS before ...) + TODO: check +CVE-2017-13819 (An issue was discovered in certain Apple products. macOS before ...) + TODO: check +CVE-2017-13818 (An issue was discovered in certain Apple products. macOS before ...) + TODO: check +CVE-2017-13817 (An out-of-bounds read issue was discovered in certain Apple
[Secure-testing-commits] r57585 - data/CVE
Author: sectracker Date: 2017-11-12 21:10:13 + (Sun, 12 Nov 2017) New Revision: 57585 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-12 20:47:07 UTC (rev 57584) +++ data/CVE/list 2017-11-12 21:10:13 UTC (rev 57585) @@ -1,3 +1,15 @@ +CVE-2017-16800 + RESERVED +CVE-2017-16799 (In CMS Made Simple 2.2.3.1, in modules/New/action.addcategory.php, ...) + TODO: check +CVE-2017-16798 (In CMS Made Simple 2.2.3.1, the is_file_acceptable function in ...) + TODO: check +CVE-2017-16797 (In SWFTools 0.9.2, the png_load function in lib/png.c does not properly ...) + TODO: check +CVE-2017-16796 (In SWFTools 0.9.2, the png_load function in lib/png.c does not check ...) + TODO: check +CVE-2017-16795 + RESERVED CVE-2017-16794 (The png_load function in lib/png.c in SWFTools 0.9.2 does not properly ...) - swftools NOTE: https://github.com/matthiaskramm/swftools/issues/50 @@ -3947,7 +3959,7 @@ CVE-2017-15278 (Cross-Site Scripting (XSS) was discovered in TeamPass before 2.1.27.9. ...) NOT-FOR-US: TeamPass CVE-2017-15277 (ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick ...) - {DLA-1140-1 DLA-1139-1} + {DSA-4032-1 DLA-1140-1 DLA-1139-1} - imagemagick (bug #878578) - graphicsmagick 1.3.26-14 NOTE: https://github.com/ImageMagick/ImageMagick/commit/9fd10cf630832b36a588c1545d8736539b2f1fb5 @@ -4869,7 +4881,7 @@ NOTE: https://core.trac.wordpress.org/ticket/38474 NOTE: Wordpress in Wheezy requires a database upgrade and backports of new functions CVE-2017-14989 (A use-after-free in RenderFreetype in MagickCore/annotate.c in ...) - {DLA-1131-1} + {DSA-4032-1 DLA-1131-1} - imagemagick (bug #878562) NOTE: https://github.com/ImageMagick/ImageMagick/issues/781 NOTE: https://github.com/ImageMagick/ImageMagick/commit/97740ccc177ee264e79091fa573d994eb6b05628 @@ -5752,7 +5764,7 @@ CVE-2017-14683 (geminabox (aka Gem in a Box) before 0.13.7 has CSRF, as demonstrated by ...) NOT-FOR-US: geminabox CVE-2017-14682 (GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote ...) - {DLA-1131-1} + {DSA-4032-1 DLA-1131-1} - imagemagick (bug #876488) NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3=32726 NOTE: https://github.com/ImageMagick/ImageMagick/commit/3bee958ee63eb6ec62834d0c7b28b4b6835e6a00 @@ -5987,7 +5999,7 @@ NOTE: https://github.com/LibRaw/LibRaw/commit/d13e8f6d1e987b7491182040a188c16a395f1d21 NOTE: https://github.com/LibRaw/LibRaw/issues/101 CVE-2017-14607 (In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ...) - {DLA-1131-1} + {DSA-4032-1 DLA-1131-1} - imagemagick (low; bug #878527) NOTE: IM6 patch: https://github.com/ImageMagick/ImageMagick/commit/cd665c3d05b46d1579c738a72214175ff50aec74 NOTE: https://github.com/ImageMagick/ImageMagick/issues/765 @@ -7082,7 +7094,7 @@ - libav NOTE: https://github.com/FFmpeg/FFmpeg/commit/837cb4325b712ff1aab531bf41668933f61d75d2 CVE-2017-14224 (A heap-based buffer overflow in WritePCXImage in coders/pcx.c in ...) - {DLA-1131-1} + {DSA-4032-1 DLA-1131-1} - imagemagick (bug #876097) NOTE: https://github.com/ImageMagick/ImageMagick/issues/733 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/7f2d6fe34d695d3445e2d50937db5541a1b76bde @@ -8296,7 +8308,7 @@ CVE-2017-13770 RESERVED CVE-2017-13769 (The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick ...) - {DLA-1131-1} + {DSA-4032-1 DLA-1131-1} - imagemagick (low; bug #878507) NOTE: https://github.com/ImageMagick/ImageMagick/issues/705 NOTE: https://github.com/ImageMagick/ImageMagick/commit/45d342155b5e9b83904c695411d20f33cf9b524c @@ -8346,7 +8358,7 @@ CVE-2017-13759 RESERVED CVE-2017-13758 (In ImageMagick 7.0.6-10, there is a heap-based buffer overflow in the ...) - {DLA-1131-1} + {DSA-4032-1 DLA-1131-1} - imagemagick (bug #878508) NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3=32583 NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/ef6cee1bcf144b7c9285787920361a53296e7907 @@ -9840,7 +9852,7 @@ CVE-2017-13135 RESERVED CVE-2017-13134 (In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based buffer ...) - {DLA-1081-1} + {DSA-4032-1 DLA-1081-1} - imagemagick (bug #873099) - graphicsmagick 1.3.26-19 (bug #881524) NOTE: https://github.com/ImageMagick/ImageMagick/issues/670 @@ -10278,7 +10290,7 @@ CVE-2017-12984 (PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.php, ...) NOT-FOR-US: PHPMyWind
[Secure-testing-commits] r57571 - data/CVE
Author: sectracker Date: 2017-11-12 09:10:15 + (Sun, 12 Nov 2017) New Revision: 57571 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-12 08:18:43 UTC (rev 57570) +++ data/CVE/list 2017-11-12 09:10:15 UTC (rev 57571) @@ -1,3 +1,11 @@ +CVE-2017-16794 (The png_load function in lib/png.c in SWFTools 0.9.2 does not properly ...) + TODO: check +CVE-2017-16793 (The wav_convert2mono function in lib/wav.c in SWFTools 0.9.2 does not ...) + TODO: check +CVE-2017-16792 + RESERVED +CVE-2017-16791 + RESERVED CVE-2017-16790 RESERVED CVE-2017-16789 @@ -9816,7 +9824,7 @@ RESERVED CVE-2017-13135 RESERVED -CVE-2017-13134 (In ImageMagick 7.0.6-6, a heap-based buffer over-read was found in the ...) +CVE-2017-13134 (In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based buffer ...) {DLA-1081-1} - imagemagick (bug #873099) - graphicsmagick ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57563 - data/CVE
Author: sectracker Date: 2017-11-11 21:10:14 + (Sat, 11 Nov 2017) New Revision: 57563 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-11 20:32:20 UTC (rev 57562) +++ data/CVE/list 2017-11-11 21:10:14 UTC (rev 57563) @@ -7682,7 +7682,7 @@ CVE-2017-14034 RESERVED CVE-2017-14033 (The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, ...) - {DLA-1114-1} + {DSA-4031-1 DLA-1114-1} - ruby2.3 (bug #875928) - ruby2.1 - ruby1.9.1 @@ -17180,7 +17180,7 @@ CVE-2017-10785 RESERVED CVE-2017-10784 (The Basic authentication code in WEBrick library in Ruby before 2.2.8, ...) - {DLA-1114-1 DLA-1113-1} + {DSA-4031-1 DLA-1114-1 DLA-1113-1} - ruby2.3 (bug #875931) - ruby2.1 - ruby1.9.1 @@ -23030,7 +23030,7 @@ RESERVED CVE-2017-8806 RESERVED - {DSA-4029-1} + {DSA-4029-1 DLA-1169-1} - postgresql-common 188 CVE-2017-8805 (Debian ftpsync before 20171017 does not use the rsync --safe-links ...) - archvsync 20171017 @@ -45883,6 +45883,7 @@ CVE-2017-0904 RESERVED CVE-2017-0903 (RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a ...) + {DSA-4031-1} - ruby2.3 (bug #879231) - ruby2.1 - ruby1.9.1 @@ -45936,7 +45937,7 @@ NOTE: For Ruby 2.2.7: https://bugs.ruby-lang.org/attachments/download/6690/rubygems-2613-ruby22.patch NOTE: Not considered a vulnerability per se, if this affects a terminal emulator it's a bug there CVE-2017-0898 (Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious ...) - {DLA-1114-1 DLA-1113-1} + {DSA-4031-1 DLA-1114-1 DLA-1113-1} - ruby2.3 (bug #875936) - ruby2.1 - ruby1.9.1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57546 - data/CVE
Author: sectracker Date: 2017-11-11 09:10:16 + (Sat, 11 Nov 2017) New Revision: 57546 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-11 09:08:20 UTC (rev 57545) +++ data/CVE/list 2017-11-11 09:10:16 UTC (rev 57546) @@ -1,4 +1,24 @@ -CVE-2017-16785 [reflected XSS via the PATH_INFO to host.php] +CVE-2017-16790 + RESERVED +CVE-2017-16789 + RESERVED +CVE-2017-16788 + RESERVED +CVE-2017-16787 + RESERVED +CVE-2017-16786 + RESERVED +CVE-2017-16784 (In CMS Made Simple 2.2.2, there is Reflected XSS via the ...) + TODO: check +CVE-2017-16783 (In CMS Made Simple 2.1.6, there is Server-Side Template Injection via ...) + TODO: check +CVE-2017-16782 (In Home Assistant before 0.57, it is possible to inject JavaScript code ...) + TODO: check +CVE-2017-16781 (The installer in MyBB before 1.8.13 has XSS. ...) + TODO: check +CVE-2017-16780 (The installer in MyBB before 1.8.13 allows remote attackers to execute ...) + TODO: check +CVE-2017-16785 (Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php. ...) - cacti NOTE: https://github.com/Cacti/cacti/issues/1071 CVE-2017-16779 @@ -594,8 +614,8 @@ NOT-FOR-US: MitraStar CVE-2017-16521 (In Inedo BuildMaster before 5.8.2, XslTransform was used where ...) NOT-FOR-US: Inedo BuildMaster -CVE-2017-16520 - RESERVED +CVE-2017-16520 (Inedo BuildMaster before 5.8.2 does not properly restrict creation of ...) + TODO: check CVE-2017-16519 RESERVED CVE-2017-16518 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57535 - data/CVE
Author: sectracker Date: 2017-11-10 21:10:14 + (Fri, 10 Nov 2017) New Revision: 57535 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-10 20:59:55 UTC (rev 57534) +++ data/CVE/list 2017-11-10 21:10:14 UTC (rev 57535) @@ -1,13 +1,43 @@ -CVE-2017-16764 +CVE-2017-16779 RESERVED -CVE-2017-16763 +CVE-2017-16778 RESERVED -CVE-2017-16762 +CVE-2017-16777 RESERVED -CVE-2017-16761 +CVE-2017-16776 RESERVED -CVE-2017-16760 +CVE-2017-16775 RESERVED +CVE-2017-16774 + RESERVED +CVE-2017-16773 + RESERVED +CVE-2017-16772 + RESERVED +CVE-2017-16771 + RESERVED +CVE-2017-16770 + RESERVED +CVE-2017-16769 + RESERVED +CVE-2017-16768 + RESERVED +CVE-2017-16767 + RESERVED +CVE-2017-16766 + RESERVED +CVE-2017-16765 (XSS exists on D-Link DWR-933 1.00(WW)B17 devices via cgi-bin/gui.cgi. ...) + TODO: check +CVE-2017-16764 (An exploitable vulnerability exists in the YAML parsing functionality ...) + TODO: check +CVE-2017-16763 (An exploitable vulnerability exists in the YAML parsing functionality ...) + TODO: check +CVE-2017-16762 (Sanic before 0.5.1 allows reading arbitrary files with directory ...) + TODO: check +CVE-2017-16761 (An Open Redirect vulnerability in Inedo BuildMaster before 5.8.2 allows ...) + TODO: check +CVE-2017-16760 (Inedo BuildMaster before 5.8.2 has XSS. ...) + TODO: check CVE-2017-16759 (The installation process in LibreNMS before 2017-08-18 allows remote ...) NOT-FOR-US: LibreNMS CVE-2017-16758 (Cross-site scripting (XSS) vulnerability in ...) @@ -195,6 +225,7 @@ CVE-2017-16670 RESERVED CVE-2017-16669 (coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause ...) + {DLA-1168-1} - graphicsmagick NOTE: https://sourceforge.net/p/graphicsmagick/bugs/450/ NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/135bdcb88b8d @@ -557,8 +588,8 @@ NOT-FOR-US: MitraStar CVE-2017-16522 (MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ...) NOT-FOR-US: MitraStar -CVE-2017-16521 - RESERVED +CVE-2017-16521 (In Inedo BuildMaster before 5.8.2, XslTransform was used where ...) + TODO: check CVE-2017-16520 RESERVED CVE-2017-16519 @@ -3137,7 +3168,7 @@ CVE-2017-15539 (SQL Injection exists in zorovavi/blog through 2017-10-17 via the id ...) NOT-FOR-US: zorovavi/blog CVE-2017-15587 (An integer overflow was discovered in pdf_read_new_xref_section in ...) - {DSA-4006-1 DLA-1164-1} + {DSA-4006-2 DSA-4006-1 DLA-1164-1} - mupdf 1.11+ds1-2 (bug #879055) NOTE: http://git.ghostscript.com/?p=mupdf.git;h=82df2631d7d0446b206ea6b434ea609b6c28b0e8 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698605 (not public) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57525 - data/CVE
Author: sectracker Date: 2017-11-10 09:10:26 + (Fri, 10 Nov 2017) New Revision: 57525 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-10 08:53:38 UTC (rev 57524) +++ data/CVE/list 2017-11-10 09:10:26 UTC (rev 57525) @@ -1,3 +1,19 @@ +CVE-2017-16764 + RESERVED +CVE-2017-16763 + RESERVED +CVE-2017-16762 + RESERVED +CVE-2017-16761 + RESERVED +CVE-2017-16760 + RESERVED +CVE-2017-16759 (The installation process in LibreNMS before 2017-08-18 allows remote ...) + TODO: check +CVE-2017-16758 (Cross-site scripting (XSS) vulnerability in ...) + TODO: check +CVE-2017-16757 (Hola VPN 1.34 has weak permissions (Everyone:F) under %PROGRAMFILES%, ...) + TODO: check CVE-2017-16756 RESERVED CVE-2017-16755 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57513 - data/CVE
Author: sectracker Date: 2017-11-09 21:10:15 + (Thu, 09 Nov 2017) New Revision: 57513 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-09 20:53:15 UTC (rev 57512) +++ data/CVE/list 2017-11-09 21:10:15 UTC (rev 57513) @@ -1,3 +1,161 @@ +CVE-2017-16756 + RESERVED +CVE-2017-16755 + RESERVED +CVE-2017-16754 (Bolt before 3.3.6 does not properly restrict access to _profiler ...) + TODO: check +CVE-2017-16753 + RESERVED +CVE-2017-16752 + RESERVED +CVE-2017-16751 + RESERVED +CVE-2017-16750 + RESERVED +CVE-2017-16749 + RESERVED +CVE-2017-16748 + RESERVED +CVE-2017-16747 + RESERVED +CVE-2017-16746 + RESERVED +CVE-2017-16745 + RESERVED +CVE-2017-16744 + RESERVED +CVE-2017-16743 + RESERVED +CVE-2017-16742 + RESERVED +CVE-2017-16741 + RESERVED +CVE-2017-16740 + RESERVED +CVE-2017-16739 + RESERVED +CVE-2017-16738 + RESERVED +CVE-2017-16737 + RESERVED +CVE-2017-16736 + RESERVED +CVE-2017-16735 + RESERVED +CVE-2017-16734 + RESERVED +CVE-2017-16733 + RESERVED +CVE-2017-16732 + RESERVED +CVE-2017-16731 + RESERVED +CVE-2017-16730 + RESERVED +CVE-2017-16729 + RESERVED +CVE-2017-16728 + RESERVED +CVE-2017-16727 + RESERVED +CVE-2017-16726 + RESERVED +CVE-2017-16725 + RESERVED +CVE-2017-16724 + RESERVED +CVE-2017-16723 + RESERVED +CVE-2017-16722 + RESERVED +CVE-2017-16721 + RESERVED +CVE-2017-16720 + RESERVED +CVE-2017-16719 + RESERVED +CVE-2017-16718 + RESERVED +CVE-2017-16717 + RESERVED +CVE-2017-16716 + RESERVED +CVE-2017-16715 + RESERVED +CVE-2017-16714 + RESERVED +CVE-2017-16713 + RESERVED +CVE-2017-16712 + RESERVED +CVE-2017-16711 (The swf_DefineLosslessBitsTagToImage function in lib/modules/swfbits.c ...) + TODO: check +CVE-2017-16710 + RESERVED +CVE-2017-16709 + RESERVED +CVE-2017-16708 + RESERVED +CVE-2017-16707 + RESERVED +CVE-2017-16706 + RESERVED +CVE-2017-16705 + RESERVED +CVE-2017-16704 + RESERVED +CVE-2017-16703 + RESERVED +CVE-2017-16702 + RESERVED +CVE-2017-16701 + RESERVED +CVE-2017-16700 + RESERVED +CVE-2017-16699 + RESERVED +CVE-2017-16698 + RESERVED +CVE-2017-16697 + RESERVED +CVE-2017-16696 + RESERVED +CVE-2017-16695 + RESERVED +CVE-2017-16694 + RESERVED +CVE-2017-16693 + RESERVED +CVE-2017-16692 + RESERVED +CVE-2017-16691 + RESERVED +CVE-2017-16690 + RESERVED +CVE-2017-16689 + RESERVED +CVE-2017-16688 + RESERVED +CVE-2017-16687 + RESERVED +CVE-2017-16686 + RESERVED +CVE-2017-16685 + RESERVED +CVE-2017-16684 + RESERVED +CVE-2017-16683 + RESERVED +CVE-2017-16682 + RESERVED +CVE-2017-16681 + RESERVED +CVE-2017-16680 + RESERVED +CVE-2017-16679 + RESERVED +CVE-2017-16678 + RESERVED CVE-2017-16677 RESERVED CVE-2017-16676 @@ -65,8 +223,8 @@ RESERVED CVE-2017-16652 RESERVED -CVE-2017-16651 [file disclosure vulnerabliity] - RESERVED +CVE-2017-16651 (Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before ...) + {DSA-4030-1} - roundcube 1.3.3+dfsg.1-1 NOTE: master: https://github.com/roundcube/roundcubemail/commit/2a32f51c91d5e9c7b1a9d931846dd44c008ff36d NOTE: release-1.3: https://github.com/roundcube/roundcubemail/commit/c90ad5a97784fb32683b8e3c21d6c95baab6d806 @@ -124,10 +282,10 @@ NOT-FOR-US: Bludit CVE-2017-16635 (In TinyWebGallery v2.4, an XSS vulnerability is located in the ...) NOT-FOR-US: TinyWebGallery -CVE-2017-16634 - RESERVED -CVE-2017-16633 - RESERVED +CVE-2017-16634 (In Joomla! before 3.8.2, a bug allowed third parties to bypass a ...) + TODO: check +CVE-2017-16633 (In Joomla! before 3.8.2, a logic bug in com_fields exposed read-only ...) + TODO: check CVE-2017-16632 RESERVED CVE-2017-16631 @@ -256,10 +414,10 @@ NOT-FOR-US: KeystoneJS CVE-2017-16569 (An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018 via an ...) NOT-FOR-US: Zurmo -CVE-2017-16568 - RESERVED -CVE-2017-16567 - RESERVED +CVE-2017-16568 (Cross-site scripting (XSS) vulnerability in Logitech Media Server ...) + TODO: check +CVE-2017-16567 (Cross-site scripting (XSS) vulnerability in Logitech Media Server ...) + TODO: check CVE-2017-16566 RESERVED CVE-2017-16565 (Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage ...) @@ -268,8 +426,8 @@ NOT-FOR-US: Vonage CVE-2017-16563 (Cross-Site Request Forgery (CSRF) in the Basic Settings screen on ...) NOT-FOR-US: Vonage -CVE-2017-16562 - RESERVED +CVE-2017-16562 (The
[Secure-testing-commits] r57484 - data/CVE
Author: sectracker Date: 2017-11-09 09:10:13 + (Thu, 09 Nov 2017) New Revision: 57484 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-09 07:26:10 UTC (rev 57483) +++ data/CVE/list 2017-11-09 09:10:13 UTC (rev 57484) @@ -1,3 +1,21 @@ +CVE-2017-16677 + RESERVED +CVE-2017-16676 + RESERVED +CVE-2017-16675 + RESERVED +CVE-2017-16674 (Datto Windows Agent allows unauthenticated remote command execution via ...) + TODO: check +CVE-2017-16673 (Datto Backup Agent 1.0.6.0 and earlier does not authenticate incoming ...) + TODO: check +CVE-2017-16672 (An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 ...) + TODO: check +CVE-2017-16671 (A Buffer Overflow issue was discovered in Asterisk Open Source 13 ...) + TODO: check +CVE-2017-16670 + RESERVED +CVE-2017-16669 (coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause ...) + TODO: check CVE-2017-16668 RESERVED CVE-2017-1 @@ -12622,7 +12640,7 @@ RESERVED CVE-2017-12197 RESERVED - {DLA-1165-1} + {DSA-4025-1 DLA-1165-1} - libpam4j 1.4-3 (bug #879001) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1503103 NOTE: https://github.com/kohsuke/libpam4j/issues/18 @@ -14609,10 +14627,10 @@ RESERVED CVE-2017-11513 RESERVED -CVE-2017-11512 - RESERVED -CVE-2017-11511 - RESERVED +CVE-2017-11512 (The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file ...) + TODO: check +CVE-2017-11511 (The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file ...) + TODO: check CVE-2017-11510 RESERVED CVE-2017-11509 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57466 - data/CVE
Author: sectracker Date: 2017-11-08 21:10:14 + (Wed, 08 Nov 2017) New Revision: 57466 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-08 20:49:18 UTC (rev 57465) +++ data/CVE/list 2017-11-08 21:10:14 UTC (rev 57466) @@ -1,4 +1,12 @@ -CVE-2017-16667 [shell injection in notify-send] +CVE-2017-16668 + RESERVED +CVE-2017-1 + RESERVED +CVE-2017-16665 (RemObjects Remoting SDK 9 1.0.0.0 for Delphi is vulnerable to a ...) + TODO: check +CVE-2017-16664 + RESERVED +CVE-2017-16667 (backintime (aka Back in Time) before 1.1.24 did improper ...) - backintime (bug #881205) NOTE: https://github.com/bit-team/backintime/issues/834 NOTE: https://github.com/bit-team/backintime/commit/cef81d0da93ff601252607df3db1a48f7f6f01b3 @@ -344,6 +352,7 @@ CVE-2017-16517 RESERVED CVE-2017-16516 (In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is ...) + {DLA-1167-1} - ruby-yajl 1.2.0-3.1 (low; bug #880691) [stretch] - ruby-yajl (Minor issue) [jessie] - ruby-yajl (Minor issue) @@ -2230,8 +2239,8 @@ NOT-FOR-US: user-login-history plugin for WordPress CVE-2017-15866 RESERVED -CVE-2017-15865 - RESERVED +CVE-2017-15865 (bgpd in FRRouting (FRR) before 2.0.2 and 3.x before 3.0.2, as used in ...) + TODO: check CVE-2017-15864 RESERVED CVE-2016-10517 (networking.c in Redis before 3.2.7 allows Cross Protocol Scripting ...) @@ -3272,6 +3281,7 @@ RESERVED CVE-2017-15399 RESERVED + {DSA-4024-1} - chromium-browser 62.0.3202.89-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) @@ -3279,6 +3289,7 @@ NOTE: libv8 not covered by security support CVE-2017-15398 RESERVED + {DSA-4024-1} - chromium-browser 62.0.3202.89-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) @@ -4162,14 +4173,11 @@ NOTE: runs on client systems, and only with a certificate that is explicitly NOTE: configured locally, leading to a local kinit crash if passed a crafted NOTE: local certificate. This is hardly has any harmful security implication. -CVE-2017-15087 - RESERVED +CVE-2017-15087 (It was discovered that the fix for CVE-2017-12163 was not properly ...) - samba (Incomplete Red Hat backport for CVE-2017-12163) -CVE-2017-15086 - RESERVED +CVE-2017-15086 (It was discovered that the fix for CVE-2017-12151 was not properly ...) - samba (Incomplete Red Hat backport for CVE-2017-12151) -CVE-2017-15085 - RESERVED +CVE-2017-15085 (It was discovered that the fix for CVE-2017-12150 was not properly ...) - samba (Incomplete Red Hat backport for CVE-2017-12150) CVE-2017-15084 (The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout ...) NOT-FOR-US: Metasploit Framework @@ -6330,8 +6338,8 @@ RESERVED CVE-2017-14361 RESERVED -CVE-2017-14360 - RESERVED +CVE-2017-14360 (A potential security vulnerability has been identified in HPE Content ...) + TODO: check CVE-2017-14359 (A potential security vulnerability has been identified in HPE ...) NOT-FOR-US: HPE Performance Center CVE-2017-14358 (A URL redirection to untrusted site vulnerability in HP ArcSight ESM ...) @@ -10963,8 +10971,8 @@ RESERVED CVE-2017-12825 RESERVED -CVE-2017-12824 - RESERVED +CVE-2017-12824 (Special crafted InPage document leads to arbitrary code execution in ...) + TODO: check CVE-2017-12823 RESERVED CVE-2017-12822 (Remote enabling and disabling admin interface in Gemalto's HASP SRM, ...) @@ -20895,7 +20903,7 @@ [wheezy] - chicken (Minor issue) NOTE: Original announcement: http://lists.nongnu.org/archive/html/chicken-announce/2017-05/msg0.html NOTE: Patch: http://lists.nongnu.org/archive/html/chicken-hackers/2017-05/msg00099.html -CVE-2017-9330 (QEMU (aka Quick Emulator), when built with the USB OHCI Emulation ...) +CVE-2017-9330 (QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI ...) {DSA-3920-1} - qemu 1:2.8+dfsg-7 (bug #863943) [jessie] - qemu (Minor issue) @@ -21844,8 +21852,8 @@ NOTE: https://scarybeastsecurity.blogspot.com/2017/05/bleed-continues-18-byte-file-14k-bounty.html CVE-2017-9097 (In Anti-Web through 3.8.7, as used on NetBiter FGW200 devices through ...) NOT-FOR-US: Anti-Web -CVE-2017-9096 - RESERVED +CVE-2017-9096 (The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not ...) + TODO: check CVE-2017-9095 (XXE in Diving Log 6.0 allows attackers to remotely view local files ...) NOT-FOR-US: Diving Log
[Secure-testing-commits] r57437 - data/CVE
Author: sectracker Date: 2017-11-08 09:10:21 + (Wed, 08 Nov 2017) New Revision: 57437 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-08 08:28:25 UTC (rev 57436) +++ data/CVE/list 2017-11-08 09:10:21 UTC (rev 57437) @@ -1,7 +1,47 @@ -CVE-2017-16661 [Local File Read] +CVE-2017-16663 (In sam2p 0.49.4, there are integer overflows (with resultant heap-based ...) + TODO: check +CVE-2017-16662 + RESERVED +CVE-2017-16659 (The Gentoo mail-filter/assp package 1.9.8.13030 and earlier allows ...) + TODO: check +CVE-2017-16658 + RESERVED +CVE-2017-16657 + RESERVED +CVE-2017-16656 + RESERVED +CVE-2017-16655 + RESERVED +CVE-2017-16654 + RESERVED +CVE-2017-16653 + RESERVED +CVE-2017-16652 + RESERVED +CVE-2017-16651 + RESERVED +CVE-2017-16650 (The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux ...) + TODO: check +CVE-2017-16649 (The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in ...) + TODO: check +CVE-2017-16648 (The dvb_frontend_free function in drivers/media/dvb-core/dvb_frontend.c ...) + TODO: check +CVE-2017-16647 (drivers/net/usb/asix_devices.c in the Linux kernel through 4.13.11 ...) + TODO: check +CVE-2017-16646 (drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel through ...) + TODO: check +CVE-2017-16645 (The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c ...) + TODO: check +CVE-2017-16644 (The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the ...) + TODO: check +CVE-2017-16643 (The parse_hid_report_descriptor function in drivers/input/tablet/gtco.c ...) + TODO: check +CVE-2017-16642 (In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an ...) + TODO: check +CVE-2017-16661 (Cacti 1.1.27 allows remote authenticated administrators to read ...) - cacti NOTE: https://github.com/Cacti/cacti/issues/1066 -CVE-2017-16660 [RCE] +CVE-2017-16660 (Cacti 1.1.27 allows remote authenticated administrators to conduct ...) - cacti NOTE: https://github.com/Cacti/cacti/issues/1066 CVE-2017-16641 (lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators ...) @@ -12,7 +52,7 @@ RESERVED CVE-2017-16639 RESERVED -CVE-2008-7319 [command injection via crafted arguments] +CVE-2008-7319 (The Net::Ping::External extension through 0.15 for Perl does not ...) - libnet-ping-external-perl (bug #881097) [stretch] - libnet-ping-external-perl (Remove in next point update) [jessie] - libnet-ping-external-perl (Remove in next point update) @@ -58,14 +98,14 @@ RESERVED CVE-2017-16619 RESERVED -CVE-2017-16618 - RESERVED +CVE-2017-16618 (An exploitable vulnerability exists in the YAML loading functionality ...) + TODO: check CVE-2017-16617 RESERVED -CVE-2017-16616 - RESERVED -CVE-2017-16615 - RESERVED +CVE-2017-16616 (An exploitable vulnerability exists in the YAML parsing functionality ...) + TODO: check +CVE-2017-16615 (An exploitable vulnerability exists in the YAML parsing functionality ...) + TODO: check CVE-2017-16614 RESERVED CVE-2017-16613 @@ -172,8 +212,8 @@ NOT-FOR-US: Vonage CVE-2017-16562 RESERVED -CVE-2017-16561 - RESERVED +CVE-2017-16561 (/view/friend_profile.php in Ingenious School Management System 2.3.0 is ...) + TODO: check CVE-2017-16560 RESERVED CVE-2017-16559 @@ -2803,6 +2843,7 @@ CVE-2017-15567 (The certificate import component in IDEMIA (formerly Morpho) ...) NOT-FOR-US: IDEMIA CVE-2017-15566 (Insecure SPANK environment variable handling exists in SchedMD Slurm ...) + {DSA-4023-1} - slurm-llnl 17.02.9-1 (bug #880530) [jessie] - slurm-llnl (Vulnerable code introduced later) [wheezy] - slurm-llnl (Vulnerable code introduced later) @@ -76693,8 +76734,8 @@ RESERVED CVE-2016-0873 RESERVED -CVE-2016-0872 - RESERVED +CVE-2016-0872 (A Plaintext Storage of a Password issue was discovered in Kabona AB ...) + TODO: check CVE-2016-0871 (Eaton Lighting EG2 Web Control 4.04P and earlier allows remote ...) NOT-FOR-US: Eaton Lighting EG2 Web Control CVE-2016-0870 (The web server in Trane Tracer SC 4.2.1134 and earlier allows remote ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57416 - data/CVE
Author: sectracker Date: 2017-11-07 21:10:12 + (Tue, 07 Nov 2017) New Revision: 57416 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-07 21:00:39 UTC (rev 57415) +++ data/CVE/list 2017-11-07 21:10:12 UTC (rev 57416) @@ -1,3 +1,9 @@ +CVE-2017-16641 (lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators ...) + TODO: check +CVE-2017-16640 + RESERVED +CVE-2017-16639 + RESERVED CVE-2008-7319 [command injection via crafted arguments] - libnet-ping-external-perl (bug #881097) [stretch] - libnet-ping-external-perl (Remove in next point update) @@ -2106,8 +2112,8 @@ RESERVED CVE-2017-15888 (Cross-site scripting (XSS) vulnerability in Custom Internet Radio List ...) NOT-FOR-US: Synology -CVE-2017-15887 - RESERVED +CVE-2017-15887 (An improper restriction of excessive authentication attempts ...) + TODO: check CVE-2017-15886 RESERVED CVE-2017-15885 (Reflected XSS in the web administration portal on the Axis 2100 Network ...) @@ -2846,7 +2852,7 @@ CVE-2017-15539 (SQL Injection exists in zorovavi/blog through 2017-10-17 via the id ...) NOT-FOR-US: zorovavi/blog CVE-2017-15587 (An integer overflow was discovered in pdf_read_new_xref_section in ...) - {DSA-4006-1} + {DSA-4006-1 DLA-1164-1} - mupdf 1.11+ds1-2 (bug #879055) NOTE: http://git.ghostscript.com/?p=mupdf.git;h=82df2631d7d0446b206ea6b434ea609b6c28b0e8 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698605 (not public) @@ -5323,7 +5329,7 @@ CVE-2017-14688 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...) NOT-FOR-US: STDU Viewer CVE-2017-14687 (Artifex MuPDF 1.11 allows attackers to cause a denial of service or ...) - {DSA-4006-1} + {DSA-4006-1 DLA-1164-1} - mupdf 1.11+ds1-1.1 (bug #877379) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698558 NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=2b16dbd8f73269cb15ca61ece75cf8d2d196ed28 @@ -5457,7 +5463,7 @@ [jessie] - sam2p (Minor issue) NOTE: https://github.com/pts/sam2p/issues/14 (bug 4) CVE-2017-14635 (In Open Ticket Request System (OTRS) 3.3.x before 3.3.18, 4.x before ...) - {DLA-1119-1} + {DSA-4021-1 DLA-1119-1} - otrs2 5.0.23-1 (bug #876462) NOTE: https://github.com/OTRS/otrs/commit/a4093dc404fcbd87b235b31c72913141672f2a85 (rel-5_0) NOTE: https://github.com/OTRS/otrs/commit/00bcc89dc2443b5d8b34a0908e224373926aa618 (rel-5_0) @@ -11477,6 +11483,7 @@ NOTE: mail-archives.apache.org/mod_mbox/apr-dev/201710.mbox/%3CCACsi252POs4toeJJciwg09_eu2cO3XFg%3DUqsPjXsfjDoeC3-UQ%40mail.gmail.com%3E NOTE: https://github.com/apache/apr/commit/f672b565c825c34de9ee298b5bdc62c01cdd6147 CVE-2017-12617 (When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to ...) + {DLA-1166-1} - tomcat9 (bug #802312) - tomcat8 8.5.23-1 - tomcat8.0 (unimportant) @@ -11522,12 +11529,14 @@ RESERVED CVE-2017-12608 RESERVED + {DSA-4022-1} - libreoffice 1:5.0.2-1 NOTE: https://www.talosintelligence.com/reports/TALOS-2017-0301 NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2017-12608 NOTE: https://gerrit.libreoffice.org/gitweb?p=core.git;a=commitdiff_plain;h=42a709d1ef647aab9a1c9422b4e25ecaee857aba CVE-2017-12607 RESERVED + {DSA-4022-1} - libreoffice 1:5.0.2-1 NOTE: https://www.talosintelligence.com/reports/TALOS-2017-0300 NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2017-12607 @@ -12531,6 +12540,7 @@ RESERVED CVE-2017-12197 RESERVED + {DLA-1165-1} - libpam4j 1.4-3 (bug #879001) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1503103 NOTE: https://github.com/kohsuke/libpam4j/issues/18 @@ -12883,12 +12893,12 @@ RESERVED CVE-2017-12097 RESERVED -CVE-2017-12096 - RESERVED +CVE-2017-12096 (An exploitable vulnerability exists in the WiFi management of Circle ...) + TODO: check CVE-2017-12095 RESERVED -CVE-2017-12094 - RESERVED +CVE-2017-12094 (An exploitable vulnerability exists in the WiFi Channel parsing of ...) + TODO: check CVE-2017-12093 RESERVED CVE-2017-12092 @@ -12905,12 +12915,12 @@ RESERVED CVE-2017-12086 RESERVED -CVE-2017-12085 - RESERVED -CVE-2017-12084 - RESERVED -CVE-2017-12083 - RESERVED +CVE-2017-12085 (An exploitable routing vulnerability exists in the Circle with Disney ...) + TODO: check +CVE-2017-12084 (A backdoor vulnerability exists in remote control functionality of ...) + TODO: check +CVE-2017-12083 (An exploitable information disclosure vulnerability exists in
[Secure-testing-commits] r57396 - data/CVE
Author: sectracker Date: 2017-11-07 09:10:21 + (Tue, 07 Nov 2017) New Revision: 57396 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-07 08:04:53 UTC (rev 57395) +++ data/CVE/list 2017-11-07 09:10:21 UTC (rev 57396) @@ -1,3 +1,15 @@ +CVE-2017-16638 (The Gentoo net-misc/vde package before version 2.3.2-r4 may allow ...) + TODO: check +CVE-2017-16637 (In Vectura Perfect Privacy VPN Manager v1.10.10 and v1.10.11, when ...) + TODO: check +CVE-2017-16636 (In Bludit v1.5.2 and v2.0.1, an XSS vulnerability is located in the new ...) + TODO: check +CVE-2017-16635 (In TinyWebGallery v2.4, an XSS vulnerability is located in the ...) + TODO: check +CVE-2017-16634 + RESERVED +CVE-2017-16633 + RESERVED CVE-2017-16632 RESERVED CVE-2017-16631 @@ -7284,24 +7296,24 @@ NOTE: https://bugzilla.novell.com/show_bug.cgi?id=1058757 NOTE: https://www.ruby-lang.org/en/news/2017/09/14/openssl-asn1-buffer-underrun-cve-2017-14033/ NOTE: https://github.com/ruby/openssl/commit/1648afef33c1d97fb203c82291b8a61269e85d3b -CVE-2017-14031 - RESERVED +CVE-2017-14031 (An Improper Access Control issue was discovered in Trihedral VTScada ...) + TODO: check CVE-2017-14030 RESERVED -CVE-2017-14029 - RESERVED +CVE-2017-14029 (An Uncontrolled Search Path Element issue was discovered in Trihedral ...) + TODO: check CVE-2017-14028 RESERVED CVE-2017-14027 (A Use of Hard-coded Credentials issue was discovered in Korenix JetNet ...) NOT-FOR-US: Korenix CVE-2017-14026 RESERVED -CVE-2017-14025 - RESERVED +CVE-2017-14025 (An Improper Input Validation issue was discovered in ABB FOX515T ...) + TODO: check CVE-2017-14024 RESERVED -CVE-2017-14023 - RESERVED +CVE-2017-14023 (An Improper Input Validation issue was discovered in Siemens SIMATIC ...) + TODO: check CVE-2017-14022 RESERVED CVE-2017-14021 (A Use of Hard-coded Cryptographic Key issue was discovered in Korenix ...) @@ -7314,8 +7326,8 @@ RESERVED CVE-2017-14017 (An Uncontrolled Search Path Element issue was discovered in Progea ...) NOT-FOR-US: Progea Movicon -CVE-2017-14016 - RESERVED +CVE-2017-14016 (A Stack-based Buffer Overflow issue was discovered in Advantech ...) + TODO: check CVE-2017-14015 RESERVED CVE-2017-14014 @@ -8263,10 +8275,10 @@ NOT-FOR-US: Symantec CVE-2017-13682 (In Symantec Encryption Desktop before SED 10.4.1 MP2HF1, a kernel ...) NOT-FOR-US: Symantec -CVE-2017-13681 - RESERVED -CVE-2017-13680 - RESERVED +CVE-2017-13681 (Symantec Endpoint Protection prior to SEP 12.1 RU6 MP9 could be ...) + TODO: check +CVE-2017-13680 (Prior to SEP 12.1 RU6 MP9 SEP 14 RU1 Symantec Endpoint Protection ...) + TODO: check CVE-2017-13679 (A denial of service (DoS) attack in Symantec Encryption Desktop before ...) NOT-FOR-US: Symantec CVE-2017-13678 @@ -11157,8 +11169,8 @@ RESERVED CVE-2017-12720 RESERVED -CVE-2017-12719 - RESERVED +CVE-2017-12719 (An Untrusted Pointer Dereference issue was discovered in Advantech ...) + TODO: check CVE-2017-12718 RESERVED CVE-2017-12717 (An Uncontrolled Search Path Element issue was discovered in Advantech ...) @@ -11454,6 +11466,7 @@ CVE-2017-12619 RESERVED CVE-2017-12618 (Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to ...) + {DLA-1163-1} - apr-util 1.6.1-1 (low; bug #879996) NOTE: mail-archives.apache.org/mod_mbox/apr-dev/201710.mbox/%3CCACsi252POs4toeJJciwg09_eu2cO3XFg%3DUqsPjXsfjDoeC3-UQ%40mail.gmail.com%3E NOTE: https://github.com/apache/apr/commit/f672b565c825c34de9ee298b5bdc62c01cdd6147 @@ -30418,8 +30431,8 @@ RESERVED CVE-2017-6332 RESERVED -CVE-2017-6331 - RESERVED +CVE-2017-6331 (Prior to SEP 14 RU1 Symantec Endpoint Protection product can encounter ...) + TODO: check CVE-2017-6330 (Symantec Encryption Desktop before SED 10.4.1MP2 can allow remote ...) NOT-FOR-US: Symantec CVE-2017-6329 (Symantec VIP Access for Desktop prior to 2.2.4 can be susceptible to a ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57382 - data/CVE
Author: sectracker Date: 2017-11-06 21:10:16 + (Mon, 06 Nov 2017) New Revision: 57382 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-06 20:53:43 UTC (rev 57381) +++ data/CVE/list 2017-11-06 21:10:16 UTC (rev 57382) @@ -1,3 +1,127 @@ +CVE-2017-16632 + RESERVED +CVE-2017-16631 + RESERVED +CVE-2017-16630 + RESERVED +CVE-2017-16629 + RESERVED +CVE-2017-16628 + RESERVED +CVE-2017-16627 + RESERVED +CVE-2017-16626 + RESERVED +CVE-2017-16625 + RESERVED +CVE-2017-16624 + RESERVED +CVE-2017-16623 + RESERVED +CVE-2017-16622 + RESERVED +CVE-2017-16621 + RESERVED +CVE-2017-16620 + RESERVED +CVE-2017-16619 + RESERVED +CVE-2017-16618 + RESERVED +CVE-2017-16617 + RESERVED +CVE-2017-16616 + RESERVED +CVE-2017-16615 + RESERVED +CVE-2017-16614 + RESERVED +CVE-2017-16613 + RESERVED +CVE-2017-16612 + RESERVED +CVE-2017-16611 + RESERVED +CVE-2017-16610 + RESERVED +CVE-2017-16609 + RESERVED +CVE-2017-16608 + RESERVED +CVE-2017-16607 + RESERVED +CVE-2017-16606 + RESERVED +CVE-2017-16605 + RESERVED +CVE-2017-16604 + RESERVED +CVE-2017-16603 + RESERVED +CVE-2017-16602 + RESERVED +CVE-2017-16601 + RESERVED +CVE-2017-16600 + RESERVED +CVE-2017-16599 + RESERVED +CVE-2017-16598 + RESERVED +CVE-2017-16597 + RESERVED +CVE-2017-16596 + RESERVED +CVE-2017-16595 + RESERVED +CVE-2017-16594 + RESERVED +CVE-2017-16593 + RESERVED +CVE-2017-16592 + RESERVED +CVE-2017-16591 + RESERVED +CVE-2017-16590 + RESERVED +CVE-2017-16589 + RESERVED +CVE-2017-16588 + RESERVED +CVE-2017-16587 + RESERVED +CVE-2017-16586 + RESERVED +CVE-2017-16585 + RESERVED +CVE-2017-16584 + RESERVED +CVE-2017-16583 + RESERVED +CVE-2017-16582 + RESERVED +CVE-2017-16581 + RESERVED +CVE-2017-16580 + RESERVED +CVE-2017-16579 + RESERVED +CVE-2017-16578 + RESERVED +CVE-2017-16577 + RESERVED +CVE-2017-16576 + RESERVED +CVE-2017-16575 + RESERVED +CVE-2017-16574 + RESERVED +CVE-2017-16573 + RESERVED +CVE-2017-16572 + RESERVED +CVE-2017-16571 + RESERVED CVE-2017-16570 (KeystoneJS before 4.0.0-beta.7 allows application-wide CSRF bypass by ...) NOT-FOR-US: KeystoneJS CVE-2017-16569 (An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018 via an ...) @@ -1292,8 +1416,8 @@ RESERVED CVE-2017-16002 RESERVED -CVE-2017-16001 - RESERVED +CVE-2017-16001 (In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) ...) + TODO: check CVE-2017-16000 (SQL injection vulnerability in the EyesOfNetwork web interface (aka ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2017-15999 (In the NQ Contacts Backup Restore application 1.1 for Android, no ...) @@ -2436,8 +2560,7 @@ RESERVED CVE-2017-15673 RESERVED -CVE-2017-15672 - RESERVED +CVE-2017-15672 (The read_header function in libavcodec/ffv1dec.c in FFmpeg 3.3.4 and ...) - ffmpeg [stretch] - ffmpeg (Wait until next round of security releases) - libav @@ -3303,8 +3426,7 @@ RESERVED CVE-2017-15307 RESERVED -CVE-2017-15306 [KVM: PPC: Fix oops when checking KVM_CAP_PPC_HTM] - RESERVED +CVE-2017-15306 (The kvm_vm_ioctl_check_extension function in arch/powerpc/kvm/powerpc.c ...) - linux [jessie] - linux (Vulnerable code introduced later) [wheezy] - linux (Vulnerable code introduced later) @@ -11307,6 +11429,7 @@ CVE-2017-12614 RESERVED CVE-2017-12613 (When apr_exp_time*() or apr_os_exp_time*() functions are invoked with ...) + {DLA-1162-1} - apr 1.6.3-1 (low; bug #879708) [stretch] - apr (Minor issue) [jessie] - apr (Minor issue) @@ -15205,8 +15328,8 @@ NOT-FOR-US: FineCMS CVE-2017-11178 (In FineCMS through 2017-07-11, application/core/controller/style.php ...) NOT-FOR-US: FineCMS -CVE-2017-11177 - RESERVED +CVE-2017-11177 (TRITON AP-EMAIL 8.2 before 8.2 IB does not properly restrict file ...) + TODO: check CVE-2017-11176 (The mq_notify function in the Linux kernel through 4.11.9 does not set ...) {DSA-3945-1 DSA-3927-1 DLA-1099-1} - linux 4.11.11-1 @@ -26723,8 +26846,8 @@ RESERVED CVE-2017-7426 RESERVED -CVE-2017-7425 - RESERVED +CVE-2017-7425 (Multiple potential reflected XSS issues exist in NetIQ iManager ...) + TODO: check CVE-2017-7424 (A Path Traversal (CWE-22) vulnerability in esfadmingui in Micro Focus ...) NOT-FOR-US: Micro Focus CVE-2017-7423 (A Cross-Site Request Forgery (CWE-352) vulnerability in esfadmingui in ...) @@ -80803,8 +80926,7 @@
[Secure-testing-commits] r57358 - data/CVE
Author: sectracker Date: 2017-11-06 09:10:22 + (Mon, 06 Nov 2017) New Revision: 57358 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-06 05:30:22 UTC (rev 57357) +++ data/CVE/list 2017-11-06 09:10:22 UTC (rev 57358) @@ -1,3 +1,55 @@ +CVE-2017-16570 (KeystoneJS before 4.0.0-beta.7 allows application-wide CSRF bypass by ...) + TODO: check +CVE-2017-16569 (An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018 via an ...) + TODO: check +CVE-2017-16568 + RESERVED +CVE-2017-16567 + RESERVED +CVE-2017-16566 + RESERVED +CVE-2017-16565 (Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage ...) + TODO: check +CVE-2017-16564 (Stored Cross-site scripting (XSS) vulnerability in /cgi-bin/config2 on ...) + TODO: check +CVE-2017-16563 (Cross-Site Request Forgery (CSRF) in the Basic Settings screen on ...) + TODO: check +CVE-2017-16562 + RESERVED +CVE-2017-16561 + RESERVED +CVE-2017-16560 + RESERVED +CVE-2017-16559 + RESERVED +CVE-2017-16558 + RESERVED +CVE-2017-16557 + RESERVED +CVE-2017-16556 + RESERVED +CVE-2017-16555 + RESERVED +CVE-2017-16554 + RESERVED +CVE-2017-16553 + RESERVED +CVE-2017-16552 + RESERVED +CVE-2017-16551 + RESERVED +CVE-2017-16550 + RESERVED +CVE-2017-16549 + RESERVED +CVE-2017-16548 (The receive_xattr function in xattrs.c in rsync 3.1.2 and ...) + TODO: check +CVE-2017-16547 (The DrawImage function in magick/render.c in GraphicsMagick 1.3.26 does ...) + TODO: check +CVE-2017-16546 (The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does ...) + TODO: check +CVE-2017-16545 (The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does ...) + TODO: check CVE-2017-16544 RESERVED CVE-2017-16543 (Zoho ManageEngine Applications Manager 13 allows SQL injection via ...) @@ -54,8 +106,8 @@ NOTE: Fixed by: https://git.kernel.org/linus/bbf26183b7a6236ba602f4d6a2f7cade35bba043 CVE-2017-16525 (The usb_serial_console_disconnect function in ...) - linux 4.13.10-1 -CVE-2017-16524 - RESERVED +CVE-2017-16524 (Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an ...) + TODO: check CVE-2017-16523 (MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ...) NOT-FOR-US: MitraStar CVE-2017-16522 (MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ...) @@ -3001,48 +3053,59 @@ RESERVED CVE-2017-15396 RESERVED + {DSA-4020-1} - chromium-browser 62.0.3202.75-1 [wheezy] - chromium-browser (Not supported in Wheezy) - libv8 (unimportant) NOTE: libv8 not covered by security support CVE-2017-15395 RESERVED + {DSA-4020-1} - chromium-browser 62.0.3202.75-1 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-15394 RESERVED + {DSA-4020-1} - chromium-browser 62.0.3202.75-1 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-15393 RESERVED + {DSA-4020-1} - chromium-browser 62.0.3202.75-1 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-15392 RESERVED + {DSA-4020-1} - chromium-browser 62.0.3202.75-1 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-15391 RESERVED + {DSA-4020-1} - chromium-browser 62.0.3202.75-1 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-15390 RESERVED + {DSA-4020-1} - chromium-browser 62.0.3202.75-1 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-15389 RESERVED + {DSA-4020-1} - chromium-browser 62.0.3202.75-1 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-15388 RESERVED + {DSA-4020-1} - chromium-browser 62.0.3202.75-1 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-15387 RESERVED + {DSA-4020-1} - chromium-browser 62.0.3202.75-1 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-15386 RESERVED + {DSA-4020-1} - chromium-browser 62.0.3202.75-1 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-15385 (The store_versioninfo_gnu_verdef function in libr/bin/format/elf/elf.c ...) @@ -4004,8 +4067,8 @@ NOTE: https://groups.google.com/d/msg/golang-dev/RinSE3EiJBI/kYL7zb07AgAJ CVE-2017-15040 RESERVED -CVE-2017-15039 - RESERVED +CVE-2017-15039 (Cross-site scripting (XSS) exists in Zurmo 3.2.1.57987acc3018 via a ...) + TODO: check CVE-2017-15038 (Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU ...) {DLA-1129-1 DLA-1128-1} - qemu 1:2.10.0+dfsg-2
[Secure-testing-commits] r57351 - data/CVE
Author: sectracker Date: 2017-11-05 21:10:14 + (Sun, 05 Nov 2017) New Revision: 57351 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-05 19:35:53 UTC (rev 57350) +++ data/CVE/list 2017-11-05 21:10:14 UTC (rev 57351) @@ -1,3 +1,9 @@ +CVE-2017-16544 + RESERVED +CVE-2017-16543 (Zoho ManageEngine Applications Manager 13 allows SQL injection via ...) + TODO: check +CVE-2017-16542 (Zoho ManageEngine Applications Manager 13 allows Post-authentication ...) + TODO: check CVE-2017-16541 (Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to ...) TODO: check CVE-2017-16540 (OpenEMR before 5.0.0 Patch 5 allows unauthenticated remote database ...) @@ -1953,6 +1959,7 @@ CVE-2017-15864 RESERVED CVE-2016-10517 (networking.c in Redis before 3.2.7 allows Cross Protocol Scripting ...) + {DLA-1161-1} - redis 3:3.2.7-1 NOTE: https://github.com/antirez/redis/commit/874804da0c014a7d704b3d285aa500098a931f50 CVE-2017-15863 (Cross Site Scripting (XSS) exists in the wp-noexternallinks plugin ...) @@ -9107,6 +9114,7 @@ - imagemagick 8:6.9.7.4+dfsg-14 (bug #870013) NOTE: https://github.com/ImageMagick/ImageMagick/commit/437a35e57db5ec078f4a3ccbf71f941276e88430 CVE-2017-13141 (In ImageMagick before 6.9.9-4 and 7.x before 7.0.6-4, a crafted file ...) + {DSA-4019-1} - imagemagick 8:6.9.7.4+dfsg-15 (unimportant; bug #870116) NOTE: https://github.com/ImageMagick/ImageMagick/issues/600 CVE-2017-13138 (DOM based Cross-site scripting (XSS) vulnerability in the Bridge theme ...) @@ -11046,6 +11054,7 @@ - imagemagick 8:6.9.7.4+dfsg-14 (unimportant; bug #870021) NOTE: https://github.com/ImageMagick/ImageMagick/issues/617 CVE-2017-12671 (In ImageMagick 7.0.6-3, a missing NULL assignment was found in ...) + {DSA-4019-1} - imagemagick 8:6.9.7.4+dfsg-15 (unimportant; bug #870119) NOTE: https://github.com/ImageMagick/ImageMagick/issues/621 CVE-2017-12669 (ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteCALSImage ...) @@ -11133,7 +11142,7 @@ NOTE: https://github.com/ImageMagick/ImageMagick/issues/550 NOTE: https://github.com/ImageMagick/ImageMagick/commit/3320955045e5a2a22c13a04fa9422bb809e75eda CVE-2017-12640 (ImageMagick 7.0.6-1 has an out-of-bounds read vulnerability in ...) - {DLA-1081-1} + {DSA-4019-1 DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-15 (bug #870106) NOTE: https://github.com/ImageMagick/ImageMagick/issues/542 NOTE: https://github.com/ImageMagick/ImageMagick/commit/78d4c5db50fbab0b4beb69c46c6167f2c6513dec @@ -11316,7 +11325,7 @@ NOTE: https://github.com/rsyslog/rsyslog/pull/1565 NOTE: The zmq3 input and output modules are not enabled and built in Debian CVE-2017-12587 (ImageMagick 7.0.6-1 has a large loop vulnerability in the ReadPWPImage ...) - {DLA-1081-1} + {DSA-4019-1 DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-16 (bug #870526) NOTE: https://github.com/ImageMagick/ImageMagick/issues/535 NOTE: https://github.com/ImageMagick/ImageMagick/commit/bb5b16c512977e8134701063e0adb05a4a342add @@ -11732,7 +11741,7 @@ NOTE: https://github.com/ImageMagick/ImageMagick/commit/7beec9a7a8a5701652b313e6e94bafd36b3627dc NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/0a170d18390d3762586f164e6abe3c4766d14620 CVE-2017-12432 (In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in ...) - {DLA-1081-1} + {DSA-4019-1 DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-16 (bug #870491) NOTE: https://github.com/ImageMagick/ImageMagick/issues/536 NOTE: https://github.com/ImageMagick/ImageMagick/commit/061de02095a56d438409c63f723f340b2d9d36c7 @@ -13291,13 +13300,14 @@ NOTE: changing the upstream pro file to enable YT_USE_YTSIG. YT_USE_YTSIG is NOTE: disabled by default on upstream since 17.2.0 CVE-2017-13140 (In ImageMagick before 6.9.9-1 and 7.x before 7.0.6-2, the ...) + {DSA-4019-1} - imagemagick 8:6.9.7.4+dfsg-15 (bug #870111) [wheezy] - imagemagick (Vulnerable code not present) NOTE: https://github.com/ImageMagick/ImageMagick/issues/596 NOTE: https://github.com/ImageMagick/ImageMagick/commit/62fcf3d9638b87cd7ac81962cadf5bf88db62fa0 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/75f7e994e4e990627a5a37385bcc9a0205013645 CVE-2017-13139 (In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ...) - {DLA-1081-1} + {DSA-4019-1 DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-15 (bug #870109) NOTE: https://github.com/ImageMagick/ImageMagick/commit/22e0310345499ffe906c604428f2a3a668942b05 CVE-2017-12643 (ImageMagick 7.0.6-1 has a memory exhaustion
[Secure-testing-commits] r57321 - data/CVE
Author: sectracker Date: 2017-11-04 21:10:14 + (Sat, 04 Nov 2017) New Revision: 57321 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-04 20:25:50 UTC (rev 57320) +++ data/CVE/list 2017-11-04 21:10:14 UTC (rev 57321) @@ -1,3 +1,9 @@ +CVE-2017-16541 (Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to ...) + TODO: check +CVE-2017-16540 (OpenEMR before 5.0.0 Patch 5 allows unauthenticated remote database ...) + TODO: check +CVE-2017-16539 (The DefaultLinuxSpec function in oci/defaults.go in Docker Moby through ...) + TODO: check CVE-2017-16538 (drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through ...) - linux CVE-2017-16537 (The imon_probe function in drivers/media/rc/imon.c in the Linux kernel ...) @@ -122,6 +128,7 @@ CVE-2017-1000131 (Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before ...) TODO: check CVE-2017-16510 (WordPress before 4.8.3 is affected by an issue where $wpdb-prepare() ...) + {DLA-1160-1} - wordpress 4.8.3+dfsg-1 (bug #880528) NOTE: https://wpvulndb.com/vulnerabilities/8941 NOTE: https://github.com/WordPress/WordPress/commit/a2693fd8602e3263b5925b9d799ddd577202167d ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57299 - data/CVE
Author: sectracker Date: 2017-11-04 09:10:24 + (Sat, 04 Nov 2017) New Revision: 57299 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-03 23:09:43 UTC (rev 57298) +++ data/CVE/list 2017-11-04 09:10:24 UTC (rev 57299) @@ -1,3 +1,31 @@ +CVE-2017-16538 (drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through ...) + TODO: check +CVE-2017-16537 (The imon_probe function in drivers/media/rc/imon.c in the Linux kernel ...) + TODO: check +CVE-2017-16536 (The cx231xx_usb_probe function in ...) + TODO: check +CVE-2017-16535 (The usb_get_bos_descriptor function in drivers/usb/core/config.c in the ...) + TODO: check +CVE-2017-16534 (The cdc_parse_cdc_header function in drivers/usb/core/message.c in the ...) + TODO: check +CVE-2017-16533 (The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linux ...) + TODO: check +CVE-2017-16532 (The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux ...) + TODO: check +CVE-2017-16531 (drivers/usb/core/config.c in the Linux kernel before 4.13.6 allows ...) + TODO: check +CVE-2017-16530 (The uas driver in the Linux kernel before 4.13.6 allows local users to ...) + TODO: check +CVE-2017-16529 (The snd_usb_create_streams function in sound/usb/card.c in the Linux ...) + TODO: check +CVE-2017-16528 (sound/core/seq_device.c in the Linux kernel before 4.13.4 allows local ...) + TODO: check +CVE-2017-16527 (sound/usb/mixer.c in the Linux kernel before 4.13.8 allows local users ...) + TODO: check +CVE-2017-16526 (drivers/uwb/uwbd.c in the Linux kernel before 4.13.6 allows local users ...) + TODO: check +CVE-2017-16525 (The usb_serial_console_disconnect function in ...) + TODO: check CVE-2017-16524 RESERVED CVE-2017-16523 (MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ...) @@ -37592,6 +37620,7 @@ CVE-2017-3737 RESERVED CVE-2017-3736 (There is a carry propagating bug in the x86_64 Montgomery squaring ...) + {DSA-4017-1} - openssl 1.1.0g-1 [stretch] - openssl 1.1.0f-3+deb9u1 [jessie] - openssl (Vulnerable code not present) @@ -37601,7 +37630,7 @@ NOTE: Fix for 1.0.2: https://git.openssl.org/?p=openssl.git;a=commit;h=38d600147331d36e74174ebbd4008b63188b321b NOTE: Fix for 1.1.0: https://git.openssl.org/?p=openssl.git;a=commit;h=4443cf7aa0099e5ce615c18cee249fff77fb0871 CVE-2017-3735 (While parsing an IPAddressFamily extension in an X.509 certificate, it ...) - {DLA-1157-1} + {DSA-4018-1 DSA-4017-1 DLA-1157-1} - openssl 1.1.0g-1 - openssl1.0 1.0.2m-1 NOTE: Fix for 1.0.2: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=31c8b265591a0aaa462a1f3eb5770661aaac67db ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57287 - data/CVE
Author: sectracker Date: 2017-11-03 21:10:17 + (Fri, 03 Nov 2017) New Revision: 57287 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-03 20:48:57 UTC (rev 57286) +++ data/CVE/list 2017-11-03 21:10:17 UTC (rev 57287) @@ -1,61 +1,87 @@ -CVE-2017-16511 +CVE-2017-16524 RESERVED -CVE-2017-1000171 +CVE-2017-16523 (MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ...) + TODO: check +CVE-2017-16522 (MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ...) + TODO: check +CVE-2017-16521 RESERVED -CVE-2017-1000157 +CVE-2017-16520 RESERVED -CVE-2017-1000156 +CVE-2017-16519 RESERVED -CVE-2017-1000155 +CVE-2017-16518 RESERVED -CVE-2017-1000154 +CVE-2017-16517 RESERVED -CVE-2017-1000153 +CVE-2017-16516 (In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is ...) + TODO: check +CVE-2017-16515 RESERVED -CVE-2017-1000152 +CVE-2017-16514 RESERVED -CVE-2017-1000151 +CVE-2017-16513 (Ipswitch WS_FTP Professional before 12.6.0.3 has buffer overflows in ...) + TODO: check +CVE-2017-16512 RESERVED -CVE-2017-1000150 +CVE-2017-16511 RESERVED -CVE-2017-1000149 - RESERVED -CVE-2017-1000148 - RESERVED -CVE-2017-1000147 - RESERVED -CVE-2017-1000146 - RESERVED -CVE-2017-1000145 - RESERVED -CVE-2017-1000144 - RESERVED -CVE-2017-1000143 - RESERVED -CVE-2017-1000142 - RESERVED +CVE-2017-1000171 (Mahara Mobile before 1.2.1 is vulnerable to passwords being sent to ...) + TODO: check +CVE-2017-1000157 (Mahara 15.04 before 15.04.13 and 16.04 before 16.04.7 and 16.10 before ...) + TODO: check +CVE-2017-1000156 (Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before ...) + TODO: check +CVE-2017-1000155 (Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before ...) + TODO: check +CVE-2017-1000154 (Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before ...) + TODO: check +CVE-2017-1000153 (Mahara 15.04 before 15.04.10 and 15.10 before 15.10.6 and 16.04 before ...) + TODO: check +CVE-2017-1000152 (Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 running PHP 5.3 ...) + TODO: check +CVE-2017-1000151 (Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before ...) + TODO: check +CVE-2017-1000150 (Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 are vulnerable to ...) + TODO: check +CVE-2017-1000149 (Mahara 1.10 before 1.10.9 and 15.04 before 15.04.6 and 15.10 before ...) + TODO: check +CVE-2017-1000148 (Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before ...) + TODO: check +CVE-2017-1000147 (Mahara 1.9 before 1.9.8 and 1.10 before 1.10.6 and 15.04 before ...) + TODO: check +CVE-2017-1000146 (Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before ...) + TODO: check +CVE-2017-1000145 (Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before ...) + TODO: check +CVE-2017-1000144 (Mahara 1.9 before 1.9.6 and 1.10 before 1.10.4 and 15.04 before ...) + TODO: check +CVE-2017-1000143 (Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 ...) + TODO: check +CVE-2017-1000142 (Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 ...) + TODO: check CVE-2017-1000141 RESERVED -CVE-2017-1000140 - RESERVED -CVE-2017-1000139 - RESERVED -CVE-2017-1000138 - RESERVED -CVE-2017-1000137 - RESERVED -CVE-2017-1000136 - RESERVED -CVE-2017-1000135 - RESERVED -CVE-2017-1000134 - RESERVED -CVE-2017-1000133 - RESERVED -CVE-2017-1000132 - RESERVED -CVE-2017-1000131 - RESERVED +CVE-2017-1000140 (Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 ...) + TODO: check +CVE-2017-1000139 (Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 ...) + TODO: check +CVE-2017-1000138 (Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to ...) + TODO: check +CVE-2017-1000137 (Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to ...) + TODO: check +CVE-2017-1000136 (Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 ...) + TODO: check +CVE-2017-1000135 (Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 ...) + TODO: check +CVE-2017-1000134 (Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 ...) + TODO: check +CVE-2017-1000133 (Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before ...) + TODO: check +CVE-2017-1000132 (Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 ...) + TODO: check +CVE-2017-1000131 (Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04
[Secure-testing-commits] r57274 - data/CVE
Author: sectracker Date: 2017-11-03 09:11:04 + (Fri, 03 Nov 2017) New Revision: 57274 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-03 06:17:15 UTC (rev 57273) +++ data/CVE/list 2017-11-03 09:11:04 UTC (rev 57274) @@ -1,3 +1,5 @@ +CVE-2017-16511 + RESERVED CVE-2017-1000171 RESERVED CVE-2017-1000157 @@ -54,7 +56,7 @@ RESERVED CVE-2017-1000131 RESERVED -CVE-2017-16510 [Unsafe queries with wpdb->prepare] +CVE-2017-16510 (WordPress before 4.8.3 is affected by an issue where $wpdb-prepare() ...) - wordpress 4.8.3+dfsg-1 (bug #880528) NOTE: https://wpvulndb.com/vulnerabilities/8941 NOTE: https://github.com/WordPress/WordPress/commit/a2693fd8602e3263b5925b9d799ddd577202167d @@ -650,8 +652,8 @@ RESERVED CVE-2017-16238 RESERVED -CVE-2017-16237 - RESERVED +CVE-2017-16237 (In Vir.IT eXplorer Anti-Virus before 8.5.42, the driver file ...) + TODO: check CVE-2017-16236 RESERVED CVE-2017-16235 @@ -1631,12 +1633,15 @@ CVE-2017-15956 (ConverTo Video Downloader Converter 1.4.1 allows Arbitrary File ...) NOT-FOR-US: ConverTo Video Downloader CVE-2017-15955 (bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to an ...) + {DLA-1158-1} - bchunk (bug #880116) NOTE: https://github.com/extramaster/bchunk/issues/4 CVE-2017-15954 (bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a ...) + {DLA-1158-1} - bchunk (bug #880116) NOTE: https://github.com/extramaster/bchunk/issues/3 CVE-2017-15953 (bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a ...) + {DLA-1158-1} - bchunk (bug #880116) NOTE: https://github.com/extramaster/bchunk/issues/2 CVE-2017-15952 @@ -2006,27 +2011,38 @@ NOT-FOR-US: XnView CVE-2017-15801 (XnView Classic for Windows Version 2.43 allows attackers to cause a ...) NOT-FOR-US: XnView -CVE-2017-15800 (IrfanView version 4.50 (64bit) allows attackers to execute arbitrary ...) +CVE-2017-15800 + REJECTED NOT-FOR-US: IrfanView -CVE-2017-15799 (IrfanView version 4.50 (64bit) allows attackers to cause a denial of ...) +CVE-2017-15799 + REJECTED NOT-FOR-US: IrfanView -CVE-2017-15798 (IrfanView version 4.50 (64bit) allows attackers to cause a denial of ...) +CVE-2017-15798 + REJECTED NOT-FOR-US: IrfanView -CVE-2017-15797 (IrfanView version 4.50 (64bit) allows attackers to execute arbitrary ...) +CVE-2017-15797 + REJECTED NOT-FOR-US: IrfanView -CVE-2017-15796 (IrfanView version 4.50 (64bit) allows attackers to cause a denial of ...) +CVE-2017-15796 + REJECTED NOT-FOR-US: IrfanView -CVE-2017-15795 (IrfanView version 4.50 (64bit) allows attackers to cause a denial of ...) +CVE-2017-15795 + REJECTED NOT-FOR-US: IrfanView -CVE-2017-15794 (IrfanView version 4.50 (64bit) allows attackers to cause a denial of ...) +CVE-2017-15794 + REJECTED NOT-FOR-US: IrfanView -CVE-2017-15793 (IrfanView version 4.50 (64bit) allows attackers to execute arbitrary ...) +CVE-2017-15793 + REJECTED NOT-FOR-US: IrfanView -CVE-2017-15792 (IrfanView version 4.50 (64bit) allows attackers to cause a denial of ...) +CVE-2017-15792 + REJECTED NOT-FOR-US: IrfanView -CVE-2017-15791 (IrfanView version 4.50 (64bit) allows attackers to cause a denial of ...) +CVE-2017-15791 + REJECTED NOT-FOR-US: IrfanView -CVE-2017-15790 (IrfanView version 4.50 (64bit) allows attackers to cause a denial of ...) +CVE-2017-15790 + REJECTED NOT-FOR-US: IrfanView CVE-2017-15789 (XnView Classic for Windows Version 2.43 allows attackers to execute ...) NOT-FOR-US: XnView @@ -17801,6 +17817,7 @@ CVE-2017-10389 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle ...) NOT-FOR-US: Oracle CVE-2017-10388 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...) + {DSA-4015-1} - openjdk-9 9.0.1+11-1 - openjdk-8 8u151-b12-1 - openjdk-7 @@ -17880,18 +17897,21 @@ CVE-2017-10358 (Vulnerability in the Oracle Hyperion Financial Reporting component of ...) NOT-FOR-US: Oracle CVE-2017-10357 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...) + {DSA-4015-1} - openjdk-9 9.0.1+11-1 - openjdk-8 8u151-b12-1 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 CVE-2017-10356 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...) + {DSA-4015-1} - openjdk-9 9.0.1+11-1 - openjdk-8 8u151-b12-1 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 CVE-2017-10355 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...) + {DSA-4015-1}
[Secure-testing-commits] r57261 - data/CVE
Author: sectracker Date: 2017-11-02 21:10:12 + (Thu, 02 Nov 2017) New Revision: 57261 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-02 21:07:55 UTC (rev 57260) +++ data/CVE/list 2017-11-02 21:10:12 UTC (rev 57261) @@ -1,3 +1,61 @@ +CVE-2017-16510 (WordPress before 4.8.3 is affected by an issue where $wpdb-prepare() ...) + TODO: check +CVE-2017-1000171 + RESERVED +CVE-2017-1000157 + RESERVED +CVE-2017-1000156 + RESERVED +CVE-2017-1000155 + RESERVED +CVE-2017-1000154 + RESERVED +CVE-2017-1000153 + RESERVED +CVE-2017-1000152 + RESERVED +CVE-2017-1000151 + RESERVED +CVE-2017-1000150 + RESERVED +CVE-2017-1000149 + RESERVED +CVE-2017-1000148 + RESERVED +CVE-2017-1000147 + RESERVED +CVE-2017-1000146 + RESERVED +CVE-2017-1000145 + RESERVED +CVE-2017-1000144 + RESERVED +CVE-2017-1000143 + RESERVED +CVE-2017-1000142 + RESERVED +CVE-2017-1000141 + RESERVED +CVE-2017-1000140 + RESERVED +CVE-2017-1000139 + RESERVED +CVE-2017-1000138 + RESERVED +CVE-2017-1000137 + RESERVED +CVE-2017-1000136 + RESERVED +CVE-2017-1000135 + RESERVED +CVE-2017-1000134 + RESERVED +CVE-2017-1000133 + RESERVED +CVE-2017-1000132 + RESERVED +CVE-2017-1000131 + RESERVED CVE-2017- [Unsafe queries with wpdb->prepare] - wordpress 4.8.3+dfsg-1 (bug #880528) NOTE: https://wpvulndb.com/vulnerabilities/8941 @@ -2008,9 +2066,11 @@ NOT-FOR-US: XnView CVE-2017-15772 (XnView Classic for Windows Version 2.43 allows attackers to cause a ...) NOT-FOR-US: XnView -CVE-2017-15771 (Foxit Reader 8.3.2.25013 allows attackers to execute arbitrary code or ...) +CVE-2017-15771 + REJECTED NOT-FOR-US: Foxit Reader -CVE-2017-15770 (Foxit Reader 8.3.2.25013 allows attackers to execute arbitrary code or ...) +CVE-2017-15770 + REJECTED NOT-FOR-US: Foxit Reader CVE-2017-15769 (IrfanView 4.50 - 64bit allows attackers to cause a denial of service or ...) NOT-FOR-US: IrfanView @@ -11862,10 +11922,10 @@ RESERVED CVE-2017-12296 (A vulnerability in Cisco WebEx Meetings Server could allow an ...) NOT-FOR-US: Cisco -CVE-2017-12295 - RESERVED -CVE-2017-12294 - RESERVED +CVE-2017-12295 (A vulnerability in Cisco WebEx Meetings Server could allow an ...) + TODO: check +CVE-2017-12294 (A vulnerability in Cisco WebEx Meetings Server could allow an ...) + TODO: check CVE-2017-12293 (A vulnerability in Cisco WebEx Meetings Server could allow an ...) NOT-FOR-US: Cisco CVE-2017-12292 @@ -11886,28 +11946,28 @@ NOT-FOR-US: Cisco CVE-2017-12284 (A vulnerability in the web interface of Cisco Jabber for Windows Client ...) NOT-FOR-US: Cisco -CVE-2017-12283 - RESERVED -CVE-2017-12282 - RESERVED -CVE-2017-12281 - RESERVED -CVE-2017-12280 - RESERVED -CVE-2017-12279 - RESERVED -CVE-2017-12278 - RESERVED -CVE-2017-12277 - RESERVED -CVE-2017-12276 - RESERVED -CVE-2017-12275 - RESERVED -CVE-2017-12274 - RESERVED -CVE-2017-12273 - RESERVED +CVE-2017-12283 (A vulnerability in the handling of 802.11w Protected Management Frames ...) + TODO: check +CVE-2017-12282 (A vulnerability in the Access Network Query Protocol (ANQP) ingress ...) + TODO: check +CVE-2017-12281 (A vulnerability in the implementation of Protected Extensible ...) + TODO: check +CVE-2017-12280 (A vulnerability in the Control and Provisioning of Wireless Access ...) + TODO: check +CVE-2017-12279 (A vulnerability in the packet processing code of Cisco IOS Software for ...) + TODO: check +CVE-2017-12278 (A vulnerability in the Simple Network Management Protocol (SNMP) ...) + TODO: check +CVE-2017-12277 (A vulnerability in the Smart Licensing Manager service of the Cisco ...) + TODO: check +CVE-2017-12276 (A vulnerability in the web framework code for the SQL database ...) + TODO: check +CVE-2017-12275 (A vulnerability in the implementation of 802.11v Basic Service Set ...) + TODO: check +CVE-2017-12274 (A vulnerability in Extensible Authentication Protocol (EAP) ingress ...) + TODO: check +CVE-2017-12273 (A vulnerability in 802.11 association request frame processing for the ...) + TODO: check CVE-2017-12272 (A vulnerability in the web framework code of Cisco IOS XE Software ...) NOT-FOR-US: Cisco CVE-2017-12271 (A vulnerability in Cisco SPA300 and SPA500 Series IP Phones could allow ...) @@ -11928,10 +11988,10 @@ NOT-FOR-US: Cisco CVE-2017-12263 (A vulnerability in the web interface of Cisco License Manager software ...) NOT-FOR-US: Cisco -CVE-2017-12262 - RESERVED -CVE-2017-12261 - RESERVED
[Secure-testing-commits] r57233 - data/CVE
Author: sectracker Date: 2017-11-02 09:10:13 + (Thu, 02 Nov 2017) New Revision: 57233 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-02 08:15:40 UTC (rev 57232) +++ data/CVE/list 2017-11-02 09:10:13 UTC (rev 57233) @@ -7776,11 +7776,11 @@ NOT-FOR-US: FineCMS CVE-2017-13696 RESERVED -CVE-2017-1000122 +CVE-2017-1000122 (The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, ...) - webkit2gtk 2.16.3-2 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2017-0007.html NOTE: Not covered by security support -CVE-2017-1000121 +CVE-2017-1000121 (The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, ...) - webkit2gtk 2.16.3-2 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2017-0007.html NOTE: Not covered by security support @@ -24777,7 +24777,7 @@ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7825 CVE-2017-7824 RESERVED - {DSA-3987-1 DLA-1153-1 DLA-1118-1} + {DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1} - firefox 56.0-1 - firefox-esr 52.4.0esr-2 - thunderbird 1:52.4.0-1 @@ -24786,7 +24786,7 @@ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7824 CVE-2017-7823 RESERVED - {DSA-3987-1 DLA-1153-1 DLA-1118-1} + {DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1} - firefox 56.0-1 - firefox-esr 52.4.0esr-2 - thunderbird 1:52.4.0-1 @@ -24807,7 +24807,7 @@ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7820 CVE-2017-7819 RESERVED - {DSA-3987-1 DLA-1153-1 DLA-1118-1} + {DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1} - firefox 56.0-1 - firefox-esr 52.4.0esr-2 - thunderbird 1:52.4.0-1 @@ -24816,7 +24816,7 @@ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7819 CVE-2017-7818 RESERVED - {DSA-3987-1 DLA-1153-1 DLA-1118-1} + {DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1} - firefox 56.0-1 - firefox-esr 52.4.0esr-2 - thunderbird 1:52.4.0-1 @@ -24837,7 +24837,7 @@ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7815 CVE-2017-7814 RESERVED - {DSA-3987-1 DLA-1153-1 DLA-1118-1} + {DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1} - firefox 56.0-1 - firefox-esr 52.4.0esr-2 - thunderbird 1:52.4.0-1 @@ -24858,7 +24858,7 @@ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7811 CVE-2017-7810 RESERVED - {DSA-3987-1 DLA-1153-1 DLA-1118-1} + {DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1} - firefox 56.0-1 - firefox-esr 52.4.0esr-2 - thunderbird 1:52.4.0-1 @@ -24885,7 +24885,7 @@ - firefox 55.0-1 CVE-2017-7805 RESERVED - {DSA-3998-1 DSA-3987-1 DLA-1153-1 DLA-1138-1 DLA-1118-1} + {DSA-4014-1 DSA-3998-1 DSA-3987-1 DLA-1153-1 DLA-1138-1 DLA-1118-1} - firefox 56.0-1 - firefox-esr 52.4.0esr-2 - thunderbird 1:52.4.0-1 @@ -24945,7 +24945,7 @@ - firefox 55.0-1 CVE-2017-7793 RESERVED - {DSA-3987-1 DLA-1153-1 DLA-1118-1} + {DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1} - firefox 56.0-1 - firefox-esr 52.4.0esr-2 - thunderbird 1:52.4.0-1 @@ -43490,12 +43490,12 @@ NOT-FOR-US: IBM CVE-2017-1555 (IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated ...) NOT-FOR-US: IBM -CVE-2017-1554 - RESERVED -CVE-2017-1553 - RESERVED -CVE-2017-1552 - RESERVED +CVE-2017-1554 (IBM Infosphere BigInsights 4.2.0 and 4.2.5 could allow a remote ...) + TODO: check +CVE-2017-1553 (IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to cross-site ...) + TODO: check +CVE-2017-1552 (IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to link ...) + TODO: check CVE-2017-1551 (IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker ...) NOT-FOR-US: IBM CVE-2017-1550 @@ -43918,8 +43918,8 @@ RESERVED CVE-2017-1341 RESERVED -CVE-2017-1340 - RESERVED +CVE-2017-1340 (IBM Jazz Reporting Service (JRS) 6.0.4 could allow an authenticated ...) + TODO: check CVE-2017-1339 (IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) ...) NOT-FOR-US: IBM CVE-2017-1338 (IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to ...) @@ -43932,8 +43932,8 @@ NOT-FOR-US: IBM CVE-2017-1334 (IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This ...) NOT-FOR-US: IBM -CVE-2017-1333 - RESERVED +CVE-2017-1333 (IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow an ...) +
[Secure-testing-commits] r57213 - data/CVE
Author: sectracker Date: 2017-11-01 21:10:17 + (Wed, 01 Nov 2017) New Revision: 57213 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-01 20:56:37 UTC (rev 57212) +++ data/CVE/list 2017-11-01 21:10:17 UTC (rev 57213) @@ -1,3 +1,327 @@ +CVE-2017-16509 + RESERVED +CVE-2017-16508 + RESERVED +CVE-2017-16507 + RESERVED +CVE-2017-16506 + RESERVED +CVE-2017-16505 + RESERVED +CVE-2017-16504 + RESERVED +CVE-2017-16503 + RESERVED +CVE-2017-16502 + RESERVED +CVE-2017-16501 + RESERVED +CVE-2017-16500 + RESERVED +CVE-2017-16499 + RESERVED +CVE-2017-16498 + RESERVED +CVE-2017-16497 + RESERVED +CVE-2017-16496 + RESERVED +CVE-2017-16495 + RESERVED +CVE-2017-16494 + RESERVED +CVE-2017-16493 + RESERVED +CVE-2017-16492 + RESERVED +CVE-2017-16491 + RESERVED +CVE-2017-16490 + RESERVED +CVE-2017-16489 + RESERVED +CVE-2017-16488 + RESERVED +CVE-2017-16487 + RESERVED +CVE-2017-16486 + RESERVED +CVE-2017-16485 + RESERVED +CVE-2017-16484 + RESERVED +CVE-2017-16483 + RESERVED +CVE-2017-16482 + RESERVED +CVE-2017-16481 + RESERVED +CVE-2017-16480 + RESERVED +CVE-2017-16479 + RESERVED +CVE-2017-16478 + RESERVED +CVE-2017-16477 + RESERVED +CVE-2017-16476 + RESERVED +CVE-2017-16475 + RESERVED +CVE-2017-16474 + RESERVED +CVE-2017-16473 + RESERVED +CVE-2017-16472 + RESERVED +CVE-2017-16471 + RESERVED +CVE-2017-16470 + RESERVED +CVE-2017-16469 + RESERVED +CVE-2017-16468 + RESERVED +CVE-2017-16467 + RESERVED +CVE-2017-16466 + RESERVED +CVE-2017-16465 + RESERVED +CVE-2017-16464 + RESERVED +CVE-2017-16463 + RESERVED +CVE-2017-16462 + RESERVED +CVE-2017-16461 + RESERVED +CVE-2017-16460 + RESERVED +CVE-2017-16459 + RESERVED +CVE-2017-16458 + RESERVED +CVE-2017-16457 + RESERVED +CVE-2017-16456 + RESERVED +CVE-2017-16455 + RESERVED +CVE-2017-16454 + RESERVED +CVE-2017-16453 + RESERVED +CVE-2017-16452 + RESERVED +CVE-2017-16451 + RESERVED +CVE-2017-16450 + RESERVED +CVE-2017-16449 + RESERVED +CVE-2017-16448 + RESERVED +CVE-2017-16447 + RESERVED +CVE-2017-16446 + RESERVED +CVE-2017-16445 + RESERVED +CVE-2017-16444 + RESERVED +CVE-2017-16443 + RESERVED +CVE-2017-16442 + RESERVED +CVE-2017-16441 + RESERVED +CVE-2017-16440 + RESERVED +CVE-2017-16439 + RESERVED +CVE-2017-16438 + RESERVED +CVE-2017-16437 + RESERVED +CVE-2017-16436 + RESERVED +CVE-2017-16435 + RESERVED +CVE-2017-16434 + RESERVED +CVE-2017-16433 + RESERVED +CVE-2017-16432 + RESERVED +CVE-2017-16431 + RESERVED +CVE-2017-16430 + RESERVED +CVE-2017-16429 + RESERVED +CVE-2017-16428 + RESERVED +CVE-2017-16427 + RESERVED +CVE-2017-16426 + RESERVED +CVE-2017-16425 + RESERVED +CVE-2017-16424 + RESERVED +CVE-2017-16423 + RESERVED +CVE-2017-16422 + RESERVED +CVE-2017-16421 + RESERVED +CVE-2017-16420 + RESERVED +CVE-2017-16419 + RESERVED +CVE-2017-16418 + RESERVED +CVE-2017-16417 + RESERVED +CVE-2017-16416 + RESERVED +CVE-2017-16415 + RESERVED +CVE-2017-16414 + RESERVED +CVE-2017-16413 + RESERVED +CVE-2017-16412 + RESERVED +CVE-2017-16411 + RESERVED +CVE-2017-16410 + RESERVED +CVE-2017-16409 + RESERVED +CVE-2017-16408 + RESERVED +CVE-2017-16407 + RESERVED +CVE-2017-16406 + RESERVED +CVE-2017-16405 + RESERVED +CVE-2017-16404 + RESERVED +CVE-2017-16403 + RESERVED +CVE-2017-16402 + RESERVED +CVE-2017-16401 + RESERVED +CVE-2017-16400 + RESERVED +CVE-2017-16399 + RESERVED +CVE-2017-16398 + RESERVED +CVE-2017-16397 + RESERVED +CVE-2017-16396 + RESERVED +CVE-2017-16395 + RESERVED +CVE-2017-16394 + RESERVED +CVE-2017-16393 + RESERVED +CVE-2017-16392 + RESERVED +CVE-2017-16391 + RESERVED +CVE-2017-16390 + RESERVED +CVE-2017-16389 + RESERVED +CVE-2017-16388 + RESERVED +CVE-2017-16387 + RESERVED +CVE-2017-16386 + RESERVED +CVE-2017-16385 + RESERVED +CVE-2017-16384 + RESERVED +CVE-2017-16383 + RESERVED +CVE-2017-16382 + RESERVED +CVE-2017-16381 + RESERVED +CVE-2017-16380 + RESERVED +CVE-2017-16379 + RESERVED +CVE-2017-16378 + RESERVED +CVE-2017-16377 + RESERVED +CVE-2017-16376 + RESERVED +CVE-2017-16375 + RESERVED +CVE-2017-16374 + RESERVED +CVE-2017-16373 + RESERVED +CVE-2017-16372 + RESERVED +CVE-2017-16371 + RESERVED +CVE-2017-16370 + RESERVED
[Secure-testing-commits] r57198 - data/CVE
Author: sectracker Date: 2017-11-01 09:10:18 + (Wed, 01 Nov 2017) New Revision: 57198 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-01 07:52:47 UTC (rev 57197) +++ data/CVE/list 2017-11-01 09:10:18 UTC (rev 57198) @@ -1,3 +1,219 @@ +CVE-2017-16351 + RESERVED +CVE-2017-16350 + RESERVED +CVE-2017-16349 + RESERVED +CVE-2017-16348 + RESERVED +CVE-2017-16347 + RESERVED +CVE-2017-16346 + RESERVED +CVE-2017-16345 + RESERVED +CVE-2017-16344 + RESERVED +CVE-2017-16343 + RESERVED +CVE-2017-16342 + RESERVED +CVE-2017-16341 + RESERVED +CVE-2017-16340 + RESERVED +CVE-2017-16339 + RESERVED +CVE-2017-16338 + RESERVED +CVE-2017-16337 + RESERVED +CVE-2017-16336 + RESERVED +CVE-2017-16335 + RESERVED +CVE-2017-16334 + RESERVED +CVE-2017-16333 + RESERVED +CVE-2017-16332 + RESERVED +CVE-2017-16331 + RESERVED +CVE-2017-16330 + RESERVED +CVE-2017-16329 + RESERVED +CVE-2017-16328 + RESERVED +CVE-2017-16327 + RESERVED +CVE-2017-16326 + RESERVED +CVE-2017-16325 + RESERVED +CVE-2017-16324 + RESERVED +CVE-2017-16323 + RESERVED +CVE-2017-16322 + RESERVED +CVE-2017-16321 + RESERVED +CVE-2017-16320 + RESERVED +CVE-2017-16319 + RESERVED +CVE-2017-16318 + RESERVED +CVE-2017-16317 + RESERVED +CVE-2017-16316 + RESERVED +CVE-2017-16315 + RESERVED +CVE-2017-16314 + RESERVED +CVE-2017-16313 + RESERVED +CVE-2017-16312 + RESERVED +CVE-2017-16311 + RESERVED +CVE-2017-16310 + RESERVED +CVE-2017-16309 + RESERVED +CVE-2017-16308 + RESERVED +CVE-2017-16307 + RESERVED +CVE-2017-16306 + RESERVED +CVE-2017-16305 + RESERVED +CVE-2017-16304 + RESERVED +CVE-2017-16303 + RESERVED +CVE-2017-16302 + RESERVED +CVE-2017-16301 + RESERVED +CVE-2017-16300 + RESERVED +CVE-2017-16299 + RESERVED +CVE-2017-16298 + RESERVED +CVE-2017-16297 + RESERVED +CVE-2017-16296 + RESERVED +CVE-2017-16295 + RESERVED +CVE-2017-16294 + RESERVED +CVE-2017-16293 + RESERVED +CVE-2017-16292 + RESERVED +CVE-2017-16291 + RESERVED +CVE-2017-16290 + RESERVED +CVE-2017-16289 + RESERVED +CVE-2017-16288 + RESERVED +CVE-2017-16287 + RESERVED +CVE-2017-16286 + RESERVED +CVE-2017-16285 + RESERVED +CVE-2017-16284 + RESERVED +CVE-2017-16283 + RESERVED +CVE-2017-16282 + RESERVED +CVE-2017-16281 + RESERVED +CVE-2017-16280 + RESERVED +CVE-2017-16279 + RESERVED +CVE-2017-16278 + RESERVED +CVE-2017-16277 + RESERVED +CVE-2017-16276 + RESERVED +CVE-2017-16275 + RESERVED +CVE-2017-16274 + RESERVED +CVE-2017-16273 + RESERVED +CVE-2017-16272 + RESERVED +CVE-2017-16271 + RESERVED +CVE-2017-16270 + RESERVED +CVE-2017-16269 + RESERVED +CVE-2017-16268 + RESERVED +CVE-2017-16267 + RESERVED +CVE-2017-16266 + RESERVED +CVE-2017-16265 + RESERVED +CVE-2017-16264 + RESERVED +CVE-2017-16263 + RESERVED +CVE-2017-16262 + RESERVED +CVE-2017-16261 + RESERVED +CVE-2017-16260 + RESERVED +CVE-2017-16259 + RESERVED +CVE-2017-16258 + RESERVED +CVE-2017-16257 + RESERVED +CVE-2017-16256 + RESERVED +CVE-2017-16255 + RESERVED +CVE-2017-16254 + RESERVED +CVE-2017-16253 + RESERVED +CVE-2017-16252 + RESERVED +CVE-2017-16251 + RESERVED +CVE-2017-16250 + RESERVED +CVE-2017-16249 + RESERVED +CVE-2017-16247 + RESERVED +CVE-2017-16246 + RESERVED +CVE-2017-16245 + RESERVED +CVE-2017-16244 (Cross-Site Request Forgery exists in OctoberCMS 1.0.426 (aka Build 426) ...) + TODO: check +CVE-2017-16243 + RESERVED CVE-2017-16242 RESERVED CVE-2017-1000383 (GNU Emacs version 25.3.1 (and other versions most likely) ignores ...) @@ -8,7 +224,7 @@ CVE-2017-1000382 (VIM version 8.0.1187 (and other versions most likely) ignores umask ...) - vim NOTE: http://www.openwall.com/lists/oss-security/2017/10/31/15 -CVE-2017-16248 [leaks files without extention, inadvertently] +CVE-2017-16248 (The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows ...) - libcatalyst-plugin-static-simple-perl 0.34-1 (bug #880458) NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=120558 CVE-2017-16241 @@ -1904,8 +2120,8 @@ NOT-FOR-US: ILIAS CVE-2017-15536 RESERVED -CVE-2017-15535 - RESERVED +CVE-2017-15535 (MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a ...) + TODO: check CVE-2017-15534 RESERVED CVE-2017-15533 @@ -3127,7 +3343,7 @@ - koji (bug #877921) NOTE:
[Secure-testing-commits] r57177 - data/CVE
Author: sectracker Date: 2017-10-31 21:10:19 + (Tue, 31 Oct 2017) New Revision: 57177 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-10-31 20:37:37 UTC (rev 57176) +++ data/CVE/list 2017-10-31 21:10:19 UTC (rev 57177) @@ -1,9 +1,11 @@ -CVE-2017-1000383 +CVE-2017-16242 + RESERVED +CVE-2017-1000383 (GNU Emacs version 25.3.1 (and other versions most likely) ignores ...) - emacs25 - emacs24 - emacs23 NOTE: http://www.openwall.com/lists/oss-security/2017/10/31/15 -CVE-2017-1000382 +CVE-2017-1000382 (VIM version 8.0.1187 (and other versions most likely) ignores umask ...) - vim NOTE: http://www.openwall.com/lists/oss-security/2017/10/31/15 CVE-2017- [leaks files without extention, inadvertently] @@ -48,7 +50,7 @@ NOTE: This is similar class of issue as for CVE-2017-1000117/git NOTE: But needs a separate CVE since different codebasis. CVE-2017-16227 (The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 ...) - {DSA-4011-1} + {DSA-4011-1 DLA-1152-1} - quagga (bug #879474) NOTE: https://lists.quagga.net/pipermail/quagga-dev/2017-September/033284.html NOTE: http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=7a42b78be9a4108d98833069a88e6fddb9285008 @@ -1010,8 +1012,8 @@ [jessie] - linux (Vulnerable code introduced later) [wheezy] - linux (Vulnerable code introduced later) NOTE: Fixed by: https://git.kernel.org/linus/363b02dab09b3226f3bd1420dad9c72b79a42a76 (v4.14-rc6) -CVE-2017-15950 - RESERVED +CVE-2017-15950 (Flexense SyncBreeze Enterprise version 10.1.16 is vulnerable to a ...) + TODO: check CVE-2017-15949 (Xavier PHP Management Panel 2.4 allows SQL injection via the usertoedit ...) NOT-FOR-US: Xavier PHP Management Panel CVE-2017-15948 (Perch Content Management System 3.0.3 allows unrestricted file upload ...) @@ -1068,6 +1070,7 @@ NOTE: https://github.com/radare/radare2/commit/c6d0076c924891ad9948a62d89d0bcdaf965f0cd NOTE: https://github.com/radare/radare2/issues/8731 CVE-2017-15930 (In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null ...) + {DLA-1154-1} - graphicsmagick 1.3.26-16 (bug #87) NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=6fc54b6d2be8 NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=da135eaedc3b @@ -1174,8 +1177,8 @@ RESERVED CVE-2017-15885 (Reflected XSS in the web administration portal on the Axis 2100 Network ...) NOT-FOR-US: Axis -CVE-2017-15884 - RESERVED +CVE-2017-15884 (In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) ...) + TODO: check CVE-2017-15883 RESERVED CVE-2017-15882 (The London Trust Media Private Internet Access (PIA) application before ...) @@ -2594,8 +2597,7 @@ [stretch] - linux 4.9.47-1 [wheezy] - linux 3.2.93-1 NOTE: Fixed by: https://git.kernel.org/linus/5649645d725c73df4302428ee4e02c869248b4c5 (4.12-rc5) -CVE-2017-15273 - RESERVED +CVE-2017-15273 (Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before ...) - mahara NOTE: https://mahara.org/interaction/forum/topic.php?id=8081 CVE-2017-15272 @@ -3129,8 +3131,7 @@ {DSA-4007-1 DLA-1143-1} - curl 7.56.1-1 NOTE: https://curl.haxx.se/docs/adv_20171023.html -CVE-2017-1000256 [LSN-2017-0002: TLS certificate verification disabled for clients] - RESERVED +CVE-2017-1000256 (libvirt version 2.3.0 and later is vulnerable to a bad default ...) {DSA-4003-1} - libvirt 3.8.0-3 (bug #878799) [jessie] - libvirt (Vulnerable code introduced later) @@ -3450,7 +3451,7 @@ CVE-2017-14758 (OpenText Document Sciences xPression (formerly EMC Document Sciences ...) NOT-FOR-US: EMC CVE-2017-14990 (WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but ...) - {DSA-3997-1} + {DSA-3997-1 DLA-1151-1} - wordpress 4.8.2+dfsg-2 (bug #877629) NOTE: https://core.trac.wordpress.org/ticket/38474 CVE-2017-14989 (A use-after-free in RenderFreetype in MagickCore/annotate.c in ...) @@ -4098,8 +4099,7 @@ NOT-FOR-US: OpenText Document Sciences xPression CVE-2017-14753 (Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web ...) NOT-FOR-US: EyesOfNetwork (EON) -CVE-2017-14752 - RESERVED +CVE-2017-14752 (Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before ...) - mahara NOTE: https://mahara.org/interaction/forum/topic.php?id=8083 CVE-2017-14751 (The Intense WP WP Jobs plugin 1.5 for WordPress has XSS, related to ...) @@ -4197,7 +4197,7 @@ [wheezy] - wordpress (Vulnerable code not present) NOTE:
[Secure-testing-commits] Processing r57162 failed
The error message was: data/DLA/list:3: expected package entry, got: '[wheezy] - quagga quagga_0.99.22.4-1+wheezy3+deb7u2' Makefile:21: recipe for target 'all' failed make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r57162 failed
The error message was: data/DLA/list:3: expected package entry, got: '[wheezy] - quagga quagga_0.99.22.4-1+wheezy3+deb7u2' Makefile:21: recipe for target 'all' failed make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits