Author: sectracker
Date: 2017-11-15 21:10:20 +0000 (Wed, 15 Nov 2017)
New Revision: 57666
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-11-15 20:35:45 UTC (rev 57665)
+++ data/CVE/list 2017-11-15 21:10:20 UTC (rev 57666)
@@ -1,3 +1,5 @@
+CVE-2017-16833 (Stored cross-site scripting (XSS) vulnerability in Gemirro
before ...)
+ TODO: check
CVE-2017-XXXX [CPPOST-105]
- opensaml2 <unfixed> (bug #881856)
NOTE:
https://git.shibboleth.net/view/?p=cpp-opensaml.git;a=commit;h=6182b0acf2df670e75423c2ed7afe6950ef11c9d
@@ -2540,8 +2542,7 @@
RESERVED
CVE-2017-15925
RESERVED
-CVE-2017-15923 [Crash in parsing IRC color formatting codes]
- RESERVED
+CVE-2017-15923 (Konversation 1.4.x, 1.5.x, 1.6.x, and 1.7.x before 1.7.3 allow
remote ...)
{DSA-4033-1}
- konversation 1.7.3-1 (bug #881586)
NOTE:
https://cgit.kde.org/konversation.git/commit/?h=1.7&id=6a7f59ee1b9dbc6e5cf9e5f3b306504d02b73ef0
@@ -2804,8 +2805,8 @@
NOT-FOR-US: phpMyFaq
CVE-2017-15807
RESERVED
-CVE-2017-15806
- RESERVED
+CVE-2017-15806 (The send function in the ezcMailMtaTransport class in Zeta
Components ...)
+ TODO: check
CVE-2016-10516 (Cross-site scripting (XSS) vulnerability in the render_full
function in ...)
- python-werkzeug 0.11.11+dfsg1-1
NOTE:
http://blog.neargle.com/2016/09/21/flask-src-review-get-a-xss-from-debuger/
@@ -4063,8 +4064,8 @@
- qemu-kvm <removed>
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg02557.html
NOTE: Fixed by:
https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=eb38e1bc3740725ca29a535351de94107ec58d51
-CVE-2017-15288
- RESERVED
+CVE-2017-15288 (The compilation daemon in Scala before 2.10.7, 2.11.x before
2.11.12, ...)
+ TODO: check
CVE-2017-15287 (There is XSS in the BouquetEditor WebPlugin for Dream
Multimedia ...)
NOT-FOR-US: BouquetEditor WebPlugin
CVE-2017-15286 (SQLite 3.20.1 has a NULL pointer dereference in
tableColumnList in ...)
@@ -4116,14 +4117,14 @@
CVE-2017-15273 (Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10
before ...)
- mahara <removed>
NOTE: https://mahara.org/interaction/forum/topic.php?id=8081
-CVE-2017-15272
- RESERVED
-CVE-2017-15271
- RESERVED
-CVE-2017-15270
- RESERVED
-CVE-2017-15269
- RESERVED
+CVE-2017-15272 (The PSFTPd 10.0.4 Build 729 server stores its configuration
inside ...)
+ TODO: check
+CVE-2017-15271 (A use-after-free issue could be triggered remotely in the SFTP
...)
+ TODO: check
+CVE-2017-15270 (The PSFTPd 10.0.4 Build 729 server does not properly escape
data ...)
+ TODO: check
+CVE-2017-15269 (The PSFTPd 10.0.4 Build 729 server does not prevent FTP bounce
scans ...)
+ TODO: check
CVE-2017-15268 (Qemu through 2.10.0 allows remote attackers to cause a memory
leak by ...)
- qemu <unfixed> (bug #880836)
[stretch] - qemu <no-dsa> (Minor issue)
@@ -5103,8 +5104,8 @@
RESERVED
CVE-2017-14962
RESERVED
-CVE-2017-14961
- RESERVED
+CVE-2017-14961 (In IKARUS anti.virus 2.16.7, the ntguard.sys driver contains
an ...)
+ TODO: check
CVE-2017-14960
RESERVED
CVE-2017-14959
@@ -12029,10 +12030,10 @@
CVE-2017-12635 (Due to differences in the Erlang-based JSON parser and ...)
- couchdb <removed>
NOTE: http://www.openwall.com/lists/oss-security/2017/11/14/6
-CVE-2017-12634
- RESERVED
-CVE-2017-12633
- RESERVED
+CVE-2017-12634 (The camel-castor component in Apache Camel 2.x before 2.19.4
and ...)
+ TODO: check
+CVE-2017-12633 (The camel-hessian component in Apache Camel 2.x before 2.19.4
and ...)
+ TODO: check
CVE-2017-12632
RESERVED
CVE-2017-12631
@@ -12490,7 +12491,7 @@
RESERVED
CVE-2017-12461
RESERVED
-CVE-2017-12460 (Unspecified vulnerability in Barco ClickShare CSM-1 firmware
before ...)
+CVE-2017-12460 (An issue was discovered in Barco ClickShare CSM-1 firmware
before ...)
NOT-FOR-US: Barco ClickShare CSM-1 firmware
CVE-2017-12459 (The bfd_mach_o_read_symtab_strtab function in bfd/mach-o.c in
the ...)
- binutils 2.29-8
@@ -23189,7 +23190,7 @@
CVE-2017-8815 (The language converter in MediaWiki before 1.27.4, 1.28.x
before ...)
- mediawiki 1:1.27.4-1
NOTE:
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html
- NOTE: https://phabricator.wikimedia.org/T119158
+ NOTE: https://phabricator.wikimedia.org/T119158
CVE-2017-8814 (The language converter in MediaWiki before 1.27.4, 1.28.x
before ...)
- mediawiki 1:1.27.4-1
NOTE:
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html
@@ -23215,9 +23216,10 @@
CVE-2017-8808 (MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x
before 1.29.2 ...)
- mediawiki 1:1.27.4-1
NOTE:
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html
- NOTE: https://phabricator.wikimedia.org/T178451
+ NOTE: https://phabricator.wikimedia.org/T178451
CVE-2017-8807 [Data leak - '-sfile' Stevedore transient objects]
RESERVED
+ {DSA-4034-1}
- varnish <unfixed> (bug #881808)
[jessie] - varnish <not-affected> (Vulnerable code not present, issue
introduced in 4.1.0)
NOTE: http://varnish-cache.org/security/VSV00002.html
@@ -119273,8 +119275,7 @@
[squeeze] - cacti 0.8.7g-1+squeeze4 (bug #752573)
CVE-2014-4001
RESERVED
-CVE-2014-4000 [PHP Object Injection Vulnerabilities]
- RESERVED
+CVE-2014-4000 (Cacti before 1.0.0 allows remote authenticated users to conduct
PHP ...)
- cacti 0.8.8e+ds1-1 (low)
[jessie] - cacti 0.8.8b+dfsg-8+deb8u2
[wheezy] - cacti 0.8.8a+dfsg-5+deb7u6
@@ -121905,8 +121906,8 @@
NOTE: libv8 not covered by security support
CVE-2014-3151
RESERVED
-CVE-2014-3150
- RESERVED
+CVE-2014-3150 (Livebox 1.1 allows remote authenticated users to upload
arbitrary ...)
+ TODO: check
CVE-2014-3149 (Cross-site scripting (XSS) vulnerability in Invision Power
IP.Board ...)
NOT-FOR-US: Invision Power IP.Board
CVE-2014-3148 (Cross-site scripting (XSS) vulnerability in libahttp/err.c in
OkCupid ...)
@@ -122665,8 +122666,8 @@
NOT-FOR-US: CIS Manager CMS
CVE-2014-2846 (Directory traversal vulnerability in
opt/arkeia/wui/htdocs/index.php ...)
NOT-FOR-US: Arkeia Server Backup
-CVE-2014-2845
- RESERVED
+CVE-2014-2845 (Cyberduck before 4.4.4 on Windows does not properly validate
X.509 ...)
+ TODO: check
CVE-2014-2844 (Cross-site scripting (XSS) vulnerability in F-Secure Messaging
Secure ...)
NOT-FOR-US: F-Secure Messaging Secure Gateway
CVE-2014-2843
@@ -130429,8 +130430,7 @@
[squeeze] - openssl 0.9.8o-4squeeze15
CVE-2014-0220 (Cloudera Manager before 4.8.3 and 5.x before 5.0.1 allows
remote ...)
NOT-FOR-US: Cloudera Manager
-CVE-2014-0219
- RESERVED
+CVE-2014-0219 (Apache Karaf enables a shutdown port on the loopback interface,
which ...)
NOT-FOR-US: Apache Karaf
CVE-2014-0218 (Cross-site scripting (XSS) vulnerability in the URL downloader
...)
- moodle 2.6.3-1
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
