Author: sectracker Date: 2017-11-17 09:10:18 +0000 (Fri, 17 Nov 2017) New Revision: 57697
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-11-17 06:20:29 UTC (rev 57696) +++ data/CVE/list 2017-11-17 09:10:18 UTC (rev 57697) @@ -1,3 +1,107 @@ +CVE-2017-16872 + RESERVED +CVE-2017-16871 + RESERVED +CVE-2017-16870 + RESERVED +CVE-2017-16869 + RESERVED +CVE-2017-16868 + RESERVED +CVE-2017-16867 (Amazon Key through 2017-11-16 mishandles Cloud Cam 802.11 ...) + TODO: check +CVE-2017-1000248 (Redis-store <=v1.3.0 allows unsafe objects to be loaded from redis ...) + TODO: check +CVE-2017-1000247 (British Columbia Institute of Technology CodeIgniter 3.1.3 is ...) + TODO: check +CVE-2017-1000246 (Python package pysaml2 version 4.4.0 and earlier reuses the ...) + TODO: check +CVE-2017-1000241 (The application OpenEMR version 5.0.0, 5.0.1-dev and prior is affected ...) + TODO: check +CVE-2017-1000240 (The application OpenEMR is affected by multiple reflected & stored ...) + TODO: check +CVE-2017-1000239 (InvoicePlane version 1.4.10 is vulnerable to a Stored Cross Site ...) + TODO: check +CVE-2017-1000238 (InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload ...) + TODO: check +CVE-2017-1000237 (I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request ...) + TODO: check +CVE-2017-1000236 (I, Librarian version <=4.6 & 4.7 is vulnerable to Reflected Cross-Site ...) + TODO: check +CVE-2017-1000235 (I, Librarian version <=4.6 & 4.7 is vulnerable to OS Command Injection ...) + TODO: check +CVE-2017-1000234 (I, Librarian version <=4.6 & 4.7 is vulnerable to Directory ...) + TODO: check +CVE-2017-1000232 (A double-free vulnerability in str2host.c in ldns 1.7.0 have ...) + TODO: check +CVE-2017-1000231 (A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified ...) + TODO: check +CVE-2017-1000229 (Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 ...) + TODO: check +CVE-2017-1000228 (nodejs ejs versions older than 2.5.3 is vulnerable to remote code ...) + TODO: check +CVE-2017-1000226 (Stop User Enumeration 1.3.8 allows user enumeration via the REST API ...) + TODO: check +CVE-2017-1000225 (Reflected XSS in Relevanssi Premium version 1.14.8 when using ...) + TODO: check +CVE-2017-1000224 (CSRF in YouTube (WordPress plugin) could allow unauthenticated ...) + TODO: check +CVE-2017-1000223 (A stored web content injection vulnerability (WCI, a.k.a XSS) is ...) + TODO: check +CVE-2017-1000220 (soyuka/pidusage <=1.1.4 is vulnerable to command injection in the ...) + TODO: check +CVE-2017-1000219 (npm/KyleRoss windows-cpu all versions vulnerable to command injection ...) + TODO: check +CVE-2017-1000218 (LightFTP version 1.1 is vulnerable to a buffer overflow in the ...) + TODO: check +CVE-2017-1000213 (WBCE v1.1.11 is vulnerable to reflected XSS via the "begriff" POST ...) + TODO: check +CVE-2017-1000210 (picoTCP (versions 1.7.0 - 1.5.0) is vulnerable to stack buffer ...) + TODO: check +CVE-2017-1000209 (The Java WebSocket client nv-websocket-client does not verify that the ...) + TODO: check +CVE-2017-1000208 (A vulnerability in Swagger-Parser's (version <= 1.0.30) yaml parsing ...) + TODO: check +CVE-2017-1000197 (October CMS build 412 is vulnerable to file path modification in asset ...) + TODO: check +CVE-2017-1000196 (October CMS build 412 is vulnerable to PHP code execution in the asset ...) + TODO: check +CVE-2017-1000195 (October CMS build 412 is vulnerable to PHP object injection in asset ...) + TODO: check +CVE-2017-1000194 (October CMS build 412 is vulnerable to Apache configuration ...) + TODO: check +CVE-2017-1000193 (October CMS build 412 is vulnerable to stored WCI (a.k.a XSS) in brand ...) + TODO: check +CVE-2017-1000189 (nodejs ejs version older than 2.5.5 is vulnerable to a ...) + TODO: check +CVE-2017-1000188 (nodejs ejs version older than 2.5.5 is vulnerable to a ...) + TODO: check +CVE-2017-1000187 (In SWFTools, an address access exception was found in pdf2swf. ...) + TODO: check +CVE-2017-1000186 (In SWFTools, a stack overflow was found in pdf2swf. ...) + TODO: check +CVE-2017-1000185 (In SWFTools, a memcpy buffer overflow was found in gif2swf. ...) + TODO: check +CVE-2017-1000182 (In SWFTools, a memory leak was found in wav2swf. ...) + TODO: check +CVE-2017-1000176 (In SWFTools, a memcpy buffer overflow was found in swfc. ...) + TODO: check +CVE-2017-1000174 (In SWFTools, an address access exception was found in swfdump ...) + TODO: check +CVE-2017-1000173 (Creolabs Gravity Version: 1.0 Heap Overflow Potential Code Execution. ...) + TODO: check +CVE-2017-1000172 (Creolabs Gravity Version: 1.0 Use-After-Free Possible code execution. ...) + TODO: check +CVE-2017-1000164 (Tine 2.0 version 2017.02.4 is vulnerable to XSS in the Addressbook ...) + TODO: check +CVE-2017-1000160 (EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting ...) + TODO: check +CVE-2017-1000158 (CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow ...) + TODO: check +CVE-2017-1000129 (Serendipity 2.0.3 is vulnerable to a SQL injection in the blog ...) + TODO: check +CVE-2017-1000125 (Codiad(full version) is vulnerable to write anything to configure file ...) + TODO: check CVE-2018-0085 RESERVED CVE-2018-0084 @@ -168,8 +272,8 @@ RESERVED CVE-2018-0001 RESERVED -CVE-2017-16866 - RESERVED +CVE-2017-16866 (dayrui FineCms 5.2.0 before 2017.11.16 has Cross Site Scripting (XSS) ...) + TODO: check CVE-2017-16865 RESERVED CVE-2017-16864 @@ -213,8 +317,8 @@ NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg02982.html CVE-2017-16844 (Heap-based buffer overflow in the loadbuf function in formisc.c in ...) - procmail <unfixed> (bug #876511) -CVE-2017-16843 - RESERVED +CVE-2017-16843 (Vonage VDV-23 115 3.2.11-0.9.40 devices have stored XSS via the ...) + TODO: check CVE-2017-16842 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: Yoast SEO plugin for WordPress CVE-2017-16841 (LanSweeper 6.0.100.75 has XSS via the description parameter to ...) @@ -237,6 +341,7 @@ CVE-2017-16833 (Stored cross-site scripting (XSS) vulnerability in Gemirro before ...) NOT-FOR-US: Gemirro CVE-2017-16853 (The DynamicMetadataProvider class in ...) + {DSA-4039-1} - opensaml2 <unfixed> (bug #881856) NOTE: https://git.shibboleth.net/view/?p=cpp-opensaml.git;a=commit;h=6182b0acf2df670e75423c2ed7afe6950ef11c9d NOTE: https://shibboleth.net/community/advisories/secadv_20171115.txt @@ -523,16 +628,16 @@ RESERVED CVE-2017-16720 RESERVED -CVE-2017-16719 - RESERVED +CVE-2017-16719 (An Injection issue was discovered in Moxa NPort 5110 Version 2.2, NPort ...) + TODO: check CVE-2017-16718 RESERVED CVE-2017-16717 RESERVED CVE-2017-16716 RESERVED -CVE-2017-16715 - RESERVED +CVE-2017-16715 (An Information Exposure issue was discovered in Moxa NPort 5110 Version ...) + TODO: check CVE-2017-16714 RESERVED CVE-2017-16713 @@ -3654,10 +3759,10 @@ RESERVED CVE-2017-15518 RESERVED -CVE-2017-15517 - RESERVED -CVE-2017-15516 - RESERVED +CVE-2017-15517 (AltaVault OST Plug-in versions prior to 1.2.2 may allow attackers to ...) + TODO: check +CVE-2017-15516 (NetApp SnapCenter Server versions 1.1 through 2.x are susceptible to a ...) + TODO: check CVE-2017-15515 RESERVED CVE-2017-15514 @@ -7869,13 +7974,13 @@ RESERVED CVE-2017-14110 RESERVED -CVE-2017-1000201 +CVE-2017-1000201 (The tcmu-runner daemon in tcmu-runner version 1.0.5 to 1.2.0 is ...) NOT-FOR-US: tcmu-runner -CVE-2017-1000200 +CVE-2017-1000200 (tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a dbus triggered ...) NOT-FOR-US: tcmu-runner -CVE-2017-1000199 +CVE-2017-1000199 (tcmu-runner version 0.91 up to 1.20 is vulnerable to information ...) NOT-FOR-US: tcmu-runner -CVE-2017-1000198 +CVE-2017-1000198 (tcmu-runner daemon version 0.9.0 to 1.2.0 is vulnerable to invalid ...) NOT-FOR-US: tcmu-runner CVE-2017-14109 RESERVED @@ -8117,8 +8222,8 @@ RESERVED CVE-2017-14029 (An Uncontrolled Search Path Element issue was discovered in Trihedral ...) NOT-FOR-US: Trihedral VTScada -CVE-2017-14028 - RESERVED +CVE-2017-14028 (A Resource Exhaustion issue was discovered in Moxa NPort 5110 Version ...) + TODO: check CVE-2017-14027 (A Use of Hard-coded Credentials issue was discovered in Korenix JetNet ...) NOT-FOR-US: Korenix CVE-2017-14026 @@ -16783,24 +16888,24 @@ RESERVED CVE-2017-11094 RESERVED -CVE-2017-11093 - RESERVED -CVE-2017-11092 - RESERVED -CVE-2017-11091 - RESERVED -CVE-2017-11090 - RESERVED -CVE-2017-11089 - RESERVED +CVE-2017-11093 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check +CVE-2017-11092 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check +CVE-2017-11091 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check +CVE-2017-11090 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check +CVE-2017-11089 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check CVE-2017-11088 RESERVED CVE-2017-11087 RESERVED CVE-2017-11086 RESERVED -CVE-2017-11085 - RESERVED +CVE-2017-11085 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check CVE-2017-11084 RESERVED CVE-2017-11083 @@ -16823,8 +16928,8 @@ RESERVED CVE-2017-11074 RESERVED -CVE-2017-11073 - RESERVED +CVE-2017-11073 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check CVE-2017-11072 RESERVED CVE-2017-11071 @@ -16853,8 +16958,8 @@ NOT-FOR-US: Qualcomm components for Android CVE-2017-11059 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android -CVE-2017-11058 - RESERVED +CVE-2017-11058 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check CVE-2017-11057 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11056 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) @@ -16893,60 +16998,60 @@ NOT-FOR-US: Qualcomm driver for Android CVE-2017-11039 RESERVED -CVE-2017-11038 - RESERVED +CVE-2017-11038 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check CVE-2017-11037 RESERVED CVE-2017-11036 RESERVED -CVE-2017-11035 - RESERVED +CVE-2017-11035 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check CVE-2017-11034 RESERVED CVE-2017-11033 RESERVED -CVE-2017-11032 - RESERVED +CVE-2017-11032 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check CVE-2017-11031 RESERVED CVE-2017-11030 RESERVED -CVE-2017-11029 - RESERVED -CVE-2017-11028 - RESERVED -CVE-2017-11027 - RESERVED -CVE-2017-11026 - RESERVED -CVE-2017-11025 - RESERVED -CVE-2017-11024 - RESERVED -CVE-2017-11023 - RESERVED -CVE-2017-11022 - RESERVED +CVE-2017-11029 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check +CVE-2017-11028 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check +CVE-2017-11027 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check +CVE-2017-11026 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check +CVE-2017-11025 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check +CVE-2017-11024 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check +CVE-2017-11023 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check +CVE-2017-11022 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check CVE-2017-11021 RESERVED CVE-2017-11020 RESERVED CVE-2017-11019 RESERVED -CVE-2017-11018 - RESERVED -CVE-2017-11017 - RESERVED +CVE-2017-11018 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check +CVE-2017-11017 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check CVE-2017-11016 RESERVED -CVE-2017-11015 - RESERVED -CVE-2017-11014 - RESERVED -CVE-2017-11013 - RESERVED -CVE-2017-11012 - RESERVED +CVE-2017-11015 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check +CVE-2017-11014 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check +CVE-2017-11013 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check +CVE-2017-11012 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check CVE-2017-11011 RESERVED CVE-2017-11010 @@ -20558,12 +20663,12 @@ RESERVED CVE-2017-9722 RESERVED -CVE-2017-9721 - RESERVED +CVE-2017-9721 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check CVE-2017-9720 (In all Qualcomm products with Android releases from CAF using the ...) NOT-FOR-US: Qualcomm driver for Android -CVE-2017-9719 - RESERVED +CVE-2017-9719 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check CVE-2017-9718 RESERVED CVE-2017-9717 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) @@ -20596,10 +20701,10 @@ RESERVED CVE-2017-9703 RESERVED -CVE-2017-9702 - RESERVED -CVE-2017-9701 - RESERVED +CVE-2017-9702 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check +CVE-2017-9701 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check CVE-2017-9700 RESERVED CVE-2017-9699 @@ -20608,8 +20713,8 @@ RESERVED CVE-2017-9697 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android -CVE-2017-9696 - RESERVED +CVE-2017-9696 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check CVE-2017-9695 RESERVED CVE-2017-9694 @@ -20624,8 +20729,8 @@ CVE-2017-9691 RESERVED NOT-FOR-US: Qualcomm driver for Android -CVE-2017-9690 - RESERVED +CVE-2017-9690 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check CVE-2017-9689 RESERVED CVE-2017-9688 @@ -24865,8 +24970,8 @@ NOT-FOR-US: Qualcomm driver for Android CVE-2017-8280 (In all Qualcomm products with Android releases from CAF using the ...) NOT-FOR-US: Qualcomm driver for Android -CVE-2017-8279 - RESERVED +CVE-2017-8279 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check CVE-2017-8278 (In all Qualcomm products with Android releases from CAF using the ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-8277 (In all Qualcomm products with Android releases from CAF using the ...) @@ -36462,12 +36567,12 @@ RESERVED CVE-2017-4933 RESERVED -CVE-2017-4932 - RESERVED -CVE-2017-4931 - RESERVED -CVE-2017-4930 - RESERVED +CVE-2017-4932 (VMware AirWatch Launcher for Android prior to 3.2.2 contains a ...) + TODO: check +CVE-2017-4931 (VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability ...) + TODO: check +CVE-2017-4930 (VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability ...) + TODO: check CVE-2017-4929 RESERVED CVE-2017-4928 @@ -46357,8 +46462,8 @@ RESERVED CVE-2017-0910 RESERVED -CVE-2017-0909 - RESERVED +CVE-2017-0909 (The private_address_check ruby gem before 0.4.1 is vulnerable to a ...) + TODO: check CVE-2017-0908 REJECTED CVE-2017-0907 (The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, ...) @@ -46637,80 +46742,80 @@ RESERVED CVE-2017-0867 RESERVED -CVE-2017-0866 - RESERVED -CVE-2017-0865 - RESERVED -CVE-2017-0864 - RESERVED -CVE-2017-0863 - RESERVED -CVE-2017-0862 - RESERVED -CVE-2017-0861 - RESERVED -CVE-2017-0860 - RESERVED -CVE-2017-0859 - RESERVED -CVE-2017-0858 - RESERVED -CVE-2017-0857 - RESERVED +CVE-2017-0866 (An elevation of privilege vulnerability in the Direct rendering ...) + TODO: check +CVE-2017-0865 (An elevation of privilege vulnerability in the MediaTek soc driver. ...) + TODO: check +CVE-2017-0864 (An elevation of privilege vulnerability in the MediaTek ioctl ...) + TODO: check +CVE-2017-0863 (An elevation of privilege vulnerability in the Upstream kernel video ...) + TODO: check +CVE-2017-0862 (An elevation of privilege vulnerability in the Upstream kernel kernel. ...) + TODO: check +CVE-2017-0861 (An elevation of privilege vulnerability in the Upstream kernel audio ...) + TODO: check +CVE-2017-0860 (An elevation of privilege vulnerability in the Android system ...) + TODO: check +CVE-2017-0859 (Another vulnerability in the Android media framework (n/a). Product: ...) + TODO: check +CVE-2017-0858 (Another vulnerability in the Android media framework (n/a). Product: ...) + TODO: check +CVE-2017-0857 (Another vulnerability in the Android media framework (n/a). Product: ...) + TODO: check CVE-2017-0856 RESERVED CVE-2017-0855 RESERVED -CVE-2017-0854 - RESERVED -CVE-2017-0853 - RESERVED -CVE-2017-0852 - RESERVED -CVE-2017-0851 - RESERVED -CVE-2017-0850 - RESERVED -CVE-2017-0849 - RESERVED -CVE-2017-0848 - RESERVED -CVE-2017-0847 - RESERVED +CVE-2017-0854 (An information disclosure vulnerability in the Android media framework ...) + TODO: check +CVE-2017-0853 (An information disclosure vulnerability in the Android media framework ...) + TODO: check +CVE-2017-0852 (A denial of service vulnerability in the Android media framework ...) + TODO: check +CVE-2017-0851 (An information disclosure vulnerability in the Android media framework ...) + TODO: check +CVE-2017-0850 (An information disclosure vulnerability in the Android media framework ...) + TODO: check +CVE-2017-0849 (An information disclosure vulnerability in the Android media framework ...) + TODO: check +CVE-2017-0848 (An information disclosure vulnerability in the Android media framework ...) + TODO: check +CVE-2017-0847 (An elevation of privilege vulnerability in the Android media framework ...) + TODO: check CVE-2017-0846 RESERVED -CVE-2017-0845 - RESERVED +CVE-2017-0845 (A denial of service vulnerability in the Android framework ...) + TODO: check CVE-2017-0844 RESERVED -CVE-2017-0843 - RESERVED -CVE-2017-0842 - RESERVED -CVE-2017-0841 - RESERVED -CVE-2017-0840 - RESERVED -CVE-2017-0839 - RESERVED -CVE-2017-0838 - RESERVED +CVE-2017-0843 (An elevation of privilege vulnerability in the MediaTek ccci. Product: ...) + TODO: check +CVE-2017-0842 (An elevation of privilege vulnerability in the Android system ...) + TODO: check +CVE-2017-0841 (A remote code execution vulnerability in the Android system ...) + TODO: check +CVE-2017-0840 (An information disclosure vulnerability in the Android media framework ...) + TODO: check +CVE-2017-0839 (An information disclosure vulnerability in the Android media framework ...) + TODO: check +CVE-2017-0838 (An elevation of privilege vulnerability in the Android media framework ...) + TODO: check CVE-2017-0837 RESERVED -CVE-2017-0836 - RESERVED -CVE-2017-0835 - RESERVED -CVE-2017-0834 - RESERVED -CVE-2017-0833 - RESERVED -CVE-2017-0832 - RESERVED -CVE-2017-0831 - RESERVED -CVE-2017-0830 - RESERVED +CVE-2017-0836 (A remote code execution vulnerability in the Android media framework ...) + TODO: check +CVE-2017-0835 (A remote code execution vulnerability in the Android media framework ...) + TODO: check +CVE-2017-0834 (A remote code execution vulnerability in the Android media framework ...) + TODO: check +CVE-2017-0833 (A remote code execution vulnerability in the Android media framework ...) + TODO: check +CVE-2017-0832 (A remote code execution vulnerability in the Android media framework ...) + TODO: check +CVE-2017-0831 (An elevation of privilege vulnerability in the Android framework ...) + TODO: check +CVE-2017-0830 (An elevation of privilege vulnerability in the Android framework ...) + TODO: check CVE-2017-0829 (An elevation of privilege vulnerability in the Motorola bootloader. ...) NOT-FOR-US: Motorola bootloader CVE-2017-0828 (An elevation of privilege vulnerability in the Huawei bootloader. ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits