Author: sectracker Date: 2017-11-17 21:10:14 +0000 (Fri, 17 Nov 2017) New Revision: 57745
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-11-17 19:45:46 UTC (rev 57744) +++ data/CVE/list 2017-11-17 21:10:14 UTC (rev 57745) @@ -1,13 +1,59 @@ -CVE-2017-16872 +CVE-2017-16879 RESERVED -CVE-2017-16871 +CVE-2017-16878 RESERVED -CVE-2017-16870 +CVE-2017-16877 (ZEIT Next.js before 2.4.1 has directory traversal under the /_next and ...) + TODO: check +CVE-2017-16876 RESERVED -CVE-2017-16869 +CVE-2017-16875 (An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in ...) + TODO: check +CVE-2017-16874 RESERVED -CVE-2017-16868 +CVE-2017-16873 RESERVED +CVE-2017-1000233 + REJECTED + TODO: check +CVE-2017-1000222 + REJECTED + TODO: check +CVE-2017-1000215 (ROOT xrootd version 4.6.0 and below is vulnerable to an ...) + TODO: check +CVE-2017-1000212 (Elixir's vim plugin, alchemist.vim is vulnerable to remote code ...) + TODO: check +CVE-2017-1000211 (Lynx version 2.8.8 and older is vulnerable to a use after free in the ...) + TODO: check +CVE-2017-1000206 (samtools htslib library version 1.4.0 and earlier is vulnerable to ...) + TODO: check +CVE-2017-1000204 + REJECTED + TODO: check +CVE-2017-1000203 (ROOT version 6.9.03 and below is vulnerable to an authenticated shell ...) + TODO: check +CVE-2017-1000192 (Cygnux sysPass version 2.1.7 and older is vulnerable to a Local File ...) + TODO: check +CVE-2017-1000191 (Jool 3.5.0-3.5.1 is vulnerable to a kernel crashing packet resulting ...) + TODO: check +CVE-2017-1000170 (jqueryFileTree 2.1.5 and older Directory Traversal ...) + TODO: check +CVE-2017-1000169 (QuickerBB version <= 0.7.2 is vulnerable to arbitrary file writes ...) + TODO: check +CVE-2017-1000168 (sodiumoxide 0.0.13 and older scalarmult() vulnerable to degenerate ...) + TODO: check +CVE-2017-1000161 + REJECTED + TODO: check +CVE-2017-16872 (An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in ...) + TODO: check +CVE-2017-16871 (The UpdraftPlus plugin through 1.13.12 for WordPress allows remote PHP ...) + TODO: check +CVE-2017-16870 (The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the ...) + TODO: check +CVE-2017-16869 (p_mach.cpp in UPX 3.94 allows remote attackers to cause a denial of ...) + TODO: check +CVE-2017-16868 (In SWFTools 0.9.2, the wav_convert2mono function in lib/wav.c does not ...) + TODO: check CVE-2017-16867 (Amazon Key through 2017-11-16 mishandles Cloud Cam 802.11 ...) NOT-FOR-US: Amazon Key CVE-2017-1000248 (Redis-store <=v1.3.0 allows unsafe objects to be loaded from redis ...) @@ -329,8 +375,7 @@ NOT-FOR-US: Zoho ManageEngine Applications Manager CVE-2017-16846 (Zoho ManageEngine Applications Manager 13 allows SQL injection via the ...) NOT-FOR-US: Zoho ManageEngine Applications Manager -CVE-2017-16845 [ps2: information leakage via post_load routine] - RESERVED +CVE-2017-16845 (hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values ...) - qemu <unfixed> - qemu-kvm <removed> NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg02982.html @@ -431,8 +476,8 @@ RESERVED CVE-2017-16821 (b3log Symphony (aka Sym) 2.2.0 has XSS in processor/AdminProcessor.java ...) NOT-FOR-US: b3log Symphony -CVE-2017-16819 - RESERVED +CVE-2017-16819 (A stored cross-site scripting vulnerability in the Icon Time Systems ...) + TODO: check CVE-2017-16818 RESERVED CVE-2017-16817 @@ -8001,8 +8046,8 @@ REJECTED CVE-2017-14112 RESERVED -CVE-2017-14111 - RESERVED +CVE-2017-14111 (The workstation logging function in Philips IntelliSpace ...) + TODO: check CVE-2017-14110 RESERVED CVE-2017-1000201 (The tcmu-runner daemon in tcmu-runner version 1.0.5 to 1.2.0 is ...) @@ -9182,14 +9227,14 @@ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1495510 NOTE: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2017q3/011729.html NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=63437ffbb58837b214b4b92cb1c54bc5f3279928 -CVE-2017-13703 - RESERVED -CVE-2017-13702 - RESERVED +CVE-2017-13703 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. A ...) + TODO: check +CVE-2017-13702 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. ...) + TODO: check CVE-2017-13701 RESERVED -CVE-2017-13700 - RESERVED +CVE-2017-13700 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. ...) + TODO: check CVE-2017-13699 RESERVED CVE-2017-13698 @@ -17467,16 +17512,16 @@ RESERVED CVE-2017-10891 RESERVED -CVE-2017-10890 - RESERVED -CVE-2017-10889 - RESERVED -CVE-2017-10888 - RESERVED -CVE-2017-10887 - RESERVED -CVE-2017-10886 - RESERVED +CVE-2017-10890 (Session management issue in RX-V200 firmware versions prior to ...) + TODO: check +CVE-2017-10889 (TablePress prior to version 1.8.1 allows an attacker to conduct XML ...) + TODO: check +CVE-2017-10888 (BOOK WALKER for Windows Ver.1.2.9 and earlier, BOOK WALKER for Mac ...) + TODO: check +CVE-2017-10887 (Untrusted search path vulnerability in BOOK WALKER for Windows ...) + TODO: check +CVE-2017-10886 (Cross-site scripting vulnerability in CS-Cart Japanese Edition v4.3.10 ...) + TODO: check CVE-2017-10885 (Untrusted search path vulnerability in HYPER SBI Ver. 2.2 and earlier ...) NOT-FOR-US: HYPER SBI CVE-2017-10884 @@ -32005,8 +32050,8 @@ RESERVED CVE-2017-6169 RESERVED -CVE-2017-6168 - RESERVED +CVE-2017-6168 (On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 ...) + TODO: check CVE-2017-6167 RESERVED CVE-2017-6166 @@ -36590,16 +36635,16 @@ RESERVED CVE-2017-4939 RESERVED -CVE-2017-4938 - RESERVED -CVE-2017-4937 - RESERVED -CVE-2017-4936 - RESERVED -CVE-2017-4935 - RESERVED -CVE-2017-4934 - RESERVED +CVE-2017-4938 (VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) ...) + TODO: check +CVE-2017-4937 (VMware Workstation (12.x before 12.5.8) and Horizon View Client for ...) + TODO: check +CVE-2017-4936 (VMware Workstation (12.x before 12.5.8) and Horizon View Client for ...) + TODO: check +CVE-2017-4935 (VMware Workstation (12.x before 12.5.8) and Horizon View Client for ...) + TODO: check +CVE-2017-4934 (VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) ...) + TODO: check CVE-2017-4933 RESERVED CVE-2017-4932 (VMware AirWatch Launcher for Android prior to 3.2.2 contains a ...) @@ -36608,12 +36653,12 @@ TODO: check CVE-2017-4930 (VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability ...) TODO: check -CVE-2017-4929 - RESERVED -CVE-2017-4928 - RESERVED -CVE-2017-4927 - RESERVED +CVE-2017-4929 (VMware NSX Edge (6.2.x before 6.2.9 and 6.3.x before 6.3.5) contains a ...) + TODO: check +CVE-2017-4928 (The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior ...) + TODO: check +CVE-2017-4927 (VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) ...) + TODO: check CVE-2017-4926 (VMware vCenter Server (6.5 prior to 6.5 U1) contains a vulnerability ...) NOT-FOR-US: VMware CVE-2017-4925 (VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits