Author: sectracker
Date: 2017-11-17 21:10:14 +0000 (Fri, 17 Nov 2017)
New Revision: 57745
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-11-17 19:45:46 UTC (rev 57744)
+++ data/CVE/list 2017-11-17 21:10:14 UTC (rev 57745)
@@ -1,13 +1,59 @@
-CVE-2017-16872
+CVE-2017-16879
RESERVED
-CVE-2017-16871
+CVE-2017-16878
RESERVED
-CVE-2017-16870
+CVE-2017-16877 (ZEIT Next.js before 2.4.1 has directory traversal under the
/_next and ...)
+ TODO: check
+CVE-2017-16876
RESERVED
-CVE-2017-16869
+CVE-2017-16875 (An issue was discovered in Teluu pjproject (pjlib and
pjlib-util) in ...)
+ TODO: check
+CVE-2017-16874
RESERVED
-CVE-2017-16868
+CVE-2017-16873
RESERVED
+CVE-2017-1000233
+ REJECTED
+ TODO: check
+CVE-2017-1000222
+ REJECTED
+ TODO: check
+CVE-2017-1000215 (ROOT xrootd version 4.6.0 and below is vulnerable to an ...)
+ TODO: check
+CVE-2017-1000212 (Elixir's vim plugin, alchemist.vim is vulnerable to remote
code ...)
+ TODO: check
+CVE-2017-1000211 (Lynx version 2.8.8 and older is vulnerable to a use after
free in the ...)
+ TODO: check
+CVE-2017-1000206 (samtools htslib library version 1.4.0 and earlier is
vulnerable to ...)
+ TODO: check
+CVE-2017-1000204
+ REJECTED
+ TODO: check
+CVE-2017-1000203 (ROOT version 6.9.03 and below is vulnerable to an
authenticated shell ...)
+ TODO: check
+CVE-2017-1000192 (Cygnux sysPass version 2.1.7 and older is vulnerable to a
Local File ...)
+ TODO: check
+CVE-2017-1000191 (Jool 3.5.0-3.5.1 is vulnerable to a kernel crashing packet
resulting ...)
+ TODO: check
+CVE-2017-1000170 (jqueryFileTree 2.1.5 and older Directory Traversal ...)
+ TODO: check
+CVE-2017-1000169 (QuickerBB version <= 0.7.2 is vulnerable to arbitrary
file writes ...)
+ TODO: check
+CVE-2017-1000168 (sodiumoxide 0.0.13 and older scalarmult() vulnerable to
degenerate ...)
+ TODO: check
+CVE-2017-1000161
+ REJECTED
+ TODO: check
+CVE-2017-16872 (An issue was discovered in Teluu pjproject (pjlib and
pjlib-util) in ...)
+ TODO: check
+CVE-2017-16871 (The UpdraftPlus plugin through 1.13.12 for WordPress allows
remote PHP ...)
+ TODO: check
+CVE-2017-16870 (The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF
in the ...)
+ TODO: check
+CVE-2017-16869 (p_mach.cpp in UPX 3.94 allows remote attackers to cause a
denial of ...)
+ TODO: check
+CVE-2017-16868 (In SWFTools 0.9.2, the wav_convert2mono function in lib/wav.c
does not ...)
+ TODO: check
CVE-2017-16867 (Amazon Key through 2017-11-16 mishandles Cloud Cam 802.11 ...)
NOT-FOR-US: Amazon Key
CVE-2017-1000248 (Redis-store <=v1.3.0 allows unsafe objects to be loaded
from redis ...)
@@ -329,8 +375,7 @@
NOT-FOR-US: Zoho ManageEngine Applications Manager
CVE-2017-16846 (Zoho ManageEngine Applications Manager 13 allows SQL injection
via the ...)
NOT-FOR-US: Zoho ManageEngine Applications Manager
-CVE-2017-16845 [ps2: information leakage via post_load routine]
- RESERVED
+CVE-2017-16845 (hw/input/ps2.c in Qemu does not validate 'rptr' and 'count'
values ...)
- qemu <unfixed>
- qemu-kvm <removed>
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg02982.html
@@ -431,8 +476,8 @@
RESERVED
CVE-2017-16821 (b3log Symphony (aka Sym) 2.2.0 has XSS in
processor/AdminProcessor.java ...)
NOT-FOR-US: b3log Symphony
-CVE-2017-16819
- RESERVED
+CVE-2017-16819 (A stored cross-site scripting vulnerability in the Icon Time
Systems ...)
+ TODO: check
CVE-2017-16818
RESERVED
CVE-2017-16817
@@ -8001,8 +8046,8 @@
REJECTED
CVE-2017-14112
RESERVED
-CVE-2017-14111
- RESERVED
+CVE-2017-14111 (The workstation logging function in Philips IntelliSpace ...)
+ TODO: check
CVE-2017-14110
RESERVED
CVE-2017-1000201 (The tcmu-runner daemon in tcmu-runner version 1.0.5 to 1.2.0
is ...)
@@ -9182,14 +9227,14 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1495510
NOTE:
http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2017q3/011729.html
NOTE:
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=63437ffbb58837b214b4b92cb1c54bc5f3279928
-CVE-2017-13703
- RESERVED
-CVE-2017-13702
- RESERVED
+CVE-2017-13703 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215
devices. A ...)
+ TODO: check
+CVE-2017-13702 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215
devices. ...)
+ TODO: check
CVE-2017-13701
RESERVED
-CVE-2017-13700
- RESERVED
+CVE-2017-13700 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215
devices. ...)
+ TODO: check
CVE-2017-13699
RESERVED
CVE-2017-13698
@@ -17467,16 +17512,16 @@
RESERVED
CVE-2017-10891
RESERVED
-CVE-2017-10890
- RESERVED
-CVE-2017-10889
- RESERVED
-CVE-2017-10888
- RESERVED
-CVE-2017-10887
- RESERVED
-CVE-2017-10886
- RESERVED
+CVE-2017-10890 (Session management issue in RX-V200 firmware versions prior to
...)
+ TODO: check
+CVE-2017-10889 (TablePress prior to version 1.8.1 allows an attacker to
conduct XML ...)
+ TODO: check
+CVE-2017-10888 (BOOK WALKER for Windows Ver.1.2.9 and earlier, BOOK WALKER for
Mac ...)
+ TODO: check
+CVE-2017-10887 (Untrusted search path vulnerability in BOOK WALKER for Windows
...)
+ TODO: check
+CVE-2017-10886 (Cross-site scripting vulnerability in CS-Cart Japanese Edition
v4.3.10 ...)
+ TODO: check
CVE-2017-10885 (Untrusted search path vulnerability in HYPER SBI Ver. 2.2 and
earlier ...)
NOT-FOR-US: HYPER SBI
CVE-2017-10884
@@ -32005,8 +32050,8 @@
RESERVED
CVE-2017-6169
RESERVED
-CVE-2017-6168
- RESERVED
+CVE-2017-6168 (On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1),
12.0.0-12.1.2 ...)
+ TODO: check
CVE-2017-6167
RESERVED
CVE-2017-6166
@@ -36590,16 +36635,16 @@
RESERVED
CVE-2017-4939
RESERVED
-CVE-2017-4938
- RESERVED
-CVE-2017-4937
- RESERVED
-CVE-2017-4936
- RESERVED
-CVE-2017-4935
- RESERVED
-CVE-2017-4934
- RESERVED
+CVE-2017-4938 (VMware Workstation (12.x before 12.5.8) and Fusion (8.x before
8.5.9) ...)
+ TODO: check
+CVE-2017-4937 (VMware Workstation (12.x before 12.5.8) and Horizon View Client
for ...)
+ TODO: check
+CVE-2017-4936 (VMware Workstation (12.x before 12.5.8) and Horizon View Client
for ...)
+ TODO: check
+CVE-2017-4935 (VMware Workstation (12.x before 12.5.8) and Horizon View Client
for ...)
+ TODO: check
+CVE-2017-4934 (VMware Workstation (12.x before 12.5.8) and Fusion (8.x before
8.5.9) ...)
+ TODO: check
CVE-2017-4933
RESERVED
CVE-2017-4932 (VMware AirWatch Launcher for Android prior to 3.2.2 contains a
...)
@@ -36608,12 +36653,12 @@
TODO: check
CVE-2017-4930 (VMware AirWatch Console 9.x prior to 9.2.0 contains a
vulnerability ...)
TODO: check
-CVE-2017-4929
- RESERVED
-CVE-2017-4928
- RESERVED
-CVE-2017-4927
- RESERVED
+CVE-2017-4929 (VMware NSX Edge (6.2.x before 6.2.9 and 6.3.x before 6.3.5)
contains a ...)
+ TODO: check
+CVE-2017-4928 (The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and
5.5 prior ...)
+ TODO: check
+CVE-2017-4927 (VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0
U3c) ...)
+ TODO: check
CVE-2017-4926 (VMware vCenter Server (6.5 prior to 6.5 U1) contains a
vulnerability ...)
NOT-FOR-US: VMware
CVE-2017-4925 (VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0
without ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
