Author: sectracker
Date: 2017-09-08 21:10:15 +0000 (Fri, 08 Sep 2017)
New Revision: 55585
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-09-08 20:07:06 UTC (rev 55584)
+++ data/CVE/list 2017-09-08 21:10:15 UTC (rev 55585)
@@ -1,3 +1,7 @@
+CVE-2017-14221
+ RESERVED
+CVE-2017-14220
+ RESERVED
CVE-2017-14219 (XSS (persistent) on the Intelbras Wireless N 150Mbps router
with ...)
NOT-FOR-US: Intelbras Wireless N 150Mbps router
CVE-2017-14218
@@ -114,8 +118,7 @@
NOTE:
https://github.com/FFmpeg/FFmpeg/commit/9d00fb9d70ee8c0cc7002b89318c5be00f1bbdad
CVE-2017-14168
RESERVED
-CVE-2017-14167 [i386: multiboot OOB access while loading guest kernel image]
- RESERVED
+CVE-2017-14167 (Integer overflow in the load_multiboot function in
hw/i386/multiboot.c ...)
- qemu <unfixed> (bug #874606)
- qemu-kvm <removed>
NOTE:
https://lists.nongnu.org/archive/html/qemu-devel/2017-09/msg01483.html
@@ -1033,6 +1036,7 @@
CVE-2017-13780 (The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows
directory ...)
NOT-FOR-US: EyesOfNetwork (EON)
CVE-2017-14032 (ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional
...)
+ {DSA-3967-1}
- mbedtls 2.6.0-1 (bug #873557)
- polarssl <removed>
[jessie] - polarssl <not-affected> (Vulnerable code not present)
@@ -5672,8 +5676,7 @@
RESERVED
CVE-2017-12147
RESERVED
-CVE-2017-12146 [driver core: platform: fix race condition with driver_override]
- RESERVED
+CVE-2017-12146 (The driver_override implementation in drivers/base/platform.c
in the ...)
- linux 4.11.11-1
[jessie] - linux <not-affected> (Vulnerable code introduced later)
[wheezy] - linux <not-affected> (Vulnerable code introduced later)
@@ -5856,8 +5859,8 @@
RESERVED
CVE-2017-12072
RESERVED
-CVE-2017-12071
- RESERVED
+CVE-2017-12071 (Server-side request forgery (SSRF) vulnerability in
file_upload.php in ...)
+ TODO: check
CVE-2017-12070
RESERVED
CVE-2017-12069 (An XXE vulnerability has been identified in OPC Foundation UA
.NET ...)
@@ -7106,8 +7109,8 @@
NOT-FOR-US: Joomla!
CVE-2016-10401 (ZyXEL PK5001Z devices have zyad5001 as the su password, which
makes it ...)
NOT-FOR-US: ZyXEL
-CVE-2017-11611
- RESERVED
+CVE-2017-11611 (Wolf CMS 0.8.3.1 allows Cross-Site Scripting (XSS) attacks.
The ...)
+ TODO: check
CVE-2017-11610 (The XML-RPC server in supervisor before 3.0.1, 3.1.x before
3.1.4, ...)
{DSA-3942-1 DLA-1047-1}
- supervisor 3.3.1-1.1 (bug #870187)
@@ -8418,10 +8421,10 @@
NOTE: aggregate_graphs.php not available in 0.8.8.
NOTE: Upstream claims fix for CVE-2017-10970 also fixes this CVE
NOTE: but produced this patch anyway:
https://github.com/Cacti/cacti/commit/bf5b1309dcf68578c3bdc4db54112dfb2e8ec4f4
-CVE-2017-11162
- RESERVED
-CVE-2017-11161
- RESERVED
+CVE-2017-11162 (Directory traversal vulnerability in synphotoio in Synology
Photo ...)
+ TODO: check
+CVE-2017-11161 (Multiple SQL injection vulnerabilities in Synology Photo
Station ...)
+ TODO: check
CVE-2017-11160 (Multiple untrusted search path vulnerabilities in installer in
...)
NOT-FOR-US: Installer in Synology Assistant
CVE-2017-11159 (Multiple untrusted search path vulnerabilities in installer in
...)
@@ -14477,8 +14480,8 @@
NOT-FOR-US: Anti-Web
CVE-2017-9096
RESERVED
-CVE-2017-9095
- RESERVED
+CVE-2017-9095 (XXE in Diving Log 6.0 allows attackers to remotely view local
files ...)
+ TODO: check
CVE-2017-9094 (The lzw_add_to_dict function in imagew-gif.c in
libimageworsener.a in ...)
NOT-FOR-US: ImageWorsener
CVE-2017-9093 (The my_skip_input_data_fn function in imagew-jpeg.c in ...)
@@ -34429,8 +34432,8 @@
RESERVED
CVE-2017-2551
RESERVED
-CVE-2017-2550
- RESERVED
+CVE-2017-2550 (Vulnerability in Easy Joomla Backup v3.2.4. The software
creates a ...)
+ TODO: check
CVE-2017-2549 (An issue was discovered in certain Apple products. iOS before
10.3.2 ...)
- webkit2gtk 2.16.3-2 (unimportant)
NOTE: Not covered by security support
@@ -38179,68 +38182,48 @@
RESERVED
CVE-2017-0805 (A elevation of privilege vulnerability in the Android media
framework ...)
NOT-FOR-US: Android media framework
-CVE-2017-0804
- RESERVED
+CVE-2017-0804 (A elevation of privilege vulnerability in the MediaTek mmc
driver. ...)
NOT-FOR-US: Mediatek driver for Android
-CVE-2017-0803
- RESERVED
+CVE-2017-0803 (A elevation of privilege vulnerability in the MediaTek
accessory ...)
NOT-FOR-US: Mediatek driver for Android
-CVE-2017-0802
- RESERVED
+CVE-2017-0802 (A elevation of privilege vulnerability in the MediaTek kernel.
...)
NOT-FOR-US: Mediatek driver for Android
-CVE-2017-0801
- RESERVED
+CVE-2017-0801 (A elevation of privilege vulnerability in the MediaTek
libmtkomxvdec. ...)
NOT-FOR-US: Mediatek driver for Android
-CVE-2017-0800
- RESERVED
+CVE-2017-0800 (A elevation of privilege vulnerability in the MediaTek teei.
Product: ...)
NOT-FOR-US: Mediatek driver for Android
-CVE-2017-0799
- RESERVED
+CVE-2017-0799 (A elevation of privilege vulnerability in the MediaTek lastbus.
...)
NOT-FOR-US: Mediatek driver for Android
-CVE-2017-0798
- RESERVED
+CVE-2017-0798 (A elevation of privilege vulnerability in the MediaTek kernel.
...)
NOT-FOR-US: Mediatek driver for Android
-CVE-2017-0797
- RESERVED
+CVE-2017-0797 (A elevation of privilege vulnerability in the MediaTek
accessory ...)
NOT-FOR-US: Mediatek driver for Android
-CVE-2017-0796
- RESERVED
+CVE-2017-0796 (A elevation of privilege vulnerability in the MediaTek auxadc
driver. ...)
NOT-FOR-US: Mediatek driver for Android
-CVE-2017-0795
- RESERVED
+CVE-2017-0795 (A elevation of privilege vulnerability in the MediaTek
accessory ...)
NOT-FOR-US: Mediatek driver for Android
-CVE-2017-0794
- RESERVED
+CVE-2017-0794 (A elevation of privilege vulnerability in the Upstream kernel
scsi ...)
NOT-FOR-US: Android kernel on Nexus (probably)
NOTE: https://source.android.com/security/bulletin/2017-09-01 doesn't
link a public patch, so probably related to some binary-only component on Nexus
-CVE-2017-0793
- RESERVED
+CVE-2017-0793 (A information disclosure vulnerability in the N/A memory
subsystem. ...)
NOT-FOR-US: Imagetech driver for Android
-CVE-2017-0792
- RESERVED
+CVE-2017-0792 (A information disclosure vulnerability in the Broadcom wi-fi
driver. ...)
NOT-FOR-US: Broadcom driver for Android
-CVE-2017-0791
- RESERVED
+CVE-2017-0791 (A elevation of privilege vulnerability in the Broadcom wi-fi
driver. ...)
NOT-FOR-US: Broadcom driver for Android
-CVE-2017-0790
- RESERVED
+CVE-2017-0790 (A elevation of privilege vulnerability in the Broadcom wi-fi
driver. ...)
NOT-FOR-US: Broadcom driver for Android
-CVE-2017-0789
- RESERVED
+CVE-2017-0789 (A elevation of privilege vulnerability in the Broadcom wi-fi
driver. ...)
NOT-FOR-US: Broadcom driver for Android
-CVE-2017-0788
- RESERVED
+CVE-2017-0788 (A elevation of privilege vulnerability in the Broadcom wi-fi
driver. ...)
NOT-FOR-US: Broadcom driver for Android
-CVE-2017-0787
- RESERVED
+CVE-2017-0787 (A elevation of privilege vulnerability in the Broadcom wi-fi
driver. ...)
NOT-FOR-US: Broadcom driver for Android
-CVE-2017-0786
- RESERVED
+CVE-2017-0786 (A elevation of privilege vulnerability in the Broadcom wi-fi
driver. ...)
NOT-FOR-US: Broadcom driver for Android
CVE-2017-0785
RESERVED
-CVE-2017-0784
- RESERVED
+CVE-2017-0784 (A elevation of privilege vulnerability in the Android system
(nfc). ...)
NOT-FOR-US: Android
CVE-2017-0783
RESERVED
@@ -38248,91 +38231,63 @@
RESERVED
CVE-2017-0781
RESERVED
-CVE-2017-0780
- RESERVED
+CVE-2017-0780 (A denial of service vulnerability in the Android runtime
(android ...)
NOT-FOR-US: Android
-CVE-2017-0779
- RESERVED
+CVE-2017-0779 (A information disclosure vulnerability in the Android media
framework ...)
NOT-FOR-US: Android Media Framework
-CVE-2017-0778
- RESERVED
+CVE-2017-0778 (A information disclosure vulnerability in the Android media
framework ...)
NOT-FOR-US: Android Media Framework
-CVE-2017-0777
- RESERVED
+CVE-2017-0777 (A information disclosure vulnerability in the Android media
framework ...)
NOT-FOR-US: Android Media Framework
-CVE-2017-0776
- RESERVED
+CVE-2017-0776 (A information disclosure vulnerability in the Android media
framework ...)
NOT-FOR-US: Android Media Framework
-CVE-2017-0775
- RESERVED
+CVE-2017-0775 (A denial of service vulnerability in the Android media
framework ...)
NOT-FOR-US: Android Media Framework
-CVE-2017-0774
- RESERVED
+CVE-2017-0774 (A denial of service vulnerability in the Android media
framework ...)
NOT-FOR-US: Android Media Framework
-CVE-2017-0773
- RESERVED
+CVE-2017-0773 (A denial of service vulnerability in the Android media
framework ...)
NOT-FOR-US: Android Media Framework
-CVE-2017-0772
- RESERVED
+CVE-2017-0772 (A denial of service vulnerability in the Android media
framework ...)
NOT-FOR-US: Android Media Framework
-CVE-2017-0771
- RESERVED
+CVE-2017-0771 (A denial of service vulnerability in the Android media
framework ...)
NOT-FOR-US: Android Media Framework
-CVE-2017-0770
- RESERVED
+CVE-2017-0770 (A elevation of privilege vulnerability in the Android media
framework ...)
NOT-FOR-US: Android Media Framework
-CVE-2017-0769
- RESERVED
+CVE-2017-0769 (A elevation of privilege vulnerability in the Android media
framework ...)
NOT-FOR-US: Android Media Framework
-CVE-2017-0768
- RESERVED
+CVE-2017-0768 (A elevation of privilege vulnerability in the Android media
framework ...)
NOT-FOR-US: Android Media Framework
-CVE-2017-0767
- RESERVED
+CVE-2017-0767 (A elevation of privilege vulnerability in the Android media
framework ...)
NOT-FOR-US: Android Media Framework
-CVE-2017-0766
- RESERVED
+CVE-2017-0766 (A remote code execution vulnerability in the Android media
framework ...)
NOT-FOR-US: Android Media Framework
-CVE-2017-0765
- RESERVED
+CVE-2017-0765 (A remote code execution vulnerability in the Android media
framework ...)
NOT-FOR-US: Android Media Framework
-CVE-2017-0764
- RESERVED
+CVE-2017-0764 (A remote code execution vulnerability in the Android media
framework ...)
NOT-FOR-US: Android Media Framework
-CVE-2017-0763
- RESERVED
+CVE-2017-0763 (A remote code execution vulnerability in the Android media
framework ...)
NOT-FOR-US: Android Media Framework
-CVE-2017-0762
- RESERVED
+CVE-2017-0762 (A remote code execution vulnerability in the Android media
framework ...)
NOT-FOR-US: Android Media Framework
-CVE-2017-0761
- RESERVED
+CVE-2017-0761 (A remote code execution vulnerability in the Android media
framework ...)
NOT-FOR-US: Android Media Framework
-CVE-2017-0760
- RESERVED
+CVE-2017-0760 (A remote code execution vulnerability in the Android media
framework ...)
NOT-FOR-US: Android Media Framework
-CVE-2017-0759
- RESERVED
+CVE-2017-0759 (A remote code execution vulnerability in the Android media
framework ...)
NOT-FOR-US: Android Media Framework
-CVE-2017-0758
- RESERVED
+CVE-2017-0758 (A remote code execution vulnerability in the Android media
framework ...)
NOT-FOR-US: Android Media Framework
-CVE-2017-0757
- RESERVED
+CVE-2017-0757 (A remote code execution vulnerability in the Android media
framework ...)
NOT-FOR-US: Android Media Framework
-CVE-2017-0756
- RESERVED
+CVE-2017-0756 (A remote code execution vulnerability in the Android media
framework ...)
NOT-FOR-US: Android Media Framework
-CVE-2017-0755
- RESERVED
+CVE-2017-0755 (A elevation of privilege vulnerability in the Android libraries
...)
NOT-FOR-US: Android
CVE-2017-0754
RESERVED
-CVE-2017-0753
- RESERVED
+CVE-2017-0753 (A remote code execution vulnerability in the Android libraries
...)
NOT-FOR-US: Android
-CVE-2017-0752
- RESERVED
+CVE-2017-0752 (A elevation of privilege vulnerability in the Android framework
...)
NOT-FOR-US: Android
CVE-2017-0751
RESERVED
@@ -52315,8 +52270,8 @@
NOT-FOR-US: Novell GroupWise
CVE-2016-5760 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
NOT-FOR-US: Novell GroupWise
-CVE-2016-5759
- RESERVED
+CVE-2016-5759 (The mkdumprd script called "dracut" in the current
working directory ...)
+ TODO: check
CVE-2016-5758 (A cross site request forgery protection mechanism in NetIQ
Access ...)
NOT-FOR-US: NetIQ
CVE-2016-5757 (iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2
Hot Fix ...)
@@ -164570,8 +164525,8 @@
NOT-FOR-US: Novell Messenger
CVE-2011-3178
RESERVED
-CVE-2011-3177
- RESERVED
+CVE-2011-3177 (The YaST2 network created files with world readable permissions
which ...)
+ TODO: check
CVE-2011-3176 (Stack-based buffer overflow in the Preboot Service in Novell
ZENworks ...)
NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2011-3175 (Stack-based buffer overflow in the Preboot Service in Novell
ZENworks ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
