Author: sectracker
Date: 2017-10-02 21:10:14 +0000 (Mon, 02 Oct 2017)
New Revision: 56367
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-02 21:01:41 UTC (rev 56366)
+++ data/CVE/list 2017-10-02 21:10:14 UTC (rev 56367)
@@ -1,3 +1,5 @@
+CVE-2017-14990 (WordPress 4.8.2 stores cleartext wp_signups.activation_key
values (but ...)
+ TODO: check
CVE-2017-14989 (A use-after-free in RenderFreetype in MagickCore/annotate.c in
...)
- imagemagick <unfixed>
NOTE: https://github.com/ImageMagick/ImageMagick/issues/781
@@ -22,12 +24,12 @@
NOT-FOR-US: ATutor
CVE-2017-14980
RESERVED
-CVE-2017-14979
- RESERVED
+CVE-2017-14979 (Gxlcms uses an unsafe character-replacement approach in an
attempt to ...)
+ TODO: check
CVE-2017-14978
RESERVED
CVE-2017-14977 (The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in
Poppler ...)
- - poppler <unfixed> (low)
+ - poppler <unfixed> (low)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=103045
NOTE:
https://cgit.freedesktop.org/poppler/poppler/commit/?id=19eedc6fb693a62f305e13079501e3105f869f3c
CVE-2017-14976 (The FoFiType1C::convertToType0 function in FoFiType1C.cc in
Poppler ...)
@@ -35,7 +37,7 @@
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102724
NOTE:
https://cgit.freedesktop.org/poppler/poppler/commit/?id=da63c35549e8852a410946ab016a3f25ac701bdf
CVE-2017-14975 (The FoFiType1C::convertToType0 function in FoFiType1C.cc in
Poppler ...)
- - poppler <unfixed> (low)
+ - poppler <unfixed> (low)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102653
NOTE:
https://cgit.freedesktop.org/poppler/poppler/commit/?id=a5e5649ecf16fa05770620dbbd4985935dc2bbff
CVE-2017-14974 (The *_get_synthetic_symtab functions in the Binary File
Descriptor ...)
@@ -570,18 +572,18 @@
NOT-FOR-US: GeniXCMS
CVE-2017-14760 (SQL Injection exists in /includes/event-management/index.php
in the ...)
NOT-FOR-US: Event Espresso Lite
-CVE-2017-14759
- RESERVED
-CVE-2017-14758
- RESERVED
-CVE-2017-14757
- RESERVED
-CVE-2017-14756
- RESERVED
-CVE-2017-14755
- RESERVED
-CVE-2017-14754
- RESERVED
+CVE-2017-14759 (OpenText Document Sciences xPression (formerly EMC Document
Sciences ...)
+ TODO: check
+CVE-2017-14758 (OpenText Document Sciences xPression (formerly EMC Document
Sciences ...)
+ TODO: check
+CVE-2017-14757 (OpenText Document Sciences xPression (formerly EMC Document
Sciences ...)
+ TODO: check
+CVE-2017-14756 (OpenText Document Sciences xPression (formerly EMC Document
Sciences ...)
+ TODO: check
+CVE-2017-14755 (OpenText Document Sciences xPression (formerly EMC Document
Sciences ...)
+ TODO: check
+CVE-2017-14754 (OpenText Document Sciences xPression (formerly EMC Document
Sciences ...)
+ TODO: check
CVE-2017-14753 (Cross-site scripting (XSS) vulnerability in the EyesOfNetwork
web ...)
NOT-FOR-US: EyesOfNetwork (EON)
CVE-2017-14752
@@ -607,7 +609,7 @@
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=94670f6cf11fc29cc6db6814b38c4305d9bcac96
(master)
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e6ff33ca50c1180725dde11c84ee93fcdb4235ef
(binutils-2_29-branch)
CVE-2017-14867 (Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5,
2.13.x ...)
- {DSA-3984-1}
+ {DSA-3984-1 DLA-1120-1}
- git 1:2.14.2-1 (bug #876854)
NOTE: http://www.openwall.com/lists/oss-security/2017/09/26/9
NOTE:
https://public-inbox.org/git/xmqqy3p29ekj....@gitster.mtv.corp.google.com/T/#u
@@ -1319,21 +1321,25 @@
NOTE:
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=51eadb692a5123b9838e5a68ecace3ac579a3a45
CVE-2017-14494
RESERVED
+ {DSA-3989-1}
- dnsmasq 2.78-1
NOTE:
https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
NOTE:
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=33e3f1029c9ec6c63e430ff51063a6301d4b2262
CVE-2017-14493
RESERVED
+ {DSA-3989-1}
- dnsmasq 2.78-1
NOTE:
https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
NOTE:
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=3d4ff1ba8419546490b464418223132529514033
CVE-2017-14492
RESERVED
+ {DSA-3989-1}
- dnsmasq 2.78-1
NOTE:
https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
NOTE:
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=24036ea507862c7b7898b68289c8130f85599c10
CVE-2017-14491
RESERVED
+ {DSA-3989-1}
- dnsmasq 2.78-1
NOTE:
https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
NOTE:
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=0549c73b7ea6b22a3c49beb4d432f185a81efcbc
@@ -6270,8 +6276,8 @@
NOTE:
https://www.djangoproject.com/weblog/2017/sep/05/security-releases/
CVE-2017-12793
RESERVED
-CVE-2017-12792
- RESERVED
+CVE-2017-12792 (Multiple cross-site request forgery (CSRF) vulnerabilities in
NexusPHP ...)
+ TODO: check
CVE-2017-12791 (Directory traversal vulnerability in minion id validation in
SaltStack ...)
- salt <unfixed> (bug #872399)
[stretch] - salt <no-dsa> (Minor issue)
@@ -6740,8 +6746,7 @@
[jessie] - jenkins-commons-jelly <ignored> (Minor issue, only used by
Jenkins which got removed)
[wheezy] - jenkins-commons-jelly <ignored> (Minor issue, only used by
Jenkins which got removed)
NOTE: http://www.openwall.com/lists/oss-security/2017/09/27/6
-CVE-2017-12620
- RESERVED
+CVE-2017-12620 (When loading models or dictionaries that contain XML it is
possible to ...)
NOT-FOR-US: Apache OpenNLP
CVE-2017-12619
RESERVED
@@ -10258,11 +10263,9 @@
NOT-FOR-US: Tilde CMS
CVE-2017-11323 (Stack-based buffer overflow in ESTsoft ALZip 8.51 and earlier
allows ...)
NOT-FOR-US: ESTsoft ALZip
-CVE-2017-11322
- RESERVED
+CVE-2017-11322 (The chroothole_client executable in UCOPIA Wireless Appliance
before ...)
NOT-FOR-US: UCOPIA Wireless Appliance
-CVE-2017-11321
- RESERVED
+CVE-2017-11321 (The restricted shell interface in UCOPIA Wireless Appliance
before ...)
NOT-FOR-US: UCOPIA Wireless Appliance
CVE-2017-11320 (Persistent XSS through the SSID of nearby Wi-Fi devices on
Technicolor ...)
NOT-FOR-US: Technicolor TC7337 routers
@@ -12896,8 +12899,7 @@
NOTE: https://github.com/hannob/optionsbleed
NOTE: Patch:
https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch
NOTE: Patch backport for 2.2:
https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch
-CVE-2017-9797
- RESERVED
+CVE-2017-9797 (When an Apache Geode cluster before v1.2.1 is operating in
secure ...)
NOT-FOR-US: Apache Geode
CVE-2017-9796
RESERVED
@@ -15152,10 +15154,10 @@
RESERVED
CVE-2017-9539
RESERVED
-CVE-2017-9538
- RESERVED
-CVE-2017-9537
- RESERVED
+CVE-2017-9538 (The 'Upload logo from external path' function of SolarWinds
Network ...)
+ TODO: check
+CVE-2017-9537 (Persistent cross-site scripting (XSS) in the Add Node function
of ...)
+ TODO: check
CVE-2017-9536 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows
attackers to ...)
NOT-FOR-US: IrfanView
CVE-2017-9535 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows
attackers to ...)
@@ -25989,10 +25991,10 @@
RESERVED
CVE-2017-6091
RESERVED
-CVE-2017-6090
- RESERVED
-CVE-2017-6089
- RESERVED
+CVE-2017-6090 (Unrestricted file upload vulnerability in
clients/editclient.php in ...)
+ TODO: check
+CVE-2017-6089 (SQL injection vulnerability in PhpCollab 2.5.1 and earlier
allows ...)
+ TODO: check
CVE-2017-6088 (Multiple SQL injection vulnerabilities in EyesOfNetwork (aka
EON) 5.0 ...)
NOT-FOR-US: EyesOfNetwork
CVE-2017-6087 (EyesOfNetwork ("EON") 5.0 and earlier allows remote
authenticated ...)
@@ -38898,8 +38900,8 @@
RESERVED
CVE-2017-1570
RESERVED
-CVE-2017-1569
- RESERVED
+CVE-2017-1569 (IBM WebSphere Commerce 7.0 and 8.0 contains an unspecified ...)
+ TODO: check
CVE-2017-1568
RESERVED
CVE-2017-1567
@@ -39178,8 +39180,8 @@
NOT-FOR-US: IBM
CVE-2017-1430
RESERVED
-CVE-2017-1429
- RESERVED
+CVE-2017-1429 (IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site
scripting. This ...)
+ TODO: check
CVE-2017-1428 (IBM Cognos Analytics 11.0 could allow a remote attacker to
hijack the ...)
NOT-FOR-US: IBM
CVE-2017-1427 (IBM Cognos Analytics 11.0 is vulnerable to cross-site
scripting. This ...)
@@ -39298,8 +39300,8 @@
NOT-FOR-US: IBM
CVE-2017-1370 (IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could disclose
sensitive ...)
NOT-FOR-US: IBM
-CVE-2017-1369
- RESERVED
+CVE-2017-1369 (IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site
scripting. This ...)
+ TODO: check
CVE-2017-1368
RESERVED
CVE-2017-1367
@@ -39308,8 +39310,8 @@
RESERVED
CVE-2017-1365
RESERVED
-CVE-2017-1364
- RESERVED
+CVE-2017-1364 (IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site
scripting. This ...)
+ TODO: check
CVE-2017-1363
RESERVED
CVE-2017-1362 (IBM Security Identity Manager Adapters 6.0 and 7.0 stores user
...)
@@ -39318,8 +39320,8 @@
RESERVED
CVE-2017-1360
RESERVED
-CVE-2017-1359
- RESERVED
+CVE-2017-1359 (IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site
scripting. This ...)
+ TODO: check
CVE-2017-1358
RESERVED
CVE-2017-1357 (IBM Maximo Asset Management 7.5 and 7.6 could allow an
authenticated ...)
@@ -39346,8 +39348,8 @@
NOT-FOR-US: IBM
CVE-2017-1346 (IBM Business Process Manager 7.5, 8.0, and 8.5 temporarily
stores ...)
NOT-FOR-US: IBM
-CVE-2017-1345
- RESERVED
+CVE-2017-1345 (IBM Insights Foundation for Energy 2.0 is vulnerable to
cross-site ...)
+ TODO: check
CVE-2017-1344
RESERVED
CVE-2017-1343
@@ -39366,10 +39368,10 @@
NOT-FOR-US: IBM
CVE-2017-1336
RESERVED
-CVE-2017-1335
- RESERVED
-CVE-2017-1334
- RESERVED
+CVE-2017-1335 (IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site
scripting. This ...)
+ TODO: check
+CVE-2017-1334 (IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site
scripting. This ...)
+ TODO: check
CVE-2017-1333
RESERVED
CVE-2017-1332 (IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting.
This ...)
@@ -39388,8 +39390,8 @@
NOT-FOR-US: IBM
CVE-2017-1325 (IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting.
This ...)
NOT-FOR-US: IBM
-CVE-2017-1324
- RESERVED
+CVE-2017-1324 (IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site
scripting. This ...)
+ TODO: check
CVE-2017-1323
RESERVED
CVE-2017-1322 (IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity
...)
@@ -39414,8 +39416,8 @@
RESERVED
CVE-2017-1312
RESERVED
-CVE-2017-1311
- RESERVED
+CVE-2017-1311 (IBM Insights Foundation for Energy 2.0 is vulnerable to SQL
injection. ...)
+ TODO: check
CVE-2017-1310 (IBM Informix Dynamic Server 12.1 could allow an authenticated
user to ...)
NOT-FOR-US: IBM
CVE-2017-1309 (IBM InfoSphere Master Data Management Server 11.0 - 11.6 stores
user ...)
@@ -51241,8 +51243,8 @@
NOTE: This is though only Windows/IIS specific, thus marked as
not-affected, cf. #840000
CVE-2016-6807 (Custom commands may be executed on Ambari Agent (2.4.x, before
2.4.2) ...)
NOT-FOR-US: Ambari Agent
-CVE-2016-6806
- RESERVED
+CVE-2016-6806 (Apache Wicket 6.x before 6.25.0, 7.x before 7.5.0, and 8.0.0-M1
...)
+ TODO: check
CVE-2016-6805 (Apache Ignite before 1.9 allows man-in-the-middle attackers to
read ...)
NOT-FOR-US: Apache Ignite
CVE-2016-6804
@@ -69003,7 +69005,7 @@
- guacamole <not-affected> (Vulnerable code not present)
CVE-2016-1565 (Cross-site scripting (XSS) vulnerability in the Field Group
module ...)
NOT-FOR-US: Field Group module for Drupal
-CVE-2015-8768 (install.py in click allows remote attackers to gain privileges
via a ...)
+CVE-2015-8768 (click/install.py in click does not require files in package
filesystem ...)
NOT-FOR-US: Click package manager
NOTE: http://www.ubuntu.com/usn/usn-2771-1/
CVE-2015-8766 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
@@ -75573,8 +75575,7 @@
RESERVED
CVE-2015-7982
RESERVED
-CVE-2015-7980
- RESERVED
+CVE-2015-7980 (Cross-site scripting (XSS) vulnerability in the Compass Rose
module ...)
NOT-FOR-US: Drupal addon Compass Rose
CVE-2015-7990 (Race condition in the rds_sendmsg function in net/rds/sendmsg.c
in the ...)
{DSA-3396-1 DLA-360-1}
@@ -76026,12 +76027,12 @@
NOT-FOR-US: Huawei
CVE-2015-7844 (Huawei FusionAccess with software V100R005C10,V100R005C20 could
allow ...)
NOT-FOR-US: Huawei
-CVE-2015-7843
- RESERVED
+CVE-2015-7843 (The management interface on Huawei FusionServer rack servers
RH2288 V3 ...)
+ TODO: check
CVE-2015-7842
RESERVED
-CVE-2015-7841
- RESERVED
+CVE-2015-7841 (The login page of the server on Huawei FusionServer rack
servers ...)
+ TODO: check
CVE-2015-7872 (The key_gc_unused_keys function in security/keys/gc.c in the
Linux ...)
{DSA-3396-1}
- linux 4.2.5-1
@@ -77522,12 +77523,12 @@
NOTE: See CVE-2015-7686 for the underlying CWE-407 ("Algorithmic
Complexity")
NOTE: issue still present in 1.908
NOTE: http://www.openwall.com/lists/oss-security/2015/10/02/13
-CVE-2015-7359
- RESERVED
-CVE-2015-7358
- RESERVED
-CVE-2015-7357
- RESERVED
+CVE-2015-7359 (The (1) IsVolumeAccessibleByCurrentUser and (2) MountDevice
methods in ...)
+ TODO: check
+CVE-2015-7358 (The IsDriveLetterAvailable method in Driver/Ntdriver.c in
TrueCrypt ...)
+ TODO: check
+CVE-2015-7357 (Cross-site scripting (XSS) vulnerability in the uDesign (aka
U-Design) ...)
+ TODO: check
CVE-2015-7356
RESERVED
CVE-2015-7355
@@ -78481,8 +78482,8 @@
NOT-FOR-US: Openfire
CVE-2015-6972 (Multiple cross-site scripting (XSS) vulnerabilities in Ignite
Realtime ...)
NOT-FOR-US: Openfire
-CVE-2015-6971
- RESERVED
+CVE-2015-6971 (Lenovo System Update (formerly ThinkVantage System Update)
before ...)
+ TODO: check
CVE-2015-6970
RESERVED
CVE-2015-6969 (Cross-site scripting (XSS) vulnerability in js/2k11.min.js in
the 2k11 ...)
@@ -79634,8 +79635,7 @@
RESERVED
CVE-2015-6577
RESERVED
-CVE-2015-6576
- RESERVED
+CVE-2015-6576 (Bamboo 2.2 before 5.8.5 and 5.9.x before 5.9.7 allows remote
attackers ...)
NOT-FOR-US: Atlassian Bamboo
CVE-2015-6575 (SampleTable.cpp in libstagefright in Android before 5.1.1
LMY48I does ...)
NOT-FOR-US: libstagefright in Android
@@ -88641,8 +88641,8 @@
NOT-FOR-US: ThinkServer
CVE-2015-3322 (Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350
servers ...)
NOT-FOR-US: ThinkServer
-CVE-2015-3321
- RESERVED
+CVE-2015-3321 (Services and files in Lenovo Fingerprint Manager before 8.01.42
have ...)
+ TODO: check
CVE-2015-3320 (Lenovo USB Enhanced Performance Keyboard software before
2.0.2.2 ...)
NOT-FOR-US: Lenovo USB Enhanced Performance Keyboard software
CVE-2014-9717 (fs/namespace.c in the Linux kernel before 4.0.2 processes
MNT_DETACH ...)
@@ -125222,8 +125222,8 @@
{DSA-2854-1}
- mumble 1.2.4-0.2 (bug #737739)
[squeeze] - mumble <not-affected> (Opus support not present)
-CVE-2014-0043
- RESERVED
+CVE-2014-0043 (In Apache Wicket 1.5.10 or 6.13.0, by issuing requests to
special urls ...)
+ TODO: check
CVE-2014-0042 (OpenStack Heat Templates (heat-templates), as used in Red Hat
...)
NOT-FOR-US: openstack-heat-templates
CVE-2014-0041 (OpenStack Heat Templates (heat-templates), as used in Red Hat
...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
