Author: sectracker Date: 2017-10-03 09:10:13 +0000 (Tue, 03 Oct 2017) New Revision: 56375
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-10-03 07:56:37 UTC (rev 56374) +++ data/CVE/list 2017-10-03 09:10:13 UTC (rev 56375) @@ -1,3 +1,19 @@ +CVE-2017-14997 (GraphicsMagick 1.3.26 allows remote attackers to cause a denial of ...) + TODO: check +CVE-2017-14996 + RESERVED +CVE-2017-14995 (The Management Console in WSO2 Application Server 5.3.0, WSO2 Business ...) + TODO: check +CVE-2017-14994 (ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote ...) + TODO: check +CVE-2017-14993 + RESERVED +CVE-2017-14992 + RESERVED +CVE-2017-14991 (The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before ...) + TODO: check +CVE-2017-14758 (OpenText Document Sciences xPression (formerly EMC Document Sciences ...) + TODO: check CVE-2017-14990 (WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but ...) - wordpress <unfixed> NOTE: https://core.trac.wordpress.org/ticket/38474 @@ -395,8 +411,8 @@ - nodejs <not-affected> (Vulnerable code introduced in 8.5.0) NOTE: https://nodejs.org/en/blog/vulnerability/september-2017-path-validation/ NOTE: https://twitter.com/nodejs/status/913131152868876288 -CVE-2017-14848 - RESERVED +CVE-2017-14848 (WPHRM Human Resource Management System for WordPress 1.0 allows SQL ...) + TODO: check CVE-2017-14847 (Mojoomla WPAMS Apartment Management System for WordPress allows SQL ...) NOT-FOR-US: Mojoomla WPAMS Apartment Management System for WordPress CVE-2017-14846 (Mojoomla Hospital Management System for WordPress allows SQL Injection ...) @@ -545,14 +561,14 @@ NOT-FOR-US: Laravel CVE-2017-14774 RESERVED -CVE-2017-14773 - RESERVED -CVE-2017-14772 - RESERVED -CVE-2017-14771 - RESERVED -CVE-2017-14770 - RESERVED +CVE-2017-14773 (Skybox Manager Client Application prior to 8.5.501 is prone to an ...) + TODO: check +CVE-2017-14772 (Skybox Manager Client Application is prone to information disclosure ...) + TODO: check +CVE-2017-14771 (Skybox Manager Client Application prior to 8.5.501 is prone to an ...) + TODO: check +CVE-2017-14770 (Skybox Manager Client Application prior to 8.5.501 is prone to an ...) + TODO: check CVE-2017-14769 RESERVED CVE-2017-14768 @@ -1307,40 +1323,34 @@ [jessie] - linux <not-affected> (Vulnerable code not present) [wheezy] - linux <not-affected> (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/edbd58be15a957f6a760c4a514cd475217eb97fd (v4.13) -CVE-2017-14496 - RESERVED +CVE-2017-14496 (Integer underflow in the add_pseudoheader function in dnsmasq before ...) - dnsmasq 2.78-1 [stretch] - dnsmasq 2.76-5+deb9u1 [jessie] - dnsmasq <not-affected> (Vulnerable code introduced later) NOTE: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=897c113fda0886a28a986cc6ba17bb93bd6cb1c7 -CVE-2017-14495 - RESERVED +CVE-2017-14495 (Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id ...) - dnsmasq 2.78-1 [stretch] - dnsmasq 2.76-5+deb9u1 [jessie] - dnsmasq <not-affected> (Vulnerable code introduced later) NOTE: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=51eadb692a5123b9838e5a68ecace3ac579a3a45 -CVE-2017-14494 - RESERVED +CVE-2017-14494 (dnsmasq before 2.78, when configured as a relay, allows remote ...) {DSA-3989-1} - dnsmasq 2.78-1 NOTE: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=33e3f1029c9ec6c63e430ff51063a6301d4b2262 -CVE-2017-14493 - RESERVED +CVE-2017-14493 (Stack-based buffer overflow in dnsmasq before 2.78 allows remote ...) {DSA-3989-1} - dnsmasq 2.78-1 NOTE: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=3d4ff1ba8419546490b464418223132529514033 -CVE-2017-14492 - RESERVED +CVE-2017-14492 (Heap-based buffer overflow in dnsmasq before 2.78 allows remote ...) {DSA-3989-1} - dnsmasq 2.78-1 NOTE: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=24036ea507862c7b7898b68289c8130f85599c10 -CVE-2017-14491 - RESERVED +CVE-2017-14491 (Heap-based buffer overflow in dnsmasq before 2.78 allows remote ...) {DSA-3989-1} - dnsmasq 2.78-1 NOTE: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html @@ -3550,8 +3560,7 @@ NOTE: http://www.openwall.com/lists/oss-security/2017/08/27/1 CVE-2017-13705 RESERVED -CVE-2017-13704 [Size parameter overflow via large DNS query] - RESERVED +CVE-2017-13704 (In dnsmasq before 2.78, if the DNS packet size does not match the ...) - dnsmasq 2.78-1 (bug #877102) [stretch] - dnsmasq <not-affected> (Vulnerable code not present; Upstream: Regression introduced in 2.77) [jessie] - dnsmasq <not-affected> (Vulnerable code not present; Upstream: Regression introduced in 2.77) @@ -6707,10 +6716,10 @@ - imagemagick 8:6.9.7.4+dfsg-15 (bug #870106) NOTE: https://github.com/ImageMagick/ImageMagick/issues/542 NOTE: https://github.com/ImageMagick/ImageMagick/commit/78d4c5db50fbab0b4beb69c46c6167f2c6513dec -CVE-2017-12639 - RESERVED -CVE-2017-12638 - RESERVED +CVE-2017-12639 (Stack based buffer overflow in Ipswitch IMail server up to and ...) + TODO: check +CVE-2017-12638 (Stack based buffer overflow in Ipswitch IMail server up to and ...) + TODO: check CVE-2017-12637 (Directory traversal vulnerability in ...) NOT-FOR-US: SAP CVE-2017-12636 @@ -9715,12 +9724,12 @@ - nodejs 4.8.4~dfsg-1 (bug #868162; unimportant) NOTE: https://nodejs.org/en/blog/release/v6.11.1/ NOTE: https://nodejs.org/en/blog/release/v4.8.4/ -CVE-2017-11498 - RESERVED -CVE-2017-11497 - RESERVED -CVE-2017-11496 - RESERVED +CVE-2017-11498 (Buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all ...) + TODO: check +CVE-2017-11497 (Stack buffer overflow in hasplms in Gemalto ACC (Admin Control ...) + TODO: check +CVE-2017-11496 (Stack buffer overflow in hasplms in Gemalto ACC (Admin Control ...) + TODO: check CVE-2017-11495 (PHICOMM K2(PSG1218) devices V22.5.11.5 and earlier allow ...) NOT-FOR-US: PHICOMM CVE-2017-11494 (SQL injection vulnerability in SOL.Connect ISET-mpp meter 1.2.4.2 and ...) @@ -12913,8 +12922,8 @@ - libstruts1.2-java <removed> [wheezy] - libstruts1.2-java <not-affected> (vulnerable code not present) NOTE: https://struts.apache.org/docs/s2-051.html -CVE-2017-9792 - RESERVED +CVE-2017-9792 (In Apache Impala (incubating) before 2.10.0, a malicious user with ...) + TODO: check CVE-2017-9791 (The Struts 1 plugin in Apache Struts 2.3.x might allow remote code ...) - libstruts1.2-java <not-affected> (Vulnerable code not present) NOTE: Issue is specific to Struts 2.x. @@ -19537,10 +19546,10 @@ NOT-FOR-US: Tenable Appliance CVE-2017-8049 RESERVED -CVE-2017-8048 - RESERVED -CVE-2017-8047 - RESERVED +CVE-2017-8048 (In Cloud Foundry capi-release versions 1.33.0 and later, prior to ...) + TODO: check +CVE-2017-8047 (In Cloud Foundry router routing-release all versions prior to v0.163.0 ...) + TODO: check CVE-2017-8046 RESERVED CVE-2017-8045 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits