Author: sectracker Date: 2017-10-03 21:10:13 +0000 (Tue, 03 Oct 2017) New Revision: 56385
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-10-03 21:01:02 UTC (rev 56384) +++ data/CVE/list 2017-10-03 21:10:13 UTC (rev 56385) @@ -1,3 +1,31 @@ +CVE-2017-15011 (The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and ...) + TODO: check +CVE-2017-15010 (A ReDoS (regular expression denial of service) flaw was found in the ...) + TODO: check +CVE-2017-15009 (PRTG Network Monitor version 17.3.33.2830 is vulnerable to reflected ...) + TODO: check +CVE-2017-15008 (PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored ...) + TODO: check +CVE-2017-15007 + RESERVED +CVE-2017-15006 + RESERVED +CVE-2017-15005 + RESERVED +CVE-2017-15004 + RESERVED +CVE-2017-15003 + RESERVED +CVE-2017-15002 + RESERVED +CVE-2017-15001 + RESERVED +CVE-2017-15000 + RESERVED +CVE-2017-14999 + RESERVED +CVE-2017-14998 + RESERVED CVE-2017-14997 (GraphicsMagick 1.3.26 allows remote attackers to cause a denial of ...) - graphicsmagick <unfixed> NOTE: https://sourceforge.net/p/graphicsmagick/code/ci/0683f8724200495059606c03f04e0d589b33ebe8/ @@ -5524,7 +5552,7 @@ RESERVED CVE-2017-12884 RESERVED -CVE-2017-12883 (Buffer overflow in the regular expression parser in PERL before ...) +CVE-2017-12883 (Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 ...) {DSA-3982-1} - perl 5.26.0-8 (bug #875597) [wheezy] - perl <not-affected> (Vulnerable code introduced later) @@ -6171,7 +6199,7 @@ RESERVED CVE-2017-12838 (Cross-site request forgery (CSRF) vulnerability in NexusPHP 1.5 allows ...) NOT-FOR-US: NexusPHP -CVE-2017-12837 (Heap-based buffer overflow in the regular expression compiler in PERL ...) +CVE-2017-12837 (Heap-based buffer overflow in the S_regatom function in regcomp.c in ...) {DSA-3982-1} - perl 5.26.0-8 (bug #875596) [wheezy] - perl <not-affected> (Vulnerable code introduced after 5.14.4) @@ -6205,16 +6233,16 @@ RESERVED CVE-2017-12823 RESERVED -CVE-2017-12822 - RESERVED -CVE-2017-12821 - RESERVED -CVE-2017-12820 - RESERVED -CVE-2017-12819 - RESERVED -CVE-2017-12818 - RESERVED +CVE-2017-12822 (Remote enabling and disabling admin interface in Gemalto's HASP SRM, ...) + TODO: check +CVE-2017-12821 (Memory corruption in Gemalto's HASP SRM, Sentinel HASP and Sentinel ...) + TODO: check +CVE-2017-12820 (Arbitrary memory read from controlled memory pointer in Gemalto's HASP ...) + TODO: check +CVE-2017-12819 (Remote manipulations with language pack updater lead to NTLM-relay ...) + TODO: check +CVE-2017-12818 (Stack overflow in custom XML-parser in Gemalto's HASP SRM, Sentinel ...) + TODO: check CVE-2017-12817 (In Kaspersky Internet Security for Android 11.12.4.1622, some of the ...) NOT-FOR-US: Kaspersky Internet Security for Android CVE-2017-12816 (In Kaspersky Internet Security for Android 11.12.4.1622, some of ...) @@ -6768,8 +6796,7 @@ RESERVED CVE-2017-12618 RESERVED -CVE-2017-12617 - RESERVED +CVE-2017-12617 (When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to ...) - tomcat7 <not-affected> (Windows-specific) CVE-2017-12616 (When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it ...) {DLA-1108-1} @@ -7854,8 +7881,7 @@ CVE-2017-12167 RESERVED TODO: check, possibly Red Hat specific issue -CVE-2017-12166 [remote buffer overflow] - RESERVED +CVE-2017-12166 (OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to ...) - openvpn <unfixed> (bug #877089) [stretch] - openvpn <no-dsa> (Minor issue) [jessie] - openvpn <no-dsa> (Minor issue) @@ -38972,8 +38998,8 @@ RESERVED CVE-2017-1542 RESERVED -CVE-2017-1541 - RESERVED +CVE-2017-1541 (A flaw in the AIX 5.3, 6.1, 7.1, and 7.2 JRE/SDK installp and updatep ...) + TODO: check CVE-2017-1540 RESERVED CVE-2017-1539 (IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to ...) @@ -39802,8 +39828,8 @@ NOT-FOR-US: IBM CVE-2017-1127 (IBM Rational DOORS Next Generation 4.0, 5.0 and 6.0 is vulnerable to ...) NOT-FOR-US: IBM -CVE-2017-1126 - RESERVED +CVE-2017-1126 (IBM WebSphere Message Broker (IBM Integration Bus 9.0 and 10.0) could ...) + TODO: check CVE-2017-1125 (IBM Cognos Analytics 10.1 and 10.2 could allow a local user to craft a ...) NOT-FOR-US: IBM CVE-2017-1124 (IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local ...) @@ -195416,7 +195442,7 @@ NOT-FOR-US: aspWebAlbum CVE-2008-6977 (Cross-site scripting (XSS) vulnerability in album.asp in Full ...) NOT-FOR-US: aspWebAlbum -CVE-2008-6976 (MicroTik RouterOS 3.x through 3.13 and 2.x through 2.9.51 allows ...) +CVE-2008-6976 (MikroTik RouterOS 3.x through 3.13 and 2.x through 2.9.51 allows ...) NOT-FOR-US: MicroTik RouterOS CVE-2009-2778 (Cross-site scripting (XSS) vulnerability in visitor/view.php in ...) NOT-FOR-US: GarageSales script @@ -217813,7 +217839,7 @@ NOT-FOR-US: Wordspew plugin for Wordpress CVE-2008-0681 (SQL injection vulnerability in index.php in PHPShop 0.8.1 allows ...) NOT-FOR-US: PHPShop -CVE-2008-0680 (SNMPd in MicroTik RouterOS 3.2 and earlier allows remote attackers to ...) +CVE-2008-0680 (SNMPd in MikroTik RouterOS 3.2 and earlier allows remote attackers to ...) NOT-FOR-US: MicroTik RouterOS CVE-2008-0679 (Cross-site scripting (XSS) vulnerability in index.php in BlogPHP 2.0 ...) NOT-FOR-US: BlogPHP _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits