Author: sectracker Date: 2017-11-30 21:10:21 +0000 (Thu, 30 Nov 2017) New Revision: 58158
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-11-30 21:08:48 UTC (rev 58157) +++ data/CVE/list 2017-11-30 21:10:21 UTC (rev 58158) @@ -1,3 +1,47 @@ +CVE-2018-0740 + RESERVED +CVE-2018-0739 + RESERVED +CVE-2018-0738 + RESERVED +CVE-2018-0737 + RESERVED +CVE-2018-0736 + RESERVED +CVE-2018-0735 + RESERVED +CVE-2018-0734 + RESERVED +CVE-2018-0733 + RESERVED +CVE-2018-0732 + RESERVED +CVE-2018-0731 + RESERVED +CVE-2017-17079 + RESERVED +CVE-2017-17078 + RESERVED +CVE-2017-17077 + RESERVED +CVE-2017-17076 + RESERVED +CVE-2017-17075 + RESERVED +CVE-2017-17074 + RESERVED +CVE-2017-17073 + RESERVED +CVE-2017-17072 + RESERVED +CVE-2017-17071 + RESERVED +CVE-2017-17070 + RESERVED +CVE-2017-17069 + RESERVED +CVE-2017-17068 + RESERVED CVE-2017-17067 (Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before ...) TODO: check CVE-2017-17066 @@ -2,4 +46,4 @@ RESERVED -CVE-2017-17065 - RESERVED +CVE-2017-17065 (An issue was discovered on D-Link DIR-605L Model B before ...) + TODO: check CVE-2017-17064 @@ -1603,6 +1647,7 @@ - linux 4.13.13-1 NOTE: Fixed by: https://git.kernel.org/linus/1137b5e2529a8f5ca8ee709288ecba3e68044df2 CVE-2017-16938 (A global buffer overflow in OptiPNG 0.7.6 allows remote attackers to ...) + {DLA-1196-1} - optipng <unfixed> (bug #878839) NOTE: https://sourceforge.net/p/optipng/bugs/69/ CVE-2017-16937 @@ -1624,12 +1669,14 @@ NOTE: https://github.com/Cacti/cacti/commit/69983495cd41bf0903fe02baeef84b1fa85f2846 NOTE: Fix for the incomplete fix for CVE-2016-2313 CVE-2017-16932 (parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in ...) + {DLA-1194-1} - libxml2 <unfixed> (bug #882613) [stretch] - libxml2 <no-dsa> (Minor issue) [jessie] - libxml2 <no-dsa> (Minor issue) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=759579 NOTE: https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961 CVE-2017-16931 (parser.c in libxml2 before 2.9.5 mishandles parameter-entity references ...) + {DLA-1194-1} - libxml2 2.9.4+dfsg1-3.1 [stretch] - libxml2 2.9.4+dfsg1-2.2+deb9u1 [jessie] - libxml2 2.9.1+dfsg1-5+deb8u5 @@ -6232,11 +6279,13 @@ [jessie] - sox <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1500553 CVE-2017-15371 (There is a reachable assertion abort in the function ...) + {DLA-1197-1} - sox 14.4.2-2 (bug #878809) [stretch] - sox <no-dsa> (Minor issue) [jessie] - sox <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1500570 CVE-2017-15370 (There is a heap-based buffer overflow in the ImaExpandS function of ...) + {DLA-1197-1} - sox 14.4.2-2 (bug #878810) [stretch] - sox <no-dsa> (Minor issue) [jessie] - sox <no-dsa> (Minor issue) @@ -6935,8 +6984,8 @@ NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05045.html CVE-2017-15117 REJECTED -CVE-2017-15116 - RESERVED +CVE-2017-15116 (The rngapi_reset function in crypto/rng.c in the Linux kernel before ...) + TODO: check CVE-2017-15115 (The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel ...) - linux 4.13.13-1 NOTE: https://git.kernel.org/linus/df80cd9b28b9ebaa284a41df611dbf3a2d05ca74 (v4.14-rc6) @@ -7596,8 +7645,8 @@ NOT-FOR-US: Wordpress plugin CVE-2015-9233 (The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) ...) NOT-FOR-US: Wordpress plugin -CVE-2017-14949 - RESERVED +CVE-2017-14949 (Restlet Framework before 2.3.12 allows remote attackers to access ...) + TODO: check CVE-2017-14948 RESERVED CVE-2017-14947 (Artifex GSView 6.0 Beta on Windows allows attackers to execute ...) @@ -7824,8 +7873,7 @@ RESERVED CVE-2017-14869 RESERVED -CVE-2017-14868 - RESERVED +CVE-2017-14868 (Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows ...) - restlet <itp> (bug #596472) CVE-2017-14866 (There is a heap-based buffer overflow in the Exiv2::s2Data function of ...) [experimental] - exiv2 <unfixed> (bug #880015) @@ -14524,8 +14572,7 @@ NOT-FOR-US: Apache Camel CVE-2017-12632 RESERVED -CVE-2017-12631 - RESERVED +CVE-2017-12631 (Apache CXF Fediz ships with a number of container-specific plugins to ...) NOT-FOR-US: Apache CXF CVE-2017-12630 RESERVED @@ -15263,96 +15310,96 @@ RESERVED CVE-2017-12373 RESERVED -CVE-2017-12372 - RESERVED -CVE-2017-12371 - RESERVED -CVE-2017-12370 - RESERVED -CVE-2017-12369 - RESERVED -CVE-2017-12368 - RESERVED -CVE-2017-12367 - RESERVED -CVE-2017-12366 - RESERVED -CVE-2017-12365 - RESERVED -CVE-2017-12364 - RESERVED -CVE-2017-12363 - RESERVED -CVE-2017-12362 - RESERVED -CVE-2017-12361 - RESERVED -CVE-2017-12360 - RESERVED -CVE-2017-12359 - RESERVED -CVE-2017-12358 - RESERVED -CVE-2017-12357 - RESERVED -CVE-2017-12356 - RESERVED -CVE-2017-12355 - RESERVED -CVE-2017-12354 - RESERVED -CVE-2017-12353 - RESERVED -CVE-2017-12352 - RESERVED -CVE-2017-12351 - RESERVED +CVE-2017-12372 (A "Cisco WebEx Network Recording Player Remote Code Execution ...) + TODO: check +CVE-2017-12371 (A "Cisco WebEx Network Recording Player Remote Code Execution ...) + TODO: check +CVE-2017-12370 (A "Cisco WebEx Network Recording Player Remote Code Execution ...) + TODO: check +CVE-2017-12369 (A "Cisco WebEx Network Recording Player Out-of-Bounds Vulnerability" ...) + TODO: check +CVE-2017-12368 (A "Cisco WebEx Network Recording Player Remote Code Execution ...) + TODO: check +CVE-2017-12367 (A "Cisco WebEx Network Recording Player Denial of Service ...) + TODO: check +CVE-2017-12366 (A vulnerability in Cisco WebEx Meeting Center could allow an ...) + TODO: check +CVE-2017-12365 (A vulnerability in Cisco WebEx Event Center could allow an ...) + TODO: check +CVE-2017-12364 (A SQL Injection vulnerability in the web framework of Cisco Prime ...) + TODO: check +CVE-2017-12363 (A vulnerability in Cisco WebEx Meeting Server could allow an ...) + TODO: check +CVE-2017-12362 (A vulnerability in Cisco Meeting Server versions prior to 2.2.2 could ...) + TODO: check +CVE-2017-12361 (A vulnerability in Cisco Jabber for Windows could allow an ...) + TODO: check +CVE-2017-12360 (A vulnerability in Cisco WebEx Network Recording Player for WebEx ...) + TODO: check +CVE-2017-12359 (A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player ...) + TODO: check +CVE-2017-12358 (A vulnerability in the web-based management interface of Cisco Jabber ...) + TODO: check +CVE-2017-12357 (A vulnerability in the web-based management interface of Cisco Unified ...) + TODO: check +CVE-2017-12356 (A vulnerability in the web-based management interface of Cisco Jabber ...) + TODO: check +CVE-2017-12355 (A vulnerability in the Local Packet Transport Services (LPTS) ingress ...) + TODO: check +CVE-2017-12354 (A vulnerability in the web-based interface of Cisco Secure Access ...) + TODO: check +CVE-2017-12353 (A vulnerability in the Multipurpose Internet Mail Extensions (MIME) ...) + TODO: check +CVE-2017-12352 (A vulnerability in certain system script files that are installed at ...) + TODO: check +CVE-2017-12351 (A vulnerability in the guest shell feature of Cisco NX-OS System ...) + TODO: check CVE-2017-12350 (A vulnerability in Cisco Umbrella Insights Virtual Appliances 2.1.0 and ...) NOT-FOR-US: Cisco -CVE-2017-12349 - RESERVED -CVE-2017-12348 - RESERVED -CVE-2017-12347 - RESERVED -CVE-2017-12346 - RESERVED -CVE-2017-12345 - RESERVED -CVE-2017-12344 - RESERVED -CVE-2017-12343 - RESERVED -CVE-2017-12342 - RESERVED -CVE-2017-12341 - RESERVED -CVE-2017-12340 - RESERVED -CVE-2017-12339 - RESERVED -CVE-2017-12338 - RESERVED +CVE-2017-12349 (Multiple vulnerabilities in the web-based management interface of Cisco ...) + TODO: check +CVE-2017-12348 (Multiple vulnerabilities in the web-based management interface of Cisco ...) + TODO: check +CVE-2017-12347 (Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) ...) + TODO: check +CVE-2017-12346 (Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) ...) + TODO: check +CVE-2017-12345 (Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) ...) + TODO: check +CVE-2017-12344 (Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) ...) + TODO: check +CVE-2017-12343 (Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) ...) + TODO: check +CVE-2017-12342 (A vulnerability in the Open Agent Container (OAC) feature of Cisco ...) + TODO: check +CVE-2017-12341 (A vulnerability in the CLI of Cisco NX-OS System Software could allow ...) + TODO: check +CVE-2017-12340 (A vulnerability in Cisco NX-OS System Software running on Cisco MDS ...) + TODO: check +CVE-2017-12339 (A vulnerability in the CLI of Cisco NX-OS System Software could allow ...) + TODO: check +CVE-2017-12338 (A vulnerability in the CLI of Cisco NX-OS System Software could allow ...) + TODO: check CVE-2017-12337 (A vulnerability in the upgrade mechanism of Cisco collaboration ...) NOT-FOR-US: Cisco -CVE-2017-12336 - RESERVED -CVE-2017-12335 - RESERVED -CVE-2017-12334 - RESERVED -CVE-2017-12333 - RESERVED -CVE-2017-12332 - RESERVED -CVE-2017-12331 - RESERVED -CVE-2017-12330 - RESERVED -CVE-2017-12329 - RESERVED -CVE-2017-12328 - RESERVED +CVE-2017-12336 (A vulnerability in the TCL scripting subsystem of Cisco NX-OS System ...) + TODO: check +CVE-2017-12335 (A vulnerability in the CLI of Cisco NX-OS System Software could allow ...) + TODO: check +CVE-2017-12334 (A vulnerability in the CLI of Cisco NX-OS System Software could allow ...) + TODO: check +CVE-2017-12333 (A vulnerability in Cisco NX-OS System Software could allow an ...) + TODO: check +CVE-2017-12332 (A vulnerability in Cisco NX-OS System Software patch installation could ...) + TODO: check +CVE-2017-12331 (A vulnerability in Cisco NX-OS System Software could allow an ...) + TODO: check +CVE-2017-12330 (A vulnerability in the CLI of Cisco NX-OS System Software could allow ...) + TODO: check +CVE-2017-12329 (A vulnerability in the CLI of Cisco Firepower Extensible Operating ...) + TODO: check +CVE-2017-12328 (A vulnerability in Session Initiation Protocol (SIP) call handling in ...) + TODO: check CVE-2017-12327 RESERVED CVE-2017-12326 @@ -15413,8 +15460,8 @@ NOT-FOR-US: Cisco CVE-2017-12298 (A vulnerability in Cisco WebEx Meeting Center could allow an ...) NOT-FOR-US: Cisco -CVE-2017-12297 - RESERVED +CVE-2017-12297 (A vulnerability in Cisco WebEx Meeting Center could allow an ...) + TODO: check CVE-2017-12296 (A vulnerability in Cisco WebEx Meetings Server could allow an ...) NOT-FOR-US: Cisco CVE-2017-12295 (A vulnerability in Cisco WebEx Meetings Server could allow an ...) @@ -18056,12 +18103,14 @@ NOTE: https://github.com/ImageMagick/ImageMagick/issues/518 NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/224bc946b24824a77e8e8c52ee07e9bc65796e30 CVE-2017-11359 (The wavwritehdr function in wav.c in Sound eXchange (SoX) 14.4.2 allows ...) + {DLA-1197-1} - sox 14.4.2-2 (bug #870328) [stretch] - sox <no-dsa> (Minor issue) [jessie] - sox <no-dsa> (Minor issue) NOTE: http://seclists.org/fulldisclosure/2017/Jul/81 NOTE: Upstream bug report https://sourceforge.net/p/sox/bugs/296/ CVE-2017-11358 (The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2 ...) + {DLA-1197-1} - sox 14.4.2-2 (bug #870328) [stretch] - sox <no-dsa> (Minor issue) [jessie] - sox <no-dsa> (Minor issue) @@ -18194,6 +18243,7 @@ NOTE: http://seclists.org/fulldisclosure/2017/Jul/82 NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2332 CVE-2017-11332 (The startread function in wav.c in Sound eXchange (SoX) 14.4.2 allows ...) + {DLA-1197-1} - sox 14.4.2-2 (bug #870328) [stretch] - sox <no-dsa> (Minor issue) [jessie] - sox <no-dsa> (Minor issue) @@ -25702,7 +25752,7 @@ NOTE: https://curl.haxx.se/docs/adv_2017-af0a.html NOTE: https://curl.haxx.se/CVE-2017-8818.patch CVE-2017-8817 (The FTP wildcard function in curl and libcurl before 7.57.0 allows ...) - {DSA-4051-1} + {DSA-4051-1 DLA-1195-1} - curl 7.57.0-1 NOTE: https://curl.haxx.se/docs/adv_2017-ae72.html NOTE: https://curl.haxx.se/CVE-2017-8817.patch @@ -41244,8 +41294,8 @@ RESERVED CVE-2017-3765 RESERVED -CVE-2017-3764 - RESERVED +CVE-2017-3764 (A vulnerability was identified in Lenovo XClarity Administrator (LXCA) ...) + TODO: check CVE-2017-3763 (An attacker who obtains access to the location where the LXCA file ...) NOT-FOR-US: Lenovo LXCA CVE-2017-3762 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits