Author: sectracker
Date: 2017-11-30 21:10:21 +0000 (Thu, 30 Nov 2017)
New Revision: 58158
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-11-30 21:08:48 UTC (rev 58157)
+++ data/CVE/list 2017-11-30 21:10:21 UTC (rev 58158)
@@ -1,3 +1,47 @@
+CVE-2018-0740
+ RESERVED
+CVE-2018-0739
+ RESERVED
+CVE-2018-0738
+ RESERVED
+CVE-2018-0737
+ RESERVED
+CVE-2018-0736
+ RESERVED
+CVE-2018-0735
+ RESERVED
+CVE-2018-0734
+ RESERVED
+CVE-2018-0733
+ RESERVED
+CVE-2018-0732
+ RESERVED
+CVE-2018-0731
+ RESERVED
+CVE-2017-17079
+ RESERVED
+CVE-2017-17078
+ RESERVED
+CVE-2017-17077
+ RESERVED
+CVE-2017-17076
+ RESERVED
+CVE-2017-17075
+ RESERVED
+CVE-2017-17074
+ RESERVED
+CVE-2017-17073
+ RESERVED
+CVE-2017-17072
+ RESERVED
+CVE-2017-17071
+ RESERVED
+CVE-2017-17070
+ RESERVED
+CVE-2017-17069
+ RESERVED
+CVE-2017-17068
+ RESERVED
CVE-2017-17067 (Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x
before ...)
TODO: check
CVE-2017-17066
@@ -2,4 +46,4 @@
RESERVED
-CVE-2017-17065
- RESERVED
+CVE-2017-17065 (An issue was discovered on D-Link DIR-605L Model B before ...)
+ TODO: check
CVE-2017-17064
@@ -1603,6 +1647,7 @@
- linux 4.13.13-1
NOTE: Fixed by:
https://git.kernel.org/linus/1137b5e2529a8f5ca8ee709288ecba3e68044df2
CVE-2017-16938 (A global buffer overflow in OptiPNG 0.7.6 allows remote
attackers to ...)
+ {DLA-1196-1}
- optipng <unfixed> (bug #878839)
NOTE: https://sourceforge.net/p/optipng/bugs/69/
CVE-2017-16937
@@ -1624,12 +1669,14 @@
NOTE:
https://github.com/Cacti/cacti/commit/69983495cd41bf0903fe02baeef84b1fa85f2846
NOTE: Fix for the incomplete fix for CVE-2016-2313
CVE-2017-16932 (parser.c in libxml2 before 2.9.5 does not prevent infinite
recursion in ...)
+ {DLA-1194-1}
- libxml2 <unfixed> (bug #882613)
[stretch] - libxml2 <no-dsa> (Minor issue)
[jessie] - libxml2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=759579
NOTE:
https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961
CVE-2017-16931 (parser.c in libxml2 before 2.9.5 mishandles parameter-entity
references ...)
+ {DLA-1194-1}
- libxml2 2.9.4+dfsg1-3.1
[stretch] - libxml2 2.9.4+dfsg1-2.2+deb9u1
[jessie] - libxml2 2.9.1+dfsg1-5+deb8u5
@@ -6232,11 +6279,13 @@
[jessie] - sox <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1500553
CVE-2017-15371 (There is a reachable assertion abort in the function ...)
+ {DLA-1197-1}
- sox 14.4.2-2 (bug #878809)
[stretch] - sox <no-dsa> (Minor issue)
[jessie] - sox <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1500570
CVE-2017-15370 (There is a heap-based buffer overflow in the ImaExpandS
function of ...)
+ {DLA-1197-1}
- sox 14.4.2-2 (bug #878810)
[stretch] - sox <no-dsa> (Minor issue)
[jessie] - sox <no-dsa> (Minor issue)
@@ -6935,8 +6984,8 @@
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05045.html
CVE-2017-15117
REJECTED
-CVE-2017-15116
- RESERVED
+CVE-2017-15116 (The rngapi_reset function in crypto/rng.c in the Linux kernel
before ...)
+ TODO: check
CVE-2017-15115 (The sctp_do_peeloff function in net/sctp/socket.c in the Linux
kernel ...)
- linux 4.13.13-1
NOTE:
https://git.kernel.org/linus/df80cd9b28b9ebaa284a41df611dbf3a2d05ca74
(v4.14-rc6)
@@ -7596,8 +7645,8 @@
NOT-FOR-US: Wordpress plugin
CVE-2015-9233 (The cp-contact-form-with-paypal (aka CP Contact Form with
PayPal) ...)
NOT-FOR-US: Wordpress plugin
-CVE-2017-14949
- RESERVED
+CVE-2017-14949 (Restlet Framework before 2.3.12 allows remote attackers to
access ...)
+ TODO: check
CVE-2017-14948
RESERVED
CVE-2017-14947 (Artifex GSView 6.0 Beta on Windows allows attackers to execute
...)
@@ -7824,8 +7873,7 @@
RESERVED
CVE-2017-14869
RESERVED
-CVE-2017-14868
- RESERVED
+CVE-2017-14868 (Restlet Framework before 2.3.11, when using SimpleXMLProvider,
allows ...)
- restlet <itp> (bug #596472)
CVE-2017-14866 (There is a heap-based buffer overflow in the Exiv2::s2Data
function of ...)
[experimental] - exiv2 <unfixed> (bug #880015)
@@ -14524,8 +14572,7 @@
NOT-FOR-US: Apache Camel
CVE-2017-12632
RESERVED
-CVE-2017-12631
- RESERVED
+CVE-2017-12631 (Apache CXF Fediz ships with a number of container-specific
plugins to ...)
NOT-FOR-US: Apache CXF
CVE-2017-12630
RESERVED
@@ -15263,96 +15310,96 @@
RESERVED
CVE-2017-12373
RESERVED
-CVE-2017-12372
- RESERVED
-CVE-2017-12371
- RESERVED
-CVE-2017-12370
- RESERVED
-CVE-2017-12369
- RESERVED
-CVE-2017-12368
- RESERVED
-CVE-2017-12367
- RESERVED
-CVE-2017-12366
- RESERVED
-CVE-2017-12365
- RESERVED
-CVE-2017-12364
- RESERVED
-CVE-2017-12363
- RESERVED
-CVE-2017-12362
- RESERVED
-CVE-2017-12361
- RESERVED
-CVE-2017-12360
- RESERVED
-CVE-2017-12359
- RESERVED
-CVE-2017-12358
- RESERVED
-CVE-2017-12357
- RESERVED
-CVE-2017-12356
- RESERVED
-CVE-2017-12355
- RESERVED
-CVE-2017-12354
- RESERVED
-CVE-2017-12353
- RESERVED
-CVE-2017-12352
- RESERVED
-CVE-2017-12351
- RESERVED
+CVE-2017-12372 (A "Cisco WebEx Network Recording Player Remote Code
Execution ...)
+ TODO: check
+CVE-2017-12371 (A "Cisco WebEx Network Recording Player Remote Code
Execution ...)
+ TODO: check
+CVE-2017-12370 (A "Cisco WebEx Network Recording Player Remote Code
Execution ...)
+ TODO: check
+CVE-2017-12369 (A "Cisco WebEx Network Recording Player Out-of-Bounds
Vulnerability" ...)
+ TODO: check
+CVE-2017-12368 (A "Cisco WebEx Network Recording Player Remote Code
Execution ...)
+ TODO: check
+CVE-2017-12367 (A "Cisco WebEx Network Recording Player Denial of Service
...)
+ TODO: check
+CVE-2017-12366 (A vulnerability in Cisco WebEx Meeting Center could allow an
...)
+ TODO: check
+CVE-2017-12365 (A vulnerability in Cisco WebEx Event Center could allow an ...)
+ TODO: check
+CVE-2017-12364 (A SQL Injection vulnerability in the web framework of Cisco
Prime ...)
+ TODO: check
+CVE-2017-12363 (A vulnerability in Cisco WebEx Meeting Server could allow an
...)
+ TODO: check
+CVE-2017-12362 (A vulnerability in Cisco Meeting Server versions prior to
2.2.2 could ...)
+ TODO: check
+CVE-2017-12361 (A vulnerability in Cisco Jabber for Windows could allow an ...)
+ TODO: check
+CVE-2017-12360 (A vulnerability in Cisco WebEx Network Recording Player for
WebEx ...)
+ TODO: check
+CVE-2017-12359 (A Buffer Overflow vulnerability in Cisco WebEx Network
Recording Player ...)
+ TODO: check
+CVE-2017-12358 (A vulnerability in the web-based management interface of Cisco
Jabber ...)
+ TODO: check
+CVE-2017-12357 (A vulnerability in the web-based management interface of Cisco
Unified ...)
+ TODO: check
+CVE-2017-12356 (A vulnerability in the web-based management interface of Cisco
Jabber ...)
+ TODO: check
+CVE-2017-12355 (A vulnerability in the Local Packet Transport Services (LPTS)
ingress ...)
+ TODO: check
+CVE-2017-12354 (A vulnerability in the web-based interface of Cisco Secure
Access ...)
+ TODO: check
+CVE-2017-12353 (A vulnerability in the Multipurpose Internet Mail Extensions
(MIME) ...)
+ TODO: check
+CVE-2017-12352 (A vulnerability in certain system script files that are
installed at ...)
+ TODO: check
+CVE-2017-12351 (A vulnerability in the guest shell feature of Cisco NX-OS
System ...)
+ TODO: check
CVE-2017-12350 (A vulnerability in Cisco Umbrella Insights Virtual Appliances
2.1.0 and ...)
NOT-FOR-US: Cisco
-CVE-2017-12349
- RESERVED
-CVE-2017-12348
- RESERVED
-CVE-2017-12347
- RESERVED
-CVE-2017-12346
- RESERVED
-CVE-2017-12345
- RESERVED
-CVE-2017-12344
- RESERVED
-CVE-2017-12343
- RESERVED
-CVE-2017-12342
- RESERVED
-CVE-2017-12341
- RESERVED
-CVE-2017-12340
- RESERVED
-CVE-2017-12339
- RESERVED
-CVE-2017-12338
- RESERVED
+CVE-2017-12349 (Multiple vulnerabilities in the web-based management interface
of Cisco ...)
+ TODO: check
+CVE-2017-12348 (Multiple vulnerabilities in the web-based management interface
of Cisco ...)
+ TODO: check
+CVE-2017-12347 (Multiple vulnerabilities in Cisco Data Center Network Manager
(DCNM) ...)
+ TODO: check
+CVE-2017-12346 (Multiple vulnerabilities in Cisco Data Center Network Manager
(DCNM) ...)
+ TODO: check
+CVE-2017-12345 (Multiple vulnerabilities in Cisco Data Center Network Manager
(DCNM) ...)
+ TODO: check
+CVE-2017-12344 (Multiple vulnerabilities in Cisco Data Center Network Manager
(DCNM) ...)
+ TODO: check
+CVE-2017-12343 (Multiple vulnerabilities in Cisco Data Center Network Manager
(DCNM) ...)
+ TODO: check
+CVE-2017-12342 (A vulnerability in the Open Agent Container (OAC) feature of
Cisco ...)
+ TODO: check
+CVE-2017-12341 (A vulnerability in the CLI of Cisco NX-OS System Software
could allow ...)
+ TODO: check
+CVE-2017-12340 (A vulnerability in Cisco NX-OS System Software running on
Cisco MDS ...)
+ TODO: check
+CVE-2017-12339 (A vulnerability in the CLI of Cisco NX-OS System Software
could allow ...)
+ TODO: check
+CVE-2017-12338 (A vulnerability in the CLI of Cisco NX-OS System Software
could allow ...)
+ TODO: check
CVE-2017-12337 (A vulnerability in the upgrade mechanism of Cisco
collaboration ...)
NOT-FOR-US: Cisco
-CVE-2017-12336
- RESERVED
-CVE-2017-12335
- RESERVED
-CVE-2017-12334
- RESERVED
-CVE-2017-12333
- RESERVED
-CVE-2017-12332
- RESERVED
-CVE-2017-12331
- RESERVED
-CVE-2017-12330
- RESERVED
-CVE-2017-12329
- RESERVED
-CVE-2017-12328
- RESERVED
+CVE-2017-12336 (A vulnerability in the TCL scripting subsystem of Cisco NX-OS
System ...)
+ TODO: check
+CVE-2017-12335 (A vulnerability in the CLI of Cisco NX-OS System Software
could allow ...)
+ TODO: check
+CVE-2017-12334 (A vulnerability in the CLI of Cisco NX-OS System Software
could allow ...)
+ TODO: check
+CVE-2017-12333 (A vulnerability in Cisco NX-OS System Software could allow an
...)
+ TODO: check
+CVE-2017-12332 (A vulnerability in Cisco NX-OS System Software patch
installation could ...)
+ TODO: check
+CVE-2017-12331 (A vulnerability in Cisco NX-OS System Software could allow an
...)
+ TODO: check
+CVE-2017-12330 (A vulnerability in the CLI of Cisco NX-OS System Software
could allow ...)
+ TODO: check
+CVE-2017-12329 (A vulnerability in the CLI of Cisco Firepower Extensible
Operating ...)
+ TODO: check
+CVE-2017-12328 (A vulnerability in Session Initiation Protocol (SIP) call
handling in ...)
+ TODO: check
CVE-2017-12327
RESERVED
CVE-2017-12326
@@ -15413,8 +15460,8 @@
NOT-FOR-US: Cisco
CVE-2017-12298 (A vulnerability in Cisco WebEx Meeting Center could allow an
...)
NOT-FOR-US: Cisco
-CVE-2017-12297
- RESERVED
+CVE-2017-12297 (A vulnerability in Cisco WebEx Meeting Center could allow an
...)
+ TODO: check
CVE-2017-12296 (A vulnerability in Cisco WebEx Meetings Server could allow an
...)
NOT-FOR-US: Cisco
CVE-2017-12295 (A vulnerability in Cisco WebEx Meetings Server could allow an
...)
@@ -18056,12 +18103,14 @@
NOTE: https://github.com/ImageMagick/ImageMagick/issues/518
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/224bc946b24824a77e8e8c52ee07e9bc65796e30
CVE-2017-11359 (The wavwritehdr function in wav.c in Sound eXchange (SoX)
14.4.2 allows ...)
+ {DLA-1197-1}
- sox 14.4.2-2 (bug #870328)
[stretch] - sox <no-dsa> (Minor issue)
[jessie] - sox <no-dsa> (Minor issue)
NOTE: http://seclists.org/fulldisclosure/2017/Jul/81
NOTE: Upstream bug report https://sourceforge.net/p/sox/bugs/296/
CVE-2017-11358 (The read_samples function in hcom.c in Sound eXchange (SoX)
14.4.2 ...)
+ {DLA-1197-1}
- sox 14.4.2-2 (bug #870328)
[stretch] - sox <no-dsa> (Minor issue)
[jessie] - sox <no-dsa> (Minor issue)
@@ -18194,6 +18243,7 @@
NOTE: http://seclists.org/fulldisclosure/2017/Jul/82
NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2332
CVE-2017-11332 (The startread function in wav.c in Sound eXchange (SoX) 14.4.2
allows ...)
+ {DLA-1197-1}
- sox 14.4.2-2 (bug #870328)
[stretch] - sox <no-dsa> (Minor issue)
[jessie] - sox <no-dsa> (Minor issue)
@@ -25702,7 +25752,7 @@
NOTE: https://curl.haxx.se/docs/adv_2017-af0a.html
NOTE: https://curl.haxx.se/CVE-2017-8818.patch
CVE-2017-8817 (The FTP wildcard function in curl and libcurl before 7.57.0
allows ...)
- {DSA-4051-1}
+ {DSA-4051-1 DLA-1195-1}
- curl 7.57.0-1
NOTE: https://curl.haxx.se/docs/adv_2017-ae72.html
NOTE: https://curl.haxx.se/CVE-2017-8817.patch
@@ -41244,8 +41294,8 @@
RESERVED
CVE-2017-3765
RESERVED
-CVE-2017-3764
- RESERVED
+CVE-2017-3764 (A vulnerability was identified in Lenovo XClarity Administrator
(LXCA) ...)
+ TODO: check
CVE-2017-3763 (An attacker who obtains access to the location where the LXCA
file ...)
NOT-FOR-US: Lenovo LXCA
CVE-2017-3762
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
