Author: sectracker
Date: 2017-12-07 21:10:12 +0000 (Thu, 07 Dec 2017)
New Revision: 58340
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-07 20:59:36 UTC (rev 58339)
+++ data/CVE/list 2017-12-07 21:10:12 UTC (rev 58340)
@@ -1,3 +1,131 @@
+CVE-2018-1340
+ RESERVED
+CVE-2018-1339
+ RESERVED
+CVE-2018-1338
+ RESERVED
+CVE-2018-1337
+ RESERVED
+CVE-2018-1336
+ RESERVED
+CVE-2018-1335
+ RESERVED
+CVE-2018-1334
+ RESERVED
+CVE-2018-1333
+ RESERVED
+CVE-2018-1332
+ RESERVED
+CVE-2018-1331
+ RESERVED
+CVE-2018-1330
+ RESERVED
+CVE-2018-1329
+ RESERVED
+CVE-2018-1328
+ RESERVED
+CVE-2018-1327
+ RESERVED
+CVE-2018-1326
+ RESERVED
+CVE-2018-1325
+ RESERVED
+CVE-2018-1324
+ RESERVED
+CVE-2018-1323
+ RESERVED
+CVE-2018-1322
+ RESERVED
+CVE-2018-1321
+ RESERVED
+CVE-2018-1320
+ RESERVED
+CVE-2018-1319
+ RESERVED
+CVE-2018-1318
+ RESERVED
+CVE-2018-1317
+ RESERVED
+CVE-2018-1316
+ RESERVED
+CVE-2018-1315
+ RESERVED
+CVE-2018-1314
+ RESERVED
+CVE-2018-1313
+ RESERVED
+CVE-2018-1312
+ RESERVED
+CVE-2018-1311
+ RESERVED
+CVE-2018-1310
+ RESERVED
+CVE-2018-1309
+ RESERVED
+CVE-2018-1308
+ RESERVED
+CVE-2018-1307
+ RESERVED
+CVE-2018-1306
+ RESERVED
+CVE-2018-1305
+ RESERVED
+CVE-2018-1304
+ RESERVED
+CVE-2018-1303
+ RESERVED
+CVE-2018-1302
+ RESERVED
+CVE-2018-1301
+ RESERVED
+CVE-2018-1300
+ RESERVED
+CVE-2018-1299
+ RESERVED
+CVE-2018-1298
+ RESERVED
+CVE-2018-1297
+ RESERVED
+CVE-2018-1296
+ RESERVED
+CVE-2018-1295
+ RESERVED
+CVE-2018-1294
+ RESERVED
+CVE-2018-1293
+ RESERVED
+CVE-2018-1292
+ RESERVED
+CVE-2018-1291
+ RESERVED
+CVE-2018-1290
+ RESERVED
+CVE-2018-1289
+ RESERVED
+CVE-2018-1288
+ RESERVED
+CVE-2018-1287
+ RESERVED
+CVE-2018-1286
+ RESERVED
+CVE-2018-1285
+ RESERVED
+CVE-2018-1284
+ RESERVED
+CVE-2018-1283
+ RESERVED
+CVE-2018-1282
+ RESERVED
+CVE-2018-1281
+ RESERVED
+CVE-2017-17459 (http_transport.c in Fossil before 2.4, when the SSH sync
protocol is ...)
+ TODO: check
+CVE-2017-17458 (In Mercurial before 4.4.1, it is possible that a specially
malformed ...)
+ TODO: check
+CVE-2017-1002102
+ RESERVED
+CVE-2017-1002101
+ RESERVED
CVE-2017-17457 (The function d2ulaw_array() in ulaw.c of libsndfile 1.0.29pre1
may lead ...)
- libsndfile <unfixed> (low)
[stretch] - libsndfile <no-dsa> (Minor issue)
@@ -290,7 +418,7 @@
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22375
NOTE: Introduced by:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d5c3fafc4307c9b7a4c7d5cb381fcdbfad340bcc
NOTE: Fixed by:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=34697694e8a93b325b18f25f7dcded55d6baeaf6
-CVE-2017-1000410 [Info Leak in the Linux Kernel via Bluetooth]
+CVE-2017-1000410 (The Linux kernel version 3.3-rc1 and later is affected by a
...)
- linux <unfixed>
NOTE: http://www.openwall.com/lists/oss-security/2017/12/06/3
CVE-2017-1000409
@@ -5856,6 +5984,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2017/12/05/5
NOTE: https://launchpad.net/bugs/1732976
CVE-2017-16239 (In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and
16.x through ...)
+ {DSA-4056-1}
- nova 2:16.0.3-1 (bug #882009)
[jessie] - nova <not-affected> (Vulnerble code introduced later)
[wheezy] - nova <not-affected> (Vulnerble code introduced later)
@@ -11363,8 +11492,8 @@
NOT-FOR-US: Cloud Foundry Foundation GrootFS
CVE-2017-14387
RESERVED
-CVE-2017-14386
- RESERVED
+CVE-2017-14386 (The web user interface of Dell 2335dn and 2355dn Multifunction
Laser ...)
+ TODO: check
CVE-2017-14385
RESERVED
CVE-2017-14384
@@ -18455,8 +18584,8 @@
RESERVED
CVE-2017-11938
RESERVED
-CVE-2017-11937
- RESERVED
+CVE-2017-11937 (The Microsoft Malware Protection Engine running on Microsoft
Forefront ...)
+ TODO: check
CVE-2017-11936
RESERVED
CVE-2017-11935
@@ -43487,15 +43616,13 @@
NOT-FOR-US: Lenovo
CVE-2017-3739
RESERVED
-CVE-2017-3738 [rsaz_1024_mul_avx2 overflow bug on x86_64]
- RESERVED
+CVE-2017-3738 (There is an overflow bug in the AVX2 Montgomery multiplication
...)
- openssl <unfixed>
- openssl1.0 <unfixed>
NOTE: https://www.openssl.org/news/secadv/20171207.txt
NOTE: OpenSSL_1_1_0-stable:
https://git.openssl.org/?p=openssl.git;a=commit;h=e502cc86df9dafded1694fceb3228ee34d11c11a
NOTE: OpenSSL_1_0_2-stable:
https://git.openssl.org/?p=openssl.git;a=commit;h=ca51bafc1a88d8b8348f5fd97adc5d6ca93f8e76
-CVE-2017-3737 [Read/write after SSL object in error state]
- RESERVED
+CVE-2017-3737 (OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an
"error ...)
- openssl 1.1.0b-2
[jessie] - openssl <not-affected> (Issue introduced in 1.0.2b)
[wheezy] - openssl <not-affected> (Issue introduced in 1.0.2b)
@@ -49678,10 +49805,10 @@
NOT-FOR-US: IBM
CVE-2017-1499
RESERVED
-CVE-2017-1498
- RESERVED
-CVE-2017-1497
- RESERVED
+CVE-2017-1498 (IBM Connections 5.5 is vulnerable to cross-site scripting. This
...)
+ TODO: check
+CVE-2017-1497 (IBM Sterling File Gateway 2.2 could allow an unauthorized user
to view ...)
+ TODO: check
CVE-2017-1496 (IBM Sterling B2B Integrator Standard Edition 5.2.x is
vulnerable to ...)
NOT-FOR-US: IBM
CVE-2017-1495 (IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could
allow a ...)
@@ -49700,8 +49827,8 @@
NOT-FOR-US: IBM
CVE-2017-1488
RESERVED
-CVE-2017-1487
- RESERVED
+CVE-2017-1487 (IBM Sterling File Gateway 2.2 could allow an authenticated
attacker to ...)
+ TODO: check
CVE-2017-1486
RESERVED
CVE-2017-1485 (IBM Cognos Analytics 11.0 is vulnerable to cross-site
scripting. This ...)
@@ -49710,10 +49837,10 @@
NOT-FOR-US: IBM
CVE-2017-1483 (IBM Security Identity Manager Adapters 6.0 and 7.0 does not
perform an ...)
NOT-FOR-US: IBM
-CVE-2017-1482
- RESERVED
-CVE-2017-1481
- RESERVED
+CVE-2017-1482 (IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable
to ...)
+ TODO: check
+CVE-2017-1481 (IBM Sterling B2B Integrator Standard Edition 5.2 allows a user
to view ...)
+ TODO: check
CVE-2017-1480
RESERVED
CVE-2017-1479
@@ -49744,8 +49871,8 @@
NOT-FOR-US: IBM
CVE-2017-1466
RESERVED
-CVE-2017-1465
- RESERVED
+CVE-2017-1465 (IBM TRIRIGA 3.2, 3.3, 3.4, and 3.5 could allow a remote
attacker to ...)
+ TODO: check
CVE-2017-1464
RESERVED
CVE-2017-1463
@@ -49808,8 +49935,8 @@
RESERVED
CVE-2017-1434 (IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect
Server) ...)
NOT-FOR-US: IBM
-CVE-2017-1433
- RESERVED
+CVE-2017-1433 (IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow an authenticated
user ...)
+ TODO: check
CVE-2017-1432
RESERVED
CVE-2017-1431 (IBM InfoSphere Streams 4.0, 4.1, and 4.2 is vulnerable to
cross-site ...)
@@ -49962,14 +50089,14 @@
RESERVED
CVE-2017-1357 (IBM Maximo Asset Management 7.5 and 7.6 could allow an
authenticated ...)
NOT-FOR-US: IBM
-CVE-2017-1356
- RESERVED
-CVE-2017-1355
- RESERVED
-CVE-2017-1354
- RESERVED
-CVE-2017-1353
- RESERVED
+CVE-2017-1356 (IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to
SQL ...)
+ TODO: check
+CVE-2017-1355 (IBM Atlas eDiscovery Process Management 6.0.3 stores sensitive
...)
+ TODO: check
+CVE-2017-1354 (IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to
...)
+ TODO: check
+CVE-2017-1353 (IBM Atlas eDiscovery Process Management 6.0.3 could allow an
...)
+ TODO: check
CVE-2017-1352 (IBM Maximo Asset Management 7.5 and 7.6 could allow an
authenticated ...)
NOT-FOR-US: IBM
CVE-2017-1351
@@ -49990,10 +50117,10 @@
RESERVED
CVE-2017-1343
RESERVED
-CVE-2017-1342
- RESERVED
-CVE-2017-1341
- RESERVED
+CVE-2017-1342 (IBM Insights Foundation for Energy 2.0 could reveal sensitive
...)
+ TODO: check
+CVE-2017-1341 (IBM WebSphere MQ 8.0 and 9.0 could allow, under special
circumstances, ...)
+ TODO: check
CVE-2017-1340 (IBM Jazz Reporting Service (JRS) 6.0.4 could allow an
authenticated ...)
NOT-FOR-US: IBM
CVE-2017-1339 (IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage
Manager) ...)
@@ -50002,8 +50129,8 @@
NOT-FOR-US: IBM
CVE-2017-1337 (IBM WebSphere MQ 9.0.1 and 9.0.2 Java/JMS application can
incorrectly ...)
NOT-FOR-US: IBM
-CVE-2017-1336
- RESERVED
+CVE-2017-1336 (IBM Infosphere BigInsights 4.2.0 could allow an attacker to
inject ...)
+ TODO: check
CVE-2017-1335 (IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site
scripting. This ...)
NOT-FOR-US: IBM
CVE-2017-1334 (IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site
scripting. This ...)
@@ -50132,8 +50259,8 @@
RESERVED
CVE-2017-1272
RESERVED
-CVE-2017-1271
- RESERVED
+CVE-2017-1271 (IBM Security Guardium 9.0, 9.1, and 9.5 supports interaction
between ...)
+ TODO: check
CVE-2017-1270
RESERVED
CVE-2017-1269 (IBM Security Guardium 10.0 and 10.1 is vulnerable to SQL
injection. A ...)
@@ -51149,7 +51276,7 @@
NOT-FOR-US: Android driver (proprietary, not part of upstream kernel)
CVE-2017-0862 (An elevation of privilege vulnerability in the Upstream kernel
kernel. ...)
NOT-FOR-US: Android driver (proprietary, not part of upstream kernel)
-CVE-2017-0861 (An elevation of privilege vulnerability in the Upstream kernel
audio ...)
+CVE-2017-0861 (Use-after-free vulnerability in the snd_pcm_info function in
the ALSA ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/362bca57f5d78220f8b5907b875961af9436e229
CVE-2017-0860 (An elevation of privilege vulnerability in the Android system
...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
