Author: sectracker Date: 2017-12-07 21:10:12 +0000 (Thu, 07 Dec 2017) New Revision: 58340
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-12-07 20:59:36 UTC (rev 58339) +++ data/CVE/list 2017-12-07 21:10:12 UTC (rev 58340) @@ -1,3 +1,131 @@ +CVE-2018-1340 + RESERVED +CVE-2018-1339 + RESERVED +CVE-2018-1338 + RESERVED +CVE-2018-1337 + RESERVED +CVE-2018-1336 + RESERVED +CVE-2018-1335 + RESERVED +CVE-2018-1334 + RESERVED +CVE-2018-1333 + RESERVED +CVE-2018-1332 + RESERVED +CVE-2018-1331 + RESERVED +CVE-2018-1330 + RESERVED +CVE-2018-1329 + RESERVED +CVE-2018-1328 + RESERVED +CVE-2018-1327 + RESERVED +CVE-2018-1326 + RESERVED +CVE-2018-1325 + RESERVED +CVE-2018-1324 + RESERVED +CVE-2018-1323 + RESERVED +CVE-2018-1322 + RESERVED +CVE-2018-1321 + RESERVED +CVE-2018-1320 + RESERVED +CVE-2018-1319 + RESERVED +CVE-2018-1318 + RESERVED +CVE-2018-1317 + RESERVED +CVE-2018-1316 + RESERVED +CVE-2018-1315 + RESERVED +CVE-2018-1314 + RESERVED +CVE-2018-1313 + RESERVED +CVE-2018-1312 + RESERVED +CVE-2018-1311 + RESERVED +CVE-2018-1310 + RESERVED +CVE-2018-1309 + RESERVED +CVE-2018-1308 + RESERVED +CVE-2018-1307 + RESERVED +CVE-2018-1306 + RESERVED +CVE-2018-1305 + RESERVED +CVE-2018-1304 + RESERVED +CVE-2018-1303 + RESERVED +CVE-2018-1302 + RESERVED +CVE-2018-1301 + RESERVED +CVE-2018-1300 + RESERVED +CVE-2018-1299 + RESERVED +CVE-2018-1298 + RESERVED +CVE-2018-1297 + RESERVED +CVE-2018-1296 + RESERVED +CVE-2018-1295 + RESERVED +CVE-2018-1294 + RESERVED +CVE-2018-1293 + RESERVED +CVE-2018-1292 + RESERVED +CVE-2018-1291 + RESERVED +CVE-2018-1290 + RESERVED +CVE-2018-1289 + RESERVED +CVE-2018-1288 + RESERVED +CVE-2018-1287 + RESERVED +CVE-2018-1286 + RESERVED +CVE-2018-1285 + RESERVED +CVE-2018-1284 + RESERVED +CVE-2018-1283 + RESERVED +CVE-2018-1282 + RESERVED +CVE-2018-1281 + RESERVED +CVE-2017-17459 (http_transport.c in Fossil before 2.4, when the SSH sync protocol is ...) + TODO: check +CVE-2017-17458 (In Mercurial before 4.4.1, it is possible that a specially malformed ...) + TODO: check +CVE-2017-1002102 + RESERVED +CVE-2017-1002101 + RESERVED CVE-2017-17457 (The function d2ulaw_array() in ulaw.c of libsndfile 1.0.29pre1 may lead ...) - libsndfile <unfixed> (low) [stretch] - libsndfile <no-dsa> (Minor issue) @@ -290,7 +418,7 @@ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22375 NOTE: Introduced by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d5c3fafc4307c9b7a4c7d5cb381fcdbfad340bcc NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=34697694e8a93b325b18f25f7dcded55d6baeaf6 -CVE-2017-1000410 [Info Leak in the Linux Kernel via Bluetooth] +CVE-2017-1000410 (The Linux kernel version 3.3-rc1 and later is affected by a ...) - linux <unfixed> NOTE: http://www.openwall.com/lists/oss-security/2017/12/06/3 CVE-2017-1000409 @@ -5856,6 +5984,7 @@ NOTE: http://www.openwall.com/lists/oss-security/2017/12/05/5 NOTE: https://launchpad.net/bugs/1732976 CVE-2017-16239 (In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through ...) + {DSA-4056-1} - nova 2:16.0.3-1 (bug #882009) [jessie] - nova <not-affected> (Vulnerble code introduced later) [wheezy] - nova <not-affected> (Vulnerble code introduced later) @@ -11363,8 +11492,8 @@ NOT-FOR-US: Cloud Foundry Foundation GrootFS CVE-2017-14387 RESERVED -CVE-2017-14386 - RESERVED +CVE-2017-14386 (The web user interface of Dell 2335dn and 2355dn Multifunction Laser ...) + TODO: check CVE-2017-14385 RESERVED CVE-2017-14384 @@ -18455,8 +18584,8 @@ RESERVED CVE-2017-11938 RESERVED -CVE-2017-11937 - RESERVED +CVE-2017-11937 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...) + TODO: check CVE-2017-11936 RESERVED CVE-2017-11935 @@ -43487,15 +43616,13 @@ NOT-FOR-US: Lenovo CVE-2017-3739 RESERVED -CVE-2017-3738 [rsaz_1024_mul_avx2 overflow bug on x86_64] - RESERVED +CVE-2017-3738 (There is an overflow bug in the AVX2 Montgomery multiplication ...) - openssl <unfixed> - openssl1.0 <unfixed> NOTE: https://www.openssl.org/news/secadv/20171207.txt NOTE: OpenSSL_1_1_0-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=e502cc86df9dafded1694fceb3228ee34d11c11a NOTE: OpenSSL_1_0_2-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=ca51bafc1a88d8b8348f5fd97adc5d6ca93f8e76 -CVE-2017-3737 [Read/write after SSL object in error state] - RESERVED +CVE-2017-3737 (OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error ...) - openssl 1.1.0b-2 [jessie] - openssl <not-affected> (Issue introduced in 1.0.2b) [wheezy] - openssl <not-affected> (Issue introduced in 1.0.2b) @@ -49678,10 +49805,10 @@ NOT-FOR-US: IBM CVE-2017-1499 RESERVED -CVE-2017-1498 - RESERVED -CVE-2017-1497 - RESERVED +CVE-2017-1498 (IBM Connections 5.5 is vulnerable to cross-site scripting. This ...) + TODO: check +CVE-2017-1497 (IBM Sterling File Gateway 2.2 could allow an unauthorized user to view ...) + TODO: check CVE-2017-1496 (IBM Sterling B2B Integrator Standard Edition 5.2.x is vulnerable to ...) NOT-FOR-US: IBM CVE-2017-1495 (IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a ...) @@ -49700,8 +49827,8 @@ NOT-FOR-US: IBM CVE-2017-1488 RESERVED -CVE-2017-1487 - RESERVED +CVE-2017-1487 (IBM Sterling File Gateway 2.2 could allow an authenticated attacker to ...) + TODO: check CVE-2017-1486 RESERVED CVE-2017-1485 (IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This ...) @@ -49710,10 +49837,10 @@ NOT-FOR-US: IBM CVE-2017-1483 (IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an ...) NOT-FOR-US: IBM -CVE-2017-1482 - RESERVED -CVE-2017-1481 - RESERVED +CVE-2017-1482 (IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to ...) + TODO: check +CVE-2017-1481 (IBM Sterling B2B Integrator Standard Edition 5.2 allows a user to view ...) + TODO: check CVE-2017-1480 RESERVED CVE-2017-1479 @@ -49744,8 +49871,8 @@ NOT-FOR-US: IBM CVE-2017-1466 RESERVED -CVE-2017-1465 - RESERVED +CVE-2017-1465 (IBM TRIRIGA 3.2, 3.3, 3.4, and 3.5 could allow a remote attacker to ...) + TODO: check CVE-2017-1464 RESERVED CVE-2017-1463 @@ -49808,8 +49935,8 @@ RESERVED CVE-2017-1434 (IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) ...) NOT-FOR-US: IBM -CVE-2017-1433 - RESERVED +CVE-2017-1433 (IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow an authenticated user ...) + TODO: check CVE-2017-1432 RESERVED CVE-2017-1431 (IBM InfoSphere Streams 4.0, 4.1, and 4.2 is vulnerable to cross-site ...) @@ -49962,14 +50089,14 @@ RESERVED CVE-2017-1357 (IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated ...) NOT-FOR-US: IBM -CVE-2017-1356 - RESERVED -CVE-2017-1355 - RESERVED -CVE-2017-1354 - RESERVED -CVE-2017-1353 - RESERVED +CVE-2017-1356 (IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to SQL ...) + TODO: check +CVE-2017-1355 (IBM Atlas eDiscovery Process Management 6.0.3 stores sensitive ...) + TODO: check +CVE-2017-1354 (IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to ...) + TODO: check +CVE-2017-1353 (IBM Atlas eDiscovery Process Management 6.0.3 could allow an ...) + TODO: check CVE-2017-1352 (IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated ...) NOT-FOR-US: IBM CVE-2017-1351 @@ -49990,10 +50117,10 @@ RESERVED CVE-2017-1343 RESERVED -CVE-2017-1342 - RESERVED -CVE-2017-1341 - RESERVED +CVE-2017-1342 (IBM Insights Foundation for Energy 2.0 could reveal sensitive ...) + TODO: check +CVE-2017-1341 (IBM WebSphere MQ 8.0 and 9.0 could allow, under special circumstances, ...) + TODO: check CVE-2017-1340 (IBM Jazz Reporting Service (JRS) 6.0.4 could allow an authenticated ...) NOT-FOR-US: IBM CVE-2017-1339 (IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) ...) @@ -50002,8 +50129,8 @@ NOT-FOR-US: IBM CVE-2017-1337 (IBM WebSphere MQ 9.0.1 and 9.0.2 Java/JMS application can incorrectly ...) NOT-FOR-US: IBM -CVE-2017-1336 - RESERVED +CVE-2017-1336 (IBM Infosphere BigInsights 4.2.0 could allow an attacker to inject ...) + TODO: check CVE-2017-1335 (IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This ...) NOT-FOR-US: IBM CVE-2017-1334 (IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This ...) @@ -50132,8 +50259,8 @@ RESERVED CVE-2017-1272 RESERVED -CVE-2017-1271 - RESERVED +CVE-2017-1271 (IBM Security Guardium 9.0, 9.1, and 9.5 supports interaction between ...) + TODO: check CVE-2017-1270 RESERVED CVE-2017-1269 (IBM Security Guardium 10.0 and 10.1 is vulnerable to SQL injection. A ...) @@ -51149,7 +51276,7 @@ NOT-FOR-US: Android driver (proprietary, not part of upstream kernel) CVE-2017-0862 (An elevation of privilege vulnerability in the Upstream kernel kernel. ...) NOT-FOR-US: Android driver (proprietary, not part of upstream kernel) -CVE-2017-0861 (An elevation of privilege vulnerability in the Upstream kernel audio ...) +CVE-2017-0861 (Use-after-free vulnerability in the snd_pcm_info function in the ALSA ...) - linux <unfixed> NOTE: https://git.kernel.org/linus/362bca57f5d78220f8b5907b875961af9436e229 CVE-2017-0860 (An elevation of privilege vulnerability in the Android system ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits