Author: sectracker Date: 2017-09-12 09:10:12 +0000 (Tue, 12 Sep 2017) New Revision: 55680
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-09-12 08:15:55 UTC (rev 55679) +++ data/CVE/list 2017-09-12 09:10:12 UTC (rev 55680) @@ -1,3 +1,61 @@ +CVE-2017-14340 + RESERVED +CVE-2017-14339 + RESERVED +CVE-2017-14338 + RESERVED +CVE-2017-14337 + RESERVED +CVE-2017-14336 + RESERVED +CVE-2017-14335 (On Beijing Hanbang Hanbanggaoke devices, because user-controlled input ...) + TODO: check +CVE-2017-14334 + RESERVED +CVE-2017-14333 (The process_version_sections function in readelf.c in GNU Binutils 2.29 ...) + TODO: check +CVE-2017-14332 + RESERVED +CVE-2017-14331 + RESERVED +CVE-2017-14330 + RESERVED +CVE-2017-14329 + RESERVED +CVE-2017-14328 + RESERVED +CVE-2017-14327 + RESERVED +CVE-2017-14326 (In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in ...) + TODO: check +CVE-2017-14325 (In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in ...) + TODO: check +CVE-2017-14324 (In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in ...) + TODO: check +CVE-2017-14323 + RESERVED +CVE-2017-14322 + RESERVED +CVE-2017-14321 + RESERVED +CVE-2017-14320 + RESERVED +CVE-2017-14319 + RESERVED +CVE-2017-14318 + RESERVED +CVE-2017-14317 + RESERVED +CVE-2017-14316 + RESERVED +CVE-2017-14315 + RESERVED +CVE-2017-14314 (Off-by-one error in the DrawImage function in magick/render.c in ...) + TODO: check +CVE-2017-14312 (Nagios Core through 4.3.4 initially executes /usr/sbin/nagios as root ...) + TODO: check +CVE-2015-9228 (In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for ...) + TODO: check CVE-2017-XXXX [XSA 235] - xen <unfixed> [stretch] - xen 4.8.1-1+deb9u3 @@ -98,7 +156,7 @@ NOTE: http://www.openwall.com/lists/oss-security/2017/09/11/1 NOTE: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=28350 NOTE: https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-25&id=9ad0fcc54442a9a01d41be19880250783426db70 -CVE-2017-14313 [XSS due to add_query_arg] +CVE-2017-14313 (The shibboleth_login_form function in shibboleth.php in the Shibboleth ...) - wordpress-shibboleth 1.8-1 (bug #874416) NOTE: https://github.com/michaelryanmcneill/shibboleth/commit/1d65ad6786282d23ba1865f56e2fd19188e7c26a NOTE: https://make.wordpress.org/plugins/2015/04/20/fixing-add_query_arg-and-remove_query_arg-usage/ @@ -108,8 +166,8 @@ NOT-FOR-US: EE 4GEE WiFi MBB CVE-2017-14267 (EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices have CSRF, related ...) NOT-FOR-US: EE 4GEE WiFi MBB -CVE-2017-14266 - RESERVED +CVE-2017-14266 (tcprewrite in Tcpreplay 3.4.4 has a Heap-Based Buffer Overflow ...) + TODO: check CVE-2017-14265 (A Stack-based Buffer Overflow was discovered in xtrans_interpolate in ...) - libraw <unfixed> NOTE: https://github.com/LibRaw/LibRaw/issues/99 @@ -4191,6 +4249,7 @@ - simplesamlphp 1.14.15-1 NOTE: https://simplesamlphp.org/security/201708-01 CVE-2017-12855 (Xen maintains the _GTF_{read,writ}ing bits as appropriate, to inform ...) + {DSA-3969-1} - xen <unfixed> NOTE: https://xenbits.xen.org/xsa/advisory-230.html CVE-2017-12853 (The RealTime RWR-3G-100 Router Firmware Version : Ver1.0.56 is ...) @@ -5970,6 +6029,7 @@ CVE-2017-12138 (XOOPS Core 2.5.8 has a stored URL redirect bypass vulnerability in ...) NOT-FOR-US: XOOPS CVE-2017-12137 (arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS ...) + {DSA-3969-1} - xen <unfixed> NOTE: https://xenbits.xen.org/xsa/advisory-227.html CVE-2017-12136 (Race condition in the grant table code in Xen 4.6.x through 4.9.x ...) @@ -5979,6 +6039,7 @@ [wheezy] - xen <not-affected> (Only affects 4.6 and later) NOTE: https://xenbits.xen.org/xsa/advisory-228.html CVE-2017-12135 (Xen allows local OS guest users to cause a denial of service (crash) ...) + {DSA-3969-1} - xen <unfixed> NOTE: https://xenbits.xen.org/xsa/advisory-226.html CVE-2017-12134 (The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in ...) @@ -12395,12 +12456,15 @@ [wheezy] - xen <not-affected> (Vulnerable code not present) NOTE: https://xenbits.xen.org/xsa/advisory-225.html CVE-2017-10922 (The grant-table feature in Xen through 4.8.x mishandles MMIO region ...) + {DSA-3969-1} - xen <unfixed> NOTE: https://xenbits.xen.org/xsa/advisory-224.html CVE-2017-10921 (The grant-table feature in Xen through 4.8.x does not ensure sufficient ...) + {DSA-3969-1} - xen <unfixed> NOTE: https://xenbits.xen.org/xsa/advisory-224.html CVE-2017-10920 (The grant-table feature in Xen through 4.8.x mishandles a ...) + {DSA-3969-1} - xen <unfixed> NOTE: https://xenbits.xen.org/xsa/advisory-224.html CVE-2017-10919 (Xen through 4.8.x mishandles virtual interrupt injection, which allows ...) @@ -12410,9 +12474,11 @@ [wheezy] - xen <not-affected> (arm not supported) NOTE: https://xenbits.xen.org/xsa/advisory-223.html CVE-2017-10918 (Xen through 4.8.x does not validate memory allocations during certain ...) + {DSA-3969-1} - xen <unfixed> NOTE: https://xenbits.xen.org/xsa/advisory-222.html CVE-2017-10917 (Xen through 4.8.x does not validate the port numbers of polled event ...) + {DSA-3969-1} - xen <unfixed> [wheezy] - xen <not-affected> (Vulnerable code not present) NOTE: https://xenbits.xen.org/xsa/advisory-221.html @@ -12423,15 +12489,19 @@ [wheezy] - xen <not-affected> (Vulnerable code not present) NOTE: https://xenbits.xen.org/xsa/advisory-220.html CVE-2017-10915 (The shadow-paging feature in Xen through 4.8.x mismanages page ...) + {DSA-3969-1} - xen <unfixed> NOTE: https://xenbits.xen.org/xsa/advisory-219.html CVE-2017-10914 (The grant-table feature in Xen through 4.8.x has a race condition ...) + {DSA-3969-1} - xen <unfixed> NOTE: https://xenbits.xen.org/xsa/advisory-218.html CVE-2017-10913 (The grant-table feature in Xen through 4.8.x provides false mapping ...) + {DSA-3969-1} - xen <unfixed> NOTE: https://xenbits.xen.org/xsa/advisory-218.html CVE-2017-10912 (Xen through 4.8.x mishandles page transfer, which allows guest OS users ...) + {DSA-3969-1} - xen <unfixed> NOTE: https://xenbits.xen.org/xsa/advisory-217.html CVE-2017-10911 (The make_response function in drivers/block/xen-blkback/blkback.c in ...) @@ -18297,7 +18367,7 @@ RESERVED CVE-2017-7809 RESERVED - {DSA-3928-1 DLA-1087-1 DLA-1053-1} + {DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1} - firefox 55.0-1 - firefox-esr 52.3.0esr-1 - icedove 1:52.3.0-1 (bug #872834) @@ -18306,7 +18376,7 @@ - firefox 55.0-1 CVE-2017-7807 RESERVED - {DSA-3928-1 DLA-1087-1 DLA-1053-1} + {DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1} - firefox 55.0-1 - firefox-esr 52.3.0esr-1 - icedove 1:52.3.0-1 (bug #872834) @@ -18322,25 +18392,25 @@ - icedove <not-affected> (Windows-specific) CVE-2017-7803 RESERVED - {DSA-3928-1 DLA-1087-1 DLA-1053-1} + {DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1} - firefox 55.0-1 - firefox-esr 52.3.0esr-1 - icedove 1:52.3.0-1 (bug #872834) CVE-2017-7802 RESERVED - {DSA-3928-1 DLA-1087-1 DLA-1053-1} + {DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1} - firefox 55.0-1 - firefox-esr 52.3.0esr-1 - icedove 1:52.3.0-1 (bug #872834) CVE-2017-7801 RESERVED - {DSA-3928-1 DLA-1087-1 DLA-1053-1} + {DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1} - firefox 55.0-1 - firefox-esr 52.3.0esr-1 - icedove 1:52.3.0-1 (bug #872834) CVE-2017-7800 RESERVED - {DSA-3928-1 DLA-1087-1 DLA-1053-1} + {DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1} - firefox 55.0-1 - firefox-esr 52.3.0esr-1 - icedove 1:52.3.0-1 (bug #872834) @@ -18367,13 +18437,13 @@ RESERVED CVE-2017-7792 RESERVED - {DSA-3928-1 DLA-1087-1 DLA-1053-1} + {DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1} - firefox 55.0-1 - firefox-esr 52.3.0esr-1 - icedove 1:52.3.0-1 (bug #872834) CVE-2017-7791 RESERVED - {DSA-3928-1 DLA-1087-1 DLA-1053-1} + {DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1} - firefox 55.0-1 - firefox-esr 52.3.0esr-1 - icedove 1:52.3.0-1 (bug #872834) @@ -18389,25 +18459,25 @@ - firefox 55.0-1 CVE-2017-7787 RESERVED - {DSA-3928-1 DLA-1087-1 DLA-1053-1} + {DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1} - firefox 55.0-1 - firefox-esr 52.3.0esr-1 - icedove 1:52.3.0-1 (bug #872834) CVE-2017-7786 RESERVED - {DSA-3928-1 DLA-1087-1 DLA-1053-1} + {DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1} - firefox 55.0-1 - firefox-esr 52.3.0esr-1 - icedove 1:52.3.0-1 (bug #872834) CVE-2017-7785 RESERVED - {DSA-3928-1 DLA-1087-1 DLA-1053-1} + {DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1} - firefox 55.0-1 - firefox-esr 52.3.0esr-1 - icedove 1:52.3.0-1 (bug #872834) CVE-2017-7784 RESERVED - {DSA-3928-1 DLA-1087-1 DLA-1053-1} + {DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1} - firefox 55.0-1 - firefox-esr 52.3.0esr-1 - icedove 1:52.3.0-1 (bug #872834) @@ -18427,7 +18497,7 @@ - firefox 55.0-1 CVE-2017-7779 RESERVED - {DSA-3928-1 DLA-1087-1 DLA-1053-1} + {DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1} - firefox 55.0-1 - firefox-esr 52.3.0esr-1 - icedove 1:52.3.0-1 (bug #872834) @@ -18612,7 +18682,7 @@ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7754 CVE-2017-7753 RESERVED - {DSA-3928-1 DLA-1087-1 DLA-1053-1} + {DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1} - firefox 55.0-1 - firefox-esr 52.3.0esr-1 - icedove 1:52.3.0-1 (bug #872834) @@ -18702,10 +18772,10 @@ NOT-FOR-US: Fortinet CVE-2017-7736 RESERVED -CVE-2017-7735 - RESERVED -CVE-2017-7734 - RESERVED +CVE-2017-7735 (A Cross-Site Scripting vulnerability in Fortinet FortiOS versions ...) + TODO: check +CVE-2017-7734 (A Cross-Site Scripting vulnerability in Fortinet FortiOS versions ...) + TODO: check CVE-2017-7733 RESERVED CVE-2017-7732 @@ -32999,12 +33069,12 @@ NOTE: Patch for 9.9.9-P6: ftp://ftp.isc.org/isc/bind9/9.9.9-P6/patches/rt44434 CVE-2017-3134 (An escalation of privilege vulnerability in Fortinet FortiWLC-SD ...) NOT-FOR-US: Fortinet FortiWLC-SD -CVE-2017-3133 - RESERVED -CVE-2017-3132 - RESERVED -CVE-2017-3131 - RESERVED +CVE-2017-3133 (A Cross-Site Scripting vulnerability in Fortinet FortiOS versions ...) + TODO: check +CVE-2017-3132 (A Cross-Site Scripting vulnerability in Fortinet FortiOS versions ...) + TODO: check +CVE-2017-3131 (A Cross-Site Scripting vulnerability in Fortinet FortiOS versions ...) + TODO: check CVE-2017-3130 (An information disclosure vulnerability in Fortinet FortiOS 5.6.0, ...) NOT-FOR-US: Fortinet CVE-2017-3129 (A Cross-Site Scripting vulnerability in Fortinet FortiWeb versions ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits