Author: sectracker Date: 2017-09-12 21:10:15 +0000 (Tue, 12 Sep 2017) New Revision: 55705
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-09-12 21:03:05 UTC (rev 55704) +++ data/CVE/list 2017-09-12 21:10:15 UTC (rev 55705) @@ -1,4 +1,18 @@ -CVE-2017-14348 [Heap buffer overflow in LibRaw::processCanonCameraInfo] +CVE-2017-14347 (NexusPHP 1.5.beta5.20120707 has XSS in the returnto parameter to ...) + TODO: check +CVE-2017-14346 (upload.php in tianchoy/blog through 2017-09-12 allows unrestricted file ...) + TODO: check +CVE-2017-14345 (SQL Injection exists in tianchoy/blog through 2017-09-12 via the id ...) + TODO: check +CVE-2017-14344 (This vulnerability allows local attackers to escalate privileges on ...) + TODO: check +CVE-2017-14343 (ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in ...) + TODO: check +CVE-2017-14342 (ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ...) + TODO: check +CVE-2017-14341 (ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in ...) + TODO: check +CVE-2017-14348 (LibRaw before 0.18.4 has a heap-based Buffer Overflow in the ...) - libraw <unfixed> NOTE: https://github.com/LibRaw/LibRaw/issues/100 CVE-2017-14340 @@ -7,8 +21,8 @@ RESERVED CVE-2017-14338 RESERVED -CVE-2017-14337 - RESERVED +CVE-2017-14337 (When MISP before 2.4.80 is configured with X.509 certificate ...) + TODO: check CVE-2017-14336 RESERVED CVE-2017-14335 (On Beijing Hanbang Hanbanggaoke devices, because user-controlled input ...) @@ -53,26 +67,22 @@ RESERVED CVE-2017-14320 RESERVED -CVE-2017-14319 [insufficient grant unmapping checks for x86 PV guests] - RESERVED +CVE-2017-14319 (A grant unmapping issue was discovered in Xen through 4.9.x. When ...) - xen <unfixed> NOTE: https://xenbits.xen.org/xsa/advisory-234.html -CVE-2017-14318 [Missing check for grant table] - RESERVED +CVE-2017-14318 (An issue was discovered in Xen 4.5.x through 4.9.x. The function ...) - xen <unfixed> [jessie] - xen <not-affected> (Only affects 4.5 and later) [wheezy] - xen <not-affected> (Only affects 4.5 and later) NOTE: https://xenbits.xen.org/xsa/advisory-232.html -CVE-2017-14317 [cxenstored: Race in domain cleanup] - RESERVED +CVE-2017-14317 (A domain cleanup issue was discovered in the C xenstore daemon (aka ...) - xen <unfixed> NOTE: https://xenbits.xen.org/xsa/advisory-233.html -CVE-2017-14316 [Missing NUMA node parameter verification] - RESERVED +CVE-2017-14316 (A parameter verification issue was discovered in Xen through 4.9.x. The ...) - xen <unfixed> NOTE: https://xenbits.xen.org/xsa/advisory-231.html -CVE-2017-14315 - RESERVED +CVE-2017-14315 (In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation ...) + TODO: check CVE-2017-14314 (Off-by-one error in the DrawImage function in magick/render.c in ...) - graphicsmagick <unfixed> NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/2835184bfb78 @@ -523,12 +533,12 @@ NOTE: https://blogs.gentoo.org/ago/2017/08/16/openjpeg-heap-based-buffer-overflow-in-opj_mqc_flush-mqc-c/ NOTE: https://github.com/uclouvain/openjpeg/commit/afb308b9ccbe129608c9205cf3bb39bbefad90b9 NOTE: https://github.com/uclouvain/openjpeg/issues/982 -CVE-2017-1000251 [stack overflow] +CVE-2017-1000251 (The native Bluetooth stack in the Linux Kernel (BlueZ), starting at ...) - linux <unfixed> NOTE: Fixed by: https://git.kernel.org/linus/e860d2c904d1a9f38a24eb44c9f34b8f915a6ea3 NOTE: https://www.armis.com/blueborne/ NOTE: https://access.redhat.com/security/vulnerabilities/blueborne -CVE-2017-1000250 [information leak vulnerability] +CVE-2017-1000250 (All versions of the SDP server in BlueZ 5.46 and earlier are ...) - bluez <unfixed> NOTE: https://www.armis.com/blueborne/ CVE-2017-1000249 (An issue in file() was introduced in commit ...) @@ -15377,8 +15387,8 @@ - cgiirc <removed> CVE-2017-8919 (NetApp OnCommand API Services before 1.2P3 logs the LDAP BIND password ...) NOT-FOR-US: NetApp -CVE-2017-8918 - RESERVED +CVE-2017-8918 (XXE in Dive Assistant - Template Builder in Blackwave Dive Assistant - ...) + TODO: check CVE-2017-8917 (SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows ...) NOT-FOR-US: Joomla CVE-2017-8916 @@ -94184,8 +94194,7 @@ {DSA-3134-1 DLA-148-1} - sympa 6.1.23~dfsg-2 NOTE: https://www.sympa.org/security_advisories#security_breaches_in_newsletter_posting -CVE-2014-9624 [CAPTCHA bypass] - RESERVED +CVE-2014-9624 (CAPTCHA bypass vulnerability in MantisBT before 1.2.19. ...) - mantis <removed> (bug #780875) [wheezy] - mantis <no-dsa> (Minor issue) [squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts) @@ -94233,11 +94242,9 @@ NOTE: http://seclists.org/oss-sec/2014/q4/489 NOTE: http://seclists.org/oss-sec/2014/q4/507 NOTE: http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=450 -CVE-2014-9635 [HttpOnly flag not set] - RESERVED +CVE-2014-9635 (Jenkins before 1.586 does not set the HttpOnly flag in a Set-Cookie ...) - jenkins 1.565.3-3 (bug #769682) -CVE-2014-9634 [Secure flag not set] - RESERVED +CVE-2014-9634 (Jenkins before 1.586 does not set the secure flag on session cookies ...) - jenkins 1.565.3-3 (bug #769682) CVE-2015-1164 (Open redirect vulnerability in the serve-static plugin before 1.7.2 ...) - node-serve-static 1.6.4-2 (unimportant; bug #775843) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits