Author: sectracker
Date: 2017-09-12 21:10:15 +0000 (Tue, 12 Sep 2017)
New Revision: 55705
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-09-12 21:03:05 UTC (rev 55704)
+++ data/CVE/list 2017-09-12 21:10:15 UTC (rev 55705)
@@ -1,4 +1,18 @@
-CVE-2017-14348 [Heap buffer overflow in LibRaw::processCanonCameraInfo]
+CVE-2017-14347 (NexusPHP 1.5.beta5.20120707 has XSS in the returnto parameter
to ...)
+ TODO: check
+CVE-2017-14346 (upload.php in tianchoy/blog through 2017-09-12 allows
unrestricted file ...)
+ TODO: check
+CVE-2017-14345 (SQL Injection exists in tianchoy/blog through 2017-09-12 via
the id ...)
+ TODO: check
+CVE-2017-14344 (This vulnerability allows local attackers to escalate
privileges on ...)
+ TODO: check
+CVE-2017-14343 (ImageMagick 7.0.6-6 has a memory leak vulnerability in
ReadXCFImage in ...)
+ TODO: check
+CVE-2017-14342 (ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in
...)
+ TODO: check
+CVE-2017-14341 (ImageMagick 7.0.6-6 has a large loop vulnerability in
ReadWPGImage in ...)
+ TODO: check
+CVE-2017-14348 (LibRaw before 0.18.4 has a heap-based Buffer Overflow in the
...)
- libraw <unfixed>
NOTE: https://github.com/LibRaw/LibRaw/issues/100
CVE-2017-14340
@@ -7,8 +21,8 @@
RESERVED
CVE-2017-14338
RESERVED
-CVE-2017-14337
- RESERVED
+CVE-2017-14337 (When MISP before 2.4.80 is configured with X.509 certificate
...)
+ TODO: check
CVE-2017-14336
RESERVED
CVE-2017-14335 (On Beijing Hanbang Hanbanggaoke devices, because
user-controlled input ...)
@@ -53,26 +67,22 @@
RESERVED
CVE-2017-14320
RESERVED
-CVE-2017-14319 [insufficient grant unmapping checks for x86 PV guests]
- RESERVED
+CVE-2017-14319 (A grant unmapping issue was discovered in Xen through 4.9.x.
When ...)
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-234.html
-CVE-2017-14318 [Missing check for grant table]
- RESERVED
+CVE-2017-14318 (An issue was discovered in Xen 4.5.x through 4.9.x. The
function ...)
- xen <unfixed>
[jessie] - xen <not-affected> (Only affects 4.5 and later)
[wheezy] - xen <not-affected> (Only affects 4.5 and later)
NOTE: https://xenbits.xen.org/xsa/advisory-232.html
-CVE-2017-14317 [cxenstored: Race in domain cleanup]
- RESERVED
+CVE-2017-14317 (A domain cleanup issue was discovered in the C xenstore daemon
(aka ...)
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-233.html
-CVE-2017-14316 [Missing NUMA node parameter verification]
- RESERVED
+CVE-2017-14316 (A parameter verification issue was discovered in Xen through
4.9.x. The ...)
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-231.html
-CVE-2017-14315
- RESERVED
+CVE-2017-14315 (In Apple iOS 7 through 9, due to a BlueBorne flaw in the
implementation ...)
+ TODO: check
CVE-2017-14314 (Off-by-one error in the DrawImage function in magick/render.c
in ...)
- graphicsmagick <unfixed>
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/2835184bfb78
@@ -523,12 +533,12 @@
NOTE:
https://blogs.gentoo.org/ago/2017/08/16/openjpeg-heap-based-buffer-overflow-in-opj_mqc_flush-mqc-c/
NOTE:
https://github.com/uclouvain/openjpeg/commit/afb308b9ccbe129608c9205cf3bb39bbefad90b9
NOTE: https://github.com/uclouvain/openjpeg/issues/982
-CVE-2017-1000251 [stack overflow]
+CVE-2017-1000251 (The native Bluetooth stack in the Linux Kernel (BlueZ),
starting at ...)
- linux <unfixed>
NOTE: Fixed by:
https://git.kernel.org/linus/e860d2c904d1a9f38a24eb44c9f34b8f915a6ea3
NOTE: https://www.armis.com/blueborne/
NOTE: https://access.redhat.com/security/vulnerabilities/blueborne
-CVE-2017-1000250 [information leak vulnerability]
+CVE-2017-1000250 (All versions of the SDP server in BlueZ 5.46 and earlier are
...)
- bluez <unfixed>
NOTE: https://www.armis.com/blueborne/
CVE-2017-1000249 (An issue in file() was introduced in commit ...)
@@ -15377,8 +15387,8 @@
- cgiirc <removed>
CVE-2017-8919 (NetApp OnCommand API Services before 1.2P3 logs the LDAP BIND
password ...)
NOT-FOR-US: NetApp
-CVE-2017-8918
- RESERVED
+CVE-2017-8918 (XXE in Dive Assistant - Template Builder in Blackwave Dive
Assistant - ...)
+ TODO: check
CVE-2017-8917 (SQL injection vulnerability in Joomla! 3.7.x before 3.7.1
allows ...)
NOT-FOR-US: Joomla
CVE-2017-8916
@@ -94184,8 +94194,7 @@
{DSA-3134-1 DLA-148-1}
- sympa 6.1.23~dfsg-2
NOTE:
https://www.sympa.org/security_advisories#security_breaches_in_newsletter_posting
-CVE-2014-9624 [CAPTCHA bypass]
- RESERVED
+CVE-2014-9624 (CAPTCHA bypass vulnerability in MantisBT before 1.2.19. ...)
- mantis <removed> (bug #780875)
[wheezy] - mantis <no-dsa> (Minor issue)
[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
@@ -94233,11 +94242,9 @@
NOTE: http://seclists.org/oss-sec/2014/q4/489
NOTE: http://seclists.org/oss-sec/2014/q4/507
NOTE: http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=450
-CVE-2014-9635 [HttpOnly flag not set]
- RESERVED
+CVE-2014-9635 (Jenkins before 1.586 does not set the HttpOnly flag in a
Set-Cookie ...)
- jenkins 1.565.3-3 (bug #769682)
-CVE-2014-9634 [Secure flag not set]
- RESERVED
+CVE-2014-9634 (Jenkins before 1.586 does not set the secure flag on session
cookies ...)
- jenkins 1.565.3-3 (bug #769682)
CVE-2015-1164 (Open redirect vulnerability in the serve-static plugin before
1.7.2 ...)
- node-serve-static 1.6.4-2 (unimportant; bug #775843)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
