Author: sectracker
Date: 2017-09-15 21:10:15 +0000 (Fri, 15 Sep 2017)
New Revision: 55796
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-09-15 20:54:15 UTC (rev 55795)
+++ data/CVE/list 2017-09-15 21:10:15 UTC (rev 55796)
@@ -1,3 +1,37 @@
+CVE-2017-14499
+ RESERVED
+CVE-2017-14498 (SilverStripe CMS before 3.6.1 has XSS via an SVG document that
is ...)
+ TODO: check
+CVE-2017-14497 (The tpacket_rcv function in net/packet/af_packet.c in the
Linux kernel ...)
+ TODO: check
+CVE-2017-14496
+ RESERVED
+CVE-2017-14495
+ RESERVED
+CVE-2017-14494
+ RESERVED
+CVE-2017-14493
+ RESERVED
+CVE-2017-14492
+ RESERVED
+CVE-2017-14491
+ RESERVED
+CVE-2017-14490
+ RESERVED
+CVE-2017-14489 (The iscsi_if_rx function in
drivers/scsi/scsi_transport_iscsi.c in the ...)
+ TODO: check
+CVE-2017-14488
+ RESERVED
+CVE-2017-14487
+ RESERVED
+CVE-2017-14486
+ RESERVED
+CVE-2017-14485
+ RESERVED
+CVE-2017-14484 (The Gentoo sci-mathematics/gimps package before 28.10-r1 for
Great ...)
+ TODO: check
+CVE-2017-14483 (flower.initd in the Gentoo dev-python/flower package before
0.9.1-r1 ...)
+ TODO: check
CVE-2017-1002100 (Default access permissions for Persistent Volumes (PVs)
created by the ...)
- kubernetes <not-affected> (Vulnerable code not yet present)
CVE-2017-1002028 (Vulnerability in wordpress plugin
wordpress-gallery-transformation ...)
@@ -352,8 +386,7 @@
- libraw <unfixed>
NOTE: https://github.com/LibRaw/LibRaw/issues/100
NOTE:
https://github.com/LibRaw/LibRaw/commit/8303e74b0567806dd5f16fc39aab70fe928de1a2
-CVE-2017-14340
- RESERVED
+CVE-2017-14340 (The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the
Linux ...)
- linux <unfixed>
NOTE: Fixed by:
https://git.kernel.org/linus/b31ff3cdf540110da4572e3e29bd172087af65cc
CVE-2017-14339
@@ -2025,7 +2058,7 @@
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2727
NOTE: Fixed by:
https://github.com/vadz/libtiff/commit/f91ca83a21a6a583050e5a5755ce1441b2bf1d7e
CVE-2017-13725 (The IPv6 routing header parser in tcpdump before 4.9.2 has a
buffer ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13724 (On the Axesstel MU553S MU55XS-V1.14, there is a Stored Cross
Site ...)
NOT-FOR-US: Axesstel MU553S MU55XS-V1.14
@@ -2162,16 +2195,16 @@
CVE-2017-13691
RESERVED
CVE-2017-13690 (The IKEv2 parser in tcpdump before 4.9.2 has a buffer
over-read in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13689 (The IKEv1 parser in tcpdump before 4.9.2 has a buffer
over-read in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13688 (The OLSR parser in tcpdump before 4.9.2 has a buffer over-read
in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13687 (The Cisco HDLC parser in tcpdump before 4.9.2 has a buffer
over-read in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13686 (net/ipv4/route.c in the Linux kernel 4.13-rc1 through 4.13-rc6
is too ...)
- linux <not-affected> (Vulnerable code not present)
@@ -3473,217 +3506,217 @@
CVE-2017-13056
RESERVED
CVE-2017-13055 (The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer
over-read in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13054 (The LLDP parser in tcpdump before 4.9.2 has a buffer over-read
in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13053 (The BGP parser in tcpdump before 4.9.2 has a buffer over-read
in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13052 (The CFM parser in tcpdump before 4.9.2 has a buffer over-read
in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13051 (The RSVP parser in tcpdump before 4.9.2 has a buffer over-read
in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13050 (The RPKI-Router parser in tcpdump before 4.9.2 has a buffer
over-read ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13049 (The Rx protocol parser in tcpdump before 4.9.2 has a buffer
over-read ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13048 (The RSVP parser in tcpdump before 4.9.2 has a buffer over-read
in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13047 (The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer
over-read in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13046 (The BGP parser in tcpdump before 4.9.2 has a buffer over-read
in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13045 (The VQP parser in tcpdump before 4.9.2 has a buffer over-read
in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13044 (The HNCP parser in tcpdump before 4.9.2 has a buffer over-read
in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13043 (The BGP parser in tcpdump before 4.9.2 has a buffer over-read
in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13042 (The HNCP parser in tcpdump before 4.9.2 has a buffer over-read
in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13041 (The ICMPv6 parser in tcpdump before 4.9.2 has a buffer
over-read in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13040 (The MPTCP parser in tcpdump before 4.9.2 has a buffer
over-read in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13039 (The ISAKMP parser in tcpdump before 4.9.2 has a buffer
over-read in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13038 (The PPP parser in tcpdump before 4.9.2 has a buffer over-read
in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13037 (The IP parser in tcpdump before 4.9.2 has a buffer over-read
in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13036 (The OSPFv3 parser in tcpdump before 4.9.2 has a buffer
over-read in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13035 (The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer
over-read in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13034 (The PGM parser in tcpdump before 4.9.2 has a buffer over-read
in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13033 (The VTP parser in tcpdump before 4.9.2 has a buffer over-read
in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13032 (The RADIUS parser in tcpdump before 4.9.2 has a buffer
over-read in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13031 (The IPv6 fragmentation header parser in tcpdump before 4.9.2
has a ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13030 (The PIM parser in tcpdump before 4.9.2 has a buffer over-read
in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13029 (The PPP parser in tcpdump before 4.9.2 has a buffer over-read
in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13028 (The BOOTP parser in tcpdump before 4.9.2 has a buffer
over-read in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13027 (The LLDP parser in tcpdump before 4.9.2 has a buffer over-read
in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13026 (The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer
over-read in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13025 (The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer
over-read ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13024 (The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer
over-read ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13023 (The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer
over-read ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13022 (The IP parser in tcpdump before 4.9.2 has a buffer over-read
in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13021 (The ICMPv6 parser in tcpdump before 4.9.2 has a buffer
over-read in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13020 (The VTP parser in tcpdump before 4.9.2 has a buffer over-read
in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13019 (The PGM parser in tcpdump before 4.9.2 has a buffer over-read
in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13018 (The PGM parser in tcpdump before 4.9.2 has a buffer over-read
in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13017 (The DHCPv6 parser in tcpdump before 4.9.2 has a buffer
over-read in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13016 (The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer
over-read in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13015 (The EAP parser in tcpdump before 4.9.2 has a buffer over-read
in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13014 (The White Board protocol parser in tcpdump before 4.9.2 has a
buffer ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13013 (The ARP parser in tcpdump before 4.9.2 has a buffer over-read
in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13012 (The ICMP parser in tcpdump before 4.9.2 has a buffer over-read
in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13011 (Several protocol parsers in tcpdump before 4.9.2 could cause a
buffer ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13010 (The BEEP parser in tcpdump before 4.9.2 has a buffer over-read
in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13009 (The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer
over-read ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13008 (The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer
over-read ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13007 (The Apple PKTAP parser in tcpdump before 4.9.2 has a buffer
over-read ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13006 (The L2TP parser in tcpdump before 4.9.2 has a buffer over-read
in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13005 (The NFS parser in tcpdump before 4.9.2 has a buffer over-read
in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13004 (The Juniper protocols parser in tcpdump before 4.9.2 has a
buffer ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13003 (The LMP parser in tcpdump before 4.9.2 has a buffer over-read
in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13002 (The AODV parser in tcpdump before 4.9.2 has a buffer over-read
in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13001 (The NFS parser in tcpdump before 4.9.2 has a buffer over-read
in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-13000 (The IEEE 802.15.4 parser in tcpdump before 4.9.2 has a buffer
over-read ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-12999 (The IS-IS parser in tcpdump before 4.9.2 has a buffer
over-read in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-12998 (The IS-IS parser in tcpdump before 4.9.2 has a buffer
over-read in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-12997 (The LLDP parser in tcpdump before 4.9.2 could enter an
infinite loop ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-12996 (The PIMv2 parser in tcpdump before 4.9.2 has a buffer
over-read in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-12995 (The DNS parser in tcpdump before 4.9.2 could enter an infinite
loop due ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-12994 (The BGP parser in tcpdump before 4.9.2 has a buffer over-read
in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-12993 (The Juniper protocols parser in tcpdump before 4.9.2 has a
buffer ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-12992 (The RIPng parser in tcpdump before 4.9.2 has a buffer
over-read in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-12991 (The BGP parser in tcpdump before 4.9.2 has a buffer over-read
in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-12990 (The ISAKMP parser in tcpdump before 4.9.2 could enter an
infinite loop ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-12989 (The RESP parser in tcpdump before 4.9.2 could enter an
infinite loop ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-12988 (The telnet parser in tcpdump before 4.9.2 has a buffer
over-read in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-12987 (The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer
over-read ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-12986 (The IPv6 routing header parser in tcpdump before 4.9.2 has a
buffer ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-12985 (The IPv6 parser in tcpdump before 4.9.2 has a buffer over-read
in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-12984 (PHPMyWind 5.3 has XSS in shoppingcart.php, related to
message.php, ...)
NOT-FOR-US: PHPMyWind
@@ -3989,34 +4022,34 @@
CVE-2017-12903
RESERVED
CVE-2017-12902 (The Zephyr parser in tcpdump before 4.9.2 has a buffer
over-read in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-12901 (The EIGRP parser in tcpdump before 4.9.2 has a buffer
over-read in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-12900 (Several protocol parsers in tcpdump before 4.9.2 could cause a
buffer ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-12899 (The DECnet parser in tcpdump before 4.9.2 has a buffer
over-read in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-12898 (The NFS parser in tcpdump before 4.9.2 has a buffer over-read
in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-12897 (The ISO CLNS parser in tcpdump before 4.9.2 has a buffer
over-read in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-12896 (The ISAKMP parser in tcpdump before 4.9.2 has a buffer
over-read in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-12895 (The ICMP parser in tcpdump before 4.9.2 has a buffer over-read
in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-12894 (Several protocol parsers in tcpdump before 4.9.2 could cause a
buffer ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-12893 (The SMB/CIFS parser in tcpdump before 4.9.2 has a buffer
over-read in ...)
- {DSA-3971-1}
+ {DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
CVE-2017-12925 (Double free vulnerability in DfFromLB in docfile.cxx in libfpx
...)
NOT-FOR-US: libfpx
@@ -10204,18 +10237,18 @@
RESERVED
CVE-2017-10861
RESERVED
-CVE-2017-10860
- RESERVED
-CVE-2017-10859
- RESERVED
-CVE-2017-10858
- RESERVED
+CVE-2017-10860 (Untrusted search path vulnerability in "i-filter 6.0
installer" ...)
+ TODO: check
+CVE-2017-10859 (Untrusted search path vulnerability in "i-filter 6.0
installer" ...)
+ TODO: check
+CVE-2017-10858 (Untrusted search path vulnerability in "i-filter 6.0
install program" ...)
+ TODO: check
CVE-2017-10857
RESERVED
-CVE-2017-10856
- RESERVED
-CVE-2017-10855
- RESERVED
+CVE-2017-10856 (SEIL/X 4.60 to 5.72, SEIL/B1 4.60 to 5.72, SEIL/x86 3.20 to
5.72, ...)
+ TODO: check
+CVE-2017-10855 (Untrusted search path vulnerability in FENCE-Explorer for
Windows ...)
+ TODO: check
CVE-2017-10854
RESERVED
CVE-2017-10853
@@ -10232,10 +10265,10 @@
NOT-FOR-US: Installers for DocuWorks
CVE-2017-10847
RESERVED
-CVE-2017-10846
- RESERVED
-CVE-2017-10845
- RESERVED
+CVE-2017-10846 (Wi-Fi STATION L-02F Software version V10b and earlier allows
remote ...)
+ TODO: check
+CVE-2017-10845 (Wi-Fi STATION L-02F Software version V10g and earlier allows
remote ...)
+ TODO: check
CVE-2017-10844 (baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows an
attacker to ...)
NOT-FOR-US: baserCMS
CVE-2017-10843 (baserCMS version 3.0.14 and earlier, 4.0.5 and earlier allows
remote ...)
@@ -10296,10 +10329,10 @@
NOT-FOR-US: MaLion
CVE-2017-10815 (MaLion for Windows 5.2.1 and earlier (only when "Remote
Control" is ...)
NOT-FOR-US: MaLion
-CVE-2017-10814
- RESERVED
-CVE-2017-10813
- RESERVED
+CVE-2017-10814 (Buffer overflow in CG-WLR300NM Firmware version 1.90 and
earlier ...)
+ TODO: check
+CVE-2017-10813 (CG-WLR300NM Firmware version 1.90 and earlier allows an
attacker to ...)
+ TODO: check
CVE-2017-10812 (Untrusted search path vulnerability in Photo Collection PC
Software ...)
NOT-FOR-US: Photo Collection PC Software
CVE-2017-10811 (Buffalo WCR-1166DS devices with firmware 1.30 and earlier
allow an ...)
@@ -11375,8 +11408,7 @@
NOT-FOR-US: OpenWebif plugin for E2
CVE-2017-9806
RESERVED
-CVE-2017-9805
- RESERVED
+CVE-2017-9805 (The REST Plugin in Apache Struts 2.1.2 through 2.3.x before
2.3.34 and ...)
- libstruts1.2-java <removed>
NOTE: https://struts.apache.org/docs/s2-052.html
CVE-2017-9804
@@ -14286,8 +14318,8 @@
NOT-FOR-US: Telaxus EPESI
CVE-2017-9329
RESERVED
-CVE-2017-9328
- RESERVED
+CVE-2017-9328 (Shell metacharacter injection vulnerability in ...)
+ TODO: check
CVE-2017-9327
RESERVED
CVE-2017-9326
@@ -19377,6 +19409,7 @@
NOTE: Fixed by: http://svn.apache.org/r1796091 (8.5.x)
NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=61120
CVE-2017-7674 (The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0
to ...)
+ {DSA-3974-1}
- tomcat9 <itp> (bug #802312)
- tomcat8 8.5.16-1
- tomcat7 7.0.72-3
@@ -28761,12 +28794,12 @@
RESERVED
CVE-2017-4927
RESERVED
-CVE-2017-4926
- RESERVED
-CVE-2017-4925
- RESERVED
-CVE-2017-4924
- RESERVED
+CVE-2017-4926 (VMware vCenter Server (6.5 prior to 6.5 U1) contains a
vulnerability ...)
+ TODO: check
+CVE-2017-4925 (VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0
without ...)
+ TODO: check
+CVE-2017-4924 (VMware ESXi (ESXi 6.5 without patch ESXi650-201707101-SG),
Workstation ...)
+ TODO: check
CVE-2017-4923 (VMware vCenter Server (6.5 prior to 6.5 U1) contains an
information ...)
NOT-FOR-US: VMware
CVE-2017-4922 (VMware vCenter Server (6.5 prior to 6.5 U1) contains an
information ...)
@@ -35788,8 +35821,7 @@
NOT-FOR-US: Juniper
CVE-2017-2300 (On Juniper Networks SRX Series Services Gateways chassis
clusters ...)
NOT-FOR-US: Juniper
-CVE-2017-2299 [Possible TLS trust misconfiguration in puppetlabs-apache]
- RESERVED
+CVE-2017-2299 (Versions of the puppetlabs-apache module prior to 1.11.1 and
2.1.0 ...)
- puppet-module-puppetlabs-apache <unfixed>
NOTE: https://puppet.com/security/cve/CVE-2017-2299
CVE-2017-2298 (The mcollective-sshkey-security plugin before 0.5.1 for Puppet
uses a ...)
@@ -38634,8 +38666,8 @@
NOTE: For Ruby 2.3.4:
https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch
NOTE: For Ruby 2.2.7:
https://bugs.ruby-lang.org/attachments/download/6690/rubygems-2613-ruby22.patch
NOTE: Not considered a vulnerability per se, if this affects a terminal
emulator it's a bug there
-CVE-2017-0898
- RESERVED
+CVE-2017-0898 (Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a leakage
of its ...)
+ TODO: check
CVE-2017-0897 (ExpressionEngine version 2.x < 2.11.8 and version 3.x <
3.5.5 create ...)
NOT-FOR-US: ExpressionEngine
CVE-2017-0896 (Zulip Server 1.5.1 and below suffer from an error in the ...)
@@ -92582,8 +92614,8 @@
NOT-FOR-US: Android
CVE-2015-1528 (Integer overflow in the native_handle_create function in ...)
NOT-FOR-US: Android
-CVE-2015-1527
- RESERVED
+CVE-2015-1527 (Integer overflow in IAudioPolicyService.cpp in Android allows
local ...)
+ TODO: check
CVE-2015-1526
RESERVED
CVE-2015-1525
@@ -96403,8 +96435,8 @@
NOT-FOR-US: Open-Xchange
CVE-2014-9464 (SQL injection vulnerability in Category.php in Microweber CMS
0.95 ...)
NOT-FOR-US: Microweber CMS
-CVE-2014-9463
- RESERVED
+CVE-2014-9463 (functions_vbseo_hook.php in the VBSEO module for vBulletin
allows ...)
+ TODO: check
CVE-2014-9462 (The _validaterepo function in sshpeer in Mercurial before 3.2.4
allows ...)
{DSA-3257-1 DLA-237-1}
- mercurial 3.4-1 (bug #783237)
@@ -99124,11 +99156,11 @@
CVE-2015-0167 (Cross-site scripting (XSS) vulnerability in
textAngular-sanitize.js in ...)
NOT-FOR-US: textAngular
CVE-2015-0166
- RESERVED
+ REJECTED
CVE-2015-0165
- RESERVED
+ REJECTED
CVE-2015-0164
- RESERVED
+ REJECTED
CVE-2015-0163
RESERVED
CVE-2015-0162
@@ -99235,8 +99267,8 @@
NOT-FOR-US: IBM Rational
CVE-2015-0111
RESERVED
-CVE-2015-0110
- RESERVED
+CVE-2015-0110 (IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x
and ...)
+ TODO: check
CVE-2015-0109 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset
...)
NOT-FOR-US: IBM
CVE-2015-0108 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset
...)
@@ -102819,8 +102851,8 @@
NOTE: http://svn.apache.org/viewvc?view=revision&revision=1645644 (7.x)
CVE-2014-7809 (Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses
predictable ...)
- libstruts1.2-java <not-affected> (Struts 2.0.0 through to Struts
2.3.16.3)
-CVE-2014-7808
- RESERVED
+CVE-2014-7808 (Apache Wicket before 1.5.13, 6.x before 6.19.0, and 7.x before
...)
+ TODO: check
CVE-2014-7807 (Apache CloudStack 4.3.x before 4.3.2 and 4.4.x before 4.4.2
allows ...)
NOT-FOR-US: Apache CloudStack
CVE-2014-7806
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
