[Secure-testing-commits] r56436 - data/CVE

security tracker role Thu, 05 Oct 2017 14:10:42 -0700

Author: sectracker
Date: 2017-10-05 21:10:17 +0000 (Thu, 05 Oct 2017)
New Revision: 56436


Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-10-05 16:56:31 UTC (rev 56435)
+++ data/CVE/list       2017-10-05 21:10:17 UTC (rev 56436)
@@ -1,3 +1,9 @@
+CVE-2017-15040
+       RESERVED
+CVE-2017-15039
+       RESERVED
+CVE-2017-15038
+       RESERVED
 CVE-2017-15037 (In FreeBSD through 11.1, the smb_strdupin function in ...)
        TODO: check
 CVE-2017-15036
@@ -1877,10 +1883,10 @@
        RESERVED
 CVE-2017-14355
        RESERVED
-CVE-2017-14354
-       RESERVED
-CVE-2017-14353
-       RESERVED
+CVE-2017-14354 (A remote cross-site scripting vulnerability in HP UCMDB 
Foundation ...)
+       TODO: check
+CVE-2017-14353 (A remote code execution vulnerability in HP UCMDB Foundation 
Software ...)
+       TODO: check
 CVE-2017-14352 (A potential security vulnerability has been identified in HP 
UCMDB ...)
        NOT-FOR-US: HP
 CVE-2017-14351 (A potential security vulnerability has been identified in HP 
UCMDB ...)
@@ -2480,6 +2486,7 @@
        NOTE: 
https://github.com/uclouvain/openjpeg/commit/afb308b9ccbe129608c9205cf3bb39bbefad90b9
        NOTE: https://github.com/uclouvain/openjpeg/issues/982
 CVE-2017-1000254 [FTP PWD response parser out of bounds read]
+       {DLA-1121-1}
        - curl <unfixed> (bug #877671)
        NOTE: https://curl.haxx.se/docs/adv_20171004.html
        NOTE: Patch: https://curl.haxx.se/CVE-2017-1000254.patch
@@ -2697,20 +2704,20 @@
        RESERVED
 CVE-2017-14090
        RESERVED
-CVE-2017-14089
-       RESERVED
-CVE-2017-14088
-       RESERVED
-CVE-2017-14087
-       RESERVED
-CVE-2017-14086
-       RESERVED
-CVE-2017-14085
-       RESERVED
-CVE-2017-14084
-       RESERVED
-CVE-2017-14083
-       RESERVED
+CVE-2017-14089 (An Unauthorized Memory Corruption vulnerability in Trend Micro 
...)
+       TODO: check
+CVE-2017-14088 (Memory Corruption Privilege Escalation vulnerabilities in 
Trend Micro ...)
+       TODO: check
+CVE-2017-14087 (A Host Header Injection vulnerability in Trend Micro 
OfficeScan XG ...)
+       TODO: check
+CVE-2017-14086 (Pre-authorization Start Remote Process vulnerabilities in 
Trend Micro ...)
+       TODO: check
+CVE-2017-14085 (Information disclosure vulnerabilities in Trend Micro 
OfficeScan 11.0 ...)
+       TODO: check
+CVE-2017-14084 (A potential Man-in-the-Middle (MitM) attack vulnerability in 
Trend ...)
+       TODO: check
+CVE-2017-14083 (A vulnerability in Trend Micro OfficeScan 11.0 and XG allows 
remote ...)
+       TODO: check
 CVE-2017-14082
        RESERVED
 CVE-2017-14081 (Proxy command injection vulnerabilities in Trend Micro Mobile 
Security ...)
@@ -2729,7 +2736,7 @@
        NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27152
        NOTE: Fix: https://gerrit.asterisk.org/#/q/topic:ASTERISK-27152
 CVE-2017-14100 (In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x 
before ...)
-       {DSA-3964-1}
+       {DSA-3964-1 DLA-1122-1}
        - asterisk 1:13.17.1~dfsg-1 (bug #873908)
        NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27103
        NOTE: Fix: https://gerrit.asterisk.org/#/q/topic:ASTERISK-27103
@@ -8125,7 +8132,7 @@
        {DSA-3983-1 DLA-1110-1}
        - samba 2:4.6.7+dfsg-2
        NOTE: https://www.samba.org/samba/security/CVE-2017-12150.html
-CVE-2017-12149 (In Jboss Application Server as shipped with RedHat Enterprise 
...)
+CVE-2017-12149 (In Jboss Application Server as shipped with Red Hat Enterprise 
...)
        TODO: check, maybe in jbossas4
 CVE-2017-12148
        RESERVED
@@ -8252,8 +8259,8 @@
        RESERVED
 CVE-2017-12107
        RESERVED
-CVE-2017-12106
-       RESERVED
+CVE-2017-12106 (A memory corruption vulnerability exists in the .TGA parsing 
...)
+       TODO: check
 CVE-2017-12105
        RESERVED
 CVE-2017-12104
@@ -36019,8 +36026,8 @@
        RESERVED
 CVE-2017-2921
        RESERVED
-CVE-2017-2920
-       RESERVED
+CVE-2017-2920 (An exploitable buffer overflow vulnerability exists in the tag 
parsing ...)
+       TODO: check
 CVE-2017-2919
        RESERVED
 CVE-2017-2918
@@ -36103,8 +36110,8 @@
        RESERVED
 CVE-2017-2881
        RESERVED
-CVE-2017-2880
-       RESERVED
+CVE-2017-2880 (An memory corruption vulnerability exists in the .GIF parsing 
...)
+       TODO: check
 CVE-2017-2879
        RESERVED
 CVE-2017-2878
@@ -39198,8 +39205,8 @@
        RESERVED
 CVE-2017-1523
        RESERVED
-CVE-2017-1522
-       RESERVED
+CVE-2017-1522 (IBM Content Navigator &amp; CMIS 2.0.3, 3.0.0, and 3.0.1 is 
vulnerable to ...)
+       TODO: check
 CVE-2017-1521
        RESERVED
 CVE-2017-1520 (IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an 
unauthorized ...)
@@ -39486,8 +39493,8 @@
        NOT-FOR-US: IBM
 CVE-2017-1379 (IBM API Connect 5.0.0.0 could allow a remote attacker to obtain 
...)
        NOT-FOR-US: IBM
-CVE-2017-1378
-       RESERVED
+CVE-2017-1378 (IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage 
Manager) ...)
+       TODO: check
 CVE-2017-1377 (IBM Runbook Automation reveals sensitive information in error 
messages ...)
        NOT-FOR-US: IBM
 CVE-2017-1376 (A flaw in the IBM J9 VM class verifier allows untrusted code to 
...)
@@ -39564,8 +39571,8 @@
        RESERVED
 CVE-2017-1340
        RESERVED
-CVE-2017-1339
-       RESERVED
+CVE-2017-1339 (IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage 
Manager) ...)
+       TODO: check
 CVE-2017-1338 (IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is 
vulnerable to ...)
        NOT-FOR-US: IBM
 CVE-2017-1337 (IBM WebSphere MQ 9.0.1 and 9.0.2 Java/JMS application can 
incorrectly ...)
@@ -39640,8 +39647,8 @@
        NOT-FOR-US: IBM
 CVE-2017-1302 (IBM Sterling B2B Integrator Standard Edition 5.2 could allow a 
local ...)
        NOT-FOR-US: IBM
-CVE-2017-1301
-       RESERVED
+CVE-2017-1301 (IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker 
to ...)
+       TODO: check
 CVE-2017-1300
        RESERVED
 CVE-2017-1299
@@ -39840,8 +39847,8 @@
        NOT-FOR-US: IBM
 CVE-2017-1202
        RESERVED
-CVE-2017-1201
-       RESERVED
+CVE-2017-1201 (IBM BigFix Compliance Analytics 1.9.79 (TEMA SUAv1 SCA SCM) 
stores ...)
+       TODO: check
 CVE-2017-1200
        RESERVED
 CVE-2017-1199 (IBM InfoSphere Master Data Management Server 10.0, 11.0, 11.3, 
11.4, ...)
@@ -44745,8 +44752,8 @@
        NOT-FOR-US: IBM
 CVE-2016-8938 (IBM UrbanCode Deploy could allow a user to execute code using a 
...)
        NOT-FOR-US: IBM
-CVE-2016-8937
-       RESERVED
+CVE-2016-8937 (The IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 
8.1) ...)
+       TODO: check
 CVE-2016-8936 (IBM Social Rendering Templates for Digital Data Connector is 
...)
        NOT-FOR-US: IBM
 CVE-2016-8935 (IBM Kenexa LMS on Cloud 13.1, 13.2, 13.2.2, 13.2.3, 13.2.4 and 
14.0.0 ...)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r56436 - data/CVE

Reply via email to