Author: sectracker
Date: 2017-10-11 21:10:12 +0000 (Wed, 11 Oct 2017)
New Revision: 56622
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-11 21:09:49 UTC (rev 56621)
+++ data/CVE/list 2017-10-11 21:10:12 UTC (rev 56622)
@@ -1,3 +1,9 @@
+CVE-2017-15268
+ RESERVED
+CVE-2017-15267 (In GNU Libextractor 1.4, there is a NULL Pointer Dereference
in ...)
+ TODO: check
+CVE-2017-15266 (In GNU Libextractor 1.4, there is a Divide-By-Zero in ...)
+ TODO: check
CVE-2017-15265 [use-after-free in /dev/snd/seq]
RESERVED
- linux <unfixed>
@@ -3,56 +9,56 @@
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1062520
NOTE:
http://mailman.alsa-project.org/pipermail/alsa-devel/2017-October/126292.html
-CVE-2017-15264
- RESERVED
-CVE-2017-15263
- RESERVED
-CVE-2017-15262
- RESERVED
-CVE-2017-15261
- RESERVED
-CVE-2017-15260
- RESERVED
-CVE-2017-15259
- RESERVED
-CVE-2017-15258
- RESERVED
-CVE-2017-15257
- RESERVED
-CVE-2017-15256
- RESERVED
-CVE-2017-15255
- RESERVED
-CVE-2017-15254
- RESERVED
-CVE-2017-15253
- RESERVED
-CVE-2017-15252
- RESERVED
-CVE-2017-15251
- RESERVED
-CVE-2017-15250
- RESERVED
-CVE-2017-15249
- RESERVED
-CVE-2017-15248
- RESERVED
-CVE-2017-15247
- RESERVED
-CVE-2017-15246
- RESERVED
-CVE-2017-15245
- RESERVED
-CVE-2017-15244
- RESERVED
-CVE-2017-15243
- RESERVED
-CVE-2017-15242
- RESERVED
-CVE-2017-15241
- RESERVED
-CVE-2017-15240
- RESERVED
-CVE-2017-15239
- RESERVED
+CVE-2017-15264 (IrfanView version 4.44 (32bit) allows attackers to cause a
denial of ...)
+ TODO: check
+CVE-2017-15263 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43
allows ...)
+ TODO: check
+CVE-2017-15262 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43
allows ...)
+ TODO: check
+CVE-2017-15261 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43
allows ...)
+ TODO: check
+CVE-2017-15260 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43
allows ...)
+ TODO: check
+CVE-2017-15259 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43
allows ...)
+ TODO: check
+CVE-2017-15258 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43
allows ...)
+ TODO: check
+CVE-2017-15257 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43
allows ...)
+ TODO: check
+CVE-2017-15256 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43
allows ...)
+ TODO: check
+CVE-2017-15255 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43
allows ...)
+ TODO: check
+CVE-2017-15254 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43
allows ...)
+ TODO: check
+CVE-2017-15253 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43
allows ...)
+ TODO: check
+CVE-2017-15252 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43
allows ...)
+ TODO: check
+CVE-2017-15251 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43
allows ...)
+ TODO: check
+CVE-2017-15250 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43
allows ...)
+ TODO: check
+CVE-2017-15249 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43
allows ...)
+ TODO: check
+CVE-2017-15248 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43
allows ...)
+ TODO: check
+CVE-2017-15247 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43
allows ...)
+ TODO: check
+CVE-2017-15246 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43
allows ...)
+ TODO: check
+CVE-2017-15245 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43
allows ...)
+ TODO: check
+CVE-2017-15244 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43
allows ...)
+ TODO: check
+CVE-2017-15243 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43
allows ...)
+ TODO: check
+CVE-2017-15242 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43
allows ...)
+ TODO: check
+CVE-2017-15241 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43
allows ...)
+ TODO: check
+CVE-2017-15240 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43
allows ...)
+ TODO: check
+CVE-2017-15239 (IrfanView 4.44 - 32bit with PDF plugin version 4.43 allows
attackers to ...)
+ TODO: check
CVE-2017-15238 (ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26 has a
...)
- graphicsmagick <unfixed>
@@ -105,8 +111,8 @@
RESERVED
CVE-2017-15221
RESERVED
-CVE-2017-15220
- RESERVED
+CVE-2017-15220 (Flexense VX Search Enterprise 10.1.12 is vulnerable to a
buffer ...)
+ TODO: check
CVE-2017-15219 (The dotCMS 4.1.1 application is vulnerable to Stored
Cross-Site ...)
NOT-FOR-US: dotCMS
CVE-2017-15218 (ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in
...)
@@ -416,7 +422,7 @@
CVE-2017-15084 (The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows
logout ...)
NOT-FOR-US: Metasploit Framework
CVE-2017-15083
- RESERVED
+ REJECTED
CVE-2017-15082
RESERVED
CVE-2017-15081
@@ -750,6 +756,7 @@
CVE-2017-14758 (OpenText Document Sciences xPression (formerly EMC Document
Sciences ...)
NOT-FOR-US: EMC
CVE-2017-14990 (WordPress 4.8.2 stores cleartext wp_signups.activation_key
values (but ...)
+ {DSA-3997-1}
- wordpress 4.8.2+dfsg-2 (bug #877629)
NOTE: https://core.trac.wordpress.org/ticket/38474
CVE-2017-14989 (A use-after-free in RenderFreetype in MagickCore/annotate.c in
...)
@@ -1438,9 +1445,11 @@
CVE-2017-14728
RESERVED
CVE-2017-14726 (Before version 4.8.2, WordPress was vulnerable to a cross-site
...)
+ {DSA-3997-1}
- wordpress 4.8.2+dfsg-1 (bug #876274)
NOTE: https://core.trac.wordpress.org/changeset/41395
CVE-2017-14725 (Before version 4.8.2, WordPress was susceptible to an open
redirect ...)
+ {DSA-3997-1}
- wordpress 4.8.2+dfsg-1 (bug #876274)
NOTE: https://core.trac.wordpress.org/changeset/41398
CVE-2017-14724 (Before version 4.8.2, WordPress was vulnerable to cross-site
scripting ...)
@@ -1449,6 +1458,7 @@
[jessie] - wordpress <not-affected> (Vulnerable code not present)
NOTE: https://core.trac.wordpress.org/changeset/41448
CVE-2017-14723 (Before version 4.8.2, WordPress mishandled % characters and
additional ...)
+ {DSA-3997-1}
- wordpress 4.8.2+dfsg-1 (bug #876274)
NOTE: https://core.trac.wordpress.org/changeset/41470
NOTE: https://core.trac.wordpress.org/changeset/41496
@@ -1457,18 +1467,23 @@
NOTE: https://medium.com/websec/wordpress-sqli-bbb2afcc8e94
NOTE: https://medium.com/websec/wordpress-sqli-poc-f1827c20bf8e
CVE-2017-14722 (Before version 4.8.2, WordPress allowed a Directory Traversal
attack in ...)
+ {DSA-3997-1}
- wordpress 4.8.2+dfsg-1 (bug #876274)
NOTE: https://core.trac.wordpress.org/changeset/41397
CVE-2017-14721 (Before version 4.8.2, WordPress allowed Cross-Site scripting
in the ...)
+ {DSA-3997-1}
- wordpress 4.8.2+dfsg-1 (bug #876274)
NOTE: https://core.trac.wordpress.org/changeset/41412
CVE-2017-14720 (Before version 4.8.2, WordPress allowed a Cross-Site scripting
attack ...)
+ {DSA-3997-1}
- wordpress 4.8.2+dfsg-1 (bug #876274)
NOTE: https://core.trac.wordpress.org/changeset/41412
CVE-2017-14719 (Before version 4.8.2, WordPress was vulnerable to a directory
traversal ...)
+ {DSA-3997-1}
- wordpress 4.8.2+dfsg-1 (bug #876274)
NOTE: https://core.trac.wordpress.org/changeset/41457
CVE-2017-14718 (Before version 4.8.2, WordPress was susceptible to a
Cross-Site ...)
+ {DSA-3997-1}
- wordpress 4.8.2+dfsg-1 (bug #876274)
NOTE: https://core.trac.wordpress.org/changeset/41393
CVE-2017-14727 (logger.c in the logger plugin in WeeChat before 1.9.1 allows a
crash ...)
@@ -1833,10 +1848,10 @@
RESERVED
CVE-2017-14589
RESERVED
-CVE-2017-14588
- RESERVED
-CVE-2017-14587
- RESERVED
+CVE-2017-14588 (Various resources in Atlassian FishEye and Crucible before
version ...)
+ TODO: check
+CVE-2017-14587 (The administration user deletion resource in Atlassian FishEye
and ...)
+ TODO: check
CVE-2017-14586
RESERVED
CVE-2017-14585
@@ -2428,14 +2443,14 @@
RESERVED
CVE-2017-14373
RESERVED
-CVE-2017-14372
- RESERVED
-CVE-2017-14371
- RESERVED
-CVE-2017-14370
- RESERVED
-CVE-2017-14369
- RESERVED
+CVE-2017-14372 (RSA Archer GRC Platform prior to 6.2.0.5 is affected by
reflected ...)
+ TODO: check
+CVE-2017-14371 (RSA Archer GRC Platform prior to 6.2.0.5 is affected by
reflected ...)
+ TODO: check
+CVE-2017-14370 (RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored
...)
+ TODO: check
+CVE-2017-14369 (RSA Archer GRC Platform prior to 6.2.0.5 is affected by a
privilege ...)
+ TODO: check
CVE-2017-14368
RESERVED
CVE-2017-14367
@@ -3535,8 +3550,8 @@
RESERVED
CVE-2017-14004
RESERVED
-CVE-2017-14003
- RESERVED
+CVE-2017-14003 (An Authentication Bypass by Spoofing issue was discovered in
LAVA ...)
+ TODO: check
CVE-2017-14002
RESERVED
CVE-2017-14001 (An Improper Neutralization of Special Elements used in an OS
Command ...)
@@ -4274,8 +4289,7 @@
- xorg-server 2:1.19.4-1
NOTE:
https://cgit.freedesktop.org/xorg/xserver/commit/?id=94f11ca5cf011ef123bd222cabeaef6f424d76ac
NOTE: This is in libxkbfile in wheezy
-CVE-2017-13722 [pcfGetProperties: Check string boundaries]
- RESERVED
+CVE-2017-13722 (In the pcfGetProperties function in bitmap/pcfread.c in
libXfont ...)
{DSA-3995-1 DLA-1126-1}
- libxfont 1:2.0.1-4
- libxfont1 <unfixed> (unimportant)
@@ -4285,8 +4299,7 @@
- xorg-server 2:1.19.4-1
NOTE:
https://cgit.freedesktop.org/xorg/xserver/commit/?id=b95f25af141d33a65f6f821ea9c003f66a01e1f1
NOTE: In wheezy this is possibly libxext, src/XShm.c?
-CVE-2017-13720 [Check for end of string in PatternMatch]
- RESERVED
+CVE-2017-13720 (In the PatternMatch function in fontfile/fontdir.c in libXfont
through ...)
{DSA-3995-1 DLA-1126-1}
- libxfont 1:2.0.1-4
- libxfont1 <unfixed> (unimportant)
@@ -8636,8 +8649,7 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1495089
CVE-2017-12189
RESERVED
-CVE-2017-12188
- RESERVED
+CVE-2017-12188 (arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when
nested ...)
- linux <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1500380
CVE-2017-12187
@@ -20422,8 +20434,8 @@
RESERVED
CVE-2017-8026
RESERVED
-CVE-2017-8025
- RESERVED
+CVE-2017-8025 (RSA Archer GRC Platform prior to 6.2.0.5 is affected by an
arbitrary ...)
+ TODO: check
CVE-2017-8024
RESERVED
CVE-2017-8023
@@ -20438,10 +20450,10 @@
RESERVED
CVE-2017-8018 (EMC AppSync host plug-in versions 3.5 and below (Windows
platform only) ...)
NOT-FOR-US: EMC AppSync
-CVE-2017-8017
- RESERVED
-CVE-2017-8016
- RESERVED
+CVE-2017-8017 (EMC Network Configuration Manager (NCM) 9.3.x, 9.4.0.x,
9.4.1.x, and ...)
+ TODO: check
+CVE-2017-8016 (RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored
...)
+ TODO: check
CVE-2017-8015 (EMC AppSync (all versions prior to 3.5) contains a SQL
injection ...)
NOT-FOR-US: EMC
CVE-2017-8014
@@ -21227,7 +21239,7 @@
- firefox 55.0-1
CVE-2017-7805
RESERVED
- {DSA-3987-1 DLA-1118-1}
+ {DSA-3998-1 DSA-3987-1 DLA-1118-1}
- firefox 56.0-1
- firefox-esr 52.4.0esr-2
- icedove <unfixed>
@@ -27770,13 +27782,12 @@
RESERVED
CVE-2017-5792
RESERVED
-CVE-2017-5791
- RESERVED
+CVE-2017-5791 (An Improper Authentication issue was discovered in JanTek
JTC-200, all ...)
NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-5790
RESERVED
-CVE-2017-5789
- RESERVED
+CVE-2017-5789 (A Cross-site Request Forgery issue was discovered in JanTek
JTC-200, ...)
+ TODO: check
CVE-2017-5788
RESERVED
CVE-2017-5787
@@ -36746,14 +36757,12 @@
RESERVED
CVE-2017-2889
RESERVED
-CVE-2017-2888 [Simple DirectMedia Layer Create RGB Surface Code Execution
Vulnerability]
- RESERVED
+CVE-2017-2888 (An exploitable integer overflow vulnerability exists when
creating a ...)
- libsdl2 <unfixed>
- libsdl1.2 <not-affected> (Issue not present, SDL_CreateRGBSurface
contains further check for too large width or height)
NOTE:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0395
NOTE: https://hg.libsdl.org/SDL/rev/7e0f1498ddb5
-CVE-2017-2887 [Simple DirectMedia Layer SDL_image XCF Property Handling Code
Execution Vulnerability]
- RESERVED
+CVE-2017-2887 (An exploitable buffer overflow vulnerability exists in the XCF
...)
- libsdl2-image <unfixed>
- sdl-image1.2 <unfixed>
NOTE:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0394
@@ -41110,8 +41119,7 @@
RESERVED
CVE-2017-0904
RESERVED
-CVE-2017-0903 [Unsafe Object Deserialization Vulnerability]
- RESERVED
+CVE-2017-0903 (RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a
...)
- ruby2.3 <unfixed>
- ruby2.1 <removed>
- ruby1.9.1 <removed>
@@ -125123,8 +125131,8 @@
NOT-FOR-US: Siemens
CVE-2013-6925 (The integrated HTTPS server in Siemens RuggedCom ROS before
3.12.2 ...)
NOT-FOR-US: Siemens
-CVE-2013-6924
- RESERVED
+CVE-2013-6924 (Seagate BlackArmor NAS devices with firmware sg2000-2000.1331
allow ...)
+ TODO: check
CVE-2013-6923 (Multiple cross-site scripting (XSS) vulnerabilities in Seagate
...)
NOT-FOR-US: Seagate BlackArmor NAS 220 devices
CVE-2013-6922 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the ...)
@@ -252464,7 +252472,7 @@
NOT-FOR-US: Geeklog
CVE-2005-4724 (SQL injection vulnerability in post.php in PhpTagCool 1.0.3
allows ...)
NOT-FOR-US: PhpTagCool
-CVE-2006-2440 (Heap-based buffer overflow in the libMagick componet of
ImageMagick ...)
+CVE-2006-2440 (Heap-based buffer overflow in the libMagick component of
ImageMagick ...)
{DSA-1168-1}
- imagemagick 6:6.2.4.5-0.6 (bug #345595)
CVE-2006-0735 (Cross-site scripting (XSS) vulnerability in BBcode.pm in M.
Blom ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
