[Secure-testing-commits] r56665 - data/CVE

security tracker role Thu, 12 Oct 2017 14:11:04 -0700

Author: sectracker
Date: 2017-10-12 21:10:16 +0000 (Thu, 12 Oct 2017)
New Revision: 56665


Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-10-12 20:02:54 UTC (rev 56664)
+++ data/CVE/list       2017-10-12 21:10:16 UTC (rev 56665)
@@ -1,3 +1,9 @@
+CVE-2017-15292
+       RESERVED
+CVE-2017-15291
+       RESERVED
+CVE-2017-15290 (Mirasys Video Management System (VMS) 6.x before 6.4.6, 7.x 
before ...)
+       TODO: check
 CVE-2017-XXXX [XSA 244]
        - xen <unfixed>
        NOTE: https://xenbits.xen.org/xsa/advisory-244.html
@@ -24,13 +30,14 @@
        - xen <unfixed>
        NOTE: https://xenbits.xen.org/xsa/advisory-237.html
 CVE-2017-15289 [cirrus: OOB access issue in mode4and5 write functions]
+       RESERVED
        - qemu <unfixed>
        - qemu-kvm <removed>
        NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg02557.html
 CVE-2017-15288
        RESERVED
-CVE-2017-15287
-       RESERVED
+CVE-2017-15287 (There is XSS in the BouquetEditor WebPlugin for Dream 
Multimedia ...)
+       TODO: check
 CVE-2017-15286 (SQLite 3.20.1 has a NULL pointer dereference in 
tableColumnList in ...)
        - sqlite3 <unfixed> (low)
        NOTE: https://github.com/Ha0Team/crash-of-sqlite3/blob/master/poc.md
@@ -79,8 +86,7 @@
        RESERVED
 CVE-2017-15269
        RESERVED
-CVE-2017-15268 [I/O: potential memory exhaustion via websock connection to VNC]
-       RESERVED
+CVE-2017-15268 (Qemu through 2.10.0 allows remote attackers to cause a memory 
leak by ...)
        - qemu <unfixed>
        [jessie] - qemu <not-affected> (I/O channels driver websockets 
introduced later)
        [wheezy] - qemu <not-affected> (I/O channels driver websockets 
introduced later)
@@ -7068,8 +7074,8 @@
 CVE-2017-12850 (An authenticated standard user could reset the password of 
other users ...)
        - kanboard <itp> (bug #790814)
        NOTE: 
https://github.com/kanboard/kanboard/commit/88dd6abbf3f519897f2f6280e95c9eec9123a4ae
-CVE-2017-12849
-       RESERVED
+CVE-2017-12849 (Response discrepancy in the login and password reset forms in 
...)
+       TODO: check
 CVE-2017-12848
        RESERVED
 CVE-2017-12847 (Nagios Core before 4.3.3 creates a nagios.lock PID file after 
dropping ...)
@@ -12655,14 +12661,14 @@
        RESERVED
 CVE-2017-10866
        RESERVED
-CVE-2017-10865
-       RESERVED
-CVE-2017-10864
-       RESERVED
-CVE-2017-10863
-       RESERVED
-CVE-2017-10862
-       RESERVED
+CVE-2017-10865 (Untrusted search path vulnerability in HIBUN Confidential File 
...)
+       TODO: check
+CVE-2017-10864 (Untrusted search path vulnerability in Installer of HIBUN 
Confidential ...)
+       TODO: check
+CVE-2017-10863 (Untrusted search path vulnerability in HIBUN Confidential File 
...)
+       TODO: check
+CVE-2017-10862 (jwt-scala 1.2.2 and earlier fails to verify token signatures 
correctly ...)
+       TODO: check
 CVE-2017-10861
        RESERVED
 CVE-2017-10860 (Untrusted search path vulnerability in &quot;i-filter 6.0 
installer&quot; ...)
@@ -12671,8 +12677,8 @@
        NOT-FOR-US: i-filter 6.0 installer
 CVE-2017-10858 (Untrusted search path vulnerability in &quot;i-filter 6.0 
install program&quot; ...)
        NOT-FOR-US: i-filter 6.0 install program
-CVE-2017-10857
-       RESERVED
+CVE-2017-10857 (Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers 
to ...)
+       TODO: check
 CVE-2017-10856 (SEIL/X 4.60 to 5.72, SEIL/B1 4.60 to 5.72, SEIL/x86 3.20 to 
5.72, ...)
        NOT-FOR-US: SEIL
 CVE-2017-10855 (Untrusted search path vulnerability in FENCE-Explorer for 
Windows ...)
@@ -16208,8 +16214,8 @@
        NOT-FOR-US: Craft CMS
 CVE-2017-9515
        RESERVED
-CVE-2017-9514
-       RESERVED
+CVE-2017-9514 (Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 
had a ...)
+       TODO: check
 CVE-2017-9513
        RESERVED
 CVE-2017-9512 (The mostActiveCommitters.do resource in Atlassian FishEye and 
...)
@@ -44492,8 +44498,8 @@
        NOTE: http://dev.dotclear.org/2.0/ticket/2214
 CVE-2016-9267
        RESERVED
-CVE-2016-9263
-       RESERVED
+CVE-2016-9263 (WordPress through 4.8.2, when domain-based 
flashmediaelement.swf ...)
+       TODO: check
 CVE-2016-9447 (The ROM mappings in the NSF decoder in gstreamer 0.10.x allow 
remote ...)
        {DSA-3713-1 DLA-712-1}
        - gst-plugins-bad0.10 <removed>
@@ -46000,8 +46006,7 @@
        NOTE: https://struts.apache.org/docs/s2-044.html
 CVE-2016-8737 (In Apache Brooklyn before 0.10.0, the REST server is vulnerable 
to ...)
        NOT-FOR-US: Apache Brooklyn
-CVE-2016-8736
-       RESERVED
+CVE-2016-8736 (Apache Openmeetings before 3.1.2 is vulnerable to Remote Code 
...)
        NOT-FOR-US: Apache OpenMeetings
 CVE-2016-8735 (Remote code execution is possible with Apache Tomcat before 
6.0.48, 7.x ...)
        {DSA-3739-1 DSA-3738-1 DLA-729-1 DLA-728-1}
@@ -81155,8 +81160,8 @@
        NOTE: Fixup: 
https://github.com/cisco/libsrtp/commit/cdc69f2acde796a4152a250f869271298abc233f
 CVE-2015-6359 (The Neighbor Discovery (ND) protocol implementation in the IPv6 
stack ...)
        NOT-FOR-US: Cisco IOS
-CVE-2015-6358
-       RESERVED
+CVE-2015-6358 (Multiple Cisco embedded devices use hardcoded X.509 
certificates and ...)
+       TODO: check
 CVE-2015-6357 (The rule-update feature in Cisco FireSIGHT Management Center 
(MC) 5.2 ...)
        NOT-FOR-US: Cisco FireSIGHT
 CVE-2015-6356 (Cross-site scripting (XSS) vulnerability in the WeChat page in 
Cisco ...)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r56665 - data/CVE

Reply via email to