Author: sectracker Date: 2017-10-12 21:10:16 +0000 (Thu, 12 Oct 2017) New Revision: 56665
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-10-12 20:02:54 UTC (rev 56664) +++ data/CVE/list 2017-10-12 21:10:16 UTC (rev 56665) @@ -1,3 +1,9 @@ +CVE-2017-15292 + RESERVED +CVE-2017-15291 + RESERVED +CVE-2017-15290 (Mirasys Video Management System (VMS) 6.x before 6.4.6, 7.x before ...) + TODO: check CVE-2017-XXXX [XSA 244] - xen <unfixed> NOTE: https://xenbits.xen.org/xsa/advisory-244.html @@ -24,13 +30,14 @@ - xen <unfixed> NOTE: https://xenbits.xen.org/xsa/advisory-237.html CVE-2017-15289 [cirrus: OOB access issue in mode4and5 write functions] + RESERVED - qemu <unfixed> - qemu-kvm <removed> NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg02557.html CVE-2017-15288 RESERVED -CVE-2017-15287 - RESERVED +CVE-2017-15287 (There is XSS in the BouquetEditor WebPlugin for Dream Multimedia ...) + TODO: check CVE-2017-15286 (SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in ...) - sqlite3 <unfixed> (low) NOTE: https://github.com/Ha0Team/crash-of-sqlite3/blob/master/poc.md @@ -79,8 +86,7 @@ RESERVED CVE-2017-15269 RESERVED -CVE-2017-15268 [I/O: potential memory exhaustion via websock connection to VNC] - RESERVED +CVE-2017-15268 (Qemu through 2.10.0 allows remote attackers to cause a memory leak by ...) - qemu <unfixed> [jessie] - qemu <not-affected> (I/O channels driver websockets introduced later) [wheezy] - qemu <not-affected> (I/O channels driver websockets introduced later) @@ -7068,8 +7074,8 @@ CVE-2017-12850 (An authenticated standard user could reset the password of other users ...) - kanboard <itp> (bug #790814) NOTE: https://github.com/kanboard/kanboard/commit/88dd6abbf3f519897f2f6280e95c9eec9123a4ae -CVE-2017-12849 - RESERVED +CVE-2017-12849 (Response discrepancy in the login and password reset forms in ...) + TODO: check CVE-2017-12848 RESERVED CVE-2017-12847 (Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping ...) @@ -12655,14 +12661,14 @@ RESERVED CVE-2017-10866 RESERVED -CVE-2017-10865 - RESERVED -CVE-2017-10864 - RESERVED -CVE-2017-10863 - RESERVED -CVE-2017-10862 - RESERVED +CVE-2017-10865 (Untrusted search path vulnerability in HIBUN Confidential File ...) + TODO: check +CVE-2017-10864 (Untrusted search path vulnerability in Installer of HIBUN Confidential ...) + TODO: check +CVE-2017-10863 (Untrusted search path vulnerability in HIBUN Confidential File ...) + TODO: check +CVE-2017-10862 (jwt-scala 1.2.2 and earlier fails to verify token signatures correctly ...) + TODO: check CVE-2017-10861 RESERVED CVE-2017-10860 (Untrusted search path vulnerability in "i-filter 6.0 installer" ...) @@ -12671,8 +12677,8 @@ NOT-FOR-US: i-filter 6.0 installer CVE-2017-10858 (Untrusted search path vulnerability in "i-filter 6.0 install program" ...) NOT-FOR-US: i-filter 6.0 install program -CVE-2017-10857 - RESERVED +CVE-2017-10857 (Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers to ...) + TODO: check CVE-2017-10856 (SEIL/X 4.60 to 5.72, SEIL/B1 4.60 to 5.72, SEIL/x86 3.20 to 5.72, ...) NOT-FOR-US: SEIL CVE-2017-10855 (Untrusted search path vulnerability in FENCE-Explorer for Windows ...) @@ -16208,8 +16214,8 @@ NOT-FOR-US: Craft CMS CVE-2017-9515 RESERVED -CVE-2017-9514 - RESERVED +CVE-2017-9514 (Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a ...) + TODO: check CVE-2017-9513 RESERVED CVE-2017-9512 (The mostActiveCommitters.do resource in Atlassian FishEye and ...) @@ -44492,8 +44498,8 @@ NOTE: http://dev.dotclear.org/2.0/ticket/2214 CVE-2016-9267 RESERVED -CVE-2016-9263 - RESERVED +CVE-2016-9263 (WordPress through 4.8.2, when domain-based flashmediaelement.swf ...) + TODO: check CVE-2016-9447 (The ROM mappings in the NSF decoder in gstreamer 0.10.x allow remote ...) {DSA-3713-1 DLA-712-1} - gst-plugins-bad0.10 <removed> @@ -46000,8 +46006,7 @@ NOTE: https://struts.apache.org/docs/s2-044.html CVE-2016-8737 (In Apache Brooklyn before 0.10.0, the REST server is vulnerable to ...) NOT-FOR-US: Apache Brooklyn -CVE-2016-8736 - RESERVED +CVE-2016-8736 (Apache Openmeetings before 3.1.2 is vulnerable to Remote Code ...) NOT-FOR-US: Apache OpenMeetings CVE-2016-8735 (Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x ...) {DSA-3739-1 DSA-3738-1 DLA-729-1 DLA-728-1} @@ -81155,8 +81160,8 @@ NOTE: Fixup: https://github.com/cisco/libsrtp/commit/cdc69f2acde796a4152a250f869271298abc233f CVE-2015-6359 (The Neighbor Discovery (ND) protocol implementation in the IPv6 stack ...) NOT-FOR-US: Cisco IOS -CVE-2015-6358 - RESERVED +CVE-2015-6358 (Multiple Cisco embedded devices use hardcoded X.509 certificates and ...) + TODO: check CVE-2015-6357 (The rule-update feature in Cisco FireSIGHT Management Center (MC) 5.2 ...) NOT-FOR-US: Cisco FireSIGHT CVE-2015-6356 (Cross-site scripting (XSS) vulnerability in the WeChat page in Cisco ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits