Author: sectracker
Date: 2017-10-26 21:10:14 +0000 (Thu, 26 Oct 2017)
New Revision: 57002
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-26 20:59:27 UTC (rev 57001)
+++ data/CVE/list 2017-10-26 21:10:14 UTC (rev 57002)
@@ -1,4 +1,16 @@
-CVE-2017-15919
+CVE-2017-15922 (In GNU Libextractor 1.4, there is an out-of-bounds read in the
...)
+ TODO: check
+CVE-2017-15921
+ RESERVED
+CVE-2017-15920
+ RESERVED
+CVE-2017-15918
+ RESERVED
+CVE-2017-15917 (In Paessler PRTG Network Monitor 17.3.33.2830, it's possible
to create ...)
+ TODO: check
+CVE-2017-15908 (In systemd 223 through 235, a remote DNS server can respond
with a ...)
+ TODO: check
+CVE-2017-15919 (The ultimate-form-builder-lite plugin before 1.3.7 for
WordPress has ...)
NOT-FOR-US: WordPress plugin ultimate-form-builder-lite
CVE-2017-15916
RESERVED
@@ -10,8 +22,8 @@
RESERVED
CVE-2017-15912
RESERVED
-CVE-2017-15911
- RESERVED
+CVE-2017-15911 (The Admin Console in Ignite Realtime Openfire Server before
4.1.7 ...)
+ TODO: check
CVE-2017-15910
RESERVED
CVE-2017-15909 (D-Link DGS-1500 Ax devices before 2.51B021 have a hardcoded
password, ...)
@@ -1229,8 +1241,8 @@
NOTE:
https://github.com/radare/radare2/commit/52b1526443c1f433087928291d1c3d37a5600515
CVE-2017-15367
RESERVED
-CVE-2017-15366
- RESERVED
+CVE-2017-15366 (Before Thornberry NDoc version 8.0, laptop clients and the
server have ...)
+ TODO: check
CVE-2017-15365
RESERVED
CVE-2017-15364 (The foreach function in ext/ccsv.c in Ccsv 1.1.0 allows remote
...)
@@ -1903,8 +1915,8 @@
RESERVED
CVE-2017-15097
RESERVED
-CVE-2017-15096
- RESERVED
+CVE-2017-15096 (A flaw was found in GlusterFS in versions prior to 3.10. A
null ...)
+ TODO: check
CVE-2017-15095
RESERVED
CVE-2017-15094
@@ -2663,6 +2675,7 @@
NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1).
NOTE: Reproducible in experimental(0.26-1) with valgrind (and "free():
corrupted unsorted chunks" without valgrind).
CVE-2017-14864 (An Invalid memory address dereference was discovered in
Exiv2::getULong ...)
+ {DLA-1147-1}
- exiv2 <unfixed>
NOTE: https://github.com/Exiv2/exiv2/issues/73
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494467
@@ -2680,6 +2693,7 @@
NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1).
NOTE: Reproducible in experimental(0.26-1) with valgrind (and "free():
invalid next size (fast)" without valgrind).
CVE-2017-14862 (An Invalid memory address dereference was discovered in ...)
+ {DLA-1147-1}
- exiv2 <unfixed>
NOTE: https://github.com/Exiv2/exiv2/issues/75
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494786
@@ -2706,6 +2720,7 @@
NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1).
NOTE: Reproducible in experimental(0.26-1) with valgrind (and segfault
without valgrind).
CVE-2017-14859 (An Invalid memory address dereference was discovered in ...)
+ {DLA-1147-1}
- exiv2 <unfixed>
NOTE: https://github.com/Exiv2/exiv2/issues/74
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494780
@@ -7684,6 +7699,7 @@
CVE-2017-12972 (In Nimbus JOSE+JWT before 4.39, there is no integer-overflow
check when ...)
NOT-FOR-US: Nimbus JOSE + JWT
CVE-2017-12976 (git-annex before 6.20170818 allows remote attackers to execute
...)
+ {DLA-1144-1}
- git-annex 6.20170818-1 (bug #873088)
NOTE:
http://source.git-annex.branchable.com/?p=source.git;a=commit;h=df11e54788b254efebb4898b474de11ae8d3b471
NOTE:
http://source.git-annex.branchable.com/?p=source.git;a=commit;h=c24d0f0e8984576654e2be149005bc884fe0403a
@@ -10424,14 +10440,11 @@
RESERVED
CVE-2017-12161
RESERVED
-CVE-2017-12160
- RESERVED
+CVE-2017-12160 (It was found that Keycloak oauth would permit an authenticated
...)
NOT-FOR-US: Keycloak
-CVE-2017-12159
- RESERVED
+CVE-2017-12159 (It was found that the cookie used for CSRF prevention in
Keycloak was ...)
NOT-FOR-US: Keycloak
-CVE-2017-12158
- RESERVED
+CVE-2017-12158 (It was found that Keycloak would accept a HOST header URL in
the admin ...)
NOT-FOR-US: Keycloak
CVE-2017-12157 (In Moodle 3.x, various course reports allow teachers to view
details ...)
- moodle <removed>
@@ -11617,6 +11630,7 @@
- libav <removed>
- ffmpeg 7:2.3.1-1
CVE-2017-11683 (There is a reachable assertion in the ...)
+ {DLA-1147-1}
- exiv2 <unfixed> (low)
[stretch] - exiv2 <no-dsa> (Minor issue)
[jessie] - exiv2 <no-dsa> (Minor issue)
@@ -11974,6 +11988,7 @@
NOTE: Not reproducible in wheezy/jessie/stretch/sid(0.25-3.1).
NOTE: Reproducible in experimental with version 0.26-1.
CVE-2017-11591 (There is a Floating point exception in the Exiv2::ValueType
function in ...)
+ {DLA-1147-1}
- exiv2 <unfixed> (low; bug #876893)
[stretch] - exiv2 <no-dsa> (Minor issue)
[jessie] - exiv2 <no-dsa> (Minor issue)
@@ -15260,6 +15275,7 @@
NOTE: version, although the internal lame code was only fixed in 3.100
(strictly speaking that would be
NOTE: severity:unimportant for stretch onwards, but we don't have
suite-specific severity annotations
CVE-2017-9868 (In Mosquitto through 1.4.12, mosquitto.db (aka the persistence
file) is ...)
+ {DLA-1146-1}
- mosquitto <unfixed> (bug #865959)
[stretch] - mosquitto <no-dsa> (Minor issue)
[jessie] - mosquitto <no-dsa> (Minor issue)
@@ -23509,8 +23525,8 @@
NOT-FOR-US: Fortinet FortiOS
CVE-2017-7733
RESERVED
-CVE-2017-7732
- RESERVED
+CVE-2017-7732 (A reflected Cross-Site Scripting (XSS) vulnerability in
Fortinet ...)
+ TODO: check
CVE-2017-7731 (A weak password recovery vulnerability in Fortinet FortiPortal
...)
NOT-FOR-US: Fortinet FortiPortal
CVE-2017-7730 (iSmartAlarm cube devices allow Denial of Service. Sending a SYN
flood ...)
@@ -24935,8 +24951,8 @@
NOT-FOR-US: Fortinet FortiPortal
CVE-2017-7342
RESERVED
-CVE-2017-7341
- RESERVED
+CVE-2017-7341 (An OS Command Injection vulnerability in Fortinet FortiWLC
6.1-2 ...)
+ TODO: check
CVE-2017-7340
RESERVED
CVE-2017-7339 (A Cross-Site Scripting vulnerability in Fortinet FortiPortal
versions ...)
@@ -24947,8 +24963,8 @@
NOT-FOR-US: Fortinet FortiPortal
CVE-2017-7336 (A hard-coded account named 'upgrade' in Fortinet FortiWLM 8.3.0
and ...)
NOT-FOR-US: Fortinet
-CVE-2017-7335
- RESERVED
+CVE-2017-7335 (A Cross-Site Scripting (XSS) vulnerability in Fortinet FortiWLC
6.1-x ...)
+ TODO: check
CVE-2017-7334
RESERVED
CVE-2017-7333
@@ -29019,8 +29035,8 @@
NOT-FOR-US: InterSect Alliance SNARE Epilog
CVE-2017-5997 (The SAP Message Server HTTP daemon in SAP KERNEL 7.21-7.49
allows ...)
NOT-FOR-US: SAP Message Server
-CVE-2017-5996
- RESERVED
+CVE-2017-5996 (The agent in Bomgar Remote Support 15.2.x before 15.2.3, 16.1.x
before ...)
+ TODO: check
CVE-2017-5995 (The NetApp ONTAP Select Deploy administration utility 2.0
through ...)
NOT-FOR-US: NetApp ONTAP Select Deploy administration utility
CVE-2017-14431 (Memory leak in Xen 3.3 through 4.8.x allows guest OS users to
cause a ...)
@@ -30459,6 +30475,7 @@
NOTE:
https://github.com/WordPress/WordPress/commit/21264a31e0849e6ff793a06a17de877dd88ea454
NOTE: http://www.openwall.com/lists/oss-security/2017/01/27/2
CVE-2017-5595 (A file disclosure and inclusion vulnerability exists in ...)
+ {DLA-1145-1}
- zoneminder 1.30.4+dfsg-1 (bug #854733)
NOTE: Check
https://github.com/ZoneMinder/ZoneMinder/commit/8b19fca9927cdec07cc9dd09bdcf2496a5ae69b3
CVE-2017-5594 (An issue was discovered in Pagekit CMS before 1.0.11. In this
...)
@@ -35661,8 +35678,8 @@
RESERVED
CVE-2017-3772
RESERVED
-CVE-2017-3771
- RESERVED
+CVE-2017-3771 (System boot process is not adequately secured In Lenovo E95 and
...)
+ TODO: check
CVE-2017-3770 (Privilege escalation vulnerability in LXCA versions earlier
than 1.3.2 ...)
NOT-FOR-US: Lenovo LXCA
CVE-2017-3769
@@ -121835,8 +121852,7 @@
NOT-FOR-US: Intrexx
CVE-2014-2024 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: Open Classifieds
-CVE-2014-2023
- RESERVED
+CVE-2014-2023 (Multiple SQL injection vulnerabilities in the Tapatalk plugin
4.9.0 ...)
NOT-FOR-US: vBulletin
CVE-2014-2022 (SQL injection vulnerability in
includes/api/4/breadcrumbs_create.php ...)
NOT-FOR-US: vBulletin
@@ -152960,14 +152976,12 @@
[squeeze] - mediawiki <end-of-life>
NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39180
NOTE: http://www.openwall.com/lists/oss-security/2012/08/31/6
-CVE-2012-4378 [DOM-based XSS]
- RESERVED
+CVE-2012-4378 (Multiple cross-site scripting (XSS) vulnerabilities in
MediaWiki ...)
- mediawiki 1:1.19.2-1 (bug #686330)
[squeeze] - mediawiki <end-of-life>
NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=37587
NOTE: http://www.openwall.com/lists/oss-security/2012/08/31/6
-CVE-2012-4377 [[mediawiki stored XSS]
- RESERVED
+CVE-2012-4377 (Cross-site scripting (XSS) vulnerability in MediaWiki before
1.18.5 ...)
- mediawiki 1:1.19.2-1 (bug #686330)
[squeeze] - mediawiki <not-affected> (Introduced in 1.16)
NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39700
@@ -160042,8 +160056,7 @@
NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1623 (The Registration Codes module before 6.x-2.4 for Drupal does
not ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-1622
- RESERVED
+CVE-2012-1622 (Apache OFBiz 10.04.x before 10.04.02 allows remote attackers to
...)
NOT-FOR-US: Apache OFBiz
CVE-2012-1621 (Multiple cross-site scripting (XSS) vulnerabilities in Apache
Open For ...)
NOT-FOR-US: Apache OFBiz
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
