Author: sectracker
Date: 2017-10-31 21:10:19 +0000 (Tue, 31 Oct 2017)
New Revision: 57177
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-31 20:37:37 UTC (rev 57176)
+++ data/CVE/list 2017-10-31 21:10:19 UTC (rev 57177)
@@ -1,9 +1,11 @@
-CVE-2017-1000383
+CVE-2017-16242
+ RESERVED
+CVE-2017-1000383 (GNU Emacs version 25.3.1 (and other versions most likely)
ignores ...)
- emacs25 <unfixed>
- emacs24 <removed>
- emacs23 <removed>
NOTE: http://www.openwall.com/lists/oss-security/2017/10/31/15
-CVE-2017-1000382
+CVE-2017-1000382 (VIM version 8.0.1187 (and other versions most likely)
ignores umask ...)
- vim <unfixed>
NOTE: http://www.openwall.com/lists/oss-security/2017/10/31/15
CVE-2017-XXXX [leaks files without extention, inadvertently]
@@ -48,7 +50,7 @@
NOTE: This is similar class of issue as for CVE-2017-1000117/git
NOTE: But needs a separate CVE since different codebasis.
CVE-2017-16227 (The aspath_put function in bgpd/bgp_aspath.c in Quagga before
1.2.2 ...)
- {DSA-4011-1}
+ {DSA-4011-1 DLA-1152-1}
- quagga <unfixed> (bug #879474)
NOTE:
https://lists.quagga.net/pipermail/quagga-dev/2017-September/033284.html
NOTE:
http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=7a42b78be9a4108d98833069a88e6fddb9285008
@@ -1010,8 +1012,8 @@
[jessie] - linux <not-affected> (Vulnerable code introduced later)
[wheezy] - linux <not-affected> (Vulnerable code introduced later)
NOTE: Fixed by:
https://git.kernel.org/linus/363b02dab09b3226f3bd1420dad9c72b79a42a76
(v4.14-rc6)
-CVE-2017-15950
- RESERVED
+CVE-2017-15950 (Flexense SyncBreeze Enterprise version 10.1.16 is vulnerable
to a ...)
+ TODO: check
CVE-2017-15949 (Xavier PHP Management Panel 2.4 allows SQL injection via the
usertoedit ...)
NOT-FOR-US: Xavier PHP Management Panel
CVE-2017-15948 (Perch Content Management System 3.0.3 allows unrestricted file
upload ...)
@@ -1068,6 +1070,7 @@
NOTE:
https://github.com/radare/radare2/commit/c6d0076c924891ad9948a62d89d0bcdaf965f0cd
NOTE: https://github.com/radare/radare2/issues/8731
CVE-2017-15930 (In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a
Null ...)
+ {DLA-1154-1}
- graphicsmagick 1.3.26-16 (bug #879999)
NOTE:
http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=6fc54b6d2be8
NOTE:
http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=da135eaedc3b
@@ -1174,8 +1177,8 @@
RESERVED
CVE-2017-15885 (Reflected XSS in the web administration portal on the Axis
2100 Network ...)
NOT-FOR-US: Axis
-CVE-2017-15884
- RESERVED
+CVE-2017-15884 (In HashiCorp Vagrant VMware Fusion plugin (aka
vagrant-vmware-fusion) ...)
+ TODO: check
CVE-2017-15883
RESERVED
CVE-2017-15882 (The London Trust Media Private Internet Access (PIA)
application before ...)
@@ -2594,8 +2597,7 @@
[stretch] - linux 4.9.47-1
[wheezy] - linux 3.2.93-1
NOTE: Fixed by:
https://git.kernel.org/linus/5649645d725c73df4302428ee4e02c869248b4c5 (4.12-rc5)
-CVE-2017-15273
- RESERVED
+CVE-2017-15273 (Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10
before ...)
- mahara <removed>
NOTE: https://mahara.org/interaction/forum/topic.php?id=8081
CVE-2017-15272
@@ -3129,8 +3131,7 @@
{DSA-4007-1 DLA-1143-1}
- curl 7.56.1-1
NOTE: https://curl.haxx.se/docs/adv_20171023.html
-CVE-2017-1000256 [LSN-2017-0002: TLS certificate verification disabled for
clients]
- RESERVED
+CVE-2017-1000256 (libvirt version 2.3.0 and later is vulnerable to a bad
default ...)
{DSA-4003-1}
- libvirt 3.8.0-3 (bug #878799)
[jessie] - libvirt <not-affected> (Vulnerable code introduced later)
@@ -3450,7 +3451,7 @@
CVE-2017-14758 (OpenText Document Sciences xPression (formerly EMC Document
Sciences ...)
NOT-FOR-US: EMC
CVE-2017-14990 (WordPress 4.8.2 stores cleartext wp_signups.activation_key
values (but ...)
- {DSA-3997-1}
+ {DSA-3997-1 DLA-1151-1}
- wordpress 4.8.2+dfsg-2 (bug #877629)
NOTE: https://core.trac.wordpress.org/ticket/38474
CVE-2017-14989 (A use-after-free in RenderFreetype in MagickCore/annotate.c in
...)
@@ -4098,8 +4099,7 @@
NOT-FOR-US: OpenText Document Sciences xPression
CVE-2017-14753 (Cross-site scripting (XSS) vulnerability in the EyesOfNetwork
web ...)
NOT-FOR-US: EyesOfNetwork (EON)
-CVE-2017-14752
- RESERVED
+CVE-2017-14752 (Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10
before ...)
- mahara <removed>
NOTE: https://mahara.org/interaction/forum/topic.php?id=8083
CVE-2017-14751 (The Intense WP "WP Jobs" plugin 1.5 for WordPress
has XSS, related to ...)
@@ -4197,7 +4197,7 @@
[wheezy] - wordpress <not-affected> (Vulnerable code not present)
NOTE: https://core.trac.wordpress.org/changeset/41395
CVE-2017-14725 (Before version 4.8.2, WordPress was susceptible to an open
redirect ...)
- {DSA-3997-1}
+ {DSA-3997-1 DLA-1151-1}
- wordpress 4.8.2+dfsg-1 (bug #876274)
NOTE: https://core.trac.wordpress.org/changeset/41398
CVE-2017-14724 (Before version 4.8.2, WordPress was vulnerable to cross-site
scripting ...)
@@ -4207,7 +4207,7 @@
[wheezy] - wordpress <not-affected> (Vulnerable code not present)
NOTE: https://core.trac.wordpress.org/changeset/41448
CVE-2017-14723 (Before version 4.8.2, WordPress mishandled % characters and
additional ...)
- {DSA-3997-1}
+ {DSA-3997-1 DLA-1151-1}
- wordpress 4.8.2+dfsg-1 (bug #876274)
NOTE: https://core.trac.wordpress.org/changeset/41470
NOTE: https://core.trac.wordpress.org/changeset/41496
@@ -4216,23 +4216,23 @@
NOTE: https://medium.com/websec/wordpress-sqli-bbb2afcc8e94
NOTE: https://medium.com/websec/wordpress-sqli-poc-f1827c20bf8e
CVE-2017-14722 (Before version 4.8.2, WordPress allowed a Directory Traversal
attack in ...)
- {DSA-3997-1}
+ {DSA-3997-1 DLA-1151-1}
- wordpress 4.8.2+dfsg-1 (bug #876274)
NOTE: https://core.trac.wordpress.org/changeset/41397
CVE-2017-14721 (Before version 4.8.2, WordPress allowed Cross-Site scripting
in the ...)
- {DSA-3997-1}
+ {DSA-3997-1 DLA-1151-1}
- wordpress 4.8.2+dfsg-1 (bug #876274)
NOTE: https://core.trac.wordpress.org/changeset/41412
CVE-2017-14720 (Before version 4.8.2, WordPress allowed a Cross-Site scripting
attack ...)
- {DSA-3997-1}
+ {DSA-3997-1 DLA-1151-1}
- wordpress 4.8.2+dfsg-1 (bug #876274)
NOTE: https://core.trac.wordpress.org/changeset/41412
CVE-2017-14719 (Before version 4.8.2, WordPress was vulnerable to a directory
traversal ...)
- {DSA-3997-1}
+ {DSA-3997-1 DLA-1151-1}
- wordpress 4.8.2+dfsg-1 (bug #876274)
NOTE: https://core.trac.wordpress.org/changeset/41457
CVE-2017-14718 (Before version 4.8.2, WordPress was susceptible to a
Cross-Site ...)
- {DSA-3997-1}
+ {DSA-3997-1 DLA-1151-1}
- wordpress 4.8.2+dfsg-1 (bug #876274)
NOTE: https://core.trac.wordpress.org/changeset/41393
CVE-2017-14727 (logger.c in the logger plugin in WeeChat before 1.9.1 allows a
crash ...)
@@ -5238,12 +5238,12 @@
RESERVED
CVE-2017-14359
RESERVED
-CVE-2017-14358
- RESERVED
-CVE-2017-14357
- RESERVED
-CVE-2017-14356
- RESERVED
+CVE-2017-14358 (A URL redirection to untrusted site vulnerability in HP
ArcSight ESM ...)
+ TODO: check
+CVE-2017-14357 (A Reflected and Stored Cross-Site Scripting (XSS)
vulnerability in HP ...)
+ TODO: check
+CVE-2017-14356 (An SQL Injection vulnerability in HP ArcSight ESM and HP
ArcSight ESM ...)
+ TODO: check
CVE-2017-14355
RESERVED
CVE-2017-14354 (A remote cross-site scripting vulnerability in HP UCMDB
Foundation ...)
@@ -5532,8 +5532,8 @@
CVE-2017-14251 (Unrestricted File Upload vulnerability in the fileDenyPattern
in ...)
- typo3-src <removed>
[wheezy] - typo3-src <end-of-life> (Not supported in Wheezy LTS)
-CVE-2017-14250
- RESERVED
+CVE-2017-14250 (In TP-LINK TL-WR741N / TL-WR741ND 150M Wireless Lite N Router
with ...)
+ TODO: check
CVE-2017-14249 (ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage
in ...)
{DLA-1131-1}
- imagemagick <unfixed> (low; bug #876099)
@@ -5794,8 +5794,8 @@
- qemu-kvm <removed>
NOTE:
https://lists.nongnu.org/archive/html/qemu-devel/2017-09/msg01483.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1489375
-CVE-2017-14163
- RESERVED
+CVE-2017-14163 (An issue was discovered in Mahara before 15.04.14, 16.x before
...)
+ TODO: check
CVE-2017-14162
RESERVED
CVE-2017-14161
@@ -8449,15 +8449,15 @@
- wget 1.19.2-1 (bug #879957)
NOTE:
http://git.savannah.gnu.org/cgit/wget.git/commit/?id=d892291fb8ace4c3b734ea5125770989c215df3f
CVE-2017-13088 (Wi-Fi Protected Access (WPA and WPA2) that support 802.11v
allows ...)
- {DSA-3999-1}
+ {DSA-3999-1 DLA-1150-1}
- wpa 2:2.4-1.1
NOTE: https://w1.fi/security/2017-1/
CVE-2017-13087 (Wi-Fi Protected Access (WPA and WPA2) that support 802.11v
allows ...)
- {DSA-3999-1}
+ {DSA-3999-1 DLA-1150-1}
- wpa 2:2.4-1.1
NOTE: https://w1.fi/security/2017-1/
CVE-2017-13086 (Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of
the ...)
- {DSA-3999-1}
+ {DSA-3999-1 DLA-1150-1}
- wpa 2:2.4-1.1
NOTE: https://w1.fi/security/2017-1/
CVE-2017-13085
@@ -8474,29 +8474,29 @@
CVE-2017-13083 (Akeo Consulting Rufus prior to version 2.17.1187 does not
adequately ...)
NOT-FOR-US: Akeo Consulting Rufus
CVE-2017-13082 (Wi-Fi Protected Access (WPA and WPA2) that supports IEEE
802.11r ...)
- {DSA-3999-1}
+ {DSA-3999-1 DLA-1150-1}
- wpa 2:2.4-1.1
NOTE: https://w1.fi/security/2017-1/
CVE-2017-13081 (Wi-Fi Protected Access (WPA and WPA2) that supports IEEE
802.11w ...)
- {DSA-3999-1}
+ {DSA-3999-1 DLA-1150-1}
- wpa 2:2.4-1.1
NOTE: https://w1.fi/security/2017-1/
CVE-2017-13080 (Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of
the ...)
- {DSA-3999-1}
+ {DSA-3999-1 DLA-1150-1}
- wpa 2:2.4-1.1
- linux <unfixed>
NOTE: https://w1.fi/security/2017-1/
NOTE:
https://git.kernel.org/linus/fdf7cb4185b60c68e1a75e61691c4afdc15dea0e
(v4.14-rc6)
CVE-2017-13079 (Wi-Fi Protected Access (WPA and WPA2) that supports IEEE
802.11w ...)
- {DSA-3999-1}
+ {DSA-3999-1 DLA-1150-1}
- wpa 2:2.4-1.1
NOTE: https://w1.fi/security/2017-1/
CVE-2017-13078 (Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of
the ...)
- {DSA-3999-1}
+ {DSA-3999-1 DLA-1150-1}
- wpa 2:2.4-1.1
NOTE: https://w1.fi/security/2017-1/
CVE-2017-13077 (Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of
the ...)
- {DSA-3999-1}
+ {DSA-3999-1 DLA-1150-1}
- wpa 2:2.4-1.1
NOTE: https://w1.fi/security/2017-1/
CVE-2017-13076
@@ -15243,10 +15243,10 @@
RESERVED
CVE-2017-10955 (** DISPUTED ** This vulnerability allows remote attackers to
execute ...)
NOT-FOR-US: EMC
-CVE-2017-10954
- RESERVED
-CVE-2017-10953
- RESERVED
+CVE-2017-10954 (This vulnerability allows remote attackers to execute
arbitrary code ...)
+ TODO: check
+CVE-2017-10953 (This vulnerability allows remote attackers to execute
arbitrary code ...)
+ TODO: check
CVE-2017-10952 (This vulnerability allows remote attackers to execute
arbitrary code ...)
NOT-FOR-US: Foxit Reader
CVE-2017-10951 (This vulnerability allows remote attackers to execute
arbitrary code ...)
@@ -15255,24 +15255,24 @@
NOT-FOR-US: Bitdefender Total Security
CVE-2017-10949 (Directory Traversal in Dell Storage Manager 2016 R2.1 causes
...)
NOT-FOR-US: Dell Storage Manager
-CVE-2017-10948
- RESERVED
-CVE-2017-10947
- RESERVED
-CVE-2017-10946
- RESERVED
-CVE-2017-10945
- RESERVED
-CVE-2017-10944
- RESERVED
-CVE-2017-10943
- RESERVED
-CVE-2017-10942
- RESERVED
-CVE-2017-10941
- RESERVED
-CVE-2017-10940
- RESERVED
+CVE-2017-10948 (This vulnerability allows remote attackers to execute
arbitrary code ...)
+ TODO: check
+CVE-2017-10947 (This vulnerability allows remote attackers to execute
arbitrary code ...)
+ TODO: check
+CVE-2017-10946 (This vulnerability allows remote attackers to execute
arbitrary code ...)
+ TODO: check
+CVE-2017-10945 (This vulnerability allows remote attackers to execute
arbitrary code ...)
+ TODO: check
+CVE-2017-10944 (This vulnerability allows remote attackers to disclose
sensitive ...)
+ TODO: check
+CVE-2017-10943 (This vulnerability allows remote attackers to disclose
sensitive ...)
+ TODO: check
+CVE-2017-10942 (This vulnerability allows remote attackers to disclose
sensitive ...)
+ TODO: check
+CVE-2017-10941 (This vulnerability allows remote attackers to execute
arbitrary code ...)
+ TODO: check
+CVE-2017-10940 (This vulnerability allows remote attackers to execute
arbitrary code ...)
+ TODO: check
CVE-2017-10939
RESERVED
CVE-2017-10938
@@ -24169,7 +24169,7 @@
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7825
CVE-2017-7824
RESERVED
- {DSA-3987-1 DLA-1118-1}
+ {DSA-3987-1 DLA-1153-1 DLA-1118-1}
- firefox 56.0-1
- firefox-esr 52.4.0esr-2
- thunderbird 1:52.4.0-1
@@ -24178,7 +24178,7 @@
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7824
CVE-2017-7823
RESERVED
- {DSA-3987-1 DLA-1118-1}
+ {DSA-3987-1 DLA-1153-1 DLA-1118-1}
- firefox 56.0-1
- firefox-esr 52.4.0esr-2
- thunderbird 1:52.4.0-1
@@ -24199,7 +24199,7 @@
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7820
CVE-2017-7819
RESERVED
- {DSA-3987-1 DLA-1118-1}
+ {DSA-3987-1 DLA-1153-1 DLA-1118-1}
- firefox 56.0-1
- firefox-esr 52.4.0esr-2
- thunderbird 1:52.4.0-1
@@ -24208,7 +24208,7 @@
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7819
CVE-2017-7818
RESERVED
- {DSA-3987-1 DLA-1118-1}
+ {DSA-3987-1 DLA-1153-1 DLA-1118-1}
- firefox 56.0-1
- firefox-esr 52.4.0esr-2
- thunderbird 1:52.4.0-1
@@ -24229,7 +24229,7 @@
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7815
CVE-2017-7814
RESERVED
- {DSA-3987-1 DLA-1118-1}
+ {DSA-3987-1 DLA-1153-1 DLA-1118-1}
- firefox 56.0-1
- firefox-esr 52.4.0esr-2
- thunderbird 1:52.4.0-1
@@ -24250,7 +24250,7 @@
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7811
CVE-2017-7810
RESERVED
- {DSA-3987-1 DLA-1118-1}
+ {DSA-3987-1 DLA-1153-1 DLA-1118-1}
- firefox 56.0-1
- firefox-esr 52.4.0esr-2
- thunderbird 1:52.4.0-1
@@ -24277,7 +24277,7 @@
- firefox 55.0-1
CVE-2017-7805
RESERVED
- {DSA-3998-1 DSA-3987-1 DLA-1138-1 DLA-1118-1}
+ {DSA-3998-1 DSA-3987-1 DLA-1153-1 DLA-1138-1 DLA-1118-1}
- firefox 56.0-1
- firefox-esr 52.4.0esr-2
- thunderbird 1:52.4.0-1
@@ -24337,7 +24337,7 @@
- firefox 55.0-1
CVE-2017-7793
RESERVED
- {DSA-3987-1 DLA-1118-1}
+ {DSA-3987-1 DLA-1153-1 DLA-1118-1}
- firefox 56.0-1
- firefox-esr 52.4.0esr-2
- thunderbird 1:52.4.0-1
@@ -36295,12 +36295,12 @@
RESERVED
CVE-2017-3936
RESERVED
-CVE-2017-3935
- RESERVED
-CVE-2017-3934
- RESERVED
-CVE-2017-3933
- RESERVED
+CVE-2017-3935 (Network Data Loss Prevention is vulnerable to MIME type
sniffing which ...)
+ TODO: check
+CVE-2017-3934 (Missing HTTP Strict Transport Security state information
vulnerability ...)
+ TODO: check
+CVE-2017-3933 (Embedding Script (XSS) in HTTP Headers vulnerability in McAfee
Network ...)
+ TODO: check
CVE-2017-3932
RESERVED
CVE-2017-3931
@@ -47429,6 +47429,7 @@
CVE-2016-9267
RESERVED
CVE-2016-9263 (WordPress through 4.8.2, when domain-based
flashmediaelement.swf ...)
+ {DLA-1151-1}
- wordpress 4.1+dfsg-1
NOTE:
https://opnsec.com/2017/10/cve-2016-9263-unpatched-xsf-vulnerability-in-wordpress/
NOTE: flashmediaelement.swf removed from source tree starting in
4.1+dfsg-1
@@ -48016,8 +48017,8 @@
REJECTED
CVE-2016-9098
REJECTED
-CVE-2016-9097
- REJECTED
+CVE-2016-9097 (The Symantec Advanced Secure Gateway (ASG) 6.6 prior to
6.6.5.8, ...)
+ TODO: check
CVE-2016-9096
REJECTED
CVE-2016-9095
@@ -75749,7 +75750,7 @@
CVE-2016-0760 (Multiple incomplete blacklist vulnerabilities in Apache Sentry
before ...)
NOT-FOR-US: Apache Hive
CVE-2016-0759
- RESERVED
+ REJECTED
CVE-2016-0758 (Integer overflow in lib/asn1_decoder.c in the Linux kernel
before 4.6 ...)
- linux 4.5.4-1
[jessie] - linux 3.16.36-1
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
