Author: sectracker
Date: 2017-11-07 21:10:12 +0000 (Tue, 07 Nov 2017)
New Revision: 57416
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-11-07 21:00:39 UTC (rev 57415)
+++ data/CVE/list 2017-11-07 21:10:12 UTC (rev 57416)
@@ -1,3 +1,9 @@
+CVE-2017-16641 (lib/rrd.php in Cacti 1.1.27 allows remote authenticated
administrators ...)
+ TODO: check
+CVE-2017-16640
+ RESERVED
+CVE-2017-16639
+ RESERVED
CVE-2008-7319 [command injection via crafted arguments]
- libnet-ping-external-perl <unfixed> (bug #881097)
[stretch] - libnet-ping-external-perl <no-dsa> (Remove in next point
update)
@@ -2106,8 +2112,8 @@
RESERVED
CVE-2017-15888 (Cross-site scripting (XSS) vulnerability in Custom Internet
Radio List ...)
NOT-FOR-US: Synology
-CVE-2017-15887
- RESERVED
+CVE-2017-15887 (An improper restriction of excessive authentication attempts
...)
+ TODO: check
CVE-2017-15886
RESERVED
CVE-2017-15885 (Reflected XSS in the web administration portal on the Axis
2100 Network ...)
@@ -2846,7 +2852,7 @@
CVE-2017-15539 (SQL Injection exists in zorovavi/blog through 2017-10-17 via
the id ...)
NOT-FOR-US: zorovavi/blog
CVE-2017-15587 (An integer overflow was discovered in
pdf_read_new_xref_section in ...)
- {DSA-4006-1}
+ {DSA-4006-1 DLA-1164-1}
- mupdf 1.11+ds1-2 (bug #879055)
NOTE:
http://git.ghostscript.com/?p=mupdf.git;h=82df2631d7d0446b206ea6b434ea609b6c28b0e8
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698605 (not public)
@@ -5323,7 +5329,7 @@
CVE-2017-14688 (STDU Viewer 1.6.375 allows attackers to cause a denial of
service or ...)
NOT-FOR-US: STDU Viewer
CVE-2017-14687 (Artifex MuPDF 1.11 allows attackers to cause a denial of
service or ...)
- {DSA-4006-1}
+ {DSA-4006-1 DLA-1164-1}
- mupdf 1.11+ds1-1.1 (bug #877379)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698558
NOTE: Fixed by:
http://git.ghostscript.com/?p=mupdf.git;h=2b16dbd8f73269cb15ca61ece75cf8d2d196ed28
@@ -5457,7 +5463,7 @@
[jessie] - sam2p <no-dsa> (Minor issue)
NOTE: https://github.com/pts/sam2p/issues/14 (bug 4)
CVE-2017-14635 (In Open Ticket Request System (OTRS) 3.3.x before 3.3.18, 4.x
before ...)
- {DLA-1119-1}
+ {DSA-4021-1 DLA-1119-1}
- otrs2 5.0.23-1 (bug #876462)
NOTE:
https://github.com/OTRS/otrs/commit/a4093dc404fcbd87b235b31c72913141672f2a85
(rel-5_0)
NOTE:
https://github.com/OTRS/otrs/commit/00bcc89dc2443b5d8b34a0908e224373926aa618
(rel-5_0)
@@ -11477,6 +11483,7 @@
NOTE:
mail-archives.apache.org/mod_mbox/apr-dev/201710.mbox/%3CCACsi252POs4toeJJciwg09_eu2cO3XFg%3DUqsPjXsfjDoeC3-UQ%40mail.gmail.com%3E
NOTE:
https://github.com/apache/apr/commit/f672b565c825c34de9ee298b5bdc62c01cdd6147
CVE-2017-12617 (When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0
to ...)
+ {DLA-1166-1}
- tomcat9 <itp> (bug #802312)
- tomcat8 8.5.23-1
- tomcat8.0 <unfixed> (unimportant)
@@ -11522,12 +11529,14 @@
RESERVED
CVE-2017-12608
RESERVED
+ {DSA-4022-1}
- libreoffice 1:5.0.2-1
NOTE: https://www.talosintelligence.com/reports/TALOS-2017-0301
NOTE:
https://www.libreoffice.org/about-us/security/advisories/CVE-2017-12608
NOTE:
https://gerrit.libreoffice.org/gitweb?p=core.git;a=commitdiff_plain;h=42a709d1ef647aab9a1c9422b4e25ecaee857aba
CVE-2017-12607
RESERVED
+ {DSA-4022-1}
- libreoffice 1:5.0.2-1
NOTE: https://www.talosintelligence.com/reports/TALOS-2017-0300
NOTE:
https://www.libreoffice.org/about-us/security/advisories/CVE-2017-12607
@@ -12531,6 +12540,7 @@
RESERVED
CVE-2017-12197
RESERVED
+ {DLA-1165-1}
- libpam4j 1.4-3 (bug #879001)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1503103
NOTE: https://github.com/kohsuke/libpam4j/issues/18
@@ -12883,12 +12893,12 @@
RESERVED
CVE-2017-12097
RESERVED
-CVE-2017-12096
- RESERVED
+CVE-2017-12096 (An exploitable vulnerability exists in the WiFi management of
Circle ...)
+ TODO: check
CVE-2017-12095
RESERVED
-CVE-2017-12094
- RESERVED
+CVE-2017-12094 (An exploitable vulnerability exists in the WiFi Channel
parsing of ...)
+ TODO: check
CVE-2017-12093
RESERVED
CVE-2017-12092
@@ -12905,12 +12915,12 @@
RESERVED
CVE-2017-12086
RESERVED
-CVE-2017-12085
- RESERVED
-CVE-2017-12084
- RESERVED
-CVE-2017-12083
- RESERVED
+CVE-2017-12085 (An exploitable routing vulnerability exists in the Circle with
Disney ...)
+ TODO: check
+CVE-2017-12084 (A backdoor vulnerability exists in remote control
functionality of ...)
+ TODO: check
+CVE-2017-12083 (An exploitable information disclosure vulnerability exists in
the apid ...)
+ TODO: check
CVE-2017-12082
RESERVED
CVE-2017-12081
@@ -40972,12 +40982,10 @@
- freexl 1.0.4-1 (bug #875690)
NOTE:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0430
NOTE: https://www.gaia-gis.it/fossil/freexl/ci/40c17539ea56f0d8
-CVE-2017-2922
- RESERVED
+CVE-2017-2922 (An exploitable memory corruption vulnerability exists in the
Websocket ...)
NOT-FOR-US: Cesanta Mongoose
TODO: check smplayer, embeds it
-CVE-2017-2921
- RESERVED
+CVE-2017-2921 (An exploitable memory corruption vulnerability exists in the
Websocket ...)
NOT-FOR-US: Cesanta Mongoose
TODO: check smplayer, embeds it
CVE-2017-2920 (An memory corruption vulnerability exists in the .SVG parsing
...)
@@ -40986,24 +40994,23 @@
RESERVED
CVE-2017-2918
RESERVED
-CVE-2017-2917
- RESERVED
-CVE-2017-2916
- RESERVED
-CVE-2017-2915
- RESERVED
-CVE-2017-2914
- RESERVED
-CVE-2017-2913
- RESERVED
-CVE-2017-2912
- RESERVED
-CVE-2017-2911
- RESERVED
+CVE-2017-2917 (An exploitable vulnerability exists in the notifications
functionality ...)
+ TODO: check
+CVE-2017-2916 (An exploitable vulnerability exists in the /api/CONFIG/restore
...)
+ TODO: check
+CVE-2017-2915 (An exploitable vulnerability exists in the WiFi configuration
...)
+ TODO: check
+CVE-2017-2914 (An exploitable authentication bypass vulnerability exists in
the API ...)
+ TODO: check
+CVE-2017-2913 (An exploitable vulnerability exists in the filtering
functionality of ...)
+ TODO: check
+CVE-2017-2912 (An exploitable vulnerability exists in the remote control ...)
+ TODO: check
+CVE-2017-2911 (An exploitable vulnerability exists in the remote control ...)
+ TODO: check
CVE-2017-2910
RESERVED
-CVE-2017-2909
- RESERVED
+CVE-2017-2909 (An infinite loop programming error exists in the DNS server ...)
NOT-FOR-US: Cesanta Mongoose
TODO: check smplayer, embeds it
CVE-2017-2908
@@ -41026,36 +41033,31 @@
RESERVED
CVE-2017-2899
RESERVED
-CVE-2017-2898
- RESERVED
+CVE-2017-2898 (An exploitable vulnerability exists in the signature
verification of ...)
+ TODO: check
CVE-2017-2897
RESERVED
CVE-2017-2896
RESERVED
-CVE-2017-2895
- RESERVED
+CVE-2017-2895 (An exploitable arbitrary memory read vulnerability exists in
the MQTT ...)
NOT-FOR-US: Cesanta Mongoose
TODO: check smplayer, embeds it
-CVE-2017-2894
- RESERVED
+CVE-2017-2894 (An exploitable stack buffer overflow vulnerability exists in
the MQTT ...)
NOT-FOR-US: Cesanta Mongoose
TODO: check smplayer, embeds it
-CVE-2017-2893
- RESERVED
+CVE-2017-2893 (An exploitable NULL pointer dereference vulnerability exists in
the ...)
NOT-FOR-US: Cesanta Mongoose
TODO: check smplayer, embeds it
-CVE-2017-2892
- RESERVED
+CVE-2017-2892 (An exploitable arbitrary memory read vulnerability exists in
the MQTT ...)
NOT-FOR-US: Cesanta Mongoose
TODO: check smplayer, embeds it
-CVE-2017-2891
- RESERVED
+CVE-2017-2891 (An exploitable use-after-free vulnerability exists in the HTTP
server ...)
NOT-FOR-US: Cesanta Mongoose
TODO: check smplayer, embeds it
-CVE-2017-2890
- RESERVED
-CVE-2017-2889
- RESERVED
+CVE-2017-2890 (An exploitable vulnerability exists in the /api/CONFIG/restore
...)
+ TODO: check
+CVE-2017-2889 (An exploitable Denial of Service vulnerability exists in the
API ...)
+ TODO: check
CVE-2017-2888 (An exploitable integer overflow vulnerability exists when
creating a ...)
- libsdl2 2.0.6+dfsg1-4 (bug #878264)
[stretch] - libsdl2 <no-dsa> (Minor issue)
@@ -41082,14 +41084,14 @@
- libsoup2.4 2.56.1-1 (bug #871650)
[wheezy] - libsoup2.4 <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=785774
-CVE-2017-2884
- RESERVED
-CVE-2017-2883
- RESERVED
-CVE-2017-2882
- RESERVED
-CVE-2017-2881
- RESERVED
+CVE-2017-2884 (An exploitable vulnerability exists in the user photo update
...)
+ TODO: check
+CVE-2017-2883 (An exploitable vulnerability exists in the database update ...)
+ TODO: check
+CVE-2017-2882 (An exploitable vulnerability exists in the servers update ...)
+ TODO: check
+CVE-2017-2881 (An exploitable vulnerability exists in the torlist update ...)
+ TODO: check
CVE-2017-2880 (An memory corruption vulnerability exists in the .GIF parsing
...)
NOT-FOR-US: Computerinsel Photoline
CVE-2017-2879
@@ -41122,12 +41124,12 @@
RESERVED
CVE-2017-2867
RESERVED
-CVE-2017-2866
- RESERVED
-CVE-2017-2865
- RESERVED
-CVE-2017-2864
- RESERVED
+CVE-2017-2866 (An exploitable vulnerability exists in the /api/CONFIG/backup
...)
+ TODO: check
+CVE-2017-2865 (An exploitable vulnerability exists in the firmware update ...)
+ TODO: check
+CVE-2017-2864 (An exploitable vulnerability exists in the generation of ...)
+ TODO: check
CVE-2017-2863 (An out-of-bounds write vulnerability exists in the PDF parsing
...)
NOT-FOR-US: Iceni Infix
CVE-2017-2862 (An exploitable heap overflow vulnerability exists in the ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
