Author: sectracker Date: 2017-11-09 21:10:15 +0000 (Thu, 09 Nov 2017) New Revision: 57513
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-11-09 20:53:15 UTC (rev 57512) +++ data/CVE/list 2017-11-09 21:10:15 UTC (rev 57513) @@ -1,3 +1,161 @@ +CVE-2017-16756 + RESERVED +CVE-2017-16755 + RESERVED +CVE-2017-16754 (Bolt before 3.3.6 does not properly restrict access to _profiler ...) + TODO: check +CVE-2017-16753 + RESERVED +CVE-2017-16752 + RESERVED +CVE-2017-16751 + RESERVED +CVE-2017-16750 + RESERVED +CVE-2017-16749 + RESERVED +CVE-2017-16748 + RESERVED +CVE-2017-16747 + RESERVED +CVE-2017-16746 + RESERVED +CVE-2017-16745 + RESERVED +CVE-2017-16744 + RESERVED +CVE-2017-16743 + RESERVED +CVE-2017-16742 + RESERVED +CVE-2017-16741 + RESERVED +CVE-2017-16740 + RESERVED +CVE-2017-16739 + RESERVED +CVE-2017-16738 + RESERVED +CVE-2017-16737 + RESERVED +CVE-2017-16736 + RESERVED +CVE-2017-16735 + RESERVED +CVE-2017-16734 + RESERVED +CVE-2017-16733 + RESERVED +CVE-2017-16732 + RESERVED +CVE-2017-16731 + RESERVED +CVE-2017-16730 + RESERVED +CVE-2017-16729 + RESERVED +CVE-2017-16728 + RESERVED +CVE-2017-16727 + RESERVED +CVE-2017-16726 + RESERVED +CVE-2017-16725 + RESERVED +CVE-2017-16724 + RESERVED +CVE-2017-16723 + RESERVED +CVE-2017-16722 + RESERVED +CVE-2017-16721 + RESERVED +CVE-2017-16720 + RESERVED +CVE-2017-16719 + RESERVED +CVE-2017-16718 + RESERVED +CVE-2017-16717 + RESERVED +CVE-2017-16716 + RESERVED +CVE-2017-16715 + RESERVED +CVE-2017-16714 + RESERVED +CVE-2017-16713 + RESERVED +CVE-2017-16712 + RESERVED +CVE-2017-16711 (The swf_DefineLosslessBitsTagToImage function in lib/modules/swfbits.c ...) + TODO: check +CVE-2017-16710 + RESERVED +CVE-2017-16709 + RESERVED +CVE-2017-16708 + RESERVED +CVE-2017-16707 + RESERVED +CVE-2017-16706 + RESERVED +CVE-2017-16705 + RESERVED +CVE-2017-16704 + RESERVED +CVE-2017-16703 + RESERVED +CVE-2017-16702 + RESERVED +CVE-2017-16701 + RESERVED +CVE-2017-16700 + RESERVED +CVE-2017-16699 + RESERVED +CVE-2017-16698 + RESERVED +CVE-2017-16697 + RESERVED +CVE-2017-16696 + RESERVED +CVE-2017-16695 + RESERVED +CVE-2017-16694 + RESERVED +CVE-2017-16693 + RESERVED +CVE-2017-16692 + RESERVED +CVE-2017-16691 + RESERVED +CVE-2017-16690 + RESERVED +CVE-2017-16689 + RESERVED +CVE-2017-16688 + RESERVED +CVE-2017-16687 + RESERVED +CVE-2017-16686 + RESERVED +CVE-2017-16685 + RESERVED +CVE-2017-16684 + RESERVED +CVE-2017-16683 + RESERVED +CVE-2017-16682 + RESERVED +CVE-2017-16681 + RESERVED +CVE-2017-16680 + RESERVED +CVE-2017-16679 + RESERVED +CVE-2017-16678 + RESERVED CVE-2017-16677 RESERVED CVE-2017-16676 @@ -65,8 +223,8 @@ RESERVED CVE-2017-16652 RESERVED -CVE-2017-16651 [file disclosure vulnerabliity] - RESERVED +CVE-2017-16651 (Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before ...) + {DSA-4030-1} - roundcube 1.3.3+dfsg.1-1 NOTE: master: https://github.com/roundcube/roundcubemail/commit/2a32f51c91d5e9c7b1a9d931846dd44c008ff36d NOTE: release-1.3: https://github.com/roundcube/roundcubemail/commit/c90ad5a97784fb32683b8e3c21d6c95baab6d806 @@ -124,10 +282,10 @@ NOT-FOR-US: Bludit CVE-2017-16635 (In TinyWebGallery v2.4, an XSS vulnerability is located in the ...) NOT-FOR-US: TinyWebGallery -CVE-2017-16634 - RESERVED -CVE-2017-16633 - RESERVED +CVE-2017-16634 (In Joomla! before 3.8.2, a bug allowed third parties to bypass a ...) + TODO: check +CVE-2017-16633 (In Joomla! before 3.8.2, a logic bug in com_fields exposed read-only ...) + TODO: check CVE-2017-16632 RESERVED CVE-2017-16631 @@ -256,10 +414,10 @@ NOT-FOR-US: KeystoneJS CVE-2017-16569 (An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018 via an ...) NOT-FOR-US: Zurmo -CVE-2017-16568 - RESERVED -CVE-2017-16567 - RESERVED +CVE-2017-16568 (Cross-site scripting (XSS) vulnerability in Logitech Media Server ...) + TODO: check +CVE-2017-16567 (Cross-site scripting (XSS) vulnerability in Logitech Media Server ...) + TODO: check CVE-2017-16566 RESERVED CVE-2017-16565 (Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage ...) @@ -268,8 +426,8 @@ NOT-FOR-US: Vonage CVE-2017-16563 (Cross-Site Request Forgery (CSRF) in the Basic Settings screen on ...) NOT-FOR-US: Vonage -CVE-2017-16562 - RESERVED +CVE-2017-16562 (The UserPro plugin before 4.9.17.1 for WordPress, when used on a site ...) + TODO: check CVE-2017-16561 (/view/friend_profile.php in Ingenious School Management System 2.3.0 is ...) NOT-FOR-US: Ingenious School Management System CVE-2017-16560 @@ -1025,8 +1183,8 @@ RESERVED CVE-2017-16250 RESERVED -CVE-2017-16249 - RESERVED +CVE-2017-16249 (The Debut embedded http server 1.20 contains a remotely exploitable ...) + TODO: check CVE-2017-16247 RESERVED CVE-2017-16246 @@ -2042,15 +2200,15 @@ CVE-2017-15956 (ConverTo Video Downloader & Converter 1.4.1 allows Arbitrary File ...) NOT-FOR-US: ConverTo Video Downloader CVE-2017-15955 (bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to an ...) - {DLA-1158-1} + {DSA-4026-1 DLA-1158-1} - bchunk 1.2.0-12.1 (bug #880116) NOTE: https://github.com/extramaster/bchunk/issues/4 CVE-2017-15954 (bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a ...) - {DLA-1158-1} + {DSA-4026-1 DLA-1158-1} - bchunk 1.2.0-12.1 (bug #880116) NOTE: https://github.com/extramaster/bchunk/issues/3 CVE-2017-15953 (bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a ...) - {DLA-1158-1} + {DSA-4026-1 DLA-1158-1} - bchunk 1.2.0-12.1 (bug #880116) NOTE: https://github.com/extramaster/bchunk/issues/2 CVE-2017-15952 @@ -2784,8 +2942,8 @@ RESERVED CVE-2017-15639 (tasks/feed/readRSS.cfm in Mura CMS before 6.2 allows attackers to ...) NOT-FOR-US: Mura CMS -CVE-2017-15638 - RESERVED +CVE-2017-15638 (The SuSEfirewall2 package before 3.6.312-2.13.1 in SUSE Linux ...) + TODO: check CVE-2012-6707 (WordPress through 4.8.2 uses a weak MD5-based password hashing ...) - wordpress <unfixed> (bug #880868) NOTE: https://core.trac.wordpress.org/ticket/21022 @@ -4160,12 +4318,14 @@ - foreman <itp> (bug #663101) CVE-2017-15099 RESERVED + {DSA-4028-1} - postgresql-10 10.1-1 - postgresql-9.6 <unfixed> - postgresql-9.4 <not-affected> (ON CONFLICT DO UPDATE and RLS introduced in 9.5) - postgresql-9.1 <not-affected> (ON CONFLICT DO UPDATE and RLS introduced in 9.5) CVE-2017-15098 RESERVED + {DSA-4028-1 DSA-4027-1} - postgresql-10 10.1-1 - postgresql-9.6 <unfixed> - postgresql-9.4 <removed> @@ -10062,8 +10222,8 @@ NOT-FOR-US: Apache2Triad CVE-2017-12970 (Cross-site request forgery (CSRF) vulnerability in Apache2Triad 1.5.4 ...) NOT-FOR-US: Apache2Triad -CVE-2017-12969 - RESERVED +CVE-2017-12969 (Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in ...) + TODO: check CVE-2017-12968 RESERVED CVE-2017-12967 (The getsym function in tekhex.c in the Binary File Descriptor (BFD) ...) @@ -11087,14 +11247,14 @@ RESERVED CVE-2017-12804 RESERVED -CVE-2017-12803 - RESERVED -CVE-2017-12802 - RESERVED -CVE-2017-12801 - RESERVED -CVE-2017-12800 - RESERVED +CVE-2017-12803 (The Node_ValidatePtr function in corec/corec/node/node.c in mkclean ...) + TODO: check +CVE-2017-12802 (The EBML_IntegerValue function in ebmlnumber.c in libebml2 through ...) + TODO: check +CVE-2017-12801 (The UpdateDataSize function in ebmlmaster.c in libebml2 through ...) + TODO: check +CVE-2017-12800 (The EBML_FindNextElement function in ebmlmain.c in libebml2 through ...) + TODO: check CVE-2016-10405 (Session fixation vulnerability in D-Link DIR-600L routers (rev. Ax) ...) NOT-FOR-US: D-Link CVE-2017-12836 (CVS 1.12.x, when configured to use SSH for remote repositories, might ...) @@ -11152,16 +11312,16 @@ NOT-FOR-US: NoviWare CVE-2017-12784 (In Youngzsoft CCFile (aka CC File Transfer) 3.6, by sending a crafted ...) NOT-FOR-US: Youngzsoft CCFile -CVE-2017-12783 - RESERVED -CVE-2017-12782 - RESERVED -CVE-2017-12781 - RESERVED -CVE-2017-12780 - RESERVED -CVE-2017-12779 - RESERVED +CVE-2017-12783 (The ReadDataFloat function in ebmlnumber.c in libebml2 through ...) + TODO: check +CVE-2017-12782 (The ReadData function in ebmlmaster.c in libebml2 through 2012-08-26 ...) + TODO: check +CVE-2017-12781 (The EBML_BufferToID function in ebmlelement.c in libebml2 through ...) + TODO: check +CVE-2017-12780 (The ReadData function in ebmlstring.c in libebml2 through 2012-08-26 ...) + TODO: check +CVE-2017-12779 (The Node_GetData function in corec/corec/node/node.c in mkvalidator ...) + TODO: check CVE-2017-12778 RESERVED CVE-2017-1000112 (Linux kernel: Exploitable memory corruption due to UFO to non-UFO path ...) @@ -14821,8 +14981,8 @@ [wheezy] - krb5 <ignored> (Minor issue, might lead to behaviour changes) NOTE: Fixed by: https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8598 -CVE-2017-11461 - RESERVED +CVE-2017-11461 (NetApp OnCommand Unified Manager for 7-mode (core package) versions ...) + TODO: check CVE-2017-11460 (Cross-site scripting (XSS) vulnerability in the DataArchivingService ...) NOT-FOR-US: SAP CVE-2017-11459 (SAP TREX 7.10 allows remote attackers to (1) read arbitrary files via ...) @@ -15312,8 +15472,8 @@ - imagemagick <not-affected> (Vulnerable code not present, Only affects ImageMagick-7) NOTE: https://github.com/ImageMagick/ImageMagick/issues/517 NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/8ca35831e91c3db8c6d281d09b605001003bec08 -CVE-2017-11309 - RESERVED +CVE-2017-11309 (Buffer overflow in the SoftConsole client in Avaya IP Office before ...) + TODO: check CVE-2017-11308 RESERVED CVE-2017-11307 @@ -19637,8 +19797,8 @@ RESERVED CVE-2017-9759 (SQL Injection exists in admin/index.php in Zenbership 1.0.8 via the ...) NOT-FOR-US: Zenbership -CVE-2017-9758 - RESERVED +CVE-2017-9758 (Savitech driver packages for Windows silently install a self-signed ...) + TODO: check CVE-2017-9757 (IPFire 2.19 has a Remote Command Injection vulnerability in ids.cgi via ...) NOT-FOR-US: IPFire CVE-2017-1000375 (NetBSD maps the run-time link-editor ld.so directly below the stack ...) @@ -22752,6 +22912,7 @@ RESERVED CVE-2017-8806 RESERVED + {DSA-4029-1} - postgresql-common <unfixed> CVE-2017-8805 (Debian ftpsync before 20171017 does not use the rsync --safe-links ...) - archvsync 20171017 @@ -34499,8 +34660,8 @@ CVE-2017-5202 (The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in ...) {DSA-3775-1 DLA-809-1} - tcpdump 4.9.0-1 -CVE-2017-5201 - RESERVED +CVE-2017-5201 (NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allow ...) + TODO: check CVE-2017-5200 (Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, ...) - salt 2016.11.2+ds-1 [jessie] - salt <not-affected> (Vulnerable code not present) @@ -80689,8 +80850,7 @@ CVE-2015-8103 (The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before ...) - jenkins <removed> (bug #804522) NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11 -CVE-2015-7501 [java unserialisation issues] - RESERVED +CVE-2015-7501 (Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data ...) - libcommons-collections3-java 3.2.2-1 (unimportant) [jessie] - libcommons-collections3-java 3.2.1-7+deb8u1 [wheezy] - libcommons-collections3-java 3.2.1-5+deb7u1 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits