Author: sectracker Date: 2017-11-13 21:10:16 +0000 (Mon, 13 Nov 2017) New Revision: 57605
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-11-13 19:27:59 UTC (rev 57604) +++ data/CVE/list 2017-11-13 21:10:16 UTC (rev 57605) @@ -1,11 +1,15 @@ -CVE-2017-16804 [Email reminders reveal information about inaccessible issues] +CVE-2017-16803 (In Libav through 11.11 and 12.x through 12.1, the smacker_decode_tree ...) + TODO: check +CVE-2017-16802 (In the sharingGroupPopulateOrganisations function in ...) + TODO: check +CVE-2017-16804 (In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function ...) - redmine <unfixed> [wheezy] - redmine <end-of-life> (Not supported wheezy LTS) NOTE: https://www.redmine.org/issues/25713 (private) NOTE: upstream fixed in 3.2.7, 3.3.4 and 3.4.0 NOTE: https://github.com/redmine/redmine/commit/0f09f161f64f4190a52166675ff380a15b72a8bc -CVE-2017-16801 - RESERVED +CVE-2017-16801 (Cross-site scripting (XSS) vulnerability in Octopus Deploy ...) + TODO: check CVE-2017-16800 RESERVED CVE-2017-16799 (In CMS Made Simple 2.2.3.1, in modules/New/action.addcategory.php, ...) @@ -26,8 +30,8 @@ CVE-2017-16793 (The wav_convert2mono function in lib/wav.c in SWFTools 0.9.2 does not ...) - swftools <unfixed> NOTE: https://github.com/matthiaskramm/swftools/issues/47 -CVE-2017-16792 - RESERVED +CVE-2017-16792 (Stored cross-site scripting (XSS) vulnerability in "geminabox" (Gem in ...) + TODO: check CVE-2017-16791 RESERVED CVE-2017-16790 @@ -5699,8 +5703,8 @@ NOT-FOR-US: EPESI CVE-2017-14712 (In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Phonecall ...) NOT-FOR-US: EPESI -CVE-2017-14711 - RESERVED +CVE-2017-14711 (The Kickbase GmbH "Kickbase Bundesliga Manager" app before 2.2.1 -- aka ...) + TODO: check CVE-2017-14710 RESERVED CVE-2017-14709 @@ -6639,8 +6643,8 @@ RESERVED CVE-2017-14389 RESERVED -CVE-2017-14388 - RESERVED +CVE-2017-14388 (Cloud Foundry Foundation GrootFS release 0.3.x versions prior to 0.30.0 ...) + TODO: check CVE-2017-14387 RESERVED CVE-2017-14386 @@ -7757,16 +7761,16 @@ RESERVED CVE-2017-14025 (An Improper Input Validation issue was discovered in ABB FOX515T ...) NOT-FOR-US: ABB FOX515T -CVE-2017-14024 - RESERVED +CVE-2017-14024 (A Stack-based Buffer Overflow issue was discovered in Schneider ...) + TODO: check CVE-2017-14023 (An Improper Input Validation issue was discovered in Siemens SIMATIC ...) NOT-FOR-US: Siemens CVE-2017-14022 RESERVED CVE-2017-14021 (A Use of Hard-coded Cryptographic Key issue was discovered in Korenix ...) NOT-FOR-US: Korenix -CVE-2017-14020 - RESERVED +CVE-2017-14020 (An Uncontrolled Search Path Element issue was discovered in ...) + TODO: check CVE-2017-14019 (An Unquoted Search Path or Element issue was discovered in Progea ...) NOT-FOR-US: Progea Movicon CVE-2017-14018 @@ -15962,8 +15966,8 @@ {DSA-3914-1 DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-12 (low; bug #868184) NOTE: https://github.com/ImageMagick/ImageMagick/issues/472 -CVE-2017-11169 - RESERVED +CVE-2017-11169 (Privilege Escalation on iBall iB-WRA300N3GT iB-WRA300N3GT_1.1.1 devices ...) + TODO: check CVE-2017-11168 RESERVED CVE-2017-11167 (FineCMS 2.1.0 allows remote attackers to execute arbitrary PHP code by ...) @@ -16966,8 +16970,8 @@ RESERVED CVE-2017-10886 RESERVED -CVE-2017-10885 - RESERVED +CVE-2017-10885 (Untrusted search path vulnerability in HYPER SBI Ver. 2.2 and earlier ...) + TODO: check CVE-2017-10884 RESERVED CVE-2017-10883 @@ -16986,16 +16990,16 @@ RESERVED CVE-2017-10876 RESERVED -CVE-2017-10875 - RESERVED +CVE-2017-10875 (I-O DATA DEVICE LAN DISK Connect Ver2.02 and earlier allows an ...) + TODO: check CVE-2017-10874 RESERVED CVE-2017-10873 (OpenAM (Open Source Edition) allows an attacker to bypass ...) NOT-FOR-US: OpenAM CVE-2017-10872 RESERVED -CVE-2017-10871 - RESERVED +CVE-2017-10871 (Buffer overflow in NTT DOCOMO Wi-Fi STATION L-02F Software version ...) + TODO: check CVE-2017-10870 (Memory corruption vulnerability in Rakuraku Hagaki (Rakuraku Hagaki ...) NOT-FOR-US: Rakuraku Hagaki CVE-2017-10869 @@ -21337,8 +21341,8 @@ RESERVED CVE-2017-9315 RESERVED -CVE-2017-9314 - RESERVED +CVE-2017-9314 (Authentication vulnerability found in Dahua NVR models NVR50XX, ...) + TODO: check CVE-2017-9313 (Multiple Cross-site scripting (XSS) vulnerabilities in Webmin before ...) - webmin <removed> CVE-2017-9312 @@ -23068,8 +23072,7 @@ RESERVED CVE-2017-8807 RESERVED -CVE-2017-8806 - RESERVED +CVE-2017-8806 (The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster ...) {DSA-4029-1 DLA-1169-1} - postgresql-common 188 CVE-2017-8805 (Debian ftpsync before 20171017 does not use the rsync --safe-links ...) @@ -26295,8 +26298,8 @@ NOTE: https://sources.debian.net/data/main/libs/libsndfile/1.0.27-2/debian/patches/fix_bufferoverflows.patch CVE-2017-7740 RESERVED -CVE-2017-7739 - RESERVED +CVE-2017-7739 (A reflected Cross-site Scripting (XSS) vulnerability in web proxy ...) + TODO: check CVE-2017-7738 RESERVED CVE-2017-7737 (An information disclosure vulnerability in Fortinet FortiWeb 5.8.2 and ...) @@ -38498,8 +38501,8 @@ RESERVED CVE-2017-3768 RESERVED -CVE-2017-3767 - RESERVED +CVE-2017-3767 (A local privilege escalation vulnerability was identified in the ...) + TODO: check CVE-2017-3766 RESERVED CVE-2017-3765 @@ -40647,8 +40650,7 @@ CVE-2017-3167 (In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of ...) {DSA-3896-1 DLA-1009-1} - apache2 2.4.25-4 -CVE-2017-3166 - RESERVED +CVE-2017-3166 (In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and ...) - hadoop <itp> (bug #793644) CVE-2017-3165 (In Apache Brooklyn before 0.10.0, the REST server is vulnerable to ...) NOT-FOR-US: Apache Brooklyn @@ -45914,15 +45916,15 @@ CVE-2017-0909 RESERVED CVE-2017-0908 - RESERVED -CVE-2017-0907 - RESERVED -CVE-2017-0906 - RESERVED -CVE-2017-0905 - RESERVED -CVE-2017-0904 - RESERVED + REJECTED +CVE-2017-0907 (The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, ...) + TODO: check +CVE-2017-0906 (The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, ...) + TODO: check +CVE-2017-0905 (The Recurly Client Ruby Library before 2.0.13, 2.1.11, 2.2.5, 2.3.10, ...) + TODO: check +CVE-2017-0904 (The private_address_check ruby gem before 0.4.0 is vulnerable to a ...) + TODO: check CVE-2017-0903 (RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a ...) {DSA-4031-1} - ruby2.3 <unfixed> (bug #879231) @@ -46002,8 +46004,8 @@ - nextcloud <itp> (bug #835086) CVE-2017-0890 (Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping ...) - nextcloud <itp> (bug #835086) -CVE-2017-0889 - RESERVED +CVE-2017-0889 (Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde ...) + TODO: check CVE-2017-0888 (Nextcloud Server before 9.0.55 and 10.0.2 suffers from a ...) - nextcloud <itp> (bug #835086) CVE-2017-0886 (Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Denial of ...) @@ -52458,7 +52460,7 @@ CVE-2016-8235 (Privilege escalation in Lenovo Customer Care Software Development Kit ...) NOT-FOR-US: Lenovo CVE-2016-8234 - RESERVED + REJECTED CVE-2016-8233 (Log files generated by Lenovo XClarity Administrator (LXCA) versions ...) NOT-FOR-US: Lenovo CVE-2016-8232 (Document Object Model-(DOM) based cross-site scripting vulnerability ...) @@ -56956,8 +56958,7 @@ CVE-2016-6804 RESERVED NOT-FOR-US: Apache OpenOffice installer for Windows -CVE-2016-6803 - RESERVED +CVE-2016-6803 (An installer defect known as an "unquoted Windows search path ...) NOT-FOR-US: Apache OpenOffice installer for Windows CVE-2016-6802 (Apache Shiro before 1.3.2 allows attackers to bypass intended servlet ...) - shiro 1.3.2-1 @@ -160650,7 +160651,7 @@ CVE-2012-2457 RESERVED CVE-2012-2456 - RESERVED + REJECTED CVE-2012-2455 (Advanced Productivity Software DTE Axiom before 12.3.3 does not ...) NOT-FOR-US: Advanced Productivity Software DTE Axiom CVE-2012-2454 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits