Author: sectracker
Date: 2017-11-15 09:10:14 +0000 (Wed, 15 Nov 2017)
New Revision: 57648
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-11-15 07:19:41 UTC (rev 57647)
+++ data/CVE/list 2017-11-15 09:10:14 UTC (rev 57648)
@@ -1,3 +1,31 @@
+CVE-2017-16832 (The pe_bfd_read_buildid function in peicode.h in the Binary
File ...)
+ TODO: check
+CVE-2017-16831 (coffgen.c in the Binary File Descriptor (BFD) library (aka
libbfd), as ...)
+ TODO: check
+CVE-2017-16830 (The print_gnu_property_note function in readelf.c in GNU
Binutils ...)
+ TODO: check
+CVE-2017-16829 (The _bfd_elf_parse_gnu_properties function in elf-properties.c
in the ...)
+ TODO: check
+CVE-2017-16828 (The display_debug_frames function in dwarf.c in GNU Binutils
2.29.1 ...)
+ TODO: check
+CVE-2017-16827 (The aout_get_external_symbols function in aoutx.h in the
Binary File ...)
+ TODO: check
+CVE-2017-16826 (The coff_slurp_line_table function in coffcode.h in the Binary
File ...)
+ TODO: check
+CVE-2017-16825
+ RESERVED
+CVE-2017-16824
+ RESERVED
+CVE-2017-16823
+ RESERVED
+CVE-2017-16822
+ RESERVED
+CVE-2017-16821 (b3log Symphony (aka Sym) 2.2.0 has XSS in
processor/AdminProcessor.java ...)
+ TODO: check
+CVE-2017-16819
+ RESERVED
+CVE-2017-16818
+ RESERVED
CVE-2017-16817
RESERVED
CVE-2017-16816
@@ -4,7 +32,7 @@
RESERVED
CVE-2017-16815 (installer.php in the Snap Creek Duplicator (WordPress Site
Migration & ...)
NOT-FOR-US: Snap Creek Duplicator (WordPress Site Migration & Backup)
plugin for WordPress
-CVE-2017-16820 [snmp plugin: double free or heap corruption]
+CVE-2017-16820 (The csnmp_read_table function in snmp.c in the SNMP plugin in
collectd ...)
- collectd <unfixed> (bug #881757)
NOTE: https://github.com/collectd/collectd/issues/2291
CVE-2017-16814
@@ -11665,12 +11693,12 @@
RESERVED
CVE-2017-12740
RESERVED
-CVE-2017-12739
- RESERVED
-CVE-2017-12738
- RESERVED
-CVE-2017-12737
- RESERVED
+CVE-2017-12739 (An issue was discovered on Siemens SICAM RTUs SM-2556 COM
Modules with ...)
+ TODO: check
+CVE-2017-12738 (An issue was discovered on Siemens SICAM RTUs SM-2556 COM
Modules with ...)
+ TODO: check
+CVE-2017-12737 (An issue was discovered on Siemens SICAM RTUs SM-2556 COM
Modules with ...)
+ TODO: check
CVE-2017-12736
RESERVED
CVE-2017-12735 (A vulnerability has been identified in Siemens LOGO! devices.
An ...)
@@ -13869,122 +13897,122 @@
RESERVED
CVE-2017-11885
RESERVED
-CVE-2017-11884
- RESERVED
-CVE-2017-11883
- RESERVED
-CVE-2017-11882
- RESERVED
+CVE-2017-11884 (Microsoft Excel 2016 Click-to-Run (C2R) allows an attacker to
run ...)
+ TODO: check
+CVE-2017-11883 (.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker
to ...)
+ TODO: check
+CVE-2017-11882 (Microsoft Office 2007 Service Pack 3, Microsoft Office 2010
Service ...)
+ TODO: check
CVE-2017-11881
RESERVED
-CVE-2017-11880
- RESERVED
-CVE-2017-11879
- RESERVED
-CVE-2017-11878
- RESERVED
-CVE-2017-11877
- RESERVED
-CVE-2017-11876
- RESERVED
+CVE-2017-11880 (Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and
R2 SP1, ...)
+ TODO: check
+CVE-2017-11879 (ASP.NET Core 2.0 allows an attacker to steal log-in session
...)
+ TODO: check
+CVE-2017-11878 (Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010
Service Pack ...)
+ TODO: check
+CVE-2017-11877 (Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010
Service Pack ...)
+ TODO: check
+CVE-2017-11876 (Microsoft Project Server and Microsoft SharePoint Enterprise
Server ...)
+ TODO: check
CVE-2017-11875
RESERVED
-CVE-2017-11874
- RESERVED
-CVE-2017-11873
- RESERVED
-CVE-2017-11872
- RESERVED
-CVE-2017-11871
- RESERVED
-CVE-2017-11870
- RESERVED
-CVE-2017-11869
- RESERVED
+CVE-2017-11874 (Microsoft Edge in Microsoft Windows 10 1703, 1709, Windows
Server, ...)
+ TODO: check
+CVE-2017-11873 (ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703,
1709, ...)
+ TODO: check
+CVE-2017-11872 (Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows
Server ...)
+ TODO: check
+CVE-2017-11871 (ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and
Windows ...)
+ TODO: check
+CVE-2017-11870 (ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and
Windows ...)
+ TODO: check
+CVE-2017-11869 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server
2008 and ...)
+ TODO: check
CVE-2017-11868
RESERVED
CVE-2017-11867
RESERVED
-CVE-2017-11866
- RESERVED
+CVE-2017-11866 (ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607,
1703, ...)
+ TODO: check
CVE-2017-11865
RESERVED
CVE-2017-11864
RESERVED
-CVE-2017-11863
- RESERVED
-CVE-2017-11862
- RESERVED
-CVE-2017-11861
- RESERVED
+CVE-2017-11863 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703,
1709, ...)
+ TODO: check
+CVE-2017-11862 (ChakraCore and Microsoft Edge in Windows 10 1709 and Windows
Server, ...)
+ TODO: check
+CVE-2017-11861 (Microsoft Edge in Windows 10 1607, 1703, 1709, Windows Server
2016 and ...)
+ TODO: check
CVE-2017-11860
RESERVED
CVE-2017-11859
RESERVED
-CVE-2017-11858
- RESERVED
+CVE-2017-11858 (ChakraCore and Internet Explorer in Microsoft Windows 7 SP1,
Windows ...)
+ TODO: check
CVE-2017-11857
RESERVED
-CVE-2017-11856
- RESERVED
-CVE-2017-11855
- RESERVED
-CVE-2017-11854
- RESERVED
-CVE-2017-11853
- RESERVED
-CVE-2017-11852
- RESERVED
-CVE-2017-11851
- RESERVED
-CVE-2017-11850
- RESERVED
-CVE-2017-11849
- RESERVED
-CVE-2017-11848
- RESERVED
-CVE-2017-11847
- RESERVED
-CVE-2017-11846
- RESERVED
-CVE-2017-11845
- RESERVED
-CVE-2017-11844
- RESERVED
-CVE-2017-11843
- RESERVED
-CVE-2017-11842
- RESERVED
-CVE-2017-11841
- RESERVED
-CVE-2017-11840
- RESERVED
-CVE-2017-11839
- RESERVED
-CVE-2017-11838
- RESERVED
-CVE-2017-11837
- RESERVED
-CVE-2017-11836
- RESERVED
-CVE-2017-11835
- RESERVED
-CVE-2017-11834
- RESERVED
-CVE-2017-11833
- RESERVED
-CVE-2017-11832
- RESERVED
-CVE-2017-11831
- RESERVED
-CVE-2017-11830
- RESERVED
+CVE-2017-11856 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server
2008 SP2 ...)
+ TODO: check
+CVE-2017-11855 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server
2008 SP2 ...)
+ TODO: check
+CVE-2017-11854 (Microsoft Word 2007 Service Pack 3, Microsoft Word 2010
Service Pack ...)
+ TODO: check
+CVE-2017-11853 (Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and
R2 SP1, ...)
+ TODO: check
+CVE-2017-11852 (Microsoft GDI Component in Windows 7 SP1 and Windows Server
2008 SP2 ...)
+ TODO: check
+CVE-2017-11851 (The Windows kernel component on Windows 7 SP1, Windows Server
2008 SP2 ...)
+ TODO: check
+CVE-2017-11850 (Microsoft Graphics Component in Windows 8.1 and RT 8.1,
Windows Server ...)
+ TODO: check
+CVE-2017-11849 (Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and
R2 SP1, ...)
+ TODO: check
+CVE-2017-11848 (Internet Explorer in Microsoft Microsoft Windows 7 SP1,
Windows Server ...)
+ TODO: check
+CVE-2017-11847 (Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and
R2 SP1, ...)
+ TODO: check
+CVE-2017-11846 (ChakraCore and Internet Explorer in Microsoft Windows 7 SP1,
Windows ...)
+ TODO: check
+CVE-2017-11845 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker
to ...)
+ TODO: check
+CVE-2017-11844 (Microsoft Edge in Microsoft Windows 10 1703, 1709 and Windows
Server, ...)
+ TODO: check
+CVE-2017-11843 (ChakraCore and Internet Explorer in Microsoft Windows 7 SP1,
Windows ...)
+ TODO: check
+CVE-2017-11842 (Windows kernel in Windows 8.1 and RT 8.1, Server 2012 and R2,
Windows ...)
+ TODO: check
+CVE-2017-11841 (ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607,
1703, ...)
+ TODO: check
+CVE-2017-11840 (ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607,
1703, ...)
+ TODO: check
+CVE-2017-11839 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709,
Windows ...)
+ TODO: check
+CVE-2017-11838 (ChakraCore and Internet Explorer in Microsoft Windows 7 SP1,
Windows ...)
+ TODO: check
+CVE-2017-11837 (ChakraCore and Internet Explorer in Microsoft Windows 7 SP1,
Windows ...)
+ TODO: check
+CVE-2017-11836 (ChakraCore, and Microsoft Edge in Microsoft Windows 10 Gold,
1511, ...)
+ TODO: check
+CVE-2017-11835 (Microsoft graphics in Windows 7 SP1 and Windows Server 2008
SP2 and R2 ...)
+ TODO: check
+CVE-2017-11834 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server
2008 SP2 ...)
+ TODO: check
+CVE-2017-11833 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703,
1709, ...)
+ TODO: check
+CVE-2017-11832 (The Microsoft Windows embedded OpenType (EOT) font engine in
Windows 7 ...)
+ TODO: check
+CVE-2017-11831 (Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1,
Windows ...)
+ TODO: check
+CVE-2017-11830 (Device Guard in Windows 10 Gold, 1511, 1607, 1703, and 1709,
Windows ...)
+ TODO: check
CVE-2017-11829 (Microsoft Windows 10 allows an elevation of privilege
vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2017-11828
RESERVED
-CVE-2017-11827
- RESERVED
+CVE-2017-11827 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server
2008 R2 ...)
+ TODO: check
CVE-2017-11826 (Microsoft Office 2010, SharePoint Enterprise Server 2010,
SharePoint ...)
NOT-FOR-US: Microsoft
CVE-2017-11825 (Microsoft Office 2016 Click-to-Run (C2R) and Microsoft Office
2016 for ...)
@@ -14031,8 +14059,8 @@
NOT-FOR-US: Microsoft
CVE-2017-11804 (ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold,
1511, ...)
NOT-FOR-US: Microsoft
-CVE-2017-11803
- RESERVED
+CVE-2017-11803 (Microsoft Edge in Microsoft Windows 10 1703, 1709 and Windows
Server, ...)
+ TODO: check
CVE-2017-11802 (ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold,
1511, ...)
NOT-FOR-US: Microsoft
CVE-2017-11801 (ChakraCore allows an attacker to execute arbitrary code in the
context ...)
@@ -14055,14 +14083,14 @@
NOT-FOR-US: Microsoft
CVE-2017-11792 (ChakraCore and Microsoft Edge in Microsoft Windows 10 1703
allow an ...)
NOT-FOR-US: Microsoft
-CVE-2017-11791
- RESERVED
+CVE-2017-11791 (ChakraCore and Internet Explorer in Microsoft Windows 7 SP1,
Windows ...)
+ TODO: check
CVE-2017-11790 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server
2008 SP2 ...)
NOT-FOR-US: Microsoft
CVE-2017-11789
RESERVED
-CVE-2017-11788
- RESERVED
+CVE-2017-11788 (Windows Search in Windows 7 SP1, Windows Server 2008 SP2 and
R2 SP1, ...)
+ TODO: check
CVE-2017-11787
RESERVED
CVE-2017-11786 (Skype for Business in Microsoft Lync 2013 SP1 and Skype for
Business ...)
@@ -14097,12 +14125,12 @@
NOT-FOR-US: Microsoft
CVE-2017-11771 (The Microsoft Windows Search component on Microsoft Windows
Server ...)
NOT-FOR-US: Microsoft
-CVE-2017-11770
- RESERVED
+CVE-2017-11770 (.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker
to ...)
+ TODO: check
CVE-2017-11769 (The Microsoft Windows TRIE component on Microsoft Windows 10
Gold, ...)
NOT-FOR-US: Microsoft
-CVE-2017-11768
- RESERVED
+CVE-2017-11768 (Windows Media Player in Windows 7 SP1, Windows Server 2008 SP2
and R2 ...)
+ TODO: check
CVE-2017-11767 (ChakraCore allows an attacker to gain the same user rights as
the ...)
NOT-FOR-US: Microsoft
CVE-2017-11766 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703,
and ...)
@@ -19105,8 +19133,8 @@
- mysql-5.7 <unfixed> (bug #878398)
- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
NOTE:
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
-CVE-2017-10278
- RESERVED
+CVE-2017-10278 (Vulnerability in the Oracle Tuxedo component of Oracle Fusion
...)
+ TODO: check
CVE-2017-10277 (Vulnerability in the MySQL Connectors component of Oracle
MySQL ...)
- mysql-connector-net <unfixed>
[wheezy] - mysql-connector-net <no-dsa> (Minor issue)
@@ -19125,14 +19153,14 @@
[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10273
RESERVED
-CVE-2017-10272
- RESERVED
+CVE-2017-10272 (Vulnerability in the Oracle Tuxedo component of Oracle Fusion
...)
+ TODO: check
CVE-2017-10271 (Vulnerability in the Oracle WebLogic Server component of
Oracle Fusion ...)
NOT-FOR-US: Oracle
CVE-2017-10270 (Vulnerability in the Oracle Identity Manager Connector
component of ...)
NOT-FOR-US: Oracle
-CVE-2017-10269
- RESERVED
+CVE-2017-10269 (Vulnerability in the Oracle Tuxedo component of Oracle Fusion
...)
+ TODO: check
CVE-2017-10268 (Vulnerability in the MySQL Server component of Oracle MySQL
...)
{DSA-4002-1 DLA-1141-1}
- mariadb-10.0 <removed>
@@ -19140,10 +19168,10 @@
- mysql-5.7 <unfixed> (bug #878398)
- mysql-5.5 <removed> (bug #878402)
NOTE:
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
-CVE-2017-10267
- RESERVED
-CVE-2017-10266
- RESERVED
+CVE-2017-10267 (Vulnerability in the Oracle Tuxedo component of Oracle Fusion
...)
+ TODO: check
+CVE-2017-10266 (Vulnerability in the Oracle Tuxedo component of Oracle Fusion
...)
+ TODO: check
CVE-2017-10265 (Vulnerability in the Oracle Integrated Lights Out Manager
(ILOM) ...)
NOT-FOR-US: Oracle
CVE-2017-10264 (Vulnerability in the Siebel UI Framework component of Oracle
Siebel ...)
@@ -21171,8 +21199,8 @@
RESERVED
CVE-2017-9395
RESERVED
-CVE-2017-9394
- RESERVED
+CVE-2017-9394 (A stored cross-site scripting vulnerability in CA Identity
Governance ...)
+ TODO: check
CVE-2017-9393 (CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows
remote ...)
NOT-FOR-US: CA Identity Manager
CVE-2017-9392
@@ -21232,12 +21260,12 @@
- qemu-kvm <removed>
[wheezy] - qemu-kvm <no-dsa> (Minor issue)
NOTE: Fixed by:
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=d68f0f778e7f4fbd674627274267f269e40f0b04
-CVE-2017-9371
- RESERVED
+CVE-2017-9371 (In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and
6.5.0 ...)
+ TODO: check
CVE-2017-9370 (An information disclosure / elevation of privilege
vulnerability in ...)
NOT-FOR-US: BlackBerry
-CVE-2017-9369
- RESERVED
+CVE-2017-9369 (In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and
6.5.0 ...)
+ TODO: check
CVE-2017-9368 (An information disclosure vulnerability in the BlackBerry
Workspaces ...)
NOT-FOR-US: BlackBerry Workspaces Server
CVE-2017-9367 (A directory traversal vulnerability in the BlackBerry
Workspaces ...)
@@ -23120,34 +23148,27 @@
RESERVED
CVE-2017-8816
RESERVED
-CVE-2017-8815
- RESERVED
+CVE-2017-8815 (The language converter in MediaWiki before 1.27.4, 1.28.x
before ...)
- mediawiki 1:1.27.4-1
NOTE:
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html
-CVE-2017-8814
- RESERVED
+CVE-2017-8814 (The language converter in MediaWiki before 1.27.4, 1.28.x
before ...)
- mediawiki 1:1.27.4-1
NOTE:
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html
CVE-2017-8813
REJECTED
-CVE-2017-8812
- RESERVED
+CVE-2017-8812 (MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x
before 1.29.2 ...)
- mediawiki 1:1.27.4-1
NOTE:
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html
-CVE-2017-8811
- RESERVED
+CVE-2017-8811 (The implementation of raw message parameter expansion in
MediaWiki ...)
- mediawiki 1:1.27.4-1
NOTE:
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html
-CVE-2017-8810
- RESERVED
+CVE-2017-8810 (MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x
before ...)
- mediawiki 1:1.27.4-1
NOTE:
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html
-CVE-2017-8809
- RESERVED
+CVE-2017-8809 (api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and
1.29.x ...)
- mediawiki 1:1.27.4-1
NOTE:
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html
-CVE-2017-8808
- RESERVED
+CVE-2017-8808 (MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x
before 1.29.2 ...)
- mediawiki 1:1.27.4-1
NOTE:
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html
CVE-2017-8807
@@ -23442,8 +23463,8 @@
NOT-FOR-US: Microsoft
CVE-2017-8701
RESERVED
-CVE-2017-8700
- RESERVED
+CVE-2017-8700 (ASP.NET Core 1.0, 1.1, and 2.0 allow an attacker to bypass ...)
+ TODO: check
CVE-2017-8699 (Windows Shell in Microsoft Windows 7 SP1, Windows Server 2008
and R2 ...)
NOT-FOR-US: Microsoft
CVE-2017-8698
@@ -25797,8 +25818,8 @@
NOTE: Fixed by:
https://git.savannah.gnu.org/cgit/osip.git/commit/?id=1ae06daf3b2375c34af23083394a6f010be24a45
CVE-2017-7852 (D-Link DCS cameras have a weak/insecure CrossDomain.XML file
that ...)
NOT-FOR-US: D-Link
-CVE-2017-7851
- RESERVED
+CVE-2017-7851 (D-Link DCS-936L devices with firmware before 1.05.07 have an
inadequate ...)
+ TODO: check
CVE-2016-10326 (In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can
lead to a ...)
{DSA-3879-1 DLA-898-1}
- libosip2 4.1.0-2.1 (bug #860287)
@@ -38300,12 +38321,12 @@
NOTE:
https://github.com/SchedMD/slurm/commit/92362a92fffe60187df61f99ab11c249d44120ee
CVE-2017-3894 (A stored cross site scripting vulnerability in the Management
Console ...)
NOT-FOR-US: BlackBerry
-CVE-2017-3893
- RESERVED
-CVE-2017-3892
- RESERVED
-CVE-2017-3891
- RESERVED
+CVE-2017-3893 (In BlackBerry QNX Software Development Platform (SDP) 6.6.0,
the ...)
+ TODO: check
+CVE-2017-3892 (In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an
...)
+ TODO: check
+CVE-2017-3891 (In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an
...)
+ TODO: check
CVE-2017-3890 (A reflected cross-site scripting vulnerability in the
BlackBerry ...)
NOT-FOR-US: BlackBerry
CVE-2017-3889 (A vulnerability in the web interface of the Cisco Registered
Envelope ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
