Author: sectracker Date: 2017-11-15 09:10:14 +0000 (Wed, 15 Nov 2017) New Revision: 57648
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-11-15 07:19:41 UTC (rev 57647) +++ data/CVE/list 2017-11-15 09:10:14 UTC (rev 57648) @@ -1,3 +1,31 @@ +CVE-2017-16832 (The pe_bfd_read_buildid function in peicode.h in the Binary File ...) + TODO: check +CVE-2017-16831 (coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as ...) + TODO: check +CVE-2017-16830 (The print_gnu_property_note function in readelf.c in GNU Binutils ...) + TODO: check +CVE-2017-16829 (The _bfd_elf_parse_gnu_properties function in elf-properties.c in the ...) + TODO: check +CVE-2017-16828 (The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 ...) + TODO: check +CVE-2017-16827 (The aout_get_external_symbols function in aoutx.h in the Binary File ...) + TODO: check +CVE-2017-16826 (The coff_slurp_line_table function in coffcode.h in the Binary File ...) + TODO: check +CVE-2017-16825 + RESERVED +CVE-2017-16824 + RESERVED +CVE-2017-16823 + RESERVED +CVE-2017-16822 + RESERVED +CVE-2017-16821 (b3log Symphony (aka Sym) 2.2.0 has XSS in processor/AdminProcessor.java ...) + TODO: check +CVE-2017-16819 + RESERVED +CVE-2017-16818 + RESERVED CVE-2017-16817 RESERVED CVE-2017-16816 @@ -4,7 +32,7 @@ RESERVED CVE-2017-16815 (installer.php in the Snap Creek Duplicator (WordPress Site Migration & ...) NOT-FOR-US: Snap Creek Duplicator (WordPress Site Migration & Backup) plugin for WordPress -CVE-2017-16820 [snmp plugin: double free or heap corruption] +CVE-2017-16820 (The csnmp_read_table function in snmp.c in the SNMP plugin in collectd ...) - collectd <unfixed> (bug #881757) NOTE: https://github.com/collectd/collectd/issues/2291 CVE-2017-16814 @@ -11665,12 +11693,12 @@ RESERVED CVE-2017-12740 RESERVED -CVE-2017-12739 - RESERVED -CVE-2017-12738 - RESERVED -CVE-2017-12737 - RESERVED +CVE-2017-12739 (An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with ...) + TODO: check +CVE-2017-12738 (An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with ...) + TODO: check +CVE-2017-12737 (An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with ...) + TODO: check CVE-2017-12736 RESERVED CVE-2017-12735 (A vulnerability has been identified in Siemens LOGO! devices. An ...) @@ -13869,122 +13897,122 @@ RESERVED CVE-2017-11885 RESERVED -CVE-2017-11884 - RESERVED -CVE-2017-11883 - RESERVED -CVE-2017-11882 - RESERVED +CVE-2017-11884 (Microsoft Excel 2016 Click-to-Run (C2R) allows an attacker to run ...) + TODO: check +CVE-2017-11883 (.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to ...) + TODO: check +CVE-2017-11882 (Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service ...) + TODO: check CVE-2017-11881 RESERVED -CVE-2017-11880 - RESERVED -CVE-2017-11879 - RESERVED -CVE-2017-11878 - RESERVED -CVE-2017-11877 - RESERVED -CVE-2017-11876 - RESERVED +CVE-2017-11880 (Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, ...) + TODO: check +CVE-2017-11879 (ASP.NET Core 2.0 allows an attacker to steal log-in session ...) + TODO: check +CVE-2017-11878 (Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack ...) + TODO: check +CVE-2017-11877 (Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack ...) + TODO: check +CVE-2017-11876 (Microsoft Project Server and Microsoft SharePoint Enterprise Server ...) + TODO: check CVE-2017-11875 RESERVED -CVE-2017-11874 - RESERVED -CVE-2017-11873 - RESERVED -CVE-2017-11872 - RESERVED -CVE-2017-11871 - RESERVED -CVE-2017-11870 - RESERVED -CVE-2017-11869 - RESERVED +CVE-2017-11874 (Microsoft Edge in Microsoft Windows 10 1703, 1709, Windows Server, ...) + TODO: check +CVE-2017-11873 (ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, ...) + TODO: check +CVE-2017-11872 (Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server ...) + TODO: check +CVE-2017-11871 (ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows ...) + TODO: check +CVE-2017-11870 (ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows ...) + TODO: check +CVE-2017-11869 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and ...) + TODO: check CVE-2017-11868 RESERVED CVE-2017-11867 RESERVED -CVE-2017-11866 - RESERVED +CVE-2017-11866 (ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, ...) + TODO: check CVE-2017-11865 RESERVED CVE-2017-11864 RESERVED -CVE-2017-11863 - RESERVED -CVE-2017-11862 - RESERVED -CVE-2017-11861 - RESERVED +CVE-2017-11863 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, ...) + TODO: check +CVE-2017-11862 (ChakraCore and Microsoft Edge in Windows 10 1709 and Windows Server, ...) + TODO: check +CVE-2017-11861 (Microsoft Edge in Windows 10 1607, 1703, 1709, Windows Server 2016 and ...) + TODO: check CVE-2017-11860 RESERVED CVE-2017-11859 RESERVED -CVE-2017-11858 - RESERVED +CVE-2017-11858 (ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows ...) + TODO: check CVE-2017-11857 RESERVED -CVE-2017-11856 - RESERVED -CVE-2017-11855 - RESERVED -CVE-2017-11854 - RESERVED -CVE-2017-11853 - RESERVED -CVE-2017-11852 - RESERVED -CVE-2017-11851 - RESERVED -CVE-2017-11850 - RESERVED -CVE-2017-11849 - RESERVED -CVE-2017-11848 - RESERVED -CVE-2017-11847 - RESERVED -CVE-2017-11846 - RESERVED -CVE-2017-11845 - RESERVED -CVE-2017-11844 - RESERVED -CVE-2017-11843 - RESERVED -CVE-2017-11842 - RESERVED -CVE-2017-11841 - RESERVED -CVE-2017-11840 - RESERVED -CVE-2017-11839 - RESERVED -CVE-2017-11838 - RESERVED -CVE-2017-11837 - RESERVED -CVE-2017-11836 - RESERVED -CVE-2017-11835 - RESERVED -CVE-2017-11834 - RESERVED -CVE-2017-11833 - RESERVED -CVE-2017-11832 - RESERVED -CVE-2017-11831 - RESERVED -CVE-2017-11830 - RESERVED +CVE-2017-11856 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 ...) + TODO: check +CVE-2017-11855 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 ...) + TODO: check +CVE-2017-11854 (Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack ...) + TODO: check +CVE-2017-11853 (Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, ...) + TODO: check +CVE-2017-11852 (Microsoft GDI Component in Windows 7 SP1 and Windows Server 2008 SP2 ...) + TODO: check +CVE-2017-11851 (The Windows kernel component on Windows 7 SP1, Windows Server 2008 SP2 ...) + TODO: check +CVE-2017-11850 (Microsoft Graphics Component in Windows 8.1 and RT 8.1, Windows Server ...) + TODO: check +CVE-2017-11849 (Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, ...) + TODO: check +CVE-2017-11848 (Internet Explorer in Microsoft Microsoft Windows 7 SP1, Windows Server ...) + TODO: check +CVE-2017-11847 (Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, ...) + TODO: check +CVE-2017-11846 (ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows ...) + TODO: check +CVE-2017-11845 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to ...) + TODO: check +CVE-2017-11844 (Microsoft Edge in Microsoft Windows 10 1703, 1709 and Windows Server, ...) + TODO: check +CVE-2017-11843 (ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows ...) + TODO: check +CVE-2017-11842 (Windows kernel in Windows 8.1 and RT 8.1, Server 2012 and R2, Windows ...) + TODO: check +CVE-2017-11841 (ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, ...) + TODO: check +CVE-2017-11840 (ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, ...) + TODO: check +CVE-2017-11839 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows ...) + TODO: check +CVE-2017-11838 (ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows ...) + TODO: check +CVE-2017-11837 (ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows ...) + TODO: check +CVE-2017-11836 (ChakraCore, and Microsoft Edge in Microsoft Windows 10 Gold, 1511, ...) + TODO: check +CVE-2017-11835 (Microsoft graphics in Windows 7 SP1 and Windows Server 2008 SP2 and R2 ...) + TODO: check +CVE-2017-11834 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 ...) + TODO: check +CVE-2017-11833 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, ...) + TODO: check +CVE-2017-11832 (The Microsoft Windows embedded OpenType (EOT) font engine in Windows 7 ...) + TODO: check +CVE-2017-11831 (Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows ...) + TODO: check +CVE-2017-11830 (Device Guard in Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows ...) + TODO: check CVE-2017-11829 (Microsoft Windows 10 allows an elevation of privilege vulnerability ...) NOT-FOR-US: Microsoft CVE-2017-11828 RESERVED -CVE-2017-11827 - RESERVED +CVE-2017-11827 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 ...) + TODO: check CVE-2017-11826 (Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint ...) NOT-FOR-US: Microsoft CVE-2017-11825 (Microsoft Office 2016 Click-to-Run (C2R) and Microsoft Office 2016 for ...) @@ -14031,8 +14059,8 @@ NOT-FOR-US: Microsoft CVE-2017-11804 (ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, ...) NOT-FOR-US: Microsoft -CVE-2017-11803 - RESERVED +CVE-2017-11803 (Microsoft Edge in Microsoft Windows 10 1703, 1709 and Windows Server, ...) + TODO: check CVE-2017-11802 (ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, ...) NOT-FOR-US: Microsoft CVE-2017-11801 (ChakraCore allows an attacker to execute arbitrary code in the context ...) @@ -14055,14 +14083,14 @@ NOT-FOR-US: Microsoft CVE-2017-11792 (ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allow an ...) NOT-FOR-US: Microsoft -CVE-2017-11791 - RESERVED +CVE-2017-11791 (ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows ...) + TODO: check CVE-2017-11790 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 ...) NOT-FOR-US: Microsoft CVE-2017-11789 RESERVED -CVE-2017-11788 - RESERVED +CVE-2017-11788 (Windows Search in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, ...) + TODO: check CVE-2017-11787 RESERVED CVE-2017-11786 (Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business ...) @@ -14097,12 +14125,12 @@ NOT-FOR-US: Microsoft CVE-2017-11771 (The Microsoft Windows Search component on Microsoft Windows Server ...) NOT-FOR-US: Microsoft -CVE-2017-11770 - RESERVED +CVE-2017-11770 (.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to ...) + TODO: check CVE-2017-11769 (The Microsoft Windows TRIE component on Microsoft Windows 10 Gold, ...) NOT-FOR-US: Microsoft -CVE-2017-11768 - RESERVED +CVE-2017-11768 (Windows Media Player in Windows 7 SP1, Windows Server 2008 SP2 and R2 ...) + TODO: check CVE-2017-11767 (ChakraCore allows an attacker to gain the same user rights as the ...) NOT-FOR-US: Microsoft CVE-2017-11766 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and ...) @@ -19105,8 +19133,8 @@ - mysql-5.7 <unfixed> (bug #878398) - mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7) NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL -CVE-2017-10278 - RESERVED +CVE-2017-10278 (Vulnerability in the Oracle Tuxedo component of Oracle Fusion ...) + TODO: check CVE-2017-10277 (Vulnerability in the MySQL Connectors component of Oracle MySQL ...) - mysql-connector-net <unfixed> [wheezy] - mysql-connector-net <no-dsa> (Minor issue) @@ -19125,14 +19153,14 @@ [wheezy] - openjdk-6 <end-of-life> CVE-2017-10273 RESERVED -CVE-2017-10272 - RESERVED +CVE-2017-10272 (Vulnerability in the Oracle Tuxedo component of Oracle Fusion ...) + TODO: check CVE-2017-10271 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2017-10270 (Vulnerability in the Oracle Identity Manager Connector component of ...) NOT-FOR-US: Oracle -CVE-2017-10269 - RESERVED +CVE-2017-10269 (Vulnerability in the Oracle Tuxedo component of Oracle Fusion ...) + TODO: check CVE-2017-10268 (Vulnerability in the MySQL Server component of Oracle MySQL ...) {DSA-4002-1 DLA-1141-1} - mariadb-10.0 <removed> @@ -19140,10 +19168,10 @@ - mysql-5.7 <unfixed> (bug #878398) - mysql-5.5 <removed> (bug #878402) NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL -CVE-2017-10267 - RESERVED -CVE-2017-10266 - RESERVED +CVE-2017-10267 (Vulnerability in the Oracle Tuxedo component of Oracle Fusion ...) + TODO: check +CVE-2017-10266 (Vulnerability in the Oracle Tuxedo component of Oracle Fusion ...) + TODO: check CVE-2017-10265 (Vulnerability in the Oracle Integrated Lights Out Manager (ILOM) ...) NOT-FOR-US: Oracle CVE-2017-10264 (Vulnerability in the Siebel UI Framework component of Oracle Siebel ...) @@ -21171,8 +21199,8 @@ RESERVED CVE-2017-9395 RESERVED -CVE-2017-9394 - RESERVED +CVE-2017-9394 (A stored cross-site scripting vulnerability in CA Identity Governance ...) + TODO: check CVE-2017-9393 (CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote ...) NOT-FOR-US: CA Identity Manager CVE-2017-9392 @@ -21232,12 +21260,12 @@ - qemu-kvm <removed> [wheezy] - qemu-kvm <no-dsa> (Minor issue) NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=d68f0f778e7f4fbd674627274267f269e40f0b04 -CVE-2017-9371 - RESERVED +CVE-2017-9371 (In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 ...) + TODO: check CVE-2017-9370 (An information disclosure / elevation of privilege vulnerability in ...) NOT-FOR-US: BlackBerry -CVE-2017-9369 - RESERVED +CVE-2017-9369 (In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 ...) + TODO: check CVE-2017-9368 (An information disclosure vulnerability in the BlackBerry Workspaces ...) NOT-FOR-US: BlackBerry Workspaces Server CVE-2017-9367 (A directory traversal vulnerability in the BlackBerry Workspaces ...) @@ -23120,34 +23148,27 @@ RESERVED CVE-2017-8816 RESERVED -CVE-2017-8815 - RESERVED +CVE-2017-8815 (The language converter in MediaWiki before 1.27.4, 1.28.x before ...) - mediawiki 1:1.27.4-1 NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html -CVE-2017-8814 - RESERVED +CVE-2017-8814 (The language converter in MediaWiki before 1.27.4, 1.28.x before ...) - mediawiki 1:1.27.4-1 NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html CVE-2017-8813 REJECTED -CVE-2017-8812 - RESERVED +CVE-2017-8812 (MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 ...) - mediawiki 1:1.27.4-1 NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html -CVE-2017-8811 - RESERVED +CVE-2017-8811 (The implementation of raw message parameter expansion in MediaWiki ...) - mediawiki 1:1.27.4-1 NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html -CVE-2017-8810 - RESERVED +CVE-2017-8810 (MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before ...) - mediawiki 1:1.27.4-1 NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html -CVE-2017-8809 - RESERVED +CVE-2017-8809 (api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x ...) - mediawiki 1:1.27.4-1 NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html -CVE-2017-8808 - RESERVED +CVE-2017-8808 (MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 ...) - mediawiki 1:1.27.4-1 NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html CVE-2017-8807 @@ -23442,8 +23463,8 @@ NOT-FOR-US: Microsoft CVE-2017-8701 RESERVED -CVE-2017-8700 - RESERVED +CVE-2017-8700 (ASP.NET Core 1.0, 1.1, and 2.0 allow an attacker to bypass ...) + TODO: check CVE-2017-8699 (Windows Shell in Microsoft Windows 7 SP1, Windows Server 2008 and R2 ...) NOT-FOR-US: Microsoft CVE-2017-8698 @@ -25797,8 +25818,8 @@ NOTE: Fixed by: https://git.savannah.gnu.org/cgit/osip.git/commit/?id=1ae06daf3b2375c34af23083394a6f010be24a45 CVE-2017-7852 (D-Link DCS cameras have a weak/insecure CrossDomain.XML file that ...) NOT-FOR-US: D-Link -CVE-2017-7851 - RESERVED +CVE-2017-7851 (D-Link DCS-936L devices with firmware before 1.05.07 have an inadequate ...) + TODO: check CVE-2016-10326 (In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a ...) {DSA-3879-1 DLA-898-1} - libosip2 4.1.0-2.1 (bug #860287) @@ -38300,12 +38321,12 @@ NOTE: https://github.com/SchedMD/slurm/commit/92362a92fffe60187df61f99ab11c249d44120ee CVE-2017-3894 (A stored cross site scripting vulnerability in the Management Console ...) NOT-FOR-US: BlackBerry -CVE-2017-3893 - RESERVED -CVE-2017-3892 - RESERVED -CVE-2017-3891 - RESERVED +CVE-2017-3893 (In BlackBerry QNX Software Development Platform (SDP) 6.6.0, the ...) + TODO: check +CVE-2017-3892 (In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an ...) + TODO: check +CVE-2017-3891 (In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an ...) + TODO: check CVE-2017-3890 (A reflected cross-site scripting vulnerability in the BlackBerry ...) NOT-FOR-US: BlackBerry CVE-2017-3889 (A vulnerability in the web interface of the Cisco Registered Envelope ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits