[Secure-testing-commits] r57910 - data/CVE

security tracker role Tue, 21 Nov 2017 13:10:27 -0800

Author: sectracker
Date: 2017-11-21 21:10:13 +0000 (Tue, 21 Nov 2017)
New Revision: 57910


Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-11-21 20:59:05 UTC (rev 57909)
+++ data/CVE/list       2017-11-21 21:10:13 UTC (rev 57910)
@@ -1,3 +1,15 @@
+CVE-2017-16925
+       RESERVED
+CVE-2017-16924
+       RESERVED
+CVE-2017-16923 (Command Injection vulnerability in app_data_center on Shenzhen 
Tenda ...)
+       TODO: check
+CVE-2017-16922
+       RESERVED
+CVE-2017-16921
+       RESERVED
+CVE-2017-16920 (v5/config/system.php in dayrui FineCms 5.2.0 has a default 
SYS_KEY ...)
+       TODO: check
 CVE-2017-16919 (MapOS 3.1.11 and earlier has a Stored Cross-site Scripting 
(XSS) ...)
        NOT-FOR-US: MapOS
 CVE-2017-16918
@@ -180,7 +192,7 @@
        - xrootd <itp> (bug #687222)
 CVE-2017-1000212 (Elixir's vim plugin, alchemist.vim is vulnerable to remote 
code ...)
        NOT-FOR-US: Elixir's vim plugin
-CVE-2017-1000211 (Lynx version 2.8.8 and older is vulnerable to a use after 
free in the ...)
+CVE-2017-1000211 (Lynx before 2.8.9dev.16 is vulnerable to a use after free in 
the HTML ...)
        {DLA-1175-1}
        - lynx 2.8.9dev16-1
        - lynx-cur <removed>
@@ -260,6 +272,7 @@
        NOTE: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1256
        NOTE: 
https://git.nlnetlabs.nl/ldns/commit/?id=c8391790c96d4c8a2c10f9ab1460fda83b509fc2
 CVE-2017-1000229 (Integer overflow bug in function minitiff_read_info() of 
optipng 0.7.6 ...)
+       {DLA-1184-1}
        - optipng <unfixed> (bug #882032)
        NOTE: https://sourceforge.net/p/optipng/bugs/65/
        NOTE: Proposed patch: 
https://sourceforge.net/p/optipng/bugs/_discuss/thread/2a56b3aa/f6bb/attachment/0001-Prevent-integer-overflow-bug-65-CVE-2017-1000229.patch
@@ -1012,8 +1025,7 @@
        RESERVED
 CVE-2017-16665 (RemObjects Remoting SDK 9 1.0.0.0 for Delphi is vulnerable to 
a ...)
        NOT-FOR-US: RemObjects Remoting SDK
-CVE-2017-16664 [OSA-2017-07]
-       RESERVED
+CVE-2017-16664 (Code injection exists in Kernel/System/Spelling.pm in Open 
Ticket ...)
        - otrs2 <unfixed> (bug #882370)
        NOTE: 
https://www.otrs.com/security-advisory-2017-07-security-update-otrs-framework/
        NOTE: OTRS 5: 
https://github.com/OTRS/otrs/commit/4c36932d0c42343f21246a107e17a2ebbd9c2c7d
@@ -1168,8 +1180,8 @@
        NOT-FOR-US: MLAlchemy
 CVE-2017-16614
        RESERVED
-CVE-2017-16613 [Swift object/proxy server writing swauth Auth Token to log 
file]
-       RESERVED
+CVE-2017-16613 (An issue was discovered in middleware.py in OpenStack Swauth 
through ...)
+       {DSA-4044-1}
        - swauth 1.2.0-4 (bug #882314)
        NOTE: https://bugs.launchpad.net/swift/+bug/1655781
 CVE-2017-16612
@@ -4755,6 +4767,7 @@
        NOT-FOR-US: OpenText Documentum Content Server
 CVE-2017-15275 [Server heap memory information leak]
        RESERVED
+       {DSA-4043-1 DLA-1183-1}
        - samba 2:4.7.1+dfsg-2
        NOTE: https://www.samba.org/samba/security/CVE-2017-15275.html
 CVE-2017-15274 (security/keys/keyctl.c in the Linux kernel before 4.11.5 does 
not ...)
@@ -5412,8 +5425,8 @@
        NOTE: Starting with 3.99.5+repack1-8 libsndfile is used to read the 
input file, marking that as the fixed
        NOTE: version, although the internal lame code was only fixed in 3.100 
(strictly speaking that would be
        NOTE: severity:unimportant for stretch onwards, but we don't have 
suite-specific severity annotations
-CVE-2017-15044
-       RESERVED
+CVE-2017-15044 (The default installation of DocuWare Fulltext Search server 
through ...)
+       TODO: check
 CVE-2017-15043
        RESERVED
 CVE-2017-15042 (An unintended cleartext issue exists in Go before 1.8.4 and 
1.9.x ...)
@@ -6344,6 +6357,7 @@
        RESERVED
 CVE-2017-14746 [Use-after-free vulnerability]
        RESERVED
+       {DSA-4043-1}
        - samba 2:4.7.1+dfsg-2
        [wheezy] - samba <not-affected> (Issue introduced in 4.0.0)
        NOTE: https://www.samba.org/samba/security/CVE-2017-14746.html
@@ -27804,8 +27818,7 @@
 CVE-2017-7551 (389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable 
to ...)
        - 389-ds-base 1.3.6.7-1 (bug #870752)
        NOTE: https://pagure.io/389-ds-base/issue/49336
-CVE-2017-7550
-       RESERVED
+CVE-2017-7550 (A flaw was found in the way Ansible (2.3.x before 2.3.3, and 
2.4.x ...)
        - ansible <unfixed> (unimportant)
        NOTE: Just an insecure example
 CVE-2017-7549 (A flaw was found in instack-undercloud 7.2.0 as packaged in Red 
Hat ...)
@@ -33514,8 +33527,8 @@
        RESERVED
 CVE-2017-5730
        RESERVED
-CVE-2017-5729
-       RESERVED
+CVE-2017-5729 (Frame replay vulnerability in Wi-Fi subsystem in Intel 
Dual-Band and ...)
+       TODO: check
 CVE-2017-5728
        RESERVED
 CVE-2017-5727
@@ -33534,8 +33547,8 @@
        NOT-FOR-US: Intel
 CVE-2017-5720
        RESERVED
-CVE-2017-5719
-       RESERVED
+CVE-2017-5719 (A vulnerability in the Intel Deep Learning Training Tool Beta 1 
allows ...)
+       TODO: check
 CVE-2017-5718
        RESERVED
 CVE-2017-5717
@@ -33548,22 +33561,22 @@
        RESERVED
 CVE-2017-5713
        RESERVED
-CVE-2017-5712
-       RESERVED
-CVE-2017-5711
-       RESERVED
-CVE-2017-5710
-       RESERVED
-CVE-2017-5709
-       RESERVED
-CVE-2017-5708
-       RESERVED
-CVE-2017-5707
-       RESERVED
-CVE-2017-5706
-       RESERVED
-CVE-2017-5705
-       RESERVED
+CVE-2017-5712 (Buffer overflow in Active Management Technology (AMT) in Intel 
...)
+       TODO: check
+CVE-2017-5711 (Multiple buffer overflows in Active Management Technology (AMT) 
in ...)
+       TODO: check
+CVE-2017-5710 (Multiple privilege escalations in kernel in Intel Trusted 
Execution ...)
+       TODO: check
+CVE-2017-5709 (Multiple privilege escalations in kernel in Intel Server 
Platform ...)
+       TODO: check
+CVE-2017-5708 (Multiple privilege escalations in kernel in Intel Manageability 
Engine ...)
+       TODO: check
+CVE-2017-5707 (Multiple buffer overflows in kernel in Intel Trusted Execution 
Engine ...)
+       TODO: check
+CVE-2017-5706 (Multiple buffer overflows in kernel in Intel Server Platform 
Services ...)
+       TODO: check
+CVE-2017-5705 (Multiple buffer overflows in kernel in Intel Manageability 
Engine ...)
+       TODO: check
 CVE-2017-5704
        RESERVED
 CVE-2017-5703
@@ -93567,8 +93580,8 @@
        [jessie] - dolibarr 3.5.5+dfsg1-1+deb8u1
        NOTE: https://github.com/Dolibarr/dolibarr/issues/2857
        NOTE: 
https://github.com/GPCsolutions/dolibarr/commit/a7f6bbd316e9b96216e9b2c7a065c9251c9a8907
-CVE-2015-3934
-       RESERVED
+CVE-2015-3934 (Multiple SQL injection vulnerabilities in Fiyo CMS 2.0_1.9.1 
allow ...)
+       TODO: check
 CVE-2015-3933 (Multiple SQL injection vulnerabilities in 
inc/lib/User.class.php in ...)
        NOT-FOR-US: MetalGenix GeniXCMS
 CVE-2015-3932 (Netlock Mokka before 2.7.8.1204 allows remote attackers to 
perform XML ...)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r57910 - data/CVE

Reply via email to