[Secure-testing-commits] r57939 - data/CVE

security tracker role Wed, 22 Nov 2017 13:11:37 -0800

Author: sectracker
Date: 2017-11-22 21:10:15 +0000 (Wed, 22 Nov 2017)
New Revision: 57939


Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-11-22 20:57:18 UTC (rev 57938)
+++ data/CVE/list       2017-11-22 21:10:15 UTC (rev 57939)
@@ -1047,6 +1047,7 @@
        NOTE: https://github.com/bit-team/backintime/issues/834
        NOTE: 
https://github.com/bit-team/backintime/commit/cef81d0da93ff601252607df3db1a48f7f6f01b3
 CVE-2017-16663 (In sam2p 0.49.4, there are integer overflows (with resultant 
heap-based ...)
+       {DLA-1185-1}
        - sam2p <removed>
        NOTE: https://github.com/pts/sam2p/issues/16
 CVE-2017-16662
@@ -4059,8 +4060,8 @@
        RESERVED
 CVE-2017-15529
        RESERVED
-CVE-2017-15528
-       RESERVED
+CVE-2017-15528 (Prior to v 7.6, the Install Norton Security (INS) product can 
be ...)
+       TODO: check
 CVE-2017-15527 (Prior to ITMS 8.1 RU4, the Symantec Management Console can be 
...)
        NOT-FOR-US: Symantec
 CVE-2017-15526 (Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be 
...)
@@ -5248,15 +5249,13 @@
 CVE-2017-15100
        RESERVED
        - foreman <itp> (bug #663101)
-CVE-2017-15099
-       RESERVED
+CVE-2017-15099 (INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x 
before ...)
        {DSA-4028-1}
        - postgresql-10 10.1-1
        - postgresql-9.6 <unfixed>
        - postgresql-9.4 <not-affected> (ON CONFLICT DO UPDATE and RLS 
introduced in 9.5)
        - postgresql-9.1 <not-affected> (ON CONFLICT DO UPDATE and RLS 
introduced in 9.5)
-CVE-2017-15098
-       RESERVED
+CVE-2017-15098 (Invalid json_populate_recordset or jsonb_populate_recordset 
function ...)
        {DSA-4028-1 DSA-4027-1}
        - postgresql-10 10.1-1
        - postgresql-9.6 <unfixed>
@@ -10857,8 +10856,8 @@
        RESERVED
 CVE-2017-13072
        RESERVED
-CVE-2017-13071
-       RESERVED
+CVE-2017-13071 (QNAP has already patched this vulnerability. This security 
concern ...)
+       TODO: check
 CVE-2017-13070
        RESERVED
 CVE-2017-13069 (QNAP discovered a number of command injection vulnerabilities 
found in ...)
@@ -13848,8 +13847,7 @@
        RESERVED
 CVE-2017-12194
        RESERVED
-CVE-2017-12193
-       RESERVED
+CVE-2017-12193 (The assoc_array_insert_into_terminal_node function in 
lib/assoc_array.c ...)
        - linux 4.13.13-1
        [wheezy] - linux <not-affected> (Vulnerable code introduced in 3.13-rc1)
        NOTE: Fixed by: 
https://git.kernel.org/linus/ea6789980fdaa610d7eb63602c746bf6ec70cd2b (4.14-rc7)
@@ -13861,8 +13859,7 @@
        NOTE: Introduced by: 
https://git.kernel.org/linus/61ea0c0ba904a55f55317d850c1072ff7835ac92 (3.13-rc1)
 CVE-2017-12191
        RESERVED
-CVE-2017-12190 [memory leak when merging buffers in SCSI IO vectors]
-       RESERVED
+CVE-2017-12190 (The bio_map_user_iov and bio_unmap_user functions in 
block/bio.c in the ...)
        - linux 4.13.10-1
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1495089
 CVE-2017-12189
@@ -25984,7 +25981,7 @@
        RESERVED
 CVE-2017-8028
        RESERVED
-       {DLA-1180-1}
+       {DSA-4046-1 DLA-1180-1}
        - libspring-ldap-java <removed>
        NOTE: https://pivotal.io/security/cve-2017-8028
        NOTE: https://github.com/spring-projects/spring-ldap/issues/430
@@ -27240,8 +27237,8 @@
        RESERVED
 CVE-2017-7737 (An information disclosure vulnerability in Fortinet FortiWeb 
5.8.2 and ...)
        NOT-FOR-US: Fortinet
-CVE-2017-7736
-       RESERVED
+CVE-2017-7736 (A stored Cross-site Scripting (XSS) vulnerability in Fortinet 
FortiWeb ...)
+       TODO: check
 CVE-2017-7735 (A Cross-Site Scripting vulnerability in Fortinet FortiOS 
versions ...)
        NOT-FOR-US: Fortinet FortiOS
 CVE-2017-7734 (A Cross-Site Scripting vulnerability in Fortinet FortiOS 
versions ...)
@@ -32364,8 +32361,8 @@
        NOT-FOR-US: F5 BIG-IP
 CVE-2017-6167
        RESERVED
-CVE-2017-6166
-       RESERVED
+CVE-2017-6166 (In BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link 
Controller, ...)
+       TODO: check
 CVE-2017-6165 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link 
...)
        NOT-FOR-US: F5 BIG-IP
 CVE-2017-6164
@@ -52120,7 +52117,7 @@
 CVE-2016-8642 (In Moodle 2.x and 3.x, the question engine allows access to 
files that ...)
        - moodle 2.7.17+dfsg-1
        NOTE: https://moodle.org/mod/forum/discuss.php?d=343275
-CVE-2016-10089 (Nagios 4.2.4 and earlier allows local users to gain root 
privileges ...)
+CVE-2016-10089 (Nagios 4.3.2 and earlier allows local users to gain root 
privileges ...)
        - nagios3 <not-affected> (Vulnerable code not present)
        NOTE: Flaw in upstream damon-init.in. Debian package installs an own 
init-skript.
 CVE-2016-8641


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r57939 - data/CVE

Reply via email to