[Secure-testing-commits] r57987 - data/CVE

security tracker role Fri, 24 Nov 2017 01:10:38 -0800

Author: sectracker
Date: 2017-11-24 09:10:15 +0000 (Fri, 24 Nov 2017)
New Revision: 57987


Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-11-24 07:08:06 UTC (rev 57986)
+++ data/CVE/list       2017-11-24 09:10:15 UTC (rev 57987)
@@ -1,11 +1,25 @@
-CVE-2017-16932
+CVE-2017-16938 (A global buffer overflow in OptiPNG 0.7.6 allows remote 
attackers to ...)
+       TODO: check
+CVE-2017-16937
+       RESERVED
+CVE-2017-16936 (Directory Traversal vulnerability in app_data_center on 
Shenzhen Tenda ...)
+       TODO: check
+CVE-2017-16935 (Ametys before 4.0.3 requires authentication only for URIs 
containing a ...)
+       TODO: check
+CVE-2017-16934 (The web server on DBL DBLTek devices allows remote attackers 
to execute ...)
+       TODO: check
+CVE-2017-16933 (etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.0 has a 
chown ...)
+       TODO: check
+CVE-2016-10700 (auth_login.php in Cacti before 1.0.0 allows remote 
authenticated users ...)
+       TODO: check
+CVE-2017-16932 (parser.c in libxml2 before 2.9.5 does not prevent infinite 
recursion in ...)
        - libxml2 <unfixed>
        NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=759579
        NOTE: 
https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961
-CVE-2017-16931
+CVE-2017-16931 (parser.c in libxml2 before 2.9.5 mishandles parameter-entity 
references ...)
        - libxml2 2.9.4+dfsg1-3.1
-        [stretch] - libxml2 2.9.4+dfsg1-2.2+deb9u1
-        [jessie] - libxml2 2.9.1+dfsg1-5+deb8u5
+       [stretch] - libxml2 2.9.4+dfsg1-2.2+deb9u1
+       [jessie] - libxml2 2.9.1+dfsg1-5+deb8u5
        NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=766956
        NOTE: 
https://github.com/GNOME/libxml2/commit/e26630548e7d138d2c560844c43820b6767251e3
        NOTE: Not a duplicate but a variant of the issue of CVE-2017-9049 and 
CVE-2017-9050
@@ -1063,6 +1077,7 @@
 CVE-2017-16665 (RemObjects Remoting SDK 9 1.0.0.0 for Delphi is vulnerable to 
a ...)
        NOT-FOR-US: RemObjects Remoting SDK
 CVE-2017-16664 (Code injection exists in Kernel/System/Spelling.pm in Open 
Ticket ...)
+       {DSA-4047-1}
        - otrs2 5.0.24-1 (bug #882370)
        NOTE: 
https://www.otrs.com/security-advisory-2017-07-security-update-otrs-framework/
        NOTE: OTRS 5: 
https://github.com/OTRS/otrs/commit/4c36932d0c42343f21246a107e17a2ebbd9c2c7d
@@ -9548,14 +9563,14 @@
        NOT-FOR-US: Moxa
 CVE-2017-13702 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 
devices. ...)
        NOT-FOR-US: Moxa
-CVE-2017-13701
-       RESERVED
+CVE-2017-13701 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 
devices. ...)
+       TODO: check
 CVE-2017-13700 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 
devices. ...)
        NOT-FOR-US: Moxa
-CVE-2017-13699
-       RESERVED
-CVE-2017-13698
-       RESERVED
+CVE-2017-13699 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 
devices. ...)
+       TODO: check
+CVE-2017-13698 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 
devices. ...)
+       TODO: check
 CVE-2017-13697 (controllers/member/api.php in dayrui FineCms 5.0.11 has XSS 
related to ...)
        NOT-FOR-US: FineCMS
 CVE-2017-13696
@@ -19600,7 +19615,7 @@
 CVE-2017-10389 (Vulnerability in the Oracle Hospitality Suite8 component of 
Oracle ...)
        NOT-FOR-US: Oracle
 CVE-2017-10388 (Vulnerability in the Java SE, Java SE Embedded component of 
Oracle ...)
-       {DSA-4015-1 DLA-1187-1}
+       {DSA-4048-1 DSA-4015-1 DLA-1187-1}
        - openjdk-9 9.0.1+11-1
        - openjdk-8 8u151-b12-1
        [experimental] - openjdk-7 7u151-2.6.11-2
@@ -19685,7 +19700,7 @@
 CVE-2017-10358 (Vulnerability in the Oracle Hyperion Financial Reporting 
component of ...)
        NOT-FOR-US: Oracle
 CVE-2017-10357 (Vulnerability in the Java SE, Java SE Embedded component of 
Oracle ...)
-       {DSA-4015-1 DLA-1187-1}
+       {DSA-4048-1 DSA-4015-1 DLA-1187-1}
        - openjdk-9 9.0.1+11-1
        - openjdk-8 8u151-b12-1
        [experimental] - openjdk-7 7u151-2.6.11-2
@@ -19693,7 +19708,7 @@
        - openjdk-6 <removed>
        [wheezy] - openjdk-6 <end-of-life>
 CVE-2017-10356 (Vulnerability in the Java SE, Java SE Embedded, JRockit 
component of ...)
-       {DSA-4015-1 DLA-1187-1}
+       {DSA-4048-1 DSA-4015-1 DLA-1187-1}
        - openjdk-9 9.0.1+11-1
        - openjdk-8 8u151-b12-1
        [experimental] - openjdk-7 7u151-2.6.11-2
@@ -19701,7 +19716,7 @@
        - openjdk-6 <removed>
        [wheezy] - openjdk-6 <end-of-life>
 CVE-2017-10355 (Vulnerability in the Java SE, Java SE Embedded, JRockit 
component of ...)
-       {DSA-4015-1 DLA-1187-1}
+       {DSA-4048-1 DSA-4015-1 DLA-1187-1}
        - openjdk-9 9.0.1+11-1
        - openjdk-8 8u151-b12-1
        [experimental] - openjdk-7 7u151-2.6.11-2
@@ -19717,13 +19732,13 @@
 CVE-2017-10351 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools 
component of ...)
        NOT-FOR-US: Oracle
 CVE-2017-10350 (Vulnerability in the Java SE, Java SE Embedded component of 
Oracle ...)
-       {DSA-4015-1 DLA-1187-1}
+       {DSA-4048-1 DSA-4015-1 DLA-1187-1}
        - openjdk-9 9.0.1+11-1
        - openjdk-8 8u151-b12-1
        [experimental] - openjdk-7 7u151-2.6.11-2
        - openjdk-7 <removed>
 CVE-2017-10349 (Vulnerability in the Java SE, Java SE Embedded component of 
Oracle ...)
-       {DSA-4015-1 DLA-1187-1}
+       {DSA-4048-1 DSA-4015-1 DLA-1187-1}
        - openjdk-9 9.0.1+11-1
        - openjdk-8 8u151-b12-1
        [experimental] - openjdk-7 7u151-2.6.11-2
@@ -19731,7 +19746,7 @@
        - openjdk-6 <removed>
        [wheezy] - openjdk-6 <end-of-life>
 CVE-2017-10348 (Vulnerability in the Java SE, Java SE Embedded component of 
Oracle ...)
-       {DSA-4015-1 DLA-1187-1}
+       {DSA-4048-1 DSA-4015-1 DLA-1187-1}
        - openjdk-9 9.0.1+11-1
        - openjdk-8 8u151-b12-1
        [experimental] - openjdk-7 7u151-2.6.11-2
@@ -19739,7 +19754,7 @@
        - openjdk-6 <removed>
        [wheezy] - openjdk-6 <end-of-life>
 CVE-2017-10347 (Vulnerability in the Java SE, JRockit component of Oracle Java 
SE ...)
-       {DSA-4015-1 DLA-1187-1}
+       {DSA-4048-1 DSA-4015-1 DLA-1187-1}
        - openjdk-9 9.0.1+11-1
        - openjdk-8 8u151-b12-1
        [experimental] - openjdk-7 7u151-2.6.11-2
@@ -19747,7 +19762,7 @@
        - openjdk-6 <removed>
        [wheezy] - openjdk-6 <end-of-life>
 CVE-2017-10346 (Vulnerability in the Java SE, Java SE Embedded component of 
Oracle ...)
-       {DSA-4015-1 DLA-1187-1}
+       {DSA-4048-1 DSA-4015-1 DLA-1187-1}
        - openjdk-9 9.0.1+11-1
        - openjdk-8 8u151-b12-1
        [experimental] - openjdk-7 7u151-2.6.11-2
@@ -19755,7 +19770,7 @@
        - openjdk-6 <removed>
        [wheezy] - openjdk-6 <end-of-life>
 CVE-2017-10345 (Vulnerability in the Java SE, Java SE Embedded, JRockit 
component of ...)
-       {DSA-4015-1 DLA-1187-1}
+       {DSA-4048-1 DSA-4015-1 DLA-1187-1}
        - openjdk-9 9.0.1+11-1
        - openjdk-8 8u151-b12-1
        [experimental] - openjdk-7 7u151-2.6.11-2
@@ -19872,7 +19887,7 @@
        - mysql-5.5 <not-affected> (Only affects MySQL 5.7)
        NOTE: 
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
 CVE-2017-10295 (Vulnerability in the Java SE, Java SE Embedded, JRockit 
component of ...)
-       {DSA-4015-1 DLA-1187-1}
+       {DSA-4048-1 DSA-4015-1 DLA-1187-1}
        - openjdk-9 9.0.1+11-1
        - openjdk-8 8u151-b12-1
        [experimental] - openjdk-7 7u151-2.6.11-2
@@ -19904,7 +19919,7 @@
        - mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
        NOTE: 
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
 CVE-2017-10285 (Vulnerability in the Java SE, Java SE Embedded component of 
Oracle ...)
-       {DSA-4015-1 DLA-1187-1}
+       {DSA-4048-1 DSA-4015-1 DLA-1187-1}
        - openjdk-9 9.0.1+11-1
        - openjdk-8 8u151-b12-1
        [experimental] - openjdk-7 7u151-2.6.11-2
@@ -19922,7 +19937,7 @@
 CVE-2017-10282
        RESERVED
 CVE-2017-10281 (Vulnerability in the Java SE, Java SE Embedded, JRockit 
component of ...)
-       {DSA-4015-1 DLA-1187-1}
+       {DSA-4048-1 DSA-4015-1 DLA-1187-1}
        - openjdk-9 9.0.1+11-1
        - openjdk-8 8u151-b12-1
        [experimental] - openjdk-7 7u151-2.6.11-2
@@ -19947,7 +19962,7 @@
 CVE-2017-10275 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) 
component of ...)
        NOT-FOR-US: Oracle
 CVE-2017-10274 (Vulnerability in the Java SE component of Oracle Java SE ...)
-       {DSA-4015-1 DLA-1187-1}
+       {DSA-4048-1 DSA-4015-1 DLA-1187-1}
        - openjdk-9 9.0.1+11-1
        - openjdk-8 8u151-b12-1
        [experimental] - openjdk-7 7u151-2.6.11-2
@@ -36126,6 +36141,7 @@
        [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
 CVE-2017-5130
        RESERVED
+       {DLA-1188-1}
        - libxml2 2.9.4+dfsg1-5.1 (bug #880000)
        [stretch] - libxml2 <no-dsa> (Minor issue)
        [jessie] - libxml2 <no-dsa> (Minor issue)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r57987 - data/CVE

Reply via email to