Author: sectracker
Date: 2017-11-27 21:10:20 +0000 (Mon, 27 Nov 2017)
New Revision: 58059
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-11-27 20:37:03 UTC (rev 58058)
+++ data/CVE/list 2017-11-27 21:10:20 UTC (rev 58059)
@@ -1,3 +1,15 @@
+CVE-2017-1001004 (typed-function before 0.10.6 had an arbitrary code execution
in the ...)
+ TODO: check
+CVE-2017-1001003 (math.js before 3.17.0 had an issue where private properties
such as a ...)
+ TODO: check
+CVE-2017-1001002 (math.js before 3.17.0 had an arbitrary code execution in the
...)
+ TODO: check
+CVE-2017-1000214 (GitPHP by xiphux is vulnerable to OS Command Injections ...)
+ TODO: check
+CVE-2017-1000207 (A vulnerability in Swagger-Parser's version <= 1.0.30 and
Swagger ...)
+ TODO: check
+CVE-2017-1000159 (Command injection in evince 3.24.8 via filename when
printing to PDF ...)
+ TODO: check
CVE-2018-0485
RESERVED
CVE-2018-0484
@@ -798,7 +810,7 @@
RESERVED
CVE-2018-0086
RESERVED
-CVE-2017-16994
+CVE-2017-16994 (The walk_hugetlb_range function in mm/pagewalk.c in the Linux
kernel ...)
- linux <unfixed>
NOTE: Fixed by:
https://git.kernel.org/linus/373c4557d2aa362702c4c2d41288fb1e54990b7c (4.15-rc1)
CVE-2017-16993
@@ -863,22 +875,22 @@
RESERVED
CVE-2017-16963
RESERVED
-CVE-2017-16962
- RESERVED
-CVE-2017-16961
- RESERVED
-CVE-2017-16960
- RESERVED
-CVE-2017-16959
- RESERVED
-CVE-2017-16958
- RESERVED
-CVE-2017-16957
- RESERVED
-CVE-2017-16956
- RESERVED
-CVE-2017-16955
- RESERVED
+CVE-2017-16962 (The WebMail components (Crystal, pronto, and pronto4) in
CommuniGate ...)
+ TODO: check
+CVE-2017-16961 (A SQL injection vulnerability in core/inc/auto-modules.php in
BigTree ...)
+ TODO: check
+CVE-2017-16960 (TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote
...)
+ TODO: check
+CVE-2017-16959 (The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR,
TL-ER, ...)
+ TODO: check
+CVE-2017-16958 (TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote
...)
+ TODO: check
+CVE-2017-16957 (TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote
...)
+ TODO: check
+CVE-2017-16956 (b3log Symphony (aka Sym) 2.2.0 allows an XSS attack by sending
a ...)
+ TODO: check
+CVE-2017-16955 (SQL injection vulnerability in the InLinks plugin through 1.1
for ...)
+ TODO: check
CVE-2017-16954
RESERVED
CVE-2017-16953
@@ -6202,14 +6214,13 @@
CVE-2017-15118
RESERVED
CVE-2017-15117
- RESERVED
+ REJECTED
CVE-2017-15116
RESERVED
CVE-2017-15115 (The sctp_do_peeloff function in net/sctp/socket.c in the Linux
kernel ...)
- linux 4.13.13-1
NOTE:
https://git.kernel.org/linus/df80cd9b28b9ebaa284a41df611dbf3a2d05ca74
(v4.14-rc6)
-CVE-2017-15114 [Passwordless access for non-libvirt related services when
using shared certificate authority]
- RESERVED
+CVE-2017-15114 (When libvirtd is configured by OSP director
(tripleo-heat-templates) ...)
- tripleo-heat-templates <not-affected> (Vulnerability introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1510015
NOTE: Bug: https://bugs.launchpad.net/tripleo/+bug/1730370
@@ -6250,8 +6261,7 @@
- liblouis <not-affected> (Incomplete fix not applied in Debian)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1492701#c12
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1511023
-CVE-2017-15100
- RESERVED
+CVE-2017-15100 (An attacker submitting facts to the Foreman server containing
HTML can ...)
- foreman <itp> (bug #663101)
CVE-2017-15099 (INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x
before ...)
{DSA-4028-1}
@@ -6435,16 +6445,16 @@
NOTE: https://github.com/upx/upx/issues/128
NOTE:
https://github.com/upx/upx/commit/ef336dbcc6dc8344482f8cf6c909ae96c3286317
NOTE: crash in CLI tool, no security impact
-CVE-2017-15055
- RESERVED
-CVE-2017-15054
- RESERVED
-CVE-2017-15053
- RESERVED
-CVE-2017-15052
- RESERVED
-CVE-2017-15051
- RESERVED
+CVE-2017-15055 (TeamPass before 2.1.27.9 does not properly enforce item access
control ...)
+ TODO: check
+CVE-2017-15054 (An arbitrary file upload vulnerability, present in TeamPass
before ...)
+ TODO: check
+CVE-2017-15053 (TeamPass before 2.1.27.9 does not properly enforce manager
access ...)
+ TODO: check
+CVE-2017-15052 (TeamPass before 2.1.27.9 does not properly enforce manager
access ...)
+ TODO: check
+CVE-2017-15051 (Multiple stored cross-site scripting (XSS) vulnerabilities in
TeamPass ...)
+ TODO: check
CVE-2017-15050
RESERVED
CVE-2017-15049
@@ -7932,10 +7942,10 @@
NOT-FOR-US: Atlassian
CVE-2017-14587 (The administration user deletion resource in Atlassian FishEye
and ...)
NOT-FOR-US: Atlassian
-CVE-2017-14586
- RESERVED
-CVE-2017-14585
- RESERVED
+CVE-2017-14586 (The Hipchat for Mac desktop client is vulnerable to
client-side remote ...)
+ TODO: check
+CVE-2017-14585 (A Server Side Request Forgery (SSRF) vulnerability could lead
to ...)
+ TODO: check
CVE-2017-14584
RESERVED
CVE-2017-14583
@@ -8498,8 +8508,8 @@
RESERVED
CVE-2017-14391
RESERVED
-CVE-2017-14390
- RESERVED
+CVE-2017-14390 (In Cloud Foundry Foundation cf-deployment v0.35.0, a
misconfiguration ...)
+ TODO: check
CVE-2017-14389
RESERVED
CVE-2017-14388 (Cloud Foundry Foundation GrootFS release 0.3.x versions prior
to 0.30.0 ...)
@@ -9154,8 +9164,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2017/09/21/2
NOTE: http://www.openwall.com/lists/oss-security/2017/09/21/3
NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2330
-CVE-2017-14176 [bzr+ssh URLs don't strip SSH options]
- RESERVED
+CVE-2017-14176 (Bazaar through 2.7.0, when Subprocess SSH is used, allows
remote ...)
{DLA-1107-1}
- bzr 2.7.0+bzr6622-7 (bug #874429)
NOTE: https://bugs.launchpad.net/bzr/+bug/1710979
@@ -23234,8 +23243,8 @@
RESERVED
CVE-2017-9317
RESERVED
-CVE-2017-9316
- RESERVED
+CVE-2017-9316 (Firmware upgrade authentication bypass vulnerability was found
in ...)
+ TODO: check
CVE-2017-9315
RESERVED
CVE-2017-9314 (Authentication vulnerability found in Dahua NVR models NVR50XX,
...)
@@ -26668,9 +26677,9 @@
NOT-FOR-US: Huawei
CVE-2017-8147 (AC6005 V200R006C10SPC200,AC6605 V200R006C10SPC200,AR1200 with
software ...)
NOT-FOR-US: Huawei
-CVE-2017-8146 (The call module of P10 and P10 Plus smrtphones with software
the ...)
+CVE-2017-8146 (The call module of P10 and P10 Plus smartphones with software
...)
NOT-FOR-US: Huawei
-CVE-2017-8145 (The call module of P10 and P10 Plus smrtphones with software
the ...)
+CVE-2017-8145 (The call module of P10 and P10 Plus smartphones with software
...)
NOT-FOR-US: Huawei
CVE-2017-8144 (Honor 5A,Honor 8 Lite,Mate9,Mate9 Pro,P10,P10 Plus Huawei
smartphones ...)
NOT-FOR-US: Huawei
@@ -26981,11 +26990,10 @@
NOT-FOR-US: Cloud Foundry
CVE-2017-8046
RESERVED
-CVE-2017-8045
- RESERVED
+CVE-2017-8045 (In Pivotal Spring AMQP versions prior to 1.7.4, 1.6.11, and
1.5.7, an ...)
NOT-FOR-US: Spring AMQP
-CVE-2017-8044
- RESERVED
+CVE-2017-8044 (In Pivotal Single Sign-On for PCF (1.3.x versions prior to
1.3.4 and ...)
+ TODO: check
CVE-2017-8043
RESERVED
CVE-2017-8042
@@ -26994,11 +27002,10 @@
NOT-FOR-US: Pivotal
CVE-2017-8040 (In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x
versions prior ...)
NOT-FOR-US: Pivotal
-CVE-2017-8039
- RESERVED
+CVE-2017-8039 (An issue was discovered in Pivotal Spring Web Flow through
2.4.5. ...)
NOT-FOR-US: Spring Web Flow
-CVE-2017-8038
- RESERVED
+CVE-2017-8038 (In Cloud Foundry Foundation Credhub-release version 1.1.0,
access ...)
+ TODO: check
CVE-2017-8037 (In Cloud Foundry Foundation CAPI-release versions after v1.6.0
and ...)
NOT-FOR-US: Cloud Foundry
CVE-2017-8036 (An issue was discovered in the Cloud Controller API in Cloud
Foundry ...)
@@ -27011,14 +27018,13 @@
NOT-FOR-US: Cloud Foundry
CVE-2017-8032 (In Cloud Foundry cf-release versions prior to v264; UAA release
all ...)
NOT-FOR-US: Cloud Foundry
-CVE-2017-8031
- RESERVED
+CVE-2017-8031 (An issue was discovered in Cloud Foundry Foundation cf-release
(all ...)
+ TODO: check
CVE-2017-8030
RESERVED
CVE-2017-8029
RESERVED
-CVE-2017-8028
- RESERVED
+CVE-2017-8028 (In Pivotal Spring-LDAP versions 1.3.0 - 2.3.1, when connected
to some ...)
{DSA-4046-1 DLA-1180-1}
- libspring-ldap-java <removed>
NOTE: https://pivotal.io/security/cve-2017-8028
@@ -37796,8 +37802,7 @@
NOT-FOR-US: EMC
CVE-2017-4996
RESERVED
-CVE-2017-4995
- RESERVED
+CVE-2017-4995 (An issue was discovered in Pivotal Spring Security
4.2.0.RELEASE ...)
- libspring-security-java <itp> (bug #582181)
NOTE: https://pivotal.io/security/cve-2017-4995
CVE-2017-4994 (An issue was discovered in Cloud Foundry Foundation cf-release
versions ...)
@@ -43946,15 +43951,15 @@
NOT-FOR-US: Huawei
CVE-2017-2729 (The boot loaders in Honor 5A smart phones with software
Versions ...)
NOT-FOR-US: Huawei
-CVE-2017-2728 (Some HHuawei mobile phones Honor 6X Berlin-L22C636B150 and
earlier ...)
+CVE-2017-2728 (Some Huawei mobile phones Honor 6X Berlin-L22C636B150 and
earlier ...)
NOT-FOR-US: Huawei
CVE-2017-2727 (Huawei P9 smart phones with software versions earlier before
...)
NOT-FOR-US: Huawei
-CVE-2017-2726 (Bastet in P10 Plus and P10 smart phones with software Eariler
than ...)
+CVE-2017-2726 (Bastet in P10 Plus and P10 smart phones with software earlier
than ...)
NOT-FOR-US: Huawei
-CVE-2017-2725 (Bastet in P10 Plus and P10 smart phones with software Eariler
than ...)
+CVE-2017-2725 (Bastet in P10 Plus and P10 smart phones with software earlier
than ...)
NOT-FOR-US: Huawei
-CVE-2017-2724 (Bastet in P10 Plus and P10 smart phones with software Eariler
than ...)
+CVE-2017-2724 (Bastet in P10 Plus and P10 smart phones with software earlier
than ...)
NOT-FOR-US: Huawei
CVE-2017-2723 (The Files APP 7.1.1.308 and earlier versions in some Huawei
mobile ...)
NOT-FOR-US: Huawei
@@ -47887,8 +47892,8 @@
RESERVED
CVE-2017-0911
RESERVED
-CVE-2017-0910
- RESERVED
+CVE-2017-0910 (In Zulip Server before 1.7.1, on a server with multiple realms,
a ...)
+ TODO: check
CVE-2017-0909 (The private_address_check ruby gem before 0.4.1 is vulnerable
to a ...)
TODO: check
CVE-2017-0908
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
