Author: sectracker Date: 2017-11-29 21:10:19 +0000 (Wed, 29 Nov 2017) New Revision: 58123
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-11-29 19:50:37 UTC (rev 58122) +++ data/CVE/list 2017-11-29 21:10:19 UTC (rev 58123) @@ -1,3 +1,21 @@ +CVE-2017-17066 + RESERVED +CVE-2017-17065 + RESERVED +CVE-2017-17064 + RESERVED +CVE-2017-17063 + RESERVED +CVE-2017-17062 + RESERVED +CVE-2017-17061 + RESERVED +CVE-2017-17060 + RESERVED +CVE-2017-17059 (XSS exists in the amtyThumb amty-thumb-recent-post (aka amtyThumb posts ...) + TODO: check +CVE-2017-1000385 + RESERVED CVE-2017-17058 (The WooCommerce plugin through 3.x for WordPress has a Directory ...) NOT-FOR-US: WooCommerce plugin for WordPress CVE-2017-17057 @@ -1727,42 +1745,61 @@ CVE-2017-1000406 NOT-FOR-US: OpenDayLight CVE-2017-1000404 + RESERVED NOT-FOR-US: Jenkins plugin CVE-2017-1000403 + RESERVED NOT-FOR-US: Jenkins plugin CVE-2017-1000402 + RESERVED NOT-FOR-US: Jenkins plugin CVE-2017-1000401 + RESERVED NOT-FOR-US: Jenkins CVE-2017-1000400 + RESERVED NOT-FOR-US: Jenkins CVE-2017-1000399 + RESERVED NOT-FOR-US: Jenkins CVE-2017-1000398 + RESERVED NOT-FOR-US: Jenkins CVE-2017-1000397 + RESERVED NOT-FOR-US: Jenkins plugin CVE-2017-1000396 + RESERVED NOT-FOR-US: Jenkins CVE-2017-1000395 + RESERVED NOT-FOR-US: Jenkins CVE-2017-1000394 + RESERVED NOT-FOR-US: Jenkins CVE-2017-1000393 + RESERVED NOT-FOR-US: Jenkins CVE-2017-1000392 + RESERVED NOT-FOR-US: Jenkins CVE-2017-1000391 + RESERVED NOT-FOR-US: Jenkins CVE-2017-1000390 + RESERVED NOT-FOR-US: Jenkins plugin CVE-2017-1000389 + RESERVED NOT-FOR-US: Jenkins plugin CVE-2017-1000388 + RESERVED NOT-FOR-US: Jenkins plugin CVE-2017-1000387 + RESERVED NOT-FOR-US: Jenkins plugin CVE-2017-1000386 + RESERVED NOT-FOR-US: Jenkins plugin CVE-2017-16884 RESERVED @@ -3737,6 +3774,7 @@ CVE-2017-16242 RESERVED CVE-2017-1000384 [Arbitrary file read] + RESERVED - passenger <unfixed> - ruby-passenger <removed> [jessie] - ruby-passenger <no-dsa> (Minor issue) @@ -9203,10 +9241,10 @@ RESERVED CVE-2017-14379 (EMC RSA Authentication Manager before 8.2 SP1 P6 has a cross-site ...) NOT-FOR-US: EMC -CVE-2017-14378 - RESERVED -CVE-2017-14377 - RESERVED +CVE-2017-14378 (EMC RSA Authentication Agent API 8.5 for C and RSA Authentication Agent ...) + TODO: check +CVE-2017-14377 (EMC RSA Authentication Agent for Web: Apache Web Server version 8.0 and ...) + TODO: check CVE-2017-14376 (EMC AppSync Server prior to 3.5.0.1 contains database accounts with ...) NOT-FOR-US: EMC AppSync Server CVE-2017-14375 (EMC Unisphere for VMAX Virtual Appliance (vApp) versions prior to ...) @@ -9733,14 +9771,14 @@ RESERVED CVE-2017-14190 RESERVED -CVE-2017-14189 - RESERVED +CVE-2017-14189 (An improper access control vulnerability in Fortinet FortiWebManager ...) + TODO: check CVE-2017-14188 RESERVED CVE-2017-14187 RESERVED -CVE-2017-14186 - RESERVED +CVE-2017-14186 (A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 5.6.0 ...) + TODO: check CVE-2017-14185 RESERVED CVE-2017-14184 @@ -9836,7 +9874,7 @@ NOTE: http://www.openwall.com/lists/oss-security/2017/09/21/3 NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2330 CVE-2017-14176 (Bazaar through 2.7.0, when Subprocess SSH is used, allows remote ...) - {DLA-1107-1} + {DSA-4052-1 DLA-1107-1} - bzr 2.7.0+bzr6622-7 (bug #874429) NOTE: https://bugs.launchpad.net/bzr/+bug/1710979 CVE-2017-14159 (slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping ...) @@ -10608,8 +10646,8 @@ RESERVED CVE-2017-13873 RESERVED -CVE-2017-13872 - RESERVED +CVE-2017-13872 (An issue was discovered in certain Apple products. macOS High Sierra ...) + TODO: check CVE-2017-13871 RESERVED CVE-2017-13870 @@ -25627,21 +25665,20 @@ RESERVED CVE-2017-8819 RESERVED -CVE-2017-8818 [SSL out of buffer access] - RESERVED +CVE-2017-8818 (curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to ...) - curl <unfixed> [stretch] - curl <not-affected> (Vulnerable code not present) [jessie] - curl <not-affected> (Vulnerable code not present) [wheezy] - curl <not-affected> (Vulnerable code not present) NOTE: https://curl.haxx.se/docs/adv_2017-af0a.html NOTE: https://curl.haxx.se/CVE-2017-8818.patch -CVE-2017-8817 [FTP wildcard out of bounds read] - RESERVED +CVE-2017-8817 (The FTP wildcard function in curl and libcurl before 7.57.0 allows ...) + {DSA-4051-1} - curl <unfixed> NOTE: https://curl.haxx.se/docs/adv_2017-ae72.html NOTE: https://curl.haxx.se/CVE-2017-8817.patch -CVE-2017-8816 [NTLM buffer overflow via integer overflow] - RESERVED +CVE-2017-8816 (The NTLM authentication feature in curl and libcurl before 7.57.0 on ...) + {DSA-4051-1} - curl <unfixed> [wheezy] - curl <not-affected> (Vulnerable code not present, introduced in 7.36.0) NOTE: https://curl.haxx.se/docs/adv_2017-11e7.html _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits