[Secure-testing-commits] r58123 - data/CVE

Wed, 29 Nov 2017 13:10:32 -0800 

Author: sectracker
Date: 2017-11-29 21:10:19 +0000 (Wed, 29 Nov 2017)
New Revision: 58123

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-11-29 19:50:37 UTC (rev 58122)
+++ data/CVE/list       2017-11-29 21:10:19 UTC (rev 58123)
@@ -1,3 +1,21 @@
+CVE-2017-17066
+       RESERVED
+CVE-2017-17065
+       RESERVED
+CVE-2017-17064
+       RESERVED
+CVE-2017-17063
+       RESERVED
+CVE-2017-17062
+       RESERVED
+CVE-2017-17061
+       RESERVED
+CVE-2017-17060
+       RESERVED
+CVE-2017-17059 (XSS exists in the amtyThumb amty-thumb-recent-post (aka 
amtyThumb posts ...)
+       TODO: check
+CVE-2017-1000385
+       RESERVED
 CVE-2017-17058 (The WooCommerce plugin through 3.x for WordPress has a 
Directory ...)
        NOT-FOR-US: WooCommerce plugin for WordPress
 CVE-2017-17057
@@ -1727,42 +1745,61 @@
 CVE-2017-1000406
        NOT-FOR-US: OpenDayLight
 CVE-2017-1000404
+       RESERVED
        NOT-FOR-US: Jenkins plugin
 CVE-2017-1000403
+       RESERVED
        NOT-FOR-US: Jenkins plugin
 CVE-2017-1000402
+       RESERVED
        NOT-FOR-US: Jenkins plugin
 CVE-2017-1000401
+       RESERVED
        NOT-FOR-US: Jenkins
 CVE-2017-1000400
+       RESERVED
        NOT-FOR-US: Jenkins
 CVE-2017-1000399
+       RESERVED
        NOT-FOR-US: Jenkins
 CVE-2017-1000398
+       RESERVED
        NOT-FOR-US: Jenkins
 CVE-2017-1000397
+       RESERVED
        NOT-FOR-US: Jenkins plugin
 CVE-2017-1000396
+       RESERVED
        NOT-FOR-US: Jenkins
 CVE-2017-1000395
+       RESERVED
        NOT-FOR-US: Jenkins
 CVE-2017-1000394
+       RESERVED
        NOT-FOR-US: Jenkins
 CVE-2017-1000393
+       RESERVED
        NOT-FOR-US: Jenkins
 CVE-2017-1000392
+       RESERVED
        NOT-FOR-US: Jenkins
 CVE-2017-1000391
+       RESERVED
        NOT-FOR-US: Jenkins
 CVE-2017-1000390
+       RESERVED
        NOT-FOR-US: Jenkins plugin
 CVE-2017-1000389
+       RESERVED
        NOT-FOR-US: Jenkins plugin
 CVE-2017-1000388
+       RESERVED
        NOT-FOR-US: Jenkins plugin
 CVE-2017-1000387
+       RESERVED
        NOT-FOR-US: Jenkins plugin
 CVE-2017-1000386
+       RESERVED
        NOT-FOR-US: Jenkins plugin
 CVE-2017-16884
        RESERVED
@@ -3737,6 +3774,7 @@
 CVE-2017-16242
        RESERVED
 CVE-2017-1000384 [Arbitrary file read]
+       RESERVED
        - passenger <unfixed>
        - ruby-passenger <removed>
        [jessie] - ruby-passenger <no-dsa> (Minor issue)
@@ -9203,10 +9241,10 @@
        RESERVED
 CVE-2017-14379 (EMC RSA Authentication Manager before 8.2 SP1 P6 has a 
cross-site ...)
        NOT-FOR-US: EMC
-CVE-2017-14378
-       RESERVED
-CVE-2017-14377
-       RESERVED
+CVE-2017-14378 (EMC RSA Authentication Agent API 8.5 for C and RSA 
Authentication Agent ...)
+       TODO: check
+CVE-2017-14377 (EMC RSA Authentication Agent for Web: Apache Web Server 
version 8.0 and ...)
+       TODO: check
 CVE-2017-14376 (EMC AppSync Server prior to 3.5.0.1 contains database accounts 
with ...)
        NOT-FOR-US: EMC AppSync Server
 CVE-2017-14375 (EMC Unisphere for VMAX Virtual Appliance (vApp) versions prior 
to ...)
@@ -9733,14 +9771,14 @@
        RESERVED
 CVE-2017-14190
        RESERVED
-CVE-2017-14189
-       RESERVED
+CVE-2017-14189 (An improper access control vulnerability in Fortinet 
FortiWebManager ...)
+       TODO: check
 CVE-2017-14188
        RESERVED
 CVE-2017-14187
        RESERVED
-CVE-2017-14186
-       RESERVED
+CVE-2017-14186 (A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 
5.6.0 ...)
+       TODO: check
 CVE-2017-14185
        RESERVED
 CVE-2017-14184
@@ -9836,7 +9874,7 @@
        NOTE: http://www.openwall.com/lists/oss-security/2017/09/21/3
        NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2330
 CVE-2017-14176 (Bazaar through 2.7.0, when Subprocess SSH is used, allows 
remote ...)
-       {DLA-1107-1}
+       {DSA-4052-1 DLA-1107-1}
        - bzr 2.7.0+bzr6622-7 (bug #874429)
        NOTE: https://bugs.launchpad.net/bzr/+bug/1710979
 CVE-2017-14159 (slapd in OpenLDAP 2.4.45 and earlier creates a PID file after 
dropping ...)
@@ -10608,8 +10646,8 @@
        RESERVED
 CVE-2017-13873
        RESERVED
-CVE-2017-13872
-       RESERVED
+CVE-2017-13872 (An issue was discovered in certain Apple products. macOS High 
Sierra ...)
+       TODO: check
 CVE-2017-13871
        RESERVED
 CVE-2017-13870
@@ -25627,21 +25665,20 @@
        RESERVED
 CVE-2017-8819
        RESERVED
-CVE-2017-8818 [SSL out of buffer access]
-       RESERVED
+CVE-2017-8818 (curl and libcurl before 7.57.0 on 32-bit platforms allow 
attackers to ...)
        - curl <unfixed>
        [stretch] - curl <not-affected> (Vulnerable code not present)
        [jessie] - curl <not-affected> (Vulnerable code not present)
        [wheezy] - curl <not-affected> (Vulnerable code not present)
        NOTE: https://curl.haxx.se/docs/adv_2017-af0a.html
        NOTE: https://curl.haxx.se/CVE-2017-8818.patch
-CVE-2017-8817 [FTP wildcard out of bounds read]
-       RESERVED
+CVE-2017-8817 (The FTP wildcard function in curl and libcurl before 7.57.0 
allows ...)
+       {DSA-4051-1}
        - curl <unfixed>
        NOTE: https://curl.haxx.se/docs/adv_2017-ae72.html
        NOTE: https://curl.haxx.se/CVE-2017-8817.patch
-CVE-2017-8816 [NTLM buffer overflow via integer overflow]
-       RESERVED
+CVE-2017-8816 (The NTLM authentication feature in curl and libcurl before 
7.57.0 on ...)
+       {DSA-4051-1}
        - curl <unfixed>
        [wheezy] - curl <not-affected> (Vulnerable code not present, introduced 
in 7.36.0)
        NOTE: https://curl.haxx.se/docs/adv_2017-11e7.html


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to