Author: sectracker Date: 2017-12-08 21:10:25 +0000 (Fri, 08 Dec 2017) New Revision: 58369
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-12-08 19:20:32 UTC (rev 58368) +++ data/CVE/list 2017-12-08 21:10:25 UTC (rev 58369) @@ -1,3 +1,13 @@ +CVE-2017-17480 (In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the ...) + TODO: check +CVE-2017-17479 (In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the ...) + TODO: check +CVE-2017-17478 + RESERVED +CVE-2017-17477 + RESERVED +CVE-2017-17476 + RESERVED CVE-2017-17475 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a ...) NOT-FOR-US: TG Soft Vir.IT eXplorer Lite CVE-2017-17474 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a ...) @@ -3770,7 +3780,7 @@ - linux 4.13.13-1 NOTE: Fixed by: https://git.kernel.org/linus/1137b5e2529a8f5ca8ee709288ecba3e68044df2 CVE-2017-16938 (A global buffer overflow in OptiPNG 0.7.6 allows remote attackers to ...) - {DLA-1196-1} + {DSA-4058-1 DLA-1196-1} - optipng 0.7.6-1.1 (bug #878839) NOTE: https://sourceforge.net/p/optipng/bugs/69/ CVE-2017-16937 @@ -3831,8 +3841,7 @@ NOT-FOR-US: Shenzhen Tenda CVE-2017-16922 RESERVED -CVE-2017-16921 [OSA-2017-09: Remote code execution] - RESERVED +CVE-2017-16921 (In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including ...) - otrs2 6.0.2-1 (bug #883774) NOTE: https://www.otrs.com/security-advisory-2017-09-security-update-otrs-framework/ NOTE: https://bugs.otrs.org/show_bug.cgi?id=13357 @@ -4158,7 +4167,7 @@ NOTE: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1256 NOTE: https://git.nlnetlabs.nl/ldns/commit/?id=c8391790c96d4c8a2c10f9ab1460fda83b509fc2 CVE-2017-1000229 (Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 ...) - {DLA-1184-1} + {DSA-4058-1 DLA-1184-1} - optipng 0.7.6-1.1 (bug #882032) NOTE: https://sourceforge.net/p/optipng/bugs/65/ NOTE: Proposed patch: https://sourceforge.net/p/optipng/bugs/_discuss/thread/2a56b3aa/f6bb/attachment/0001-Prevent-integer-overflow-bug-65-CVE-2017-1000229.patch @@ -4441,8 +4450,7 @@ NOT-FOR-US: Atlassian Confluence CVE-2017-16855 (Ipsilon before 2.1.0 has a "SAML2 multi-session vulnerability." ...) - ipsilon <itp> (bug #826838) -CVE-2017-16854 [OSA-2017-08: Information Disclosure] - RESERVED +CVE-2017-16854 (In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4.0.26, ...) - otrs2 6.0.2-1 NOTE: https://www.otrs.com/security-advisory-2017-08-security-update-otrs-framework/ NOTE: https://bugs.otrs.org/show_bug.cgi?id=13347 @@ -5099,6 +5107,7 @@ - swauth 1.2.0-4 (bug #882314) NOTE: https://bugs.launchpad.net/swift/+bug/1655781 CVE-2017-16612 (libXcursor before 1.1.15 has various integer overflows that could lead ...) + {DSA-4059-1} - libxcursor <unfixed> (bug #883792) NOTE: http://www.openwall.com/lists/oss-security/2017/11/28/6 NOTE: https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=4794b5dd34688158fb51a2943032569d3780c4b8 @@ -7196,16 +7205,16 @@ RESERVED CVE-2017-15896 RESERVED -CVE-2017-15895 - RESERVED -CVE-2017-15894 - RESERVED -CVE-2017-15893 - RESERVED +CVE-2017-15895 (Directory traversal vulnerability in the SYNO.FileStation.Extract in ...) + TODO: check +CVE-2017-15894 (Directory traversal vulnerability in the SYNO.FileStation.Extract in ...) + TODO: check +CVE-2017-15893 (Directory traversal vulnerability in the SYNO.FileStation.Extract in ...) + TODO: check CVE-2017-15892 RESERVED -CVE-2017-15891 - RESERVED +CVE-2017-15891 (Improper access control vulnerability in SYNO.Cal.EventBase in ...) + TODO: check CVE-2017-15890 RESERVED CVE-2017-15889 (Command injection vulnerability in smart.cgi in Synology DiskStation ...) @@ -16281,8 +16290,8 @@ RESERVED CVE-2017-12824 (Special crafted InPage document leads to arbitrary code execution in ...) NOT-FOR-US: InPage -CVE-2017-12823 - RESERVED +CVE-2017-12823 (Kernel pool memory corruption in one of drivers in Kaspersky Embedded ...) + TODO: check CVE-2017-12822 (Remote enabling and disabling admin interface in Gemalto's HASP SRM, ...) NOT-FOR-US: Gemalto CVE-2017-12821 (Memory corruption in Gemalto's HASP SRM, Sentinel HASP and Sentinel ...) @@ -18629,8 +18638,8 @@ RESERVED CVE-2017-11941 RESERVED -CVE-2017-11940 - RESERVED +CVE-2017-11940 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...) + TODO: check CVE-2017-11939 RESERVED CVE-2017-11938 @@ -20019,12 +20028,12 @@ RESERVED CVE-2017-11483 RESERVED -CVE-2017-11482 - RESERVED -CVE-2017-11481 - RESERVED -CVE-2017-11480 - RESERVED +CVE-2017-11482 (The Kibana fix for CVE-2017-8451 was found to be incomplete. With ...) + TODO: check +CVE-2017-11481 (Kibana versions prior to 6.0.1 and 5.6.5 had a cross-site scripting ...) + TODO: check +CVE-2017-11480 (Packetbeat versions prior to 5.6.4 are affected by a denial of service ...) + TODO: check CVE-2017-11479 (Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) ...) - kibana <itp> (bug #700337) CVE-2017-11477 @@ -21872,8 +21881,8 @@ RESERVED CVE-2017-10907 RESERVED -CVE-2017-10906 - RESERVED +CVE-2017-10906 (Escape sequence injection vulnerability in Fluentd versions 0.12.29 ...) + TODO: check CVE-2017-10905 RESERVED CVE-2017-10904 @@ -21890,16 +21899,16 @@ NOT-FOR-US: A-Reserve CVE-2017-10898 (SQL injection vulnerability in the A-Member and A-Member for MT cloud ...) NOT-FOR-US: A-Member -CVE-2017-10897 - RESERVED -CVE-2017-10896 - RESERVED +CVE-2017-10897 (Input validation issue in Buffalo BBR-4HG and and BBR-4MG broadband ...) + TODO: check +CVE-2017-10896 (Cross-site scripting vulnerability in Buffalo BBR-4HG and and BBR-4MG ...) + TODO: check CVE-2017-10895 (sDNSProxy.exe ver1.1.0.0 and earlier allows remote attackers to cause ...) NOT-FOR-US: sDNSProxy CVE-2017-10894 (StreamRelay.NET.exe ver2.14.0.7 and earlier allows remote attackers to ...) NOT-FOR-US: StreamRelay.NET -CVE-2017-10893 - RESERVED +CVE-2017-10893 (Untrusted search path vulnerability in The Public Certification ...) + TODO: check CVE-2017-10892 (Untrusted search path vulnerability in Music Center for PC version ...) NOT-FOR-US: Music Center for PC CVE-2017-10891 (Untrusted search path vulnerability in Media Go version 3.2.0.191 and ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits