[Secure-testing-commits] r58369 - data/CVE

security tracker role Fri, 08 Dec 2017 13:10:39 -0800

Author: sectracker
Date: 2017-12-08 21:10:25 +0000 (Fri, 08 Dec 2017)
New Revision: 58369


Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-12-08 19:20:32 UTC (rev 58368)
+++ data/CVE/list       2017-12-08 21:10:25 UTC (rev 58369)
@@ -1,3 +1,13 @@
+CVE-2017-17480 (In OpenJPEG 2.3.0, a stack-based buffer overflow was 
discovered in the ...)
+       TODO: check
+CVE-2017-17479 (In OpenJPEG 2.3.0, a stack-based buffer overflow was 
discovered in the ...)
+       TODO: check
+CVE-2017-17478
+       RESERVED
+CVE-2017-17477
+       RESERVED
+CVE-2017-17476
+       RESERVED
 CVE-2017-17475 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to 
cause a ...)
        NOT-FOR-US: TG Soft Vir.IT eXplorer Lite
 CVE-2017-17474 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to 
cause a ...)
@@ -3770,7 +3780,7 @@
        - linux 4.13.13-1
        NOTE: Fixed by: 
https://git.kernel.org/linus/1137b5e2529a8f5ca8ee709288ecba3e68044df2
 CVE-2017-16938 (A global buffer overflow in OptiPNG 0.7.6 allows remote 
attackers to ...)
-       {DLA-1196-1}
+       {DSA-4058-1 DLA-1196-1}
        - optipng 0.7.6-1.1 (bug #878839)
        NOTE: https://sourceforge.net/p/optipng/bugs/69/
 CVE-2017-16937
@@ -3831,8 +3841,7 @@
        NOT-FOR-US: Shenzhen Tenda
 CVE-2017-16922
        RESERVED
-CVE-2017-16921 [OSA-2017-09: Remote code execution]
-       RESERVED
+CVE-2017-16921 (In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and 
including ...)
        - otrs2 6.0.2-1 (bug #883774)
        NOTE: 
https://www.otrs.com/security-advisory-2017-09-security-update-otrs-framework/
        NOTE: https://bugs.otrs.org/show_bug.cgi?id=13357
@@ -4158,7 +4167,7 @@
        NOTE: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1256
        NOTE: 
https://git.nlnetlabs.nl/ldns/commit/?id=c8391790c96d4c8a2c10f9ab1460fda83b509fc2
 CVE-2017-1000229 (Integer overflow bug in function minitiff_read_info() of 
optipng 0.7.6 ...)
-       {DLA-1184-1}
+       {DSA-4058-1 DLA-1184-1}
        - optipng 0.7.6-1.1 (bug #882032)
        NOTE: https://sourceforge.net/p/optipng/bugs/65/
        NOTE: Proposed patch: 
https://sourceforge.net/p/optipng/bugs/_discuss/thread/2a56b3aa/f6bb/attachment/0001-Prevent-integer-overflow-bug-65-CVE-2017-1000229.patch
@@ -4441,8 +4450,7 @@
        NOT-FOR-US: Atlassian Confluence
 CVE-2017-16855 (Ipsilon before 2.1.0 has a &quot;SAML2 multi-session 
vulnerability.&quot; ...)
        - ipsilon <itp> (bug #826838)
-CVE-2017-16854 [OSA-2017-08: Information Disclosure]
-       RESERVED
+CVE-2017-16854 (In Open Ticket Request System (OTRS) through 3.3.20, 4 through 
4.0.26, ...)
        - otrs2 6.0.2-1
        NOTE: 
https://www.otrs.com/security-advisory-2017-08-security-update-otrs-framework/
        NOTE: https://bugs.otrs.org/show_bug.cgi?id=13347
@@ -5099,6 +5107,7 @@
        - swauth 1.2.0-4 (bug #882314)
        NOTE: https://bugs.launchpad.net/swift/+bug/1655781
 CVE-2017-16612 (libXcursor before 1.1.15 has various integer overflows that 
could lead ...)
+       {DSA-4059-1}
        - libxcursor <unfixed> (bug #883792)
        NOTE: http://www.openwall.com/lists/oss-security/2017/11/28/6
        NOTE: 
https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=4794b5dd34688158fb51a2943032569d3780c4b8
@@ -7196,16 +7205,16 @@
        RESERVED
 CVE-2017-15896
        RESERVED
-CVE-2017-15895
-       RESERVED
-CVE-2017-15894
-       RESERVED
-CVE-2017-15893
-       RESERVED
+CVE-2017-15895 (Directory traversal vulnerability in the 
SYNO.FileStation.Extract in ...)
+       TODO: check
+CVE-2017-15894 (Directory traversal vulnerability in the 
SYNO.FileStation.Extract in ...)
+       TODO: check
+CVE-2017-15893 (Directory traversal vulnerability in the 
SYNO.FileStation.Extract in ...)
+       TODO: check
 CVE-2017-15892
        RESERVED
-CVE-2017-15891
-       RESERVED
+CVE-2017-15891 (Improper access control vulnerability in SYNO.Cal.EventBase in 
...)
+       TODO: check
 CVE-2017-15890
        RESERVED
 CVE-2017-15889 (Command injection vulnerability in smart.cgi in Synology 
DiskStation ...)
@@ -16281,8 +16290,8 @@
        RESERVED
 CVE-2017-12824 (Special crafted InPage document leads to arbitrary code 
execution in ...)
        NOT-FOR-US: InPage
-CVE-2017-12823
-       RESERVED
+CVE-2017-12823 (Kernel pool memory corruption in one of drivers in Kaspersky 
Embedded ...)
+       TODO: check
 CVE-2017-12822 (Remote enabling and disabling admin interface in Gemalto's 
HASP SRM, ...)
        NOT-FOR-US: Gemalto
 CVE-2017-12821 (Memory corruption in Gemalto's HASP SRM, Sentinel HASP and 
Sentinel ...)
@@ -18629,8 +18638,8 @@
        RESERVED
 CVE-2017-11941
        RESERVED
-CVE-2017-11940
-       RESERVED
+CVE-2017-11940 (The Microsoft Malware Protection Engine running on Microsoft 
Forefront ...)
+       TODO: check
 CVE-2017-11939
        RESERVED
 CVE-2017-11938
@@ -20019,12 +20028,12 @@
        RESERVED
 CVE-2017-11483
        RESERVED
-CVE-2017-11482
-       RESERVED
-CVE-2017-11481
-       RESERVED
-CVE-2017-11480
-       RESERVED
+CVE-2017-11482 (The Kibana fix for CVE-2017-8451 was found to be incomplete. 
With ...)
+       TODO: check
+CVE-2017-11481 (Kibana versions prior to 6.0.1 and 5.6.5 had a cross-site 
scripting ...)
+       TODO: check
+CVE-2017-11480 (Packetbeat versions prior to 5.6.4 are affected by a denial of 
service ...)
+       TODO: check
 CVE-2017-11479 (Kibana versions prior to 5.6.1 had a cross-site scripting 
(XSS) ...)
        - kibana <itp> (bug #700337)
 CVE-2017-11477
@@ -21872,8 +21881,8 @@
        RESERVED
 CVE-2017-10907
        RESERVED
-CVE-2017-10906
-       RESERVED
+CVE-2017-10906 (Escape sequence injection vulnerability in Fluentd versions 
0.12.29 ...)
+       TODO: check
 CVE-2017-10905
        RESERVED
 CVE-2017-10904
@@ -21890,16 +21899,16 @@
        NOT-FOR-US: A-Reserve
 CVE-2017-10898 (SQL injection vulnerability in the A-Member and A-Member for 
MT cloud ...)
        NOT-FOR-US: A-Member
-CVE-2017-10897
-       RESERVED
-CVE-2017-10896
-       RESERVED
+CVE-2017-10897 (Input validation issue in Buffalo BBR-4HG and and BBR-4MG 
broadband ...)
+       TODO: check
+CVE-2017-10896 (Cross-site scripting vulnerability in Buffalo BBR-4HG and and 
BBR-4MG ...)
+       TODO: check
 CVE-2017-10895 (sDNSProxy.exe ver1.1.0.0 and earlier allows remote attackers 
to cause ...)
        NOT-FOR-US: sDNSProxy
 CVE-2017-10894 (StreamRelay.NET.exe ver2.14.0.7 and earlier allows remote 
attackers to ...)
        NOT-FOR-US: StreamRelay.NET
-CVE-2017-10893
-       RESERVED
+CVE-2017-10893 (Untrusted search path vulnerability in The Public 
Certification ...)
+       TODO: check
 CVE-2017-10892 (Untrusted search path vulnerability in Music Center for PC 
version ...)
        NOT-FOR-US: Music Center for PC
 CVE-2017-10891 (Untrusted search path vulnerability in Media Go version 
3.2.0.191 and ...)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r58369 - data/CVE

Reply via email to