[Secure-testing-commits] r58770 - data/CVE

security tracker role Thu, 21 Dec 2017 01:10:50 -0800

Author: sectracker
Date: 2017-12-21 09:10:13 +0000 (Thu, 21 Dec 2017)
New Revision: 58770


Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-12-21 09:04:18 UTC (rev 58769)
+++ data/CVE/list       2017-12-21 09:10:13 UTC (rev 58770)
@@ -1,3 +1,51 @@
+CVE-2017-17831 (GitHub Git LFS before 2.1.1 allows remote attackers to execute 
...)
+       TODO: check
+CVE-2017-17830 (Bus Booking Script has CSRF via admin/new_master.php. ...)
+       TODO: check
+CVE-2017-17829 (Bus Booking Script has SQL Injection via the 
admin/view_seatseller.php ...)
+       TODO: check
+CVE-2017-17828 (Bus Booking Script has XSS via the results.php datepicker 
parameter or ...)
+       TODO: check
+CVE-2017-17827 (Piwigo 2.9.2 is vulnerable to Cross-Site Request Forgery via 
...)
+       TODO: check
+CVE-2017-17826 (The Configuration component of Piwigo 2.9.2 is vulnerable to 
Persistent ...)
+       TODO: check
+CVE-2017-17825 (The Batch Manager component of Piwigo 2.9.2 is vulnerable to 
Persistent ...)
+       TODO: check
+CVE-2017-17824 (The Batch Manager component of Piwigo 2.9.2 is vulnerable to 
SQL ...)
+       TODO: check
+CVE-2017-17823 (The Configuration component of Piwigo 2.9.2 is vulnerable to 
SQL ...)
+       TODO: check
+CVE-2017-17822 (The List Users API of Piwigo 2.9.2 is vulnerable to SQL 
Injection via ...)
+       TODO: check
+CVE-2017-17821 (WTF/wtf/FastBitVector.h in WebKit, as distributed in Safari 
Technology ...)
+       TODO: check
+CVE-2017-17820 (In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free 
in ...)
+       TODO: check
+CVE-2017-17819 (In Netwide Assembler (NASM) 2.14rc0, there is an illegal 
address access ...)
+       TODO: check
+CVE-2017-17818 (In Netwide Assembler (NASM) 2.14rc0, there is a heap-based 
buffer ...)
+       TODO: check
+CVE-2017-17817 (In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free 
in ...)
+       TODO: check
+CVE-2017-17816 (In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free 
in ...)
+       TODO: check
+CVE-2017-17815 (In Netwide Assembler (NASM) 2.14rc0, there is an illegal 
address access ...)
+       TODO: check
+CVE-2017-17814 (In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free 
in ...)
+       TODO: check
+CVE-2017-17813 (In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free 
in the ...)
+       TODO: check
+CVE-2017-17812 (In Netwide Assembler (NASM) 2.14rc0, there is a heap-based 
buffer ...)
+       TODO: check
+CVE-2017-17811 (In Netwide Assembler (NASM) 2.14rc0, there is a heap-based 
buffer ...)
+       TODO: check
+CVE-2017-17810 (In Netwide Assembler (NASM) 2.14rc0, there is a &quot;SEGV on 
unknown ...)
+       TODO: check
+CVE-2017-17809 (In Golden Frog VyprVPN before 2.15.0.5828 for macOS, the 
vyprvpnservice ...)
+       TODO: check
+CVE-2017-17808
+       RESERVED
 CVE-2018-3599
        RESERVED
 CVE-2018-3598
@@ -78,13 +126,13 @@
        RESERVED
 CVE-2018-3560
        RESERVED
-CVE-2017-17807 [KEYS: add missing permission check for request_key() 
destination]
+CVE-2017-17807 (The KEYS subsystem in the Linux kernel before 4.14.6 omitted 
an ...)
        - linux <unfixed>
        NOTE: Fixed by: 
https://git.kernel.org/linus/4dca6ea1d9432052afb06baf2e3ae78188a4410b 
(v4.15-rc3)
-CVE-2017-17806 [crypto: hmac - require that the underlying hash algorithm is 
unkeyed]
+CVE-2017-17806 (The HMAC implementation (crypto/hmac.c) in the Linux kernel 
before ...)
        - linux <unfixed>
        NOTE: Fixed by: 
https://git.kernel.org/linus/af3ff8045bbf3e32f1a448542e73abb4c8ceb6f1 
(v4.15-rc4)
-CVE-2017-17805 [crypto: salsa20 - fix blkcipher_walk API usage]
+CVE-2017-17805 (The Salsa20 encryption algorithm in the Linux kernel before 
4.14.8 does ...)
        - linux <unfixed>
        NOTE: Fixed by: 
https://git.kernel.org/linus/ecaaab5649781c5a0effdaf298a925063020500e (4.15-rc4)
 CVE-2017-17804 (In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) 
allows ...)
@@ -178,7 +226,7 @@
 CVE-2017-17761 (An issue was discovered on Ichano AtHome IP Camera devices. 
The device ...)
        NOT-FOR-US: Ichano AtHome IP Camera
 CVE-2017-17476 (Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x 
before ...)
-       {DSA-4069-1}
+       {DSA-4069-1 DLA-1215-1}
        - otrs2 6.0.3-1 (bug #884801)
        NOTE: 
https://www.otrs.com/security-advisory-2017-10-security-update-otrs-framework/
        NOTE: OTRS-6: 
https://github.com/OTRS/otrs/commit/36e3be99cfe8a9e09afa1b75fdc39f3e28f561fc
@@ -5885,7 +5933,7 @@
        [wheezy] - eglibc <no-dsa> (Minor issue)
        NOTE: http://www.openwall.com/lists/oss-security/2017/12/11/4
 CVE-2017-17432 (OpenAFS 1.x before 1.6.22 does not properly validate Rx ack 
packets, ...)
-       {DSA-4067-1}
+       {DSA-4067-1 DLA-1213-1}
        - openafs 1.6.22-1 (bug #883602)
        NOTE: https://www.openafs.org/pages/security/OPENAFS-SA-2017-001.txt
 CVE-2018-1180
@@ -9913,7 +9961,8 @@
        NOT-FOR-US: Atlassian
 CVE-2017-16856 (The RSS Feed macro in Atlassian Confluence before version 
6.5.2 allows ...)
        NOT-FOR-US: Atlassian Confluence
-CVE-2017-16855 (Ipsilon before 2.1.0 has a &quot;SAML2 multi-session 
vulnerability.&quot; ...)
+CVE-2017-16855
+       REJECTED
        - ipsilon <itp> (bug #826838)
 CVE-2017-16854 (In Open Ticket Request System (OTRS) through 3.3.20, 4 through 
4.0.26, ...)
        {DSA-4066-1 DLA-1212-1}
@@ -17176,12 +17225,12 @@
        NOT-FOR-US: Cloud Foundry
 CVE-2017-14388 (Cloud Foundry Foundation GrootFS release 0.3.x versions prior 
to 0.30.0 ...)
        NOT-FOR-US: Cloud Foundry Foundation GrootFS
-CVE-2017-14387
-       RESERVED
+CVE-2017-14387 (The NFS service in EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 
8.0.1.1, and ...)
+       TODO: check
 CVE-2017-14386 (The web user interface of Dell 2335dn and 2355dn Multifunction 
Laser ...)
        TODO: check
-CVE-2017-14385
-       RESERVED
+CVE-2017-14385 (An issue was discovered in EMC Data Domain DD OS 5.7 family, 
versions ...)
+       TODO: check
 CVE-2017-14384
        RESERVED
 CVE-2017-14383
@@ -22583,13 +22632,13 @@
 CVE-2017-12609
        RESERVED
 CVE-2017-12608 (A vulnerability in Apache OpenOffice Writer DOC file parser 
before ...)
-       {DSA-4022-1}
+       {DSA-4022-1 DLA-1214-1}
        - libreoffice 1:5.0.2-1
        NOTE: https://www.talosintelligence.com/reports/TALOS-2017-0301
        NOTE: 
https://www.libreoffice.org/about-us/security/advisories/CVE-2017-12608
        NOTE: 
https://gerrit.libreoffice.org/gitweb?p=core.git;a=commitdiff_plain;h=42a709d1ef647aab9a1c9422b4e25ecaee857aba
 CVE-2017-12607 (A vulnerability in OpenOffice's PPT file parser before 4.1.4, 
and ...)
-       {DSA-4022-1}
+       {DSA-4022-1 DLA-1214-1}
        - libreoffice 1:5.0.2-1
        NOTE: https://www.talosintelligence.com/reports/TALOS-2017-0300
        NOTE: 
https://www.libreoffice.org/about-us/security/advisories/CVE-2017-12607
@@ -45506,26 +45555,26 @@
        RESERVED
 CVE-2017-5264 (Versions of Nexpose prior to 6.4.66 fail to adequately validate 
the ...)
        NOT-FOR-US: Nexpose
-CVE-2017-5263
-       RESERVED
-CVE-2017-5262
-       RESERVED
-CVE-2017-5261
-       RESERVED
-CVE-2017-5260
-       RESERVED
-CVE-2017-5259
-       RESERVED
-CVE-2017-5258
-       RESERVED
-CVE-2017-5257
-       RESERVED
-CVE-2017-5256
-       RESERVED
-CVE-2017-5255
-       RESERVED
-CVE-2017-5254
-       RESERVED
+CVE-2017-5263 (Versions 4.3.2-R4 and prior of Cambium Networks cnPilot 
firmware lack ...)
+       TODO: check
+CVE-2017-5262 (In versions 4.3.2-R4 and prior of Cambium Networks cnPilot 
firmware, ...)
+       TODO: check
+CVE-2017-5261 (In versions 4.3.2-R4 and prior of Cambium Networks cnPilot 
firmware, ...)
+       TODO: check
+CVE-2017-5260 (In versions 4.3.2-R4 and prior of Cambium Networks cnPilot 
firmware, ...)
+       TODO: check
+CVE-2017-5259 (In versions 4.3.2-R4 and prior of Cambium Networks cnPilot 
firmware, ...)
+       TODO: check
+CVE-2017-5258 (In version 3.5 and prior of Cambium Networks ePMP firmware, an 
...)
+       TODO: check
+CVE-2017-5257 (In version 3.5 and prior of Cambium Networks ePMP firmware, an 
...)
+       TODO: check
+CVE-2017-5256 (In version 3.5 and prior of Cambium Networks ePMP firmware, all 
...)
+       TODO: check
+CVE-2017-5255 (In version 3.5 and prior of Cambium Networks ePMP firmware, a 
lack of ...)
+       TODO: check
+CVE-2017-5254 (In version 3.5 and prior of Cambium Networks ePMP firmware, the 
...)
+       TODO: check
 CVE-2017-5253
        RESERVED
 CVE-2017-5252
@@ -171269,8 +171318,8 @@
        NOT-FOR-US: SmarterMail
 CVE-2012-2577 (Multiple cross-site scripting (XSS) vulnerabilities in 
SolarWinds ...)
        NOT-FOR-US: SolarWinds Orion Network Performance Monitor
-CVE-2012-2576
-       RESERVED
+CVE-2012-2576 (SQL injection vulnerability in the LoginServlet page in 
SolarWinds ...)
+       TODO: check
 CVE-2012-2575 (Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 
6.0a4 ...)
        NOT-FOR-US: NetWin SurgeMail
 CVE-2012-2574 (SQL injection vulnerability in the management console in 
Symantec Web ...)
@@ -177500,8 +177549,7 @@
 CVE-2011-4956 (Cross-site scripting (XSS) vulnerability in WordPress before 
3.1.1 ...)
        {DSA-2470-1}
        - wordpress 3.2.1+dfsg-1
-CVE-2011-4955
-       RESERVED
+CVE-2011-4955 (Multiple cross-site scripting (XSS) vulnerabilities in 
ui_stats.php in ...)
        NOT-FOR-US: wordpress bsuite plugin
 CVE-2011-4954
        RESERVED


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r58770 - data/CVE

Reply via email to