Author: sectracker
Date: 2017-12-21 21:10:19 +0000 (Thu, 21 Dec 2017)
New Revision: 58823
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-21 20:20:47 UTC (rev 58822)
+++ data/CVE/list 2017-12-21 21:10:19 UTC (rev 58823)
@@ -1,3 +1,5 @@
+CVE-2017-17832
+ RESERVED
CVE-2017-XXXX [Multiple Enigmail issues]
- enigmail 2:1.9.9-1
[jessie] - enigmail 2:1.9.9-1~deb8u1
@@ -2849,8 +2851,8 @@
NOT-FOR-US: Techno - Portfolio Management Panel
CVE-2017-17693 (Techno - Portfolio Management Panel through 2017-11-16 does
not check ...)
NOT-FOR-US: Techno - Portfolio Management Panel
-CVE-2017-17692
- RESERVED
+CVE-2017-17692 (Samsung Internet Browser 5.4.02.3 allows remote attackers to
bypass ...)
+ TODO: check
CVE-2017-17691
RESERVED
CVE-2017-17690
@@ -5355,7 +5357,7 @@
NOTE:
https://sources.debian.org/src/texlive-bin/2016.20160513.41080.dfsg-2/texk/texlive/linked_scripts/context/stubs/unix/mtxrun/#L3004
NOTE:
https://sources.debian.org/src/context/2017.05.15.20170613-2/texmf-dist/scripts/context/stubs/mswin/mtxrun.lua/?hl=3424#L3424
CVE-2017-17512 (sensible-browser in sensible-utils before 0.0.11 does not
validate ...)
- {DLA-1209-1}
+ {DSA-4071-1 DLA-1209-1}
- sensible-utils 0.0.11 (bug #881767)
NOTE:
https://anonscm.debian.org/git/collab-maint/sensible-utils.git/commit/?id=e16c937c43126df7f08d355277f99dd94cc21ce5
CVE-2017-17511 (KildClient 3.1.0 does not validate strings before launching
the program ...)
@@ -6086,14 +6088,14 @@
RESERVED
CVE-2017-17412
RESERVED
-CVE-2017-17411
- RESERVED
-CVE-2017-17410
- RESERVED
-CVE-2017-17409
- RESERVED
-CVE-2017-17408
- RESERVED
+CVE-2017-17411 (This vulnerability allows remote attackers to execute
arbitrary code ...)
+ TODO: check
+CVE-2017-17410 (This vulnerability allows remote attackers to execute
arbitrary code ...)
+ TODO: check
+CVE-2017-17409 (This vulnerability allows remote attackers to execute
arbitrary code ...)
+ TODO: check
+CVE-2017-17408 (This vulnerability allows remote attackers to execute
arbitrary code ...)
+ TODO: check
CVE-2017-17407
RESERVED
CVE-2017-17406
@@ -7583,18 +7585,22 @@
CVE-2017-17089
RESERVED
CVE-2017-17091 (wp-admin/user-new.php in WordPress before 4.9.1 sets the
newbloguser ...)
+ {DLA-1216-1}
- wordpress 4.9.1+dfsg-1 (bug #883314)
NOTE:
https://github.com/WordPress/WordPress/commit/eaf1cfdc1fe0bdffabd8d879c591b864d833326c
NOTE:
https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
CVE-2017-17093 (wp-includes/general-template.php in WordPress before 4.9.1
does not ...)
+ {DLA-1216-1}
- wordpress 4.9.1+dfsg-1 (bug #883314)
NOTE:
https://github.com/WordPress/WordPress/commit/3713ac5ebc90fb2011e98dfd691420f43da6c09a
NOTE:
https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
CVE-2017-17094 (wp-includes/feed.php in WordPress before 4.9.1 does not
properly ...)
+ {DLA-1216-1}
- wordpress 4.9.1+dfsg-1 (bug #883314)
NOTE:
https://github.com/WordPress/WordPress/commit/f1de7e42df29395c3314bf85bff3d1f4f90541de
NOTE:
https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
CVE-2017-17092 (wp-includes/functions.php in WordPress before 4.9.1 does not
require ...)
+ {DLA-1216-1}
- wordpress 4.9.1+dfsg-1 (bug #883314)
NOTE:
https://github.com/WordPress/WordPress/commit/67d03a98c2cae5f41843c897f206adde299b0509
NOTE:
https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
@@ -7822,20 +7828,20 @@
RESERVED
CVE-2017-17034
RESERVED
-CVE-2017-17033
- RESERVED
-CVE-2017-17032
- RESERVED
-CVE-2017-17031
- RESERVED
-CVE-2017-17030
- RESERVED
-CVE-2017-17029
- RESERVED
-CVE-2017-17028
- RESERVED
-CVE-2017-17027
- RESERVED
+CVE-2017-17033 (A buffer overflow vulnerability in password function in QNAP
QTS ...)
+ TODO: check
+CVE-2017-17032 (A buffer overflow vulnerability in password function in QNAP
QTS ...)
+ TODO: check
+CVE-2017-17031 (A buffer overflow vulnerability in password function in QNAP
QTS ...)
+ TODO: check
+CVE-2017-17030 (A buffer overflow vulnerability in login function in QNAP QTS
version ...)
+ TODO: check
+CVE-2017-17029 (A buffer overflow vulnerability in login function in QNAP QTS
version ...)
+ TODO: check
+CVE-2017-17028 (A buffer overflow vulnerability in external device function in
QNAP ...)
+ TODO: check
+CVE-2017-17027 (A buffer overflow vulnerability in FTP service in QNAP QTS
version ...)
+ TODO: check
CVE-2017-17045 (An issue was discovered in Xen through 4.9.x allowing HVM
guest OS ...)
{DSA-4050-1}
- xen 4.8.2+xsa245-0+deb9u1
@@ -10371,11 +10377,11 @@
CVE-2017-16734
RESERVED
CVE-2017-16733 (A SQL Injection issue was discovered in Ecava IntegraXor v
6.1.1030.1 ...)
- NOT-FOR-US: Ecava IntegraXor
+ NOT-FOR-US: Ecava IntegraXor
CVE-2017-16732
RESERVED
CVE-2017-16731 (An Unprotected Transport of Credentials issue was discovered
in ABB ...)
- NOT-FOR-US: Ellipse
+ NOT-FOR-US: Ellipse
CVE-2017-16730
RESERVED
CVE-2017-16729
@@ -13226,12 +13232,12 @@
NOTE: https://irssi.org/security/irssi_sa_2017_10.txt
NOTE:
https://github.com/irssi/irssi/commit/43e44d553d44e313003cee87e6ea5e24d68b84a1
CVE-2017-15722 (In certain cases, Irssi before 1.0.5 may fail to verify that a
Safe ...)
- {DSA-4016-1}
+ {DSA-4016-1 DLA-1217-1}
- irssi 1.0.5-1 (bug #879521)
NOTE: https://irssi.org/security/irssi_sa_2017_10.txt
NOTE:
https://github.com/irssi/irssi/commit/43e44d553d44e313003cee87e6ea5e24d68b84a1
CVE-2017-15721 (In Irssi before 1.0.5, certain incorrectly formatted DCC CTCP
messages ...)
- {DSA-4016-1}
+ {DSA-4016-1 DLA-1217-1}
- irssi 1.0.5-1 (bug #879521)
NOTE: https://irssi.org/security/irssi_sa_2017_10.txt
NOTE:
https://github.com/irssi/irssi/commit/43e44d553d44e313003cee87e6ea5e24d68b84a1
@@ -14630,12 +14636,12 @@
CVE-2017-15229
RESERVED
CVE-2017-15228 (Irssi before 1.0.5, when installing themes with unterminated
colour ...)
- {DSA-4016-1}
+ {DSA-4016-1 DLA-1217-1}
- irssi 1.0.5-1 (bug #879521)
NOTE: https://irssi.org/security/irssi_sa_2017_10.txt
NOTE:
https://github.com/irssi/irssi/commit/43e44d553d44e313003cee87e6ea5e24d68b84a1
CVE-2017-15227 (Irssi before 1.0.5, while waiting for the channel
synchronisation, may ...)
- {DSA-4016-1}
+ {DSA-4016-1 DLA-1217-1}
- irssi 1.0.5-1 (bug #879521)
NOTE: https://irssi.org/security/irssi_sa_2017_10.txt
NOTE:
https://github.com/irssi/irssi/commit/43e44d553d44e313003cee87e6ea5e24d68b84a1
@@ -27659,6 +27665,7 @@
CVE-2017-10909
RESERVED
CVE-2017-10908 [h2o 2.2.x: crash when handling malformed HTTP/2 request]
+ RESERVED
- h2o 2.2.4+dfsg-1 (medium)
NOTE: https://github.com/h2o/h2o/issues/1544
CVE-2017-10907
@@ -27732,6 +27739,7 @@
CVE-2017-10873 (OpenAM (Open Source Edition) allows an attacker to bypass ...)
NOT-FOR-US: OpenAM
CVE-2017-10872 [h2o: 2.2.x: crash when logging TLS 1.3 properties in h2o]
+ RESERVED
- h2o 2.2.4+dfsg-1 (medium)
NOTE: https://github.com/h2o/h2o/issues/1543
CVE-2017-10871 (Buffer overflow in NTT DOCOMO Wi-Fi STATION L-02F Software
version ...)
@@ -27739,9 +27747,11 @@
CVE-2017-10870 (Memory corruption vulnerability in Rakuraku Hagaki (Rakuraku
Hagaki ...)
NOT-FOR-US: Rakuraku Hagaki
CVE-2017-10869 [h2o 2.2.x: stack overflow when sending huge request body to
upstream]
+ RESERVED
- h2o 2.2.3+dfsg-1 (medium)
NOTE: https://github.com/h2o/h2o/issues/1460
CVE-2017-10868 [h2o 2.2.x: crash when receiving HTTP/1 request with invalid
framing]
+ RESERVED
- h2o 2.2.3+dfsg-1 (medium)
NOTE: https://github.com/h2o/h2o/issues/1459
CVE-2017-10867
@@ -42364,14 +42374,14 @@
NOT-FOR-US: F5 BIG-IP
NOTE: https://support.f5.com/csp/article/K21905460
NOTE: https://robotattack.org/
-CVE-2017-6167
- RESERVED
+CVE-2017-6167 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link
Controller, ...)
+ TODO: check
CVE-2017-6166 (In BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link
Controller, ...)
NOT-FOR-US: F5 BIG-IP
CVE-2017-6165 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link
...)
NOT-FOR-US: F5 BIG-IP
-CVE-2017-6164
- RESERVED
+CVE-2017-6164 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge
Gateway, ...)
+ TODO: check
CVE-2017-6163 (In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, PSM
...)
NOT-FOR-US: F5 BIG-IP
CVE-2017-6162 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge
Gateway, ...)
@@ -42396,8 +42406,8 @@
RESERVED
CVE-2017-6152
RESERVED
-CVE-2017-6151
- RESERVED
+CVE-2017-6151 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge
Gateway, ...)
+ TODO: check
CVE-2017-6150
RESERVED
CVE-2017-6149
@@ -42418,30 +42428,30 @@
RESERVED
CVE-2017-6141 (In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, and
...)
NOT-FOR-US: F5 BIG-IP
-CVE-2017-6140
- RESERVED
-CVE-2017-6139
- RESERVED
-CVE-2017-6138
- RESERVED
+CVE-2017-6140 (On the BIG-IP 2000s, 2200s, 4000s, 4200v, i5600, i5800, i7600,
i7800, ...)
+ TODO: check
+CVE-2017-6139 (In F5 BIG-IP APM software version 13.0.0 and 12.1.2, under rare
...)
+ TODO: check
+CVE-2017-6138 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link
...)
+ TODO: check
CVE-2017-6137 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge
Gateway, ...)
NOT-FOR-US: F5
-CVE-2017-6136
- RESERVED
-CVE-2017-6135
- RESERVED
-CVE-2017-6134
- RESERVED
-CVE-2017-6133
- RESERVED
-CVE-2017-6132
- RESERVED
+CVE-2017-6136 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link
...)
+ TODO: check
+CVE-2017-6135 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link
...)
+ TODO: check
+CVE-2017-6134 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link
...)
+ TODO: check
+CVE-2017-6133 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link
Controller, ...)
+ TODO: check
+CVE-2017-6132 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link
...)
+ TODO: check
CVE-2017-6131 (In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2
and ...)
NOT-FOR-US: F5
CVE-2017-6130 (F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is
...)
NOT-FOR-US: F5
-CVE-2017-6129
- RESERVED
+CVE-2017-6129 (In F5 BIG-IP APM software version 13.0.0 and 12.1.2, in some
...)
+ TODO: check
CVE-2017-6128 (An attacker may be able to cause a denial-of-service (DoS)
attack ...)
NOT-FOR-US: F5
CVE-2017-6188 (Munin before 2.999.6 has a local file write vulnerability when
CGI ...)
@@ -45894,6 +45904,7 @@
CVE-2017-5181
REJECTED
CVE-2017-5196 (Irssi 0.8.18 before 0.8.21 allows remote attackers to cause a
denial ...)
+ {DLA-1217-1}
- irssi 0.8.21-1 (bug #850403)
[jessie] - irssi <not-affected> (Affects only 0.8.18 and later)
[wheezy] - irssi <not-affected> (Affects only 0.8.18 and later)
@@ -45908,12 +45919,14 @@
NOTE:
https://github.com/irssi/irssi/commit/6c6c42e3d1b49d90aacc0b67f8540471cae02a1d
NOTE: https://irssi.org/security/irssi_sa_2017_01.txt
CVE-2017-5194 (Use-after-free vulnerability in Irssi before 0.8.21 allows
remote ...)
+ {DLA-1217-1}
- irssi 0.8.21-1 (bug #850403)
[jessie] - irssi 0.8.17-1+deb8u3
NOTE: http://www.openwall.com/lists/oss-security/2017/01/05/2
NOTE:
https://github.com/irssi/irssi/commit/6c6c42e3d1b49d90aacc0b67f8540471cae02a1d
NOTE: https://irssi.org/security/irssi_sa_2017_01.txt
CVE-2017-5193 (The nickcmp function in Irssi before 0.8.21 allows remote
attackers to ...)
+ {DLA-1217-1}
- irssi 0.8.21-1 (bug #850403)
[jessie] - irssi 0.8.17-1+deb8u3
NOTE: http://www.openwall.com/lists/oss-security/2017/01/05/2
@@ -60279,14 +60292,14 @@
NOT-FOR-US: Nessus
CVE-2017-0305 (F5 SSL Intercept iApp version 1.5.0 - 1.5.7 is vulnerable to an
...)
NOT-FOR-US: F5
-CVE-2017-0304
- RESERVED
+CVE-2017-0304 (A SQL injection vulnerability exists in the BIG-IP AFM
management UI ...)
+ TODO: check
CVE-2017-0303 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link
...)
NOT-FOR-US: F5
CVE-2017-0302 (In F5 BIG-IP APM 12.0.0 through 12.1.2 and 13.0.0, an
authenticated ...)
NOT-FOR-US: F5
-CVE-2017-0301
- RESERVED
+CVE-2017-0301 (In F5 BIG-IP APM software versions 11.5.0, 11.5.1, 11.5.2,
11.5.3, ...)
+ TODO: check
CVE-2016-9266 (listmp3.c in libming 0.4.7 allows remote attackers to
unspecified ...)
{DLA-799-1}
- ming <removed> (bug #843928)
@@ -94498,8 +94511,7 @@
NOT-FOR-US: Fieldable Panels Panes module for Drupal
CVE-2015-7226 (The Administration Views module 7.x-1.x before 7.x-1.5 for
Drupal ...)
NOT-FOR-US: Administration Views module for Drupal
-CVE-2015-7224
- RESERVED
+CVE-2015-7224 (puppetlabs-mysql 3.1.0 through 3.6.0 allow remote attackers to
bypass ...)
- puppet-module-puppetlabs-mysql 3.6.1-1
[jessie] - puppet-module-puppetlabs-mysql <not-affected> (Vulnerable
code not present)
CVE-2015-7295 (hw/virtio/virtio.c in the Virtual Network Device (virtio-net)
support ...)
@@ -103151,8 +103163,8 @@
RESERVED
CVE-2015-4101
RESERVED
-CVE-2015-4100
- RESERVED
+CVE-2015-4100 (Puppet Enterprise 3.7.x and 3.8.0 might allow remote
authenticated ...)
+ TODO: check
CVE-2015-4099
RESERVED
CVE-2015-4098
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
