Author: sectracker Date: 2017-12-22 21:10:13 +0000 (Fri, 22 Dec 2017) New Revision: 58850
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-12-22 20:17:24 UTC (rev 58849) +++ data/CVE/list 2017-12-22 21:10:13 UTC (rev 58850) @@ -1,5 +1,25 @@ -CVE-2017-17832 +CVE-2017-17842 RESERVED +CVE-2017-17841 + RESERVED +CVE-2017-17840 (An issue was discovered in Open-iSCSI through 2.0.875. A local attacker ...) + TODO: check +CVE-2017-17839 + RESERVED +CVE-2017-17838 + RESERVED +CVE-2017-17837 + RESERVED +CVE-2017-17836 + RESERVED +CVE-2017-17835 + RESERVED +CVE-2017-17834 + RESERVED +CVE-2017-17833 + RESERVED +CVE-2017-17832 (ServersCheck Monitoring Software before 14.2.3 is prone to a ...) + TODO: check CVE-2017-XXXX [Multiple Enigmail issues] - enigmail 2:1.9.9-1 [stretch] - enigmail 2:1.9.9-1~deb9u1 @@ -8325,8 +8345,8 @@ RESERVED CVE-2017-17011 RESERVED -CVE-2017-17010 - RESERVED +CVE-2017-17010 (Untrusted search path vulnerability in Content Manager Assistant for ...) + TODO: check CVE-2017-17009 RESERVED CVE-2017-17008 @@ -8359,15 +8379,13 @@ [wheezy] - eglibc <no-dsa> (Minor issue) NOTE: Upstream bug: https://sourceware.org/bugzilla/show_bug.cgi?id=22625 NOTE: Proposed patch: https://sourceware.org/ml/libc-alpha/2017-12/msg00528.html -CVE-2017-16996 - RESERVED +CVE-2017-16996 (kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local ...) - linux 4.14.7-1 [stretch] - linux <not-affected> (Vulnerable code introduced later) [jessie] - linux <not-affected> (Vulnerable code introduced later) [wheezy] - linux <not-affected> (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/0c17d1d2c61936401f4702e1846e2c19b200f958 -CVE-2017-16995 - RESERVED +CVE-2017-16995 (The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel ...) - linux 4.14.7-1 [jessie] - linux <not-affected> (Vulnerable code introduced later) [wheezy] - linux <not-affected> (Vulnerable code introduced later) @@ -10307,8 +10325,8 @@ RESERVED CVE-2017-16767 RESERVED -CVE-2017-16766 - RESERVED +CVE-2017-16766 (An improper access control vulnerability in synodsmnotify in Synology ...) + TODO: check CVE-2017-16765 (XSS exists on D-Link DWR-933 1.00(WW)B17 devices via cgi-bin/gui.cgi. ...) NOT-FOR-US: D-Link CVE-2017-16764 (An exploitable vulnerability exists in the YAML parsing functionality ...) @@ -14306,50 +14324,50 @@ RESERVED CVE-2017-15329 RESERVED -CVE-2017-15328 - RESERVED +CVE-2017-15328 (Huawei HG8245H version earlier than V300R018C00SPC110 has an ...) + TODO: check CVE-2017-15327 RESERVED CVE-2017-15326 RESERVED CVE-2017-15325 RESERVED -CVE-2017-15324 - RESERVED +CVE-2017-15324 (Huawei S12700 V200R006C00, V200R007C00, V200R007C01, V200R007C20, ...) + TODO: check CVE-2017-15323 RESERVED -CVE-2017-15322 - RESERVED -CVE-2017-15321 - RESERVED -CVE-2017-15320 - RESERVED -CVE-2017-15319 - RESERVED -CVE-2017-15318 - RESERVED -CVE-2017-15317 - RESERVED -CVE-2017-15316 - RESERVED +CVE-2017-15322 (Some Huawei smartphones with software of BGO-L03C158B003CUSTC158D001 ...) + TODO: check +CVE-2017-15321 (Huawei FusionSphere OpenStack V100R006C000SPC102 (NFV) has an ...) + TODO: check +CVE-2017-15320 (RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, ...) + TODO: check +CVE-2017-15319 (RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, ...) + TODO: check +CVE-2017-15318 (RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, ...) + TODO: check +CVE-2017-15317 (AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR1200 ...) + TODO: check +CVE-2017-15316 (The GPU driver of Mate 9 Huawei smart phones with software before ...) + TODO: check CVE-2017-15315 RESERVED CVE-2017-15314 RESERVED -CVE-2017-15313 - RESERVED -CVE-2017-15312 - RESERVED -CVE-2017-15311 - RESERVED -CVE-2017-15310 - RESERVED -CVE-2017-15309 - RESERVED -CVE-2017-15308 - RESERVED -CVE-2017-15307 - RESERVED +CVE-2017-15313 (Huawei SmartCare V200R003C10 has a CSV injection vulnerability. An ...) + TODO: check +CVE-2017-15312 (Huawei SmartCare V200R003C10 has a stored XSS (cross-site scripting) ...) + TODO: check +CVE-2017-15311 (The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro ...) + TODO: check +CVE-2017-15310 (Huawei iReader app before 8.0.2.301 has an arbitrary file deletion ...) + TODO: check +CVE-2017-15309 (Huawei iReader app before 8.0.2.301 has a path traversal vulnerability ...) + TODO: check +CVE-2017-15308 (Huawei iReader app before 8.0.2.301 has an input validation ...) + TODO: check +CVE-2017-15307 (Huawei Honor 8 smartphone with software versions earlier than ...) + TODO: check CVE-2017-15306 (The kvm_vm_ioctl_check_extension function in arch/powerpc/kvm/powerpc.c ...) - linux 4.13.13-1 [stretch] - linux 4.9.65-1 @@ -27660,14 +27678,13 @@ NOT-FOR-US: IrfanView CVE-2017-10910 RESERVED -CVE-2017-10909 - RESERVED -CVE-2017-10908 [h2o 2.2.x: crash when handling malformed HTTP/2 request] - RESERVED +CVE-2017-10909 (Untrusted search path vulnerability in Music Center for PC version ...) + TODO: check +CVE-2017-10908 (H2O version 2.2.3 and earlier allows remote attackers to cause a ...) - h2o 2.2.4+dfsg-1 (medium) NOTE: https://github.com/h2o/h2o/issues/1544 -CVE-2017-10907 - RESERVED +CVE-2017-10907 (Directory traversal vulnerability in OneThird CMS Show Off v1.85 and ...) + TODO: check CVE-2017-10906 (Escape sequence injection vulnerability in Fluentd versions 0.12.29 ...) NOT-FOR-US: Fluentd CVE-2017-10905 (A vulnerability in applications created using Qt for Android prior to ...) @@ -27736,20 +27753,17 @@ NOT-FOR-US: PWR-Q200 CVE-2017-10873 (OpenAM (Open Source Edition) allows an attacker to bypass ...) NOT-FOR-US: OpenAM -CVE-2017-10872 [h2o: 2.2.x: crash when logging TLS 1.3 properties in h2o] - RESERVED +CVE-2017-10872 (H2O version 2.2.3 and earlier allows remote attackers to cause a ...) - h2o 2.2.4+dfsg-1 (medium) NOTE: https://github.com/h2o/h2o/issues/1543 CVE-2017-10871 (Buffer overflow in NTT DOCOMO Wi-Fi STATION L-02F Software version ...) NOT-FOR-US: NTT DOCOMO Wi-Fi STATION L-02F Software CVE-2017-10870 (Memory corruption vulnerability in Rakuraku Hagaki (Rakuraku Hagaki ...) NOT-FOR-US: Rakuraku Hagaki -CVE-2017-10869 [h2o 2.2.x: stack overflow when sending huge request body to upstream] - RESERVED +CVE-2017-10869 (Buffer overflow in H2O version 2.2.2 and earlier allows remote ...) - h2o 2.2.3+dfsg-1 (medium) NOTE: https://github.com/h2o/h2o/issues/1460 -CVE-2017-10868 [h2o 2.2.x: crash when receiving HTTP/1 request with invalid framing] - RESERVED +CVE-2017-10868 (H2O version 2.2.2 and earlier allows remote attackers to cause a ...) - h2o 2.2.3+dfsg-1 (medium) NOTE: https://github.com/h2o/h2o/issues/1459 CVE-2017-10867 @@ -45453,6 +45467,7 @@ NOTE: https://wpvulndb.com/vulnerabilities/8721 NOTE: https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4 CVE-2017-5356 (Irssi before 0.8.21 allows remote attackers to cause a denial of ...) + {DLA-1217-1} - irssi 0.8.21-1 (low) [jessie] - irssi 0.8.17-1+deb8u3 NOTE: https://github.com/irssi/irssi/commit/6c6c42e3d1b49d90aacc0b67f8540471cae02a1d @@ -45902,7 +45917,6 @@ CVE-2017-5181 REJECTED CVE-2017-5196 (Irssi 0.8.18 before 0.8.21 allows remote attackers to cause a denial ...) - {DLA-1217-1} - irssi 0.8.21-1 (bug #850403) [jessie] - irssi <not-affected> (Affects only 0.8.18 and later) [wheezy] - irssi <not-affected> (Affects only 0.8.18 and later) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits