Author: sectracker
Date: 2017-12-22 21:10:13 +0000 (Fri, 22 Dec 2017)
New Revision: 58850
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-22 20:17:24 UTC (rev 58849)
+++ data/CVE/list 2017-12-22 21:10:13 UTC (rev 58850)
@@ -1,5 +1,25 @@
-CVE-2017-17832
+CVE-2017-17842
RESERVED
+CVE-2017-17841
+ RESERVED
+CVE-2017-17840 (An issue was discovered in Open-iSCSI through 2.0.875. A local
attacker ...)
+ TODO: check
+CVE-2017-17839
+ RESERVED
+CVE-2017-17838
+ RESERVED
+CVE-2017-17837
+ RESERVED
+CVE-2017-17836
+ RESERVED
+CVE-2017-17835
+ RESERVED
+CVE-2017-17834
+ RESERVED
+CVE-2017-17833
+ RESERVED
+CVE-2017-17832 (ServersCheck Monitoring Software before 14.2.3 is prone to a
...)
+ TODO: check
CVE-2017-XXXX [Multiple Enigmail issues]
- enigmail 2:1.9.9-1
[stretch] - enigmail 2:1.9.9-1~deb9u1
@@ -8325,8 +8345,8 @@
RESERVED
CVE-2017-17011
RESERVED
-CVE-2017-17010
- RESERVED
+CVE-2017-17010 (Untrusted search path vulnerability in Content Manager
Assistant for ...)
+ TODO: check
CVE-2017-17009
RESERVED
CVE-2017-17008
@@ -8359,15 +8379,13 @@
[wheezy] - eglibc <no-dsa> (Minor issue)
NOTE: Upstream bug:
https://sourceware.org/bugzilla/show_bug.cgi?id=22625
NOTE: Proposed patch:
https://sourceware.org/ml/libc-alpha/2017-12/msg00528.html
-CVE-2017-16996
- RESERVED
+CVE-2017-16996 (kernel/bpf/verifier.c in the Linux kernel through 4.14.8
allows local ...)
- linux 4.14.7-1
[stretch] - linux <not-affected> (Vulnerable code introduced later)
[jessie] - linux <not-affected> (Vulnerable code introduced later)
[wheezy] - linux <not-affected> (Vulnerable code introduced later)
NOTE:
https://git.kernel.org/linus/0c17d1d2c61936401f4702e1846e2c19b200f958
-CVE-2017-16995
- RESERVED
+CVE-2017-16995 (The check_alu_op function in kernel/bpf/verifier.c in the
Linux kernel ...)
- linux 4.14.7-1
[jessie] - linux <not-affected> (Vulnerable code introduced later)
[wheezy] - linux <not-affected> (Vulnerable code introduced later)
@@ -10307,8 +10325,8 @@
RESERVED
CVE-2017-16767
RESERVED
-CVE-2017-16766
- RESERVED
+CVE-2017-16766 (An improper access control vulnerability in synodsmnotify in
Synology ...)
+ TODO: check
CVE-2017-16765 (XSS exists on D-Link DWR-933 1.00(WW)B17 devices via
cgi-bin/gui.cgi. ...)
NOT-FOR-US: D-Link
CVE-2017-16764 (An exploitable vulnerability exists in the YAML parsing
functionality ...)
@@ -14306,50 +14324,50 @@
RESERVED
CVE-2017-15329
RESERVED
-CVE-2017-15328
- RESERVED
+CVE-2017-15328 (Huawei HG8245H version earlier than V300R018C00SPC110 has an
...)
+ TODO: check
CVE-2017-15327
RESERVED
CVE-2017-15326
RESERVED
CVE-2017-15325
RESERVED
-CVE-2017-15324
- RESERVED
+CVE-2017-15324 (Huawei S12700 V200R006C00, V200R007C00, V200R007C01,
V200R007C20, ...)
+ TODO: check
CVE-2017-15323
RESERVED
-CVE-2017-15322
- RESERVED
-CVE-2017-15321
- RESERVED
-CVE-2017-15320
- RESERVED
-CVE-2017-15319
- RESERVED
-CVE-2017-15318
- RESERVED
-CVE-2017-15317
- RESERVED
-CVE-2017-15316
- RESERVED
+CVE-2017-15322 (Some Huawei smartphones with software of
BGO-L03C158B003CUSTC158D001 ...)
+ TODO: check
+CVE-2017-15321 (Huawei FusionSphere OpenStack V100R006C000SPC102 (NFV) has an
...)
+ TODO: check
+CVE-2017-15320 (RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00,
...)
+ TODO: check
+CVE-2017-15319 (RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00,
...)
+ TODO: check
+CVE-2017-15318 (RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00,
...)
+ TODO: check
+CVE-2017-15317 (AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30;
AR1200 ...)
+ TODO: check
+CVE-2017-15316 (The GPU driver of Mate 9 Huawei smart phones with software
before ...)
+ TODO: check
CVE-2017-15315
RESERVED
CVE-2017-15314
RESERVED
-CVE-2017-15313
- RESERVED
-CVE-2017-15312
- RESERVED
-CVE-2017-15311
- RESERVED
-CVE-2017-15310
- RESERVED
-CVE-2017-15309
- RESERVED
-CVE-2017-15308
- RESERVED
-CVE-2017-15307
- RESERVED
+CVE-2017-15313 (Huawei SmartCare V200R003C10 has a CSV injection
vulnerability. An ...)
+ TODO: check
+CVE-2017-15312 (Huawei SmartCare V200R003C10 has a stored XSS (cross-site
scripting) ...)
+ TODO: check
+CVE-2017-15311 (The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9
Pro ...)
+ TODO: check
+CVE-2017-15310 (Huawei iReader app before 8.0.2.301 has an arbitrary file
deletion ...)
+ TODO: check
+CVE-2017-15309 (Huawei iReader app before 8.0.2.301 has a path traversal
vulnerability ...)
+ TODO: check
+CVE-2017-15308 (Huawei iReader app before 8.0.2.301 has an input validation
...)
+ TODO: check
+CVE-2017-15307 (Huawei Honor 8 smartphone with software versions earlier than
...)
+ TODO: check
CVE-2017-15306 (The kvm_vm_ioctl_check_extension function in
arch/powerpc/kvm/powerpc.c ...)
- linux 4.13.13-1
[stretch] - linux 4.9.65-1
@@ -27660,14 +27678,13 @@
NOT-FOR-US: IrfanView
CVE-2017-10910
RESERVED
-CVE-2017-10909
- RESERVED
-CVE-2017-10908 [h2o 2.2.x: crash when handling malformed HTTP/2 request]
- RESERVED
+CVE-2017-10909 (Untrusted search path vulnerability in Music Center for PC
version ...)
+ TODO: check
+CVE-2017-10908 (H2O version 2.2.3 and earlier allows remote attackers to cause
a ...)
- h2o 2.2.4+dfsg-1 (medium)
NOTE: https://github.com/h2o/h2o/issues/1544
-CVE-2017-10907
- RESERVED
+CVE-2017-10907 (Directory traversal vulnerability in OneThird CMS Show Off
v1.85 and ...)
+ TODO: check
CVE-2017-10906 (Escape sequence injection vulnerability in Fluentd versions
0.12.29 ...)
NOT-FOR-US: Fluentd
CVE-2017-10905 (A vulnerability in applications created using Qt for Android
prior to ...)
@@ -27736,20 +27753,17 @@
NOT-FOR-US: PWR-Q200
CVE-2017-10873 (OpenAM (Open Source Edition) allows an attacker to bypass ...)
NOT-FOR-US: OpenAM
-CVE-2017-10872 [h2o: 2.2.x: crash when logging TLS 1.3 properties in h2o]
- RESERVED
+CVE-2017-10872 (H2O version 2.2.3 and earlier allows remote attackers to cause
a ...)
- h2o 2.2.4+dfsg-1 (medium)
NOTE: https://github.com/h2o/h2o/issues/1543
CVE-2017-10871 (Buffer overflow in NTT DOCOMO Wi-Fi STATION L-02F Software
version ...)
NOT-FOR-US: NTT DOCOMO Wi-Fi STATION L-02F Software
CVE-2017-10870 (Memory corruption vulnerability in Rakuraku Hagaki (Rakuraku
Hagaki ...)
NOT-FOR-US: Rakuraku Hagaki
-CVE-2017-10869 [h2o 2.2.x: stack overflow when sending huge request body to
upstream]
- RESERVED
+CVE-2017-10869 (Buffer overflow in H2O version 2.2.2 and earlier allows remote
...)
- h2o 2.2.3+dfsg-1 (medium)
NOTE: https://github.com/h2o/h2o/issues/1460
-CVE-2017-10868 [h2o 2.2.x: crash when receiving HTTP/1 request with invalid
framing]
- RESERVED
+CVE-2017-10868 (H2O version 2.2.2 and earlier allows remote attackers to cause
a ...)
- h2o 2.2.3+dfsg-1 (medium)
NOTE: https://github.com/h2o/h2o/issues/1459
CVE-2017-10867
@@ -45453,6 +45467,7 @@
NOTE: https://wpvulndb.com/vulnerabilities/8721
NOTE:
https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4
CVE-2017-5356 (Irssi before 0.8.21 allows remote attackers to cause a denial
of ...)
+ {DLA-1217-1}
- irssi 0.8.21-1 (low)
[jessie] - irssi 0.8.17-1+deb8u3
NOTE:
https://github.com/irssi/irssi/commit/6c6c42e3d1b49d90aacc0b67f8540471cae02a1d
@@ -45902,7 +45917,6 @@
CVE-2017-5181
REJECTED
CVE-2017-5196 (Irssi 0.8.18 before 0.8.21 allows remote attackers to cause a
denial ...)
- {DLA-1217-1}
- irssi 0.8.21-1 (bug #850403)
[jessie] - irssi <not-affected> (Affects only 0.8.18 and later)
[wheezy] - irssi <not-affected> (Affects only 0.8.18 and later)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
