Author: sectracker
Date: 2017-12-27 21:10:22 +0000 (Wed, 27 Dec 2017)
New Revision: 58969
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-27 18:53:50 UTC (rev 58968)
+++ data/CVE/list 2017-12-27 21:10:22 UTC (rev 58969)
@@ -1,3 +1,73 @@
+CVE-2018-3609
+ RESERVED
+CVE-2018-3608
+ RESERVED
+CVE-2018-3607
+ RESERVED
+CVE-2018-3606
+ RESERVED
+CVE-2018-3605
+ RESERVED
+CVE-2018-3604
+ RESERVED
+CVE-2018-3603
+ RESERVED
+CVE-2018-3602
+ RESERVED
+CVE-2018-3601
+ RESERVED
+CVE-2018-3600
+ RESERVED
+CVE-2017-17935 (The File_read_line function in epan/wslua/wslua_file.c in
Wireshark ...)
+ TODO: check
+CVE-2017-17934 (ImageMagick 7.0.7-17 Q16 x86_64 has memory leaks in
coders/msl.c, ...)
+ TODO: check
+CVE-2017-17933
+ RESERVED
+CVE-2017-17932
+ RESERVED
+CVE-2017-17931 (PHP Scripts Mall Resume Clone Script has SQL Injection via the
...)
+ TODO: check
+CVE-2017-17930 (PHP Scripts Mall Professional Service Script has CSRF via ...)
+ TODO: check
+CVE-2017-17929 (PHP Scripts Mall Professional Service Script has XSS via the
...)
+ TODO: check
+CVE-2017-17928 (PHP Scripts Mall Professional Service Script has SQL injection
via the ...)
+ TODO: check
+CVE-2017-17927 (PHP Scripts Mall Professional Service Script allows remote
attackers to ...)
+ TODO: check
+CVE-2017-17926 (PHP Scripts Mall Professional Service Script has a predicable
...)
+ TODO: check
+CVE-2017-17925 (PHP Scripts Mall Professional Service Script has XSS via the
...)
+ TODO: check
+CVE-2017-17924 (PHP Scripts Mall Professional Service Script allows remote
attackers to ...)
+ TODO: check
+CVE-2017-17923
+ RESERVED
+CVE-2017-17922
+ RESERVED
+CVE-2017-17921
+ RESERVED
+CVE-2017-17920
+ RESERVED
+CVE-2017-17919
+ RESERVED
+CVE-2017-17918
+ RESERVED
+CVE-2017-17917
+ RESERVED
+CVE-2017-17916
+ RESERVED
+CVE-2017-17915 (In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a
heap-based ...)
+ TODO: check
+CVE-2017-17914 (In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the
function ...)
+ TODO: check
+CVE-2017-17913 (In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a
stack-based ...)
+ TODO: check
+CVE-2017-17912 (In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a
heap-based ...)
+ TODO: check
+CVE-2017-17911 (packages/core/contact.php in Archon 3.21 rev-1 has XSS in the
referer ...)
+ TODO: check
CVE-2017-17910
RESERVED
CVE-2017-17909 (PHP Scripts Mall Responsive Realestate Script has XSS via the
...)
@@ -107,10 +177,10 @@
NOT-FOR-US: Valve Steam Link
CVE-2017-17877 (An issue was discovered in Valve Steam Link build 643. When
the SSH ...)
NOT-FOR-US: Valve Steam Link
-CVE-2017-17876
- RESERVED
-CVE-2017-17875
- RESERVED
+CVE-2017-17876 (Biometric Shift Employee Management System 3.0 allows remote
attackers ...)
+ TODO: check
+CVE-2017-17875 (The JEXTN FAQ Pro extension 4.0.0 for Joomla! has SQL
Injection via the ...)
+ TODO: check
CVE-2017-17874 (Vanguard Marketplace Digital Products PHP 1.4 allows arbitrary
file ...)
NOT-FOR-US: Vanguard Marketplace Digital Products PHP
CVE-2017-17873 (Vanguard Marketplace Digital Products PHP 1.4 has SQL
Injection via the ...)
@@ -10608,8 +10678,8 @@
RESERVED
CVE-2017-16769
RESERVED
-CVE-2017-16768
- RESERVED
+CVE-2017-16768 (Cross-site scripting (XSS) vulnerability in User Policy editor
in ...)
+ TODO: check
CVE-2017-16767
RESERVED
CVE-2017-16766 (An improper access control vulnerability in synodsmnotify in
Synology ...)
@@ -21074,8 +21144,8 @@
NOTE: https://github.com/ImageMagick/ImageMagick/issues/666
CVE-2017-13057
RESERVED
-CVE-2017-13056
- RESERVED
+CVE-2017-13056 (The launchURL function in PDF-XChange Viewer 2.5 (Build 314.0)
might ...)
+ TODO: check
CVE-2017-13055 (The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer
over-read in ...)
{DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
@@ -25352,32 +25422,28 @@
RESERVED
CVE-2017-11699
RESERVED
-CVE-2017-11698 [heap-buffer-overflow (write of size 2) in __get_page
(lib/dbm/src/h_page.c:704)]
- RESERVED
+CVE-2017-11698 (Heap-based buffer overflow in the __get_page function in ...)
- nss <unfixed> (bug #873259; unimportant)
NOTE: Issues triggered by crafted DBM databases, which would
NOTE: require local user access to a machine running NSS and
NOTE: crafting the local DBM files.
NOTE: http://seclists.org/fulldisclosure/2017/Aug/17
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1360779
-CVE-2017-11697 [Floating Point Exception in __hash_open (hash.c:229)]
- RESERVED
+CVE-2017-11697 (The __hash_open function in hash.c:229 in Mozilla Network
Security ...)
- nss <unfixed> (bug #873258; unimportant)
NOTE: Issues triggered by crafted DBM databases, which would
NOTE: require local user access to a machine running NSS and
NOTE: crafting the local DBM files.
NOTE: http://seclists.org/fulldisclosure/2017/Aug/17
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1360900
-CVE-2017-11696 [heap-buffer-overflow (write of size 65544) in __hash_open
(lib/dbm/src/hash.c:241)]
- RESERVED
+CVE-2017-11696 (Heap-based buffer overflow in the __hash_open function in ...)
- nss <unfixed> (bug #873257; unimportant)
NOTE: Issues triggered by crafted DBM databases, which would
NOTE: require local user access to a machine running NSS and
NOTE: crafting the local DBM files.
NOTE: http://seclists.org/fulldisclosure/2017/Aug/17
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1360778
-CVE-2017-11695 [heap-buffer-overflow (write of size 8) in alloc_segs
(lib/dbm/src/hash.c:1105)]
- RESERVED
+CVE-2017-11695 (Heap-based buffer overflow in the alloc_segs function in ...)
- nss <unfixed> (bug #873256; unimportant)
NOTE: Issues triggered by crafted DBM databases, which would
NOTE: require local user access to a machine running NSS and
@@ -27967,8 +28033,8 @@
NOT-FOR-US: IrfanView
CVE-2017-10924 (IrfanView 4.44 (32bit) with FPX Plugin 4.47 allows attackers
to execute ...)
NOT-FOR-US: IrfanView
-CVE-2017-10910
- RESERVED
+CVE-2017-10910 (MQTT.js 2.x.x prior to 2.15.0 issue in handling PUBLISH
tickets may ...)
+ TODO: check
CVE-2017-10909 (Untrusted search path vulnerability in Music Center for PC
version ...)
NOT-FOR-US: Music Center for PC
CVE-2017-10908 (H2O version 2.2.3 and earlier allows remote attackers to cause
a ...)
@@ -31550,8 +31616,7 @@
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d2ab84732936b6e7e5a461dc94344902965e9a06
CVE-2017-9609 (Cross-site scripting (XSS) vulnerability in Blackcat CMS 1.2
allows ...)
NOT-FOR-US: Blackcat CMS
-CVE-2017-9608 [NULL pointer exception]
- RESERVED
+CVE-2017-9608 (The dnxhd decoder in FFmpeg before 3.2.6, and 3.3.x before
3.3.3 ...)
{DSA-3957-1}
- ffmpeg 7:3.3.3-1
NOTE: http://www.openwall.com/lists/oss-security/2017/08/14/1
@@ -55624,8 +55689,8 @@
RESERVED
CVE-2017-1699
RESERVED
-CVE-2017-1698
- RESERVED
+CVE-2017-1698 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could reveal
sensitive ...)
+ TODO: check
CVE-2017-1697
RESERVED
CVE-2017-1696 (IBM QRadar 7.2 and 7.3 could allow a remote authenticated
attacker to ...)
@@ -56290,8 +56355,8 @@
RESERVED
CVE-2017-1366
RESERVED
-CVE-2017-1365
- RESERVED
+CVE-2017-1365 (IBM Team Concert (RTC including IBM Rational Collaborative
Lifecycle ...)
+ TODO: check
CVE-2017-1364 (IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site
scripting. This ...)
NOT-FOR-US: IBM
CVE-2017-1363 (IBM Team Concert (RTC) is vulnerable to cross-site scripting.
This ...)
@@ -56638,8 +56703,8 @@
NOT-FOR-US: IBM
CVE-2017-1192 (IBM Sterling B2B Integrator 5.2 is vulnerable to an XML
External ...)
NOT-FOR-US: IBM
-CVE-2017-1191
- RESERVED
+CVE-2017-1191 (An undisclosed vulnerability in CLM applications (including IBM
...)
+ TODO: check
CVE-2017-1190 (IBM Emptoris Strategic Supply Management Platform 10.x and 10.1
could ...)
NOT-FOR-US: IBM
CVE-2017-1189 (IBM WebSphere Portal and Web Content Manager 6.1, 7.0, and 8.0
is ...)
@@ -67955,8 +68020,8 @@
NOT-FOR-US: Nvidia driver for Android
CVE-2016-6915 (Stack-based buffer overflow in nvhost_job.c in the NVIDIA video
driver ...)
NOT-FOR-US: Nvidia driver for Android
-CVE-2016-6914
- RESERVED
+CVE-2016-6914 (Ubiquiti UniFi Video before 3.8.0 for Windows uses weak
permissions ...)
+ TODO: check
CVE-2016-6913 (Cross-site scripting (XSS) vulnerability in AlienVault OSSIM
before ...)
NOT-FOR-US: OSSIM
CVE-2016-6912 (Double free vulnerability in the gdImageWebPtr function in the
GD ...)
@@ -92896,8 +92961,8 @@
NOT-FOR-US: Samsung Graphics 2D driver on Samsung devices with Android
CVE-2015-7890
RESERVED
-CVE-2015-7889
- RESERVED
+CVE-2015-7889 (The SecEmailComposer/EmailComposer application in the Samsung
S6 Edge ...)
+ TODO: check
CVE-2015-7888 (Directory traversal vulnerability in the WifiHs20UtilityService
on the ...)
NOT-FOR-US: WifiHs20UtilityService on Samsung S6 Edge
LRX22G.G925VVRU1AOE2
CVE-2015-7887 (NetApp SnapCenter Server 1.0 allows remote authenticated users
to list ...)
@@ -93632,14 +93697,14 @@
RESERVED
CVE-2015-7670 (Multiple SQL injection vulnerabilities in includes/update.php
in the ...)
NOT-FOR-US: Support Ticket System plugin for WordPress
-CVE-2015-7669
- RESERVED
-CVE-2015-7668
- RESERVED
-CVE-2015-7667
- RESERVED
-CVE-2015-7666
- RESERVED
+CVE-2015-7669 (Multiple directory traversal vulnerabilities in (1) ...)
+ TODO: check
+CVE-2015-7668 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2015-7667 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
+ TODO: check
+CVE-2015-7666 (Multiple cross-site scripting (XSS) vulnerabilities in the (1)
...)
+ TODO: check
CVE-2015-7664
RESERVED
CVE-2015-7663 (Use-after-free vulnerability in Adobe Flash Player before
18.0.0.261 ...)
@@ -94613,8 +94678,8 @@
NOT-FOR-US: Milton Webdav
CVE-2015-7325
RESERVED
-CVE-2015-7324
- RESERVED
+CVE-2015-7324 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
CVE-2015-7323 (The Secure Meeting (Pulse Collaboration) in Pulse Connect
Secure ...)
NOT-FOR-US: Pulse Connect Secure
CVE-2015-7322 (The Secure Meeting (Pulse Collaboration) in Pulse Connect
Secure ...)
@@ -97390,8 +97455,8 @@
RESERVED
CVE-2015-6238 (Multiple cross-site scripting (XSS) vulnerabilities in the
Google ...)
NOT-FOR-US: Google Analyticator plugin for WordPress
-CVE-2015-6237
- RESERVED
+CVE-2015-6237 (The RPC service in Tripwire (formerly nCircle) IP360 VnE
Manager 7.2.2 ...)
+ TODO: check
CVE-2015-6236
REJECTED
CVE-2015-6235
@@ -104827,8 +104892,8 @@
NOT-FOR-US: phpMyBackupPro
CVE-2015-3638 (phpMyBackupPro before 2.5 does not validate integer input,
which ...)
NOT-FOR-US: phpMyBackupPro
-CVE-2015-3637
- RESERVED
+CVE-2015-3637 (SQL injection vulnerability in phpMyBackupPro when run in
multi-user ...)
+ TODO: check
CVE-2015-3635
RESERVED
CVE-2015-3634 (The SlideshowPluginSlideshowStylesheet::loadStylesheetByAJAX
function ...)
@@ -119640,8 +119705,8 @@
NOT-FOR-US: Sendio
CVE-2014-8390 (Multiple buffer overflows in Schneider Electric VAMPSET before
2.2.168 ...)
NOT-FOR-US: Schneider Electric
-CVE-2014-8389
- RESERVED
+CVE-2014-8389 (cgi-bin/mft/wireless_mft.cgi in AirLive BU-2015 with firmware
1.03.18 ...)
+ TODO: check
CVE-2014-8388 (Stack-based buffer overflow in Advantech WebAccess, formerly
BroadWin ...)
NOT-FOR-US: Advantech WebAccess
CVE-2014-8387 (cgi/utility.cgi in Advantech EKI-6340 2.05 Wi-Fi Mesh Access
Point ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
