Author: sectracker
Date: 2017-12-28 21:10:14 +0000 (Thu, 28 Dec 2017)
New Revision: 59006
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-28 20:44:59 UTC (rev 59005)
+++ data/CVE/list 2017-12-28 21:10:14 UTC (rev 59006)
@@ -1,3 +1,249 @@
+CVE-2018-3709
+ RESERVED
+CVE-2018-3708
+ RESERVED
+CVE-2018-3707
+ RESERVED
+CVE-2018-3706
+ RESERVED
+CVE-2018-3705
+ RESERVED
+CVE-2018-3704
+ RESERVED
+CVE-2018-3703
+ RESERVED
+CVE-2018-3702
+ RESERVED
+CVE-2018-3701
+ RESERVED
+CVE-2018-3700
+ RESERVED
+CVE-2018-3699
+ RESERVED
+CVE-2018-3698
+ RESERVED
+CVE-2018-3697
+ RESERVED
+CVE-2018-3696
+ RESERVED
+CVE-2018-3695
+ RESERVED
+CVE-2018-3694
+ RESERVED
+CVE-2018-3693
+ RESERVED
+CVE-2018-3692
+ RESERVED
+CVE-2018-3691
+ RESERVED
+CVE-2018-3690
+ RESERVED
+CVE-2018-3689
+ RESERVED
+CVE-2018-3688
+ RESERVED
+CVE-2018-3687
+ RESERVED
+CVE-2018-3686
+ RESERVED
+CVE-2018-3685
+ RESERVED
+CVE-2018-3684
+ RESERVED
+CVE-2018-3683
+ RESERVED
+CVE-2018-3682
+ RESERVED
+CVE-2018-3681
+ RESERVED
+CVE-2018-3680
+ RESERVED
+CVE-2018-3679
+ RESERVED
+CVE-2018-3678
+ RESERVED
+CVE-2018-3677
+ RESERVED
+CVE-2018-3676
+ RESERVED
+CVE-2018-3675
+ RESERVED
+CVE-2018-3674
+ RESERVED
+CVE-2018-3673
+ RESERVED
+CVE-2018-3672
+ RESERVED
+CVE-2018-3671
+ RESERVED
+CVE-2018-3670
+ RESERVED
+CVE-2018-3669
+ RESERVED
+CVE-2018-3668
+ RESERVED
+CVE-2018-3667
+ RESERVED
+CVE-2018-3666
+ RESERVED
+CVE-2018-3665
+ RESERVED
+CVE-2018-3664
+ RESERVED
+CVE-2018-3663
+ RESERVED
+CVE-2018-3662
+ RESERVED
+CVE-2018-3661
+ RESERVED
+CVE-2018-3660
+ RESERVED
+CVE-2018-3659
+ RESERVED
+CVE-2018-3658
+ RESERVED
+CVE-2018-3657
+ RESERVED
+CVE-2018-3656
+ RESERVED
+CVE-2018-3655
+ RESERVED
+CVE-2018-3654
+ RESERVED
+CVE-2018-3653
+ RESERVED
+CVE-2018-3652
+ RESERVED
+CVE-2018-3651
+ RESERVED
+CVE-2018-3650
+ RESERVED
+CVE-2018-3649
+ RESERVED
+CVE-2018-3648
+ RESERVED
+CVE-2018-3647
+ RESERVED
+CVE-2018-3646
+ RESERVED
+CVE-2018-3645
+ RESERVED
+CVE-2018-3644
+ RESERVED
+CVE-2018-3643
+ RESERVED
+CVE-2018-3642
+ RESERVED
+CVE-2018-3641
+ RESERVED
+CVE-2018-3640
+ RESERVED
+CVE-2018-3639
+ RESERVED
+CVE-2018-3638
+ RESERVED
+CVE-2018-3637
+ RESERVED
+CVE-2018-3636
+ RESERVED
+CVE-2018-3635
+ RESERVED
+CVE-2018-3634
+ RESERVED
+CVE-2018-3633
+ RESERVED
+CVE-2018-3632
+ RESERVED
+CVE-2018-3631
+ RESERVED
+CVE-2018-3630
+ RESERVED
+CVE-2018-3629
+ RESERVED
+CVE-2018-3628
+ RESERVED
+CVE-2018-3627
+ RESERVED
+CVE-2018-3626
+ RESERVED
+CVE-2018-3625
+ RESERVED
+CVE-2018-3624
+ RESERVED
+CVE-2018-3623
+ RESERVED
+CVE-2018-3622
+ RESERVED
+CVE-2018-3621
+ RESERVED
+CVE-2018-3620
+ RESERVED
+CVE-2018-3619
+ RESERVED
+CVE-2018-3618
+ RESERVED
+CVE-2018-3617
+ RESERVED
+CVE-2018-3616
+ RESERVED
+CVE-2018-3615
+ RESERVED
+CVE-2018-3614
+ RESERVED
+CVE-2018-3613
+ RESERVED
+CVE-2018-3612
+ RESERVED
+CVE-2018-3611
+ RESERVED
+CVE-2018-3610
+ RESERVED
+CVE-2017-17968
+ RESERVED
+CVE-2017-17967 (pptreader.dll in Kingsoft WPS Office 10.1.0.6930 allows remote
...)
+ TODO: check
+CVE-2017-17966
+ RESERVED
+CVE-2017-17965
+ RESERVED
+CVE-2017-17964
+ RESERVED
+CVE-2017-17963
+ RESERVED
+CVE-2017-17962
+ RESERVED
+CVE-2017-17961
+ RESERVED
+CVE-2017-17960 (PHP Scripts Mall PHP Multivendor Ecommerce has CSRF via ...)
+ TODO: check
+CVE-2017-17959 (PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection
via the ...)
+ TODO: check
+CVE-2017-17958 (PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the ...)
+ TODO: check
+CVE-2017-17957 (PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection
via the ...)
+ TODO: check
+CVE-2017-17956 (PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the ...)
+ TODO: check
+CVE-2017-17955 (PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the ...)
+ TODO: check
+CVE-2017-17954 (PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the ...)
+ TODO: check
+CVE-2017-17953 (PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the
category.php ...)
+ TODO: check
+CVE-2017-17952 (PHP Scripts Mall PHP Multivendor Ecommerce has a predicable
...)
+ TODO: check
+CVE-2017-17951 (PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection
via the ...)
+ TODO: check
+CVE-2017-17950 (Cells Blog 3.5 has SQL Injection via the pub_readpost.php ptid
...)
+ TODO: check
+CVE-2017-17949 (Cells Blog 3.5 has XSS via the pub_readpost.php fmid
parameter. ...)
+ TODO: check
+CVE-2017-17948 (Cells Blog 3.5 has XSS via the jfdname parameter in an
act=showpic ...)
+ TODO: check
+CVE-2017-17947
+ RESERVED
+CVE-2017-1000411
+ RESERVED
CVE-2017-17946
RESERVED
CVE-2017-17945
@@ -214,6 +460,7 @@
NOTE: ImageMagick-6:
https://github.com/ImageMagick/ImageMagick/commit/663b3b432c202cd2aeda7ea7e82b74cce51ab1cf
NOTE: webp support not enabled, see #806425
CVE-2017-17879 (In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a
heap-based ...)
+ {DSA-4074-1}
- imagemagick <unfixed> (bug #885125)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/906
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/72b3994a948a8a90dc664f3e7f72464878a31fbf
@@ -5822,6 +6069,7 @@
NOTE: POC:
https://github.com/xiaoqx/pocs/blob/master/hdf5/2-hdf5-null-pointer-H5O_pline_decode
NOTE: https://github.com/xiaoqx/pocs/blob/master/hdf5/readme.md
CVE-2017-17504 (ImageMagick before 7.0.7-12 has a coders/png.c ...)
+ {DSA-4074-1}
- imagemagick <unfixed> (bug #885340)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/872
NOTE: ImageMagick-6:
https://github.com/ImageMagick/ImageMagick/commit/ce3a586a43a7d13442587eb7f28d129557b6a135
@@ -5844,6 +6092,7 @@
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/1366f2dd9931
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/523/
CVE-2017-17499 (ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a ...)
+ {DSA-4074-1}
- imagemagick <unfixed> (bug #885339)
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/8c35502217c1879cb8257c617007282eee3fe1cc
NOTE: ImageMagick-6:
https://github.com/ImageMagick/ImageMagick/commit/dd96d671e4d5ae22c6894c302e8996c13f24c45a
@@ -6068,6 +6317,7 @@
[wheezy] - fossil <no-dsa> (Minor issue)
NOTE: https://www.fossil-scm.org/xfer/info/1f63db591c77108c
CVE-2017-17458 (In Mercurial before 4.4.1, it is possible that a specially
malformed ...)
+ {DLA-1224-1}
- mercurial 4.4.1-1
NOTE: https://bz.mercurial-scm.org/show_bug.cgi?id=5730
NOTE:
https://www.mercurial-scm.org/pipermail/mercurial-devel/2017-November/107333.html
@@ -11291,7 +11541,7 @@
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/785758bbbfcc
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/517/
CVE-2017-16546 (The ReadWPGImage function in coders/wpg.c in ImageMagick
7.0.7-9 does ...)
- {DSA-4040-1}
+ {DSA-4074-1 DSA-4040-1}
- imagemagick <unfixed> (bug #881392)
[wheezy] - imagemagick <not-affected> (Vulnerable code not present; PoC
from GitHub issue results in memory allocation exception thrown at
coders/wpg.c:1109 and valgrind does not report any issues)
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/2130bf6f89ded32ef0c88a11694f107c52566c53
@@ -13279,8 +13529,8 @@
NOT-FOR-US: Synology DiskStation Manager
CVE-2017-15893 (Directory traversal vulnerability in the
SYNO.FileStation.Extract in ...)
NOT-FOR-US: Synology File Station
-CVE-2017-15892
- RESERVED
+CVE-2017-15892 (Multiple cross-site scripting (XSS) vulnerabilities in Slash
Command ...)
+ TODO: check
CVE-2017-15891 (Improper access control vulnerability in SYNO.Cal.EventBase in
...)
NOT-FOR-US: Synology Calendar
CVE-2017-15890 (Cross-site scripting (XSS) vulnerability in Disclaimer in
Synology ...)
@@ -13291,8 +13541,8 @@
NOT-FOR-US: Synology
CVE-2017-15887 (An improper restriction of excessive authentication attempts
...)
NOT-FOR-US: Synology
-CVE-2017-15886
- RESERVED
+CVE-2017-15886 (Server-side request forgery (SSRF) vulnerability in Link
Preview in ...)
+ TODO: check
CVE-2017-15885 (Reflected XSS in the web administration portal on the Axis
2100 Network ...)
NOT-FOR-US: Axis
CVE-2017-15884 (In HashiCorp Vagrant VMware Fusion plugin (aka
vagrant-vmware-fusion) ...)
@@ -13695,7 +13945,7 @@
CVE-2017-15712
RESERVED
CVE-2017-15711
- RESERVED
+ REJECTED
CVE-2017-15710
RESERVED
CVE-2017-15709
@@ -13807,8 +14057,8 @@
RESERVED
CVE-2017-15668
RESERVED
-CVE-2017-15667
- RESERVED
+CVE-2017-15667 (In Flexense SysGauge Server 3.6.18, the Control Protocol
suffers from a ...)
+ TODO: check
CVE-2017-15666
RESERVED
CVE-2017-15665
@@ -22328,7 +22578,7 @@
CVE-2014-10039
RESERVED
CVE-2017-12877 (Use-after-free vulnerability in the DestroyImage function in
image.c ...)
- {DSA-4040-1 DLA-1081-1}
+ {DSA-4074-1 DSA-4040-1 DLA-1081-1}
- imagemagick <unfixed> (bug #872373)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/662
NOTE: ImageMagick-6:
https://github.com/ImageMagick/ImageMagick/commit/98dda239ec398dd56453460849b4c9057fc424e5
@@ -44482,8 +44732,8 @@
NOT-FOR-US: Apache Camel
CVE-2017-5642 (During installation of Ambari 2.4.0 through 2.4.2, Ambari
Server ...)
NOT-FOR-US: Apache Ambari
-CVE-2017-5641
- RESERVED
+CVE-2017-5641 (Previous versions of Apache Flex BlazeDS (4.7.2 and earlier)
did not ...)
+ TODO: check
CVE-2017-5640 (It was noticed that a malicious process impersonating an Impala
daemon ...)
NOT-FOR-US: Impala
CVE-2017-5639
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
