Author: sectracker Date: 2017-11-15 21:10:20 +0000 (Wed, 15 Nov 2017) New Revision: 57666
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-11-15 20:35:45 UTC (rev 57665) +++ data/CVE/list 2017-11-15 21:10:20 UTC (rev 57666) @@ -1,3 +1,5 @@ +CVE-2017-16833 (Stored cross-site scripting (XSS) vulnerability in Gemirro before ...) + TODO: check CVE-2017-XXXX [CPPOST-105] - opensaml2 <unfixed> (bug #881856) NOTE: https://git.shibboleth.net/view/?p=cpp-opensaml.git;a=commit;h=6182b0acf2df670e75423c2ed7afe6950ef11c9d @@ -2540,8 +2542,7 @@ RESERVED CVE-2017-15925 RESERVED -CVE-2017-15923 [Crash in parsing IRC color formatting codes] - RESERVED +CVE-2017-15923 (Konversation 1.4.x, 1.5.x, 1.6.x, and 1.7.x before 1.7.3 allow remote ...) {DSA-4033-1} - konversation 1.7.3-1 (bug #881586) NOTE: https://cgit.kde.org/konversation.git/commit/?h=1.7&id=6a7f59ee1b9dbc6e5cf9e5f3b306504d02b73ef0 @@ -2804,8 +2805,8 @@ NOT-FOR-US: phpMyFaq CVE-2017-15807 RESERVED -CVE-2017-15806 - RESERVED +CVE-2017-15806 (The send function in the ezcMailMtaTransport class in Zeta Components ...) + TODO: check CVE-2016-10516 (Cross-site scripting (XSS) vulnerability in the render_full function in ...) - python-werkzeug 0.11.11+dfsg1-1 NOTE: http://blog.neargle.com/2016/09/21/flask-src-review-get-a-xss-from-debuger/ @@ -4063,8 +4064,8 @@ - qemu-kvm <removed> NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg02557.html NOTE: Fixed by: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=eb38e1bc3740725ca29a535351de94107ec58d51 -CVE-2017-15288 - RESERVED +CVE-2017-15288 (The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, ...) + TODO: check CVE-2017-15287 (There is XSS in the BouquetEditor WebPlugin for Dream Multimedia ...) NOT-FOR-US: BouquetEditor WebPlugin CVE-2017-15286 (SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in ...) @@ -4116,14 +4117,14 @@ CVE-2017-15273 (Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before ...) - mahara <removed> NOTE: https://mahara.org/interaction/forum/topic.php?id=8081 -CVE-2017-15272 - RESERVED -CVE-2017-15271 - RESERVED -CVE-2017-15270 - RESERVED -CVE-2017-15269 - RESERVED +CVE-2017-15272 (The PSFTPd 10.0.4 Build 729 server stores its configuration inside ...) + TODO: check +CVE-2017-15271 (A use-after-free issue could be triggered remotely in the SFTP ...) + TODO: check +CVE-2017-15270 (The PSFTPd 10.0.4 Build 729 server does not properly escape data ...) + TODO: check +CVE-2017-15269 (The PSFTPd 10.0.4 Build 729 server does not prevent FTP bounce scans ...) + TODO: check CVE-2017-15268 (Qemu through 2.10.0 allows remote attackers to cause a memory leak by ...) - qemu <unfixed> (bug #880836) [stretch] - qemu <no-dsa> (Minor issue) @@ -5103,8 +5104,8 @@ RESERVED CVE-2017-14962 RESERVED -CVE-2017-14961 - RESERVED +CVE-2017-14961 (In IKARUS anti.virus 2.16.7, the ntguard.sys driver contains an ...) + TODO: check CVE-2017-14960 RESERVED CVE-2017-14959 @@ -12029,10 +12030,10 @@ CVE-2017-12635 (Due to differences in the Erlang-based JSON parser and ...) - couchdb <removed> NOTE: http://www.openwall.com/lists/oss-security/2017/11/14/6 -CVE-2017-12634 - RESERVED -CVE-2017-12633 - RESERVED +CVE-2017-12634 (The camel-castor component in Apache Camel 2.x before 2.19.4 and ...) + TODO: check +CVE-2017-12633 (The camel-hessian component in Apache Camel 2.x before 2.19.4 and ...) + TODO: check CVE-2017-12632 RESERVED CVE-2017-12631 @@ -12490,7 +12491,7 @@ RESERVED CVE-2017-12461 RESERVED -CVE-2017-12460 (Unspecified vulnerability in Barco ClickShare CSM-1 firmware before ...) +CVE-2017-12460 (An issue was discovered in Barco ClickShare CSM-1 firmware before ...) NOT-FOR-US: Barco ClickShare CSM-1 firmware CVE-2017-12459 (The bfd_mach_o_read_symtab_strtab function in bfd/mach-o.c in the ...) - binutils 2.29-8 @@ -23189,7 +23190,7 @@ CVE-2017-8815 (The language converter in MediaWiki before 1.27.4, 1.28.x before ...) - mediawiki 1:1.27.4-1 NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html - NOTE: https://phabricator.wikimedia.org/T119158 + NOTE: https://phabricator.wikimedia.org/T119158 CVE-2017-8814 (The language converter in MediaWiki before 1.27.4, 1.28.x before ...) - mediawiki 1:1.27.4-1 NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html @@ -23215,9 +23216,10 @@ CVE-2017-8808 (MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 ...) - mediawiki 1:1.27.4-1 NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html - NOTE: https://phabricator.wikimedia.org/T178451 + NOTE: https://phabricator.wikimedia.org/T178451 CVE-2017-8807 [Data leak - '-sfile' Stevedore transient objects] RESERVED + {DSA-4034-1} - varnish <unfixed> (bug #881808) [jessie] - varnish <not-affected> (Vulnerable code not present, issue introduced in 4.1.0) NOTE: http://varnish-cache.org/security/VSV00002.html @@ -119273,8 +119275,7 @@ [squeeze] - cacti 0.8.7g-1+squeeze4 (bug #752573) CVE-2014-4001 RESERVED -CVE-2014-4000 [PHP Object Injection Vulnerabilities] - RESERVED +CVE-2014-4000 (Cacti before 1.0.0 allows remote authenticated users to conduct PHP ...) - cacti 0.8.8e+ds1-1 (low) [jessie] - cacti 0.8.8b+dfsg-8+deb8u2 [wheezy] - cacti 0.8.8a+dfsg-5+deb7u6 @@ -121905,8 +121906,8 @@ NOTE: libv8 not covered by security support CVE-2014-3151 RESERVED -CVE-2014-3150 - RESERVED +CVE-2014-3150 (Livebox 1.1 allows remote authenticated users to upload arbitrary ...) + TODO: check CVE-2014-3149 (Cross-site scripting (XSS) vulnerability in Invision Power IP.Board ...) NOT-FOR-US: Invision Power IP.Board CVE-2014-3148 (Cross-site scripting (XSS) vulnerability in libahttp/err.c in OkCupid ...) @@ -122665,8 +122666,8 @@ NOT-FOR-US: CIS Manager CMS CVE-2014-2846 (Directory traversal vulnerability in opt/arkeia/wui/htdocs/index.php ...) NOT-FOR-US: Arkeia Server Backup -CVE-2014-2845 - RESERVED +CVE-2014-2845 (Cyberduck before 4.4.4 on Windows does not properly validate X.509 ...) + TODO: check CVE-2014-2844 (Cross-site scripting (XSS) vulnerability in F-Secure Messaging Secure ...) NOT-FOR-US: F-Secure Messaging Secure Gateway CVE-2014-2843 @@ -130429,8 +130430,7 @@ [squeeze] - openssl 0.9.8o-4squeeze15 CVE-2014-0220 (Cloudera Manager before 4.8.3 and 5.x before 5.0.1 allows remote ...) NOT-FOR-US: Cloudera Manager -CVE-2014-0219 - RESERVED +CVE-2014-0219 (Apache Karaf enables a shutdown port on the loopback interface, which ...) NOT-FOR-US: Apache Karaf CVE-2014-0218 (Cross-site scripting (XSS) vulnerability in the URL downloader ...) - moodle 2.6.3-1 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits