[Secure-testing-commits] r57868 - data/CVE

security tracker role Mon, 20 Nov 2017 13:11:00 -0800

Author: sectracker
Date: 2017-11-20 21:10:13 +0000 (Mon, 20 Nov 2017)
New Revision: 57868


Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-11-20 20:59:32 UTC (rev 57867)
+++ data/CVE/list       2017-11-20 21:10:13 UTC (rev 57868)
@@ -1,3 +1,31 @@
+CVE-2017-16908 (In Horde Groupware 5.2.19, there is XSS via the Name field 
during ...)
+       TODO: check
+CVE-2017-16907 (In Horde Groupware 5.2.19, there is XSS via the Color field in 
a Create ...)
+       TODO: check
+CVE-2017-16906 (In Horde Groupware 5.2.19, there is XSS via the URL field in a 
...)
+       TODO: check
+CVE-2017-16905
+       RESERVED
+CVE-2017-16904 (The Public tologin feature in admin.php in LvyeCMS through 3.1 
allows ...)
+       TODO: check
+CVE-2017-16903 (LvyeCMS through 3.1 allows remote attackers to upload and 
execute ...)
+       TODO: check
+CVE-2017-16902 (On the Vonage VDV-23 115 3.2.11-0.9.40 home router, sending a 
long ...)
+       TODO: check
+CVE-2017-16901
+       RESERVED
+CVE-2017-16900
+       RESERVED
+CVE-2017-16899 (An array index error in the fig2dev program in Xfig 3.2.6a 
allows ...)
+       TODO: check
+CVE-2017-16898 (The printMP3Headers function in util/listmp3.c in libming 
v0.4.8 or ...)
+       TODO: check
+CVE-2017-16897
+       RESERVED
+CVE-2017-16896 (A SQL injection in classes/handler/public.php in the 
forgotpass ...)
+       TODO: check
+CVE-2017-16895
+       RESERVED
 CVE-2017-16894 (In Laravel framework through 5.5.21, remote attackers can 
obtain ...)
        TODO: check
 CVE-2017-16893
@@ -1249,8 +1277,7 @@
        NOTE: The wheezy version gives an assert before the vulnerability can 
be triggered. Due to this
        NOTE: the severity of the wheezy version is low even though the 
vulnerable code is still present.
        NOTE: The patch is trivial so it may be worth fixing in combination 
with some other fix.
-CVE-2017-16544 [missing terminal escape sequence filtering in autocompletion]
-       RESERVED
+CVE-2017-16544 (In the add_match function in libbb/lineedit.c in BusyBox 
through ...)
        - busybox <unfixed> (bug #882258)
        [stretch] - busybox <no-dsa> (Minor issue, can be fixed via point 
release)
        [jessie] - busybox <no-dsa> (Minor issue, can be fixed via point 
release)
@@ -3954,8 +3981,8 @@
        RESERVED
 CVE-2017-15528
        RESERVED
-CVE-2017-15527
-       RESERVED
+CVE-2017-15527 (Prior to ITMS 8.1 RU4, the Symantec Management Console can be 
...)
+       TODO: check
 CVE-2017-15526 (Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be 
...)
        NOT-FOR-US: Symantec
 CVE-2017-15525 (Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be 
...)
@@ -4595,18 +4622,23 @@
        [wheezy] - xen <ignored> (minor issue)
        NOTE: https://xenbits.xen.org/xsa/advisory-244.html
 CVE-2017-15592 (An issue was discovered in Xen through 4.9.x allowing x86 HVM 
guest OS ...)
+       {DLA-1181-1}
        - xen <unfixed>
        NOTE: https://xenbits.xen.org/xsa/advisory-243.html
 CVE-2017-15593 (An issue was discovered in Xen through 4.9.x allowing x86 PV 
guest OS ...)
+       {DLA-1181-1}
        - xen <unfixed>
        NOTE: https://xenbits.xen.org/xsa/advisory-242.html
 CVE-2017-15588 (An issue was discovered in Xen through 4.9.x allowing x86 PV 
guest OS ...)
+       {DLA-1181-1}
        - xen <unfixed>
        NOTE: https://xenbits.xen.org/xsa/advisory-241.html
 CVE-2017-15595 (An issue was discovered in Xen through 4.9.x allowing x86 PV 
guest OS ...)
+       {DLA-1181-1}
        - xen <unfixed>
        NOTE: https://xenbits.xen.org/xsa/advisory-240.html
 CVE-2017-15589 (An issue was discovered in Xen through 4.9.x allowing x86 HVM 
guest OS ...)
+       {DLA-1181-1}
        - xen <unfixed>
        NOTE: https://xenbits.xen.org/xsa/advisory-239.html
 CVE-2017-15591 (An issue was discovered in Xen 4.5.x through 4.9.x allowing 
attackers ...)
@@ -5102,8 +5134,8 @@
        RESERVED
 CVE-2017-15111
        RESERVED
-CVE-2017-15110
-       RESERVED
+CVE-2017-15110 (In Moodle 3.x, students can find out email addresses of other 
students ...)
+       TODO: check
 CVE-2017-15109
        RESERVED
 CVE-2017-15108
@@ -12705,15 +12737,13 @@
        RESERVED
 CVE-2017-12609
        RESERVED
-CVE-2017-12608
-       RESERVED
+CVE-2017-12608 (A vulnerability in Apache OpenOffice Writer DOC file parser 
before ...)
        {DSA-4022-1}
        - libreoffice 1:5.0.2-1
        NOTE: https://www.talosintelligence.com/reports/TALOS-2017-0301
        NOTE: 
https://www.libreoffice.org/about-us/security/advisories/CVE-2017-12608
        NOTE: 
https://gerrit.libreoffice.org/gitweb?p=core.git;a=commitdiff_plain;h=42a709d1ef647aab9a1c9422b4e25ecaee857aba
-CVE-2017-12607
-       RESERVED
+CVE-2017-12607 (A vulnerability in OpenOffice's PPT file parser before 4.1.4, 
and ...)
        {DSA-4022-1}
        - libreoffice 1:5.0.2-1
        NOTE: https://www.talosintelligence.com/reports/TALOS-2017-0300
@@ -16042,12 +16072,12 @@
        NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/d0a76868ca37
        NOTE: When fixing this CVE make sure to not make the fix incomplete and 
open the CVE-2017-14103
        NOTE: issue. See: 
http://www.openwall.com/lists/oss-security/2017/09/01/6
-CVE-2017-11402
-       RESERVED
-CVE-2017-11401
-       RESERVED
-CVE-2017-11400
-       RESERVED
+CVE-2017-11402 (An issue has been discovered on the Belden Hirschmann Tofino 
Xenon ...)
+       TODO: check
+CVE-2017-11401 (An issue has been discovered on the Belden Hirschmann Tofino 
Xenon ...)
+       TODO: check
+CVE-2017-11400 (An issue has been discovered on the Belden Hirschmann Tofino 
Xenon ...)
+       TODO: check
 CVE-2017-11421 (gnome-exe-thumbnailer before 0.9.5 is prone to a VBScript 
Injection ...)
        - gnome-exe-thumbnailer 0.9.5-1 (bug #868705)
        [stretch] - gnome-exe-thumbnailer 0.9.4-2+deb9u1
@@ -18937,8 +18967,7 @@
        NOT-FOR-US: Redgate SQL Monitor
 CVE-2017-9807 (An issue was discovered in the OpenWebif plugin through 1.2.4 
for E2 ...)
        NOT-FOR-US: OpenWebif plugin for E2
-CVE-2017-9806
-       RESERVED
+CVE-2017-9806 (A vulnerability in the OpenOffice Writer DOC file parser before 
4.1.4, ...)
        - libreoffice 1:3.4.3-1
        NOTE: https://www.talosintelligence.com/reports/TALOS-2017-0295
        NOTE: 
https://www.libreoffice.org/about-us/security/advisories/CVE-2017-9806
@@ -41475,8 +41504,7 @@
        NOT-FOR-US: Apache Camel
 CVE-2017-3158
        RESERVED
-CVE-2017-3157
-       RESERVED
+CVE-2017-3157 (By exploiting the way Apache OpenOffice before 4.1.4 renders 
embedded ...)
        {DSA-3792-1 DLA-910-1}
        - libreoffice 1:5.2.3-1
        NOTE: 
https://www.libreoffice.org/about-us/security/advisories/cve-2017-3157/
@@ -57758,8 +57786,7 @@
        NOT-FOR-US: Apache Wicket
 CVE-2016-6805 (Apache Ignite before 1.9 allows man-in-the-middle attackers to 
read ...)
        NOT-FOR-US: Apache Ignite
-CVE-2016-6804
-       RESERVED
+CVE-2016-6804 (The Apache OpenOffice installer (versions prior to 4.1.3, 
including ...)
        NOT-FOR-US: Apache OpenOffice installer for Windows
 CVE-2016-6803 (An installer defect known as an &quot;unquoted Windows search 
path ...)
        NOT-FOR-US: Apache OpenOffice installer for Windows


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r57868 - data/CVE

Reply via email to