Author: sectracker Date: 2017-11-20 21:10:13 +0000 (Mon, 20 Nov 2017) New Revision: 57868
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-11-20 20:59:32 UTC (rev 57867) +++ data/CVE/list 2017-11-20 21:10:13 UTC (rev 57868) @@ -1,3 +1,31 @@ +CVE-2017-16908 (In Horde Groupware 5.2.19, there is XSS via the Name field during ...) + TODO: check +CVE-2017-16907 (In Horde Groupware 5.2.19, there is XSS via the Color field in a Create ...) + TODO: check +CVE-2017-16906 (In Horde Groupware 5.2.19, there is XSS via the URL field in a ...) + TODO: check +CVE-2017-16905 + RESERVED +CVE-2017-16904 (The Public tologin feature in admin.php in LvyeCMS through 3.1 allows ...) + TODO: check +CVE-2017-16903 (LvyeCMS through 3.1 allows remote attackers to upload and execute ...) + TODO: check +CVE-2017-16902 (On the Vonage VDV-23 115 3.2.11-0.9.40 home router, sending a long ...) + TODO: check +CVE-2017-16901 + RESERVED +CVE-2017-16900 + RESERVED +CVE-2017-16899 (An array index error in the fig2dev program in Xfig 3.2.6a allows ...) + TODO: check +CVE-2017-16898 (The printMP3Headers function in util/listmp3.c in libming v0.4.8 or ...) + TODO: check +CVE-2017-16897 + RESERVED +CVE-2017-16896 (A SQL injection in classes/handler/public.php in the forgotpass ...) + TODO: check +CVE-2017-16895 + RESERVED CVE-2017-16894 (In Laravel framework through 5.5.21, remote attackers can obtain ...) TODO: check CVE-2017-16893 @@ -1249,8 +1277,7 @@ NOTE: The wheezy version gives an assert before the vulnerability can be triggered. Due to this NOTE: the severity of the wheezy version is low even though the vulnerable code is still present. NOTE: The patch is trivial so it may be worth fixing in combination with some other fix. -CVE-2017-16544 [missing terminal escape sequence filtering in autocompletion] - RESERVED +CVE-2017-16544 (In the add_match function in libbb/lineedit.c in BusyBox through ...) - busybox <unfixed> (bug #882258) [stretch] - busybox <no-dsa> (Minor issue, can be fixed via point release) [jessie] - busybox <no-dsa> (Minor issue, can be fixed via point release) @@ -3954,8 +3981,8 @@ RESERVED CVE-2017-15528 RESERVED -CVE-2017-15527 - RESERVED +CVE-2017-15527 (Prior to ITMS 8.1 RU4, the Symantec Management Console can be ...) + TODO: check CVE-2017-15526 (Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be ...) NOT-FOR-US: Symantec CVE-2017-15525 (Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be ...) @@ -4595,18 +4622,23 @@ [wheezy] - xen <ignored> (minor issue) NOTE: https://xenbits.xen.org/xsa/advisory-244.html CVE-2017-15592 (An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS ...) + {DLA-1181-1} - xen <unfixed> NOTE: https://xenbits.xen.org/xsa/advisory-243.html CVE-2017-15593 (An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS ...) + {DLA-1181-1} - xen <unfixed> NOTE: https://xenbits.xen.org/xsa/advisory-242.html CVE-2017-15588 (An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS ...) + {DLA-1181-1} - xen <unfixed> NOTE: https://xenbits.xen.org/xsa/advisory-241.html CVE-2017-15595 (An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS ...) + {DLA-1181-1} - xen <unfixed> NOTE: https://xenbits.xen.org/xsa/advisory-240.html CVE-2017-15589 (An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS ...) + {DLA-1181-1} - xen <unfixed> NOTE: https://xenbits.xen.org/xsa/advisory-239.html CVE-2017-15591 (An issue was discovered in Xen 4.5.x through 4.9.x allowing attackers ...) @@ -5102,8 +5134,8 @@ RESERVED CVE-2017-15111 RESERVED -CVE-2017-15110 - RESERVED +CVE-2017-15110 (In Moodle 3.x, students can find out email addresses of other students ...) + TODO: check CVE-2017-15109 RESERVED CVE-2017-15108 @@ -12705,15 +12737,13 @@ RESERVED CVE-2017-12609 RESERVED -CVE-2017-12608 - RESERVED +CVE-2017-12608 (A vulnerability in Apache OpenOffice Writer DOC file parser before ...) {DSA-4022-1} - libreoffice 1:5.0.2-1 NOTE: https://www.talosintelligence.com/reports/TALOS-2017-0301 NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2017-12608 NOTE: https://gerrit.libreoffice.org/gitweb?p=core.git;a=commitdiff_plain;h=42a709d1ef647aab9a1c9422b4e25ecaee857aba -CVE-2017-12607 - RESERVED +CVE-2017-12607 (A vulnerability in OpenOffice's PPT file parser before 4.1.4, and ...) {DSA-4022-1} - libreoffice 1:5.0.2-1 NOTE: https://www.talosintelligence.com/reports/TALOS-2017-0300 @@ -16042,12 +16072,12 @@ NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/d0a76868ca37 NOTE: When fixing this CVE make sure to not make the fix incomplete and open the CVE-2017-14103 NOTE: issue. See: http://www.openwall.com/lists/oss-security/2017/09/01/6 -CVE-2017-11402 - RESERVED -CVE-2017-11401 - RESERVED -CVE-2017-11400 - RESERVED +CVE-2017-11402 (An issue has been discovered on the Belden Hirschmann Tofino Xenon ...) + TODO: check +CVE-2017-11401 (An issue has been discovered on the Belden Hirschmann Tofino Xenon ...) + TODO: check +CVE-2017-11400 (An issue has been discovered on the Belden Hirschmann Tofino Xenon ...) + TODO: check CVE-2017-11421 (gnome-exe-thumbnailer before 0.9.5 is prone to a VBScript Injection ...) - gnome-exe-thumbnailer 0.9.5-1 (bug #868705) [stretch] - gnome-exe-thumbnailer 0.9.4-2+deb9u1 @@ -18937,8 +18967,7 @@ NOT-FOR-US: Redgate SQL Monitor CVE-2017-9807 (An issue was discovered in the OpenWebif plugin through 1.2.4 for E2 ...) NOT-FOR-US: OpenWebif plugin for E2 -CVE-2017-9806 - RESERVED +CVE-2017-9806 (A vulnerability in the OpenOffice Writer DOC file parser before 4.1.4, ...) - libreoffice 1:3.4.3-1 NOTE: https://www.talosintelligence.com/reports/TALOS-2017-0295 NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2017-9806 @@ -41475,8 +41504,7 @@ NOT-FOR-US: Apache Camel CVE-2017-3158 RESERVED -CVE-2017-3157 - RESERVED +CVE-2017-3157 (By exploiting the way Apache OpenOffice before 4.1.4 renders embedded ...) {DSA-3792-1 DLA-910-1} - libreoffice 1:5.2.3-1 NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2017-3157/ @@ -57758,8 +57786,7 @@ NOT-FOR-US: Apache Wicket CVE-2016-6805 (Apache Ignite before 1.9 allows man-in-the-middle attackers to read ...) NOT-FOR-US: Apache Ignite -CVE-2016-6804 - RESERVED +CVE-2016-6804 (The Apache OpenOffice installer (versions prior to 4.1.3, including ...) NOT-FOR-US: Apache OpenOffice installer for Windows CVE-2016-6803 (An installer defect known as an "unquoted Windows search path ...) NOT-FOR-US: Apache OpenOffice installer for Windows _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits