Author: sectracker
Date: 2017-08-07 09:10:14 +0000 (Mon, 07 Aug 2017)
New Revision: 54378

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-08-07 08:19:54 UTC (rev 54377)
+++ data/CVE/list       2017-08-07 09:10:14 UTC (rev 54378)
@@ -1,3 +1,27 @@
+CVE-2017-12606 (OpenCV (Open Source Computer Vision Library) through 3.3 has 
an ...)
+       TODO: check
+CVE-2017-12605 (OpenCV (Open Source Computer Vision Library) through 3.3 has 
an ...)
+       TODO: check
+CVE-2017-12604 (OpenCV (Open Source Computer Vision Library) through 3.3 has 
an ...)
+       TODO: check
+CVE-2017-12603 (OpenCV (Open Source Computer Vision Library) through 3.3 has 
an invalid ...)
+       TODO: check
+CVE-2017-12602 (OpenCV (Open Source Computer Vision Library) through 3.3 has a 
denial ...)
+       TODO: check
+CVE-2017-12601 (OpenCV (Open Source Computer Vision Library) through 3.3 has a 
buffer ...)
+       TODO: check
+CVE-2017-12600 (OpenCV (Open Source Computer Vision Library) through 3.3 has a 
denial ...)
+       TODO: check
+CVE-2017-12599 (OpenCV (Open Source Computer Vision Library) through 3.3 has 
an ...)
+       TODO: check
+CVE-2017-12598 (OpenCV (Open Source Computer Vision Library) through 3.3 has 
an ...)
+       TODO: check
+CVE-2017-12597 (OpenCV (Open Source Computer Vision Library) through 3.3 has 
an ...)
+       TODO: check
+CVE-2017-12596 (In OpenEXR 2.2.0, a crafted image causes a heap-based buffer 
over-read ...)
+       TODO: check
+CVE-2017-12595
+       RESERVED
 CVE-2017-12594
        RESERVED
 CVE-2017-12593
@@ -3460,6 +3484,7 @@
 CVE-2017-11177
        RESERVED
 CVE-2017-11176 (The mq_notify function in the Linux kernel through 4.11.9 does 
not set ...)
+       {DSA-3927-1}
        - linux 4.11.11-1
        NOTE: Fixed by: 
https://git.kernel.org/linus/f991af3daabaecff34684fd51fac80319d1baad1
 CVE-2017-11175
@@ -4635,6 +4660,7 @@
 CVE-2017-10811
        RESERVED
 CVE-2017-10810 (Memory leak in the virtio_gpu_object_create function in ...)
+       {DSA-3927-1}
        - linux 4.11.11-1 (low)
        [jessie] - linux <not-affected> (Vulnerable code not present)
        [wheezy] - linux <not-affected> (Vulnerable code not present)
@@ -7197,7 +7223,7 @@
        - xen <unfixed>
        NOTE: https://xenbits.xen.org/xsa/advisory-217.html
 CVE-2017-10911 (The make_response function in 
drivers/block/xen-blkback/blkback.c in ...)
-       {DSA-3920-1}
+       {DSA-3927-1 DSA-3920-1}
        - linux 4.11.11-1
        - qemu 1:2.8+dfsg-7 (bug #869706)
        NOTE: https://xenbits.xen.org/xsa/advisory-216.html
@@ -7253,6 +7279,7 @@
        [stretch] - linux 4.9.30-2+deb9u1
        NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
 CVE-2017-1000365 (The Linux Kernel imposes a size restriction on the arguments 
and ...)
+       {DSA-3927-1}
        - linux 4.11.11-1
        NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
        NOTE: Fixed by: 
https://git.kernel.org/linus/98da7d08850fb8bdeb395d6368ed15753304aa0c
@@ -7612,8 +7639,8 @@
        RESERVED
 CVE-2017-9648
        RESERVED
-CVE-2017-9647
-       RESERVED
+CVE-2017-9647 (A Stack-Based Buffer Overflow issue was discovered in the 
Continental ...)
+       TODO: check
 CVE-2017-9646
        RESERVED
 CVE-2017-9645
@@ -7640,14 +7667,14 @@
        RESERVED
 CVE-2017-9634
        RESERVED
-CVE-2017-9633
-       RESERVED
-CVE-2017-9632
-       RESERVED
+CVE-2017-9633 (An Improper Restriction of Operations within the Bounds of a 
Memory ...)
+       TODO: check
+CVE-2017-9632 (A Missing Encryption of Sensitive Data issue was discovered in 
PDQ ...)
+       TODO: check
 CVE-2017-9631 (A Null Pointer Dereference issue was discovered in Schneider 
Electric ...)
        NOT-FOR-US: Schneider Electric
-CVE-2017-9630
-       RESERVED
+CVE-2017-9630 (An Improper Authentication issue was discovered in PDQ 
Manufacturing ...)
+       TODO: check
 CVE-2017-9629 (A Stack-Based Buffer Overflow issue was discovered in Schneider 
...)
        NOT-FOR-US: Schneider Electric
 CVE-2017-9628
@@ -7740,6 +7767,7 @@
 CVE-2017-1000378 (The NetBSD qsort() function is recursive, and not 
randomized, an ...)
        NOT-FOR-US: NetBSD
 CVE-2017-9605 (The vmw_gb_surface_define_ioctl function (accessible via ...)
+       {DSA-3927-1}
        - linux 4.11.6-1
        [wheezy] - linux <not-affected> (Vulnerable code not present)
        NOTE: http://www.openwall.com/lists/oss-security/2017/06/13/2
@@ -12507,24 +12535,24 @@
        NOT-FOR-US: DMitry
 CVE-2017-7937 (An Improper Authentication issue was discovered in Phoenix 
Contact GmbH ...)
        NOT-FOR-US: Phoenix Contact
-CVE-2017-7936
-       RESERVED
+CVE-2017-7936 (A stack-based buffer overflow issue was discovered in NXP i.MX 
50, i.MX ...)
+       TODO: check
 CVE-2017-7935 (A Resource Exhaustion issue was discovered in Phoenix Contact 
GmbH ...)
        NOT-FOR-US: Phoenix Contact
 CVE-2017-7934
        RESERVED
 CVE-2017-7933
        RESERVED
-CVE-2017-7932
-       RESERVED
+CVE-2017-7932 (An improper certificate validation issue was discovered in NXP 
i.MX 28 ...)
+       TODO: check
 CVE-2017-7931
        RESERVED
 CVE-2017-7930
        RESERVED
 CVE-2017-7929 (An Absolute Path Traversal issue was discovered in Advantech 
WebAccess ...)
        NOT-FOR-US: Advantech WebAccess
-CVE-2017-7928
-       RESERVED
+CVE-2017-7928 (An Improper Access Control issue was discovered in Schweitzer 
...)
+       TODO: check
 CVE-2017-7927 (A Use of Password Hash Instead of Password for Authentication 
issue was ...)
        NOT-FOR-US: Dahua
 CVE-2017-7926
@@ -12539,16 +12567,16 @@
        NOT-FOR-US: Cambium Networks ePMP
 CVE-2017-7921 (An Improper Authentication issue was discovered in Hikvision 
...)
        NOT-FOR-US: Hikvision
-CVE-2017-7920
-       RESERVED
+CVE-2017-7920 (An Improper Authentication issue was discovered in ABB VSN300 
WiFi ...)
+       TODO: check
 CVE-2017-7919 (An Improper Authentication issue was discovered in Newport 
XPS-Cx and ...)
        NOT-FOR-US: Newport
 CVE-2017-7918 (An Improper Access Control issue was discovered in Cambium 
Networks ...)
        NOT-FOR-US: Cambium Networks ePMP
 CVE-2017-7917 (A Cross-Site Request Forgery issue was discovered in Moxa 
OnCell ...)
        NOT-FOR-US: Moxa
-CVE-2017-7916
-       RESERVED
+CVE-2017-7916 (A Permissions, Privileges, and Access Controls issue was 
discovered in ...)
+       TODO: check
 CVE-2017-7915 (An Improper Restriction of Excessive Authentication Attempts 
issue was ...)
        NOT-FOR-US: Moxa
 CVE-2017-7914 (A Missing Authorization issue was discovered in Rockwell 
Automation ...)
@@ -13904,9 +13932,11 @@
 CVE-2017-7543
        RESERVED
 CVE-2017-7542 (The ip6_find_1stfragopt function in net/ipv6/output_core.c in 
the Linux ...)
+       {DSA-3927-1}
        - linux <unfixed>
        NOTE: Fixed by: 
https://git.kernel.org/linus/6399f1fae4ec29fab5ec76070435555e256ca3a6
 CVE-2017-7541 (The brcmf_cfg80211_mgmt_tx function in ...)
+       {DSA-3927-1}
        - linux <unfixed>
        [wheezy] - linux <not-affected> (Vulnerable code not present)
        NOTE: Fixed by: 
https://git.kernel.org/linus/8f44c9a41386729fea410e688959ddaa9d51be7c
@@ -13934,6 +13964,7 @@
 CVE-2017-7534
        RESERVED
 CVE-2017-7533 (Race condition in the fsnotify implementation in the Linux 
kernel ...)
+       {DSA-3927-1}
        - linux <unfixed>
        [wheezy] - linux <not-affected> (Vulnerable code not present)
        NOTE: http://www.openwall.com/lists/oss-security/2017/08/03/2
@@ -14175,6 +14206,7 @@
        NOTE: http://www.openwall.com/lists/oss-security/2017/05/01/15
 CVE-2017-7482
        RESERVED
+       {DSA-3927-1}
        - linux 4.11.11-1
        NOTE: Fixed by: 
https://git.kernel.org/linus/5f2f97656ada8d811d3c1bef503ced266fcd53a0
 CVE-2017-7481 [Security issue with lookup return not tainting the jinja2 
environment]
@@ -14641,6 +14673,7 @@
 CVE-2017-7347
        RESERVED
 CVE-2017-7346 (The vmw_gb_surface_define_ioctl function in ...)
+       {DSA-3927-1}
        - linux 4.11.6-1
        [wheezy] - linux <not-affected> (Vulnerable code introduced in 3.14)
        NOTE: Fixed by: 
https://git.kernel.org/linus/ee9c4e681ec4f58e42a83cb0c22a0289ade1aacf
@@ -16394,44 +16427,44 @@
        RESERVED
 CVE-2017-6771
        RESERVED
-CVE-2017-6770
-       RESERVED
-CVE-2017-6769
-       RESERVED
+CVE-2017-6770 (Cisco IOS 12.0 through 15.6, Adaptive Security Appliance (ASA) 
Software ...)
+       TODO: check
+CVE-2017-6769 (A vulnerability in the web-based management interface of the 
Cisco ...)
+       TODO: check
 CVE-2017-6768
        RESERVED
 CVE-2017-6767
        RESERVED
-CVE-2017-6766
-       RESERVED
-CVE-2017-6765
-       RESERVED
-CVE-2017-6764
-       RESERVED
-CVE-2017-6763
-       RESERVED
-CVE-2017-6762
-       RESERVED
-CVE-2017-6761
-       RESERVED
+CVE-2017-6766 (A vulnerability in the Secure Sockets Layer (SSL) Decryption 
and ...)
+       TODO: check
+CVE-2017-6765 (A vulnerability in the web-based management interface of Cisco 
Adaptive ...)
+       TODO: check
+CVE-2017-6764 (A vulnerability in the web-based management interface of Cisco 
Adaptive ...)
+       TODO: check
+CVE-2017-6763 (A vulnerability in the implementation of the H.264 protocol in 
Cisco ...)
+       TODO: check
+CVE-2017-6762 (A vulnerability in the web-based management interface of Cisco 
Jabber ...)
+       TODO: check
+CVE-2017-6761 (A vulnerability in the web-based management interface of Cisco 
Finesse ...)
+       TODO: check
 CVE-2017-6760
        RESERVED
-CVE-2017-6759
-       RESERVED
-CVE-2017-6758
-       RESERVED
-CVE-2017-6757
-       RESERVED
-CVE-2017-6756
-       RESERVED
+CVE-2017-6759 (A vulnerability in the UpgradeManager of the Cisco Prime 
Collaboration ...)
+       TODO: check
+CVE-2017-6758 (A vulnerability in the web framework of Cisco Unified 
Communications ...)
+       TODO: check
+CVE-2017-6757 (A vulnerability in Cisco Unified Communications Manager ...)
+       TODO: check
+CVE-2017-6756 (A vulnerability in the Web UI Application of the Cisco Prime 
...)
+       TODO: check
 CVE-2017-6755 (A vulnerability in the web portal of the Cisco Prime 
Collaboration ...)
        NOT-FOR-US: Cisco
-CVE-2017-6754
-       RESERVED
+CVE-2017-6754 (A vulnerability in the web-based management interface of the 
Cisco ...)
+       TODO: check
 CVE-2017-6753 (A vulnerability in Cisco WebEx browser extensions for Google 
Chrome and ...)
        NOT-FOR-US: Cisco
-CVE-2017-6752
-       RESERVED
+CVE-2017-6752 (A vulnerability in the web interface of the Cisco Adaptive 
Security ...)
+       TODO: check
 CVE-2017-6751 (A vulnerability in the web proxy functionality of the Cisco Web 
...)
        NOT-FOR-US: Cisco
 CVE-2017-6750 (A vulnerability in AsyncOS for the Cisco Web Security Appliance 
(WSA) ...)
@@ -16440,12 +16473,12 @@
        NOT-FOR-US: Cisco
 CVE-2017-6748 (A vulnerability in the CLI parser of the Cisco Web Security 
Appliance ...)
        NOT-FOR-US: Cisco
-CVE-2017-6747
-       RESERVED
+CVE-2017-6747 (A vulnerability in the authentication module of Cisco Identity 
Services ...)
+       TODO: check
 CVE-2017-6746 (A vulnerability in the web interface of the Cisco Web Security 
...)
        NOT-FOR-US: Cisco
-CVE-2017-6745
-       RESERVED
+CVE-2017-6745 (A vulnerability in the cache server within Cisco Videoscape ...)
+       TODO: check
 CVE-2017-6744 (The Simple Network Management Protocol (SNMP) subsystem of 
Cisco IOS ...)
        NOT-FOR-US: Cisco
 CVE-2017-6743 (The Simple Network Management Protocol (SNMP) subsystem of 
Cisco IOS ...)
@@ -16604,12 +16637,12 @@
        NOT-FOR-US: Cisco
 CVE-2017-6666 (A vulnerability in the forwarding component of Cisco IOS XR 
Software ...)
        NOT-FOR-US: Cisco
-CVE-2017-6665
-       RESERVED
-CVE-2017-6664
-       RESERVED
-CVE-2017-6663
-       RESERVED
+CVE-2017-6665 (A vulnerability in the Autonomic Networking feature of Cisco 
IOS ...)
+       TODO: check
+CVE-2017-6664 (A vulnerability in the Autonomic Networking feature of Cisco 
IOS XE ...)
+       TODO: check
+CVE-2017-6663 (A vulnerability in the Autonomic Networking feature of Cisco 
IOS ...)
+       TODO: check
 CVE-2017-6662 (A vulnerability in the web-based user interface of Cisco Prime 
...)
        NOT-FOR-US: Cisco
 CVE-2017-6661 (A vulnerability in the web-based management interface of Cisco 
Email ...)
@@ -17505,12 +17538,12 @@
        RESERVED
 CVE-2017-6421
        RESERVED
-CVE-2017-6420
-       RESERVED
-CVE-2017-6419
-       RESERVED
-CVE-2017-6418
-       RESERVED
+CVE-2017-6420 (The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 
allows ...)
+       TODO: check
+CVE-2017-6419 (mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, 
allows ...)
+       TODO: check
+CVE-2017-6418 (libclamav/message.c in ClamAV 0.99.2 allows remote attackers to 
cause a ...)
+       TODO: check
 CVE-2017-6417 (Code injection vulnerability in Avira Total Security Suite 15.0 
(and ...)
        NOT-FOR-US: Avira Total Security Suite
 CVE-2017-6416 (An issue was discovered in SysGauge 1.5.18. A buffer overflow 
...)
@@ -154793,8 +154826,8 @@
        RESERVED
 CVE-2011-4651
        RESERVED
-CVE-2011-4650
-       RESERVED
+CVE-2011-4650 (Cisco Data Center Network Manager is affected by Excessive 
Logging ...)
+       TODO: check
 CVE-2011-4649
        RESERVED
 CVE-2011-4648
@@ -237049,8 +237082,7 @@
 CVE-2006-3636 (Multiple cross-site scripting (XSS) vulnerabilities in Mailman 
before ...)
        {DSA-1188-1}
        - mailman 1:2.1.8-3
-CVE-2006-3635 [local denial-of-service on Itanium]
-       RESERVED
+CVE-2006-3635 (The ia64 subsystem in the Linux kernel before 2.6.26 allows 
local users ...)
        - linux <not-affected> (Fixed before initial rename to src:linux)
        NOTE: https://bugzilla.suse.com/show_bug.cgi?id=199440
        NOTE: Fixed by: 
https://git.kernel.org/linus/4dcc29e1574d88f4465ba865ed82800032f76418 
(2.6.26-rc5)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to