Author: sectracker
Date: 2017-08-17 21:10:14 +0000 (Thu, 17 Aug 2017)
New Revision: 54827
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-08-17 20:58:29 UTC (rev 54826)
+++ data/CVE/list 2017-08-17 21:10:14 UTC (rev 54827)
@@ -1,16 +1,75 @@
+CVE-2017-12918
+ RESERVED
+CVE-2017-12917
+ RESERVED
+CVE-2017-12916
+ RESERVED
+CVE-2017-12915
+ RESERVED
+CVE-2017-12914
+ RESERVED
+CVE-2017-12913
+ RESERVED
+CVE-2017-12912
+ RESERVED
+CVE-2017-12911
+ RESERVED
+CVE-2017-12910 (SQL injection vulnerability in massmail.php in NexusPHP 1.5
allows ...)
+ TODO: check
+CVE-2017-12909 (SQL injection vulnerability in modtask.php in NexusPHP 1.5
allows ...)
+ TODO: check
+CVE-2017-12908 (SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5
allows ...)
+ TODO: check
+CVE-2017-12907 (Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via
the url ...)
+ TODO: check
+CVE-2017-12906
+ RESERVED
+CVE-2017-12905
+ RESERVED
+CVE-2017-12904
+ RESERVED
+CVE-2017-12903
+ RESERVED
+CVE-2017-12902
+ RESERVED
+CVE-2017-12901
+ RESERVED
+CVE-2017-12900
+ RESERVED
+CVE-2017-12899
+ RESERVED
+CVE-2017-12898
+ RESERVED
+CVE-2017-12897
+ RESERVED
+CVE-2017-12896
+ RESERVED
+CVE-2017-12895
+ RESERVED
+CVE-2017-12894
+ RESERVED
+CVE-2017-12893
+ RESERVED
CVE-2017-12925
+ RESERVED
NOT-FOR-US: libfpx
CVE-2017-12924
+ RESERVED
NOT-FOR-US: libfpx
CVE-2017-12923
+ RESERVED
NOT-FOR-US: libfpx
CVE-2017-12922
+ RESERVED
NOT-FOR-US: libfpx
CVE-2017-12921
+ RESERVED
NOT-FOR-US: libfpx
CVE-2017-12920
+ RESERVED
NOT-FOR-US: libfpx
CVE-2017-12919
+ RESERVED
NOT-FOR-US: libfpx
CVE-2017-XXXX [XSS in spikekill.php via method parameter]
- cacti <unfixed> (bug #872478)
@@ -1646,24 +1705,19 @@
RESERVED
CVE-2017-12446
RESERVED
-CVE-2017-12445
- RESERVED
+CVE-2017-12445 (The JB2BitmapCoder::code_row_by_refinement function in ...)
- minidjvu <unfixed> (unimportant; bug #871495)
NOTE: https://sourceforge.net/p/minidjvu/bugs/8/
-CVE-2017-12444
- RESERVED
+CVE-2017-12444 (The mdjvu_bitmap_get_bounding_box function in base/4bitmap.c
in ...)
- minidjvu <unfixed> (unimportant; bug #871495)
NOTE: https://sourceforge.net/p/minidjvu/bugs/8/
-CVE-2017-12443
- RESERVED
+CVE-2017-12443 (The mdjvu_bitmap_pack_row function in base/4bitmap.c in
minidjvu 0.8 ...)
- minidjvu <unfixed> (unimportant; bug #871495)
NOTE: https://sourceforge.net/p/minidjvu/bugs/8/
-CVE-2017-12442
- RESERVED
+CVE-2017-12442 (The row_is_empty function in base/4bitmap.c:272 in minidjvu
0.8 can ...)
- minidjvu <unfixed> (unimportant; bug #871495)
NOTE: https://sourceforge.net/p/minidjvu/bugs/8/
-CVE-2017-12441
- RESERVED
+CVE-2017-12441 (The row_is_empty function in base/4bitmap.c:274 in minidjvu
0.8 can ...)
- minidjvu <unfixed> (unimportant; bug #871495)
NOTE: https://sourceforge.net/p/minidjvu/bugs/8/
CVE-2017-12440
@@ -3445,32 +3499,28 @@
- ffmpeg 7:3.3.3-1
NOTE:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/ffcc82219cef0928bed2d558b19ef6ea35634130
NOTE: Fixed in 3.2.7
-CVE-2017-11664
- RESERVED
+CVE-2017-11664 (The _WM_SetupMidiEvent function in internal_midi.c:2122 in
WildMIDI ...)
- wildmidi <unfixed> (low; bug #871616)
[stretch] - wildmidi <no-dsa> (Minor issue)
[jessie] - wildmidi <not-affected> (vulnerable code not present)
[wheezy] - wildmidi <not-affected> (vulnerable code not present)
NOTE: http://seclists.org/fulldisclosure/2017/Aug/12
NOTE:
https://github.com/Mindwerks/wildmidi/commit/660b513d99bced8783a4a5984ac2f742c74ebbdd
-CVE-2017-11663
- RESERVED
+CVE-2017-11663 (The _WM_SetupMidiEvent function in internal_midi.c:2315 in
WildMIDI ...)
- wildmidi <unfixed> (low; bug #871616)
[stretch] - wildmidi <no-dsa> (Minor issue)
[jessie] - wildmidi <not-affected> (vulnerable code not present)
[wheezy] - wildmidi <not-affected> (vulnerable code not present)
NOTE: http://seclists.org/fulldisclosure/2017/Aug/12
NOTE:
https://github.com/Mindwerks/wildmidi/commit/660b513d99bced8783a4a5984ac2f742c74ebbdd
-CVE-2017-11662
- RESERVED
+CVE-2017-11662 (The _WM_ParseNewMidi function in f_midi.c in WildMIDI 0.4.2
can cause ...)
- wildmidi <unfixed> (low; bug #871616)
[stretch] - wildmidi <no-dsa> (Minor issue)
[jessie] - wildmidi <not-affected> (vulnerable code not present)
[wheezy] - wildmidi <not-affected> (vulnerable code not present)
NOTE: http://seclists.org/fulldisclosure/2017/Aug/12
NOTE:
https://github.com/Mindwerks/wildmidi/commit/660b513d99bced8783a4a5984ac2f742c74ebbdd
-CVE-2017-11661
- RESERVED
+CVE-2017-11661 (The _WM_SetupMidiEvent function in internal_midi.c:2318 in
WildMIDI ...)
- wildmidi <unfixed> (low; bug #871616)
[stretch] - wildmidi <no-dsa> (Minor issue)
[jessie] - wildmidi <not-affected> (vulnerable code not present)
@@ -4831,7 +4881,7 @@
CVE-2017-11177
RESERVED
CVE-2017-11176 (The mq_notify function in the Linux kernel through 4.11.9 does
not set ...)
- {DSA-3927-1}
+ {DSA-3945-1 DSA-3927-1}
- linux 4.11.11-1
NOTE: Fixed by:
https://git.kernel.org/linus/f991af3daabaecff34684fd51fac80319d1baad1
CVE-2017-11175
@@ -8594,7 +8644,7 @@
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-217.html
CVE-2017-10911 (The make_response function in
drivers/block/xen-blkback/blkback.c in ...)
- {DSA-3927-1 DSA-3920-1}
+ {DSA-3945-1 DSA-3927-1 DSA-3920-1}
- linux 4.11.11-1
- qemu 1:2.8+dfsg-7 (bug #869706)
NOTE: https://xenbits.xen.org/xsa/advisory-216.html
@@ -8650,7 +8700,7 @@
[stretch] - linux 4.9.30-2+deb9u1
NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
CVE-2017-1000365 (The Linux Kernel imposes a size restriction on the arguments
and ...)
- {DSA-3927-1}
+ {DSA-3945-1 DSA-3927-1}
- linux 4.11.11-1
NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
NOTE: Fixed by:
https://git.kernel.org/linus/98da7d08850fb8bdeb395d6368ed15753304aa0c
@@ -9155,7 +9205,7 @@
CVE-2017-1000378 (The NetBSD qsort() function is recursive, and not
randomized, an ...)
NOT-FOR-US: NetBSD
CVE-2017-9605 (The vmw_gb_surface_define_ioctl function (accessible via ...)
- {DSA-3927-1}
+ {DSA-3945-1 DSA-3927-1}
- linux 4.11.6-1
[wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: http://www.openwall.com/lists/oss-security/2017/06/13/2
@@ -13505,6 +13555,7 @@
CVE-2017-8085 (In Exponent CMS before 2.4.1 Patch #5, XSS in elFinder is
possible in ...)
NOT-FOR-US: Exponent CMS
CVE-2017-1000363 (Linux drivers/char/lp.c Out-of-Bounds Write. Due to a
missing bounds ...)
+ {DSA-3945-1}
- linux 4.9.30-1 (low)
NOTE: Fixed by:
https://git.kernel.org/linus/3e21f4af170bebf47c187c1ff8bf155583c9f3b1 (4.12-rc2)
NOTE: https://alephsecurity.com/vulns/aleph-2017023
@@ -14200,6 +14251,7 @@
CVE-2017-7884 (In Adam Kropelin adk0212 APC UPS Daemon through 3.14.14, the
default ...)
- apcupsd <not-affected> (Only APC UPS Daemon on Windows)
CVE-2017-7889 (The mm subsystem in the Linux kernel through 4.10.10 does not
properly ...)
+ {DSA-3945-1}
- linux 4.9.25-1
NOTE: Fixed by:
https://git.kernel.org/linus/a4866aa812518ed1a37d8ea0c881dc946409de94
(v4.11-rc7)
CVE-2017-7883
@@ -15384,11 +15436,9 @@
RESERVED
CVE-2017-7557
RESERVED
-CVE-2017-7556
- RESERVED
+CVE-2017-7556 (Hawtio versions up to and including 1.5.3 are vulnerable to
CSRF ...)
NOT-FOR-US: hawtio
-CVE-2017-7555 [crash/memory corruption when handling certain escaped strings]
- RESERVED
+CVE-2017-7555 (Augeas versions up to and including 1.8.0 are vulnerable to
heap-based ...)
- augeas <unfixed> (bug #872400)
NOTE: https://github.com/hercules-team/augeas/pull/480
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1478373
@@ -15439,11 +15489,11 @@
- neutron <not-affected> (Specific to Red Hat packaging)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1473792
CVE-2017-7542 (The ip6_find_1stfragopt function in net/ipv6/output_core.c in
the Linux ...)
- {DSA-3927-1}
+ {DSA-3945-1 DSA-3927-1}
- linux 4.12.6-1
NOTE: Fixed by:
https://git.kernel.org/linus/6399f1fae4ec29fab5ec76070435555e256ca3a6
CVE-2017-7541 (The brcmf_cfg80211_mgmt_tx function in ...)
- {DSA-3927-1}
+ {DSA-3945-1 DSA-3927-1}
- linux 4.12.6-1
[wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: Fixed by:
https://git.kernel.org/linus/8f44c9a41386729fea410e688959ddaa9d51be7c
@@ -15471,7 +15521,7 @@
CVE-2017-7534
RESERVED
CVE-2017-7533 (Race condition in the fsnotify implementation in the Linux
kernel ...)
- {DSA-3927-1}
+ {DSA-3945-1 DSA-3927-1}
- linux 4.12.6-1
[wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: http://www.openwall.com/lists/oss-security/2017/08/03/2
@@ -15718,7 +15768,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2017/05/01/15
CVE-2017-7482
RESERVED
- {DSA-3927-1}
+ {DSA-3945-1 DSA-3927-1}
- linux 4.11.11-1
NOTE: Fixed by:
https://git.kernel.org/linus/5f2f97656ada8d811d3c1bef503ced266fcd53a0
CVE-2017-7481 [Security issue with lookup return not tainting the jinja2
environment]
@@ -16193,7 +16243,7 @@
CVE-2017-7347
RESERVED
CVE-2017-7346 (The vmw_gb_surface_define_ioctl function in ...)
- {DSA-3927-1}
+ {DSA-3945-1 DSA-3927-1}
- linux 4.11.6-1
[wheezy] - linux <not-affected> (Vulnerable code introduced in 3.14)
NOTE: Fixed by:
https://git.kernel.org/linus/ee9c4e681ec4f58e42a83cb0c22a0289ade1aacf
@@ -16504,6 +16554,7 @@
CVE-2014-9941 (In the Embedded File System in all Android releases from CAF
using the ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2014-9940 (The regulator_ena_gpio_free function in
drivers/regulator/core.c in ...)
+ {DSA-3945-1}
- linux 4.0.2-1 (low)
[wheezy] - linux <not-affected> (Vulnerable code not present)
CVE-2017-7285 (A vulnerability in the network stack of MikroTik Version 6.38.5
...)
@@ -17913,54 +17964,54 @@
RESERVED
CVE-2017-6791
RESERVED
-CVE-2017-6790
- RESERVED
+CVE-2017-6790 (A vulnerability in the Session Initiation Protocol (SIP) on the
Cisco ...)
+ TODO: check
CVE-2017-6789
RESERVED
-CVE-2017-6788
- RESERVED
+CVE-2017-6788 (The WebLaunch functionality of Cisco AnyConnect Secure Mobility
Client ...)
+ TODO: check
CVE-2017-6787
RESERVED
-CVE-2017-6786
- RESERVED
-CVE-2017-6785
- RESERVED
-CVE-2017-6784
- RESERVED
-CVE-2017-6783
- RESERVED
-CVE-2017-6782
- RESERVED
-CVE-2017-6781
- RESERVED
+CVE-2017-6786 (A vulnerability in Cisco Elastic Services Controller could
allow an ...)
+ TODO: check
+CVE-2017-6785 (A vulnerability in configuration modification permissions
validation ...)
+ TODO: check
+CVE-2017-6784 (A vulnerability in the web interface of the Cisco RV340, RV345,
and ...)
+ TODO: check
+CVE-2017-6783 (A vulnerability in SNMP polling for the Cisco Web Security
Appliance ...)
+ TODO: check
+CVE-2017-6782 (A vulnerability in the administrative web interface of Cisco
Prime ...)
+ TODO: check
+CVE-2017-6781 (A vulnerability in the management of shell user accounts for
Cisco ...)
+ TODO: check
CVE-2017-6780
RESERVED
CVE-2017-6779
RESERVED
-CVE-2017-6778
- RESERVED
-CVE-2017-6777
- RESERVED
-CVE-2017-6776
- RESERVED
-CVE-2017-6775
- RESERVED
-CVE-2017-6774
- RESERVED
-CVE-2017-6773
- RESERVED
-CVE-2017-6772
- RESERVED
-CVE-2017-6771
- RESERVED
+CVE-2017-6778 (A vulnerability in the Elastic Services Controller (ESC) web
interface ...)
+ TODO: check
+CVE-2017-6777 (A vulnerability in the ConfD server of the Cisco Elastic
Services ...)
+ TODO: check
+CVE-2017-6776 (A vulnerability in the web framework of Cisco Elastic Services
...)
+ TODO: check
+CVE-2017-6775 (A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated
...)
+ TODO: check
+CVE-2017-6774 (A vulnerability in Cisco ASR 5000 Series Aggregated Services
Routers ...)
+ TODO: check
+CVE-2017-6773 (A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated
...)
+ TODO: check
+CVE-2017-6772 (A vulnerability in Cisco Elastic Services Controller (ESC)
could allow ...)
+ TODO: check
+CVE-2017-6771 (A vulnerability in the AutoVNF automation tool of the Cisco
Ultra ...)
+ TODO: check
CVE-2017-6770 (Cisco IOS 12.0 through 15.6, Adaptive Security Appliance (ASA)
Software ...)
NOT-FOR-US: Cisco
CVE-2017-6769 (A vulnerability in the web-based management interface of the
Cisco ...)
NOT-FOR-US: Cisco
-CVE-2017-6768
- RESERVED
-CVE-2017-6767
- RESERVED
+CVE-2017-6768 (A vulnerability in the build procedure for certain executable
system ...)
+ TODO: check
+CVE-2017-6767 (A vulnerability in Cisco Application Policy Infrastructure
Controller ...)
+ TODO: check
CVE-2017-6766 (A vulnerability in the Secure Sockets Layer (SSL) Decryption
and ...)
NOT-FOR-US: Cisco
CVE-2017-6765 (A vulnerability in the web-based management interface of Cisco
Adaptive ...)
@@ -18073,8 +18124,8 @@
NOT-FOR-US: Cisco
CVE-2017-6711 (A vulnerability in the Ultra Automation Service (UAS) of the
Cisco ...)
NOT-FOR-US: Cisco
-CVE-2017-6710
- RESERVED
+CVE-2017-6710 (A vulnerability in the Cisco Virtual Network Function (VNF)
Element ...)
+ TODO: check
CVE-2017-6709 (A vulnerability in the AutoVNF tool for the Cisco Ultra
Services ...)
NOT-FOR-US: Cisco
CVE-2017-6708 (A vulnerability in the symbolic link (symlink) creation
functionality ...)
@@ -168842,8 +168893,8 @@
[squeeze] - chromium-browser <not-affected>
[wheezy] - chromium-browser <not-affected>
- webkit <not-affected> (chromium specific)
-CVE-2011-0469
- RESERVED
+CVE-2011-0469 (Code injection in openSUSE when running some source services
used in ...)
+ TODO: check
CVE-2011-0468 (The aaa_base package before 11.3-8.9.1 in SUSE openSUSE 11.3,
and ...)
NOT-FOR-US: OpenSUSE aaa_base package
CVE-2011-0467
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
