Author: sectracker Date: 2017-09-15 21:10:15 +0000 (Fri, 15 Sep 2017) New Revision: 55796
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-09-15 20:54:15 UTC (rev 55795) +++ data/CVE/list 2017-09-15 21:10:15 UTC (rev 55796) @@ -1,3 +1,37 @@ +CVE-2017-14499 + RESERVED +CVE-2017-14498 (SilverStripe CMS before 3.6.1 has XSS via an SVG document that is ...) + TODO: check +CVE-2017-14497 (The tpacket_rcv function in net/packet/af_packet.c in the Linux kernel ...) + TODO: check +CVE-2017-14496 + RESERVED +CVE-2017-14495 + RESERVED +CVE-2017-14494 + RESERVED +CVE-2017-14493 + RESERVED +CVE-2017-14492 + RESERVED +CVE-2017-14491 + RESERVED +CVE-2017-14490 + RESERVED +CVE-2017-14489 (The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the ...) + TODO: check +CVE-2017-14488 + RESERVED +CVE-2017-14487 + RESERVED +CVE-2017-14486 + RESERVED +CVE-2017-14485 + RESERVED +CVE-2017-14484 (The Gentoo sci-mathematics/gimps package before 28.10-r1 for Great ...) + TODO: check +CVE-2017-14483 (flower.initd in the Gentoo dev-python/flower package before 0.9.1-r1 ...) + TODO: check CVE-2017-1002100 (Default access permissions for Persistent Volumes (PVs) created by the ...) - kubernetes <not-affected> (Vulnerable code not yet present) CVE-2017-1002028 (Vulnerability in wordpress plugin wordpress-gallery-transformation ...) @@ -352,8 +386,7 @@ - libraw <unfixed> NOTE: https://github.com/LibRaw/LibRaw/issues/100 NOTE: https://github.com/LibRaw/LibRaw/commit/8303e74b0567806dd5f16fc39aab70fe928de1a2 -CVE-2017-14340 - RESERVED +CVE-2017-14340 (The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux ...) - linux <unfixed> NOTE: Fixed by: https://git.kernel.org/linus/b31ff3cdf540110da4572e3e29bd172087af65cc CVE-2017-14339 @@ -2025,7 +2058,7 @@ NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2727 NOTE: Fixed by: https://github.com/vadz/libtiff/commit/f91ca83a21a6a583050e5a5755ce1441b2bf1d7e CVE-2017-13725 (The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13724 (On the Axesstel MU553S MU55XS-V1.14, there is a Stored Cross Site ...) NOT-FOR-US: Axesstel MU553S MU55XS-V1.14 @@ -2162,16 +2195,16 @@ CVE-2017-13691 RESERVED CVE-2017-13690 (The IKEv2 parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13689 (The IKEv1 parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13688 (The OLSR parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13687 (The Cisco HDLC parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13686 (net/ipv4/route.c in the Linux kernel 4.13-rc1 through 4.13-rc6 is too ...) - linux <not-affected> (Vulnerable code not present) @@ -3473,217 +3506,217 @@ CVE-2017-13056 RESERVED CVE-2017-13055 (The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13054 (The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13053 (The BGP parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13052 (The CFM parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13051 (The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13050 (The RPKI-Router parser in tcpdump before 4.9.2 has a buffer over-read ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13049 (The Rx protocol parser in tcpdump before 4.9.2 has a buffer over-read ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13048 (The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13047 (The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13046 (The BGP parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13045 (The VQP parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13044 (The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13043 (The BGP parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13042 (The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13041 (The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13040 (The MPTCP parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13039 (The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13038 (The PPP parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13037 (The IP parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13036 (The OSPFv3 parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13035 (The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13034 (The PGM parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13033 (The VTP parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13032 (The RADIUS parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13031 (The IPv6 fragmentation header parser in tcpdump before 4.9.2 has a ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13030 (The PIM parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13029 (The PPP parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13028 (The BOOTP parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13027 (The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13026 (The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13025 (The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13024 (The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13023 (The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13022 (The IP parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13021 (The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13020 (The VTP parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13019 (The PGM parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13018 (The PGM parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13017 (The DHCPv6 parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13016 (The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13015 (The EAP parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13014 (The White Board protocol parser in tcpdump before 4.9.2 has a buffer ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13013 (The ARP parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13012 (The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13011 (Several protocol parsers in tcpdump before 4.9.2 could cause a buffer ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13010 (The BEEP parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13009 (The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13008 (The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13007 (The Apple PKTAP parser in tcpdump before 4.9.2 has a buffer over-read ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13006 (The L2TP parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13005 (The NFS parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13004 (The Juniper protocols parser in tcpdump before 4.9.2 has a buffer ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13003 (The LMP parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13002 (The AODV parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13001 (The NFS parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13000 (The IEEE 802.15.4 parser in tcpdump before 4.9.2 has a buffer over-read ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-12999 (The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-12998 (The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-12997 (The LLDP parser in tcpdump before 4.9.2 could enter an infinite loop ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-12996 (The PIMv2 parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-12995 (The DNS parser in tcpdump before 4.9.2 could enter an infinite loop due ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-12994 (The BGP parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-12993 (The Juniper protocols parser in tcpdump before 4.9.2 has a buffer ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-12992 (The RIPng parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-12991 (The BGP parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-12990 (The ISAKMP parser in tcpdump before 4.9.2 could enter an infinite loop ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-12989 (The RESP parser in tcpdump before 4.9.2 could enter an infinite loop ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-12988 (The telnet parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-12987 (The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-12986 (The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-12985 (The IPv6 parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-12984 (PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.php, ...) NOT-FOR-US: PHPMyWind @@ -3989,34 +4022,34 @@ CVE-2017-12903 RESERVED CVE-2017-12902 (The Zephyr parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-12901 (The EIGRP parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-12900 (Several protocol parsers in tcpdump before 4.9.2 could cause a buffer ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-12899 (The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-12898 (The NFS parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-12897 (The ISO CLNS parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-12896 (The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-12895 (The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-12894 (Several protocol parsers in tcpdump before 4.9.2 could cause a buffer ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-12893 (The SMB/CIFS parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-12925 (Double free vulnerability in DfFromLB in docfile.cxx in libfpx ...) NOT-FOR-US: libfpx @@ -10204,18 +10237,18 @@ RESERVED CVE-2017-10861 RESERVED -CVE-2017-10860 - RESERVED -CVE-2017-10859 - RESERVED -CVE-2017-10858 - RESERVED +CVE-2017-10860 (Untrusted search path vulnerability in "i-filter 6.0 installer" ...) + TODO: check +CVE-2017-10859 (Untrusted search path vulnerability in "i-filter 6.0 installer" ...) + TODO: check +CVE-2017-10858 (Untrusted search path vulnerability in "i-filter 6.0 install program" ...) + TODO: check CVE-2017-10857 RESERVED -CVE-2017-10856 - RESERVED -CVE-2017-10855 - RESERVED +CVE-2017-10856 (SEIL/X 4.60 to 5.72, SEIL/B1 4.60 to 5.72, SEIL/x86 3.20 to 5.72, ...) + TODO: check +CVE-2017-10855 (Untrusted search path vulnerability in FENCE-Explorer for Windows ...) + TODO: check CVE-2017-10854 RESERVED CVE-2017-10853 @@ -10232,10 +10265,10 @@ NOT-FOR-US: Installers for DocuWorks CVE-2017-10847 RESERVED -CVE-2017-10846 - RESERVED -CVE-2017-10845 - RESERVED +CVE-2017-10846 (Wi-Fi STATION L-02F Software version V10b and earlier allows remote ...) + TODO: check +CVE-2017-10845 (Wi-Fi STATION L-02F Software version V10g and earlier allows remote ...) + TODO: check CVE-2017-10844 (baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows an attacker to ...) NOT-FOR-US: baserCMS CVE-2017-10843 (baserCMS version 3.0.14 and earlier, 4.0.5 and earlier allows remote ...) @@ -10296,10 +10329,10 @@ NOT-FOR-US: MaLion CVE-2017-10815 (MaLion for Windows 5.2.1 and earlier (only when "Remote Control" is ...) NOT-FOR-US: MaLion -CVE-2017-10814 - RESERVED -CVE-2017-10813 - RESERVED +CVE-2017-10814 (Buffer overflow in CG-WLR300NM Firmware version 1.90 and earlier ...) + TODO: check +CVE-2017-10813 (CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to ...) + TODO: check CVE-2017-10812 (Untrusted search path vulnerability in Photo Collection PC Software ...) NOT-FOR-US: Photo Collection PC Software CVE-2017-10811 (Buffalo WCR-1166DS devices with firmware 1.30 and earlier allow an ...) @@ -11375,8 +11408,7 @@ NOT-FOR-US: OpenWebif plugin for E2 CVE-2017-9806 RESERVED -CVE-2017-9805 - RESERVED +CVE-2017-9805 (The REST Plugin in Apache Struts 2.1.2 through 2.3.x before 2.3.34 and ...) - libstruts1.2-java <removed> NOTE: https://struts.apache.org/docs/s2-052.html CVE-2017-9804 @@ -14286,8 +14318,8 @@ NOT-FOR-US: Telaxus EPESI CVE-2017-9329 RESERVED -CVE-2017-9328 - RESERVED +CVE-2017-9328 (Shell metacharacter injection vulnerability in ...) + TODO: check CVE-2017-9327 RESERVED CVE-2017-9326 @@ -19377,6 +19409,7 @@ NOTE: Fixed by: http://svn.apache.org/r1796091 (8.5.x) NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=61120 CVE-2017-7674 (The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to ...) + {DSA-3974-1} - tomcat9 <itp> (bug #802312) - tomcat8 8.5.16-1 - tomcat7 7.0.72-3 @@ -28761,12 +28794,12 @@ RESERVED CVE-2017-4927 RESERVED -CVE-2017-4926 - RESERVED -CVE-2017-4925 - RESERVED -CVE-2017-4924 - RESERVED +CVE-2017-4926 (VMware vCenter Server (6.5 prior to 6.5 U1) contains a vulnerability ...) + TODO: check +CVE-2017-4925 (VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without ...) + TODO: check +CVE-2017-4924 (VMware ESXi (ESXi 6.5 without patch ESXi650-201707101-SG), Workstation ...) + TODO: check CVE-2017-4923 (VMware vCenter Server (6.5 prior to 6.5 U1) contains an information ...) NOT-FOR-US: VMware CVE-2017-4922 (VMware vCenter Server (6.5 prior to 6.5 U1) contains an information ...) @@ -35788,8 +35821,7 @@ NOT-FOR-US: Juniper CVE-2017-2300 (On Juniper Networks SRX Series Services Gateways chassis clusters ...) NOT-FOR-US: Juniper -CVE-2017-2299 [Possible TLS trust misconfiguration in puppetlabs-apache] - RESERVED +CVE-2017-2299 (Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 ...) - puppet-module-puppetlabs-apache <unfixed> NOTE: https://puppet.com/security/cve/CVE-2017-2299 CVE-2017-2298 (The mcollective-sshkey-security plugin before 0.5.1 for Puppet uses a ...) @@ -38634,8 +38666,8 @@ NOTE: For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch NOTE: For Ruby 2.2.7: https://bugs.ruby-lang.org/attachments/download/6690/rubygems-2613-ruby22.patch NOTE: Not considered a vulnerability per se, if this affects a terminal emulator it's a bug there -CVE-2017-0898 - RESERVED +CVE-2017-0898 (Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a leakage of its ...) + TODO: check CVE-2017-0897 (ExpressionEngine version 2.x < 2.11.8 and version 3.x < 3.5.5 create ...) NOT-FOR-US: ExpressionEngine CVE-2017-0896 (Zulip Server 1.5.1 and below suffer from an error in the ...) @@ -92582,8 +92614,8 @@ NOT-FOR-US: Android CVE-2015-1528 (Integer overflow in the native_handle_create function in ...) NOT-FOR-US: Android -CVE-2015-1527 - RESERVED +CVE-2015-1527 (Integer overflow in IAudioPolicyService.cpp in Android allows local ...) + TODO: check CVE-2015-1526 RESERVED CVE-2015-1525 @@ -96403,8 +96435,8 @@ NOT-FOR-US: Open-Xchange CVE-2014-9464 (SQL injection vulnerability in Category.php in Microweber CMS 0.95 ...) NOT-FOR-US: Microweber CMS -CVE-2014-9463 - RESERVED +CVE-2014-9463 (functions_vbseo_hook.php in the VBSEO module for vBulletin allows ...) + TODO: check CVE-2014-9462 (The _validaterepo function in sshpeer in Mercurial before 3.2.4 allows ...) {DSA-3257-1 DLA-237-1} - mercurial 3.4-1 (bug #783237) @@ -99124,11 +99156,11 @@ CVE-2015-0167 (Cross-site scripting (XSS) vulnerability in textAngular-sanitize.js in ...) NOT-FOR-US: textAngular CVE-2015-0166 - RESERVED + REJECTED CVE-2015-0165 - RESERVED + REJECTED CVE-2015-0164 - RESERVED + REJECTED CVE-2015-0163 RESERVED CVE-2015-0162 @@ -99235,8 +99267,8 @@ NOT-FOR-US: IBM Rational CVE-2015-0111 RESERVED -CVE-2015-0110 - RESERVED +CVE-2015-0110 (IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and ...) + TODO: check CVE-2015-0109 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...) NOT-FOR-US: IBM CVE-2015-0108 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...) @@ -102819,8 +102851,8 @@ NOTE: http://svn.apache.org/viewvc?view=revision&revision=1645644 (7.x) CVE-2014-7809 (Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable ...) - libstruts1.2-java <not-affected> (Struts 2.0.0 through to Struts 2.3.16.3) -CVE-2014-7808 - RESERVED +CVE-2014-7808 (Apache Wicket before 1.5.13, 6.x before 6.19.0, and 7.x before ...) + TODO: check CVE-2014-7807 (Apache CloudStack 4.3.x before 4.3.2 and 4.4.x before 4.4.2 allows ...) NOT-FOR-US: Apache CloudStack CVE-2014-7806 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits