Author: sectracker Date: 2017-09-22 21:10:17 +0000 (Fri, 22 Sep 2017) New Revision: 56032
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-09-22 21:07:22 UTC (rev 56031) +++ data/CVE/list 2017-09-22 21:10:17 UTC (rev 56032) @@ -1,3 +1,35 @@ +CVE-2017-14717 (In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks ...) + TODO: check +CVE-2017-14716 (In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Title ...) + TODO: check +CVE-2017-14715 (In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Alerts ...) + TODO: check +CVE-2017-14714 (In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls ...) + TODO: check +CVE-2017-14713 (In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls ...) + TODO: check +CVE-2017-14712 (In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Phonecall ...) + TODO: check +CVE-2017-14711 + RESERVED +CVE-2017-14710 + RESERVED +CVE-2017-14709 + RESERVED +CVE-2017-14708 + RESERVED +CVE-2017-14707 + RESERVED +CVE-2017-14706 (DenyAll WAF before 6.4.1 allows unauthenticated remote attackers to ...) + TODO: check +CVE-2017-14705 (DenyAll WAF before 6.4.1 allows unauthenticated remote command ...) + TODO: check +CVE-2017-14704 + RESERVED +CVE-2017-14703 + RESERVED +CVE-2017-14702 + RESERVED CVE-2017-XXXX [Cross-site scripting (XSS) vulnerability in the link modal] - wordpress 4.8.2+dfsg-1 (bug #876274) CVE-2017-XXXX [Cross-site scripting (XSS) vulnerability in template names] @@ -30,8 +62,8 @@ RESERVED CVE-2017-14695 RESERVED -CVE-2017-14694 - RESERVED +CVE-2017-14694 (Foxit Reader 8.3.2.25013 allows attackers to execute arbitrary code or ...) + TODO: check CVE-2017-14693 (IrfanView 4.44 - 32bit allows attackers to cause a denial of service or ...) NOT-FOR-US: IrfanView CVE-2017-14692 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...) @@ -1685,14 +1717,14 @@ RESERVED CVE-2017-14082 RESERVED -CVE-2017-14081 - RESERVED -CVE-2017-14080 - RESERVED -CVE-2017-14079 - RESERVED -CVE-2017-14078 - RESERVED +CVE-2017-14081 (Proxy command injection vulnerabilities in Trend Micro Mobile Security ...) + TODO: check +CVE-2017-14080 (Authentication bypass vulnerability in Trend Micro Mobile Security ...) + TODO: check +CVE-2017-14079 (Unrestricted file uploads in Trend Micro Mobile Security (Enterprise) ...) + TODO: check +CVE-2017-14078 (SQL Injection vulnerabilities in Trend Micro Mobile Security ...) + TODO: check CVE-2017-14098 (In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17.1 ...) - asterisk 1:13.17.1~dfsg-1 (bug #873909) [stretch] - asterisk <not-affected> (Vulnerable code not present; issue introduced in 13.15) @@ -9136,10 +9168,10 @@ RESERVED CVE-2017-11397 RESERVED -CVE-2017-11396 - RESERVED -CVE-2017-11395 - RESERVED +CVE-2017-11396 (Vulnerability issues with the web service inspection of input ...) + TODO: check +CVE-2017-11395 (Command injection vulnerability in Trend Micro Smart Protection Server ...) + TODO: check CVE-2017-11394 (Proxy command injection vulnerability in Trend Micro OfficeScan 11 and ...) NOT-FOR-US: Trend Micro CVE-2017-11393 (Proxy command injection vulnerability in Trend Micro OfficeScan 11 and ...) @@ -14724,8 +14756,8 @@ RESERVED CVE-2017-9394 RESERVED -CVE-2017-9393 - RESERVED +CVE-2017-9393 (CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote ...) + TODO: check CVE-2017-9392 RESERVED CVE-2017-9391 @@ -24137,6 +24169,7 @@ CVE-2017-6421 (In the touch controller function in all Qualcomm products with Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-6420 (The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows ...) + {DLA-1105-1} - clamav 0.99.3~beta1+dfsg-1 [stretch] - clamav <no-dsa> (Gets updated via -updates) [jessie] - clamav <no-dsa> (Gets updated via -updates) @@ -24155,6 +24188,7 @@ NOTE: src:clamav source package. NOTE: libmspack: https://github.com/kyz/libmspack/commit/6139a0b9e93fcb7fcf423e56aa825bc869e02229 CVE-2017-6418 (libclamav/message.c in ClamAV 0.99.2 allows remote attackers to cause a ...) + {DLA-1105-1} - clamav 0.99.3~beta1+dfsg-1 [stretch] - clamav <no-dsa> (Gets updated via -updates) [jessie] - clamav <no-dsa> (Gets updated via -updates) @@ -24296,7 +24330,7 @@ CVE-2017-6363 RESERVED CVE-2017-6362 (Double free vulnerability in the gdImagePngPtr function in libgd2 ...) - {DSA-3961-1} + {DSA-3961-1 DLA-1106-1} - libgd2 2.2.5-1 NOTE: https://github.com/libgd/libgd/issues/381 NOTE: https://github.com/libgd/libgd/commit/56ce6ef068b954ad28379e83cca04feefc51320c @@ -24609,8 +24643,8 @@ RESERVED CVE-2017-6278 RESERVED -CVE-2017-6277 - RESERVED +CVE-2017-6277 (NVIDIA Windows GPU Display Driver contains a vulnerability in the ...) + TODO: check CVE-2017-6276 RESERVED CVE-2017-6275 @@ -24619,28 +24653,25 @@ RESERVED CVE-2017-6273 RESERVED -CVE-2017-6272 - RESERVED +CVE-2017-6272 (NVIDIA GPU Display Driver contains a vulnerability in the kernel mode ...) - nvidia-graphics-drivers <unfixed> (bug #876414) - nvidia-graphics-drivers-legacy-340xx <undetermined> - nvidia-graphics-drivers-legacy-304xx <undetermined> NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/4544 -CVE-2017-6271 - RESERVED -CVE-2017-6270 - RESERVED -CVE-2017-6269 - RESERVED -CVE-2017-6268 - RESERVED -CVE-2017-6267 - RESERVED +CVE-2017-6271 (NVIDIA Windows GPU Display Driver contains a vulnerability in the ...) + TODO: check +CVE-2017-6270 (NVIDIA Windows GPU Display Driver contains a vulnerability in the ...) + TODO: check +CVE-2017-6269 (NVIDIA Windows GPU Display Driver contains a vulnerability in the ...) + TODO: check +CVE-2017-6268 (NVIDIA Windows GPU Display Driver contains a vulnerability in the ...) + TODO: check +CVE-2017-6267 (NVIDIA GPU Display Driver contains a vulnerability in the kernel mode ...) - nvidia-graphics-drivers <unfixed> (bug #876414) - nvidia-graphics-drivers-legacy-340xx <undetermined> - nvidia-graphics-drivers-legacy-304xx <undetermined> NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/4544 -CVE-2017-6266 - RESERVED +CVE-2017-6266 (NVIDIA GPU Display Driver contains a vulnerability in the kernel mode ...) - nvidia-graphics-drivers <unfixed> (bug #876414) - nvidia-graphics-drivers-legacy-340xx <undetermined> - nvidia-graphics-drivers-legacy-304xx <undetermined> @@ -31873,8 +31904,8 @@ RESERVED CVE-2017-3771 RESERVED -CVE-2017-3770 - RESERVED +CVE-2017-3770 (Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 ...) + TODO: check CVE-2017-3769 RESERVED CVE-2017-3768 @@ -31887,8 +31918,8 @@ RESERVED CVE-2017-3764 RESERVED -CVE-2017-3763 - RESERVED +CVE-2017-3763 (An attacker who obtains access to the location where the LXCA file ...) + TODO: check CVE-2017-3762 RESERVED CVE-2017-3761 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits