Author: sectracker Date: 2017-10-17 21:10:15 +0000 (Tue, 17 Oct 2017) New Revision: 56787
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-10-17 20:45:06 UTC (rev 56786) +++ data/CVE/list 2017-10-17 21:10:15 UTC (rev 56787) @@ -1,3 +1,51 @@ +CVE-2017-15538 (Stored XSS vulnerability in the Media Objects component of ILIAS before ...) + TODO: check +CVE-2017-15536 + RESERVED +CVE-2017-15535 + RESERVED +CVE-2017-15534 + RESERVED +CVE-2017-15533 + RESERVED +CVE-2017-15532 + RESERVED +CVE-2017-15531 + RESERVED +CVE-2017-15530 + RESERVED +CVE-2017-15529 + RESERVED +CVE-2017-15528 + RESERVED +CVE-2017-15527 + RESERVED +CVE-2017-15526 + RESERVED +CVE-2017-15525 + RESERVED +CVE-2017-15524 + RESERVED +CVE-2017-15523 + RESERVED +CVE-2017-15522 + RESERVED +CVE-2017-15521 + RESERVED +CVE-2017-15520 + RESERVED +CVE-2017-15519 + RESERVED +CVE-2017-15518 + RESERVED +CVE-2017-15517 + RESERVED +CVE-2017-15516 + RESERVED +CVE-2017-15515 + RESERVED +CVE-2017-15514 + RESERVED CVE-2017-XXXX [Multiple XSS vulnerabilities] - redmine <unfixed> NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories @@ -41,7 +89,7 @@ - redmine 3.2.3-1 NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories NOTE: upstream fixed in 3.2.3 -CVE-2017-15537 [x86/fpu: Don't let userspace set bogus xcomp_bv] +CVE-2017-15537 (The x86/fpu (Floating Point Unit) subsystem in the Linux kernel before ...) - linux <unfixed> [jessie] - linux <not-affected> (Vulnerable code introduced later) [wheezy] - linux <not-affected> (Vulnerable code introduced later) @@ -6315,25 +6363,21 @@ RESERVED CVE-2017-13089 RESERVED -CVE-2017-13088 - RESERVED +CVE-2017-13088 (Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows ...) {DSA-3999-1} - wpa 2:2.4-1.1 NOTE: https://w1.fi/security/2017-1/ -CVE-2017-13087 - RESERVED +CVE-2017-13087 (Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows ...) {DSA-3999-1} - wpa 2:2.4-1.1 NOTE: https://w1.fi/security/2017-1/ -CVE-2017-13086 - RESERVED +CVE-2017-13086 (Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the ...) {DSA-3999-1} - wpa 2:2.4-1.1 NOTE: https://w1.fi/security/2017-1/ CVE-2017-13085 RESERVED -CVE-2017-13084 - RESERVED +CVE-2017-13084 (Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the ...) - wpa <unfixed> (unimportant) NOTE: From https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt NOTE: As far as the related CVE-2017-13084 (reinstallation of the STK key in @@ -6344,28 +6388,23 @@ NOTE: for IEEE 802.11e DLS is obsolete and not known to have been deployed. CVE-2017-13083 RESERVED -CVE-2017-13082 - RESERVED +CVE-2017-13082 (Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r ...) {DSA-3999-1} - wpa 2:2.4-1.1 NOTE: https://w1.fi/security/2017-1/ -CVE-2017-13081 - RESERVED +CVE-2017-13081 (Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w ...) {DSA-3999-1} - wpa 2:2.4-1.1 NOTE: https://w1.fi/security/2017-1/ -CVE-2017-13080 - RESERVED +CVE-2017-13080 (Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the ...) {DSA-3999-1} - wpa 2:2.4-1.1 NOTE: https://w1.fi/security/2017-1/ -CVE-2017-13079 - RESERVED +CVE-2017-13079 (Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w ...) {DSA-3999-1} - wpa 2:2.4-1.1 NOTE: https://w1.fi/security/2017-1/ -CVE-2017-13078 - RESERVED +CVE-2017-13078 (Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the ...) {DSA-3999-1} - wpa 2:2.4-1.1 NOTE: https://w1.fi/security/2017-1/ @@ -7585,9 +7624,9 @@ {DLA-1117-1} - opencv <unfixed> (bug #875342) NOTE: https://github.com/opencv/opencv/issues/9370 -CVE-2017-12861 (The Epson "EasyMP" software (tested on version 2.86) is designed to ...) +CVE-2017-12861 (The Epson "EasyMP" software is designed to remotely stream a users ...) NOT-FOR-US: Epson "EasyMP" -CVE-2017-12860 (The Epson "EasyMP" software (tested on version 2.86) is designed to ...) +CVE-2017-12860 (The Epson "EasyMP" software is designed to remotely stream a users ...) NOT-FOR-US: Epson "EasyMP" CVE-2017-12859 (NetApp Data ONTAP before 8.2.5, when operating in 7-Mode in NFS ...) NOT-FOR-US: NetApp @@ -19153,8 +19192,7 @@ RESERVED CVE-2017-8806 RESERVED -CVE-2017-8805 [Unsafe symlinks not filtered in Debian mirror script ftpsync] - RESERVED +CVE-2017-8805 (Debian ftpsync before 20171017 does not use the rsync --safe-links ...) - archvsync 20171017 NOTE: http://www.openwall.com/lists/oss-security/2017/10/17/2 NOTE: https://anonscm.debian.org/cgit/mirror/archvsync.git/commit/?id=d1ca2ab2210990b6dfb664cd6776a41b71c48016 @@ -27189,8 +27227,8 @@ RESERVED CVE-2017-6274 RESERVED -CVE-2017-6273 - RESERVED +CVE-2017-6273 (NVIDIA ADSP Firmware contains a vulnerability in the ADSP Loader ...) + TODO: check CVE-2017-6272 (NVIDIA GPU Display Driver contains a vulnerability in the kernel mode ...) [experimental] - nvidia-graphics-drivers 384.90-1 - nvidia-graphics-drivers <unfixed> (bug #876414) @@ -29545,8 +29583,8 @@ RESERVED CVE-2017-5532 RESERVED -CVE-2017-5531 - RESERVED +CVE-2017-5531 (Deployments of TIBCO Managed File Transfer Command Center versions ...) + TODO: check CVE-2017-5530 RESERVED CVE-2017-5529 (JasperReports library components contain an information disclosure ...) @@ -34486,14 +34524,14 @@ NOT-FOR-US: Lenovo LXCA CVE-2017-3762 RESERVED -CVE-2017-3761 - RESERVED -CVE-2017-3760 - RESERVED -CVE-2017-3759 - RESERVED -CVE-2017-3758 - RESERVED +CVE-2017-3761 (The Lenovo Service Framework Android application executes some system ...) + TODO: check +CVE-2017-3760 (The Lenovo Service Framework Android application uses a set of ...) + TODO: check +CVE-2017-3759 (The Lenovo Service Framework Android application accepts some ...) + TODO: check +CVE-2017-3758 (Improper access controls on several Android components in the Lenovo ...) + TODO: check CVE-2017-3757 (An unquoted service path vulnerability was identified in the driver ...) NOT-FOR-US: Lenovo CVE-2017-3756 (A privilege escalation vulnerability was identified in Lenovo Active ...) @@ -77836,8 +77874,8 @@ NOT-FOR-US: vBulletin CVE-2015-7807 RESERVED -CVE-2015-7806 - RESERVED +CVE-2015-7806 (Eval injection vulnerability in the fm_saveHelperGatherItems function ...) + TODO: check CVE-2015-7805 (Heap-based buffer overflow in libsndfile 1.0.25 allows remote ...) {DLA-928-1 DLA-356-1} - libsndfile 1.0.25-10 (bug #804445) @@ -87143,8 +87181,8 @@ RESERVED CVE-2015-4458 (The TLS implementation in the Cavium cryptographic-module firmware, as ...) NOT-FOR-US: Cisco -CVE-2014-9733 - RESERVED +CVE-2014-9733 (nw.js before 0.11.5 can simulate user input events in a normal frame, ...) + TODO: check CVE-2015-4603 (The exception::getTraceAsString function in Zend/zend_exceptions.c in ...) - php5 5.6.9+dfsg-1 [jessie] - php5 5.6.9+dfsg-0+deb8u1 @@ -93682,8 +93720,8 @@ NOTE: Fixed by https://github.com/mantisbt/mantisbt/commit/d95f070d (1.2.x) NOTE: http://article.gmane.org/gmane.comp.security.oss.general/15022 NOTE: https://www.mantisbt.org/bugs/view.php?id=19493 -CVE-2014-9697 - RESERVED +CVE-2014-9697 (Huawei USG9560/9520/9580 before V300R001C01SPC300 allows remote ...) + TODO: check CVE-2014-9696 (The Hyper Module Management (HMM) software of Huawei Tecal E9000 ...) NOT-FOR-US: Huawei CVE-2014-9695 (The Hyper Module Management (HMM) software of Huawei Tecal E9000 ...) @@ -95680,11 +95718,9 @@ NOT-FOR-US: Google Email application for Android CVE-2013-7425 RESERVED -CVE-2014-9678 - RESERVED +CVE-2014-9678 (FlexPaperViewer.swf in Flexpaper before 2.3.1 allows remote attackers ...) NOT-FOR-US: FlexPaper -CVE-2014-9677 - RESERVED +CVE-2014-9677 (Cross-site scripting (XSS) vulnerability in FlexPaperViewer.swf in ...) NOT-FOR-US: FlexPaper CVE-2015-1593 (The stack randomization feature in the Linux kernel before 3.19.1 on ...) {DSA-3170-1 DLA-155-1} @@ -99848,11 +99884,9 @@ - libquvi 0.4.1-3 (low; bug #774555) [wheezy] - libquvi <no-dsa> (Minor issue) [squeeze] - libquvi <no-dsa> (Minor issue) -CVE-2014-9489 - RESERVED +CVE-2014-9489 (The gollum-grit_adapter Ruby gem dependency in gollum before 3.1.1 and ...) NOT-FOR-US: Gollum wiki -CVE-2014-9487 - RESERVED +CVE-2014-9487 (The getid3 library in MediaWiki before 1.24.1, 1.23.8, 1.22.15 and ...) NOT-FOR-US: Mediawiki extension not packaged in src:mediawiki-extensions CVE-2014-9481 RESERVED @@ -101432,8 +101466,7 @@ NOT-FOR-US: Subrion CMS CVE-2014-9119 (Directory traversal vulnerability in download.php in the DB Backup ...) NOT-FOR-US: WordPress plugin db-backup -CVE-2014-9118 - RESERVED +CVE-2014-9118 (The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 ...) NOT-FOR-US: ZHONE Router CVE-2014-9115 (SQL injection vulnerability in the rate_picture function in ...) - piwigo <removed> @@ -104336,8 +104369,7 @@ NOT-FOR-US: Huawei Mobile Partner for Windows CVE-2014-8358 RESERVED -CVE-2014-8357 - RESERVED +CVE-2014-8357 (backupsettings.html in the web administrative portal in Zhone zNID ...) NOT-FOR-US: ZHONE Router CVE-2014-8356 RESERVED @@ -104388,13 +104420,11 @@ NOT-FOR-US: EspoCRM CVE-2014-8329 (Schrack Technik microControl with firmware before 1.7.0 (937) stores ...) NOT-FOR-US: Schrack Technik microControl -CVE-2014-8324 [net_get missing check for invalid values] - RESERVED +CVE-2014-8324 (network.c in Aircrack-ng before 1.2 Beta 3 allows remote attackers to ...) - aircrack-ng 1:1.2-0~beta3-2 (bug #767979) NOTE: https://github.com/aircrack-ng/aircrack-ng/commit/88702a3ce4c28a973bf69023cd0312f412f6193e NOTE: https://github.com/aircrack-ng/aircrack-ng/pull/16 -CVE-2014-8323 [buddy-ng missing checkin data format] - RESERVED +CVE-2014-8323 (buddy-ng.c in Aircrack-ng before 1.2 Beta 3 allows remote attackers to ...) - aircrack-ng 1:1.2-0~beta3-2 (bug #767979) NOTE: https://github.com/aircrack-ng/aircrack-ng/commit/da087238963c1239fdabd47dc1b65279605aca70 NOTE: https://github.com/aircrack-ng/aircrack-ng/pull/15 @@ -118886,8 +118916,8 @@ NOT-FOR-US: ZOHO ManageEngine OpStor CVE-2014-2666 RESERVED -CVE-2014-2664 - RESERVED +CVE-2014-2664 (Unrestricted file upload vulnerability in the ...) + TODO: check CVE-2014-2663 RESERVED CVE-2014-2662 @@ -120009,8 +120039,7 @@ NOT-FOR-US: SeedDMS CVE-2014-2278 (Unrestricted file upload vulnerability in op/op.AddFile2.php in ...) NOT-FOR-US: SeedDMS -CVE-2014-2277 [insecure temporary file usage] - RESERVED +CVE-2014-2277 (The make_temporary_filename function in perltidy 20120701-1 and ...) - perltidy 20130922-1 (bug #740670) [wheezy] - perltidy <no-dsa> (Minor issue) [squeeze] - perltidy <no-dsa> (Minor issue) @@ -128615,7 +128644,7 @@ CVE-2013-6356 REJECTED CVE-2013-6355 - RESERVED + REJECTED CVE-2013-6354 RESERVED CVE-2013-6353 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits