Author: sectracker Date: 2017-10-19 21:10:19 +0000 (Thu, 19 Oct 2017) New Revision: 56879
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-10-19 19:03:30 UTC (rev 56878) +++ data/CVE/list 2017-10-19 21:10:19 UTC (rev 56879) @@ -1,3 +1,15 @@ +CVE-2017-15642 (In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is ...) + TODO: check +CVE-2017-15641 + RESERVED +CVE-2017-15640 + RESERVED +CVE-2017-15639 (tasks/feed/readRSS.cfm in Mura CMS before 6.2 allows attackers to ...) + TODO: check +CVE-2017-15638 + RESERVED +CVE-2012-6707 (WordPress through 4.8.2 uses a weak MD5-based password hashing ...) + TODO: check CVE-2017-15637 RESERVED CVE-2017-15636 @@ -1364,6 +1376,7 @@ NOTE: https://pagure.io/koji/c/ba7b5a3cbed11ade11c3af5e834c9a6de4f6d7c3 CVE-2017-1000256 [LSN-2017-0002: TLS certificate verification disabled for clients] RESERVED + {DSA-4003-1} - libvirt 3.8.0-3 (bug #878799) [jessie] - libvirt <not-affected> (Vulnerable code introduced later) [wheezy] - libvirt <not-affected> (Vulnerable code introduced later) @@ -8684,8 +8697,8 @@ NOT-FOR-US: Electron CVE-2017-12580 RESERVED -CVE-2017-12579 - RESERVED +CVE-2017-12579 (An insecure suid wrapper binary in the HashiCorp Vagrant VMware Fusion ...) + TODO: check CVE-2017-12578 RESERVED CVE-2017-12577 @@ -13365,8 +13378,8 @@ RESERVED CVE-2017-10956 RESERVED -CVE-2017-10955 - RESERVED +CVE-2017-10955 (This vulnerability allows remote attackers to execute arbitrary code ...) + TODO: check CVE-2017-10954 RESERVED CVE-2017-10953 @@ -15142,133 +15155,126 @@ RESERVED CVE-2017-10429 RESERVED -CVE-2017-10428 - RESERVED +CVE-2017-10428 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...) - virtualbox 5.1.30-dfsg-1 [jessie] - virtualbox <end-of-life> (DSA-3699-1) [wheezy] - virtualbox <end-of-life> (DSA 3454) -CVE-2017-10427 - RESERVED -CVE-2017-10426 - RESERVED -CVE-2017-10425 - RESERVED -CVE-2017-10424 - RESERVED -CVE-2017-10423 - RESERVED -CVE-2017-10422 - RESERVED -CVE-2017-10421 - RESERVED -CVE-2017-10420 - RESERVED -CVE-2017-10419 - RESERVED -CVE-2017-10418 - RESERVED -CVE-2017-10417 - RESERVED -CVE-2017-10416 - RESERVED -CVE-2017-10415 - RESERVED -CVE-2017-10414 - RESERVED -CVE-2017-10413 - RESERVED -CVE-2017-10412 - RESERVED -CVE-2017-10411 - RESERVED -CVE-2017-10410 - RESERVED -CVE-2017-10409 - RESERVED -CVE-2017-10408 - RESERVED +CVE-2017-10427 (Vulnerability in the Oracle Retail Xstore Point of Service component ...) + TODO: check +CVE-2017-10426 (Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle ...) + TODO: check +CVE-2017-10425 (Vulnerability in the Oracle Hospitality Simphony component of Oracle ...) + TODO: check +CVE-2017-10424 (Vulnerability in the MySQL Enterprise Monitor component of Oracle ...) + TODO: check +CVE-2017-10423 (Vulnerability in the Oracle Retail Back Office component of Oracle ...) + TODO: check +CVE-2017-10422 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...) + TODO: check +CVE-2017-10421 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle ...) + TODO: check +CVE-2017-10420 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle ...) + TODO: check +CVE-2017-10419 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle ...) + TODO: check +CVE-2017-10418 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of ...) + TODO: check +CVE-2017-10417 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) + TODO: check +CVE-2017-10416 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) + TODO: check +CVE-2017-10415 (Vulnerability in the Oracle iSupport component of Oracle E-Business ...) + TODO: check +CVE-2017-10414 (Vulnerability in the Oracle iStore component of Oracle E-Business ...) + TODO: check +CVE-2017-10413 (Vulnerability in the Oracle Mobile Field Service component of Oracle ...) + TODO: check +CVE-2017-10412 (Vulnerability in the Oracle Knowledge Management component of Oracle ...) + TODO: check +CVE-2017-10411 (Vulnerability in the Oracle Knowledge Management component of Oracle ...) + TODO: check +CVE-2017-10410 (Vulnerability in the Oracle Knowledge Management component of Oracle ...) + TODO: check +CVE-2017-10409 (Vulnerability in the Oracle iStore component of Oracle E-Business ...) + TODO: check +CVE-2017-10408 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...) - virtualbox 5.1.30-dfsg-1 [jessie] - virtualbox <end-of-life> (DSA-3699-1) [wheezy] - virtualbox <end-of-life> (DSA 3454) -CVE-2017-10407 - RESERVED +CVE-2017-10407 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...) - virtualbox 5.1.30-dfsg-1 [jessie] - virtualbox <end-of-life> (DSA-3699-1) [wheezy] - virtualbox <end-of-life> (DSA 3454) -CVE-2017-10406 - RESERVED -CVE-2017-10405 - RESERVED -CVE-2017-10404 - RESERVED -CVE-2017-10403 - RESERVED -CVE-2017-10402 - RESERVED -CVE-2017-10401 - RESERVED -CVE-2017-10400 - RESERVED -CVE-2017-10399 - RESERVED -CVE-2017-10398 - RESERVED -CVE-2017-10397 - RESERVED -CVE-2017-10396 - RESERVED -CVE-2017-10395 - RESERVED -CVE-2017-10394 - RESERVED -CVE-2017-10393 - RESERVED -CVE-2017-10392 - RESERVED +CVE-2017-10406 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...) + TODO: check +CVE-2017-10405 (Vulnerability in the Oracle Hospitality Reporting and Analytics ...) + TODO: check +CVE-2017-10404 (Vulnerability in the Oracle Hospitality Reporting and Analytics ...) + TODO: check +CVE-2017-10403 (Vulnerability in the Oracle Hospitality Reporting and Analytics ...) + TODO: check +CVE-2017-10402 (Vulnerability in the Oracle Hospitality Reporting and Analytics ...) + TODO: check +CVE-2017-10401 (Vulnerability in the Oracle Hospitality Cruise Materials Management ...) + TODO: check +CVE-2017-10400 (Vulnerability in the Oracle GlassFish Server component of Oracle ...) + TODO: check +CVE-2017-10399 (Vulnerability in the Oracle Hospitality Cruise Fleet Management ...) + TODO: check +CVE-2017-10398 (Vulnerability in the Oracle Hospitality Cruise Fleet Management ...) + TODO: check +CVE-2017-10397 (Vulnerability in the Oracle Hospitality Cruise Fleet Management ...) + TODO: check +CVE-2017-10396 (Vulnerability in the Oracle Hospitality Cruise AffairWhere component ...) + TODO: check +CVE-2017-10395 (Vulnerability in the Oracle Hospitality Cruise Fleet Management ...) + TODO: check +CVE-2017-10394 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...) + TODO: check +CVE-2017-10393 (Vulnerability in the Oracle GlassFish Server component of Oracle ...) + TODO: check +CVE-2017-10392 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...) - virtualbox 5.1.30-dfsg-1 [jessie] - virtualbox <end-of-life> (DSA-3699-1) [wheezy] - virtualbox <end-of-life> (DSA 3454) -CVE-2017-10391 - RESERVED +CVE-2017-10391 (Vulnerability in the Oracle GlassFish Server component of Oracle ...) + TODO: check CVE-2017-10390 RESERVED -CVE-2017-10389 - RESERVED -CVE-2017-10388 - RESERVED +CVE-2017-10389 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle ...) + TODO: check +CVE-2017-10388 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...) - openjdk-9 <unfixed> - openjdk-8 <unfixed> - openjdk-7 <removed> - openjdk-6 <removed> [wheezy] - openjdk-6 <end-of-life> -CVE-2017-10387 - RESERVED -CVE-2017-10386 - RESERVED +CVE-2017-10387 (Vulnerability in the Oracle CRM Technical Foundation component of ...) + TODO: check +CVE-2017-10386 (Vulnerability in the Java Advanced Management Console component of ...) NOT-FOR-US: Java Advanced Management Console -CVE-2017-10385 - RESERVED -CVE-2017-10384 - RESERVED +CVE-2017-10385 (Vulnerability in the Oracle GlassFish Server component of Oracle ...) + TODO: check +CVE-2017-10384 (Vulnerability in the MySQL Server component of Oracle MySQL ...) + {DSA-4002-1 DLA-1141-1} - mysql-5.7 <unfixed> (bug #878398) - mysql-5.5 <removed> (bug #878402) NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL -CVE-2017-10383 - RESERVED -CVE-2017-10382 - RESERVED -CVE-2017-10381 - RESERVED -CVE-2017-10380 - RESERVED +CVE-2017-10383 (Vulnerability in the Oracle Hospitality Guest Access component of ...) + TODO: check +CVE-2017-10382 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...) + TODO: check +CVE-2017-10381 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...) + TODO: check +CVE-2017-10380 (Vulnerability in the Java Advanced Management Console component of ...) NOT-FOR-US: Java Advanced Management Console -CVE-2017-10379 - RESERVED +CVE-2017-10379 (Vulnerability in the MySQL Server component of Oracle MySQL ...) + {DSA-4002-1 DLA-1141-1} - mysql-5.7 <unfixed> (bug #878398) - mysql-5.5 <removed> (bug #878402) NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL -CVE-2017-10378 - RESERVED +CVE-2017-10378 (Vulnerability in the MySQL Server component of Oracle MySQL ...) + {DSA-4002-1 DLA-1141-1} - mysql-5.7 <not-affected> (Fixed before initial release to Debian, upstream 5.7.12) - mysql-5.5 <removed> (bug #878402) NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL @@ -15276,248 +15282,227 @@ RESERVED CVE-2017-10376 RESERVED -CVE-2017-10375 - RESERVED +CVE-2017-10375 (Vulnerability in the Oracle Hospitality Guest Access component of ...) + TODO: check CVE-2017-10374 RESERVED -CVE-2017-10373 - RESERVED -CVE-2017-10372 - RESERVED +CVE-2017-10373 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of ...) + TODO: check +CVE-2017-10372 (Vulnerability in the Oracle Hospitality Guest Access component of ...) + TODO: check CVE-2017-10371 RESERVED -CVE-2017-10370 - RESERVED -CVE-2017-10369 - RESERVED -CVE-2017-10368 - RESERVED -CVE-2017-10367 - RESERVED -CVE-2017-10366 - RESERVED -CVE-2017-10365 - RESERVED +CVE-2017-10370 (Vulnerability in the Oracle Hospitality Guest Access component of ...) + TODO: check +CVE-2017-10369 (Vulnerability in the Oracle Virtual Directory component of Oracle ...) + TODO: check +CVE-2017-10368 (Vulnerability in the PeopleSoft Enterprise SCM eProcurement component ...) + TODO: check +CVE-2017-10367 (Vulnerability in the Oracle Hospitality Simphony component of Oracle ...) + TODO: check +CVE-2017-10366 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of ...) + TODO: check +CVE-2017-10365 (Vulnerability in the MySQL Server component of Oracle MySQL ...) - mysql-5.7 <unfixed> (bug #878398) - mysql-5.5 <not-affected> (Only affects MySQL 5.7) NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL -CVE-2017-10364 - RESERVED -CVE-2017-10363 - RESERVED -CVE-2017-10362 - RESERVED -CVE-2017-10361 - RESERVED -CVE-2017-10360 - RESERVED -CVE-2017-10359 - RESERVED -CVE-2017-10358 - RESERVED -CVE-2017-10357 - RESERVED +CVE-2017-10364 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...) + TODO: check +CVE-2017-10363 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...) + TODO: check +CVE-2017-10362 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...) + TODO: check +CVE-2017-10361 (Vulnerability in the Oracle Hospitality Cruise Shipboard Property ...) + TODO: check +CVE-2017-10360 (Vulnerability in the Oracle WebCenter Content component of Oracle ...) + TODO: check +CVE-2017-10359 (Vulnerability in the Oracle Hyperion BI+ component of Oracle Hyperion ...) + TODO: check +CVE-2017-10358 (Vulnerability in the Oracle Hyperion Financial Reporting component of ...) + TODO: check +CVE-2017-10357 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...) - openjdk-9 <unfixed> - openjdk-8 <unfixed> - openjdk-7 <removed> - openjdk-6 <removed> [wheezy] - openjdk-6 <end-of-life> -CVE-2017-10356 - RESERVED +CVE-2017-10356 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...) - openjdk-9 <unfixed> - openjdk-8 <unfixed> - openjdk-7 <removed> - openjdk-6 <removed> [wheezy] - openjdk-6 <end-of-life> -CVE-2017-10355 - RESERVED +CVE-2017-10355 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...) - openjdk-9 <unfixed> - openjdk-8 <unfixed> - openjdk-7 <removed> - openjdk-6 <removed> [wheezy] - openjdk-6 <end-of-life> -CVE-2017-10354 - RESERVED -CVE-2017-10353 - RESERVED -CVE-2017-10352 - RESERVED -CVE-2017-10351 - RESERVED -CVE-2017-10350 - RESERVED +CVE-2017-10354 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub ...) + TODO: check +CVE-2017-10353 (Vulnerability in the Oracle Hospitality Hotel Mobile component of ...) + TODO: check +CVE-2017-10352 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...) + TODO: check +CVE-2017-10351 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of ...) + TODO: check +CVE-2017-10350 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...) - openjdk-9 <unfixed> - openjdk-8 <unfixed> - openjdk-7 <removed> -CVE-2017-10349 - RESERVED +CVE-2017-10349 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...) - openjdk-9 <unfixed> - openjdk-8 <unfixed> - openjdk-7 <removed> - openjdk-6 <removed> [wheezy] - openjdk-6 <end-of-life> -CVE-2017-10348 - RESERVED +CVE-2017-10348 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...) - openjdk-9 <unfixed> - openjdk-8 <unfixed> - openjdk-7 <removed> - openjdk-6 <removed> [wheezy] - openjdk-6 <end-of-life> -CVE-2017-10347 - RESERVED +CVE-2017-10347 (Vulnerability in the Java SE, JRockit component of Oracle Java SE ...) - openjdk-9 <unfixed> - openjdk-8 <unfixed> - openjdk-7 <removed> - openjdk-6 <removed> [wheezy] - openjdk-6 <end-of-life> -CVE-2017-10346 - RESERVED +CVE-2017-10346 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...) - openjdk-9 <unfixed> - openjdk-8 <unfixed> - openjdk-7 <removed> - openjdk-6 <removed> [wheezy] - openjdk-6 <end-of-life> -CVE-2017-10345 - RESERVED +CVE-2017-10345 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...) - openjdk-9 <unfixed> - openjdk-8 <unfixed> - openjdk-7 <removed> - openjdk-6 <removed> [wheezy] - openjdk-6 <end-of-life> -CVE-2017-10344 - RESERVED -CVE-2017-10343 - RESERVED -CVE-2017-10342 - RESERVED +CVE-2017-10344 (Vulnerability in the Oracle Hospitality Simphony component of Oracle ...) + TODO: check +CVE-2017-10343 (Vulnerability in the Oracle Hospitality Simphony component of Oracle ...) + TODO: check +CVE-2017-10342 (Vulnerability in the Java Advanced Management Console component of ...) NOT-FOR-US: Java Advanced Management Console -CVE-2017-10341 - RESERVED +CVE-2017-10341 (Vulnerability in the Java Advanced Management Console component of ...) NOT-FOR-US: Java Advanced Management Console -CVE-2017-10340 - RESERVED -CVE-2017-10339 - RESERVED -CVE-2017-10338 - RESERVED -CVE-2017-10337 - RESERVED -CVE-2017-10336 - RESERVED -CVE-2017-10335 - RESERVED -CVE-2017-10334 - RESERVED -CVE-2017-10333 - RESERVED -CVE-2017-10332 - RESERVED -CVE-2017-10331 - RESERVED -CVE-2017-10330 - RESERVED -CVE-2017-10329 - RESERVED -CVE-2017-10328 - RESERVED -CVE-2017-10327 - RESERVED -CVE-2017-10326 - RESERVED -CVE-2017-10325 - RESERVED -CVE-2017-10324 - RESERVED -CVE-2017-10323 - RESERVED -CVE-2017-10322 - RESERVED -CVE-2017-10321 - RESERVED -CVE-2017-10320 - RESERVED +CVE-2017-10340 (Vulnerability in the Oracle Hospitality Simphony component of Oracle ...) + TODO: check +CVE-2017-10339 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle ...) + TODO: check +CVE-2017-10338 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub ...) + TODO: check +CVE-2017-10337 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle ...) + TODO: check +CVE-2017-10336 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...) + TODO: check +CVE-2017-10335 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of ...) + TODO: check +CVE-2017-10334 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...) + TODO: check +CVE-2017-10333 (Vulnerability in the Siebel UI Framework component of Oracle Siebel ...) + TODO: check +CVE-2017-10332 (Vulnerability in the Oracle Universal Work Queue component of Oracle ...) + TODO: check +CVE-2017-10331 (Vulnerability in the Oracle Application Object Library component of ...) + TODO: check +CVE-2017-10330 (Vulnerability in the Oracle Common Applications component of Oracle ...) + TODO: check +CVE-2017-10329 (Vulnerability in the Oracle Global Order Promising component of Oracle ...) + TODO: check +CVE-2017-10328 (Vulnerability in the Oracle Application Object Library component of ...) + TODO: check +CVE-2017-10327 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...) + TODO: check +CVE-2017-10326 (Vulnerability in the Oracle Common Applications Calendar component of ...) + TODO: check +CVE-2017-10325 (Vulnerability in the Oracle Common Applications Calendar component of ...) + TODO: check +CVE-2017-10324 (Vulnerability in the Oracle Applications Technology Stack component of ...) + TODO: check +CVE-2017-10323 (Vulnerability in the Oracle Web Applications Desktop Integrator ...) + TODO: check +CVE-2017-10322 (Vulnerability in the Oracle Common Applications Calendar component of ...) + TODO: check +CVE-2017-10321 (Vulnerability in the Core RDBMS component of Oracle Database Server. ...) + TODO: check +CVE-2017-10320 (Vulnerability in the MySQL Server component of Oracle MySQL ...) - mysql-5.7 <unfixed> (bug #878398) - mysql-5.5 <not-affected> (Only affects MySQL 5.7) NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL -CVE-2017-10319 - RESERVED -CVE-2017-10318 - RESERVED -CVE-2017-10317 - RESERVED -CVE-2017-10316 - RESERVED -CVE-2017-10315 - RESERVED -CVE-2017-10314 - RESERVED +CVE-2017-10319 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle ...) + TODO: check +CVE-2017-10318 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle ...) + TODO: check +CVE-2017-10317 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle ...) + TODO: check +CVE-2017-10316 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle ...) + TODO: check +CVE-2017-10315 (Vulnerability in the Siebel UI Framework component of Oracle Siebel ...) + TODO: check +CVE-2017-10314 (Vulnerability in the MySQL Server component of Oracle MySQL ...) - mysql-5.7 <unfixed> (bug #878398) - mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7) NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL -CVE-2017-10313 - RESERVED +CVE-2017-10313 (Vulnerability in the MySQL Server component of Oracle MySQL ...) - mysql-5.7 <unfixed> (bug #878398) - mysql-5.5 <not-affected> (Only affects MySQL 5.7) NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL -CVE-2017-10312 - RESERVED -CVE-2017-10311 - RESERVED +CVE-2017-10312 (Vulnerability in the Oracle Hyperion BI+ component of Oracle Hyperion ...) + TODO: check +CVE-2017-10311 (Vulnerability in the MySQL Server component of Oracle MySQL ...) - mysql-5.7 <unfixed> (bug #878398) - mysql-5.5 <not-affected> (Only affects MySQL 5.7) NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL -CVE-2017-10310 - RESERVED -CVE-2017-10309 - RESERVED +CVE-2017-10310 (Vulnerability in the Oracle Hyperion Financial Reporting component of ...) + TODO: check +CVE-2017-10309 (Vulnerability in the Java SE component of Oracle Java SE ...) - openjdk-9 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java) -CVE-2017-10308 - RESERVED +CVE-2017-10308 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...) + TODO: check CVE-2017-10307 RESERVED -CVE-2017-10306 - RESERVED +CVE-2017-10306 (Vulnerability in the PeopleSoft Enterprise HCM component of Oracle ...) + TODO: check CVE-2017-10305 RESERVED -CVE-2017-10304 - RESERVED -CVE-2017-10303 - RESERVED -CVE-2017-10302 - RESERVED +CVE-2017-10304 (Vulnerability in the PeopleSoft Enterprise HCM component of Oracle ...) + TODO: check +CVE-2017-10303 (Vulnerability in the Oracle Interaction Center Intelligence component ...) + TODO: check +CVE-2017-10302 (Vulnerability in the Siebel UI Framework component of Oracle Siebel ...) + TODO: check CVE-2017-10301 RESERVED -CVE-2017-10300 - RESERVED -CVE-2017-10299 - RESERVED +CVE-2017-10300 (Vulnerability in the Siebel CRM Desktop component of Oracle Siebel CRM ...) + TODO: check +CVE-2017-10299 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...) + TODO: check CVE-2017-10298 RESERVED CVE-2017-10297 RESERVED -CVE-2017-10296 - RESERVED +CVE-2017-10296 (Vulnerability in the MySQL Server component of Oracle MySQL ...) - mysql-5.7 <unfixed> (bug #878398) - mysql-5.5 <not-affected> (Only affects MySQL 5.7) NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL -CVE-2017-10295 - RESERVED +CVE-2017-10295 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...) - openjdk-9 <unfixed> - openjdk-8 <unfixed> - openjdk-7 <removed> - openjdk-6 <removed> [wheezy] - openjdk-6 <end-of-life> -CVE-2017-10294 - RESERVED +CVE-2017-10294 (Vulnerability in the MySQL Server component of Oracle MySQL ...) - mysql-5.7 <unfixed> (bug #878398) - mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7) NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL -CVE-2017-10293 - RESERVED +CVE-2017-10293 (Vulnerability in the Java SE component of Oracle Java SE ...) TODO: probably specific to Oracle Java -CVE-2017-10292 - RESERVED +CVE-2017-10292 (Vulnerability in the RDBMS Security component of Oracle Database ...) + TODO: check CVE-2017-10291 RESERVED CVE-2017-10290 @@ -15526,59 +15511,51 @@ RESERVED CVE-2017-10288 RESERVED -CVE-2017-10287 - RESERVED -CVE-2017-10286 - RESERVED +CVE-2017-10287 (Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle ...) + TODO: check +CVE-2017-10286 (Vulnerability in the MySQL Server component of Oracle MySQL ...) - mysql-5.7 <unfixed> (bug #878398) - mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7) NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL -CVE-2017-10285 - RESERVED +CVE-2017-10285 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...) - openjdk-9 <unfixed> - openjdk-8 <unfixed> - openjdk-7 <removed> - openjdk-6 <removed> [wheezy] - openjdk-6 <end-of-life> -CVE-2017-10284 - RESERVED +CVE-2017-10284 (Vulnerability in the MySQL Server component of Oracle MySQL ...) - mysql-5.7 <unfixed> (bug #878398) - mysql-5.5 <not-affected> (Only affects MySQL 5.7) NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL -CVE-2017-10283 - RESERVED +CVE-2017-10283 (Vulnerability in the MySQL Server component of Oracle MySQL ...) - mysql-5.7 <unfixed> (bug #878398) - mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7) NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL CVE-2017-10282 RESERVED -CVE-2017-10281 - RESERVED +CVE-2017-10281 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...) - openjdk-9 <unfixed> - openjdk-8 <unfixed> - openjdk-7 <removed> - openjdk-6 <removed> [wheezy] - openjdk-6 <end-of-life> -CVE-2017-10280 - RESERVED -CVE-2017-10279 - RESERVED +CVE-2017-10280 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...) + TODO: check +CVE-2017-10279 (Vulnerability in the MySQL Server component of Oracle MySQL ...) - mysql-5.7 <unfixed> (bug #878398) - mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7) NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL CVE-2017-10278 RESERVED -CVE-2017-10277 - RESERVED -CVE-2017-10276 - RESERVED +CVE-2017-10277 (Vulnerability in the MySQL Connectors component of Oracle MySQL ...) + TODO: check +CVE-2017-10276 (Vulnerability in the MySQL Server component of Oracle MySQL ...) - mysql-5.7 <unfixed> (bug #878398) - mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7) NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL -CVE-2017-10275 - RESERVED -CVE-2017-10274 - RESERVED +CVE-2017-10275 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of ...) + TODO: check +CVE-2017-10274 (Vulnerability in the Java SE component of Oracle Java SE ...) - openjdk-9 <unfixed> - openjdk-8 <unfixed> - openjdk-7 <removed> @@ -15588,14 +15565,14 @@ RESERVED CVE-2017-10272 RESERVED -CVE-2017-10271 - RESERVED -CVE-2017-10270 - RESERVED +CVE-2017-10271 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...) + TODO: check +CVE-2017-10270 (Vulnerability in the Oracle Identity Manager Connector component of ...) + TODO: check CVE-2017-10269 RESERVED -CVE-2017-10268 - RESERVED +CVE-2017-10268 (Vulnerability in the MySQL Server component of Oracle MySQL ...) + {DSA-4002-1 DLA-1141-1} - mysql-5.7 <unfixed> (bug #878398) - mysql-5.5 <removed> (bug #878402) NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL @@ -15603,20 +15580,20 @@ RESERVED CVE-2017-10266 RESERVED -CVE-2017-10265 - RESERVED -CVE-2017-10264 - RESERVED -CVE-2017-10263 - RESERVED +CVE-2017-10265 (Vulnerability in the Oracle Integrated Lights Out Manager (ILOM) ...) + TODO: check +CVE-2017-10264 (Vulnerability in the Siebel UI Framework component of Oracle Siebel ...) + TODO: check +CVE-2017-10263 (Vulnerability in the Siebel UI Framework component of Oracle Siebel ...) + TODO: check CVE-2017-10262 RESERVED -CVE-2017-10261 - RESERVED -CVE-2017-10260 - RESERVED -CVE-2017-10259 - RESERVED +CVE-2017-10261 (Vulnerability in the XML Database component of Oracle Database Server. ...) + TODO: check +CVE-2017-10260 (Vulnerability in the Oracle Integrated Lights Out Manager (ILOM) ...) + TODO: check +CVE-2017-10259 (Vulnerability in the Oracle Access Manager component of Oracle Fusion ...) + TODO: check CVE-2017-10258 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub ...) NOT-FOR-US: PeopleSoft CVE-2017-10257 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub ...) @@ -15702,8 +15679,7 @@ NOT-FOR-US: Oracle CVE-2017-10228 (Vulnerability in the Oracle Hospitality Cruise Shipboard Property ...) NOT-FOR-US: Oracle -CVE-2017-10227 - RESERVED +CVE-2017-10227 (Vulnerability in the MySQL Server component of Oracle MySQL ...) - mysql-5.7 <unfixed> (bug #878398) - mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7) NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL @@ -15759,8 +15735,8 @@ - virtualbox 5.1.24-dfsg-1 [jessie] - virtualbox <end-of-life> (DSA-3699-1) [wheezy] - virtualbox <end-of-life> (DSA 3454) -CVE-2017-10203 - RESERVED +CVE-2017-10203 (Vulnerability in the MySQL Connectors component of Oracle MySQL ...) + TODO: check CVE-2017-10202 (Vulnerability in the OJVM component of Oracle Database Server. ...) NOT-FOR-US: Oracle CVE-2017-10201 (Vulnerability in the Oracle Hospitality e7 component of Oracle ...) @@ -15775,14 +15751,14 @@ - openjdk-7 <removed> - openjdk-6 <removed> [wheezy] - openjdk-6 <end-of-life> -CVE-2017-10197 - RESERVED +CVE-2017-10197 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services ...) + TODO: check CVE-2017-10196 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle CVE-2017-10195 (Vulnerability in the Oracle Hospitality Simphony component of Oracle ...) NOT-FOR-US: Oracle -CVE-2017-10194 - RESERVED +CVE-2017-10194 (Vulnerability in the Oracle Integrated Lights Out Manager (ILOM) ...) + TODO: check CVE-2017-10193 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...) {DSA-3954-1 DSA-3919-1 DLA-1073-1} - openjdk-8 8u141-b15-1 @@ -15793,8 +15769,8 @@ NOT-FOR-US: Oracle CVE-2017-10191 (Vulnerability in the Oracle Web Analytics component of Oracle ...) NOT-FOR-US: Oracle -CVE-2017-10190 - RESERVED +CVE-2017-10190 (Vulnerability in the Java VM component of Oracle Database Server. ...) + TODO: check CVE-2017-10189 (Vulnerability in the Hospitality Suite8 component of Oracle ...) NOT-FOR-US: Oracle CVE-2017-10188 (Vulnerability in the Hospitality Hotel Mobile component of Oracle ...) @@ -15844,48 +15820,44 @@ NOT-FOR-US: Oracle CVE-2017-10168 (Vulnerability in the Hospitality Hotel Mobile component of Oracle ...) NOT-FOR-US: Oracle -CVE-2017-10167 - RESERVED +CVE-2017-10167 (Vulnerability in the MySQL Server component of Oracle MySQL ...) - mysql-5.7 <unfixed> (bug #878398) - mysql-5.5 <not-affected> (Only affects MySQL 5.7) NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL -CVE-2017-10166 - RESERVED -CVE-2017-10165 - RESERVED +CVE-2017-10166 (Vulnerability in the Oracle Security Service component of Oracle ...) + TODO: check +CVE-2017-10165 (Vulnerability in the MySQL Server component of Oracle MySQL ...) - mysql-5.7 <unfixed> (bug #878398) - mysql-5.5 <not-affected> (Only affects MySQL 5.7) NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL -CVE-2017-10164 - RESERVED -CVE-2017-10163 - RESERVED -CVE-2017-10162 - RESERVED -CVE-2017-10161 - RESERVED +CVE-2017-10164 (Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle ...) + TODO: check +CVE-2017-10163 (Vulnerability in the Oracle Business Intelligence Enterprise Edition ...) + TODO: check +CVE-2017-10162 (Vulnerability in the Siebel Core - Server Framework component of ...) + TODO: check +CVE-2017-10161 (Vulnerability in the Oracle Engineering Data Management component of ...) + TODO: check CVE-2017-10160 (Vulnerability in the Primavera P6 Enterprise Project Portfolio ...) NOT-FOR-US: Primavera -CVE-2017-10159 - RESERVED -CVE-2017-10158 - RESERVED +CVE-2017-10159 (Vulnerability in the Oracle Communications Policy Management component ...) + TODO: check +CVE-2017-10158 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...) + TODO: check CVE-2017-10157 (Vulnerability in the BI Publisher component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2017-10156 (Vulnerability in the BI Publisher component of Oracle Fusion ...) NOT-FOR-US: Oracle -CVE-2017-10155 - RESERVED +CVE-2017-10155 (Vulnerability in the MySQL Server component of Oracle MySQL ...) - mysql-5.7 <unfixed> (bug #878398) - mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7) NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL -CVE-2017-10154 - RESERVED +CVE-2017-10154 (Vulnerability in the Oracle Access Manager component of Oracle Fusion ...) NOT-FOR-US: Java Advanced Management Console -CVE-2017-10153 - RESERVED -CVE-2017-10152 - RESERVED +CVE-2017-10153 (Vulnerability in the Oracle Communications WebRTC Session Controller ...) + TODO: check +CVE-2017-10152 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...) + TODO: check CVE-2017-10151 RESERVED CVE-2017-10150 (Vulnerability in the Primavera Unifier component of Oracle Primavera ...) @@ -16066,8 +16038,8 @@ [wheezy] - openjdk-6 <end-of-life> CVE-2017-10100 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub ...) NOT-FOR-US: Oracle -CVE-2017-10099 - RESERVED +CVE-2017-10099 (Vulnerability in the SPARC M7, T7, S7 based Servers component of ...) + TODO: check CVE-2017-10098 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...) NOT-FOR-US: Oracle CVE-2017-10097 (Vulnerability in the Oracle Hospitality Reporting and Analytics ...) @@ -16135,8 +16107,8 @@ CVE-2017-10078 (Vulnerability in the Java SE component of Oracle Java SE ...) {DSA-3919-1} - openjdk-8 8u141-b15-1 -CVE-2017-10077 - RESERVED +CVE-2017-10077 (Vulnerability in the Oracle Applications DBA component of Oracle ...) + TODO: check CVE-2017-10076 (Vulnerability in the Oracle Hospitality Simphony First Edition Venue ...) NOT-FOR-US: Oracle CVE-2017-10075 (Vulnerability in the Oracle WebCenter Content component of Oracle ...) @@ -16167,10 +16139,10 @@ - openjdk-7 <removed> - openjdk-6 <removed> [wheezy] - openjdk-6 <end-of-life> -CVE-2017-10066 - RESERVED -CVE-2017-10065 - RESERVED +CVE-2017-10066 (Vulnerability in the Oracle Applications Technology Stack component of ...) + TODO: check +CVE-2017-10065 (Vulnerability in the Oracle Retail Point-of-Service component of ...) + TODO: check CVE-2017-10064 (Vulnerability in the Hospitality WebSuite8 Cloud Service component of ...) NOT-FOR-US: Oracle CVE-2017-10063 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...) @@ -16179,8 +16151,8 @@ NOT-FOR-US: Oracle CVE-2017-10061 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...) NOT-FOR-US: Oracle -CVE-2017-10060 - RESERVED +CVE-2017-10060 (Vulnerability in the Oracle Business Intelligence Enterprise Edition ...) + TODO: check CVE-2017-10059 (Vulnerability in the BI Publisher component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2017-10058 (Vulnerability in the Oracle Business Intelligence Enterprise Edition ...) @@ -16189,10 +16161,10 @@ NOT-FOR-US: Oracle CVE-2017-10056 (Vulnerability in the Oracle Hospitality 9700 component of Oracle ...) NOT-FOR-US: Oracle -CVE-2017-10055 - RESERVED -CVE-2017-10054 - RESERVED +CVE-2017-10055 (Vulnerability in the Oracle iPlanet Web Server component of Oracle ...) + TODO: check +CVE-2017-10054 (Vulnerability in the Oracle Hospitality Cruise Materials Management ...) + TODO: check CVE-2017-10053 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...) {DSA-3954-1 DSA-3919-1 DLA-1073-1} - openjdk-8 8u141-b15-1 @@ -16202,10 +16174,10 @@ [wheezy] - openjdk-6 <end-of-life> CVE-2017-10052 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...) NOT-FOR-US: Oracle -CVE-2017-10051 - RESERVED -CVE-2017-10050 - RESERVED +CVE-2017-10051 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) + TODO: check +CVE-2017-10050 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle ...) + TODO: check CVE-2017-10049 (Vulnerability in the Siebel Core CRM component of Oracle Siebel CRM ...) NOT-FOR-US: Oracle CVE-2017-10048 (Vulnerability in the Oracle Enterprise Repository component of Oracle ...) @@ -16230,16 +16202,16 @@ NOT-FOR-US: Oracle CVE-2017-10038 (Vulnerability in the Primavera P6 Enterprise Project Portfolio ...) NOT-FOR-US: Oracle -CVE-2017-10037 - RESERVED +CVE-2017-10037 (Vulnerability in the Oracle BI Publisher component of Oracle Fusion ...) + TODO: check CVE-2017-10036 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...) NOT-FOR-US: Oracle CVE-2017-10035 (Vulnerability in the BI Publisher component of Oracle Fusion ...) NOT-FOR-US: Oracle -CVE-2017-10034 - RESERVED -CVE-2017-10033 - RESERVED +CVE-2017-10034 (Vulnerability in the Oracle BI Publisher component of Oracle Fusion ...) + TODO: check +CVE-2017-10033 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...) + TODO: check CVE-2017-10032 (Vulnerability in the Oracle Transportation Management component of ...) NOT-FOR-US: Oracle CVE-2017-10031 (Vulnerability in the Oracle Communications Convergence component of ...) @@ -16252,8 +16224,8 @@ NOT-FOR-US: Oracle CVE-2017-10027 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...) NOT-FOR-US: Oracle -CVE-2017-10026 - RESERVED +CVE-2017-10026 (Vulnerability in the Oracle SOA Suite component of Oracle Fusion ...) + TODO: check CVE-2017-10025 (Vulnerability in the BI Publisher component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2017-10024 (Vulnerability in the BI Publisher component of Oracle Fusion ...) @@ -16276,8 +16248,8 @@ NOT-FOR-US: Oracle CVE-2017-10015 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...) NOT-FOR-US: Oracle -CVE-2017-10014 - RESERVED +CVE-2017-10014 (Vulnerability in the Oracle Hospitality Hotel Mobile component of ...) + TODO: check CVE-2017-10013 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of ...) NOT-FOR-US: Oracle CVE-2017-10012 (Vulnerability in the Oracle FLEXCUBE Private Banking component of ...) @@ -29614,11 +29586,9 @@ {DSA-3871-1 DLA-986-1} - zookeeper 3.4.9-3 (bug #863811) NOTE: https://issues.apache.org/jira/browse/ZOOKEEPER-2693 -CVE-2017-5636 - RESERVED +CVE-2017-5636 (In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster ...) NOT-FOR-US: Apache NiFi -CVE-2017-5635 - RESERVED +CVE-2017-5635 (In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster ...) NOT-FOR-US: Apache NiFi CVE-2017-5634 (The Norwegian Air Shuttle (aka norwegian.com) airline kiosk allows ...) NOT-FOR-US: Norwegian @@ -35904,8 +35874,8 @@ CVE-2017-3589 (Vulnerability in the MySQL Connectors component of Oracle MySQL ...) {DSA-3857-1 DLA-945-1} - mysql-connector-java 5.1.42-1 -CVE-2017-3588 - RESERVED +CVE-2017-3588 (Vulnerability in the Solaris Cluster component of Oracle Sun Systems ...) + TODO: check CVE-2017-3587 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...) - virtualbox 5.1.20-dfsg-1 [jessie] - virtualbox <end-of-life> (DSA-3699-1) @@ -36270,12 +36240,12 @@ RESERVED CVE-2017-3447 REJECTED -CVE-2017-3446 - RESERVED -CVE-2017-3445 - RESERVED -CVE-2017-3444 - RESERVED +CVE-2017-3446 (Vulnerability in the Oracle Trade Management component of Oracle ...) + TODO: check +CVE-2017-3445 (Vulnerability in the Oracle Trade Management component of Oracle ...) + TODO: check +CVE-2017-3444 (Vulnerability in the Oracle Trade Management component of Oracle ...) + TODO: check CVE-2017-3443 (Vulnerability in the Oracle Common Applications component of Oracle ...) NOT-FOR-US: Oracle CVE-2017-3442 (Vulnerability in the Oracle Customer Interaction History component of ...) @@ -47093,8 +47063,8 @@ RESERVED CVE-2016-8749 (Apache Camel's Jackson and JacksonXML unmarshalling operation are ...) NOT-FOR-US: Apache Camel -CVE-2016-8748 - RESERVED +CVE-2016-8748 (In Apache NiFi before 1.0.1 and 1.1.x before 1.1.1, there is a ...) + TODO: check CVE-2016-8747 (An information disclosure issue was discovered in Apache Tomcat 8.5.7 ...) - tomcat8 8.5.9-1 [jessie] - tomcat8 <not-affected> (Only affects 8.5.7 to 8.5.9) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits