Author: sectracker Date: 2017-10-20 21:10:31 +0000 (Fri, 20 Oct 2017) New Revision: 56897
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-10-20 19:40:58 UTC (rev 56896) +++ data/CVE/list 2017-10-20 21:10:31 UTC (rev 56897) @@ -1,3 +1,45 @@ +CVE-2017-15690 + RESERVED +CVE-2017-15689 + RESERVED +CVE-2017-15688 + RESERVED +CVE-2017-15687 + RESERVED +CVE-2017-15686 + RESERVED +CVE-2017-15685 + RESERVED +CVE-2017-15684 + RESERVED +CVE-2017-15683 + RESERVED +CVE-2017-15682 + RESERVED +CVE-2017-15681 + RESERVED +CVE-2017-15680 + RESERVED +CVE-2017-15679 + RESERVED +CVE-2017-15678 + RESERVED +CVE-2017-15677 + RESERVED +CVE-2017-15676 + RESERVED +CVE-2017-15675 + RESERVED +CVE-2017-15674 + RESERVED +CVE-2017-15673 + RESERVED +CVE-2017-15672 + RESERVED +CVE-2017-15671 (The glob function in glob.c in the GNU C Library (aka glibc or libc6) ...) + TODO: check +CVE-2017-15670 (The GNU C Library (aka glibc or libc6) before 2.27 contains an ...) + TODO: check CVE-2017-15669 RESERVED CVE-2017-15668 @@ -845,8 +887,8 @@ NOT-FOR-US: SAP CVE-2017-15292 RESERVED -CVE-2017-15291 - RESERVED +CVE-2017-15291 (Cross-site scripting (XSS) vulnerability in the Wireless MAC Filtering ...) + TODO: check CVE-2017-15290 (Mirasys Video Management System (VMS) 6.x before 6.4.6, 7.x before ...) NOT-FOR-US: Mirasys Video Management System CVE-2017-15594 (An issue was discovered in Xen through 4.9.x allowing x86 SVM PV guest ...) @@ -1900,8 +1942,8 @@ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22166 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bd61e135492ecf624880e6b78e5fcde3c9716df6 NOTE: https://blogs.gentoo.org/ago/2017/09/26/binutils-memory-allocation-failure-in-_bfd_elf_slurp_version_tables-elf-c/ -CVE-2017-14937 - RESERVED +CVE-2017-14937 (The airbag detonation algorithm allows injury to passenger-car ...) + TODO: check CVE-2017-14936 RESERVED CVE-2016-10512 (MultiTech FaxFinder before 4.1.2 stores Passwords unencrypted for ...) @@ -6588,8 +6630,8 @@ NOT-FOR-US: ZKTeco ZKTime Web CVE-2017-13128 RESERVED -CVE-2017-13127 - RESERVED +CVE-2017-13127 (The VIP.com application for IOS and Android allows remote attackers to ...) + TODO: check CVE-2017-13126 RESERVED CVE-2017-13125 @@ -8601,8 +8643,7 @@ NOTE: http://lucene.472066.n3.nabble.com/Re-Several-critical-vulnerabilities-discovered-in-Apache-Solr-XXE-amp-RCE-tt4358355.html NOTE: Patch removing RunExecutableListener: https://github.com/apache/lucene-solr/commit/7b313bb597a6d1f78773dc9c00f484c078a46c25 NOTE: Patch disallowing XXE: https://github.com/apache/lucene-solr/commit/926cc4d65b6d2cc40ff07f76d50ddeda947e3cc4 -CVE-2017-12628 - RESERVED +CVE-2017-12628 (The JMX server embedded in Apache James, also used by the command line ...) NOT-FOR-US: Apache James CVE-2017-12627 RESERVED @@ -16038,6 +16079,7 @@ - openjdk-6 <removed> [wheezy] - openjdk-6 <end-of-life> CVE-2017-10114 (Vulnerability in the Java SE component of Oracle Java SE ...) + {DSA-4005-1} - openjfx 8u141-b14-1 (low; bug #870860) CVE-2017-10113 (Vulnerability in the Oracle Common Applications component of Oracle ...) NOT-FOR-US: Oracle @@ -16145,6 +16187,7 @@ - openjdk-6 <removed> [wheezy] - openjdk-6 <end-of-life> CVE-2017-10086 (Vulnerability in the Java SE component of Oracle Java SE ...) + {DSA-4005-1} - openjfx 8u141-b14-1 (low; bug #870860) CVE-2017-10085 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...) NOT-FOR-US: Oracle @@ -27990,8 +28033,8 @@ RESERVED CVE-2017-6166 RESERVED -CVE-2017-6165 - RESERVED +CVE-2017-6165 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link ...) + TODO: check CVE-2017-6164 RESERVED CVE-2017-6163 @@ -28030,16 +28073,16 @@ NOT-FOR-US: F5 BIG-IP CVE-2017-6146 RESERVED -CVE-2017-6145 - RESERVED -CVE-2017-6144 - RESERVED +CVE-2017-6145 (iControl REST in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, ...) + TODO: check +CVE-2017-6144 (In F5 BIG-IP PEM 12.1.0 through 12.1.2 when downloading the Type ...) + TODO: check CVE-2017-6143 RESERVED CVE-2017-6142 RESERVED -CVE-2017-6141 - RESERVED +CVE-2017-6141 (In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, and ...) + TODO: check CVE-2017-6140 RESERVED CVE-2017-6139 @@ -39967,12 +40010,12 @@ NOT-FOR-US: WP Statistics CVE-2017-2134 (Cross-site scripting vulnerability in ASSETBASE 8.0 and earlier allows ...) NOT-FOR-US: ASSETBASE -CVE-2017-2133 - RESERVED -CVE-2017-2132 - RESERVED -CVE-2017-2131 - RESERVED +CVE-2017-2133 (SQL injection vulnerability in Panasonic KX-HJB1000 Home unit devices ...) + TODO: check +CVE-2017-2132 (Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or ...) + TODO: check +CVE-2017-2131 (Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or ...) + TODO: check CVE-2017-2130 (Untrusted search path vulnerability in the installer of PhishWall ...) NOT-FOR-US: installer of PhishWall Client Internet Explorer CVE-2017-2129 @@ -129841,8 +129884,7 @@ CVE-2013-6050 (Integer overflow in Links before 2.8 allows remote attackers to cause ...) {DSA-2807-1} - links2 2.8-1 -CVE-2013-6049 [insecure temporary file creation] - RESERVED +CVE-2013-6049 (apt-listbugs before 0.1.10 creates temporary files insecurely, which ...) - apt-listbugs 0.1.10 (low) [squeeze] - apt-listbugs <no-dsa> (Minor issue) [wheezy] - apt-listbugs 0.1.8+deb7u1 @@ -172706,8 +172748,7 @@ NOT-FOR-US: Webmin CVE-2011-1936 (Xen, when using x86 Intel processors and the VMX virtualization ...) - linux-2.6 <not-affected> (Only affected the old Xen kernel patch from 2.6.18/2.6.26) -CVE-2011-1935 [packet truncation in libpcap] - RESERVED +CVE-2011-1935 (pcap-linux.c in libpcap 1.1.1 before commit ...) - libpcap 1.1.1-4 (low; bug #623868) [squeeze] - libpcap 1.1.1-2+squeeze1 [lenny] - libpcap <not-affected> @@ -181379,8 +181420,7 @@ - openslp-dfsg 1.2.1-8 (low; bug #623551) [squeeze] - openslp-dfsg <no-dsa> (Minor issue) [lenny] - openslp-dfsg <no-dsa> (Minor issue) -CVE-2010-3659 [Multiple security issues] - RESERVED +CVE-2010-3659 (Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 CMS 4.1.x ...) {DSA-2098-1} - typo3-src 4.3.5-1 (bug #590719) CVE-2010-3660 [Multiple security issues] _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits