Author: sectracker
Date: 2017-11-21 09:10:26 +0000 (Tue, 21 Nov 2017)
New Revision: 57884
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-11-21 01:55:04 UTC (rev 57883)
+++ data/CVE/list 2017-11-21 09:10:26 UTC (rev 57884)
@@ -1,3 +1,25 @@
+CVE-2017-16919 (MapOS 3.1.11 and earlier has a Stored Cross-site Scripting
(XSS) ...)
+ TODO: check
+CVE-2017-16918
+ RESERVED
+CVE-2017-16917
+ RESERVED
+CVE-2017-16916
+ RESERVED
+CVE-2017-16915
+ RESERVED
+CVE-2017-16914
+ RESERVED
+CVE-2017-16913
+ RESERVED
+CVE-2017-16912
+ RESERVED
+CVE-2017-16911
+ RESERVED
+CVE-2017-16910
+ RESERVED
+CVE-2017-16909
+ RESERVED
CVE-2017-16908 (In Horde Groupware 5.2.19, there is XSS via the Name field
during ...)
- php-horde <undetermined>
NOTE: http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html
@@ -233,6 +255,7 @@
NOTE: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1257
NOTE:
https://git.nlnetlabs.nl/ldns/commit/?id=3bdeed02505c9bbacb3b64a97ddcb1de967153b7
CVE-2017-1000231 (A double-free vulnerability in parse.c in ldns 1.7.0 have
unspecified ...)
+ {DLA-1182-1}
- ldns <unfixed> (bug #882015)
NOTE: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1256
NOTE:
https://git.nlnetlabs.nl/ldns/commit/?id=c8391790c96d4c8a2c10f9ab1460fda83b509fc2
@@ -539,8 +562,8 @@
NOT-FOR-US: Yoast SEO plugin for WordPress
CVE-2017-16841 (LanSweeper 6.0.100.75 has XSS via the description parameter to
...)
NOT-FOR-US: LanSweeper
-CVE-2017-16840
- RESERVED
+CVE-2017-16840 (The VC-2 Video Compression encoder in FFmpeg 3.4 allows remote
...)
+ TODO: check
CVE-2017-16839
RESERVED
CVE-2017-16838
@@ -2006,7 +2029,7 @@
RESERVED
CVE-2017-16250
RESERVED
-CVE-2017-16249 (The Debut embedded http server 1.20 contains a remotely
exploitable ...)
+CVE-2017-16249 (The Debut embedded http server contains a remotely exploitable
denial ...)
NOT-FOR-US: Debut embedded http server
CVE-2017-16247
RESERVED
@@ -14103,10 +14126,10 @@
RESERVED
CVE-2017-12112
RESERVED
-CVE-2017-12111
- RESERVED
-CVE-2017-12110
- RESERVED
+CVE-2017-12111 (An exploitable out-of-bounds vulnerability exists in the
xls_addCell ...)
+ TODO: check
+CVE-2017-12110 (An exploitable integer overflow vulnerability exists in the
...)
+ TODO: check
CVE-2017-12109
RESERVED
CVE-2017-12108
@@ -42330,8 +42353,8 @@
TODO: check smplayer, embeds it
CVE-2017-2920 (An memory corruption vulnerability exists in the .SVG parsing
...)
NOT-FOR-US: Computerinsel Photoline
-CVE-2017-2919
- RESERVED
+CVE-2017-2919 (An exploitable stack based buffer overflow vulnerability exists
in the ...)
+ TODO: check
CVE-2017-2918
RESERVED
CVE-2017-2917 (An exploitable vulnerability exists in the notifications
functionality ...)
@@ -42375,10 +42398,10 @@
RESERVED
CVE-2017-2898 (An exploitable vulnerability exists in the signature
verification of ...)
NOT-FOR-US: Circle with Disney
-CVE-2017-2897
- RESERVED
-CVE-2017-2896
- RESERVED
+CVE-2017-2897 (An exploitable out-of-bounds write vulnerability exists in the
...)
+ TODO: check
+CVE-2017-2896 (An exploitable out-of-bounds write vulnerability exists in the
...)
+ TODO: check
CVE-2017-2895 (An exploitable arbitrary memory read vulnerability exists in
the MQTT ...)
NOT-FOR-US: Cesanta Mongoose
TODO: check smplayer, embeds it
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
