[Secure-testing-commits] r54378 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Mon Aug 7 09:10:15 UTC 2017
Author: sectracker
Date: 2017-08-07 09:10:14 +0000 (Mon, 07 Aug 2017)
New Revision: 54378
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-08-07 08:19:54 UTC (rev 54377)
+++ data/CVE/list 2017-08-07 09:10:14 UTC (rev 54378)
@@ -1,3 +1,27 @@
+CVE-2017-12606 (OpenCV (Open Source Computer Vision Library) through 3.3 has an ...)
+ TODO: check
+CVE-2017-12605 (OpenCV (Open Source Computer Vision Library) through 3.3 has an ...)
+ TODO: check
+CVE-2017-12604 (OpenCV (Open Source Computer Vision Library) through 3.3 has an ...)
+ TODO: check
+CVE-2017-12603 (OpenCV (Open Source Computer Vision Library) through 3.3 has an invalid ...)
+ TODO: check
+CVE-2017-12602 (OpenCV (Open Source Computer Vision Library) through 3.3 has a denial ...)
+ TODO: check
+CVE-2017-12601 (OpenCV (Open Source Computer Vision Library) through 3.3 has a buffer ...)
+ TODO: check
+CVE-2017-12600 (OpenCV (Open Source Computer Vision Library) through 3.3 has a denial ...)
+ TODO: check
+CVE-2017-12599 (OpenCV (Open Source Computer Vision Library) through 3.3 has an ...)
+ TODO: check
+CVE-2017-12598 (OpenCV (Open Source Computer Vision Library) through 3.3 has an ...)
+ TODO: check
+CVE-2017-12597 (OpenCV (Open Source Computer Vision Library) through 3.3 has an ...)
+ TODO: check
+CVE-2017-12596 (In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read ...)
+ TODO: check
+CVE-2017-12595
+ RESERVED
CVE-2017-12594
RESERVED
CVE-2017-12593
@@ -3460,6 +3484,7 @@
CVE-2017-11177
RESERVED
CVE-2017-11176 (The mq_notify function in the Linux kernel through 4.11.9 does not set ...)
+ {DSA-3927-1}
- linux 4.11.11-1
NOTE: Fixed by: https://git.kernel.org/linus/f991af3daabaecff34684fd51fac80319d1baad1
CVE-2017-11175
@@ -4635,6 +4660,7 @@
CVE-2017-10811
RESERVED
CVE-2017-10810 (Memory leak in the virtio_gpu_object_create function in ...)
+ {DSA-3927-1}
- linux 4.11.11-1 (low)
[jessie] - linux <not-affected> (Vulnerable code not present)
[wheezy] - linux <not-affected> (Vulnerable code not present)
@@ -7197,7 +7223,7 @@
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-217.html
CVE-2017-10911 (The make_response function in drivers/block/xen-blkback/blkback.c in ...)
- {DSA-3920-1}
+ {DSA-3927-1 DSA-3920-1}
- linux 4.11.11-1
- qemu 1:2.8+dfsg-7 (bug #869706)
NOTE: https://xenbits.xen.org/xsa/advisory-216.html
@@ -7253,6 +7279,7 @@
[stretch] - linux 4.9.30-2+deb9u1
NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
CVE-2017-1000365 (The Linux Kernel imposes a size restriction on the arguments and ...)
+ {DSA-3927-1}
- linux 4.11.11-1
NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
NOTE: Fixed by: https://git.kernel.org/linus/98da7d08850fb8bdeb395d6368ed15753304aa0c
@@ -7612,8 +7639,8 @@
RESERVED
CVE-2017-9648
RESERVED
-CVE-2017-9647
- RESERVED
+CVE-2017-9647 (A Stack-Based Buffer Overflow issue was discovered in the Continental ...)
+ TODO: check
CVE-2017-9646
RESERVED
CVE-2017-9645
@@ -7640,14 +7667,14 @@
RESERVED
CVE-2017-9634
RESERVED
-CVE-2017-9633
- RESERVED
-CVE-2017-9632
- RESERVED
+CVE-2017-9633 (An Improper Restriction of Operations within the Bounds of a Memory ...)
+ TODO: check
+CVE-2017-9632 (A Missing Encryption of Sensitive Data issue was discovered in PDQ ...)
+ TODO: check
CVE-2017-9631 (A Null Pointer Dereference issue was discovered in Schneider Electric ...)
NOT-FOR-US: Schneider Electric
-CVE-2017-9630
- RESERVED
+CVE-2017-9630 (An Improper Authentication issue was discovered in PDQ Manufacturing ...)
+ TODO: check
CVE-2017-9629 (A Stack-Based Buffer Overflow issue was discovered in Schneider ...)
NOT-FOR-US: Schneider Electric
CVE-2017-9628
@@ -7740,6 +7767,7 @@
CVE-2017-1000378 (The NetBSD qsort() function is recursive, and not randomized, an ...)
NOT-FOR-US: NetBSD
CVE-2017-9605 (The vmw_gb_surface_define_ioctl function (accessible via ...)
+ {DSA-3927-1}
- linux 4.11.6-1
[wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: http://www.openwall.com/lists/oss-security/2017/06/13/2
@@ -12507,24 +12535,24 @@
NOT-FOR-US: DMitry
CVE-2017-7937 (An Improper Authentication issue was discovered in Phoenix Contact GmbH ...)
NOT-FOR-US: Phoenix Contact
-CVE-2017-7936
- RESERVED
+CVE-2017-7936 (A stack-based buffer overflow issue was discovered in NXP i.MX 50, i.MX ...)
+ TODO: check
CVE-2017-7935 (A Resource Exhaustion issue was discovered in Phoenix Contact GmbH ...)
NOT-FOR-US: Phoenix Contact
CVE-2017-7934
RESERVED
CVE-2017-7933
RESERVED
-CVE-2017-7932
- RESERVED
+CVE-2017-7932 (An improper certificate validation issue was discovered in NXP i.MX 28 ...)
+ TODO: check
CVE-2017-7931
RESERVED
CVE-2017-7930
RESERVED
CVE-2017-7929 (An Absolute Path Traversal issue was discovered in Advantech WebAccess ...)
NOT-FOR-US: Advantech WebAccess
-CVE-2017-7928
- RESERVED
+CVE-2017-7928 (An Improper Access Control issue was discovered in Schweitzer ...)
+ TODO: check
CVE-2017-7927 (A Use of Password Hash Instead of Password for Authentication issue was ...)
NOT-FOR-US: Dahua
CVE-2017-7926
@@ -12539,16 +12567,16 @@
NOT-FOR-US: Cambium Networks ePMP
CVE-2017-7921 (An Improper Authentication issue was discovered in Hikvision ...)
NOT-FOR-US: Hikvision
-CVE-2017-7920
- RESERVED
+CVE-2017-7920 (An Improper Authentication issue was discovered in ABB VSN300 WiFi ...)
+ TODO: check
CVE-2017-7919 (An Improper Authentication issue was discovered in Newport XPS-Cx and ...)
NOT-FOR-US: Newport
CVE-2017-7918 (An Improper Access Control issue was discovered in Cambium Networks ...)
NOT-FOR-US: Cambium Networks ePMP
CVE-2017-7917 (A Cross-Site Request Forgery issue was discovered in Moxa OnCell ...)
NOT-FOR-US: Moxa
-CVE-2017-7916
- RESERVED
+CVE-2017-7916 (A Permissions, Privileges, and Access Controls issue was discovered in ...)
+ TODO: check
CVE-2017-7915 (An Improper Restriction of Excessive Authentication Attempts issue was ...)
NOT-FOR-US: Moxa
CVE-2017-7914 (A Missing Authorization issue was discovered in Rockwell Automation ...)
@@ -13904,9 +13932,11 @@
CVE-2017-7543
RESERVED
CVE-2017-7542 (The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux ...)
+ {DSA-3927-1}
- linux <unfixed>
NOTE: Fixed by: https://git.kernel.org/linus/6399f1fae4ec29fab5ec76070435555e256ca3a6
CVE-2017-7541 (The brcmf_cfg80211_mgmt_tx function in ...)
+ {DSA-3927-1}
- linux <unfixed>
[wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: Fixed by: https://git.kernel.org/linus/8f44c9a41386729fea410e688959ddaa9d51be7c
@@ -13934,6 +13964,7 @@
CVE-2017-7534
RESERVED
CVE-2017-7533 (Race condition in the fsnotify implementation in the Linux kernel ...)
+ {DSA-3927-1}
- linux <unfixed>
[wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: http://www.openwall.com/lists/oss-security/2017/08/03/2
@@ -14175,6 +14206,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2017/05/01/15
CVE-2017-7482
RESERVED
+ {DSA-3927-1}
- linux 4.11.11-1
NOTE: Fixed by: https://git.kernel.org/linus/5f2f97656ada8d811d3c1bef503ced266fcd53a0
CVE-2017-7481 [Security issue with lookup return not tainting the jinja2 environment]
@@ -14641,6 +14673,7 @@
CVE-2017-7347
RESERVED
CVE-2017-7346 (The vmw_gb_surface_define_ioctl function in ...)
+ {DSA-3927-1}
- linux 4.11.6-1
[wheezy] - linux <not-affected> (Vulnerable code introduced in 3.14)
NOTE: Fixed by: https://git.kernel.org/linus/ee9c4e681ec4f58e42a83cb0c22a0289ade1aacf
@@ -16394,44 +16427,44 @@
RESERVED
CVE-2017-6771
RESERVED
-CVE-2017-6770
- RESERVED
-CVE-2017-6769
- RESERVED
+CVE-2017-6770 (Cisco IOS 12.0 through 15.6, Adaptive Security Appliance (ASA) Software ...)
+ TODO: check
+CVE-2017-6769 (A vulnerability in the web-based management interface of the Cisco ...)
+ TODO: check
CVE-2017-6768
RESERVED
CVE-2017-6767
RESERVED
-CVE-2017-6766
- RESERVED
-CVE-2017-6765
- RESERVED
-CVE-2017-6764
- RESERVED
-CVE-2017-6763
- RESERVED
-CVE-2017-6762
- RESERVED
-CVE-2017-6761
- RESERVED
+CVE-2017-6766 (A vulnerability in the Secure Sockets Layer (SSL) Decryption and ...)
+ TODO: check
+CVE-2017-6765 (A vulnerability in the web-based management interface of Cisco Adaptive ...)
+ TODO: check
+CVE-2017-6764 (A vulnerability in the web-based management interface of Cisco Adaptive ...)
+ TODO: check
+CVE-2017-6763 (A vulnerability in the implementation of the H.264 protocol in Cisco ...)
+ TODO: check
+CVE-2017-6762 (A vulnerability in the web-based management interface of Cisco Jabber ...)
+ TODO: check
+CVE-2017-6761 (A vulnerability in the web-based management interface of Cisco Finesse ...)
+ TODO: check
CVE-2017-6760
RESERVED
-CVE-2017-6759
- RESERVED
-CVE-2017-6758
- RESERVED
-CVE-2017-6757
- RESERVED
-CVE-2017-6756
- RESERVED
+CVE-2017-6759 (A vulnerability in the UpgradeManager of the Cisco Prime Collaboration ...)
+ TODO: check
+CVE-2017-6758 (A vulnerability in the web framework of Cisco Unified Communications ...)
+ TODO: check
+CVE-2017-6757 (A vulnerability in Cisco Unified Communications Manager ...)
+ TODO: check
+CVE-2017-6756 (A vulnerability in the Web UI Application of the Cisco Prime ...)
+ TODO: check
CVE-2017-6755 (A vulnerability in the web portal of the Cisco Prime Collaboration ...)
NOT-FOR-US: Cisco
-CVE-2017-6754
- RESERVED
+CVE-2017-6754 (A vulnerability in the web-based management interface of the Cisco ...)
+ TODO: check
CVE-2017-6753 (A vulnerability in Cisco WebEx browser extensions for Google Chrome and ...)
NOT-FOR-US: Cisco
-CVE-2017-6752
- RESERVED
+CVE-2017-6752 (A vulnerability in the web interface of the Cisco Adaptive Security ...)
+ TODO: check
CVE-2017-6751 (A vulnerability in the web proxy functionality of the Cisco Web ...)
NOT-FOR-US: Cisco
CVE-2017-6750 (A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) ...)
@@ -16440,12 +16473,12 @@
NOT-FOR-US: Cisco
CVE-2017-6748 (A vulnerability in the CLI parser of the Cisco Web Security Appliance ...)
NOT-FOR-US: Cisco
-CVE-2017-6747
- RESERVED
+CVE-2017-6747 (A vulnerability in the authentication module of Cisco Identity Services ...)
+ TODO: check
CVE-2017-6746 (A vulnerability in the web interface of the Cisco Web Security ...)
NOT-FOR-US: Cisco
-CVE-2017-6745
- RESERVED
+CVE-2017-6745 (A vulnerability in the cache server within Cisco Videoscape ...)
+ TODO: check
CVE-2017-6744 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS ...)
NOT-FOR-US: Cisco
CVE-2017-6743 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS ...)
@@ -16604,12 +16637,12 @@
NOT-FOR-US: Cisco
CVE-2017-6666 (A vulnerability in the forwarding component of Cisco IOS XR Software ...)
NOT-FOR-US: Cisco
-CVE-2017-6665
- RESERVED
-CVE-2017-6664
- RESERVED
-CVE-2017-6663
- RESERVED
+CVE-2017-6665 (A vulnerability in the Autonomic Networking feature of Cisco IOS ...)
+ TODO: check
+CVE-2017-6664 (A vulnerability in the Autonomic Networking feature of Cisco IOS XE ...)
+ TODO: check
+CVE-2017-6663 (A vulnerability in the Autonomic Networking feature of Cisco IOS ...)
+ TODO: check
CVE-2017-6662 (A vulnerability in the web-based user interface of Cisco Prime ...)
NOT-FOR-US: Cisco
CVE-2017-6661 (A vulnerability in the web-based management interface of Cisco Email ...)
@@ -17505,12 +17538,12 @@
RESERVED
CVE-2017-6421
RESERVED
-CVE-2017-6420
- RESERVED
-CVE-2017-6419
- RESERVED
-CVE-2017-6418
- RESERVED
+CVE-2017-6420 (The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows ...)
+ TODO: check
+CVE-2017-6419 (mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows ...)
+ TODO: check
+CVE-2017-6418 (libclamav/message.c in ClamAV 0.99.2 allows remote attackers to cause a ...)
+ TODO: check
CVE-2017-6417 (Code injection vulnerability in Avira Total Security Suite 15.0 (and ...)
NOT-FOR-US: Avira Total Security Suite
CVE-2017-6416 (An issue was discovered in SysGauge 1.5.18. A buffer overflow ...)
@@ -154793,8 +154826,8 @@
RESERVED
CVE-2011-4651
RESERVED
-CVE-2011-4650
- RESERVED
+CVE-2011-4650 (Cisco Data Center Network Manager is affected by Excessive Logging ...)
+ TODO: check
CVE-2011-4649
RESERVED
CVE-2011-4648
@@ -237049,8 +237082,7 @@
CVE-2006-3636 (Multiple cross-site scripting (XSS) vulnerabilities in Mailman before ...)
{DSA-1188-1}
- mailman 1:2.1.8-3
-CVE-2006-3635 [local denial-of-service on Itanium]
- RESERVED
+CVE-2006-3635 (The ia64 subsystem in the Linux kernel before 2.6.26 allows local users ...)
- linux <not-affected> (Fixed before initial rename to src:linux)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=199440
NOTE: Fixed by: https://git.kernel.org/linus/4dcc29e1574d88f4465ba865ed82800032f76418 (2.6.26-rc5)
More information about the Secure-testing-commits
mailing list