[Secure-testing-commits] r55293 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Thu Aug 31 09:10:16 UTC 2017 

Author: sectracker
Date: 2017-08-31 09:10:16 +0000 (Thu, 31 Aug 2017)
New Revision: 55293

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-08-31 08:41:37 UTC (rev 55292)
+++ data/CVE/list	2017-08-31 09:10:16 UTC (rev 55293)
@@ -1,4 +1,30 @@
-CVE-2017-14051 [qla2xxx: Integer overflow in sysfs code]
+CVE-2017-14050 (In BlackCat CMS 1.2, backend/addons/install.php allows remote ...)
+	TODO: check
+CVE-2017-14049 (In BlackCat CMS 1.2, backend/settings/ajax_save_settings.php allows ...)
+	TODO: check
+CVE-2017-14048 (BlackCat CMS 1.2 allows remote authenticated users to inject arbitrary ...)
+	TODO: check
+CVE-2017-14047
+	RESERVED
+CVE-2017-14046
+	RESERVED
+CVE-2017-14045
+	RESERVED
+CVE-2017-14044
+	RESERVED
+CVE-2017-14043
+	RESERVED
+CVE-2017-14042 (A memory allocation failure was discovered in the ReadPNMImage function ...)
+	TODO: check
+CVE-2017-14038 (CrushFTP before 7.8.0 and 8.x before 8.2.0 has a redirect ...)
+	TODO: check
+CVE-2017-14037 (CrushFTP before 7.8.0 and 8.x before 8.2.0 has an HTTP header ...)
+	TODO: check
+CVE-2017-14036 (CrushFTP before 7.8.0 and 8.x before 8.2.0 has XSS. ...)
+	TODO: check
+CVE-2017-14035 (CrushFTP 8.x before 8.2.0 has a serialization vulnerability. ...)
+	TODO: check
+CVE-2017-14051 (An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in ...)
 	- linux <unfixed>
 	NOTE: https://patchwork.kernel.org/patch/9929625/
 CVE-2017-14034
@@ -797,17 +823,17 @@
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg05201.html
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1486400
-CVE-2017-14041 [stack-based buffer overflow write in pgxtoimage]
+CVE-2017-14041 (A stack-based buffer overflow was discovered in the pgxtoimage function ...)
 	- openjpeg2 <unfixed>
 	NOTE: Fixed by: https://github.com/uclouvain/openjpeg/commit/e5285319229a5d77bf316bb0d3a6cbd3cb8666d9
 	NOTE: Reproducer: https://blogs.gentoo.org/ago/2017/08/28/openjpeg-stack-based-buffer-overflow-write-in-pgxtoimage-convert-c/
 	NOTE: https://github.com/uclouvain/openjpeg/issues/997
-CVE-2017-14040 [invalid memory write in tgatoimage]
+CVE-2017-14040 (An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG ...)
 	- openjpeg2 <unfixed>
 	NOTE: Fixed by: https://github.com/uclouvain/openjpeg/commit/2cd30c2b06ce332dede81cccad8b334cde997281
 	NOTE: Reproducer: https://blogs.gentoo.org/ago/2017/08/28/openjpeg-invalid-memory-write-in-tgatoimage-convert-c/
 	NOTE: https://github.com/uclouvain/openjpeg/issues/995
-CVE-2017-14039 [heap-based buffer overflow in opj_t2_encode_packet]
+CVE-2017-14039 (A heap-based buffer overflow was discovered in the opj_t2_encode_packet ...)
 	- openjpeg2 <unfixed>
 	NOTE: Fixed by: https://github.com/uclouvain/openjpeg/commit/c535531f03369623b9b833ef41952c62257b507e
 	NOTE: Reproducer: https://blogs.gentoo.org/ago/2017/08/28/openjpeg-heap-based-buffer-overflow-in-opj_t2_encode_packet-t2-c/
@@ -927,8 +953,8 @@
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg04684.html
 CVE-2017-13671 (app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent ...)
 	NOT-FOR-US: MISP (Malware Information Sharing Platform and Threat Sharing)
-CVE-2017-13670
-	RESERVED
+CVE-2017-13670 (In BlackCat CMS 1.2, remote authenticated users can upload any file via ...)
+	TODO: check
 CVE-2017-13669 (SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the setanswered ...)
 	NOT-FOR-US: NexusPHP
 CVE-2017-13668
@@ -18277,7 +18303,7 @@
 	RESERVED
 CVE-2017-7526 [Use of left-to-right sliding window method allows full RSA key recovery]
 	RESERVED
-	{DSA-3901-1 DLA-1015-1}
+	{DSA-3901-1 DLA-1080-1 DLA-1015-1}
 	- libgcrypt20 1.7.8-1
 	- libgcrypt11 <removed>
 	- gnupg2 <not-affected> (Uses system libgcrypt)
@@ -35826,20 +35852,20 @@
 	NOT-FOR-US: IBM
 CVE-2017-1447
 	RESERVED
-CVE-2017-1446
-	RESERVED
-CVE-2017-1445
-	RESERVED
+CVE-2017-1446 (IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to ...)
+	TODO: check
+CVE-2017-1445 (IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to ...)
+	TODO: check
 CVE-2017-1444
 	RESERVED
-CVE-2017-1443
-	RESERVED
-CVE-2017-1442
-	RESERVED
-CVE-2017-1441
-	RESERVED
-CVE-2017-1440
-	RESERVED
+CVE-2017-1443 (IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site ...)
+	TODO: check
+CVE-2017-1442 (IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site ...)
+	TODO: check
+CVE-2017-1441 (IBM Emptoris Services Procurement 10.0.0.5 could allow a local user to ...)
+	TODO: check
+CVE-2017-1440 (IBM Emptoris Services Procurement 10.0.0.5 could allow a remote ...)
+	TODO: check
 CVE-2017-1439
 	RESERVED
 CVE-2017-1438

More information about the Secure-testing-commits mailing list