[Secure-testing-commits] r58254 - data/CVE

Mon Dec 4 21:10:19 UTC 2017

Author: sectracker
Date: 2017-12-04 21:10:19 +0000 (Mon, 04 Dec 2017)
New Revision: 58254

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-12-04 20:52:15 UTC (rev 58253)
+++ data/CVE/list	2017-12-04 21:10:19 UTC (rev 58254)
@@ -1,3 +1,11 @@
+CVE-2017-17384
+	RESERVED
+CVE-2017-17383
+	RESERVED
+CVE-2017-17382
+	RESERVED
+CVE-2017-17381
+	RESERVED
 CVE-2018-1140
 	RESERVED
 CVE-2018-1139
@@ -1533,10 +1541,10 @@
 	RESERVED
 CVE-2017-17058 (The WooCommerce plugin through 3.x for WordPress has a Directory ...)
 	NOT-FOR-US: WooCommerce plugin for WordPress
-CVE-2017-17057
-	RESERVED
-CVE-2017-17056
-	RESERVED
+CVE-2017-17057 (There is a reflected XSS vulnerability in ZKTime Web 2.0.1.12280. The ...)
+	TODO: check
+CVE-2017-17056 (The ZKTime Web Software 2.0.1.12280 allows the Administrator to ...)
+	TODO: check
 CVE-2017-17055
 	RESERVED
 CVE-2017-17054 (In aubio 0.4.6, a divide-by-zero error exists in the function ...)
@@ -4118,8 +4126,8 @@
 	RESERVED
 CVE-2017-16722
 	RESERVED
-CVE-2017-16721
-	RESERVED
+CVE-2017-16721 (A Cross-site Scripting issue was discovered in Geovap Reliance SCADA ...)
+	TODO: check
 CVE-2017-16720
 	RESERVED
 CVE-2017-16719 (An Injection issue was discovered in Moxa NPort 5110 Version 2.2, NPort ...)
@@ -6431,6 +6439,7 @@
 	- konversation 1.7.3-1 (bug #881586)
 	NOTE: https://cgit.kde.org/konversation.git/commit/?h=1.7&id=6a7f59ee1b9dbc6e5cf9e5f3b306504d02b73ef0
 CVE-2017-15922 (In GNU Libextractor 1.4, there is an out-of-bounds read in the ...)
+	{DLA-1198-1}
 	- libextractor <unfixed> (low; bug #880016)
 	NOTE: http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00008.html
 	NOTE: Fixed by: https://gnunet.org/git/libextractor.git/commit/?id=d4d488b0e5ab13dda241d688d87a07816368f117
@@ -6508,8 +6517,8 @@
 	RESERVED
 CVE-2017-15890
 	RESERVED
-CVE-2017-15889
-	RESERVED
+CVE-2017-15889 (Command injection vulnerability in smart.cgi in Synology DiskStation ...)
+	TODO: check
 CVE-2017-15888 (Cross-site scripting (XSS) vulnerability in Custom Internet Radio List ...)
 	NOT-FOR-US: Synology
 CVE-2017-15887 (An improper restriction of excessive authentication attempts ...)
@@ -6931,7 +6940,7 @@
 	RESERVED
 CVE-2017-15702 (In Apache Qpid Broker-J 0.18 through 0.32, if the broker is configured ...)
 	- qpid-java <itp> (bug #840131)
-CVE-2017-15701 (In Apache Qpid Broker-J before 6.1.x before 6.1.5, the broker does not ...)
+CVE-2017-15701 (In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 (inclusive) the ...)
 	- qpid-java <itp> (bug #840131)
 CVE-2017-15700
 	RESERVED
@@ -7172,14 +7181,17 @@
 CVE-2017-15603
 	RESERVED
 CVE-2017-15602 (In GNU Libextractor 1.4, there is an integer signedness error for the ...)
+	{DLA-1198-1}
 	- libextractor 1:1.6-1
 	NOTE: http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00005.html
 	NOTE: Fixed by https://gnunet.org/git/libextractor.git/commit/?id=ffab889c1710c7646af9ed360c796a2a0a619efc
 CVE-2017-15601 (In GNU Libextractor 1.4, there is a heap-based buffer overflow in the ...)
+	{DLA-1198-1}
 	- libextractor 1:1.6-1
 	NOTE: http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00006.html
 	NOTE: Fixed by https://gnunet.org/git/libextractor.git/commit/?id=f813535dad4ad860b989952a46266a1469801091
 CVE-2017-15600 (In GNU Libextractor 1.4, there is a NULL Pointer Dereference in the ...)
+	{DLA-1198-1}
 	- libextractor 1:1.6-1
 	NOTE: http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00004.html
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1501695
@@ -8064,6 +8076,7 @@
 	NOTE: https://bugs.launchpad.net/bugs/1718964
 	NOTE: Fixed by: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=a7b20a8efa28e5f22c26c06cd06c2f12bc863493
 CVE-2017-15267 (In GNU Libextractor 1.4, there is a NULL Pointer Dereference in ...)
+	{DLA-1198-1}
 	- libextractor 1:1.6-1 (bug #878314)
 	[stretch] - libextractor <no-dsa> (Minor issue)
 	[jessie] - libextractor <no-dsa> (Minor issue)
@@ -8072,6 +8085,7 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1499600
 	NOTE: Fixed by: https://gnunet.org/git/libextractor.git/commit/?id=6095d7132b57fc7368fc7a40bab2a71b735724d2
 CVE-2017-15266 (In GNU Libextractor 1.4, there is a Divide-By-Zero in ...)
+	{DLA-1198-1}
 	- libextractor 1:1.6-1 (bug #878314)
 	[stretch] - libextractor <no-dsa> (Minor issue)
 	[jessie] - libextractor <no-dsa> (Minor issue)
@@ -17566,10 +17580,10 @@
 	RESERVED
 CVE-2017-12081
 	RESERVED
-CVE-2017-12080
-	RESERVED
-CVE-2017-12079
-	RESERVED
+CVE-2017-12080 (An information exposure vulnerability in default HTTP configuration ...)
+	TODO: check
+CVE-2017-12079 (Files or directories accessible to external parties vulnerability in ...)
+	TODO: check
 CVE-2017-12078
 	RESERVED
 CVE-2017-12077 (Uncontrolled Resource Consumption vulnerability in ...)


