[Secure-testing-commits] r58288 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Wed Dec 6 09:10:24 UTC 2017 

Author: sectracker
Date: 2017-12-06 09:10:24 +0000 (Wed, 06 Dec 2017)
New Revision: 58288

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-12-06 07:56:02 UTC (rev 58287)
+++ data/CVE/list	2017-12-06 09:10:24 UTC (rev 58288)
@@ -1,3 +1,17 @@
+CVE-2017-17438
+	RESERVED
+CVE-2017-17437
+	RESERVED
+CVE-2017-17436
+	RESERVED
+CVE-2017-17435
+	RESERVED
+CVE-2017-17434 (The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, ...)
+	TODO: check
+CVE-2017-17433 (The recv_files function in receiver.c in the daemon in rsync 3.1.2, and ...)
+	TODO: check
+CVE-2017-17431 (GeniXCMS 1.1.5 has XSS via the from, id, lang, menuid, mod, q, status, ...)
+	TODO: check
 CVE-2017-17430
 	RESERVED
 CVE-2017-17429
@@ -17,7 +31,7 @@
 	RESERVED
 CVE-2017-1000408
 	RESERVED
-CVE-2017-17432 [OPENAFS-SA-2017-001: Rx assertion failure from insufficient input validation]
+CVE-2017-17432 (OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, ...)
 	- openafs 1.6.22-1 (bug #883602)
 	NOTE: https://www.openafs.org/pages/security/OPENAFS-SA-2017-001.txt
 CVE-2018-1180
@@ -184,8 +198,8 @@
 	RESERVED
 CVE-2017-17384
 	RESERVED
-CVE-2017-17383
-	RESERVED
+CVE-2017-17383 (Jenkins through 2.93 allows remote authenticated administrators to ...)
+	TODO: check
 CVE-2017-17382
 	RESERVED
 CVE-2017-17381 [virtio: divide by zero exception while updating rings]
@@ -1702,8 +1716,8 @@
 	RESERVED
 CVE-2017-17070
 	RESERVED
-CVE-2017-17069
-	RESERVED
+CVE-2017-17069 (ActiveSetupN.exe in Amazon Audible for Windows before November 2017 ...)
+	TODO: check
 CVE-2017-17068
 	RESERVED
 CVE-2017-17067 (Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before ...)
@@ -6772,8 +6786,7 @@
 	RESERVED
 CVE-2017-15869
 	RESERVED
-CVE-2017-15868 [Bluetooth: bnep: bnep_add_connection() should verify that it's dealing with l2cap socket]
-	RESERVED
+CVE-2017-15868 (The bnep_add_connection function in net/bluetooth/bnep/core.c in the ...)
 	- linux 4.0.2-1
 	NOTE: Fixed by: https://git.kernel.org/linus/71bb99a02b32b4cc4265118e85f6035ca72923f0 (v3.19-rc3)
 CVE-2017-15867 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
@@ -11024,8 +11037,8 @@
 	NOT-FOR-US: EMC AppSync Server
 CVE-2017-14375 (EMC Unisphere for VMAX Virtual Appliance (vApp) versions prior to ...)
 	NOT-FOR-US: EMC
-CVE-2017-14374
-	RESERVED
+CVE-2017-14374 (The SMI-S service in Dell Storage Manager versions earlier than 16.3.20 ...)
+	TODO: check
 CVE-2017-14373 (EMC RSA Authentication Manager 8.2 SP1 P4 and earlier contains a ...)
 	NOT-FOR-US: RSA Authentication Manager
 CVE-2017-14372 (RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected ...)
@@ -11062,8 +11075,8 @@
 	NOT-FOR-US: HP ArcSight
 CVE-2017-14356 (An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM ...)
 	NOT-FOR-US: HP ArcSight
-CVE-2017-14355
-	RESERVED
+CVE-2017-14355 (A potential security vulnerability has been identified in HPE ...)
+	TODO: check
 CVE-2017-14354 (A remote cross-site scripting vulnerability in HP UCMDB Foundation ...)
 	NOT-FOR-US: HP UCMDB Foundation
 CVE-2017-14353 (A remote code execution vulnerability in HP UCMDB Foundation Software ...)
@@ -12129,8 +12142,8 @@
 	NOT-FOR-US: AutomationDirect
 CVE-2017-14019 (An Unquoted Search Path or Element issue was discovered in Progea ...)
 	NOT-FOR-US: Progea Movicon
-CVE-2017-14018
-	RESERVED
+CVE-2017-14018 (An improper authentication issue was discovered in Johnson & Johnson ...)
+	TODO: check
 CVE-2017-14017 (An Uncontrolled Search Path Element issue was discovered in Progea ...)
 	NOT-FOR-US: Progea Movicon
 CVE-2017-14016 (A Stack-based Buffer Overflow issue was discovered in Advantech ...)
@@ -40610,8 +40623,8 @@
 	NOT-FOR-US: VMware
 CVE-2017-4921 (VMware vCenter Server (6.5 prior to 6.5 U1) contains an insecure ...)
 	NOT-FOR-US: VMware
-CVE-2017-4920
-	RESERVED
+CVE-2017-4920 (The implementation of the OSPF protocol in VMware NSX-V Edge 6.2.x ...)
+	TODO: check
 CVE-2017-4919 (VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, ...)
 	NOT-FOR-US: VMware vCenter Server
 CVE-2017-4918 (VMware Horizon View Client (2.x, 3.x and 4.x prior to 4.5.0) contains ...)

More information about the Secure-testing-commits mailing list