[Secure-testing-commits] r58309 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Wed Dec 6 21:10:18 UTC 2017
Author: sectracker
Date: 2017-12-06 21:10:18 +0000 (Wed, 06 Dec 2017)
New Revision: 58309
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-06 20:35:55 UTC (rev 58308)
+++ data/CVE/list 2017-12-06 21:10:18 UTC (rev 58309)
@@ -1,12 +1,224 @@
-CVE-2017-17446
+CVE-2018-1280
+ RESERVED
+CVE-2018-1279
+ RESERVED
+CVE-2018-1278
+ RESERVED
+CVE-2018-1277
+ RESERVED
+CVE-2018-1276
+ RESERVED
+CVE-2018-1275
+ RESERVED
+CVE-2018-1274
+ RESERVED
+CVE-2018-1273
+ RESERVED
+CVE-2018-1272
+ RESERVED
+CVE-2018-1271
+ RESERVED
+CVE-2018-1270
+ RESERVED
+CVE-2018-1269
+ RESERVED
+CVE-2018-1268
+ RESERVED
+CVE-2018-1267
+ RESERVED
+CVE-2018-1266
+ RESERVED
+CVE-2018-1265
+ RESERVED
+CVE-2018-1264
+ RESERVED
+CVE-2018-1263
+ RESERVED
+CVE-2018-1262
+ RESERVED
+CVE-2018-1261
+ RESERVED
+CVE-2018-1260
+ RESERVED
+CVE-2018-1259
+ RESERVED
+CVE-2018-1258
+ RESERVED
+CVE-2018-1257
+ RESERVED
+CVE-2018-1256
+ RESERVED
+CVE-2018-1255
+ RESERVED
+CVE-2018-1254
+ RESERVED
+CVE-2018-1253
+ RESERVED
+CVE-2018-1252
+ RESERVED
+CVE-2018-1251
+ RESERVED
+CVE-2018-1250
+ RESERVED
+CVE-2018-1249
+ RESERVED
+CVE-2018-1248
+ RESERVED
+CVE-2018-1247
+ RESERVED
+CVE-2018-1246
+ RESERVED
+CVE-2018-1245
+ RESERVED
+CVE-2018-1244
+ RESERVED
+CVE-2018-1243
+ RESERVED
+CVE-2018-1242
+ RESERVED
+CVE-2018-1241
+ RESERVED
+CVE-2018-1240
+ RESERVED
+CVE-2018-1239
+ RESERVED
+CVE-2018-1238
+ RESERVED
+CVE-2018-1237
+ RESERVED
+CVE-2018-1236
+ RESERVED
+CVE-2018-1235
+ RESERVED
+CVE-2018-1234
+ RESERVED
+CVE-2018-1233
+ RESERVED
+CVE-2018-1232
+ RESERVED
+CVE-2018-1231
+ RESERVED
+CVE-2018-1230
+ RESERVED
+CVE-2018-1229
+ RESERVED
+CVE-2018-1228
+ RESERVED
+CVE-2018-1227
+ RESERVED
+CVE-2018-1226
+ RESERVED
+CVE-2018-1225
+ RESERVED
+CVE-2018-1224
+ RESERVED
+CVE-2018-1223
+ RESERVED
+CVE-2018-1222
+ RESERVED
+CVE-2018-1221
+ RESERVED
+CVE-2018-1220
+ RESERVED
+CVE-2018-1219
+ RESERVED
+CVE-2018-1218
+ RESERVED
+CVE-2018-1217
+ RESERVED
+CVE-2018-1216
+ RESERVED
+CVE-2018-1215
+ RESERVED
+CVE-2018-1214
+ RESERVED
+CVE-2018-1213
+ RESERVED
+CVE-2018-1212
+ RESERVED
+CVE-2018-1211
+ RESERVED
+CVE-2018-1210
+ RESERVED
+CVE-2018-1209
+ RESERVED
+CVE-2018-1208
+ RESERVED
+CVE-2018-1207
+ RESERVED
+CVE-2018-1206
+ RESERVED
+CVE-2018-1205
+ RESERVED
+CVE-2018-1204
+ RESERVED
+CVE-2018-1203
+ RESERVED
+CVE-2018-1202
+ RESERVED
+CVE-2018-1201
+ RESERVED
+CVE-2018-1200
+ RESERVED
+CVE-2018-1199
+ RESERVED
+CVE-2018-1198
+ RESERVED
+CVE-2018-1197
+ RESERVED
+CVE-2018-1196
+ RESERVED
+CVE-2018-1195
+ RESERVED
+CVE-2018-1194
+ RESERVED
+CVE-2018-1193
+ RESERVED
+CVE-2018-1192
+ RESERVED
+CVE-2018-1191
+ RESERVED
+CVE-2018-1190
+ RESERVED
+CVE-2018-1189
+ RESERVED
+CVE-2018-1188
+ RESERVED
+CVE-2018-1187
+ RESERVED
+CVE-2018-1186
+ RESERVED
+CVE-2018-1185
+ RESERVED
+CVE-2018-1184
+ RESERVED
+CVE-2018-1183
+ RESERVED
+CVE-2018-1182
+ RESERVED
+CVE-2018-1181
+ RESERVED
+CVE-2017-17447
+ RESERVED
+CVE-2017-17445
+ RESERVED
+CVE-2017-17444
+ RESERVED
+CVE-2017-17443
+ RESERVED
+CVE-2017-17442
+ RESERVED
+CVE-2017-17441
+ RESERVED
+CVE-2017-17446 (The Mem_File_Reader::read_avail function in Data_Reader.cpp in the ...)
- game-music-emu <unfixed> (bug #883691)
[stretch] - game-music-emu <no-dsa> (Minor issue)
[jessie] - game-music-emu <no-dsa> (Minor issue)
NOTE: https://bitbucket.org/mpyne/game-music-emu/issues/14/addresssanitizer-negative-size-param-size
-CVE-2017-17440 [various null pointer dereferences in GIF, IT, NSFE, S3M, SID and XM plugins]
+CVE-2017-17440 (GNU Libextractor 1.6 allows remote attackers to cause a denial of ...)
- libextractor <unfixed> (bug #883528)
NOTE: Fixed by: https://gnunet.org/git/libextractor.git/commit/?id=7cc63b001ceaf81143795321379c835486d0c92e
-CVE-2017-17439 [Remote unauthenticated DoS in Heimdal-KDC]
+CVE-2017-17439 (In Heimdal through 7.4, remote unauthenticated attackers are able to ...)
- heimdal <unfixed> (bug #878144)
[jessie] - heimdal <not-affected> (Vulnerability introduced in 7.0)
[wheezy] - heimdal <not-affected> (Vulnerability introduced in 7.0)
@@ -223,8 +435,7 @@
- jenkins <removed>
CVE-2017-17382
RESERVED
-CVE-2017-17381 [virtio: divide by zero exception while updating rings]
- RESERVED
+CVE-2017-17381 (The Virtio Vring implementation in QEMU allows local OS guest users to ...)
- qemu <unfixed> (bug #883625)
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-12/msg00166.html
@@ -1739,8 +1950,8 @@
RESERVED
CVE-2017-17069 (ActiveSetupN.exe in Amazon Audible for Windows before November 2017 ...)
NOT-FOR-US: ActiveSetupN.exe in Amazon Audible for Windows
-CVE-2017-17068
- RESERVED
+CVE-2017-17068 (A cross-origin vulnerability has been discovered in the Auth0 auth0.js ...)
+ TODO: check
CVE-2017-17067 (Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before ...)
NOT-FOR-US: Splunk Web
CVE-2017-17066 (The (1) i2pd before 2.17 and (2) kovri pre-alpha implementations of the ...)
@@ -1772,8 +1983,8 @@
NOT-FOR-US: ZKTeco ZKTime Web Software
CVE-2017-17056 (The ZKTime Web Software 2.0.1.12280 allows the Administrator to ...)
NOT-FOR-US: ZKTeco ZKTime Web Software
-CVE-2017-17055
- RESERVED
+CVE-2017-17055 (Artica Web Proxy before 3.06.112911 allows remote attackers to execute ...)
+ TODO: check
CVE-2017-17054 (In aubio 0.4.6, a divide-by-zero error exists in the function ...)
- aubio <unfixed> (bug #883355)
[stretch] - aubio <no-dsa> (Minor issue)
@@ -3567,8 +3778,8 @@
CVE-2017-1000386
RESERVED
NOT-FOR-US: Jenkins plugin
-CVE-2017-16884
- RESERVED
+CVE-2017-16884 (Cross-site scripting (XSS) vulnerability in MistServer before 2.13 ...)
+ TODO: check
CVE-2017-16883 (The outputSWF_TEXT_RECORD function in util/outputscript.c in libming <= ...)
- ming <removed>
NOTE: https://github.com/libming/libming/issues/77
@@ -8701,8 +8912,7 @@
RESERVED
CVE-2017-15122
RESERVED
-CVE-2017-15121 [vfs: BUG in truncate_inode_pages_range() and fuse client]
- RESERVED
+CVE-2017-15121 (A non-privileged user is able to mount a fuse filesystem on RHEL 6 or ...)
- linux 3.11.5-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1520893
NOTE: Fixed by: https://git.kernel.org/linus/5a7203947a1d9b6f3a00a39fda08c2466489555f (v3.11-rc1)
@@ -14170,62 +14380,62 @@
RESERVED
CVE-2017-13176
RESERVED
-CVE-2017-13175
- RESERVED
-CVE-2017-13174
- RESERVED
-CVE-2017-13173
- RESERVED
-CVE-2017-13172
- RESERVED
-CVE-2017-13171
- RESERVED
-CVE-2017-13170
- RESERVED
-CVE-2017-13169
- RESERVED
-CVE-2017-13168
- RESERVED
-CVE-2017-13167
- RESERVED
-CVE-2017-13166
- RESERVED
-CVE-2017-13165
- RESERVED
-CVE-2017-13164
- RESERVED
-CVE-2017-13163
- RESERVED
-CVE-2017-13162
- RESERVED
-CVE-2017-13161
- RESERVED
-CVE-2017-13160
- RESERVED
-CVE-2017-13159
- RESERVED
-CVE-2017-13158
- RESERVED
-CVE-2017-13157
- RESERVED
-CVE-2017-13156
- RESERVED
+CVE-2017-13175 (An information disclosure vulnerability in the NVIDIA libwilhelm. ...)
+ TODO: check
+CVE-2017-13174 (An elevation of privilege vulnerability in the kernel edl. Product: ...)
+ TODO: check
+CVE-2017-13173 (An elevation of privilege vulnerability in the MediaTek system server. ...)
+ TODO: check
+CVE-2017-13172 (An elevation of privilege vulnerability in the MediaTek bluetooth ...)
+ TODO: check
+CVE-2017-13171 (An elevation of privilege vulnerability in the MediaTek performance ...)
+ TODO: check
+CVE-2017-13170 (An elevation of privilege vulnerability in the MediaTek display ...)
+ TODO: check
+CVE-2017-13169 (An information disclosure vulnerability in the kernel camera server. ...)
+ TODO: check
+CVE-2017-13168 (An elevation of privilege vulnerability in the kernel scsi driver. ...)
+ TODO: check
+CVE-2017-13167 (An elevation of privilege vulnerability in the kernel sound timer. ...)
+ TODO: check
+CVE-2017-13166 (An elevation of privilege vulnerability in the kernel v4l2 video ...)
+ TODO: check
+CVE-2017-13165 (An elevation of privilege vulnerability in the kernel file system. ...)
+ TODO: check
+CVE-2017-13164 (An information disclosure vulnerability in the kernel binder driver. ...)
+ TODO: check
+CVE-2017-13163 (An elevation of privilege vulnerability in the kernel mtp usb driver. ...)
+ TODO: check
+CVE-2017-13162 (An elevation of privilege vulnerability in the kernel binder. Product: ...)
+ TODO: check
+CVE-2017-13161 (An elevation of privilege vulnerability in the Broadcom wireless ...)
+ TODO: check
+CVE-2017-13160 (A remote code execution vulnerability in the Android system ...)
+ TODO: check
+CVE-2017-13159 (An information disclosure vulnerability in the Android system ...)
+ TODO: check
+CVE-2017-13158 (An information disclosure vulnerability in the Android system ...)
+ TODO: check
+CVE-2017-13157 (An information disclosure vulnerability in the Android system ...)
+ TODO: check
+CVE-2017-13156 (An elevation of privilege vulnerability in the Android system (art). ...)
+ TODO: check
CVE-2017-13155
RESERVED
-CVE-2017-13154
- RESERVED
-CVE-2017-13153
- RESERVED
-CVE-2017-13152
- RESERVED
-CVE-2017-13151
- RESERVED
-CVE-2017-13150
- RESERVED
-CVE-2017-13149
- RESERVED
-CVE-2017-13148
- RESERVED
+CVE-2017-13154 (An elevation of privilege vulnerability in the Android media framework ...)
+ TODO: check
+CVE-2017-13153 (An elevation of privilege vulnerability in the Android media framework ...)
+ TODO: check
+CVE-2017-13152 (An information disclosure vulnerability in the Android media framework ...)
+ TODO: check
+CVE-2017-13151 (A remote code execution vulnerability in the Android media framework ...)
+ TODO: check
+CVE-2017-13150 (An information disclosure vulnerability in the Android media framework ...)
+ TODO: check
+CVE-2017-13149 (An information disclosure vulnerability in the Android media framework ...)
+ TODO: check
+CVE-2017-13148 (A denial of service vulnerability in the Android media framework ...)
+ TODO: check
CVE-2017-13147 (In GraphicsMagick 1.3.26, an allocation failure vulnerability was found ...)
- graphicsmagick <unfixed> (unimportant)
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/446/
@@ -35738,8 +35948,8 @@
RESERVED
CVE-2017-6277 (NVIDIA Windows GPU Display Driver contains a vulnerability in the ...)
NOT-FOR-US: NVIDIA Windows GPU Display Driver
-CVE-2017-6276
- RESERVED
+CVE-2017-6276 (NVIDIA mediaserver contains a vulnerability where it is possible a use ...)
+ TODO: check
CVE-2017-6275 (An information disclosure vulnerability exists in the Thermal Driver, ...)
NOT-FOR-US: NVIDIA components for Android
CVE-2017-6274 (An elevation of Privilege vulnerability exists in the Thermal Driver, ...)
@@ -35785,10 +35995,10 @@
RESERVED
CVE-2017-6264 (An elevation of privilege vulnerability exists in the NVIDIA GPU ...)
NOT-FOR-US: NVIDIA components for Android
-CVE-2017-6263
- RESERVED
-CVE-2017-6262
- RESERVED
+CVE-2017-6263 (NVIDIA driver contains a vulnerability where it is possible a use ...)
+ TODO: check
+CVE-2017-6262 (NVIDIA driver contains a vulnerability where it is possible a use ...)
+ TODO: check
CVE-2017-6261
RESERVED
CVE-2017-6260 (NVIDIA Windows GPU Display Driver contains a vulnerability in the ...)
@@ -50756,28 +50966,28 @@
REJECTED
CVE-2016-9686 (The Puppet Communications Protocol (PCP) Broker incorrectly validates ...)
- puppet <not-affected> (Only affects Puppet Enterprise)
-CVE-2017-0880
- RESERVED
-CVE-2017-0879
- RESERVED
-CVE-2017-0878
- RESERVED
-CVE-2017-0877
- RESERVED
-CVE-2017-0876
- RESERVED
+CVE-2017-0880 (A denial of service vulnerability in the Android media framework ...)
+ TODO: check
+CVE-2017-0879 (An information disclosure vulnerability in the Android media framework ...)
+ TODO: check
+CVE-2017-0878 (A remote code execution vulnerability in the Android media framework ...)
+ TODO: check
+CVE-2017-0877 (A remote code execution vulnerability in the Android media framework ...)
+ TODO: check
+CVE-2017-0876 (A remote code execution vulnerability in the Android media framework ...)
+ TODO: check
CVE-2017-0875
RESERVED
-CVE-2017-0874
- RESERVED
-CVE-2017-0873
- RESERVED
-CVE-2017-0872
- RESERVED
-CVE-2017-0871
- RESERVED
-CVE-2017-0870
- RESERVED
+CVE-2017-0874 (A denial of service vulnerability in the Android media framework ...)
+ TODO: check
+CVE-2017-0873 (A denial of service vulnerability in the Android media framework ...)
+ TODO: check
+CVE-2017-0872 (A remote code execution vulnerability in the Android media framework ...)
+ TODO: check
+CVE-2017-0871 (An elevation of privilege vulnerability in the Android framework ...)
+ TODO: check
+CVE-2017-0870 (An elevation of privilege vulnerability in the Android framework ...)
+ TODO: check
CVE-2017-0869
RESERVED
CVE-2017-0868
@@ -50844,8 +51054,8 @@
NOT-FOR-US: Android media framework
CVE-2017-0838 (An elevation of privilege vulnerability in the Android media framework ...)
NOT-FOR-US: Android media framework
-CVE-2017-0837
- RESERVED
+CVE-2017-0837 (An elevation of privilege vulnerability in the Android media framework ...)
+ TODO: check
CVE-2017-0836 (A remote code execution vulnerability in the Android media framework ...)
NOT-FOR-US: Android media framework
CVE-2017-0835 (A remote code execution vulnerability in the Android media framework ...)
@@ -65442,8 +65652,8 @@
NOTE: triaged away in Ubuntu: "Default configurations of FOSS Puppet Agent are not vulnerable."
NOTE: gentoo released a fix: https://security.gentoo.org/glsa/201710-12
NOTE: rosetta stone for puppet version numbers: https://puppet.com/docs/puppet/4.10/about_agent.html
-CVE-2016-5713
- RESERVED
+CVE-2016-5713 (Versions of Puppet Agent prior to 1.6.0 included a version of the ...)
+ TODO: check
CVE-2016-5712
RESERVED
CVE-2016-5711 (NetApp Virtual Storage Console for VMware vSphere before 6.2.1 uses a ...)
More information about the Secure-testing-commits
mailing list