[Secure-testing-commits] r58471 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Mon Dec 11 21:10:22 UTC 2017
Author: sectracker
Date: 2017-12-11 21:10:22 +0000 (Mon, 11 Dec 2017)
New Revision: 58471
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-11 20:16:29 UTC (rev 58470)
+++ data/CVE/list 2017-12-11 21:10:22 UTC (rev 58471)
@@ -1,3 +1,53 @@
+CVE-2018-1360
+ RESERVED
+CVE-2018-1359
+ RESERVED
+CVE-2018-1358
+ RESERVED
+CVE-2018-1357
+ RESERVED
+CVE-2018-1356
+ RESERVED
+CVE-2018-1355
+ RESERVED
+CVE-2018-1354
+ RESERVED
+CVE-2018-1353
+ RESERVED
+CVE-2018-1352
+ RESERVED
+CVE-2018-1351
+ RESERVED
+CVE-2017-17551 (The Backup and Restore feature in Mobotap Dolphin Browser for Android ...)
+ TODO: check
+CVE-2017-17550
+ RESERVED
+CVE-2017-17549
+ RESERVED
+CVE-2017-17548
+ RESERVED
+CVE-2017-17547
+ RESERVED
+CVE-2017-17546
+ RESERVED
+CVE-2017-17545
+ RESERVED
+CVE-2017-17544
+ RESERVED
+CVE-2017-17543
+ RESERVED
+CVE-2017-17542
+ RESERVED
+CVE-2017-17541
+ RESERVED
+CVE-2017-17540
+ RESERVED
+CVE-2017-17539
+ RESERVED
+CVE-2017-17538
+ RESERVED
+CVE-2017-17537
+ RESERVED
CVE-2018-1350
RESERVED
CVE-2018-1349
@@ -1611,10 +1661,10 @@
NOT-FOR-US: IKARUS
CVE-2017-17112 (ntguard_x64.sys 0.18780.0.0 in IKARUS anti.virus 2.16.15 has a Pool ...)
NOT-FOR-US: IKARUS
-CVE-2017-17111
- RESERVED
-CVE-2017-17110
- RESERVED
+CVE-2017-17111 (Posty Readymade Classifieds Script 1.0 allows an attacker to inject ...)
+ TODO: check
+CVE-2017-17110 (Techno Portfolio Management Panel 1.0 allows an attacker to inject SQL ...)
+ TODO: check
CVE-2017-17109
RESERVED
CVE-2017-17108
@@ -3033,6 +3083,7 @@
CVE-2017-1000207 (A vulnerability in Swagger-Parser's version <= 1.0.30 and Swagger ...)
NOT-FOR-US: Swagger-Parser
CVE-2017-1000159 (Command injection in evince via filename when printing to PDF. This ...)
+ {DLA-1204-1}
- evince 3.25.92-1
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=784947
NOTE: Introduced by: https://git.gnome.org/browse/evince/commit/?id=1fcca0b8041de0d6074d7e17fba174da36c65f99 (EVINCE_0_9_1)
@@ -4020,6 +4071,7 @@
CVE-2017-16928
RESERVED
CVE-2017-16927 (The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session ...)
+ {DLA-1203-1}
- xrdp <unfixed> (bug #882463)
[stretch] - xrdp <no-dsa> (Minor issue)
[jessie] - xrdp <no-dsa> (Minor issue)
@@ -5018,8 +5070,8 @@
RESERVED
CVE-2017-16724
RESERVED
-CVE-2017-16723
- RESERVED
+CVE-2017-16723 (A Cross-site Scripting issue was discovered in PHOENIX CONTACT FL ...)
+ TODO: check
CVE-2017-16722
RESERVED
CVE-2017-16721 (A Cross-site Scripting issue was discovered in Geovap Reliance SCADA ...)
@@ -7317,16 +7369,16 @@
NOT-FOR-US: Joomla addon
CVE-2017-15945 (The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, ...)
NOT-FOR-US: Gentoo installation scripts
-CVE-2017-15944
- RESERVED
-CVE-2017-15943
- RESERVED
-CVE-2017-15942
- RESERVED
+CVE-2017-15944 (Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x ...)
+ TODO: check
+CVE-2017-15943 (The configuration file import for applications, spyware and ...)
+ TODO: check
+CVE-2017-15942 (Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x ...)
+ TODO: check
CVE-2017-15941
RESERVED
-CVE-2017-15940
- RESERVED
+CVE-2017-15940 (The web interface packet capture management component in Palo Alto ...)
+ TODO: check
CVE-2017-15939 (dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as ...)
- binutils <not-affected> (Incomplete fix not applied)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22205
@@ -7518,8 +7570,8 @@
NOT-FOR-US: phpwcms
CVE-2017-15871 (** DISPUTED ** The deserialize function in serialize-to-js through ...)
NOT-FOR-US: Disputed serialize-to-js issue
-CVE-2017-15870
- RESERVED
+CVE-2017-15870 (Palo Alto Networks GlobalProtect Agent before 4.0.3 allows attackers ...)
+ TODO: check
CVE-2017-15869
RESERVED
CVE-2017-15868 (The bnep_add_connection function in net/bluetooth/bnep/core.c in the ...)
@@ -7882,8 +7934,7 @@
RESERVED
CVE-2017-15709
RESERVED
-CVE-2017-15708
- RESERVED
+CVE-2017-15708 (Due to the presence of Apache Commons Collections 3.2.1 ...)
NOT-FOR-US: Apache Synapse
CVE-2017-15707 (In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated ...)
- libstruts1.2-java <not-affected> (Specific to 2.x)
@@ -15249,8 +15300,8 @@
RESERVED
CVE-2017-13071 (QNAP has already patched this vulnerability. This security concern ...)
NOT-FOR-US: QNAP
-CVE-2017-13070
- RESERVED
+CVE-2017-13070 (A DLL Hijacking vulnerability in QNAP Qsync for Windows (exe) version ...)
+ TODO: check
CVE-2017-13069 (QNAP discovered a number of command injection vulnerabilities found in ...)
NOT-FOR-US: QNAP
CVE-2017-13068 (QNAP has already patched this vulnerability. This security concern ...)
@@ -20268,8 +20319,8 @@
RESERVED
CVE-2017-11508 (SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection ...)
NOT-FOR-US: SecurityCenter
-CVE-2017-11507
- RESERVED
+CVE-2017-11507 (A cross site scripting (XSS) vulnerability exists in Check_MK versions ...)
+ TODO: check
CVE-2017-11506 (When linking a Nessus scanner or agent to Tenable.io or other manager, ...)
NOT-FOR-US: Nessus
CVE-2017-11565 (debian/tor.init in the Debian tor_0.2.9.11-1~deb9u1 package for Tor was ...)
@@ -20872,8 +20923,8 @@
NOT-FOR-US: UCOPIA Wireless Appliance
CVE-2017-11320 (Persistent XSS through the SSID of nearby Wi-Fi devices on Technicolor ...)
NOT-FOR-US: Technicolor TC7337 routers
-CVE-2017-11319
- RESERVED
+CVE-2017-11319 (Perspective ICM Investigation & Case 5.1.1.16 allows remote ...)
+ TODO: check
CVE-2017-11318 (Cobian Backup 11 client allows man-in-the-middle attackers to add and ...)
NOT-FOR-US: Cobian
CVE-2017-11317 (Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 ...)
@@ -62154,8 +62205,8 @@
[wheezy] - libgd2 <not-affected> (Vulnerable code introduced later)
NOTE: Fixed by: https://github.com/libgd/libgd/commit/fb0e0cce0b9f25389ab56604c3547351617e1415
NOTE: Fixed by: https://github.com/libgd/libgd/commit/58b6dde319c301b0eae27d12e2a659e067d80558
-CVE-2016-6904
- RESERVED
+CVE-2016-6904 (Versions of VASA Provider for Clustered Data ONTAP prior to 7.0P1 ...)
+ TODO: check
CVE-2016-6901 (Format string vulnerability in Huawei AR100, AR120, AR150, AR200, ...)
NOT-FOR-US: Huawei Routers
CVE-2016-6900 (The Intelligent Baseboard Management Controller (iBMC) in Huawei ...)
@@ -85270,8 +85321,8 @@
CVE-2015-8471
RESERVED
NOT-FOR-US: ATutor
-CVE-2015-8470
- RESERVED
+CVE-2015-8470 (The console in Puppet Enterprise 3.7.x, 3.8.x, and 2015.2.x does not ...)
+ TODO: check
CVE-2015-8469
RESERVED
CVE-2015-8468
@@ -91033,8 +91084,8 @@
RESERVED
CVE-2015-6503
RESERVED
-CVE-2015-6502
- RESERVED
+CVE-2015-6502 (Cross-site scripting (XSS) vulnerability in the console in Puppet ...)
+ TODO: check
CVE-2015-6501 (Open redirect vulnerability in the Console in Puppet Enterprise before ...)
- puppet <not-affected> (Limited to Puppet Enterprise)
CVE-2015-6500 (Directory traversal vulnerability in ownCloud Server before 8.0.6 and ...)
@@ -126784,8 +126835,7 @@
[wheezy] - mcollective <no-dsa> (Minor issue)
NOTE: Mcollective are not configured to use the plugin and are not vulnerable by default.
NOTE: http://puppetlabs.com/security/cve/cve-2014-3251
-CVE-2014-3250
- RESERVED
+CVE-2014-3250 (The default vhost configuration file in Puppet before 3.6.2 does not ...)
- puppet 3.7.0-1 (low)
[squeeze] - puppet <not-affected> (Only exploitable in combination with Apache 2.4)
[wheezy] - puppet <not-affected> (Only exploitable in combination with Apache 2.4)
More information about the Secure-testing-commits
mailing list