[Secure-testing-commits] r58481 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Tue Dec 12 09:10:15 UTC 2017
Author: sectracker
Date: 2017-12-12 09:10:15 +0000 (Tue, 12 Dec 2017)
New Revision: 58481
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-12 08:43:08 UTC (rev 58480)
+++ data/CVE/list 2017-12-12 09:10:15 UTC (rev 58481)
@@ -1,3 +1,15 @@
+CVE-2017-17557
+ RESERVED
+CVE-2017-17556
+ RESERVED
+CVE-2017-17555 (The swri_audio_convert function in audioconvert.c in FFmpeg ...)
+ TODO: check
+CVE-2017-17554 (A NULL pointer dereference (DoS) Vulnerability was found in the ...)
+ TODO: check
+CVE-2017-17553 (The Dolphin Browser for Android 12.0.2 suffers from an insecure parsing ...)
+ TODO: check
+CVE-2017-17552
+ RESERVED
CVE-2018-1360
RESERVED
CVE-2018-1359
@@ -4186,8 +4198,7 @@
RESERVED
CVE-2017-16885
RESERVED
-CVE-2017-1000407 [DoS via write flood to I/O port 0x80]
- RESERVED
+CVE-2017-1000407 (The Linux Kernel 2.6.32 and later are affected by a denial of service, ...)
{DLA-1200-1}
- linux <unfixed>
NOTE: https://www.spinics.net/lists/kvm/msg159809.html
@@ -7507,10 +7518,10 @@
RESERVED
CVE-2017-15898
RESERVED
-CVE-2017-15897
- RESERVED
-CVE-2017-15896
- RESERVED
+CVE-2017-15897 (Node.js had a bug in versions 8.X and 9.X which caused buffers to not ...)
+ TODO: check
+CVE-2017-15896 (Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards ...)
+ TODO: check
CVE-2017-15895 (Directory traversal vulnerability in the SYNO.FileStation.Extract in ...)
NOT-FOR-US: Synology Router Manager
CVE-2017-15894 (Directory traversal vulnerability in the SYNO.FileStation.Extract in ...)
@@ -9571,6 +9582,7 @@
NOTE: Fixed by: https://git.kernel.org/linus/5a7203947a1d9b6f3a00a39fda08c2466489555f (v3.11-rc1)
CVE-2017-15120 [Crafted CNAME answer can cause a denial of service]
RESERVED
+ {DSA-4063-1}
- pdns-recursor 4.1.0-1
[jessie] - pdns-recursor <not-affected> (Vulnerable code introduced in 4.0.0)
[wheezy] - pdns-recursor <not-affected> (Vulnerable code introduced in 4.0.0)
@@ -28263,12 +28275,12 @@
NOT-FOR-US: MediaCoder
CVE-2017-8868 (acp/core/files.browser.php in flatCore 1.4.7 allows file deletion via ...)
NOT-FOR-US: flatCore
-CVE-2017-8867
- RESERVED
-CVE-2017-8866
- RESERVED
-CVE-2017-8865
- RESERVED
+CVE-2017-8867 (Elemental Path's CogniToys Dino smart toys through firmware version ...)
+ TODO: check
+CVE-2017-8866 (Elemental Path's CogniToys Dino smart toys through firmware version ...)
+ TODO: check
+CVE-2017-8865 (Elemental Path's CogniToys Dino smart toys through firmware version ...)
+ TODO: check
CVE-2017-8864 (Client-side enforcement using JavaScript of server-side security ...)
NOT-FOR-US: Cohu
CVE-2017-8863 (Information disclosure of .esp source code on the Cohu 3960 allows an ...)
@@ -47084,8 +47096,8 @@
[jessie] - sdl-image1.2 <no-dsa> (Minor issue)
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0394
NOTE: https://hg.libsdl.org/SDL_image/rev/318484db0705
-CVE-2017-2886
- RESERVED
+CVE-2017-2886 (A memory corruption vulnerability exists in the .PSD parsing ...)
+ TODO: check
CVE-2017-2885 [stack based buffer overflow with HTTP Chunked Encoding]
RESERVED
{DSA-3929-1}
@@ -49732,8 +49744,8 @@
RESERVED
CVE-2017-1761
RESERVED
-CVE-2017-1760
- RESERVED
+CVE-2017-1760 (IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a local user to crash ...)
+ TODO: check
CVE-2017-1759
RESERVED
CVE-2017-1758
@@ -49886,8 +49898,8 @@
RESERVED
CVE-2017-1684
RESERVED
-CVE-2017-1683
- RESERVED
+CVE-2017-1683 (IBM Connections Engagement Center 6.0 is vulnerable to cross-site ...)
+ TODO: check
CVE-2017-1682
RESERVED
CVE-2017-1681
@@ -49988,8 +50000,8 @@
RESERVED
CVE-2017-1633
RESERVED
-CVE-2017-1632
- RESERVED
+CVE-2017-1632 (IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. ...)
+ TODO: check
CVE-2017-1631
RESERVED
CVE-2017-1630
@@ -50026,8 +50038,8 @@
RESERVED
CVE-2017-1614
RESERVED
-CVE-2017-1613
- RESERVED
+CVE-2017-1613 (IBM Connections 6.0 could allow an unauthenticated remote attacker to ...)
+ TODO: check
CVE-2017-1612
RESERVED
CVE-2017-1611
@@ -50040,8 +50052,8 @@
RESERVED
CVE-2017-1607 (IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site ...)
NOT-FOR-US: IBM
-CVE-2017-1606
- RESERVED
+CVE-2017-1606 (IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) ...)
+ TODO: check
CVE-2017-1605
RESERVED
CVE-2017-1604
@@ -50152,12 +50164,12 @@
NOT-FOR-US: IBM
CVE-2017-1551 (IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker ...)
NOT-FOR-US: IBM
-CVE-2017-1550
- RESERVED
-CVE-2017-1549
- RESERVED
-CVE-2017-1548
- RESERVED
+CVE-2017-1550 (IBM Sterling File Gateway 2.2 could allow an authenticated user to ...)
+ TODO: check
+CVE-2017-1549 (IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. ...)
+ TODO: check
+CVE-2017-1548 (IBM Sterling File Gateway 2.2 could allow a remote attacker to ...)
+ TODO: check
CVE-2017-1547
RESERVED
CVE-2017-1546
@@ -50180,8 +50192,8 @@
NOT-FOR-US: IBM
CVE-2017-1537
RESERVED
-CVE-2017-1536
- RESERVED
+CVE-2017-1536 (IBM Support Tools for Lotus WCM (IBM WebSphere Portal 7.0, 8.0, 8.5 ...)
+ TODO: check
CVE-2017-1535 (IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This ...)
NOT-FOR-US: IBM
CVE-2017-1534
@@ -50238,8 +50250,8 @@
RESERVED
CVE-2017-1508 (IBM Informix Dynamic Server 12.1 could allow a local user logged in ...)
NOT-FOR-US: IBM
-CVE-2017-1507
- RESERVED
+CVE-2017-1507 (IBM Jazz Foundation Products could disclose sensitive information ...)
+ TODO: check
CVE-2017-1506
RESERVED
CVE-2017-1505
@@ -113936,8 +113948,8 @@
NOTE: some use of simplepie being the attack vector
CVE-2014-8359 (Untrusted search path vulnerability in Huawei Mobile Partner for ...)
NOT-FOR-US: Huawei Mobile Partner for Windows
-CVE-2014-8358
- RESERVED
+CVE-2014-8358 (Huawei EC156, EC176, and EC177 USB Modem products with software before ...)
+ TODO: check
CVE-2014-8357 (backupsettings.html in the web administrative portal in Zhone zNID ...)
NOT-FOR-US: ZHONE Router
CVE-2014-8356
More information about the Secure-testing-commits
mailing list