[Secure-testing-commits] r58501 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Tue Dec 12 21:10:14 UTC 2017
Author: sectracker
Date: 2017-12-12 21:10:14 +0000 (Tue, 12 Dec 2017)
New Revision: 58501
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-12 20:57:33 UTC (rev 58500)
+++ data/CVE/list 2017-12-12 21:10:14 UTC (rev 58501)
@@ -1,3 +1,11 @@
+CVE-2017-17562 (Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is ...)
+ TODO: check
+CVE-2017-17561 (SeaCMS 6.56 allows remote authenticated administrators to execute ...)
+ TODO: check
+CVE-2017-17560 (An issue was discovered on Western Digital MyCloud PR4100 2.30.172 ...)
+ TODO: check
+CVE-2017-17559
+ RESERVED
CVE-2017-XXXX [XSA-251: improper bug check in x86 log-dirty handling]
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-251.html
@@ -10,7 +18,7 @@
CVE-2017-XXXX [XSA-248: x86 PV guests may gain access to internally used pages]
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-248.html
-CVE-2017-17558
+CVE-2017-17558 (The usb_destroy_configuration function in drivers/usb/core/config.c in ...)
- linux <unfixed>
NOTE: https://www.spinics.net/lists/linux-usb/msg163644.html
CVE-2017-17557
@@ -5168,34 +5176,34 @@
RESERVED
CVE-2017-16692
RESERVED
-CVE-2017-16691
- RESERVED
-CVE-2017-16690
- RESERVED
-CVE-2017-16689
- RESERVED
+CVE-2017-16691 (SAP Note Assistant tool (SAP BASIS from 7.00 to 7.02, from 7.10 to ...)
+ TODO: check
+CVE-2017-16690 (A malicious DLL preload attack possible on NwSapSetup and Installation ...)
+ TODO: check
+CVE-2017-16689 (A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, ...)
+ TODO: check
CVE-2017-16688
RESERVED
-CVE-2017-16687
- RESERVED
+CVE-2017-16687 (The user self-service tools of SAP HANA extended application services, ...)
+ TODO: check
CVE-2017-16686
RESERVED
-CVE-2017-16685
- RESERVED
-CVE-2017-16684
- RESERVED
-CVE-2017-16683
- RESERVED
-CVE-2017-16682
- RESERVED
-CVE-2017-16681
- RESERVED
-CVE-2017-16680
- RESERVED
-CVE-2017-16679
- RESERVED
-CVE-2017-16678
- RESERVED
+CVE-2017-16685 (Cross-Site scripting (XSS) in SAP Business Warehouse Universal Data ...)
+ TODO: check
+CVE-2017-16684 (SAP Business Intelligence Promotion Management Application, Enterprise ...)
+ TODO: check
+CVE-2017-16683 (Denial of Service (DOS) in SAP Business Objects Platform, Enterprise ...)
+ TODO: check
+CVE-2017-16682 (SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 ...)
+ TODO: check
+CVE-2017-16681 (Cross-Site Scripting (XSS) vulnerability in SAP Business Intelligence ...)
+ TODO: check
+CVE-2017-16680 (Two potential audit log injections in SAP HANA extended application ...)
+ TODO: check
+CVE-2017-16679 (URL redirection vulnerability in SAP's Startup Service, SAP KERNEL 32 ...)
+ TODO: check
+CVE-2017-16678 (Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver ...)
+ TODO: check
CVE-2017-16677
RESERVED
CVE-2017-16676
@@ -8639,26 +8647,31 @@
RESERVED
CVE-2017-15427
RESERVED
+ {DSA-4064-1}
- chromium-browser 63.0.3239.84-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15426
RESERVED
+ {DSA-4064-1}
- chromium-browser 63.0.3239.84-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15425
RESERVED
+ {DSA-4064-1}
- chromium-browser 63.0.3239.84-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15424
RESERVED
+ {DSA-4064-1}
- chromium-browser 63.0.3239.84-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15423
RESERVED
+ {DSA-4064-1}
- chromium-browser 63.0.3239.84-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
@@ -8670,31 +8683,37 @@
RESERVED
CVE-2017-15420
RESERVED
+ {DSA-4064-1}
- chromium-browser 63.0.3239.84-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15419
RESERVED
+ {DSA-4064-1}
- chromium-browser 63.0.3239.84-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15418
RESERVED
+ {DSA-4064-1}
- chromium-browser 63.0.3239.84-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15417
RESERVED
+ {DSA-4064-1}
- chromium-browser 63.0.3239.84-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15416
RESERVED
+ {DSA-4064-1}
- chromium-browser 63.0.3239.84-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15415
RESERVED
+ {DSA-4064-1}
- chromium-browser 63.0.3239.84-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
@@ -8702,6 +8721,7 @@
RESERVED
CVE-2017-15413
RESERVED
+ {DSA-4064-1}
- chromium-browser 63.0.3239.84-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
@@ -8713,26 +8733,31 @@
NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=0f3b843b3534784ef57a4f9b874238aa1fda5a73
CVE-2017-15411
RESERVED
+ {DSA-4064-1}
- chromium-browser 63.0.3239.84-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15410
RESERVED
+ {DSA-4064-1}
- chromium-browser 63.0.3239.84-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15409
RESERVED
+ {DSA-4064-1}
- chromium-browser 63.0.3239.84-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15408
RESERVED
+ {DSA-4064-1}
- chromium-browser 63.0.3239.84-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15407
RESERVED
+ {DSA-4064-1}
- chromium-browser 63.0.3239.84-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
@@ -16561,18 +16586,21 @@
CVE-2017-12854
RESERVED
CVE-2017-12874 (The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof ...)
+ {DLA-1205-1}
- simplesamlphp 1.14.11-1
NOTE: Issue lies in simplesamlphp/simplesamlphp-module-infocard and fixed
NOTE: in 1.0.1. The module is embedded in src:simplesamlphp
NOTE: https://simplesamlphp.org/security/201612-03
NOTE: Patch: https://github.com/simplesamlphp/simplesamlphp-module-infocard/commit/7353762acacd827a61378629f87de991451089da
CVE-2017-12873 (SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain ...)
+ {DLA-1205-1}
- simplesamlphp 1.14.15-1
NOTE: https://simplesamlphp.org/security/201612-04
NOTE: Patches: https://github.com/simplesamlphp/simplesamlphp/commit/90dca835158495b173808273e7df127303b8b953aa
NOTE: https://github.com/simplesamlphp/simplesamlphp/commit/e2daf4ceb6e580815c3741384b3a09b85a5fc231
NOTE: https://github.com/simplesamlphp/simplesamlphp/commit/300d8aa48fe93706ade95be481c68e9cf2f32d1f
CVE-2017-12872 (The (1) Htpasswd authentication source in the authcrypt module and (2) ...)
+ {DLA-1205-1}
- simplesamlphp 1.14.15-1
NOTE: https://simplesamlphp.org/security/201703-01
NOTE: Patches: https://github.com/simplesamlphp/simplesamlphp/commit/ab7761d4a523a4ed00479fb1ddba688e7ca72439
@@ -16587,14 +16615,17 @@
[wheezy] - simplesamlphp <ignored> (Minor issue mitigated by HTTPS usage, hard to backport)
NOTE: https://simplesamlphp.org/security/201704-01
CVE-2017-12869 (The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows ...)
+ {DLA-1205-1}
- simplesamlphp 1.14.15-1
NOTE: https://simplesamlphp.org/security/201704-02
NOTE: Patch: https://github.com/simplesamlphp/simplesamlphp/commit/f1e485284dd428ab3cd9500c62e19c7c7234be9a
CVE-2017-12868 (The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in ...)
+ {DLA-1205-1}
- simplesamlphp 1.14.15-1
NOTE: https://simplesamlphp.org/security/201705-01
NOTE: Patch: https://github.com/simplesamlphp/simplesamlphp/commit/caf764cc2c9b68ac29741070ebdf133a595443f1
CVE-2017-12867 (The SimpleSAML_Auth_TimeLimitedToken class in SimpleSAMLphp 1.14.14 ...)
+ {DLA-1205-1}
- simplesamlphp 1.14.15-1
NOTE: https://simplesamlphp.org/security/201708-01
NOTE: Patch: https://github.com/simplesamlphp/simplesamlphp/commit/608f24c2d5afd70c2af050785d2b12f878b33c68
@@ -18520,8 +18551,7 @@
CVE-2017-12156 (Moodle 3.x has XSS in the contact form on the "non-respondents" page in ...)
- moodle <removed>
NOTE: https://moodle.org/mod/forum/discuss.php?d=358585
-CVE-2017-12155
- RESERVED
+CVE-2017-12155 (A resource-permission flaw was found in the ...)
- tripleo-heat-templates <undetermined>
CVE-2017-12154 (The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel ...)
{DSA-3981-1 DLA-1099-1}
@@ -38183,8 +38213,8 @@
NOT-FOR-US: Intel
CVE-2017-5718
RESERVED
-CVE-2017-5717
- RESERVED
+CVE-2017-5717 (Type Confusion in Content Protection HECI Service in Intel Graphics ...)
+ TODO: check
CVE-2017-5716
REJECTED
CVE-2017-5715
More information about the Secure-testing-commits
mailing list