[Secure-testing-commits] r58511 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Wed Dec 13 09:10:15 UTC 2017
Author: sectracker
Date: 2017-12-13 09:10:15 +0000 (Wed, 13 Dec 2017)
New Revision: 58511
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-13 06:31:15 UTC (rev 58510)
+++ data/CVE/list 2017-12-13 09:10:15 UTC (rev 58511)
@@ -1,3 +1,9 @@
+CVE-2017-17569
+ RESERVED
+CVE-2017-17568
+ RESERVED
+CVE-2017-17567
+ RESERVED
CVE-2017-17562 (Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is ...)
TODO: check
CVE-2017-17561 (SeaCMS 6.56 allows remote authenticated administrators to execute ...)
@@ -6,16 +12,16 @@
TODO: check
CVE-2017-17559
RESERVED
-CVE-2017-17565 [XSA-251: improper bug check in x86 log-dirty handling]
+CVE-2017-17565 (An issue was discovered in Xen through 4.9.x allowing PV guest OS users ...)
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-251.html
-CVE-2017-17564 [XSA-250: improper x86 shadow mode refcount error handling]
+CVE-2017-17564 (An issue was discovered in Xen through 4.9.x allowing guest OS users to ...)
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-250.html
-CVE-2017-17563 [XSA-249: broken x86 shadow mode refcount overflow check]
+CVE-2017-17563 (An issue was discovered in Xen through 4.9.x allowing guest OS users to ...)
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-249.html
-CVE-2017-17566 [XSA-248: x86 PV guests may gain access to internally used pages]
+CVE-2017-17566 (An issue was discovered in Xen through 4.9.x allowing PV guest OS users ...)
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-248.html
CVE-2017-17558 (The usb_destroy_configuration function in drivers/usb/core/config.c in ...)
@@ -2474,8 +2480,7 @@
RESERVED
CVE-2017-17059 (XSS exists in the amtyThumb amty-thumb-recent-post (aka amtyThumb posts ...)
NOT-FOR-US: WordPress plugin wp-thumb-post
-CVE-2017-1000385 [TLS server vunlerable to Adaptive Chosen Ciphertext attack allowing plaintext recovery ot MITM attack]
- RESERVED
+CVE-2017-1000385 (The Erlang otp TLS server answers with different TLS alerts to ...)
{DSA-4057-1}
- erlang 1:20.1.7+dfsg-1
NOTE: https://groups.google.com/forum/#!topic/erlang-programming/J0LH-j6fRlM
@@ -12024,10 +12029,10 @@
RESERVED
CVE-2017-14363
RESERVED
-CVE-2017-14362
- RESERVED
-CVE-2017-14361
- RESERVED
+CVE-2017-14362 (Cross-Site Request Forgery vulnerability in Micro Focus Project and ...)
+ TODO: check
+CVE-2017-14361 (Man-In-The-Middle vulnerability in Micro Focus Project and Portfolio ...)
+ TODO: check
CVE-2017-14360 (A potential security vulnerability has been identified in HPE Content ...)
NOT-FOR-US: HPE
CVE-2017-14359 (A potential security vulnerability has been identified in HPE ...)
@@ -15286,13 +15291,11 @@
RESERVED
CVE-2017-13100
RESERVED
-CVE-2017-13099
- RESERVED
+CVE-2017-13099 (wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle ...)
- wolfssl <unfixed> (bug #884235)
NOTE: https://github.com/wolfSSL/wolfssl/pull/1229
NOTE: https://robotattack.org/
-CVE-2017-13098
- RESERVED
+CVE-2017-13098 (BouncyCastle TLS prior to version 1.0.3, when configured to use the ...)
- bouncycastle <unfixed> (bug #884241)
NOTE: Fixed in 1.59 beta 9
NOTE: Fixed by: https://github.com/bcgit/bc-java/commit/a00b684465b38d722ca9a3543b8af8568e6bad5c
@@ -19088,32 +19091,32 @@
RESERVED
CVE-2017-11940 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...)
NOT-FOR-US: Microsoft
-CVE-2017-11939
- RESERVED
+CVE-2017-11939 (Microsoft Office 2016 Click-to-Run (C2R) allows an information ...)
+ TODO: check
CVE-2017-11938
RESERVED
CVE-2017-11937 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...)
NOT-FOR-US: Microsoft
-CVE-2017-11936
- RESERVED
-CVE-2017-11935
- RESERVED
-CVE-2017-11934
- RESERVED
+CVE-2017-11936 (Microsoft SharePoint Enterprise Server 2016 allows an elevation of ...)
+ TODO: check
+CVE-2017-11935 (Microsoft Office 2016 Click-to-Run (C2R) allows a remote code ...)
+ TODO: check
+CVE-2017-11934 (Microsoft Office 2013 RT SP1, Microsoft Office 2013 SP1, and Microsoft ...)
+ TODO: check
CVE-2017-11933
RESERVED
-CVE-2017-11932
- RESERVED
+CVE-2017-11932 (Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 ...)
+ TODO: check
CVE-2017-11931
RESERVED
-CVE-2017-11930
- RESERVED
+CVE-2017-11930 (ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows ...)
+ TODO: check
CVE-2017-11929
RESERVED
CVE-2017-11928
RESERVED
-CVE-2017-11927
- RESERVED
+CVE-2017-11927 (Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 ...)
+ TODO: check
CVE-2017-11926
RESERVED
CVE-2017-11925
@@ -19128,76 +19131,76 @@
RESERVED
CVE-2017-11920
RESERVED
-CVE-2017-11919
- RESERVED
-CVE-2017-11918
- RESERVED
+CVE-2017-11919 (ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows ...)
+ TODO: check
+CVE-2017-11918 (ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, ...)
+ TODO: check
CVE-2017-11917
RESERVED
-CVE-2017-11916
- RESERVED
+CVE-2017-11916 (ChakraCore allows an attacker to execute arbitrary code in the context ...)
+ TODO: check
CVE-2017-11915
RESERVED
-CVE-2017-11914
- RESERVED
-CVE-2017-11913
- RESERVED
-CVE-2017-11912
- RESERVED
-CVE-2017-11911
- RESERVED
-CVE-2017-11910
- RESERVED
-CVE-2017-11909
- RESERVED
-CVE-2017-11908
- RESERVED
-CVE-2017-11907
- RESERVED
-CVE-2017-11906
- RESERVED
-CVE-2017-11905
- RESERVED
+CVE-2017-11914 (ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, ...)
+ TODO: check
+CVE-2017-11913 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and ...)
+ TODO: check
+CVE-2017-11912 (ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows ...)
+ TODO: check
+CVE-2017-11911 (ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server ...)
+ TODO: check
+CVE-2017-11910 (ChakraCore and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows ...)
+ TODO: check
+CVE-2017-11909 (ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server ...)
+ TODO: check
+CVE-2017-11908 (ChakraCore and Windows 10 1709 allows an attacker to execute arbitrary ...)
+ TODO: check
+CVE-2017-11907 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and ...)
+ TODO: check
+CVE-2017-11906 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and ...)
+ TODO: check
+CVE-2017-11905 (ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, ...)
+ TODO: check
CVE-2017-11904
RESERVED
-CVE-2017-11903
- RESERVED
+CVE-2017-11903 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and ...)
+ TODO: check
CVE-2017-11902
RESERVED
-CVE-2017-11901
- RESERVED
+CVE-2017-11901 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 ...)
+ TODO: check
CVE-2017-11900
RESERVED
-CVE-2017-11899
- RESERVED
+CVE-2017-11899 (Device Guard in Windows 10 1511, 1607, 1703 and 1709, Windows Server ...)
+ TODO: check
CVE-2017-11898
RESERVED
CVE-2017-11897
RESERVED
CVE-2017-11896
RESERVED
-CVE-2017-11895
- RESERVED
-CVE-2017-11894
- RESERVED
-CVE-2017-11893
- RESERVED
+CVE-2017-11895 (ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows ...)
+ TODO: check
+CVE-2017-11894 (ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows ...)
+ TODO: check
+CVE-2017-11893 (ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, ...)
+ TODO: check
CVE-2017-11892
RESERVED
CVE-2017-11891
RESERVED
-CVE-2017-11890
- RESERVED
-CVE-2017-11889
- RESERVED
-CVE-2017-11888
- RESERVED
-CVE-2017-11887
- RESERVED
-CVE-2017-11886
- RESERVED
-CVE-2017-11885
- RESERVED
+CVE-2017-11890 (Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 ...)
+ TODO: check
+CVE-2017-11889 (ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, ...)
+ TODO: check
+CVE-2017-11888 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, ...)
+ TODO: check
+CVE-2017-11887 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 ...)
+ TODO: check
+CVE-2017-11886 (Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 ...)
+ TODO: check
+CVE-2017-11885 (Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 ...)
+ TODO: check
CVE-2017-11884 (Microsoft Excel 2016 Click-to-Run (C2R) allows an attacker to run ...)
NOT-FOR-US: Microsoft
CVE-2017-11883 (.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to ...)
@@ -23262,6 +23265,7 @@
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2706
NOTE: Fixed by: https://github.com/vadz/libtiff/commit/fe8d7165956b88df4837034a9161dc5fd20cf67a
CVE-2017-9935 (In LibTIFF 4.0.8, there is a heap-based buffer overflow in the ...)
+ {DLA-1206-1}
- tiff <unfixed> (bug #866109)
- tiff3 <removed>
[wheezy] - tiff3 <not-affected> (does not build vulnerable tiff2pdf)
@@ -39105,8 +39109,8 @@
RESERVED
CVE-2017-5535
RESERVED
-CVE-2017-5534
- RESERVED
+CVE-2017-5534 (The tibbr user profiles components of tibbr Community, and tibbr ...)
+ TODO: check
CVE-2017-5533 (A vulnerability in the server content cache of TIBCO JasperReports ...)
- jasperreports <undetermined> (bug #884131)
NOTE: http://www.tibco.com/support/advisories/2017/11/tibco-security-advisory-november-15-2017-tibco-jasperreports-server-2017
@@ -39115,8 +39119,8 @@
NOTE: https://www.tibco.com/support/advisories/2017/11/tibco-security-advisory-november-15-2017-tibco-jasperreports-2017-5532
CVE-2017-5531 (Deployments of TIBCO Managed File Transfer Command Center versions ...)
NOT-FOR-US: TIBCO
-CVE-2017-5530
- RESERVED
+CVE-2017-5530 (The tibbr web server components of tibbr Community, and tibbr ...)
+ TODO: check
CVE-2017-5529 (JasperReports library components contain an information disclosure ...)
- jasperreports <undetermined> (bug #880467)
NOTE: https://www.tibco.com/support/advisories/2017/06/tibco-security-advisory-june-28-2017-tibco-jasperreports-server-2017-0
@@ -41597,8 +41601,8 @@
RESERVED
CVE-2017-4943
RESERVED
-CVE-2017-4942
- RESERVED
+CVE-2017-4942 (VMware AirWatch Console (AWC) contains a Broken Access Control ...)
+ TODO: check
CVE-2017-4941
RESERVED
CVE-2017-4940
More information about the Secure-testing-commits
mailing list