[Secure-testing-commits] r58681 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Mon Dec 18 21:10:16 UTC 2017 

Author: sectracker
Date: 2017-12-18 21:10:16 +0000 (Mon, 18 Dec 2017)
New Revision: 58681

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-12-18 19:52:09 UTC (rev 58680)
+++ data/CVE/list	2017-12-18 21:10:16 UTC (rev 58681)
@@ -1,3 +1,15 @@
+CVE-2017-17747
+	RESERVED
+CVE-2017-17746
+	RESERVED
+CVE-2017-17745
+	RESERVED
+CVE-2017-17744
+	RESERVED
+CVE-2017-17743
+	RESERVED
+CVE-2017-17742
+	RESERVED
 CVE-2017-17741 (The KVM implementation in the Linux kernel through 4.14.7 allows ...)
 	- linux <unfixed>
 	NOTE: https://www.spinics.net/lists/kvm/msg160710.html
@@ -41,8 +53,8 @@
 	RESERVED
 CVE-2017-17722
 	RESERVED
-CVE-2017-17721
-	RESERVED
+CVE-2017-17721 (CWEBNET/WOSummary/List in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 ...)
+	TODO: check
 CVE-2017-17720
 	RESERVED
 CVE-2017-17719
@@ -4609,24 +4621,24 @@
 	RESERVED
 CVE-2017-17652
 	RESERVED
-CVE-2017-17651
-	RESERVED
+CVE-2017-17651 (Paid To Read Script 2.0.5 has SQL Injection via the admin/userview.php ...)
+	TODO: check
 CVE-2017-17650
 	RESERVED
-CVE-2017-17649
-	RESERVED
+CVE-2017-17649 (Readymade Video Sharing Script 3.2 has HTML Injection via the ...)
+	TODO: check
 CVE-2017-17648 (Entrepreneur Dating Script 2.0.1 has SQL Injection via the ...)
 	TODO: check
 CVE-2017-17647
 	RESERVED
 CVE-2017-17646
 	RESERVED
-CVE-2017-17645
-	RESERVED
+CVE-2017-17645 (Bus Booking Script 1.0 has SQL Injection via the txtname parameter to ...)
+	TODO: check
 CVE-2017-17644
 	RESERVED
-CVE-2017-17643
-	RESERVED
+CVE-2017-17643 (FS Lynda Clone 1.0 has SQL Injection via the keywords parameter to ...)
+	TODO: check
 CVE-2017-17642 (Basic Job Site Script 2.0.5 has SQL Injection via the keyword parameter ...)
 	TODO: check
 CVE-2017-17641 (Resume Clone Script 2.0.5 has SQL Injection via the preview.php id ...)
@@ -6592,12 +6604,12 @@
 	RESERVED
 CVE-2017-17108
 	RESERVED
-CVE-2017-17107
-	RESERVED
-CVE-2017-17106
-	RESERVED
-CVE-2017-17105
-	RESERVED
+CVE-2017-17107 (Zivif PR115-204-P-RS V2.3.4.2103 web cameras contain a hard-coded ...)
+	TODO: check
+CVE-2017-17106 (Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be ...)
+	TODO: check
+CVE-2017-17105 (Zivif PR115-204-P-RS V2.3.4.2103 web cameras are vulnerable to ...)
+	TODO: check
 CVE-2017-17104 (Fiyo CMS 2.0.7 has an arbitrary file read vulnerability in ...)
 	NOT-FOR-US: Fiyo CMS
 CVE-2017-17103 (Fiyo CMS 2.0.7 has SQL injection in /apps/app_user/sys_user.php via ...)
@@ -8914,8 +8926,8 @@
 	NOT-FOR-US: Winamp
 CVE-2017-16950 (Cross - site scripting (XSS) vulnerability in UrBackup Server before ...)
 	TODO: check
-CVE-2017-16949
-	RESERVED
+CVE-2017-16949 (An issue was discovered in the AccessKeys AccessPress Anonymous Post ...)
+	TODO: check
 CVE-2017-16948 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a ...)
 	NOT-FOR-US: TG Soft Vir.IT eXplorer Lite
 CVE-2017-16947
@@ -12496,12 +12508,12 @@
 	NOT-FOR-US: KeystoneJS
 CVE-2017-15878 (A cross-site scripting (XSS) vulnerability exists in ...)
 	NOT-FOR-US: KeystoneJS
-CVE-2017-15877
-	RESERVED
-CVE-2017-15876
-	RESERVED
-CVE-2017-15875
-	RESERVED
+CVE-2017-15877 (Insecure Permissions vulnerability in db.php file in GPWeb 8.4.61 ...)
+	TODO: check
+CVE-2017-15876 (Unrestricted File Upload vulnerability in GPWeb 8.4.61 allows remote ...)
+	TODO: check
+CVE-2017-15875 (SQL injection vulnerability in Password Recovery in GPWeb 8.4.61 ...)
+	TODO: check
 CVE-2017-15874 (archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an ...)
 	- busybox 1:1.27.2-2 (bug #879732)
 	[stretch] - busybox <not-affected> (Vulnerable code not present)
@@ -12901,8 +12913,8 @@
 	- qpid-java <itp> (bug #840131)
 CVE-2017-15701 (In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 (inclusive) the ...)
 	- qpid-java <itp> (bug #840131)
-CVE-2017-15700
-	RESERVED
+CVE-2017-15700 (A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectValid ...)
+	TODO: check
 CVE-2017-15699
 	RESERVED
 	TODO: check, this is possibly specific to AMQ Interconnect as used by Red Hat JBoss, although based on Apache Qpid project
@@ -13289,8 +13301,8 @@
 	NOT-FOR-US: Symantec
 CVE-2017-15525 (Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be ...)
 	NOT-FOR-US: Symantec
-CVE-2017-15524
-	RESERVED
+CVE-2017-15524 (The Application Firewall Pack (AFP, aka Web Application Firewall) ...)
+	TODO: check
 CVE-2017-15523
 	RESERVED
 CVE-2017-15522
@@ -13642,6 +13654,7 @@
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
 CVE-2017-15412 [use after free]
 	RESERVED
+	{DLA-1211-1}
 	- libxml2 2.9.4+dfsg1-5.2 (bug #883790)
 	NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=727039
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=783160 (not public)
@@ -14616,10 +14629,10 @@
 	RESERVED
 CVE-2017-15105
 	RESERVED
-CVE-2017-15104
-	RESERVED
-CVE-2017-15103
-	RESERVED
+CVE-2017-15104 (An access flaw was found in Heketi 5, where the heketi.json ...)
+	TODO: check
+CVE-2017-15103 (A security-check flaw was found in the way the Heketi 5 server API ...)
+	TODO: check
 CVE-2017-15102 (The tower_probe function in drivers/usb/misc/legousbtower.c in the ...)
 	- linux 4.7.8-1
 	[jessie] - linux 3.16.43-1
@@ -16330,8 +16343,8 @@
 	NOT-FOR-US: Atlassian
 CVE-2017-14584
 	RESERVED
-CVE-2017-14583
-	RESERVED
+CVE-2017-14583 (NetApp Clustered Data ONTAP versions 9.x prior to 9.1P10 and 9.2P2 are ...)
+	TODO: check
 CVE-2017-14582 (The Zoho Site24x7 Mobile Network Poller application before 1.1.5 for ...)
 	NOT-FOR-US: Zoho
 CVE-2017-XXXX [pcb code injection by malicious layout file]
@@ -22205,8 +22218,8 @@
 	RESERVED
 CVE-2017-12631 (Apache CXF Fediz ships with a number of container-specific plugins to ...)
 	NOT-FOR-US: Apache CXF
-CVE-2017-12630
-	RESERVED
+CVE-2017-12630 (In Apache Drill 1.11.0 and earlier when submitting form from Query ...)
+	TODO: check
 CVE-2017-12629 (Remote code execution occurs in Apache Solr before 7.1 with Apache ...)
 	- lucene-solr <undetermined>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1501529
@@ -25152,8 +25165,8 @@
 	RESERVED
 CVE-2017-11563
 	RESERVED
-CVE-2017-11562
-	RESERVED
+CVE-2017-11562 (A Session Fixation Vulnerability exists in the MT4 Networks ...)
+	TODO: check
 CVE-2017-11561
 	RESERVED
 CVE-2017-11560
@@ -254562,7 +254575,7 @@
 	NOT-FOR-US: America Online
 CVE-2006-6441 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before ...)
 	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
-CVE-2006-6440 (Multple unspecified vulnerabilities in Xerox WorkCentre and WorkCentre ...)
+CVE-2006-6440 (Multiple unspecified vulnerabilities in Xerox WorkCentre and ...)
 	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
 CVE-2006-6439 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before ...)
 	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro

More information about the Secure-testing-commits mailing list