[Secure-testing-commits] r58770 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Thu Dec 21 09:10:13 UTC 2017 

Author: sectracker
Date: 2017-12-21 09:10:13 +0000 (Thu, 21 Dec 2017)
New Revision: 58770

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-12-21 09:04:18 UTC (rev 58769)
+++ data/CVE/list	2017-12-21 09:10:13 UTC (rev 58770)
@@ -1,3 +1,51 @@
+CVE-2017-17831 (GitHub Git LFS before 2.1.1 allows remote attackers to execute ...)
+	TODO: check
+CVE-2017-17830 (Bus Booking Script has CSRF via admin/new_master.php. ...)
+	TODO: check
+CVE-2017-17829 (Bus Booking Script has SQL Injection via the admin/view_seatseller.php ...)
+	TODO: check
+CVE-2017-17828 (Bus Booking Script has XSS via the results.php datepicker parameter or ...)
+	TODO: check
+CVE-2017-17827 (Piwigo 2.9.2 is vulnerable to Cross-Site Request Forgery via ...)
+	TODO: check
+CVE-2017-17826 (The Configuration component of Piwigo 2.9.2 is vulnerable to Persistent ...)
+	TODO: check
+CVE-2017-17825 (The Batch Manager component of Piwigo 2.9.2 is vulnerable to Persistent ...)
+	TODO: check
+CVE-2017-17824 (The Batch Manager component of Piwigo 2.9.2 is vulnerable to SQL ...)
+	TODO: check
+CVE-2017-17823 (The Configuration component of Piwigo 2.9.2 is vulnerable to SQL ...)
+	TODO: check
+CVE-2017-17822 (The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via ...)
+	TODO: check
+CVE-2017-17821 (WTF/wtf/FastBitVector.h in WebKit, as distributed in Safari Technology ...)
+	TODO: check
+CVE-2017-17820 (In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in ...)
+	TODO: check
+CVE-2017-17819 (In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access ...)
+	TODO: check
+CVE-2017-17818 (In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer ...)
+	TODO: check
+CVE-2017-17817 (In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in ...)
+	TODO: check
+CVE-2017-17816 (In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in ...)
+	TODO: check
+CVE-2017-17815 (In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access ...)
+	TODO: check
+CVE-2017-17814 (In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in ...)
+	TODO: check
+CVE-2017-17813 (In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in the ...)
+	TODO: check
+CVE-2017-17812 (In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer ...)
+	TODO: check
+CVE-2017-17811 (In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer ...)
+	TODO: check
+CVE-2017-17810 (In Netwide Assembler (NASM) 2.14rc0, there is a "SEGV on unknown ...)
+	TODO: check
+CVE-2017-17809 (In Golden Frog VyprVPN before 2.15.0.5828 for macOS, the vyprvpnservice ...)
+	TODO: check
+CVE-2017-17808
+	RESERVED
 CVE-2018-3599
 	RESERVED
 CVE-2018-3598
@@ -78,13 +126,13 @@
 	RESERVED
 CVE-2018-3560
 	RESERVED
-CVE-2017-17807 [KEYS: add missing permission check for request_key() destination]
+CVE-2017-17807 (The KEYS subsystem in the Linux kernel before 4.14.6 omitted an ...)
 	- linux <unfixed>
 	NOTE: Fixed by: https://git.kernel.org/linus/4dca6ea1d9432052afb06baf2e3ae78188a4410b (v4.15-rc3)
-CVE-2017-17806 [crypto: hmac - require that the underlying hash algorithm is unkeyed]
+CVE-2017-17806 (The HMAC implementation (crypto/hmac.c) in the Linux kernel before ...)
 	- linux <unfixed>
 	NOTE: Fixed by: https://git.kernel.org/linus/af3ff8045bbf3e32f1a448542e73abb4c8ceb6f1 (v4.15-rc4)
-CVE-2017-17805 [crypto: salsa20 - fix blkcipher_walk API usage]
+CVE-2017-17805 (The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does ...)
 	- linux <unfixed>
 	NOTE: Fixed by: https://git.kernel.org/linus/ecaaab5649781c5a0effdaf298a925063020500e (4.15-rc4)
 CVE-2017-17804 (In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows ...)
@@ -178,7 +226,7 @@
 CVE-2017-17761 (An issue was discovered on Ichano AtHome IP Camera devices. The device ...)
 	NOT-FOR-US: Ichano AtHome IP Camera
 CVE-2017-17476 (Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x before ...)
-	{DSA-4069-1}
+	{DSA-4069-1 DLA-1215-1}
 	- otrs2 6.0.3-1 (bug #884801)
 	NOTE: https://www.otrs.com/security-advisory-2017-10-security-update-otrs-framework/
 	NOTE: OTRS-6: https://github.com/OTRS/otrs/commit/36e3be99cfe8a9e09afa1b75fdc39f3e28f561fc
@@ -5885,7 +5933,7 @@
 	[wheezy] - eglibc <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/12/11/4
 CVE-2017-17432 (OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, ...)
-	{DSA-4067-1}
+	{DSA-4067-1 DLA-1213-1}
 	- openafs 1.6.22-1 (bug #883602)
 	NOTE: https://www.openafs.org/pages/security/OPENAFS-SA-2017-001.txt
 CVE-2018-1180
@@ -9913,7 +9961,8 @@
 	NOT-FOR-US: Atlassian
 CVE-2017-16856 (The RSS Feed macro in Atlassian Confluence before version 6.5.2 allows ...)
 	NOT-FOR-US: Atlassian Confluence
-CVE-2017-16855 (Ipsilon before 2.1.0 has a "SAML2 multi-session vulnerability." ...)
+CVE-2017-16855
+	REJECTED
 	- ipsilon <itp> (bug #826838)
 CVE-2017-16854 (In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4.0.26, ...)
 	{DSA-4066-1 DLA-1212-1}
@@ -17176,12 +17225,12 @@
 	NOT-FOR-US: Cloud Foundry
 CVE-2017-14388 (Cloud Foundry Foundation GrootFS release 0.3.x versions prior to 0.30.0 ...)
 	NOT-FOR-US: Cloud Foundry Foundation GrootFS
-CVE-2017-14387
-	RESERVED
+CVE-2017-14387 (The NFS service in EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, and ...)
+	TODO: check
 CVE-2017-14386 (The web user interface of Dell 2335dn and 2355dn Multifunction Laser ...)
 	TODO: check
-CVE-2017-14385
-	RESERVED
+CVE-2017-14385 (An issue was discovered in EMC Data Domain DD OS 5.7 family, versions ...)
+	TODO: check
 CVE-2017-14384
 	RESERVED
 CVE-2017-14383
@@ -22583,13 +22632,13 @@
 CVE-2017-12609
 	RESERVED
 CVE-2017-12608 (A vulnerability in Apache OpenOffice Writer DOC file parser before ...)
-	{DSA-4022-1}
+	{DSA-4022-1 DLA-1214-1}
 	- libreoffice 1:5.0.2-1
 	NOTE: https://www.talosintelligence.com/reports/TALOS-2017-0301
 	NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2017-12608
 	NOTE: https://gerrit.libreoffice.org/gitweb?p=core.git;a=commitdiff_plain;h=42a709d1ef647aab9a1c9422b4e25ecaee857aba
 CVE-2017-12607 (A vulnerability in OpenOffice's PPT file parser before 4.1.4, and ...)
-	{DSA-4022-1}
+	{DSA-4022-1 DLA-1214-1}
 	- libreoffice 1:5.0.2-1
 	NOTE: https://www.talosintelligence.com/reports/TALOS-2017-0300
 	NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2017-12607
@@ -45506,26 +45555,26 @@
 	RESERVED
 CVE-2017-5264 (Versions of Nexpose prior to 6.4.66 fail to adequately validate the ...)
 	NOT-FOR-US: Nexpose
-CVE-2017-5263
-	RESERVED
-CVE-2017-5262
-	RESERVED
-CVE-2017-5261
-	RESERVED
-CVE-2017-5260
-	RESERVED
-CVE-2017-5259
-	RESERVED
-CVE-2017-5258
-	RESERVED
-CVE-2017-5257
-	RESERVED
-CVE-2017-5256
-	RESERVED
-CVE-2017-5255
-	RESERVED
-CVE-2017-5254
-	RESERVED
+CVE-2017-5263 (Versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware lack ...)
+	TODO: check
+CVE-2017-5262 (In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, ...)
+	TODO: check
+CVE-2017-5261 (In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, ...)
+	TODO: check
+CVE-2017-5260 (In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, ...)
+	TODO: check
+CVE-2017-5259 (In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, ...)
+	TODO: check
+CVE-2017-5258 (In version 3.5 and prior of Cambium Networks ePMP firmware, an ...)
+	TODO: check
+CVE-2017-5257 (In version 3.5 and prior of Cambium Networks ePMP firmware, an ...)
+	TODO: check
+CVE-2017-5256 (In version 3.5 and prior of Cambium Networks ePMP firmware, all ...)
+	TODO: check
+CVE-2017-5255 (In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of ...)
+	TODO: check
+CVE-2017-5254 (In version 3.5 and prior of Cambium Networks ePMP firmware, the ...)
+	TODO: check
 CVE-2017-5253
 	RESERVED
 CVE-2017-5252
@@ -171269,8 +171318,8 @@
 	NOT-FOR-US: SmarterMail
 CVE-2012-2577 (Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds ...)
 	NOT-FOR-US: SolarWinds Orion Network Performance Monitor
-CVE-2012-2576
-	RESERVED
+CVE-2012-2576 (SQL injection vulnerability in the LoginServlet page in SolarWinds ...)
+	TODO: check
 CVE-2012-2575 (Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 6.0a4 ...)
 	NOT-FOR-US: NetWin SurgeMail
 CVE-2012-2574 (SQL injection vulnerability in the management console in Symantec Web ...)
@@ -177500,8 +177549,7 @@
 CVE-2011-4956 (Cross-site scripting (XSS) vulnerability in WordPress before 3.1.1 ...)
 	{DSA-2470-1}
 	- wordpress 3.2.1+dfsg-1
-CVE-2011-4955
-	RESERVED
+CVE-2011-4955 (Multiple cross-site scripting (XSS) vulnerabilities in ui_stats.php in ...)
 	NOT-FOR-US: wordpress bsuite plugin
 CVE-2011-4954
 	RESERVED

More information about the Secure-testing-commits mailing list