[Secure-testing-commits] r58906 - data/CVE

Sun Dec 24 21:10:14 UTC 2017

Author: sectracker
Date: 2017-12-24 21:10:13 +0000 (Sun, 24 Dec 2017)
New Revision: 58906

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-12-24 19:57:27 UTC (rev 58905)
+++ data/CVE/list	2017-12-24 21:10:13 UTC (rev 58906)
@@ -1,3 +1,31 @@
+CVE-2017-17901
+	RESERVED
+CVE-2017-17900 (SQL injection vulnerability in fourn/index.php in Dolibarr ERP/CRM ...)
+	TODO: check
+CVE-2017-17899 (SQL injection vulnerability in adherents/subscription/info.php in ...)
+	TODO: check
+CVE-2017-17898 (Dolibarr ERP/CRM version 6.0.4 does not block direct requests to ...)
+	TODO: check
+CVE-2017-17897 (SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM ...)
+	TODO: check
+CVE-2017-17896 (Readymade Job Site Script has XSS via the keyword parameter to the /job ...)
+	TODO: check
+CVE-2017-17895 (Readymade Job Site Script has SQL Injection via the location_name array ...)
+	TODO: check
+CVE-2017-17894 (Readymade Job Site Script has CSRF via the /job URI. ...)
+	TODO: check
+CVE-2017-17893 (Readymade Video Sharing Script has XSS via the search_video.php search ...)
+	TODO: check
+CVE-2017-17892 (Readymade Video Sharing Script has SQL Injection via the viewsubs.php ...)
+	TODO: check
+CVE-2017-17891 (Readymade Video Sharing Script has CSRF via user-profile-edit.php. ...)
+	TODO: check
+CVE-2017-17890
+	RESERVED
+CVE-2017-17889
+	RESERVED
+CVE-2017-17888 (cgi-bin/write.cgi in Anti-Web through 3.8.7, as used on NetBiter / HMS, ...)
+	TODO: check
 CVE-2017-17887 (In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in ...)
 	- imagemagick <unfixed> (unimportant)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/903
@@ -105,8 +133,8 @@
 	- asterisk <unfixed> (bug #885072)
 	NOTE: http://downloads.asterisk.org/pub/security/AST-2017-014.html
 	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27480
-CVE-2017-17849
-	RESERVED
+CVE-2017-17849 (A buffer overflow vulnerability in GetGo Download Manager 5.3.0.2712 ...)
+	TODO: check
 CVE-2017-17857 (The check_stack_boundary function in kernel/bpf/verifier.c in the Linux ...)
 	- linux 4.14.7-1
 	[stretch] - linux <not-affected> (Vulnerable code introdued later)
@@ -392,6 +420,7 @@
 CVE-2017-17791
 	RESERVED
 CVE-2017-17790 (The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 ...)
+	{DLA-1222-1 DLA-1221-1}
 	- ruby2.5 <unfixed> (bug #884878)
 	- ruby2.3 <unfixed> (bug #884879)
 	[stretch] - ruby2.3 <postponed> (Minor issue, can be fixed along in future DSA)
@@ -6314,6 +6343,7 @@
 CVE-2017-17406
 	RESERVED
 CVE-2017-17405 (Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, ...)
+	{DLA-1222-1 DLA-1221-1}
 	- ruby2.5 2.5.0~rc1-1 (bug #884437)
 	- ruby2.3 2.3.6-1 (bug #884438)
 	[stretch] - ruby2.3 <postponed> (Minor issue, can be fixed along in a future update)
@@ -36824,14 +36854,17 @@
 	NOT-FOR-US: Nessus
 CVE-2017-7848
 	RESERVED
+	{DLA-1223-1}
 	- thunderbird 1:52.5.2-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/#CVE-2017-7848
 CVE-2017-7847
 	RESERVED
+	{DLA-1223-1}
 	- thunderbird 1:52.5.2-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/#CVE-2017-7847
 CVE-2017-7846
 	RESERVED
+	{DLA-1223-1}
 	- thunderbird 1:52.5.2-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/#CVE-2017-7846
 CVE-2017-7845
@@ -36911,6 +36944,7 @@
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-26/#CVE-2017-7830
 CVE-2017-7829
 	RESERVED
+	{DLA-1223-1}
 	- thunderbird 1:52.5.2-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/#CVE-2017-7829
 CVE-2017-7828


