[Secure-testing-commits] r57416 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Tue Nov 7 21:10:12 UTC 2017 

Author: sectracker
Date: 2017-11-07 21:10:12 +0000 (Tue, 07 Nov 2017)
New Revision: 57416

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-11-07 21:00:39 UTC (rev 57415)
+++ data/CVE/list	2017-11-07 21:10:12 UTC (rev 57416)
@@ -1,3 +1,9 @@
+CVE-2017-16641 (lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators ...)
+	TODO: check
+CVE-2017-16640
+	RESERVED
+CVE-2017-16639
+	RESERVED
 CVE-2008-7319 [command injection via crafted arguments]
 	- libnet-ping-external-perl <unfixed> (bug #881097)
 	[stretch] - libnet-ping-external-perl <no-dsa> (Remove in next point update)
@@ -2106,8 +2112,8 @@
 	RESERVED
 CVE-2017-15888 (Cross-site scripting (XSS) vulnerability in Custom Internet Radio List ...)
 	NOT-FOR-US: Synology
-CVE-2017-15887
-	RESERVED
+CVE-2017-15887 (An improper restriction of excessive authentication attempts ...)
+	TODO: check
 CVE-2017-15886
 	RESERVED
 CVE-2017-15885 (Reflected XSS in the web administration portal on the Axis 2100 Network ...)
@@ -2846,7 +2852,7 @@
 CVE-2017-15539 (SQL Injection exists in zorovavi/blog through 2017-10-17 via the id ...)
 	NOT-FOR-US: zorovavi/blog
 CVE-2017-15587 (An integer overflow was discovered in pdf_read_new_xref_section in ...)
-	{DSA-4006-1}
+	{DSA-4006-1 DLA-1164-1}
 	- mupdf 1.11+ds1-2 (bug #879055)
 	NOTE: http://git.ghostscript.com/?p=mupdf.git;h=82df2631d7d0446b206ea6b434ea609b6c28b0e8
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698605 (not public)
@@ -5323,7 +5329,7 @@
 CVE-2017-14688 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
 	NOT-FOR-US: STDU Viewer
 CVE-2017-14687 (Artifex MuPDF 1.11 allows attackers to cause a denial of service or ...)
-	{DSA-4006-1}
+	{DSA-4006-1 DLA-1164-1}
 	- mupdf 1.11+ds1-1.1 (bug #877379)
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698558
 	NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=2b16dbd8f73269cb15ca61ece75cf8d2d196ed28
@@ -5457,7 +5463,7 @@
 	[jessie] - sam2p <no-dsa> (Minor issue)
 	NOTE: https://github.com/pts/sam2p/issues/14 (bug 4)
 CVE-2017-14635 (In Open Ticket Request System (OTRS) 3.3.x before 3.3.18, 4.x before ...)
-	{DLA-1119-1}
+	{DSA-4021-1 DLA-1119-1}
 	- otrs2 5.0.23-1 (bug #876462)
 	NOTE: https://github.com/OTRS/otrs/commit/a4093dc404fcbd87b235b31c72913141672f2a85 (rel-5_0)
 	NOTE: https://github.com/OTRS/otrs/commit/00bcc89dc2443b5d8b34a0908e224373926aa618 (rel-5_0)
@@ -11477,6 +11483,7 @@
 	NOTE: mail-archives.apache.org/mod_mbox/apr-dev/201710.mbox/%3CCACsi252POs4toeJJciwg09_eu2cO3XFg%3DUqsPjXsfjDoeC3-UQ%40mail.gmail.com%3E
 	NOTE: https://github.com/apache/apr/commit/f672b565c825c34de9ee298b5bdc62c01cdd6147
 CVE-2017-12617 (When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to ...)
+	{DLA-1166-1}
 	- tomcat9 <itp> (bug #802312)
 	- tomcat8 8.5.23-1
 	- tomcat8.0 <unfixed> (unimportant)
@@ -11522,12 +11529,14 @@
 	RESERVED
 CVE-2017-12608
 	RESERVED
+	{DSA-4022-1}
 	- libreoffice 1:5.0.2-1
 	NOTE: https://www.talosintelligence.com/reports/TALOS-2017-0301
 	NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2017-12608
 	NOTE: https://gerrit.libreoffice.org/gitweb?p=core.git;a=commitdiff_plain;h=42a709d1ef647aab9a1c9422b4e25ecaee857aba
 CVE-2017-12607
 	RESERVED
+	{DSA-4022-1}
 	- libreoffice 1:5.0.2-1
 	NOTE: https://www.talosintelligence.com/reports/TALOS-2017-0300
 	NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2017-12607
@@ -12531,6 +12540,7 @@
 	RESERVED
 CVE-2017-12197
 	RESERVED
+	{DLA-1165-1}
 	- libpam4j 1.4-3 (bug #879001)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1503103
 	NOTE: https://github.com/kohsuke/libpam4j/issues/18
@@ -12883,12 +12893,12 @@
 	RESERVED
 CVE-2017-12097
 	RESERVED
-CVE-2017-12096
-	RESERVED
+CVE-2017-12096 (An exploitable vulnerability exists in the WiFi management of Circle ...)
+	TODO: check
 CVE-2017-12095
 	RESERVED
-CVE-2017-12094
-	RESERVED
+CVE-2017-12094 (An exploitable vulnerability exists in the WiFi Channel parsing of ...)
+	TODO: check
 CVE-2017-12093
 	RESERVED
 CVE-2017-12092
@@ -12905,12 +12915,12 @@
 	RESERVED
 CVE-2017-12086
 	RESERVED
-CVE-2017-12085
-	RESERVED
-CVE-2017-12084
-	RESERVED
-CVE-2017-12083
-	RESERVED
+CVE-2017-12085 (An exploitable routing vulnerability exists in the Circle with Disney ...)
+	TODO: check
+CVE-2017-12084 (A backdoor vulnerability exists in remote control functionality of ...)
+	TODO: check
+CVE-2017-12083 (An exploitable information disclosure vulnerability exists in the apid ...)
+	TODO: check
 CVE-2017-12082
 	RESERVED
 CVE-2017-12081
@@ -40972,12 +40982,10 @@
 	- freexl 1.0.4-1 (bug #875690)
 	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0430
 	NOTE: https://www.gaia-gis.it/fossil/freexl/ci/40c17539ea56f0d8
-CVE-2017-2922
-	RESERVED
+CVE-2017-2922 (An exploitable memory corruption vulnerability exists in the Websocket ...)
 	NOT-FOR-US: Cesanta Mongoose
 	TODO: check smplayer, embeds it
-CVE-2017-2921
-	RESERVED
+CVE-2017-2921 (An exploitable memory corruption vulnerability exists in the Websocket ...)
 	NOT-FOR-US: Cesanta Mongoose
 	TODO: check smplayer, embeds it
 CVE-2017-2920 (An memory corruption vulnerability exists in the .SVG parsing ...)
@@ -40986,24 +40994,23 @@
 	RESERVED
 CVE-2017-2918
 	RESERVED
-CVE-2017-2917
-	RESERVED
-CVE-2017-2916
-	RESERVED
-CVE-2017-2915
-	RESERVED
-CVE-2017-2914
-	RESERVED
-CVE-2017-2913
-	RESERVED
-CVE-2017-2912
-	RESERVED
-CVE-2017-2911
-	RESERVED
+CVE-2017-2917 (An exploitable vulnerability exists in the notifications functionality ...)
+	TODO: check
+CVE-2017-2916 (An exploitable vulnerability exists in the /api/CONFIG/restore ...)
+	TODO: check
+CVE-2017-2915 (An exploitable vulnerability exists in the WiFi configuration ...)
+	TODO: check
+CVE-2017-2914 (An exploitable authentication bypass vulnerability exists in the API ...)
+	TODO: check
+CVE-2017-2913 (An exploitable vulnerability exists in the filtering functionality of ...)
+	TODO: check
+CVE-2017-2912 (An exploitable vulnerability exists in the remote control ...)
+	TODO: check
+CVE-2017-2911 (An exploitable vulnerability exists in the remote control ...)
+	TODO: check
 CVE-2017-2910
 	RESERVED
-CVE-2017-2909
-	RESERVED
+CVE-2017-2909 (An infinite loop programming error exists in the DNS server ...)
 	NOT-FOR-US: Cesanta Mongoose
 	TODO: check smplayer, embeds it
 CVE-2017-2908
@@ -41026,36 +41033,31 @@
 	RESERVED
 CVE-2017-2899
 	RESERVED
-CVE-2017-2898
-	RESERVED
+CVE-2017-2898 (An exploitable vulnerability exists in the signature verification of ...)
+	TODO: check
 CVE-2017-2897
 	RESERVED
 CVE-2017-2896
 	RESERVED
-CVE-2017-2895
-	RESERVED
+CVE-2017-2895 (An exploitable arbitrary memory read vulnerability exists in the MQTT ...)
 	NOT-FOR-US: Cesanta Mongoose
 	TODO: check smplayer, embeds it
-CVE-2017-2894
-	RESERVED
+CVE-2017-2894 (An exploitable stack buffer overflow vulnerability exists in the MQTT ...)
 	NOT-FOR-US: Cesanta Mongoose
 	TODO: check smplayer, embeds it
-CVE-2017-2893
-	RESERVED
+CVE-2017-2893 (An exploitable NULL pointer dereference vulnerability exists in the ...)
 	NOT-FOR-US: Cesanta Mongoose
 	TODO: check smplayer, embeds it
-CVE-2017-2892
-	RESERVED
+CVE-2017-2892 (An exploitable arbitrary memory read vulnerability exists in the MQTT ...)
 	NOT-FOR-US: Cesanta Mongoose
 	TODO: check smplayer, embeds it
-CVE-2017-2891
-	RESERVED
+CVE-2017-2891 (An exploitable use-after-free vulnerability exists in the HTTP server ...)
 	NOT-FOR-US: Cesanta Mongoose
 	TODO: check smplayer, embeds it
-CVE-2017-2890
-	RESERVED
-CVE-2017-2889
-	RESERVED
+CVE-2017-2890 (An exploitable vulnerability exists in the /api/CONFIG/restore ...)
+	TODO: check
+CVE-2017-2889 (An exploitable Denial of Service vulnerability exists in the API ...)
+	TODO: check
 CVE-2017-2888 (An exploitable integer overflow vulnerability exists when creating a ...)
 	- libsdl2 2.0.6+dfsg1-4 (bug #878264)
 	[stretch] - libsdl2 <no-dsa> (Minor issue)
@@ -41082,14 +41084,14 @@
 	- libsoup2.4 2.56.1-1 (bug #871650)
 	[wheezy] - libsoup2.4 <not-affected> (Vulnerable code not present)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=785774
-CVE-2017-2884
-	RESERVED
-CVE-2017-2883
-	RESERVED
-CVE-2017-2882
-	RESERVED
-CVE-2017-2881
-	RESERVED
+CVE-2017-2884 (An exploitable vulnerability exists in the user photo update ...)
+	TODO: check
+CVE-2017-2883 (An exploitable vulnerability exists in the database update ...)
+	TODO: check
+CVE-2017-2882 (An exploitable vulnerability exists in the servers update ...)
+	TODO: check
+CVE-2017-2881 (An exploitable vulnerability exists in the torlist update ...)
+	TODO: check
 CVE-2017-2880 (An memory corruption vulnerability exists in the .GIF parsing ...)
 	NOT-FOR-US: Computerinsel Photoline
 CVE-2017-2879
@@ -41122,12 +41124,12 @@
 	RESERVED
 CVE-2017-2867
 	RESERVED
-CVE-2017-2866
-	RESERVED
-CVE-2017-2865
-	RESERVED
-CVE-2017-2864
-	RESERVED
+CVE-2017-2866 (An exploitable vulnerability exists in the /api/CONFIG/backup ...)
+	TODO: check
+CVE-2017-2865 (An exploitable vulnerability exists in the firmware update ...)
+	TODO: check
+CVE-2017-2864 (An exploitable vulnerability exists in the generation of ...)
+	TODO: check
 CVE-2017-2863 (An out-of-bounds write vulnerability exists in the PDF parsing ...)
 	NOT-FOR-US: Iceni Infix
 CVE-2017-2862 (An exploitable heap overflow vulnerability exists in the ...)

More information about the Secure-testing-commits mailing list