[Secure-testing-commits] r57437 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Wed Nov 8 09:10:21 UTC 2017 

Author: sectracker
Date: 2017-11-08 09:10:21 +0000 (Wed, 08 Nov 2017)
New Revision: 57437

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-11-08 08:28:25 UTC (rev 57436)
+++ data/CVE/list	2017-11-08 09:10:21 UTC (rev 57437)
@@ -1,7 +1,47 @@
-CVE-2017-16661 [Local File Read]
+CVE-2017-16663 (In sam2p 0.49.4, there are integer overflows (with resultant heap-based ...)
+	TODO: check
+CVE-2017-16662
+	RESERVED
+CVE-2017-16659 (The Gentoo mail-filter/assp package 1.9.8.13030 and earlier allows ...)
+	TODO: check
+CVE-2017-16658
+	RESERVED
+CVE-2017-16657
+	RESERVED
+CVE-2017-16656
+	RESERVED
+CVE-2017-16655
+	RESERVED
+CVE-2017-16654
+	RESERVED
+CVE-2017-16653
+	RESERVED
+CVE-2017-16652
+	RESERVED
+CVE-2017-16651
+	RESERVED
+CVE-2017-16650 (The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux ...)
+	TODO: check
+CVE-2017-16649 (The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in ...)
+	TODO: check
+CVE-2017-16648 (The dvb_frontend_free function in drivers/media/dvb-core/dvb_frontend.c ...)
+	TODO: check
+CVE-2017-16647 (drivers/net/usb/asix_devices.c in the Linux kernel through 4.13.11 ...)
+	TODO: check
+CVE-2017-16646 (drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel through ...)
+	TODO: check
+CVE-2017-16645 (The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c ...)
+	TODO: check
+CVE-2017-16644 (The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the ...)
+	TODO: check
+CVE-2017-16643 (The parse_hid_report_descriptor function in drivers/input/tablet/gtco.c ...)
+	TODO: check
+CVE-2017-16642 (In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an ...)
+	TODO: check
+CVE-2017-16661 (Cacti 1.1.27 allows remote authenticated administrators to read ...)
 	- cacti <unfixed>
 	NOTE: https://github.com/Cacti/cacti/issues/1066
-CVE-2017-16660 [RCE]
+CVE-2017-16660 (Cacti 1.1.27 allows remote authenticated administrators to conduct ...)
 	- cacti <unfixed>
 	NOTE: https://github.com/Cacti/cacti/issues/1066
 CVE-2017-16641 (lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators ...)
@@ -12,7 +52,7 @@
 	RESERVED
 CVE-2017-16639
 	RESERVED
-CVE-2008-7319 [command injection via crafted arguments]
+CVE-2008-7319 (The Net::Ping::External extension through 0.15 for Perl does not ...)
 	- libnet-ping-external-perl <unfixed> (bug #881097)
 	[stretch] - libnet-ping-external-perl <no-dsa> (Remove in next point update)
 	[jessie] - libnet-ping-external-perl <no-dsa> (Remove in next point update)
@@ -58,14 +98,14 @@
 	RESERVED
 CVE-2017-16619
 	RESERVED
-CVE-2017-16618
-	RESERVED
+CVE-2017-16618 (An exploitable vulnerability exists in the YAML loading functionality ...)
+	TODO: check
 CVE-2017-16617
 	RESERVED
-CVE-2017-16616
-	RESERVED
-CVE-2017-16615
-	RESERVED
+CVE-2017-16616 (An exploitable vulnerability exists in the YAML parsing functionality ...)
+	TODO: check
+CVE-2017-16615 (An exploitable vulnerability exists in the YAML parsing functionality ...)
+	TODO: check
 CVE-2017-16614
 	RESERVED
 CVE-2017-16613
@@ -172,8 +212,8 @@
 	NOT-FOR-US: Vonage
 CVE-2017-16562
 	RESERVED
-CVE-2017-16561
-	RESERVED
+CVE-2017-16561 (/view/friend_profile.php in Ingenious School Management System 2.3.0 is ...)
+	TODO: check
 CVE-2017-16560
 	RESERVED
 CVE-2017-16559
@@ -2803,6 +2843,7 @@
 CVE-2017-15567 (The certificate import component in IDEMIA (formerly Morpho) ...)
 	NOT-FOR-US: IDEMIA
 CVE-2017-15566 (Insecure SPANK environment variable handling exists in SchedMD Slurm ...)
+	{DSA-4023-1}
 	- slurm-llnl 17.02.9-1 (bug #880530)
 	[jessie] - slurm-llnl <not-affected> (Vulnerable code introduced later)
 	[wheezy] - slurm-llnl <not-affected> (Vulnerable code introduced later)
@@ -76693,8 +76734,8 @@
 	RESERVED
 CVE-2016-0873
 	RESERVED
-CVE-2016-0872
-	RESERVED
+CVE-2016-0872 (A Plaintext Storage of a Password issue was discovered in Kabona AB ...)
+	TODO: check
 CVE-2016-0871 (Eaton Lighting EG2 Web Control 4.04P and earlier allows remote ...)
 	NOT-FOR-US: Eaton Lighting EG2 Web Control
 CVE-2016-0870 (The web server in Trane Tracer SC 4.2.1134 and earlier allows remote ...)

More information about the Secure-testing-commits mailing list