[Secure-testing-commits] r57605 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Mon Nov 13 21:10:16 UTC 2017


Author: sectracker
Date: 2017-11-13 21:10:16 +0000 (Mon, 13 Nov 2017)
New Revision: 57605

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-11-13 19:27:59 UTC (rev 57604)
+++ data/CVE/list	2017-11-13 21:10:16 UTC (rev 57605)
@@ -1,11 +1,15 @@
-CVE-2017-16804 [Email reminders reveal information about inaccessible issues]
+CVE-2017-16803 (In Libav through 11.11 and 12.x through 12.1, the smacker_decode_tree ...)
+	TODO: check
+CVE-2017-16802 (In the sharingGroupPopulateOrganisations function in ...)
+	TODO: check
+CVE-2017-16804 (In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function ...)
 	- redmine <unfixed>
 	[wheezy] - redmine <end-of-life> (Not supported wheezy LTS)
 	NOTE: https://www.redmine.org/issues/25713 (private)
 	NOTE: upstream fixed in 3.2.7, 3.3.4 and 3.4.0
 	NOTE: https://github.com/redmine/redmine/commit/0f09f161f64f4190a52166675ff380a15b72a8bc
-CVE-2017-16801
-	RESERVED
+CVE-2017-16801 (Cross-site scripting (XSS) vulnerability in Octopus Deploy ...)
+	TODO: check
 CVE-2017-16800
 	RESERVED
 CVE-2017-16799 (In CMS Made Simple 2.2.3.1, in modules/New/action.addcategory.php, ...)
@@ -26,8 +30,8 @@
 CVE-2017-16793 (The wav_convert2mono function in lib/wav.c in SWFTools 0.9.2 does not ...)
 	- swftools <unfixed>
 	NOTE: https://github.com/matthiaskramm/swftools/issues/47
-CVE-2017-16792
-	RESERVED
+CVE-2017-16792 (Stored cross-site scripting (XSS) vulnerability in "geminabox" (Gem in ...)
+	TODO: check
 CVE-2017-16791
 	RESERVED
 CVE-2017-16790
@@ -5699,8 +5703,8 @@
 	NOT-FOR-US: EPESI
 CVE-2017-14712 (In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Phonecall ...)
 	NOT-FOR-US: EPESI
-CVE-2017-14711
-	RESERVED
+CVE-2017-14711 (The Kickbase GmbH "Kickbase Bundesliga Manager" app before 2.2.1 -- aka ...)
+	TODO: check
 CVE-2017-14710
 	RESERVED
 CVE-2017-14709
@@ -6639,8 +6643,8 @@
 	RESERVED
 CVE-2017-14389
 	RESERVED
-CVE-2017-14388
-	RESERVED
+CVE-2017-14388 (Cloud Foundry Foundation GrootFS release 0.3.x versions prior to 0.30.0 ...)
+	TODO: check
 CVE-2017-14387
 	RESERVED
 CVE-2017-14386
@@ -7757,16 +7761,16 @@
 	RESERVED
 CVE-2017-14025 (An Improper Input Validation issue was discovered in ABB FOX515T ...)
 	NOT-FOR-US: ABB FOX515T
-CVE-2017-14024
-	RESERVED
+CVE-2017-14024 (A Stack-based Buffer Overflow issue was discovered in Schneider ...)
+	TODO: check
 CVE-2017-14023 (An Improper Input Validation issue was discovered in Siemens SIMATIC ...)
 	NOT-FOR-US: Siemens
 CVE-2017-14022
 	RESERVED
 CVE-2017-14021 (A Use of Hard-coded Cryptographic Key issue was discovered in Korenix ...)
 	NOT-FOR-US: Korenix
-CVE-2017-14020
-	RESERVED
+CVE-2017-14020 (An Uncontrolled Search Path Element issue was discovered in ...)
+	TODO: check
 CVE-2017-14019 (An Unquoted Search Path or Element issue was discovered in Progea ...)
 	NOT-FOR-US: Progea Movicon
 CVE-2017-14018
@@ -15962,8 +15966,8 @@
 	{DSA-3914-1 DLA-1081-1}
 	- imagemagick 8:6.9.7.4+dfsg-12 (low; bug #868184)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/472
-CVE-2017-11169
-	RESERVED
+CVE-2017-11169 (Privilege Escalation on iBall iB-WRA300N3GT iB-WRA300N3GT_1.1.1 devices ...)
+	TODO: check
 CVE-2017-11168
 	RESERVED
 CVE-2017-11167 (FineCMS 2.1.0 allows remote attackers to execute arbitrary PHP code by ...)
@@ -16966,8 +16970,8 @@
 	RESERVED
 CVE-2017-10886
 	RESERVED
-CVE-2017-10885
-	RESERVED
+CVE-2017-10885 (Untrusted search path vulnerability in HYPER SBI Ver. 2.2 and earlier ...)
+	TODO: check
 CVE-2017-10884
 	RESERVED
 CVE-2017-10883
@@ -16986,16 +16990,16 @@
 	RESERVED
 CVE-2017-10876
 	RESERVED
-CVE-2017-10875
-	RESERVED
+CVE-2017-10875 (I-O DATA DEVICE LAN DISK Connect Ver2.02 and earlier allows an ...)
+	TODO: check
 CVE-2017-10874
 	RESERVED
 CVE-2017-10873 (OpenAM (Open Source Edition) allows an attacker to bypass ...)
 	NOT-FOR-US: OpenAM
 CVE-2017-10872
 	RESERVED
-CVE-2017-10871
-	RESERVED
+CVE-2017-10871 (Buffer overflow in NTT DOCOMO Wi-Fi STATION L-02F Software version ...)
+	TODO: check
 CVE-2017-10870 (Memory corruption vulnerability in Rakuraku Hagaki (Rakuraku Hagaki ...)
 	NOT-FOR-US: Rakuraku Hagaki
 CVE-2017-10869
@@ -21337,8 +21341,8 @@
 	RESERVED
 CVE-2017-9315
 	RESERVED
-CVE-2017-9314
-	RESERVED
+CVE-2017-9314 (Authentication vulnerability found in Dahua NVR models NVR50XX, ...)
+	TODO: check
 CVE-2017-9313 (Multiple Cross-site scripting (XSS) vulnerabilities in Webmin before ...)
 	- webmin <removed>
 CVE-2017-9312
@@ -23068,8 +23072,7 @@
 	RESERVED
 CVE-2017-8807
 	RESERVED
-CVE-2017-8806
-	RESERVED
+CVE-2017-8806 (The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster ...)
 	{DSA-4029-1 DLA-1169-1}
 	- postgresql-common 188
 CVE-2017-8805 (Debian ftpsync before 20171017 does not use the rsync --safe-links ...)
@@ -26295,8 +26298,8 @@
 	NOTE: https://sources.debian.net/data/main/libs/libsndfile/1.0.27-2/debian/patches/fix_bufferoverflows.patch
 CVE-2017-7740
 	RESERVED
-CVE-2017-7739
-	RESERVED
+CVE-2017-7739 (A reflected Cross-site Scripting (XSS) vulnerability in web proxy ...)
+	TODO: check
 CVE-2017-7738
 	RESERVED
 CVE-2017-7737 (An information disclosure vulnerability in Fortinet FortiWeb 5.8.2 and ...)
@@ -38498,8 +38501,8 @@
 	RESERVED
 CVE-2017-3768
 	RESERVED
-CVE-2017-3767
-	RESERVED
+CVE-2017-3767 (A local privilege escalation vulnerability was identified in the ...)
+	TODO: check
 CVE-2017-3766
 	RESERVED
 CVE-2017-3765
@@ -40647,8 +40650,7 @@
 CVE-2017-3167 (In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of ...)
 	{DSA-3896-1 DLA-1009-1}
 	- apache2 2.4.25-4
-CVE-2017-3166
-	RESERVED
+CVE-2017-3166 (In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and ...)
 	- hadoop <itp> (bug #793644)
 CVE-2017-3165 (In Apache Brooklyn before 0.10.0, the REST server is vulnerable to ...)
 	NOT-FOR-US: Apache Brooklyn
@@ -45914,15 +45916,15 @@
 CVE-2017-0909
 	RESERVED
 CVE-2017-0908
-	RESERVED
-CVE-2017-0907
-	RESERVED
-CVE-2017-0906
-	RESERVED
-CVE-2017-0905
-	RESERVED
-CVE-2017-0904
-	RESERVED
+	REJECTED
+CVE-2017-0907 (The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, ...)
+	TODO: check
+CVE-2017-0906 (The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, ...)
+	TODO: check
+CVE-2017-0905 (The Recurly Client Ruby Library before 2.0.13, 2.1.11, 2.2.5, 2.3.10, ...)
+	TODO: check
+CVE-2017-0904 (The private_address_check ruby gem before 0.4.0 is vulnerable to a ...)
+	TODO: check
 CVE-2017-0903 (RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a ...)
 	{DSA-4031-1}
 	- ruby2.3 <unfixed> (bug #879231)
@@ -46002,8 +46004,8 @@
 	- nextcloud <itp> (bug #835086)
 CVE-2017-0890 (Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping ...)
 	- nextcloud <itp> (bug #835086)
-CVE-2017-0889
-	RESERVED
+CVE-2017-0889 (Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde ...)
+	TODO: check
 CVE-2017-0888 (Nextcloud Server before 9.0.55 and 10.0.2 suffers from a ...)
 	- nextcloud <itp> (bug #835086)
 CVE-2017-0886 (Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Denial of ...)
@@ -52458,7 +52460,7 @@
 CVE-2016-8235 (Privilege escalation in Lenovo Customer Care Software Development Kit ...)
 	NOT-FOR-US: Lenovo
 CVE-2016-8234
-	RESERVED
+	REJECTED
 CVE-2016-8233 (Log files generated by Lenovo XClarity Administrator (LXCA) versions ...)
 	NOT-FOR-US: Lenovo
 CVE-2016-8232 (Document Object Model-(DOM) based cross-site scripting vulnerability ...)
@@ -56956,8 +56958,7 @@
 CVE-2016-6804
 	RESERVED
 	NOT-FOR-US: Apache OpenOffice installer for Windows
-CVE-2016-6803
-	RESERVED
+CVE-2016-6803 (An installer defect known as an "unquoted Windows search path ...)
 	NOT-FOR-US: Apache OpenOffice installer for Windows
 CVE-2016-6802 (Apache Shiro before 1.3.2 allows attackers to bypass intended servlet ...)
 	- shiro 1.3.2-1
@@ -160650,7 +160651,7 @@
 CVE-2012-2457
 	RESERVED
 CVE-2012-2456
-	RESERVED
+	REJECTED
 CVE-2012-2455 (Advanced Productivity Software DTE Axiom before 12.3.3 does not ...)
 	NOT-FOR-US: Advanced Productivity Software DTE Axiom
 CVE-2012-2454




More information about the Secure-testing-commits mailing list