[Secure-testing-commits] r57675 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Thu Nov 16 09:10:18 UTC 2017


Author: sectracker
Date: 2017-11-16 09:10:18 +0000 (Thu, 16 Nov 2017)
New Revision: 57675

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-11-16 08:03:57 UTC (rev 57674)
+++ data/CVE/list	2017-11-16 09:10:18 UTC (rev 57675)
@@ -1,4 +1,22 @@
-CVE-2017-16834 [root privilege escalation via insecure permissions]
+CVE-2017-16843
+	RESERVED
+CVE-2017-16842 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2017-16841 (LanSweeper 6.0.100.75 has XSS via the description parameter to ...)
+	TODO: check
+CVE-2017-16840
+	RESERVED
+CVE-2017-16839
+	RESERVED
+CVE-2017-16838
+	RESERVED
+CVE-2017-16837 (Certain function pointers in Trusted Boot (tboot) through 1.9.6 are not ...)
+	TODO: check
+CVE-2017-16836 (Arris TG1682G devices with Comcast TG1682_2.0s7_PRODse ...)
+	TODO: check
+CVE-2017-16835
+	RESERVED
+CVE-2017-16834 (PNP4Nagios through 0.6.26 has /usr/bin/npcd and npcd.cfg owned by an ...)
 	- pnp4nagios <removed>
 	NOTE: https://github.com/lingej/pnp4nagios/issues/140
 CVE-2017-16833 (Stored cross-site scripting (XSS) vulnerability in Gemirro before ...)
@@ -4530,8 +4548,7 @@
 	RESERVED
 CVE-2017-15116
 	RESERVED
-CVE-2017-15115 [sctp: use-after-free in sctp_cmp_addr_exact()]
-	RESERVED
+CVE-2017-15115 (The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel ...)
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/df80cd9b28b9ebaa284a41df611dbf3a2d05ca74 (v4.14-rc6)
 CVE-2017-15114 [Passwordless access for non-libvirt related services when using shared certificate authority]
@@ -4563,8 +4580,7 @@
 	RESERVED
 CVE-2017-15103
 	RESERVED
-CVE-2017-15102 [NULL pointer dereference due to race condition in probe function of legousbtower driver]
-	RESERVED
+CVE-2017-15102 (The tower_probe function in drivers/usb/misc/legousbtower.c in the ...)
 	- linux 4.7.8-1
 	[jessie] - linux 3.16.43-1
 	[wheezy] - linux 3.2.86-1
@@ -7868,8 +7884,8 @@
 	NOTE: Fixed by: https://git.kernel.org/linus/e6f77540c067b48dee10f1e33678415bfcc89017
 	NOTE: https://patchwork.kernel.org/patch/9929625/
 	NOTE: Non issue, only "exploitable" with root access
-CVE-2017-14034
-	RESERVED
+CVE-2017-14034 (The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used ...)
+	TODO: check
 CVE-2017-14033 (The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, ...)
 	{DSA-4031-1 DLA-1114-1}
 	- ruby2.3 2.3.5-1 (bug #875928)
@@ -9986,10 +10002,10 @@
 	NOT-FOR-US: Wordpress theme
 CVE-2017-13137 (The FormCraft Basic plugin 1.0.5 for WordPress has SQL injection in the ...)
 	NOT-FOR-US: Wordpress plugin
-CVE-2017-13136
-	RESERVED
-CVE-2017-13135
-	RESERVED
+CVE-2017-13136 (The image_alloc function in bpgenc.c in libbpg 0.9.7 has an integer ...)
+	TODO: check
+CVE-2017-13135 (A NULL Pointer Dereference exists in VideoLAN x265, as used in libbpg ...)
+	TODO: check
 CVE-2017-13134 (In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based buffer ...)
 	{DSA-4032-1 DLA-1170-1 DLA-1081-1}
 	- imagemagick <unfixed> (bug #873099)
@@ -12826,8 +12842,8 @@
 	RESERVED
 CVE-2017-12351
 	RESERVED
-CVE-2017-12350
-	RESERVED
+CVE-2017-12350 (A vulnerability in Cisco Umbrella Insights Virtual Appliances 2.1.0 and ...)
+	TODO: check
 CVE-2017-12349
 	RESERVED
 CVE-2017-12348
@@ -12852,8 +12868,8 @@
 	RESERVED
 CVE-2017-12338
 	RESERVED
-CVE-2017-12337
-	RESERVED
+CVE-2017-12337 (A vulnerability in the upgrade mechanism of Cisco collaboration ...)
+	TODO: check
 CVE-2017-12336
 	RESERVED
 CVE-2017-12335
@@ -12880,56 +12896,56 @@
 	RESERVED
 CVE-2017-12324
 	RESERVED
-CVE-2017-12323
-	RESERVED
-CVE-2017-12322
-	RESERVED
-CVE-2017-12321
-	RESERVED
-CVE-2017-12320
-	RESERVED
+CVE-2017-12323 (Multiple vulnerabilities in the web interface of the Cisco Registered ...)
+	TODO: check
+CVE-2017-12322 (Multiple vulnerabilities in the web interface of the Cisco Registered ...)
+	TODO: check
+CVE-2017-12321 (Multiple vulnerabilities in the web interface of the Cisco Registered ...)
+	TODO: check
+CVE-2017-12320 (Multiple vulnerabilities in the web interface of the Cisco Registered ...)
+	TODO: check
 CVE-2017-12319
 	RESERVED
-CVE-2017-12318
-	RESERVED
+CVE-2017-12318 (A vulnerability in the TCP state machine of Cisco RF Gateway 1 devices ...)
+	TODO: check
 CVE-2017-12317 (The Cisco AMP For Endpoints application allows an authenticated, local ...)
 	NOT-FOR-US: Cisco
-CVE-2017-12316
-	RESERVED
-CVE-2017-12315
-	RESERVED
-CVE-2017-12314
-	RESERVED
-CVE-2017-12313
-	RESERVED
-CVE-2017-12312
-	RESERVED
-CVE-2017-12311
-	RESERVED
+CVE-2017-12316 (A vulnerability in the Guest Portal login page of Cisco Identity ...)
+	TODO: check
+CVE-2017-12315 (A vulnerability in system logging when replication is being configured ...)
+	TODO: check
+CVE-2017-12314 (A vulnerability in the Cisco FindIT Network Discovery Utility could ...)
+	TODO: check
+CVE-2017-12313 (An untrusted search path (aka DLL Preload) vulnerability in the Cisco ...)
+	TODO: check
+CVE-2017-12312 (An untrusted search path (aka DLL Preloading) vulnerability in the ...)
+	TODO: check
+CVE-2017-12311 (A vulnerability in the H.264 decoder function of Cisco Meeting Server ...)
+	TODO: check
 CVE-2017-12310
 	RESERVED
-CVE-2017-12309
-	RESERVED
+CVE-2017-12309 (A vulnerability in the Cisco Email Security Appliance (ESA) could allow ...)
+	TODO: check
 CVE-2017-12308
 	RESERVED
 CVE-2017-12307
 	RESERVED
-CVE-2017-12306
-	RESERVED
-CVE-2017-12305
-	RESERVED
-CVE-2017-12304
-	RESERVED
-CVE-2017-12303
-	RESERVED
-CVE-2017-12302
-	RESERVED
+CVE-2017-12306 (A vulnerability in the upgrade process of Cisco Spark Board could allow ...)
+	TODO: check
+CVE-2017-12305 (A vulnerability in the debug interface of Cisco IP Phone 8800 series ...)
+	TODO: check
+CVE-2017-12304 (A vulnerability in the IOS daemon (IOSd) web-based management interface ...)
+	TODO: check
+CVE-2017-12303 (A vulnerability in the Advanced Malware Protection (AMP) file filtering ...)
+	TODO: check
+CVE-2017-12302 (A vulnerability in the Cisco Unified Communications Manager SQL ...)
+	TODO: check
 CVE-2017-12301 (A vulnerability in the Python scripting subsystem of Cisco NX-OS ...)
 	NOT-FOR-US: Cisco
-CVE-2017-12300
-	RESERVED
-CVE-2017-12299
-	RESERVED
+CVE-2017-12300 (A vulnerability in the SNORT detection engine of Cisco Firepower System ...)
+	TODO: check
+CVE-2017-12299 (A vulnerability exists in the process of creating default IP blocks ...)
+	TODO: check
 CVE-2017-12298 (A vulnerability in Cisco WebEx Meeting Center could allow an ...)
 	NOT-FOR-US: Cisco
 CVE-2017-12297
@@ -12942,12 +12958,12 @@
 	NOT-FOR-US: Cisco
 CVE-2017-12293 (A vulnerability in Cisco WebEx Meetings Server could allow an ...)
 	NOT-FOR-US: Cisco
-CVE-2017-12292
-	RESERVED
-CVE-2017-12291
-	RESERVED
-CVE-2017-12290
-	RESERVED
+CVE-2017-12292 (Multiple vulnerabilities in the web interface of the Cisco Registered ...)
+	TODO: check
+CVE-2017-12291 (Multiple vulnerabilities in the web interface of the Cisco Registered ...)
+	TODO: check
+CVE-2017-12290 (Multiple vulnerabilities in the web interface of the Cisco Registered ...)
+	TODO: check
 CVE-2017-12289 (A vulnerability in conditional, verbose debug logging for the IPsec ...)
 	NOT-FOR-US: Cisco
 CVE-2017-12288 (A vulnerability in the web-based management interface of Cisco Unified ...)
@@ -23196,37 +23212,43 @@
 CVE-2017-8816
 	RESERVED
 CVE-2017-8815 (The language converter in MediaWiki before 1.27.4, 1.28.x before ...)
+	{DSA-4036-1}
 	- mediawiki 1:1.27.4-1
 	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html
 	NOTE: https://phabricator.wikimedia.org/T119158
 CVE-2017-8814 (The language converter in MediaWiki before 1.27.4, 1.28.x before ...)
+	{DSA-4036-1}
 	- mediawiki 1:1.27.4-1
 	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html
 	NOTE: https://phabricator.wikimedia.org/T124404
 CVE-2017-8813
 	REJECTED
 CVE-2017-8812 (MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 ...)
+	{DSA-4036-1}
 	- mediawiki 1:1.27.4-1
 	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html
 	NOTE: https://phabricator.wikimedia.org/T125163
 CVE-2017-8811 (The implementation of raw message parameter expansion in MediaWiki ...)
+	{DSA-4036-1}
 	- mediawiki 1:1.27.4-1
 	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html
 	NOTE: https://phabricator.wikimedia.org/T176247
 CVE-2017-8810 (MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before ...)
+	{DSA-4036-1}
 	- mediawiki 1:1.27.4-1
 	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html
 	NOTE: https://phabricator.wikimedia.org/T134100
 CVE-2017-8809 (api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x ...)
+	{DSA-4036-1}
 	- mediawiki 1:1.27.4-1
 	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html
 	NOTE: https://phabricator.wikimedia.org/T128209
 CVE-2017-8808 (MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 ...)
+	{DSA-4036-1}
 	- mediawiki 1:1.27.4-1
 	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html
 	NOTE: https://phabricator.wikimedia.org/T178451
-CVE-2017-8807 [Data leak - '-sfile' Stevedore transient objects]
-	RESERVED
+CVE-2017-8807 (vbf_stp_error in bin/varnishd/cache/cache_fetch.c in Varnish HTTP Cache ...)
 	{DSA-4034-1}
 	- varnish <unfixed> (bug #881808)
 	[jessie] - varnish <not-affected> (Vulnerable code not present, issue introduced in 4.1.0)
@@ -25959,6 +25981,7 @@
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7831
 CVE-2017-7830
 	RESERVED
+	{DSA-4035-1 DLA-1172-1}
 	- firefox 57.0-1
 	- firefox-esr 52.5.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7830
@@ -25967,6 +25990,7 @@
 	RESERVED
 CVE-2017-7828
 	RESERVED
+	{DSA-4035-1 DLA-1172-1}
 	- firefox 57.0-1
 	- firefox-esr 52.5.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7828
@@ -25977,6 +26001,7 @@
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7827
 CVE-2017-7826
 	RESERVED
+	{DSA-4035-1 DLA-1172-1}
 	- firefox 57.0-1
 	- firefox-esr 52.5.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7826
@@ -33714,10 +33739,10 @@
 	RESERVED
 CVE-2017-5534
 	RESERVED
-CVE-2017-5533
-	RESERVED
-CVE-2017-5532
-	RESERVED
+CVE-2017-5533 (A vulnerability in the server content cache of TIBCO JasperReports ...)
+	TODO: check
+CVE-2017-5532 (A vulnerability in the report renderer component of TIBCO ...)
+	TODO: check
 CVE-2017-5531 (Deployments of TIBCO Managed File Transfer Command Center versions ...)
 	NOT-FOR-US: TIBCO
 CVE-2017-5530




More information about the Secure-testing-commits mailing list