[Secure-testing-commits] r57745 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Fri Nov 17 21:10:14 UTC 2017


Author: sectracker
Date: 2017-11-17 21:10:14 +0000 (Fri, 17 Nov 2017)
New Revision: 57745

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-11-17 19:45:46 UTC (rev 57744)
+++ data/CVE/list	2017-11-17 21:10:14 UTC (rev 57745)
@@ -1,13 +1,59 @@
-CVE-2017-16872
+CVE-2017-16879
 	RESERVED
-CVE-2017-16871
+CVE-2017-16878
 	RESERVED
-CVE-2017-16870
+CVE-2017-16877 (ZEIT Next.js before 2.4.1 has directory traversal under the /_next and ...)
+	TODO: check
+CVE-2017-16876
 	RESERVED
-CVE-2017-16869
+CVE-2017-16875 (An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in ...)
+	TODO: check
+CVE-2017-16874
 	RESERVED
-CVE-2017-16868
+CVE-2017-16873
 	RESERVED
+CVE-2017-1000233
+	REJECTED
+	TODO: check
+CVE-2017-1000222
+	REJECTED
+	TODO: check
+CVE-2017-1000215 (ROOT xrootd version 4.6.0 and below is vulnerable to an ...)
+	TODO: check
+CVE-2017-1000212 (Elixir's vim plugin, alchemist.vim is vulnerable to remote code ...)
+	TODO: check
+CVE-2017-1000211 (Lynx version 2.8.8 and older is vulnerable to a use after free in the ...)
+	TODO: check
+CVE-2017-1000206 (samtools htslib library version 1.4.0 and earlier is vulnerable to ...)
+	TODO: check
+CVE-2017-1000204
+	REJECTED
+	TODO: check
+CVE-2017-1000203 (ROOT version 6.9.03 and below is vulnerable to an authenticated shell ...)
+	TODO: check
+CVE-2017-1000192 (Cygnux sysPass version 2.1.7 and older is vulnerable to a Local File ...)
+	TODO: check
+CVE-2017-1000191 (Jool 3.5.0-3.5.1 is vulnerable to a kernel crashing packet resulting ...)
+	TODO: check
+CVE-2017-1000170 (jqueryFileTree 2.1.5 and older Directory Traversal ...)
+	TODO: check
+CVE-2017-1000169 (QuickerBB version <= 0.7.2 is vulnerable to arbitrary file writes ...)
+	TODO: check
+CVE-2017-1000168 (sodiumoxide 0.0.13 and older scalarmult() vulnerable to degenerate ...)
+	TODO: check
+CVE-2017-1000161
+	REJECTED
+	TODO: check
+CVE-2017-16872 (An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in ...)
+	TODO: check
+CVE-2017-16871 (The UpdraftPlus plugin through 1.13.12 for WordPress allows remote PHP ...)
+	TODO: check
+CVE-2017-16870 (The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the ...)
+	TODO: check
+CVE-2017-16869 (p_mach.cpp in UPX 3.94 allows remote attackers to cause a denial of ...)
+	TODO: check
+CVE-2017-16868 (In SWFTools 0.9.2, the wav_convert2mono function in lib/wav.c does not ...)
+	TODO: check
 CVE-2017-16867 (Amazon Key through 2017-11-16 mishandles Cloud Cam 802.11 ...)
 	NOT-FOR-US: Amazon Key
 CVE-2017-1000248 (Redis-store <=v1.3.0 allows unsafe objects to be loaded from redis ...)
@@ -329,8 +375,7 @@
 	NOT-FOR-US: Zoho ManageEngine Applications Manager
 CVE-2017-16846 (Zoho ManageEngine Applications Manager 13 allows SQL injection via the ...)
 	NOT-FOR-US: Zoho ManageEngine Applications Manager
-CVE-2017-16845 [ps2: information leakage via post_load routine]
-	RESERVED
+CVE-2017-16845 (hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values ...)
 	- qemu <unfixed>
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg02982.html
@@ -431,8 +476,8 @@
 	RESERVED
 CVE-2017-16821 (b3log Symphony (aka Sym) 2.2.0 has XSS in processor/AdminProcessor.java ...)
 	NOT-FOR-US: b3log Symphony
-CVE-2017-16819
-	RESERVED
+CVE-2017-16819 (A stored cross-site scripting vulnerability in the Icon Time Systems ...)
+	TODO: check
 CVE-2017-16818
 	RESERVED
 CVE-2017-16817
@@ -8001,8 +8046,8 @@
 	REJECTED
 CVE-2017-14112
 	RESERVED
-CVE-2017-14111
-	RESERVED
+CVE-2017-14111 (The workstation logging function in Philips IntelliSpace ...)
+	TODO: check
 CVE-2017-14110
 	RESERVED
 CVE-2017-1000201 (The tcmu-runner daemon in tcmu-runner version 1.0.5 to 1.2.0 is ...)
@@ -9182,14 +9227,14 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1495510
 	NOTE: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2017q3/011729.html
 	NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=63437ffbb58837b214b4b92cb1c54bc5f3279928
-CVE-2017-13703
-	RESERVED
-CVE-2017-13702
-	RESERVED
+CVE-2017-13703 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. A ...)
+	TODO: check
+CVE-2017-13702 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. ...)
+	TODO: check
 CVE-2017-13701
 	RESERVED
-CVE-2017-13700
-	RESERVED
+CVE-2017-13700 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. ...)
+	TODO: check
 CVE-2017-13699
 	RESERVED
 CVE-2017-13698
@@ -17467,16 +17512,16 @@
 	RESERVED
 CVE-2017-10891
 	RESERVED
-CVE-2017-10890
-	RESERVED
-CVE-2017-10889
-	RESERVED
-CVE-2017-10888
-	RESERVED
-CVE-2017-10887
-	RESERVED
-CVE-2017-10886
-	RESERVED
+CVE-2017-10890 (Session management issue in RX-V200 firmware versions prior to ...)
+	TODO: check
+CVE-2017-10889 (TablePress prior to version 1.8.1 allows an attacker to conduct XML ...)
+	TODO: check
+CVE-2017-10888 (BOOK WALKER for Windows Ver.1.2.9 and earlier, BOOK WALKER for Mac ...)
+	TODO: check
+CVE-2017-10887 (Untrusted search path vulnerability in BOOK WALKER for Windows ...)
+	TODO: check
+CVE-2017-10886 (Cross-site scripting vulnerability in CS-Cart Japanese Edition v4.3.10 ...)
+	TODO: check
 CVE-2017-10885 (Untrusted search path vulnerability in HYPER SBI Ver. 2.2 and earlier ...)
 	NOT-FOR-US: HYPER SBI
 CVE-2017-10884
@@ -32005,8 +32050,8 @@
 	RESERVED
 CVE-2017-6169
 	RESERVED
-CVE-2017-6168
-	RESERVED
+CVE-2017-6168 (On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 ...)
+	TODO: check
 CVE-2017-6167
 	RESERVED
 CVE-2017-6166
@@ -36590,16 +36635,16 @@
 	RESERVED
 CVE-2017-4939
 	RESERVED
-CVE-2017-4938
-	RESERVED
-CVE-2017-4937
-	RESERVED
-CVE-2017-4936
-	RESERVED
-CVE-2017-4935
-	RESERVED
-CVE-2017-4934
-	RESERVED
+CVE-2017-4938 (VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) ...)
+	TODO: check
+CVE-2017-4937 (VMware Workstation (12.x before 12.5.8) and Horizon View Client for ...)
+	TODO: check
+CVE-2017-4936 (VMware Workstation (12.x before 12.5.8) and Horizon View Client for ...)
+	TODO: check
+CVE-2017-4935 (VMware Workstation (12.x before 12.5.8) and Horizon View Client for ...)
+	TODO: check
+CVE-2017-4934 (VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) ...)
+	TODO: check
 CVE-2017-4933
 	RESERVED
 CVE-2017-4932 (VMware AirWatch Launcher for Android prior to 3.2.2 contains a ...)
@@ -36608,12 +36653,12 @@
 	TODO: check
 CVE-2017-4930 (VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability ...)
 	TODO: check
-CVE-2017-4929
-	RESERVED
-CVE-2017-4928
-	RESERVED
-CVE-2017-4927
-	RESERVED
+CVE-2017-4929 (VMware NSX Edge (6.2.x before 6.2.9 and 6.3.x before 6.3.5) contains a ...)
+	TODO: check
+CVE-2017-4928 (The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior ...)
+	TODO: check
+CVE-2017-4927 (VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) ...)
+	TODO: check
 CVE-2017-4926 (VMware vCenter Server (6.5 prior to 6.5 U1) contains a vulnerability ...)
 	NOT-FOR-US: VMware
 CVE-2017-4925 (VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without ...)




More information about the Secure-testing-commits mailing list