[Secure-testing-commits] r57884 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Tue Nov 21 09:10:26 UTC 2017
Author: sectracker
Date: 2017-11-21 09:10:26 +0000 (Tue, 21 Nov 2017)
New Revision: 57884
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-11-21 01:55:04 UTC (rev 57883)
+++ data/CVE/list 2017-11-21 09:10:26 UTC (rev 57884)
@@ -1,3 +1,25 @@
+CVE-2017-16919 (MapOS 3.1.11 and earlier has a Stored Cross-site Scripting (XSS) ...)
+ TODO: check
+CVE-2017-16918
+ RESERVED
+CVE-2017-16917
+ RESERVED
+CVE-2017-16916
+ RESERVED
+CVE-2017-16915
+ RESERVED
+CVE-2017-16914
+ RESERVED
+CVE-2017-16913
+ RESERVED
+CVE-2017-16912
+ RESERVED
+CVE-2017-16911
+ RESERVED
+CVE-2017-16910
+ RESERVED
+CVE-2017-16909
+ RESERVED
CVE-2017-16908 (In Horde Groupware 5.2.19, there is XSS via the Name field during ...)
- php-horde <undetermined>
NOTE: http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html
@@ -233,6 +255,7 @@
NOTE: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1257
NOTE: https://git.nlnetlabs.nl/ldns/commit/?id=3bdeed02505c9bbacb3b64a97ddcb1de967153b7
CVE-2017-1000231 (A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified ...)
+ {DLA-1182-1}
- ldns <unfixed> (bug #882015)
NOTE: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1256
NOTE: https://git.nlnetlabs.nl/ldns/commit/?id=c8391790c96d4c8a2c10f9ab1460fda83b509fc2
@@ -539,8 +562,8 @@
NOT-FOR-US: Yoast SEO plugin for WordPress
CVE-2017-16841 (LanSweeper 6.0.100.75 has XSS via the description parameter to ...)
NOT-FOR-US: LanSweeper
-CVE-2017-16840
- RESERVED
+CVE-2017-16840 (The VC-2 Video Compression encoder in FFmpeg 3.4 allows remote ...)
+ TODO: check
CVE-2017-16839
RESERVED
CVE-2017-16838
@@ -2006,7 +2029,7 @@
RESERVED
CVE-2017-16250
RESERVED
-CVE-2017-16249 (The Debut embedded http server 1.20 contains a remotely exploitable ...)
+CVE-2017-16249 (The Debut embedded http server contains a remotely exploitable denial ...)
NOT-FOR-US: Debut embedded http server
CVE-2017-16247
RESERVED
@@ -14103,10 +14126,10 @@
RESERVED
CVE-2017-12112
RESERVED
-CVE-2017-12111
- RESERVED
-CVE-2017-12110
- RESERVED
+CVE-2017-12111 (An exploitable out-of-bounds vulnerability exists in the xls_addCell ...)
+ TODO: check
+CVE-2017-12110 (An exploitable integer overflow vulnerability exists in the ...)
+ TODO: check
CVE-2017-12109
RESERVED
CVE-2017-12108
@@ -42330,8 +42353,8 @@
TODO: check smplayer, embeds it
CVE-2017-2920 (An memory corruption vulnerability exists in the .SVG parsing ...)
NOT-FOR-US: Computerinsel Photoline
-CVE-2017-2919
- RESERVED
+CVE-2017-2919 (An exploitable stack based buffer overflow vulnerability exists in the ...)
+ TODO: check
CVE-2017-2918
RESERVED
CVE-2017-2917 (An exploitable vulnerability exists in the notifications functionality ...)
@@ -42375,10 +42398,10 @@
RESERVED
CVE-2017-2898 (An exploitable vulnerability exists in the signature verification of ...)
NOT-FOR-US: Circle with Disney
-CVE-2017-2897
- RESERVED
-CVE-2017-2896
- RESERVED
+CVE-2017-2897 (An exploitable out-of-bounds write vulnerability exists in the ...)
+ TODO: check
+CVE-2017-2896 (An exploitable out-of-bounds write vulnerability exists in the ...)
+ TODO: check
CVE-2017-2895 (An exploitable arbitrary memory read vulnerability exists in the MQTT ...)
NOT-FOR-US: Cesanta Mongoose
TODO: check smplayer, embeds it
More information about the Secure-testing-commits
mailing list