[Secure-testing-commits] r57884 - data/CVE

Tue Nov 21 09:10:26 UTC 2017

Author: sectracker
Date: 2017-11-21 09:10:26 +0000 (Tue, 21 Nov 2017)
New Revision: 57884

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-11-21 01:55:04 UTC (rev 57883)
+++ data/CVE/list	2017-11-21 09:10:26 UTC (rev 57884)
@@ -1,3 +1,25 @@
+CVE-2017-16919 (MapOS 3.1.11 and earlier has a Stored Cross-site Scripting (XSS) ...)
+	TODO: check
+CVE-2017-16918
+	RESERVED
+CVE-2017-16917
+	RESERVED
+CVE-2017-16916
+	RESERVED
+CVE-2017-16915
+	RESERVED
+CVE-2017-16914
+	RESERVED
+CVE-2017-16913
+	RESERVED
+CVE-2017-16912
+	RESERVED
+CVE-2017-16911
+	RESERVED
+CVE-2017-16910
+	RESERVED
+CVE-2017-16909
+	RESERVED
 CVE-2017-16908 (In Horde Groupware 5.2.19, there is XSS via the Name field during ...)
 	- php-horde <undetermined>
 	NOTE: http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html
@@ -233,6 +255,7 @@
 	NOTE: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1257
 	NOTE: https://git.nlnetlabs.nl/ldns/commit/?id=3bdeed02505c9bbacb3b64a97ddcb1de967153b7
 CVE-2017-1000231 (A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified ...)
+	{DLA-1182-1}
 	- ldns <unfixed> (bug #882015)
 	NOTE: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1256
 	NOTE: https://git.nlnetlabs.nl/ldns/commit/?id=c8391790c96d4c8a2c10f9ab1460fda83b509fc2
@@ -539,8 +562,8 @@
 	NOT-FOR-US: Yoast SEO plugin for WordPress
 CVE-2017-16841 (LanSweeper 6.0.100.75 has XSS via the description parameter to ...)
 	NOT-FOR-US: LanSweeper
-CVE-2017-16840
-	RESERVED
+CVE-2017-16840 (The VC-2 Video Compression encoder in FFmpeg 3.4 allows remote ...)
+	TODO: check
 CVE-2017-16839
 	RESERVED
 CVE-2017-16838
@@ -2006,7 +2029,7 @@
 	RESERVED
 CVE-2017-16250
 	RESERVED
-CVE-2017-16249 (The Debut embedded http server 1.20 contains a remotely exploitable ...)
+CVE-2017-16249 (The Debut embedded http server contains a remotely exploitable denial ...)
 	NOT-FOR-US: Debut embedded http server
 CVE-2017-16247
 	RESERVED
@@ -14103,10 +14126,10 @@
 	RESERVED
 CVE-2017-12112
 	RESERVED
-CVE-2017-12111
-	RESERVED
-CVE-2017-12110
-	RESERVED
+CVE-2017-12111 (An exploitable out-of-bounds vulnerability exists in the xls_addCell ...)
+	TODO: check
+CVE-2017-12110 (An exploitable integer overflow vulnerability exists in the ...)
+	TODO: check
 CVE-2017-12109
 	RESERVED
 CVE-2017-12108
@@ -42330,8 +42353,8 @@
 	TODO: check smplayer, embeds it
 CVE-2017-2920 (An memory corruption vulnerability exists in the .SVG parsing ...)
 	NOT-FOR-US: Computerinsel Photoline
-CVE-2017-2919
-	RESERVED
+CVE-2017-2919 (An exploitable stack based buffer overflow vulnerability exists in the ...)
+	TODO: check
 CVE-2017-2918
 	RESERVED
 CVE-2017-2917 (An exploitable vulnerability exists in the notifications functionality ...)
@@ -42375,10 +42398,10 @@
 	RESERVED
 CVE-2017-2898 (An exploitable vulnerability exists in the signature verification of ...)
 	NOT-FOR-US: Circle with Disney
-CVE-2017-2897
-	RESERVED
-CVE-2017-2896
-	RESERVED
+CVE-2017-2897 (An exploitable out-of-bounds write vulnerability exists in the ...)
+	TODO: check
+CVE-2017-2896 (An exploitable out-of-bounds write vulnerability exists in the ...)
+	TODO: check
 CVE-2017-2895 (An exploitable arbitrary memory read vulnerability exists in the MQTT ...)
 	NOT-FOR-US: Cesanta Mongoose
 	TODO: check smplayer, embeds it


