[Secure-testing-commits] r58123 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Wed Nov 29 21:10:20 UTC 2017 

Author: sectracker
Date: 2017-11-29 21:10:19 +0000 (Wed, 29 Nov 2017)
New Revision: 58123

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-11-29 19:50:37 UTC (rev 58122)
+++ data/CVE/list	2017-11-29 21:10:19 UTC (rev 58123)
@@ -1,3 +1,21 @@
+CVE-2017-17066
+	RESERVED
+CVE-2017-17065
+	RESERVED
+CVE-2017-17064
+	RESERVED
+CVE-2017-17063
+	RESERVED
+CVE-2017-17062
+	RESERVED
+CVE-2017-17061
+	RESERVED
+CVE-2017-17060
+	RESERVED
+CVE-2017-17059 (XSS exists in the amtyThumb amty-thumb-recent-post (aka amtyThumb posts ...)
+	TODO: check
+CVE-2017-1000385
+	RESERVED
 CVE-2017-17058 (The WooCommerce plugin through 3.x for WordPress has a Directory ...)
 	NOT-FOR-US: WooCommerce plugin for WordPress
 CVE-2017-17057
@@ -1727,42 +1745,61 @@
 CVE-2017-1000406
 	NOT-FOR-US: OpenDayLight
 CVE-2017-1000404
+	RESERVED
 	NOT-FOR-US: Jenkins plugin
 CVE-2017-1000403
+	RESERVED
 	NOT-FOR-US: Jenkins plugin
 CVE-2017-1000402
+	RESERVED
 	NOT-FOR-US: Jenkins plugin
 CVE-2017-1000401
+	RESERVED
 	NOT-FOR-US: Jenkins
 CVE-2017-1000400
+	RESERVED
 	NOT-FOR-US: Jenkins
 CVE-2017-1000399
+	RESERVED
 	NOT-FOR-US: Jenkins
 CVE-2017-1000398
+	RESERVED
 	NOT-FOR-US: Jenkins
 CVE-2017-1000397
+	RESERVED
 	NOT-FOR-US: Jenkins plugin
 CVE-2017-1000396
+	RESERVED
 	NOT-FOR-US: Jenkins
 CVE-2017-1000395
+	RESERVED
 	NOT-FOR-US: Jenkins
 CVE-2017-1000394
+	RESERVED
 	NOT-FOR-US: Jenkins
 CVE-2017-1000393
+	RESERVED
 	NOT-FOR-US: Jenkins
 CVE-2017-1000392
+	RESERVED
 	NOT-FOR-US: Jenkins
 CVE-2017-1000391
+	RESERVED
 	NOT-FOR-US: Jenkins
 CVE-2017-1000390
+	RESERVED
 	NOT-FOR-US: Jenkins plugin
 CVE-2017-1000389
+	RESERVED
 	NOT-FOR-US: Jenkins plugin
 CVE-2017-1000388
+	RESERVED
 	NOT-FOR-US: Jenkins plugin
 CVE-2017-1000387
+	RESERVED
 	NOT-FOR-US: Jenkins plugin
 CVE-2017-1000386
+	RESERVED
 	NOT-FOR-US: Jenkins plugin
 CVE-2017-16884
 	RESERVED
@@ -3737,6 +3774,7 @@
 CVE-2017-16242
 	RESERVED
 CVE-2017-1000384 [Arbitrary file read]
+	RESERVED
 	- passenger <unfixed>
 	- ruby-passenger <removed>
 	[jessie] - ruby-passenger <no-dsa> (Minor issue)
@@ -9203,10 +9241,10 @@
 	RESERVED
 CVE-2017-14379 (EMC RSA Authentication Manager before 8.2 SP1 P6 has a cross-site ...)
 	NOT-FOR-US: EMC
-CVE-2017-14378
-	RESERVED
-CVE-2017-14377
-	RESERVED
+CVE-2017-14378 (EMC RSA Authentication Agent API 8.5 for C and RSA Authentication Agent ...)
+	TODO: check
+CVE-2017-14377 (EMC RSA Authentication Agent for Web: Apache Web Server version 8.0 and ...)
+	TODO: check
 CVE-2017-14376 (EMC AppSync Server prior to 3.5.0.1 contains database accounts with ...)
 	NOT-FOR-US: EMC AppSync Server
 CVE-2017-14375 (EMC Unisphere for VMAX Virtual Appliance (vApp) versions prior to ...)
@@ -9733,14 +9771,14 @@
 	RESERVED
 CVE-2017-14190
 	RESERVED
-CVE-2017-14189
-	RESERVED
+CVE-2017-14189 (An improper access control vulnerability in Fortinet FortiWebManager ...)
+	TODO: check
 CVE-2017-14188
 	RESERVED
 CVE-2017-14187
 	RESERVED
-CVE-2017-14186
-	RESERVED
+CVE-2017-14186 (A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 5.6.0 ...)
+	TODO: check
 CVE-2017-14185
 	RESERVED
 CVE-2017-14184
@@ -9836,7 +9874,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2017/09/21/3
 	NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2330
 CVE-2017-14176 (Bazaar through 2.7.0, when Subprocess SSH is used, allows remote ...)
-	{DLA-1107-1}
+	{DSA-4052-1 DLA-1107-1}
 	- bzr 2.7.0+bzr6622-7 (bug #874429)
 	NOTE: https://bugs.launchpad.net/bzr/+bug/1710979
 CVE-2017-14159 (slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping ...)
@@ -10608,8 +10646,8 @@
 	RESERVED
 CVE-2017-13873
 	RESERVED
-CVE-2017-13872
-	RESERVED
+CVE-2017-13872 (An issue was discovered in certain Apple products. macOS High Sierra ...)
+	TODO: check
 CVE-2017-13871
 	RESERVED
 CVE-2017-13870
@@ -25627,21 +25665,20 @@
 	RESERVED
 CVE-2017-8819
 	RESERVED
-CVE-2017-8818 [SSL out of buffer access]
-	RESERVED
+CVE-2017-8818 (curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to ...)
 	- curl <unfixed>
 	[stretch] - curl <not-affected> (Vulnerable code not present)
 	[jessie] - curl <not-affected> (Vulnerable code not present)
 	[wheezy] - curl <not-affected> (Vulnerable code not present)
 	NOTE: https://curl.haxx.se/docs/adv_2017-af0a.html
 	NOTE: https://curl.haxx.se/CVE-2017-8818.patch
-CVE-2017-8817 [FTP wildcard out of bounds read]
-	RESERVED
+CVE-2017-8817 (The FTP wildcard function in curl and libcurl before 7.57.0 allows ...)
+	{DSA-4051-1}
 	- curl <unfixed>
 	NOTE: https://curl.haxx.se/docs/adv_2017-ae72.html
 	NOTE: https://curl.haxx.se/CVE-2017-8817.patch
-CVE-2017-8816 [NTLM buffer overflow via integer overflow]
-	RESERVED
+CVE-2017-8816 (The NTLM authentication feature in curl and libcurl before 7.57.0 on ...)
+	{DSA-4051-1}
 	- curl <unfixed>
 	[wheezy] - curl <not-affected> (Vulnerable code not present, introduced in 7.36.0)
 	NOTE: https://curl.haxx.se/docs/adv_2017-11e7.html

More information about the Secure-testing-commits mailing list