[Secure-testing-commits] r56375 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Tue Oct 3 09:10:13 UTC 2017


Author: sectracker
Date: 2017-10-03 09:10:13 +0000 (Tue, 03 Oct 2017)
New Revision: 56375

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-10-03 07:56:37 UTC (rev 56374)
+++ data/CVE/list	2017-10-03 09:10:13 UTC (rev 56375)
@@ -1,3 +1,19 @@
+CVE-2017-14997 (GraphicsMagick 1.3.26 allows remote attackers to cause a denial of ...)
+	TODO: check
+CVE-2017-14996
+	RESERVED
+CVE-2017-14995 (The Management Console in WSO2 Application Server 5.3.0, WSO2 Business ...)
+	TODO: check
+CVE-2017-14994 (ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote ...)
+	TODO: check
+CVE-2017-14993
+	RESERVED
+CVE-2017-14992
+	RESERVED
+CVE-2017-14991 (The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before ...)
+	TODO: check
+CVE-2017-14758 (OpenText Document Sciences xPression (formerly EMC Document Sciences ...)
+	TODO: check
 CVE-2017-14990 (WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but ...)
 	- wordpress <unfixed>
 	NOTE: https://core.trac.wordpress.org/ticket/38474
@@ -395,8 +411,8 @@
 	- nodejs <not-affected> (Vulnerable code introduced in 8.5.0)
 	NOTE: https://nodejs.org/en/blog/vulnerability/september-2017-path-validation/
 	NOTE: https://twitter.com/nodejs/status/913131152868876288
-CVE-2017-14848
-	RESERVED
+CVE-2017-14848 (WPHRM Human Resource Management System for WordPress 1.0 allows SQL ...)
+	TODO: check
 CVE-2017-14847 (Mojoomla WPAMS Apartment Management System for WordPress allows SQL ...)
 	NOT-FOR-US: Mojoomla WPAMS Apartment Management System for WordPress
 CVE-2017-14846 (Mojoomla Hospital Management System for WordPress allows SQL Injection ...)
@@ -545,14 +561,14 @@
 	NOT-FOR-US: Laravel
 CVE-2017-14774
 	RESERVED
-CVE-2017-14773
-	RESERVED
-CVE-2017-14772
-	RESERVED
-CVE-2017-14771
-	RESERVED
-CVE-2017-14770
-	RESERVED
+CVE-2017-14773 (Skybox Manager Client Application prior to 8.5.501 is prone to an ...)
+	TODO: check
+CVE-2017-14772 (Skybox Manager Client Application is prone to information disclosure ...)
+	TODO: check
+CVE-2017-14771 (Skybox Manager Client Application prior to 8.5.501 is prone to an ...)
+	TODO: check
+CVE-2017-14770 (Skybox Manager Client Application prior to 8.5.501 is prone to an ...)
+	TODO: check
 CVE-2017-14769
 	RESERVED
 CVE-2017-14768
@@ -1307,40 +1323,34 @@
 	[jessie] - linux <not-affected> (Vulnerable code not present)
 	[wheezy] - linux <not-affected> (Vulnerable code not present)
 	NOTE: Fixed by: https://git.kernel.org/linus/edbd58be15a957f6a760c4a514cd475217eb97fd (v4.13)
-CVE-2017-14496
-	RESERVED
+CVE-2017-14496 (Integer underflow in the add_pseudoheader function in dnsmasq before ...)
 	- dnsmasq 2.78-1
 	[stretch] - dnsmasq 2.76-5+deb9u1
 	[jessie] - dnsmasq <not-affected> (Vulnerable code introduced later)
 	NOTE: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
 	NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=897c113fda0886a28a986cc6ba17bb93bd6cb1c7
-CVE-2017-14495
-	RESERVED
+CVE-2017-14495 (Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id ...)
 	- dnsmasq 2.78-1
 	[stretch] - dnsmasq 2.76-5+deb9u1
 	[jessie] - dnsmasq <not-affected> (Vulnerable code introduced later)
 	NOTE: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
 	NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=51eadb692a5123b9838e5a68ecace3ac579a3a45
-CVE-2017-14494
-	RESERVED
+CVE-2017-14494 (dnsmasq before 2.78, when configured as a relay, allows remote ...)
 	{DSA-3989-1}
 	- dnsmasq 2.78-1
 	NOTE: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
 	NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=33e3f1029c9ec6c63e430ff51063a6301d4b2262
-CVE-2017-14493
-	RESERVED
+CVE-2017-14493 (Stack-based buffer overflow in dnsmasq before 2.78 allows remote ...)
 	{DSA-3989-1}
 	- dnsmasq 2.78-1
 	NOTE: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
 	NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=3d4ff1ba8419546490b464418223132529514033
-CVE-2017-14492
-	RESERVED
+CVE-2017-14492 (Heap-based buffer overflow in dnsmasq before 2.78 allows remote ...)
 	{DSA-3989-1}
 	- dnsmasq 2.78-1
 	NOTE: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
 	NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=24036ea507862c7b7898b68289c8130f85599c10
-CVE-2017-14491
-	RESERVED
+CVE-2017-14491 (Heap-based buffer overflow in dnsmasq before 2.78 allows remote ...)
 	{DSA-3989-1}
 	- dnsmasq 2.78-1
 	NOTE: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
@@ -3550,8 +3560,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2017/08/27/1
 CVE-2017-13705
 	RESERVED
-CVE-2017-13704 [Size parameter overflow via large DNS query]
-	RESERVED
+CVE-2017-13704 (In dnsmasq before 2.78, if the DNS packet size does not match the ...)
 	- dnsmasq 2.78-1 (bug #877102)
 	[stretch] - dnsmasq <not-affected> (Vulnerable code not present; Upstream: Regression introduced in 2.77)
 	[jessie] - dnsmasq <not-affected> (Vulnerable code not present; Upstream: Regression introduced in 2.77)
@@ -6707,10 +6716,10 @@
 	- imagemagick 8:6.9.7.4+dfsg-15 (bug #870106)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/542
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/78d4c5db50fbab0b4beb69c46c6167f2c6513dec
-CVE-2017-12639
-	RESERVED
-CVE-2017-12638
-	RESERVED
+CVE-2017-12639 (Stack based buffer overflow in Ipswitch IMail server up to and ...)
+	TODO: check
+CVE-2017-12638 (Stack based buffer overflow in Ipswitch IMail server up to and ...)
+	TODO: check
 CVE-2017-12637 (Directory traversal vulnerability in ...)
 	NOT-FOR-US: SAP
 CVE-2017-12636
@@ -9715,12 +9724,12 @@
 	- nodejs 4.8.4~dfsg-1 (bug #868162; unimportant)
 	NOTE: https://nodejs.org/en/blog/release/v6.11.1/
 	NOTE: https://nodejs.org/en/blog/release/v4.8.4/
-CVE-2017-11498
-	RESERVED
-CVE-2017-11497
-	RESERVED
-CVE-2017-11496
-	RESERVED
+CVE-2017-11498 (Buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all ...)
+	TODO: check
+CVE-2017-11497 (Stack buffer overflow in hasplms in Gemalto ACC (Admin Control ...)
+	TODO: check
+CVE-2017-11496 (Stack buffer overflow in hasplms in Gemalto ACC (Admin Control ...)
+	TODO: check
 CVE-2017-11495 (PHICOMM K2(PSG1218) devices V22.5.11.5 and earlier allow ...)
 	NOT-FOR-US: PHICOMM
 CVE-2017-11494 (SQL injection vulnerability in SOL.Connect ISET-mpp meter 1.2.4.2 and ...)
@@ -12913,8 +12922,8 @@
 	- libstruts1.2-java <removed>
 	[wheezy] - libstruts1.2-java <not-affected> (vulnerable code not present)
 	NOTE: https://struts.apache.org/docs/s2-051.html
-CVE-2017-9792
-	RESERVED
+CVE-2017-9792 (In Apache Impala (incubating) before 2.10.0, a malicious user with ...)
+	TODO: check
 CVE-2017-9791 (The Struts 1 plugin in Apache Struts 2.3.x might allow remote code ...)
 	- libstruts1.2-java <not-affected> (Vulnerable code not present)
 	NOTE: Issue is specific to Struts 2.x.
@@ -19537,10 +19546,10 @@
 	NOT-FOR-US: Tenable Appliance
 CVE-2017-8049
 	RESERVED
-CVE-2017-8048
-	RESERVED
-CVE-2017-8047
-	RESERVED
+CVE-2017-8048 (In Cloud Foundry capi-release versions 1.33.0 and later, prior to ...)
+	TODO: check
+CVE-2017-8047 (In Cloud Foundry router routing-release all versions prior to v0.163.0 ...)
+	TODO: check
 CVE-2017-8046
 	RESERVED
 CVE-2017-8045




More information about the Secure-testing-commits mailing list