[Secure-testing-commits] r56385 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Tue Oct 3 21:10:13 UTC 2017 

Author: sectracker
Date: 2017-10-03 21:10:13 +0000 (Tue, 03 Oct 2017)
New Revision: 56385

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-10-03 21:01:02 UTC (rev 56384)
+++ data/CVE/list	2017-10-03 21:10:13 UTC (rev 56385)
@@ -1,3 +1,31 @@
+CVE-2017-15011 (The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and ...)
+	TODO: check
+CVE-2017-15010 (A ReDoS (regular expression denial of service) flaw was found in the ...)
+	TODO: check
+CVE-2017-15009 (PRTG Network Monitor version 17.3.33.2830 is vulnerable to reflected ...)
+	TODO: check
+CVE-2017-15008 (PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored ...)
+	TODO: check
+CVE-2017-15007
+	RESERVED
+CVE-2017-15006
+	RESERVED
+CVE-2017-15005
+	RESERVED
+CVE-2017-15004
+	RESERVED
+CVE-2017-15003
+	RESERVED
+CVE-2017-15002
+	RESERVED
+CVE-2017-15001
+	RESERVED
+CVE-2017-15000
+	RESERVED
+CVE-2017-14999
+	RESERVED
+CVE-2017-14998
+	RESERVED
 CVE-2017-14997 (GraphicsMagick 1.3.26 allows remote attackers to cause a denial of ...)
 	- graphicsmagick <unfixed>
 	NOTE: https://sourceforge.net/p/graphicsmagick/code/ci/0683f8724200495059606c03f04e0d589b33ebe8/
@@ -5524,7 +5552,7 @@
 	RESERVED
 CVE-2017-12884
 	RESERVED
-CVE-2017-12883 (Buffer overflow in the regular expression parser in PERL before ...)
+CVE-2017-12883 (Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 ...)
 	{DSA-3982-1}
 	- perl 5.26.0-8 (bug #875597)
 	[wheezy] - perl <not-affected> (Vulnerable code introduced later)
@@ -6171,7 +6199,7 @@
 	RESERVED
 CVE-2017-12838 (Cross-site request forgery (CSRF) vulnerability in NexusPHP 1.5 allows ...)
 	NOT-FOR-US: NexusPHP
-CVE-2017-12837 (Heap-based buffer overflow in the regular expression compiler in PERL ...)
+CVE-2017-12837 (Heap-based buffer overflow in the S_regatom function in regcomp.c in ...)
 	{DSA-3982-1}
 	- perl 5.26.0-8 (bug #875596)
 	[wheezy] - perl <not-affected> (Vulnerable code introduced after 5.14.4)
@@ -6205,16 +6233,16 @@
 	RESERVED
 CVE-2017-12823
 	RESERVED
-CVE-2017-12822
-	RESERVED
-CVE-2017-12821
-	RESERVED
-CVE-2017-12820
-	RESERVED
-CVE-2017-12819
-	RESERVED
-CVE-2017-12818
-	RESERVED
+CVE-2017-12822 (Remote enabling and disabling admin interface in Gemalto's HASP SRM, ...)
+	TODO: check
+CVE-2017-12821 (Memory corruption in Gemalto's HASP SRM, Sentinel HASP and Sentinel ...)
+	TODO: check
+CVE-2017-12820 (Arbitrary memory read from controlled memory pointer in Gemalto's HASP ...)
+	TODO: check
+CVE-2017-12819 (Remote manipulations with language pack updater lead to NTLM-relay ...)
+	TODO: check
+CVE-2017-12818 (Stack overflow in custom XML-parser in Gemalto's HASP SRM, Sentinel ...)
+	TODO: check
 CVE-2017-12817 (In Kaspersky Internet Security for Android 11.12.4.1622, some of the ...)
 	NOT-FOR-US: Kaspersky Internet Security for Android
 CVE-2017-12816 (In Kaspersky Internet Security for Android 11.12.4.1622, some of ...)
@@ -6768,8 +6796,7 @@
 	RESERVED
 CVE-2017-12618
 	RESERVED
-CVE-2017-12617
-	RESERVED
+CVE-2017-12617 (When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to ...)
 	- tomcat7 <not-affected> (Windows-specific)
 CVE-2017-12616 (When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it ...)
 	{DLA-1108-1}
@@ -7854,8 +7881,7 @@
 CVE-2017-12167
 	RESERVED
 	TODO: check, possibly Red Hat specific issue
-CVE-2017-12166 [remote buffer overflow]
-	RESERVED
+CVE-2017-12166 (OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to ...)
 	- openvpn <unfixed> (bug #877089)
 	[stretch] - openvpn <no-dsa> (Minor issue)
 	[jessie] - openvpn <no-dsa> (Minor issue)
@@ -38972,8 +38998,8 @@
 	RESERVED
 CVE-2017-1542
 	RESERVED
-CVE-2017-1541
-	RESERVED
+CVE-2017-1541 (A flaw in the AIX 5.3, 6.1, 7.1, and 7.2 JRE/SDK installp and updatep ...)
+	TODO: check
 CVE-2017-1540
 	RESERVED
 CVE-2017-1539 (IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to ...)
@@ -39802,8 +39828,8 @@
 	NOT-FOR-US: IBM
 CVE-2017-1127 (IBM Rational DOORS Next Generation 4.0, 5.0 and 6.0 is vulnerable to ...)
 	NOT-FOR-US: IBM
-CVE-2017-1126
-	RESERVED
+CVE-2017-1126 (IBM WebSphere Message Broker (IBM Integration Bus 9.0 and 10.0) could ...)
+	TODO: check
 CVE-2017-1125 (IBM Cognos Analytics 10.1 and 10.2 could allow a local user to craft a ...)
 	NOT-FOR-US: IBM
 CVE-2017-1124 (IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local ...)
@@ -195416,7 +195442,7 @@
 	NOT-FOR-US: aspWebAlbum
 CVE-2008-6977 (Cross-site scripting (XSS) vulnerability in album.asp in Full ...)
 	NOT-FOR-US: aspWebAlbum
-CVE-2008-6976 (MicroTik RouterOS 3.x through 3.13 and 2.x through 2.9.51 allows ...)
+CVE-2008-6976 (MikroTik RouterOS 3.x through 3.13 and 2.x through 2.9.51 allows ...)
 	NOT-FOR-US: MicroTik RouterOS
 CVE-2009-2778 (Cross-site scripting (XSS) vulnerability in visitor/view.php in ...)
 	NOT-FOR-US: GarageSales script
@@ -217813,7 +217839,7 @@
 	NOT-FOR-US: Wordspew plugin for Wordpress
 CVE-2008-0681 (SQL injection vulnerability in index.php in PHPShop 0.8.1 allows ...)
 	NOT-FOR-US: PHPShop
-CVE-2008-0680 (SNMPd in MicroTik RouterOS 3.2 and earlier allows remote attackers to ...)
+CVE-2008-0680 (SNMPd in MikroTik RouterOS 3.2 and earlier allows remote attackers to ...)
 	NOT-FOR-US: MicroTik RouterOS
 CVE-2008-0679 (Cross-site scripting (XSS) vulnerability in index.php in BlogPHP 2.0 ...)
 	NOT-FOR-US: BlogPHP

More information about the Secure-testing-commits mailing list