[Secure-testing-commits] r56436 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Thu Oct 5 21:10:17 UTC 2017
Author: sectracker
Date: 2017-10-05 21:10:17 +0000 (Thu, 05 Oct 2017)
New Revision: 56436
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-05 16:56:31 UTC (rev 56435)
+++ data/CVE/list 2017-10-05 21:10:17 UTC (rev 56436)
@@ -1,3 +1,9 @@
+CVE-2017-15040
+ RESERVED
+CVE-2017-15039
+ RESERVED
+CVE-2017-15038
+ RESERVED
CVE-2017-15037 (In FreeBSD through 11.1, the smb_strdupin function in ...)
TODO: check
CVE-2017-15036
@@ -1877,10 +1883,10 @@
RESERVED
CVE-2017-14355
RESERVED
-CVE-2017-14354
- RESERVED
-CVE-2017-14353
- RESERVED
+CVE-2017-14354 (A remote cross-site scripting vulnerability in HP UCMDB Foundation ...)
+ TODO: check
+CVE-2017-14353 (A remote code execution vulnerability in HP UCMDB Foundation Software ...)
+ TODO: check
CVE-2017-14352 (A potential security vulnerability has been identified in HP UCMDB ...)
NOT-FOR-US: HP
CVE-2017-14351 (A potential security vulnerability has been identified in HP UCMDB ...)
@@ -2480,6 +2486,7 @@
NOTE: https://github.com/uclouvain/openjpeg/commit/afb308b9ccbe129608c9205cf3bb39bbefad90b9
NOTE: https://github.com/uclouvain/openjpeg/issues/982
CVE-2017-1000254 [FTP PWD response parser out of bounds read]
+ {DLA-1121-1}
- curl <unfixed> (bug #877671)
NOTE: https://curl.haxx.se/docs/adv_20171004.html
NOTE: Patch: https://curl.haxx.se/CVE-2017-1000254.patch
@@ -2697,20 +2704,20 @@
RESERVED
CVE-2017-14090
RESERVED
-CVE-2017-14089
- RESERVED
-CVE-2017-14088
- RESERVED
-CVE-2017-14087
- RESERVED
-CVE-2017-14086
- RESERVED
-CVE-2017-14085
- RESERVED
-CVE-2017-14084
- RESERVED
-CVE-2017-14083
- RESERVED
+CVE-2017-14089 (An Unauthorized Memory Corruption vulnerability in Trend Micro ...)
+ TODO: check
+CVE-2017-14088 (Memory Corruption Privilege Escalation vulnerabilities in Trend Micro ...)
+ TODO: check
+CVE-2017-14087 (A Host Header Injection vulnerability in Trend Micro OfficeScan XG ...)
+ TODO: check
+CVE-2017-14086 (Pre-authorization Start Remote Process vulnerabilities in Trend Micro ...)
+ TODO: check
+CVE-2017-14085 (Information disclosure vulnerabilities in Trend Micro OfficeScan 11.0 ...)
+ TODO: check
+CVE-2017-14084 (A potential Man-in-the-Middle (MitM) attack vulnerability in Trend ...)
+ TODO: check
+CVE-2017-14083 (A vulnerability in Trend Micro OfficeScan 11.0 and XG allows remote ...)
+ TODO: check
CVE-2017-14082
RESERVED
CVE-2017-14081 (Proxy command injection vulnerabilities in Trend Micro Mobile Security ...)
@@ -2729,7 +2736,7 @@
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27152
NOTE: Fix: https://gerrit.asterisk.org/#/q/topic:ASTERISK-27152
CVE-2017-14100 (In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before ...)
- {DSA-3964-1}
+ {DSA-3964-1 DLA-1122-1}
- asterisk 1:13.17.1~dfsg-1 (bug #873908)
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27103
NOTE: Fix: https://gerrit.asterisk.org/#/q/topic:ASTERISK-27103
@@ -8125,7 +8132,7 @@
{DSA-3983-1 DLA-1110-1}
- samba 2:4.6.7+dfsg-2
NOTE: https://www.samba.org/samba/security/CVE-2017-12150.html
-CVE-2017-12149 (In Jboss Application Server as shipped with RedHat Enterprise ...)
+CVE-2017-12149 (In Jboss Application Server as shipped with Red Hat Enterprise ...)
TODO: check, maybe in jbossas4
CVE-2017-12148
RESERVED
@@ -8252,8 +8259,8 @@
RESERVED
CVE-2017-12107
RESERVED
-CVE-2017-12106
- RESERVED
+CVE-2017-12106 (A memory corruption vulnerability exists in the .TGA parsing ...)
+ TODO: check
CVE-2017-12105
RESERVED
CVE-2017-12104
@@ -36019,8 +36026,8 @@
RESERVED
CVE-2017-2921
RESERVED
-CVE-2017-2920
- RESERVED
+CVE-2017-2920 (An exploitable buffer overflow vulnerability exists in the tag parsing ...)
+ TODO: check
CVE-2017-2919
RESERVED
CVE-2017-2918
@@ -36103,8 +36110,8 @@
RESERVED
CVE-2017-2881
RESERVED
-CVE-2017-2880
- RESERVED
+CVE-2017-2880 (An memory corruption vulnerability exists in the .GIF parsing ...)
+ TODO: check
CVE-2017-2879
RESERVED
CVE-2017-2878
@@ -39198,8 +39205,8 @@
RESERVED
CVE-2017-1523
RESERVED
-CVE-2017-1522
- RESERVED
+CVE-2017-1522 (IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to ...)
+ TODO: check
CVE-2017-1521
RESERVED
CVE-2017-1520 (IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized ...)
@@ -39486,8 +39493,8 @@
NOT-FOR-US: IBM
CVE-2017-1379 (IBM API Connect 5.0.0.0 could allow a remote attacker to obtain ...)
NOT-FOR-US: IBM
-CVE-2017-1378
- RESERVED
+CVE-2017-1378 (IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) ...)
+ TODO: check
CVE-2017-1377 (IBM Runbook Automation reveals sensitive information in error messages ...)
NOT-FOR-US: IBM
CVE-2017-1376 (A flaw in the IBM J9 VM class verifier allows untrusted code to ...)
@@ -39564,8 +39571,8 @@
RESERVED
CVE-2017-1340
RESERVED
-CVE-2017-1339
- RESERVED
+CVE-2017-1339 (IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) ...)
+ TODO: check
CVE-2017-1338 (IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to ...)
NOT-FOR-US: IBM
CVE-2017-1337 (IBM WebSphere MQ 9.0.1 and 9.0.2 Java/JMS application can incorrectly ...)
@@ -39640,8 +39647,8 @@
NOT-FOR-US: IBM
CVE-2017-1302 (IBM Sterling B2B Integrator Standard Edition 5.2 could allow a local ...)
NOT-FOR-US: IBM
-CVE-2017-1301
- RESERVED
+CVE-2017-1301 (IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to ...)
+ TODO: check
CVE-2017-1300
RESERVED
CVE-2017-1299
@@ -39840,8 +39847,8 @@
NOT-FOR-US: IBM
CVE-2017-1202
RESERVED
-CVE-2017-1201
- RESERVED
+CVE-2017-1201 (IBM BigFix Compliance Analytics 1.9.79 (TEMA SUAv1 SCA SCM) stores ...)
+ TODO: check
CVE-2017-1200
RESERVED
CVE-2017-1199 (IBM InfoSphere Master Data Management Server 10.0, 11.0, 11.3, 11.4, ...)
@@ -44745,8 +44752,8 @@
NOT-FOR-US: IBM
CVE-2016-8938 (IBM UrbanCode Deploy could allow a user to execute code using a ...)
NOT-FOR-US: IBM
-CVE-2016-8937
- RESERVED
+CVE-2016-8937 (The IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) ...)
+ TODO: check
CVE-2016-8936 (IBM Social Rendering Templates for Digital Data Connector is ...)
NOT-FOR-US: IBM
CVE-2016-8935 (IBM Kenexa LMS on Cloud 13.1, 13.2, 13.2.2, 13.2.3, 13.2.4 and 14.0.0 ...)
More information about the Secure-testing-commits
mailing list