[Secure-testing-commits] r56665 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Thu Oct 12 21:10:16 UTC 2017 

Author: sectracker
Date: 2017-10-12 21:10:16 +0000 (Thu, 12 Oct 2017)
New Revision: 56665

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-10-12 20:02:54 UTC (rev 56664)
+++ data/CVE/list	2017-10-12 21:10:16 UTC (rev 56665)
@@ -1,3 +1,9 @@
+CVE-2017-15292
+	RESERVED
+CVE-2017-15291
+	RESERVED
+CVE-2017-15290 (Mirasys Video Management System (VMS) 6.x before 6.4.6, 7.x before ...)
+	TODO: check
 CVE-2017-XXXX [XSA 244]
 	- xen <unfixed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-244.html
@@ -24,13 +30,14 @@
 	- xen <unfixed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-237.html
 CVE-2017-15289 [cirrus: OOB access issue in mode4and5 write functions]
+	RESERVED
 	- qemu <unfixed>
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg02557.html
 CVE-2017-15288
 	RESERVED
-CVE-2017-15287
-	RESERVED
+CVE-2017-15287 (There is XSS in the BouquetEditor WebPlugin for Dream Multimedia ...)
+	TODO: check
 CVE-2017-15286 (SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in ...)
 	- sqlite3 <unfixed> (low)
 	NOTE: https://github.com/Ha0Team/crash-of-sqlite3/blob/master/poc.md
@@ -79,8 +86,7 @@
 	RESERVED
 CVE-2017-15269
 	RESERVED
-CVE-2017-15268 [I/O: potential memory exhaustion via websock connection to VNC]
-	RESERVED
+CVE-2017-15268 (Qemu through 2.10.0 allows remote attackers to cause a memory leak by ...)
 	- qemu <unfixed>
 	[jessie] - qemu <not-affected> (I/O channels driver websockets introduced later)
 	[wheezy] - qemu <not-affected> (I/O channels driver websockets introduced later)
@@ -7068,8 +7074,8 @@
 CVE-2017-12850 (An authenticated standard user could reset the password of other users ...)
 	- kanboard <itp> (bug #790814)
 	NOTE: https://github.com/kanboard/kanboard/commit/88dd6abbf3f519897f2f6280e95c9eec9123a4ae
-CVE-2017-12849
-	RESERVED
+CVE-2017-12849 (Response discrepancy in the login and password reset forms in ...)
+	TODO: check
 CVE-2017-12848
 	RESERVED
 CVE-2017-12847 (Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping ...)
@@ -12655,14 +12661,14 @@
 	RESERVED
 CVE-2017-10866
 	RESERVED
-CVE-2017-10865
-	RESERVED
-CVE-2017-10864
-	RESERVED
-CVE-2017-10863
-	RESERVED
-CVE-2017-10862
-	RESERVED
+CVE-2017-10865 (Untrusted search path vulnerability in HIBUN Confidential File ...)
+	TODO: check
+CVE-2017-10864 (Untrusted search path vulnerability in Installer of HIBUN Confidential ...)
+	TODO: check
+CVE-2017-10863 (Untrusted search path vulnerability in HIBUN Confidential File ...)
+	TODO: check
+CVE-2017-10862 (jwt-scala 1.2.2 and earlier fails to verify token signatures correctly ...)
+	TODO: check
 CVE-2017-10861
 	RESERVED
 CVE-2017-10860 (Untrusted search path vulnerability in "i-filter 6.0 installer" ...)
@@ -12671,8 +12677,8 @@
 	NOT-FOR-US: i-filter 6.0 installer
 CVE-2017-10858 (Untrusted search path vulnerability in "i-filter 6.0 install program" ...)
 	NOT-FOR-US: i-filter 6.0 install program
-CVE-2017-10857
-	RESERVED
+CVE-2017-10857 (Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers to ...)
+	TODO: check
 CVE-2017-10856 (SEIL/X 4.60 to 5.72, SEIL/B1 4.60 to 5.72, SEIL/x86 3.20 to 5.72, ...)
 	NOT-FOR-US: SEIL
 CVE-2017-10855 (Untrusted search path vulnerability in FENCE-Explorer for Windows ...)
@@ -16208,8 +16214,8 @@
 	NOT-FOR-US: Craft CMS
 CVE-2017-9515
 	RESERVED
-CVE-2017-9514
-	RESERVED
+CVE-2017-9514 (Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a ...)
+	TODO: check
 CVE-2017-9513
 	RESERVED
 CVE-2017-9512 (The mostActiveCommitters.do resource in Atlassian FishEye and ...)
@@ -44492,8 +44498,8 @@
 	NOTE: http://dev.dotclear.org/2.0/ticket/2214
 CVE-2016-9267
 	RESERVED
-CVE-2016-9263
-	RESERVED
+CVE-2016-9263 (WordPress through 4.8.2, when domain-based flashmediaelement.swf ...)
+	TODO: check
 CVE-2016-9447 (The ROM mappings in the NSF decoder in gstreamer 0.10.x allow remote ...)
 	{DSA-3713-1 DLA-712-1}
 	- gst-plugins-bad0.10 <removed>
@@ -46000,8 +46006,7 @@
 	NOTE: https://struts.apache.org/docs/s2-044.html
 CVE-2016-8737 (In Apache Brooklyn before 0.10.0, the REST server is vulnerable to ...)
 	NOT-FOR-US: Apache Brooklyn
-CVE-2016-8736
-	RESERVED
+CVE-2016-8736 (Apache Openmeetings before 3.1.2 is vulnerable to Remote Code ...)
 	NOT-FOR-US: Apache OpenMeetings
 CVE-2016-8735 (Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x ...)
 	{DSA-3739-1 DSA-3738-1 DLA-729-1 DLA-728-1}
@@ -81155,8 +81160,8 @@
 	NOTE: Fixup: https://github.com/cisco/libsrtp/commit/cdc69f2acde796a4152a250f869271298abc233f
 CVE-2015-6359 (The Neighbor Discovery (ND) protocol implementation in the IPv6 stack ...)
 	NOT-FOR-US: Cisco IOS
-CVE-2015-6358
-	RESERVED
+CVE-2015-6358 (Multiple Cisco embedded devices use hardcoded X.509 certificates and ...)
+	TODO: check
 CVE-2015-6357 (The rule-update feature in Cisco FireSIGHT Management Center (MC) 5.2 ...)
 	NOT-FOR-US: Cisco FireSIGHT
 CVE-2015-6356 (Cross-site scripting (XSS) vulnerability in the WeChat page in Cisco ...)

More information about the Secure-testing-commits mailing list