[Secure-testing-commits] r56808 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Wed Oct 18 09:10:13 UTC 2017
Author: sectracker
Date: 2017-10-18 09:10:13 +0000 (Wed, 18 Oct 2017)
New Revision: 56808
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-18 08:55:22 UTC (rev 56807)
+++ data/CVE/list 2017-10-18 09:10:13 UTC (rev 56808)
@@ -1,4 +1,80 @@
-CVE-2017-15587 [Out-of-Bounds Write Vulnerability]
+CVE-2017-15586
+ RESERVED
+CVE-2017-15585
+ RESERVED
+CVE-2017-15584
+ RESERVED
+CVE-2017-15583 (The embedded web server on ABB Fox515T 1.0 devices is vulnerable to ...)
+ TODO: check
+CVE-2017-15582
+ RESERVED
+CVE-2017-15581
+ RESERVED
+CVE-2017-15580
+ RESERVED
+CVE-2017-15579 (In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via an ...)
+ TODO: check
+CVE-2017-15578 (In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via the image ...)
+ TODO: check
+CVE-2017-15567
+ RESERVED
+CVE-2017-15566
+ RESERVED
+CVE-2017-15565 (In Poppler 0.59.0, a NULL Pointer Dereference exists in the ...)
+ TODO: check
+CVE-2017-15564
+ RESERVED
+CVE-2017-15563
+ RESERVED
+CVE-2017-15562
+ RESERVED
+CVE-2017-15561
+ RESERVED
+CVE-2017-15560
+ RESERVED
+CVE-2017-15559
+ RESERVED
+CVE-2017-15558
+ RESERVED
+CVE-2017-15557
+ RESERVED
+CVE-2017-15556
+ RESERVED
+CVE-2017-15555
+ RESERVED
+CVE-2017-15554
+ RESERVED
+CVE-2017-15553
+ RESERVED
+CVE-2017-15552
+ RESERVED
+CVE-2017-15551
+ RESERVED
+CVE-2017-15550
+ RESERVED
+CVE-2017-15549
+ RESERVED
+CVE-2017-15548
+ RESERVED
+CVE-2017-15547
+ RESERVED
+CVE-2017-15546
+ RESERVED
+CVE-2017-15545
+ RESERVED
+CVE-2017-15544
+ RESERVED
+CVE-2017-15543
+ RESERVED
+CVE-2017-15542
+ RESERVED
+CVE-2017-15541
+ RESERVED
+CVE-2017-15540
+ RESERVED
+CVE-2017-15539 (SQL Injection exists in zorovavi/blog through 2017-10-17 via the id ...)
+ TODO: check
+CVE-2017-15587 (An integer overflow was discovered in pdf_read_new_xref_section in ...)
- mupdf <unfixed>
NOTE: http://git.ghostscript.com/?p=mupdf.git;h=82df2631d7d0446b206ea6b434ea609b6c28b0e8
NOTE: https://nandynarwhals.org/CVE-2017-15587/
@@ -50,58 +126,58 @@
RESERVED
CVE-2017-15514
RESERVED
-CVE-2017-15568
+CVE-2017-15568 (In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, ...)
- redmine <unfixed>
NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
NOTE: https://www.redmine.org/issues/27186 (private)
NOTE: upstream fixed in 3.2.8, 3.3.5 and 3.4.3
NOTE: https://github.com/redmine/redmine/commit/94f7cfbf990028348b9262578acbc53a94fce448
-CVE-2017-15569
+CVE-2017-15569 (In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, ...)
- redmine <unfixed>
NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
NOTE: https://www.redmine.org/issues/27186 (private)
NOTE: https://github.com/redmine/redmine/commit/56c8ee0440d8555aa7822d947ba9091c8a791508
-CVE-2017-15570
+CVE-2017-15570 (In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, ...)
- redmine <unfixed>
NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
NOTE: https://www.redmine.org/issues/27186 (private)
NOTE: https://github.com/redmine/redmine/commit/1a0976417975a128b0a932ba1552c37e9414953b
-CVE-2017-15571
+CVE-2017-15571 (In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, ...)
- redmine <unfixed>
NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
NOTE: https://www.redmine.org/issues/27186 (private)
NOTE: https://github.com/redmine/redmine/commit/273dd9cb3bcfb1e0a0b90570b3b34eafa07d67aa
-CVE-2017-15573 [Improper markup sanitization in wiki content]
+CVE-2017-15573 (In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists because ...)
- redmine <unfixed>
NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
NOTE: https://www.redmine.org/issues/25503 (private)
NOTE: upstream fixed in 3.2.6 and 3.3.3
-CVE-2017-15572 [Use redirect on /account/lost_password to prevent password reset tokens in referers]
+CVE-2017-15572 (In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can ...)
- redmine <unfixed>
NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
NOTE: https://www.redmine.org/issues/24416 (private)
NOTE: upstream fixed in 3.2.6 and 3.3.3
-CVE-2017-15575 [Redmine.pm doesn't check that the repository module is enabled on project]
+CVE-2017-15575 (In Redmine before 3.2.6 and 3.3.x before 3.3.3, Redmine.pm lacks a ...)
- redmine <unfixed>
NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
NOTE: https://www.redmine.org/issues/24307 (private)
NOTE: upstream fixed in 3.2.6 and 3.3.3
-CVE-2017-15574 [Stored XSS with SVG attachments]
+CVE-2017-15574 (In Redmine before 3.2.6 and 3.3.x before 3.3.3, stored XSS is possible ...)
- redmine <unfixed>
NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
NOTE: https://www.redmine.org/issues/24199 (private)
NOTE: upstream fixed in 3.2.6 and 3.3.3
-CVE-2017-15576 [Information leak when rendering Time Entry on activity view]
+CVE-2017-15576 (Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry ...)
- redmine <unfixed>
NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
NOTE: https://www.redmine.org/issues/23803 (private)
NOTE: upstream fixed in 3.2.6 and 3.3.3
-CVE-2017-15577 [Information leak when rendering Wiki links]
+CVE-2017-15577 (Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering of ...)
- redmine <unfixed>
NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
NOTE: https://www.redmine.org/issues/23793 (private)
NOTE: upstream fixed in 3.2.6 and 3.3.3
-CVE-2016-10515 [Persistent XSS vulnerabilities in text formatting (Textile and Markdown) and project homepage]
+CVE-2016-10515 (In Redmine before 3.2.3, there are stored XSS vulnerabilities affecting ...)
- redmine 3.2.3-1
NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
NOTE: upstream fixed in 3.2.3
@@ -599,30 +675,30 @@
RESERVED
CVE-2017-15290 (Mirasys Video Management System (VMS) 6.x before 6.4.6, 7.x before ...)
NOT-FOR-US: Mirasys Video Management System
-CVE-2017-15594 [XSA 244]
+CVE-2017-15594 (An issue was discovered in Xen through 4.9.x allowing x86 SVM PV guest ...)
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-244.html
-CVE-2017-15592 [XSA 243]
+CVE-2017-15592 (An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS ...)
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-243.html
-CVE-2017-15593 [XSA 242]
+CVE-2017-15593 (An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS ...)
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-242.html
-CVE-2017-15588 [XSA 241]
+CVE-2017-15588 (An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS ...)
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-241.html
-CVE-2017-15595 [XSA 240]
+CVE-2017-15595 (An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS ...)
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-240.html
-CVE-2017-15589 [XSA 239]
+CVE-2017-15589 (An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS ...)
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-239.html
-CVE-2017-15591 [XSA 238]
+CVE-2017-15591 (An issue was discovered in Xen 4.5.x through 4.9.x allowing attackers ...)
- xen <unfixed>
[jessie] - xen <not-affected> (Only affects 4.5 and later)
[wheezy] - xen <not-affected> (Only affects 4.5 and later)
NOTE: https://xenbits.xen.org/xsa/advisory-238.html
-CVE-2017-15590 [XSA 237]
+CVE-2017-15590 (An issue was discovered in Xen through 4.9.x allowing x86 guest OS ...)
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-237.html
CVE-2017-15289 (The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow ...)
@@ -1194,7 +1270,7 @@
[jessie] - linux <not-affected> (Vulnerable code introduced later)
[wheezy] - linux <not-affected> (Vulnerable code introduced later)
NOTE: Fixed by: https://git.kernel.org/linus/265e60a170d0a0ecfc2d20490134ed2c48dd45ab
-CVE-2017-15063 (There are CSRF vulnerabilities in Subrion CMS before 4.2.0 because of a ...)
+CVE-2017-15063 (There are CSRF vulnerabilities in Subrion CMS 4.1.x through 4.1.5, and ...)
NOT-FOR-US: Subrion CMS
CVE-2017-15062
RESERVED
@@ -3339,7 +3415,8 @@
NOTE: State is not fully correct, since "affected" source would be there.
CVE-2015-9228 (In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for ...)
NOT-FOR-US: Photocrati NextGEN Gallery plugin for WordPress
-CVE-2017-15596 [XSA 235]
+CVE-2017-15596 (An issue was discovered in Xen 4.4.x through 4.9.x allowing ARM guest ...)
+ {DSA-3969-1}
- xen 4.8.1-1+deb9u3
[wheezy] - xen <not-affected> (No arm support in Wheezy)
NOTE: https://xenbits.xen.org/xsa/advisory-235.html
@@ -4258,24 +4335,24 @@
RESERVED
CVE-2017-14014
RESERVED
-CVE-2017-14013
- RESERVED
+CVE-2017-14013 (A Client-Side Enforcement of Server-Side Security issue was discovered ...)
+ TODO: check
CVE-2017-14012
RESERVED
-CVE-2017-14011
- RESERVED
+CVE-2017-14011 (A Cross-Site Request Forgery issue was discovered in ProMinent ...)
+ TODO: check
CVE-2017-14010
RESERVED
-CVE-2017-14009
- RESERVED
+CVE-2017-14009 (An Information Exposure issue was discovered in ProMinent MultiFLEX ...)
+ TODO: check
CVE-2017-14008
RESERVED
-CVE-2017-14007
- RESERVED
+CVE-2017-14007 (An Insufficient Session Expiration issue was discovered in ProMinent ...)
+ TODO: check
CVE-2017-14006
RESERVED
-CVE-2017-14005
- RESERVED
+CVE-2017-14005 (An Unverified Password Change issue was discovered in ProMinent ...)
+ TODO: check
CVE-2017-14004
RESERVED
CVE-2017-14003 (An Authentication Bypass by Spoofing issue was discovered in LAVA ...)
@@ -4287,8 +4364,8 @@
NOTE: Different from standard asterisk: https://wiki.asterisk.org/wiki/display/AST/Asterisk+GUI
CVE-2017-14000 (An Improper Authentication issue was discovered in Ctek SkyRouter ...)
NOT-FOR-US: Ctek SkyRouter
-CVE-2017-13999
- RESERVED
+CVE-2017-13999 (A Stack-based Buffer Overflow issue was discovered in WECON LEVI Studio ...)
+ TODO: check
CVE-2017-13998 (An Insufficiently Protected Credentials issue was discovered in LOYTEC ...)
NOT-FOR-US: LOYTEC LVIS-3ME
CVE-2017-13997 (A Missing Authentication for Critical Function issue was discovered in ...)
@@ -5014,6 +5091,7 @@
CVE-2017-13724 (On the Axesstel MU553S MU55XS-V1.14, there is a Stored Cross Site ...)
NOT-FOR-US: Axesstel MU553S MU55XS-V1.14
CVE-2017-13723 (In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local ...)
+ {DSA-4000-1}
- xorg-server 2:1.19.4-1
NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=94f11ca5cf011ef123bd222cabeaef6f424d76ac
NOTE: This is in libxkbfile in wheezy
@@ -5024,6 +5102,7 @@
NOTE: Fixed by: https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=672bb944311392e2415b39c0d63b1e1902905bcd
NOTE: libxfont1 is only used by xfonts-utils, no security impact
CVE-2017-13721 (In X.Org Server (aka xserver and xorg-server) before 1.19.4, an ...)
+ {DSA-4000-1}
- xorg-server 2:1.19.4-1
NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=b95f25af141d33a65f6f821ea9c003f66a01e1f1
NOTE: In wheezy this is possibly libxext, src/XShm.c?
@@ -9416,49 +9495,61 @@
NOTE: https://www.spinics.net/lists/kvm/msg156651.html
CVE-2017-12187
RESERVED
+ {DSA-4000-1}
- xorg-server 2:1.19.5-1
NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e
CVE-2017-12186
RESERVED
+ {DSA-4000-1}
- xorg-server 2:1.19.5-1
NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e
CVE-2017-12185
RESERVED
+ {DSA-4000-1}
- xorg-server 2:1.19.5-1
NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e
CVE-2017-12184 [Unvalidated lengths]
RESERVED
+ {DSA-4000-1}
- xorg-server 2:1.19.5-1
NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e
CVE-2017-12183 [xfixes: unvalidated lengths]
RESERVED
+ {DSA-4000-1}
- xorg-server 2:1.19.5-1
NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=55caa8b08c84af2b50fbc936cf334a5a93dd7db5
CVE-2017-12182 [hw/xfree86: unvalidated lengths]
RESERVED
+ {DSA-4000-1}
- xorg-server 2:1.19.5-1
NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=1b1d4c04695dced2463404174b50b3581dbd857b
CVE-2017-12181 [hw/xfree86: unvalidated lengths]
RESERVED
+ {DSA-4000-1}
- xorg-server 2:1.19.5-1
NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=1b1d4c04695dced2463404174b50b3581dbd857b
CVE-2017-12180 [hw/xfree86: unvalidated lengths]
RESERVED
+ {DSA-4000-1}
- xorg-server 2:1.19.5-1
NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=1b1d4c04695dced2463404174b50b3581dbd857b
CVE-2017-12179 [Xi: integer overflow and unvalidated length in (S)ProcXIBarrierReleasePointer]
RESERVED
+ {DSA-4000-1}
- xorg-server 2:1.19.5-1
CVE-2017-12178 [Xi: fix wrong extra length check in ProcXIChangeHierarchy]
RESERVED
+ {DSA-4000-1}
- xorg-server 2:1.19.5-1
NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=859b08d523307eebde7724fd1a0789c44813e821
CVE-2017-12177 [dbe: Unvalidated variable-length request in ProcDbeGetVisualInfo]
RESERVED
+ {DSA-4000-1}
- xorg-server 2:1.19.5-1
NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=4ca68b878e851e2136c234f40a25008297d8d831
CVE-2017-12176 [Unvalidated extra length in ProcEstablishConnection]
RESERVED
+ {DSA-4000-1}
- xorg-server 2:1.19.5-1
NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=b747da5e25be944337a9cd1415506fc06b70aa81
CVE-2017-12175
@@ -16711,8 +16802,8 @@
NOT-FOR-US: Schneider Electric
CVE-2017-9626
RESERVED
-CVE-2017-9625
- RESERVED
+CVE-2017-9625 (An Improper Authentication issue was discovered in Envitech EnviDAS ...)
+ TODO: check
CVE-2017-9624 (Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI ...)
NOT-FOR-US: Telaxus/EPESI
CVE-2017-9623 (Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI ...)
More information about the Secure-testing-commits
mailing list