[Secure-testing-commits] r56886 - data/CVE

Fri Oct 20 09:10:14 UTC 2017

Author: sectracker
Date: 2017-10-20 09:10:14 +0000 (Fri, 20 Oct 2017)
New Revision: 56886

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-10-20 07:44:49 UTC (rev 56885)
+++ data/CVE/list	2017-10-20 09:10:14 UTC (rev 56886)
@@ -1,4 +1,56 @@
-CVE-2017-15650 [dns buffer overflow]
+CVE-2017-15669
+	RESERVED
+CVE-2017-15668
+	RESERVED
+CVE-2017-15667
+	RESERVED
+CVE-2017-15666
+	RESERVED
+CVE-2017-15665
+	RESERVED
+CVE-2017-15664
+	RESERVED
+CVE-2017-15663
+	RESERVED
+CVE-2017-15662
+	RESERVED
+CVE-2017-15661
+	RESERVED
+CVE-2017-15660
+	RESERVED
+CVE-2017-15659
+	RESERVED
+CVE-2017-15658
+	RESERVED
+CVE-2017-15657
+	RESERVED
+CVE-2017-15656
+	RESERVED
+CVE-2017-15655
+	RESERVED
+CVE-2017-15654
+	RESERVED
+CVE-2017-15653
+	RESERVED
+CVE-2017-15652
+	RESERVED
+CVE-2017-15651 (PRTG Network Monitor 17.3.33.2830 allows remote authenticated ...)
+	TODO: check
+CVE-2017-15649 (net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local ...)
+	TODO: check
+CVE-2017-15648 (In PHPSUGAR PHP Melody before 2.7.3, page_manager.php has XSS via the ...)
+	TODO: check
+CVE-2017-15647 (On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc ...)
+	TODO: check
+CVE-2017-15646 (Webmin before 1.860 has XSS with resultant remote code execution. Under ...)
+	TODO: check
+CVE-2017-15645 (CSRF exists in Webmin 1.850. By sending a GET request to ...)
+	TODO: check
+CVE-2017-15644 (SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as ...)
+	TODO: check
+CVE-2017-15643 (An active network attacker (MiTM) can achieve remote code execution on ...)
+	TODO: check
+CVE-2017-15650 (musl libc before 1.1.17 has a buffer overflow via crafted DNS replies ...)
 	- musl 1.1.17-1
 	NOTE: https://git.musl-libc.org/cgit/musl/patch/?id=45ca5d3fcb6f874bf5ba55d0e9651cef68515395
 CVE-2017-15642 (In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is ...)
@@ -908,7 +960,7 @@
 	NOTE: http://openwall.com/lists/oss-security/2017/10/11/1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1499599
 	NOTE: Fixed by: https://gnunet.org/git/libextractor.git/commit/?id=b577d5452c5c4ee9d552da62a24b95f461551fe2
-CVE-2017-15265 (Use-after-free vulnerability in the Linux kernel before 4.14-rc5 ...)
+CVE-2017-15265 (Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 ...)
 	- linux 4.13.4-2
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1062520
 	NOTE: http://mailman.alsa-project.org/pipermail/alsa-devel/2017-October/126292.html
@@ -4454,12 +4506,12 @@
 	RESERVED
 CVE-2017-14020
 	RESERVED
-CVE-2017-14019
-	RESERVED
+CVE-2017-14019 (An Unquoted Search Path or Element issue was discovered in Progea ...)
+	TODO: check
 CVE-2017-14018
 	RESERVED
-CVE-2017-14017
-	RESERVED
+CVE-2017-14017 (An Uncontrolled Search Path Element issue was discovered in Progea ...)
+	TODO: check
 CVE-2017-14016
 	RESERVED
 CVE-2017-14015
@@ -13428,8 +13480,8 @@
 	RESERVED
 CVE-2017-10934
 	RESERVED
-CVE-2017-10933
-	RESERVED
+CVE-2017-10933 (All versions prior to V2.06.00.00 of ZTE ZXDT22 SF01, an monitoring ...)
+	TODO: check
 CVE-2017-10932 (All versions prior to V12.17.20 of the ZTE Microwave NR8000 series ...)
 	NOT-FOR-US: ZTE Microwave
 CVE-2017-10931 (The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download ...)
@@ -23528,6 +23580,7 @@
 	NOTE: GnuPG1: https://dev.gnupg.org/D438
 CVE-2017-7525 [Deserialization vulnerability via readValue method of ObjectMapper]
 	RESERVED
+	{DSA-4004-1}
 	- jackson-databind 2.9.1-1 (bug #870848)
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/1599
 CVE-2017-7524 (tpm2-tools versions before 1.1.1 are vulnerable to a password leak due ...)
@@ -81561,8 +81614,8 @@
 	NOTE: https://github.com/owncloud/calendar/commit/4e0306adb13b19919e90857eaf7681303cd45414
 CVE-2015-6669
 	RESERVED
-CVE-2015-6668
-	RESERVED
+CVE-2015-6668 (The Job Manager plugin before 0.7.25 allows remote attackers to read ...)
+	TODO: check
 CVE-2015-6667
 	RESERVED
 CVE-2015-6664 (XML external entity (XXE) vulnerability in the application import ...)
@@ -87773,10 +87826,10 @@
 	RESERVED
 CVE-2015-4423
 	RESERVED
-CVE-2015-4422
-	RESERVED
-CVE-2015-4421
-	RESERVED
+CVE-2015-4422 (The TEEOS module in Huawei Mate 7 (Mate7-TL10) smartphone before ...)
+	TODO: check
+CVE-2015-4421 (The tzdriver module in Huawei Mate 7 (Mate7-TL10) smartphone before ...)
+	TODO: check
 CVE-2015-4420 (Multiple cross-site scripting (XSS) vulnerabilities in Opsview 4.6.2 ...)
 	NOT-FOR-US: Opsview
 CVE-2015-4419
@@ -152240,8 +152293,7 @@
 CVE-2012-4383
 	RESERVED
 	NOT-FOR-US: Contao
-CVE-2012-4382 [Info leak in user blocks]
-	RESERVED
+CVE-2012-4382 (MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not properly ...)
 	- mediawiki 1:1.19.2-1 (bug #686330)
 	[squeeze] - mediawiki <end-of-life>
 	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39823
@@ -152252,14 +152304,12 @@
 	[squeeze] - mediawiki <end-of-life>
 	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39184
 	NOTE: http://www.openwall.com/lists/oss-security/2012/08/31/6
-CVE-2012-4380 [Insufficient API for account creation block]
-	RESERVED
+CVE-2012-4380 (MediaWiki before 1.18.5, and 1.19.x before 1.19.2 allows remote ...)
 	- mediawiki 1:1.19.2-1 (bug #686330)
 	[squeeze] - mediawiki <end-of-life>
 	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39824
 	NOTE: http://www.openwall.com/lists/oss-security/2012/08/31/6
-CVE-2012-4379 [CSRF]
-	RESERVED
+CVE-2012-4379 (MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a ...)
 	- mediawiki 1:1.19.2-1 (bug #686330)
 	[squeeze] - mediawiki <end-of-life>
 	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39180


