[Secure-testing-commits] r57041 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Fri Oct 27 21:10:32 UTC 2017
Author: sectracker
Date: 2017-10-27 21:10:32 +0000 (Fri, 27 Oct 2017)
New Revision: 57041
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-27 19:59:54 UTC (rev 57040)
+++ data/CVE/list 2017-10-27 21:10:32 UTC (rev 57041)
@@ -1,3 +1,33 @@
+CVE-2017-15939
+ RESERVED
+CVE-2017-15938
+ RESERVED
+CVE-2017-15937 (Artica Pandora FMS version 7.0 leaks a full installation pathname via ...)
+ TODO: check
+CVE-2017-15936 (In Artica Pandora FMS version 7.0, an Attacker with write Permission ...)
+ TODO: check
+CVE-2017-15935 (Artica Pandora FMS version 7.0 is vulnerable to remote PHP code ...)
+ TODO: check
+CVE-2017-15934 (Artica Pandora FMS version 7.0 is vulnerable to stored Cross-Site ...)
+ TODO: check
+CVE-2017-15933 (SQL injection vulnerability vulnerability in the EyesOfNetwork web ...)
+ TODO: check
+CVE-2017-15932 (In radare2 2.0.1, an integer exception (negative number leading to an ...)
+ TODO: check
+CVE-2017-15931 (In radare2 2.0.1, an integer exception (negative number leading to an ...)
+ TODO: check
+CVE-2017-15930 (In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null ...)
+ TODO: check
+CVE-2017-15929
+ RESERVED
+CVE-2017-15928 (In the Ox gem 2.8.0 for Ruby, the process crashes with a segmentation ...)
+ TODO: check
+CVE-2017-15927
+ RESERVED
+CVE-2017-15926
+ RESERVED
+CVE-2017-15925
+ RESERVED
CVE-2017-15923
RESERVED
CVE-2017-15922 (In GNU Libextractor 1.4, there is an out-of-bounds read in the ...)
@@ -493,7 +523,7 @@
RESERVED
CVE-2017-15691
RESERVED
-CVE-2017-15924 [shadowsocks-libev command execution]
+CVE-2017-15924 (In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing ...)
- shadowsocks-libev 3.1.0+ds-2
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-010-shadowsocks-libev/
NOTE: https://github.com/shadowsocks/shadowsocks-libev/issues/1734
@@ -722,10 +752,10 @@
RESERVED
CVE-2017-15583 (The embedded web server on ABB Fox515T 1.0 devices is vulnerable to ...)
NOT-FOR-US: ABB Fox515T 1.0 devices
-CVE-2017-15582
- RESERVED
-CVE-2017-15581
- RESERVED
+CVE-2017-15582 (In net.MCrypt in the "Diary with lock" (aka WriteDiary) application ...)
+ TODO: check
+CVE-2017-15581 (In the "Diary with lock" (aka WriteDiary) application 4.72 for Android, ...)
+ TODO: check
CVE-2017-15580 (osTicket 1.10.1 provides a functionality to upload 'html' files with ...)
NOT-FOR-US: osTicket
CVE-2017-15579 (In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via an ...)
@@ -2007,7 +2037,7 @@
NOTE: https://pagure.io/koji/issue/563
NOTE: https://pagure.io/koji/c/ba7b5a3cbed11ade11c3af5e834c9a6de4f6d7c3
CVE-2017-1000257 [curl: IMAP FETCH response out of bounds read]
- {DLA-1143-1}
+ {DSA-4007-1 DLA-1143-1}
- curl 7.56.1-1
NOTE: https://curl.haxx.se/docs/adv_20171023.html
CVE-2017-1000256 [LSN-2017-0002: TLS certificate verification disabled for clients]
@@ -2098,6 +2128,7 @@
NOTE: https://golang.org/cl/68210
NOTE: https://groups.google.com/d/msg/golang-dev/RinSE3EiJBI/kYL7zb07AgAJ
CVE-2017-15041 (Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command ...)
+ {DLA-1148-1}
- golang-1.9 1.9.1-1
- golang-1.8 1.8.4-1
[stretch] - golang-1.8 <ignored> (Minor issue)
@@ -4610,8 +4641,8 @@
RESERVED
CVE-2017-14183
RESERVED
-CVE-2017-14182
- RESERVED
+CVE-2017-14182 (A Denial of Service (DoS) vulnerability in Fortinet FortiOS 5.4.0 to ...)
+ TODO: check
CVE-2017-14180
RESERVED
CVE-2017-14179
@@ -7312,12 +7343,10 @@
RESERVED
CVE-2017-13091
RESERVED
-CVE-2017-13090
- RESERVED
+CVE-2017-13090 (The retr.c:fd_read_body() function is called when processing OK ...)
- wget <unfixed> (bug #879957)
NOTE: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=ba6b44f6745b14dce414761a8e4b35d31b176bba
-CVE-2017-13089
- RESERVED
+CVE-2017-13089 (The http.c:skip_short_body() function is called in some circumstances, ...)
- wget <unfixed> (bug #879957)
NOTE: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=d892291fb8ace4c3b734ea5125770989c215df3f
CVE-2017-13088 (Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows ...)
@@ -14107,7 +14136,7 @@
RESERVED
CVE-2017-10956
RESERVED
-CVE-2017-10955 (This vulnerability allows remote attackers to execute arbitrary code ...)
+CVE-2017-10955 (** DISPUTED ** This vulnerability allows remote attackers to execute ...)
NOT-FOR-US: EMC
CVE-2017-10954
RESERVED
@@ -20462,7 +20491,7 @@
NOT-FOR-US: BE126 WIFI repeater
CVE-2017-8770 (There is LFD (local file disclosure) on BE126 WIFI repeater 1.0 ...)
NOT-FOR-US: BE126 WIFI repeater
-CVE-2017-8769 (** DISPUTED ** Facebook WhatsApp Messenger 2.17.146 for Android uses ...)
+CVE-2017-8769 (** DISPUTED ** Facebook WhatsApp Messenger before 2.16.323 for Android ...)
NOT-FOR-US: WhatsApp Messenger
CVE-2017-8768 (Atlassian SourceTree v2.5c and prior are affected by a command ...)
NOT-FOR-US: Atlassian SourceTree
@@ -23547,8 +23576,8 @@
NOT-FOR-US: Fortinet FortiOS
CVE-2017-7734 (A Cross-Site Scripting vulnerability in Fortinet FortiOS versions ...)
NOT-FOR-US: Fortinet FortiOS
-CVE-2017-7733
- RESERVED
+CVE-2017-7733 (A Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.4.0 ...)
+ TODO: check
CVE-2017-7732 (A reflected Cross-Site Scripting (XSS) vulnerability in Fortinet ...)
NOT-FOR-US: Fortinet
CVE-2017-7731 (A weak password recovery vulnerability in Fortinet FortiPortal ...)
@@ -28672,20 +28701,20 @@
NOT-FOR-US: F5 BIG-IP
CVE-2017-6164
RESERVED
-CVE-2017-6163
- RESERVED
-CVE-2017-6162
- RESERVED
-CVE-2017-6161
- RESERVED
-CVE-2017-6160
- RESERVED
-CVE-2017-6159
- RESERVED
+CVE-2017-6163 (In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, PSM ...)
+ TODO: check
+CVE-2017-6162 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, ...)
+ TODO: check
+CVE-2017-6161 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, ...)
+ TODO: check
+CVE-2017-6160 (In F5 BIG-IP AAM and PEM software version 12.0.0 to 12.1.1, 11.6.0 to ...)
+ TODO: check
+CVE-2017-6159 (F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link ...)
+ TODO: check
CVE-2017-6158
RESERVED
-CVE-2017-6157
- RESERVED
+CVE-2017-6157 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link ...)
+ TODO: check
CVE-2017-6156
RESERVED
CVE-2017-6155
@@ -46419,8 +46448,8 @@
NOT-FOR-US: F5
CVE-2017-0304
RESERVED
-CVE-2017-0303
- RESERVED
+CVE-2017-0303 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link ...)
+ TODO: check
CVE-2017-0302 (In F5 BIG-IP APM 12.0.0 through 12.1.2 and 13.0.0, an authenticated ...)
NOT-FOR-US: F5
CVE-2017-0301
@@ -60806,11 +60835,9 @@
NOT-FOR-US: Apache Archiva
CVE-2016-5004 (The Content-Encoding HTTP header feature in ws-xmlrpc 3.1.3 as used in ...)
NOT-FOR-US: Apache Archiva
-CVE-2016-5003
- RESERVED
+CVE-2016-5003 (The Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache ...)
NOT-FOR-US: Apache Archiva
-CVE-2016-5002
- RESERVED
+CVE-2016-5002 (XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ...)
NOT-FOR-US: Apache Archiva
CVE-2016-5001 (This is an information disclosure vulnerability in Apache Hadoop ...)
- hadoop <itp> (bug #793644)
@@ -96141,8 +96168,7 @@
RESERVED
CVE-2015-1836 (Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before ...)
NOT-FOR-US: Apache HBase
-CVE-2015-1835
- RESERVED
+CVE-2015-1835 (Apache Cordova Android before 3.7.2 and 4.x before 4.0.2, when an ...)
NOT-FOR-US: Apache Cordova
CVE-2015-1834 (A path traversal vulnerability was identified in the Cloud Foundry ...)
NOT-FOR-US: Cloud Foundry
@@ -117290,8 +117316,7 @@
[wheezy] - linux 3.2.63-1
- linux-2.6 <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=350b8bdd689cd2ab2c67c8a86a0be86cfa0751a7
-CVE-2014-3600
- RESERVED
+CVE-2014-3600 (XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before ...)
- activemq 5.6.0+dfsg1-4 (low; bug #777196)
[wheezy] - activemq 5.6.0+dfsg-1+deb7u1
NOTE: http://activemq.apache.org/security-advisories.data/CVE-2014-3600-announcement.txt
@@ -117373,8 +117398,7 @@
{DSA-3107-1 DLA-119-1}
- subversion 1.8.10-5 (bug #773263)
NOTE: http://subversion.apache.org/security/CVE-2014-3580-advisory.txt
-CVE-2014-3579
- RESERVED
+CVE-2014-3579 (XML external entity (XXE) vulnerability in Apache ActiveMQ Apollo 1.x ...)
NOT-FOR-US: Apache ActiveMQ Apollo
CVE-2014-3578 (Directory traversal vulnerability in Pivotal Spring Framework 3.x ...)
- libspring-java 3.2.13-1 (low; bug #760733)
More information about the Secure-testing-commits
mailing list