[Secure-testing-commits] r55585 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Fri Sep 8 21:10:15 UTC 2017 

Author: sectracker
Date: 2017-09-08 21:10:15 +0000 (Fri, 08 Sep 2017)
New Revision: 55585

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-09-08 20:07:06 UTC (rev 55584)
+++ data/CVE/list	2017-09-08 21:10:15 UTC (rev 55585)
@@ -1,3 +1,7 @@
+CVE-2017-14221
+	RESERVED
+CVE-2017-14220
+	RESERVED
 CVE-2017-14219 (XSS (persistent) on the Intelbras Wireless N 150Mbps router with ...)
 	NOT-FOR-US: Intelbras Wireless N 150Mbps router
 CVE-2017-14218
@@ -114,8 +118,7 @@
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/9d00fb9d70ee8c0cc7002b89318c5be00f1bbdad
 CVE-2017-14168
 	RESERVED
-CVE-2017-14167 [i386: multiboot OOB access while loading guest kernel image]
-	RESERVED
+CVE-2017-14167 (Integer overflow in the load_multiboot function in hw/i386/multiboot.c ...)
 	- qemu <unfixed> (bug #874606)
 	- qemu-kvm <removed>
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2017-09/msg01483.html
@@ -1033,6 +1036,7 @@
 CVE-2017-13780 (The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows directory ...)
 	NOT-FOR-US: EyesOfNetwork (EON)
 CVE-2017-14032 (ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional ...)
+	{DSA-3967-1}
 	- mbedtls 2.6.0-1 (bug #873557)
 	- polarssl <removed>
 	[jessie] - polarssl <not-affected> (Vulnerable code not present)
@@ -5672,8 +5676,7 @@
 	RESERVED
 CVE-2017-12147
 	RESERVED
-CVE-2017-12146 [driver core: platform: fix race condition with driver_override]
-	RESERVED
+CVE-2017-12146 (The driver_override implementation in drivers/base/platform.c in the ...)
 	- linux 4.11.11-1
 	[jessie] - linux <not-affected> (Vulnerable code introduced later)
 	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
@@ -5856,8 +5859,8 @@
 	RESERVED
 CVE-2017-12072
 	RESERVED
-CVE-2017-12071
-	RESERVED
+CVE-2017-12071 (Server-side request forgery (SSRF) vulnerability in file_upload.php in ...)
+	TODO: check
 CVE-2017-12070
 	RESERVED
 CVE-2017-12069 (An XXE vulnerability has been identified in OPC Foundation UA .NET ...)
@@ -7106,8 +7109,8 @@
 	NOT-FOR-US: Joomla!
 CVE-2016-10401 (ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it ...)
 	NOT-FOR-US: ZyXEL
-CVE-2017-11611
-	RESERVED
+CVE-2017-11611 (Wolf CMS 0.8.3.1 allows Cross-Site Scripting (XSS) attacks. The ...)
+	TODO: check
 CVE-2017-11610 (The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, ...)
 	{DSA-3942-1 DLA-1047-1}
 	- supervisor 3.3.1-1.1 (bug #870187)
@@ -8418,10 +8421,10 @@
 	NOTE: aggregate_graphs.php not available in 0.8.8.
 	NOTE: Upstream claims fix for CVE-2017-10970 also fixes this CVE
 	NOTE: but produced this patch anyway: https://github.com/Cacti/cacti/commit/bf5b1309dcf68578c3bdc4db54112dfb2e8ec4f4
-CVE-2017-11162
-	RESERVED
-CVE-2017-11161
-	RESERVED
+CVE-2017-11162 (Directory traversal vulnerability in synphotoio in Synology Photo ...)
+	TODO: check
+CVE-2017-11161 (Multiple SQL injection vulnerabilities in Synology Photo Station ...)
+	TODO: check
 CVE-2017-11160 (Multiple untrusted search path vulnerabilities in installer in ...)
 	NOT-FOR-US: Installer in Synology Assistant
 CVE-2017-11159 (Multiple untrusted search path vulnerabilities in installer in ...)
@@ -14477,8 +14480,8 @@
 	NOT-FOR-US: Anti-Web
 CVE-2017-9096
 	RESERVED
-CVE-2017-9095
-	RESERVED
+CVE-2017-9095 (XXE in Diving Log 6.0 allows attackers to remotely view local files ...)
+	TODO: check
 CVE-2017-9094 (The lzw_add_to_dict function in imagew-gif.c in libimageworsener.a in ...)
 	NOT-FOR-US: ImageWorsener
 CVE-2017-9093 (The my_skip_input_data_fn function in imagew-jpeg.c in ...)
@@ -34429,8 +34432,8 @@
 	RESERVED
 CVE-2017-2551
 	RESERVED
-CVE-2017-2550
-	RESERVED
+CVE-2017-2550 (Vulnerability in Easy Joomla Backup v3.2.4. The software creates a ...)
+	TODO: check
 CVE-2017-2549 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
 	- webkit2gtk 2.16.3-2 (unimportant)
 	NOTE: Not covered by security support
@@ -38179,68 +38182,48 @@
 	RESERVED
 CVE-2017-0805 (A elevation of privilege vulnerability in the Android media framework ...)
 	NOT-FOR-US: Android media framework
-CVE-2017-0804
-	RESERVED
+CVE-2017-0804 (A elevation of privilege vulnerability in the MediaTek mmc driver. ...)
 	NOT-FOR-US: Mediatek driver for Android
-CVE-2017-0803
-	RESERVED
+CVE-2017-0803 (A elevation of privilege vulnerability in the MediaTek accessory ...)
 	NOT-FOR-US: Mediatek driver for Android
-CVE-2017-0802
-	RESERVED
+CVE-2017-0802 (A elevation of privilege vulnerability in the MediaTek kernel. ...)
 	NOT-FOR-US: Mediatek driver for Android
-CVE-2017-0801
-	RESERVED
+CVE-2017-0801 (A elevation of privilege vulnerability in the MediaTek libmtkomxvdec. ...)
 	NOT-FOR-US: Mediatek driver for Android
-CVE-2017-0800
-	RESERVED
+CVE-2017-0800 (A elevation of privilege vulnerability in the MediaTek teei. Product: ...)
 	NOT-FOR-US: Mediatek driver for Android
-CVE-2017-0799
-	RESERVED
+CVE-2017-0799 (A elevation of privilege vulnerability in the MediaTek lastbus. ...)
 	NOT-FOR-US: Mediatek driver for Android
-CVE-2017-0798
-	RESERVED
+CVE-2017-0798 (A elevation of privilege vulnerability in the MediaTek kernel. ...)
 	NOT-FOR-US: Mediatek driver for Android
-CVE-2017-0797
-	RESERVED
+CVE-2017-0797 (A elevation of privilege vulnerability in the MediaTek accessory ...)
 	NOT-FOR-US: Mediatek driver for Android
-CVE-2017-0796
-	RESERVED
+CVE-2017-0796 (A elevation of privilege vulnerability in the MediaTek auxadc driver. ...)
 	NOT-FOR-US: Mediatek driver for Android
-CVE-2017-0795
-	RESERVED
+CVE-2017-0795 (A elevation of privilege vulnerability in the MediaTek accessory ...)
 	NOT-FOR-US: Mediatek driver for Android
-CVE-2017-0794
-	RESERVED
+CVE-2017-0794 (A elevation of privilege vulnerability in the Upstream kernel scsi ...)
 	NOT-FOR-US: Android kernel on Nexus (probably)
 	NOTE: https://source.android.com/security/bulletin/2017-09-01 doesn't link a public patch, so probably related to some binary-only component on Nexus
-CVE-2017-0793
-	RESERVED
+CVE-2017-0793 (A information disclosure vulnerability in the N/A memory subsystem. ...)
 	NOT-FOR-US: Imagetech driver for Android
-CVE-2017-0792
-	RESERVED
+CVE-2017-0792 (A information disclosure vulnerability in the Broadcom wi-fi driver. ...)
 	NOT-FOR-US: Broadcom driver for Android
-CVE-2017-0791
-	RESERVED
+CVE-2017-0791 (A elevation of privilege vulnerability in the Broadcom wi-fi driver. ...)
 	NOT-FOR-US: Broadcom driver for Android
-CVE-2017-0790
-	RESERVED
+CVE-2017-0790 (A elevation of privilege vulnerability in the Broadcom wi-fi driver. ...)
 	NOT-FOR-US: Broadcom driver for Android
-CVE-2017-0789
-	RESERVED
+CVE-2017-0789 (A elevation of privilege vulnerability in the Broadcom wi-fi driver. ...)
 	NOT-FOR-US: Broadcom driver for Android
-CVE-2017-0788
-	RESERVED
+CVE-2017-0788 (A elevation of privilege vulnerability in the Broadcom wi-fi driver. ...)
 	NOT-FOR-US: Broadcom driver for Android
-CVE-2017-0787
-	RESERVED
+CVE-2017-0787 (A elevation of privilege vulnerability in the Broadcom wi-fi driver. ...)
 	NOT-FOR-US: Broadcom driver for Android
-CVE-2017-0786
-	RESERVED
+CVE-2017-0786 (A elevation of privilege vulnerability in the Broadcom wi-fi driver. ...)
 	NOT-FOR-US: Broadcom driver for Android
 CVE-2017-0785
 	RESERVED
-CVE-2017-0784
-	RESERVED
+CVE-2017-0784 (A elevation of privilege vulnerability in the Android system (nfc). ...)
 	NOT-FOR-US: Android
 CVE-2017-0783
 	RESERVED
@@ -38248,91 +38231,63 @@
 	RESERVED
 CVE-2017-0781
 	RESERVED
-CVE-2017-0780
-	RESERVED
+CVE-2017-0780 (A denial of service vulnerability in the Android runtime (android ...)
 	NOT-FOR-US: Android
-CVE-2017-0779
-	RESERVED
+CVE-2017-0779 (A information disclosure vulnerability in the Android media framework ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2017-0778
-	RESERVED
+CVE-2017-0778 (A information disclosure vulnerability in the Android media framework ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2017-0777
-	RESERVED
+CVE-2017-0777 (A information disclosure vulnerability in the Android media framework ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2017-0776
-	RESERVED
+CVE-2017-0776 (A information disclosure vulnerability in the Android media framework ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2017-0775
-	RESERVED
+CVE-2017-0775 (A denial of service vulnerability in the Android media framework ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2017-0774
-	RESERVED
+CVE-2017-0774 (A denial of service vulnerability in the Android media framework ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2017-0773
-	RESERVED
+CVE-2017-0773 (A denial of service vulnerability in the Android media framework ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2017-0772
-	RESERVED
+CVE-2017-0772 (A denial of service vulnerability in the Android media framework ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2017-0771
-	RESERVED
+CVE-2017-0771 (A denial of service vulnerability in the Android media framework ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2017-0770
-	RESERVED
+CVE-2017-0770 (A elevation of privilege vulnerability in the Android media framework ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2017-0769
-	RESERVED
+CVE-2017-0769 (A elevation of privilege vulnerability in the Android media framework ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2017-0768
-	RESERVED
+CVE-2017-0768 (A elevation of privilege vulnerability in the Android media framework ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2017-0767
-	RESERVED
+CVE-2017-0767 (A elevation of privilege vulnerability in the Android media framework ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2017-0766
-	RESERVED
+CVE-2017-0766 (A remote code execution vulnerability in the Android media framework ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2017-0765
-	RESERVED
+CVE-2017-0765 (A remote code execution vulnerability in the Android media framework ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2017-0764
-	RESERVED
+CVE-2017-0764 (A remote code execution vulnerability in the Android media framework ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2017-0763
-	RESERVED
+CVE-2017-0763 (A remote code execution vulnerability in the Android media framework ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2017-0762
-	RESERVED
+CVE-2017-0762 (A remote code execution vulnerability in the Android media framework ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2017-0761
-	RESERVED
+CVE-2017-0761 (A remote code execution vulnerability in the Android media framework ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2017-0760
-	RESERVED
+CVE-2017-0760 (A remote code execution vulnerability in the Android media framework ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2017-0759
-	RESERVED
+CVE-2017-0759 (A remote code execution vulnerability in the Android media framework ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2017-0758
-	RESERVED
+CVE-2017-0758 (A remote code execution vulnerability in the Android media framework ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2017-0757
-	RESERVED
+CVE-2017-0757 (A remote code execution vulnerability in the Android media framework ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2017-0756
-	RESERVED
+CVE-2017-0756 (A remote code execution vulnerability in the Android media framework ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2017-0755
-	RESERVED
+CVE-2017-0755 (A elevation of privilege vulnerability in the Android libraries ...)
 	NOT-FOR-US: Android
 CVE-2017-0754
 	RESERVED
-CVE-2017-0753
-	RESERVED
+CVE-2017-0753 (A remote code execution vulnerability in the Android libraries ...)
 	NOT-FOR-US: Android
-CVE-2017-0752
-	RESERVED
+CVE-2017-0752 (A elevation of privilege vulnerability in the Android framework ...)
 	NOT-FOR-US: Android
 CVE-2017-0751
 	RESERVED
@@ -52315,8 +52270,8 @@
 	NOT-FOR-US: Novell GroupWise
 CVE-2016-5760 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
 	NOT-FOR-US: Novell GroupWise
-CVE-2016-5759
-	RESERVED
+CVE-2016-5759 (The mkdumprd script called "dracut" in the current working directory ...)
+	TODO: check
 CVE-2016-5758 (A cross site request forgery protection mechanism in NetIQ Access ...)
 	NOT-FOR-US: NetIQ
 CVE-2016-5757 (iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix ...)
@@ -164570,8 +164525,8 @@
 	NOT-FOR-US: Novell Messenger
 CVE-2011-3178
 	RESERVED
-CVE-2011-3177
-	RESERVED
+CVE-2011-3177 (The YaST2 network created files with world readable permissions which ...)
+	TODO: check
 CVE-2011-3176 (Stack-based buffer overflow in the Preboot Service in Novell ZENworks ...)
 	NOT-FOR-US: Novell ZENworks Configuration Management
 CVE-2011-3175 (Stack-based buffer overflow in the Preboot Service in Novell ZENworks ...)

More information about the Secure-testing-commits mailing list