[Secure-testing-commits] r55705 - data/CVE

Tue Sep 12 21:10:15 UTC 2017

Author: sectracker
Date: 2017-09-12 21:10:15 +0000 (Tue, 12 Sep 2017)
New Revision: 55705

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-09-12 21:03:05 UTC (rev 55704)
+++ data/CVE/list	2017-09-12 21:10:15 UTC (rev 55705)
@@ -1,4 +1,18 @@
-CVE-2017-14348 [Heap buffer overflow in LibRaw::processCanonCameraInfo]
+CVE-2017-14347 (NexusPHP 1.5.beta5.20120707 has XSS in the returnto parameter to ...)
+	TODO: check
+CVE-2017-14346 (upload.php in tianchoy/blog through 2017-09-12 allows unrestricted file ...)
+	TODO: check
+CVE-2017-14345 (SQL Injection exists in tianchoy/blog through 2017-09-12 via the id ...)
+	TODO: check
+CVE-2017-14344 (This vulnerability allows local attackers to escalate privileges on ...)
+	TODO: check
+CVE-2017-14343 (ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in ...)
+	TODO: check
+CVE-2017-14342 (ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ...)
+	TODO: check
+CVE-2017-14341 (ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in ...)
+	TODO: check
+CVE-2017-14348 (LibRaw before 0.18.4 has a heap-based Buffer Overflow in the ...)
 	- libraw <unfixed>
 	NOTE: https://github.com/LibRaw/LibRaw/issues/100
 CVE-2017-14340
@@ -7,8 +21,8 @@
 	RESERVED
 CVE-2017-14338
 	RESERVED
-CVE-2017-14337
-	RESERVED
+CVE-2017-14337 (When MISP before 2.4.80 is configured with X.509 certificate ...)
+	TODO: check
 CVE-2017-14336
 	RESERVED
 CVE-2017-14335 (On Beijing Hanbang Hanbanggaoke devices, because user-controlled input ...)
@@ -53,26 +67,22 @@
 	RESERVED
 CVE-2017-14320
 	RESERVED
-CVE-2017-14319 [insufficient grant unmapping checks for x86 PV guests]
-	RESERVED
+CVE-2017-14319 (A grant unmapping issue was discovered in Xen through 4.9.x. When ...)
 	- xen <unfixed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-234.html
-CVE-2017-14318 [Missing check for grant table]
-	RESERVED
+CVE-2017-14318 (An issue was discovered in Xen 4.5.x through 4.9.x. The function ...)
 	- xen <unfixed>
 	[jessie] - xen <not-affected> (Only affects 4.5 and later)
 	[wheezy] - xen <not-affected> (Only affects 4.5 and later)
 	NOTE: https://xenbits.xen.org/xsa/advisory-232.html
-CVE-2017-14317 [cxenstored: Race in domain cleanup]
-	RESERVED
+CVE-2017-14317 (A domain cleanup issue was discovered in the C xenstore daemon (aka ...)
 	- xen <unfixed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-233.html
-CVE-2017-14316 [Missing NUMA node parameter verification]
-	RESERVED
+CVE-2017-14316 (A parameter verification issue was discovered in Xen through 4.9.x. The ...)
 	- xen <unfixed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-231.html
-CVE-2017-14315
-	RESERVED
+CVE-2017-14315 (In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation ...)
+	TODO: check
 CVE-2017-14314 (Off-by-one error in the DrawImage function in magick/render.c in ...)
 	- graphicsmagick <unfixed>
 	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/2835184bfb78
@@ -523,12 +533,12 @@
 	NOTE: https://blogs.gentoo.org/ago/2017/08/16/openjpeg-heap-based-buffer-overflow-in-opj_mqc_flush-mqc-c/
 	NOTE: https://github.com/uclouvain/openjpeg/commit/afb308b9ccbe129608c9205cf3bb39bbefad90b9
 	NOTE: https://github.com/uclouvain/openjpeg/issues/982
-CVE-2017-1000251 [stack overflow]
+CVE-2017-1000251 (The native Bluetooth stack in the Linux Kernel (BlueZ), starting at ...)
 	- linux <unfixed>
 	NOTE: Fixed by: https://git.kernel.org/linus/e860d2c904d1a9f38a24eb44c9f34b8f915a6ea3
 	NOTE: https://www.armis.com/blueborne/
 	NOTE: https://access.redhat.com/security/vulnerabilities/blueborne
-CVE-2017-1000250 [information leak vulnerability]
+CVE-2017-1000250 (All versions of the SDP server in BlueZ 5.46 and earlier are ...)
 	- bluez <unfixed>
 	NOTE: https://www.armis.com/blueborne/
 CVE-2017-1000249 (An issue in file() was introduced in commit ...)
@@ -15377,8 +15387,8 @@
 	- cgiirc <removed>
 CVE-2017-8919 (NetApp OnCommand API Services before 1.2P3 logs the LDAP BIND password ...)
 	NOT-FOR-US: NetApp
-CVE-2017-8918
-	RESERVED
+CVE-2017-8918 (XXE in Dive Assistant - Template Builder in Blackwave Dive Assistant - ...)
+	TODO: check
 CVE-2017-8917 (SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows ...)
 	NOT-FOR-US: Joomla
 CVE-2017-8916
@@ -94184,8 +94194,7 @@
 	{DSA-3134-1 DLA-148-1}
 	- sympa 6.1.23~dfsg-2
 	NOTE: https://www.sympa.org/security_advisories#security_breaches_in_newsletter_posting
-CVE-2014-9624 [CAPTCHA bypass]
-	RESERVED
+CVE-2014-9624 (CAPTCHA bypass vulnerability in MantisBT before 1.2.19. ...)
 	- mantis <removed> (bug #780875)
 	[wheezy] - mantis <no-dsa> (Minor issue)
 	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
@@ -94233,11 +94242,9 @@
 	NOTE: http://seclists.org/oss-sec/2014/q4/489
 	NOTE: http://seclists.org/oss-sec/2014/q4/507
 	NOTE: http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=450
-CVE-2014-9635 [HttpOnly flag not set]
-	RESERVED
+CVE-2014-9635 (Jenkins before 1.586 does not set the HttpOnly flag in a Set-Cookie ...)
 	- jenkins 1.565.3-3 (bug #769682)
-CVE-2014-9634 [Secure flag not set]
-	RESERVED
+CVE-2014-9634 (Jenkins before 1.586 does not set the secure flag on session cookies ...)
 	- jenkins 1.565.3-3 (bug #769682)
 CVE-2015-1164 (Open redirect vulnerability in the serve-static plugin before 1.7.2 ...)
 	- node-serve-static 1.6.4-2 (unimportant; bug #775843)


