[Secure-testing-commits] r56002 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Fri Sep 22 09:10:12 UTC 2017 

Author: sectracker
Date: 2017-09-22 09:10:12 +0000 (Fri, 22 Sep 2017)
New Revision: 56002

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-09-22 08:46:43 UTC (rev 56001)
+++ data/CVE/list	2017-09-22 09:10:12 UTC (rev 56002)
@@ -1,7 +1,101 @@
+CVE-2017-14701
+	RESERVED
+CVE-2017-14700
+	RESERVED
+CVE-2017-14699
+	RESERVED
+CVE-2017-14698
+	RESERVED
+CVE-2017-14697
+	RESERVED
+CVE-2017-14696
+	RESERVED
+CVE-2017-14695
+	RESERVED
+CVE-2017-14694
+	RESERVED
+CVE-2017-14693 (IrfanView 4.44 - 32bit allows attackers to cause a denial of service or ...)
+	TODO: check
+CVE-2017-14692 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
+	TODO: check
+CVE-2017-14691 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
+	TODO: check
+CVE-2017-14690 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
+	TODO: check
+CVE-2017-14689 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
+	TODO: check
+CVE-2017-14688 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
+	TODO: check
+CVE-2017-14687 (Artifex MuPDF 1.11 allows attackers to cause a denial of service or ...)
+	TODO: check
+CVE-2017-14686 (Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause ...)
+	TODO: check
+CVE-2017-14685 (Artifex MuPDF 1.11 allows attackers to cause a denial of service or ...)
+	TODO: check
+CVE-2017-14684 (In ImageMagick 7.0.7-4 Q16, a memory leak vulnerability was found in ...)
+	TODO: check
+CVE-2017-14683
+	RESERVED
+CVE-2017-14682 (GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote ...)
+	TODO: check
+CVE-2017-14681 (The daemon in P3Scan 3.0_rc1 and earlier creates a p3scan.pid file ...)
+	TODO: check
+CVE-2017-14680 (ZKTeco ZKTime Web 2.0.1.12280 allows remote attackers to obtain ...)
+	TODO: check
+CVE-2017-14679
+	RESERVED
+CVE-2017-14678
+	RESERVED
+CVE-2017-14677
+	RESERVED
+CVE-2017-14676
+	RESERVED
+CVE-2017-14675
+	RESERVED
+CVE-2017-14674
+	RESERVED
+CVE-2017-14673
+	RESERVED
+CVE-2017-14672
+	RESERVED
+CVE-2017-14671
+	RESERVED
+CVE-2017-14670
+	RESERVED
+CVE-2017-14669
+	RESERVED
+CVE-2017-14668
+	RESERVED
+CVE-2017-14667
+	RESERVED
+CVE-2017-14666
+	RESERVED
+CVE-2017-14665
+	RESERVED
+CVE-2017-14664
+	RESERVED
+CVE-2017-14663
+	RESERVED
+CVE-2017-14662
+	RESERVED
+CVE-2017-14661
+	RESERVED
+CVE-2017-14660
+	RESERVED
+CVE-2017-14659
+	RESERVED
+CVE-2017-14658
+	RESERVED
+CVE-2017-14657
+	RESERVED
+CVE-2017-14656
+	RESERVED
+CVE-2017-14655
+	RESERVED
 CVE-2017-14654
 	RESERVED
-CVE-2017-14653
-	RESERVED
+CVE-2017-14653 (member/Orderinfo.asp in ASP4CMS AspCMS 2.7.2 allows remote ...)
+	TODO: check
 CVE-2017-14652 (SQL Injection vulnerability in mobiquo/lib/classTTForum.php in the ...)
 	NOT-FOR-US: Tapatalk plugin for MyBB
 CVE-2017-14651 (WSO2 Data Analytics Server 3.1.0 has XSS in ...)
@@ -33,10 +127,10 @@
 	NOT-FOR-US: Bento4
 CVE-2017-14638 (AP4_AtomFactory::CreateAtomFromStream in Core/Ap4AtomFactory.cpp in ...)
 	NOT-FOR-US: Bento4
-CVE-2017-14637
-	RESERVED
-CVE-2017-14636
-	RESERVED
+CVE-2017-14637 (In sam2p 0.49.3, there is an invalid read of size 2 in the parse_rgb ...)
+	TODO: check
+CVE-2017-14636 (Because of an integer overflow in sam2p 0.49.3, a loop executes ...)
+	TODO: check
 CVE-2017-14635 (In Open Ticket Request System (OTRS) 3.3.x before 3.3.18, 4.x before ...)
 	- otrs2 <unfixed>
 	NOTE: https://www.otrs.com/security-advisory-2017-04-security-update-otrs-versions/
@@ -403,7 +497,7 @@
 	- libarchive <unfixed> (bug #875966)
 	NOTE: https://github.com/libarchive/libarchive/issues/949
 CVE-2017-14500 (Improper Neutralization of Special Elements used in an OS Command in ...)
-	{DSA-3977-1}
+	{DSA-3977-1 DLA-1104-1}
 	- newsbeuter 2.9-7 (bug #876004)
 	NOTE: http://openwall.com/lists/oss-security/2017/09/16/1
 	NOTE: newsbeuter-2.9.x: https://github.com/akrennmair/newsbeuter/commit/26f5a4350f3ab5507bb8727051c87bb04660f333
@@ -15074,12 +15168,12 @@
 	RESERVED
 CVE-2017-9284
 	RESERVED
-CVE-2017-9283
-	RESERVED
-CVE-2017-9282
-	RESERVED
-CVE-2017-9281
-	RESERVED
+CVE-2017-9283 (An out-of-bounds read (CWE-125) vulnerability exists in Micro Focus ...)
+	TODO: check
+CVE-2017-9282 (An integer overflow (CWE-190) led to an out-of-bounds write (CWE-787) ...)
+	TODO: check
+CVE-2017-9281 (An integer overflow (CWE-190) potentially causing an out-of-bounds ...)
+	TODO: check
 CVE-2017-9280
 	RESERVED
 CVE-2017-9279
@@ -18607,8 +18701,8 @@
 	RESERVED
 CVE-2017-8013
 	RESERVED
-CVE-2017-8012
-	RESERVED
+CVE-2017-8012 (In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS ...)
+	TODO: check
 CVE-2017-8011 (EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R for SAS Solution ...)
 	NOT-FOR-US: EMC
 CVE-2017-8010
@@ -18617,8 +18711,8 @@
 	RESERVED
 CVE-2017-8008
 	RESERVED
-CVE-2017-8007
-	RESERVED
+CVE-2017-8007 (In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS ...)
+	TODO: check
 CVE-2017-8006 (In EMC RSA Authentication Manager 8.2 SP1 Patch 1 and earlier, a ...)
 	NOT-FOR-US: EMC
 CVE-2017-8005 (The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and ...)
@@ -62237,7 +62331,7 @@
 	NOT-FOR-US: ovirt-engine
 CVE-2016-3112 (client/consumer/cli.py in Pulp before 2.8.3 writes consumer private ...)
 	NOT-FOR-US: Pulp (Red Hat)
-CVE-2016-3111 (pulp.spec in Pulp 2.8.3 allows local users to read generated RSA keys. ...)
+CVE-2016-3111 (pulp.spec in the installation process for Pulp 2.8.3 generates the RSA ...)
 	NOT-FOR-US: Pulp (Red Hat)
 CVE-2016-3110 (mod_cluster, as used in Red Hat JBoss Web Server 2.1, allows remote ...)
 	- libapache2-mod-cluster <itp> (bug #731410)

More information about the Secure-testing-commits mailing list