[Secure-testing-commits] r56263 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Fri Sep 29 21:10:14 UTC 2017
Author: sectracker
Date: 2017-09-29 21:10:14 +0000 (Fri, 29 Sep 2017)
New Revision: 56263
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-09-29 21:06:39 UTC (rev 56262)
+++ data/CVE/list 2017-09-29 21:10:14 UTC (rev 56263)
@@ -1,3 +1,33 @@
+CVE-2017-14949
+ RESERVED
+CVE-2017-14948
+ RESERVED
+CVE-2017-14947 (Artifex GSView 6.0 Beta on Windows allows attackers to execute ...)
+ TODO: check
+CVE-2017-14946 (Artifex GSView 6.0 Beta on Windows allows attackers to cause a denial ...)
+ TODO: check
+CVE-2017-14945 (Artifex GSView 6.0 Beta on Windows allows attackers to cause a denial ...)
+ TODO: check
+CVE-2017-14944 (Inedo ProGet before 4.7.14 does not properly address dangerous package ...)
+ TODO: check
+CVE-2017-14943
+ RESERVED
+CVE-2017-14942 (Intelbras WRN 150 devices allow remote attackers to read the ...)
+ TODO: check
+CVE-2017-14941
+ RESERVED
+CVE-2017-14940 (scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) ...)
+ TODO: check
+CVE-2017-14939 (decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) ...)
+ TODO: check
+CVE-2017-14938 (_bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor ...)
+ TODO: check
+CVE-2017-14937
+ RESERVED
+CVE-2017-14936
+ RESERVED
+CVE-2016-10512 (MultiTech FaxFinder before 4.1.2 stores Passwords unencrypted for ...)
+ TODO: check
CVE-2017-14935 (Pulse Secure Pulse One On-Premise 2.0.1649 and below does not properly ...)
NOT-FOR-US: Pulse Secure
CVE-2017-14934 (process_debug_info in dwarf.c in the Binary File Descriptor (BFD) ...)
@@ -564,8 +594,8 @@
NOT-FOR-US: Claydip Laravel Airbnb Clone
CVE-2017-14703 (SQL injection vulnerability in Cash Back Comparison Script 1.0 allows ...)
NOT-FOR-US: Cash Back Comparison Script
-CVE-2017-14702
- RESERVED
+CVE-2017-14702 (ERS Data System 1.8.1.0 allows remote attackers to execute arbitrary ...)
+ TODO: check
CVE-2017-14701
RESERVED
CVE-2017-14700
@@ -773,8 +803,8 @@
NOT-FOR-US: 2kb Amazon Affiliates Store plugin for WordPress
CVE-2017-14621 (Portus 2.2.0 has XSS via the Team field, related to typeahead. ...)
NOT-FOR-US: Portus
-CVE-2017-14620
- RESERVED
+CVE-2017-14620 (SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP ...)
+ TODO: check
CVE-2017-14619 (Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 ...)
NOT-FOR-US: phpMyFAQ
CVE-2017-14618 (Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ ...)
@@ -876,8 +906,8 @@
RESERVED
CVE-2017-14583
RESERVED
-CVE-2017-14582
- RESERVED
+CVE-2017-14582 (The Zoho Site24x7 Mobile Network Poller application before 1.1.5 for ...)
+ TODO: check
CVE-2017-XXXX [pcb code injection by malicious layout file]
- pcb-rnd 1.2.5-2 (bug #876540)
[stretch] - pcb-rnd <no-dsa> (Minor issue)
@@ -1470,14 +1500,14 @@
RESERVED
CVE-2017-14353
RESERVED
-CVE-2017-14352
- RESERVED
-CVE-2017-14351
- RESERVED
-CVE-2017-14350
- RESERVED
-CVE-2017-14349
- RESERVED
+CVE-2017-14352 (A potential security vulnerability has been identified in HP UCMDB ...)
+ TODO: check
+CVE-2017-14351 (A potential security vulnerability has been identified in HP UCMDB ...)
+ TODO: check
+CVE-2017-14350 (A potential security vulnerability has been identified in HPE ...)
+ TODO: check
+CVE-2017-14349 (An authentication vulnerability in HPE SiteScope product versions ...)
+ TODO: check
CVE-2015-9230 (In the admin/db-backup-security/db-backup-security.php page in the ...)
NOT-FOR-US: Wordpress plugin
CVE-2015-9229 (In the nggallery-manage-gallery page in the Photocrati NextGEN Gallery ...)
@@ -2139,6 +2169,7 @@
NOTE: https://github.com/ImageMagick/ImageMagick/commit/cb63560ba25e4a6c51ab282538c24877fff7d471
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/cfc2bd4c87481d4cf60308cc6ffd3c61288ff004
CVE-2017-14136 (OpenCV (Open Source Computer Vision Library) 3.3 has an out-of-bounds ...)
+ {DLA-1117-1}
- opencv <unfixed>
NOTE: https://github.com/opencv/opencv/issues/9443
NOTE: https://github.com/opencv/opencv/pull/9448
@@ -2538,26 +2569,26 @@
RESERVED
CVE-2017-13992
RESERVED
-CVE-2017-13991
- RESERVED
-CVE-2017-13990
- RESERVED
-CVE-2017-13989
- RESERVED
-CVE-2017-13988
- RESERVED
-CVE-2017-13987
- RESERVED
-CVE-2017-13986
- RESERVED
-CVE-2017-13985
- RESERVED
-CVE-2017-13984
- RESERVED
-CVE-2017-13983
- RESERVED
-CVE-2017-13982
- RESERVED
+CVE-2017-13991 (An information leakage vulnerability in ArcSight ESM and ArcSight ESM ...)
+ TODO: check
+CVE-2017-13990 (An information leakage vulnerability in ArcSight ESM and ArcSight ESM ...)
+ TODO: check
+CVE-2017-13989 (An improper access control vulnerability in ArcSight ESM and ArcSight ...)
+ TODO: check
+CVE-2017-13988 (An improper access control vulnerability in ArcSight ESM and ArcSight ...)
+ TODO: check
+CVE-2017-13987 (An insufficient access control vulnerability in ArcSight ESM and ...)
+ TODO: check
+CVE-2017-13986 (A reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM ...)
+ TODO: check
+CVE-2017-13985 (An authentication vulnerability in HPE BSM Platform Application ...)
+ TODO: check
+CVE-2017-13984 (An authentication vulnerability in HPE BSM Platform Application ...)
+ TODO: check
+CVE-2017-13983 (An authentication vulnerability in HPE BSM Platform Application ...)
+ TODO: check
+CVE-2017-13982 (A directory traversal vulnerability in HPE BSM Platform Application ...)
+ TODO: check
CVE-2017-13981
RESERVED
CVE-2017-13980
@@ -3404,8 +3435,8 @@
NOTE: https://sqlite.org/src/info/02f0f4c54f2819b3
NOTE: http://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg105314.html
NOTE: Crash in the command-line shell program, not the the core SQLite library.
-CVE-2017-13684
- RESERVED
+CVE-2017-13684 (Unisys Libra 64xx and 84xx and FS601 class systems with MCP-FIRMWARE ...)
+ TODO: check
CVE-2017-13683
RESERVED
CVE-2017-13682
@@ -5834,12 +5865,15 @@
- connman 1.35-1 (bug #872844)
NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=5c281d182ecdd0a424b64f7698f32467f8f67b71 (1.35)
CVE-2017-12864 (In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ReadNumber did ...)
+ {DLA-1117-1}
- opencv <unfixed> (bug #875345)
NOTE: https://github.com/opencv/opencv/issues/9372
CVE-2017-12863 (In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ...)
+ {DLA-1117-1}
- opencv <unfixed> (bug #875344)
NOTE: https://github.com/opencv/opencv/issues/9371
CVE-2017-12862 (In modules/imgcodecs/src/grfmt_pxm.cpp, the length of buffer ...)
+ {DLA-1117-1}
- opencv <unfixed> (bug #875342)
NOTE: https://github.com/opencv/opencv/issues/9370
CVE-2017-12861
@@ -6563,15 +6597,19 @@
CVE-2016-10404 (XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted redirect ...)
NOT-FOR-US: Liferay Portal
CVE-2017-12606 (OpenCV (Open Source Computer Vision Library) through 3.3 has an ...)
+ {DLA-1117-1}
- opencv <unfixed> (bug #872044)
NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12605 (OpenCV (Open Source Computer Vision Library) through 3.3 has an ...)
+ {DLA-1117-1}
- opencv <unfixed> (bug #872044)
NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12604 (OpenCV (Open Source Computer Vision Library) through 3.3 has an ...)
+ {DLA-1117-1}
- opencv <unfixed> (bug #872044)
NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12603 (OpenCV (Open Source Computer Vision Library) through 3.3 has an invalid ...)
+ {DLA-1117-1}
- opencv <unfixed> (bug #872044)
NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12602 (OpenCV (Open Source Computer Vision Library) through 3.3 has a denial ...)
@@ -6579,6 +6617,7 @@
[wheezy] - opencv <ignored> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9311
CVE-2017-12601 (OpenCV (Open Source Computer Vision Library) through 3.3 has a buffer ...)
+ {DLA-1117-1}
- opencv <unfixed> (bug #872044)
NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12600 (OpenCV (Open Source Computer Vision Library) through 3.3 has a denial ...)
@@ -6586,12 +6625,15 @@
[wheezy] - opencv <ignored> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9311
CVE-2017-12599 (OpenCV (Open Source Computer Vision Library) through 3.3 has an ...)
+ {DLA-1117-1}
- opencv <unfixed> (bug #872044)
NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12598 (OpenCV (Open Source Computer Vision Library) through 3.3 has an ...)
+ {DLA-1117-1}
- opencv <unfixed> (bug #872044)
NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12597 (OpenCV (Open Source Computer Vision Library) through 3.3 has an ...)
+ {DLA-1117-1}
- opencv <unfixed> (bug #872044)
NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12596 (In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read ...)
@@ -8717,7 +8759,7 @@
CVE-2017-11715 (job/uploadfile_save.php in MetInfo through 5.3.17 blocks the .php ...)
NOT-FOR-US: MetInfo
CVE-2017-11714 (psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the ...)
- {DLA-1048-1}
+ {DSA-3986-1 DLA-1048-1}
[experimental] - ghostscript 9.22~~rc1~dfsg-1
- ghostscript <unfixed> (bug #869977)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698158
@@ -12550,7 +12592,7 @@
CVE-2017-9836 (Cross-site scripting (XSS) vulnerability in Piwigo 2.9.1 allows remote ...)
- piwigo <removed>
CVE-2017-9835 (The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript ...)
- {DLA-1048-1}
+ {DSA-3986-1 DLA-1048-1}
[experimental] - ghostscript 9.22~~rc1~dfsg-1
- ghostscript <unfixed> (bug #869907)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697985
@@ -14417,7 +14459,7 @@
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698064
NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=961b10cdd71403072fb99401a45f3bef6ce53626
CVE-2017-9739 (The Ins_JMPR function in base/ttinterp.c in Artifex Ghostscript ...)
- {DLA-1048-1}
+ {DSA-3986-1 DLA-1048-1}
[experimental] - ghostscript 9.22~~rc1~dfsg-1
- ghostscript <unfixed> (bug #869910)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698063
@@ -14449,13 +14491,13 @@
CVE-2017-9728 (In uClibc 0.9.33.2, there is an out-of-bounds read in the get_subexp ...)
- uclibc <unfixed> (unimportant)
CVE-2017-9727 (The gx_ttfReader__Read function in base/gxttfb.c in Artifex Ghostscript ...)
- {DLA-1048-1}
+ {DSA-3986-1 DLA-1048-1}
[experimental] - ghostscript 9.22~~rc1~dfsg-1
- ghostscript <unfixed> (bug #869913)
NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=698056
NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=937ccd17ac65935633b2ebc06cb7089b91e17e6b (ghostpdl-9.22rc1)
CVE-2017-9726 (The Ins_MDRP function in base/ttinterp.c in Artifex Ghostscript ...)
- {DLA-1048-1}
+ {DSA-3986-1 DLA-1048-1}
[experimental] - ghostscript 9.22~~rc1~dfsg-1
- ghostscript <unfixed> (bug #869915)
NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=698055
@@ -14733,13 +14775,13 @@
CVE-2017-9613 (Stored Cross-site scripting (XSS) vulnerability in SAP SuccessFactors ...)
NOT-FOR-US: SAP SuccessFactors
CVE-2017-9612 (The Ins_IP function in base/ttinterp.c in Artifex Ghostscript GhostXPS ...)
- {DLA-1048-1}
+ {DSA-3986-1 DLA-1048-1}
[experimental] - ghostscript 9.22~~rc1~dfsg-1
- ghostscript <unfixed> (bug #869916)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698026
NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=98f6da60b9d463c617e631fc254cf6d66f2e8e3c (ghostpdl-9.22rc1)
CVE-2017-9611 (The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript ...)
- {DLA-1048-1}
+ {DSA-3986-1 DLA-1048-1}
[experimental] - ghostscript 9.22~~rc1~dfsg-1
- ghostscript <unfixed> (bug #869917)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698024
@@ -59573,8 +59615,7 @@
NOTE: https://struts.apache.org/docs/s2-035.html
CVE-2016-4435 (An endpoint of the Agent running on the BOSH Director VM with stemcell ...)
NOT-FOR-US: BOSH
-CVE-2016-4434 [XML External Entity vulnerability]
- RESERVED
+CVE-2016-4434 (Apache Tika before 1.13 does not properly initialize the XML parser or ...)
- tika <unfixed> (bug #825501)
[jessie] - tika <no-dsa> (Minor issue, no standard alone package, just a reverse dependency of jmeter)
CVE-2016-4433 (Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to ...)
@@ -68996,6 +69037,7 @@
NOTE: https://arxiv.org/pdf/1701.04739.pdf
NOTE: https://github.com/opencv/opencv/issues/5956
CVE-2016-1516 (OpenCV 3.0.0 has a double free issue that allows attackers to execute ...)
+ {DLA-1117-1}
- opencv <unfixed> (bug #872043)
NOTE: https://arxiv.org/pdf/1701.04739.pdf
NOTE: https://github.com/opencv/opencv/issues/5956
More information about the Secure-testing-commits
mailing list