diff options
author | security tracker role <sectracker@debian.org> | 2017-10-03 21:10:13 +0000 |
---|---|---|
committer | security tracker role <sectracker@debian.org> | 2017-10-03 21:10:13 +0000 |
commit | fdf69486eba567d37ca7194c081f0b1b125c4250 (patch) | |
tree | fe2d98fa1de58865bffb4cb9d33f9079cd8711f1 | |
parent | 71f4eb3668ea3fab785a692319e2c11a7c0e6dbc (diff) |
automatic update
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@56385 e39458fd-73e7-0310-bf30-c45bca0a0e42
-rw-r--r-- | data/CVE/2008.list | 4 | ||||
-rw-r--r-- | data/CVE/2017.list | 66 |
2 files changed, 48 insertions, 22 deletions
diff --git a/data/CVE/2008.list b/data/CVE/2008.list index 7ab57fd6f0..bd80d591a3 100644 --- a/data/CVE/2008.list +++ b/data/CVE/2008.list @@ -806,7 +806,7 @@ CVE-2008-6978 (Unrestricted file upload vulnerability in Full Revolution aspWebA NOT-FOR-US: aspWebAlbum CVE-2008-6977 (Cross-site scripting (XSS) vulnerability in album.asp in Full ...) NOT-FOR-US: aspWebAlbum -CVE-2008-6976 (MicroTik RouterOS 3.x through 3.13 and 2.x through 2.9.51 allows ...) +CVE-2008-6976 (MikroTik RouterOS 3.x through 3.13 and 2.x through 2.9.51 allows ...) NOT-FOR-US: MicroTik RouterOS CVE-2008-6975 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) NOT-FOR-US: DD-WRT @@ -15546,7 +15546,7 @@ CVE-2008-0682 (SQL injection vulnerability in wordspew-rss.php in the Wordspew p NOT-FOR-US: Wordspew plugin for Wordpress CVE-2008-0681 (SQL injection vulnerability in index.php in PHPShop 0.8.1 allows ...) NOT-FOR-US: PHPShop -CVE-2008-0680 (SNMPd in MicroTik RouterOS 3.2 and earlier allows remote attackers to ...) +CVE-2008-0680 (SNMPd in MikroTik RouterOS 3.2 and earlier allows remote attackers to ...) NOT-FOR-US: MicroTik RouterOS CVE-2008-0679 (Cross-site scripting (XSS) vulnerability in index.php in BlogPHP 2.0 ...) NOT-FOR-US: BlogPHP diff --git a/data/CVE/2017.list b/data/CVE/2017.list index 9df3b282d2..5dde86b3a8 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -1,3 +1,31 @@ +CVE-2017-15011 (The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and ...) + TODO: check +CVE-2017-15010 (A ReDoS (regular expression denial of service) flaw was found in the ...) + TODO: check +CVE-2017-15009 (PRTG Network Monitor version 17.3.33.2830 is vulnerable to reflected ...) + TODO: check +CVE-2017-15008 (PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored ...) + TODO: check +CVE-2017-15007 + RESERVED +CVE-2017-15006 + RESERVED +CVE-2017-15005 + RESERVED +CVE-2017-15004 + RESERVED +CVE-2017-15003 + RESERVED +CVE-2017-15002 + RESERVED +CVE-2017-15001 + RESERVED +CVE-2017-15000 + RESERVED +CVE-2017-14999 + RESERVED +CVE-2017-14998 + RESERVED CVE-2017-14997 (GraphicsMagick 1.3.26 allows remote attackers to cause a denial of ...) - graphicsmagick <unfixed> NOTE: https://sourceforge.net/p/graphicsmagick/code/ci/0683f8724200495059606c03f04e0d589b33ebe8/ @@ -5467,7 +5495,7 @@ CVE-2017-12885 RESERVED CVE-2017-12884 RESERVED -CVE-2017-12883 (Buffer overflow in the regular expression parser in PERL before ...) +CVE-2017-12883 (Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 ...) {DSA-3982-1} - perl 5.26.0-8 (bug #875597) [wheezy] - perl <not-affected> (Vulnerable code introduced later) @@ -5612,7 +5640,7 @@ CVE-2017-12839 RESERVED CVE-2017-12838 (Cross-site request forgery (CSRF) vulnerability in NexusPHP 1.5 allows ...) NOT-FOR-US: NexusPHP -CVE-2017-12837 (Heap-based buffer overflow in the regular expression compiler in PERL ...) +CVE-2017-12837 (Heap-based buffer overflow in the S_regatom function in regcomp.c in ...) {DSA-3982-1} - perl 5.26.0-8 (bug #875596) [wheezy] - perl <not-affected> (Vulnerable code introduced after 5.14.4) @@ -5646,16 +5674,16 @@ CVE-2017-12824 RESERVED CVE-2017-12823 RESERVED -CVE-2017-12822 - RESERVED -CVE-2017-12821 - RESERVED -CVE-2017-12820 - RESERVED -CVE-2017-12819 - RESERVED -CVE-2017-12818 - RESERVED +CVE-2017-12822 (Remote enabling and disabling admin interface in Gemalto's HASP SRM, ...) + TODO: check +CVE-2017-12821 (Memory corruption in Gemalto's HASP SRM, Sentinel HASP and Sentinel ...) + TODO: check +CVE-2017-12820 (Arbitrary memory read from controlled memory pointer in Gemalto's HASP ...) + TODO: check +CVE-2017-12819 (Remote manipulations with language pack updater lead to NTLM-relay ...) + TODO: check +CVE-2017-12818 (Stack overflow in custom XML-parser in Gemalto's HASP SRM, Sentinel ...) + TODO: check CVE-2017-12817 (In Kaspersky Internet Security for Android 11.12.4.1622, some of the ...) NOT-FOR-US: Kaspersky Internet Security for Android CVE-2017-12816 (In Kaspersky Internet Security for Android 11.12.4.1622, some of ...) @@ -6207,8 +6235,7 @@ CVE-2017-12619 RESERVED CVE-2017-12618 RESERVED -CVE-2017-12617 - RESERVED +CVE-2017-12617 (When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to ...) - tomcat7 <not-affected> (Windows-specific) CVE-2017-12616 (When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it ...) {DLA-1108-1} @@ -7287,8 +7314,7 @@ CVE-2017-12168 (The access_pmu_evcntr function in arch/arm64/kvm/sys_regs.c in t CVE-2017-12167 RESERVED TODO: check, possibly Red Hat specific issue -CVE-2017-12166 [remote buffer overflow] - RESERVED +CVE-2017-12166 (OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to ...) - openvpn <unfixed> (bug #877089) [stretch] - openvpn <no-dsa> (Minor issue) [jessie] - openvpn <no-dsa> (Minor issue) @@ -35727,8 +35753,8 @@ CVE-2017-1543 RESERVED CVE-2017-1542 RESERVED -CVE-2017-1541 - RESERVED +CVE-2017-1541 (A flaw in the AIX 5.3, 6.1, 7.1, and 7.2 JRE/SDK installp and updatep ...) + TODO: check CVE-2017-1540 RESERVED CVE-2017-1539 (IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to ...) @@ -36557,8 +36583,8 @@ CVE-2017-1128 (IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerabl NOT-FOR-US: IBM CVE-2017-1127 (IBM Rational DOORS Next Generation 4.0, 5.0 and 6.0 is vulnerable to ...) NOT-FOR-US: IBM -CVE-2017-1126 - RESERVED +CVE-2017-1126 (IBM WebSphere Message Broker (IBM Integration Bus 9.0 and 10.0) could ...) + TODO: check CVE-2017-1125 (IBM Cognos Analytics 10.1 and 10.2 could allow a local user to craft a ...) NOT-FOR-US: IBM CVE-2017-1124 (IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local ...) |