diff options
author | security tracker role <sectracker@debian.org> | 2017-10-11 21:10:12 +0000 |
---|---|---|
committer | security tracker role <sectracker@debian.org> | 2017-10-11 21:10:12 +0000 |
commit | 6807ebf7dc8f9ffe61451b01ee6efde6bd387691 (patch) | |
tree | 6db20a89b6df5f991e5dfd32170c5eff9f34e5d5 /data | |
parent | 1c437b057f30d76d13b8fe910fd74f6cda0ce8fe (diff) |
automatic update
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@56622 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/2006.list | 2 | ||||
-rw-r--r-- | data/CVE/2013.list | 4 | ||||
-rw-r--r-- | data/CVE/2017.list | 192 |
3 files changed, 103 insertions, 95 deletions
diff --git a/data/CVE/2006.list b/data/CVE/2006.list index b7b3934640..96ffd9a76f 100644 --- a/data/CVE/2006.list +++ b/data/CVE/2006.list @@ -14766,7 +14766,7 @@ CVE-2006-0737 (eStara SIP softphone allows remote attackers to cause a denial of NOT-FOR-US: eStara SIP softphone CVE-2006-0736 (Stack-based buffer overflow in the pam_micasa PAM authentication ...) NOT-FOR-US: pam_micasa / Novell -CVE-2006-2440 (Heap-based buffer overflow in the libMagick componet of ImageMagick ...) +CVE-2006-2440 (Heap-based buffer overflow in the libMagick component of ImageMagick ...) {DSA-1168-1} - imagemagick 6:6.2.4.5-0.6 (bug #345595) CVE-2006-0735 (Cross-site scripting (XSS) vulnerability in BBcode.pm in M. Blom ...) diff --git a/data/CVE/2013.list b/data/CVE/2013.list index aa14f06e68..dc0cae561f 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -1622,8 +1622,8 @@ CVE-2013-6926 (The integrated HTTPS server in Siemens RuggedCom ROS before 3.12. NOT-FOR-US: Siemens CVE-2013-6925 (The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 ...) NOT-FOR-US: Siemens -CVE-2013-6924 - RESERVED +CVE-2013-6924 (Seagate BlackArmor NAS devices with firmware sg2000-2000.1331 allow ...) + TODO: check CVE-2013-6923 (Multiple cross-site scripting (XSS) vulnerabilities in Seagate ...) NOT-FOR-US: Seagate BlackArmor NAS 220 devices CVE-2013-6922 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...) diff --git a/data/CVE/2017.list b/data/CVE/2017.list index 9b86b9fda8..dea07dd9d6 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -1,60 +1,66 @@ +CVE-2017-15268 + RESERVED +CVE-2017-15267 (In GNU Libextractor 1.4, there is a NULL Pointer Dereference in ...) + TODO: check +CVE-2017-15266 (In GNU Libextractor 1.4, there is a Divide-By-Zero in ...) + TODO: check CVE-2017-15265 [use-after-free in /dev/snd/seq] RESERVED - linux <unfixed> NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1062520 NOTE: http://mailman.alsa-project.org/pipermail/alsa-devel/2017-October/126292.html -CVE-2017-15264 - RESERVED -CVE-2017-15263 - RESERVED -CVE-2017-15262 - RESERVED -CVE-2017-15261 - RESERVED -CVE-2017-15260 - RESERVED -CVE-2017-15259 - RESERVED -CVE-2017-15258 - RESERVED -CVE-2017-15257 - RESERVED -CVE-2017-15256 - RESERVED -CVE-2017-15255 - RESERVED -CVE-2017-15254 - RESERVED -CVE-2017-15253 - RESERVED -CVE-2017-15252 - RESERVED -CVE-2017-15251 - RESERVED -CVE-2017-15250 - RESERVED -CVE-2017-15249 - RESERVED -CVE-2017-15248 - RESERVED -CVE-2017-15247 - RESERVED -CVE-2017-15246 - RESERVED -CVE-2017-15245 - RESERVED -CVE-2017-15244 - RESERVED -CVE-2017-15243 - RESERVED -CVE-2017-15242 - RESERVED -CVE-2017-15241 - RESERVED -CVE-2017-15240 - RESERVED -CVE-2017-15239 - RESERVED +CVE-2017-15264 (IrfanView version 4.44 (32bit) allows attackers to cause a denial of ...) + TODO: check +CVE-2017-15263 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...) + TODO: check +CVE-2017-15262 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...) + TODO: check +CVE-2017-15261 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...) + TODO: check +CVE-2017-15260 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...) + TODO: check +CVE-2017-15259 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...) + TODO: check +CVE-2017-15258 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...) + TODO: check +CVE-2017-15257 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...) + TODO: check +CVE-2017-15256 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...) + TODO: check +CVE-2017-15255 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...) + TODO: check +CVE-2017-15254 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...) + TODO: check +CVE-2017-15253 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...) + TODO: check +CVE-2017-15252 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...) + TODO: check +CVE-2017-15251 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...) + TODO: check +CVE-2017-15250 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...) + TODO: check +CVE-2017-15249 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...) + TODO: check +CVE-2017-15248 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...) + TODO: check +CVE-2017-15247 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...) + TODO: check +CVE-2017-15246 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...) + TODO: check +CVE-2017-15245 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...) + TODO: check +CVE-2017-15244 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...) + TODO: check +CVE-2017-15243 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...) + TODO: check +CVE-2017-15242 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...) + TODO: check +CVE-2017-15241 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...) + TODO: check +CVE-2017-15240 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...) + TODO: check +CVE-2017-15239 (IrfanView 4.44 - 32bit with PDF plugin version 4.43 allows attackers to ...) + TODO: check CVE-2017-15238 (ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26 has a ...) - graphicsmagick <unfixed> NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=93bdb9b30076 @@ -105,8 +111,8 @@ CVE-2017-15222 RESERVED CVE-2017-15221 RESERVED -CVE-2017-15220 - RESERVED +CVE-2017-15220 (Flexense VX Search Enterprise 10.1.12 is vulnerable to a buffer ...) + TODO: check CVE-2017-15219 (The dotCMS 4.1.1 application is vulnerable to Stored Cross-Site ...) NOT-FOR-US: dotCMS CVE-2017-15218 (ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in ...) @@ -412,7 +418,7 @@ CVE-2017-15085 CVE-2017-15084 (The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout ...) NOT-FOR-US: Metasploit Framework CVE-2017-15083 - RESERVED + REJECTED CVE-2017-15082 RESERVED CVE-2017-15081 @@ -746,6 +752,7 @@ CVE-2017-14991 (The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel b CVE-2017-14758 (OpenText Document Sciences xPression (formerly EMC Document Sciences ...) NOT-FOR-US: EMC CVE-2017-14990 (WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but ...) + {DSA-3997-1} - wordpress 4.8.2+dfsg-2 (bug #877629) NOTE: https://core.trac.wordpress.org/ticket/38474 CVE-2017-14989 (A use-after-free in RenderFreetype in MagickCore/annotate.c in ...) @@ -1428,9 +1435,11 @@ CVE-2017-14729 (The *_get_synthetic_symtab functions in the Binary File Descript CVE-2017-14728 RESERVED CVE-2017-14726 (Before version 4.8.2, WordPress was vulnerable to a cross-site ...) + {DSA-3997-1} - wordpress 4.8.2+dfsg-1 (bug #876274) NOTE: https://core.trac.wordpress.org/changeset/41395 CVE-2017-14725 (Before version 4.8.2, WordPress was susceptible to an open redirect ...) + {DSA-3997-1} - wordpress 4.8.2+dfsg-1 (bug #876274) NOTE: https://core.trac.wordpress.org/changeset/41398 CVE-2017-14724 (Before version 4.8.2, WordPress was vulnerable to cross-site scripting ...) @@ -1439,6 +1448,7 @@ CVE-2017-14724 (Before version 4.8.2, WordPress was vulnerable to cross-site scr [jessie] - wordpress <not-affected> (Vulnerable code not present) NOTE: https://core.trac.wordpress.org/changeset/41448 CVE-2017-14723 (Before version 4.8.2, WordPress mishandled % characters and additional ...) + {DSA-3997-1} - wordpress 4.8.2+dfsg-1 (bug #876274) NOTE: https://core.trac.wordpress.org/changeset/41470 NOTE: https://core.trac.wordpress.org/changeset/41496 @@ -1447,18 +1457,23 @@ CVE-2017-14723 (Before version 4.8.2, WordPress mishandled % characters and addi NOTE: https://medium.com/websec/wordpress-sqli-bbb2afcc8e94 NOTE: https://medium.com/websec/wordpress-sqli-poc-f1827c20bf8e CVE-2017-14722 (Before version 4.8.2, WordPress allowed a Directory Traversal attack in ...) + {DSA-3997-1} - wordpress 4.8.2+dfsg-1 (bug #876274) NOTE: https://core.trac.wordpress.org/changeset/41397 CVE-2017-14721 (Before version 4.8.2, WordPress allowed Cross-Site scripting in the ...) + {DSA-3997-1} - wordpress 4.8.2+dfsg-1 (bug #876274) NOTE: https://core.trac.wordpress.org/changeset/41412 CVE-2017-14720 (Before version 4.8.2, WordPress allowed a Cross-Site scripting attack ...) + {DSA-3997-1} - wordpress 4.8.2+dfsg-1 (bug #876274) NOTE: https://core.trac.wordpress.org/changeset/41412 CVE-2017-14719 (Before version 4.8.2, WordPress was vulnerable to a directory traversal ...) + {DSA-3997-1} - wordpress 4.8.2+dfsg-1 (bug #876274) NOTE: https://core.trac.wordpress.org/changeset/41457 CVE-2017-14718 (Before version 4.8.2, WordPress was susceptible to a Cross-Site ...) + {DSA-3997-1} - wordpress 4.8.2+dfsg-1 (bug #876274) NOTE: https://core.trac.wordpress.org/changeset/41393 CVE-2017-14727 (logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash ...) @@ -1819,10 +1834,10 @@ CVE-2017-14590 RESERVED CVE-2017-14589 RESERVED -CVE-2017-14588 - RESERVED -CVE-2017-14587 - RESERVED +CVE-2017-14588 (Various resources in Atlassian FishEye and Crucible before version ...) + TODO: check +CVE-2017-14587 (The administration user deletion resource in Atlassian FishEye and ...) + TODO: check CVE-2017-14586 RESERVED CVE-2017-14585 @@ -2412,14 +2427,14 @@ CVE-2017-14374 RESERVED CVE-2017-14373 RESERVED -CVE-2017-14372 - RESERVED -CVE-2017-14371 - RESERVED -CVE-2017-14370 - RESERVED -CVE-2017-14369 - RESERVED +CVE-2017-14372 (RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected ...) + TODO: check +CVE-2017-14371 (RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected ...) + TODO: check +CVE-2017-14370 (RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored ...) + TODO: check +CVE-2017-14369 (RSA Archer GRC Platform prior to 6.2.0.5 is affected by a privilege ...) + TODO: check CVE-2017-14368 RESERVED CVE-2017-14367 @@ -3503,8 +3518,8 @@ CVE-2017-14005 RESERVED CVE-2017-14004 RESERVED -CVE-2017-14003 - RESERVED +CVE-2017-14003 (An Authentication Bypass by Spoofing issue was discovered in LAVA ...) + TODO: check CVE-2017-14002 RESERVED CVE-2017-14001 (An Improper Neutralization of Special Elements used in an OS Command ...) @@ -4217,8 +4232,7 @@ CVE-2017-13723 (In X.Org Server (aka xserver and xorg-server) before 1.19.4, a l - xorg-server 2:1.19.4-1 NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=94f11ca5cf011ef123bd222cabeaef6f424d76ac NOTE: This is in libxkbfile in wheezy -CVE-2017-13722 [pcfGetProperties: Check string boundaries] - RESERVED +CVE-2017-13722 (In the pcfGetProperties function in bitmap/pcfread.c in libXfont ...) {DSA-3995-1 DLA-1126-1} - libxfont 1:2.0.1-4 - libxfont1 <unfixed> (unimportant) @@ -4228,8 +4242,7 @@ CVE-2017-13721 (In X.Org Server (aka xserver and xorg-server) before 1.19.4, an - xorg-server 2:1.19.4-1 NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=b95f25af141d33a65f6f821ea9c003f66a01e1f1 NOTE: In wheezy this is possibly libxext, src/XShm.c? -CVE-2017-13720 [Check for end of string in PatternMatch] - RESERVED +CVE-2017-13720 (In the PatternMatch function in fontfile/fontdir.c in libXfont through ...) {DSA-3995-1 DLA-1126-1} - libxfont 1:2.0.1-4 - libxfont1 <unfixed> (unimportant) @@ -8065,8 +8078,7 @@ CVE-2017-12190 [memory leak when merging buffers in SCSI IO vectors] NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1495089 CVE-2017-12189 RESERVED -CVE-2017-12188 - RESERVED +CVE-2017-12188 (arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested ...) - linux <unfixed> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1500380 CVE-2017-12187 @@ -19504,8 +19516,8 @@ CVE-2017-8027 RESERVED CVE-2017-8026 RESERVED -CVE-2017-8025 - RESERVED +CVE-2017-8025 (RSA Archer GRC Platform prior to 6.2.0.5 is affected by an arbitrary ...) + TODO: check CVE-2017-8024 RESERVED CVE-2017-8023 @@ -19520,10 +19532,10 @@ CVE-2017-8019 RESERVED CVE-2017-8018 (EMC AppSync host plug-in versions 3.5 and below (Windows platform only) ...) NOT-FOR-US: EMC AppSync -CVE-2017-8017 - RESERVED -CVE-2017-8016 - RESERVED +CVE-2017-8017 (EMC Network Configuration Manager (NCM) 9.3.x, 9.4.0.x, 9.4.1.x, and ...) + TODO: check +CVE-2017-8016 (RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored ...) + TODO: check CVE-2017-8015 (EMC AppSync (all versions prior to 3.5) contains a SQL injection ...) NOT-FOR-US: EMC CVE-2017-8014 @@ -20143,7 +20155,7 @@ CVE-2017-7806 - firefox 55.0-1 CVE-2017-7805 RESERVED - {DSA-3987-1 DLA-1118-1} + {DSA-3998-1 DSA-3987-1 DLA-1118-1} - firefox 56.0-1 - firefox-esr 52.4.0esr-2 - icedove <unfixed> @@ -26074,13 +26086,12 @@ CVE-2017-5793 RESERVED CVE-2017-5792 RESERVED -CVE-2017-5791 - RESERVED +CVE-2017-5791 (An Improper Authentication issue was discovered in JanTek JTC-200, all ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-5790 RESERVED -CVE-2017-5789 - RESERVED +CVE-2017-5789 (A Cross-site Request Forgery issue was discovered in JanTek JTC-200, ...) + TODO: check CVE-2017-5788 RESERVED CVE-2017-5787 @@ -33497,14 +33508,12 @@ CVE-2017-2890 RESERVED CVE-2017-2889 RESERVED -CVE-2017-2888 [Simple DirectMedia Layer Create RGB Surface Code Execution Vulnerability] - RESERVED +CVE-2017-2888 (An exploitable integer overflow vulnerability exists when creating a ...) - libsdl2 <unfixed> - libsdl1.2 <not-affected> (Issue not present, SDL_CreateRGBSurface contains further check for too large width or height) NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0395 NOTE: https://hg.libsdl.org/SDL/rev/7e0f1498ddb5 -CVE-2017-2887 [Simple DirectMedia Layer SDL_image XCF Property Handling Code Execution Vulnerability] - RESERVED +CVE-2017-2887 (An exploitable buffer overflow vulnerability exists in the XCF ...) - libsdl2-image <unfixed> - sdl-image1.2 <unfixed> NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0394 @@ -37861,8 +37870,7 @@ CVE-2017-0905 RESERVED CVE-2017-0904 RESERVED -CVE-2017-0903 [Unsafe Object Deserialization Vulnerability] - RESERVED +CVE-2017-0903 (RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a ...) - ruby2.3 <unfixed> - ruby2.1 <removed> - ruby1.9.1 <removed> |