diff options
author | security tracker role <sectracker@debian.org> | 2017-08-07 09:10:14 +0000 |
---|---|---|
committer | security tracker role <sectracker@debian.org> | 2017-08-07 09:10:14 +0000 |
commit | a35cf7d9e2c98fa5dcf70f27dbbabe4bcbb4575e (patch) | |
tree | c1b0a819736dad0db05995cf6206c4379c92230f /data | |
parent | 8d7514ec1f91563df71cbd4f977c90fc0d160600 (diff) |
automatic update
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@54378 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/2006.list | 3 | ||||
-rw-r--r-- | data/CVE/2011.list | 4 | ||||
-rw-r--r-- | data/CVE/2017.list | 159 |
3 files changed, 99 insertions, 67 deletions
diff --git a/data/CVE/2006.list b/data/CVE/2006.list index 37a3b44c03..35b9e749c5 100644 --- a/data/CVE/2006.list +++ b/data/CVE/2006.list @@ -8130,8 +8130,7 @@ CVE-2006-3637 (Microsoft Internet Explorer 5.01 SP4 and 6 does not properly hand CVE-2006-3636 (Multiple cross-site scripting (XSS) vulnerabilities in Mailman before ...) {DSA-1188-1} - mailman 1:2.1.8-3 -CVE-2006-3635 [local denial-of-service on Itanium] - RESERVED +CVE-2006-3635 (The ia64 subsystem in the Linux kernel before 2.6.26 allows local users ...) - linux <not-affected> (Fixed before initial rename to src:linux) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=199440 NOTE: Fixed by: https://git.kernel.org/linus/4dcc29e1574d88f4465ba865ed82800032f76418 (2.6.26-rc5) diff --git a/data/CVE/2011.list b/data/CVE/2011.list index 22e1fddda5..06b37ee793 100644 --- a/data/CVE/2011.list +++ b/data/CVE/2011.list @@ -1559,8 +1559,8 @@ CVE-2011-4652 RESERVED CVE-2011-4651 RESERVED -CVE-2011-4650 - RESERVED +CVE-2011-4650 (Cisco Data Center Network Manager is affected by Excessive Logging ...) + TODO: check CVE-2011-4649 RESERVED CVE-2011-4648 diff --git a/data/CVE/2017.list b/data/CVE/2017.list index 2d3f1de20d..3ece2c2fa2 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -1,3 +1,27 @@ +CVE-2017-12606 (OpenCV (Open Source Computer Vision Library) through 3.3 has an ...) + TODO: check +CVE-2017-12605 (OpenCV (Open Source Computer Vision Library) through 3.3 has an ...) + TODO: check +CVE-2017-12604 (OpenCV (Open Source Computer Vision Library) through 3.3 has an ...) + TODO: check +CVE-2017-12603 (OpenCV (Open Source Computer Vision Library) through 3.3 has an invalid ...) + TODO: check +CVE-2017-12602 (OpenCV (Open Source Computer Vision Library) through 3.3 has a denial ...) + TODO: check +CVE-2017-12601 (OpenCV (Open Source Computer Vision Library) through 3.3 has a buffer ...) + TODO: check +CVE-2017-12600 (OpenCV (Open Source Computer Vision Library) through 3.3 has a denial ...) + TODO: check +CVE-2017-12599 (OpenCV (Open Source Computer Vision Library) through 3.3 has an ...) + TODO: check +CVE-2017-12598 (OpenCV (Open Source Computer Vision Library) through 3.3 has an ...) + TODO: check +CVE-2017-12597 (OpenCV (Open Source Computer Vision Library) through 3.3 has an ...) + TODO: check +CVE-2017-12596 (In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read ...) + TODO: check +CVE-2017-12595 + RESERVED CVE-2017-12594 RESERVED CVE-2017-12593 @@ -3446,6 +3470,7 @@ CVE-2017-11178 (In FineCMS through 2017-07-11, application/core/controller/style CVE-2017-11177 RESERVED CVE-2017-11176 (The mq_notify function in the Linux kernel through 4.11.9 does not set ...) + {DSA-3927-1} - linux 4.11.11-1 NOTE: Fixed by: https://git.kernel.org/linus/f991af3daabaecff34684fd51fac80319d1baad1 CVE-2017-11175 @@ -4602,6 +4627,7 @@ CVE-2017-10812 CVE-2017-10811 RESERVED CVE-2017-10810 (Memory leak in the virtio_gpu_object_create function in ...) + {DSA-3927-1} - linux 4.11.11-1 (low) [jessie] - linux <not-affected> (Vulnerable code not present) [wheezy] - linux <not-affected> (Vulnerable code not present) @@ -7140,7 +7166,7 @@ CVE-2017-10912 (Xen through 4.8.x mishandles page transfer, which allows guest O - xen <unfixed> NOTE: https://xenbits.xen.org/xsa/advisory-217.html CVE-2017-10911 (The make_response function in drivers/block/xen-blkback/blkback.c in ...) - {DSA-3920-1} + {DSA-3927-1 DSA-3920-1} - linux 4.11.11-1 - qemu 1:2.8+dfsg-7 (bug #869706) NOTE: https://xenbits.xen.org/xsa/advisory-216.html @@ -7196,6 +7222,7 @@ CVE-2017-1000364 (An issue was discovered in the size of the stack guard page on [stretch] - linux 4.9.30-2+deb9u1 NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt CVE-2017-1000365 (The Linux Kernel imposes a size restriction on the arguments and ...) + {DSA-3927-1} - linux 4.11.11-1 NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt NOTE: Fixed by: https://git.kernel.org/linus/98da7d08850fb8bdeb395d6368ed15753304aa0c @@ -7555,8 +7582,8 @@ CVE-2017-9649 RESERVED CVE-2017-9648 RESERVED -CVE-2017-9647 - RESERVED +CVE-2017-9647 (A Stack-Based Buffer Overflow issue was discovered in the Continental ...) + TODO: check CVE-2017-9646 RESERVED CVE-2017-9645 @@ -7583,14 +7610,14 @@ CVE-2017-9635 RESERVED CVE-2017-9634 RESERVED -CVE-2017-9633 - RESERVED -CVE-2017-9632 - RESERVED +CVE-2017-9633 (An Improper Restriction of Operations within the Bounds of a Memory ...) + TODO: check +CVE-2017-9632 (A Missing Encryption of Sensitive Data issue was discovered in PDQ ...) + TODO: check CVE-2017-9631 (A Null Pointer Dereference issue was discovered in Schneider Electric ...) NOT-FOR-US: Schneider Electric -CVE-2017-9630 - RESERVED +CVE-2017-9630 (An Improper Authentication issue was discovered in PDQ Manufacturing ...) + TODO: check CVE-2017-9629 (A Stack-Based Buffer Overflow issue was discovered in Schneider ...) NOT-FOR-US: Schneider Electric CVE-2017-9628 @@ -7683,6 +7710,7 @@ CVE-2017-1000379 (The Linux Kernel running on AMD64 systems will sometimes map t CVE-2017-1000378 (The NetBSD qsort() function is recursive, and not randomized, an ...) NOT-FOR-US: NetBSD CVE-2017-9605 (The vmw_gb_surface_define_ioctl function (accessible via ...) + {DSA-3927-1} - linux 4.11.6-1 [wheezy] - linux <not-affected> (Vulnerable code not present) NOTE: http://www.openwall.com/lists/oss-security/2017/06/13/2 @@ -12148,24 +12176,24 @@ CVE-2017-7938 (Stack-based buffer overflow in DMitry (Deepmagic Information Gath NOT-FOR-US: DMitry CVE-2017-7937 (An Improper Authentication issue was discovered in Phoenix Contact GmbH ...) NOT-FOR-US: Phoenix Contact -CVE-2017-7936 - RESERVED +CVE-2017-7936 (A stack-based buffer overflow issue was discovered in NXP i.MX 50, i.MX ...) + TODO: check CVE-2017-7935 (A Resource Exhaustion issue was discovered in Phoenix Contact GmbH ...) NOT-FOR-US: Phoenix Contact CVE-2017-7934 RESERVED CVE-2017-7933 RESERVED -CVE-2017-7932 - RESERVED +CVE-2017-7932 (An improper certificate validation issue was discovered in NXP i.MX 28 ...) + TODO: check CVE-2017-7931 RESERVED CVE-2017-7930 RESERVED CVE-2017-7929 (An Absolute Path Traversal issue was discovered in Advantech WebAccess ...) NOT-FOR-US: Advantech WebAccess -CVE-2017-7928 - RESERVED +CVE-2017-7928 (An Improper Access Control issue was discovered in Schweitzer ...) + TODO: check CVE-2017-7927 (A Use of Password Hash Instead of Password for Authentication issue was ...) NOT-FOR-US: Dahua CVE-2017-7926 @@ -12180,16 +12208,16 @@ CVE-2017-7922 (An Improper Privilege Management issue was discovered in Cambium NOT-FOR-US: Cambium Networks ePMP CVE-2017-7921 (An Improper Authentication issue was discovered in Hikvision ...) NOT-FOR-US: Hikvision -CVE-2017-7920 - RESERVED +CVE-2017-7920 (An Improper Authentication issue was discovered in ABB VSN300 WiFi ...) + TODO: check CVE-2017-7919 (An Improper Authentication issue was discovered in Newport XPS-Cx and ...) NOT-FOR-US: Newport CVE-2017-7918 (An Improper Access Control issue was discovered in Cambium Networks ...) NOT-FOR-US: Cambium Networks ePMP CVE-2017-7917 (A Cross-Site Request Forgery issue was discovered in Moxa OnCell ...) NOT-FOR-US: Moxa -CVE-2017-7916 - RESERVED +CVE-2017-7916 (A Permissions, Privileges, and Access Controls issue was discovered in ...) + TODO: check CVE-2017-7915 (An Improper Restriction of Excessive Authentication Attempts issue was ...) NOT-FOR-US: Moxa CVE-2017-7914 (A Missing Authorization issue was discovered in Rockwell Automation ...) @@ -13373,9 +13401,11 @@ CVE-2017-7544 CVE-2017-7543 RESERVED CVE-2017-7542 (The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux ...) + {DSA-3927-1} - linux <unfixed> NOTE: Fixed by: https://git.kernel.org/linus/6399f1fae4ec29fab5ec76070435555e256ca3a6 CVE-2017-7541 (The brcmf_cfg80211_mgmt_tx function in ...) + {DSA-3927-1} - linux <unfixed> [wheezy] - linux <not-affected> (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/8f44c9a41386729fea410e688959ddaa9d51be7c @@ -13403,6 +13433,7 @@ CVE-2017-7535 CVE-2017-7534 RESERVED CVE-2017-7533 (Race condition in the fsnotify implementation in the Linux kernel ...) + {DSA-3927-1} - linux <unfixed> [wheezy] - linux <not-affected> (Vulnerable code not present) NOTE: http://www.openwall.com/lists/oss-security/2017/08/03/2 @@ -13644,6 +13675,7 @@ CVE-2017-7483 (Rxvt 2.7.10 is vulnerable to a denial of service attack by passin NOTE: http://www.openwall.com/lists/oss-security/2017/05/01/15 CVE-2017-7482 RESERVED + {DSA-3927-1} - linux 4.11.11-1 NOTE: Fixed by: https://git.kernel.org/linus/5f2f97656ada8d811d3c1bef503ced266fcd53a0 CVE-2017-7481 [Security issue with lookup return not tainting the jinja2 environment] @@ -14066,6 +14098,7 @@ CVE-2017-7348 CVE-2017-7347 RESERVED CVE-2017-7346 (The vmw_gb_surface_define_ioctl function in ...) + {DSA-3927-1} - linux 4.11.6-1 [wheezy] - linux <not-affected> (Vulnerable code introduced in 3.14) NOTE: Fixed by: https://git.kernel.org/linus/ee9c4e681ec4f58e42a83cb0c22a0289ade1aacf @@ -15538,44 +15571,44 @@ CVE-2017-6772 RESERVED CVE-2017-6771 RESERVED -CVE-2017-6770 - RESERVED -CVE-2017-6769 - RESERVED +CVE-2017-6770 (Cisco IOS 12.0 through 15.6, Adaptive Security Appliance (ASA) Software ...) + TODO: check +CVE-2017-6769 (A vulnerability in the web-based management interface of the Cisco ...) + TODO: check CVE-2017-6768 RESERVED CVE-2017-6767 RESERVED -CVE-2017-6766 - RESERVED -CVE-2017-6765 - RESERVED -CVE-2017-6764 - RESERVED -CVE-2017-6763 - RESERVED -CVE-2017-6762 - RESERVED -CVE-2017-6761 - RESERVED +CVE-2017-6766 (A vulnerability in the Secure Sockets Layer (SSL) Decryption and ...) + TODO: check +CVE-2017-6765 (A vulnerability in the web-based management interface of Cisco Adaptive ...) + TODO: check +CVE-2017-6764 (A vulnerability in the web-based management interface of Cisco Adaptive ...) + TODO: check +CVE-2017-6763 (A vulnerability in the implementation of the H.264 protocol in Cisco ...) + TODO: check +CVE-2017-6762 (A vulnerability in the web-based management interface of Cisco Jabber ...) + TODO: check +CVE-2017-6761 (A vulnerability in the web-based management interface of Cisco Finesse ...) + TODO: check CVE-2017-6760 RESERVED -CVE-2017-6759 - RESERVED -CVE-2017-6758 - RESERVED -CVE-2017-6757 - RESERVED -CVE-2017-6756 - RESERVED +CVE-2017-6759 (A vulnerability in the UpgradeManager of the Cisco Prime Collaboration ...) + TODO: check +CVE-2017-6758 (A vulnerability in the web framework of Cisco Unified Communications ...) + TODO: check +CVE-2017-6757 (A vulnerability in Cisco Unified Communications Manager ...) + TODO: check +CVE-2017-6756 (A vulnerability in the Web UI Application of the Cisco Prime ...) + TODO: check CVE-2017-6755 (A vulnerability in the web portal of the Cisco Prime Collaboration ...) NOT-FOR-US: Cisco -CVE-2017-6754 - RESERVED +CVE-2017-6754 (A vulnerability in the web-based management interface of the Cisco ...) + TODO: check CVE-2017-6753 (A vulnerability in Cisco WebEx browser extensions for Google Chrome and ...) NOT-FOR-US: Cisco -CVE-2017-6752 - RESERVED +CVE-2017-6752 (A vulnerability in the web interface of the Cisco Adaptive Security ...) + TODO: check CVE-2017-6751 (A vulnerability in the web proxy functionality of the Cisco Web ...) NOT-FOR-US: Cisco CVE-2017-6750 (A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) ...) @@ -15584,12 +15617,12 @@ CVE-2017-6749 (A vulnerability in the web-based management interface of Cisco We NOT-FOR-US: Cisco CVE-2017-6748 (A vulnerability in the CLI parser of the Cisco Web Security Appliance ...) NOT-FOR-US: Cisco -CVE-2017-6747 - RESERVED +CVE-2017-6747 (A vulnerability in the authentication module of Cisco Identity Services ...) + TODO: check CVE-2017-6746 (A vulnerability in the web interface of the Cisco Web Security ...) NOT-FOR-US: Cisco -CVE-2017-6745 - RESERVED +CVE-2017-6745 (A vulnerability in the cache server within Cisco Videoscape ...) + TODO: check CVE-2017-6744 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS ...) NOT-FOR-US: Cisco CVE-2017-6743 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS ...) @@ -15748,12 +15781,12 @@ CVE-2017-6667 (A vulnerability in the update process for the dynamic JAR file of NOT-FOR-US: Cisco CVE-2017-6666 (A vulnerability in the forwarding component of Cisco IOS XR Software ...) NOT-FOR-US: Cisco -CVE-2017-6665 - RESERVED -CVE-2017-6664 - RESERVED -CVE-2017-6663 - RESERVED +CVE-2017-6665 (A vulnerability in the Autonomic Networking feature of Cisco IOS ...) + TODO: check +CVE-2017-6664 (A vulnerability in the Autonomic Networking feature of Cisco IOS XE ...) + TODO: check +CVE-2017-6663 (A vulnerability in the Autonomic Networking feature of Cisco IOS ...) + TODO: check CVE-2017-6662 (A vulnerability in the web-based user interface of Cisco Prime ...) NOT-FOR-US: Cisco CVE-2017-6661 (A vulnerability in the web-based management interface of Cisco Email ...) @@ -16534,12 +16567,12 @@ CVE-2017-6422 RESERVED CVE-2017-6421 RESERVED -CVE-2017-6420 - RESERVED -CVE-2017-6419 - RESERVED -CVE-2017-6418 - RESERVED +CVE-2017-6420 (The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows ...) + TODO: check +CVE-2017-6419 (mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows ...) + TODO: check +CVE-2017-6418 (libclamav/message.c in ClamAV 0.99.2 allows remote attackers to cause a ...) + TODO: check CVE-2017-6417 (Code injection vulnerability in Avira Total Security Suite 15.0 (and ...) NOT-FOR-US: Avira Total Security Suite CVE-2017-6416 (An issue was discovered in SysGauge 1.5.18. A buffer overflow ...) |