diff options
author | security tracker role <sectracker@debian.org> | 2017-12-18 21:10:16 +0000 |
---|---|---|
committer | security tracker role <sectracker@debian.org> | 2017-12-18 21:10:16 +0000 |
commit | 2645cfafae02c0c0cd4b22337c764736886a37de (patch) | |
tree | 6235b5da7d129d84919928cacb5b30c98c55857b /data | |
parent | 8374a0cee934cbffb936bfff8f4b2d15104478b1 (diff) |
automatic update
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@58681 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/list.2006 | 2 | ||||
-rw-r--r-- | data/CVE/list.2017 | 89 |
2 files changed, 52 insertions, 39 deletions
diff --git a/data/CVE/list.2006 b/data/CVE/list.2006 index f55b719ae5..351d7aeb14 100644 --- a/data/CVE/list.2006 +++ b/data/CVE/list.2006 @@ -1866,7 +1866,7 @@ CVE-2006-6442 (Stack-based buffer overflow in the SetClientInfo function in the NOT-FOR-US: America Online CVE-2006-6441 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before ...) NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro -CVE-2006-6440 (Multple unspecified vulnerabilities in Xerox WorkCentre and WorkCentre ...) +CVE-2006-6440 (Multiple unspecified vulnerabilities in Xerox WorkCentre and ...) NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro CVE-2006-6439 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before ...) NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro diff --git a/data/CVE/list.2017 b/data/CVE/list.2017 index 16e11d972f..0066caca06 100644 --- a/data/CVE/list.2017 +++ b/data/CVE/list.2017 @@ -1,3 +1,15 @@ +CVE-2017-17747 + RESERVED +CVE-2017-17746 + RESERVED +CVE-2017-17745 + RESERVED +CVE-2017-17744 + RESERVED +CVE-2017-17743 + RESERVED +CVE-2017-17742 + RESERVED CVE-2017-17741 (The KVM implementation in the Linux kernel through 4.14.7 allows ...) - linux <unfixed> NOTE: https://www.spinics.net/lists/kvm/msg160710.html @@ -41,8 +53,8 @@ CVE-2017-17723 RESERVED CVE-2017-17722 RESERVED -CVE-2017-17721 - RESERVED +CVE-2017-17721 (CWEBNET/WOSummary/List in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 ...) + TODO: check CVE-2017-17720 RESERVED CVE-2017-17719 @@ -209,24 +221,24 @@ CVE-2017-17653 RESERVED CVE-2017-17652 RESERVED -CVE-2017-17651 - RESERVED +CVE-2017-17651 (Paid To Read Script 2.0.5 has SQL Injection via the admin/userview.php ...) + TODO: check CVE-2017-17650 RESERVED -CVE-2017-17649 - RESERVED +CVE-2017-17649 (Readymade Video Sharing Script 3.2 has HTML Injection via the ...) + TODO: check CVE-2017-17648 (Entrepreneur Dating Script 2.0.1 has SQL Injection via the ...) TODO: check CVE-2017-17647 RESERVED CVE-2017-17646 RESERVED -CVE-2017-17645 - RESERVED +CVE-2017-17645 (Bus Booking Script 1.0 has SQL Injection via the txtname parameter to ...) + TODO: check CVE-2017-17644 RESERVED -CVE-2017-17643 - RESERVED +CVE-2017-17643 (FS Lynda Clone 1.0 has SQL Injection via the keywords parameter to ...) + TODO: check CVE-2017-17642 (Basic Job Site Script 2.0.5 has SQL Injection via the keyword parameter ...) TODO: check CVE-2017-17641 (Resume Clone Script 2.0.5 has SQL Injection via the preview.php id ...) @@ -1552,12 +1564,12 @@ CVE-2017-17109 RESERVED CVE-2017-17108 RESERVED -CVE-2017-17107 - RESERVED -CVE-2017-17106 - RESERVED -CVE-2017-17105 - RESERVED +CVE-2017-17107 (Zivif PR115-204-P-RS V2.3.4.2103 web cameras contain a hard-coded ...) + TODO: check +CVE-2017-17106 (Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be ...) + TODO: check +CVE-2017-17105 (Zivif PR115-204-P-RS V2.3.4.2103 web cameras are vulnerable to ...) + TODO: check CVE-2017-17104 (Fiyo CMS 2.0.7 has an arbitrary file read vulnerability in ...) NOT-FOR-US: Fiyo CMS CVE-2017-17103 (Fiyo CMS 2.0.7 has SQL injection in /apps/app_user/sys_user.php via ...) @@ -1960,8 +1972,8 @@ CVE-2017-16951 (Winamp Pro 5.66 Build 3512 allows remote attackers to cause a de NOT-FOR-US: Winamp CVE-2017-16950 (Cross - site scripting (XSS) vulnerability in UrBackup Server before ...) TODO: check -CVE-2017-16949 - RESERVED +CVE-2017-16949 (An issue was discovered in the AccessKeys AccessPress Anonymous Post ...) + TODO: check CVE-2017-16948 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a ...) NOT-FOR-US: TG Soft Vir.IT eXplorer Lite CVE-2017-16947 @@ -4964,12 +4976,12 @@ CVE-2017-15879 (CSV Injection (aka Excel Macro Injection or Formula Injection) e NOT-FOR-US: KeystoneJS CVE-2017-15878 (A cross-site scripting (XSS) vulnerability exists in ...) NOT-FOR-US: KeystoneJS -CVE-2017-15877 - RESERVED -CVE-2017-15876 - RESERVED -CVE-2017-15875 - RESERVED +CVE-2017-15877 (Insecure Permissions vulnerability in db.php file in GPWeb 8.4.61 ...) + TODO: check +CVE-2017-15876 (Unrestricted File Upload vulnerability in GPWeb 8.4.61 allows remote ...) + TODO: check +CVE-2017-15875 (SQL injection vulnerability in Password Recovery in GPWeb 8.4.61 ...) + TODO: check CVE-2017-15874 (archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an ...) - busybox 1:1.27.2-2 (bug #879732) [stretch] - busybox <not-affected> (Vulnerable code not present) @@ -5357,8 +5369,8 @@ CVE-2017-15702 (In Apache Qpid Broker-J 0.18 through 0.32, if the broker is conf - qpid-java <itp> (bug #840131) CVE-2017-15701 (In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 (inclusive) the ...) - qpid-java <itp> (bug #840131) -CVE-2017-15700 - RESERVED +CVE-2017-15700 (A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectValid ...) + TODO: check CVE-2017-15699 RESERVED TODO: check, this is possibly specific to AMQ Interconnect as used by Red Hat JBoss, although based on Apache Qpid project @@ -5740,8 +5752,8 @@ CVE-2017-15526 (Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be ... NOT-FOR-US: Symantec CVE-2017-15525 (Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be ...) NOT-FOR-US: Symantec -CVE-2017-15524 - RESERVED +CVE-2017-15524 (The Application Firewall Pack (AFP, aka Web Application Firewall) ...) + TODO: check CVE-2017-15523 RESERVED CVE-2017-15522 @@ -6088,6 +6100,7 @@ CVE-2017-15413 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) CVE-2017-15412 [use after free] RESERVED + {DLA-1211-1} - libxml2 2.9.4+dfsg1-5.2 (bug #883790) NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=727039 NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=783160 (not public) @@ -7058,10 +7071,10 @@ CVE-2017-15106 RESERVED CVE-2017-15105 RESERVED -CVE-2017-15104 - RESERVED -CVE-2017-15103 - RESERVED +CVE-2017-15104 (An access flaw was found in Heketi 5, where the heketi.json ...) + TODO: check +CVE-2017-15103 (A security-check flaw was found in the way the Heketi 5 server API ...) + TODO: check CVE-2017-15102 (The tower_probe function in drivers/usb/misc/legousbtower.c in the ...) - linux 4.7.8-1 [jessie] - linux 3.16.43-1 @@ -8762,8 +8775,8 @@ CVE-2017-14585 (A Server Side Request Forgery (SSRF) vulnerability could lead to NOT-FOR-US: Atlassian CVE-2017-14584 RESERVED -CVE-2017-14583 - RESERVED +CVE-2017-14583 (NetApp Clustered Data ONTAP versions 9.x prior to 9.1P10 and 9.2P2 are ...) + TODO: check CVE-2017-14582 (The Zoho Site24x7 Mobile Network Poller application before 1.1.5 for ...) NOT-FOR-US: Zoho CVE-2017-XXXX [pcb code injection by malicious layout file] @@ -14084,8 +14097,8 @@ CVE-2017-12632 RESERVED CVE-2017-12631 (Apache CXF Fediz ships with a number of container-specific plugins to ...) NOT-FOR-US: Apache CXF -CVE-2017-12630 - RESERVED +CVE-2017-12630 (In Apache Drill 1.11.0 and earlier when submitting form from Query ...) + TODO: check CVE-2017-12629 (Remote code execution occurs in Apache Solr before 7.1 with Apache ...) - lucene-solr <undetermined> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1501529 @@ -17021,8 +17034,8 @@ CVE-2017-11564 RESERVED CVE-2017-11563 RESERVED -CVE-2017-11562 - RESERVED +CVE-2017-11562 (A Session Fixation Vulnerability exists in the MT4 Networks ...) + TODO: check CVE-2017-11561 RESERVED CVE-2017-11560 |