[Secure-testing-commits] r50275 - data/CVE

Mon Apr 3 09:10:13 UTC 2017

Author: sectracker
Date: 2017-04-03 09:10:13 +0000 (Mon, 03 Apr 2017)
New Revision: 50275

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-04-03 07:24:28 UTC (rev 50274)
+++ data/CVE/list	2017-04-03 09:10:13 UTC (rev 50275)
@@ -1,3 +1,30 @@
+CVE-2017-1001000 (The register_routes function in ...)
+	TODO: check
+CVE-2016-10316 (Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), ...)
+	TODO: check
+CVE-2016-10315 (Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), ...)
+	TODO: check
+CVE-2016-10314 (Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), ...)
+	TODO: check
+CVE-2016-10313 (Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), ...)
+	TODO: check
+CVE-2016-10312 (Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), ...)
+	TODO: check
+CVE-2016-1000351
+	REJECTED
+	TODO: check
+CVE-2016-1000350
+	REJECTED
+	TODO: check
+CVE-2016-1000349
+	REJECTED
+	TODO: check
+CVE-2016-1000348
+	REJECTED
+	TODO: check
+CVE-2016-1000268
+	REJECTED
+	TODO: check
 CVE-2017-7399
 	RESERVED
 CVE-2017-7398
@@ -37,32 +64,26 @@
 	RESERVED
 CVE-2017-7384
 	RESERVED
-CVE-2017-7383
-	RESERVED
+CVE-2017-7383 (The PdfFontFactory.cpp:195:62 code in PoDoFo 0.9.5 allows remote ...)
 	- libpodofo <unfixed> (bug #859329)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/3
 	NOTE: https://github.com/asarubbo/poc/blob/master/00252-podofo-nullptr4
-CVE-2017-7382
-	RESERVED
+CVE-2017-7382 (The PdfFontFactory.cpp:200:88 code in PoDoFo 0.9.5 allows remote ...)
 	- libpodofo <unfixed> (bug #859329)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/3
 	NOTE: https://github.com/asarubbo/poc/blob/master/00251-podofo-nullptr3
-CVE-2017-7381
-	RESERVED
+CVE-2017-7381 (The doc/PdfPage.cpp:609:23 code in PoDoFo 0.9.5 allows remote attackers ...)
 	- libpodofo <unfixed> (bug #859329)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/3
 	NOTE: https://github.com/asarubbo/poc/blob/master/00251-podofo-nullptr2
-CVE-2017-7380
-	RESERVED
+CVE-2017-7380 (The doc/PdfPage.cpp:614:20 code in PoDoFo 0.9.5 allows remote attackers ...)
 	- libpodofo <unfixed> (bug #859329)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/3
 	NOTE: https://github.com/asarubbo/poc/blob/master/00250-podofo-nullptr1
-CVE-2017-7379 [heap-based buffer overflow in PoDoFo::PdfSimpleEncoding::ConvertToEncoding (PdfEncoding.cpp)]
-	RESERVED
+CVE-2017-7379 (The PoDoFo::PdfSimpleEncoding::ConvertToEncoding function in ...)
 	- libpodofo <unfixed> (bug #859331)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/2
-CVE-2017-7378 [heap-based buffer overflow in PoDoFo::PdfPainter::ExpandTabs (PdfPainter.cpp)]
-	RESERVED
+CVE-2017-7378 (The PoDoFo::PdfPainter::ExpandTabs function in PdfPainter.cpp in PoDoFo ...)
 	- libpodofo <unfixed> (bug #859330)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/1
 CVE-2017-7377
@@ -2584,8 +2605,8 @@
 	RESERVED
 CVE-2017-6449
 	RESERVED
-CVE-2017-6448
-	RESERVED
+CVE-2017-6448 (The dalvik_disassemble function in libr/asm/p/asm_dalvik.c in radare2 ...)
+	TODO: check
 CVE-2017-6447
 	RESERVED
 CVE-2017-6446 (XSS was discovered in Dotclear v2.11.2, affecting admin/blogs.php and ...)
@@ -2612,8 +2633,8 @@
 	NOTE: Fixed by: https://github.com/inliniac/suricata/commit/4a04f814b15762eb446a5ead4d69d021512df6f8 (3.2.1)
 CVE-2017-6442
 	RESERVED
-CVE-2017-6441
-	RESERVED
+CVE-2017-6441 (** DISPUTED ** The _zval_get_long_func_ex in Zend/zend_operators.c in ...)
+	TODO: check
 CVE-2017-6440 (The parse_data_node function in bplist.c in libimobiledevice libplist ...)
 	- libplist 1.12+git+1+e37ca00-0.2 (bug #858055)
 	[jessie] - libplist <no-dsa> (Minor issue)
@@ -3427,8 +3448,8 @@
 	NOTE: Possibly introduced only after http://git.ghostscript.com/?p=ghostpdl.git;h=cffb5712bc10c2c2f46adf311fc74aaae74cb784
 CVE-2017-6195
 	RESERVED
-CVE-2017-6194
-	RESERVED
+CVE-2017-6194 (The relocs function in libr/bin/p/bin_bflt.c in radare2 1.2.1 allows ...)
+	TODO: check
 CVE-2017-6193
 	RESERVED
 CVE-2017-6192
@@ -3451,8 +3472,8 @@
 	NOT-FOR-US: Sophos
 CVE-2017-6182 (In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the ...)
 	NOT-FOR-US: Sophos
-CVE-2017-6181
-	RESERVED
+CVE-2017-6181 (The parse_char_class function in regparse.c in the Onigmo (aka ...)
+	TODO: check
 CVE-2017-6180 (Keekoon KK002 devices 1.8.12 HD have a Cross Site Request Forgery ...)
 	NOT-FOR-US: Keekoon KK002 devices
 CVE-2017-6179
@@ -3709,8 +3730,8 @@
 	RESERVED
 CVE-2017-6063
 	RESERVED
-CVE-2016-10226
-	RESERVED
+CVE-2016-10226 (JavaScriptCore in WebKit, as distributed in Safari Technology Preview ...)
+	TODO: check
 CVE-2017-6061 (Cross-site scripting (XSS) vulnerability in the help component of SAP ...)
 	NOT-FOR-US: SAP
 CVE-2017-6060 (Stack-based buffer overflow in jstest_main.c in mujstest in Artifex ...)
@@ -4038,12 +4059,12 @@
 	NOTE: Fixed by https://github.com/vim/vim/commit/399c297aa93afe2c0a39e2a1b3f972aebba44c9d
 CVE-2017-5952
 	RESERVED
-CVE-2017-5951
-	RESERVED
-CVE-2017-5950
-	RESERVED
-CVE-2017-5949
-	RESERVED
+CVE-2017-5951 (The mem_get_bits_rectangle function in base/gdevmem.c in Artifex ...)
+	TODO: check
+CVE-2017-5950 (The SingleDocParser::HandleNode function in yaml-cpp (aka LibYaml-C++) ...)
+	TODO: check
+CVE-2017-5949 (JavaScriptCore in WebKit, as distributed in Safari Technology Preview ...)
+	TODO: check
 CVE-2017-5948
 	RESERVED
 CVE-2017-5947
@@ -4061,18 +4082,18 @@
 	RESERVED
 CVE-2017-5942 (An issue was discovered in the WP Mail plugin before 1.2 for WordPress. ...)
 	NOT-FOR-US: Wordpress plugin
-CVE-2016-10222
-	RESERVED
-CVE-2016-10221
-	RESERVED
-CVE-2016-10220
-	RESERVED
-CVE-2016-10219
-	RESERVED
-CVE-2016-10218
-	RESERVED
-CVE-2016-10217
-	RESERVED
+CVE-2016-10222 (runtime/JSONObject.cpp in JavaScriptCore in WebKit, as distributed in ...)
+	TODO: check
+CVE-2016-10221 (The count_entries function in pdf-layer.c in Artifex Software, Inc. ...)
+	TODO: check
+CVE-2016-10220 (The gs_makewordimagedevice function in base/gsdevmem.c in Artifex ...)
+	TODO: check
+CVE-2016-10219 (The intersect function in base/gxfill.c in Artifex Software, Inc. ...)
+	TODO: check
+CVE-2016-10218 (The pdf14_pop_transparency_group function in base/gdevp14.c in the PDF ...)
+	TODO: check
+CVE-2016-10217 (The pdf14_open function in base/gdevp14.c in Artifex Software, Inc. ...)
+	TODO: check
 CVE-2016-10216 (An issue was discovered in IT ITems DataBase (ITDB) through 1.23. The ...)
 	NOT-FOR-US: IT ITems DataBase
 CVE-2016-10215 (An issue was discovered in Fastspot BigTree bigtree-form-builder before ...)
@@ -4134,22 +4155,22 @@
 	NOT-FOR-US: Hardware issue in some Intel CPUs
 CVE-2017-5925 (Page table walks conducted by the MMU during virtual to physical ...)
 	NOT-FOR-US: Hardware issue in some Intel CPUs
-CVE-2017-5924
-	RESERVED
-CVE-2017-5923
-	RESERVED
+CVE-2017-5924 (libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a ...)
+	TODO: check
+CVE-2017-5923 (libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a ...)
+	TODO: check
 CVE-2017-5922
 	RESERVED
 CVE-2017-5921
 	RESERVED
 CVE-2017-5920
 	RESERVED
-CVE-2016-10211
-	RESERVED
-CVE-2016-10210
-	RESERVED
-CVE-2016-10209
-	RESERVED
+CVE-2016-10211 (libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a ...)
+	TODO: check
+CVE-2016-10210 (libyara/lexer.l in YARA 3.5.0 allows remote attackers to cause a denial ...)
+	TODO: check
+CVE-2016-10209 (The archive_wstring_append_from_mbs function in archive_string.c in ...)
+	TODO: check
 CVE-2017-5919
 	RESERVED
 CVE-2017-5918


