[Secure-testing-commits] r50320 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Tue Apr 4 09:10:13 UTC 2017
Author: sectracker
Date: 2017-04-04 09:10:13 +0000 (Tue, 04 Apr 2017)
New Revision: 50320
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-04-04 08:22:28 UTC (rev 50319)
+++ data/CVE/list 2017-04-04 09:10:13 UTC (rev 50320)
@@ -1,3 +1,35 @@
+CVE-2017-7414
+ RESERVED
+CVE-2017-7413
+ RESERVED
+CVE-2017-7412 (NixOS 17.03 before 17.03.887 has a world-writable Docker socket, which ...)
+ TODO: check
+CVE-2017-7411
+ RESERVED
+CVE-2017-7410 (Multiple SQL injection vulnerabilities in account/signup.php and ...)
+ TODO: check
+CVE-2017-7409
+ RESERVED
+CVE-2017-7408
+ RESERVED
+CVE-2017-7407 (The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow ...)
+ TODO: check
+CVE-2017-7406
+ RESERVED
+CVE-2017-7405
+ RESERVED
+CVE-2017-7404
+ RESERVED
+CVE-2017-7403
+ RESERVED
+CVE-2017-7402 (Pixie 1.0.4 allows remote authenticated users to upload and execute ...)
+ TODO: check
+CVE-2017-7401 (Incorrect interaction of the parse_packet() and ...)
+ TODO: check
+CVE-2017-7400 (OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 ...)
+ TODO: check
+CVE-2016-10317 (The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex ...)
+ TODO: check
CVE-2017-1001000 (The register_routes function in ...)
- wordpress 4.7.2+dfsg-1
[jessie] - wordpress <not-affected> (Vulnerable code introduced after 4.4)
@@ -28,8 +60,8 @@
RESERVED
CVE-2017-7398
RESERVED
-CVE-2017-7397
- RESERVED
+CVE-2017-7397 (BackBox Linux 4.6 allows remote attackers to cause a denial of service ...)
+ TODO: check
CVE-2017-7396 (In TigerVNC 1.7.1 (CConnection.cxx CConnection::CConnection), an ...)
- tigervnc <unfixed> (bug #859259)
NOTE: https://github.com/TigerVNC/tigervnc/pull/436
@@ -2771,8 +2803,7 @@
RESERVED
CVE-2016-10230
RESERVED
-CVE-2016-10229
- RESERVED
+CVE-2016-10229 (udp.c in the Linux kernel before 4.5 allows remote attackers to ...)
- linux 4.5.1-1
[jessie] - linux 3.16.7-ckt20-1+deb8u2
[wheezy] - linux 3.2.73-2+deb7u2
@@ -2831,8 +2862,8 @@
RESERVED
CVE-2014-9923
RESERVED
-CVE-2014-9922
- RESERVED
+CVE-2014-9922 (The eCryptfs subsystem in the Linux kernel before 3.18 allows local ...)
+ TODO: check
CVE-2017-6422
RESERVED
CVE-2017-6421
@@ -4737,12 +4768,12 @@
RESERVED
CVE-2017-5687
RESERVED
-CVE-2017-5686
- RESERVED
-CVE-2017-5685
- RESERVED
-CVE-2017-5684
- RESERVED
+CVE-2017-5686 (The BIOS in Intel NUC systems based on 6th Gen Intel Core processors ...)
+ TODO: check
+CVE-2017-5685 (The BIOS in Intel NUC systems based on 6th Gen Intel Core processors ...)
+ TODO: check
+CVE-2017-5684 (The BIOS in Intel Compute Stick systems based on 6th Gen Intel Core ...)
+ TODO: check
CVE-2017-5683
RESERVED
CVE-2017-5682 (Intel PSET Application Install wrapper of Intel Parallel Studio XE, ...)
@@ -5034,8 +5065,8 @@
NOTE: http://www.openwall.com/lists/oss-security/2017/03/20/9
CVE-2017-5643 (Apache Camel's Validation Component is vulnerable against SSRF via ...)
NOT-FOR-US: Apache Camel
-CVE-2017-5642
- RESERVED
+CVE-2017-5642 (During installation of Ambari 2.4.0 through 2.4.2, Ambari Server ...)
+ TODO: check
CVE-2017-5641
RESERVED
CVE-2017-5640
@@ -18498,6 +18529,7 @@
RESERVED
CVE-2017-0360 [Sanitize path in file_open against suffix]
RESERVED
+ {DLA-882-1}
- tryton-server 4.2.1-2
NOTE: Fixed by: http://hg.tryton.org/trytond?cmd=changeset;node=472510fdc6f8 (4.2.x)
CVE-2017-0359 [diffoscope writes to arbitrary locations on disk based on the contents of an untrusted archive]
@@ -42348,8 +42380,7 @@
- symfony 2.8.6+dfsg-1
[jessie] - symfony <not-affected> (Vulnerable code not present)
NOTE: http://symfony.com/blog/cve-2016-2403-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password
-CVE-2013-7450
- RESERVED
+CVE-2013-7450 (Pulp before 2.3.0 uses the same the same certificate authority key and ...)
NOT-FOR-US: Pulp (Red Hat)
CVE-2013-7448 (Directory traversal vulnerability in wiki.c in didiwiki allows remote ...)
{DSA-3485-1 DLA-424-1}
@@ -90455,14 +90486,14 @@
NOT-FOR-US: CoSoSys Endpoint Protector
CVE-2014-3931 (fastping.c in MRLG (aka Multi-Router Looking Glass) before 5.5.0 ...)
NOT-FOR-US: Multi-Router Looking Glass
-CVE-2014-3930
- RESERVED
-CVE-2014-3929
- RESERVED
-CVE-2014-3928
- RESERVED
-CVE-2014-3927
- RESERVED
+CVE-2014-3930 (lg.pl in Cistron-LG 1.01 stores sensitive information under the web ...)
+ TODO: check
+CVE-2014-3929 (The default configuration for Cougar-LG stores sensitive information ...)
+ TODO: check
+CVE-2014-3928 (Cougar-LG stores sensitive information under the web root with ...)
+ TODO: check
+CVE-2014-3927 (mrlg-lib.php in mrlg4php before 1.0.8 allows remote attackers to ...)
+ TODO: check
CVE-2014-3926 (Cross-site scripting (XSS) vulnerability in lg.cgi in Cougar LG 1.9 ...)
NOT-FOR-US: Cougar LG
CVE-2014-3924 (Multiple cross-site scripting (XSS) vulnerabilities in Webmin before ...)
@@ -97051,8 +97082,7 @@
NOT-FOR-US: Open-Xchange
CVE-2014-1678
RESERVED
-CVE-2014-1677 [Technicolor TC7200 - Credentials Disclosure]
- RESERVED
+CVE-2014-1677 (Technicolor TC7200 with firmware STD6.01.12 could allow remote ...)
NOT-FOR-US: Technicolor TC7200
NOTE: https://www.exploit-db.com/exploits/31894/
CVE-2014-1676
More information about the Secure-testing-commits
mailing list