[Secure-testing-commits] r50431 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Fri Apr 7 09:10:12 UTC 2017
Author: sectracker
Date: 2017-04-07 09:10:12 +0000 (Fri, 07 Apr 2017)
New Revision: 50431
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-04-07 08:08:40 UTC (rev 50430)
+++ data/CVE/list 2017-04-07 09:10:12 UTC (rev 50431)
@@ -1,4 +1,43 @@
-CVE-2017-7578 [libming: heap overflow in parser.c]
+CVE-2017-7577 (XiongMai uc-httpd has directory traversal allowing the reading of ...)
+ TODO: check
+CVE-2017-7576 (DragonWave Horizon 1.01.03 wireless radios have hardcoded login ...)
+ TODO: check
+CVE-2017-7575 (Schneider Electric Modicon TM221CE16R 1.3.3.3 devices allow remote ...)
+ TODO: check
+CVE-2017-7574 (Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric ...)
+ TODO: check
+CVE-2017-7573
+ RESERVED
+CVE-2017-7572 (The _checkPolkitPrivilege function in serviceHelper.py in Back In Time ...)
+ TODO: check
+CVE-2017-7571 (public/rolechangeadmin in Faveo 1.9.3 allows CSRF. The impact is ...)
+ TODO: check
+CVE-2017-7570 (PivotX 2.3.11 allows remote authenticated Advanced users to execute ...)
+ TODO: check
+CVE-2017-7569 (In vBulletin before 5.3.0, remote attackers can bypass the ...)
+ TODO: check
+CVE-2017-7568
+ RESERVED
+CVE-2017-7567
+ RESERVED
+CVE-2017-7566 (MyBB before 1.8.11 allows remote attackers to bypass an SSRF protection ...)
+ TODO: check
+CVE-2017-7565 (Splunk Hadoop Connect App has a path traversal vulnerability that ...)
+ TODO: check
+CVE-2017-7564
+ RESERVED
+CVE-2017-7563
+ RESERVED
+CVE-2016-10320 (textract before 1.5.0 allows OS Command Injection attacks via a ...)
+ TODO: check
+CVE-2016-10319 (In ARM Trusted Firmware 1.2 and 1.3, a malformed firmware update SMC ...)
+ TODO: check
+CVE-2016-1000307 (Multiple Cross Site Scripting (XSS) Vulnerabilities in ClipBucket ...)
+ TODO: check
+CVE-2016-1000306
+ REJECTED
+ TODO: check
+CVE-2017-7578 (Multiple heap-based buffer overflows in parser.c in libming 0.4.7 allow ...)
- ming <removed>
NOTE: http://www.openwall.com/lists/oss-security/2017/04/07/1
NOTE: https://github.com/libming/libming/issues/68
@@ -388,7 +427,7 @@
RESERVED
CVE-2017-7398 (D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request ...)
NOT-FOR-US: D-Link
-CVE-2017-7397 (BackBox Linux 4.6 allows remote attackers to cause a denial of service ...)
+CVE-2017-7397 (** DISPUTED ** BackBox Linux 4.6 allows remote attackers to cause a ...)
NOT-FOR-US: BackBox OS specific CVE assignment
CVE-2017-7396 (In TigerVNC 1.7.1 (CConnection.cxx CConnection::CConnection), an ...)
- tigervnc <unfixed> (bug #859259)
@@ -1012,8 +1051,8 @@
- ninka <itp> (bug #631415)
CVE-2017-7238
RESERVED
-CVE-2017-7237
- RESERVED
+CVE-2017-7237 (The Spiceworks TFTP Server, as distributed with Spiceworks Inventory ...)
+ TODO: check
CVE-2017-7236
RESERVED
CVE-2016-10265
@@ -1191,8 +1230,8 @@
RESERVED
CVE-2017-7193
RESERVED
-CVE-2017-7192
- RESERVED
+CVE-2017-7192 (WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass ...)
+ TODO: check
CVE-2017-7190
RESERVED
CVE-2017-7189
@@ -1663,8 +1702,8 @@
NOT-FOR-US: AlienVault
CVE-2017-6970 (AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow ...)
NOT-FOR-US: AlienVault
-CVE-2017-6968
- RESERVED
+CVE-2017-6968 (GMV Checker ATM Security prior to 5.0.18 allows remote authenticated ...)
+ TODO: check
CVE-2017-6969 (readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer ...)
- binutils 2.28-3 (bug #858256)
[jessie] - binutils <no-dsa> (Minor issue)
@@ -1869,8 +1908,8 @@
- iortcw 1.50a+dfsg1-3 (bug #857714)
NOTE: https://ioquake3.org/2017/03/13/important-security-update-please-update-ioquake3-immediately/
NOTE: Also affects openjk (only in experimental; bug #857715)
-CVE-2017-6884
- RESERVED
+CVE-2017-6884 (A command injection vulnerability was discovered on the Zyxel EMG2926 ...)
+ TODO: check
CVE-2017-6883 (The ConvertToPDF plugin in Foxit Reader before 8.2.1 and PhantomPDF ...)
NOT-FOR-US: Foxit
CVE-2017-6882
@@ -3987,8 +4026,8 @@
RESERVED
CVE-2017-6131
RESERVED
-CVE-2017-6130
- RESERVED
+CVE-2017-6130 (F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is ...)
+ TODO: check
CVE-2017-6129
RESERVED
CVE-2017-6128
@@ -4694,8 +4733,8 @@
RESERVED
CVE-2017-5888
RESERVED
-CVE-2017-5887
- RESERVED
+CVE-2017-5887 (WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass ...)
+ TODO: check
CVE-2017-5885 (Multiple integer overflows in the (1) vnc_connection_server_message ...)
{DLA-831-1}
- gtk-vnc 0.6.0-3 (bug #854450)
@@ -7899,8 +7938,8 @@
RESERVED
CVE-2017-4965
RESERVED
-CVE-2017-4964
- RESERVED
+CVE-2017-4964 (Cloud Foundry Foundation BOSH Azure CPI v22 could potentially allow a ...)
+ TODO: check
CVE-2017-4963
RESERVED
CVE-2017-4962
@@ -10297,12 +10336,12 @@
NOT-FOR-US: Cisco
CVE-2017-3835 (A vulnerability in the sponsor portal of Cisco Identity Services Engine ...)
NOT-FOR-US: Cisco
-CVE-2017-3834
- RESERVED
+CVE-2017-3834 (A vulnerability in Cisco Aironet 1830 Series and Cisco Aironet 1850 ...)
+ TODO: check
CVE-2017-3833 (A vulnerability in the web framework of Cisco Unified Communications ...)
NOT-FOR-US: Cisco
-CVE-2017-3832
- RESERVED
+CVE-2017-3832 (A vulnerability in the web management interface of Cisco Wireless LAN ...)
+ TODO: check
CVE-2017-3831 (A vulnerability in the web-based GUI of Cisco Mobility Express 1800 ...)
NOT-FOR-US: Cisco
CVE-2017-3830 (A vulnerability in an internal API of the Cisco Meeting Server (CMS) ...)
@@ -13750,8 +13789,8 @@
RESERVED
CVE-2017-2676
RESERVED
-CVE-2017-2675
- RESERVED
+CVE-2017-2675 (Little Snitch version 3.0 through 3.7.3 suffer from a local privilege ...)
+ TODO: check
CVE-2017-2674
RESERVED
NOT-FOR-US: Red Hat business central
@@ -20756,8 +20795,8 @@
NOT-FOR-US: Nessus
CVE-2016-9259 (Cross-site scripting (XSS) vulnerability in Tenable Nessus before ...)
NOT-FOR-US: Nessus
-CVE-2017-0305
- RESERVED
+CVE-2017-0305 (F5 SSL Intercept iApp version 1.5.0 - 1.5.7 is vulnerable to an ...)
+ TODO: check
CVE-2017-0304
RESERVED
CVE-2017-0303
@@ -20873,8 +20912,8 @@
NOT-FOR-US: Cisco
CVE-2016-9220 (A Denial of Service Vulnerability in 802.11 ingress packet processing ...)
NOT-FOR-US: Cisco
-CVE-2016-9219
- RESERVED
+CVE-2016-9219 (A vulnerability with IPv6 UDP ingress packet processing in Cisco ...)
+ TODO: check
CVE-2016-9218 (A vulnerability in Cisco Hybrid Meeting Server could allow an ...)
NOT-FOR-US: Cisco
CVE-2016-9217 (A vulnerability in Cisco Intercloud Fabric for Business and Cisco ...)
@@ -20923,8 +20962,8 @@
RESERVED
CVE-2016-9195
RESERVED
-CVE-2016-9194
- RESERVED
+CVE-2016-9194 (A vulnerability in 802.11 Wireless Multimedia Extensions (WME) action ...)
+ TODO: check
CVE-2016-9193 (A vulnerability in the malicious file detection and blocking features ...)
NOT-FOR-US: Cisco
CVE-2016-9192 (A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows ...)
@@ -22140,8 +22179,7 @@
CVE-2016-8736
RESERVED
NOT-FOR-US: Apache OpenMeetings
-CVE-2016-8735 [remote code execution]
- RESERVED
+CVE-2016-8735 (Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x ...)
{DSA-3739-1 DSA-3738-1 DLA-729-1 DLA-728-1}
- tomcat9 <itp> (bug #802312)
- tomcat8 8.0.39-1
@@ -23097,8 +23135,8 @@
NOT-FOR-US: Fortinet FortiWLC
CVE-2016-8491 (The presence of a hardcoded account named 'core' in Fortinet FortiWLC ...)
NOT-FOR-US: Fortinet FortiWLC
-CVE-2015-8965
- RESERVED
+CVE-2015-8965 (Rogue Wave JViews before 8.8 patch 21 and 8.9 before patch 1 allows ...)
+ TODO: check
CVE-2016-XXXX [dbus format string vulnerability]
- dbus 1.10.12-1
[jessie] - dbus 1.8.22-0+deb8u1
@@ -28365,8 +28403,7 @@
NOTE: http://activemq.apache.org/security-advisories.data/CVE-2016-6810-announcement.txt
NOTE: http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000245.html
NOTE: https://jvn.jp/en/jp/JVN78980598/index.html
-CVE-2016-6809 [Arbitrary code execution vulnerability in MATLAB parser]
- RESERVED
+CVE-2016-6809 (Apache Tika before 1.14 allows Java code execution for serialized ...)
- tika <not-affected> (Matlab file parser introduced in 1.6)
NOTE: http://seclists.org/bugtraq/2016/Nov/40
CVE-2016-6808 [buffer overflow]
@@ -33361,8 +33398,7 @@
- neutron 2:8.1.2-1
[jessie] - neutron <no-dsa> (Minor issue)
NOTE: https://bugs.launchpad.net/bugs/1558658
-CVE-2016-5349
- RESERVED
+CVE-2016-5349 (The high level operating systems (HLOS) was not providing sufficient ...)
NOT-FOR-US: Qualcomm driver for Android
CVE-2016-5348 (The GPS component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, ...)
NOT-FOR-US: Android
@@ -62266,8 +62302,8 @@
NOTE: http://www.ocert.org/advisories/ocert-2015-008.html
CVE-2015-4674 (The autoupdate implementation in TimeDoctor Pro 1.4.72.3 on Windows ...)
NOT-FOR-US: TimeDoctor Pro
-CVE-2015-4673
- RESERVED
+CVE-2015-4673 (Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket ...)
+ TODO: check
CVE-2015-4672
RESERVED
CVE-2015-4671 (Cross-site scripting (XSS) vulnerability in OpenCart before 2.1.0.2 ...)
More information about the Secure-testing-commits
mailing list