[Secure-testing-commits] r50449 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Fri Apr 7 21:10:12 UTC 2017


Author: sectracker
Date: 2017-04-07 21:10:12 +0000 (Fri, 07 Apr 2017)
New Revision: 50449

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-04-07 20:30:07 UTC (rev 50448)
+++ data/CVE/list	2017-04-07 21:10:12 UTC (rev 50449)
@@ -1,3 +1,23 @@
+CVE-2017-7586 (In libsndfile before 1.0.28, an error in the "header_read()" function ...)
+	TODO: check
+CVE-2017-7585 (In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" ...)
+	TODO: check
+CVE-2017-7584 (Memory Corruption Vulnerability in Foxit PDF Toolkit before 2.1 allows ...)
+	TODO: check
+CVE-2017-7583 (ILIAS before 5.2.3 has XSS via SVG documents. ...)
+	TODO: check
+CVE-2017-7582
+	RESERVED
+CVE-2017-7581 (SQL injection vulnerability in NewsController.php in the News module ...)
+	TODO: check
+CVE-2017-7580
+	RESERVED
+CVE-2017-7579 (inc/PMF/Faq.php in phpMyFAQ before 2.9.7 has XSS in the question field. ...)
+	TODO: check
+CVE-2007-6760
+	RESERVED
+CVE-2007-6759
+	RESERVED
 CVE-2017-7577 (XiongMai uc-httpd has directory traversal allowing the reading of ...)
 	NOT-FOR-US: XiongMai uc-httpd
 CVE-2017-7576 (DragonWave Horizon 1.01.03 wireless radios have hardcoded login ...)
@@ -2068,6 +2088,7 @@
 	[wheezy] - imagemagick <not-affected> (vulnerable code not present)
 	NOTE: Fixed by: http://git.imagemagick.org/repos/ImageMagick/commit/6790815c75bdea0357df5564345847856e995d6b
 CVE-2016-10251 (Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in ...)
+	{DSA-3827-1}
 	- jasper <removed>
 	NOTE: http://www.openwall.com/lists/oss-security/2016/11/04/11
 	NOTE: https://github.com/mdadams/jasper/commit/1f0dfe5a42911b6880a1445f13f6d615ddb55387
@@ -2541,26 +2562,26 @@
 	RESERVED
 CVE-2017-6607
 	RESERVED
-CVE-2017-6606
-	RESERVED
+CVE-2017-6606 (A vulnerability in a startup script of Cisco IOS XE Software could ...)
+	TODO: check
 CVE-2017-6605
 	RESERVED
-CVE-2017-6604
-	RESERVED
-CVE-2017-6603
-	RESERVED
-CVE-2017-6602
-	RESERVED
-CVE-2017-6601
-	RESERVED
-CVE-2017-6600
-	RESERVED
-CVE-2017-6599
-	RESERVED
-CVE-2017-6598
-	RESERVED
-CVE-2017-6597
-	RESERVED
+CVE-2017-6604 (A vulnerability in the web interface of Cisco Integrated Management ...)
+	TODO: check
+CVE-2017-6603 (A vulnerability in Cisco ASR 903 or ASR 920 Series Devices running with ...)
+	TODO: check
+CVE-2017-6602 (A vulnerability in the CLI of Cisco Unified Computing System (UCS) ...)
+	TODO: check
+CVE-2017-6601 (A vulnerability in the CLI of the Cisco Unified Computing System (UCS) ...)
+	TODO: check
+CVE-2017-6600 (A vulnerability in the CLI of the Cisco Unified Computing System (UCS) ...)
+	TODO: check
+CVE-2017-6599 (A vulnerability in Google-defined remote procedure call (gRPC) handling ...)
+	TODO: check
+CVE-2017-6598 (A vulnerability in the debug plug-in functionality of the Cisco Unified ...)
+	TODO: check
+CVE-2017-6597 (A vulnerability in the local-mgmt CLI command of the Cisco Unified ...)
+	TODO: check
 CVE-2017-6596 (partclone.chkimg in partclone 0.2.89 is prone to a heap-based buffer ...)
 	[experimental] - partclone 0.2.90-1
 	- partclone 0.2.89-3 (bug #857966)
@@ -10236,18 +10257,18 @@
 	RESERVED
 CVE-2017-3890 (A reflected cross-site scripting vulnerability in the BlackBerry ...)
 	NOT-FOR-US: BlackBerry
-CVE-2017-3889
-	RESERVED
-CVE-2017-3888
-	RESERVED
-CVE-2017-3887
-	RESERVED
-CVE-2017-3886
-	RESERVED
-CVE-2017-3885
-	RESERVED
-CVE-2017-3884
-	RESERVED
+CVE-2017-3889 (A vulnerability in the web interface of the Cisco Registered Envelope ...)
+	TODO: check
+CVE-2017-3888 (A vulnerability in the web-based management interface of Cisco Unified ...)
+	TODO: check
+CVE-2017-3887 (A vulnerability in the detection engine that handles Secure Sockets ...)
+	TODO: check
+CVE-2017-3886 (A vulnerability in the Cisco Unified Communications Manager web ...)
+	TODO: check
+CVE-2017-3885 (A vulnerability in the detection engine reassembly of Secure Sockets ...)
+	TODO: check
+CVE-2017-3884 (A vulnerability in the web interface of Cisco Prime Infrastructure and ...)
+	TODO: check
 CVE-2017-3883
 	RESERVED
 CVE-2017-3882
@@ -10318,8 +10339,8 @@
 	NOT-FOR-US: Cisco
 CVE-2017-3849 (A vulnerability in the Autonomic Networking Infrastructure (ANI) ...)
 	NOT-FOR-US: Cisco
-CVE-2017-3848
-	RESERVED
+CVE-2017-3848 (A vulnerability in the HTTP web-based management interface of Cisco ...)
+	TODO: check
 CVE-2017-3847 (A vulnerability in the web framework of Cisco Firepower Management ...)
 	NOT-FOR-US: Cisco
 CVE-2017-3846 (A vulnerability in the Client Manager Server of Cisco Workload ...)
@@ -10380,8 +10401,8 @@
 	NOT-FOR-US: Cisco
 CVE-2017-3818 (A vulnerability in the Multipurpose Internet Mail Extensions (MIME) ...)
 	NOT-FOR-US: Cisco Email Security Appliances
-CVE-2017-3817
-	RESERVED
+CVE-2017-3817 (A vulnerability in the role-based resource checking functionality of ...)
+	TODO: check
 CVE-2017-3816
 	RESERVED
 CVE-2017-3815 (An API Privilege vulnerability in Cisco TelePresence Server Software ...)
@@ -14577,8 +14598,8 @@
 	NOT-FOR-US: Apple
 CVE-2017-2388 (An issue was discovered in certain Apple products. macOS before ...)
 	NOT-FOR-US: Apple
-CVE-2017-2387
-	RESERVED
+CVE-2017-2387 (The Apple Music (aka com.apple.android.music) application before 2.0 ...)
+	TODO: check
 CVE-2017-2386 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
 	- webkit2gtk <unfixed> (unimportant)
 	NOTE: Not covered by security support
@@ -19341,6 +19362,7 @@
 	NOT-FOR-US: OpenShift
 CVE-2016-9591 [Use-after-free on heap in jas_matrix_destroy]
 	RESERVED
+	{DSA-3827-1}
 	- jasper <removed>
 	NOTE: https://github.com/mdadams/jasper/issues/105
 	NOTE: Fixed by: https://github.com/mdadams/jasper/commit/03fe49ab96bf65fea784cdc256507ea88267fc7c
@@ -20966,12 +20988,12 @@
 	NOT-FOR-US: Cisco
 CVE-2016-9198 (A vulnerability in the Active Directory integration component of Cisco ...)
 	NOT-FOR-US: Cisco
-CVE-2016-9197
-	RESERVED
-CVE-2016-9196
-	RESERVED
-CVE-2016-9195
-	RESERVED
+CVE-2016-9197 (A vulnerability in the CLI command parser of the Cisco Mobility Express ...)
+	TODO: check
+CVE-2016-9196 (A vulnerability in login authentication management in Cisco Aironet ...)
+	TODO: check
+CVE-2016-9195 (A vulnerability in RADIUS Change of Authorization (CoA) request ...)
+	TODO: check
 CVE-2016-9194 (A vulnerability in 802.11 Wireless Multimedia Extensions (WME) action ...)
 	NOT-FOR-US: Cisco
 CVE-2016-9193 (A vulnerability in the malicious file detection and blocking features ...)
@@ -22316,7 +22338,7 @@
 	NOTE: is very similar.
 	NOTE: https://lists.gnu.org/archive/html/bug-bash/2015-12/msg00112.html
 CVE-2016-10249 (Integer overflow in the jpc_dec_tiledecode function in jpc_dec.c in ...)
-	{DLA-739-1}
+	{DSA-3827-1 DLA-739-1}
 	- jasper <removed>
 	NOTE: Fixed by: https://github.com/mdadams/jasper/commit/988f8365f7d8ad8073b6786e433d34c553ecf568 (version-1.900.12)
 	NOTE: https://blogs.gentoo.org/ago/2016/10/23/jasper-heap-based-buffer-overflow-in-jpc_dec_tiledecode-jpc_dec-c/
@@ -28426,8 +28448,8 @@
 	NOT-FOR-US: Ambari Agent
 CVE-2016-6806
 	RESERVED
-CVE-2016-6805
-	RESERVED
+CVE-2016-6805 (Apache Ignite before 1.9 allows man-in-the-middle attackers to read ...)
+	TODO: check
 CVE-2016-6804
 	RESERVED
 	NOT-FOR-US: Apache OpenOffice installer for Windows




More information about the Secure-testing-commits mailing list