[Secure-testing-commits] r50679 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Fri Apr 14 21:10:12 UTC 2017
Author: sectracker
Date: 2017-04-14 21:10:11 +0000 (Fri, 14 Apr 2017)
New Revision: 50679
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-04-14 21:05:21 UTC (rev 50678)
+++ data/CVE/list 2017-04-14 21:10:11 UTC (rev 50679)
@@ -1,3 +1,29 @@
+CVE-2017-7880
+ RESERVED
+CVE-2017-7879 (SQL Injection vulnerability in flatCore version 1.4.6 allows an ...)
+ TODO: check
+CVE-2017-7878 (SQL Injection vulnerability in flatCore version 1.4.6 allows an ...)
+ TODO: check
+CVE-2017-7877 (CSRF vulnerability in flatCore version 1.4.6 allows remote attackers to ...)
+ TODO: check
+CVE-2017-7876
+ RESERVED
+CVE-2017-7875 (In wallpaper.c in feh before v2.18.3, if a malicious client pretends to ...)
+ TODO: check
+CVE-2017-7874
+ RESERVED
+CVE-2017-7873
+ RESERVED
+CVE-2017-7872
+ RESERVED
+CVE-2017-7871 (trollepierre/tdm before 2017-04-13 is vulnerable to a reflected XSS in ...)
+ TODO: check
+CVE-2016-1000259
+ REJECTED
+ TODO: check
+CVE-2016-1000258
+ REJECTED
+ TODO: check
CVE-2017-7870 (LibreOffice before 2017-01-02 has an out-of-bounds write caused by a ...)
- libreoffice 1:5.2.5-1
NOTE: Fixed by: https://github.com/LibreOffice/core/commit/62a97e6a561ce65e88d4c537a1b82c336f012722
@@ -379,8 +405,8 @@
NOT-FOR-US: Spider Event Calendar
CVE-2017-7718
RESERVED
-CVE-2017-7717
- RESERVED
+CVE-2017-7717 (SQL injection vulnerability in the getUserUddiElements method in the ...)
+ TODO: check
CVE-2017-7716 (The read_u32_leb128 function in libr/util/uleb128.c in radare2 1.3.0 ...)
- radare2 <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/radare/radare2/issues/7260
@@ -455,8 +481,8 @@
- libsamplerate <unfixed> (bug #860159)
NOTE: https://github.com/erikd/libsamplerate/issues/11
NOTE: https://blogs.gentoo.org/ago/2017/04/11/libsamplerate-global-buffer-overflow-in-calc_output_single-src_sinc-c/
-CVE-2017-7696
- RESERVED
+CVE-2017-7696 (SAP AS JAVA SSO Authentication Library 2.0 through 3.0 allow remote ...)
+ TODO: check
CVE-2017-7695 (Unrestricted File Upload exists in BigTree CMS before 4.2.17: if an ...)
NOT-FOR-US: BigTree CMS
CVE-2017-7694 (Remote Code Execution vulnerability in ...)
@@ -467,8 +493,8 @@
RESERVED
CVE-2017-7691 (A code injection vulnerability exists in SAP TREX / Business Warehouse ...)
NOT-FOR-US: SAP TREX
-CVE-2017-7690
- RESERVED
+CVE-2017-7690 (Proxifier for Mac before 2.19.2, when first run, allows local users to ...)
+ TODO: check
CVE-2017-7689 (A Command Injection vulnerability in Schneider Electric homeLYnk ...)
NOT-FOR-US: Schneider Electric
CVE-2017-7688
@@ -561,8 +587,8 @@
RESERVED
CVE-2017-7644
RESERVED
-CVE-2017-7643
- RESERVED
+CVE-2017-7643 (Proxifier for Mac before 2.19 allows local users to gain privileges ...)
+ TODO: check
CVE-2017-7642
RESERVED
CVE-2017-7641
@@ -1039,12 +1065,12 @@
RESERVED
CVE-2017-7458
RESERVED
-CVE-2017-7457
- RESERVED
-CVE-2017-7456
- RESERVED
-CVE-2017-7455
- RESERVED
+CVE-2017-7457 (XML External Entity via ".AOP" files used by Moxa MX-AOPC Server 1.5 ...)
+ TODO: check
+CVE-2017-7456 (Moxa MXView 2.8 allows remote attackers to cause a Denial of Service ...)
+ TODO: check
+CVE-2017-7455 (Moxa MXView 2.8 allows remote attackers to read web server's private ...)
+ TODO: check
CVE-2017-7454 (The iwgif_record_pixel function in imagew-gif.c in libimageworsener.a ...)
NOT-FOR-US: ImageWorsener
CVE-2017-7453 (The iwgif_record_pixel function in imagew-gif.c in libimageworsener.a ...)
@@ -1155,8 +1181,8 @@
NOT-FOR-US: WebsiteBaker
CVE-2017-7409
RESERVED
-CVE-2017-7408
- RESERVED
+CVE-2017-7408 (Palo Alto Networks Traps ESM Console before 3.4.4 allows attackers to ...)
+ TODO: check
CVE-2017-7407 (The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow ...)
{DLA-883-1}
- curl 7.52.1-4 (unimportant; bug #859500)
@@ -1329,8 +1355,8 @@
- lightdm <not-affected> (Vulnerable code not present)
NOTE: https://launchpad.net/bugs/1677924
NOTE: Specific script debian/guest-account.sh not merged from Ubuntu
-CVE-2017-7357
- RESERVED
+CVE-2017-7357 (Hipchat Server before 2.2.3 allows remote authenticated users with ...)
+ TODO: check
CVE-2017-7356
RESERVED
CVE-2017-7355
@@ -1938,10 +1964,10 @@
RESERVED
CVE-2017-7219 (A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 ...)
NOT-FOR-US: Citrix
-CVE-2017-7218
- RESERVED
-CVE-2017-7217
- RESERVED
+CVE-2017-7218 (The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 ...)
+ TODO: check
+CVE-2017-7217 (The Management Web Interface in Palo Alto Networks PAN-OS before ...)
+ TODO: check
CVE-2017-7216
RESERVED
CVE-2016-10255 (The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils ...)
@@ -2038,8 +2064,8 @@
RESERVED
CVE-2017-7189
RESERVED
-CVE-2017-7188
- RESERVED
+CVE-2017-7188 (Zurmo 3.1.1 Stable allows a Cross-Site Scripting (XSS) attack with a ...)
+ TODO: check
CVE-2017-7187 (The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel through ...)
- linux 4.9.18-1
[jessie] - linux <not-affected> (Introduced in 3.17)
@@ -3455,8 +3481,8 @@
NOT-FOR-US: CMS Made Simple
CVE-2017-6555 (Cross-site scripting (XSS) vulnerability in /admin/moduleinterface.php ...)
NOT-FOR-US: CMS Made Simple
-CVE-2017-6554
- RESERVED
+CVE-2017-6554 (pmmasterd in Quest Privilege Manager 6.0.0-27 and 6.0.0-50 allows ...)
+ TODO: check
CVE-2017-6553
RESERVED
CVE-2017-6552 (Livebox 3 Sagemcom SG30_sip-fr-5.15.8.1 devices have an insufficiently ...)
@@ -12515,7 +12541,7 @@
CVE-2017-3448
RESERVED
CVE-2017-3447
- RESERVED
+ REJECTED
CVE-2017-3446
RESERVED
CVE-2017-3445
@@ -17807,8 +17833,8 @@
RESERVED
CVE-2017-1206
RESERVED
-CVE-2017-1205
- RESERVED
+CVE-2017-1205 (IBM Platform LSF 10.1 contains an unspecified vulnerability that could ...)
+ TODO: check
CVE-2017-1204
RESERVED
CVE-2017-1203
@@ -17914,8 +17940,8 @@
NOT-FOR-US: IBM
CVE-2017-1153 (IBM TRIRIGA Report Manager 3.2 through 3.5 contains a vulnerability ...)
NOT-FOR-US: IBM
-CVE-2017-1152
- RESERVED
+CVE-2017-1152 (IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly ...)
+ TODO: check
CVE-2017-1151 (IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID ...)
NOT-FOR-US: IBM
CVE-2017-1150 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) ...)
@@ -22597,12 +22623,12 @@
NOT-FOR-US: IBM
CVE-2016-8928 (IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote ...)
NOT-FOR-US: IBM
-CVE-2016-8927
- RESERVED
-CVE-2016-8926
- RESERVED
-CVE-2016-8925
- RESERVED
+CVE-2016-8927 (IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is ...)
+ TODO: check
+CVE-2016-8926 (IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 ...)
+ TODO: check
+CVE-2016-8925 (IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 ...)
+ TODO: check
CVE-2016-8924
RESERVED
CVE-2016-8923
@@ -24039,8 +24065,7 @@
NOTE: https://sourceforge.net/p/libdwarf/code/ci/2d14a7792889e33bc542c28d0f3792964c46214f/#diff-13
NOTE: https://sourceforge.net/p/libdwarf/code/ci/efe48cad0693d6994d9a7b561e1c3833b073a624/#diff-2
NOTE: http://www.openwall.com/lists/oss-security/2016/10/08/13
-CVE-2016-8602 [type confusion]
- RESERVED
+CVE-2016-8602 (The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 ...)
{DSA-3691-1 DLA-674-1}
- ghostscript 9.19~dfsg-3.1 (bug #840451)
NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=697203
@@ -28601,8 +28626,7 @@
CVE-2016-7061
RESERVED
NOT-FOR-US: Red Hat JBoss Enterprise Application Platform
-CVE-2016-7060
- RESERVED
+CVE-2016-7060 (The web interface in Red Hat QuickStart Cloud Installer (QCI) 1.0 does ...)
NOT-FOR-US: Red Hat QCI
CVE-2016-7059
RESERVED
@@ -28645,8 +28669,7 @@
[jessie] - openssl <not-affected> (Introduced in 1.0.2i)
[wheezy] - openssl <not-affected> (Introduced in 1.0.2i)
NOTE: https://www.openssl.org/news/secadv/20160926.txt
-CVE-2016-7051
- RESERVED
+CVE-2016-7051 (XmlMapper in the Data format extension for Jackson (aka ...)
- jackson-dataformat-xml 2.8.5-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1378673#c7
NOTE: https://github.com/FasterXML/jackson-dataformat-xml/issues/211
@@ -28711,8 +28734,7 @@
NOT-FOR-US: JBoss BPMS
CVE-2016-7033 (Multiple cross-site scripting (XSS) vulnerabilities in the admin pages ...)
NOT-FOR-US: JBoss BPMS
-CVE-2016-7032 [noexec bypass via system() and popen()]
- RESERVED
+CVE-2016-7032 (sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users ...)
{DLA-707-1}
- sudo 1.8.15-1
[jessie] - sudo <no-dsa> (Minor issue)
@@ -30457,8 +30479,7 @@
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #833099)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/dd84447b63a71fa8c3f47071b09454efc667767b
-CVE-2016-6489 [RSA code is vulnerable to cache sharing related attacks]
- RESERVED
+CVE-2016-6489 (The RSA and DSA decryption code in Nettle makes it easier for ...)
{DLA-593-1}
- nettle 3.3-1 (bug #832983)
[jessie] - nettle 2.7.1-5+deb8u2
@@ -31050,8 +31071,7 @@
NOTE: Fixed by: https://git.busybox.net/busybox/commit/?id=150dc7a2b483b8338a3e185c478b4b23ee884e71
CVE-2016-6300
REJECTED
-CVE-2016-6299 [privilige escalation via mock-scm]
- RESERVED
+CVE-2016-6299 (The scm plug-in in mock might allow attackers to bypass the intended ...)
- mock 1.3.2-1 (bug #850320)
[jessie] - mock <not-affected> (Parsing is done before, after temporarily dropping super-user privileges at startup)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1375490
@@ -34460,14 +34480,14 @@
NOTE: Upstream fix https://github.com/vadz/libtiff/commit/391e77fcd217e78b2c51342ac3ddb7100ecacdd2
CVE-2016-5313 (Symantec Web Gateway (SWG) before 5.2.5 allows remote authenticated ...)
NOT-FOR-US: Symantec
-CVE-2016-5312
- RESERVED
+CVE-2016-5312 (Directory traversal vulnerability in the charting component in ...)
+ TODO: check
CVE-2016-5311
RESERVED
-CVE-2016-5310
- RESERVED
-CVE-2016-5309
- RESERVED
+CVE-2016-5310 (The RAR file parser component in the AntiVirus Decomposer engine in ...)
+ TODO: check
+CVE-2016-5309 (The RAR file parser component in the AntiVirus Decomposer engine in ...)
+ TODO: check
CVE-2016-5308 (The Client Intrusion Detection System (CIDS) driver before 15.0.6 in ...)
NOT-FOR-US: Norton
CVE-2016-5307 (Directory traversal vulnerability in Symantec Endpoint Protection ...)
@@ -36569,12 +36589,12 @@
NOT-FOR-US: SetucoCMS
CVE-2016-4891 (Cross-site request forgery (CSRF) vulnerability in SetucoCMS. ...)
NOT-FOR-US: SetucoCMS
-CVE-2016-4890
- RESERVED
-CVE-2016-4889
- RESERVED
-CVE-2016-4888
- RESERVED
+CVE-2016-4890 (ZOHO ManageEngine ServiceDesk Plus before 9.2 uses an insecure method ...)
+ TODO: check
+CVE-2016-4889 (ZOHO ManageEngine ServiceDesk Plus before 9.0 allows remote ...)
+ TODO: check
+CVE-2016-4888 (Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ...)
+ TODO: check
CVE-2016-4887
RESERVED
CVE-2016-4886
@@ -36599,8 +36619,8 @@
RESERVED
CVE-2016-4876
RESERVED
-CVE-2016-4875
- RESERVED
+CVE-2016-4875 (Multiple cross-site scripting (XSS) vulnerabilities in the IVYWE (1) ...)
+ TODO: check
CVE-2016-4874
RESERVED
CVE-2016-4873
@@ -37819,8 +37839,7 @@
CVE-2016-4457
RESERVED
NOT-FOR-US: Red Hat CloudForms
-CVE-2016-4455
- RESERVED
+CVE-2016-4455 (The Subscription Manager package (aka subscription-manager) before ...)
NOT-FOR-US: Red Hat Subscription Manager
CVE-2016-4454 (The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU ...)
- qemu 1:2.6+dfsg-3
@@ -41465,8 +41484,7 @@
{DSA-3570-1 DLA-459-1}
- mercurial 3.8.1-1
NOTE: https://selenic.com/hg/rev/a56296f55a5e
-CVE-2016-3104
- RESERVED
+CVE-2016-3104 (mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow ...)
- mongodb 1:3.2.11-1
[jessie] - mongodb <no-dsa> (Minor issue)
[wheezy] - mongodb <no-dsa> (Minor issue)
@@ -46505,8 +46523,8 @@
[squeeze] - jasper <no-dsa> (Minor issue)
CVE-2016-1715 (The swin.sys kernel driver in McAfee Application Control (MAC) 6.1.0 ...)
NOT-FOR-US: swin.sys kernel driver in McAfee Application Control
-CVE-2016-1713
- RESERVED
+CVE-2016-1713 (Unrestricted file upload vulnerability in the ...)
+ TODO: check
CVE-2016-1712 (Palo Alto Networks PAN-OS before 5.0.19, 5.1.x before 5.1.12, 6.0.x ...)
NOT-FOR-US: Palo Alto Networks
CVE-2015-8779 (Stack-based buffer overflow in the catopen function in the GNU C ...)
@@ -50049,8 +50067,7 @@
NOTE: Upstream commit: https://git.kernel.org/linus/23567fd052a9abb6d67fe8e7a9ccdd9800a540f2
NOTE: Introduced in https://git.kernel.org/linus/3a50597de8635cd05133bd12c95681c82fe7b878 (v3.8-rc1)
NOTE: http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/
-CVE-2016-0727 [NTP statsdir cleanup cronjob insecure]
- RESERVED
+CVE-2016-0727 (The crontab script in the ntp package before ...)
- ntp 1:4.2.8p9+dfsg-2 (low; bug #839998)
[jessie] - ntp <no-dsa> (Minor issue)
[wheezy] - ntp <no-dsa> (Minor issue)
@@ -52579,8 +52596,8 @@
NOT-FOR-US: Bitrix
CVE-2015-8357 (Directory traversal vulnerability in the bitrix.xscan module before ...)
NOT-FOR-US: Bitrix
-CVE-2015-8356
- RESERVED
+CVE-2015-8356 (Multiple SQL injection vulnerabilities in the mcart.xls module 6.5.2 ...)
+ TODO: check
CVE-2015-8355
RESERVED
CVE-2015-8354
@@ -57825,10 +57842,10 @@
RESERVED
CVE-2015-6569
RESERVED
-CVE-2015-6568
- RESERVED
-CVE-2015-6567
- RESERVED
+CVE-2015-6568 (Wolf CMS before 0.8.3.1 allows unrestricted file rename and PHP Code ...)
+ TODO: check
+CVE-2015-6567 (Wolf CMS before 0.8.3.1 allows unrestricted file upload and PHP Code ...)
+ TODO: check
CVE-2015-6566 (zarafa-autorespond in Zarafa Collaboration Platform (ZCP) before 7.2.1 ...)
- zarafa <itp> (bug #658433)
CVE-2015-6562
More information about the Secure-testing-commits
mailing list