[Secure-testing-commits] r50751 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Tue Apr 18 09:10:17 UTC 2017 

Author: sectracker
Date: 2017-04-18 09:10:16 +0000 (Tue, 18 Apr 2017)
New Revision: 50751

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-04-18 06:30:44 UTC (rev 50750)
+++ data/CVE/list	2017-04-18 09:10:16 UTC (rev 50751)
@@ -1,4 +1,8 @@
-CVE-2017-7892 [Bounds check elided by compiler optimization]
+CVE-2017-7894
+	RESERVED
+CVE-2017-7893
+	RESERVED
+CVE-2017-7892 (Sandstorm Cap'n Proto before 0.5.3.1 allows remote crashes related to a ...)
 	- capnproto <unfixed>
 	NOTE: https://github.com/sandstorm-io/capnproto/blob/master/security-advisories/2017-04-17-0-apple-clang-elides-bounds-check.md
 	NOTE: Fixed by: https://github.com/sandstorm-io/capnproto/commit/52bc956459a5e83d7c31be95763ff6399e064ae4
@@ -6389,8 +6393,7 @@
 	NOTE: Fixed by: http://svn.apache.org/r1789856 (6.0.x)
 CVE-2017-5646
 	RESERVED
-CVE-2017-5645 [Apache Log4j socket receiver deserialization vulnerability]
-	RESERVED
+CVE-2017-5645 (In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or ...)
 	- apache-log4j2 <unfixed> (bug #860489)
 	NOTE: https://issues.apache.org/jira/browse/LOG4J2-1863
 	NOTE: Fixed by: https://git-wip-us.apache.org/repos/asf?p=logging-log4j2.git;h=5dcc19215827db29c993d0305ee2b0d8dd05939d
@@ -17975,10 +17978,10 @@
 	RESERVED
 CVE-2017-1162
 	RESERVED
-CVE-2017-1161
-	RESERVED
-CVE-2017-1160
-	RESERVED
+CVE-2017-1161 (IBM API Connect 5.0.6.0 could allow a remote attacker to execute ...)
+	TODO: check
+CVE-2017-1160 (IBM Financial Transaction Manager for ACH Services for Multi-Platform ...)
+	TODO: check
 CVE-2017-1159
 	RESERVED
 CVE-2017-1158
@@ -41833,12 +41836,12 @@
 	NOT-FOR-US: IBM
 CVE-2016-3039 (IBM Traveler 8.x and 9.x before 9.0.1.12 allows remote authenticated ...)
 	NOT-FOR-US: IBM
-CVE-2016-3038
-	RESERVED
-CVE-2016-3037
-	RESERVED
-CVE-2016-3036
-	RESERVED
+CVE-2016-3038 (IBM Cognos TM1 10.1 and 10.2 is vulnerable to cross-site scripting. ...)
+	TODO: check
+CVE-2016-3037 (IBM Cognos TM1 10.1 and 10.2 provides a service to return the victim's ...)
+	TODO: check
+CVE-2016-3036 (IBM Cognos TM1 10.1 and 10.2 is vulnerable to a denial of service, ...)
+	TODO: check
 CVE-2016-3035 (IBM AppScan Source could reveal some sensitive information through the ...)
 	NOT-FOR-US: IBM
 CVE-2016-3034 (IBM AppScan Source uses a one-way hash without salt to encrypt highly ...)
@@ -51684,8 +51687,8 @@
 	NOT-FOR-US: IBM
 CVE-2016-0229 (Cross-site scripting (XSS) vulnerability in IBM Marketing Platform ...)
 	NOT-FOR-US: IBM
-CVE-2016-0228
-	RESERVED
+CVE-2016-0228 (IBM Marketing Platform 10.0 could allow a remote attacker to conduct ...)
+	TODO: check
 CVE-2016-0227 (Cross-site scripting (XSS) vulnerability in the document-list control ...)
 	NOT-FOR-US: IBM
 CVE-2016-0226 (The client implementation in IBM Informix Dynamic Server 11.70.xCn on ...)

More information about the Secure-testing-commits mailing list