[Secure-testing-commits] r50877 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Fri Apr 21 09:10:13 UTC 2017
Author: sectracker
Date: 2017-04-21 09:10:12 +0000 (Fri, 21 Apr 2017)
New Revision: 50877
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-04-21 08:42:08 UTC (rev 50876)
+++ data/CVE/list 2017-04-21 09:10:12 UTC (rev 50877)
@@ -1,3 +1,21 @@
+CVE-2017-7991
+ RESERVED
+CVE-2017-7990 (The Reporting Module 1.12.0 for OpenMRS allows CSRF attacks with ...)
+ TODO: check
+CVE-2017-7989
+ RESERVED
+CVE-2017-7988
+ RESERVED
+CVE-2017-7987
+ RESERVED
+CVE-2017-7986
+ RESERVED
+CVE-2017-7985
+ RESERVED
+CVE-2017-7984
+ RESERVED
+CVE-2017-7983
+ RESERVED
CVE-2017-7982 (Integer overflow in the plist_from_bin function in bplist.c in ...)
- libplist <unfixed>
NOTE: Fixed by: https://github.com/libimobiledevice/libplist/commit/fdebf8b319b9280cd0e9b4382f2c7cbf26ef9325
@@ -64,8 +82,8 @@
RESERVED
CVE-2017-7952
RESERVED
-CVE-2017-7951
- RESERVED
+CVE-2017-7951 (WonderCMS before 2.0.3 has CSRF because of lack of a token in an ...)
+ TODO: check
CVE-2017-7950
RESERVED
CVE-2017-7949
@@ -1591,8 +1609,8 @@
RESERVED
CVE-2017-7410 (Multiple SQL injection vulnerabilities in account/signup.php and ...)
NOT-FOR-US: WebsiteBaker
-CVE-2017-7409
- RESERVED
+CVE-2017-7409 (Palo Alto Networks PAN-OS before 7.0.15 has XSS in the GlobalProtect ...)
+ TODO: check
CVE-2017-7408 (Palo Alto Networks Traps ESM Console before 3.4.4 allows attackers to ...)
NOT-FOR-US: Palo Alto Networks Traps ESM Console
CVE-2017-7407 (The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow ...)
@@ -2379,8 +2397,8 @@
[wheezy] - mantis <end-of-life> (Unsupported in Wheezy LTS)
CVE-2017-7221
RESERVED
-CVE-2017-7220
- RESERVED
+CVE-2017-7220 (OpenText Documentum Content Server allows superuser access via ...)
+ TODO: check
CVE-2017-7219 (A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 ...)
NOT-FOR-US: Citrix
CVE-2017-7218 (The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 ...)
@@ -3766,32 +3784,32 @@
RESERVED
CVE-2017-6620
RESERVED
-CVE-2017-6619
- RESERVED
-CVE-2017-6618
- RESERVED
-CVE-2017-6617
- RESERVED
-CVE-2017-6616
- RESERVED
-CVE-2017-6615
- RESERVED
-CVE-2017-6614
- RESERVED
-CVE-2017-6613
- RESERVED
+CVE-2017-6619 (A vulnerability in the web-based GUI of Cisco Integrated Management ...)
+ TODO: check
+CVE-2017-6618 (A vulnerability in the web-based GUI of Cisco Integrated Management ...)
+ TODO: check
+CVE-2017-6617 (A vulnerability in the session identification management functionality ...)
+ TODO: check
+CVE-2017-6616 (A vulnerability in the web-based GUI of Cisco Integrated Management ...)
+ TODO: check
+CVE-2017-6615 (A vulnerability in the Simple Network Management Protocol (SNMP) ...)
+ TODO: check
+CVE-2017-6614 (A vulnerability in the file-download feature of the web user interface ...)
+ TODO: check
+CVE-2017-6613 (A vulnerability in the DNS input packet processor for Cisco Prime ...)
+ TODO: check
CVE-2017-6612
RESERVED
-CVE-2017-6611
- RESERVED
-CVE-2017-6610
- RESERVED
-CVE-2017-6609
- RESERVED
-CVE-2017-6608
- RESERVED
-CVE-2017-6607
- RESERVED
+CVE-2017-6611 (A vulnerability in the web framework code of Cisco Prime Infrastructure ...)
+ TODO: check
+CVE-2017-6610 (A vulnerability in the Internet Key Exchange Version 1 (IKEv1) XAUTH ...)
+ TODO: check
+CVE-2017-6609 (A vulnerability in the IPsec code of Cisco ASA Software could allow an ...)
+ TODO: check
+CVE-2017-6608 (A vulnerability in the Secure Sockets Layer (SSL) and Transport Layer ...)
+ TODO: check
+CVE-2017-6607 (A vulnerability in the DNS code of Cisco ASA Software could allow an ...)
+ TODO: check
CVE-2017-6606 (A vulnerability in a startup script of Cisco IOS XE Software could ...)
NOT-FOR-US: Cisco
CVE-2017-6605
@@ -9360,8 +9378,8 @@
RESERVED
CVE-2017-4970
RESERVED
-CVE-2017-4969
- RESERVED
+CVE-2017-4969 (The Cloud Controller in Cloud Foundry cf-release versions prior to v255 ...)
+ TODO: check
CVE-2017-4968
RESERVED
CVE-2017-4967
@@ -11711,14 +11729,14 @@
RESERVED
CVE-2017-3864 (A vulnerability in the DHCP client implementation of Cisco IOS (12.2, ...)
NOT-FOR-US: Cisco
-CVE-2017-3863
- RESERVED
-CVE-2017-3862
- RESERVED
-CVE-2017-3861
- RESERVED
-CVE-2017-3860
- RESERVED
+CVE-2017-3863 (Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 ...)
+ TODO: check
+CVE-2017-3862 (Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 ...)
+ TODO: check
+CVE-2017-3861 (Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 ...)
+ TODO: check
+CVE-2017-3860 (Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 ...)
+ TODO: check
CVE-2017-3859 (A vulnerability in the DHCP code for the Zero Touch Provisioning ...)
NOT-FOR-US: Cisco
CVE-2017-3858 (A vulnerability in the web framework of Cisco IOS XE Software could ...)
@@ -11821,8 +11839,8 @@
NOT-FOR-US: Cisco Prime Service Catalog
CVE-2017-3809 (A vulnerability in the Policy deployment module of the Cisco Firepower ...)
NOT-FOR-US: Cisco Firepower Management Center
-CVE-2017-3808
- RESERVED
+CVE-2017-3808 (A vulnerability in the Session Initiation Protocol (SIP) UDP throttling ...)
+ TODO: check
CVE-2017-3807 (A vulnerability in Common Internet Filesystem (CIFS) code in the ...)
NOT-FOR-US: Cisco
CVE-2017-3806 (A vulnerability in CLI command processing in the Cisco Firepower 4100 ...)
@@ -11851,8 +11869,8 @@
NOT-FOR-US: Cisco
CVE-2017-3794 (A vulnerability in Cisco WebEx Meetings Server could allow an ...)
NOT-FOR-US: Cisco
-CVE-2017-3793
- RESERVED
+CVE-2017-3793 (A vulnerability in the TCP normalizer of Cisco Adaptive Security ...)
+ TODO: check
CVE-2017-3792 (A vulnerability in a proprietary device driver in the kernel of Cisco ...)
NOT-FOR-US: Cisco TelePresence
CVE-2017-3791 (A vulnerability in the web-based GUI of Cisco Prime Home could allow an ...)
@@ -12100,12 +12118,12 @@
RESERVED
CVE-2016-9981
RESERVED
-CVE-2016-9980
- RESERVED
-CVE-2016-9979
- RESERVED
-CVE-2016-9978
- RESERVED
+CVE-2016-9980 (IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to ...)
+ TODO: check
+CVE-2016-9979 (IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to ...)
+ TODO: check
+CVE-2016-9978 (IBM Curam Social Program Management 5.2, 6.0, and 7.0 could allow an ...)
+ TODO: check
CVE-2016-9977
RESERVED
CVE-2016-9976
@@ -18690,8 +18708,8 @@
NOT-FOR-US: IBM
CVE-2017-1123
RESERVED
-CVE-2017-1122
- RESERVED
+CVE-2017-1122 (IBM Security Guardium 8.2, 9.0, and 10.0 contains a vulnerability that ...)
+ TODO: check
CVE-2017-1121 (IBM WebSphere Application Server 7.0, 8.0, and 9.0 is vulnerable to ...)
NOT-FOR-US: IBM
CVE-2017-1120 (IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site ...)
@@ -23324,8 +23342,8 @@
NOT-FOR-US: IBM
CVE-2016-8924
RESERVED
-CVE-2016-8923
- RESERVED
+CVE-2016-8923 (IBM Curam Social Program Management 5.2, 6.0, and 7.0 contains a ...)
+ TODO: check
CVE-2016-8922 (Exphox WebRadar is vulnerable to cross-site scripting. This ...)
NOT-FOR-US: Exphox WebRadar
CVE-2016-8921 (IBM FileNet WorkPlace XT could allow a remote attacker to upload ...)
@@ -31498,8 +31516,8 @@
NOT-FOR-US: Cisco
CVE-2016-6369 (Cisco AnyConnect Secure Mobility Client before 4.2.05015 and 4.3.x ...)
NOT-FOR-US: Cisco
-CVE-2016-6368
- RESERVED
+CVE-2016-6368 (A vulnerability in the detection engine parsing of Pragmatic General ...)
+ TODO: check
CVE-2016-6367 (Cisco Adaptive Security Appliance (ASA) Software before 8.4(1) on ASA ...)
NOT-FOR-US: Cisco
CVE-2016-6366 (Buffer overflow in Cisco Adaptive Security Appliance (ASA) Software ...)
@@ -34784,8 +34802,7 @@
CVE-2016-5402
RESERVED
NOT-FOR-US: Red Hat CloudForms
-CVE-2016-5401
- RESERVED
+CVE-2016-5401 (Cross-site request forgery (CSRF) vulnerability in Red Hat JBoss BRMS ...)
NOT-FOR-US: JBoss BPMS business-central
CVE-2016-5400 (Memory leak in the airspy_probe function in ...)
- linux 4.7.2-1
@@ -39408,8 +39425,8 @@
NOT-FOR-US: Huawei
CVE-2016-4086 (Huawei HiSuite (In China) before 4.0.4.301 and (Out of China) before ...)
NOT-FOR-US: Huawei HiSuite Device Manager
-CVE-2016-4075
- RESERVED
+CVE-2016-4075 (Opera Mini 13 and Opera Stable 36 allow remote attackers to spoof the ...)
+ TODO: check
CVE-2016-4067
RESERVED
CVE-2016-4066 (Cross-site request forgery (CSRF) vulnerability in Fortinet FortiWeb ...)
@@ -40526,26 +40543,21 @@
RESERVED
CVE-2016-3735
RESERVED
-CVE-2016-3734
- RESERVED
+CVE-2016-3734 (Cross-site request forgery (CSRF) vulnerability in markposts.php in ...)
- moodle 2.7.14+dfsg-1
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53755
-CVE-2016-3733
- RESERVED
+CVE-2016-3733 (The "restore teacher" feature in Moodle 3.0 through 3.0.3, 2.9 through ...)
- moodle 2.7.14+dfsg-1
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51369
-CVE-2016-3732
- RESERVED
+CVE-2016-3732 (The capability check to access other badges in Moodle 3.0 through ...)
- moodle <not-affected> (Does only affect 2.8 and newer)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53589
-CVE-2016-3731
- RESERVED
+CVE-2016-3731 (Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, and 2.8 through 2.8.11 ...)
- moodle <not-affected> (Does only affect 2.8 and newer)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53696
CVE-2016-3730
RESERVED
-CVE-2016-3729
- RESERVED
+CVE-2016-3729 (The user editing form in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, ...)
- moodle 2.7.14+dfsg-1
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53954
CVE-2016-3728 (Eval injection vulnerability in tftp_api.rb in the TFTP module in the ...)
@@ -49302,8 +49314,8 @@
RESERVED
CVE-2016-1162
RESERVED
-CVE-2016-1161
- RESERVED
+CVE-2016-1161 (Cross-site request forgery (CSRF) vulnerability in ManageEngine ...)
+ TODO: check
CVE-2016-1160 (Cross-site scripting (XSS) vulnerability in the WP Favorite Posts ...)
NOT-FOR-US: WP Favorite Posts plugin for WordPress
CVE-2016-1159
@@ -53522,8 +53534,8 @@
NOT-FOR-US: Swann
CVE-2015-8286 (Zhuhai RaySharp firmware has a hardcoded root password, which makes it ...)
NOT-FOR-US: Zhuhai RaySharp
-CVE-2015-8285
- RESERVED
+CVE-2015-8285 (The webssx.sys driver in QuickHeal 16.00 allows remote attackers to ...)
+ TODO: check
CVE-2015-8284 (SeaWell Networks Spectrum SDC 02.05.00 allows remote viewer users to ...)
NOT-FOR-US: SeaWell Networks Spectrum
CVE-2015-8283 (Directory traversal vulnerability in configure_manage.php in SeaWell ...)
More information about the Secure-testing-commits
mailing list