[Secure-testing-commits] r50877 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Fri Apr 21 09:10:13 UTC 2017


Author: sectracker
Date: 2017-04-21 09:10:12 +0000 (Fri, 21 Apr 2017)
New Revision: 50877

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-04-21 08:42:08 UTC (rev 50876)
+++ data/CVE/list	2017-04-21 09:10:12 UTC (rev 50877)
@@ -1,3 +1,21 @@
+CVE-2017-7991
+	RESERVED
+CVE-2017-7990 (The Reporting Module 1.12.0 for OpenMRS allows CSRF attacks with ...)
+	TODO: check
+CVE-2017-7989
+	RESERVED
+CVE-2017-7988
+	RESERVED
+CVE-2017-7987
+	RESERVED
+CVE-2017-7986
+	RESERVED
+CVE-2017-7985
+	RESERVED
+CVE-2017-7984
+	RESERVED
+CVE-2017-7983
+	RESERVED
 CVE-2017-7982 (Integer overflow in the plist_from_bin function in bplist.c in ...)
 	- libplist <unfixed>
 	NOTE: Fixed by: https://github.com/libimobiledevice/libplist/commit/fdebf8b319b9280cd0e9b4382f2c7cbf26ef9325
@@ -64,8 +82,8 @@
 	RESERVED
 CVE-2017-7952
 	RESERVED
-CVE-2017-7951
-	RESERVED
+CVE-2017-7951 (WonderCMS before 2.0.3 has CSRF because of lack of a token in an ...)
+	TODO: check
 CVE-2017-7950
 	RESERVED
 CVE-2017-7949
@@ -1591,8 +1609,8 @@
 	RESERVED
 CVE-2017-7410 (Multiple SQL injection vulnerabilities in account/signup.php and ...)
 	NOT-FOR-US: WebsiteBaker
-CVE-2017-7409
-	RESERVED
+CVE-2017-7409 (Palo Alto Networks PAN-OS before 7.0.15 has XSS in the GlobalProtect ...)
+	TODO: check
 CVE-2017-7408 (Palo Alto Networks Traps ESM Console before 3.4.4 allows attackers to ...)
 	NOT-FOR-US: Palo Alto Networks Traps ESM Console
 CVE-2017-7407 (The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow ...)
@@ -2379,8 +2397,8 @@
 	[wheezy] - mantis <end-of-life> (Unsupported in Wheezy LTS)
 CVE-2017-7221
 	RESERVED
-CVE-2017-7220
-	RESERVED
+CVE-2017-7220 (OpenText Documentum Content Server allows superuser access via ...)
+	TODO: check
 CVE-2017-7219 (A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 ...)
 	NOT-FOR-US: Citrix
 CVE-2017-7218 (The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 ...)
@@ -3766,32 +3784,32 @@
 	RESERVED
 CVE-2017-6620
 	RESERVED
-CVE-2017-6619
-	RESERVED
-CVE-2017-6618
-	RESERVED
-CVE-2017-6617
-	RESERVED
-CVE-2017-6616
-	RESERVED
-CVE-2017-6615
-	RESERVED
-CVE-2017-6614
-	RESERVED
-CVE-2017-6613
-	RESERVED
+CVE-2017-6619 (A vulnerability in the web-based GUI of Cisco Integrated Management ...)
+	TODO: check
+CVE-2017-6618 (A vulnerability in the web-based GUI of Cisco Integrated Management ...)
+	TODO: check
+CVE-2017-6617 (A vulnerability in the session identification management functionality ...)
+	TODO: check
+CVE-2017-6616 (A vulnerability in the web-based GUI of Cisco Integrated Management ...)
+	TODO: check
+CVE-2017-6615 (A vulnerability in the Simple Network Management Protocol (SNMP) ...)
+	TODO: check
+CVE-2017-6614 (A vulnerability in the file-download feature of the web user interface ...)
+	TODO: check
+CVE-2017-6613 (A vulnerability in the DNS input packet processor for Cisco Prime ...)
+	TODO: check
 CVE-2017-6612
 	RESERVED
-CVE-2017-6611
-	RESERVED
-CVE-2017-6610
-	RESERVED
-CVE-2017-6609
-	RESERVED
-CVE-2017-6608
-	RESERVED
-CVE-2017-6607
-	RESERVED
+CVE-2017-6611 (A vulnerability in the web framework code of Cisco Prime Infrastructure ...)
+	TODO: check
+CVE-2017-6610 (A vulnerability in the Internet Key Exchange Version 1 (IKEv1) XAUTH ...)
+	TODO: check
+CVE-2017-6609 (A vulnerability in the IPsec code of Cisco ASA Software could allow an ...)
+	TODO: check
+CVE-2017-6608 (A vulnerability in the Secure Sockets Layer (SSL) and Transport Layer ...)
+	TODO: check
+CVE-2017-6607 (A vulnerability in the DNS code of Cisco ASA Software could allow an ...)
+	TODO: check
 CVE-2017-6606 (A vulnerability in a startup script of Cisco IOS XE Software could ...)
 	NOT-FOR-US: Cisco
 CVE-2017-6605
@@ -9360,8 +9378,8 @@
 	RESERVED
 CVE-2017-4970
 	RESERVED
-CVE-2017-4969
-	RESERVED
+CVE-2017-4969 (The Cloud Controller in Cloud Foundry cf-release versions prior to v255 ...)
+	TODO: check
 CVE-2017-4968
 	RESERVED
 CVE-2017-4967
@@ -11711,14 +11729,14 @@
 	RESERVED
 CVE-2017-3864 (A vulnerability in the DHCP client implementation of Cisco IOS (12.2, ...)
 	NOT-FOR-US: Cisco
-CVE-2017-3863
-	RESERVED
-CVE-2017-3862
-	RESERVED
-CVE-2017-3861
-	RESERVED
-CVE-2017-3860
-	RESERVED
+CVE-2017-3863 (Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 ...)
+	TODO: check
+CVE-2017-3862 (Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 ...)
+	TODO: check
+CVE-2017-3861 (Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 ...)
+	TODO: check
+CVE-2017-3860 (Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 ...)
+	TODO: check
 CVE-2017-3859 (A vulnerability in the DHCP code for the Zero Touch Provisioning ...)
 	NOT-FOR-US: Cisco
 CVE-2017-3858 (A vulnerability in the web framework of Cisco IOS XE Software could ...)
@@ -11821,8 +11839,8 @@
 	NOT-FOR-US: Cisco Prime Service Catalog
 CVE-2017-3809 (A vulnerability in the Policy deployment module of the Cisco Firepower ...)
 	NOT-FOR-US: Cisco Firepower Management Center
-CVE-2017-3808
-	RESERVED
+CVE-2017-3808 (A vulnerability in the Session Initiation Protocol (SIP) UDP throttling ...)
+	TODO: check
 CVE-2017-3807 (A vulnerability in Common Internet Filesystem (CIFS) code in the ...)
 	NOT-FOR-US: Cisco
 CVE-2017-3806 (A vulnerability in CLI command processing in the Cisco Firepower 4100 ...)
@@ -11851,8 +11869,8 @@
 	NOT-FOR-US: Cisco
 CVE-2017-3794 (A vulnerability in Cisco WebEx Meetings Server could allow an ...)
 	NOT-FOR-US: Cisco
-CVE-2017-3793
-	RESERVED
+CVE-2017-3793 (A vulnerability in the TCP normalizer of Cisco Adaptive Security ...)
+	TODO: check
 CVE-2017-3792 (A vulnerability in a proprietary device driver in the kernel of Cisco ...)
 	NOT-FOR-US: Cisco TelePresence
 CVE-2017-3791 (A vulnerability in the web-based GUI of Cisco Prime Home could allow an ...)
@@ -12100,12 +12118,12 @@
 	RESERVED
 CVE-2016-9981
 	RESERVED
-CVE-2016-9980
-	RESERVED
-CVE-2016-9979
-	RESERVED
-CVE-2016-9978
-	RESERVED
+CVE-2016-9980 (IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to ...)
+	TODO: check
+CVE-2016-9979 (IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to ...)
+	TODO: check
+CVE-2016-9978 (IBM Curam Social Program Management 5.2, 6.0, and 7.0 could allow an ...)
+	TODO: check
 CVE-2016-9977
 	RESERVED
 CVE-2016-9976
@@ -18690,8 +18708,8 @@
 	NOT-FOR-US: IBM
 CVE-2017-1123
 	RESERVED
-CVE-2017-1122
-	RESERVED
+CVE-2017-1122 (IBM Security Guardium 8.2, 9.0, and 10.0 contains a vulnerability that ...)
+	TODO: check
 CVE-2017-1121 (IBM WebSphere Application Server 7.0, 8.0, and 9.0 is vulnerable to ...)
 	NOT-FOR-US: IBM
 CVE-2017-1120 (IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site ...)
@@ -23324,8 +23342,8 @@
 	NOT-FOR-US: IBM
 CVE-2016-8924
 	RESERVED
-CVE-2016-8923
-	RESERVED
+CVE-2016-8923 (IBM Curam Social Program Management 5.2, 6.0, and 7.0 contains a ...)
+	TODO: check
 CVE-2016-8922 (Exphox WebRadar is vulnerable to cross-site scripting. This ...)
 	NOT-FOR-US: Exphox WebRadar
 CVE-2016-8921 (IBM FileNet WorkPlace XT could allow a remote attacker to upload ...)
@@ -31498,8 +31516,8 @@
 	NOT-FOR-US: Cisco
 CVE-2016-6369 (Cisco AnyConnect Secure Mobility Client before 4.2.05015 and 4.3.x ...)
 	NOT-FOR-US: Cisco
-CVE-2016-6368
-	RESERVED
+CVE-2016-6368 (A vulnerability in the detection engine parsing of Pragmatic General ...)
+	TODO: check
 CVE-2016-6367 (Cisco Adaptive Security Appliance (ASA) Software before 8.4(1) on ASA ...)
 	NOT-FOR-US: Cisco
 CVE-2016-6366 (Buffer overflow in Cisco Adaptive Security Appliance (ASA) Software ...)
@@ -34784,8 +34802,7 @@
 CVE-2016-5402
 	RESERVED
 	NOT-FOR-US: Red Hat CloudForms
-CVE-2016-5401
-	RESERVED
+CVE-2016-5401 (Cross-site request forgery (CSRF) vulnerability in Red Hat JBoss BRMS ...)
 	NOT-FOR-US: JBoss BPMS business-central
 CVE-2016-5400 (Memory leak in the airspy_probe function in ...)
 	- linux 4.7.2-1
@@ -39408,8 +39425,8 @@
 	NOT-FOR-US: Huawei
 CVE-2016-4086 (Huawei HiSuite (In China) before 4.0.4.301 and (Out of China) before ...)
 	NOT-FOR-US: Huawei HiSuite Device Manager
-CVE-2016-4075
-	RESERVED
+CVE-2016-4075 (Opera Mini 13 and Opera Stable 36 allow remote attackers to spoof the ...)
+	TODO: check
 CVE-2016-4067
 	RESERVED
 CVE-2016-4066 (Cross-site request forgery (CSRF) vulnerability in Fortinet FortiWeb ...)
@@ -40526,26 +40543,21 @@
 	RESERVED
 CVE-2016-3735
 	RESERVED
-CVE-2016-3734
-	RESERVED
+CVE-2016-3734 (Cross-site request forgery (CSRF) vulnerability in markposts.php in ...)
 	- moodle 2.7.14+dfsg-1
 	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53755
-CVE-2016-3733
-	RESERVED
+CVE-2016-3733 (The "restore teacher" feature in Moodle 3.0 through 3.0.3, 2.9 through ...)
 	- moodle 2.7.14+dfsg-1
 	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51369
-CVE-2016-3732
-	RESERVED
+CVE-2016-3732 (The capability check to access other badges in Moodle 3.0 through ...)
 	- moodle <not-affected> (Does only affect 2.8 and newer)
 	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53589
-CVE-2016-3731
-	RESERVED
+CVE-2016-3731 (Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, and 2.8 through 2.8.11 ...)
 	- moodle <not-affected> (Does only affect 2.8 and newer)
 	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53696
 CVE-2016-3730
 	RESERVED
-CVE-2016-3729
-	RESERVED
+CVE-2016-3729 (The user editing form in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, ...)
 	- moodle 2.7.14+dfsg-1
 	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53954
 CVE-2016-3728 (Eval injection vulnerability in tftp_api.rb in the TFTP module in the ...)
@@ -49302,8 +49314,8 @@
 	RESERVED
 CVE-2016-1162
 	RESERVED
-CVE-2016-1161
-	RESERVED
+CVE-2016-1161 (Cross-site request forgery (CSRF) vulnerability in ManageEngine ...)
+	TODO: check
 CVE-2016-1160 (Cross-site scripting (XSS) vulnerability in the WP Favorite Posts ...)
 	NOT-FOR-US: WP Favorite Posts plugin for WordPress
 CVE-2016-1159
@@ -53522,8 +53534,8 @@
 	NOT-FOR-US: Swann
 CVE-2015-8286 (Zhuhai RaySharp firmware has a hardcoded root password, which makes it ...)
 	NOT-FOR-US: Zhuhai RaySharp
-CVE-2015-8285
-	RESERVED
+CVE-2015-8285 (The webssx.sys driver in QuickHeal 16.00 allows remote attackers to ...)
+	TODO: check
 CVE-2015-8284 (SeaWell Networks Spectrum SDC 02.05.00 allows remote viewer users to ...)
 	NOT-FOR-US: SeaWell Networks Spectrum
 CVE-2015-8283 (Directory traversal vulnerability in configure_manage.php in SeaWell ...)




More information about the Secure-testing-commits mailing list