[Secure-testing-commits] r51046 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Tue Apr 25 21:10:14 UTC 2017


Author: sectracker
Date: 2017-04-25 21:10:13 +0000 (Tue, 25 Apr 2017)
New Revision: 51046

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-04-25 21:01:42 UTC (rev 51045)
+++ data/CVE/list	2017-04-25 21:10:13 UTC (rev 51046)
@@ -1,3 +1,239 @@
+CVE-2017-8225 (On Wireless IP Camera (P2P) WIFICAM devices, access to .ini files ...)
+	TODO: check
+CVE-2017-8224 (Wireless IP Camera (P2P) WIFICAM devices have a backdoor root account ...)
+	TODO: check
+CVE-2017-8223 (On Wireless IP Camera (P2P) WIFICAM devices, an attacker can use the ...)
+	TODO: check
+CVE-2017-8222 (Wireless IP Camera (P2P) WIFICAM devices have an "Apple Production IOS ...)
+	TODO: check
+CVE-2017-8221 (Wireless IP Camera (P2P) WIFICAM devices rely on a cleartext UDP tunnel ...)
+	TODO: check
+CVE-2017-8220 (TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build ...)
+	TODO: check
+CVE-2017-8219 (TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build ...)
+	TODO: check
+CVE-2017-8218 (vsftpd on TP-Link C2 and C20i devices through firmware 0.9.1 4.2 ...)
+	TODO: check
+CVE-2017-8217 (TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build ...)
+	TODO: check
+CVE-2017-8216
+	RESERVED
+CVE-2017-8215
+	RESERVED
+CVE-2017-8214
+	RESERVED
+CVE-2017-8213
+	RESERVED
+CVE-2017-8212
+	RESERVED
+CVE-2017-8211
+	RESERVED
+CVE-2017-8210
+	RESERVED
+CVE-2017-8209
+	RESERVED
+CVE-2017-8208
+	RESERVED
+CVE-2017-8207
+	RESERVED
+CVE-2017-8206
+	RESERVED
+CVE-2017-8205
+	RESERVED
+CVE-2017-8204
+	RESERVED
+CVE-2017-8203
+	RESERVED
+CVE-2017-8202
+	RESERVED
+CVE-2017-8201
+	RESERVED
+CVE-2017-8200
+	RESERVED
+CVE-2017-8199
+	RESERVED
+CVE-2017-8198
+	RESERVED
+CVE-2017-8197
+	RESERVED
+CVE-2017-8196
+	RESERVED
+CVE-2017-8195
+	RESERVED
+CVE-2017-8194
+	RESERVED
+CVE-2017-8193
+	RESERVED
+CVE-2017-8192
+	RESERVED
+CVE-2017-8191
+	RESERVED
+CVE-2017-8190
+	RESERVED
+CVE-2017-8189
+	RESERVED
+CVE-2017-8188
+	RESERVED
+CVE-2017-8187
+	RESERVED
+CVE-2017-8186
+	RESERVED
+CVE-2017-8185
+	RESERVED
+CVE-2017-8184
+	RESERVED
+CVE-2017-8183
+	RESERVED
+CVE-2017-8182
+	RESERVED
+CVE-2017-8181
+	RESERVED
+CVE-2017-8180
+	RESERVED
+CVE-2017-8179
+	RESERVED
+CVE-2017-8178
+	RESERVED
+CVE-2017-8177
+	RESERVED
+CVE-2017-8176
+	RESERVED
+CVE-2017-8175
+	RESERVED
+CVE-2017-8174
+	RESERVED
+CVE-2017-8173
+	RESERVED
+CVE-2017-8172
+	RESERVED
+CVE-2017-8171
+	RESERVED
+CVE-2017-8170
+	RESERVED
+CVE-2017-8169
+	RESERVED
+CVE-2017-8168
+	RESERVED
+CVE-2017-8167
+	RESERVED
+CVE-2017-8166
+	RESERVED
+CVE-2017-8165
+	RESERVED
+CVE-2017-8164
+	RESERVED
+CVE-2017-8163
+	RESERVED
+CVE-2017-8162
+	RESERVED
+CVE-2017-8161
+	RESERVED
+CVE-2017-8160
+	RESERVED
+CVE-2017-8159
+	RESERVED
+CVE-2017-8158
+	RESERVED
+CVE-2017-8157
+	RESERVED
+CVE-2017-8156
+	RESERVED
+CVE-2017-8155
+	RESERVED
+CVE-2017-8154
+	RESERVED
+CVE-2017-8153
+	RESERVED
+CVE-2017-8152
+	RESERVED
+CVE-2017-8151
+	RESERVED
+CVE-2017-8150
+	RESERVED
+CVE-2017-8149
+	RESERVED
+CVE-2017-8148
+	RESERVED
+CVE-2017-8147
+	RESERVED
+CVE-2017-8146
+	RESERVED
+CVE-2017-8145
+	RESERVED
+CVE-2017-8144
+	RESERVED
+CVE-2017-8143
+	RESERVED
+CVE-2017-8142
+	RESERVED
+CVE-2017-8141
+	RESERVED
+CVE-2017-8140
+	RESERVED
+CVE-2017-8139
+	RESERVED
+CVE-2017-8138
+	RESERVED
+CVE-2017-8137
+	RESERVED
+CVE-2017-8136
+	RESERVED
+CVE-2017-8135
+	RESERVED
+CVE-2017-8134
+	RESERVED
+CVE-2017-8133
+	RESERVED
+CVE-2017-8132
+	RESERVED
+CVE-2017-8131
+	RESERVED
+CVE-2017-8130
+	RESERVED
+CVE-2017-8129
+	RESERVED
+CVE-2017-8128
+	RESERVED
+CVE-2017-8127
+	RESERVED
+CVE-2017-8126
+	RESERVED
+CVE-2017-8125
+	RESERVED
+CVE-2017-8124
+	RESERVED
+CVE-2017-8123
+	RESERVED
+CVE-2017-8122
+	RESERVED
+CVE-2017-8121
+	RESERVED
+CVE-2017-8120
+	RESERVED
+CVE-2017-8119
+	RESERVED
+CVE-2017-8118
+	RESERVED
+CVE-2017-8117
+	RESERVED
+CVE-2017-8116
+	RESERVED
+CVE-2017-8115 (Directory traversal in setup/processors/url_search.php (aka the search ...)
+	TODO: check
+CVE-2017-8114
+	RESERVED
+CVE-2017-8113
+	RESERVED
+CVE-2017-8112
+	RESERVED
+CVE-2017-8111
+	RESERVED
+CVE-2017-8110 (www.modified-shop.org modified eCommerce Shopsoftware 2.0.2.2 rev 10690 ...)
+	TODO: check
+CVE-2017-8109 (The salt-ssh minion code in SaltStack Salt before 2016.11.4 copied over ...)
+	TODO: check
+CVE-2017-8108
+	RESERVED
 CVE-2017-8107
 	RESERVED
 CVE-2017-8106 (The handle_invept function in arch/x86/kvm/vmx.c in the Linux kernel ...)
@@ -155,8 +391,8 @@
 	RESERVED
 CVE-2017-8058
 	RESERVED
-CVE-2017-8057
-	RESERVED
+CVE-2017-8057 (In Joomla! 3.4.0 through 3.6.5 (fixed in 3.7.0), multiple files caused ...)
+	TODO: check
 CVE-2017-8056 (WatchGuard Fireware v11.12.1 and earlier mishandles requests referring ...)
 	NOT-FOR-US: WatchGuard
 CVE-2017-8055 (WatchGuard Fireware allows user enumeration, e.g., in the Firebox ...)
@@ -299,20 +535,20 @@
 	NOT-FOR-US: Exponent CMS
 CVE-2017-7990 (The Reporting Module 1.12.0 for OpenMRS allows CSRF attacks with ...)
 	NOT-FOR-US: OpenMRS
-CVE-2017-7989
-	RESERVED
-CVE-2017-7988
-	RESERVED
-CVE-2017-7987
-	RESERVED
-CVE-2017-7986
-	RESERVED
-CVE-2017-7985
-	RESERVED
-CVE-2017-7984
-	RESERVED
-CVE-2017-7983
-	RESERVED
+CVE-2017-7989 (In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate MIME type ...)
+	TODO: check
+CVE-2017-7988 (In Joomla! 1.6.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering ...)
+	TODO: check
+CVE-2017-7987 (In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate escaping of ...)
+	TODO: check
+CVE-2017-7986 (In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering ...)
+	TODO: check
+CVE-2017-7985 (In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering ...)
+	TODO: check
+CVE-2017-7984 (In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering ...)
+	TODO: check
+CVE-2017-7983 (In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), mail sent using the ...)
+	TODO: check
 CVE-2017-7982 (Integer overflow in the plist_from_bin function in bplist.c in ...)
 	- libplist <unfixed> (bug #860945)
 	[jessie] - libplist <no-dsa> (Minor issue)
@@ -1770,8 +2006,7 @@
 	RESERVED
 CVE-2017-7478
 	RESERVED
-CVE-2017-7477
-	RESERVED
+CVE-2017-7477 (Heap-based buffer overflow in drivers/net/macsec.c in the MACsec module ...)
 	- linux <unfixed>
 	[jessie] - linux <not-affected> (Introduced in 4.6)
 	[wheezy] - linux <not-affected> (Introduced in 4.6)
@@ -2742,8 +2977,8 @@
 CVE-2017-7222 (A cross-site scripting (XSS) vulnerability in MantisBT before 2.1.1 ...)
 	- mantis <removed>
 	[wheezy] - mantis <end-of-life> (Unsupported in Wheezy LTS)
-CVE-2017-7221
-	RESERVED
+CVE-2017-7221 (OpenText Documentum Content Server has an inadequate protection ...)
+	TODO: check
 CVE-2017-7220 (OpenText Documentum Content Server allows superuser access via ...)
 	NOT-FOR-US: OpenText Documentum Content Server
 CVE-2017-7219 (A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 ...)
@@ -7199,8 +7434,8 @@
 	RESERVED
 CVE-2017-5626 (OxygenOS before version 4.0.2, on OnePlus 3 and 3T, has two hidden ...)
 	NOT-FOR-US: OxygenOS
-CVE-2017-5625
-	RESERVED
+CVE-2017-5625 (In OxygenOS before 4.0.3 on OnePlus 3 and 3T devices, an unauthorized ...)
+	TODO: check
 CVE-2017-5624 (An issue was discovered in OxygenOS before 4.0.3 for OnePlus 3 and 3T. ...)
 	NOT-FOR-US: OxygenOS
 CVE-2017-5623 (An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T ...)
@@ -13187,6 +13422,7 @@
 CVE-2017-3601 (Vulnerability in the Oracle API Gateway component of Oracle Fusion ...)
 	NOT-FOR-US: Oracle
 CVE-2017-3600 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+	{DSA-3834-1 DLA-916-1}
 	- mariadb-10.1 <not-affected> (Fixed before initial upload to Debian)
 	- mariadb-10.0 10.0.28-1
 	[jessie] - mariadb-10.0 10.0.28-0+deb8u1
@@ -13508,15 +13744,19 @@
 	- mysql-5.7 <unfixed> (bug #860547)
 	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
 CVE-2017-3464 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+	{DSA-3834-1 DLA-916-1}
 	- mysql-5.7 <unfixed> (bug #860547)
 	- mysql-5.5 <removed> (bug #860544)
 CVE-2017-3463 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+	{DSA-3834-1 DLA-916-1}
 	- mysql-5.7 <unfixed> (bug #860547)
 	- mysql-5.5 <removed> (bug #860544)
 CVE-2017-3462 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+	{DSA-3834-1 DLA-916-1}
 	- mysql-5.7 <unfixed> (bug #860547)
 	- mysql-5.5 <removed> (bug #860544)
 CVE-2017-3461 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+	{DSA-3834-1 DLA-916-1}
 	- mysql-5.7 <unfixed> (bug #860547)
 	- mysql-5.5 <removed> (bug #860544)
 CVE-2017-3460 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
@@ -13532,6 +13772,7 @@
 	- mysql-5.7 <unfixed> (bug #860547)
 	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
 CVE-2017-3456 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+	{DSA-3834-1 DLA-916-1}
 	- mysql-5.7 <unfixed> (bug #860547)
 	- mysql-5.5 <removed> (bug #860544)
 CVE-2017-3455 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
@@ -13541,6 +13782,7 @@
 	- mysql-5.7 <unfixed> (bug #860547)
 	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
 CVE-2017-3453 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+	{DSA-3834-1 DLA-916-1}
 	- mysql-5.7 <unfixed> (bug #860547)
 	- mysql-5.5 <removed> (bug #860544)
 CVE-2017-3452 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
@@ -13581,8 +13823,8 @@
 	NOT-FOR-US: Oracle
 CVE-2017-3435 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
 	NOT-FOR-US: Oracle
-CVE-2017-3434
-	RESERVED
+CVE-2017-3434 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
+	TODO: check
 CVE-2017-3433 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
 	NOT-FOR-US: Oracle
 CVE-2017-3432 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
@@ -13737,10 +13979,10 @@
 	NOT-FOR-US: Oracle
 CVE-2017-3357 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...)
 	NOT-FOR-US: Oracle
-CVE-2017-3356
-	RESERVED
-CVE-2017-3355
-	RESERVED
+CVE-2017-3356 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...)
+	TODO: check
+CVE-2017-3355 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...)
+	TODO: check
 CVE-2017-3354 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...)
 	NOT-FOR-US: Oracle
 CVE-2017-3353 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...)
@@ -13755,18 +13997,18 @@
 	NOT-FOR-US: Oracle
 CVE-2017-3348 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...)
 	NOT-FOR-US: Oracle
-CVE-2017-3347
-	RESERVED
+CVE-2017-3347 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...)
+	TODO: check
 CVE-2017-3346 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...)
 	NOT-FOR-US: Oracle
-CVE-2017-3345
-	RESERVED
+CVE-2017-3345 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...)
+	TODO: check
 CVE-2017-3344 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...)
 	NOT-FOR-US: Oracle
 CVE-2017-3343 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...)
 	NOT-FOR-US: Oracle
-CVE-2017-3342
-	RESERVED
+CVE-2017-3342 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...)
+	TODO: check
 CVE-2017-3341 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...)
 	NOT-FOR-US: Oracle
 CVE-2017-3340 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...)
@@ -13795,6 +14037,7 @@
 CVE-2017-3330 (Vulnerability in the Siebel UI Framework component of Oracle Siebel ...)
 	NOT-FOR-US: Oracle Siebel
 CVE-2017-3329 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+	{DSA-3834-1 DLA-916-1}
 	- mysql-5.7 <unfixed> (bug #860547)
 	- mysql-5.5 <removed> (bug #860544)
 CVE-2017-3328 (Vulnerability in the Oracle Common Applications component of Oracle ...)
@@ -13862,9 +14105,11 @@
 CVE-2017-3310 (Vulnerability in the OJVM component of Oracle Database Server. ...)
 	NOT-FOR-US: Oracle
 CVE-2017-3309 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+	{DSA-3834-1 DLA-916-1}
 	- mysql-5.7 <unfixed> (bug #860547)
 	- mysql-5.5 <removed> (bug #860544)
 CVE-2017-3308 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+	{DSA-3834-1 DLA-916-1}
 	- mysql-5.7 <unfixed> (bug #860547)
 	- mysql-5.5 <removed> (bug #860544)
 CVE-2017-3307 (Vulnerability in the MySQL Enterprise Monitor component of Oracle ...)
@@ -13872,6 +14117,7 @@
 CVE-2017-3306 (Vulnerability in the MySQL Enterprise Monitor component of Oracle ...)
 	NOT-FOR-US: MySQL Enterprise Monitor
 CVE-2017-3305 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+	{DSA-3834-1 DLA-916-1}
 	- mysql-5.7 <not-affected> (Fixed before the initial release to Debian)
 	- mysql-5.5 <removed> (bug #860544)
 	NOTE: The issue arises because of an improper fix for the issue known under
@@ -13887,7 +14133,7 @@
 CVE-2017-3303 (Vulnerability in the Oracle XML Gateway component of Oracle E-Business ...)
 	NOT-FOR-US: Oracle
 CVE-2017-3302 (Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x ...)
-	{DSA-3809-1 DLA-819-1}
+	{DSA-3834-1 DSA-3809-1 DLA-916-1 DLA-819-1}
 	- mariadb-10.1 10.1.22-1
 	- mariadb-10.0 <removed>
 	- mysql-5.7 <not-affected> (Fixed before initial release in Debian)
@@ -15423,6 +15669,7 @@
 	RESERVED
 CVE-2017-2801 [Incorrect comparison in X.509 DN strings]
 	RESERVED
+	{DLA-915-1}
 	- botan1.10 <unfixed> (bug #860072)
 	NOTE: https://github.com/randombit/botan/commit/c927101675e5f63fc0bdd93c5a4825adc54323b4 (1.10.16)
 	NOTE: Bug introduced in 1.6.0 or earlier, fixed in 2.1.0 and 1.10.16
@@ -18719,8 +18966,8 @@
 	RESERVED
 CVE-2017-1275
 	RESERVED
-CVE-2017-1274
-	RESERVED
+CVE-2017-1274 (IBM Domino 8.5.3, and 9.0 is vulnerable to a stack based overflow in ...)
+	TODO: check
 CVE-2017-1273
 	RESERVED
 CVE-2017-1272
@@ -18970,8 +19217,8 @@
 	NOT-FOR-US: IBM
 CVE-2017-1150 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) ...)
 	NOT-FOR-US: IBM
-CVE-2017-1149
-	RESERVED
+CVE-2017-1149 (IBM UrbanCode Deploy (UCD) 6.0, 6.1, and 6.2 is vulnerable to a denial ...)
+	TODO: check
 CVE-2017-1148
 	RESERVED
 CVE-2017-1147
@@ -26888,8 +27135,8 @@
 	NOT-FOR-US: Intel Security Anti-Virus
 CVE-2016-8031 (Software Integrity Attacks vulnerability in Intel Security Anti-Virus ...)
 	NOT-FOR-US: Intel antivirus
-CVE-2016-8030
-	RESERVED
+CVE-2016-8030 (A memory corruption vulnerability in Scriptscan COM Object in McAfee ...)
+	TODO: check
 CVE-2016-8029
 	RESERVED
 CVE-2016-8028
@@ -34829,7 +35076,8 @@
 CVE-2016-5484
 	RESERVED
 CVE-2016-5483
-	RESERVED
+	REJECTED
+	{DSA-3834-1 DLA-916-1}
 	- mariadb-10.1 <not-affected> (Fixed before initial upload to Debian)
 	- mariadb-10.0 10.0.28-1
 	[jessie] - mariadb-10.0 10.0.28-0+deb8u1
@@ -56945,11 +57193,11 @@
 	NOT-FOR-US: ZTE router
 CVE-2015-7248 (ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow ...)
 	NOT-FOR-US: ZTE router
-CVE-2015-7247 (DLink DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 ...)
+CVE-2015-7247 (D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or ...)
 	NOT-FOR-US: D-Link
-CVE-2015-7246 (DLink DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 ...)
+CVE-2015-7246 (D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or ...)
 	NOT-FOR-US: D-Link
-CVE-2015-7245 (Directory traversal vulnerability in DLink DVG-N5402SP with firmware ...)
+CVE-2015-7245 (Directory traversal vulnerability in D-Link DVG-N5402SP with firmware ...)
 	NOT-FOR-US: D-Link
 CVE-2015-7244 (The default configuration of the server in MobaXterm before 8.3 has a ...)
 	NOT-FOR-US: MobaXterm




More information about the Secure-testing-commits mailing list