[Secure-testing-commits] r54600 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Fri Aug 11 09:10:16 UTC 2017
Author: sectracker
Date: 2017-08-11 09:10:16 +0000 (Fri, 11 Aug 2017)
New Revision: 54600
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-08-11 06:40:25 UTC (rev 54599)
+++ data/CVE/list 2017-08-11 09:10:16 UTC (rev 54600)
@@ -11196,8 +11196,8 @@
RESERVED
CVE-2017-8659 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to ...)
NOT-FOR-US: Microsoft
-CVE-2017-8658
- RESERVED
+CVE-2017-8658 (A remote code execution vulnerability exists in the way that the ...)
+ TODO: check
CVE-2017-8657 (Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows ...)
NOT-FOR-US: Microsoft
CVE-2017-8656 (Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server ...)
@@ -13943,8 +13943,8 @@
RESERVED
CVE-2017-7738
RESERVED
-CVE-2017-7737
- RESERVED
+CVE-2017-7737 (An information disclosure vulnerability in Fortinet FortiWeb 5.8.2 and ...)
+ TODO: check
CVE-2017-7736
RESERVED
CVE-2017-7735
@@ -14113,10 +14113,10 @@
NOT-FOR-US: Apache Ranger
CVE-2017-7676 (Policy resource matcher in Apache Ranger before 0.7.1 ignores ...)
NOT-FOR-US: Apache Ranger
-CVE-2017-7675
- RESERVED
-CVE-2017-7674
- RESERVED
+CVE-2017-7675 (The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and ...)
+ TODO: check
+CVE-2017-7674 (The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to ...)
+ TODO: check
CVE-2017-7673 (Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, ...)
NOT-FOR-US: Apache OpenMeetings
CVE-2017-7672 (If an application allows enter an URL in a form field and built-in ...)
@@ -14533,7 +14533,7 @@
NOTE: https://www.postgresql.org/about/news/1772/
CVE-2017-7547 [The "pg_user_mappings" catalog view discloses passwords to users lacking server privileges]
RESERVED
- {DSA-3936-1 DSA-3935-1}
+ {DSA-3936-1 DSA-3935-1 DLA-1051-1}
- postgresql-9.6 9.6.4-1
- postgresql-9.4 <removed>
- postgresql-9.1 <removed>
@@ -14542,7 +14542,7 @@
NOTE: https://www.postgresql.org/about/news/1772/
CVE-2017-7546 [Empty password accepted in some authentication methods]
RESERVED
- {DSA-3936-1 DSA-3935-1}
+ {DSA-3936-1 DSA-3935-1 DLA-1051-1}
- postgresql-9.6 9.6.4-1
- postgresql-9.4 <removed>
- postgresql-9.1 <removed>
@@ -14798,7 +14798,7 @@
- linux 4.9.30-1
NOTE: Fixed by: https://git.kernel.org/linus/ee0d8d8482345ff97a75a7d747efc309f13b0d80
CVE-2017-7486 (PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in ...)
- {DSA-3851-1}
+ {DSA-3851-1 DLA-1051-1}
- postgresql-9.6 9.6.3-1
- postgresql-9.4 <removed>
- postgresql-9.1 <removed>
@@ -27979,7 +27979,7 @@
{DSA-3896-1 DLA-1009-1}
- apache2 2.4.25-4
CVE-2017-3168
- RESERVED
+ REJECTED
CVE-2017-3167 (In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of ...)
{DSA-3896-1 DLA-1009-1}
- apache2 2.4.25-4
@@ -28129,8 +28129,8 @@
RESERVED
CVE-2017-3131
RESERVED
-CVE-2017-3130
- RESERVED
+CVE-2017-3130 (An information disclosure vulnerability in Fortinet FortiOS 5.6.0, ...)
+ TODO: check
CVE-2017-3129 (A Cross-Site Scripting vulnerability in Fortinet FortiWeb versions ...)
NOT-FOR-US: Fortinet FortiWeb
CVE-2017-3128 (A stored XSS (Cross-Site-Scripting) vulnerability in Fortinet FortiOS ...)
@@ -37831,8 +37831,7 @@
NOTE: http://svn.apache.org/r1774166
CVE-2016-8746 (Apache Ranger before 0.6.3 policy engine incorrectly matches paths in ...)
NOT-FOR-US: Apache Ranger
-CVE-2016-8745
- RESERVED
+CVE-2016-8745 (A bug in the error handling of the send file code for the NIO HTTP ...)
{DSA-3755-1 DSA-3754-1 DLA-779-1}
- tomcat9 <itp> (bug #802312)
- tomcat8 8.5.9-1
@@ -44086,8 +44085,7 @@
RESERVED
CVE-2016-6818 (SQL injection vulnerability in SAP Business Intelligence platform ...)
NOT-FOR-US: SAP
-CVE-2016-6817 [denial of service]
- RESERVED
+CVE-2016-6817 (The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and ...)
- tomcat9 <itp> (bug #802312)
- tomcat8 <not-affected> (Only affects 9.x and 8.5.x)
- tomcat7 <not-affected> (Only affects 9.x and 8.5.x)
@@ -44161,8 +44159,7 @@
NOT-FOR-US: Apache Cordova
CVE-2016-6798 (In the XSS Protection API module before 1.0.12 in Apache Sling, the ...)
NOT-FOR-US: Apache Sling
-CVE-2016-6797 [Apache Tomcat Unrestricted Access to Global Resources]
- RESERVED
+CVE-2016-6797 (The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to ...)
{DSA-3721-1 DSA-3720-1 DLA-729-1 DLA-728-1}
- tomcat8 8.0.37-1 (low)
- tomcat7 7.0.72-1 (low; bug #842666)
@@ -44172,8 +44169,7 @@
NOTE: Fixed by: http://svn.apache.org/r1757273 (8.0.x)
NOTE: Fixed by: http://svn.apache.org/r1757275 (7.0.x)
NOTE: Fixed by: https://svn.apache.org/viewvc?view=revision&revision=1757285 (6.0.x)
-CVE-2016-6796 [Apache Tomcat Security Manager Bypass]
- RESERVED
+CVE-2016-6796 (A malicious web application running on Apache Tomcat 9.0.0.M1 to ...)
{DSA-3721-1 DSA-3720-1 DLA-729-1 DLA-728-1}
- tomcat8 8.0.37-1 (low)
- tomcat7 7.0.72-1 (low; bug #842665)
More information about the Secure-testing-commits
mailing list