[Secure-testing-commits] r54743 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Mon Aug 14 21:10:14 UTC 2017 

Author: sectracker
Date: 2017-08-14 21:10:14 +0000 (Mon, 14 Aug 2017)
New Revision: 54743

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-08-14 20:42:36 UTC (rev 54742)
+++ data/CVE/list	2017-08-14 21:10:14 UTC (rev 54743)
@@ -1,3 +1,31 @@
+CVE-2017-12853 (The RealTime RWR-3G-100 Router Firmware Version : Ver1.0.56 is ...)
+	TODO: check
+CVE-2017-12852
+	RESERVED
+CVE-2017-12851 (An authenticated standard user could reset the password of the admin ...)
+	TODO: check
+CVE-2017-12850 (An authenticated standard user could reset the password of other users ...)
+	TODO: check
+CVE-2017-12849
+	RESERVED
+CVE-2017-12848
+	RESERVED
+CVE-2017-12847
+	RESERVED
+CVE-2017-12846
+	RESERVED
+CVE-2017-12845
+	RESERVED
+CVE-2017-12844
+	RESERVED
+CVE-2017-12843
+	RESERVED
+CVE-2017-12842
+	RESERVED
+CVE-2017-12841
+	RESERVED
+CVE-2017-12840
+	RESERVED
 CVE-2017-12839
 	RESERVED
 CVE-2017-12838
@@ -61,7 +89,7 @@
 CVE-2017-12808
 	RESERVED
 CVE-2017-12807
-	RESERVED
+	REJECTED
 CVE-2017-12806
 	RESERVED
 CVE-2017-12805
@@ -3624,6 +3652,7 @@
 CVE-2017-11369
 	RESERVED
 CVE-2017-11368 (In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker ...)
+	{DLA-1058-1}
 	- krb5 1.15.1-2 (bug #869260)
 	[stretch] - krb5 <no-dsa> (Minor issue; can be fixed along with a future DSA)
 	[jessie] - krb5 <no-dsa> (Minor issue; can be fixed along with a future DSA)
@@ -4215,8 +4244,8 @@
 	RESERVED
 CVE-2017-11157
 	RESERVED
-CVE-2017-11156
-	RESERVED
+CVE-2017-11156 (Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before ...)
+	TODO: check
 CVE-2017-11155 (An information exposure vulnerability in index.php in Synology Photo ...)
 	NOT-FOR-US: Synology Photo Station
 CVE-2017-11154 (Unrestricted file upload vulnerability in PixlrEditorHandler.php in ...)
@@ -4227,10 +4256,10 @@
 	NOT-FOR-US: Synology Photo Station
 CVE-2017-11151 (A vulnerability in synotheme_upload.php in Synology Photo Station ...)
 	NOT-FOR-US: Synology Photo Station
-CVE-2017-11150
-	RESERVED
-CVE-2017-11149
-	RESERVED
+CVE-2017-11150 (Command injection vulnerability in Document.php in Synology Office ...)
+	TODO: check
+CVE-2017-11149 (Server-side request forgery (SSRF) vulnerability in Downloader in ...)
+	TODO: check
 CVE-2017-11148 (Server-side request forgery (SSRF) vulnerability in link preview in ...)
 	NOT-FOR-US: Synology Chat
 CVE-2017-11146
@@ -6378,8 +6407,7 @@
 	RESERVED
 CVE-2017-9803
 	RESERVED
-CVE-2017-9802
-	RESERVED
+CVE-2017-9802 (The Javascript method Sling.evalString() in Apache Sling Servlets Post ...)
 	NOT-FOR-US: Apache Sling
 CVE-2017-9801 (When a call-site passes a subject for an email that contains ...)
 	NOT-FOR-US: Apache commons email
@@ -8277,26 +8305,26 @@
 	RESERVED
 CVE-2017-9663
 	RESERVED
-CVE-2017-9662
-	RESERVED
-CVE-2017-9661
-	RESERVED
-CVE-2017-9660
-	RESERVED
-CVE-2017-9659
-	RESERVED
+CVE-2017-9662 (An Improper Privilege Management issue was discovered in Fuji Electric ...)
+	TODO: check
+CVE-2017-9661 (An Uncontrolled Search Path Element issue was discovered in SIMPlight ...)
+	TODO: check
+CVE-2017-9660 (A Heap-Based Buffer Overflow was discovered in Fuji Electric Monitouch ...)
+	TODO: check
+CVE-2017-9659 (A Stack-Based Buffer Overflow issue was discovered in Fuji Electric ...)
+	TODO: check
 CVE-2017-9658
 	RESERVED
 CVE-2017-9657
 	RESERVED
 CVE-2017-9656
 	RESERVED
-CVE-2017-9655
-	RESERVED
+CVE-2017-9655 (A Cross-Site Scripting issue was discovered in OSIsoft PI Integrator ...)
+	TODO: check
 CVE-2017-9654
 	RESERVED
-CVE-2017-9653
-	RESERVED
+CVE-2017-9653 (An Improper Authorization issue was discovered in OSIsoft PI ...)
+	TODO: check
 CVE-2017-9652
 	RESERVED
 CVE-2017-9651
@@ -8305,12 +8333,12 @@
 	RESERVED
 CVE-2017-9649
 	RESERVED
-CVE-2017-9648
-	RESERVED
+CVE-2017-9648 (An Uncontrolled Search Path Element issue was discovered in Solar ...)
+	TODO: check
 CVE-2017-9647 (A Stack-Based Buffer Overflow issue was discovered in the Continental ...)
 	NOT-FOR-US: Continental AG Infineon S-Gold
-CVE-2017-9646
-	RESERVED
+CVE-2017-9646 (An Uncontrolled Search Path Element issue was discovered in Solar ...)
+	TODO: check
 CVE-2017-9645
 	RESERVED
 CVE-2017-9644
@@ -9648,7 +9676,7 @@
 CVE-2017-9240
 	RESERVED
 CVE-2016-10376 (Gajim through 0.16.7 unconditionally implements the "XEP-0146: Remote ...)
-	{DLA-967-1}
+	{DSA-3943-1 DLA-967-1}
 	- gajim 0.16.6-1.1 (bug #863445)
 	NOTE: https://dev.gajim.org/gajim/gajim/commit/cb65cfc5aed9efe05208ebbb7fb2d41fcf7253cc
 	NOTE: https://dev.gajim.org/gajim/gajim/issues/8378
@@ -16906,9 +16934,11 @@
 CVE-2017-6888
 	RESERVED
 CVE-2017-6887 (A boundary error within the "parse_tiff_ifd()" function ...)
+	{DLA-1057-1}
 	- libraw 0.18.2-2 (bug #864183)
 	NOTE: https://github.com/LibRaw/LibRaw/commit/d7c3d2cb460be10a3ea7b32e9443a83c243b2251
 CVE-2017-6886 (An error within the "parse_tiff_ifd()" function ...)
+	{DLA-1057-1}
 	- libraw 0.18.2-2 (bug #864183)
 	NOTE: https://github.com/LibRaw/LibRaw/commit/d7c3d2cb460be10a3ea7b32e9443a83c243b2251
 CVE-2017-6885 (An error when handling certain external commands and services related ...)
@@ -46581,7 +46611,7 @@
 	RESERVED
 CVE-2016-6221
 	RESERVED
-CVE-2016-6220 (The default error pages in Trend Micro Control Manager SP3 6.0 reveals ...)
+CVE-2016-6220 (Information Disclosure vulnerability in the Dashboard and Error Pages ...)
 	NOT-FOR-US: Trend Micro Control Manager
 CVE-2016-6219
 	RESERVED
@@ -74225,7 +74255,7 @@
 	RESERVED
 CVE-2015-5947
 	RESERVED
-CVE-2015-5946 (Incomplete blacklist vulnerability in SugarCRM 6.5.22 allows local ...)
+CVE-2015-5946 (Incomplete blacklist vulnerability in SuiteCRM 7.2.2 allows remote ...)
 	NOT-FOR-US: SugarCRM
 CVE-2015-5945 (The Sandbox subsystem in Apple OS X before 10.11.1 allows local users ...)
 	NOT-FOR-US: Apple
@@ -79299,7 +79329,7 @@
 	NOT-FOR-US: WordPress plugin xclonerbackupandrestore
 CVE-2015-4336 (cloner.functions.php in the XCloner plugin 3.1.2 for WordPress allows ...)
 	NOT-FOR-US: WordPress plugin xclonerbackupandrestore
-CVE-2015-4335 (Redis before 2.8.1 and 3.x before 3.0.2 allows remote attackers to ...)
+CVE-2015-4335 (Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to ...)
 	{DSA-3279-1}
 	- redis 2:3.0.2-1
 	[wheezy] - redis <not-affected> (Lua support introduced in version 2.6.0)
@@ -86654,7 +86684,7 @@
 	RESERVED
 CVE-2015-1784
 	RESERVED
-CVE-2015-1783 (The prefex variable in the get_or_define_ns function in Lasso before ...)
+CVE-2015-1783 (The prefix variable in the get_or_define_ns function in Lasso before ...)
 	- lasso 2.4.1-1
 	[wheezy] - lasso <not-affected> (Vulnerable code introduced later)
 	[squeeze] - lasso <not-affected> (Vulnerable code introduced later)

More information about the Secure-testing-commits mailing list