[Secure-testing-commits] r54929 - data/CVE

Mon Aug 21 09:10:19 UTC 2017

Author: sectracker
Date: 2017-08-21 09:10:19 +0000 (Mon, 21 Aug 2017)
New Revision: 54929

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-08-21 09:00:11 UTC (rev 54928)
+++ data/CVE/list	2017-08-21 09:10:19 UTC (rev 54929)
@@ -1,4 +1,69 @@
-CVE-2017-12982 [memory allocation failure in opj_aligned_alloc_n (opj_malloc.c)]
+CVE-2017-12984 (PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.php, ...)
+	TODO: check
+CVE-2017-12983 (Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c ...)
+	TODO: check
+CVE-2017-12981 (NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via ...)
+	TODO: check
+CVE-2017-12980 (DokuWiki through 2017-02-19c has stored XSS when rendering a malicious ...)
+	TODO: check
+CVE-2017-12979 (DokuWiki through 2017-02-19c has stored XSS when rendering a malicious ...)
+	TODO: check
+CVE-2017-12978 (lib/html.php in Cacti before 1.1.18 has XSS via the title field of an ...)
+	TODO: check
+CVE-2017-12977 (The Web-Dorado "Photo Gallery by WD - Responsive Photo Gallery" plugin ...)
+	TODO: check
+CVE-2017-1000216
+	REJECTED
+	TODO: check
+CVE-2017-1000205
+	REJECTED
+	TODO: check
+CVE-2017-1000202
+	REJECTED
+	TODO: check
+CVE-2017-1000184
+	REJECTED
+	TODO: check
+CVE-2017-1000183
+	REJECTED
+	TODO: check
+CVE-2017-1000181
+	REJECTED
+	TODO: check
+CVE-2017-1000180
+	REJECTED
+	TODO: check
+CVE-2017-1000179
+	REJECTED
+	TODO: check
+CVE-2017-1000178
+	REJECTED
+	TODO: check
+CVE-2017-1000177
+	REJECTED
+	TODO: check
+CVE-2017-1000175
+	REJECTED
+	TODO: check
+CVE-2017-1000167
+	REJECTED
+	TODO: check
+CVE-2017-1000166
+	REJECTED
+	TODO: check
+CVE-2017-1000165
+	REJECTED
+	TODO: check
+CVE-2017-1000162
+	REJECTED
+	TODO: check
+CVE-2017-1000124
+	REJECTED
+	TODO: check
+CVE-2017-1000123
+	REJECTED
+	TODO: check
+CVE-2017-12982 (The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG ...)
 	- openjpeg2 <unfixed> (unimportant)
 	NOTE: https://github.com/uclouvain/openjpeg/issues/983
 	NOTE: https://github.com/uclouvain/openjpeg/commit/baf0c1ad4572daa89caa3b12985bdd93530f0dd7
@@ -10,7 +75,7 @@
 	NOT-FOR-US: Nimbus JOSE + JWT
 CVE-2017-12972 (In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when ...)
 	NOT-FOR-US: Nimbus JOSE + JWT
-CVE-2017-12976 [Command injection via malicious ssh URLs]
+CVE-2017-12976 (git-annex before 6.20170818 allows remote attackers to execute ...)
 	- git-annex 6.20170818-1
 	NOTE: http://source.git-annex.branchable.com/?p=source.git;a=commit;h=df11e54788b254efebb4898b474de11ae8d3b471
 	NOTE: http://source.git-annex.branchable.com/?p=source.git;a=commit;h=c24d0f0e8984576654e2be149005bc884fe0403a
@@ -1033,8 +1098,8 @@
 	RESERVED
 CVE-2017-12785
 	RESERVED
-CVE-2017-12784
-	RESERVED
+CVE-2017-12784 (In Youngzsoft CCFile (aka CC File Transfer) 3.6, by sending a crafted ...)
+	TODO: check
 CVE-2017-12783
 	RESERVED
 CVE-2017-12782
@@ -4582,8 +4647,8 @@
 	NOTE: https://github.com/krb5/krb5/pull/678/commits/a860385dd8fbd239fdb31b347e07f4e6b2fbdcc2
 CVE-2017-11367 (The shoco_decompress function in the API in shoco through 2017-07-17 ...)
 	NOT-FOR-US: shoco
-CVE-2017-11366
-	RESERVED
+CVE-2017-11366 (components/filemanager/class.filemanager.php in Codiad before 2.8.4 is ...)
+	TODO: check
 CVE-2017-11365
 	RESERVED
 CVE-2017-11364 (The CMS installer in Joomla! before 3.7.4 does not verify a user's ...)
@@ -15631,6 +15696,7 @@
 CVE-2017-7556 (Hawtio versions up to and including 1.5.3 are vulnerable to CSRF ...)
 	NOT-FOR-US: hawtio
 CVE-2017-7555 (Augeas versions up to and including 1.8.0 are vulnerable to heap-based ...)
+	{DSA-3949-1}
 	- augeas 1.8.1-1 (bug #872400)
 	NOTE: https://github.com/hercules-team/augeas/pull/480
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1478373


