[Secure-testing-commits] r55042 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Thu Aug 24 21:10:22 UTC 2017
Author: sectracker
Date: 2017-08-24 21:10:21 +0000 (Thu, 24 Aug 2017)
New Revision: 55042
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-08-24 19:28:31 UTC (rev 55041)
+++ data/CVE/list 2017-08-24 21:10:21 UTC (rev 55042)
@@ -1,7 +1,37 @@
+CVE-2017-13685
+ RESERVED
+CVE-2017-13684
+ RESERVED
+CVE-2017-13683
+ RESERVED
+CVE-2017-13682
+ RESERVED
+CVE-2017-13681
+ RESERVED
+CVE-2017-13680
+ RESERVED
+CVE-2017-13679
+ RESERVED
+CVE-2017-13678
+ RESERVED
+CVE-2017-13677
+ RESERVED
+CVE-2017-13676
+ RESERVED
+CVE-2017-13675
+ RESERVED
+CVE-2017-13674
+ RESERVED
+CVE-2017-13673
+ RESERVED
+CVE-2017-13672
+ RESERVED
+CVE-2017-13671 (app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent ...)
+ TODO: check
CVE-2017-13670
RESERVED
-CVE-2017-13669
- RESERVED
+CVE-2017-13669 (SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the setanswered ...)
+ TODO: check
CVE-2017-13668
RESERVED
CVE-2017-13667
@@ -1727,8 +1757,8 @@
NOT-FOR-US: Spring Batch Admin
CVE-2017-12880
REJECTED
-CVE-2017-12879
- RESERVED
+CVE-2017-12879 (Cross-site scripting (XSS-STORED) vulnerability in the DEVICES OR ...)
+ TODO: check
CVE-2017-12878
RESERVED
CVE-2016-10502
@@ -2440,8 +2470,7 @@
RESERVED
CVE-2016-10405
RESERVED
-CVE-2017-12836 [CVS and ssh command injection]
- RESERVED
+CVE-2017-12836 (CVS 1.12.x, when configured to use SSH for remote repositories, might ...)
{DSA-3940-1 DLA-1056-1}
- cvs 2:1.12.13+real-24 (bug #871810)
NOTE: http://www.openwall.com/lists/oss-security/2017/08/11/1
@@ -2743,8 +2772,8 @@
RESERVED
CVE-2017-12680 (Cross-Site Scripting (XSS) exists in NexusPHP 1.5 via the type ...)
NOT-FOR-US: NexusPHP
-CVE-2017-12679
- RESERVED
+CVE-2017-12679 (SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the delcheater ...)
+ TODO: check
CVE-2017-12678 (In TagLib 1.11.1, the rebuildAggregateFrames function in ...)
- taglib <unfixed> (bug #871511)
[stretch] - taglib <no-dsa> (Minor issue)
@@ -4010,21 +4039,17 @@
NOT-FOR-US: XOOPS
CVE-2017-12138 (XOOPS Core 2.5.8 has a stored URL redirect bypass vulnerability in ...)
NOT-FOR-US: XOOPS
-CVE-2017-12137 [x86: PV privilege escalation via map_grant_ref]
- RESERVED
+CVE-2017-12137 (arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS ...)
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-227.html
-CVE-2017-12136 [grant_table: Race conditions with maptrack free list handling]
- RESERVED
+CVE-2017-12136 (Race condition in the grant table code in Xen 4.6.x through 4.9.x ...)
- xen <unfixed>
[jessie] - xen <not-affected> (Only affects 4.6 and later)
NOTE: https://xenbits.xen.org/xsa/advisory-228.html
-CVE-2017-12135 [multiple problems with transitive grants]
- RESERVED
+CVE-2017-12135 (Xen allows local OS guest users to cause a denial of service (crash) ...)
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-226.html
-CVE-2017-12134 [Fix Xen block IO merge-ability calculation]
- RESERVED
+CVE-2017-12134 (The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in ...)
- linux <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-229.html
NOTE: https://git.kernel.org/linus/462cdace790ac2ed6aad1b19c9c0af0143b6aab0 (v4.13-rc6)
@@ -4160,8 +4185,8 @@
RESERVED
CVE-2017-12075
RESERVED
-CVE-2017-12074
- RESERVED
+CVE-2017-12074 (Directory traversal vulnerability in the ...)
+ TODO: check
CVE-2017-12073
RESERVED
CVE-2017-12072
@@ -4943,7 +4968,7 @@
- imagemagick 8:6.9.7.4+dfsg-14 (bug #870020)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/610
NOTE: https://github.com/ImageMagick/ImageMagick/commit/ab440f9ea11e0dbefb7a808cbb9441198758b0cb
-CVE-2017-13658 [assertion failed in DestroyImageInfo in mat coder]
+CVE-2017-13658 (In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a ...)
- imagemagick 8:6.9.7.4+dfsg-14 (bug #870019)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/598
NOTE: https://github.com/ImageMagick/ImageMagick/commit/e5c063a1007506ba69e97a35effcdef944421c89
@@ -5867,8 +5892,8 @@
RESERVED
CVE-2017-11425
RESERVED
-CVE-2017-11424
- RESERVED
+CVE-2017-11424 (In PyJWT 1.5.0 and below the `invalid_strings` check in ...)
+ TODO: check
CVE-2017-11423 (The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, ...)
{DSA-3946-1}
- libmspack 0.6-1 (bug #868956)
@@ -10968,8 +10993,8 @@
NOT-FOR-US: EFS Software Easy Chat Server
CVE-2017-9556 (Cross-site scripting (XSS) vulnerability in Video Metadata Editor in ...)
NOT-FOR-US: Synology Video Station
-CVE-2017-9555
- RESERVED
+CVE-2017-9555 (Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in ...)
+ TODO: check
CVE-2017-9554 (An information exposure vulnerability in forget_passwd.cgi in Synology ...)
NOT-FOR-US: Synology DiskStation Manager
CVE-2017-9553 (A design flaw in SYNO.API.Encryption in Synology DiskStation Manager ...)
@@ -11097,18 +11122,18 @@
RESERVED
CVE-2017-9513
RESERVED
-CVE-2017-9512
- RESERVED
-CVE-2017-9511
- RESERVED
-CVE-2017-9510
- RESERVED
-CVE-2017-9509
- RESERVED
-CVE-2017-9508
- RESERVED
-CVE-2017-9507
- RESERVED
+CVE-2017-9512 (The mostActiveCommitters.do resource in Atlassian FishEye and ...)
+ TODO: check
+CVE-2017-9511 (The MultiPathResource class in Atlassian FishEye and Crucible, before ...)
+ TODO: check
+CVE-2017-9510 (The repository changelog resource in Atlassian FishEye before version ...)
+ TODO: check
+CVE-2017-9509 (The review file upload resource in Atlassian Crucible before version ...)
+ TODO: check
+CVE-2017-9508 (Various resources in Atlassian FishEye and Crucible before version ...)
+ TODO: check
+CVE-2017-9507 (The review dashboard resource in Atlassian Crucible from version 4.1.0 ...)
+ TODO: check
CVE-2017-9506 (The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 ...)
NOT-FOR-US: Atlassian
CVE-2017-9505 (Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if ...)
@@ -70375,8 +70400,7 @@
- libmaxminddb 1.1.5-1 (bug #805657)
NOTE: https://github.com/maxmind/libmaxminddb/commit/51255f113fe3c7b63ffe957636a7656a3ff9d1ff
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283919
-CVE-2015-8308 [X server started without -auth, exposing it to connections form any local user]
- RESERVED
+CVE-2015-8308 (LXDM before 0.5.2 did not start X server with -auth, which allows ...)
- lxdm 0.5.3-1 (bug #805659)
NOTE: http://git.lxde.org/gitweb/?p=lxde/lxdm.git;a=commitdiff;h=e8f387089e241360bdc6955d3e479450722dcea3
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1268900
@@ -71415,8 +71439,8 @@
NOT-FOR-US: Samsung
CVE-2015-7897 (The media scanning functionality in the face recognition library in ...)
NOT-FOR-US: Samsung
-CVE-2015-7896
- RESERVED
+CVE-2015-7896 (LibQJpeg in the Samsung Galaxy S6 before the October 2015 MR allows ...)
+ TODO: check
CVE-2015-7895 (Samsung Gallery on the Samsung Galaxy S6 allows local users to cause a ...)
NOT-FOR-US: Samsung
CVE-2015-7894 (The DCMProvider service in Samsung LibQjpeg on a Samsung SM-G925V ...)
@@ -72666,8 +72690,7 @@
- foreman <itp> (bug #663101)
CVE-2015-7517
RESERVED
-CVE-2015-7516
- RESERVED
+CVE-2015-7516 (ONOS before 1.5.0 when using the ifwd app allows remote attackers to ...)
NOT-FOR-US: Onos
CVE-2015-7515 (The aiptek_probe function in drivers/input/tablet/aiptek.c in the ...)
{DSA-3607-1}
@@ -73309,12 +73332,12 @@
NOT-FOR-US: QNAP
CVE-2015-7260 (Liebert MultiLink Automated Shutdown v4.2.4 allows local users to gain ...)
NOT-FOR-US: Liebert MultiLink Automated Shutdown
-CVE-2015-7259
- RESERVED
-CVE-2015-7258
- RESERVED
-CVE-2015-7257
- RESERVED
+CVE-2015-7259 (ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and ...)
+ TODO: check
+CVE-2015-7258 (ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and ...)
+ TODO: check
+CVE-2015-7257 (ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and ...)
+ TODO: check
CVE-2015-7256
RESERVED
CVE-2015-7255
@@ -78636,8 +78659,7 @@
NOTE: Affects: <=2015.1.2, ==5.0.0
CVE-2015-5294
REJECTED
-CVE-2015-5293
- RESERVED
+CVE-2015-5293 (Red Hat Enterprise Virtualization Manager 3.6 and earlier gives valid ...)
NOT-FOR-US: RHEV
CVE-2015-5292 (Memory leak in the Privilege Attribute Certificate (PAC) responder ...)
- sssd 1.13.1-1
@@ -79418,8 +79440,7 @@
NOT-FOR-US: WordPress plugins ThemePunch Slider Revolution (revslider) and Showbiz Pro
CVE-2014-9734 (Directory traversal vulnerability in the Slider Revolution (revslider) ...)
NOT-FOR-US: Slider Revolution (revslider) plugin for WordPress
-CVE-2015-5146 [ntpd control message crash: Crafted NUL-byte in configuration directive]
- RESERVED
+CVE-2015-5146 (ntpd in ntp before 4.2.8p3 with remote configuration enabled allows ...)
{DSA-3388-1 DLA-335-1}
- ntp 1:4.2.8p3+dfsg-1
[jessie] - ntp <no-dsa> (Minor issue)
@@ -89056,10 +89077,10 @@
{DSA-3194-1 DLA-183-1}
- libxfont 1:1.5.1-1
NOTE: http://lists.x.org/archives/xorg-announce/2015-March/002550.html
-CVE-2015-1801
- RESERVED
-CVE-2015-1800
- RESERVED
+CVE-2015-1801 (The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 ...)
+ TODO: check
+CVE-2015-1800 (The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 ...)
+ TODO: check
CVE-2015-1799 (The symmetric-key feature in the receive function in ntp_proto.c in ...)
{DSA-3223-1 DLA-192-1}
- ntp 1:4.2.6.p5+dfsg-6 (bug #782095)
@@ -107818,8 +107839,7 @@
[squeeze] - gnupg 1.4.10-4+squeeze5
- gnupg2 2.0.24-1 (bug #752498)
NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=11fdfcf82bd8
-CVE-2014-4616 [arbitrary process memory read]
- RESERVED
+CVE-2014-4616 (Array index error in the scanstring function in the _json module in ...)
- python2.5 <removed>
[squeeze] - python2.5 <no-dsa> (minor issue)
- python2.6 <removed>
More information about the Secure-testing-commits
mailing list