[Secure-testing-commits] r53417 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Wed Jul 12 21:10:16 UTC 2017
Author: sectracker
Date: 2017-07-12 21:10:16 +0000 (Wed, 12 Jul 2017)
New Revision: 53417
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-07-12 18:20:04 UTC (rev 53416)
+++ data/CVE/list 2017-07-12 21:10:16 UTC (rev 53417)
@@ -1,3 +1,27 @@
+CVE-2017-11196 (Pulse Connect Secure 8.3R1 has CSRF in logout.cgi. The logout function ...)
+ TODO: check
+CVE-2017-11195 (Pulse Connect Secure 8.3R1 has Reflected XSS in launchHelp.cgi. The ...)
+ TODO: check
+CVE-2017-11194 (Pulse Connect Secure 8.3R1 has Reflected XSS in ...)
+ TODO: check
+CVE-2017-11193 (Pulse Connect Secure 8.3R1 has CSRF in diag.cgi. In the panel, the ...)
+ TODO: check
+CVE-2017-11192
+ RESERVED
+CVE-2017-11191
+ RESERVED
+CVE-2017-11190 (unrarlib.c in unrar-free 0.0.1, when _DEBUG_LOG mode is enabled, might ...)
+ TODO: check
+CVE-2017-11189 (unrarlib.c in unrar-free 0.0.1 might allow remote attackers to cause a ...)
+ TODO: check
+CVE-2017-11188 (The ReadDPXImage function in coders\dpx.c in ImageMagick 7.0.6-0 has a ...)
+ TODO: check
+CVE-2017-11187 (phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks ...)
+ TODO: check
+CVE-2017-11186
+ RESERVED
+CVE-2017-11185
+ RESERVED
CVE-2017-XXXX [nodejs hash seed]
- nodejs <unfixed> (bug #868162; unimportant)
NOTE: https://nodejs.org/en/blog/release/v6.11.1/
@@ -64,13 +88,13 @@
RESERVED
CVE-2017-11168
RESERVED
-CVE-2017-11167
- RESERVED
+CVE-2017-11167 (FineCMS 2.1.0 allows remote attackers to execute arbitrary PHP code by ...)
+ TODO: check
CVE-2017-11166 (The ReadXWDImage function in coders\xwd.c in ImageMagick 7.0.5-6 has a ...)
- imagemagick <unfixed> (low)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/471
-CVE-2017-11165
- RESERVED
+CVE-2017-11165 (dataTaker DT80 dEX 1.50.012 allows remote attackers to obtain sensitive ...)
+ TODO: check
CVE-2017-11164 (In PCRE 8.41, the OP_KETRMAX feature in the match function in ...)
TODO: check
CVE-2017-11163 (Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in ...)
@@ -1628,8 +1652,8 @@
RESERVED
CVE-2017-9978
RESERVED
-CVE-2017-9977
- RESERVED
+CVE-2017-9977 (AVG AntiVirus for MacOS with scan engine before 4668 might allow ...)
+ TODO: check
CVE-2017-9976
RESERVED
CVE-2017-9975
@@ -1941,12 +1965,12 @@
NOTE: Fixed by: https://github.com/arvidn/libtorrent/commit/ec30a5e9ec703afb8abefba757c6d401303b53db
CVE-2017-9846 (Winmail Server 6.1 allows remote code execution by authenticated users ...)
NOT-FOR-US: Winmail Server
-CVE-2017-9845
- RESERVED
-CVE-2017-9844
- RESERVED
-CVE-2017-9843
- RESERVED
+CVE-2017-9845 (disp+work 7400.12.21.30308 in SAP NetWeaver 7.40 allows remote ...)
+ TODO: check
+CVE-2017-9844 (SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a ...)
+ TODO: check
+CVE-2017-9843 (SAP NetWeaver AS ABAP 7.40 allows remote authenticated users with ...)
+ TODO: check
CVE-2017-9842
RESERVED
CVE-2017-9841 (Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 ...)
@@ -9600,8 +9624,8 @@
CVE-2017-7679 (In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime ...)
{DSA-3896-1 DLA-1009-1}
- apache2 2.4.25-4
-CVE-2017-7678
- RESERVED
+CVE-2017-7678 (In Apache Spark before 2.2.0, it is possible for an attacker to take ...)
+ TODO: check
CVE-2017-7677 (In environments that use external location for hive tables, Hive ...)
NOT-FOR-US: Apache Ranger
CVE-2017-7676 (Policy resource matcher in Apache Ranger before 0.7.1 ignores ...)
@@ -20420,18 +20444,18 @@
RESERVED
CVE-2017-4058
RESERVED
-CVE-2017-4057
- RESERVED
+CVE-2017-4057 (Privilege Escalation vulnerability in the web interface in McAfee ...)
+ TODO: check
CVE-2017-4056
RESERVED
-CVE-2017-4055
- RESERVED
-CVE-2017-4054
- RESERVED
-CVE-2017-4053
- RESERVED
-CVE-2017-4052
- RESERVED
+CVE-2017-4055 (Exploitation of Authentication vulnerability in the web interface in ...)
+ TODO: check
+CVE-2017-4054 (Command Injection vulnerability in the web interface in McAfee ...)
+ TODO: check
+CVE-2017-4053 (Command Injection vulnerability in the web interface in McAfee ...)
+ TODO: check
+CVE-2017-4052 (Authentication Bypass vulnerability in the web interface in McAfee ...)
+ TODO: check
CVE-2017-4051
RESERVED
CVE-2017-4050
@@ -24165,8 +24189,8 @@
RESERVED
CVE-2017-2864
RESERVED
-CVE-2017-2863
- RESERVED
+CVE-2017-2863 (An out-of-bounds write vulnerability exists in the PDF parsing ...)
+ TODO: check
CVE-2017-2862
RESERVED
CVE-2017-2861
@@ -24256,20 +24280,20 @@
RESERVED
CVE-2017-2821
RESERVED
-CVE-2017-2820
- RESERVED
+CVE-2017-2820 (An exploitable integer overflow vulnerability exists in the JPEG 2000 ...)
+ TODO: check
CVE-2017-2819 (An exploitable heap-based buffer overflow exists in the Hangul Word ...)
NOT-FOR-US: Hancom Thinkfree Office NEO
-CVE-2017-2818
- RESERVED
+CVE-2017-2818 (An exploitable heap overflow vulnerability exists in the image ...)
+ TODO: check
CVE-2017-2817 (A stack buffer overflow vulnerability exists in the ISO parsing ...)
NOT-FOR-US: PowerISO
CVE-2017-2816
RESERVED
CVE-2017-2815
RESERVED
-CVE-2017-2814
- RESERVED
+CVE-2017-2814 (An exploitable heap overflow vulnerability exists in the image ...)
+ TODO: check
CVE-2017-2813 (An exploitable integer overflow vulnerability exists in the JPEG 2000 ...)
NOT-FOR-US: IrfanView
CVE-2017-2812
@@ -27558,8 +27582,8 @@
RESERVED
CVE-2017-1322 (IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity ...)
NOT-FOR-US: IBM
-CVE-2017-1321
- RESERVED
+CVE-2017-1321 (IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to ...)
+ TODO: check
CVE-2017-1320 (IBM Tivoli Federated Identity Manager 6.2 is vulnerable to cross-site ...)
NOT-FOR-US: IBM
CVE-2017-1319 (IBM Tivoli Federated Identity Manager 6.2 is affected by a ...)
@@ -27630,8 +27654,8 @@
RESERVED
CVE-2017-1286
RESERVED
-CVE-2017-1285
- RESERVED
+CVE-2017-1285 (IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user ...)
+ TODO: check
CVE-2017-1284 (IBM WebSphere MQ 9.0.1 and 9.0.2 could allow a local user with ability ...)
NOT-FOR-US: IBM
CVE-2017-1283
@@ -32601,22 +32625,22 @@
RESERVED
CVE-2016-8954 (IBM dashDB Local uses hard-coded credentials that could allow a remote ...)
NOT-FOR-US: IBM
-CVE-2016-8953
- RESERVED
+CVE-2016-8953 (IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote ...)
+ TODO: check
CVE-2016-8952
RESERVED
CVE-2016-8951
RESERVED
-CVE-2016-8950
- RESERVED
+CVE-2016-8950 (IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site ...)
+ TODO: check
CVE-2016-8949
RESERVED
-CVE-2016-8948
- RESERVED
-CVE-2016-8947
- RESERVED
-CVE-2016-8946
- RESERVED
+CVE-2016-8948 (IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site ...)
+ TODO: check
+CVE-2016-8947 (IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote ...)
+ TODO: check
+CVE-2016-8946 (IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site ...)
+ TODO: check
CVE-2016-8945
RESERVED
CVE-2016-8944 (IBM AIX 7.1 and 7.2 allows a local user to open a file with a ...)
@@ -33585,8 +33609,7 @@
- foreman <itp> (bug #663101)
NOTE: http://projects.theforeman.org/issues/15037
NOTE: https://github.com/theforeman/foreman/pull/3523
-CVE-2016-8638
- RESERVED
+CVE-2016-8638 (A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 ...)
- ipsilon <itp> (bug #826838)
NOTE: https://ipsilon-project.org/advisory/CVE-2016-8638.txt
NOTE: https://pagure.io/ipsilon/c/511fa8b7001c2f9a42301aa1d4b85aaf170a461c
@@ -42097,8 +42120,8 @@
NOT-FOR-US: IBM
CVE-2016-6115 (IBM General Parallel File System is vulnerable to a buffer overflow. A ...)
NOT-FOR-US: IBM
-CVE-2016-6114
- RESERVED
+CVE-2016-6114 (IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site ...)
+ TODO: check
CVE-2016-6113 (IBM Verse is vulnerable to cross-site scripting. This vulnerability ...)
NOT-FOR-US: IBM
CVE-2016-6112 (IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1, and ...)
@@ -64960,7 +64983,8 @@
REJECTED
CVE-2015-7583
REJECTED
-CVE-2015-7582 (Satellite 6.1.0 allows remote authenticated users to read ...)
+CVE-2015-7582
+ REJECTED
NOT-FOR-US: Red Hat Satellite
CVE-2015-7581 (actionpack/lib/action_dispatch/routing/route_set.rb in Action Pack in ...)
{DSA-3464-1}
More information about the Secure-testing-commits
mailing list