[Secure-testing-commits] r53608 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Tue Jul 18 09:10:12 UTC 2017
Author: sectracker
Date: 2017-07-18 09:10:12 +0000 (Tue, 18 Jul 2017)
New Revision: 53608
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-07-18 09:09:40 UTC (rev 53607)
+++ data/CVE/list 2017-07-18 09:10:12 UTC (rev 53608)
@@ -1,3 +1,45 @@
+CVE-2017-11420 (Stack-based buffer overflow in ASUS_Discovery.c in networkmap in ...)
+ TODO: check
+CVE-2017-11419 (Fiyo CMS 2.0.7 has SQL injection in ...)
+ TODO: check
+CVE-2017-11418 (Fiyo CMS 2.0.7 has SQL injection in ...)
+ TODO: check
+CVE-2017-11417 (Fiyo CMS 2.0.7 has SQL injection in ...)
+ TODO: check
+CVE-2017-11416 (Fiyo CMS 2.0.7 has SQL injection in ...)
+ TODO: check
+CVE-2017-11415 (Fiyo CMS 2.0.7 has SQL injection in ...)
+ TODO: check
+CVE-2017-11414 (Fiyo CMS 2.0.7 has SQL injection in ...)
+ TODO: check
+CVE-2017-11413 (Fiyo CMS 2.0.7 has SQL injection in ...)
+ TODO: check
+CVE-2017-11412 (Fiyo CMS 2.0.7 has SQL injection in ...)
+ TODO: check
+CVE-2017-11411
+ RESERVED
+CVE-2017-11410
+ RESERVED
+CVE-2017-11409
+ RESERVED
+CVE-2017-11408
+ RESERVED
+CVE-2017-11407
+ RESERVED
+CVE-2017-11406
+ RESERVED
+CVE-2017-11405 (In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators ...)
+ TODO: check
+CVE-2017-11404 (In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators ...)
+ TODO: check
+CVE-2017-11403 (The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 has ...)
+ TODO: check
+CVE-2017-11402
+ RESERVED
+CVE-2017-11401
+ RESERVED
+CVE-2017-11400
+ RESERVED
CVE-2017-XXXX [unsafe use of /tmp]
- gnome-exe-thumbnailer <unfixed> (bug #868737)
[stretch] - gnome-exe-thumbnailer <no-dsa> (Minor issue)
@@ -938,6 +980,7 @@
[wheezy] - catdoc <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1468471
CVE-2017-11109 (Vim 8.0 allows attackers to cause a denial of service (invalid free) or ...)
+ {DLA-1030-1}
- vim 2:8.0.0197-5 (low; bug #867720)
[stretch] - vim <no-dsa> (Minor issue)
[jessie] - vim <no-dsa> (Minor issue)
@@ -2370,10 +2413,10 @@
- tiff <unfixed> (bug #866109)
- tiff3 <removed>
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2704
-CVE-2017-9934
- RESERVED
-CVE-2017-9933
- RESERVED
+CVE-2017-9934 (Missing CSRF token checks and improper input validation in Joomla! CMS ...)
+ TODO: check
+CVE-2017-9933 (Improper cache invalidation in Joomla! CMS 1.7.3 through 3.7.2 leads ...)
+ TODO: check
CVE-2017-9932
RESERVED
CVE-2017-9931
@@ -2671,14 +2714,14 @@
CVE-2017-9814 (cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote ...)
- cairo <unfixed> (bug #868580)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101547
-CVE-2017-9813
- RESERVED
-CVE-2017-9812
- RESERVED
-CVE-2017-9811
- RESERVED
-CVE-2017-9810
- RESERVED
+CVE-2017-9813 (In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack ...)
+ TODO: check
+CVE-2017-9812 (The reportId parameter of the getReportStatus action method can be ...)
+ TODO: check
+CVE-2017-9811 (The kluser is able to interact with the kav4fs-control binary in ...)
+ TODO: check
+CVE-2017-9810 (There are no Anti-CSRF tokens in any forms on the web interface in ...)
+ TODO: check
CVE-2017-9809
RESERVED
CVE-2017-9808
@@ -4393,8 +4436,7 @@
NOT-FOR-US: SimpleCE
CVE-2017-9672
RESERVED
-CVE-2017-9671
- RESERVED
+CVE-2017-9671 (A heap overflow in apk (Alpine Linux's package manager) allows a ...)
NOT-FOR-US: apk (Alpine's package manager)
CVE-2017-9670 (An uninitialized stack variable vulnerability in load_tic_series() in ...)
- gnuplot 5.0.5+dfsg1-7 (unimportant; bug #864901)
@@ -4408,8 +4450,7 @@
NOTE: Fixed by: https://github.com/gnuplot/gnuplot/commit/4e39b1d7b274c7d4a69cbaba85ff321264f4457e
NOTE: Introduced by: https://github.com/gnuplot/gnuplot/commit/cd4b777389379598740fc02decff772b0e7bcbd6
NOTE: Crash in a CLI tool, no security impact
-CVE-2017-9669
- RESERVED
+CVE-2017-9669 (A heap overflow in apk (Alpine Linux's package manager) allows a ...)
NOT-FOR-US: apk (Alpine's package manager)
CVE-2017-9668 (In admin\addgroup.php in CMS Made Simple 2.1.6, when adding a user ...)
NOT-FOR-US: CMS Made Simple
@@ -4531,8 +4572,8 @@
RESERVED
CVE-2017-9610
RESERVED
-CVE-2017-9609
- RESERVED
+CVE-2017-9609 (Cross-site scripting (XSS) vulnerability in Blackcat CMS 1.2 allows ...)
+ TODO: check
CVE-2017-9608
RESERVED
CVE-2017-9607
@@ -4567,7 +4608,7 @@
NOT-FOR-US: "FNB Kemp Mobile Banking" by First National Bank of Kemp app
CVE-2017-9600 (The "Peoples Bank Tulsa" by Peoples Bank - OK app 3.0.2 -- aka ...)
NOT-FOR-US: "Peoples Bank Tulsa" by Peoples Bank - OK app
-CVE-2017-9599 (The "Fountain Trust Mobile Banking" by FOUNTAIN TRUST COMPANY app 3.0.0 ...)
+CVE-2017-9599 (The "Fountain Trust Mobile Banking" by FOUNTAIN TRUST COMPANY app ...)
NOT-FOR-US: "Fountain Trust Mobile Banking" by FOUNTAIN TRUST COMPANY app
CVE-2017-9598 (The "Morton Credit Union Mobile Banking" by Morton Credit Union app ...)
NOT-FOR-US: "Morton Credit Union Mobile Banking" by Morton Credit Union app
@@ -5287,12 +5328,12 @@
RESERVED
CVE-2017-9341
RESERVED
-CVE-2017-9340
- RESERVED
-CVE-2017-9339
- RESERVED
-CVE-2017-9338
- RESERVED
+CVE-2017-9340 (An attacker is logged in as a normal user and can somehow make admin ...)
+ TODO: check
+CVE-2017-9339 (A logical error in ownCloud Server before 10.0.2 caused disclosure of ...)
+ TODO: check
+CVE-2017-9338 (Inadequate escaping lead to XSS vulnerability in the search module in ...)
+ TODO: check
CVE-2017-9337 (The Markdown on Save Improved plugin 2.5 for WordPress has a stored XSS ...)
NOT-FOR-US: Wordpress plugin
CVE-2017-9336 (The WP Editor.MD plugin 1.6 for WordPress has a stored XSS ...)
@@ -6779,8 +6820,8 @@
NOT-FOR-US: Invision Power Services
CVE-2017-8897 (Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has ...)
NOT-FOR-US: Invision Power Services
-CVE-2017-8896
- RESERVED
+CVE-2017-8896 (ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before ...)
+ TODO: check
CVE-2017-8895 (In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before ...)
NOT-FOR-US: Veritas
CVE-2017-8894 (AeroAdmin 4.1 uses an insecure protocol (HTTP) to perform software ...)
@@ -9230,8 +9271,8 @@
NOTE: Fixed by: http://git.ghostscript.com/?p=ghostpdl.git;h=8210a2864372723b49c526e2b102fdc00c9c4699
NOTE: edgebuffer scan converter was made default only in: http://git.ghostscript.com/?p=ghostpdl.git;h=dd5da2cb3e08398ac6d86598b36b00994d058308
NOTE: But the vulnerable code via base/gxscan.c, a new scan converter introduced in 9.20 is present.
-CVE-2017-7947
- RESERVED
+CVE-2017-7947 (NetApp Clustered Data ONTAP before 8.3.2P11, 9.0 before P4, and 9.1 ...)
+ TODO: check
CVE-2016-10347
RESERVED
CVE-2016-10346
@@ -13149,24 +13190,24 @@
RESERVED
CVE-2017-6745
RESERVED
-CVE-2017-6744
- RESERVED
-CVE-2017-6743
- RESERVED
-CVE-2017-6742
- RESERVED
-CVE-2017-6741
- RESERVED
-CVE-2017-6740
- RESERVED
-CVE-2017-6739
- RESERVED
-CVE-2017-6738
- RESERVED
-CVE-2017-6737
- RESERVED
-CVE-2017-6736
- RESERVED
+CVE-2017-6744 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS ...)
+ TODO: check
+CVE-2017-6743 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS ...)
+ TODO: check
+CVE-2017-6742 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS ...)
+ TODO: check
+CVE-2017-6741 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS ...)
+ TODO: check
+CVE-2017-6740 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS ...)
+ TODO: check
+CVE-2017-6739 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS ...)
+ TODO: check
+CVE-2017-6738 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS ...)
+ TODO: check
+CVE-2017-6737 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS ...)
+ TODO: check
+CVE-2017-6736 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS ...)
+ TODO: check
CVE-2017-6735 (A vulnerability in the backup and restore functionality of Cisco ...)
NOT-FOR-US: Cisco
CVE-2017-6734 (A vulnerability in the web-based management interface of Cisco Identity ...)
@@ -35374,7 +35415,7 @@
RESERVED
CVE-2016-1000223
RESERVED
-CVE-2016-1000031 (Apache Commons FileUpload DiskFileItem File Manipulation Remote Code ...)
+CVE-2016-1000031 (Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation ...)
- libcommons-fileupload-java <unfixed> (unimportant)
NOTE: https://www.tenable.com/security/research/tra-2016-12
NOTE: Marked as unimportant since even though the CVE is assigned for Apache Commons FileUpload
More information about the Secure-testing-commits
mailing list