[Secure-testing-commits] r53630 - data/CVE

Tue Jul 18 21:10:15 UTC 2017

Author: sectracker
Date: 2017-07-18 21:10:15 +0000 (Tue, 18 Jul 2017)
New Revision: 53630

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-07-18 20:56:40 UTC (rev 53629)
+++ data/CVE/list	2017-07-18 21:10:15 UTC (rev 53630)
@@ -1,3 +1,29 @@
+CVE-2017-11434
+	RESERVED
+CVE-2017-11433
+	RESERVED
+CVE-2017-11432
+	RESERVED
+CVE-2017-11431
+	RESERVED
+CVE-2017-11430
+	RESERVED
+CVE-2017-11429
+	RESERVED
+CVE-2017-11428
+	RESERVED
+CVE-2017-11427
+	RESERVED
+CVE-2017-11426
+	RESERVED
+CVE-2017-11425
+	RESERVED
+CVE-2017-11424
+	RESERVED
+CVE-2017-11423 (The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, ...)
+	TODO: check
+CVE-2017-11422
+	RESERVED
 CVE-2017-11420 (Stack-based buffer overflow in ASUS_Discovery.c in networkmap in ...)
 	NOT-FOR-US: ASUS
 CVE-2017-11419 (Fiyo CMS 2.0.7 has SQL injection in ...)
@@ -41,7 +67,7 @@
 	RESERVED
 CVE-2017-11400
 	RESERVED
-CVE-2017-11421 [Thumbnail generation for MSI files executes arbitrary VBScript]
+CVE-2017-11421 (gnome-exe-thumbnailer before 0.9.5 is prone to a VBScript Injection ...)
 	- gnome-exe-thumbnailer 0.9.5-1 (bug #868705)
 	[stretch] - gnome-exe-thumbnailer <no-dsa> (Minor issue)
 	NOTE: http://news.dieweltistgarnichtso.net/posts/gnome-thumbnailer-msi-fail.html
@@ -508,7 +534,7 @@
 	RESERVED
 CVE-2017-1000083 [Evince command injection vulnerability in CBT handler]
 	RESERVED
-	{DSA-3911-1}
+	{DSA-3911-1 DLA-1031-1}
 	- evince 3.22.1-4
 	- atril <unfixed> (bug #868500)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=784630
@@ -1432,10 +1458,10 @@
 	RESERVED
 CVE-2017-10963
 	RESERVED
-CVE-2017-10962
-	RESERVED
-CVE-2017-10961
-	RESERVED
+CVE-2017-10962 (REDCap before 7.5.1 has XSS via the query string. ...)
+	TODO: check
+CVE-2017-10961 (REDCap before 7.5.1 has CSRF in the deletion feature of the File ...)
+	TODO: check
 CVE-2017-10960
 	RESERVED
 CVE-2017-10959
@@ -1960,8 +1986,8 @@
 	RESERVED
 CVE-2017-10709 (The lockscreen on Elephone P9000 devices (running Android 6.0) allows ...)
 	NOT-FOR-US: Elephone P9000 devices
-CVE-2017-10708
-	RESERVED
+CVE-2017-10708 (An issue was discovered in Apport through 2.20.x. In apport/report.py, ...)
+	TODO: check
 CVE-2017-10707
 	RESERVED
 CVE-2017-10706 (When Antiy Antivirus Engine before 5.0.0.05171547 scans a special ZIP ...)
@@ -2763,7 +2789,7 @@
 	- apache2 <not-affected> (Only affected 2.4.26)
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27
 CVE-2017-9788 (In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value ...)
-	{DLA-1028-1}
+	{DSA-3913-1 DLA-1028-1}
 	- apache2 2.4.27-1 (bug #868467)
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27
 	NOTE: Fixed by (2.4.x): https://svn.apache.org/r1800955
@@ -10841,8 +10867,7 @@
 	NOTE: https://gitlab.com/gnutls/gnutls/commit/4c4d35264fada08b6536425c051fb8e0b05ee86b
 	NOTE: https://gitlab.com/gnutls/gnutls/commit/3efb6c5fd0e3822ec11879d5bcbea0e8d322cd03
 	NOTE: https://gitlab.com/gnutls/gnutls/commit/e1d6c59a7b0392fb3b8b75035614084a53e2c8c9
-CVE-2017-7506
-	RESERVED
+CVE-2017-7506 (spice versions though 0.13 are vulnerable to out-of-bounds memory ...)
 	{DSA-3907-1}
 	- spice <unfixed> (bug #868083)
 CVE-2017-7505 (Foreman since version 1.5 is vulnerable to an incorrect authorization ...)
@@ -14511,8 +14536,8 @@
 	NOTE: Fixed by: https://git.kernel.org/linus/8b74d439e1697110c5e5c600643e823eb1dd0762
 CVE-2017-6321
 	RESERVED
-CVE-2017-6320
-	RESERVED
+CVE-2017-6320 (A remote command injection vulnerability exists in the Barracuda Load ...)
+	TODO: check
 CVE-2017-6319 (The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 ...)
 	- radare2 1.1.0+dfsg-3 (bug #856579)
 	[jessie] - radare2 <not-affected> (Vulnerable code introduced in 1.1.0)
@@ -18201,12 +18226,12 @@
 	RESERVED
 CVE-2017-5248
 	RESERVED
-CVE-2017-5247
-	RESERVED
-CVE-2017-5246
-	RESERVED
+CVE-2017-5247 (Biscom Secure File Transfer is vulnerable to cross-site scripting in ...)
+	TODO: check
+CVE-2017-5246 (Biscom Secure File Transfer is vulnerable to AngularJS expression ...)
+	TODO: check
 CVE-2017-5245
-	RESERVED
+	REJECTED
 CVE-2017-5244 (Routes used to stop running Metasploit tasks (either particular ones ...)
 	NOT-FOR-US: Metasploit
 CVE-2017-5243 (The default SSH configuration in Rapid7 Nexpose hardware appliances ...)
@@ -28241,8 +28266,8 @@
 	NOT-FOR-US: IBM
 CVE-2017-1319 (IBM Tivoli Federated Identity Manager 6.2 is affected by a ...)
 	NOT-FOR-US: IBM
-CVE-2017-1318
-	RESERVED
+CVE-2017-1318 (IBM MQ Appliance 8.0 and 9.0 could allow an authenticated messaging ...)
+	TODO: check
 CVE-2017-1317
 	RESERVED
 CVE-2017-1316
@@ -236158,7 +236183,7 @@
 	NOT-FOR-US: Destiney
 CVE-2006-2532 (stats.php in Destiney Rated Images Script 0.5.0 allows remote ...)
 	NOT-FOR-US: Destiney
-CVE-2006-2531 (Ipswitch WhatsUp Professional 2006 only verifies the users identity ...)
+CVE-2006-2531 (Ipswitch WhatsUp Professional 2006 only verifies the user's identity ...)
 	NOT-FOR-US: Ipswitch
 CVE-2006-2530 (avatar_upload.asp in Avatar MOD 1.3 for Snitz Forums 3.4, and possibly ...)
 	NOT-FOR-US: Snitz mod
@@ -251409,7 +251434,7 @@
 	- proftpd 1.2.4-1
 CVE-2001-1499 (Check Point VPN-1 4.1SP4 using SecuRemote returns different error ...)
 	NOT-FOR-US: Check Point
-CVE-2001-1498 (Buffer overflow in mod_bf 0.2 allows local users execute arbitrary ...)
+CVE-2001-1498 (Buffer overflow in mod_bf 0.2 allows local users to execute arbitrary ...)
 	NOT-FOR-US: mod_bf
 CVE-2001-1497 (Microsoft Internet Explorer 4.0 through 6.0 could allow local users to ...)
 	NOT-FOR-US: Microsoft
@@ -258691,7 +258716,7 @@
 	{DSA-639-1}
 	NOTE: unstable not vulnerable according to DSA, DSA was wrong..
 	- mc 1:4.6.0-4.6.1-pre3-1
-CVE-2004-1175 (fish.c in midnight commander allows remote attackers execute arbitrary ...)
+CVE-2004-1175 (fish.c in midnight commander allows remote attackers to execute ...)
 	{DSA-639-1}
 	NOTE: unstable not vulnerable according to DSA, DSA was wrong..
 	- mc 1:4.6.0-4.6.1-pre3-1
@@ -269900,7 +269925,7 @@
 	NOT-FOR-US: Data pre-dating the Security Tracker
 CVE-1999-0956 (The NeXT NetInfo _writers property allows local users to gain root ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0955 (Race condition in wu-ftpd and BSDI ftpd allows remote attackers gain ...)
+CVE-1999-0955 (Race condition in wu-ftpd and BSDI ftpd allows remote attackers to ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
 CVE-1999-0954 (WWWBoard has a default username and default password. ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker


