[Secure-testing-commits] r53686 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Wed Jul 19 21:10:15 UTC 2017
Author: sectracker
Date: 2017-07-19 21:10:15 +0000 (Wed, 19 Jul 2017)
New Revision: 53686
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-07-19 20:48:57 UTC (rev 53685)
+++ data/CVE/list 2017-07-19 21:10:15 UTC (rev 53686)
@@ -1,3 +1,17 @@
+CVE-2017-11463
+ RESERVED
+CVE-2017-11462
+ RESERVED
+CVE-2017-11461
+ RESERVED
+CVE-2017-11460
+ RESERVED
+CVE-2017-11459
+ RESERVED
+CVE-2017-11458
+ RESERVED
+CVE-2017-11457
+ RESERVED
CVE-2017-11456 (Geneko GWR routers allow directory traversal sequences starting with a ...)
NOT-FOR-US: Geneko GWR routers
CVE-2017-11455
@@ -11,19 +25,23 @@
CVE-2017-11451
RESERVED
CVE-2017-11450 (coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to ...)
+ {DSA-3914-1}
- imagemagick 8:6.9.7.4+dfsg-12 (bug #867894)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/556
NOTE: https://github.com/ImageMagick/ImageMagick/commit/948356eec65aea91995d4b7cc487d197d2c5f602
CVE-2017-11449 (coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable ...)
+ {DSA-3914-1}
- imagemagick 8:6.9.7.4+dfsg-12 (bug #867896)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/556
NOTE: https://github.com/ImageMagick/ImageMagick/commit/b007dd3a048097d8f58949297f5b434612e1e1a3#diff-cdb21e3ad4d6e304030bd19bdc881fce
NOTE: https://github.com/ImageMagick/ImageMagick/commit/529ff26b68febb2ac03062c58452ea0b4c6edbc1#diff-cdb21e3ad4d6e304030bd19bdc881fce
CVE-2017-11448 (The ReadJPEGImage function in coders/jpeg.c in ImageMagick before ...)
+ {DSA-3914-1}
- imagemagick 8:6.9.7.4+dfsg-12 (bug #867893)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/556
NOTE: https://github.com/ImageMagick/ImageMagick/commit/1737ac82b335e53376382c07b9a500d73dd2aa11
CVE-2017-11447 (The ReadSCREENSHOTImage function in coders/screenshot.c in ImageMagick ...)
+ {DSA-3914-1}
- imagemagick 8:6.9.7.4+dfsg-12 (bug #867897)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/556
NOTE: https://github.com/ImageMagick/ImageMagick/commit/8c10b9247509c0484b55330458846115131ec2ae#diff-0a5dc34e461f3c458e758c199f2dc46d
@@ -980,7 +998,7 @@
NOT-FOR-US: plotly.js (different from the plotly Python package)
CVE-2017-1000005 (PHPMiniAdmin version 1.9.160630 is vulnerable to stored XSS in the ...)
NOT-FOR-US: PHPMiniAdmin
-CVE-2017-1000004 (ATutor versions 2.2.1 and earlier are vulnerable to a SQL injection ...)
+CVE-2017-1000004 (ATutor version 2.2.1 and earlier are vulnerable to a SQL injection in ...)
NOT-FOR-US: ATutor
CVE-2017-1000003 (ATutor versions 2.2.1 and earlier are vulnerable to a incorrect access ...)
NOT-FOR-US: ATutor
@@ -4321,8 +4339,8 @@
- gsoap 2.8.48-1
NOTE: http://blog.senr.io/blog/devils-ivy-flaw-in-widely-used-third-party-code-impacts-millions
NOTE: https://www.genivia.com/changelog.html#Version_2.8.48_upd_(06/21/2017)
-CVE-2017-9764
- RESERVED
+CVE-2017-9764 (Cross-site scripting (XSS) vulnerability in MetInfo 5.3.17 allows ...)
+ TODO: check
CVE-2017-9780 (In Flatpak before 0.8.7, a third-party app repository could include ...)
{DSA-3895-1}
- flatpak 0.8.7-1 (bug #865413)
@@ -9469,8 +9487,8 @@
NOT-FOR-US: Samsung
CVE-2017-7979 (The cookie feature in the packet action API implementation in ...)
- linux <not-affected> (Only affects 4.11-rc1 onwards)
-CVE-2017-7977
- RESERVED
+CVE-2017-7977 (The Screensavercc component in eLux RP before 5.5.0 allows attackers ...)
+ TODO: check
CVE-2017-7976 (Artifex jbig2dec 0.13 allows out-of-bounds writes and reads because of ...)
{DSA-3855-1 DLA-942-1}
- jbig2dec 0.13-4.1 (bug #860787)
@@ -28595,8 +28613,8 @@
RESERVED
CVE-2017-1310 (IBM Informix Dynamic Server 12.1 could allow an authenticated user to ...)
NOT-FOR-US: IBM
-CVE-2017-1309
- RESERVED
+CVE-2017-1309 (IBM InfoSphere Master Data Management Server 11.0 - 11.6 stores user ...)
+ TODO: check
CVE-2017-1308 (IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0 ...)
NOT-FOR-US: IBM
CVE-2017-1307
@@ -28765,20 +28783,20 @@
RESERVED
CVE-2017-1225
RESERVED
-CVE-2017-1224
- RESERVED
-CVE-2017-1223
- RESERVED
+CVE-2017-1224 (IBM Tivoli Endpoint Manager uses weaker than expected cryptographic ...)
+ TODO: check
+CVE-2017-1223 (IBM Tivoli Endpoint Manager could allow a remote attacker to conduct ...)
+ TODO: check
CVE-2017-1222
RESERVED
CVE-2017-1221
RESERVED
CVE-2017-1220
RESERVED
-CVE-2017-1219
- RESERVED
-CVE-2017-1218
- RESERVED
+CVE-2017-1219 (IBM Tivoli Endpoint Manager is vulnerable to a XML External Entity ...)
+ TODO: check
+CVE-2017-1218 (IBM Tivoli Endpoint Manager is vulnerable to cross-site request ...)
+ TODO: check
CVE-2017-1217 (IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site ...)
NOT-FOR-US: IBM
CVE-2017-1216
@@ -28807,8 +28825,8 @@
NOT-FOR-US: IBM
CVE-2017-1204
RESERVED
-CVE-2017-1203
- RESERVED
+CVE-2017-1203 (IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and ...)
+ TODO: check
CVE-2017-1202
RESERVED
CVE-2017-1201
@@ -38210,14 +38228,14 @@
NOTE: See though notes for CVE-2016-7410, the 3767305debcba8bd7e1c483ae48c509d25399252
NOTE: seem to be the ultimate fix upstream, introducing commit should as well still be
NOTE: found.
-CVE-2016-7509
- RESERVED
+CVE-2016-7509 (Cross-site scripting (XSS) vulnerability in GLPI 0.90.4 allows remote ...)
+ TODO: check
CVE-2016-7508 (Multiple SQL injection vulnerabilities in GLPI 0.90.4 allow an ...)
- glpi <removed> (unimportant)
NOTE: https://github.com/glpi-project/glpi/issues/1047
NOTE: Only supported behind an authenticated HTTP zone
-CVE-2016-7507
- RESERVED
+CVE-2016-7507 (Cross-Site Request Forgery (CSRF) vulnerability in GLPI 0.90.4 allows ...)
+ TODO: check
CVE-2016-7506 (An out-of-bounds read vulnerability was observed in Sp_replace_regexp ...)
NOT-FOR-US: MuJS
CVE-2016-7505 (A buffer overflow vulnerability was observed in divby function of ...)
@@ -40369,8 +40387,7 @@
RESERVED
CVE-2016-6799 (Product: Apache Cordova Android 5.2.2 and earlier. The application ...)
NOT-FOR-US: Apache Cordova
-CVE-2016-6798
- RESERVED
+CVE-2016-6798 (In the XSS Protection API module before 1.0.12 in Apache Sling, the ...)
NOT-FOR-US: Apache Sling
CVE-2016-6797 [Apache Tomcat Unrestricted Access to Global Resources]
RESERVED
@@ -43299,8 +43316,8 @@
NOT-FOR-US: IBM
CVE-2016-6019 (IBM Emptoris Strategic Supply Management Platform 10.0.0.x through ...)
NOT-FOR-US: IBM
-CVE-2016-6018
- RESERVED
+CVE-2016-6018 (IBM Emptoris Contract Management 10.0 and 10.1 reveals detailed error ...)
+ TODO: check
CVE-2016-6017
RESERVED
CVE-2016-6016
@@ -45181,8 +45198,7 @@
NOTE: https://issues.apache.org/jira/browse/TS-5019
CVE-2016-5395 (Cross-site scripting (XSS) vulnerability in the create user ...)
NOT-FOR-US: Apache Ranger
-CVE-2016-5394
- RESERVED
+CVE-2016-5394 (In the XSS Protection API module before 1.0.12 in Apache Sling, the ...)
NOT-FOR-US: Apache Sling
CVE-2016-5393 (In Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3, a remote ...)
- hadoop <itp> (bug #793644)
More information about the Secure-testing-commits
mailing list