[Secure-testing-commits] r53736 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Fri Jul 21 09:10:13 UTC 2017
Author: sectracker
Date: 2017-07-21 09:10:13 +0000 (Fri, 21 Jul 2017)
New Revision: 53736
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-07-21 08:54:13 UTC (rev 53735)
+++ data/CVE/list 2017-07-21 09:10:13 UTC (rev 53736)
@@ -1,3 +1,25 @@
+CVE-2017-11504
+ RESERVED
+CVE-2017-11503 (PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email ...)
+ TODO: check
+CVE-2017-11502 (Technicolor DPC3928AD DOCSIS devices allow remote attackers to read ...)
+ TODO: check
+CVE-2017-11501 (NixOS 17.03 and earlier has an unintended default absence of SSL ...)
+ TODO: check
+CVE-2017-11500 (A directory traversal vulnerability exists in MetInfo 5.3.17. A remote ...)
+ TODO: check
+CVE-2017-11499
+ RESERVED
+CVE-2017-11498
+ RESERVED
+CVE-2017-11497
+ RESERVED
+CVE-2017-11496
+ RESERVED
+CVE-2017-11495 (PHICOMM K2(PSG1218) devices V22.5.11.5 and earlier allow ...)
+ TODO: check
+CVE-2017-11494
+ RESERVED
CVE-2017-11493
RESERVED
CVE-2017-11492
@@ -44,8 +66,8 @@
NOT-FOR-US: IDERA Uptime Monitor
CVE-2017-11469 (get2post.php in IDERA Uptime Monitor 7.8 has directory traversal in the ...)
NOT-FOR-US: IDERA Uptime Monitor
-CVE-2017-11468
- RESERVED
+CVE-2017-11468 (Docker Registry before 2.6.2 in Docker Distribution does not properly ...)
+ TODO: check
CVE-2017-11467 (OrientDB through 2.2.22 does not enforce privilege requirements during ...)
NOT-FOR-US: OrientDB
CVE-2017-11465 (The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows ...)
@@ -895,6 +917,7 @@
- php5 <not-affected> (Incomplete fix for CVE-2017-11145 not applied)
NOTE: https://github.com/php/php-src/commit/e8b7698f5ee757ce2c8bd10a192a491a498f891c
CVE-2017-11145 (In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, lack ...)
+ {DLA-1034-1}
- php7.1 <unfixed>
- php7.0 <unfixed>
- php5 <removed>
@@ -1458,8 +1481,8 @@
NOTE: https://github.com/ImageMagick/ImageMagick/issues/538
CVE-2017-10994 (Foxit Reader before 8.3.1 and PhantomPDF before 8.3.1 have an Arbitrary ...)
NOT-FOR-US: Foxit Reader
-CVE-2017-10993
- RESERVED
+CVE-2017-10993 (Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to ...)
+ TODO: check
CVE-2017-10992
RESERVED
CVE-2017-10991 (The WP Statistics plugin through 12.0.9 for WordPress has XSS in the ...)
@@ -1566,6 +1589,7 @@
NOTE: https://github.com/Cacti/cacti/issues/838
NOTE: https://github.com/Cacti/cacti/commit/3381cba6a9e36b01ed0ab0acfd41b00487966cb5
CVE-2017-11147 (In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler ...)
+ {DLA-1034-1}
- php7.1 7.1.1-1
- php7.0 7.0.15-1
- php5 <removed>
@@ -1575,6 +1599,7 @@
NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=e5246580a85f031e1a3b8064edbaa55c1643a451
NOTE: http://openwall.com/lists/oss-security/2017/07/10/6
CVE-2016-10397 (In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of ...)
+ {DLA-1034-1}
- php7.1 <not-affected> (Fixed with initial upload to unstable)
- php7.0 7.0.13-1
- php5 <removed>
@@ -1584,6 +1609,7 @@
NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=b061fa909de77085d3822a89ab901b934d0362c4
NOTE: http://openwall.com/lists/oss-security/2017/07/10/6
CVE-2017-11144 (In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the ...)
+ {DLA-1034-1}
- php7.1 <unfixed>
- php7.0 <unfixed>
- php5 <removed>
@@ -1594,6 +1620,7 @@
NOTE: http://git.php.net/?p=php-src.git;a=commit;h=91826a311dd37f4c4e5d605fa7af331e80ddd4c3
NOTE: http://openwall.com/lists/oss-security/2017/07/10/6
CVE-2017-11143 (In PHP before 5.6.31, an invalid free in the WDDX deserialization of ...)
+ {DLA-1034-1}
- php7.1 <not-affected> (Only affected 5.6)
- php7.0 <not-affected> (Only affected 5.6)
- php5 <removed>
@@ -2501,8 +2528,8 @@
- teamspeak-client <removed>
CVE-2017-9981
RESERVED
-CVE-2017-9980
- RESERVED
+CVE-2017-9980 (In Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, the ...)
+ TODO: check
CVE-2017-9979
RESERVED
CVE-2017-9978
@@ -2629,12 +2656,12 @@
NOT-FOR-US: Joomla
CVE-2017-9933 (Improper cache invalidation in Joomla! CMS 1.7.3 through 3.7.2 leads ...)
NOT-FOR-US: Joomla
-CVE-2017-9932
- RESERVED
-CVE-2017-9931
- RESERVED
-CVE-2017-9930
- RESERVED
+CVE-2017-9932 (Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb has a ...)
+ TODO: check
+CVE-2017-9931 (Cross-Site Scripting (XSS) exists in Green Packet DX-350 Firmware ...)
+ TODO: check
+CVE-2017-9930 (Cross-Site Request Forgery (CSRF) exists in Green Packet DX-350 ...)
+ TODO: check
CVE-2017-9929 (In lrzip 0.631, a stack buffer overflow was found in the function ...)
- lrzip <unfixed> (bug #866020)
[stretch] - lrzip <no-dsa> (Minor issue)
More information about the Secure-testing-commits
mailing list