[Secure-testing-commits] r53784 - data/CVE

Sat Jul 22 09:10:14 UTC 2017

Author: sectracker
Date: 2017-07-22 09:10:13 +0000 (Sat, 22 Jul 2017)
New Revision: 53784

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-07-22 08:22:24 UTC (rev 53783)
+++ data/CVE/list	2017-07-22 09:10:13 UTC (rev 53784)
@@ -1,3 +1,9 @@
+CVE-2017-11520
+	RESERVED
+CVE-2017-11519 (passwd_recovery.lua on the TP-Link Archer C9(UN)_V2_160517 allows an ...)
+	TODO: check
+CVE-2016-10399
+	RESERVED
 CVE-2017-11518
 	RESERVED
 CVE-2017-11517 (Stack-based buffer overflow in GCoreServer.exe in the server in ...)
@@ -11166,8 +11172,7 @@
 	RESERVED
 	- linux <unfixed>
 	NOTE: Fixed by: https://git.kernel.org/linus/8f44c9a41386729fea410e688959ddaa9d51be7c
-CVE-2017-7540
-	RESERVED
+CVE-2017-7540 (rubygem-safemode, as used in Foreman, versions 1.3.2 and earlier are ...)
 	NOT-FOR-US: Safemode ruby gem
 CVE-2017-7539 [qemu-nbd crashes due to undefined I/O coroutine]
 	RESERVED
@@ -11231,8 +11236,8 @@
 CVE-2017-7524 (tpm2-tools versions before 1.1.1 are vulnerable to a password leak due ...)
 	- tpm2-tools <unfixed> (bug #866257)
 	NOTE: https://github.com/01org/tpm2.0-tools/commit/c5d72beaab1cbbbe68271f4bc4b6670d69985157
-CVE-2017-7523
-	RESERVED
+CVE-2017-7523 (Cygwin versions 1.7.2 up to and including 1.8.0 are vulnerable to ...)
+	TODO: check
 CVE-2017-7522 (OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to ...)
 	- openvpn 2.4.3-1 (unimportant)
 	[jessie] - openvpn <not-affected> (x509-track implemented in 2.4.0)
@@ -11429,8 +11434,7 @@
 	- ansible <unfixed> (bug #862666)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1450018
 	NOTE: Fixed by: https://github.com/ansible/ansible/commit/ed56f51f185a1ffd7ea57130d260098686fcc7c2
-CVE-2017-7480 [File download via http might lead to RCE]
-	RESERVED
+CVE-2017-7480 (rkhunter versions before 1.4.4 are vulnerable to file download over ...)
 	- rkhunter 1.4.4-1 (bug #866677)
 	[stretch] - rkhunter 1.4.2-6+deb9u1
 	[jessie] - rkhunter <no-dsa> (Minor issue)
@@ -11474,8 +11478,7 @@
 	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=100763
 CVE-2017-7474 (It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not ...)
 	NOT-FOR-US: Keycloak
-CVE-2017-7473 [Potential information disclosure via no_log directive]
-	RESERVED
+CVE-2017-7473 (Ansible versions 2.2.3 and earlier are vulnerable to an information ...)
 	- ansible <unfixed> (bug #863583)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1440912
 	NOTE: Possibly https://github.com/ansible/ansible/issues/22505
@@ -26857,16 +26860,16 @@
 	RESERVED
 CVE-2017-2278
 	RESERVED
-CVE-2017-2277
-	RESERVED
-CVE-2017-2276
-	RESERVED
-CVE-2017-2275
-	RESERVED
-CVE-2017-2274
-	RESERVED
-CVE-2017-2273
-	RESERVED
+CVE-2017-2277 (WG-C10 v3.0.79 and earlier allows an attacker to bypass access ...)
+	TODO: check
+CVE-2017-2276 (Buffer overflow in WG-C10 v3.0.79 and earlier allows an attacker to ...)
+	TODO: check
+CVE-2017-2275 (WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary OS ...)
+	TODO: check
+CVE-2017-2274 (Cross-site scripting vulnerability in WMR-433 firmware Ver.1.02 and ...)
+	TODO: check
+CVE-2017-2273 (Cross-site request forgery (CSRF) vulnerability in WMR-433 firmware ...)
+	TODO: check
 CVE-2017-2272 (Untrusted search path vulnerability in Self-extracting encrypted files ...)
 	NOT-FOR-US: AttacheCase
 CVE-2017-2271 (Untrusted search path vulnerability in Self-extracting encrypted files ...)
@@ -27159,8 +27162,8 @@
 	NOT-FOR-US: Security guide for website operators
 CVE-2017-2127 (Cross-site scripting vulnerability in YOP Poll versions prior to 5.8.1 ...)
 	NOT-FOR-US: YOP Poll
-CVE-2017-2126
-	RESERVED
+CVE-2017-2126 (WAPM-1166D firmware Ver.1.2.7 and earlier, WAPM-APG600H firmware ...)
+	TODO: check
 CVE-2017-2125 (Privilege escalation vulnerability in CentreCOM AR260S V2 remote ...)
 	NOT-FOR-US: CentreCOM AR260S
 CVE-2017-2124 (Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven's Door ...)


