[Secure-testing-commits] r53919 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Tue Jul 25 21:10:17 UTC 2017
Author: sectracker
Date: 2017-07-25 21:10:17 +0000 (Tue, 25 Jul 2017)
New Revision: 53919
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-07-25 20:38:06 UTC (rev 53918)
+++ data/CVE/list 2017-07-25 21:10:17 UTC (rev 53919)
@@ -1,3 +1,19 @@
+CVE-2017-11618
+ RESERVED
+CVE-2017-11617 (Cross-site scripting (XSS) vulnerability in atmail prior to version ...)
+ TODO: check
+CVE-2017-11616
+ RESERVED
+CVE-2017-11615
+ RESERVED
+CVE-2017-11614 (MEDHOST Connex contains hard-coded credentials that are used for ...)
+ TODO: check
+CVE-2017-11613
+ RESERVED
+CVE-2017-11612
+ RESERVED
+CVE-2016-10401 (ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it ...)
+ TODO: check
CVE-2017-11611
RESERVED
CVE-2017-11610
@@ -109,8 +125,8 @@
NOTE: https://github.com/fontforge/fontforge/issues/3089
CVE-2017-11567
RESERVED
-CVE-2017-11566
- RESERVED
+CVE-2017-11566 (AppUse 4.0 allows shell command injection via a proxy field. ...)
+ TODO: check
CVE-2017-1002151 [pagure: private repositories accessible through ssh]
- pagure <itp> (bug #829046)
NOTE: https://pagure.io/pagure/pull-request/2426
@@ -283,8 +299,7 @@
NOT-FOR-US: NixOS
CVE-2017-11500 (A directory traversal vulnerability exists in MetInfo 5.3.17. A remote ...)
NOT-FOR-US: MetInfo
-CVE-2017-11499 [nodejs hash seed]
- RESERVED
+CVE-2017-11499 (Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through ...)
- nodejs 4.8.4~dfsg-1 (bug #868162; unimportant)
NOTE: https://nodejs.org/en/blog/release/v6.11.1/
NOTE: https://nodejs.org/en/blog/release/v4.8.4/
@@ -373,14 +388,14 @@
RESERVED
CVE-2017-11461
RESERVED
-CVE-2017-11460
- RESERVED
-CVE-2017-11459
- RESERVED
-CVE-2017-11458
- RESERVED
-CVE-2017-11457
- RESERVED
+CVE-2017-11460 (Cross-site scripting (XSS) vulnerability in the DataArchivingService ...)
+ TODO: check
+CVE-2017-11459 (SAP TREX 7.10 allows remote attackers to (1) read arbitrary files via ...)
+ TODO: check
+CVE-2017-11458 (Cross-site scripting (XSS) vulnerability in the ctcprotocol/Protocol ...)
+ TODO: check
+CVE-2017-11457 (XML external entity (XXE) vulnerability in com.sap.km.cm.ice in SAP ...)
+ TODO: check
CVE-2017-11456 (Geneko GWR routers allow directory traversal sequences starting with a ...)
NOT-FOR-US: Geneko GWR routers
CVE-2017-11455
@@ -447,8 +462,7 @@
NOT-FOR-US: D-Link
CVE-2017-11435 (The Humax Wi-Fi Router model HG100R-* 2.0.6 is prone to an ...)
NOT-FOR-US: Humax Wi-Fi Router model HG100R-*
-CVE-2017-11434 [slirp: out-of-bounds read while parsing dhcp options]
- RESERVED
+CVE-2017-11434 (The dhcp_decode function in slirp/bootp.c in QEMU (aka Quick Emulator) ...)
- qemu <unfixed> (bug #869171)
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg05001.html
@@ -2613,6 +2627,7 @@
RESERVED
CVE-2017-10664 [qemu-nbd: server breaks with SIGPIPE upon client abort]
RESERVED
+ {DSA-3920-1}
- qemu <unfixed> (bug #866674)
[jessie] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
@@ -4145,6 +4160,7 @@
RESERVED
CVE-2017-10198
RESERVED
+ {DSA-3919-1}
- openjdk-8 8u141-b15-1
- openjdk-7 <removed>
- openjdk-6 <removed>
@@ -4159,6 +4175,7 @@
RESERVED
CVE-2017-10193
RESERVED
+ {DSA-3919-1}
- openjdk-8 8u141-b15-1
- openjdk-7 <removed>
- openjdk-6 <removed>
@@ -4200,6 +4217,7 @@
RESERVED
CVE-2017-10176
RESERVED
+ {DSA-3919-1}
- openjdk-8 8u141-b15-1
- openjdk-7 <removed>
CVE-2017-10175
@@ -4285,6 +4303,7 @@
RESERVED
CVE-2017-10135 [OpenJDK: PKCS#8 implementation timing attack (JCE, 8176760)]
RESERVED
+ {DSA-3919-1}
- openjdk-8 8u141-b15-1
- openjdk-7 <removed>
- openjdk-6 <removed>
@@ -4330,6 +4349,7 @@
RESERVED
CVE-2017-10118
RESERVED
+ {DSA-3919-1}
- openjdk-8 8u141-b15-1
- openjdk-7 <removed>
CVE-2017-10117
@@ -4337,12 +4357,14 @@
NOT-FOR-US: Java Advanced Management Console
CVE-2017-10116
RESERVED
+ {DSA-3919-1}
- openjdk-8 8u141-b15-1
- openjdk-7 <removed>
- openjdk-6 <removed>
[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10115
RESERVED
+ {DSA-3919-1}
- openjdk-8 8u141-b15-1
- openjdk-7 <removed>
- openjdk-6 <removed>
@@ -4356,27 +4378,32 @@
RESERVED
CVE-2017-10111
RESERVED
+ {DSA-3919-1}
- openjdk-8 8u141-b15-1
CVE-2017-10110
RESERVED
+ {DSA-3919-1}
- openjdk-8 8u141-b15-1
- openjdk-7 <removed>
- openjdk-6 <removed>
[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10109
RESERVED
+ {DSA-3919-1}
- openjdk-8 8u141-b15-1
- openjdk-7 <removed>
- openjdk-6 <removed>
[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10108
RESERVED
+ {DSA-3919-1}
- openjdk-8 8u141-b15-1
- openjdk-7 <removed>
- openjdk-6 <removed>
[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10107
RESERVED
+ {DSA-3919-1}
- openjdk-8 8u141-b15-1
- openjdk-7 <removed>
- openjdk-6 <removed>
@@ -4395,12 +4422,14 @@
RESERVED
CVE-2017-10102
RESERVED
+ {DSA-3919-1}
- openjdk-8 8u141-b15-1
- openjdk-7 <unfixed>
- openjdk-6 <unfixed>
[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10101
RESERVED
+ {DSA-3919-1}
- openjdk-8 8u141-b15-1
- openjdk-7 <removed>
- openjdk-6 <removed>
@@ -4415,6 +4444,7 @@
RESERVED
CVE-2017-10096
RESERVED
+ {DSA-3919-1}
- openjdk-8 8u141-b15-1
- openjdk-7 <removed>
- openjdk-6 <removed>
@@ -4431,10 +4461,12 @@
RESERVED
CVE-2017-10090
RESERVED
+ {DSA-3919-1}
- openjdk-8 8u141-b15-1
- openjdk-7 <removed>
CVE-2017-10089
RESERVED
+ {DSA-3919-1}
- openjdk-8 8u141-b15-1
- openjdk-7 <removed>
- openjdk-6 <removed>
@@ -4443,6 +4475,7 @@
RESERVED
CVE-2017-10087
RESERVED
+ {DSA-3919-1}
- openjdk-8 8u141-b15-1
- openjdk-7 <removed>
- openjdk-6 <removed>
@@ -4460,6 +4493,7 @@
RESERVED
CVE-2017-10081
RESERVED
+ {DSA-3919-1}
- openjdk-8 8u141-b15-1
- openjdk-7 <removed>
- openjdk-6 <removed>
@@ -4470,6 +4504,7 @@
RESERVED
CVE-2017-10078
RESERVED
+ {DSA-3919-1}
- openjdk-8 8u141-b15-1
CVE-2017-10077
RESERVED
@@ -4479,6 +4514,7 @@
RESERVED
CVE-2017-10074
RESERVED
+ {DSA-3919-1}
- openjdk-8 8u141-b15-1
- openjdk-7 <removed>
- openjdk-6 <removed>
@@ -4497,6 +4533,7 @@
RESERVED
CVE-2017-10067
RESERVED
+ {DSA-3919-1}
- openjdk-8 8u141-b15-1
- openjdk-7 <removed>
- openjdk-6 <removed>
@@ -4529,6 +4566,7 @@
RESERVED
CVE-2017-10053
RESERVED
+ {DSA-3919-1}
- openjdk-8 8u141-b15-1
- openjdk-7 <removed>
- openjdk-6 <removed>
@@ -4748,6 +4786,7 @@
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-217.html
CVE-2017-10911 (The make_response function in drivers/block/xen-blkback/blkback.c in ...)
+ {DSA-3920-1}
- linux 4.11.11-1
- qemu <unfixed> (bug #869706)
NOTE: https://xenbits.xen.org/xsa/advisory-216.html
@@ -5434,6 +5473,7 @@
NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=bc5199a02abe428ad377443280b3eda60141a1d6
NOTE: and following refactorings.
CVE-2017-9524 (The qemu-nbd server in QEMU (aka Quick Emulator), when built with the ...)
+ {DSA-3920-1}
- qemu <unfixed> (bug #865755)
[jessie] - qemu <not-affected> (Vulnerable code not present)
[wheezy] - qemu <not-affected> (Vulnerable code not present)
@@ -5616,8 +5656,8 @@
RESERVED
CVE-2017-9458
RESERVED
-CVE-2017-9457
- RESERVED
+CVE-2017-9457 (Intense PC (aka MintBox 2) Phoenix SecureCore UEFI firmware does not ...)
+ TODO: check
CVE-2017-9456
RESERVED
CVE-2017-9455
@@ -5747,8 +5787,8 @@
NOT-FOR-US: Subsonic
CVE-2017-9414
RESERVED
-CVE-2017-9413
- RESERVED
+CVE-2017-9413 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
+ TODO: check
CVE-2012-6705 (Cross Site Scripting (XSS) exists in Jamroom before 4.2.7 via the ...)
NOT-FOR-US: Jamroom
CVE-2017-9412
@@ -5865,6 +5905,7 @@
CVE-2017-9376
RESERVED
CVE-2017-9375 (QEMU (aka Quick Emulator), when built with USB xHCI controller ...)
+ {DSA-3920-1}
- qemu <unfixed> (bug #864219)
[jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <not-affected> (vulnerable code not present)
@@ -5872,6 +5913,7 @@
[wheezy] - qemu-kvm <not-affected> (vulnerable code not present)
NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=96d87bdda3919bb16f754b3d3fd1227e1f38f13c
CVE-2017-9374 (Memory leak in QEMU (aka Quick Emulator), when built with USB EHCI ...)
+ {DSA-3920-1}
- qemu <unfixed> (bug #864568)
[jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <no-dsa> (Minor issue)
@@ -5879,6 +5921,7 @@
[wheezy] - qemu-kvm <no-dsa> (Minor issue)
NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=d710e1e7bd3d5bfc26b631f02ae87901ebe646b0
CVE-2017-9373 (Memory leak in QEMU (aka Quick Emulator), when built with IDE AHCI ...)
+ {DSA-3920-1}
- qemu <unfixed> (bug #864216)
[wheezy] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
@@ -6021,6 +6064,7 @@
NOTE: Original announcement: http://lists.nongnu.org/archive/html/chicken-announce/2017-05/msg00000.html
NOTE: Patch: http://lists.nongnu.org/archive/html/chicken-hackers/2017-05/msg00099.html
CVE-2017-9330 (QEMU (aka Quick Emulator), when built with the USB OHCI Emulation ...)
+ {DSA-3920-1}
- qemu <unfixed> (bug #863943)
[jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <not-affected> (Vulnerable code no present)
@@ -6229,6 +6273,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2017/05/30/16
NOTE: https://www.sudo.ws/repos/sudo/raw-rev/b5460cbbb11b
CVE-2017-9310 (QEMU (aka Quick Emulator), when built with the e1000e NIC emulation ...)
+ {DSA-3920-1}
- qemu <unfixed> (bug #863840)
[jessie] - qemu <not-affected> (Vulnerable code not present; e1000e introduced in 2.7.0-rc0)
[wheezy] - qemu <not-affected> (Vulnerable code not present)
@@ -6440,8 +6485,7 @@
RESERVED
CVE-2017-9234
RESERVED
-CVE-2017-9233
- RESERVED
+CVE-2017-9233 (XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat ...)
{DSA-3898-1 DLA-990-1}
- expat 2.2.1-1
NOTE: https://libexpat.github.io/doc/cve-2017-9233/
@@ -7429,8 +7473,8 @@
NOTE: Fixed by: https://sourceforge.net/p/flightgear/flightgear/ci/c8250b10bb9a116889f831d2299678b0ef70fec2/ (3.0.0)
CVE-2017-8920 (irc.cgi in CGI:IRC before 0.5.12 reflects user-supplied input from the ...)
- cgiirc <removed>
-CVE-2017-8919
- RESERVED
+CVE-2017-8919 (NetApp OnCommand API Services before 1.2P3 logs the LDAP BIND password ...)
+ TODO: check
CVE-2017-8918
RESERVED
CVE-2017-8917 (SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows ...)
@@ -9834,8 +9878,7 @@
NOTE: which is CVE-2017-6440.
CVE-2017-7981 (Tuleap before 9.7 allows command injection via the PhpWiki 1.3.10 ...)
NOT-FOR-US: Enalean Tuleap
-CVE-2017-7980
- RESERVED
+CVE-2017-7980 (Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick ...)
{DLA-1035-1 DLA-939-1}
- qemu 1:2.8+dfsg-4
- qemu-kvm <removed>
@@ -10515,7 +10558,7 @@
RESERVED
CVE-2017-7778
RESERVED
- {DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1}
+ {DSA-3918-1 DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1}
- graphite2 1.3.10-1
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1349310
- firefox 54.0-1
@@ -10526,7 +10569,7 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7778
CVE-2017-7777
RESERVED
- {DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1}
+ {DSA-3918-1 DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1}
- graphite2 1.3.10-1
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
@@ -10535,7 +10578,7 @@
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1358551
CVE-2017-7776
RESERVED
- {DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1}
+ {DSA-3918-1 DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1}
- graphite2 1.3.10-1
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
@@ -10543,7 +10586,7 @@
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1356607
CVE-2017-7775
RESERVED
- {DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1}
+ {DSA-3918-1 DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1}
- graphite2 1.3.10-1
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
@@ -10551,7 +10594,7 @@
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1355182
CVE-2017-7774
RESERVED
- {DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1}
+ {DSA-3918-1 DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1}
- graphite2 1.3.10-1
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
@@ -10559,7 +10602,7 @@
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1355174
CVE-2017-7773
RESERVED
- {DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1}
+ {DSA-3918-1 DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1}
- graphite2 1.3.10-1
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
@@ -10567,7 +10610,7 @@
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1352747
CVE-2017-7772
RESERVED
- {DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1}
+ {DSA-3918-1 DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1}
- graphite2 1.3.10-1
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
@@ -10575,7 +10618,7 @@
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1352745
CVE-2017-7771
RESERVED
- {DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1}
+ {DSA-3918-1 DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1}
- graphite2 1.3.10-1
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
@@ -10615,7 +10658,7 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7765
CVE-2017-7764
RESERVED
- {DSA-3881-1 DLA-1007-1 DLA-991-1}
+ {DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
- icedove 1:52.2.0-1
@@ -10652,7 +10695,7 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7759
CVE-2017-7758
RESERVED
- {DSA-3881-1 DLA-1007-1 DLA-991-1}
+ {DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
- icedove 1:52.2.0-1
@@ -10661,7 +10704,7 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7758
CVE-2017-7757
RESERVED
- {DSA-3881-1 DLA-1007-1 DLA-991-1}
+ {DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
- icedove 1:52.2.0-1
@@ -10670,7 +10713,7 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7757
CVE-2017-7756
RESERVED
- {DSA-3881-1 DLA-1007-1 DLA-991-1}
+ {DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
- icedove 1:52.2.0-1
@@ -10685,7 +10728,7 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7755
CVE-2017-7754
RESERVED
- {DSA-3881-1 DLA-1007-1 DLA-991-1}
+ {DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
- icedove 1:52.2.0-1
@@ -10696,7 +10739,7 @@
RESERVED
CVE-2017-7752
RESERVED
- {DSA-3881-1 DLA-1007-1 DLA-991-1}
+ {DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
- icedove 1:52.2.0-1
@@ -10705,7 +10748,7 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7752
CVE-2017-7751
RESERVED
- {DSA-3881-1 DLA-1007-1 DLA-991-1}
+ {DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
- icedove 1:52.2.0-1
@@ -10714,7 +10757,7 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7751
CVE-2017-7750
RESERVED
- {DSA-3881-1 DLA-1007-1 DLA-991-1}
+ {DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
- icedove 1:52.2.0-1
@@ -10723,7 +10766,7 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7750
CVE-2017-7749
RESERVED
- {DSA-3881-1 DLA-1007-1 DLA-991-1}
+ {DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
- icedove 1:52.2.0-1
@@ -11631,6 +11674,7 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1450018
NOTE: Fixed by: https://github.com/ansible/ansible/commit/ed56f51f185a1ffd7ea57130d260098686fcc7c2
CVE-2017-7480 (rkhunter versions before 1.4.4 are vulnerable to file download over ...)
+ {DLA-1039-1}
- rkhunter 1.4.4-1 (bug #866677)
[stretch] - rkhunter 1.4.2-6+deb9u1
[jessie] - rkhunter 1.4.2-0.4+deb8u1
@@ -13870,26 +13914,26 @@
RESERVED
CVE-2017-6756
RESERVED
-CVE-2017-6755
- RESERVED
+CVE-2017-6755 (A vulnerability in the web portal of the Cisco Prime Collaboration ...)
+ TODO: check
CVE-2017-6754
RESERVED
-CVE-2017-6753
- RESERVED
+CVE-2017-6753 (A vulnerability in Cisco WebEx browser extensions for Google Chrome and ...)
+ TODO: check
CVE-2017-6752
RESERVED
-CVE-2017-6751
- RESERVED
-CVE-2017-6750
- RESERVED
-CVE-2017-6749
- RESERVED
-CVE-2017-6748
- RESERVED
+CVE-2017-6751 (A vulnerability in the web proxy functionality of the Cisco Web ...)
+ TODO: check
+CVE-2017-6750 (A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) ...)
+ TODO: check
+CVE-2017-6749 (A vulnerability in the web-based management interface of Cisco Web ...)
+ TODO: check
+CVE-2017-6748 (A vulnerability in the CLI parser of the Cisco Web Security Appliance ...)
+ TODO: check
CVE-2017-6747
RESERVED
-CVE-2017-6746
- RESERVED
+CVE-2017-6746 (A vulnerability in the web interface of the Cisco Web Security ...)
+ TODO: check
CVE-2017-6745
RESERVED
CVE-2017-6744 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS ...)
@@ -14036,8 +14080,8 @@
NOT-FOR-US: Cisco
CVE-2017-6673 (A vulnerability in Cisco Firepower Management Center could allow an ...)
NOT-FOR-US: Cisco
-CVE-2017-6672
- RESERVED
+CVE-2017-6672 (A vulnerability in certain filtering mechanisms of access control lists ...)
+ TODO: check
CVE-2017-6671 (A vulnerability in the email message scanning of Cisco AsyncOS Software ...)
NOT-FOR-US: Cisco
CVE-2017-6670 (A vulnerability in the web-based GUI of Cisco Unified Communications ...)
@@ -14156,8 +14200,8 @@
NOT-FOR-US: Cisco
CVE-2017-6613 (A vulnerability in the DNS input packet processor for Cisco Prime ...)
NOT-FOR-US: Cisco
-CVE-2017-6612
- RESERVED
+CVE-2017-6612 (A vulnerability in the gateway GPRS support node (GGSN) of Cisco ASR ...)
+ TODO: check
CVE-2017-6611 (A vulnerability in the web framework code of Cisco Prime Infrastructure ...)
NOT-FOR-US: Cisco
CVE-2017-6610 (A vulnerability in the Internet Key Exchange Version 1 (IKEv1) XAUTH ...)
@@ -17980,7 +18024,7 @@
NOTE: https://github.com/ntop/ntopng/commit/f91fbe3d94c8346884271838ae3406ae633f6f15
CVE-2017-5472
RESERVED
- {DSA-3881-1 DLA-1007-1 DLA-991-1}
+ {DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
- icedove 1:52.2.0-1
@@ -17993,7 +18037,7 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-5471
CVE-2017-5470
RESERVED
- {DSA-3881-1 DLA-1007-1 DLA-991-1}
+ {DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
- firefox 54.0-1
- firefox-esr 52.2.0esr-1
- icedove 1:52.2.0-1
@@ -41681,8 +41725,7 @@
NOTE: https://github.com/ImageMagick/ImageMagick/commit/d7325bac173492b358417a0ad49fabad44447d52
NOTE: https://github.com/ImageMagick/ImageMagick/commit/504ada82b6fa38a30c846c1c29116af7290decb2
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
-CVE-2016-7539 [potential DOS by not releasing memory]
- RESERVED
+CVE-2016-7539 (Memory leak in AcquireVirtualMemory in ImageMagick before 7 allows ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #833101)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/4e81ce8b07219c69a9aeccb0f7f7b927ca6db74c
@@ -43486,8 +43529,8 @@
{DLA-544-1}
- tcpreplay 3.4.4-3 (bug #829350)
[jessie] - tcpreplay 3.4.4-2+deb8u1
-CVE-2016-6133
- RESERVED
+CVE-2016-6133 (Cross-site scripting (XSS) vulnerability in Ektron Content Management ...)
+ TODO: check
CVE-2016-6153 (os_unix.c in SQLite before 3.13.0 improperly implements the temporary ...)
{DLA-543-1}
- sqlite3 3.13.0-1
@@ -65032,8 +65075,7 @@
RESERVED
CVE-2015-8014
RESERVED
-CVE-2015-8009
- RESERVED
+CVE-2015-8009 (The MWOAuthDataStore::lookup_token function in Extension:OAuth for ...)
NOT-FOR-US: Mediawiki extension OAuth
CVE-2015-8008
RESERVED
@@ -65604,8 +65646,7 @@
NOTE: Patches from Fedora: http://pkgs.fedoraproject.org/cgit/kernel.git/commit/?id=d76d5fe34b5c151ad83761160998b1075729b541
NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f05819df10d7b09f6d1eb6f8534a8f68e5a4fe61 (v4.3-rc7)
NOTE: http://www.openwall.com/lists/oss-security/2015/10/20/5
-CVE-2015-8013 [predictable session key without knowing the passphrase]
- RESERVED
+CVE-2015-8013 (s2k.js in OpenPGP.js will decrypt arbitrary messages regardless of ...)
- libjs-openpgp <itp> (bug #787774)
NOTE: http://www.openwall.com/lists/oss-security/2015/10/13/7
CVE-2015-7840 (The command line management console (CMC) in SolarWinds Log and Event ...)
@@ -66599,8 +66640,7 @@
CVE-2015-7544
RESERVED
NOT-FOR-US: redhat-support-plugin-rhev
-CVE-2015-7543 [Use of mktemp(3) allows attacker to hijack the IPC]
- RESERVED
+CVE-2015-7543 (aRts 1.5.10 and kdelibs3 3.5.10 and earlier do not properly create ...)
{DLA-367-1 DLA-366-1}
- kde4libs <not-affected> (Fixed before the first release in Debian)
- kdelibs <removed>
@@ -69177,8 +69217,8 @@
NOTE: http://www.openafs.org/pages/security/OPENAFS-SA-2015-006.txt
CVE-2015-6586 (The mDNS module in Huawei WLAN AC6005, AC6605, and ACU2 devices with ...)
NOT-FOR-US: Huawei
-CVE-2015-6585
- RESERVED
+CVE-2015-6585 (hwpapp.dll in Hangul Word Processor allows remote attackers to execute ...)
+ TODO: check
CVE-2015-6584 (Cross-site scripting (XSS) vulnerability in the DataTables plugin ...)
- datatables.js 1.10.9+dfsg-1
NOTE: http://www.securityfocus.com/archive/1/archive/1/536437/100/0/threaded
@@ -71721,8 +71761,7 @@
CVE-2015-5595
RESERVED
NOT-FOR-US: Zenphoto
-CVE-2015-5594
- RESERVED
+CVE-2015-5594 (The sanitize_string function in ZenPhoto before 1.4.9 utilized the ...)
NOT-FOR-US: Zenphoto
CVE-2015-5593
RESERVED
@@ -72961,8 +73000,7 @@
[wheezy] - swift <no-dsa> (Minor issue)
CVE-2015-5222 (Red Hat OpenShift Enterprise 3.0.0.0 does not properly check ...)
NOT-FOR-US: OpenShift
-CVE-2015-5221 [use-after-free in mif_process_cmpt]
- RESERVED
+CVE-2015-5221 (Use-after-free vulnerability in the mif_process_cmpt function in ...)
- jasper <removed> (bug #796253)
[jessie] - jasper <no-dsa> (Minor issue)
[wheezy] - jasper <no-dsa> (Minor issue)
@@ -73093,8 +73131,7 @@
NOTE: Patch in CentOS 7 corresponding to RHSA-2015:1700: https://git.centos.org/blob/rpms!pcs/bafb6400d552c4d9e9cb46ddbe523e8f47e0de63/SOURCES!bz1253289-fixed-session-and-cookies-processing.patch
CVE-2015-5188 (Cross-site request forgery (CSRF) vulnerability in the Web Console ...)
NOT-FOR-US: JBoss EAP
-CVE-2015-5187
- RESERVED
+CVE-2015-5187 (Candlepin allows remote attackers to obtain sensitive information by ...)
NOT-FOR-US: candlepin / subscription-manager
CVE-2015-5186 [log terminal emulator escape sequences handling]
RESERVED
@@ -75117,10 +75154,10 @@
NOT-FOR-US: WordPress plugin zM Ajax Login & Register
CVE-2015-4464
RESERVED
-CVE-2015-4463
- RESERVED
-CVE-2015-4462
- RESERVED
+CVE-2015-4463 (Unrestricted file upload vulnerability in eFront CMS before 3.6.15.5 ...)
+ TODO: check
+CVE-2015-4462 (Unrestricted file upload vulnerability in eFront CMS before 3.6.15.5 ...)
+ TODO: check
CVE-2015-4461
RESERVED
CVE-2015-4460 (Cross-site request forgery (CSRF) vulnerability in ...)
@@ -76348,8 +76385,7 @@
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=928749
NOTE: https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940
NOTE: http://pkgs.fedoraproject.org/cgit/coreutils.git/plain/coreutils-i18n.patch
-CVE-2015-4035
- RESERVED
+CVE-2015-4035 (scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not ...)
- xz-utils <not-affected> (Affects 4.999.9beta)
NOTE: http://www.openwall.com/lists/oss-security/2015/05/18/7
CVE-2015-4010 (Cross-site request forgery (CSRF) vulnerability in the Encrypted ...)
@@ -78424,8 +78460,7 @@
- cups 1.5.0-16
NOTE: cups moved filters to separate package in 1.5.0-16
NOTE: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7365
-CVE-2015-3278 [incorrect multi-keyword mode cipherstring parsing]
- RESERVED
+CVE-2015-3278 (The cipherstring parsing code in nss_compat_ossl while in ...)
NOT-FOR-US: nss_compat_ossl (OpenSSL to NSS Porting Library)
CVE-2015-3277 [incorrect multi-keyword mode cipherstring parsing]
RESERVED
@@ -78544,8 +78579,7 @@
NOTE: initially attributed to usermode package, root-cause fixed in libuser instead
CVE-2015-3244 (The Portlet Bridge for JavaServer Faces in Red Hat JBoss Portal 6.2.0, ...)
NOT-FOR-US: PortletBridge component of Red Hat JBoss Portal
-CVE-2015-3243 [some log files are created world-readable]
- RESERVED
+CVE-2015-3243 (rsyslog uses weak permissions for generating log files, which allows ...)
- rsyslog <unfixed> (unimportant)
NOTE: The default for syslog is $FileCreateMode 0644 but the rsyslog.conf
NOTE: provided by the Debian package sets $FileCreateMode 0640
@@ -78753,8 +78787,7 @@
[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: http://xenbits.xen.org/xsa/advisory-135.html
-CVE-2015-3208
- RESERVED
+CVE-2015-3208 (XML external entity (XXE) vulnerability in the XPath selector ...)
NOT-FOR-US: HornetQ
CVE-2015-3207
RESERVED
@@ -78902,8 +78935,7 @@
RESERVED
CVE-2015-3172
RESERVED
-CVE-2015-3171 [archives are created with read permissions for everyone]
- RESERVED
+CVE-2015-3171 (sosreport 3.2 uses weak permissions for generated sosreport archives, ...)
- sosreport 3.2-2 (bug #769521)
NOTE: https://github.com/sosreport/sos/commit/d7759d3ddae5fe99a340c88a1d370d65cfa73fd6
NOTE: https://github.com/sosreport/sos/issues/425
@@ -78995,8 +79027,7 @@
CVE-2015-3150 [abrt: abrt-dbus does not guard against crafted problem directory path arguments]
RESERVED
NOT-FOR-US: abrt is Red Hat / Fedora specific
-CVE-2015-3149 [insecure hsperfdata temporary file handling, CVE-2015-0383 regression (Hotspot)]
- RESERVED
+CVE-2015-3149 (The Hotspot component in OpenJDK8 as packaged in Red Hat Enterprise ...)
- openjdk-8 <not-affected> (defective patch not applied)
CVE-2015-3148 (cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use ...)
{DSA-3232-1 DLA-211-1}
@@ -79953,8 +79984,8 @@
NOT-FOR-US: Huawei
CVE-2015-2799
RESERVED
-CVE-2015-2798
- RESERVED
+CVE-2015-2798 (SQL injection vulnerability in Joomla! Component Contact Form Maker ...)
+ TODO: check
CVE-2015-2797 (Stack-based buffer overflow in AirTies Air 6372, 5760, 5750, 5650TT, ...)
NOT-FOR-US: AirTies Air DSL modems
CVE-2015-2796
@@ -84312,8 +84343,8 @@
RESERVED
CVE-2015-1439
RESERVED
-CVE-2015-1438
- RESERVED
+CVE-2015-1438 (Heap-based buffer overflow in Panda Security Kernel Memory Access ...)
+ TODO: check
CVE-2015-1437 (Multiple cross-site scripting (XSS) vulnerabilities in Asus RT-N10+ D1 ...)
NOT-FOR-US: Asus RT-N10+ D1 router
CVE-2015-1436 (Cross-site scripting (XSS) vulnerability in the Easing Slider plugin ...)
@@ -84459,8 +84490,8 @@
NOTE: Not a real security feature according the manpage and upstream
CVE-2015-1418
RESERVED
-CVE-2015-1417
- RESERVED
+CVE-2015-1417 (The inet module in FreeBSD 10.2x before 10.2-PRERELEASE, ...)
+ TODO: check
CVE-2015-1416
RESERVED
- patch 2.5-1
@@ -84701,8 +84732,8 @@
[wheezy] - linux <not-affected> (Introduced in 3.13)
- linux-2.6 <not-affected> (Introduced in 3.13)
NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=034faeb9ef390d58239e1dce748143f6b35a0d9b (v3.13-rc1)
-CVE-2015-1332
- RESERVED
+CVE-2015-1332 (The oxide::JavaScriptDialogManager function in oxide-qt before 1.9.1 ...)
+ TODO: check
CVE-2015-1331 (lxclock.c in LXC 1.1.2 and earlier allows local users to create ...)
{DSA-3317-1}
- lxc 1:1.0.7-4 (bug #793298)
@@ -86506,8 +86537,8 @@
NOT-FOR-US: Lhaplus
CVE-2015-0905 (Cross-site request forgery (CSRF) vulnerability in bBlog allows remote ...)
NOT-FOR-US: bBlog
-CVE-2015-0904
- RESERVED
+CVE-2015-0904 (The Restaurant Karaoke SHIDAX app 1.3.3 and earlier on Android does ...)
+ TODO: check
CVE-2015-0903 (Buffer overflow in Saitoh Kikaku Maruo Editor 8.51 and earlier allows ...)
NOT-FOR-US: Saitoh Kikaku Maruo Editor
CVE-2015-0902 (The Semper Fi All in One SEO Pack plugin before 2.2.6 for WordPress ...)
@@ -87161,8 +87192,8 @@
NOT-FOR-US: Cisco ASA
CVE-2015-0675 (The failover ipsec implementation in Cisco Adaptive Security Appliance ...)
NOT-FOR-US: Cisco ASA
-CVE-2015-0674
- RESERVED
+CVE-2015-0674 (Cross-site scripting (XSS) vulnerability in the Alert Service of Cisco ...)
+ TODO: check
CVE-2015-0673 (Cisco Mobility Services Engine (MSE) 8.0(110.0) allows remote ...)
NOT-FOR-US: Cisco
CVE-2015-0672 (The DHCPv4 server in Cisco IOS XR 5.2.2 on ASR 9000 devices allows ...)
More information about the Secure-testing-commits
mailing list