[Secure-testing-commits] r53979 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Thu Jul 27 09:10:14 UTC 2017
Author: sectracker
Date: 2017-07-27 09:10:14 +0000 (Thu, 27 Jul 2017)
New Revision: 53979
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-07-27 06:42:22 UTC (rev 53978)
+++ data/CVE/list 2017-07-27 09:10:14 UTC (rev 53979)
@@ -1,3 +1,49 @@
+CVE-2017-11690
+ RESERVED
+CVE-2017-11689
+ RESERVED
+CVE-2017-11688
+ RESERVED
+CVE-2017-11687 (Multiple Persistent cross-site scripting (XSS) vulnerabilities in Event ...)
+ TODO: check
+CVE-2017-11686 (Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allows remote ...)
+ TODO: check
+CVE-2017-11685 (Multiple Reflective cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2017-11684 (There is an illegal address access in the build_table function in ...)
+ TODO: check
+CVE-2017-11683 (There is a reachable assertion in the ...)
+ TODO: check
+CVE-2017-11682 (Stored Cross-site scripting vulnerability in Hashtopussy 0.4.0 allows ...)
+ TODO: check
+CVE-2017-11681 (Incorrect Access Control vulnerability in Hashtopussy 0.4.0 allows ...)
+ TODO: check
+CVE-2017-11680 (Cross-Site Request Forgery (CSRF) exists in Hashtopussy 0.4.0, allowing ...)
+ TODO: check
+CVE-2017-11679 (Cross-Site Request Forgery (CSRF) exists in Hashtopus 1.5g via the ...)
+ TODO: check
+CVE-2017-11678 (SQL injection vulnerability in Hashtopus 1.5g allows remote ...)
+ TODO: check
+CVE-2017-11677 (Cross-site scripting (XSS) vulnerability in Hashtopus 1.5g allows ...)
+ TODO: check
+CVE-2017-11676
+ RESERVED
+CVE-2017-11675 (The traverseStrictSanitize function in ...)
+ TODO: check
+CVE-2017-11674 (Reporter.exe in Acunetix 8 allows remote attackers to cause a denial of ...)
+ TODO: check
+CVE-2017-11673 (Reporter.exe in Acunetix 8 allows remote attackers to execute arbitrary ...)
+ TODO: check
+CVE-2017-11672
+ RESERVED
+CVE-2017-11671 (Under certain circumstances, the ix86_expand_builtin function in i386.c ...)
+ TODO: check
+CVE-2017-11670
+ RESERVED
+CVE-2017-11669
+ RESERVED
+CVE-2017-11668
+ RESERVED
CVE-2017-XXXX [crash in jp2 codec]
- imagemagick 8:6.9.7.4+dfsg-13 (bug #869830)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/501
@@ -4,7 +50,7 @@
NOTE: https://github.com/ImageMagick/ImageMagick/commit/acee073df34aa4d491bf5cb74d3a15fc80f0a3aa
NOTE: https://github.com/ImageMagick/ImageMagick/commit/ac23b02ecb741e5de60f5235ea443790c88a0b80
NOTE: https://github.com/ImageMagick/ImageMagick/commit/b0c5222ce31e8f941fa02ff9c7a040fb2db30dbc
-CVE-2017-11691 [Cross-site scripting (XSS) vulnerability in auth_profile.php]
+CVE-2017-11691 (Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti ...)
- cacti <unfixed> (bug #869848)
[stretch] - cacti <not-affected> (Vulnerable code introduced later with addition of user profile management page for users)
[jessie] - cacti <not-affected> (Vulnerable code introduced later with addition of user profile management page for users)
@@ -5450,8 +5496,8 @@
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13777
CVE-2017-9615 (Password exposure in Cognito Software Moneyworks 8.0.3 and earlier ...)
NOT-FOR-US: Cognito Software Moneyworks
-CVE-2017-9614
- RESERVED
+CVE-2017-9614 (The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 ...)
+ TODO: check
CVE-2017-9613 (Stored Cross-site scripting (XSS) vulnerability in SAP SuccessFactors ...)
NOT-FOR-US: SAP SuccessFactors
CVE-2017-9612 (The Ins_IP function in base/ttinterp.c in Artifex Ghostscript GhostXPS ...)
@@ -5623,8 +5669,8 @@
NOT-FOR-US: BigTree CMS
CVE-2017-9546 (admin.php in BigTree through 4.2.18 allows remote authenticated users ...)
NOT-FOR-US: BigTree CMS
-CVE-2017-9545
- RESERVED
+CVE-2017-9545 (The next_text function in src/libmpg123/id3.c in mpg123 1.24.0 allows ...)
+ TODO: check
CVE-2017-9544 (There is a remote stack-based buffer overflow (SEH) in register.ghp in ...)
NOT-FOR-US: EFS Software Easy Chat Server
CVE-2017-9543 (register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 ...)
@@ -5994,12 +6040,12 @@
NOT-FOR-US: Subsonic
CVE-2012-6705 (Cross Site Scripting (XSS) exists in Jamroom before 4.2.7 via the ...)
NOT-FOR-US: Jamroom
-CVE-2017-9412
- RESERVED
-CVE-2017-9411
- RESERVED
-CVE-2017-9410
- RESERVED
+CVE-2017-9412 (The unpack_read_samples function in frontend/get_audio.c in LAME 3.99.5 ...)
+ TODO: check
+CVE-2017-9411 (The fill_buffer_resample function in libmp3lame/util.c in LAME 3.99.5 ...)
+ TODO: check
+CVE-2017-9410 (The fill_buffer_resample function in libmp3lame/util.c in LAME 3.99.5 ...)
+ TODO: check
CVE-2017-9409 (In ImageMagick 7.0.5-5, the ReadMPCImage function in mpc.c allows ...)
{DLA-1000-1}
- imagemagick 8:6.9.7.4+dfsg-11 (low; bug #864090)
@@ -6593,12 +6639,12 @@
[jessie] - imagemagick 8:6.8.9.9-5+deb8u10
NOTE: https://github.com/ImageMagick/ImageMagick/issues/476
NOTE: https://github.com/ImageMagick/ImageMagick/commit/01d522e990aa57cbe67d222dd5e8f7196cc6d199
-CVE-2017-9260
- RESERVED
-CVE-2017-9259
- RESERVED
-CVE-2017-9258
- RESERVED
+CVE-2017-9260 (The TDStretchSSE::calcCrossCorr function in ...)
+ TODO: check
+CVE-2017-9259 (The TDStretch::acceptNewOverlapLength function in ...)
+ TODO: check
+CVE-2017-9258 (The TDStretch::processSamples function in ...)
+ TODO: check
CVE-2017-9257 (The mp4ff_read_ctts function in common/mp4ff/mp4atom.c in Freeware ...)
- faad2 2.8.1-1 (low; bug #867724)
[stretch] - faad2 <no-dsa> (Minor issue)
@@ -11226,8 +11272,7 @@
- lucene-solr <not-affected> (Vulnerable code introduced later)
NOTE: https://issues.apache.org/jira/browse/SOLR-10624
NOTE: http://git-wip-us.apache.org/repos/asf/lucene-solr/commit/2f5ecbcf
-CVE-2017-7659 [mod_http2 null pointer dereference]
- RESERVED
+CVE-2017-7659 (A maliciously constructed HTTP/2 request could cause mod_http2 2.4.24, ...)
- apache2 2.4.25-4
[stretch] - apache2 2.4.25-3+deb9u1
[jessie] - apache2 <not-affected> (Vulnerable code not present)
More information about the Secure-testing-commits
mailing list