[Secure-testing-commits] r54019 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Fri Jul 28 09:10:13 UTC 2017
Author: sectracker
Date: 2017-07-28 09:10:13 +0000 (Fri, 28 Jul 2017)
New Revision: 54019
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-07-28 09:00:18 UTC (rev 54018)
+++ data/CVE/list 2017-07-28 09:10:13 UTC (rev 54019)
@@ -1,3 +1,55 @@
+CVE-2017-11720
+ RESERVED
+CVE-2017-11719 (The dnxhd_decode_header function in libavcodec/dnxhddec.c in FFmpeg ...)
+ TODO: check
+CVE-2017-11718 (There is URL Redirector Abuse in MetInfo through 5.3.17 via the gourl ...)
+ TODO: check
+CVE-2017-11717 (MetInfo through 5.3.17 accepts the same CAPTCHA response for 120 ...)
+ TODO: check
+CVE-2017-11716 (MetInfo through 5.3.17 allows stored XSS via HTML Edit Mode. ...)
+ TODO: check
+CVE-2017-11715 (job/uploadfile_save.php in MetInfo through 5.3.17 blocks the .php ...)
+ TODO: check
+CVE-2017-11714 (psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the ...)
+ TODO: check
+CVE-2017-11713
+ RESERVED
+CVE-2017-11712
+ RESERVED
+CVE-2017-11711
+ RESERVED
+CVE-2017-11710
+ RESERVED
+CVE-2017-11709
+ RESERVED
+CVE-2017-11708
+ RESERVED
+CVE-2017-11707
+ RESERVED
+CVE-2017-11706 (The Boozt Fashion application before 2.3.4 for Android allows remote ...)
+ TODO: check
+CVE-2017-11705 (A memory leak was found in the function parseSWF_SHAPEWITHSTYLE in ...)
+ TODO: check
+CVE-2017-11704 (A heap-based buffer over-read was found in the function decompileIF in ...)
+ TODO: check
+CVE-2017-11703 (A memory leak vulnerability was found in the function parseSWF_DOACTION ...)
+ TODO: check
+CVE-2017-11702
+ RESERVED
+CVE-2017-11701
+ RESERVED
+CVE-2017-11700
+ RESERVED
+CVE-2017-11699
+ RESERVED
+CVE-2017-11698
+ RESERVED
+CVE-2017-11697
+ RESERVED
+CVE-2017-11696
+ RESERVED
+CVE-2017-11695
+ RESERVED
CVE-2017-11694
RESERVED
CVE-2017-11693
@@ -124,12 +176,12 @@
RESERVED
CVE-2017-11648
RESERVED
-CVE-2017-11647
- RESERVED
-CVE-2017-11646
- RESERVED
-CVE-2017-11645
- RESERVED
+CVE-2017-11647 (NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: ...)
+ TODO: check
+CVE-2017-11646 (NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: ...)
+ TODO: check
+CVE-2017-11645 (NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: ...)
+ TODO: check
CVE-2017-11644 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can ...)
- imagemagick <unfixed>
NOTE: https://github.com/ImageMagick/ImageMagick/issues/587
@@ -1312,10 +1364,10 @@
RESERVED
CVE-2017-11185
RESERVED
-CVE-2017-11184
- RESERVED
-CVE-2017-11183
- RESERVED
+CVE-2017-11184 (SQL injection exists in front/devicesoundcard.php in GLPI before 9.1.5 ...)
+ TODO: check
+CVE-2017-11183 (front/backup.php in GLPI before 9.1.5 allows remote authenticated ...)
+ TODO: check
CVE-2017-11182 (In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found ...)
NOT-FOR-US: Rise Ultimate Project Manager
CVE-2017-11181 (In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found ...)
@@ -34886,8 +34938,7 @@
NOTE: Fixed by: http://svn.apache.org/r1777472 (6.0.x)
CVE-2016-8744
RESERVED
-CVE-2016-8743 [Apache HTTP Request Parsing Whitespace Defects]
- RESERVED
+CVE-2016-8743 (Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was ...)
{DSA-3796-1 DLA-841-1}
- apache2 2.4.25-1
NOTE: https://lists.apache.org/thread.html/139862b41c0dfd5e6e00ad89c00119f9faf0dd41a2f927da9c9a4076@%3Cannounce.httpd.apache.org%3E
@@ -56616,8 +56667,7 @@
CVE-2016-2162 (Apache Struts 2.x before 2.3.25 does not sanitize text in the Locale ...)
- libstruts1.2-java <not-affected> (Only affects 2.0.0 to 2.3.24.1)
NOTE: http://struts.apache.org/docs/s2-030.html
-CVE-2016-2161 [DoS vulnerability in mod_auth_digest]
- RESERVED
+CVE-2016-2161 (In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to ...)
{DSA-3796-1}
- apache2 2.4.25-1
[wheezy] - apache2 <not-affected> (Vulnerable code introduced in 2.4.x)
@@ -56714,8 +56764,7 @@
REJECTED
CVE-2016-2127
REJECTED
-CVE-2016-2126 [Flaws in Kerberos PAC validation can trigger privilege elevation]
- REJECTED
+CVE-2016-2126 (Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation ...)
{DSA-3740-1}
- samba 2:4.5.2+dfsg-2
[wheezy] - samba <not-affected> (Affects only Samba 4.0.0 to 4.5.2)
@@ -61840,8 +61889,7 @@
[jessie] - swift <not-affected> (Vulnerable code not present)
[wheezy] - swift <not-affected> (Vulnerable code not present)
NOTE: Swift: >=2.2.1 <= 2.3.0
-CVE-2016-0736 [Padding Oracle in Apache mod_session_crypto]
- RESERVED
+CVE-2016-0736 (In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was ...)
{DSA-3796-1}
- apache2 2.4.25-1
[wheezy] - apache2 <not-affected> (Vulnerable code not present)
More information about the Secure-testing-commits
mailing list