[Secure-testing-commits] r54019 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Fri Jul 28 09:10:13 UTC 2017 

Author: sectracker
Date: 2017-07-28 09:10:13 +0000 (Fri, 28 Jul 2017)
New Revision: 54019

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-07-28 09:00:18 UTC (rev 54018)
+++ data/CVE/list	2017-07-28 09:10:13 UTC (rev 54019)
@@ -1,3 +1,55 @@
+CVE-2017-11720
+	RESERVED
+CVE-2017-11719 (The dnxhd_decode_header function in libavcodec/dnxhddec.c in FFmpeg ...)
+	TODO: check
+CVE-2017-11718 (There is URL Redirector Abuse in MetInfo through 5.3.17 via the gourl ...)
+	TODO: check
+CVE-2017-11717 (MetInfo through 5.3.17 accepts the same CAPTCHA response for 120 ...)
+	TODO: check
+CVE-2017-11716 (MetInfo through 5.3.17 allows stored XSS via HTML Edit Mode. ...)
+	TODO: check
+CVE-2017-11715 (job/uploadfile_save.php in MetInfo through 5.3.17 blocks the .php ...)
+	TODO: check
+CVE-2017-11714 (psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the ...)
+	TODO: check
+CVE-2017-11713
+	RESERVED
+CVE-2017-11712
+	RESERVED
+CVE-2017-11711
+	RESERVED
+CVE-2017-11710
+	RESERVED
+CVE-2017-11709
+	RESERVED
+CVE-2017-11708
+	RESERVED
+CVE-2017-11707
+	RESERVED
+CVE-2017-11706 (The Boozt Fashion application before 2.3.4 for Android allows remote ...)
+	TODO: check
+CVE-2017-11705 (A memory leak was found in the function parseSWF_SHAPEWITHSTYLE in ...)
+	TODO: check
+CVE-2017-11704 (A heap-based buffer over-read was found in the function decompileIF in ...)
+	TODO: check
+CVE-2017-11703 (A memory leak vulnerability was found in the function parseSWF_DOACTION ...)
+	TODO: check
+CVE-2017-11702
+	RESERVED
+CVE-2017-11701
+	RESERVED
+CVE-2017-11700
+	RESERVED
+CVE-2017-11699
+	RESERVED
+CVE-2017-11698
+	RESERVED
+CVE-2017-11697
+	RESERVED
+CVE-2017-11696
+	RESERVED
+CVE-2017-11695
+	RESERVED
 CVE-2017-11694
 	RESERVED
 CVE-2017-11693
@@ -124,12 +176,12 @@
 	RESERVED
 CVE-2017-11648
 	RESERVED
-CVE-2017-11647
-	RESERVED
-CVE-2017-11646
-	RESERVED
-CVE-2017-11645
-	RESERVED
+CVE-2017-11647 (NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: ...)
+	TODO: check
+CVE-2017-11646 (NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: ...)
+	TODO: check
+CVE-2017-11645 (NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: ...)
+	TODO: check
 CVE-2017-11644 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can ...)
 	- imagemagick <unfixed>
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/587
@@ -1312,10 +1364,10 @@
 	RESERVED
 CVE-2017-11185
 	RESERVED
-CVE-2017-11184
-	RESERVED
-CVE-2017-11183
-	RESERVED
+CVE-2017-11184 (SQL injection exists in front/devicesoundcard.php in GLPI before 9.1.5 ...)
+	TODO: check
+CVE-2017-11183 (front/backup.php in GLPI before 9.1.5 allows remote authenticated ...)
+	TODO: check
 CVE-2017-11182 (In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found ...)
 	NOT-FOR-US: Rise Ultimate Project Manager
 CVE-2017-11181 (In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found ...)
@@ -34886,8 +34938,7 @@
 	NOTE: Fixed by: http://svn.apache.org/r1777472 (6.0.x)
 CVE-2016-8744
 	RESERVED
-CVE-2016-8743 [Apache HTTP Request Parsing Whitespace Defects]
-	RESERVED
+CVE-2016-8743 (Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was ...)
 	{DSA-3796-1 DLA-841-1}
 	- apache2 2.4.25-1
 	NOTE: https://lists.apache.org/thread.html/139862b41c0dfd5e6e00ad89c00119f9faf0dd41a2f927da9c9a4076@%3Cannounce.httpd.apache.org%3E
@@ -56616,8 +56667,7 @@
 CVE-2016-2162 (Apache Struts 2.x before 2.3.25 does not sanitize text in the Locale ...)
 	- libstruts1.2-java <not-affected> (Only affects 2.0.0 to 2.3.24.1)
 	NOTE: http://struts.apache.org/docs/s2-030.html
-CVE-2016-2161 [DoS vulnerability in mod_auth_digest]
-	RESERVED
+CVE-2016-2161 (In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to ...)
 	{DSA-3796-1}
 	- apache2 2.4.25-1
 	[wheezy] - apache2 <not-affected> (Vulnerable code introduced in 2.4.x)
@@ -56714,8 +56764,7 @@
 	REJECTED
 CVE-2016-2127
 	REJECTED
-CVE-2016-2126 [Flaws in Kerberos PAC validation can trigger privilege elevation]
-	REJECTED
+CVE-2016-2126 (Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation ...)
 	{DSA-3740-1}
 	- samba 2:4.5.2+dfsg-2
 	[wheezy] - samba <not-affected> (Affects only Samba 4.0.0 to 4.5.2)
@@ -61840,8 +61889,7 @@
 	[jessie] - swift <not-affected> (Vulnerable code not present)
 	[wheezy] - swift <not-affected> (Vulnerable code not present)
 	NOTE: Swift: >=2.2.1 <= 2.3.0
-CVE-2016-0736 [Padding Oracle in Apache mod_session_crypto]
-	RESERVED
+CVE-2016-0736 (In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was ...)
 	{DSA-3796-1}
 	- apache2 2.4.25-1
 	[wheezy] - apache2 <not-affected> (Vulnerable code not present)

More information about the Secure-testing-commits mailing list