[Secure-testing-commits] r52238 - data/CVE

Fri Jun 2 21:10:15 UTC 2017

Author: sectracker
Date: 2017-06-02 21:10:14 +0000 (Fri, 02 Jun 2017)
New Revision: 52238

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-06-02 18:58:06 UTC (rev 52237)
+++ data/CVE/list	2017-06-02 21:10:14 UTC (rev 52238)
@@ -1,3 +1,93 @@
+CVE-2017-9412
+	RESERVED
+CVE-2017-9411
+	RESERVED
+CVE-2017-9410
+	RESERVED
+CVE-2017-9409 (In ImageMagick 7.0.5-5, the ReadMPCImage function in mpc.c allows ...)
+	TODO: check
+CVE-2017-9408 (In Poppler 0.54.0, a memory leak vulnerability was found in the ...)
+	TODO: check
+CVE-2017-9407 (In ImageMagick 7.0.5-5, the ReadPALMImage function in palm.c allows ...)
+	TODO: check
+CVE-2017-9406 (In Poppler 0.54.0, a memory leak vulnerability was found in the ...)
+	TODO: check
+CVE-2017-9405 (In ImageMagick 7.0.5-5, the ReadICONImage function in icon.c:452 allows ...)
+	TODO: check
+CVE-2017-9404 (In LibTIFF 4.0.7, a memory leak vulnerability was found in the function ...)
+	TODO: check
+CVE-2017-9403 (In LibTIFF 4.0.7, a memory leak vulnerability was found in the function ...)
+	TODO: check
+CVE-2017-9402
+	RESERVED
+CVE-2017-9401
+	RESERVED
+CVE-2017-9400
+	RESERVED
+CVE-2017-9399
+	RESERVED
+CVE-2017-9398
+	RESERVED
+CVE-2017-9397
+	RESERVED
+CVE-2017-9396
+	RESERVED
+CVE-2017-9395
+	RESERVED
+CVE-2017-9394
+	RESERVED
+CVE-2017-9393
+	RESERVED
+CVE-2017-9392
+	RESERVED
+CVE-2017-9391
+	RESERVED
+CVE-2017-9390
+	RESERVED
+CVE-2017-9389
+	RESERVED
+CVE-2017-9388
+	RESERVED
+CVE-2017-9387
+	RESERVED
+CVE-2017-9386
+	RESERVED
+CVE-2017-9385
+	RESERVED
+CVE-2017-9384
+	RESERVED
+CVE-2017-9383
+	RESERVED
+CVE-2017-9382
+	RESERVED
+CVE-2017-9381
+	RESERVED
+CVE-2017-9380 (OpenEMR 5.0.0 and prior allows low-privilege users to upload files of ...)
+	TODO: check
+CVE-2017-9379 (Multiple CSRF issues exist in BigTree CMS through 4.2.18 - the clear ...)
+	TODO: check
+CVE-2017-9378 (BigTree CMS through 4.2.18 does not prevent a user from deleting their ...)
+	TODO: check
+CVE-2017-9377
+	RESERVED
+CVE-2017-9376
+	RESERVED
+CVE-2017-9375
+	RESERVED
+CVE-2017-9374
+	RESERVED
+CVE-2017-9373
+	RESERVED
+CVE-2017-9371
+	RESERVED
+CVE-2017-9370
+	RESERVED
+CVE-2017-9369
+	RESERVED
+CVE-2017-9368
+	RESERVED
+CVE-2017-9367
+	RESERVED
 CVE-2017-9366 (Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS) ...)
 	NOT-FOR-US: Telaxus EPESI
 CVE-2017-9365 (CSRF exists in BigTree CMS through 4.2.18 with the force parameter to ...)
@@ -24,7 +114,7 @@
 	- pjproject 2.5.5~dfsg-6 (bug #863902)
 	NOTE: http://downloads.asterisk.org/pub/security/AST-2017-003.txt
 	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-26939
-CVE-2017-9372 [AST-2017-002: Buffer Overrun in PJSIP transaction layer]
+CVE-2017-9372 (PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x ...)
 	- pjproject 2.5.5~dfsg-6 (bug #863901)
 	NOTE: http://downloads.asterisk.org/pub/security/AST-2017-002.txt
 CVE-2017-9355
@@ -1139,27 +1229,27 @@
 	NOTE: https://wordpress.org/news/2017/05/wordpress-4-7-5/
 	NOTE: https://github.com/WordPress/WordPress/commit/76d77e927bb4d0f87c7262a50e28d84e01fd2b11
 CVE-2017-9065 (In WordPress before 4.7.5, there is a lack of capability checks for ...)
-	{DSA-3870-1}
+	{DSA-3870-1 DLA-975-1}
 	- wordpress 4.7.5+dfsg-1 (bug #862816)
 	NOTE: https://wordpress.org/news/2017/05/wordpress-4-7-5/
 	NOTE: https://github.com/WordPress/WordPress/commit/e88a48a066ab2200ce3091b131d43e2fab2460a4
 CVE-2017-9064 (In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) ...)
-	{DSA-3870-1}
+	{DSA-3870-1 DLA-975-1}
 	- wordpress 4.7.5+dfsg-1 (bug #862816)
 	NOTE: https://wordpress.org/news/2017/05/wordpress-4-7-5/
 	NOTE: https://github.com/WordPress/WordPress/commit/38347d7c580be4cdd8476e4bbc653d5c79ed9b67
 CVE-2017-9063 (In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability ...)
-	{DSA-3870-1}
+	{DSA-3870-1 DLA-975-1}
 	- wordpress 4.7.5+dfsg-1 (bug #862816)
 	NOTE: https://wordpress.org/news/2017/05/wordpress-4-7-5/
 	NOTE: https://github.com/WordPress/WordPress/commit/3d10fef22d788f29aed745b0f5ff6f6baea69af3
 CVE-2017-9062 (In WordPress before 4.7.5, there is improper handling of post meta data ...)
-	{DSA-3870-1}
+	{DSA-3870-1 DLA-975-1}
 	- wordpress 4.7.5+dfsg-1 (bug #862816)
 	NOTE: https://wordpress.org/news/2017/05/wordpress-4-7-5/
 	NOTE: https://github.com/WordPress/WordPress/commit/3d95e3ae816f4d7c638f40d3e936a4be19724381
 CVE-2017-9061 (In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability ...)
-	{DSA-3870-1}
+	{DSA-3870-1 DLA-975-1}
 	- wordpress 4.7.5+dfsg-1 (bug #862816)
 	NOTE: https://wordpress.org/news/2017/05/wordpress-4-7-5/
 	NOTE: https://github.com/WordPress/WordPress/commit/8c7ea71edbbffca5d9766b7bea7c7f3722ffafa6
@@ -2995,7 +3085,7 @@
 	NOTE: patch in BTS gives workaround to always prompt for password and do not save to database
 	NOTE: http://www.openwall.com/lists/oss-security/2017/04/25/9
 CVE-2017-8295 (WordPress through 4.7.4 relies on the Host HTTP header for a ...)
-	{DSA-3870-1}
+	{DSA-3870-1 DLA-975-1}
 	- wordpress <unfixed> (bug #862053)
 	NOTE: https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html
 	NOTE: http://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html
@@ -4714,8 +4804,7 @@
 	RESERVED
 CVE-2017-7670
 	RESERVED
-CVE-2017-7669
-	RESERVED
+CVE-2017-7669 (In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the ...)
 	- hadoop <itp> (bug #793644)
 CVE-2017-7668
 	RESERVED
@@ -9507,8 +9596,8 @@
 	RESERVED
 CVE-2017-6040
 	RESERVED
-CVE-2017-6039
-	RESERVED
+CVE-2017-6039 (A Use of Hard-Coded Password issue was discovered in Phoenix Broadband ...)
+	TODO: check
 CVE-2017-6038
 	RESERVED
 CVE-2017-6037 (A Heap-Based Buffer Overflow issue was discovered in Wecon Technologies ...)
@@ -23230,8 +23319,8 @@
 	RESERVED
 CVE-2017-0897
 	RESERVED
-CVE-2017-0896
-	RESERVED
+CVE-2017-0896 (Zulip Server 1.5.1 and below suffer from an error in the ...)
+	TODO: check
 CVE-2017-0895 (Nextcloud Server before 10.0.4 and 11.0.2 are vulnerable to disclosure ...)
 	- nextcloud <itp> (bug #835086)
 CVE-2017-0894 (Nextcloud Server before 11.0.3 is vulnerable to disclosure of valid ...)


