[Secure-testing-commits] r52443 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Fri Jun 9 09:10:13 UTC 2017
Author: sectracker
Date: 2017-06-09 09:10:12 +0000 (Fri, 09 Jun 2017)
New Revision: 52443
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-06-09 07:00:06 UTC (rev 52442)
+++ data/CVE/list 2017-06-09 09:10:12 UTC (rev 52443)
@@ -1,3 +1,9 @@
+CVE-2017-9523 (The Sophos Web Appliance before 4.3.2 has XSS in the FTP redirect page, ...)
+ TODO: check
+CVE-2017-9522
+ RESERVED
+CVE-2017-9521
+ RESERVED
CVE-2017-9520 (The r_config_set function in libr/config/config.c in radare2 1.5.0 ...)
- radare2 <undetermined>
NOTE: https://github.com/radare/radare2/commit/f85bc674b2a2256a364fe796351bc1971e106005
@@ -3214,6 +3220,7 @@
CVE-2017-8367 (Buffer overflow in Ether Software Easy MOV Converter 1.4.24, Easy DVD ...)
NOT-FOR-US: Ether Software
CVE-2017-8366 (The strescape function in ec_strings.c in Ettercap 0.8.2 allows remote ...)
+ {DSA-3874-1}
- ettercap 1:0.8.2-5 (bug #861604)
NOTE: https://github.com/Ettercap/ettercap/issues/792
NOTE: Fixed by: https://github.com/Ettercap/ettercap/commit/1083d604930ebb9f350126b83802ecd2cbc17f90
@@ -8781,6 +8788,7 @@
CVE-2017-6431
RESERVED
CVE-2017-6430 (The compile_tree function in ef_compiler.c in the Etterfilter utility ...)
+ {DSA-3874-1}
- ettercap 1:0.8.2-4 (bug #857035)
NOTE: https://github.com/Ettercap/ettercap/issues/782
NOTE: Patch: https://github.com/LocutusOfBorg/ettercap/commit/626dc56686f15f2dda13c48f78c2a666cb6d8506
@@ -16641,8 +16649,8 @@
NOT-FOR-US: IBM
CVE-2016-9992 (IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL ...)
NOT-FOR-US: IBM
-CVE-2016-9991
- RESERVED
+CVE-2016-9991 (IBM Sterling Order Management 9.2 through 9.5 is vulnerable to ...)
+ TODO: check
CVE-2016-9990 (IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This ...)
NOT-FOR-US: IBM
CVE-2016-9989
@@ -22897,8 +22905,8 @@
RESERVED
CVE-2017-1320 (IBM Tivoli Federated Identity Manager 6.2 is vulnerable to cross-site ...)
NOT-FOR-US: IBM
-CVE-2017-1319
- RESERVED
+CVE-2017-1319 (IBM Tivoli Federated Identity Manager 6.2 is affected by a ...)
+ TODO: check
CVE-2017-1318
RESERVED
CVE-2017-1317
@@ -23178,8 +23186,8 @@
RESERVED
CVE-2017-1180 (The IBM TRIRIGA Document Manager contains a vulnerability that could ...)
NOT-FOR-US: IBM TRIRIGA Document Manager
-CVE-2017-1179
- RESERVED
+CVE-2017-1179 (IBM BigFix Compliance Analytics 1.9.79 uses weaker than expected ...)
+ TODO: check
CVE-2017-1178 (IBM Endpoint Manager for Security and Compliance 1.9.70 is vulnerable ...)
NOT-FOR-US: IBM
CVE-2017-1177
@@ -23256,8 +23264,8 @@
NOT-FOR-US: IBM
CVE-2017-1141 (IBM Insights Foundation for Energy 1.0, 1.5, and 1.6 could allow an ...)
NOT-FOR-US: IBM
-CVE-2017-1140
- RESERVED
+CVE-2017-1140 (IBM Business Process Manager 8.0 and 8.5 are vulnerable to cross-site ...)
+ TODO: check
CVE-2017-1139
RESERVED
CVE-2017-1138
@@ -23817,8 +23825,8 @@
RESERVED
CVE-2016-9737 (IBM TRIRIGA 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. ...)
NOT-FOR-US: IBM
-CVE-2016-9736
- RESERVED
+CVE-2016-9736 (IBM WebSphere Application Server using malformed SOAP requests could ...)
+ TODO: check
CVE-2016-9735 (IBM Jazz Foundation could allow an authenticated user to obtain ...)
NOT-FOR-US: IBM
CVE-2016-9734
@@ -23893,8 +23901,8 @@
RESERVED
CVE-2016-9699
RESERVED
-CVE-2016-9698
- RESERVED
+CVE-2016-9698 (IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to a denial of ...)
+ TODO: check
CVE-2016-9697 (An unspecified vulnerability in IBM Rhapsody DM 4.0, 5.0, and 6.0 ...)
NOT-FOR-US: IBM
CVE-2016-9696 (IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to HTML injection. A ...)
@@ -27850,8 +27858,8 @@
RESERVED
CVE-2016-8988
RESERVED
-CVE-2016-8987
- RESERVED
+CVE-2016-8987 (IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow an ...)
+ TODO: check
CVE-2016-8986 (IBM WebSphere MQ 8.0 could allow an authenticated user with access to ...)
NOT-FOR-US: IBM
CVE-2016-8985
@@ -37434,8 +37442,8 @@
NOT-FOR-US: IBM
CVE-2016-6099 (IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 discloses sensitive ...)
NOT-FOR-US: IBM
-CVE-2016-6098
- RESERVED
+CVE-2016-6098 (IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 specifies ...)
+ TODO: check
CVE-2016-6097 (IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 allows web pages ...)
NOT-FOR-US: IBM
CVE-2016-6096 (IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 is vulnerable to ...)
@@ -37444,8 +37452,8 @@
NOT-FOR-US: IBM
CVE-2016-6094 (IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 generates an ...)
NOT-FOR-US: IBM
-CVE-2016-6093
- RESERVED
+CVE-2016-6093 (IBM Tivoli Key Lifecycle Manager does not require that users should ...)
+ TODO: check
CVE-2016-6092 (IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 stores user ...)
NOT-FOR-US: IBM
CVE-2016-6091
@@ -70500,8 +70508,8 @@
RESERVED
CVE-2015-3914
RESERVED
-CVE-2015-3913
- RESERVED
+CVE-2015-3913 (The IP stack in multiple Huawei Campus series switch models allows ...)
+ TODO: check
CVE-2015-3912 (Huawei E355s Mobile WiFi with firmware before 22.158.45.02.625 and ...)
NOT-FOR-US: Huawei
CVE-2015-3911 (Huawei E587 Mobile WiFi with firmware before 11.203.30.00.00 allows ...)
@@ -71307,8 +71315,8 @@
RESERVED
CVE-2015-3635
RESERVED
-CVE-2015-3634
- RESERVED
+CVE-2015-3634 (The SlideshowPluginSlideshowStylesheet::loadStylesheetByAJAX function ...)
+ TODO: check
CVE-2015-3633 (Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow ...)
NOT-FOR-US: Foxit Reader, Enterprise Reader, PhantomPDF
CVE-2015-3632 (Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow ...)
@@ -74320,8 +74328,8 @@
NOTE: has. Thus basicaly only krb5/1.12 is affected.
CVE-2015-2693
RESERVED
-CVE-2015-2692
- RESERVED
+CVE-2015-2692 (AdBlock before 2.21 allows remote attackers to block arbitrary ...)
+ TODO: check
CVE-2015-2691
RESERVED
CVE-2015-2690
@@ -75674,11 +75682,11 @@
RESERVED
CVE-2015-2256
RESERVED
-CVE-2015-2255 (Huawei AR1220 routers with software before V200R005SPH006 allows ...)
+CVE-2015-2255 (Huawei AR1220 routers with software before V200R005SPH006 allow remote ...)
NOT-FOR-US: Huawei
CVE-2015-2254
RESERVED
-CVE-2015-2253 (The XML interface in Huawei OceanStor UDS devices with software before ...)
+CVE-2015-2253 (The XML interface in Huawei OceanStor UDS devices with software ...)
NOT-FOR-US: Huawei
CVE-2015-2252 (Huawei OceanStor UDS devices with software before V100R002C01SPC102 ...)
NOT-FOR-US: Huawei
@@ -77033,8 +77041,7 @@
CVE-2015-1787 (The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL ...)
- openssl <not-affected> (Vulnerable version never in unstable)
NOTE: did affect 1.0.2 (only in experimental) and 1.0.2a was uploaded to unstable
-CVE-2015-1786 [Invalid CSRF validation of null or incorrectly formatted token identifiers]
- RESERVED
+CVE-2015-1786 (Cross-site request forgery (CSRF) vulnerability in Zend/Validator/Csrf ...)
- zendframework <not-affected> (the vulnerability was introduced specifically in the 2.3 series)
NOTE: http://framework.zend.com/security/advisory/ZF2015-03
CVE-2015-1785
@@ -77547,8 +77554,8 @@
CVE-2015-1600
RESERVED
NOT-FOR-US: Netatmo Weather Station
-CVE-2015-1588
- RESERVED
+CVE-2015-1588 (Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange ...)
+ TODO: check
CVE-2015-1587 (Unrestricted file upload vulnerability in file_to_index.php in Maarch ...)
NOT-FOR-US: Maarch LetterBox
CVE-2015-1586
@@ -78662,8 +78669,7 @@
[wheezy] - privoxy <not-affected> (Vulnerable code introduced in 3.0.20)
[squeeze] - privoxy <not-affected> (Vulnerable code introduced in 3.0.20)
NOTE: http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/jcc.c?r1=1.433&r2=1.434
-CVE-2015-1379 [DoS with fork]
- RESERVED
+CVE-2015-1379 (The signal handler implementations in socat before 1.7.3.0 and ...)
- socat 1.7.2.4-2 (bug #776234)
[wheezy] - socat <no-dsa> (Minor issue)
[squeeze] - socat <no-dsa> (Minor issue)
More information about the Secure-testing-commits
mailing list