[Secure-testing-commits] r52456 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Fri Jun 9 21:10:13 UTC 2017
Author: sectracker
Date: 2017-06-09 21:10:12 +0000 (Fri, 09 Jun 2017)
New Revision: 52456
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-06-09 20:10:18 UTC (rev 52455)
+++ data/CVE/list 2017-06-09 21:10:12 UTC (rev 52456)
@@ -1,4 +1,6 @@
-CVE-2017-9525 [group crontab to root escalation via postinst]
+CVE-2017-9524
+ RESERVED
+CVE-2017-9525 (In the cron package through 3.0pl1-128 on Debian, and through ...)
- cron <unfixed> (bug #864466)
[stretch] - cron <no-dsa> (Minor issue)
[jessie] - cron <no-dsa> (Minor issue)
@@ -240,6 +242,7 @@
NOTE: https://github.com/weidai11/cryptopp/issues/414
NOTE: https://github.com/weidai11/cryptopp/commit/07dbcc3d9644b18e05c1776db2a57fe04d780965
CVE-2017-9433 (Document Liberation Project libmwaw before 2017-04-08 has an ...)
+ {DSA-3875-1}
- libmwaw 0.3.9-2 (bug #864366)
NOTE: https://sourceforge.net/p/libmwaw/libmwaw/ci/68b3b74569881248bfb6cbb4266177cc253b292f/
CVE-2017-9432 (Document Liberation Project libstaroffice before 2017-04-07 has an ...)
@@ -554,6 +557,7 @@
NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=26f670a244982335cc08943fb1ec099a2c81e42d
CVE-2017-9324
RESERVED
+ {DSA-3876-1}
- otrs2 5.0.20-1 (bug #864319)
NOTE: https://www.otrs.com/security-advisory-2017-03-security-update-otrs-versions/
NOTE: https://github.com/OTRS/otrs/commit/45e05f854d2dc7c9fa7dd7467ea00cdcde350ac3
@@ -21122,8 +21126,8 @@
RESERVED
CVE-2017-2220
RESERVED
-CVE-2017-2219
- RESERVED
+CVE-2017-2219 (Untrusted search path vulnerability in the [Simeji for Windows] ...)
+ TODO: check
CVE-2017-2218
RESERVED
CVE-2017-2217
@@ -21132,24 +21136,24 @@
RESERVED
CVE-2017-2215
RESERVED
-CVE-2017-2214
- RESERVED
-CVE-2017-2213
- RESERVED
-CVE-2017-2212
- RESERVED
-CVE-2017-2211
- RESERVED
-CVE-2017-2210
- RESERVED
-CVE-2017-2209
- RESERVED
+CVE-2017-2214 (Untrusted search path vulnerability in AppCheck and AppCheck Pro prior ...)
+ TODO: check
+CVE-2017-2213 (Untrusted search path vulnerability in SemiDynaEXE ...)
+ TODO: check
+CVE-2017-2212 (Untrusted search path vulnerability in TKY2JGD (TKY2JGD1379.EXE) ver. ...)
+ TODO: check
+CVE-2017-2211 (Untrusted search path vulnerability in PatchJGD (Hyoko) ...)
+ TODO: check
+CVE-2017-2210 (Untrusted search path vulnerability in PatchJGD (PatchJGD101.EXE) ver. ...)
+ TODO: check
+CVE-2017-2209 (Untrusted search path vulnerability in the installer of Houkokusyo ...)
+ TODO: check
CVE-2017-2208
RESERVED
-CVE-2017-2207
- RESERVED
-CVE-2017-2206
- RESERVED
+CVE-2017-2207 (Untrusted search path vulnerability in the installer of SaAT Personal ...)
+ TODO: check
+CVE-2017-2206 (Untrusted search path vulnerability in the installer of SaAT Netizen ...)
+ TODO: check
CVE-2017-2205
RESERVED
CVE-2017-2204
@@ -21170,24 +21174,24 @@
RESERVED
CVE-2017-2196
RESERVED
-CVE-2017-2195
- RESERVED
+CVE-2017-2195 (SQL injection vulnerability in the Multi Feed Reader prior to version ...)
+ TODO: check
CVE-2017-2194
RESERVED
-CVE-2017-2193
- RESERVED
-CVE-2017-2192
- RESERVED
-CVE-2017-2191
- RESERVED
-CVE-2017-2190
- RESERVED
-CVE-2017-2189
- RESERVED
+CVE-2017-2193 (Untrusted search path vulnerability in the installer of Tera Term 4.94 ...)
+ TODO: check
+CVE-2017-2192 (Untrusted search path vulnerability in RW-5100 tool to verify ...)
+ TODO: check
+CVE-2017-2191 (Untrusted search path vulnerability in RW-5100 driver installer for ...)
+ TODO: check
+CVE-2017-2190 (Untrusted search path vulnerability in RW-4040 tool to verify ...)
+ TODO: check
+CVE-2017-2189 (Untrusted search path vulnerability in RW-4040 driver installer for ...)
+ TODO: check
CVE-2017-2188
RESERVED
-CVE-2017-2187
- RESERVED
+CVE-2017-2187 (Cross-site scripting vulnerability in WP Live Chat Support prior to ...)
+ TODO: check
CVE-2017-2186
RESERVED
CVE-2017-2185
@@ -21196,20 +21200,20 @@
RESERVED
CVE-2017-2183
RESERVED
-CVE-2017-2182
- RESERVED
-CVE-2017-2181
- RESERVED
-CVE-2017-2180
- RESERVED
-CVE-2017-2179
- RESERVED
-CVE-2017-2178
- RESERVED
-CVE-2017-2177
- RESERVED
-CVE-2017-2176
- RESERVED
+CVE-2017-2182 (Hands-on Vulnerability Learning Tool "AppGoat" for Web Application ...)
+ TODO: check
+CVE-2017-2181 (Hands-on Vulnerability Learning Tool "AppGoat" for Web Application ...)
+ TODO: check
+CVE-2017-2180 (Hands-on Vulnerability Learning Tool "AppGoat" for Web Application ...)
+ TODO: check
+CVE-2017-2179 (Hands-on Vulnerability Learning Tool "AppGoat" for Web Application ...)
+ TODO: check
+CVE-2017-2178 (Untrusted search path vulnerability in Installer of electronic ...)
+ TODO: check
+CVE-2017-2177 (Untrusted search path vulnerability in Installer of Shogyo Touki ...)
+ TODO: check
+CVE-2017-2176 (Untrusted search path vulnerability in screensaver installers ...)
+ TODO: check
CVE-2017-2175 (Untrusted search path vulnerability in Empirical Project Monitor - ...)
NOT-FOR-US: Empirical Project Monitor - eXtended
CVE-2017-2174 (Cross-site scripting vulnerability in Empirical Project Monitor - ...)
@@ -21230,8 +21234,8 @@
NOT-FOR-US: PrimeDrive
CVE-2017-2166
RESERVED
-CVE-2017-2165
- RESERVED
+CVE-2017-2165 (GroupSession versions 4.6.4 and earlier allows remote authenticated ...)
+ TODO: check
CVE-2017-2164 (Cross-site scripting vulnerability in SOY CMS with installer 1.8.12 ...)
NOT-FOR-US: SOY CMS
CVE-2017-2163 (Directory traversal vulnerability in SOY CMS Ver.1.8.1 to Ver.1.8.12 ...)
@@ -25159,13 +25163,11 @@
RESERVED
CVE-2017-0377
RESERVED
-CVE-2017-0376 [TROVE-2017-005]
- RESERVED
+CVE-2017-0376 (The hidden-service feature in Tor before 0.3.0.8 allows a denial of ...)
- tor 0.2.9.11-1 (bug #864424)
NOTE: https://trac.torproject.org/22494
NOTE: Introduced in 0.2.2.1-alpha; fixed in 0.2.4.29, 0.2.5.14, 0.2.6.12, 0.2.7.8, 0.2.8.14, 0.2.9.11 0.3.0.8, 0.3.1.3-alpha
-CVE-2017-0375 [TROVE-2017-004]
- RESERVED
+CVE-2017-0375 (The hidden-service feature in Tor before 0.3.0.8 allows a denial of ...)
- tor <not-affected> (Introduced in 0.3.0.1-alpha)
NOTE: https://trac.torproject.org/22493
NOTE: Introduced in 0.3.0.1-alpha; fixed in 0.3.0.8, 0.3.1.3-alpha
@@ -31837,86 +31839,85 @@
NOT-FOR-US: WEB SCHEDULE
CVE-2016-7839 (Cross-site scripting vulnerability in Olive Blog allows remote ...)
NOT-FOR-US: Olive Blog
-CVE-2016-7838
- RESERVED
-CVE-2016-7837 [Buffer overflow in parse_line function]
- RESERVED
+CVE-2016-7838 (Untrusted search path vulnerability in WinSparkle versions prior to ...)
+ TODO: check
+CVE-2016-7837 (Buffer overflow in BlueZ 5.41 and earlier allows an attacker to ...)
- bluez 5.43-1
[jessie] - bluez <no-dsa> (Minor issue)
[wheezy] - bluez <no-dsa> (Minor issue)
NOTE: Fixed by: http://git.kernel.org/cgit/bluetooth/bluez.git/commit/?id=8514068150759c1d6a46d4605d2351babfde1601 (5.42)
-CVE-2016-7836
- RESERVED
-CVE-2016-7835
- RESERVED
+CVE-2016-7836 (SKYSEA Client View Ver.11.221.03 and earlier allows remote code ...)
+ TODO: check
+CVE-2016-7835 (Use-after-free vulnerability in H2O allows remote attackers to cause a ...)
+ TODO: check
CVE-2016-7834 (SONY SNC-CH115, SNC-CH120, SNC-CH160, SNC-CH220, SNC-CH260, SNC-DH120, ...)
NOT-FOR-US: SONY
-CVE-2016-7833
- RESERVED
-CVE-2016-7832
- RESERVED
-CVE-2016-7831
- RESERVED
-CVE-2016-7830
- RESERVED
+CVE-2016-7833 (Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access ...)
+ TODO: check
+CVE-2016-7832 (Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access ...)
+ TODO: check
+CVE-2016-7831 (Sleipnir 4 Black Edition for Mac 4.5.3 and earlier and Sleipnir 4 for ...)
+ TODO: check
+CVE-2016-7830 (Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C ...)
+ TODO: check
CVE-2016-7829
REJECTED
CVE-2016-7828
REJECTED
CVE-2016-7827
REJECTED
-CVE-2016-7826
- RESERVED
-CVE-2016-7825
- RESERVED
-CVE-2016-7824
- RESERVED
-CVE-2016-7823
- RESERVED
-CVE-2016-7822
- RESERVED
-CVE-2016-7821
- RESERVED
-CVE-2016-7820
- RESERVED
-CVE-2016-7819
- RESERVED
-CVE-2016-7818
- RESERVED
-CVE-2016-7817
- RESERVED
-CVE-2016-7816
- RESERVED
+CVE-2016-7826 (Directory traversal vulnerability in Buffalo WNC01WH devices with ...)
+ TODO: check
+CVE-2016-7825 (Directory traversal vulnerability in Buffalo WNC01WH devices with ...)
+ TODO: check
+CVE-2016-7824 (Buffalo NC01WH devices with firmware version 1.0.0.8 and earlier ...)
+ TODO: check
+CVE-2016-7823 (Cross-site scripting vulnerability in Buffalo WNC01WH devices with ...)
+ TODO: check
+CVE-2016-7822 (Cross-site request forgery (CSRF) vulnerability in Buffalo WNC01WH ...)
+ TODO: check
+CVE-2016-7821 (Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier ...)
+ TODO: check
+CVE-2016-7820 (Buffer overflow in I-O DATA DEVICE TS-WRLP firmware version 1.01.02 ...)
+ TODO: check
+CVE-2016-7819 (I-O DATA DEVICE TS-WRLP firmware version 1.01.02 and earlier and ...)
+ TODO: check
+CVE-2016-7818 (Untrusted search path vulnerability in Installers for Specification ...)
+ TODO: check
+CVE-2016-7817 (Cross-site scripting vulnerability in Simple keitai chat 2.0 and ...)
+ TODO: check
+CVE-2016-7816 (The Cybozu kintone mobile for Android 1.0.6 and earlier does not ...)
+ TODO: check
CVE-2016-7815 (Remote Service Manager 3.0.0 to 3.1.4 fails to verify client ...)
NOT-FOR-US: Remote Service Manager provided by Cybozu
-CVE-2016-7814
- RESERVED
-CVE-2016-7813
- RESERVED
+CVE-2016-7814 (I-O DATA DEVICE TS-WRLP firmware version 1.00.01 and earlier and ...)
+ TODO: check
+CVE-2016-7813 (Cross-site scripting vulnerability in DERAEMON-CMS version 0.8.9 and ...)
+ TODO: check
CVE-2016-7812
RESERVED
-CVE-2016-7811
- RESERVED
-CVE-2016-7810
- RESERVED
-CVE-2016-7809
- RESERVED
-CVE-2016-7808
- RESERVED
-CVE-2016-7807
- RESERVED
-CVE-2016-7806
- RESERVED
-CVE-2016-7805
- RESERVED
+CVE-2016-7811 (Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows an attacker ...)
+ TODO: check
+CVE-2016-7810 (Cross-site scripting vulnerability in Corega CG-WLR300NX firmware Ver. ...)
+ TODO: check
+CVE-2016-7809 (Cross-site request forgery (CSRF) vulnerability in Corega CG-WLR300NX ...)
+ TODO: check
+CVE-2016-7808 (Cross-site scripting vulnerability in Corega CG-WLBARGMH and ...)
+ TODO: check
+CVE-2016-7807 (I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow ...)
+ TODO: check
+CVE-2016-7806 (I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow ...)
+ TODO: check
+CVE-2016-7805 (The mobiGate App for Android version 2.2.1.2 and earlier and mobiGate ...)
+ TODO: check
CVE-2016-7804 (Untrusted search path vulnerability in 7 Zip for Windows 16.02 and ...)
NOT-FOR-US: 7 Zip for Windows
-CVE-2016-7803
- RESERVED
-CVE-2016-7802
- RESERVED
-CVE-2016-7801
- RESERVED
+CVE-2016-7803 (SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows ...)
+ TODO: check
+CVE-2016-7802 (Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 ...)
+ TODO: check
+CVE-2016-7801 (Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to bypass access ...)
+ TODO: check
CVE-2016-7800 (Integer underflow in the parse8BIM function in coders/meta.c in ...)
{DSA-3746-1 DLA-651-1}
- graphicsmagick 1.3.25-3
@@ -32651,8 +32652,8 @@
RESERVED
CVE-2016-7470
RESERVED
-CVE-2016-7469
- RESERVED
+CVE-2016-7469 (A stored cross-site scripting (XSS) vulnerability in the Configuration ...)
+ TODO: check
CVE-2016-7468 (An unauthenticated remote attacker may be able to disrupt services on ...)
NOT-FOR-US: F5
CVE-2016-7467 (The TMM SSO plugin in F5 BIG-IP APM 12.0.0 - 12.1.1, 11.6.0 - 11.6.1 ...)
@@ -41915,24 +41916,24 @@
NOT-FOR-US: flask-oidc
CVE-2016-1000000 (Ipswitch WhatsUp Gold 16.4.1 WrFreeFormText.asp sUniqueID Parameter ...)
NOT-FOR-US: Ipswitch
-CVE-2016-4910
- RESERVED
-CVE-2016-4909
- RESERVED
-CVE-2016-4908
- RESERVED
-CVE-2016-4907
- RESERVED
-CVE-2016-4906
- RESERVED
+CVE-2016-4910 (Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to ...)
+ TODO: check
+CVE-2016-4909 (Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 ...)
+ TODO: check
+CVE-2016-4908 (Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to ...)
+ TODO: check
+CVE-2016-4907 (Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF ...)
+ TODO: check
+CVE-2016-4906 (Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 ...)
+ TODO: check
CVE-2016-4905 (SQL injection vulnerability in the WP-OliveCart versions prior to ...)
NOT-FOR-US: WP-OliveCart
CVE-2016-4904 (Cross-site request forgery (CSRF) vulnerability in WP-OliveCart ...)
NOT-FOR-US: WP-OliveCart
CVE-2016-4903 (Cross-site scripting vulnerability in WP-OliveCart versions prior to ...)
NOT-FOR-US: WP-OliveCart
-CVE-2016-4902
- RESERVED
+CVE-2016-4902 (Untrusted search path vulnerability in The Public Certification ...)
+ TODO: check
CVE-2016-4901 (Untrusted search path vulnerability in The installer of e-Tax Software ...)
NOT-FOR-US: e-Tax
CVE-2016-4900 (Untrusted search path vulnerability in Evernote for Windows versions ...)
More information about the Secure-testing-commits
mailing list