[Secure-testing-commits] r52595 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Thu Jun 15 21:10:13 UTC 2017 

Author: sectracker
Date: 2017-06-15 21:10:13 +0000 (Thu, 15 Jun 2017)
New Revision: 52595

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-06-15 20:24:55 UTC (rev 52594)
+++ data/CVE/list	2017-06-15 21:10:13 UTC (rev 52595)
@@ -1,3 +1,125 @@
+CVE-2017-9725
+	RESERVED
+CVE-2017-9724
+	RESERVED
+CVE-2017-9723
+	RESERVED
+CVE-2017-9722
+	RESERVED
+CVE-2017-9721
+	RESERVED
+CVE-2017-9720
+	RESERVED
+CVE-2017-9719
+	RESERVED
+CVE-2017-9718
+	RESERVED
+CVE-2017-9717
+	RESERVED
+CVE-2017-9716
+	RESERVED
+CVE-2017-9715
+	RESERVED
+CVE-2017-9714
+	RESERVED
+CVE-2017-9713
+	RESERVED
+CVE-2017-9712
+	RESERVED
+CVE-2017-9711
+	RESERVED
+CVE-2017-9710
+	RESERVED
+CVE-2017-9709
+	RESERVED
+CVE-2017-9708
+	RESERVED
+CVE-2017-9707
+	RESERVED
+CVE-2017-9706
+	RESERVED
+CVE-2017-9705
+	RESERVED
+CVE-2017-9704
+	RESERVED
+CVE-2017-9703
+	RESERVED
+CVE-2017-9702
+	RESERVED
+CVE-2017-9701
+	RESERVED
+CVE-2017-9700
+	RESERVED
+CVE-2017-9699
+	RESERVED
+CVE-2017-9698
+	RESERVED
+CVE-2017-9697
+	RESERVED
+CVE-2017-9696
+	RESERVED
+CVE-2017-9695
+	RESERVED
+CVE-2017-9694
+	RESERVED
+CVE-2017-9693
+	RESERVED
+CVE-2017-9692
+	RESERVED
+CVE-2017-9691
+	RESERVED
+CVE-2017-9690
+	RESERVED
+CVE-2017-9689
+	RESERVED
+CVE-2017-9688
+	RESERVED
+CVE-2017-9687
+	RESERVED
+CVE-2017-9686
+	RESERVED
+CVE-2017-9685
+	RESERVED
+CVE-2017-9684
+	RESERVED
+CVE-2017-9683
+	RESERVED
+CVE-2017-9682
+	RESERVED
+CVE-2017-9681
+	RESERVED
+CVE-2017-9680
+	RESERVED
+CVE-2017-9679
+	RESERVED
+CVE-2017-9678
+	RESERVED
+CVE-2017-9677
+	RESERVED
+CVE-2017-9676
+	RESERVED
+CVE-2017-9675 (On D-Link DIR-605L devices, firmware before 2.08UIBetaB01.bin allows an ...)
+	TODO: check
+CVE-2017-9674 (In SimpleCE 2.3.0, an authenticated XSS vulnerability was found on ...)
+	TODO: check
+CVE-2017-9673 (In SimpleCE 2.3.0, a CSRF vulnerability can be exploited to add an ...)
+	TODO: check
+CVE-2017-9672
+	RESERVED
+CVE-2017-9671
+	RESERVED
+CVE-2017-9670 (An uninitialized stack variable vulnerability in load_tic_series() in ...)
+	TODO: check
+CVE-2017-9669
+	RESERVED
+CVE-2017-9668
+	RESERVED
+CVE-2017-9667
+	RESERVED
+CVE-2017-9666
+	RESERVED
+CVE-2017-9665
+	RESERVED
 CVE-2017-9664
 	RESERVED
 CVE-2017-9663
@@ -104,8 +226,8 @@
 	RESERVED
 CVE-2017-9614
 	RESERVED
-CVE-2017-9613
-	RESERVED
+CVE-2017-9613 (Stored Cross-site scripting (XSS) vulnerability in SAP SuccessFactors ...)
+	TODO: check
 CVE-2017-9612
 	RESERVED
 CVE-2017-9611
@@ -353,8 +475,8 @@
 	RESERVED
 CVE-2017-9506
 	RESERVED
-CVE-2017-9505
-	RESERVED
+CVE-2017-9505 (Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if ...)
+	TODO: check
 CVE-2017-9504
 	RESERVED
 CVE-2017-9503 [scsi: null pointer dereference while processing megasas command]
@@ -594,8 +716,8 @@
 	RESERVED
 CVE-2017-9420 (Cross site scripting (XSS) vulnerability in the Spiffy Calendar plugin ...)
 	NOT-FOR-US: Spiffy Calendar plugin for WordPress
-CVE-2017-9419
-	RESERVED
+CVE-2017-9419 (Cross-site scripting (XSS) vulnerability in the Webhammer WP Custom ...)
+	TODO: check
 CVE-2017-9418 (SQL injection vulnerability in the WP-Testimonials plugin 3.4.1 for ...)
 	NOT-FOR-US: WP-Testimonials plugin for WordPress
 CVE-2017-9417 (Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute ...)
@@ -926,8 +1048,8 @@
 	[jessie] - yara <no-dsa> (Minor issue)
 	NOTE: https://github.com/VirusTotal/yara/issues/674
 	NOTE: https://github.com/VirusTotal/yara/commit/925bcf3c3b0a28b5b78e25d9efda5c0bf27ae699
-CVE-2016-10395
-	RESERVED
+CVE-2016-10395 (In FlexNet Publisher versions before Luton SP1 (11.14.1.1) running ...)
+	TODO: check
 CVE-2016-10394
 	RESERVED
 CVE-2016-10393
@@ -3084,7 +3206,7 @@
 	RESERVED
 CVE-2017-8553 (An information disclosure vulnerability exists in Microsoft Windows ...)
 	NOT-FOR-US: Microsoft
-CVE-2017-8552 (A kernel-mode driver in Windows Server 2008 SP2 and R2 SP1, and ...)
+CVE-2017-8552 (A kernel-mode driver in Microsoft Windows XP SP3, Windows XP x64 XP2, ...)
 	NOT-FOR-US: Microsoft
 CVE-2017-8551 (An elevation of privilege vulnerability exists when Microsoft ...)
 	NOT-FOR-US: Microsoft
@@ -3102,7 +3224,7 @@
 	NOT-FOR-US: Microsoft
 CVE-2017-8544 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows ...)
 	NOT-FOR-US: Microsoft
-CVE-2017-8543 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows ...)
+CVE-2017-8543 (Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, ...)
 	NOT-FOR-US: Microsoft
 CVE-2017-8542 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...)
 	NOT-FOR-US: Microsoft
@@ -3214,8 +3336,8 @@
 	NOT-FOR-US: Microsoft
 CVE-2017-8488 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...)
 	NOT-FOR-US: Microsoft
-CVE-2017-8487
-	RESERVED
+CVE-2017-8487 (Windows OLE in Windows XP and Windows Server 2003 allows an attacker ...)
+	TODO: check
 CVE-2017-8486
 	RESERVED
 CVE-2017-8485 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...)
@@ -3266,8 +3388,8 @@
 	RESERVED
 CVE-2017-8462 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...)
 	NOT-FOR-US: Microsoft
-CVE-2017-8461
-	RESERVED
+CVE-2017-8461 (Windows RPC with Routing and Remote Access enabled in Windows XP and ...)
+	TODO: check
 CVE-2017-8460 (Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows ...)
 	NOT-FOR-US: Microsoft
 CVE-2017-8459 (** DISPUTED ** Brave 0.12.4 has a Status Bar Obfuscation issue in which ...)
@@ -4992,8 +5114,8 @@
 	NOT-FOR-US: flatCore
 CVE-2017-7877 (CSRF vulnerability in flatCore version 1.4.6 allows remote attackers to ...)
 	NOT-FOR-US: flatCore
-CVE-2017-7876
-	RESERVED
+CVE-2017-7876 (QNAP QTS before 4.2.6 build 20170517 allows command injection. ...)
+	TODO: check
 CVE-2017-7875 (In wallpaper.c in feh before v2.18.3, if a malicious client pretends to ...)
 	{DLA-899-1}
 	- feh 2.18-2 (low; bug #860367)
@@ -5752,8 +5874,8 @@
 	RESERVED
 CVE-2017-7630
 	RESERVED
-CVE-2017-7629
-	RESERVED
+CVE-2017-7629 (QNAP QTS before 4.2.6 build 20170517 has a flaw in the change password ...)
+	TODO: check
 CVE-2017-7628 (The "Smart related articles" extension 1.1 for Joomla! has SQL ...)
 	NOT-FOR-US: Joomla extension
 CVE-2017-7627 (The "Smart related articles" extension 1.1 for Joomla! does not prevent ...)
@@ -10799,9 +10921,11 @@
 	NOT-FOR-US: Moodle plugin
 CVE-2017-5944 [Remote code execution in dashboard interface]
 	RESERVED
+	{DSA-3882-1}
 	- request-tracker4 4.4.1-4
 CVE-2017-5943 [CSRF verification token information leak]
 	RESERVED
+	{DSA-3882-1}
 	- request-tracker4 4.4.1-4
 CVE-2017-5942 (An issue was discovered in the WP Mail plugin before 1.2 for WordPress. ...)
 	NOT-FOR-US: Wordpress plugin
@@ -11836,7 +11960,7 @@
 	NOTE: https://cwiki.apache.org/confluence/display/WW/S2-045
 CVE-2017-5637
 	RESERVED
-	{DSA-3871-1}
+	{DSA-3871-1 DLA-986-1}
 	- zookeeper 3.4.9-3 (bug #863811)
 	NOTE: https://issues.apache.org/jira/browse/ZOOKEEPER-2693
 CVE-2017-5636
@@ -13073,6 +13197,7 @@
 	RESERVED
 CVE-2017-5361 [Timing side-channel vulnerability in password verification]
 	RESERVED
+	{DSA-3883-1 DSA-3882-1}
 	- request-tracker4 4.4.1-4
 	- rt-authen-externalauth <removed>
 	NOTE: https://github.com/bestpractical/rt-authen-externalauth/commit/436255c04b4881bb6d8eec9a57b8593033d863a9
@@ -13464,8 +13589,8 @@
 	RESERVED
 CVE-2017-5245
 	RESERVED
-CVE-2017-5244
-	RESERVED
+CVE-2017-5244 (Routes used to stop running Metasploit tasks (either particular ones ...)
+	TODO: check
 CVE-2017-5243 (The default SSH configuration in Rapid7 Nexpose hardware appliances ...)
 	NOT-FOR-US: Rapid7 Nexpose hardware appliances
 CVE-2017-5242
@@ -23337,8 +23462,8 @@
 	RESERVED
 CVE-2017-1380
 	RESERVED
-CVE-2017-1379
-	RESERVED
+CVE-2017-1379 (IBM API Connect 5.0.0.0 could allow a remote attacker to obtain ...)
+	TODO: check
 CVE-2017-1378
 	RESERVED
 CVE-2017-1377
@@ -23701,8 +23826,8 @@
 	RESERVED
 CVE-2017-1198
 	RESERVED
-CVE-2017-1197
-	RESERVED
+CVE-2017-1197 (IBM BigFix Compliance (TEMA SUAv1 SCA SCM) uses an inadequate account ...)
+	TODO: check
 CVE-2017-1196 (IBM BigFix Compliance (TEMA SUAv1 SCA SCM) 1.9.70 does not require ...)
 	NOT-FOR-US: IBM
 CVE-2017-1195
@@ -37957,6 +38082,7 @@
 	NOTE: libtomcrypt, thus keep that source package as well for now associated.
 CVE-2016-6127 [XSS in file uploads]
 	RESERVED
+	{DSA-3882-1}
 	- request-tracker4 4.4.1-4
 CVE-2016-6126 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote ...)
 	NOT-FOR-US: IBM
@@ -60368,8 +60494,8 @@
 	RESERVED
 CVE-2015-7733
 	RESERVED
-CVE-2015-7732
-	RESERVED
+CVE-2015-7732 (The Avira Mobile Security app before 1.5.11 for iOS sends sensitive ...)
+	TODO: check
 CVE-2015-7731
 	RESERVED
 CVE-2015-7730 (SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and ...)

More information about the Secure-testing-commits mailing list