[Secure-testing-commits] r52790 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Wed Jun 21 21:10:14 UTC 2017
Author: sectracker
Date: 2017-06-21 21:10:13 +0000 (Wed, 21 Jun 2017)
New Revision: 52790
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-06-21 20:21:15 UTC (rev 52789)
+++ data/CVE/list 2017-06-21 21:10:13 UTC (rev 52790)
@@ -1,3 +1,9 @@
+CVE-2017-9782 (JasPer 2.0.12 allows remote attackers to cause a denial of service ...)
+ TODO: check
+CVE-2017-9781 (A cross site scripting (XSS) vulnerability exists in Check_MK versions ...)
+ TODO: check
+CVE-2017-9779
+ RESERVED
CVE-2017-XXXX [VMSF_DELTA filter in unrar allows arbitrary memory write]
- unrar-nonfree <unfixed> (bug #865461)
[stretch] - unrar-nonfree <no-dsa> (Non-free not supported)
@@ -13,10 +19,10 @@
RESERVED
CVE-2017-9775
RESERVED
-CVE-2017-9774
- RESERVED
-CVE-2017-9773
- RESERVED
+CVE-2017-9774 (Remote Code Execution was found in Horde_Image 2.x before 2.5.0 via a ...)
+ TODO: check
+CVE-2017-9773 (Denial of Service was found in Horde_Image 2.x before 2.5.0 via a ...)
+ TODO: check
CVE-2017-9772
RESERVED
CVE-2017-9771 (install\save.php in WebsiteBaker v2.10.0 allows remote attackers to ...)
@@ -37,7 +43,7 @@
RESERVED
CVE-2017-9764
RESERVED
-CVE-2017-9780 [Flatpak security issue #845 involving setuid/world-writable files]
+CVE-2017-9780 (In Flatpak before 0.8.7, a third-party app repository could include ...)
- flatpak 0.8.7-1 (bug #865413)
NOTE: https://github.com/flatpak/flatpak/issues/845
CVE-2017-XXXX [XSA 225]
@@ -262,6 +268,7 @@
CVE-2017-9737
RESERVED
CVE-2017-9736 (SPIP 3.1.x before 3.1.6 and 3.2.x before Beta 3 does not remove shell ...)
+ {DSA-3890-1}
- spip 3.1.4-3 (bug #864921)
[jessie] - spip <not-affected> (Vulnerable code not present)
[wheezy] - spip <not-affected> (Vulnerable code not present)
@@ -5204,16 +5211,16 @@
RESERVED
CVE-2017-7923 (A Password in Configuration File issue was discovered in Hikvision ...)
NOT-FOR-US: Hikvision
-CVE-2017-7922
- RESERVED
+CVE-2017-7922 (An Improper Privilege Management issue was discovered in Cambium ...)
+ TODO: check
CVE-2017-7921 (An Improper Authentication issue was discovered in Hikvision ...)
NOT-FOR-US: Hikvision
CVE-2017-7920
RESERVED
CVE-2017-7919
RESERVED
-CVE-2017-7918
- RESERVED
+CVE-2017-7918 (An Improper Access Control issue was discovered in Cambium Networks ...)
+ TODO: check
CVE-2017-7917 (A Cross-Site Request Forgery issue was discovered in Moxa OnCell ...)
NOT-FOR-US: Moxa
CVE-2017-7916
@@ -8558,7 +8565,7 @@
NOT-FOR-US: concrete5
CVE-2017-6907 (An issue was discovered in Open.GL before 2017-03-13. The vulnerability ...)
NOT-FOR-US: Open.GL
-CVE-2017-6906 (An issue was discovered in SiberianCMS before 4.10.0. The vulnerability ...)
+CVE-2017-6906 (An issue was discovered in SiberianCMS before 4.10.0. The ...)
NOT-FOR-US: SiberianCMS
CVE-2017-6905 (An issue was discovered in concrete5 <= 5.6.3.4. The vulnerability ...)
NOT-FOR-US: concrete5
@@ -10967,14 +10974,14 @@
NOT-FOR-US: eParakstitajs and eParaksts Java lib
CVE-2017-6054 (A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai ...)
NOT-FOR-US: Hyundai
-CVE-2017-6053
- RESERVED
+CVE-2017-6053 (A Cross-Site Scripting issue was discovered in Trihedral VTScada ...)
+ TODO: check
CVE-2017-6052 (A Man-in-the-Middle issue was discovered in Hyundai Motor America Blue ...)
NOT-FOR-US: Hyundai
CVE-2017-6051 (An Uncontrolled Search Path Element issue was discovered in BLF-Tech ...)
NOT-FOR-US: BLF-Tech LLC VisualView HMI
-CVE-2017-6050
- RESERVED
+CVE-2017-6050 (A SQL Injection issue was discovered in Ecava IntegraXor Versions ...)
+ TODO: check
CVE-2017-6049
RESERVED
CVE-2017-6048 (A Command Injection issue was discovered in Satel Iberia SenNet Data ...)
@@ -10983,12 +10990,12 @@
RESERVED
CVE-2017-6046
RESERVED
-CVE-2017-6045
- RESERVED
+CVE-2017-6045 (An Information Exposure issue was discovered in Trihedral VTScada ...)
+ TODO: check
CVE-2017-6044
RESERVED
-CVE-2017-6043
- RESERVED
+CVE-2017-6043 (A Resource Consumption issue was discovered in Trihedral VTScada ...)
+ TODO: check
CVE-2017-6042
RESERVED
CVE-2017-6041
@@ -14949,12 +14956,12 @@
NOT-FOR-US: Cloud Foundry
CVE-2017-4991 (An issue was discovered in Cloud Foundry Foundation cf-release versions ...)
NOT-FOR-US: Cloud Foundry
-CVE-2017-4990
- RESERVED
-CVE-2017-4989
- RESERVED
-CVE-2017-4988
- RESERVED
+CVE-2017-4990 (In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, ...)
+ TODO: check
+CVE-2017-4989 (In EMC Avamar Server Software 7.3.1-125, 7.3.0-233, 7.3.0-226, ...)
+ TODO: check
+CVE-2017-4988 (EMC Isilon OneFS 8.0.1.0, 8.0.0 - 8.0.0.3, 7.2.0 - 7.2.1.4, 7.1.x is ...)
+ TODO: check
CVE-2017-4987 (In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions ...)
NOT-FOR-US: EMC
CVE-2017-4986 (EMC ESRS VE 3.18 or earlier contains Authentication Bypass that could ...)
@@ -19581,10 +19588,10 @@
RESERVED
CVE-2017-3220
RESERVED
-CVE-2017-3219
- RESERVED
-CVE-2017-3218
- RESERVED
+CVE-2017-3219 (Acronis True Image up to and including version 2017 Build 8053 ...)
+ TODO: check
+CVE-2017-3218 (Samsung Magician 5.0 fails to validate TLS certificates for HTTPS ...)
+ TODO: check
CVE-2017-3217
RESERVED
CVE-2017-3216 (WiMAX routers based on the MediaTek SDK (libmtk) that use a custom ...)
@@ -20681,16 +20688,16 @@
RESERVED
CVE-2017-2832
RESERVED
-CVE-2017-2831
- RESERVED
-CVE-2017-2830
- RESERVED
-CVE-2017-2829
- RESERVED
-CVE-2017-2828
- RESERVED
-CVE-2017-2827
- RESERVED
+CVE-2017-2831 (An exploitable buffer overflow vulnerability exists in the web ...)
+ TODO: check
+CVE-2017-2830 (An exploitable buffer overflow vulnerability exists in the web ...)
+ TODO: check
+CVE-2017-2829 (An exploitable directory traversal vulnerability exists in the web ...)
+ TODO: check
+CVE-2017-2828 (An exploitable command injection vulnerability exists in the web ...)
+ TODO: check
+CVE-2017-2827 (An exploitable command injection vulnerability exists in the web ...)
+ TODO: check
CVE-2017-2826
RESERVED
CVE-2017-2825
@@ -20722,8 +20729,8 @@
RESERVED
CVE-2017-2814
RESERVED
-CVE-2017-2813
- RESERVED
+CVE-2017-2813 (An exploitable integer overflow vulnerability exists in the JPEG 2000 ...)
+ TODO: check
CVE-2017-2812
RESERVED
CVE-2017-2811
@@ -20742,8 +20749,8 @@
RESERVED
CVE-2017-2806 (An exploitable arbitrary read exists in the XLS parsing of the Lexmark ...)
NOT-FOR-US: Lexmark Perspective Document Filters conversion functionality
-CVE-2017-2805
- RESERVED
+CVE-2017-2805 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
+ TODO: check
CVE-2017-2804
RESERVED
CVE-2017-2803
@@ -21854,7 +21861,7 @@
NOT-FOR-US: Apple
CVE-2017-2381 (An issue was discovered in certain Apple products. macOS before ...)
NOT-FOR-US: Apple, that's likely just a broken sudo config
-CVE-2017-2380 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
+CVE-2017-2380 (An issue was discovered in certain Apple products. iOS before 10.3 ...)
NOT-FOR-US: Apple
CVE-2017-2379 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
NOT-FOR-US: Apple
@@ -24025,8 +24032,8 @@
RESERVED
CVE-2017-1305 (IBM DOORS Next Generation (DNG/RRC) 6.0.2 and 6.0.3 is vulnerable to ...)
NOT-FOR-US: IBM
-CVE-2017-1304
- RESERVED
+CVE-2017-1304 (IBM has identified a vulnerability with IBM Spectrum Scale/GPFS ...)
+ TODO: check
CVE-2017-1303
RESERVED
CVE-2017-1302
@@ -24400,8 +24407,8 @@
RESERVED
CVE-2017-1118
RESERVED
-CVE-2017-1117
- RESERVED
+CVE-2017-1117 (IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to ...)
+ TODO: check
CVE-2017-1116
RESERVED
CVE-2017-1115
@@ -28815,7 +28822,7 @@
REJECTED
CVE-2016-9040
RESERVED
-CVE-2016-9039 (An exploitable denial of service exists in the the Joyent SmartOS ...)
+CVE-2016-9039 (An exploitable denial of service exists in the Joyent SmartOS ...)
NOT-FOR-US: Joyent
CVE-2016-9038
RESERVED
@@ -29523,8 +29530,8 @@
NOT-FOR-US: Joyent SmartOS
CVE-2016-8732
RESERVED
-CVE-2016-8731
- RESERVED
+CVE-2016-8731 (Hard-coded FTP credentials (r:r) are included in the Foscam C1 running ...)
+ TODO: check
CVE-2016-8730
RESERVED
CVE-2016-8729
@@ -33627,8 +33634,8 @@
NOTE: found.
CVE-2016-7509
RESERVED
-CVE-2016-7508
- RESERVED
+CVE-2016-7508 (Multiple SQL injection vulnerabilities in GLPI 0.90.4 allow an ...)
+ TODO: check
CVE-2016-7507
RESERVED
CVE-2016-7506 (An out-of-bounds read vulnerability was observed in Sp_replace_regexp ...)
More information about the Secure-testing-commits
mailing list