[Secure-testing-commits] r49597 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Sun Mar 12 09:10:41 UTC 2017
Author: sectracker
Date: 2017-03-12 09:10:40 +0000 (Sun, 12 Mar 2017)
New Revision: 49597
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-03-11 21:10:12 UTC (rev 49596)
+++ data/CVE/list 2017-03-12 09:10:40 UTC (rev 49597)
@@ -1,3 +1,29 @@
+CVE-2017-6826
+ RESERVED
+CVE-2017-6825
+ RESERVED
+CVE-2017-6824
+ RESERVED
+CVE-2017-6823 (Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges ...)
+ TODO: check
+CVE-2017-6822
+ RESERVED
+CVE-2017-6821
+ RESERVED
+CVE-2017-6820 (rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is ...)
+ TODO: check
+CVE-2017-6819 (In WordPress before 4.7.3, there is cross-site request forgery (CSRF) ...)
+ TODO: check
+CVE-2017-6818 (In WordPress before 4.7.3 (wp-admin/js/tags-box.js), there is ...)
+ TODO: check
+CVE-2017-6817 (In WordPress before 4.7.3 (wp-includes/embed.php), there is ...)
+ TODO: check
+CVE-2017-6816 (In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can ...)
+ TODO: check
+CVE-2017-6815 (In WordPress before 4.7.3 (wp-includes/pluggable.php), control ...)
+ TODO: check
+CVE-2017-6814 (In WordPress before 4.7.3, there is authenticated Cross-Site Scripting ...)
+ TODO: check
CVE-2017-XXXX [XSS issue in handling of a style tag inside of an svg element]
- roundcube <unfixed> (bug #857473)
NOTE: https://github.com/roundcube/roundcubemail/commit/fa2824fdcd44af3f970b2797feb47652482c8305
@@ -851,8 +877,8 @@
- dotclear <removed>
CVE-2017-6445 (The auto-update feature of Open Embedded Linux Entertainment Center ...)
NOT-FOR-US: OpenELEC
-CVE-2017-6444
- RESERVED
+CVE-2017-6444 (The MikroTik Router hAP Lite 6.25 has no protection mechanism for ...)
+ TODO: check
CVE-2017-6443
RESERVED
CVE-2002-2447
@@ -3206,12 +3232,12 @@
NOTE: pear performs no kind of authentication/integrity checks for downloads, so an attacker can MITM freely anyway
CVE-2017-5629
RESERVED
-CVE-2017-5626
- RESERVED
+CVE-2017-5626 (OxygenOS before version 4.0.2, on OnePlus 3 and 3T, has two hidden ...)
+ TODO: check
CVE-2017-5625
RESERVED
-CVE-2017-5624
- RESERVED
+CVE-2017-5624 (An issue was discovered in OxygenOS before 4.0.3 for OnePlus 3 and 3T. ...)
+ TODO: check
CVE-2017-5623
RESERVED
CVE-2017-5622
@@ -70199,8 +70225,7 @@
- linux-2.6 <removed>
[squeeze] - linux-2.6 <not-affected> (Introduced in v2.6.38-rc1)
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4943ba16bbc2 (v3.19-rc1)
-CVE-2014-9645 [modprobe wrongly accepts paths as module names]
- RESERVED
+CVE-2014-9645 (The add_probe function in modutils/modprobe.c in BusyBox before 1.23.0 ...)
- busybox 1:1.22.0-15 (low; bug #776186)
[jessie] - busybox <no-dsa> (Minor issue)
[wheezy] - busybox <no-dsa> (Minor issue)
More information about the Secure-testing-commits
mailing list