[Secure-testing-commits] r49751 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Fri Mar 17 21:10:13 UTC 2017
Author: sectracker
Date: 2017-03-17 21:10:13 +0000 (Fri, 17 Mar 2017)
New Revision: 49751
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-03-17 20:57:57 UTC (rev 49750)
+++ data/CVE/list 2017-03-17 21:10:13 UTC (rev 49751)
@@ -1,45 +1,449 @@
-CVE-2017-6969
+CVE-2017-7173
+ RESERVED
+CVE-2017-7172
+ RESERVED
+CVE-2017-7171
+ RESERVED
+CVE-2017-7170
+ RESERVED
+CVE-2017-7169
+ RESERVED
+CVE-2017-7168
+ RESERVED
+CVE-2017-7167
+ RESERVED
+CVE-2017-7166
+ RESERVED
+CVE-2017-7165
+ RESERVED
+CVE-2017-7164
+ RESERVED
+CVE-2017-7163
+ RESERVED
+CVE-2017-7162
+ RESERVED
+CVE-2017-7161
+ RESERVED
+CVE-2017-7160
+ RESERVED
+CVE-2017-7159
+ RESERVED
+CVE-2017-7158
+ RESERVED
+CVE-2017-7157
+ RESERVED
+CVE-2017-7156
+ RESERVED
+CVE-2017-7155
+ RESERVED
+CVE-2017-7154
+ RESERVED
+CVE-2017-7153
+ RESERVED
+CVE-2017-7152
+ RESERVED
+CVE-2017-7151
+ RESERVED
+CVE-2017-7150
+ RESERVED
+CVE-2017-7149
+ RESERVED
+CVE-2017-7148
+ RESERVED
+CVE-2017-7147
+ RESERVED
+CVE-2017-7146
+ RESERVED
+CVE-2017-7145
+ RESERVED
+CVE-2017-7144
+ RESERVED
+CVE-2017-7143
+ RESERVED
+CVE-2017-7142
+ RESERVED
+CVE-2017-7141
+ RESERVED
+CVE-2017-7140
+ RESERVED
+CVE-2017-7139
+ RESERVED
+CVE-2017-7138
+ RESERVED
+CVE-2017-7137
+ RESERVED
+CVE-2017-7136
+ RESERVED
+CVE-2017-7135
+ RESERVED
+CVE-2017-7134
+ RESERVED
+CVE-2017-7133
+ RESERVED
+CVE-2017-7132
+ RESERVED
+CVE-2017-7131
+ RESERVED
+CVE-2017-7130
+ RESERVED
+CVE-2017-7129
+ RESERVED
+CVE-2017-7128
+ RESERVED
+CVE-2017-7127
+ RESERVED
+CVE-2017-7126
+ RESERVED
+CVE-2017-7125
+ RESERVED
+CVE-2017-7124
+ RESERVED
+CVE-2017-7123
+ RESERVED
+CVE-2017-7122
+ RESERVED
+CVE-2017-7121
+ RESERVED
+CVE-2017-7120
+ RESERVED
+CVE-2017-7119
+ RESERVED
+CVE-2017-7118
+ RESERVED
+CVE-2017-7117
+ RESERVED
+CVE-2017-7116
+ RESERVED
+CVE-2017-7115
+ RESERVED
+CVE-2017-7114
+ RESERVED
+CVE-2017-7113
+ RESERVED
+CVE-2017-7112
+ RESERVED
+CVE-2017-7111
+ RESERVED
+CVE-2017-7110
+ RESERVED
+CVE-2017-7109
+ RESERVED
+CVE-2017-7108
+ RESERVED
+CVE-2017-7107
+ RESERVED
+CVE-2017-7106
+ RESERVED
+CVE-2017-7105
+ RESERVED
+CVE-2017-7104
+ RESERVED
+CVE-2017-7103
+ RESERVED
+CVE-2017-7102
+ RESERVED
+CVE-2017-7101
+ RESERVED
+CVE-2017-7100
+ RESERVED
+CVE-2017-7099
+ RESERVED
+CVE-2017-7098
+ RESERVED
+CVE-2017-7097
+ RESERVED
+CVE-2017-7096
+ RESERVED
+CVE-2017-7095
+ RESERVED
+CVE-2017-7094
+ RESERVED
+CVE-2017-7093
+ RESERVED
+CVE-2017-7092
+ RESERVED
+CVE-2017-7091
+ RESERVED
+CVE-2017-7090
+ RESERVED
+CVE-2017-7089
+ RESERVED
+CVE-2017-7088
+ RESERVED
+CVE-2017-7087
+ RESERVED
+CVE-2017-7086
+ RESERVED
+CVE-2017-7085
+ RESERVED
+CVE-2017-7084
+ RESERVED
+CVE-2017-7083
+ RESERVED
+CVE-2017-7082
+ RESERVED
+CVE-2017-7081
+ RESERVED
+CVE-2017-7080
+ RESERVED
+CVE-2017-7079
+ RESERVED
+CVE-2017-7078
+ RESERVED
+CVE-2017-7077
+ RESERVED
+CVE-2017-7076
+ RESERVED
+CVE-2017-7075
+ RESERVED
+CVE-2017-7074
+ RESERVED
+CVE-2017-7073
+ RESERVED
+CVE-2017-7072
+ RESERVED
+CVE-2017-7071
+ RESERVED
+CVE-2017-7070
+ RESERVED
+CVE-2017-7069
+ RESERVED
+CVE-2017-7068
+ RESERVED
+CVE-2017-7067
+ RESERVED
+CVE-2017-7066
+ RESERVED
+CVE-2017-7065
+ RESERVED
+CVE-2017-7064
+ RESERVED
+CVE-2017-7063
+ RESERVED
+CVE-2017-7062
+ RESERVED
+CVE-2017-7061
+ RESERVED
+CVE-2017-7060
+ RESERVED
+CVE-2017-7059
+ RESERVED
+CVE-2017-7058
+ RESERVED
+CVE-2017-7057
+ RESERVED
+CVE-2017-7056
+ RESERVED
+CVE-2017-7055
+ RESERVED
+CVE-2017-7054
+ RESERVED
+CVE-2017-7053
+ RESERVED
+CVE-2017-7052
+ RESERVED
+CVE-2017-7051
+ RESERVED
+CVE-2017-7050
+ RESERVED
+CVE-2017-7049
+ RESERVED
+CVE-2017-7048
+ RESERVED
+CVE-2017-7047
+ RESERVED
+CVE-2017-7046
+ RESERVED
+CVE-2017-7045
+ RESERVED
+CVE-2017-7044
+ RESERVED
+CVE-2017-7043
+ RESERVED
+CVE-2017-7042
+ RESERVED
+CVE-2017-7041
+ RESERVED
+CVE-2017-7040
+ RESERVED
+CVE-2017-7039
+ RESERVED
+CVE-2017-7038
+ RESERVED
+CVE-2017-7037
+ RESERVED
+CVE-2017-7036
+ RESERVED
+CVE-2017-7035
+ RESERVED
+CVE-2017-7034
+ RESERVED
+CVE-2017-7033
+ RESERVED
+CVE-2017-7032
+ RESERVED
+CVE-2017-7031
+ RESERVED
+CVE-2017-7030
+ RESERVED
+CVE-2017-7029
+ RESERVED
+CVE-2017-7028
+ RESERVED
+CVE-2017-7027
+ RESERVED
+CVE-2017-7026
+ RESERVED
+CVE-2017-7025
+ RESERVED
+CVE-2017-7024
+ RESERVED
+CVE-2017-7023
+ RESERVED
+CVE-2017-7022
+ RESERVED
+CVE-2017-7021
+ RESERVED
+CVE-2017-7020
+ RESERVED
+CVE-2017-7019
+ RESERVED
+CVE-2017-7018
+ RESERVED
+CVE-2017-7017
+ RESERVED
+CVE-2017-7016
+ RESERVED
+CVE-2017-7015
+ RESERVED
+CVE-2017-7014
+ RESERVED
+CVE-2017-7013
+ RESERVED
+CVE-2017-7012
+ RESERVED
+CVE-2017-7011
+ RESERVED
+CVE-2017-7010
+ RESERVED
+CVE-2017-7009
+ RESERVED
+CVE-2017-7008
+ RESERVED
+CVE-2017-7007
+ RESERVED
+CVE-2017-7006
+ RESERVED
+CVE-2017-7005
+ RESERVED
+CVE-2017-7004
+ RESERVED
+CVE-2017-7003
+ RESERVED
+CVE-2017-7002
+ RESERVED
+CVE-2017-7001
+ RESERVED
+CVE-2017-7000
+ RESERVED
+CVE-2017-6999
+ RESERVED
+CVE-2017-6998
+ RESERVED
+CVE-2017-6997
+ RESERVED
+CVE-2017-6996
+ RESERVED
+CVE-2017-6995
+ RESERVED
+CVE-2017-6994
+ RESERVED
+CVE-2017-6993
+ RESERVED
+CVE-2017-6992
+ RESERVED
+CVE-2017-6991
+ RESERVED
+CVE-2017-6990
+ RESERVED
+CVE-2017-6989
+ RESERVED
+CVE-2017-6988
+ RESERVED
+CVE-2017-6987
+ RESERVED
+CVE-2017-6986
+ RESERVED
+CVE-2017-6985
+ RESERVED
+CVE-2017-6984
+ RESERVED
+CVE-2017-6983
+ RESERVED
+CVE-2017-6982
+ RESERVED
+CVE-2017-6981
+ RESERVED
+CVE-2017-6980
+ RESERVED
+CVE-2017-6979
+ RESERVED
+CVE-2017-6978
+ RESERVED
+CVE-2017-6977
+ RESERVED
+CVE-2017-6976
+ RESERVED
+CVE-2017-6975
+ RESERVED
+CVE-2017-6974
+ RESERVED
+CVE-2017-6973
+ RESERVED
+CVE-2017-6972
+ RESERVED
+CVE-2017-6971
+ RESERVED
+CVE-2017-6970
+ RESERVED
+CVE-2017-6968
+ RESERVED
+CVE-2017-6969 (readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer ...)
- binutils <unfixed>
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21156
-CVE-2017-6967
- RESERVED
+CVE-2017-6967 (xrdp 0.9.1 calls the PAM function auth_start_session() in an incorrect ...)
- xrdp <unfixed>
NOTE: https://bugs.launchpad.net/ubuntu/+source/xrdp/+bug/1672742
NOTE: https://github.com/neutrinolabs/xrdp/issues/350
NOTE: https://github.com/neutrinolabs/xrdp/pull/694
-CVE-2017-6966
- RESERVED
+CVE-2017-6966 (readelf in GNU Binutils 2.28 has a use-after-free (specifically ...)
- binutils <unfixed>
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21139
-CVE-2017-6965
- RESERVED
+CVE-2017-6965 (readelf in GNU Binutils 2.28 writes to illegal addresses while ...)
- binutils <unfixed>
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21137
CVE-2017-6964
RESERVED
CVE-2017-6963
RESERVED
-CVE-2017-6962
- RESERVED
+CVE-2017-6962 (An issue was discovered in apng2gif 1.7. There is an integer overflow ...)
- apng2gif <unfixed> (bug #854447)
-CVE-2017-6961
- RESERVED
+CVE-2017-6961 (An issue was discovered in apng2gif 1.7. There is improper sanitization ...)
- apng2gif <unfixed> (bug #854441)
-CVE-2017-6960
- RESERVED
+CVE-2017-6960 (An issue was discovered in apng2gif 1.7. There ...)
- apng2gif <unfixed> (bug #854367)
CVE-2017-6959
RESERVED
-CVE-2017-6958
- RESERVED
+CVE-2017-6958 (An XSS vulnerability in the MantisBT Source Integration Plugin (before ...)
+ TODO: check
CVE-2017-6957
RESERVED
CVE-2017-6956
RESERVED
-CVE-2017-6955
- RESERVED
-CVE-2017-6954
- RESERVED
+CVE-2017-6955 (An issue was discovered in by-email/by-email.php in the Invite Anyone ...)
+ TODO: check
+CVE-2017-6954 (An issue was discovered in includes/component.php in the BuddyPress ...)
+ TODO: check
CVE-2017-6953
RESERVED
CVE-2017-6952 (Integer overflow in the cs_winkernel_malloc function in winkernel_mm.c ...)
@@ -147,8 +551,8 @@
TODO: check
CVE-2017-6904
RESERVED
-CVE-2017-6902 (Unrestricted file upload vulnerability in 'file upload' modules in ...)
- TODO: check
+CVE-2017-6902
+ REJECTED
CVE-2017-6901
RESERVED
CVE-2017-6900
@@ -196,8 +600,8 @@
RESERVED
CVE-2017-6881
RESERVED
-CVE-2017-6880
- RESERVED
+CVE-2017-6880 (Buffer overflow in Cerberus FTP Server 8.0.10.3 allows remote attackers ...)
+ TODO: check
CVE-2017-6879
RESERVED
CVE-2017-6878
@@ -401,7 +805,8 @@
RESERVED
CVE-2017-6805
RESERVED
-CVE-2017-6804 (A Stored XSS Vulnerability exists in the WP Markdown Editor (aka ...)
+CVE-2017-6804
+ REJECTED
NOT-FOR-US: WP Markdown Editor plugin for Wordpress
CVE-2017-6803
RESERVED
@@ -1015,14 +1420,17 @@
CVE-2017-6507
RESERVED
CVE-2017-6814 (In WordPress before 4.7.3, there is authenticated Cross-Site Scripting ...)
+ {DLA-860-1}
- wordpress 4.7.3+dfsg-1 (bug #857026)
NOTE: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
NOTE: https://github.com/WordPress/WordPress/commit/28f838ca3ee205b6f39cd2bf23eb4e5f52796bd7
CVE-2017-6815 (In WordPress before 4.7.3 (wp-includes/pluggable.php), control ...)
+ {DLA-860-1}
- wordpress 4.7.3+dfsg-1 (bug #857026)
NOTE: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
NOTE: https://github.com/WordPress/WordPress/commit/288cd469396cfe7055972b457eb589cea51ce40e
CVE-2017-6816 (In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can ...)
+ {DLA-860-1}
- wordpress 4.7.3+dfsg-1 (bug #857026)
NOTE: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
NOTE: https://github.com/WordPress/WordPress/commit/4d80f8b3e1b00a3edcee0774dc9c2f4c78f9e663
@@ -1551,8 +1959,8 @@
RESERVED
CVE-2017-6371
RESERVED
-CVE-2017-6370
- RESERVED
+CVE-2017-6370 (TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI in ...)
+ TODO: check
CVE-2017-6369
RESERVED
CVE-2017-6368
@@ -32296,16 +32704,13 @@
{DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
NOTE: https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/patch/?id=33b2d377b94eb738011bc7d5e90ca0a16ce4d471
-CVE-2014-9852 [In cache fix usage of object after it has been destroyed]
- RESERVED
+CVE-2014-9852 (distribute-cache.c in ImageMagick re-uses objects after they have been ...)
- imagemagick 8:6.8.9.9-4 (bug #773834)
[wheezy] - imagemagick <not-affected> (distribute-cache.c does not exist in 6.7.7.10)
-CVE-2014-9853 [Avoid a memory leak in rle file handling]
- RESERVED
+CVE-2014-9853 (Memory leak in coders/rle.c in ImageMagick allows remote attackers to ...)
{DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
-CVE-2014-9854 [DoS in image identification]
- RESERVED
+CVE-2014-9854 (coders/tiff.c in ImageMagick allows remote attackers to cause a denial ...)
{DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2016-XXXX [doesn't remove metadata in embedded images in PDFs]
@@ -52966,8 +53371,7 @@
CVE-2015-XXXX [Privilege escalation via core-gui]
- core-network <unfixed> (bug #799756)
NOTE: http://pf.itd.nrl.navy.mil/pipermail/core-users/2015-August/001837.html
-CVE-2015-7313 [OOM when parsing crafted tiff files]
- RESERVED
+CVE-2015-7313 (LibTIFF allows remote attackers to cause a denial of service (memory ...)
- tiff 4.0.7-1 (bug #800124)
[jessie] - tiff <no-dsa> (Minor issue)
[wheezy] - tiff <no-dsa> (Minor issue)
@@ -60369,8 +60773,7 @@
[jessie] - squashfs-tools <no-dsa> (Minor issue)
[wheezy] - squashfs-tools <no-dsa> (Minor issue)
[squeeze] - squashfs-tools <no-dsa> (Minor issue)
-CVE-2015-4645
- RESERVED
+CVE-2015-4645 (Integer overflow in the read_fragment_table_4 function in unsquash-4.c ...)
- squashfs-tools 1:4.3-2 (bug #793467)
[jessie] - squashfs-tools <no-dsa> (Minor issue)
[wheezy] - squashfs-tools <no-dsa> (Minor issue)
@@ -62461,14 +62864,14 @@
RESERVED
NOT-FOR-US: proxychains-ng
NOTE: proxychains does not contain the vulnerable code
-CVE-2015-3884
- RESERVED
-CVE-2015-3883
- RESERVED
-CVE-2015-3882
- RESERVED
-CVE-2015-3881
- RESERVED
+CVE-2015-3884 (Unrestricted file upload vulnerability in the (1) myAccount, (2) ...)
+ TODO: check
+CVE-2015-3883 (Multiple cross-site scripting (XSS) vulnerabilities in qdPM 8.3 allow ...)
+ TODO: check
+CVE-2015-3882 (qdPM 8.3 allows remote attackers to obtain sensitive information via ...)
+ TODO: check
+CVE-2015-3881 (Information disclosure issue in qdPM 8.3 allows remote attackers to ...)
+ TODO: check
CVE-2015-3879 (Media Player Framework in Android before 5.1.1 LMY48T allows attackers ...)
NOT-FOR-US: Media Player Framework in Android
CVE-2015-3878 (Media Projection in Android 5.x before 5.1.1 LMY48T and 6.0 before ...)
@@ -77097,10 +77500,10 @@
RESERVED
CVE-2014-8724 (Cross-site scripting (XSS) vulnerability in the W3 Total Cache plugin ...)
NOT-FOR-US: W3 Total Cache plugin for WordPress
-CVE-2014-8723
- RESERVED
-CVE-2014-8722
- RESERVED
+CVE-2014-8723 (GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive ...)
+ TODO: check
+CVE-2014-8722 (GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive ...)
+ TODO: check
CVE-2014-8721
RESERVED
CVE-2014-8720
@@ -77113,22 +77516,22 @@
RESERVED
CVE-2014-8715
RESERVED
-CVE-2014-8708
- RESERVED
-CVE-2014-8707
- RESERVED
-CVE-2014-8706
- RESERVED
-CVE-2014-8705
- RESERVED
-CVE-2014-8704
- RESERVED
-CVE-2014-8703
- RESERVED
-CVE-2014-8702
- RESERVED
-CVE-2014-8701
- RESERVED
+CVE-2014-8708 (Pluck CMS 4.7.2 allows remote attackers to execute arbitrary code via ...)
+ TODO: check
+CVE-2014-8707 (Cross-site scripting (XSS) vulnerability in TinyMCE in Pluck CMS 4.7.2 ...)
+ TODO: check
+CVE-2014-8706 (Pluck CMS 4.7.2 allows remote attackers to obtain sensitive ...)
+ TODO: check
+CVE-2014-8705 (PHP remote file inclusion vulnerability in editInplace.php in Wonder ...)
+ TODO: check
+CVE-2014-8704 (Directory traversal vulnerability in index.php in Wonder CMS 2014 ...)
+ TODO: check
+CVE-2014-8703 (Cross-site scripting (XSS) vulnerability in Wonder CMS 2014 allows ...)
+ TODO: check
+CVE-2014-8702 (Wonder CMS 2014 allows remote attackers to obtain sensitive ...)
+ TODO: check
+CVE-2014-8701 (Wonder CMS 2014 allows remote attackers to obtain sensitive ...)
+ TODO: check
CVE-2014-8700
RESERVED
CVE-2014-8699
More information about the Secure-testing-commits
mailing list