[Secure-testing-commits] r49955 - data/CVE

Thu Mar 23 09:10:13 UTC 2017

Author: sectracker
Date: 2017-03-23 09:10:13 +0000 (Thu, 23 Mar 2017)
New Revision: 49955

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-03-23 07:44:00 UTC (rev 49954)
+++ data/CVE/list	2017-03-23 09:10:13 UTC (rev 49955)
@@ -1,3 +1,11 @@
+CVE-2017-7235 (An issue was discovered in cloudflare-scrape 1.6.6 through 1.7.1. A ...)
+	TODO: check
+CVE-2017-7234
+	RESERVED
+CVE-2017-7233
+	RESERVED
+CVE-2017-7232
+	RESERVED
 CVE-2017-7231 (pngdefry through 2017-03-22 is prone to a heap-based buffer-overflow ...)
 	NOT-FOR-US: pngdefry
 CVE-2017-7230 (A buffer overflow vulnerability in Disk Sorter Enterprise 9.5.12 and ...)
@@ -1617,21 +1625,22 @@
 CVE-2017-6507
 	RESERVED
 CVE-2017-6814 (In WordPress before 4.7.3, there is authenticated Cross-Site Scripting ...)
-	{DLA-860-1}
+	{DSA-3815-1 DLA-860-1}
 	- wordpress 4.7.3+dfsg-1 (bug #857026)
 	NOTE: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
 	NOTE: https://github.com/WordPress/WordPress/commit/28f838ca3ee205b6f39cd2bf23eb4e5f52796bd7
 CVE-2017-6815 (In WordPress before 4.7.3 (wp-includes/pluggable.php), control ...)
-	{DLA-860-1}
+	{DSA-3815-1 DLA-860-1}
 	- wordpress 4.7.3+dfsg-1 (bug #857026)
 	NOTE: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
 	NOTE: https://github.com/WordPress/WordPress/commit/288cd469396cfe7055972b457eb589cea51ce40e
 CVE-2017-6816 (In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can ...)
-	{DLA-860-1}
+	{DSA-3815-1 DLA-860-1}
 	- wordpress 4.7.3+dfsg-1 (bug #857026)
 	NOTE: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
 	NOTE: https://github.com/WordPress/WordPress/commit/4d80f8b3e1b00a3edcee0774dc9c2f4c78f9e663
 CVE-2017-6817 (In WordPress before 4.7.3 (wp-includes/embed.php), there is ...)
+	{DSA-3815-1}
 	- wordpress 4.7.3+dfsg-1 (bug #857026)
 	[wheezy] - wordpress <not-affected> (vulnerable code was introduced later)
 	NOTE: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
@@ -1886,6 +1895,7 @@
 	NOTE: https://redmine.openinfosecfoundation.org/issues/2022
 	NOTE: Fixed by: https://github.com/inliniac/suricata/commit/20990f7a7eb7939946a275dfc9a95426b0080a19 (3.2.1)
 CVE-2017-7177 (Suricata before 3.2.1 has an IPv4 defragmentation evasion issue caused ...)
+	{DLA-865-1}
 	- suricata 3.2.1-1 (bug #856649)
 	[jessie] - suricata <no-dsa> (Minor issue)
 	NOTE: https://redmine.openinfosecfoundation.org/issues/2019
@@ -19680,12 +19690,12 @@
 	RESERVED
 CVE-2016-9170
 	RESERVED
-CVE-2016-9169
-	RESERVED
-CVE-2016-9168
-	RESERVED
-CVE-2016-9167
-	RESERVED
+CVE-2016-9169 (A reflected XSS vulnerability exists in the web console of the Document ...)
+	TODO: check
+CVE-2016-9168 (A missing X-Frame-Options header in the NDS Utility Monitor in NDSD in ...)
+	TODO: check
+CVE-2016-9167 (NDSD in Novell eDirectory before 9.0.2 did not calculate ACLs on LDAP ...)
+	TODO: check
 CVE-2016-9166
 	RESERVED
 CVE-2016-9165 (The get_sessions servlet in CA Unified Infrastructure Management ...)
@@ -30569,30 +30579,30 @@
 	RESERVED
 CVE-2016-5759
 	RESERVED
-CVE-2016-5758
-	RESERVED
-CVE-2016-5757
-	RESERVED
-CVE-2016-5756
-	RESERVED
-CVE-2016-5755
-	RESERVED
-CVE-2016-5754
-	RESERVED
+CVE-2016-5758 (A cross site request forgery protection mechanism in NetIQ Access ...)
+	TODO: check
+CVE-2016-5757 (iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix ...)
+	TODO: check
+CVE-2016-5756 (Multiple components of the web tools in NetIQ Access Manager 4.1 before ...)
+	TODO: check
+CVE-2016-5755 (NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 ...)
+	TODO: check
+CVE-2016-5754 (Presence of a .htaccess file could leak information in NetIQ Access ...)
+	TODO: check
 CVE-2016-5753
 	RESERVED
-CVE-2016-5752
-	RESERVED
-CVE-2016-5751
-	RESERVED
-CVE-2016-5750
-	RESERVED
-CVE-2016-5749
-	RESERVED
-CVE-2016-5748
-	RESERVED
-CVE-2016-5747
-	RESERVED
+CVE-2016-5752 (The SAML2 implementation in Identity Server in NetIQ Access Manager 4.1 ...)
+	TODO: check
+CVE-2016-5751 (An unfiltered finalizer target URL in the SAML processing feature in ...)
+	TODO: check
+CVE-2016-5750 (The certificate upload feature in iManager in NetIQ Access Manager 4.1 ...)
+	TODO: check
+CVE-2016-5749 (NetIQ Access Manager 4.1 before 4.1.2 HF 1 and 4.2 before 4.2.2 was ...)
+	TODO: check
+CVE-2016-5748 (External Entity Processing (XXE) vulnerability in the "risk score" ...)
+	TODO: check
+CVE-2016-5747 (A security vulnerability in cookie handling in the http stack ...)
+	TODO: check
 CVE-2016-5746 (libstorage, libstorage-ng, and yast-storage improperly store ...)
 	NOT-FOR-US: libstorage
 CVE-2016-5745 (F5 BIG-IP LTM systems 11.x before 11.2.1 HF16, 11.3.x, 11.4.x before ...)
@@ -37470,6 +37480,7 @@
 CVE-2016-3823 (The secure-session feature in the mm-video-v4l2 venc component in ...)
 	NOT-FOR-US: Android
 CVE-2016-3822 (exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android ...)
+	{DLA-864-1}
 	- jhead 1:3.00-4 (bug #858213)
 CVE-2016-3821 (libmedia in mediaserver in Android 4.x before 4.4.4, 5.0.x before ...)
 	NOT-FOR-US: Android Mediaserver
@@ -44840,10 +44851,10 @@
 	NOT-FOR-US: NetIQ Sentinel
 CVE-2016-1604
 	RESERVED
-CVE-2016-1603
-	RESERVED
-CVE-2016-1602
-	RESERVED
+CVE-2016-1603 (An information leak in the NetIQ IDM ServiceNow Driver before 1.0.0.1 ...)
+	TODO: check
+CVE-2016-1602 (A code injection in the supportconfig data collection tool in ...)
+	TODO: check
 CVE-2016-1601 (yast2-users before 3.1.47, as used in SUSE Linux Enterprise 12 SP1, ...)
 	NOT-FOR-US: yast2-users / SuSE YAST
 CVE-2016-1600
@@ -44852,8 +44863,8 @@
 	NOT-FOR-US: NetIQ Self Service Password Reset
 CVE-2016-1598 (XSS in NetIQ IDM 4.5 Identity Applications before 4.5.4 allows ...)
 	NOT-FOR-US: NetIQ IDM
-CVE-2016-1597
-	RESERVED
+CVE-2016-1597 (A logged-in user in NetIQ Access Governance Suite 6.0 through 6.4 could ...)
+	TODO: check
 CVE-2016-1596 (Multiple cross-site scripting (XSS) vulnerabilities in Micro Focus ...)
 	NOT-FOR-US: Micro Focus
 CVE-2016-1595 (LiveTime/WebObjects/LiveTime.woa/wa/DownloadAction/downloadFile in ...)


