[Secure-testing-commits] r50190 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Thu Mar 30 09:10:13 UTC 2017
Author: sectracker
Date: 2017-03-30 09:10:13 +0000 (Thu, 30 Mar 2017)
New Revision: 50190
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-03-30 07:33:12 UTC (rev 50189)
+++ data/CVE/list 2017-03-30 09:10:13 UTC (rev 50190)
@@ -1,4 +1,66 @@
-CVE-2017-7308
+CVE-2017-7324 (setup/templates/findcore.php in MODX Revolution 2.5.4-pl and earlier ...)
+ TODO: check
+CVE-2017-7323 (The (1) update and (2) package-installation features in MODX ...)
+ TODO: check
+CVE-2017-7322 (The (1) update and (2) package-installation features in MODX ...)
+ TODO: check
+CVE-2017-7321 (setup/controllers/welcome.php in MODX Revolution 2.5.4-pl and earlier ...)
+ TODO: check
+CVE-2017-7320 (setup/controllers/language.php in MODX Revolution 2.5.4-pl and earlier ...)
+ TODO: check
+CVE-2017-7319
+ RESERVED
+CVE-2017-7318 (Siklu EtherHaul devices before 7.4.0 are vulnerable to a remote command ...)
+ TODO: check
+CVE-2017-7317
+ RESERVED
+CVE-2017-7316
+ RESERVED
+CVE-2017-7315
+ RESERVED
+CVE-2017-7314
+ RESERVED
+CVE-2017-7313
+ RESERVED
+CVE-2017-7312
+ RESERVED
+CVE-2017-7311
+ RESERVED
+CVE-2017-7310 (A buffer overflow vulnerability in Import Command in Sync Breeze ...)
+ TODO: check
+CVE-2017-7309
+ RESERVED
+CVE-2017-7307
+ RESERVED
+CVE-2017-7306
+ RESERVED
+CVE-2017-7305
+ RESERVED
+CVE-2017-7304 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed ...)
+ TODO: check
+CVE-2017-7303 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed ...)
+ TODO: check
+CVE-2017-7302 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed ...)
+ TODO: check
+CVE-2017-7301 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed ...)
+ TODO: check
+CVE-2017-7300 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed ...)
+ TODO: check
+CVE-2017-7299 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed ...)
+ TODO: check
+CVE-2016-10309 (In the GUI of Ceragon FibeAir IP-10 (before 7.2.0) devices, a remote ...)
+ TODO: check
+CVE-2016-10308 (Siklu EtherHaul radios before 3.7.1 and 6.x before 6.9.0 have a ...)
+ TODO: check
+CVE-2016-10307 (Trango ApexLynx 2.0, ApexOrion 2.0, GigaLynx 2.0, GigaOrion 2.0, and ...)
+ TODO: check
+CVE-2016-10306 (Trango Altum AC600 devices have a built-in, hidden root account, with a ...)
+ TODO: check
+CVE-2016-10305 (Trango Apex <= 2.1.1, ApexLynx < 2.0, ApexOrion < 2.0, ApexPlus <= ...)
+ TODO: check
+CVE-2016-10304
+ RESERVED
+CVE-2017-7308 (The packet_set_ring function in net/packet/af_packet.c in the Linux ...)
- linux 4.9.18-1
CVE-2017-7298 (In Moodle 3.2.2+, there is XSS in the Course summary filter of the "Add ...)
- moodle <unfixed> (unimportant)
@@ -20,8 +82,8 @@
RESERVED
CVE-2017-7291
RESERVED
-CVE-2017-7290
- RESERVED
+CVE-2017-7290 (SQL injection vulnerability in XOOPS 2.5.7.2 and other versions before ...)
+ TODO: check
CVE-2017-7289
RESERVED
CVE-2017-7288
@@ -160,8 +222,8 @@
RESERVED
CVE-2014-9940
RESERVED
-CVE-2017-7285
- RESERVED
+CVE-2017-7285 (A vulnerability in the network stack of MikroTik Version 6.38.5 ...)
+ TODO: check
CVE-2017-7284
RESERVED
CVE-2017-7283
@@ -252,8 +314,8 @@
RESERVED
CVE-2017-7259
REJECTED
-CVE-2017-7258
- RESERVED
+CVE-2017-7258 (HTTP Exploit in eMLi Portal in AuroMeera Technometrix Pvt. Ltd. eMLi ...)
+ TODO: check
CVE-2017-7257 (XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add ...)
NOT-FOR-US: CMS Made Simple
CVE-2017-7256 (XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add ...)
@@ -565,7 +627,7 @@
[jessie] - erlang <no-dsa> (Minor issue)
[wheezy] - erlang <not-affected> (Vulnerable code not present)
NOTE: https://github.com/erlang/otp/pull/1108
-CVE-2017-7184 (The linux-image-* package 4.8.0.41.52 for the Linux kernel on Ubuntu ...)
+CVE-2017-7184 (The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the ...)
- linux 4.9.18-1 (low)
NOTE: Unprivileged user namespaces are disabled in Debian, this only affects
NOTE: non-standard setups
@@ -2646,6 +2708,7 @@
CVE-2017-6370 (TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI in ...)
NOT-FOR-US: Typo3
CVE-2017-6369 (Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 ...)
+ {DSA-3824-1 DLA-879-1}
- firebird2.5 <unfixed> (bug #858641)
- firebird3.0 3.0.1.32609.ds4-14 (bug #858644)
NOTE: http://tracker.firebirdsql.org/browse/CORE-5474
@@ -3908,8 +3971,8 @@
RESERVED
CVE-2017-5901
RESERVED
-CVE-2017-5900
- RESERVED
+CVE-2017-5900 (Cross-site scripting (XSS) vulnerability in the NetComm NB16WV-02 ...)
+ TODO: check
CVE-2017-5896 (Heap-based buffer overflow in the fz_subsample_pixmap function in ...)
{DSA-3797-1}
- mupdf 1.9a+ds1-3 (bug #854734)
@@ -4625,8 +4688,8 @@
NOT-FOR-US: Joomla extension
CVE-2017-5672
RESERVED
-CVE-2017-5671
- RESERVED
+CVE-2017-5671 (Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 ...)
+ TODO: check
CVE-2017-5670
RESERVED
CVE-2017-5669 (The do_shmat function in ipc/shm.c in the Linux kernel through 4.9.12 ...)
@@ -6391,8 +6454,7 @@
[wheezy] - ark <not-affected> (Vulnerable code introduced later)
NOTE: Fixed by: https://cgit.kde.org/ark.git/commit/?id=82fdfd24d46966a117fa625b68784735a40f9065
NOTE: "Open File" action introduced in https://cgit.kde.org/ark.git/commit/?id=f1cf10f25af245823f81b8ff457a04c7593dede7 (v15.11.80)
-CVE-2017-5226 [escape via TIOCSTI ioctl]
- RESERVED
+CVE-2017-5226 (When executing a program via the bubblewrap sandbox, the nonpriv ...)
- bubblewrap 0.1.5-2 (bug #850702)
NOTE: https://github.com/projectatomic/bubblewrap/issues/142
CVE-2017-5207 (Firejail before 0.9.44.4, when running a bandwidth command, allows ...)
@@ -7104,14 +7166,14 @@
RESERVED
CVE-2017-4981
RESERVED
-CVE-2017-4980
- RESERVED
+CVE-2017-4980 (EMC Isilon OneFS is affected by a path traversal vulnerability that may ...)
+ TODO: check
CVE-2017-4979
RESERVED
CVE-2017-4978
RESERVED
-CVE-2017-4977
- RESERVED
+CVE-2017-4977 (EMC RSA Archer Security Operations Management with RSA Unified ...)
+ TODO: check
CVE-2017-4976
RESERVED
CVE-2017-4975
@@ -10122,8 +10184,8 @@
RESERVED
CVE-2016-9925
RESERVED
-CVE-2016-9924
- RESERVED
+CVE-2016-9924 (Zimbra Collaboration Suite (ZCS) before 8.7.4 allows remote attackers ...)
+ TODO: check
CVE-2016-9936 (The unserialize implementation in ext/standard/var.c in PHP 7.x before ...)
- php7.0 7.0.14-1
NOTE: Fixed in PHP 7.0.14 and 7.1.0
@@ -27331,8 +27393,8 @@
NOT-FOR-US: Open-Xchange
CVE-2016-6847 (An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. ...)
NOT-FOR-US: Open-Xchange
-CVE-2016-6846
- RESERVED
+CVE-2016-6846 (Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite ...)
+ TODO: check
CVE-2016-6845 (An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. ...)
NOT-FOR-US: Open-Xchange
CVE-2016-6844 (An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. ...)
@@ -29298,8 +29360,7 @@
NOTE: According to maintainer the fix relies on the fix for CVE-2016-4439
CVE-2016-6350 (OpenBSD 5.8 and 5.9 allows local users to cause a denial of service ...)
NOT-FOR-US: OpenBSD
-CVE-2016-6349 [information exposure for docker containers]
- RESERVED
+CVE-2016-6349 (The machinectl command in oci-register-machine allows local users to ...)
NOT-FOR-US: oci-register-machine
NOTE: http://www.openwall.com/lists/oss-security/2016/07/26/5
NOTE: Requirement is that docker containers would register themselves to
@@ -34363,8 +34424,8 @@
NOT-FOR-US: ApacheMQ Artemis
CVE-2016-4977
RESERVED
-CVE-2016-4976
- RESERVED
+CVE-2016-4976 (Apache Ambari 2.x before 2.4.0 includes KDC administrator passwords on ...)
+ TODO: check
CVE-2016-4975
RESERVED
CVE-2016-4974 (Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS (AMQP 1.0) before ...)
@@ -42128,8 +42189,7 @@
NOTE: http://www.talosintel.com/reports/TALOS-2016-0123/
NOTE: http://www.pidgin.im/news/security/?id=96
NOTE: https://bitbucket.org/pidgin/main/commits/8172584fd640
-CVE-2016-2379
- RESERVED
+CVE-2016-2379 (The Mxit protocol uses weak encryption when encrypting user passwords, ...)
NOTE: Mentioned at http://www.pidgin.im/news/security/?id=96 without further details
CVE-2016-2378 (A buffer overflow vulnerability exists in the handling of the MXIT ...)
{DSA-3620-1 DLA-542-1}
@@ -51253,8 +51313,7 @@
[wheezy] - sudo <not-affected> (Command digests are only supported by version 1.8.7 or higher)
[squeeze] - sudo <not-affected> (Command digests are only supported by version 1.8.7 or higher)
NOTE: http://www.openwall.com/lists/oss-security/2015/11/10/2
-CVE-2015-8234 [Use of MD5 in OpenStack Glance image signature]
- RESERVED
+CVE-2015-8234 (The image signature algorithm in OpenStack Glance 11.0.0 allows remote ...)
- glance <unfixed> (unimportant)
CVE-2015-8219 (The init_tile function in libavcodec/jpeg2000dec.c in FFmpeg before ...)
- ffmpeg 7:2.8.2-1
@@ -62013,8 +62072,7 @@
CVE-2015-4588 (Heap-based buffer overflow in the DecodeImage function in libwmf ...)
{DSA-3302-1 DLA-253-1}
- libwmf 0.2.8.4-10.4 (bug #787644)
-CVE-2015-4556 [buffer overrun in CHICKEN Scheme's string-translate* procedure]
- RESERVED
+CVE-2015-4556 (The string-translate* procedure in the data-structures unit in CHICKEN ...)
- chicken 4.10.0-1 (bug #788833)
[jessie] - chicken <no-dsa> (Minor issue)
[wheezy] - chicken <no-dsa> (Minor issue)
@@ -68510,8 +68568,7 @@
NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=5fc2fede9c7c963c950d8b96dcc0f7af88b4d695
NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd, the embedded copy was fixed upstream in 5.6.5
NOTE: Fix in HHVM: https://github.com/facebook/hhvm/commit/469990b43c294692493f15f8400560fe5d966a02
-CVE-2009-5147
- RESERVED
+CVE-2009-5147 (DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel ...)
{DLA-300-1 DLA-299-1}
- ruby1.8 <removed>
[wheezy] - ruby1.8 <no-dsa> (Minor issue)
@@ -91140,8 +91197,8 @@
[squeeze] - apache2 <not-affected> (no mod_proxy_fcgi in 2.2)
NOTE: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_fcgi.c?r1=1618401&r2=1638818
NOTE: Only exploitable by a malicious fcgi script.
-CVE-2014-3582
- RESERVED
+CVE-2014-3582 (The certificate signing REST API in Apache Ambari before 2.4.0 allows ...)
+ TODO: check
CVE-2014-3581 (The cache_merge_headers_out function in modules/cache/cache_util.c in ...)
{DLA-71-1}
- apache2 2.4.10-3
More information about the Secure-testing-commits
mailing list