[Secure-testing-commits] r50209 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Thu Mar 30 21:10:15 UTC 2017
Author: sectracker
Date: 2017-03-30 21:10:15 +0000 (Thu, 30 Mar 2017)
New Revision: 50209
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-03-30 19:09:41 UTC (rev 50208)
+++ data/CVE/list 2017-03-30 21:10:15 UTC (rev 50209)
@@ -1,3 +1,43 @@
+CVE-2017-7344
+ RESERVED
+CVE-2017-7343
+ RESERVED
+CVE-2017-7342
+ RESERVED
+CVE-2017-7341
+ RESERVED
+CVE-2017-7340
+ RESERVED
+CVE-2017-7339
+ RESERVED
+CVE-2017-7338
+ RESERVED
+CVE-2017-7337
+ RESERVED
+CVE-2017-7336
+ RESERVED
+CVE-2017-7335
+ RESERVED
+CVE-2017-7334
+ RESERVED
+CVE-2017-7333
+ RESERVED
+CVE-2017-7332
+ RESERVED
+CVE-2017-7331
+ RESERVED
+CVE-2017-7330
+ RESERVED
+CVE-2017-7329
+ RESERVED
+CVE-2017-7328
+ RESERVED
+CVE-2017-7327
+ RESERVED
+CVE-2017-7326
+ RESERVED
+CVE-2017-7325
+ RESERVED
CVE-2017-7324 (setup/templates/findcore.php in MODX Revolution 2.5.4-pl and earlier ...)
NOT-FOR-US: MODX Revolution
CVE-2017-7323 (The (1) update and (2) package-installation features in MODX ...)
@@ -386,8 +426,8 @@
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2596
CVE-2017-7254
RESERVED
-CVE-2017-7253
- RESERVED
+CVE-2017-7253 (Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: ...)
+ TODO: check
CVE-2017-7252
RESERVED
CVE-2017-7251 (A Cross-Site Scripting (XSS) was discovered in pi-engine/pi 2.5.0. The ...)
@@ -2622,8 +2662,8 @@
CVE-2017-6413 (The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka ...)
- libapache2-mod-auth-openidc 2.1.6-1
NOTE: https://github.com/pingidentity/mod_auth_openidc/commit/21e3728a825c41ab41efa75e664108051bb9665e
-CVE-2017-6412
- RESERVED
+CVE-2017-6412 (In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could ...)
+ TODO: check
CVE-2017-6411 (Cross Site Request Forgery (CSRF) on D-Link DSL-2730U C1 IN_1.00 ...)
NOT-FOR-US: D-Link
CVE-2017-6410 (kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls ...)
@@ -3240,12 +3280,12 @@
NOT-FOR-US: Bitdefender
CVE-2017-6185
RESERVED
-CVE-2017-6184
- RESERVED
-CVE-2017-6183
- RESERVED
-CVE-2017-6182
- RESERVED
+CVE-2017-6184 (In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the ...)
+ TODO: check
+CVE-2017-6183 (In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the ...)
+ TODO: check
+CVE-2017-6182 (In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the ...)
+ TODO: check
CVE-2017-6181
RESERVED
CVE-2017-6180 (Keekoon KK002 devices 1.8.12 HD have a Cross Site Request Forgery ...)
@@ -3633,7 +3673,8 @@
RESERVED
CVE-2017-6007
RESERVED
-CVE-2017-6006 (Symphony 2.6.11 has XSS in publish/articles/new/ via the Body field. ...)
+CVE-2017-6006
+ REJECTED
NOT-FOR-US: Symphony CMS
CVE-2017-6005
RESERVED
@@ -6498,10 +6539,10 @@
RESERVED
CVE-2017-5186
RESERVED
-CVE-2017-5185
- RESERVED
-CVE-2017-5184
- RESERVED
+CVE-2017-5185 (A vulnerability was discovered in NetIQ Sentinel Server 8.0 before ...)
+ TODO: check
+CVE-2017-5184 (A vulnerability was discovered in NetIQ Sentinel Server 8.0 before ...)
+ TODO: check
CVE-2017-5183
RESERVED
CVE-2017-5182 (Remote Manager in Open Enterprise Server (OES) allows unauthenticated ...)
@@ -19907,18 +19948,18 @@
- tiff3 <not-affected> (tiff3 not shipping tools)
NOTE: https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-5173a9b3b48146e4fd86d7b9b346115e
CVE-2016-9535 (tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that ...)
- {DLA-795-1}
+ {DLA-880-1 DLA-795-1}
- tiff 4.0.7-1
- tiff3 <removed>
NOTE: https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1
NOTE: https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33
CVE-2016-9534 (tif_write.c in libtiff 4.0.6 has an issue in the error code path of ...)
- {DSA-3762-1 DLA-795-1}
+ {DSA-3762-1 DLA-880-1 DLA-795-1}
- tiff 4.0.7-1
- tiff3 <removed>
NOTE: https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-5be5ce02d0dea67050d5b2a10102d1ba
CVE-2016-9533 (tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities ...)
- {DSA-3762-1 DLA-795-1}
+ {DSA-3762-1 DLA-880-1 DLA-795-1}
- tiff 4.0.7-1
- tiff3 <removed>
NOTE: https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-bdc795f6afeb9558c1012b3cfae729ef
@@ -25421,10 +25462,10 @@
NOTE: Default shell is dash which is not vulnerable, but bash in Jessie and
NOTE: Wheezy are affected.
NOTE: Fixed by (4.3): https://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-048
-CVE-2016-7542
- RESERVED
-CVE-2016-7541
- RESERVED
+CVE-2016-7542 (A read-only administrator on Fortinet devices with FortiOS 5.2.x ...)
+ TODO: check
+CVE-2016-7541 (Long lived sessions in Fortinet FortiGate devices with FortiOS 5.x ...)
+ TODO: check
CVE-2016-7512
RESERVED
CVE-2016-7511 (Integer overflow in the dwarf_die_deliv.c in libdwarf 20160613 allows ...)
@@ -33312,96 +33353,73 @@
- linux <not-affected> (Vulnerable code never present, introduced and fixed in 3.16 development cycle)
NOTE: Introduced by: https://git.kernel.org/linus/bc07c2c6e9ed125d362af0214b6313dca180cb08 (v3.16-rc1)
NOTE: Fixed by (revert of commit): https://git.kernel.org/linus/5a0fdfada3a2aa50d7b947a2e958bf00cbe0d830 (v3.16-rc1)
-CVE-2014-9804 [Avoid a DOS in vision.c due to an infinite loop]
- RESERVED
+CVE-2014-9804 (vision.c in ImageMagick allows remote attackers to cause a denial of ...)
- imagemagick 8:6.8.9.9-4 (bug #773834)
[wheezy] - imagemagick <not-affected> (Vulnerable code introduced later)
-CVE-2014-9805 [Avoid a SEGV due to a corrupted pnm file]
- RESERVED
+CVE-2014-9805 (ImageMagick allows remote attackers to cause a denial of service ...)
{DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
-CVE-2014-9806 [Do not leak fd due to corrupted file]
- RESERVED
+CVE-2014-9806 (ImageMagick allows remote attackers to cause a denial of service (file ...)
{DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
-CVE-2014-9807 [Fix a double free in pdb coder]
- RESERVED
+CVE-2014-9807 (The pdb coder in ImageMagick allows remote attackers to cause a denial ...)
{DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
-CVE-2014-9808 [Fix a SEGV due to corrupted dpc images]
- RESERVED
+CVE-2014-9808 (ImageMagick allows remote attackers to cause a denial of service ...)
{DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
-CVE-2014-9809 [Fix a SEGV due to corrupted xwd images]
- RESERVED
+CVE-2014-9809 (ImageMagick allows remote attackers to cause a denial of service ...)
{DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
-CVE-2014-9810 [Fix a SEGV in dpx file handler]
- RESERVED
+CVE-2014-9810 (The dpx file handler in ImageMagick allows remote attackers to cause a ...)
{DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
-CVE-2014-9811 [Fix a SEGV in malformed xwd file handler]
- RESERVED
+CVE-2014-9811 (The xwd file handler in ImageMagick allows remote attackers to cause a ...)
{DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
-CVE-2014-9812 [Avoid a NULL pointer dereference in ps file handling]
- RESERVED
+CVE-2014-9812 (ImageMagick allows remote attackers to cause a denial of service (NULL ...)
{DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
-CVE-2014-9813 [Fix a crash with corrupted viff file]
- RESERVED
+CVE-2014-9813 (ImageMagick allows remote attackers to cause a denial of service ...)
{DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
-CVE-2014-9814 [Fix a NULL pointer dereference in wpg file handling]
- RESERVED
+CVE-2014-9814 (ImageMagick allows remote attackers to cause a denial of service (NULL ...)
{DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
-CVE-2014-9815 [Do not continue on corrupted wpg file]
- RESERVED
+CVE-2014-9815 (ImageMagick allows remote attackers to cause a denial of service ...)
{DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
-CVE-2014-9816 [Avoid an out of bound access in viff image]
- RESERVED
+CVE-2014-9816 (ImageMagick allows remote attackers to cause a denial of service ...)
{DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
-CVE-2014-9817 [Avoid a heap buffer overflow in pdb file handling]
- RESERVED
+CVE-2014-9817 (Heap-based buffer overflow in ImageMagick allows remote attackers to ...)
{DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
-CVE-2014-9818 [Avoid an out of bound access on malformed sun file]
- RESERVED
+CVE-2014-9818 (ImageMagick allows remote attackers to cause a denial of service ...)
{DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
-CVE-2014-9819 [Avoid heap overflow in palm files]
- RESERVED
+CVE-2014-9819 (Heap-based buffer overflow in ImageMagick allows remote attackers to ...)
{DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
-CVE-2014-9820 [Avoid heap overflow in pnm files]
- RESERVED
+CVE-2014-9820 (Heap-based buffer overflow in ImageMagick allows remote attackers to ...)
- imagemagick 8:6.8.9.9-4 (bug #773834)
[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
-CVE-2014-9821 [Avoid heap overflow in xpm files]
- RESERVED
+CVE-2014-9821 (Heap-based buffer overflow in ImageMagick allows remote attackers to ...)
{DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
-CVE-2014-9822 [Fix heap overflow in quantum file]
- RESERVED
+CVE-2014-9822 (Heap-based buffer overflow in ImageMagick allows remote attackers to ...)
{DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
-CVE-2014-9823 [Fix heap overflow in palm file]
- RESERVED
+CVE-2014-9823 (Heap-based buffer overflow in ImageMagick allows remote attackers to ...)
{DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
-CVE-2014-9824 [Fix heap overflow in psd file]
- RESERVED
+CVE-2014-9824 (Heap-based buffer overflow in ImageMagick allows remote attackers to ...)
{DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
-CVE-2014-9825 [Fix handling of corrupted of psd file]
- RESERVED
+CVE-2014-9825 (Heap-based buffer overflow in ImageMagick allows remote attackers to ...)
- imagemagick 8:6.8.9.9-4 (bug #773834)
[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
-CVE-2014-9826 [Fix handling of corrupted of sun file]
- RESERVED
+CVE-2014-9826 (ImageMagick allows remote attackers to have unspecified impact via ...)
{DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
[wheezy] - imagemagick <no-dsa> (No apparent security impact)
@@ -43771,28 +43789,28 @@
NOTE: Introduced in https://git.kernel.org/linus/3d167d68e3805ee45ed2e8412fc03ed919c54c24 (v3.13-rc1)
NOTE: Fixed by: https://git.kernel.org/linus/0d62e9dd6da45bbf0f33a8617afc5fe774c8f45f (v4.3-rc1)
CVE-2015-8783 (tif_luv.c in libtiff allows attackers to cause a denial of service ...)
- {DSA-3467-1 DLA-405-1}
+ {DSA-3467-1 DLA-880-1 DLA-405-1}
- tiff 4.0.6-1
- tiff3 <removed>
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2522
NOTE: Commit: https://github.com/vadz/libtiff/commit/aaab5c3c9d2a2c6984f23ccbc79702610439bc65
NOTE: http://www.openwall.com/lists/oss-security/2016/01/24/3
CVE-2015-8782 (tif_luv.c in libtiff allows attackers to cause a denial of service ...)
- {DSA-3467-1 DLA-405-1}
+ {DSA-3467-1 DLA-880-1 DLA-405-1}
- tiff 4.0.6-1
- tiff3 <removed>
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2522
NOTE: Commit: https://github.com/vadz/libtiff/commit/aaab5c3c9d2a2c6984f23ccbc79702610439bc65
NOTE: http://www.openwall.com/lists/oss-security/2016/01/24/3
CVE-2015-8781 (tif_luv.c in libtiff allows attackers to cause a denial of service ...)
- {DSA-3467-1 DLA-405-1}
+ {DSA-3467-1 DLA-880-1 DLA-405-1}
- tiff 4.0.6-1
- tiff3 <removed>
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2522#0
NOTE: Commit: https://github.com/vadz/libtiff/commit/aaab5c3c9d2a2c6984f23ccbc79702610439bc65
NOTE: http://www.openwall.com/lists/oss-security/2016/01/24/3
CVE-2015-8784 (The NeXTDecode function in tif_next.c in LibTIFF allows remote ...)
- {DSA-3467-1 DLA-405-1}
+ {DSA-3467-1 DLA-880-1 DLA-405-1}
- tiff 4.0.6-1
- tiff3 <removed>
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2508
More information about the Secure-testing-commits
mailing list