[Secure-testing-commits] r51421 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Mon May 8 21:10:12 UTC 2017 

Author: sectracker
Date: 2017-05-08 21:10:12 +0000 (Mon, 08 May 2017)
New Revision: 51421

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-05-08 20:44:40 UTC (rev 51420)
+++ data/CVE/list	2017-05-08 21:10:12 UTC (rev 51421)
@@ -1,4 +1,40 @@
-CVE-2016-10369 [insecure use of /tmp for socket files]
+CVE-2017-8851
+	RESERVED
+CVE-2017-8850
+	RESERVED
+CVE-2017-8849
+	RESERVED
+CVE-2017-8848 (Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a ...)
+	TODO: check
+CVE-2017-8847 (The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in ...)
+	TODO: check
+CVE-2017-8846 (The read_stream function in stream.c in liblrzip.so in lrzip 0.631 ...)
+	TODO: check
+CVE-2017-8845 (The lzo1x_decompress function in lzo1x_d.ch in LZO 2.08, as used in ...)
+	TODO: check
+CVE-2017-8844 (The read_1g function in stream.c in liblrzip.so in lrzip 0.631 allows ...)
+	TODO: check
+CVE-2017-8843 (The join_pthread function in stream.c in liblrzip.so in lrzip 0.631 ...)
+	TODO: check
+CVE-2017-8842 (The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in ...)
+	TODO: check
+CVE-2017-8841
+	RESERVED
+CVE-2017-8840
+	RESERVED
+CVE-2017-8839
+	RESERVED
+CVE-2017-8838
+	RESERVED
+CVE-2017-8837
+	RESERVED
+CVE-2017-8836
+	RESERVED
+CVE-2017-8835
+	RESERVED
+CVE-2016-10370
+	RESERVED
+CVE-2016-10369 (unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a ...)
 	- lxterminal <unfixed> (bug #862098)
 	NOTE: Fixed by: https://git.lxde.org/gitweb/?p=lxde/lxterminal.git;a=commit;h=f99163c6ff8b2f57c5f37b1ce5d62cf7450d4648
 CVE-2017-8834
@@ -19,8 +55,8 @@
 	NOT-FOR-US: GenixCMS
 CVE-2017-8826
 	RESERVED
-CVE-2017-8825
-	RESERVED
+CVE-2017-8825 (A null dereference vulnerability has been found in the MIME handling ...)
+	TODO: check
 CVE-2017-8824
 	RESERVED
 CVE-2017-8823
@@ -5207,8 +5243,8 @@
 	NOT-FOR-US: wordpress Anyone plugin
 CVE-2017-6954 (An issue was discovered in includes/component.php in the BuddyPress ...)
 	NOT-FOR-US: wordpress buddypress docs plugin
-CVE-2017-6953
-	RESERVED
+CVE-2017-6953 (Gemalto SmartDiag Diagnosis Tool v2.5 has a stack-based Buffer Overflow ...)
+	TODO: check
 CVE-2017-6952 (Integer overflow in the cs_winkernel_malloc function in winkernel_mm.c ...)
 	- capstone <not-affected> (Vulnerable code not present, in Windows specific distribution)
 CVE-2017-9999
@@ -7723,8 +7759,8 @@
 	RESERVED
 CVE-2017-6052 (A Man-in-the-Middle issue was discovered in Hyundai Motor America Blue ...)
 	NOT-FOR-US: Hyundai
-CVE-2017-6051
-	RESERVED
+CVE-2017-6051 (An Uncontrolled Search Path Element issue was discovered in BLF-Tech ...)
+	TODO: check
 CVE-2017-6050
 	RESERVED
 CVE-2017-6049
@@ -21412,18 +21448,18 @@
 	RESERVED
 CVE-2017-0896
 	RESERVED
-CVE-2017-0895
-	RESERVED
-CVE-2017-0894
-	RESERVED
-CVE-2017-0893
-	RESERVED
-CVE-2017-0892
-	RESERVED
-CVE-2017-0891
-	RESERVED
-CVE-2017-0890
-	RESERVED
+CVE-2017-0895 (Nextcloud Server before 10.0.4 and 11.0.2 are vulnerable to disclosure ...)
+	TODO: check
+CVE-2017-0894 (Nextcloud Server before 11.0.3 is vulnerable to disclosure of valid ...)
+	TODO: check
+CVE-2017-0893 (Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are shipping a ...)
+	TODO: check
+CVE-2017-0892 (Nextcloud Server before 11.0.3 is vulnerable to an improper session ...)
+	TODO: check
+CVE-2017-0891 (Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are vulnerable to ...)
+	TODO: check
+CVE-2017-0890 (Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping ...)
+	TODO: check
 CVE-2017-0889
 	RESERVED
 CVE-2017-0888 (Nextcloud Server before 9.0.55 and 10.0.2 suffers from a ...)
@@ -24927,7 +24963,7 @@
 	NOT-FOR-US: Siemens SIMATIC WinCC
 CVE-2016-9159 (A vulnerability in SIEMENS SIMATIC S7-300 PN CPUs (all versions ...)
 	NOT-FOR-US: Siemens SIMATIC
-CVE-2016-9158 (A vulnerability in SIEMENS SIMATIC S7-300 PN CPUs (all versions ...)
+CVE-2016-9158 (A vulnerability in SIEMENS SIMATIC S7-300 PN CPUs before V3.X.14 and ...)
 	NOT-FOR-US: Siemens SIMATIC
 CVE-2016-9157 (A vulnerability in Siemens SICAM PAS (all versions including V8.08) ...)
 	NOT-FOR-US: Siemens SICAM PAS
@@ -27905,8 +27941,8 @@
 	NOT-FOR-US: EMC Data Protection Advisor
 CVE-2016-8210
 	RESERVED
-CVE-2016-8209
-	RESERVED
+CVE-2016-8209 (Improper checks for unusual or exceptional conditions in Brocade ...)
+	TODO: check
 CVE-2016-8208
 	RESERVED
 CVE-2016-8207 (A Directory Traversal vulnerability in CliMonitorReportServlet in the ...)
@@ -27919,8 +27955,8 @@
 	NOT-FOR-US: Brocade Network Advisor
 CVE-2016-8203 (A memory corruption in the IPsec code path of Brocade NetIron OS on ...)
 	NOT-FOR-US: Brocade
-CVE-2016-8202
-	RESERVED
+CVE-2016-8202 (A privilege escalation vulnerability in Brocade Fibre Channel SAN ...)
+	TODO: check
 CVE-2016-8201 (A CSRF vulnerability in Brocade Virtual Traffic Manager versions ...)
 	NOT-FOR-US: Brocade
 CVE-2016-7444 (The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS ...)

More information about the Secure-testing-commits mailing list