[Secure-testing-commits] r51516 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Wed May 10 21:10:15 UTC 2017
Author: sectracker
Date: 2017-05-10 21:10:14 +0000 (Wed, 10 May 2017)
New Revision: 51516
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-05-10 20:13:54 UTC (rev 51515)
+++ data/CVE/list 2017-05-10 21:10:14 UTC (rev 51516)
@@ -1,24 +1,58 @@
-CVE-2017-8890 [dccp/tcp: do not inherit mc_list from parent]
- - linux <unfixed>
- NOTE: Fixed by: https://git.kernel.org/linus/657831ffc38e30092a2d5f03d385d710eb88b09a
-CVE-2017-8876
+CVE-2017-8894
RESERVED
-CVE-2017-8875
+CVE-2017-8893
RESERVED
-CVE-2017-8874
+CVE-2017-8892 (Cross-site scripting (XSS) vulnerability in OpenText Tempo Box 10.0.3 ...)
+ TODO: check
+CVE-2017-8891 (Dropbox Lepton 1.2.1 allows DoS (SEGV and application crash) via a ...)
+ TODO: check
+CVE-2017-8889
RESERVED
+CVE-2017-8888
+ RESERVED
+CVE-2017-8887
+ RESERVED
+CVE-2017-8886
+ RESERVED
+CVE-2017-8885
+ RESERVED
+CVE-2017-8884
+ RESERVED
+CVE-2017-8883
+ RESERVED
+CVE-2017-8882
+ RESERVED
+CVE-2017-8881
+ RESERVED
+CVE-2017-8880
+ RESERVED
+CVE-2017-8879 (Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the ...)
+ TODO: check
+CVE-2017-8878 (ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 ...)
+ TODO: check
+CVE-2017-8877 (ASUS RT-AC* and RT-N* devices with firmware through 3.0.0.4.380.7378 ...)
+ TODO: check
+CVE-2017-8890 (The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in ...)
+ - linux <unfixed>
+ NOTE: Fixed by: https://git.kernel.org/linus/657831ffc38e30092a2d5f03d385d710eb88b09a
+CVE-2017-8876 (Symphony 2 2.6.11 has XSS in the meta[navigation_group] parameter to ...)
+ TODO: check
+CVE-2017-8875 (CSRF in the Clean Login plugin before 1.8 for WordPress allows remote ...)
+ TODO: check
+CVE-2017-8874 (Multiple cross-site request forgery (CSRF) vulnerabilities in Mautic ...)
+ TODO: check
CVE-2017-8873
RESERVED
-CVE-2017-8872
- RESERVED
+CVE-2017-8872 (The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 ...)
+ TODO: check
CVE-2017-8871
RESERVED
CVE-2017-8870
RESERVED
CVE-2017-8869
RESERVED
-CVE-2017-8868
- RESERVED
+CVE-2017-8868 (acp/core/files.browser.php in flatCore 1.4.7 allows file deletion via ...)
+ TODO: check
CVE-2017-8867
RESERVED
CVE-2017-8866
@@ -43,8 +77,8 @@
NOT-FOR-US: Veritas NetBackup
CVE-2017-8856 (In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and ...)
NOT-FOR-US: Veritas NetBackup
-CVE-2016-10371
- RESERVED
+CVE-2016-10371 (The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in ...)
+ TODO: check
CVE-2017-1000044 [Incorrect boundaries check when updating framebuffer]
- gtk-vnc 0.4.3-1
NOTE: Fixed by: https://git.gnome.org/browse/gtk-vnc/commit/?id=f3fc5e57a78d4be9872f1394f697b9929873a737 (release-0.4.3)
@@ -55,8 +89,8 @@
- wolfssl 3.10.2+dfsg-1
CVE-2017-8853 (Fiyo CMS v2.0.7 has an arbitrary file delete vulnerability in ...)
NOT-FOR-US: Fiyo CMS
-CVE-2017-8852
- RESERVED
+CVE-2017-8852 (SAP SAPCAR 721.510 has a Heap Based Buffer Overflow Vulnerability. It ...)
+ TODO: check
CVE-2017-8851
RESERVED
CVE-2017-8850
@@ -283,7 +317,7 @@
CVE-2017-8777
RESERVED
CVE-2017-8779 (rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through ...)
- {DSA-3845-1}
+ {DSA-3845-1 DLA-937-1 DLA-936-1}
- rpcbind 0.2.3-0.6 (bug #861835)
- libtirpc 0.2.5-1.2 (bug #861834)
- ntirpc <unfixed> (bug #861836)
@@ -1169,7 +1203,7 @@
RESERVED
CVE-2017-8386
RESERVED
- {DSA-3848-1}
+ {DSA-3848-1 DLA-938-1}
- git 1:2.11.0-3
NOTE: http://lkml.iu.edu/hypermail/linux/kernel/1705.1/01337.html
NOTE: http://lkml.iu.edu/hypermail/linux/kernel/1705.1/01346.html
@@ -2563,16 +2597,13 @@
NOT-FOR-US: SourceBans++
CVE-2017-7890
RESERVED
-CVE-2017-7888
- RESERVED
+CVE-2017-7888 (Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which ...)
- dolibarr <unfixed>
NOTE: http://www.openwall.com/lists/oss-security/2017/05/10/6
-CVE-2017-7887
- RESERVED
+CVE-2017-7887 (Dolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall ...)
- dolibarr <unfixed>
NOTE: http://www.openwall.com/lists/oss-security/2017/05/10/6
-CVE-2017-7886
- RESERVED
+CVE-2017-7886 (Dolibarr ERP/CRM 4.0.4 has SQL Injection in ...)
- dolibarr <unfixed>
NOTE: http://www.openwall.com/lists/oss-security/2017/05/10/6
CVE-2017-7885 (Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to ...)
@@ -3088,8 +3119,8 @@
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=8fc0af859de4993951a915ad735be350221f3f53
CVE-2017-7699
RESERVED
-CVE-2017-7698
- RESERVED
+CVE-2017-7698 (A Use After Free in the pdf2swf part of swftools 0.9.2 and earlier ...)
+ TODO: check
CVE-2017-7697 (In libsamplerate before 0.1.9, a buffer over-read occurs in the ...)
- libsamplerate <unfixed> (bug #860159)
[jessie] - libsamplerate <no-dsa> (Minor issue)
@@ -5379,7 +5410,7 @@
[jessie] - apng2gif <no-dsa> (Minor issue; can be fixed via point release)
NOTE: Reproduced on wheezy, jessie and sid.
CVE-2017-6959
- RESERVED
+ REJECTED
CVE-2017-6958 (An XSS vulnerability in the MantisBT Source Integration Plugin (before ...)
NOT-FOR-US: MantisBT Source Integration Plugin
CVE-2017-6957 (Stack-based buffer overflow in the firmware in Broadcom Wi-Fi HardMAC ...)
@@ -8423,10 +8454,10 @@
RESERVED
CVE-2017-5893
RESERVED
-CVE-2017-5892
- RESERVED
-CVE-2017-5891
- RESERVED
+CVE-2017-5892 (ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 ...)
+ TODO: check
+CVE-2017-5891 (ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 ...)
+ TODO: check
CVE-2017-5898 (Integer overflow in the emulated_apdu_from_guest function in ...)
{DLA-845-1 DLA-842-1}
- qemu 1:2.8+dfsg-3 (bug #854729)
@@ -12028,10 +12059,10 @@
RESERVED
CVE-2017-4897
RESERVED
-CVE-2017-4896
- RESERVED
-CVE-2017-4895
- RESERVED
+CVE-2017-4896 (Airwatch Inbox for Android contains a vulnerability that may allow a ...)
+ TODO: check
+CVE-2017-4895 (Airwatch Agent for Android contains a vulnerability that may allow a ...)
+ TODO: check
CVE-2017-4894
RESERVED
CVE-2017-4893
@@ -14114,8 +14145,8 @@
[jessie] - slurm-llnl <no-dsa> (Minor issue)
NOTE: https://www.schedmd.com/news.php?id=178
NOTE: https://github.com/SchedMD/slurm/commit/92362a92fffe60187df61f99ab11c249d44120ee
-CVE-2017-3894
- RESERVED
+CVE-2017-3894 (A stored cross site scripting vulnerability in the Management Console ...)
+ TODO: check
CVE-2017-3893
RESERVED
CVE-2017-3892
@@ -21116,8 +21147,8 @@
RESERVED
CVE-2017-1138
RESERVED
-CVE-2017-1137
- RESERVED
+CVE-2017-1137 (IBM WebSphere Application Server 8.0 and 8.5.5 could provide weaker ...)
+ TODO: check
CVE-2017-1136
RESERVED
CVE-2017-1135
@@ -21184,8 +21215,8 @@
RESERVED
CVE-2017-1104
RESERVED
-CVE-2017-1103
- RESERVED
+CVE-2017-1103 (IBM Team Concert (RTC) is vulnerable to a denial of service, caused by ...)
+ TODO: check
CVE-2017-1102
RESERVED
CVE-2017-1101
@@ -24913,8 +24944,8 @@
NOT-FOR-US: F5 BIG-IP
CVE-2016-9251 (In F5 BIG-IP 12.0.0 through 12.1.2, an authenticated attacker may be ...)
NOT-FOR-US: F5
-CVE-2016-9250
- RESERVED
+CVE-2016-9250 (In F5 BIG-IP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through 12.1.2, ...)
+ TODO: check
CVE-2016-9249 (An undisclosed traffic pattern received by a BIG-IP Virtual Server ...)
NOT-FOR-US: F5
CVE-2016-9248
@@ -35404,12 +35435,12 @@
NOT-FOR-US: IBM
CVE-2016-6038 (Directory traversal vulnerability in Eclipse Help in IBM Tivoli ...)
NOT-FOR-US: Tivoli
-CVE-2016-6037
- RESERVED
+CVE-2016-6037 (IBM Rational Team Concert (RTC) is vulnerable to HTML injection. A ...)
+ TODO: check
CVE-2016-6036 (IBM Rational Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to ...)
NOT-FOR-US: IBM
-CVE-2016-6035
- RESERVED
+CVE-2016-6035 (IBM Rational Quality Manager is vulnerable to cross-site scripting. ...)
+ TODO: check
CVE-2016-6034 (IBM Tivoli Storage Manager for Virtual Environments (VMware) could ...)
NOT-FOR-US: IBM
CVE-2016-6033 (IBM Tivoli Storage Manager for Virtual Environments 7.1 (VMware) is ...)
@@ -35700,10 +35731,10 @@
RESERVED
CVE-2016-5890 (IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before ...)
NOT-FOR-US: IBM
-CVE-2016-5889
- RESERVED
-CVE-2016-5888
- RESERVED
+CVE-2016-5889 (IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site ...)
+ TODO: check
+CVE-2016-5888 (IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site ...)
+ TODO: check
CVE-2016-5887
RESERVED
CVE-2016-5886
@@ -44965,8 +44996,8 @@
NOT-FOR-US: IBM
CVE-2016-3033 (IBM AppScan Source 8.7 through 9.0.3.3 allows remote authenticated ...)
NOT-FOR-US: IBM
-CVE-2016-3032
- RESERVED
+CVE-2016-3032 (IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This ...)
+ TODO: check
CVE-2016-3031 (IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This ...)
NOT-FOR-US: IBM
CVE-2016-3030
More information about the Secure-testing-commits
mailing list