[Secure-testing-commits] r51731 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Thu May 18 21:10:16 UTC 2017 

Author: sectracker
Date: 2017-05-18 21:10:16 +0000 (Thu, 18 May 2017)
New Revision: 51731

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-05-18 20:56:08 UTC (rev 51730)
+++ data/CVE/list	2017-05-18 21:10:16 UTC (rev 51731)
@@ -1,3 +1,17 @@
+CVE-2017-9072 (Two CalendarXP products have XSS in common parts of HTML files. ...)
+	TODO: check
+CVE-2017-9071 (In MODX Revolution before 2.5.7, an attacker might be able to trigger ...)
+	TODO: check
+CVE-2017-9070 (In MODX Revolution before 2.5.7, a user with resource edit permissions ...)
+	TODO: check
+CVE-2017-9069 (In MODX Revolution before 2.5.7, a user with file upload permissions is ...)
+	TODO: check
+CVE-2017-9068 (In MODX Revolution before 2.5.7, an attacker is able to trigger ...)
+	TODO: check
+CVE-2017-9067 (In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is ...)
+	TODO: check
+CVE-2017-9060
+	RESERVED
 CVE-2017-9059 (The NFSv4 implementation in the Linux kernel through 4.11.1 allows ...)
 	- linux <unfixed>
 CVE-2017-9057
@@ -101,27 +115,27 @@
 	NOT-FOR-US: HooHoo Trip Mate
 CVE-2017-9025 (Heap buffer overflow in vshttpd (aka ioos) in HooToo Trip Mate 6 (TM6) ...)
 	NOT-FOR-US: HooHoo Trip Mate
-CVE-2017-9066
+CVE-2017-9066 (In WordPress before 4.7.5, there is insufficient redirect validation in ...)
 	- wordpress 4.7.5+dfsg-1 (bug #862816)
 	NOTE: https://wordpress.org/news/2017/05/wordpress-4-7-5/
 	NOTE: https://github.com/WordPress/WordPress/commit/76d77e927bb4d0f87c7262a50e28d84e01fd2b11
-CVE-2017-9065
+CVE-2017-9065 (In WordPress before 4.7.5, there is a lack of capability checks for ...)
 	- wordpress 4.7.5+dfsg-1 (bug #862816)
 	NOTE: https://wordpress.org/news/2017/05/wordpress-4-7-5/
 	NOTE: https://github.com/WordPress/WordPress/commit/e88a48a066ab2200ce3091b131d43e2fab2460a4
-CVE-2017-9064
+CVE-2017-9064 (In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) ...)
 	- wordpress 4.7.5+dfsg-1 (bug #862816)
 	NOTE: https://wordpress.org/news/2017/05/wordpress-4-7-5/
 	NOTE: https://github.com/WordPress/WordPress/commit/38347d7c580be4cdd8476e4bbc653d5c79ed9b67
-CVE-2017-9063
+CVE-2017-9063 (In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability ...)
 	- wordpress 4.7.5+dfsg-1 (bug #862816)
 	NOTE: https://wordpress.org/news/2017/05/wordpress-4-7-5/
 	NOTE: https://github.com/WordPress/WordPress/commit/3d10fef22d788f29aed745b0f5ff6f6baea69af3
-CVE-2017-9062
+CVE-2017-9062 (In WordPress before 4.7.5, there is improper handling of post meta data ...)
 	- wordpress 4.7.5+dfsg-1 (bug #862816)
 	NOTE: https://wordpress.org/news/2017/05/wordpress-4-7-5/
 	NOTE: https://github.com/WordPress/WordPress/commit/3d95e3ae816f4d7c638f40d3e936a4be19724381
-CVE-2017-9061
+CVE-2017-9061 (In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability ...)
 	- wordpress 4.7.5+dfsg-1 (bug #862816)
 	NOTE: https://wordpress.org/news/2017/05/wordpress-4-7-5/
 	NOTE: https://github.com/WordPress/WordPress/commit/8c7ea71edbbffca5d9766b7bea7c7f3722ffafa6
@@ -327,7 +341,7 @@
 CVE-2017-8928 (mailcow 0.14, as used in "mailcow: dockerized" and other products, has ...)
 	NOT-FOR-US: mailcow
 CVE-2017-9031 (The WebUI component in Deluge before 1.3.15 contains a directory ...)
-	{DLA-943-1}
+	{DSA-3856-1 DLA-943-1}
 	- deluge 1.3.13+git20161130.48cedf63-3 (bug #862611)
 	NOTE: http://dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.15
 	NOTE: Fixed by: http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable&id=41acade01ae88f7b7bbdba308a0886771aa582fd
@@ -2688,12 +2702,12 @@
 CVE-2017-7977
 	RESERVED
 CVE-2017-7976 (Artifex jbig2dec 0.13 allows out-of-bounds writes and reads because of ...)
-	{DLA-942-1}
+	{DSA-3855-1 DLA-942-1}
 	- jbig2dec 0.13-4.1 (bug #860787)
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697683
 	NOTE: Fixed by: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ed6c5133a1004ce8d
 CVE-2017-7975 (Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds ...)
-	{DLA-942-1}
+	{DSA-3855-1 DLA-942-1}
 	- jbig2dec 0.13-4.1 (bug #860788)
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697693
 	NOTE: Fixed by: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5e57e483298dae8b
@@ -3046,7 +3060,7 @@
 	- dolibarr <unfixed>
 	NOTE: http://www.openwall.com/lists/oss-security/2017/05/10/6
 CVE-2017-7885 (Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to ...)
-	{DLA-942-1}
+	{DSA-3855-1 DLA-942-1}
 	- jbig2dec 0.13-4.1 (bug #860460)
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697703
 	NOTE: Fixed by: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=b184e783702246e15
@@ -4097,8 +4111,8 @@
 	RESERVED
 CVE-2017-7504
 	RESERVED
-CVE-2017-7503
-	RESERVED
+CVE-2017-7503 (It was found that the Red Hat JBoss EAP 7.0.5 implementation of ...)
+	TODO: check
 CVE-2017-7502
 	RESERVED
 CVE-2017-7501
@@ -4339,8 +4353,8 @@
 	RESERVED
 CVE-2017-7434
 	RESERVED
-CVE-2017-7433
-	RESERVED
+CVE-2017-7433 (An absolute path traversal vulnerability (CWE-36) in Micro Focus Vibe ...)
+	TODO: check
 CVE-2017-7432 (Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager ...)
 	NOT-FOR-US: Novell Novell iManager and NetIQ iManager
 CVE-2017-7431 (Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager ...)
@@ -5389,7 +5403,7 @@
 	NOTE: https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_ucd.c?r1=316&r2=670&sortby=date (for pcre2)
 	NOTE: https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_internal.h?r1=600&r2=670&sortby=date (for pcre2)
 CVE-2017-7178 (CSRF was discovered in the web UI in Deluge before 1.3.14. The ...)
-	{DLA-863-1}
+	{DSA-3856-1 DLA-863-1}
 	- deluge 1.3.13+git20161130.48cedf63-2 (bug #857903)
 	NOTE: http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable&id=318ab179865e0707d7945edc3a13a464a108d583
 CVE-2017-XXXX ["Clean metadata" contextual menu silently fails]
@@ -6569,8 +6583,7 @@
 	RESERVED
 CVE-2017-6653
 	RESERVED
-CVE-2017-6652
-	RESERVED
+CVE-2017-6652 (A vulnerability in the web framework of the Cisco TelePresence IX5000 ...)
 	NOT-FOR-US: Cisco
 CVE-2017-6651 (A vulnerability in Cisco WebEx Meetings Server could allow ...)
 	NOT-FOR-US: Cisco
@@ -6628,14 +6641,11 @@
 	NOT-FOR-US: Cisco
 CVE-2017-6624 (A vulnerability in Cisco IOS 15.5(3)M Software for Cisco CallManager ...)
 	NOT-FOR-US: Cisco
-CVE-2017-6623
-	RESERVED
+CVE-2017-6623 (A vulnerability in a script file that is installed as part of the Cisco ...)
 	NOT-FOR-US: Cisco
-CVE-2017-6622
-	RESERVED
+CVE-2017-6622 (A vulnerability in the web interface for Cisco Prime Collaboration ...)
 	NOT-FOR-US: Cisco
-CVE-2017-6621
-	RESERVED
+CVE-2017-6621 (A vulnerability in the web interface of Cisco Prime Collaboration ...)
 	NOT-FOR-US: Cisco
 CVE-2017-6620 (A vulnerability in the remote management access control list (ACL) ...)
 	NOT-FOR-US: Cisco
@@ -14346,8 +14356,8 @@
 	RESERVED
 CVE-2017-3981
 	RESERVED
-CVE-2017-3980
-	RESERVED
+CVE-2017-3980 (A directory traversal vulnerability in the ePO Extension in McAfee ...)
+	TODO: check
 CVE-2017-3979
 	RESERVED
 CVE-2017-3978
@@ -15780,7 +15790,7 @@
 CVE-2017-3590 (Vulnerability in the MySQL Connectors component of Oracle MySQL ...)
 	- mysql-connector-python <unfixed> (bug #861511)
 CVE-2017-3589 (Vulnerability in the MySQL Connectors component of Oracle MySQL ...)
-	{DLA-945-1}
+	{DSA-3857-1 DLA-945-1}
 	- mysql-connector-java 5.1.42-1
 CVE-2017-3588
 	RESERVED
@@ -15789,7 +15799,7 @@
 	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
 	[wheezy] - virtualbox <end-of-life> (DSA 3454)
 CVE-2017-3586 (Vulnerability in the MySQL Connectors component of Oracle MySQL ...)
-	{DLA-945-1}
+	{DSA-3857-1 DLA-945-1}
 	- mysql-connector-java 5.1.42-1
 CVE-2017-3585 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of ...)
 	NOT-FOR-US: Solaris
@@ -16527,7 +16537,7 @@
 	NOT-FOR-US: Oracle
 CVE-2017-3285 (Vulnerability in the Oracle Service Fulfillment Manager component of ...)
 	NOT-FOR-US: Oracle
-CVE-2017-3284 (Vulnerability in the Oracle Fulfillment Manager component of Oracle ...)
+CVE-2017-3284 (Vulnerability in the Oracle Service Fulfillment Manager component of ...)
 	NOT-FOR-US: Oracle
 CVE-2017-3283 (Vulnerability in the Oracle Partner Management component of Oracle ...)
 	NOT-FOR-US: Oracle
@@ -49684,7 +49694,7 @@
 	- symfony 2.7.9+dfsg-1
 	NOTE: http://symfony.com/blog/cve-2016-1902-securerandom-s-fallback-not-secure-when-openssl-fails
 	NOTE: https://github.com/symfony/symfony/pull/17359
-CVE-2016-1906 (The API server in Kubernetes might allow remote attackers to gain ...)
+CVE-2016-1906 (Openshift allows remote attackers to gain privileges by updating a ...)
 	- kubernetes <not-affected> (Openshift Specific)
 	NOTE: https://github.com/openshift/origin/issues/6556
 	NOTE: https://github.com/openshift/origin/pull/6576

More information about the Secure-testing-commits mailing list