[Secure-testing-commits] r51852 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Mon May 22 21:10:14 UTC 2017 

Author: sectracker
Date: 2017-05-22 21:10:14 +0000 (Mon, 22 May 2017)
New Revision: 51852

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-05-22 20:37:48 UTC (rev 51851)
+++ data/CVE/list	2017-05-22 21:10:14 UTC (rev 51852)
@@ -1,15 +1,25 @@
-CVE-2017-9144 [Check for EOF conditions for RLE image format]
+CVE-2017-9149 (Metadata Anonymisation Toolkit (MAT) 0.6 and 0.6.1 silently fails to ...)
+	TODO: check
+CVE-2017-9148
+	RESERVED
+CVE-2017-9147 (LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in ...)
+	TODO: check
+CVE-2017-9146 (The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through ...)
+	TODO: check
+CVE-2017-9145
+	RESERVED
+CVE-2017-9144 (In ImageMagick 7.0.5-5, a crafted RLE image can trigger a crash because ...)
 	- imagemagick <unfixed> (bug #863126)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/7fdf9ea808caa3c81a0eb42656e5fafc59084198
-CVE-2017-9142 [A crafted file revealed an assertion failure in blob.c]
+CVE-2017-9142 (In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion ...)
 	- imagemagick <unfixed> (bug #863125)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/490
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/72f5c8632bff2daf3c95005f9b4cf2982786b52a
-CVE-2017-9141 [A crafted file revealed an assertion failure in profile.c]
+CVE-2017-9141 (In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion ...)
 	- imagemagick <unfixed> (bug #863124)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/489
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/f5910e91b0778e03ded45b9022be8eb8f77942cd
-CVE-2017-9143 [Specially crafted arts file could lead to memory leak]
+CVE-2017-9143 (In ImageMagick 7.0.5-5, the ReadARTImage function in coders/art.c ...)
 	- imagemagick <unfixed> (bug #863123)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/456
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/7b8c1df65b25d6671f113e2306982eded44ce3b4
@@ -930,6 +940,7 @@
 CVE-2017-8799 (Untrusted input execution via igetwild in all iRODS versions before ...)
 	NOT-FOR-US: iRODS
 CVE-2017-8798 (Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through ...)
+	{DLA-949-1}
 	- miniupnpc 1.9.20140610-3 (bug #862273)
 	NOTE: https://github.com/tintinweb/pub/blob/master/pocs/cve-2017-8798/Readme.md
 	NOTE: Fixed by: https://github.com/miniupnp/miniupnp/commit/f0f1f4b22d6a98536377a1bb07e7c20e4703d229
@@ -3941,7 +3952,7 @@
 	NOT-FOR-US: dde-daemon
 CVE-2017-7621 (Cross Site Scripting Vulnerability in core-eMLi in AuroMeera ...)
 	NOT-FOR-US: core-eMLi
-CVE-2017-7620 (MantisBT before 2.4.1 allows Permalink Injection via CSRF attacks on a ...)
+CVE-2017-7620 (MantisBT before 1.3.11, 2.x before 2.3.3, and 2.4.x before 2.4.1 omits ...)
 	- mantis <removed>
 	[wheezy] - mantis <end-of-life> (Not supported in Wheezy LTS)
 	NOTE: https://mantisbt.org/bugs/view.php?id=22909
@@ -4342,7 +4353,7 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1451709
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-05/msg03663.html
 CVE-2017-7492
-	RESERVED
+	REJECTED
 	- resteasy <undetermined>
 CVE-2017-7491 (In Moodle 2.x and 3.x, a CSRF attack is possible that allows attackers ...)
 	- moodle <unfixed>
@@ -6226,8 +6237,8 @@
 	RESERVED
 CVE-2017-6892
 	RESERVED
-CVE-2017-6891
-	RESERVED
+CVE-2017-6891 (Two errors in the "asn1_find_node()" function (lib/parser_aux.c) ...)
+	TODO: check
 CVE-2017-6890 (A boundary error within the "foveon_load_camf()" function ...)
 	TODO: check
 CVE-2017-6889 (An integer overflow error within the "foveon_load_camf()" function ...)
@@ -9882,8 +9893,8 @@
 	NOTE: evaluate related backport to 6.2: https://github.com/apache/trafficserver/pull/1153
 CVE-2017-5658
 	RESERVED
-CVE-2017-5657
-	RESERVED
+CVE-2017-5657 (Several REST service endpoints of Apache Archiva are not protected ...)
+	TODO: check
 CVE-2017-5656 (Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of ...)
 	NOT-FOR-US: Apache CXF
 CVE-2017-5655 (In Ambari 2.2.2 through 2.4.2 and Ambari 2.5.0, sensitive data may be ...)
@@ -12684,10 +12695,10 @@
 	RESERVED
 CVE-2017-4917
 	RESERVED
-CVE-2017-4916
-	RESERVED
-CVE-2017-4915
-	RESERVED
+CVE-2017-4916 (VMware Workstation Pro/Player contains a NULL pointer dereference ...)
+	TODO: check
+CVE-2017-4915 (VMware Workstation Pro/Player contains an insecure library loading ...)
+	TODO: check
 CVE-2017-4914
 	RESERVED
 CVE-2017-4913
@@ -19751,22 +19762,22 @@
 	RESERVED
 CVE-2017-2176
 	RESERVED
-CVE-2017-2175
-	RESERVED
-CVE-2017-2174
-	RESERVED
-CVE-2017-2173
-	RESERVED
+CVE-2017-2175 (Untrusted search path vulnerability in Empirical Project Monitor - ...)
+	TODO: check
+CVE-2017-2174 (Cross-site scripting vulnerability in Empirical Project Monitor - ...)
+	TODO: check
+CVE-2017-2173 (Cross-site scripting vulnerability in Empirical Project Monitor - ...)
+	TODO: check
 CVE-2017-2172
 	RESERVED
-CVE-2017-2171
-	RESERVED
+CVE-2017-2171 (Cross-site scripting vulnerability in Captcha prior to version 4.3.0, ...)
+	TODO: check
 CVE-2017-2170
 	RESERVED
-CVE-2017-2169
-	RESERVED
-CVE-2017-2168
-	RESERVED
+CVE-2017-2169 (Cross-site scripting vulnerability in MaxButtons prior to version 6.19 ...)
+	TODO: check
+CVE-2017-2168 (Cross-site scripting vulnerability in WP Booking System Free version ...)
+	TODO: check
 CVE-2017-2167 (Untrusted search path vulnerability in Installer for PrimeDrive ...)
 	NOT-FOR-US: PrimeDrive
 CVE-2017-2166
@@ -19777,10 +19788,10 @@
 	NOT-FOR-US: SOY CMS
 CVE-2017-2163 (Directory traversal vulnerability in SOY CMS Ver.1.8.1 to Ver.1.8.12 ...)
 	NOT-FOR-US: SOY CMS
-CVE-2017-2162
-	RESERVED
-CVE-2017-2161
-	RESERVED
+CVE-2017-2162 (FlashAirTM SDHC Memory Card (SD-WE Series <W-03>) V3.00.02 and earlier ...)
+	TODO: check
+CVE-2017-2161 (FlashAirTM SDHC Memory Card (SD-WE Series <W-03>) V3.00.02 and earlier ...)
+	TODO: check
 CVE-2017-2160
 	RESERVED
 CVE-2017-2159
@@ -21461,8 +21472,8 @@
 	RESERVED
 CVE-2017-1321
 	RESERVED
-CVE-2017-1320
-	RESERVED
+CVE-2017-1320 (IBM Tivoli Federated Identity Manager 6.2 is vulnerable to cross-site ...)
+	TODO: check
 CVE-2017-1319
 	RESERVED
 CVE-2017-1318
@@ -21523,8 +21534,7 @@
 	RESERVED
 CVE-2017-1290
 	RESERVED
-CVE-2017-1289
-	RESERVED
+CVE-2017-1289 (IBM SDK, Java Technology Edition is vulnerable XML External Entity ...)
 	NOT-FOR-US: IBM JDK
 CVE-2017-1288
 	RESERVED
@@ -21538,8 +21548,8 @@
 	RESERVED
 CVE-2017-1283
 	RESERVED
-CVE-2017-1282
-	RESERVED
+CVE-2017-1282 (IBM Content Navigator & CMIS 2.0 and 3.0 is vulnerable to cross-site ...)
+	TODO: check
 CVE-2017-1281
 	RESERVED
 CVE-2017-1280
@@ -21785,8 +21795,8 @@
 	NOT-FOR-US: IBM
 CVE-2017-1160 (IBM Financial Transaction Manager for ACH Services for Multi-Platform ...)
 	NOT-FOR-US: IBM
-CVE-2017-1159
-	RESERVED
+CVE-2017-1159 (IBM Business Process Manager 8.0 and 8.5 could allow a remote attacker ...)
+	TODO: check
 CVE-2017-1158
 	RESERVED
 CVE-2017-1157
@@ -21919,8 +21929,8 @@
 	RESERVED
 CVE-2017-1093 (IBM AIX 6.1, 7.1, and 7.2 could allow a local user to exploit a ...)
 	NOT-FOR-US: IBM AIX
-CVE-2017-1092
-	RESERVED
+CVE-2017-1092 (IBM Informix Open Admin Tool 11.5, 11.7, and 12.1 could allow an ...)
+	TODO: check
 CVE-2017-1091
 	RESERVED
 CVE-2017-1090
@@ -30445,8 +30455,8 @@
 	RESERVED
 CVE-2016-7805
 	RESERVED
-CVE-2016-7804
-	RESERVED
+CVE-2016-7804 (Untrusted search path vulnerability in 7 Zip for Windows 16.02 and ...)
+	TODO: check
 CVE-2016-7803
 	RESERVED
 CVE-2016-7802
@@ -35967,8 +35977,8 @@
 	RESERVED
 CVE-2016-6113 (IBM Verse is vulnerable to cross-site scripting. This vulnerability ...)
 	NOT-FOR-US: IBM
-CVE-2016-6112
-	RESERVED
+CVE-2016-6112 (IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1, and ...)
+	TODO: check
 CVE-2016-6111 (IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a ...)
 	NOT-FOR-US: IBM
 CVE-2016-6110 (IBM Tivoli Storage Manager undisclosed unencrypted login credentials ...)
@@ -40468,35 +40478,35 @@
 	RESERVED
 CVE-2016-4906
 	RESERVED
-CVE-2016-4905
-	RESERVED
-CVE-2016-4904
-	RESERVED
-CVE-2016-4903
-	RESERVED
+CVE-2016-4905 (SQL injection vulnerability in the WP-OliveCart versions prior to ...)
+	TODO: check
+CVE-2016-4904 (Cross-site request forgery (CSRF) vulnerability in WP-OliveCart ...)
+	TODO: check
+CVE-2016-4903 (Cross-site scripting vulnerability in WP-OliveCart versions prior to ...)
+	TODO: check
 CVE-2016-4902
 	RESERVED
-CVE-2016-4901
-	RESERVED
-CVE-2016-4900
-	RESERVED
+CVE-2016-4901 (Untrusted search path vulnerability in The installer of e-Tax Software ...)
+	TODO: check
+CVE-2016-4900 (Untrusted search path vulnerability in Evernote for Windows versions ...)
+	TODO: check
 CVE-2016-4899 (The datamover module in the Linux version of NovaBACKUP DataCenter ...)
 	NOT-FOR-US: NovaBACKUP
 CVE-2016-4898 (The datamover module in the Linux version of NovaBACKUP DataCenter ...)
 	NOT-FOR-US: NovaBACKUP
 CVE-2016-4897 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
 	NOT-FOR-US: Usermin
-CVE-2016-4896 (SetucoCMS allows remote attackers to alter or disclose information, ...)
+CVE-2016-4896 (SetsucoCMS all versions does not properly manage sessions, which ...)
 	NOT-FOR-US: SetucoCMS
-CVE-2016-4895 (SetucoCMS allows remote authenticated users to execute arbitrary code. ...)
+CVE-2016-4895 (SetsucoCMS all versions allows remote authenticated attackers to ...)
 	NOT-FOR-US: SetucoCMS
-CVE-2016-4894 (SetucoCMS allows remote attackers to cause a denial of service. ...)
+CVE-2016-4894 (SetsucoCMS all versions allows remote attackers to cause a denial of ...)
 	NOT-FOR-US: SetucoCMS
-CVE-2016-4893 (SQL injection vulnerability in SetucoCMS. ...)
+CVE-2016-4893 (SQL injection vulnerability in the SetsucoCMS all versions allows ...)
 	NOT-FOR-US: SetucoCMS
-CVE-2016-4892 (Cross-site scripting (XSS) vulnerability in SetucoCMS. ...)
+CVE-2016-4892 (Cross-site scripting vulnerability in SetsucoCMS all versions allows ...)
 	NOT-FOR-US: SetucoCMS
-CVE-2016-4891 (Cross-site request forgery (CSRF) vulnerability in SetucoCMS. ...)
+CVE-2016-4891 (Cross-site request forgery (CSRF) vulnerability in SetsucoCMS all ...)
 	NOT-FOR-US: SetucoCMS
 CVE-2016-4890 (ZOHO ManageEngine ServiceDesk Plus before 9.2 uses an insecure method ...)
 	NOT-FOR-US: ZOHO ManageEngine ServiceDesk Plus
@@ -40532,28 +40542,28 @@
 	NOT-FOR-US: IVYWE
 CVE-2016-4874 (Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct ...)
 	NOT-FOR-US: Cybozu
-CVE-2016-4873 (The "Project" function in Cybozu Office 9.0.0 through 10.4.0 does not ...)
+CVE-2016-4873 (Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to ...)
 	NOT-FOR-US: Cybozu
-CVE-2016-4872 (The "breadcrumb trail" component in Cybozu Office 9.0.0 through 10.4.0 ...)
+CVE-2016-4872 (Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to ...)
 	NOT-FOR-US: Cybozu
 CVE-2016-4871 (Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a ...)
 	NOT-FOR-US: Cybozu
-CVE-2016-4870 (Cross-site scripting (XSS) vulnerability in "Schedule" function in ...)
+CVE-2016-4870 (Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 ...)
 	NOT-FOR-US: Cybozu
-CVE-2016-4869 (Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to obtain ...)
+CVE-2016-4869 (Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session ...)
 	NOT-FOR-US: Cybozu
-CVE-2016-4868 (Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to inject ...)
+CVE-2016-4868 (Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 ...)
 	NOT-FOR-US: Cybozu
-CVE-2016-4867 (The "Project" function in Cybozu 9.0.0 through 10.4.0 allows remote ...)
+CVE-2016-4867 (Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to ...)
 	NOT-FOR-US: Cybozu
-CVE-2016-4866 (Cross-site scripting (XSS) vulnerability in the "Project" function in ...)
+CVE-2016-4866 (Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 ...)
 	NOT-FOR-US: Cybozu
-CVE-2016-4865 (Cross-site scripting (XSS) vulnerability in the "Customapp" function ...)
+CVE-2016-4865 (Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 ...)
 	NOT-FOR-US: Cybozu
 CVE-2016-4864 (H2O versions 2.0.3 and earlier and 2.1.0-beta2 and earlier allows ...)
 	NOT-FOR-US: H2O
-CVE-2016-4863
-	RESERVED
+CVE-2016-4863 (The Toshiba FlashAir SD-WD/WC series Class 6 model with firmware ...)
+	TODO: check
 CVE-2016-4862 (Twigmo bundled with CS-Cart 4.3.9 and earlier and Twigmo bundled with ...)
 	NOT-FOR-US: Twigmo
 CVE-2016-4861 (The (1) order and (2) group methods in Zend_Db_Select in the Zend ...)
@@ -40581,8 +40591,8 @@
 	NOTE: https://jvn.jp/en/jp/JVN48237713/
 	NOTE: https://github.com/ADOdb/ADOdb/commit/ecb93d8c1
 	NOTE: Vulnerable file is shipped as an example only
-CVE-2016-4854
-	RESERVED
+CVE-2016-4854 (Cross-site request forgery (CSRF) vulnerability in L-04D firmware ...)
+	TODO: check
 CVE-2016-4853 (AKABEi SOFT2 games allow remote attackers to execute arbitrary OS ...)
 	NOT-FOR-US: AKABEi SOFT2
 CVE-2016-4852 (YoruFukurou (NightOwl) before 2.85 relies on support for emoji ...)
@@ -48683,7 +48693,7 @@
 CVE-2016-2173 (org.springframework.core.serializer.DefaultDeserializer in Spring AMQP ...)
 	NOT-FOR-US: Spring AMQP
 CVE-2016-2172
-	RESERVED
+	REJECTED
 CVE-2016-2171 (The User Manager service in Apache Jetspeed before 2.3.1 does not ...)
 	NOT-FOR-US: Apache Jetspeed
 CVE-2016-2170 (Apache OFBiz 12.04.x before 12.04.06 and 13.07.x before 13.07.03 allow ...)

More information about the Secure-testing-commits mailing list