[Secure-testing-commits] r51985 - data/CVE

Sat May 27 09:10:17 UTC 2017

Author: sectracker
Date: 2017-05-27 09:10:17 +0000 (Sat, 27 May 2017)
New Revision: 51985

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-05-27 05:20:12 UTC (rev 51984)
+++ data/CVE/list	2017-05-27 09:10:17 UTC (rev 51985)
@@ -1,3 +1,7 @@
+CVE-2017-9242 (The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux ...)
+	TODO: check
+CVE-2017-9241
+	RESERVED
 CVE-2017-9240
 	RESERVED
 CVE-2016-10375 (Yodl before 3.07.01 has a Buffer Over-read in the queue_push function ...)
@@ -3973,8 +3977,8 @@
 	RESERVED
 CVE-2017-7732
 	RESERVED
-CVE-2017-7731
-	RESERVED
+CVE-2017-7731 (A weak password recovery vulnerability in Fortinet FortiPortal ...)
+	TODO: check
 CVE-2017-7730
 	RESERVED
 CVE-2017-7729
@@ -5155,20 +5159,20 @@
 	NOT-FOR-US: MobiLink Synchronization Server
 CVE-2017-7344
 	RESERVED
-CVE-2017-7343
-	RESERVED
+CVE-2017-7343 (An open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below ...)
+	TODO: check
 CVE-2017-7342
 	RESERVED
 CVE-2017-7341
 	RESERVED
 CVE-2017-7340
 	RESERVED
-CVE-2017-7339
-	RESERVED
-CVE-2017-7338
-	RESERVED
-CVE-2017-7337
-	RESERVED
+CVE-2017-7339 (A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions ...)
+	TODO: check
+CVE-2017-7338 (A password management vulnerability in Fortinet FortiPortal versions ...)
+	TODO: check
+CVE-2017-7337 (An improper Access Control vulnerability in Fortinet FortiPortal ...)
+	TODO: check
 CVE-2017-7336
 	RESERVED
 CVE-2017-7335
@@ -10246,8 +10250,8 @@
 	NOTE: Fixed by: http://svn.apache.org/r1789024 (6.0.x)
 	NOTE: Fixed by: http://svn.apache.org/r1789155 (6.0.x)
 	NOTE: Fixed by: http://svn.apache.org/r1789856 (6.0.x)
-CVE-2017-5646
-	RESERVED
+CVE-2017-5646 (For versions of Apache Knox from 0.2.0 to 0.11.0 - an authenticated ...)
+	TODO: check
 CVE-2017-5645 (In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or ...)
 	- apache-log4j2 2.7-2 (bug #860489)
 	[jessie] - apache-log4j2 <no-dsa> (Minor issue, no consumers of liblog4j2-java in Jessie)
@@ -17639,8 +17643,8 @@
 	- bind9 1:9.10.3.dfsg.P4-12 (bug #855520)
 	NOTE: https://kb.isc.org/article/AA-01453
 	NOTE: Patch for 9.9.9-P6: ftp://ftp.isc.org/isc/bind9/9.9.9-P6/patches/rt44434
-CVE-2017-3134
-	RESERVED
+CVE-2017-3134 (An escalation of privilege vulnerability in Fortinet FortiWLC-SD ...)
+	TODO: check
 CVE-2017-3133
 	RESERVED
 CVE-2017-3132
@@ -17649,14 +17653,14 @@
 	RESERVED
 CVE-2017-3130
 	RESERVED
-CVE-2017-3129
-	RESERVED
+CVE-2017-3129 (A Cross-Site Scripting vulnerability in Fortinet FortiWeb versions ...)
+	TODO: check
 CVE-2017-3128 (A stored XSS (Cross-Site-Scripting) vulnerability in Fortinet FortiOS ...)
 	NOT-FOR-US: Fortinet FortiOS
 CVE-2017-3127
 	RESERVED
-CVE-2017-3126
-	RESERVED
+CVE-2017-3126 (An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through ...)
+	TODO: check
 CVE-2017-3125 (An unauthenticated XSS vulnerability with FortiMail 5.0.0 - 5.2.9 and ...)
 	NOT-FOR-US: FortiMail
 CVE-2017-3124
@@ -28219,10 +28223,10 @@
 	REJECTED
 CVE-2016-8498
 	RESERVED
-CVE-2016-8497
-	RESERVED
-CVE-2016-8496
-	RESERVED
+CVE-2016-8497 (An escalation of privilege vulnerability in Fortinet FortiClient ...)
+	TODO: check
+CVE-2016-8496 (A potential execution of unauthorized code or commands vulnerability ...)
+	TODO: check
 CVE-2016-8495 (An improper certificate validation vulnerability in Fortinet ...)
 	NOT-FOR-US: FortiManager
 CVE-2016-8494 (Insufficient verification of uploaded files allows attackers with ...)
@@ -173049,9 +173053,9 @@
 CVE-2009-4277
 	RESERVED
 CVE-2009-4276
-	RESERVED
+	REJECTED
 CVE-2009-4275
-	RESERVED
+	REJECTED
 CVE-2009-4274 (Stack-based buffer overflow in converter/ppm/xpmtoppm.c in netpbm ...)
 	{DSA-2026-1 DTSA-206-1}
 	- netpbm-free 2:10.0-12.2 (medium; bug #569060)
@@ -173073,7 +173077,7 @@
 CVE-2009-4269 (The password hash generation algorithm in the BUILTIN authentication ...)
 	NOT-FOR-US: Apache Derby
 CVE-2009-4268
-	RESERVED
+	REJECTED
 CVE-2009-4267
 	RESERVED
 CVE-2009-XXXX [gnome-screensaver inhibitor not removed when connection is closed]
@@ -173703,7 +173707,7 @@
 CVE-2009-4037 (Multiple SQL injection vulnerabilities in FrontAccounting (FA) before ...)
 	NOT-FOR-US: FrontAccounting
 CVE-2009-4036
-	RESERVED
+	REJECTED
 CVE-2009-4035 (The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf ...)
 	- kdegraphics 4:4.0.0-1
 	- xpdf 3.01-1
@@ -179249,7 +179253,7 @@
 	- webkit 1.1.10-1
 	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
 CVE-2009-2418
-	RESERVED
+	REJECTED
 CVE-2009-2417 (lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is ...)
 	{DSA-1869-1}
 	- curl 7.19.5-1.1 (medium; bug #541991)
@@ -184551,7 +184555,7 @@
 	{DSA-1786-1}
 	- acpid 1.0.10-1 (medium)
 CVE-2009-0797
-	RESERVED
+	REJECTED
 CVE-2009-0796 (Cross-site scripting (XSS) vulnerability in Status.pm in ...)
 	- libapache2-mod-perl2 2.0.4-6 (low; bug #567635)
 	[lenny] - libapache2-mod-perl2 2.0.4-5+lenny1
@@ -236314,7 +236318,7 @@
 	{DSA-1000-2}
 	- libapreq2 2.07-1
 CVE-2006-0041
-	RESERVED
+	REJECTED
 CVE-2006-0040 (GNOME Evolution 2.4.2.1 and earlier allows remote attackers to cause a ...)
 	- evolution 2.10.1 (bug #398064; low)
 	[etch] - evolution <no-dsa> (Minor issue)


