[Secure-testing-commits] r52090 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Mon May 29 21:10:12 UTC 2017
Author: sectracker
Date: 2017-05-29 21:10:12 +0000 (Mon, 29 May 2017)
New Revision: 52090
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-05-29 21:01:26 UTC (rev 52089)
+++ data/CVE/list 2017-05-29 21:10:12 UTC (rev 52090)
@@ -1,3 +1,77 @@
+CVE-2017-9302 (RealPlayer 16.0.2.32 allows remote attackers to cause a denial of ...)
+ TODO: check
+CVE-2017-9301 (plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media ...)
+ TODO: check
+CVE-2017-9300 (plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 ...)
+ TODO: check
+CVE-2017-9299 (Open Ticket Request System (OTRS) 3.3.9 has XSS in ...)
+ TODO: check
+CVE-2017-9298 (Cross-site scripting vulnerability in Hitachi Device Manager before ...)
+ TODO: check
+CVE-2017-9297 (Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 ...)
+ TODO: check
+CVE-2017-9296 (Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 ...)
+ TODO: check
+CVE-2017-9295 (XXE vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi ...)
+ TODO: check
+CVE-2017-9294 (RMI vulnerability in Hitachi Device Manager before 8.5.2-01 allows ...)
+ TODO: check
+CVE-2017-9293
+ RESERVED
+CVE-2017-9292 (Lansweeper before 6.0.0.65 has XSS in an image retrieval URI, aka Bug ...)
+ TODO: check
+CVE-2017-9291
+ RESERVED
+CVE-2017-9290
+ RESERVED
+CVE-2017-9289 (Bram Korsten Note through 1.2.0 is vulnerable to a reflected XSS in ...)
+ TODO: check
+CVE-2017-9288 (The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a reflected ...)
+ TODO: check
+CVE-2017-9286
+ RESERVED
+CVE-2017-9285
+ RESERVED
+CVE-2017-9284
+ RESERVED
+CVE-2017-9283
+ RESERVED
+CVE-2017-9282
+ RESERVED
+CVE-2017-9281
+ RESERVED
+CVE-2017-9280
+ RESERVED
+CVE-2017-9279
+ RESERVED
+CVE-2017-9278
+ RESERVED
+CVE-2017-9277
+ RESERVED
+CVE-2017-9276
+ RESERVED
+CVE-2017-9275
+ RESERVED
+CVE-2017-9274
+ RESERVED
+CVE-2017-9273
+ RESERVED
+CVE-2017-9272
+ RESERVED
+CVE-2017-9271
+ RESERVED
+CVE-2017-9270
+ RESERVED
+CVE-2017-9269
+ RESERVED
+CVE-2017-9268
+ RESERVED
+CVE-2017-9267
+ RESERVED
+CVE-2016-10379 (The VirtueMart com_virtuemart component 3.0.14 for Joomla! allows SQL ...)
+ TODO: check
+CVE-2016-10378 (e107 2.1.1 allows SQL injection by remote authenticated administrators ...)
+ TODO: check
CVE-2017-9266
RESERVED
CVE-2017-9265 (In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing ...)
@@ -40,7 +114,7 @@
[jessie] - openvswitch <not-affected> (Vulnerable code using tot_len introduced later)
[wheezy] - openvswitch <not-affected> (Vulnerable code using tot_len introduced later)
NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2016-July/319503.html
-CVE-2017-9287 [double free with Paged Results control and pagesize 0]
+CVE-2017-9287 (servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to ...)
- openldap 2.4.44+dfsg-5 (bug #863563)
NOTE: http://www.openldap.org/its/?findid=8655
NOTE: ftp://ftp.openldap.org/incoming/20170517_rtandy_Fix-double-free-of-search-base-with-page-size-0.patch
@@ -318,8 +392,7 @@
NOT-FOR-US: ImageWorsener
CVE-2017-9201 (imagew-cmd.c:850:46 in libimageworsener.a in ImageWorsener 1.3.1 allows ...)
NOT-FOR-US: ImageWorsener
-CVE-2017-9148
- RESERVED
+CVE-2017-9148 (The TLS session cache in FreeRADIUS before 3.0.14 fails to reliably ...)
- freeradius <unfixed>
NOTE: http://www.openwall.com/lists/oss-security/2017/05/29/1
NOTE: http://freeradius.org/security.html#session-resumption-2017
@@ -967,6 +1040,7 @@
CVE-2017-8912 (** DISPUTED ** CMS Made Simple (CMSMS) 2.1.6 allows remote ...)
NOT-FOR-US: CMS Made Simple
CVE-2017-8911 (An integer underflow has been identified in the unicode_to_utf8() ...)
+ {DLA-962-1}
- tnef 1.4.12-1.2 (bug #862442)
NOTE: https://github.com/verdammelt/tnef/issues/23
NOTE: Fixed by: https://github.com/verdammelt/tnef/commit/a686971a1f124d9ae18946b1844dbc2c1f30df10
@@ -3465,16 +3539,16 @@
RESERVED
CVE-2017-7918
RESERVED
-CVE-2017-7917
- RESERVED
+CVE-2017-7917 (A Cross-Site Request Forgery issue was discovered in Moxa OnCell ...)
+ TODO: check
CVE-2017-7916
RESERVED
-CVE-2017-7915
- RESERVED
+CVE-2017-7915 (An Improper Restriction of Excessive Authentication Attempts issue was ...)
+ TODO: check
CVE-2017-7914
RESERVED
-CVE-2017-7913
- RESERVED
+CVE-2017-7913 (A Plaintext Storage of a Password issue was discovered in Moxa OnCell ...)
+ TODO: check
CVE-2017-7912
RESERVED
CVE-2017-7911 (A Code Injection issue was discovered in CyberVision Kaa IoT Platform, ...)
@@ -4274,6 +4348,7 @@
RESERVED
CVE-2017-7650
RESERVED
+ {DSA-3865-1 DLA-961-1}
- mosquitto 1.4.10-3
NOTE: http://mosquitto.org/2017/05/security-advisory-cve-2017-7650/
NOTE: Patches: https://mosquitto.org/files/cve/2017-7650/
More information about the Secure-testing-commits
mailing list