[Secure-testing-commits] r57546 - data/CVE

[security tracker role]

Author: sectracker
Date: 2017-11-11 09:10:16 +0000 (Sat, 11 Nov 2017)
New Revision: 57546

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-11-11 09:08:20 UTC (rev 57545)
+++ data/CVE/list	2017-11-11 09:10:16 UTC (rev 57546)
@@ -1,4 +1,24 @@
-CVE-2017-16785 [reflected XSS via the PATH_INFO to host.php]
+CVE-2017-16790
+	RESERVED
+CVE-2017-16789
+	RESERVED
+CVE-2017-16788
+	RESERVED
+CVE-2017-16787
+	RESERVED
+CVE-2017-16786
+	RESERVED
+CVE-2017-16784 (In CMS Made Simple 2.2.2, there is Reflected XSS via the ...)
+	TODO: check
+CVE-2017-16783 (In CMS Made Simple 2.1.6, there is Server-Side Template Injection via ...)
+	TODO: check
+CVE-2017-16782 (In Home Assistant before 0.57, it is possible to inject JavaScript code ...)
+	TODO: check
+CVE-2017-16781 (The installer in MyBB before 1.8.13 has XSS. ...)
+	TODO: check
+CVE-2017-16780 (The installer in MyBB before 1.8.13 allows remote attackers to execute ...)
+	TODO: check
+CVE-2017-16785 (Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php. ...)
 	- cacti <unfixed>
 	NOTE: https://github.com/Cacti/cacti/issues/1071
 CVE-2017-16779
@@ -594,8 +614,8 @@
 	NOT-FOR-US: MitraStar
 CVE-2017-16521 (In Inedo BuildMaster before 5.8.2, XslTransform was used where ...)
 	NOT-FOR-US: Inedo BuildMaster
-CVE-2017-16520
-	RESERVED
+CVE-2017-16520 (Inedo BuildMaster before 5.8.2 does not properly restrict creation of ...)
+	TODO: check
 CVE-2017-16519
 	RESERVED
 CVE-2017-16518