[Secure-testing-commits] r56765 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Mon Oct 16 21:10:18 UTC 2017 

Author: sectracker
Date: 2017-10-16 21:10:18 +0000 (Mon, 16 Oct 2017)
New Revision: 56765

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-10-16 20:01:25 UTC (rev 56764)
+++ data/CVE/list	2017-10-16 21:10:18 UTC (rev 56765)
@@ -1,3 +1,9 @@
+CVE-2017-15384 (rate-me.php in Rate Me 1.0 has XSS via the id field in a rate action. ...)
+	TODO: check
+CVE-2017-15383 (Nero 7.10.1.0 has an unquoted BINARY_PATH_NAME for NBService, ...)
+	TODO: check
+CVE-2017-15382
+	RESERVED
 CVE-2017-15381
 	RESERVED
 CVE-2017-15380
@@ -54,8 +60,8 @@
 	NOT-FOR-US: Luracast Restler
 CVE-2017-15362 (osTicket 1.10.1 allows arbitrary client-side JavaScript code execution ...)
 	NOT-FOR-US: osTicket
-CVE-2017-15361
-	RESERVED
+CVE-2017-15361 (The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module ...)
+	TODO: check
 CVE-2017-15360 (PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored ...)
 	NOT-FOR-US: PRTG Network Monitor
 CVE-2017-15359
@@ -185,16 +191,16 @@
 	NOTE: https://kate.io/blog/git-bomb/
 	NOTE: https://github.com/Katee/git-bomb
 	NOTE: No practical security implications
-CVE-2017-15297
-	RESERVED
-CVE-2017-15296
-	RESERVED
-CVE-2017-15295
-	RESERVED
-CVE-2017-15294
-	RESERVED
-CVE-2017-15293
-	RESERVED
+CVE-2017-15297 (SAP Hostcontrol does not require authentication for the SOAP ...)
+	TODO: check
+CVE-2017-15296 (The Java component in SAP CRM has CSRF. This is SAP Security Note ...)
+	TODO: check
+CVE-2017-15295 (Xpress Server in SAP POS does not require authentication for ...)
+	TODO: check
+CVE-2017-15294 (The Java administration console in SAP CRM has XSS. This is SAP ...)
+	TODO: check
+CVE-2017-15293 (Xpress Server in SAP POS does not require authentication for file read ...)
+	TODO: check
 CVE-2017-15292
 	RESERVED
 CVE-2017-15291
@@ -227,8 +233,7 @@
 CVE-2017-XXXX [XSA 237]
 	- xen <unfixed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-237.html
-CVE-2017-15289 [cirrus: OOB access issue in mode4and5 write functions]
-	RESERVED
+CVE-2017-15289 (The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow ...)
 	- qemu <unfixed>
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg02557.html
@@ -313,8 +318,7 @@
 	NOTE: http://openwall.com/lists/oss-security/2017/10/11/1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1499599
 	NOTE: Fixed by: https://gnunet.org/git/libextractor.git/commit/?id=b577d5452c5c4ee9d552da62a24b95f461551fe2
-CVE-2017-15265 [use-after-free in /dev/snd/seq]
-	RESERVED
+CVE-2017-15265 (Use-after-free vulnerability in the Linux kernel before 4.14-rc5 ...)
 	- linux 4.13.4-2
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1062520
 	NOTE: http://mailman.alsa-project.org/pipermail/alsa-devel/2017-October/126292.html
@@ -422,8 +426,8 @@
 	RESERVED
 CVE-2017-15222
 	RESERVED
-CVE-2017-15221
-	RESERVED
+CVE-2017-15221 (ASX to MP3 converter 3.1.3.7.2010.11.05 has a buffer overflow via a ...)
+	TODO: check
 CVE-2017-15220 (Flexense VX Search Enterprise 10.1.12 is vulnerable to a buffer ...)
 	NOT-FOR-US: Flexense VX Search Enterprise
 CVE-2017-15219 (The dotCMS 4.1.1 application is vulnerable to Stored Cross-Site ...)
@@ -1186,8 +1190,8 @@
 	NOTE: Fixed by: https://git.kernel.org/linus/6c85501f2fabcfc4fc6ed976543d252c4eaf4be9
 CVE-2017-14953
 	RESERVED
-CVE-2017-14952
-	RESERVED
+CVE-2017-14952 (Double free in i18n/zonemeta.cpp in International Components for ...)
+	TODO: check
 CVE-2017-14951
 	RESERVED
 CVE-2017-14950
@@ -5999,14 +6003,17 @@
 	RESERVED
 CVE-2017-13088
 	RESERVED
+	{DSA-3999-1}
 	- wpa 2:2.4-1.1
 	NOTE: https://w1.fi/security/2017-1/
 CVE-2017-13087
 	RESERVED
+	{DSA-3999-1}
 	- wpa 2:2.4-1.1
 	NOTE: https://w1.fi/security/2017-1/
 CVE-2017-13086
 	RESERVED
+	{DSA-3999-1}
 	- wpa 2:2.4-1.1
 	NOTE: https://w1.fi/security/2017-1/
 CVE-2017-13085
@@ -6017,26 +6024,32 @@
 	RESERVED
 CVE-2017-13082
 	RESERVED
+	{DSA-3999-1}
 	- wpa 2:2.4-1.1
 	NOTE: https://w1.fi/security/2017-1/
 CVE-2017-13081
 	RESERVED
+	{DSA-3999-1}
 	- wpa 2:2.4-1.1
 	NOTE: https://w1.fi/security/2017-1/
 CVE-2017-13080
 	RESERVED
+	{DSA-3999-1}
 	- wpa 2:2.4-1.1
 	NOTE: https://w1.fi/security/2017-1/
 CVE-2017-13079
 	RESERVED
+	{DSA-3999-1}
 	- wpa 2:2.4-1.1
 	NOTE: https://w1.fi/security/2017-1/
 CVE-2017-13078
 	RESERVED
+	{DSA-3999-1}
 	- wpa 2:2.4-1.1
 	NOTE: https://w1.fi/security/2017-1/
 CVE-2017-13077
 	RESERVED
+	{DSA-3999-1}
 	- wpa 2:2.4-1.1
 	NOTE: https://w1.fi/security/2017-1/
 CVE-2017-13076
@@ -46296,8 +46309,7 @@
 	NOTE: Fixed by: http://svn.apache.org/r1767656 (8.0.x)
 	NOTE: Fixed by: http://svn.apache.org/r1767676 (7.0.x)
 	NOTE: Fixed by: http://svn.apache.org/r1767684 (6.0.x)
-CVE-2016-8734 [Unrestricted XML entity expansion in mod_dontdothat and Subversion clients using http(s)://]
-	RESERVED
+CVE-2016-8734 (Subversion's mod_dontdothat module and HTTP clients 1.4.0 through ...)
 	- subversion 1.9.5-1 (low)
 	[jessie] - subversion 1.8.10-6+deb8u5
 	[wheezy] - subversion <no-dsa> (Minor issue, binary packages not affected since built against Neon as HTTP library)
@@ -61011,8 +61023,8 @@
 	NOTE: http://xerces.apache.org/xerces-c/secadv/CVE-2016-4463.txt
 CVE-2016-4462 (By manipulating the URL parameter externalLoginKey, a malicious, ...)
 	NOT-FOR-US: Apache OFBiz
-CVE-2016-4461
-	RESERVED
+CVE-2016-4461 (Apache Struts 2.x before 2.3.29 allows remote attackers to execute ...)
+	TODO: check
 CVE-2016-4460 (Apache Pony Mail 0.6c through 0.8b allows remote attackers to bypass ...)
 	NOT-FOR-US: Apache Pony Mail
 CVE-2016-4459 (Stack-based buffer overflow in native/mod_manager/node.c in ...)
@@ -77900,8 +77912,7 @@
 	- opensmtpd 5.7.3p1-1
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/10/04/2
 	NOTE: Fixed with 5.7.3 upstream release
-CVE-2015-7687 [use-after-free issue in OpenSMTPD]
-	RESERVED
+CVE-2015-7687 (Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote ...)
 	- opensmtpd 5.7.3p1-1 (bug #800787)
 CVE-2015-7686 (Algorithmic complexity vulnerability in Address.pm in the ...)
 	- libemail-address-perl <unfixed> (unimportant)
@@ -78490,8 +78501,7 @@
 	- netsurf 3.2+dfsg-3 (bug #810491)
 	[jessie] - netsurf <no-dsa> (netsurf already relies only entirely unsupported mozjs)
 	[wheezy] - netsurf <no-dsa> (netsurf already relies only entirely unsupported mozjs)
-CVE-2015-7504 [net: pcnet: heap overflow vulnerability in loopback mode]
-	RESERVED
+CVE-2015-7504 (Heap-based buffer overflow in the pcnet_receive function in ...)
 	{DSA-3471-1 DSA-3470-1 DSA-3469-1}
 	- qemu 1:2.5+dfsg-1 (bug #806742)
 	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
@@ -86275,8 +86285,8 @@
 	NOT-FOR-US: EQ Event Calendar component for Joomla!
 CVE-2015-4653
 	RESERVED
-CVE-2015-4650
-	RESERVED
+CVE-2015-4650 (Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before ...)
+	TODO: check
 CVE-2015-4649 (Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before ...)
 	NOT-FOR-US: Aruba Networks ClearPass Policy Manager
 CVE-2015-4648 (Stack-based buffer overflow in the Ipropsapi.ipropsapiCtrl.1 ActiveX ...)
@@ -90285,8 +90295,7 @@
 	- 389-ds-base 1.3.3.12-1 (bug #789202)
 	NOTE: https://fedorahosted.org/389/ticket/48194
 	NOTE: Regression if https://fedorahosted.org/389/ticket/47838 applied
-CVE-2015-3229
-	RESERVED
+CVE-2015-3229 (fedora-cloud-atomic.ks in spin-kickstarts allows remote attackers to ...)
 	NOT-FOR-US: Fedora Atomic
 CVE-2015-3228 (Integer overflow in the gs_heap_alloc_bytes function in ...)
 	{DSA-3326-1 DLA-280-1}
@@ -91710,8 +91719,8 @@
 	NOTE: Fixed in 5.6.8 and 5.4.40
 CVE-2015-2781 (Cross-site scripting (XSS) vulnerability in cgi-bin/hotspotlogin.cgi ...)
 	NOT-FOR-US: Hotspot Express hotEx Billing Manager
-CVE-2015-2780
-	RESERVED
+CVE-2015-2780 (Unrestricted file upload vulnerability in Berta CMS allows remote ...)
+	TODO: check
 CVE-2015-2777
 	RESERVED
 CVE-2015-2775 (Directory traversal vulnerability in GNU Mailman before 2.1.20, when ...)
@@ -101043,10 +101052,10 @@
 	NOT-FOR-US: Adobe
 CVE-2014-9149
 	RESERVED
-CVE-2014-9148
-	RESERVED
-CVE-2014-9147
-	RESERVED
+CVE-2014-9148 (Fiyo CMS 2.0.1.8 allows remote attackers to bypass intended access ...)
+	TODO: check
+CVE-2014-9147 (Fiyo CMS 2.0.1.8 allows remote attackers to obtain sensitive ...)
+	TODO: check
 CVE-2014-9146 (Multiple cross-site scripting (XSS) vulnerabilities in Fiyo CMS ...)
 	NOT-FOR-US: Fiyo CMS
 CVE-2014-9145 (Multiple SQL injection vulnerabilities in Fiyo CMS 2.0.1.8 allow ...)
@@ -103126,8 +103135,8 @@
 	RESERVED
 CVE-2014-8622 (Cross-site scripting (XSS) vulnerability in compfight-search.php in ...)
 	NOT-FOR-US: Compfight plugin for WordPress
-CVE-2014-8621
-	RESERVED
+CVE-2014-8621 (SQL injection vulnerability in the Store Locator plugin 2.3 through ...)
+	TODO: check
 CVE-2014-8620
 	RESERVED
 CVE-2014-8619 (Cross-site scripting (XSS) vulnerability in the autolearn ...)
@@ -104880,8 +104889,8 @@
 	- ruby2.1 2.1.5-1 (bug #770932)
 	NOTE: For the incomplete fix for CVE-2014-8080
 	NOTE: https://www.ruby-lang.org/en/news/2014/11/13/rexml-dos-cve-2014-8090/
-CVE-2014-8087
-	RESERVED
+CVE-2014-8087 (Cross-site scripting (XSS) vulnerability in the post highlights plugin ...)
+	TODO: check
 CVE-2014-8085 (Unrestricted file upload vulnerability in the CWebContact::doModel ...)
 	NOT-FOR-US: OsClass
 CVE-2014-8084 (Directory traversal vulnerability in ...)
@@ -105544,8 +105553,7 @@
 	NOT-FOR-US: JBoss AS/WildFly Domain Management
 CVE-2014-7852 (Cross-site scripting (XSS) vulnerability in JBoss RichFaces, as used ...)
 	NOT-FOR-US: RichFaces
-CVE-2014-7851
-	RESERVED
+CVE-2014-7851 (oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session ...)
 	NOT-FOR-US: ovirt-engine-webadmin
 CVE-2014-7850 (Cross-site scripting (XSS) vulnerability in the Web UI in FreeIPA 4.x ...)
 	- freeipa <unfixed> (unimportant)
@@ -115393,8 +115401,7 @@
 	- drupal6 <not-affected> (Only affects Drupal 7)
 CVE-2014-3703 (OpenStack PackStack 2012.2.1, when the Open vSwitch (OVS) monolithic ...)
 	NOT-FOR-US: Red Hat Openstack 4 Neutron
-CVE-2014-3702
-	RESERVED
+CVE-2014-3702 (Directory traversal vulnerability in eNovance eDeploy allows remote ...)
 	- edeploy <itp> (bug #717664)
 CVE-2014-3701
 	RESERVED
@@ -125887,8 +125894,7 @@
 CVE-2014-0209 (Multiple integer overflows in the (1) FontFileAddEntry and (2) ...)
 	{DSA-2927-1}
 	- libxfont 1:1.4.7-2
-CVE-2014-0208
-	RESERVED
+CVE-2014-0208 (Cross-site scripting (XSS) vulnerability in the search auto-completion ...)
 	- foreman <itp> (bug #663101)
 CVE-2014-0207 (The cdf_read_short_sector function in cdf.c in file before 5.19, as ...)
 	{DSA-3021-1 DSA-2974-1 DLA-27-1 DLA-0018-1}
@@ -126562,8 +126568,7 @@
 	NOT-FOR-US: Apache CloudStack
 CVE-2014-0030 (The XML-RPC protocol support in Apache Roller before 5.0.3 allows ...)
 	NOT-FOR-US: Apache Roller
-CVE-2014-0029
-	RESERVED
+CVE-2014-0029 (Multiple cross-site scripting (XSS) vulnerabilities in the SAM web ...)
 	NOT-FOR-US: Katello
 CVE-2014-0028 (libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to ...)
 	- libvirt 1.2.1-1

More information about the Secure-testing-commits mailing list