[Secure-testing-commits] r57152 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Tue Oct 31 09:10:13 UTC 2017 

Author: sectracker
Date: 2017-10-31 09:10:13 +0000 (Tue, 31 Oct 2017)
New Revision: 57152

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-10-30 23:19:27 UTC (rev 57151)
+++ data/CVE/list	2017-10-31 09:10:13 UTC (rev 57152)
@@ -1,3 +1,25 @@
+CVE-2017-16241
+	RESERVED
+CVE-2017-16240
+	RESERVED
+CVE-2017-16239
+	RESERVED
+CVE-2017-16238
+	RESERVED
+CVE-2017-16237
+	RESERVED
+CVE-2017-16236
+	RESERVED
+CVE-2017-16235
+	RESERVED
+CVE-2017-16234
+	RESERVED
+CVE-2017-16233
+	RESERVED
+CVE-2016-10699 (D-Link DSL-2740E 1.00_BG_20150720 devices are prone to persistent XSS ...)
+	TODO: check
+CVE-2015-9245 (Insecure default configuration in Progress Software OpenEdge 10.2x and ...)
+	TODO: check
 CVE-2017-16232
 	RESERVED
 CVE-2017-16231
@@ -884,40 +906,40 @@
 	NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=7b8a4ecd6ff9cdf4e5d3850ebf822f1e989255b3
 	NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=9a480deec4d20277d8e20bc55515ef0640ca1e55
 	NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=c252546ceeb0925eb8a4061315e3ff0a8c55b48b
-CVE-2017-15993
-	RESERVED
-CVE-2017-15992
-	RESERVED
-CVE-2017-15991
-	RESERVED
-CVE-2017-15990
-	RESERVED
-CVE-2017-15989
-	RESERVED
-CVE-2017-15988
-	RESERVED
-CVE-2017-15987
-	RESERVED
-CVE-2017-15986
-	RESERVED
-CVE-2017-15985
-	RESERVED
-CVE-2017-15984
-	RESERVED
-CVE-2017-15983
-	RESERVED
-CVE-2017-15982
-	RESERVED
-CVE-2017-15981
-	RESERVED
-CVE-2017-15980
-	RESERVED
-CVE-2017-15979
-	RESERVED
-CVE-2017-15978
-	RESERVED
-CVE-2017-15977
-	RESERVED
+CVE-2017-15993 (Zomato Clone Script allows SQL Injection via the restaurant-menu.php ...)
+	TODO: check
+CVE-2017-15992 (Website Broker Script allows SQL Injection via the 'status_id' ...)
+	TODO: check
+CVE-2017-15991 (Vastal I-Tech Agent Zone (aka The Real Estate Script) allows SQL ...)
+	TODO: check
+CVE-2017-15990 (Php Inventory & Invoice Management System allows Arbitrary File Upload ...)
+	TODO: check
+CVE-2017-15989 (Online Exam Test Application allows SQL Injection via the resources.php ...)
+	TODO: check
+CVE-2017-15988 (Nice PHP FAQ Script allows SQL Injection via the index.php nice_theme ...)
+	TODO: check
+CVE-2017-15987 (Fake Magazine Cover Script allows SQL Injection via the rate.php value ...)
+	TODO: check
+CVE-2017-15986 (CPA Lead Reward Script allows SQL Injection via the username parameter. ...)
+	TODO: check
+CVE-2017-15985 (Basic B2B Script allows SQL Injection via the product_view1.php pid or ...)
+	TODO: check
+CVE-2017-15984 (Creative Management System (CMS) Lite 1.4 allows SQL Injection via the ...)
+	TODO: check
+CVE-2017-15983 (MyMagazine Magazine & Blog CMS 1.0 allows SQL Injection via the id ...)
+	TODO: check
+CVE-2017-15982 (Dynamic News Magazine & Blog CMS 1.0 allows SQL Injection via the id ...)
+	TODO: check
+CVE-2017-15981 (Responsive Newspaper Magazine & Blog CMS 1.0 allows SQL Injection via ...)
+	TODO: check
+CVE-2017-15980 (US Zip Codes Database Script 1.0 allows SQL Injection via the state ...)
+	TODO: check
+CVE-2017-15979 (Shareet - Photo Sharing Social Network 1.0 allows SQL Injection via the ...)
+	TODO: check
+CVE-2017-15978 (AROX School ERP PHP Script 1.0 allows SQL Injection via the ...)
+	TODO: check
+CVE-2017-15977 (Protected Links - Expiring Download Links 1.0 allows SQL Injection via ...)
+	TODO: check
 CVE-2017-15976 (ZeeBuddy 2x allows SQL Injection via the admin/editadgroup.php groupid ...)
 	NOT-FOR-US: ZeeBuddy
 CVE-2017-15975 (Vastal I-Tech Dating Zone 0.9.9 allows SQL Injection via the ...)
@@ -5170,8 +5192,7 @@
 	RESERVED
 CVE-2017-14374
 	RESERVED
-CVE-2017-14373
-	RESERVED
+CVE-2017-14373 (EMC RSA Authentication Manager 8.2 SP1 P4 and earlier contains a ...)
 	NOT-FOR-US: RSA Authentication Manager
 CVE-2017-14372 (RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected ...)
 	NOT-FOR-US: RSA Archer GRC Platform
@@ -14396,13 +14417,17 @@
 	NOTE: http://openwall.com/lists/oss-security/2017/07/10/6
 CVE-2017-1000362 (The re-key admin monitor was introduced in Jenkins 1.498 and ...)
 	- jenkins <removed>
-CVE-2017-1000081 (Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of ...)
+CVE-2017-1000081
+	REJECTED
 	NOT-FOR-US: ONOS
-CVE-2017-1000080 (Linux foundation ONOS 1.9.0 allows unauthenticated use of websockets ...)
+CVE-2017-1000080
+	REJECTED
 	NOT-FOR-US: ONOS
-CVE-2017-1000079 (Linux foundation ONOS 1.9.0 is vulnerable to a DoS ...)
+CVE-2017-1000079
+	REJECTED
 	NOT-FOR-US: ONOS
-CVE-2017-1000078 (Linux foundation ONOS 1.9 is vulnerable to XSS in the device ...)
+CVE-2017-1000078
+	REJECTED
 	NOT-FOR-US: ONOS
 CVE-2017-1000077
 	REJECTED
@@ -14452,9 +14477,10 @@
 	NOT-FOR-US: EyesOfNetwork (EON)
 CVE-2017-1000059 (Live Helper Chat version 2.06v and older is vulnerable to Cross-Site ...)
 	NOT-FOR-US: Live Helper Chat
-CVE-2017-1000058 (Stored XSS in chevereto CMS before version 3.8.11 ...)
+CVE-2017-1000058 (Stored XSS vulnerabilities in chevereto CMS before version 3.8.11, ...)
 	NOT-FOR-US: chevereto CMS
-CVE-2017-1000057 (A reflected cross-site scripting vulnerability in GetSimple CMS ...)
+CVE-2017-1000057
+	REJECTED
 	NOT-FOR-US: GetSimple CMS
 CVE-2017-1000056 (Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation ...)
 	- kubernetes 1.5.5+dfsg-1
@@ -14482,7 +14508,8 @@
 	NOTE: .ruby-version is .rbenv-version in wheezy
 CVE-2017-1000046 (Mautic 2.6.1 and earlier fails to set flags on session cookies ...)
 	NOT-FOR-US: Mautic
-CVE-2017-1000045 (Mautic SSO/OAuth2 plugins are vulnerable to CSRF of the state ...)
+CVE-2017-1000045
+	REJECTED
 	NOT-FOR-US: Mautic
 CVE-2017-1000043 (Mapbox.js versions 1.x prior to 1.6.6 and 2.x prior to 2.2.4 are ...)
 	NOT-FOR-US: Mapbox.js
@@ -14494,7 +14521,8 @@
 	NOT-FOR-US: WordPress plugin
 CVE-2017-1000037 (RVM automatically loads environment variables from files in $PWD ...)
 	NOT-FOR-US: RVM
-CVE-2017-1000036 (All versions of Candy Chat are vulnerable to an XSS attack by message ...)
+CVE-2017-1000036
+	REJECTED
 	NOT-FOR-US: Candy Chat
 CVE-2017-1000035 (Tiny Tiny RSS before 829d478f is vulnerable to XSS window.opener ...)
 	- tt-rss 17.1+git20170410+dfsg-1
@@ -14547,11 +14575,14 @@
 	NOTE: webkit not covered by security support
 CVE-2017-1000024 (Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable ...)
 	- shotwell 0.25.4+really0.24.5-0.1 (unimportant)
-CVE-2017-1000023 (LogicalDoc CommunityEdition 7.5.3 and prior is vulnerable to an XSS ...)
+CVE-2017-1000023
+	REJECTED
 	NOT-FOR-US: LogicalDoc
-CVE-2017-1000022 (LogicalDoc CommunityEdition 7.5.3 and prior contain an Incorrect ...)
+CVE-2017-1000022
+	REJECTED
 	NOT-FOR-US: LogicalDoc
-CVE-2017-1000021 (LogicalDoc CommunityEdition 7.5.3 and prior is vulnerable to XXE when ...)
+CVE-2017-1000021
+	REJECTED
 	NOT-FOR-US: LogicalDoc
 CVE-2017-1000020 (SYN Flood or FIN Flood attack in ECos 1 and other versions embedded ...)
 	NOT-FOR-US: ECos
@@ -16053,7 +16084,7 @@
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/a5d849b149ca67ced2d271dc84db0bc95a548abb
 	NOTE: Fixed in 3.2.6
 CVE-2017-9992 (Heap-based buffer overflow in the decode_dds1 function in ...)
-	{DLA-1142-1}
+	{DSA-4012-1 DLA-1142-1}
 	- ffmpeg 7:3.2.5-1
 	- libav <removed>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/f52fbf4f3ed02a7d872d8a102006f29b4421f360
@@ -24007,7 +24038,7 @@
 	- libav <undetermined>
 	NOTE: Fixed by: https://github.com/FFmpeg/FFmpeg/commit/e477f09d0b3619f3d29173b2cd593e17e2d1978e
 CVE-2017-7862 (FFmpeg before 2017-02-07 has an out-of-bounds write caused by a ...)
-	{DLA-1142-1}
+	{DSA-4012-1 DLA-1142-1}
 	- ffmpeg 7:3.2.4-1
 	- libav <removed>
 	NOTE: Fixed by: https://github.com/FFmpeg/FFmpeg/commit/8c2ea3030af7b40a3c4275696fb5c76cdb80950a
@@ -26723,7 +26754,7 @@
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f055032e4e922f1e1a5e11026c7c2669fa2a7d19
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1835f746a7c7fff70a2cc03a051b14fdc6b3f73f
 CVE-2017-7208 (The decode_residual function in libavcodec in libav 9.21 allows remote ...)
-	{DLA-1142-1}
+	{DSA-4012-1 DLA-1142-1}
 	- libav <removed> (low)
 	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1000
 	NOTE: https://git.libav.org/?p=libav.git;a=commit;h=522d850e68ec4b77d3477b3c8f55b1ba00a9d69a
@@ -78355,7 +78386,7 @@
 	[wheezy] - xbmc <not-affected> (Vulnerable code not present)
 	NOTE: Fixed by: https://github.com/LibRaw/LibRaw/commit/89d065424f09b788f443734d44857289489ca9e2
 CVE-2015-8365 (The smka_decode_frame function in libavcodec/smacker.c in FFmpeg ...)
-	{DLA-1142-1}
+	{DSA-4012-1 DLA-1142-1}
 	- ffmpeg 7:2.8.3-1 (bug #806519)
 	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
 	- libav <removed>

More information about the Secure-testing-commits mailing list