[Secure-testing-commits] r55660 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Mon Sep 11 21:10:16 UTC 2017
Author: sectracker
Date: 2017-09-11 21:10:16 +0000 (Mon, 11 Sep 2017)
New Revision: 55660
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-09-11 20:44:06 UTC (rev 55659)
+++ data/CVE/list 2017-09-11 21:10:16 UTC (rev 55660)
@@ -1,3 +1,91 @@
+CVE-2017-14311
+ RESERVED
+CVE-2017-14310 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
+ TODO: check
+CVE-2017-14309 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
+ TODO: check
+CVE-2017-14308 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
+ TODO: check
+CVE-2017-14307 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
+ TODO: check
+CVE-2017-14306 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
+ TODO: check
+CVE-2017-14305 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
+ TODO: check
+CVE-2017-14304 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
+ TODO: check
+CVE-2017-14303 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
+ TODO: check
+CVE-2017-14302 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
+ TODO: check
+CVE-2017-14301 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
+ TODO: check
+CVE-2017-14300 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
+ TODO: check
+CVE-2017-14299 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
+ TODO: check
+CVE-2017-14298 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
+ TODO: check
+CVE-2017-14297 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
+ TODO: check
+CVE-2017-14296 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
+ TODO: check
+CVE-2017-14295 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
+ TODO: check
+CVE-2017-14294 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
+ TODO: check
+CVE-2017-14293 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
+ TODO: check
+CVE-2017-14292 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
+ TODO: check
+CVE-2017-14291 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
+ TODO: check
+CVE-2017-14290 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
+ TODO: check
+CVE-2017-14289 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
+ TODO: check
+CVE-2017-14288 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
+ TODO: check
+CVE-2017-14287 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
+ TODO: check
+CVE-2017-14286 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
+ TODO: check
+CVE-2017-14285 (XnView Classic for Windows Version 2.40 allows attackers to cause a ...)
+ TODO: check
+CVE-2017-14284 (XnView Classic for Windows Version 2.40 allows attackers to cause a ...)
+ TODO: check
+CVE-2017-14283 (XnView Classic for Windows Version 2.40 allows attackers to cause a ...)
+ TODO: check
+CVE-2017-14282 (XnView Classic for Windows Version 2.40 allows attackers to cause a ...)
+ TODO: check
+CVE-2017-14281 (XnView Classic for Windows Version 2.40 allows attackers to cause a ...)
+ TODO: check
+CVE-2017-14280 (XnView Classic for Windows Version 2.40 allows attackers to cause a ...)
+ TODO: check
+CVE-2017-14279 (XnView Classic for Windows Version 2.40 allows attackers to cause a ...)
+ TODO: check
+CVE-2017-14278 (XnView Classic for Windows Version 2.40 allows attackers to cause a ...)
+ TODO: check
+CVE-2017-14277 (XnView Classic for Windows Version 2.40 allows attackers to cause a ...)
+ TODO: check
+CVE-2017-14276 (XnView Classic for Windows Version 2.40 allows attackers to cause a ...)
+ TODO: check
+CVE-2017-14275 (XnView Classic for Windows Version 2.40 allows attackers to execute ...)
+ TODO: check
+CVE-2017-14274 (XnView Classic for Windows Version 2.40 allows attackers to execute ...)
+ TODO: check
+CVE-2017-14273 (XnView Classic for Windows Version 2.40 allows attackers to execute ...)
+ TODO: check
+CVE-2017-14272 (XnView Classic for Windows Version 2.40 allows attackers to execute ...)
+ TODO: check
+CVE-2017-14271 (XnView Classic for Windows Version 2.40 allows attackers to execute ...)
+ TODO: check
+CVE-2017-14270 (XnView Classic for Windows Version 2.40 allows attackers to execute ...)
+ TODO: check
+CVE-2015-9227 (PHP remote file inclusion vulnerability in the get_file function in ...)
+ TODO: check
+CVE-2015-9226 (Multiple SQL injection vulnerabilities in AlegroCart 1.2.8 allow ...)
+ TODO: check
CVE-2017-XXXX [enriched text remote code execution]
- emacs25 <unfixed> (bug #875447)
- emacs24 <removed> (bug #875448)
@@ -9,32 +97,32 @@
- wordpress-shibboleth 1.8-1 (bug #874416)
NOTE: https://github.com/michaelryanmcneill/shibboleth/commit/1d65ad6786282d23ba1865f56e2fd19188e7c26a
NOTE: https://make.wordpress.org/plugins/2015/04/20/fixing-add_query_arg-and-remove_query_arg-usage/
-CVE-2017-14269
- RESERVED
-CVE-2017-14268
- RESERVED
-CVE-2017-14267
- RESERVED
+CVE-2017-14269 (EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices allow remote ...)
+ TODO: check
+CVE-2017-14268 (EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices have XSS in the ...)
+ TODO: check
+CVE-2017-14267 (EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices have CSRF, related ...)
+ TODO: check
CVE-2017-14266
RESERVED
-CVE-2017-14265
- RESERVED
+CVE-2017-14265 (A Stack-based Buffer Overflow was discovered in xtrans_interpolate in ...)
+ TODO: check
CVE-2017-14264
RESERVED
-CVE-2017-14263
- RESERVED
-CVE-2017-14262
- RESERVED
-CVE-2017-14261
- RESERVED
-CVE-2017-14260
- RESERVED
-CVE-2017-14259
- RESERVED
-CVE-2017-14258
- RESERVED
-CVE-2017-14257
- RESERVED
+CVE-2017-14263 (Honeywell NVR devices allow remote attackers to create a user account ...)
+ TODO: check
+CVE-2017-14262 (On Samsung NVR devices, remote attackers can read the MD5 password hash ...)
+ TODO: check
+CVE-2017-14261 (In the SDK in Bento4 1.5.0-616, the AP4_StszAtom class in ...)
+ TODO: check
+CVE-2017-14260 (In the SDK in Bento4 1.5.0-616, the AP4_StssAtom class in ...)
+ TODO: check
+CVE-2017-14259 (In the SDK in Bento4 1.5.0-616, the AP4_StscAtom class in ...)
+ TODO: check
+CVE-2017-14258 (In the SDK in Bento4 1.5.0-616, SetItemCount in Core/Ap4StscAtom.h file ...)
+ TODO: check
+CVE-2017-14257 (In the SDK in Bento4 1.5.0-616, AP4_AtomSampleTable::GetSample in ...)
+ TODO: check
CVE-2017-14256
RESERVED
CVE-2017-14255
@@ -43,18 +131,18 @@
RESERVED
CVE-2017-14253
RESERVED
-CVE-2017-14252
- RESERVED
-CVE-2017-14251
- RESERVED
+CVE-2017-14252 (SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) ...)
+ TODO: check
+CVE-2017-14251 (Unrestricted File Upload vulnerability in the fileDenyPattern in ...)
+ TODO: check
CVE-2017-14250
RESERVED
-CVE-2017-14249
- RESERVED
-CVE-2017-14248
- RESERVED
-CVE-2017-14247
- RESERVED
+CVE-2017-14249 (ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in ...)
+ TODO: check
+CVE-2017-14248 (A heap-based buffer over-read in SampleImage() in MagickCore/resize.c ...)
+ TODO: check
+CVE-2017-14247 (SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) ...)
+ TODO: check
CVE-2017-14246
RESERVED
CVE-2017-14245
@@ -63,16 +151,16 @@
RESERVED
CVE-2017-14243
RESERVED
-CVE-2017-14242
- RESERVED
-CVE-2017-14241
- RESERVED
-CVE-2017-14240
- RESERVED
-CVE-2017-14239
- RESERVED
-CVE-2017-14238
- RESERVED
+CVE-2017-14242 (SQL injection vulnerability in don/list.php in Dolibarr version 6.0.0 ...)
+ TODO: check
+CVE-2017-14241 (Cross-site scripting (XSS) vulnerability in Dolibarr ERP/CRM 6.0.0 ...)
+ TODO: check
+CVE-2017-14240 (There is a sensitive information disclosure vulnerability in ...)
+ TODO: check
+CVE-2017-14239 (Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM ...)
+ TODO: check
+CVE-2017-14238 (SQL injection vulnerability in admin/menus/edit.php in Dolibarr ERP/CRM ...)
+ TODO: check
CVE-2017-14237
RESERVED
CVE-2017-14236
@@ -313,8 +401,8 @@
RESERVED
CVE-2017-14154
RESERVED
-CVE-2017-14153
- RESERVED
+CVE-2017-14153 (This vulnerability allows local attackers to escalate privileges on ...)
+ TODO: check
CVE-2017-14164 (A size-validation issue was discovered in opj_j2k_write_sot in ...)
- openjpeg2 <not-affected> (Incomplete fix for CVE-2017-14152 not applied)
CVE-2017-14152 (A mishandled zero case was discovered in opj_j2k_set_cinema_parameters ...)
@@ -331,7 +419,7 @@
NOTE: https://blogs.gentoo.org/ago/2017/08/16/openjpeg-heap-based-buffer-overflow-in-opj_mqc_flush-mqc-c/
NOTE: https://github.com/uclouvain/openjpeg/commit/afb308b9ccbe129608c9205cf3bb39bbefad90b9
NOTE: https://github.com/uclouvain/openjpeg/issues/982
-CVE-2017-1000249 [stack based buffer overflow]
+CVE-2017-1000249 (An issue in file() was introduced in commit ...)
{DSA-3965-1}
- file 1:5.32-1
[jessie] - file <not-affected> (Vulnerable code introduced later)
@@ -561,8 +649,8 @@
RESERVED
CVE-2017-14076 (SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the id ...)
NOT-FOR-US: NexusPHP
-CVE-2017-14075
- RESERVED
+CVE-2017-14075 (This vulnerability allows local attackers to escalate privileges on ...)
+ TODO: check
CVE-2017-14074
RESERVED
CVE-2017-14073
@@ -1648,7 +1736,7 @@
RESERVED
CVE-2017-13674 (Symantec ProxyClient 3.4 for Windows is susceptible to a privilege ...)
NOT-FOR-US: Symantec ProxyClient
-CVE-2017-13673 (The vga display update in Qemu 2.8.0 through 2.9.0 mis-calculated the ...)
+CVE-2017-13673 (The vga display update in mis-calculated the region for the dirty ...)
- qemu <not-affected> (Vulnerable code introduced later)
- qemu-kvm <not-affected> (Vulnerable code introduced later)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg04685.html
@@ -18837,14 +18925,13 @@
RESERVED
CVE-2017-7651
RESERVED
-CVE-2017-7650
- RESERVED
+CVE-2017-7650 (In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by ...)
{DSA-3865-1 DLA-961-1}
- mosquitto 1.4.10-3
NOTE: http://mosquitto.org/2017/05/security-advisory-cve-2017-7650/
NOTE: Patches: https://mosquitto.org/files/cve/2017-7650/
-CVE-2017-7649
- RESERVED
+CVE-2017-7649 (The network enabled distribution of Kura before 2.1.0 takes control ...)
+ TODO: check
CVE-2017-7648 (Foscam networked devices use the same hardcoded SSL private key across ...)
NOT-FOR-US: Foscam
CVE-2017-7647 (SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an ...)
@@ -72178,22 +72265,18 @@
NOT-FOR-US: Bitrix
CVE-2015-8355 (Multiple SQL injection vulnerabilities in the orion.extfeedbackform ...)
NOT-FOR-US: Bitrix
-CVE-2015-8354
- RESERVED
+CVE-2015-8354 (Cross-site scripting (XSS) vulnerability in the Ultimate Member ...)
NOT-FOR-US: WordPress plugin ultimate-member
-CVE-2015-8353
- RESERVED
+CVE-2015-8353 (Cross-site scripting (XSS) vulnerability in the Role Scoper plugin ...)
NOT-FOR-US: WordPress plugin role-scoper
CVE-2015-8352 (Directory traversal vulnerability in Zen Cart 1.5.4 allows remote ...)
NOT-FOR-US: Zen Cart
-CVE-2015-8351
- RESERVED
+CVE-2015-8351 (PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin ...)
NOT-FOR-US: WordPress plugin gwolle-gb
-CVE-2015-8350
- RESERVED
+CVE-2015-8350 (Multiple cross-site scripting (XSS) vulnerabilities in the Calls to ...)
NOT-FOR-US: WordPress plugin cta
-CVE-2015-8349
- RESERVED
+CVE-2015-8349 (Cross-site scripting (XSS) vulnerability in SourceBans before 2.0 ...)
+ TODO: check
CVE-2015-8348
RESERVED
CVE-2015-8347
@@ -73615,14 +73698,12 @@
CVE-2015-7880
RESERVED
NOT-FOR-US: Entity Registration module for Drupal
-CVE-2015-7879
- RESERVED
+CVE-2015-7879 (Cross-site scripting (XSS) vulnerability in the Stickynote module 7.x ...)
NOT-FOR-US: Stickynote module for Drupal
CVE-2015-7878
RESERVED
NOT-FOR-US: Taxonomy Find module for Drupal
-CVE-2015-7877
- RESERVED
+CVE-2015-7877 (Multiple SQL injection vulnerabilities in the User Dashboard module ...)
NOT-FOR-US: User Dashboard module for Drupal
CVE-2015-7876 (The escapeLike function in sqlsrv/database.inc in the Drupal 7 driver ...)
NOT-FOR-US: Driver for SQL Server and SQL Azure module for Drupal
@@ -81632,8 +81713,8 @@
RESERVED
CVE-2015-5055
RESERVED
-CVE-2015-5054
- RESERVED
+CVE-2015-5054 (Open redirect vulnerability in Ellucian (formerly SunGard) Banner ...)
+ TODO: check
CVE-2015-5053 (The host memory mapping path feature in the NVIDIA GPU graphics driver ...)
- nvidia-graphics-drivers 352.41-1
[jessie] - nvidia-graphics-drivers <not-affected> (Only affects R352 and R346 Linux branches)
@@ -82591,12 +82672,12 @@
RESERVED
CVE-2015-4690
RESERVED
-CVE-2015-4689
- RESERVED
-CVE-2015-4688
- RESERVED
-CVE-2015-4687
- RESERVED
+CVE-2015-4689 (Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows ...)
+ TODO: check
+CVE-2015-4688 (Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allow ...)
+ TODO: check
+CVE-2015-4687 (Cross-site scripting (XSS) vulnerability in Ellucian (formerly ...)
+ TODO: check
CVE-2015-4686
RESERVED
CVE-2015-4685
@@ -83005,8 +83086,8 @@
NOT-FOR-US: EMC Isilon OneFS
CVE-2015-4524 (Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 ...)
NOT-FOR-US: EMC Documentum WebTop Client
-CVE-2015-4523
- RESERVED
+CVE-2015-4523 (Blue Coat Malware Analysis Appliance (MAA) before 4.2.5 and Malware ...)
+ TODO: check
CVE-2015-4522 (The nsUnicodeToUTF8::GetMaxLength function in Mozilla Firefox before ...)
{DSA-3365-1}
- iceweasel 38.3.0esr-1
More information about the Secure-testing-commits
mailing list