[Secure-testing-commits] r55744 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Wed Sep 13 21:10:24 UTC 2017
Author: sectracker
Date: 2017-09-13 21:10:24 +0000 (Wed, 13 Sep 2017)
New Revision: 55744
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-09-13 20:39:34 UTC (rev 55743)
+++ data/CVE/list 2017-09-13 21:10:24 UTC (rev 55744)
@@ -1,3 +1,39 @@
+CVE-2017-14430 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) ...)
+ TODO: check
+CVE-2017-14429 (The DHCP client on D-Link DIR-850L REV. A (with firmware through ...)
+ TODO: check
+CVE-2017-14428 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) ...)
+ TODO: check
+CVE-2017-14427 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) ...)
+ TODO: check
+CVE-2017-14426 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) ...)
+ TODO: check
+CVE-2017-14425 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) ...)
+ TODO: check
+CVE-2017-14424 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) ...)
+ TODO: check
+CVE-2017-14423 (htdocs/parentalcontrols/bind.php on D-Link DIR-850L REV. A (with ...)
+ TODO: check
+CVE-2017-14422 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) ...)
+ TODO: check
+CVE-2017-14421 (D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices have ...)
+ TODO: check
+CVE-2017-14420 (The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with ...)
+ TODO: check
+CVE-2017-14419 (The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with ...)
+ TODO: check
+CVE-2017-14418 (The D-Link NPAPI extension, as used in conjunction with D-Link DIR-850L ...)
+ TODO: check
+CVE-2017-14417 (register_send.php on D-Link DIR-850L REV. B (with firmware through ...)
+ TODO: check
+CVE-2017-14416 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) ...)
+ TODO: check
+CVE-2017-14415 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) ...)
+ TODO: check
+CVE-2017-14414 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) ...)
+ TODO: check
+CVE-2017-14413 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) ...)
+ TODO: check
CVE-2017-14412 (An invalid memory write was discovered in copy_mp in interface.c in ...)
- mp3gain <removed>
CVE-2017-14411 (A stack-based buffer overflow was discovered in copy_mp in interface.c ...)
@@ -340,6 +376,7 @@
NOTE: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=28350
NOTE: https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-25&id=9ad0fcc54442a9a01d41be19880250783426db70
CVE-2017-14313 (The shibboleth_login_form function in shibboleth.php in the Shibboleth ...)
+ {DLA-1096-1}
- wordpress-shibboleth 1.8-1 (bug #874416)
NOTE: https://github.com/michaelryanmcneill/shibboleth/commit/1d65ad6786282d23ba1865f56e2fd19188e7c26a
NOTE: https://make.wordpress.org/plugins/2015/04/20/fixing-add_query_arg-and-remove_query_arg-usage/
@@ -683,6 +720,7 @@
NOTE: https://www.armis.com/blueborne/
NOTE: https://access.redhat.com/security/vulnerabilities/blueborne
CVE-2017-1000250 (All versions of the SDP server in BlueZ 5.46 and earlier are ...)
+ {DSA-3972-1}
- bluez <unfixed> (bug #875633)
NOTE: https://www.armis.com/blueborne/
CVE-2017-1000249 (An issue in file() was introduced in commit ...)
@@ -773,8 +811,8 @@
NOT-FOR-US: Wordpress plugin
CVE-2017-14125
RESERVED
-CVE-2017-14124
- RESERVED
+CVE-2017-14124 (In eLux RP 5.x before 5.5.1000 LTSR and 5.6.x before 5.6.2 CR when ...)
+ TODO: check
CVE-2017-14123 (Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2017-14122 (unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based ...)
@@ -5184,8 +5222,7 @@
RESERVED
CVE-2017-12613
RESERVED
-CVE-2017-12612
- RESERVED
+CVE-2017-12612 (In Apache Spark 1.6.0 until 2.1.1, the launcher API performs unsafe ...)
NOT-FOR-US: Apache Spark
CVE-2017-12611
RESERVED
@@ -8174,8 +8211,7 @@
NOT-FOR-US: dotCMS
CVE-2017-11463
RESERVED
-CVE-2017-11462 [automatic sec context deletion could lead to double-free]
- RESERVED
+CVE-2017-11462 (Double free vulnerability in MIT Kerberos 5 (aka krb5) allows ...)
- krb5 <unfixed> (bug #873563)
[stretch] - krb5 <no-dsa> (Minor issue)
[jessie] - krb5 <no-dsa> (Minor issue)
@@ -19639,15 +19675,13 @@
NOTE: https://github.com/krb5/krb5/pull/694/commits/50fe4074f188c2d4da0c421e96553acea8378db2
NOTE: https://github.com/krb5/krb5/pull/694/commits/1de6ca2f2eb1fdbab51f1549a25a6903aefcc196
NOTE: https://github.com/krb5/krb5/pull/694/commits/b7af544e50a4d8291524f590e20dd44430bf627d
-CVE-2017-7561 [Vary header not added by CORS filter leading to cache poisoning]
- RESERVED
+CVE-2017-7561 (Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is ...)
- resteasy <unfixed> (bug #873392)
[jessie] - resteasy <not-affected> (CORS Filter added in 3.0.7.Final)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1483823
NOTE: https://issues.jboss.org/projects/RESTEASY/issues/RESTEASY-1704
NOTE: Fixed by: https://github.com/resteasy/Resteasy/commit/517db971d8f7094124416bf72091fd0b45a13028
-CVE-2017-7560
- RESERVED
+CVE-2017-7560 (It was found that rhnsd PID files are created as world-writable that ...)
- rhnsd <not-affected> (Vulnerable code introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1480550
NOTE: Introduced by: https://github.com/spacewalkproject/spacewalk/commit/75d9c00b96ab430221c5c7668baebebc74ddd67e
@@ -23637,8 +23671,8 @@
RESERVED
CVE-2017-6331
RESERVED
-CVE-2017-6330
- RESERVED
+CVE-2017-6330 (Symantec Encryption Desktop before SED 10.4.1MP2 can allow remote ...)
+ TODO: check
CVE-2017-6329 (Symantec VIP Access for Desktop prior to 2.2.4 can be susceptible to a ...)
NOT-FOR-US: Symantec
CVE-2017-6328 (The Symantec Messaging Gateway before 10.6.3-267 can encounter an ...)
@@ -33241,8 +33275,8 @@
- apache2 2.4.25-4
CVE-2017-3166
RESERVED
-CVE-2017-3165
- RESERVED
+CVE-2017-3165 (In Apache Brooklyn before 0.10.0, the REST server is vulnerable to ...)
+ TODO: check
CVE-2017-3164
RESERVED
CVE-2017-3163 (When using the Index Replication feature, Apache Solr nodes can pull ...)
@@ -34323,8 +34357,8 @@
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2017-0319
CVE-2017-2817 (A stack buffer overflow vulnerability exists in the ISO parsing ...)
NOT-FOR-US: PowerISO
-CVE-2017-2816
- RESERVED
+CVE-2017-2816 (An exploitable buffer overflow vulnerability exists in the tag parsing ...)
+ TODO: check
CVE-2017-2815
RESERVED
CVE-2017-2814 (An exploitable heap overflow vulnerability exists in the image ...)
@@ -37152,8 +37186,8 @@
RESERVED
CVE-2017-1557
RESERVED
-CVE-2017-1556
- RESERVED
+CVE-2017-1556 (IBM API Connect 5.0.7.0 through 5.0.7.2 is vulnerable to a regular ...)
+ TODO: check
CVE-2017-1555
RESERVED
CVE-2017-1554
@@ -37248,8 +37282,8 @@
RESERVED
CVE-2017-1509
RESERVED
-CVE-2017-1508
- RESERVED
+CVE-2017-1508 (IBM Informix Dynamic Server 12.1 could allow a local user logged in ...)
+ TODO: check
CVE-2017-1507
RESERVED
CVE-2017-1506
@@ -43163,8 +43197,8 @@
NOTE: Fixed by: http://svn.apache.org/r1777469 (8.0.x)
NOTE: Fixed by: http://svn.apache.org/r1777471 (7.0.x)
NOTE: Fixed by: http://svn.apache.org/r1777472 (6.0.x)
-CVE-2016-8744
- RESERVED
+CVE-2016-8744 (Apache Brooklyn uses the SnakeYAML library for parsing YAML inputs. ...)
+ TODO: check
CVE-2016-8743 (Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was ...)
{DSA-3796-1 DLA-841-2 DLA-841-1}
- apache2 2.4.25-1
@@ -43191,8 +43225,8 @@
NOT-FOR-US: Apache CXF
CVE-2016-8738
RESERVED
-CVE-2016-8737
- RESERVED
+CVE-2016-8737 (In Apache Brooklyn before 0.10.0, the REST server is vulnerable to ...)
+ TODO: check
CVE-2016-8736
RESERVED
NOT-FOR-US: Apache OpenMeetings
@@ -74101,8 +74135,7 @@
RESERVED
CVE-2015-7881 (The Colorbox module 7.x-2.x before 7.x-2.10 for Drupal allows remote ...)
NOT-FOR-US: Colorbox module for Drupal
-CVE-2015-7880
- RESERVED
+CVE-2015-7880 (The Entity Registration module 7.x-1.x before 7.x-1.5 for Drupal ...)
NOT-FOR-US: Entity Registration module for Drupal
CVE-2015-7879 (Cross-site scripting (XSS) vulnerability in the Stickynote module 7.x ...)
NOT-FOR-US: Stickynote module for Drupal
@@ -81647,8 +81680,8 @@
NOT-FOR-US: Apache Cordova
CVE-2015-5207 (Apache Cordova iOS before 4.0.0 might allow attackers to bypass a URL ...)
NOT-FOR-US: Apache Cordova
-CVE-2015-5206
- RESERVED
+CVE-2015-5206 (Unspecified vulnerability in the HTTP/2 experimental feature in Apache ...)
+ TODO: check
CVE-2015-5205
RESERVED
CVE-2015-5204 (CRLF injection vulnerability in the Apache Cordova File Transfer ...)
@@ -81782,8 +81815,8 @@
CVE-2015-5169
RESERVED
- libstruts1.2-java <not-affected> (Affects 2.0.0 - 2.3.16.3)
-CVE-2015-5168
- RESERVED
+CVE-2015-5168 (Unspecified vulnerability in the HTTP/2 experimental feature in Apache ...)
+ TODO: check
CVE-2015-5167 (The Policy Admin Tool in Apache Ranger before 0.5.1 allows remote ...)
NOT-FOR-US: Apache Ranger
CVE-2015-5166 (Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not ...)
@@ -90001,8 +90034,7 @@
[squeeze] - drupal6 <end-of-life>
NOTE: https://www.drupal.org/SA-CORE-2015-001
NOTE: http://cgit.drupalcode.org/drupal/commit/?id=8e54eca05a65c6231b02510e1917af0c9191e549
-CVE-2015-2750 [SA-CORE-2015-001: Open redirect -- underlying problem lack of checks for special "//"]
- RESERVED
+CVE-2015-2750 (Open redirect vulnerability in URL-related API functions in Drupal 6.x ...)
{DSA-3200-1}
- drupal7 7.32-1+deb8u2 (bug #780772)
- drupal6 <removed>
@@ -90010,8 +90042,7 @@
NOTE: https://www.drupal.org/SA-CORE-2015-001
NOTE: http://cgit.drupalcode.org/drupal/commit/includes/menu.inc?h=6.x&id=8ffc5db3c0ab926f3d4b2cf8bc51714c8c0f3c93
NOTE: http://cgit.drupalcode.org/drupal/commit/includes/common.inc?h=7.x&id=b44056d2f8e8c71d35c85ec5c2fb8f7c8a02d8a8
-CVE-2015-2749 [SA-CORE-2015-001: Open redirect -- issue related "destination" use]
- RESERVED
+CVE-2015-2749 (Open redirect vulnerability in Drupal 6.x before 6.35 and 7.x before ...)
{DSA-3200-1}
- drupal7 7.32-1+deb8u2 (bug #780772)
- drupal6 <removed>
More information about the Secure-testing-commits
mailing list