[Secure-testing-commits] r55771 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Thu Sep 14 21:10:14 UTC 2017
Author: sectracker
Date: 2017-09-14 21:10:14 +0000 (Thu, 14 Sep 2017)
New Revision: 55771
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-09-14 21:09:57 UTC (rev 55770)
+++ data/CVE/list 2017-09-14 21:10:14 UTC (rev 55771)
@@ -1,3 +1,61 @@
+CVE-2017-1002100 (Default access permissions for Persistent Volumes (PVs) created by the ...)
+ TODO: check
+CVE-2017-1002028 (Vulnerability in wordpress plugin wordpress-gallery-transformation ...)
+ TODO: check
+CVE-2017-1002027 (Vulnerability in wordpress plugin rk-responsive-contact-form v1.0, The ...)
+ TODO: check
+CVE-2017-1002026 (Vulnerability in wordpress plugin Event Expresso Free v3.1.37.11.L, ...)
+ TODO: check
+CVE-2017-1002025 (Vulnerability in wordpress plugin ...)
+ TODO: check
+CVE-2017-1002023 (Vulnerability in wordpress plugin Easy Team Manager v1.3.2, The code ...)
+ TODO: check
+CVE-2017-1002022 (Vulnerability in wordpress plugin surveys v1.01.8, The code in ...)
+ TODO: check
+CVE-2017-1002021 (Vulnerability in wordpress plugin surveys v1.01.8, The code in ...)
+ TODO: check
+CVE-2017-1002020 (Vulnerability in wordpress plugin surveys v1.01.8, The code in ...)
+ TODO: check
+CVE-2017-1002019 (Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form ...)
+ TODO: check
+CVE-2017-1002018 (Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form ...)
+ TODO: check
+CVE-2017-1002017 (Vulnerability in wordpress plugin gift-certificate-creator v1.0, The ...)
+ TODO: check
+CVE-2017-1002016 (Vulnerability in wordpress plugin flickr-picture-backup v0.7, The code ...)
+ TODO: check
+CVE-2017-1002015 (Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, ...)
+ TODO: check
+CVE-2017-1002014 (Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, ...)
+ TODO: check
+CVE-2017-1002013 (Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, ...)
+ TODO: check
+CVE-2017-1002012 (Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, ...)
+ TODO: check
+CVE-2017-1002011 (Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, ...)
+ TODO: check
+CVE-2017-1002010 (Vulnerability in wordpress plugin Membership Simplified v1.58, The ...)
+ TODO: check
+CVE-2017-1002009 (Vulnerability in wordpress plugin Membership Simplified v1.58, The ...)
+ TODO: check
+CVE-2017-1002008 (Vulnerability in wordpress plugin ...)
+ TODO: check
+CVE-2017-1002007 (Vulnerability in wordpress plugin DTracker v1.5, The code ...)
+ TODO: check
+CVE-2017-1002006 (Vulnerability in wordpress plugin DTracker v1.5, The code ...)
+ TODO: check
+CVE-2017-1002005 (Vulnerability in wordpress plugin DTracker v1.5, In file ...)
+ TODO: check
+CVE-2017-1002004 (Vulnerability in wordpress plugin DTracker v1.5, In file ...)
+ TODO: check
+CVE-2017-1002003 (Vulnerability in wordpress plugin ...)
+ TODO: check
+CVE-2017-1002002 (Vulnerability in wordpress plugin webapp-builder v2.0, The plugin ...)
+ TODO: check
+CVE-2017-1002001 (Vulnerability in wordpress plugin mobile-app-builder-by-wappress ...)
+ TODO: check
+CVE-2017-1002000 (Vulnerability in wordpress plugin ...)
+ TODO: check
CVE-2017-14481
RESERVED
CVE-2017-14480
@@ -468,7 +526,8 @@
NOT-FOR-US: AlegroCart
CVE-2015-9226 (Multiple SQL injection vulnerabilities in AlegroCart 1.2.8 allow ...)
NOT-FOR-US: AlegroCart
-CVE-2017-14482 [enriched text remote code execution]
+CVE-2017-14482 (GNU Emacs before 25.3 allows remote attackers to execute arbitrary code ...)
+ {DSA-3970-1}
- emacs25 25.2+1-6 (bug #875447)
- emacs24 <removed> (bug #875448)
- emacs23 <removed> (bug #875449)
@@ -476,7 +535,7 @@
NOTE: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=28350
NOTE: https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-25&id=9ad0fcc54442a9a01d41be19880250783426db70
CVE-2017-14313 (The shibboleth_login_form function in shibboleth.php in the Shibboleth ...)
- {DLA-1096-1}
+ {DSA-3973-1 DLA-1096-1}
- wordpress-shibboleth 1.8-1 (bug #874416)
NOTE: https://github.com/michaelryanmcneill/shibboleth/commit/1d65ad6786282d23ba1865f56e2fd19188e7c26a
NOTE: https://make.wordpress.org/plugins/2015/04/20/fixing-add_query_arg-and-remove_query_arg-usage/
@@ -943,7 +1002,7 @@
- rtpproxy <unfixed> (bug #874070)
NOTE: https://rtpbleed.com/
CVE-2017-14113
- RESERVED
+ REJECTED
CVE-2017-14112
RESERVED
CVE-2017-14111
@@ -1754,8 +1813,8 @@
NOT-FOR-US: ONOS
CVE-2017-13762 (ONOS versions 1.8.0, 1.9.0, and 1.10.0 are vulnerable to XSS. ...)
NOT-FOR-US: ONOS
-CVE-2017-13761
- RESERVED
+CVE-2017-13761 (The Fastly CDN module before 1.2.26 for Magneto2, when used with a ...)
+ TODO: check
CVE-2017-13760 (In The Sleuth Kit (TSK) 4.4.2, fls hangs on a corrupt exfat image in ...)
- sleuthkit <unfixed> (unimportant; bug #873724)
NOTE: https://github.com/sleuthkit/sleuthkit/issues/906
@@ -2189,8 +2248,8 @@
RESERVED
CVE-2017-13650
RESERVED
-CVE-2017-1002150
- RESERVED
+CVE-2017-1002150 (python-fedora 0.8.0 and lower is vulnerable to an open redirect ...)
+ TODO: check
CVE-2017-13649 (UnrealIRCd 4.0.13 and earlier creates a PID file after dropping ...)
- unrealircd <itp> (bug #515130)
CVE-2017-13648 (In GraphicsMagick 1.3.26, a memory leak vulnerability was found in the ...)
@@ -3358,8 +3417,8 @@
RESERVED
CVE-2017-13068
RESERVED
-CVE-2017-13067
- RESERVED
+CVE-2017-13067 (QNAP has patched a remote code execution vulnerability affecting the ...)
+ TODO: check
CVE-2017-13066 (GraphicsMagick 1.3.26 has a memory leak vulnerability in the function ...)
- graphicsmagick <unfixed> (unimportant)
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/430/
@@ -7927,7 +7986,7 @@
NOT-FOR-US: Mongoose
CVE-2017-11566 (AppUse 4.0 allows shell command injection via a proxy field. ...)
NOT-FOR-US: AppUse
-CVE-2017-1002151 [pagure: private repositories accessible through ssh]
+CVE-2017-1002151 (Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due ...)
- pagure <itp> (bug #829046)
NOTE: https://pagure.io/pagure/pull-request/2426
CVE-2017-11564
@@ -9471,7 +9530,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2017/03/06/1
NOTE: https://github.com/mdadams/jasper/issues/120
NOTE: Fixed by: https://github.com/mdadams/jasper/commit/58ba0365d911b9f9dd68e9abf826682c0b4f2293
-CVE-2017-1002024
+CVE-2017-1002024 (Vulnerability in web application Kind Editor v4.1.12, ...)
NOT-FOR-US: kindeditor
CVE-2017-11103 (Heimdal before 7.4 allows remote attackers to impersonate services with ...)
{DSA-3912-1 DSA-3909-1 DLA-1027-1}
@@ -34398,8 +34457,8 @@
[jessie] - python-tablib <no-dsa> (Minor issue)
NOTE: Fixed by: https://github.com/kennethreitz/tablib/commit/69abfc3ada5d754cb152119c0b4777043657cb6e
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0307
-CVE-2017-2809
- RESERVED
+CVE-2017-2809 (An exploitable vulnerability exists in the yaml loading functionality ...)
+ TODO: check
CVE-2017-2808 (An exploitable use-after-free vulnerability exists in the account ...)
- ledger <unfixed>
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0304
@@ -37339,8 +37398,8 @@
RESERVED
CVE-2017-1491 (IBM QRadar Network Security 5.4 supports interaction between multiple ...)
NOT-FOR-US: IBM
-CVE-2017-1490
- RESERVED
+CVE-2017-1490 (An unspecified vulnerability in the Lifecycle Query Engine of Jazz ...)
+ TODO: check
CVE-2017-1489 (IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community ...)
NOT-FOR-US: IBM
CVE-2017-1488
@@ -38928,22 +38987,18 @@
NOT-FOR-US: Broadcom driver for Android
CVE-2017-0786 (A elevation of privilege vulnerability in the Broadcom wi-fi driver. ...)
NOT-FOR-US: Broadcom driver for Android
-CVE-2017-0785
- RESERVED
+CVE-2017-0785 (A information disclosure vulnerability in the Android system ...)
NOT-FOR-US: Android
NOTE: https://www.armis.com/blueborne/
CVE-2017-0784 (A elevation of privilege vulnerability in the Android system (nfc). ...)
NOT-FOR-US: Android
-CVE-2017-0783
- RESERVED
+CVE-2017-0783 (A information disclosure vulnerability in the Android system ...)
NOT-FOR-US: Android
NOTE: https://www.armis.com/blueborne/
-CVE-2017-0782
- RESERVED
+CVE-2017-0782 (A remote code execution vulnerability in the Android system ...)
NOT-FOR-US: Android
NOTE: https://www.armis.com/blueborne/
-CVE-2017-0781
- RESERVED
+CVE-2017-0781 (A remote code execution vulnerability in the Android system ...)
NOT-FOR-US: Android
NOTE: https://www.armis.com/blueborne/
CVE-2017-0780 (A denial of service vulnerability in the Android runtime (android ...)
@@ -75240,8 +75295,7 @@
NOTE: --
NOTE: The problem is present in tiff3 3.9.6-11+deb7u1 on wheezy (the problematic code
NOTE: gets executed under gdb), however for some reason this does not lead to a segfault.
-CVE-2015-7553 [nfnetlink race in NETLINK_NFLOG socket creation]
- RESERVED
+CVE-2015-7553 (Race condition in the kernel in Red Hat Enterprise Linux 7, kernel-rt ...)
- linux <not-affected> (RHEL-specific backport bug)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1288934
NOTE: Related to an incomplete RHEL backport of https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8ac2bde2a4a05c38e2bd733bea94507cb1461e06
@@ -90986,8 +91040,8 @@
NOT-FOR-US: Googlemaps plugin for Joomla!
CVE-2013-7430 (Cross-site scripting (XSS) vulnerability in the Googlemaps plugin ...)
NOT-FOR-US: Googlemaps plugin for Joomla!
-CVE-2013-7429
- RESERVED
+CVE-2013-7429 (The Googlemaps plugin before 3.1 for Joomla! allows remote attackers ...)
+ TODO: check
CVE-2013-7428 (The Googlemaps plugin before 3.1 for Joomla! allows remote attackers ...)
NOT-FOR-US: Googlemaps plugin for Joomla!
CVE-2015-2085
More information about the Secure-testing-commits
mailing list