[Secure-testing-commits] r55908 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Tue Sep 19 21:10:15 UTC 2017 

Author: sectracker
Date: 2017-09-19 21:10:15 +0000 (Tue, 19 Sep 2017)
New Revision: 55908

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-09-19 20:54:12 UTC (rev 55907)
+++ data/CVE/list	2017-09-19 21:10:15 UTC (rev 55908)
@@ -41,8 +41,8 @@
 CVE-2017-XXXX [pcb code injection by malicious layout file]
 	- pcb-rnd 1.2.5-2
 	[stretch] - pcb-rnd <no-dsa> (Minor issue)
-CVE-2017-14581
-	RESERVED
+CVE-2017-14581 (The Host Control web service in SAP NetWeaver AS JAVA 7.0 through 7.5 ...)
+	TODO: check
 CVE-2017-14580 (XnView Classic for Windows Version 2.41 allows attackers to execute ...)
 	NOT-FOR-US: XnView
 CVE-2017-14579 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
@@ -736,8 +736,8 @@
 	[jessie] - xen 4.4.1-9+deb8u10
 	[wheezy] - xen <not-affected> (No arm support in Wheezy)
 	NOTE: https://xenbits.xen.org/xsa/advisory-235.html
-CVE-2017-14311
-	RESERVED
+CVE-2017-14311 (The Winring0x32.sys driver in NetMechanica NetDecision 5.8.2 allows ...)
+	TODO: check
 CVE-2017-14310 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
 	NOT-FOR-US: STDU Viewer
 CVE-2017-14309 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
@@ -1214,12 +1214,12 @@
 	NOT-FOR-US: HelpDEZk
 CVE-2017-14144
 	RESERVED
-CVE-2017-14143
-	RESERVED
-CVE-2017-14142
-	RESERVED
-CVE-2017-14141
-	RESERVED
+CVE-2017-14143 (The getUserzoneCookie function in Kaltura before 13.2.0 uses a ...)
+	TODO: check
+CVE-2017-14142 (Multiple cross-site scripting (XSS) vulnerabilities in Kaltura before ...)
+	TODO: check
+CVE-2017-14141 (The wiki_decode Developer System Helper function in the admin panel in ...)
+	TODO: check
 CVE-2017-14140 (The move_pages system call in mm/migrate.c in the Linux kernel before ...)
 	{DLA-1099-1}
 	- linux 4.12.12-1
@@ -1545,8 +1545,7 @@
 	NOTE: https://patchwork.kernel.org/patch/9929625/
 CVE-2017-14034
 	RESERVED
-CVE-2017-14033 [Buffer underrun in OpenSSL ASN1 decode]
-	RESERVED
+CVE-2017-14033 (The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, ...)
 	- ruby2.3 <unfixed> (bug #875928)
 	- ruby2.1 <removed>
 	- ruby1.9.1 <removed>
@@ -4387,8 +4386,7 @@
 	RESERVED
 CVE-2017-12884
 	RESERVED
-CVE-2017-12883 [Buffer over-read in regular expression parser]
-	RESERVED
+CVE-2017-12883 (Buffer overflow in the regular expression parser in PERL before ...)
 	- perl 5.26.0-8 (bug #875597)
 	[wheezy] - perl <not-affected> (Vulnerable code introduced later)
 	NOTE: https://rt.perl.org/Public/Bug/Display.html?id=131598 (not yet public)
@@ -5030,8 +5028,7 @@
 	RESERVED
 CVE-2017-12838 (Cross-site request forgery (CSRF) vulnerability in NexusPHP 1.5 allows ...)
 	NOT-FOR-US: NexusPHP
-CVE-2017-12837 [Heap buffer overflow in regular expression compiler]
-	RESERVED
+CVE-2017-12837 (Heap-based buffer overflow in the regular expression compiler in PERL ...)
 	- perl 5.26.0-8 (bug #875596)
 	[wheezy] - perl <not-affected> (Vulnerable code introduced after 5.14.4)
 	NOTE: https://rt.perl.org/Public/Bug/Display.html?id=131582 (not yet public)
@@ -5627,14 +5624,12 @@
 	RESERVED
 CVE-2017-12617
 	RESERVED
-CVE-2017-12616 [Information Disclosure]
-	RESERVED
+CVE-2017-12616 (When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it ...)
 	- tomcat7 7.0.72-3
-        NOTE: NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
+	NOTE: NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
 	NOTE: https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.81
 	NOTE: https://svn.apache.org/r1804729
-CVE-2017-12615
-	RESERVED
+CVE-2017-12615 (When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs ...)
 	- tomcat7 <not-affected> (Windows-specific)
 CVE-2017-12614
 	RESERVED
@@ -8757,6 +8752,7 @@
 CVE-2017-11425
 	RESERVED
 CVE-2017-11424 (In PyJWT 1.5.0 and below the `invalid_strings` check in ...)
+	{DSA-3979-1}
 	- pyjwt <unfixed> (bug #873244)
 	NOTE: https://github.com/jpadilla/pyjwt/pull/277
 CVE-2017-11423 (The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, ...)
@@ -10428,10 +10424,10 @@
 	RESERVED
 CVE-2017-10932
 	RESERVED
-CVE-2017-10931
-	RESERVED
-CVE-2017-10930
-	RESERVED
+CVE-2017-10931 (The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download ...)
+	TODO: check
+CVE-2017-10930 (The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a ...)
+	TODO: check
 CVE-2016-10396 (The racoon daemon in IPsec-Tools 0.8.2 contains a remotely exploitable ...)
 	{DLA-1044-1}
 	- ipsec-tools 1:0.8.2+20140711-9 (bug #867986)
@@ -10763,8 +10759,7 @@
 	RESERVED
 CVE-2017-10785
 	RESERVED
-CVE-2017-10784 [Escape sequence injection vulnerability in the Basic authentication of WEBrick]
-	RESERVED
+CVE-2017-10784 (The Basic authentication code in WEBrick library in Ruby before 2.2.8, ...)
 	- ruby2.3 <unfixed> (bug #875931)
 	- ruby2.1 <removed>
 	- ruby1.9.1 <removed>
@@ -10939,8 +10934,8 @@
 	RESERVED
 CVE-2017-10701
 	RESERVED
-CVE-2017-10700
-	RESERVED
+CVE-2017-10700 (In the medialibrary component in QNAP NAS 4.3.3.0229, an ...)
+	TODO: check
 CVE-2017-10699 (avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before ...)
 	- vlc 2.2.6-3
 	[wheezy] - vlc <end-of-life> (Not supported in wheezy LTS)
@@ -14648,9 +14643,9 @@
 CVE-2017-9335
 	RESERVED
 CVE-2017-9333 (OpenWebif 1.2.5 allows remote code execution via a URL to the CallOPKG ...)
- 	NOT-FOR-US: OpenWebif
+	NOT-FOR-US: OpenWebif
 CVE-2017-9332 (The smarty_self function in modules/module_smarty.php in PivotX 2.3.11 ...)
- 	NOT-FOR-US: PivotX
+	NOT-FOR-US: PivotX
 CVE-2017-9331 (The Agenda component in Telaxus EPESI 1.8.2 and earlier has a Stored ...)
 	NOT-FOR-US: Telaxus EPESI
 CVE-2017-9329
@@ -24198,8 +24193,8 @@
 	NOTE: Upstream patch: https://anonscm.debian.org/cgit/sane/sane-backends.git/commit/frontend/saned.c?id=42896939822b44f44ecd1b6d35afdfa4473ed35d
 CVE-2017-6316 (Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote ...)
 	NOT-FOR-US: Citrix
-CVE-2017-6315
-	RESERVED
+CVE-2017-6315 (Astaro Security Gateway (aka ASG) 7 allows remote attackers to execute ...)
+	TODO: check
 CVE-2017-6335 (The QuantumTransferMode function in coders/tiff.c in GraphicsMagick ...)
 	- graphicsmagick 1.3.25-8
 	[wheezy] - graphicsmagick <not-affected> (vulnerable code not present)
@@ -74794,8 +74789,7 @@
 	NOT-FOR-US: SolarWinds
 CVE-2015-7838 (ProcessFileUpload.jsp in SolarWinds Storage Manager before 6.2 allows ...)
 	NOT-FOR-US: SolarWinds
-CVE-2015-7837
-	RESERVED
+CVE-2015-7837 (The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, ...)
 	- linux 4.5.1-1 (unimportant)
 	NOTE: secureboot not yet supported in the Debian package in 4.3
 	NOTE: https://github.com/mjg59/linux/commit/4b2b64d5a6ebc84214755ebccd599baef7c1b798
@@ -83612,16 +83606,16 @@
 	NOT-FOR-US: Ellucian (formerly SunGard) Banner Student
 CVE-2015-4686
 	RESERVED
-CVE-2015-4685
-	RESERVED
-CVE-2015-4684
-	RESERVED
-CVE-2015-4683
-	RESERVED
-CVE-2015-4682
-	RESERVED
-CVE-2015-4681
-	RESERVED
+CVE-2015-4685 (Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows ...)
+	TODO: check
+CVE-2015-4684 (Multiple directory traversal vulnerabilities in Polycom RealPresence ...)
+	TODO: check
+CVE-2015-4683 (Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows ...)
+	TODO: check
+CVE-2015-4682 (Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows ...)
+	TODO: check
+CVE-2015-4681 (Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows ...)
+	TODO: check
 CVE-2015-4679 (Multiple cross-site scripting (XSS) vulnerabilities in the web ...)
 	NOT-FOR-US: Airties RT-210
 CVE-2015-4678 (SQL injection vulnerability in Persian Car CMS 1.0 allows remote ...)
@@ -85257,8 +85251,8 @@
 	NOT-FOR-US: SAP NetWeaver AS Java
 CVE-2015-4090
 	RESERVED
-CVE-2015-4089
-	RESERVED
+CVE-2015-4089 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
+	TODO: check
 CVE-2015-4088
 	RESERVED
 CVE-2015-4087
@@ -86445,8 +86439,7 @@
 	NOTE: http://www.ocert.org/advisories/ocert-2015-006.html
 	NOTE: https://codesearch.debian.net/results/int%20CLASS%20ljpeg_start
 	NOTE: Starting with 2:13.2+dfsg1-5 xbmc is a transitional package
-CVE-2015-3880 [open redirect]
-	RESERVED
+CVE-2015-3880 (Open redirect vulnerability in phpBB before 3.0.14 and 3.1.x before ...)
 	- phpbb3 3.0.14-1
 	[jessie] - phpbb3 3.0.12-5+deb8u1
 	[wheezy] - phpbb3 3.0.10-4+deb7u3
@@ -87067,10 +87060,10 @@
 	RESERVED
 CVE-2015-3433
 	RESERVED
-CVE-2015-3432
-	RESERVED
-CVE-2015-3431
-	RESERVED
+CVE-2015-3432 (Multiple cross-site scripting (XSS) vulnerabilities in Pydio (formerly ...)
+	TODO: check
+CVE-2015-3431 (Pydio (formerly AjaXplorer) before 6.0.7 allows remote attackers to ...)
+	TODO: check
 CVE-2015-3430
 	RESERVED
 CVE-2015-3428
@@ -87087,8 +87080,8 @@
 	NOT-FOR-US: SearchBlox
 CVE-2015-3421 (The eshop_checkout function in checkout.php in the Wordpress Eshop ...)
 	NOT-FOR-US: Wordpress Eshop
-CVE-2015-3419
-	RESERVED
+CVE-2015-3419 (vBulletin 5.x through 5.1.6 allows remote authenticated users to ...)
+	TODO: check
 CVE-2015-3413
 	RESERVED
 	- hhvm 3.11.0+dfsg-1
@@ -87116,8 +87109,7 @@
 	[squeeze] - quassel <not-affected> (incomplete fix for CVE-2013-4422 not applied)
 	NOTE: https://github.com/quassel/quassel/commit/6605882f41331c80f7ac3a6992650a702ec71283
 	NOTE: http://quassel-irc.org/node/120
-CVE-2015-3420 [SSL/TLS handshake failures leading to a crash of the login process]
-	RESERVED
+CVE-2015-3420 (The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 ...)
 	- dovecot 1:2.2.13-12 (bug #783649)
 	[jessie] - dovecot 1:2.2.13-12~deb8u1
 	[wheezy] - dovecot <not-affected> (Problematic patch introducing the issue not applied)
@@ -87485,8 +87477,8 @@
 	NOT-FOR-US: TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress
 CVE-2015-3300 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
 	NOT-FOR-US: TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress
-CVE-2015-3299
-	RESERVED
+CVE-2015-3299 (Cross-site scripting (XSS) vulnerability in the Floating Social Bar ...)
+	TODO: check
 CVE-2015-3298
 	RESERVED
 CVE-2015-3296
@@ -91987,8 +91979,7 @@
 	[squeeze] - coreutils <no-dsa> (Minor issue)
 	NOTE: relevant code changed between 8.5 and 8.13, see https://bugzilla.redhat.com/show_bug.cgi?id=1211300 for details
 	NOTE: Issue reproduced in with 8.5 and confirmed to not work with 8.13-3.5
-CVE-2015-1864
-	RESERVED
+CVE-2015-1864 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
 	- kallithea <itp> (bug #689573)
 CVE-2015-1863 (Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows ...)
 	{DSA-3233-1}
@@ -92044,8 +92035,7 @@
 	- ruby2.2 2.2.2-1
 	NOTE: https://bugs.ruby-lang.org/issues/9644
 	NOTE: https://github.com/ruby/openssl/commit/e9a7bcb8bf2902f907c148a00bbcf21d3fa79596
-CVE-2015-1854 [access control bypass with modrdn]
-	RESERVED
+CVE-2015-1854 (389 Directory Server before 1.3.3.10 allows attackers to bypass ...)
 	- 389-ds-base 1.3.3.10-1 (bug #783923)
 	NOTE: Patch applied to CentOS package: https://git.centos.org/raw/rpms!389-ds-base.git!/309aa9ee631432d72c845f70df2ce6475055423b/SOURCES!0062-CVE-2015-1854-389ds-base-access-control-bypass-with-.patch
 CVE-2015-1853 [authentication doesn't protect symmetric associations against DoS attacks]
@@ -92074,8 +92064,7 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1231816
 	NOTE: According to https://bugs.launchpad.net/cinder/+bug/1415087 not exploitable
 	NOTE: in nova, cinder covered by separate CVE ID CVE-2015-1851
-CVE-2015-1849
-	RESERVED
+CVE-2015-1849 (AdvancedLdapLodinMogule in Red Hat JBoss Enterprise Application ...)
 	NOT-FOR-US: JBoss EAP
 CVE-2015-1848 (The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the ...)
 	- pcs <not-affected> (Fixed before initial release to Debian)
@@ -94890,14 +94879,14 @@
 	- glance 2014.1.3-12 (bug #776580)
 	[wheezy] - glance <no-dsa> (Minor issue)
 	NOTE: Versions: up to 2014.1.3 and 2014.2 version up to 2014.2.1
-CVE-2014-9619
-	RESERVED
-CVE-2014-9618
-	RESERVED
+CVE-2014-9619 (Unrestricted file upload vulnerability in ...)
+	TODO: check
+CVE-2014-9618 (The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x ...)
+	TODO: check
 CVE-2014-9617
 	RESERVED
-CVE-2014-9616
-	RESERVED
+CVE-2014-9616 (Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 ...)
+	TODO: check
 CVE-2014-9615
 	RESERVED
 CVE-2014-9614
@@ -94906,10 +94895,10 @@
 	RESERVED
 CVE-2014-9612
 	RESERVED
-CVE-2014-9611
-	RESERVED
-CVE-2014-9610
-	RESERVED
+CVE-2014-9611 (Netsweeper before 4.0.5 allows remote attackers to bypass ...)
+	TODO: check
+CVE-2014-9610 (Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 ...)
+	TODO: check
 CVE-2014-9609
 	RESERVED
 CVE-2014-9608
@@ -96227,8 +96216,8 @@
 	NOT-FOR-US: Cisco Secure Desktop Cache Cleaner
 CVE-2015-0690 (Cross-site scripting (XSS) vulnerability in the HTML help system on ...)
 	NOT-FOR-US: Cisco
-CVE-2015-0689
-	RESERVED
+CVE-2015-0689 (Cisco Cloud Web Security before 3.0.1.7 allows remote attackers to ...)
+	TODO: check
 CVE-2015-0688 (Cisco IOS XE 3.10.2S on an ASR 1000 device with an Embedded Services ...)
 	NOT-FOR-US: Cisco
 CVE-2015-0687 (The SNMP implementation in Cisco IOS 15.1(2)SG4 on Catalyst 4500 ...)
@@ -100466,12 +100455,12 @@
 	NOT-FOR-US: Telegram Messenger
 CVE-2014-8687 (Seagate Business NAS devices with firmware before 2015.00322 allow ...)
 	NOT-FOR-US: Seagate Business NAS devices
-CVE-2014-8686
-	RESERVED
+CVE-2014-8686 (CodeIgniter before 2.2.0 makes it easier for attackers to decode ...)
+	TODO: check
 CVE-2014-8685
 	RESERVED
-CVE-2014-8684
-	RESERVED
+CVE-2014-8684 (CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through ...)
+	TODO: check
 CVE-2014-8683 (Cross-site scripting (XSS) vulnerability in models/issue.go in Gogs ...)
 	NOT-FOR-US: Go Git Service
 CVE-2014-8682 (Multiple SQL injection vulnerabilities in Gogs (aka Go Git Service) ...)
@@ -101963,8 +101952,7 @@
 	NOTE: http://openssl.org/news/secadv/20150611.txt
 CVE-2014-8175 (Red Hat JBoss Fuse before 6.2.0 allows remote authenticated users to ...)
 	NOT-FOR-US: JBoss Fuse
-CVE-2014-8174
-	RESERVED
+CVE-2014-8174 (eDeploy makes it easier for remote attackers to execute arbitrary code ...)
 	- edeploy <itp> (bug #717664)
 CVE-2014-8173 (The pmd_none_or_trans_huge_or_clear_bad function in ...)
 	- linux 3.13.4-1
@@ -106961,8 +106949,8 @@
 	NOT-FOR-US: IBM
 CVE-2014-6192 (Cross-site scripting (XSS) vulnerability in IBM Curam Social Program ...)
 	NOT-FOR-US: IBM
-CVE-2014-6191
-	RESERVED
+CVE-2014-6191 (Cross-site scripting (XSS) vulnerability in IBM Curam Social Program ...)
+	TODO: check
 CVE-2014-6190 (The log viewer in IBM Workload Deployer 3.1 before 3.1.0.7 allows ...)
 	NOT-FOR-US: IBM
 CVE-2014-6189 (Cross-site scripting (XSS) vulnerability in IBM Security Network ...)
@@ -108721,8 +108709,8 @@
 	RESERVED
 CVE-2014-5363
 	RESERVED
-CVE-2014-5362
-	RESERVED
+CVE-2014-5362 (The admin interface in Landesk Management Suite 9.6 and earlier allows ...)
+	TODO: check
 CVE-2014-5361 (Multiple cross-site request forgery (CSRF) vulnerabilities in Landesk ...)
 	NOT-FOR-US: LANDesk Management Suite
 CVE-2014-5360 (Cross-site scripting (XSS) vulnerability in the admin interface in ...)

More information about the Secure-testing-commits mailing list