[Secure-testing-commits] r56138 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Mon Sep 25 21:10:15 UTC 2017
Author: sectracker
Date: 2017-09-25 21:10:15 +0000 (Mon, 25 Sep 2017)
New Revision: 56138
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-09-25 20:29:53 UTC (rev 56137)
+++ data/CVE/list 2017-09-25 21:10:15 UTC (rev 56138)
@@ -1,3 +1,9 @@
+CVE-2017-14731 (ofx_proc_file in ofx_preproc.cpp in LibOFX 0.9.12 allows remote ...)
+ TODO: check
+CVE-2017-14730 (The init script in the Gentoo app-admin/logstash-bin package before ...)
+ TODO: check
+CVE-2017-14729 (The *_get_synthetic_symtab functions in the Binary File Descriptor ...)
+ TODO: check
CVE-2017-14728
RESERVED
CVE-2017-14726 (Before version 4.8.2, WordPress was vulnerable to a cross-site ...)
@@ -1639,8 +1645,8 @@
NOT-FOR-US: Technicolor
CVE-2017-14126 (The Participants Database plugin before 1.7.5.10 for WordPress has XSS. ...)
NOT-FOR-US: Wordpress plugin
-CVE-2017-14125
- RESERVED
+CVE-2017-14125 (SQL injection vulnerability in the Responsive Image Gallery plugin ...)
+ TODO: check
CVE-2017-14124 (In eLux RP 5.x before 5.5.1000 LTSR and 5.6.x before 5.6.2 CR when ...)
NOT-FOR-US: eLux
CVE-2017-14123 (Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File ...)
@@ -4659,8 +4665,8 @@
NOT-FOR-US: NexusPHP
CVE-2017-12906 (Multiple cross-site scripting (XSS) vulnerabilities in NexusPHP allow ...)
NOT-FOR-US: NexusPHP
-CVE-2017-12905
- RESERVED
+CVE-2017-12905 (Server Side Request Forgery vulnerability in Vebto Pixie Image Editor ...)
+ TODO: check
CVE-2017-12904 (Improper Neutralization of Special Elements used in an OS Command in ...)
{DSA-3947-1 DLA-1061-1}
- newsbeuter 2.9-6
@@ -11647,20 +11653,20 @@
RESERVED
CVE-2017-9963
RESERVED
-CVE-2017-9962
- RESERVED
-CVE-2017-9961
- RESERVED
-CVE-2017-9960
- RESERVED
-CVE-2017-9959
- RESERVED
-CVE-2017-9958
- RESERVED
-CVE-2017-9957
- RESERVED
-CVE-2017-9956
- RESERVED
+CVE-2017-9962 (Schneider Electric's ClearSCADA versions released prior to August 2017 ...)
+ TODO: check
+CVE-2017-9961 (A vulnerability exists in Schneider Electric's Pro-Face GP Pro EX ...)
+ TODO: check
+CVE-2017-9960 (An information disclosure vulnerability exists in Schneider Electric's ...)
+ TODO: check
+CVE-2017-9959 (A vulnerability exists in Schneider Electric's U.motion Builder ...)
+ TODO: check
+CVE-2017-9958 (An improper access control vulnerability exists in Schneider ...)
+ TODO: check
+CVE-2017-9957 (A vulnerability exists in Schneider Electric's U.motion Builder ...)
+ TODO: check
+CVE-2017-9956 (An authentication bypass vulnerability exists in Schneider Electric's ...)
+ TODO: check
CVE-2017-9955 (The get_build_id function in opncls.c in the Binary File Descriptor ...)
- binutils 2.29-1
[stretch] - binutils <ignored> (Minor issue)
@@ -14332,8 +14338,8 @@
[wheezy] - ruby1.8 <no-dsa> (Minor issue, Net::SMTP users should validate data they send too)
NOTE: https://github.com/ruby/ruby/commit/0827a7e52ba3d957a634b063bf5a391239b9ffee
NOTE: https://github.com/rubysec/ruby-advisory-db/issues/215
-CVE-2017-9551
- RESERVED
+CVE-2017-9551 (Mahara 15.04 before 15.04.14 and 16.04 before 16.04.8 and 16.10 before ...)
+ TODO: check
CVE-2017-9550
RESERVED
CVE-2017-9549
@@ -18920,18 +18926,18 @@
- jbig2dec 0.13-4.1 (bug #860788)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697693
NOTE: Fixed by: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5e57e483298dae8b
-CVE-2017-7974
- RESERVED
-CVE-2017-7973
- RESERVED
-CVE-2017-7972
- RESERVED
-CVE-2017-7971
- RESERVED
-CVE-2017-7970
- RESERVED
-CVE-2017-7969
- RESERVED
+CVE-2017-7974 (A path traversal information disclosure vulnerability exists in ...)
+ TODO: check
+CVE-2017-7973 (A SQL injection vulnerability exists in Schneider Electric's U.motion ...)
+ TODO: check
+CVE-2017-7972 (A vulnerability exists in Schneider Electric's PowerSCADA Anywhere ...)
+ TODO: check
+CVE-2017-7971 (A vulnerability exists in Schneider Electric's PowerSCADA Anywhere ...)
+ TODO: check
+CVE-2017-7970 (A vulnerability exists in Schneider Electric's PowerSCADA Anywhere ...)
+ TODO: check
+CVE-2017-7969 (A cross-site request forgery vulnerability exists on the Secure ...)
+ TODO: check
CVE-2017-7968 (An Incorrect Default Permissions issue was discovered in Schneider ...)
NOT-FOR-US: Schneider
CVE-2017-7967 (All versions of VAMPSET software produced by Schneider Electric, prior ...)
@@ -38061,16 +38067,16 @@
RESERVED
CVE-2017-1556 (IBM API Connect 5.0.7.0 through 5.0.7.2 is vulnerable to a regular ...)
NOT-FOR-US: IBM
-CVE-2017-1555
- RESERVED
+CVE-2017-1555 (IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated ...)
+ TODO: check
CVE-2017-1554
RESERVED
CVE-2017-1553
RESERVED
CVE-2017-1552
RESERVED
-CVE-2017-1551
- RESERVED
+CVE-2017-1551 (IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker ...)
+ TODO: check
CVE-2017-1550
RESERVED
CVE-2017-1549
@@ -38323,8 +38329,8 @@
RESERVED
CVE-2017-1425
RESERVED
-CVE-2017-1424
- RESERVED
+CVE-2017-1424 (IBM Business Process Manager 8.5.7 is vulnerable to cross-site ...)
+ TODO: check
CVE-2017-1423
RESERVED
CVE-2017-1422 (IBM MaaS360 DTM all versions up to 3.81 does not perform proper ...)
@@ -38447,8 +38453,8 @@
RESERVED
CVE-2017-1363
RESERVED
-CVE-2017-1362
- RESERVED
+CVE-2017-1362 (IBM Security Identity Manager Adapters 6.0 and 7.0 stores user ...)
+ TODO: check
CVE-2017-1361
RESERVED
CVE-2017-1360
@@ -38479,8 +38485,8 @@
NOT-FOR-US: IBM
CVE-2017-1347 (IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL ...)
NOT-FOR-US: IBM
-CVE-2017-1346
- RESERVED
+CVE-2017-1346 (IBM Business Process Manager 7.5, 8.0, and 8.5 temporarily stores ...)
+ TODO: check
CVE-2017-1345
RESERVED
CVE-2017-1344
@@ -38701,8 +38707,8 @@
RESERVED
CVE-2017-1236 (IBM WebSphere MQ 9.0.2 could allow an authenticated user to ...)
NOT-FOR-US: IBM
-CVE-2017-1235
- RESERVED
+CVE-2017-1235 (IBM WebSphere MQ 8.0 could allow an authenticated user to cause a ...)
+ TODO: check
CVE-2017-1234 (IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. This ...)
NOT-FOR-US: IBM
CVE-2017-1233
@@ -69196,8 +69202,8 @@
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11835
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11602
NOTE: http://www.wireshark.org/security/wnpa-sec-2015-31.html
-CVE-2015-8707
- RESERVED
+CVE-2015-8707 (Password reset tokens in Magento CE before 1.9.2.2, and Magento EE ...)
+ TODO: check
CVE-2015-8744 (QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC ...)
{DSA-3471-1}
- qemu 1:2.5+dfsg-1
@@ -76739,17 +76745,13 @@
NOT-FOR-US: Appointment Booking Calendar plugin for WordPress
CVE-2015-7319 (SQL injection vulnerability in ...)
NOT-FOR-US: Appointment Booking Calendar plugin for WordPress
-CVE-2015-7318
- RESERVED
+CVE-2015-7318 (Plone 3.3.0 through 3.3.6 allows remote attackers to inject headers ...)
NOT-FOR-US: Plone
-CVE-2015-7317
- RESERVED
+CVE-2015-7317 (Kupu 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, ...)
NOT-FOR-US: Plone
-CVE-2015-7316
- RESERVED
+CVE-2015-7316 (Cross-site scripting (XSS) vulnerability in Plone 3.3.0 through 3.3.6, ...)
NOT-FOR-US: Plone
-CVE-2015-7315
- RESERVED
+CVE-2015-7315 (Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, ...)
NOT-FOR-US: Plone
CVE-2015-7310 (McAfee Enterprise Security Manager (ESM), Enterprise Security ...)
NOT-FOR-US: McAfee
@@ -78414,8 +78416,7 @@
RESERVED
CVE-2015-6738
RESERVED
-CVE-2015-6748 [XSS vulnerability in jsoup related to incomplete tags at EOF]
- RESERVED
+CVE-2015-6748 (Cross-site scripting (XSS) vulnerability in jsoup before 1.8.3. ...)
- jsoup 1.8.3-1 (bug #797275)
[jessie] - jsoup <no-dsa> (Minor issue)
[wheezy] - jsoup <no-dsa> (Minor issue)
@@ -82259,8 +82260,7 @@
- linux-2.6 <not-affected> (Vulnerable code not present)
NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8e2d61e0aed2b7c4ecb35844fe07e0b2b762dee4 (v4.3-rc3)
NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4db67e808640e3934d82ce61ee8e2e89fd877ba8 (v3.7-rc1)
-CVE-2015-5282
- RESERVED
+CVE-2015-5282 (Cross-site scripting (XSS) vulnerability in Foreman 1.7.0 and after. ...)
- foreman <itp> (bug #663101)
CVE-2015-5281 (The grub2 package before 2.02-0.29 in Red Hat Enterprise Linux (RHEL) ...)
- grub2 <not-affected> (SecureBoot not yet supported)
@@ -82443,8 +82443,7 @@
NOTE: Upstream fix: http://git.qemu.org/?p=qemu.git;a=commit;h=f9a70e79391f6d7c2a912d785239ee8effc1922d (v2.1.0-rc0)
CVE-2015-5238
RESERVED
-CVE-2015-5237 [Integer overflow in protobuf serialization]
- RESERVED
+CVE-2015-5237 (protobuf allows remote authenticated attackers to cause a heap-based ...)
- protobuf <unfixed> (unimportant)
NOTE: https://github.com/google/protobuf/issues/760
NOTE: Upstream doesn't consider this a real issue in practice.
@@ -84089,12 +84088,12 @@
NOT-FOR-US: OpenCart
CVE-2015-4670 (Directory traversal vulnerability in the AjaxFileUpload control in ...)
NOT-FOR-US: AjaxControlToolkit
-CVE-2015-4669
- RESERVED
-CVE-2015-4668
- RESERVED
-CVE-2015-4667
- RESERVED
+CVE-2015-4669 (The MySQL "root" user in Xsuite 2.3.0 and 2.4.3.0 does not have a ...)
+ TODO: check
+CVE-2015-4668 (Open redirect vulnerability in Xsuite 2.3.0 and 2.4.3.0 allows remote ...)
+ TODO: check
+CVE-2015-4667 (Multiple hardcoded credentials in Xsuite 2.3.0 and 2.4.3.0. ...)
+ TODO: check
CVE-2015-4666 (Directory traversal vulnerability in opm/read_sessionlog.php in ...)
NOT-FOR-US: Xceedium Xsuite
CVE-2015-4665 (Cross-site scripting (XSS) vulnerability in ajax_cmd.php in Xceedium ...)
@@ -90267,7 +90266,7 @@
NOT-FOR-US: Oracle Fusion
CVE-2015-2592 (Unspecified vulnerability in the Hyperion Enterprise Performance ...)
NOT-FOR-US: Oracle Hyperion
-CVE-2015-2591 (Unspecified vulnerability in the PeopleSoft Enteprise Portal - ...)
+CVE-2015-2591 (Unspecified vulnerability in the PeopleSoft Enterprise Portal - ...)
NOT-FOR-US: PeopleSoft
CVE-2015-2590 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and ...)
{DSA-3339-1 DSA-3316-1 DLA-303-1}
@@ -99677,8 +99676,7 @@
NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8c60435261deaefeb53ce3222d04d7d5bea81296
NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f3747379accba8e95d70cec0eae0582c8c182050
NOTE: http://permalink.gmane.org/gmane.linux.kernel.commits.head/502245
-CVE-2015-0238
- RESERVED
+CVE-2015-0238 (selinux-policy as packaged in Red Hat OpenShift 2 allows attackers to ...)
NOT-FOR-US: selinux-policy as shipped with Red Hat OpenShift 2
CVE-2015-0237 (Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 ignores ...)
NOT-FOR-US: Red Hat vdms
@@ -100452,8 +100450,8 @@
NOT-FOR-US: IBM Java
CVE-2014-8890 (IBM WebSphere Application Server Liberty Profile 8.5.x before 8.5.5.4 ...)
NOT-FOR-US: IBM
-CVE-2014-8889
- RESERVED
+CVE-2014-8889 (Dropbox SDK for Android before 1.6.2 might allow remote attackers to ...)
+ TODO: check
CVE-2014-8888
RESERVED
CVE-2014-8887 (IBM Marketing Operations 7.x and 8.x before 8.5.0.7.2, 8.6.x before ...)
@@ -102354,8 +102352,7 @@
[squeeze] - linux-2.6 <no-dsa> (Too difficult and risky to backport)
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3812c8c8f3953921ef18544110dafc3505c1ac62 (v3.12-rc1)
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4942642080ea82d99ab5b653abb9a12b7ba31f4a (v3.12-rc6)
-CVE-2014-8170
- RESERVED
+CVE-2014-8170 (ovirt_safe_delete_config in ovirtfunctions.py and other unspecified ...)
- ovirt-node <itp> (bug #502024)
CVE-2014-8169 (automount 5.0.8, when a program map uses certain interpreted ...)
- autofs 5.0.8-2 (bug #779591)
@@ -102406,8 +102403,7 @@
{DSA-3138-1 DLA-138-1}
- jasper 1.900.1-debian1-2.4 (bug #775970)
NOTE: http://www.ocert.org/advisories/ocert-2015-001.html
-CVE-2014-8156
- RESERVED
+CVE-2014-8156 (The D-Bus security policy files in /etc/dbus-1/system.d/*.conf in ...)
- fso-deviced 0.12.0-5
[wheezy] - fso-deviced <no-dsa> (Minor issue)
- fso-datad 0.12.0-3
@@ -120774,8 +120770,8 @@
- kfreebsd-9 <not-affected> (don't have newcons)
- kfreebsd-8 <not-affected> (don't have newcons)
NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-15:02.kmem.asc
-CVE-2014-0997
- RESERVED
+CVE-2014-0997 (WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android ...)
+ TODO: check
CVE-2014-0996
RESERVED
CVE-2014-0995 (The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier ...)
@@ -180026,10 +180022,10 @@
RESERVED
CVE-2010-3051
RESERVED
-CVE-2010-3050
- RESERVED
-CVE-2010-3049
- RESERVED
+CVE-2010-3050 (Cisco IOS before 12.2(33)SXI allows remote authenticated users to ...)
+ TODO: check
+CVE-2010-3049 (Cisco IOS before 12.2(33)SXI allows local users to cause a denial of ...)
+ TODO: check
CVE-2010-3048
RESERVED
CVE-2010-3047
More information about the Secure-testing-commits
mailing list