[Secure-testing-commits] r56146 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Tue Sep 26 09:10:31 UTC 2017 

Author: sectracker
Date: 2017-09-26 09:10:30 +0000 (Tue, 26 Sep 2017)
New Revision: 56146

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-09-26 06:55:34 UTC (rev 56145)
+++ data/CVE/list	2017-09-26 09:10:30 UTC (rev 56146)
@@ -1,3 +1,29 @@
+CVE-2017-14744 (UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element. ...)
+	TODO: check
+CVE-2017-14743 (Faleemi FSC-880 00.01.01.0048P2 devices allow unauthenticated SQL ...)
+	TODO: check
+CVE-2017-14742
+	RESERVED
+CVE-2017-14741 (The ReadCAPTIONImage function in coders/caption.c in ImageMagick ...)
+	TODO: check
+CVE-2017-14740
+	RESERVED
+CVE-2017-14739 (The AcquireResampleFilterThreadSet function in ...)
+	TODO: check
+CVE-2017-14738
+	RESERVED
+CVE-2017-14737 (A cryptographic cache-based side channel in the RSA implementation in ...)
+	TODO: check
+CVE-2017-14736
+	RESERVED
+CVE-2017-14735 (OWASP AntiSamy through 1.5.7 allows XSS via HTML5 entities, as ...)
+	TODO: check
+CVE-2017-14734 (The build_msps function in libbpg.c in libbpg 0.9.7 allows remote ...)
+	TODO: check
+CVE-2017-14733 (ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE ...)
+	TODO: check
+CVE-2017-14732
+	RESERVED
 CVE-2017-14731 (ofx_proc_file in ofx_preproc.cpp in LibOFX 0.9.12 allows remote ...)
 	- libofx <unfixed>
 	NOTE: https://github.com/libofx/libofx/issues/10
@@ -1545,7 +1571,7 @@
 	NOTE: https://blogs.gentoo.org/ago/2017/08/16/openjpeg-heap-based-buffer-overflow-in-opj_mqc_flush-mqc-c/
 	NOTE: https://github.com/uclouvain/openjpeg/commit/afb308b9ccbe129608c9205cf3bb39bbefad90b9
 	NOTE: https://github.com/uclouvain/openjpeg/issues/982
-CVE-2017-1000252 [KVM denial of service with posted interrupts on Intel systems]
+CVE-2017-1000252 (The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS ...)
 	- linux 4.12.13-1
 	[stretch] - linux 4.9.30-2+deb9u5
 	[jessie] - linux <not-affected> (Vulnerable code not present)
@@ -1988,8 +2014,8 @@
 	RESERVED
 CVE-2017-14002
 	RESERVED
-CVE-2017-14001
-	RESERVED
+CVE-2017-14001 (An Improper Neutralization of Special Elements used in an OS Command ...)
+	TODO: check
 CVE-2017-14000
 	RESERVED
 CVE-2017-13999
@@ -7107,8 +7133,7 @@
 CVE-2017-12155
 	RESERVED
 	- tripleo-heat-templates <undetermined>
-CVE-2017-12154 [kvm: nVMX: L2 guest could access hardware(L0) CR8 register]
-	RESERVED
+CVE-2017-12154 (The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel ...)
 	{DSA-3981-1 DLA-1099-1}
 	- linux 4.12.13-1
 	NOTE: Fixed by: https://git.kernel.org/linus/51aa68e7d57e3217192d88ce90fd5b8ef29ec94f (v4.14-rc1)
@@ -53690,8 +53715,7 @@
 	- linux <not-affected> (Qualcomm-specific kernel patch)
 CVE-2016-5869
 	RESERVED
-CVE-2016-5868
-	RESERVED
+CVE-2016-5868 (drivers/net/ethernet/msm/rndis_ipa.c in the Qualcomm networking driver ...)
 	NOT-FOR-US: Qualcomm driver for Android
 CVE-2016-5867 (In a sound driver in Android for MSM, Firefox OS for MSM, QRD Android, ...)
 	NOT-FOR-US: Qualcomm driver for Android
@@ -73506,8 +73530,7 @@
 	[wheezy] - keepassx <no-dsa> (Minor issue)
 	[squeeze] - keepassx <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2015/11/30/4
-CVE-2015-8375
-	RESERVED
+CVE-2015-8375 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 9. ...)
 	NOT-FOR-US: PHP-Fusion
 CVE-2015-8368 (ntopng (aka ntop) before 2.2 allows remote authenticated users to ...)
 	- ntopng 2.2+dfsg1-1 (bug #816190)
@@ -73934,8 +73957,8 @@
 	NOT-FOR-US: Frontel
 CVE-2015-8252 (The Frontel protocol before 3 on RSI Video Technologies Videofied ...)
 	NOT-FOR-US: Frontel
-CVE-2015-8251
-	RESERVED
+CVE-2015-8251 (OpenStage 60 and OpenScape Desk Phone IP 55G SIP V3, OpenStage 15, ...)
+	TODO: check
 CVE-2015-8250
 	RESERVED
 CVE-2015-8249
@@ -75168,8 +75191,8 @@
 	NOTE: https://github.com/ntp-project/ntp/commit/c04c3d3d940dfe1a53132925c4f51aef017d2e0f
 CVE-2015-7847 (Huawei MBB (Mobile Broadband) product E3272s with software versions ...)
 	NOT-FOR-US: Huawei
-CVE-2015-7846
-	RESERVED
+CVE-2015-7846 (Huawei S7700, S9700, S9300 before V200R07C00SPC500, and AR200, AR1200, ...)
+	TODO: check
 CVE-2015-7845 (The exception handling mechanism in the CLI Module in Huawei eSpace ...)
 	NOT-FOR-US: Huawei
 CVE-2015-7844 (Huawei FusionAccess with software V100R005C10,V100R005C20 could allow ...)
@@ -75389,8 +75412,8 @@
 	NOT-FOR-US: ASUS
 CVE-2015-7786 (Cross-site scripting (XSS) vulnerability in the NTT DATA Smart ...)
 	NOT-FOR-US: NTT DATA
-CVE-2015-7785
-	RESERVED
+CVE-2015-7785 (GANMA! App for iOS does not verify SSL certificates. ...)
+	TODO: check
 CVE-2015-7784 (SQL injection vulnerability in the BOKUBLOCK (1) ...)
 	NOT-FOR-US: BOKUBLOCK
 CVE-2015-7783 (Cross-site scripting (XSS) vulnerability in Let's PHP! p++BBS before ...)
@@ -76174,8 +76197,7 @@
 	NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0062
 	NOTE: Keystone: <= 2015.1.2, >= 8.0.0 <= 8.0.1
 	NOTE: Keystonemiddleware: >= 1.5.0 <= 1.5.3, >= 1.6.0 <= 2.3.2
-CVE-2015-7544
-	RESERVED
+CVE-2015-7544 (redhat-support-plugin-rhev in Red Hat Enterprise Virtualization ...)
 	NOT-FOR-US: redhat-support-plugin-rhev
 CVE-2015-7543 (aRts 1.5.10 and kdelibs3 3.5.10 and earlier do not properly create ...)
 	{DLA-367-1 DLA-366-1}
@@ -76286,8 +76308,7 @@
 	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=de7db12fa04016e12dffb2b678632f45eba15ec4 (libgcrypt-1.6.5)
 	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=28eb424e4427b320ec1c9c4ce56af25d495230bd (libgcrypt-1.6.5)
 	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=88e1358962e902ff1cbec8d53ba3eee46407851a (master)
-CVE-2015-7510 [Stack overflow in nss-mymachines]
-	RESERVED
+CVE-2015-7510 (Stack-based buffer overflow in the getpwnam and getgrnam functions of ...)
 	- systemd 229-1
 	[jessie] - systemd <not-affected> (Vulnerable code introduced later, v223)
 	[wheezy] - systemd <not-affected> (Vulnerable code introduced later, v223)
@@ -76821,8 +76842,8 @@
 	NOTE: https://github.com/vesse/node-ldapauth-fork/issues/21
 	NOTE: https://github.com/vesse/node-ldapauth-fork/commit/3feea43e243698bcaeffa904a7324f4d96df60e4
 	NOTE: https://nodesecurity.io/advisories/19
-CVE-2015-7293
-	RESERVED
+CVE-2015-7293 (Multiple cross-site request forgery (CSRF) vulnerabilities in Zope ...)
+	TODO: check
 CVE-2015-7292 (Stack-based buffer overflow in the havok_write function in ...)
 	NOT-FOR-US: Amazon Fire OS
 CVE-2015-7291 (Cross-site request forgery (CSRF) vulnerability in adv_pwd_cgi in the ...)
@@ -78729,8 +78750,8 @@
 	RESERVED
 CVE-2015-6594
 	RESERVED
-CVE-2015-6592
-	RESERVED
+CVE-2015-6592 (Huawei UAP2105 before V300R012C00SPC160(BootRom) does not require ...)
+	TODO: check
 CVE-2015-6591
 	RESERVED
 CVE-2015-6590
@@ -81011,8 +81032,7 @@
 	[wheezy] - devscripts <not-affected> (Vulnerable code not present)
 	[squeeze] - devscripts <not-affected> (Vulnerable code not present)
 	NOTE: Introduced in https://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=025ad4ea8ba92d32bd698a83149f782c17f78bf0 (v2.15.5)
-CVE-2015-5704 [devscripts: licensecheck shell command injection]
-	RESERVED
+CVE-2015-5704 (scripts/licensecheck.pl in devscripts before 2.15.7 allows local users ...)
 	- devscripts 2.15.7 (bug #794260)
 	[jessie] - devscripts <not-affected> (Vulnerable code not present)
 	[wheezy] - devscripts <not-affected> (Vulnerable code not present)
@@ -81111,8 +81131,8 @@
 	[jessie] - libhtml-scrubber-perl 0.11-1+deb8u1
 	[wheezy] - libhtml-scrubber-perl 0.09-1+deb7u1
 	NOTE: Upstream fix: https://github.com/nigelm/html-scrubber/commit/e1978cc37867e85c06a84a4651745235010cd6cd
-CVE-2015-5666
-	RESERVED
+CVE-2015-5666 (ANA App for Android 3.1.1 and earlier, and ANA App for iOS 3.3.6 and ...)
+	TODO: check
 CVE-2015-5665 (Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE ...)
 	NOT-FOR-US: LOCKON
 CVE-2015-5664 (Cross-site scripting (XSS) vulnerability in File Station in QNAP QTS ...)
@@ -82056,8 +82076,7 @@
 	- tripleo-heat-templates 5.2.0-1 (bug #851396)
 CVE-2015-5328
 	RESERVED
-CVE-2015-5327 [User triggerable out-of-bounds read]
-	RESERVED
+CVE-2015-5327 (Out-of-bounds memory read in the x509_decode_time function in ...)
 	- linux <not-affected> (Only affected 4.3-rc1 onwards)
 	- linux-2.6 <not-affected> (Only affected 4.3-rc1 onwards)
 	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cc25b994acfbc901429da682d0f73c190e960206 (v4.4-rc1)
@@ -82344,8 +82363,7 @@
 	- moodle 2.7.10+dfsg-1 (bug #799634)
 	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
 	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50516
-CVE-2015-5263
-	RESERVED
+CVE-2015-5263 (pulp-consumer-client 2.4.0 through 2.6.3 does not check the server's ...)
 	NOT-FOR-US: Pulp (Red Hat)
 CVE-2015-5262 (http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents ...)
 	{DLA-322-1}
@@ -82648,17 +82666,13 @@
 	NOTE: https://fedorahosted.org/audit/changeset/1122
 CVE-2015-5185 (The lookupProviders function in providerMgr.c in sblim-sfcb 1.3.4 and ...)
 	- sblim-sfcb <itp> (bug #754493)
-CVE-2015-5184
-	RESERVED
+CVE-2015-5184 (The Hawtio console in A-MQ allows remote attackers to obtain sensitive ...)
 	NOT-FOR-US: A-MQ's Hawtio console
-CVE-2015-5183
-	RESERVED
+CVE-2015-5183 (The Hawtio console in A-MQ does not set HTTPOnly or Secure attributes ...)
 	NOT-FOR-US: A-MQ's Hawtio console
-CVE-2015-5182
-	RESERVED
+CVE-2015-5182 (Cross-site request forgery (CSRF) vulnerability in the jolokia API in ...)
 	NOT-FOR-US: A-MQ's Hawtio console
-CVE-2015-5181
-	RESERVED
+CVE-2015-5181 (The JBoss console in A-MQ allows remote attackers to execute arbitrary ...)
 	NOT-FOR-US: A-MQ's Hawtio console
 CVE-2015-5180 (res_query in libresolv in glibc before 2.25 allows remote attackers to ...)
 	- glibc 2.24-9 (low; bug #796106)
@@ -82697,8 +82711,7 @@
 	RESERVED
 CVE-2015-5170
 	RESERVED
-CVE-2015-5169
-	RESERVED
+CVE-2015-5169 (Cross-site scripting (XSS) vulnerability in Apache Struts before ...)
 	- libstruts1.2-java <not-affected> (Affects 2.0.0 - 2.3.16.3)
 CVE-2015-5168 (Unspecified vulnerability in the HTTP/2 experimental feature in Apache ...)
 	- trafficserver 6.0.0-1
@@ -90823,8 +90836,7 @@
 	- inspircd 2.0.16-1 (bug #780880)
 	NOTE: Correct fix: https://github.com/inspircd/inspircd/commit/ed28c1ba666b39581adb860bf51cdde43c84cc89
 	NOTE: http://www.openwall.com/lists/oss-security/2015/03/29/5
-CVE-2012-6696 [mishandling of unsigned values]
-	RESERVED
+CVE-2012-6696 (inspircd in Debian before 2.0.7 does not properly handle unsigned ...)
 	{DSA-3226-1 DLA-276-1}
 	- inspircd 2.0.16-1 (bug #780880)
 	NOTE: Correct fix: https://github.com/inspircd/inspircd/commit/ed28c1ba666b39581adb860bf51cdde43c84cc89
@@ -161537,8 +161549,8 @@
 	NOT-FOR-US: Wordpress plugin
 CVE-2011-4668 (IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers ...)
 	NOT-FOR-US: Tivoli
-CVE-2011-4667
-	RESERVED
+CVE-2011-4667 (The encryption library in Cisco IOS Software 15.2(1)T, 15.2(1)T1, and ...)
+	TODO: check
 CVE-2011-4666
 	RESERVED
 CVE-2011-4665

More information about the Secure-testing-commits mailing list