[Secure-testing-commits] r56175 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Tue Sep 26 21:10:17 UTC 2017
Author: sectracker
Date: 2017-09-26 21:10:17 +0000 (Tue, 26 Sep 2017)
New Revision: 56175
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-09-26 20:53:08 UTC (rev 56174)
+++ data/CVE/list 2017-09-26 21:10:17 UTC (rev 56175)
@@ -1,3 +1,13 @@
+CVE-2017-14749 (JerryScript 1.0 allows remote attackers to cause a denial of service ...)
+ TODO: check
+CVE-2017-14748 (Race condition in Blizzard Overwatch 1.15.0.2 allows remote ...)
+ TODO: check
+CVE-2017-14747
+ RESERVED
+CVE-2017-14746
+ RESERVED
+CVE-2017-14745 (The *_get_synthetic_symtab functions in the Binary File Descriptor ...)
+ TODO: check
CVE-2017-XXXX [Git cvsserver OS Command Injection]
- git 1:2.14.2-1 (bug #876854)
[stretch] - git 1:2.11.0-3+deb9u2
@@ -91,6 +101,7 @@
- wordpress 4.8.2+dfsg-1 (bug #876274)
NOTE: https://core.trac.wordpress.org/changeset/41393
CVE-2017-14727 (logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash ...)
+ {DLA-1111-1}
- weechat 1.9.1-1 (bug #876553)
[stretch] - weechat <no-dsa> (Minor issue; requires a malicious IRC server)
[jessie] - weechat <no-dsa> (Minor issue; requires a malicious IRC server)
@@ -121,10 +132,10 @@
NOT-FOR-US: DenyAll WAF
CVE-2017-14705 (DenyAll WAF before 6.4.1 allows unauthenticated remote command ...)
NOT-FOR-US: DenyAll WAF
-CVE-2017-14704
- RESERVED
-CVE-2017-14703
- RESERVED
+CVE-2017-14704 (Multiple unrestricted file upload vulnerabilities in the (1) ...)
+ TODO: check
+CVE-2017-14703 (SQL injection vulnerability in Cash Back Comparison Script 1.0 allows ...)
+ TODO: check
CVE-2017-14702
RESERVED
CVE-2017-14701
@@ -391,8 +402,8 @@
NOTE: http://downloads.asterisk.org/pub/security/AST-2017-008.html
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27274
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27252
-CVE-2017-14602
- RESERVED
+CVE-2017-14602 (A vulnerability has been identified in the management interface of ...)
+ TODO: check
CVE-2017-14601 (Pragyan CMS v3.0 is vulnerable to a Boolean-based SQL injection in ...)
NOT-FOR-US: Pragyan CMS
CVE-2017-14600 (Pragyan CMS v3.0 is vulnerable to an Error-Based SQL injection in ...)
@@ -1888,7 +1899,7 @@
CVE-2017-14065
RESERVED
CVE-2017-14064 (Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can ...)
- {DSA-3966-1}
+ {DSA-3966-1 DLA-1114-1}
- ruby2.3 <unfixed> (bug #873906)
- ruby2.1 <removed>
- ruby1.9.1 <removed>
@@ -1989,6 +2000,7 @@
CVE-2017-14034
RESERVED
CVE-2017-14033 (The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, ...)
+ {DLA-1114-1}
- ruby2.3 <unfixed> (bug #875928)
- ruby2.1 <removed>
- ruby1.9.1 <removed>
@@ -4066,8 +4078,8 @@
NOTE: https://github.com/ImageMagick/ImageMagick/issues/676
CVE-2017-13130 (mcmnm in BMC Patrol allows local users to gain privileges via a crafted ...)
NOT-FOR-US: BMC Patrol
-CVE-2017-13129
- RESERVED
+CVE-2017-13129 (Cross-site request forgery (CSRF) vulnerability in ZKTeco ZKTime Web ...)
+ TODO: check
CVE-2017-13128
RESERVED
CVE-2017-13127
@@ -10197,7 +10209,7 @@
NOT-FOR-US: PHPMiniAdmin
CVE-2017-1000004 (ATutor version 2.2.1 and earlier are vulnerable to a SQL injection in ...)
NOT-FOR-US: ATutor
-CVE-2017-1000003 (ATutor versions 2.2.1 and earlier are vulnerable to a incorrect access ...)
+CVE-2017-1000003 (ATutor versions 2.2.1 and earlier are vulnerable to an incorrect ...)
NOT-FOR-US: ATutor
CVE-2017-1000002 (ATutor versions 2.2.1 and earlier are vulnerable to a directory ...)
NOT-FOR-US: ATutor
@@ -11193,6 +11205,7 @@
CVE-2017-10785
RESERVED
CVE-2017-10784 (The Basic authentication code in WEBrick library in Ruby before 2.2.8, ...)
+ {DLA-1114-1 DLA-1113-1}
- ruby2.3 <unfixed> (bug #875931)
- ruby2.1 <removed>
- ruby1.9.1 <removed>
@@ -28466,8 +28479,7 @@
- tcpdump 4.9.0-1
CVE-2017-5201
RESERVED
-CVE-2017-5200 [salt-api command execution]
- RESERVED
+CVE-2017-5200 (Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, ...)
- salt 2016.11.2+ds-1
[jessie] - salt <not-affected> (Vulnerable code not present)
NOTE: https://github.com/saltstack/salt/compare/c0e5a1171d7ce2ba8747a971c024632e0d96d848~1...97b0f64923bc5382531b931625267a3c30d2f17e
@@ -28573,8 +28585,7 @@
NOT-FOR-US: SolarWinds LEM
CVE-2017-5197 (There is XSS in SilverStripe CMS before 3.4.4 and 3.5.x before 3.5.2. ...)
NOT-FOR-US: SilverStripe
-CVE-2017-5192 [local_batch client external authentication not respected]
- RESERVED
+CVE-2017-5192 (When using the local_batch client from salt-api in SaltStack Salt ...)
- salt 2016.11.2+ds-1
[jessie] - salt <not-affected> (Vulnerable code not present)
CVE-2017-5191 (An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 ...)
@@ -38190,8 +38201,8 @@
RESERVED
CVE-2017-1540
RESERVED
-CVE-2017-1539
- RESERVED
+CVE-2017-1539 (IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to ...)
+ TODO: check
CVE-2017-1538
RESERVED
CVE-2017-1537
@@ -38206,16 +38217,16 @@
RESERVED
CVE-2017-1532
RESERVED
-CVE-2017-1531
- RESERVED
-CVE-2017-1530
- RESERVED
+CVE-2017-1531 (IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to ...)
+ TODO: check
+CVE-2017-1530 (IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to ...)
+ TODO: check
CVE-2017-1529
RESERVED
CVE-2017-1528
RESERVED
-CVE-2017-1527
- RESERVED
+CVE-2017-1527 (IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to a XML ...)
+ TODO: check
CVE-2017-1526
RESERVED
CVE-2017-1525
@@ -38418,8 +38429,8 @@
NOT-FOR-US: IBM
CVE-2017-1426
RESERVED
-CVE-2017-1425
- RESERVED
+CVE-2017-1425 (IBM Business Process Manager 8.0.1.1 and 8.5.7 is vulnerable to ...)
+ TODO: check
CVE-2017-1424 (IBM Business Process Manager 8.5.7 is vulnerable to cross-site ...)
NOT-FOR-US: IBM
CVE-2017-1423
@@ -39477,7 +39488,7 @@
NOTE: For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch
NOTE: For Ruby 2.2.7: https://bugs.ruby-lang.org/attachments/download/6690/rubygems-2613-ruby22.patch
CVE-2017-0901 (RubyGems version 2.6.12 and earlier fails to validate specification ...)
- {DSA-3966-1}
+ {DSA-3966-1 DLA-1114-1 DLA-1112-1}
- ruby2.3 <unfixed> (bug #873802)
- ruby2.1 <removed>
- ruby1.9.1 <removed>
@@ -39487,7 +39498,7 @@
NOTE: For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch
NOTE: For Ruby 2.2.7: https://bugs.ruby-lang.org/attachments/download/6690/rubygems-2613-ruby22.patch
CVE-2017-0900 (RubyGems version 2.6.12 and earlier is vulnerable to maliciously ...)
- {DSA-3966-1}
+ {DSA-3966-1 DLA-1114-1 DLA-1112-1}
- ruby2.3 <unfixed> (bug #873802)
- ruby2.1 <removed>
- ruby1.9.1 <removed>
@@ -39497,7 +39508,7 @@
NOTE: For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch
NOTE: For Ruby 2.2.7: https://bugs.ruby-lang.org/attachments/download/6690/rubygems-2613-ruby22.patch
CVE-2017-0899 (RubyGems version 2.6.12 and earlier is vulnerable to maliciously ...)
- {DSA-3966-1}
+ {DSA-3966-1 DLA-1114-1}
- ruby2.3 <unfixed> (unimportant; bug #873802)
- ruby2.1 <removed> (unimportant)
- ruby1.9.1 <removed> (unimportant)
@@ -39508,6 +39519,7 @@
NOTE: For Ruby 2.2.7: https://bugs.ruby-lang.org/attachments/download/6690/rubygems-2613-ruby22.patch
NOTE: Not considered a vulnerability per se, if this affects a terminal emulator it's a bug there
CVE-2017-0898 (Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious ...)
+ {DLA-1114-1 DLA-1113-1}
- ruby2.3 <unfixed> (bug #875936)
- ruby2.1 <removed>
- ruby1.9.1 <removed>
@@ -75835,8 +75847,8 @@
NOTE: Possibility of DoS vs. usability issue for Email::Address
CVE-2015-7671
RESERVED
-CVE-2015-7670
- RESERVED
+CVE-2015-7670 (Multiple SQL injection vulnerabilities in includes/update.php in the ...)
+ TODO: check
CVE-2015-7669
RESERVED
CVE-2015-7668
@@ -76665,10 +76677,10 @@
NOT-FOR-US: BIG-IP
CVE-2015-7392 (Heap-based buffer overflow in the parse_string function in ...)
- freeswitch <itp> (bug #389591)
-CVE-2015-7391
- RESERVED
-CVE-2015-7390
- RESERVED
+CVE-2015-7391 (Multiple cross-site scripting (XSS) vulnerabilities in TestLink before ...)
+ TODO: check
+CVE-2015-7390 (SQL injection vulnerability in TestLink before 1.9.14 allows remote ...)
+ TODO: check
CVE-2015-7389
RESERVED
CVE-2015-7388
@@ -84096,8 +84108,7 @@
NOT-FOR-US: TickFa
CVE-2015-4675 (Buffer overflow in the Tiny SRP library (aka TinySRP) allows remote ...)
NOT-FOR-US: Tiny SRP
-CVE-2015-5070
- RESERVED
+CVE-2015-5070 (The (1) filesystem::get_wml_location function in filesystem.cpp and ...)
{DLA-297-1}
[experimental] - wesnoth-1.13 1:1.13.1-1
- wesnoth-1.12 1:1.12.4-1
@@ -84106,8 +84117,7 @@
[wheezy] - wesnoth-1.10 1:1.10.3-3+deb7u2
- wesnoth-1.8 <removed>
NOTE: https://github.com/wesnoth/wesnoth/commit/b2738ffb2fdd2550ececb74f76f75583c43c8b59
-CVE-2015-5069
- RESERVED
+CVE-2015-5069 (The (1) filesystem::get_wml_location function in filesystem.cpp and ...)
{DLA-297-1}
[experimental] - wesnoth-1.13 1:1.13.1-1
- wesnoth-1.12 1:1.12.4-1
@@ -88122,8 +88132,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2015/07/07/5
CVE-2015-3249
RESERVED
-CVE-2015-3248
- RESERVED
+CVE-2015-3248 (openhpi/Makefile.am in OpenHPI before 3.6.0 uses world-writable ...)
- openhpi <not-affected> (Only affects RPM packaging, in Debian directory is not world-writable, bug #789543)
CVE-2015-3247 (Race condition in the worker_update_monitors_config function in SPICE ...)
{DSA-3354-1}
@@ -96129,8 +96138,8 @@
NOT-FOR-US: Saurus CMS
CVE-2015-0875 (The Ogaki Kyoritsu Bank Smartphone Passbook application 1.0.0 for ...)
NOT-FOR-US: Ogaki Kyoritsu Bank Smartphone Passbook application for Android
-CVE-2015-0874
- RESERVED
+CVE-2015-0874 (Smartphone Passbook 1.0.0 does not verify X.509 certificates from SSL ...)
+ TODO: check
CVE-2015-0873 (Cross-site scripting (XSS) vulnerability in Homepage Decorator ...)
NOT-FOR-US: PerlTreeBBS
CVE-2015-0872
More information about the Secure-testing-commits
mailing list