[Secure-testing-commits] r56206 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Wed Sep 27 21:10:18 UTC 2017
Author: sectracker
Date: 2017-09-27 21:10:18 +0000 (Wed, 27 Sep 2017)
New Revision: 56206
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-09-27 20:32:48 UTC (rev 56205)
+++ data/CVE/list 2017-09-27 21:10:18 UTC (rev 56206)
@@ -1,3 +1,161 @@
+CVE-2017-14848
+ RESERVED
+CVE-2017-14847 (Mojoomla WPAMS Apartment Management System for WordPress allows SQL ...)
+ TODO: check
+CVE-2017-14846 (Mojoomla Hospital Management System for WordPress allows SQL Injection ...)
+ TODO: check
+CVE-2017-14845 (Mojoomla WPCHURCH Church Management System for WordPress allows SQL ...)
+ TODO: check
+CVE-2017-14844 (Mojoomla WPGYM WordPress Gym Management System allows SQL Injection via ...)
+ TODO: check
+CVE-2017-14843 (Mojoomla School Management System for WordPress allows SQL Injection ...)
+ TODO: check
+CVE-2017-14842 (Mojoomla SMSmaster Multipurpose SMS Gateway for WordPress allows SQL ...)
+ TODO: check
+CVE-2017-14841 (Mojoomla Annual Maintenance Contract (AMC) Management System allows ...)
+ TODO: check
+CVE-2017-14840 (TeamWork TicketPlus allows Arbitrary File Upload in updateProfile. ...)
+ TODO: check
+CVE-2017-14839 (TeamWork Photo Fusion allows Arbitrary File Upload in changeAvatar and ...)
+ TODO: check
+CVE-2017-14838 (TeamWork Job Links allows Arbitrary File Upload in profileChange and ...)
+ TODO: check
+CVE-2017-14837
+ RESERVED
+CVE-2017-14836
+ RESERVED
+CVE-2017-14835
+ RESERVED
+CVE-2017-14834
+ RESERVED
+CVE-2017-14833
+ RESERVED
+CVE-2017-14832
+ RESERVED
+CVE-2017-14831
+ RESERVED
+CVE-2017-14830
+ RESERVED
+CVE-2017-14829
+ RESERVED
+CVE-2017-14828
+ RESERVED
+CVE-2017-14827
+ RESERVED
+CVE-2017-14826
+ RESERVED
+CVE-2017-14825
+ RESERVED
+CVE-2017-14824
+ RESERVED
+CVE-2017-14823
+ RESERVED
+CVE-2017-14822
+ RESERVED
+CVE-2017-14821
+ RESERVED
+CVE-2017-14820
+ RESERVED
+CVE-2017-14819
+ RESERVED
+CVE-2017-14818
+ RESERVED
+CVE-2017-14817
+ RESERVED
+CVE-2017-14816
+ RESERVED
+CVE-2017-14815
+ RESERVED
+CVE-2017-14814
+ RESERVED
+CVE-2017-14813
+ RESERVED
+CVE-2017-14812
+ RESERVED
+CVE-2017-14811
+ RESERVED
+CVE-2017-14810
+ RESERVED
+CVE-2017-14809
+ RESERVED
+CVE-2017-14808
+ RESERVED
+CVE-2017-14807
+ RESERVED
+CVE-2017-14806
+ RESERVED
+CVE-2017-14805
+ RESERVED
+CVE-2017-14804
+ RESERVED
+CVE-2017-14803
+ RESERVED
+CVE-2017-14802
+ RESERVED
+CVE-2017-14801
+ RESERVED
+CVE-2017-14800
+ RESERVED
+CVE-2017-14799
+ RESERVED
+CVE-2017-14798
+ RESERVED
+CVE-2017-14797
+ RESERVED
+CVE-2017-14796 (The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote ...)
+ TODO: check
+CVE-2017-14795 (The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote ...)
+ TODO: check
+CVE-2017-14794
+ RESERVED
+CVE-2017-14793
+ RESERVED
+CVE-2017-14792
+ RESERVED
+CVE-2017-14791
+ RESERVED
+CVE-2017-14790
+ RESERVED
+CVE-2017-14789
+ RESERVED
+CVE-2017-14788
+ RESERVED
+CVE-2017-14787
+ RESERVED
+CVE-2017-14786
+ RESERVED
+CVE-2017-14785
+ RESERVED
+CVE-2017-14784
+ RESERVED
+CVE-2017-14783
+ RESERVED
+CVE-2017-14782
+ RESERVED
+CVE-2017-14781
+ RESERVED
+CVE-2017-14780
+ RESERVED
+CVE-2017-14779
+ RESERVED
+CVE-2017-14778
+ RESERVED
+CVE-2017-14777
+ RESERVED
+CVE-2017-14776
+ RESERVED
+CVE-2017-14775 (Laravel before 5.5.10 mishandles the remember_me token verification ...)
+ TODO: check
+CVE-2017-14774
+ RESERVED
+CVE-2017-14773
+ RESERVED
+CVE-2017-14772
+ RESERVED
+CVE-2017-14771
+ RESERVED
+CVE-2017-14770
+ RESERVED
CVE-2017-14769
RESERVED
CVE-2017-14768
@@ -386,8 +544,8 @@
[stretch] - golang-github-go-ldap-ldap <no-dsa> (Minor issue)
NOTE: https://github.com/go-ldap/ldap/pull/126
NOTE: https://github.com/go-ldap/ldap/commit/95ede1266b237bf8e9aa5dce0b3250e51bfefe66
-CVE-2017-14622
- RESERVED
+CVE-2017-14622 (Multiple cross-site scripting (XSS) vulnerabilities in the 2kb Amazon ...)
+ TODO: check
CVE-2017-14621 (Portus 2.2.0 has XSS via the Team field, related to typeahead. ...)
NOT-FOR-US: Portus
CVE-2017-14620
@@ -397,6 +555,7 @@
CVE-2017-14618 (Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ ...)
NOT-FOR-US: phpMyFAQ
CVE-2017-14617 (In Poppler 0.59.0, a floating point exception occurs in the ImageStream ...)
+ {DLA-1116-1}
- poppler <unfixed> (bug #876385)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102854
NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=939465c40902d72e0c05d4f3a27ee67e4a007ed7
@@ -622,14 +781,14 @@
- imagemagick <unfixed>
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2730
NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32560
-CVE-2017-14527
- RESERVED
-CVE-2017-14526
- RESERVED
-CVE-2017-14525
- RESERVED
-CVE-2017-14524
- RESERVED
+CVE-2017-14527 (Multiple XML external entity (XXE) vulnerabilities in the OpenText ...)
+ TODO: check
+CVE-2017-14526 (Multiple XML external entity (XXE) vulnerabilities in the OpenText ...)
+ TODO: check
+CVE-2017-14525 (Multiple open redirect vulnerabilities in OpenText Documentum Webtop ...)
+ TODO: check
+CVE-2017-14524 (Multiple open redirect vulnerabilities in OpenText Documentum ...)
+ TODO: check
CVE-2017-14523
RESERVED
CVE-2017-14522
@@ -644,6 +803,7 @@
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102719
NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=504b3590182175390f474657a372e78fb1508262
CVE-2017-14519 (In Poppler 0.59.0, memory corruption occurs in a call to ...)
+ {DLA-1116-1}
- poppler <unfixed> (bug #876086)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102701
NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=aaf5327649e8f7371c9d3270e7813c43ddfd47ee
@@ -655,6 +815,7 @@
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102688
NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=80f9819b6233f9f9b5fd44f0e4cad026e5d048c2
CVE-2017-14517 (In Poppler 0.59.0, a NULL Pointer Dereference exists in the ...)
+ {DLA-1116-1}
- poppler <unfixed> (low; bug #876079)
[stretch] - poppler <no-dsa> (Minor issue)
[jessie] - poppler <no-dsa> (Minor issue)
@@ -3032,8 +3193,8 @@
RESERVED
CVE-2017-13677
RESERVED
-CVE-2017-13676
- RESERVED
+CVE-2017-13676 (Norton Remove & Reinstall can be susceptible to a DLL preloading ...)
+ TODO: check
CVE-2017-13675
RESERVED
CVE-2017-13674 (Symantec ProxyClient 3.4 for Windows is susceptible to a privilege ...)
@@ -5597,8 +5758,7 @@
NOT-FOR-US: Kaspersky Internet Security for Android
CVE-2017-12815
RESERVED
-CVE-2017-12814 [$ENV{$key} stack buffer overflow on Windows]
- RESERVED
+CVE-2017-12814 (Stack-based buffer overflow in the CPerlHost::Add method in ...)
- perl <not-affected> (Windows specific issue)
NOTE: https://rt.perl.org/Public/Bug/Display.html?id=131665 (not yet public)
CVE-2017-12813
@@ -6134,8 +6294,7 @@
RESERVED
CVE-2017-12622
RESERVED
-CVE-2017-12621
- RESERVED
+CVE-2017-12621 (During Jelly (xml) file parsing with Apache Xerces, if a custom ...)
- jenkins-commons-jelly <undetermined>
NOTE: http://www.openwall.com/lists/oss-security/2017/09/27/6
CVE-2017-12620
@@ -9918,8 +10077,8 @@
NOT-FOR-US: Pulse Connect Secure
CVE-2017-11192
RESERVED
-CVE-2017-11191
- RESERVED
+CVE-2017-11191 (FreeIPA 4.x with API version 2.213 allows a remote authenticated users ...)
+ TODO: check
CVE-2017-11190 (unrarlib.c in unrar-free 0.0.1, when _DEBUG_LOG mode is enabled, might ...)
- unrar-free <unfixed> (unimportant)
NOTE: Affected debug code not enabled
@@ -10329,10 +10488,10 @@
RESERVED
CVE-2017-11122
RESERVED
-CVE-2017-11121
- RESERVED
-CVE-2017-11120
- RESERVED
+CVE-2017-11121 (On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, ...)
+ TODO: check
+CVE-2017-11120 (On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, ...)
+ TODO: check
CVE-2017-11119 (The chk_mem_access function in cpu/nes6502/nes6502.c in libnosefart.a ...)
- xine-lib-1.2 <not-affected> (it is built with --disable-nosefart)
- xine-lib <not-affected> (it is built with --disable-nosefart)
@@ -10931,8 +11090,8 @@
RESERVED
CVE-2017-10933
RESERVED
-CVE-2017-10932
- RESERVED
+CVE-2017-10932 (All versions prior to V12.17.20 of the ZTE Microwave NR8000 series ...)
+ TODO: check
CVE-2017-10931 (The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download ...)
NOT-FOR-US: ZXR10 1800-2S
CVE-2017-10930 (The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a ...)
@@ -36158,8 +36317,8 @@
RESERVED
CVE-2017-2552
RESERVED
-CVE-2017-2551
- RESERVED
+CVE-2017-2551 (Vulnerability in Wordpress plugin BackWPup before v3.4.2 allows ...)
+ TODO: check
CVE-2017-2550 (Vulnerability in Easy Joomla Backup v3.2.4. The software creates a ...)
NOT-FOR-US: Easy Joomla Backup
CVE-2017-2549 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
@@ -38164,8 +38323,8 @@
RESERVED
CVE-2017-1592
RESERVED
-CVE-2017-1591
- RESERVED
+CVE-2017-1591 (IBM WebSphere DataPower Appliances 7.0.0 through 7.6 is vulnerable to ...)
+ TODO: check
CVE-2017-1590
RESERVED
CVE-2017-1589
@@ -38192,8 +38351,8 @@
RESERVED
CVE-2017-1578
RESERVED
-CVE-2017-1577
- RESERVED
+CVE-2017-1577 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote ...)
+ TODO: check
CVE-2017-1576
RESERVED
CVE-2017-1575
@@ -38380,8 +38539,8 @@
NOT-FOR-US: IBM
CVE-2017-1484
RESERVED
-CVE-2017-1483
- RESERVED
+CVE-2017-1483 (IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an ...)
+ TODO: check
CVE-2017-1482
RESERVED
CVE-2017-1481
@@ -38532,8 +38691,8 @@
RESERVED
CVE-2017-1408
RESERVED
-CVE-2017-1407
- RESERVED
+CVE-2017-1407 (IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could ...)
+ TODO: check
CVE-2017-1406
RESERVED
CVE-2017-1405
@@ -74099,8 +74258,8 @@
TODO: check
CVE-2015-8250
RESERVED
-CVE-2015-8249
- RESERVED
+CVE-2015-8249 (The FileUploadServlet class in ManageEngine Desktop Central 9 before ...)
+ TODO: check
CVE-2015-8248
REJECTED
CVE-2015-8247 (Cross-site scripting (XSS) vulnerability in synnefoclient in Synnefo ...)
@@ -76851,8 +77010,8 @@
RESERVED
CVE-2015-7350
RESERVED
-CVE-2015-7349
- RESERVED
+CVE-2015-7349 (Cross-site scripting (XSS) vulnerability in the sample feedback.inc ...)
+ TODO: check
CVE-2015-7348 (Cross-site scripting (XSS) vulnerability in zTree 3.5.19.1 and ...)
NOT-FOR-US: zTree
CVE-2015-7347 (Cross-site scripting (XSS) vulnerability in ZCMS JavaServer Pages ...)
@@ -77054,8 +77213,8 @@
NOT-FOR-US: ZTE modems
CVE-2015-7257 (ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and ...)
NOT-FOR-US: ZTE modems
-CVE-2015-7256
- RESERVED
+CVE-2015-7256 (ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, NWA1123-NI Access ...)
+ TODO: check
CVE-2015-7255 (ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, ...)
NOT-FOR-US: ZTE
CVE-2015-7254 (Directory traversal vulnerability on Huawei HG532e, HG532n, and HG532s ...)
@@ -81379,8 +81538,8 @@
REJECTED
CVE-2015-5614
REJECTED
-CVE-2015-5613
- RESERVED
+CVE-2015-5613 (Cross-site scripting (XSS) vulnerability in October CMS build 271 and ...)
+ TODO: check
CVE-2015-5612 (Cross-site scripting (XSS) vulnerability in October CMS build 271 and ...)
NOT-FOR-US: October CMS
CVE-2015-5623 (WordPress before 4.2.3 does not properly verify the edit_posts ...)
@@ -81796,8 +81955,7 @@
NOTE: https://github.com/ipython/ipython/commit/1415a9710407e7c14900531813c15ba6165f0816 (3.x)
NOTE: Affected versions: 0.12 <= version <= 3.2.0
NOTE: http://www.openwall.com/lists/oss-security/2015/07/12/4
-CVE-2014-8878 [kmail: Attachments are not encrypted when "automatic encryption" is selected]
- RESERVED
+CVE-2014-8878 (KDE KMail does not encrypt attachments in emails when "automatic ...)
- kdepim 4:4.14.5-1 (bug #791800)
[jessie] - kdepim <no-dsa> (Minor issue)
[wheezy] - kdepim <no-dsa> (Minor issue)
@@ -87111,8 +87269,8 @@
NOTE: https://github.com/zeromq/libzmq/issues/1273
NOTE: https://github.com/zeromq/zeromq4-x/commit/b6e3e0f601e2c1ec1f3aac880ed6a3fe63043e51
NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/8
-CVE-2015-3643
- RESERVED
+CVE-2015-3643 (usb-creator before 0.2.38.3ubuntu0.1 on Ubuntu 12.04 LTS, before ...)
+ TODO: check
CVE-2015-3642 (The TLS and DTLS processing functionality in Citrix NetScaler ...)
NOT-FOR-US: Citrix
CVE-2015-3641
@@ -88703,8 +88861,7 @@
RESERVED
CVE-2015-3139
RESERVED
-CVE-2015-3138
- RESERVED
+CVE-2015-3138 (print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a ...)
- tcpdump <not-affected> (Introduced in 4.7)
NOTE: https://github.com/the-tcpdump-group/tcpdump/issues/446
NOTE: Fixed by: https://github.com/the-tcpdump-group/tcpdump/commit/3ed82f4ed0095768529afc22b923c8f7171fff70
@@ -91982,8 +92139,8 @@
[wheezy] - ecryptfs-utils <no-dsa> (Minor issue)
[squeeze] - ecryptfs-utils <no-dsa> (Minor issue)
NOTE: http://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/839
-CVE-2014-9686
- RESERVED
+CVE-2014-9686 (The Googlemaps plugin 3.2 and earlier for Joomla! allows remote ...)
+ TODO: check
CVE-2013-7433 (Cross-site scripting (XSS) vulnerability in the Googlemaps plugin ...)
NOT-FOR-US: Googlemaps plugin for Joomla!
CVE-2013-7432 (The Googlemaps plugin before 3.1 for Joomla! allows remote attackers ...)
@@ -93492,8 +93649,8 @@
NOT-FOR-US: libstagefright in Android
CVE-2015-1538 (Integer overflow in the SampleTable::setSampleToChunkParams function ...)
NOT-FOR-US: libstagefright in Android
-CVE-2015-1537
- RESERVED
+CVE-2015-1537 (Integer overflow in IHDCP.cpp in the media_server component in Android ...)
+ TODO: check
CVE-2015-1536 (Integer overflow in the Bitmap_createFromParcel function in ...)
NOT-FOR-US: Android
CVE-2015-1535
@@ -93514,8 +93671,8 @@
NOT-FOR-US: Android
CVE-2015-1527 (Integer overflow in IAudioPolicyService.cpp in Android allows local ...)
NOT-FOR-US: Android
-CVE-2015-1526
- RESERVED
+CVE-2015-1526 (The media_server component in Android allows remote attackers to cause ...)
+ TODO: check
CVE-2015-1525
RESERVED
CVE-2015-1524
@@ -94315,8 +94472,7 @@
NOTE: add it, as we have an explicit (bug) reference for apport
CVE-2015-1337 (Simple Streams (simplestreams) does not properly verify the GPG ...)
NOT-FOR-US: simplestreams
-CVE-2015-1336 [TOCTOU bug when processing catman pages]
- RESERVED
+CVE-2015-1336 (The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in ...)
- man-db 2.7.6-1 (bug #840357)
[jessie] - man-db <no-dsa> (Minor issue)
[wheezy] - man-db <no-dsa> (Minor issue)
More information about the Secure-testing-commits
mailing list