Author: sectracker
Date: 2017-05-01 09:10:13 +0000 (Mon, 01 May 2017)
New Revision: 51220
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-05-01 08:49:14 UTC (rev 51219)
+++ data/CVE/list 2017-05-01 09:10:13 UTC (rev 51220)
@@ -1,4 +1,124 @@
-CVE-2017-8342 [prone to timing oracles and simple bruteforce attacks]
+CVE-2017-8385 (Craft CMS before 2.6.2976 does not prevent modification of the
URL in a ...)
+ TODO: check
+CVE-2017-8384 (Craft CMS before 2.6.2976 allows XSS attacks because an array
returned ...)
+ TODO: check
+CVE-2017-8383 (Craft CMS before 2.6.2976 does not properly restrict viewing
the ...)
+ TODO: check
+CVE-2017-8382
+ RESERVED
+CVE-2017-8381
+ RESERVED
+CVE-2017-8380
+ RESERVED
+CVE-2017-8379
+ RESERVED
+CVE-2017-8378 (Heap-based buffer overflow in the PdfParser::ReadObjects
function in ...)
+ TODO: check
+CVE-2017-8377
+ RESERVED
+CVE-2017-8376
+ RESERVED
+CVE-2017-8375
+ RESERVED
+CVE-2017-8374 (The mad_bit_skip function in bit.c in Underbit MAD libmad
0.15.1b ...)
+ TODO: check
+CVE-2017-8373 (The mad_layer_III function in layer3.c in Underbit MAD libmad
0.15.1b ...)
+ TODO: check
+CVE-2017-8372 (The mad_layer_III function in layer3.c in Underbit MAD libmad
0.15.1b, ...)
+ TODO: check
+CVE-2017-8371 (Schneider Electric StruxureWare Data Center Expert before 7.4.0
uses ...)
+ TODO: check
+CVE-2017-8370
+ RESERVED
+CVE-2017-8369
+ RESERVED
+CVE-2017-8368
+ RESERVED
+CVE-2017-8367 (Buffer overflow in Ether Software Easy MOV Converter 1.4.24,
Easy DVD ...)
+ TODO: check
+CVE-2017-8366 (The strescape function in ec_strings.c in Ettercap 0.8.2 allows
remote ...)
+ TODO: check
+CVE-2017-8365 (The i2les_array function in pcm.c in libsndfile 1.0.28 allows
remote ...)
+ TODO: check
+CVE-2017-8364 (The read_buf function in stream.c in rzip 2.1 allows remote
attackers ...)
+ TODO: check
+CVE-2017-8363 (The flac_buffer_copy function in flac.c in libsndfile 1.0.28
allows ...)
+ TODO: check
+CVE-2017-8362 (The flac_buffer_copy function in flac.c in libsndfile 1.0.28
allows ...)
+ TODO: check
+CVE-2017-8361 (The flac_buffer_copy function in flac.c in libsndfile 1.0.28
allows ...)
+ TODO: check
+CVE-2017-8360
+ RESERVED
+CVE-2017-8359 (Google gRPC before 2017-03-29 has an out-of-bounds write caused
by a ...)
+ TODO: check
+CVE-2017-8358 (LibreOffice before 2017-03-17 has an out-of-bounds write caused
by a ...)
+ TODO: check
+CVE-2017-8357 (In ImageMagick 7.0.5-5, the ReadEPTImage function in ept.c
allows ...)
+ TODO: check
+CVE-2017-8356 (In ImageMagick 7.0.5-5, the ReadSUNImage function in sun.c
allows ...)
+ TODO: check
+CVE-2017-8355 (In ImageMagick 7.0.5-5, the ReadMTVImage function in mtv.c
allows ...)
+ TODO: check
+CVE-2017-8354 (In ImageMagick 7.0.5-5, the ReadBMPImage function in bmp.c
allows ...)
+ TODO: check
+CVE-2017-8353 (In ImageMagick 7.0.5-5, the ReadPICTImage function in pict.c
allows ...)
+ TODO: check
+CVE-2017-8352 (In ImageMagick 7.0.5-5, the ReadXWDImage function in xwd.c
allows ...)
+ TODO: check
+CVE-2017-8351 (In ImageMagick 7.0.5-5, the ReadPCDImage function in pcd.c
allows ...)
+ TODO: check
+CVE-2017-8350 (In ImageMagick 7.0.5-5, the ReadJNGImage function in png.c
allows ...)
+ TODO: check
+CVE-2017-8349 (In ImageMagick 7.0.5-5, the ReadSFWImage function in sfw.c
allows ...)
+ TODO: check
+CVE-2017-8348 (In ImageMagick 7.0.5-5, the ReadMATImage function in mat.c
allows ...)
+ TODO: check
+CVE-2017-8347 (In ImageMagick 7.0.5-5, the ReadEXRImage function in exr.c
allows ...)
+ TODO: check
+CVE-2017-8346 (In ImageMagick 7.0.5-5, the ReadDCMImage function in dcm.c
allows ...)
+ TODO: check
+CVE-2017-8345 (In ImageMagick 7.0.5-5, the ReadMNGImage function in png.c
allows ...)
+ TODO: check
+CVE-2017-8344 (In ImageMagick 7.0.5-5, the ReadPCXImage function in pcx.c
allows ...)
+ TODO: check
+CVE-2017-8343 (In ImageMagick 7.0.5-5, the ReadAAIImage function in aai.c
allows ...)
+ TODO: check
+CVE-2017-8341
+ RESERVED
+CVE-2017-8340
+ RESERVED
+CVE-2017-8339 (PSKMAD.sys in Panda Free Antivirus 18.0 allows local users to
cause a ...)
+ TODO: check
+CVE-2017-8338
+ RESERVED
+CVE-2017-8337
+ RESERVED
+CVE-2017-8336
+ RESERVED
+CVE-2017-8335
+ RESERVED
+CVE-2017-8334
+ RESERVED
+CVE-2017-8333
+ RESERVED
+CVE-2017-8332
+ RESERVED
+CVE-2017-8331
+ RESERVED
+CVE-2017-8330
+ RESERVED
+CVE-2017-8329
+ RESERVED
+CVE-2017-8328
+ RESERVED
+CVE-2016-10351 (Telegram Desktop 0.10.19 uses 0755 permissions for ...)
+ TODO: check
+CVE-2016-10350 (The archive_read_format_cab_read_header function in ...)
+ TODO: check
+CVE-2016-10349 (The archive_le32dec function in archive_endian.h in libarchive
3.2.2 ...)
+ TODO: check
+CVE-2017-8342 (Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to
timing ...)
- radicale 1.1.1+20160115-4 (bug #861514)
NOTE:
https://github.com/Kozea/Radicale/commit/190b1dd795f0c552a4992445a231da760211183b
(1.1.x)
NOTE:
https://github.com/Kozea/Radicale/commit/059ba8dec1f22ccbeab837e288b3833a099cee2d
(master)
@@ -558,8 +678,8 @@
RESERVED
CVE-2017-8082 (concrete5 8.1.0 has CSRF in Thumbnail Editor in the File
Manager, which ...)
NOT-FOR-US: concrete5
-CVE-2017-8081
- RESERVED
+CVE-2017-8081 (Poor cryptographic salt initialization in ...)
+ TODO: check
CVE-2017-8080
RESERVED
CVE-2010-5329 (The video_usercopy function in drivers/media/video/v4l2-ioctl.c
in the ...)
@@ -879,6 +999,7 @@
CVE-2017-7958
RESERVED
CVE-2017-7957 (XStream through 1.4.9, when a certain denyTypes workaround is
not used, ...)
+ {DLA-930-1}
- libxstream-java <unfixed> (bug #861521)
NOTE: https://x-stream.github.io/CVE-2017-7957.html
NOTE: Fixed by: https://github.com/x-stream/xstream/commit/b3570be
@@ -1610,8 +1731,8 @@
NOT-FOR-US: Easy WP SMTP WordPress plugin
CVE-2017-7722 (In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix
4, a menu ...)
NOT-FOR-US: SolarWinds
-CVE-2017-7721
- RESERVED
+CVE-2017-7721 (IrfanView version 4.44 (32bit) with FPX Plugin before 4.45 has
an ...)
+ TODO: check
CVE-2017-7720 (Buffer overflow in PrivateTunnel 2.7 and 2.8 allows local
attackers to ...)
NOT-FOR-US: PrivateTunnel
CVE-2017-7719 (SQL injection in the Spider Event Calendar (aka
spider-event-calendar) ...)
@@ -4871,10 +4992,10 @@
RESERVED
CVE-2017-6521
RESERVED
-CVE-2017-6520
- RESERVED
-CVE-2017-6519
- RESERVED
+CVE-2017-6520 (The Multicast DNS (mDNS) responder used in BOSE Soundtouch 30
...)
+ TODO: check
+CVE-2017-6519 (avahi-daemon in Avahi through 0.6.32 inadvertently responds to
IPv6 ...)
+ TODO: check
CVE-2017-6518 (Cross-site scripting (XSS) vulnerability in
/sanadata/seo/index.asp in ...)
NOT-FOR-US: SanaCMS
CVE-2017-6517 (Microsoft Skype 7.16.0.102 contains a vulnerability that could
allow ...)
@@ -25088,8 +25209,7 @@
NOTE: Fixed by:
https://git.kernel.org/linus/f5527fffff3f002b0a6b376163613b82f69de073
NOTE: Introduced by
https://git.kernel.org/linus/cdec9cb5167ab1113ba9c58e395f664d9d3f9acb (v3.3-rc1)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1343162 (not yet
opened)
-CVE-2016-8649 [lxc-attach to malicious container allows access to host]
- RESERVED
+CVE-2016-8649 (lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an
attacker ...)
- lxc 1:2.0.6-1 (bug #845465)
[jessie] - lxc 1:1.0.6-6+deb8u5
[wheezy] - lxc <no-dsa> (Minor issue)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
