Author: sectracker Date: 2017-05-01 09:10:13 +0000 (Mon, 01 May 2017) New Revision: 51220
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-05-01 08:49:14 UTC (rev 51219) +++ data/CVE/list 2017-05-01 09:10:13 UTC (rev 51220) @@ -1,4 +1,124 @@ -CVE-2017-8342 [prone to timing oracles and simple bruteforce attacks] +CVE-2017-8385 (Craft CMS before 2.6.2976 does not prevent modification of the URL in a ...) + TODO: check +CVE-2017-8384 (Craft CMS before 2.6.2976 allows XSS attacks because an array returned ...) + TODO: check +CVE-2017-8383 (Craft CMS before 2.6.2976 does not properly restrict viewing the ...) + TODO: check +CVE-2017-8382 + RESERVED +CVE-2017-8381 + RESERVED +CVE-2017-8380 + RESERVED +CVE-2017-8379 + RESERVED +CVE-2017-8378 (Heap-based buffer overflow in the PdfParser::ReadObjects function in ...) + TODO: check +CVE-2017-8377 + RESERVED +CVE-2017-8376 + RESERVED +CVE-2017-8375 + RESERVED +CVE-2017-8374 (The mad_bit_skip function in bit.c in Underbit MAD libmad 0.15.1b ...) + TODO: check +CVE-2017-8373 (The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b ...) + TODO: check +CVE-2017-8372 (The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b, ...) + TODO: check +CVE-2017-8371 (Schneider Electric StruxureWare Data Center Expert before 7.4.0 uses ...) + TODO: check +CVE-2017-8370 + RESERVED +CVE-2017-8369 + RESERVED +CVE-2017-8368 + RESERVED +CVE-2017-8367 (Buffer overflow in Ether Software Easy MOV Converter 1.4.24, Easy DVD ...) + TODO: check +CVE-2017-8366 (The strescape function in ec_strings.c in Ettercap 0.8.2 allows remote ...) + TODO: check +CVE-2017-8365 (The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote ...) + TODO: check +CVE-2017-8364 (The read_buf function in stream.c in rzip 2.1 allows remote attackers ...) + TODO: check +CVE-2017-8363 (The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows ...) + TODO: check +CVE-2017-8362 (The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows ...) + TODO: check +CVE-2017-8361 (The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows ...) + TODO: check +CVE-2017-8360 + RESERVED +CVE-2017-8359 (Google gRPC before 2017-03-29 has an out-of-bounds write caused by a ...) + TODO: check +CVE-2017-8358 (LibreOffice before 2017-03-17 has an out-of-bounds write caused by a ...) + TODO: check +CVE-2017-8357 (In ImageMagick 7.0.5-5, the ReadEPTImage function in ept.c allows ...) + TODO: check +CVE-2017-8356 (In ImageMagick 7.0.5-5, the ReadSUNImage function in sun.c allows ...) + TODO: check +CVE-2017-8355 (In ImageMagick 7.0.5-5, the ReadMTVImage function in mtv.c allows ...) + TODO: check +CVE-2017-8354 (In ImageMagick 7.0.5-5, the ReadBMPImage function in bmp.c allows ...) + TODO: check +CVE-2017-8353 (In ImageMagick 7.0.5-5, the ReadPICTImage function in pict.c allows ...) + TODO: check +CVE-2017-8352 (In ImageMagick 7.0.5-5, the ReadXWDImage function in xwd.c allows ...) + TODO: check +CVE-2017-8351 (In ImageMagick 7.0.5-5, the ReadPCDImage function in pcd.c allows ...) + TODO: check +CVE-2017-8350 (In ImageMagick 7.0.5-5, the ReadJNGImage function in png.c allows ...) + TODO: check +CVE-2017-8349 (In ImageMagick 7.0.5-5, the ReadSFWImage function in sfw.c allows ...) + TODO: check +CVE-2017-8348 (In ImageMagick 7.0.5-5, the ReadMATImage function in mat.c allows ...) + TODO: check +CVE-2017-8347 (In ImageMagick 7.0.5-5, the ReadEXRImage function in exr.c allows ...) + TODO: check +CVE-2017-8346 (In ImageMagick 7.0.5-5, the ReadDCMImage function in dcm.c allows ...) + TODO: check +CVE-2017-8345 (In ImageMagick 7.0.5-5, the ReadMNGImage function in png.c allows ...) + TODO: check +CVE-2017-8344 (In ImageMagick 7.0.5-5, the ReadPCXImage function in pcx.c allows ...) + TODO: check +CVE-2017-8343 (In ImageMagick 7.0.5-5, the ReadAAIImage function in aai.c allows ...) + TODO: check +CVE-2017-8341 + RESERVED +CVE-2017-8340 + RESERVED +CVE-2017-8339 (PSKMAD.sys in Panda Free Antivirus 18.0 allows local users to cause a ...) + TODO: check +CVE-2017-8338 + RESERVED +CVE-2017-8337 + RESERVED +CVE-2017-8336 + RESERVED +CVE-2017-8335 + RESERVED +CVE-2017-8334 + RESERVED +CVE-2017-8333 + RESERVED +CVE-2017-8332 + RESERVED +CVE-2017-8331 + RESERVED +CVE-2017-8330 + RESERVED +CVE-2017-8329 + RESERVED +CVE-2017-8328 + RESERVED +CVE-2016-10351 (Telegram Desktop 0.10.19 uses 0755 permissions for ...) + TODO: check +CVE-2016-10350 (The archive_read_format_cab_read_header function in ...) + TODO: check +CVE-2016-10349 (The archive_le32dec function in archive_endian.h in libarchive 3.2.2 ...) + TODO: check +CVE-2017-8342 (Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing ...) - radicale 1.1.1+20160115-4 (bug #861514) NOTE: https://github.com/Kozea/Radicale/commit/190b1dd795f0c552a4992445a231da760211183b (1.1.x) NOTE: https://github.com/Kozea/Radicale/commit/059ba8dec1f22ccbeab837e288b3833a099cee2d (master) @@ -558,8 +678,8 @@ RESERVED CVE-2017-8082 (concrete5 8.1.0 has CSRF in Thumbnail Editor in the File Manager, which ...) NOT-FOR-US: concrete5 -CVE-2017-8081 - RESERVED +CVE-2017-8081 (Poor cryptographic salt initialization in ...) + TODO: check CVE-2017-8080 RESERVED CVE-2010-5329 (The video_usercopy function in drivers/media/video/v4l2-ioctl.c in the ...) @@ -879,6 +999,7 @@ CVE-2017-7958 RESERVED CVE-2017-7957 (XStream through 1.4.9, when a certain denyTypes workaround is not used, ...) + {DLA-930-1} - libxstream-java <unfixed> (bug #861521) NOTE: https://x-stream.github.io/CVE-2017-7957.html NOTE: Fixed by: https://github.com/x-stream/xstream/commit/b3570be @@ -1610,8 +1731,8 @@ NOT-FOR-US: Easy WP SMTP WordPress plugin CVE-2017-7722 (In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu ...) NOT-FOR-US: SolarWinds -CVE-2017-7721 - RESERVED +CVE-2017-7721 (IrfanView version 4.44 (32bit) with FPX Plugin before 4.45 has an ...) + TODO: check CVE-2017-7720 (Buffer overflow in PrivateTunnel 2.7 and 2.8 allows local attackers to ...) NOT-FOR-US: PrivateTunnel CVE-2017-7719 (SQL injection in the Spider Event Calendar (aka spider-event-calendar) ...) @@ -4871,10 +4992,10 @@ RESERVED CVE-2017-6521 RESERVED -CVE-2017-6520 - RESERVED -CVE-2017-6519 - RESERVED +CVE-2017-6520 (The Multicast DNS (mDNS) responder used in BOSE Soundtouch 30 ...) + TODO: check +CVE-2017-6519 (avahi-daemon in Avahi through 0.6.32 inadvertently responds to IPv6 ...) + TODO: check CVE-2017-6518 (Cross-site scripting (XSS) vulnerability in /sanadata/seo/index.asp in ...) NOT-FOR-US: SanaCMS CVE-2017-6517 (Microsoft Skype 7.16.0.102 contains a vulnerability that could allow ...) @@ -25088,8 +25209,7 @@ NOTE: Fixed by: https://git.kernel.org/linus/f5527fffff3f002b0a6b376163613b82f69de073 NOTE: Introduced by https://git.kernel.org/linus/cdec9cb5167ab1113ba9c58e395f664d9d3f9acb (v3.3-rc1) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1343162 (not yet opened) -CVE-2016-8649 [lxc-attach to malicious container allows access to host] - RESERVED +CVE-2016-8649 (lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker ...) - lxc 1:2.0.6-1 (bug #845465) [jessie] - lxc 1:1.0.6-6+deb8u5 [wheezy] - lxc <no-dsa> (Minor issue) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits