Author: sectracker Date: 2017-05-02 21:10:12 +0000 (Tue, 02 May 2017) New Revision: 51288
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-05-02 21:06:55 UTC (rev 51287) +++ data/CVE/list 2017-05-02 21:10:12 UTC (rev 51288) @@ -1,3 +1,103 @@ +CVE-2017-8452 + RESERVED +CVE-2017-8451 + RESERVED +CVE-2017-8450 + RESERVED +CVE-2017-8449 + RESERVED +CVE-2017-8448 + RESERVED +CVE-2017-8447 + RESERVED +CVE-2017-8446 + RESERVED +CVE-2017-8445 + RESERVED +CVE-2017-8444 + RESERVED +CVE-2017-8443 + RESERVED +CVE-2017-8442 + RESERVED +CVE-2017-8441 + RESERVED +CVE-2017-8440 + RESERVED +CVE-2017-8439 + RESERVED +CVE-2017-8438 + RESERVED +CVE-2017-8437 + RESERVED +CVE-2017-8436 + RESERVED +CVE-2017-8435 + RESERVED +CVE-2017-8434 + RESERVED +CVE-2017-8433 + RESERVED +CVE-2017-8432 + RESERVED +CVE-2017-8431 + RESERVED +CVE-2017-8430 + RESERVED +CVE-2017-8429 + RESERVED +CVE-2017-8428 + RESERVED +CVE-2017-8427 + RESERVED +CVE-2017-8426 + RESERVED +CVE-2017-8425 + RESERVED +CVE-2017-8424 + RESERVED +CVE-2017-8423 + RESERVED +CVE-2017-8422 + RESERVED +CVE-2017-8421 (The function coff_set_alignment_hook in coffcode.h in Binary File ...) + TODO: check +CVE-2017-8420 + RESERVED +CVE-2017-8419 (LAME through 3.99.5 relies on the signed integer data type for values ...) + TODO: check +CVE-2016-10366 + RESERVED +CVE-2016-10365 + RESERVED +CVE-2016-10364 + RESERVED +CVE-2016-10363 + RESERVED +CVE-2016-10362 + RESERVED +CVE-2016-10361 + RESERVED +CVE-2016-10360 + RESERVED +CVE-2016-10359 + RESERVED +CVE-2016-10358 + RESERVED +CVE-2016-10357 + RESERVED +CVE-2016-10356 + RESERVED +CVE-2016-10355 + RESERVED +CVE-2016-10354 + RESERVED +CVE-2016-10353 + RESERVED +CVE-2016-10352 + RESERVED +CVE-2015-9056 + RESERVED CVE-2017-XXXX [possible memory corruption via failsafe callback / XSA-215] - xen 4.8.0~rc3-1 (bug #861662) NOTE: https://xenbits.xen.org/xsa/advisory-215.html @@ -7,7 +107,7 @@ CVE-2017-XXXX [64bit PV guest breakout / XSA-213] - xen 4.8.1-1+deb9u1 (bug #861659) NOTE: https://xenbits.xen.org/xsa/advisory-213.html -CVE-2017-8418 [Insecure use of /tmp] +CVE-2017-8418 (RuboCop 0.48.1 and earlier does not use /tmp in safe way, allowing ...) - rubocop <unfixed> NOTE: https://github.com/bbatsov/rubocop/issues/4336 CVE-2017-8417 @@ -735,8 +835,7 @@ NOTE: https://github.com/roundcube/roundcubemail/commit/271426429bfbb5b63e6dec91b1e4780e8ef1c67e (1.0.x) CVE-2017-8113 RESERVED -CVE-2017-8112 [vmw_pvscsi: infinite loop in pvscsi_log2] - RESERVED +CVE-2017-8112 (hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allow local guest OS ...) - qemu <unfixed> (bug #861351) [wheezy] - qemu <not-affected> (Vulnerable code not present) - qemu-kvm <not-affected> (Vulnerable code not present) @@ -746,7 +845,7 @@ RESERVED CVE-2017-8110 (www.modified-shop.org modified eCommerce Shopsoftware 2.0.2.2 rev 10690 ...) NOT-FOR-US: modified eCommerce Shopsoftware -CVE-2017-8109 (The salt-ssh minion code in SaltStack Salt before 2016.11.4 copied over ...) +CVE-2017-8109 (The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 ...) - salt <unfixed> (bug #861219) [jessie] - salt <not-affected> (Vulnerable code not present) NOTE: https://github.com/saltstack/salt/issues/40075 @@ -802,8 +901,7 @@ RESERVED CVE-2017-8087 RESERVED -CVE-2017-8086 [9pfs: host memory leakage via v9pfs_list_xattr] - RESERVED +CVE-2017-8086 (Memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c in ...) - qemu <unfixed> (bug #861348) - qemu-kvm <removed> NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=4ffcdef4277a91af15a3c09f7d16af072c29f3f2 (v2.9.0-rc4) @@ -2544,8 +2642,7 @@ RESERVED CVE-2017-7484 RESERVED -CVE-2017-7483 [Integer Overflow in rxvt] - RESERVED +CVE-2017-7483 (Rxvt 2.7.10 is vulnerable to a denial of service attack by passing the ...) - rxvt <unfixed> (bug #861694) NOTE: http://www.openwall.com/lists/oss-security/2017/05/01/15 CVE-2017-7482 @@ -2565,8 +2662,7 @@ NOTE: http://www.openwall.com/lists/oss-security/2017/04/25/4 NOTE: Fixed by: https://git.kernel.org/linus/4d6fa57b4dab0d77f4d8e9d9c73d1e63f6fe8fee NOTE: Fixed by: https://git.kernel.org/linus/5294b83086cc1c35b4efeca03644cf9d12282e5b -CVE-2017-7476 [Out-of-bounds write by setting a large TZ variable] - RESERVED +CVE-2017-7476 (Gnulib before 2017-04-26 has a heap-based buffer overflow with the TZ ...) - gnulib <not-affected> (Vulnerable code introduced later) NOTE: Fixed by: http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=commitdiff;h=94e01571 NOTE: Introduced with 4bc76593 and 4e6e16b3f. @@ -2679,8 +2775,8 @@ RESERVED CVE-2017-7441 RESERVED -CVE-2017-7440 - RESERVED +CVE-2017-7440 (Kerio Connect 8.0.0 through 9.2.2, and Kerio Connect Client desktop ...) + TODO: check CVE-2017-7439 RESERVED CVE-2017-7438 @@ -3595,8 +3691,8 @@ NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2017-7217 (The Management Web Interface in Palo Alto Networks PAN-OS before ...) NOT-FOR-US: Palo Alto Networks PAN-OS -CVE-2017-7216 - RESERVED +CVE-2017-7216 (The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 ...) + TODO: check CVE-2016-10255 (The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils ...) - elfutils 0.168-0.2 (low) [jessie] - elfutils <no-dsa> (Minor issue) @@ -5128,8 +5224,8 @@ NOT-FOR-US: Quest One Identity Privilege Manager for Unix CVE-2017-6552 (Livebox 3 Sagemcom SG30_sip-fr-5.15.8.1 devices have an insufficiently ...) NOT-FOR-US: Livebox 3 Sagemcom -CVE-2017-6551 - RESERVED +CVE-2017-6551 (Pexip Infinity before 14.2 allows remote attackers to cause a denial ...) + TODO: check CVE-2017-6550 (Multiple SQL injection vulnerabilities in Kinsey Infor-Lawson ...) NOT-FOR-US: Kinsey Infor-Lawson CVE-2017-6549 (Session hijack vulnerability in httpd on ASUS RT-N56U, RT-N66U, ...) @@ -5371,8 +5467,7 @@ NOTE: Fixed in 2.7: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog?h=VER-2-7 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36 NOTE: Fixed by: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a660e3de422731b94d4a134d27555430cbb6fb39 (VER-2-7) -CVE-2016-10243 [arbitrary code execution] - RESERVED +CVE-2016-10243 (TeX Live allows remote attackers to execute arbitrary commands by ...) {DSA-3803-1 DLA-847-1} - texlive-bin <unfixed> (unimportant) - texlive-base 2016.20161130-1 @@ -7687,8 +7782,8 @@ RESERVED CVE-2017-5690 RESERVED -CVE-2017-5689 - RESERVED +CVE-2017-5689 (An unprivileged network attacker could gain system privileges to ...) + TODO: check CVE-2017-5688 RESERVED CVE-2017-5687 @@ -14255,6 +14350,7 @@ CVE-2017-3524 (Vulnerability in the PeopleSoft Enterprise SCM Strategic Sourcing ...) NOT-FOR-US: Oracle CVE-2017-3523 (Vulnerability in the MySQL Connectors component of Oracle MySQL ...) + {DSA-3840-1} - mysql-connector-java 5.1.41-1 NOTE: https://www.computest.nl/advisories/CT-2017-0425_MySQL-Connector-J.txt CVE-2017-3522 (Vulnerability in the PeopleSoft Enterprise SCM eSupplier Connection ...) @@ -34652,8 +34748,8 @@ NOT-FOR-US: Moxa CVE-2016-5811 (An issue was discovered in Visonic PowerLink2, all versions prior to ...) NOT-FOR-US: Visonic PowerLink -CVE-2016-5810 - RESERVED +CVE-2016-5810 (upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote ...) + TODO: check CVE-2016-5809 (An issue was discovered on Schneider Electric IONXXXX series power ...) NOT-FOR-US: Schneider CVE-2016-5808 @@ -37890,8 +37986,8 @@ NOT-FOR-US: Sierra Wireless GX 440 devices with ALEOS firmware CVE-2016-5064 RESERVED -CVE-2016-5063 - RESERVED +CVE-2016-5063 (The RSCD agent in BMC Server Automation before 8.6 SP1 Patch 2 and 8.7 ...) + TODO: check CVE-2016-5062 (The web server in Aternity before 9.0.1 does not require ...) NOT-FOR-US: Aternity CVE-2016-5061 (Multiple cross-site scripting (XSS) vulnerabilities in the web server ...) @@ -38007,8 +38103,8 @@ NOTE: Upstream bug: https://github.com/spring-projects/spring-security/issues/3964 NOTE: Mitigations exists in https://pivotal.io/security/cve-2016-5007 NOTE: Other (already unsupported) versions are affected as well by the issue -CVE-2016-5006 - RESERVED +CVE-2016-5006 (The Cloud Controller in Cloud Foundry before 239 logs user-provided ...) + TODO: check CVE-2016-5005 (Cross-site scripting (XSS) vulnerability in Apache Archiva 1.3.9 and ...) NOT-FOR-US: Apache Archiva CVE-2016-5004 @@ -39777,8 +39873,7 @@ NOT-FOR-US: Apache Archiva CVE-2016-4468 (SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; ...) NOT-FOR-US: Pivotal Cloud Foundry -CVE-2016-4467 [Failure to verify that the server host name matches the certificate host name on Windows] - RESERVED +CVE-2016-4467 (The C client and C-based client bindings in the Apache Qpid Proton ...) - qpid-proton <not-affected> (Windows-specific) CVE-2016-4466 RESERVED @@ -39855,8 +39950,8 @@ NOT-FOR-US: setroubleshoot CVE-2016-4443 (Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local ...) NOT-FOR-US: org.ovirt.engine-root / engine-setup (Red Hat) -CVE-2016-4442 - RESERVED +CVE-2016-4442 (The rack-mini-profiler gem before 0.10.1 for Ruby allows remote ...) + TODO: check CVE-2016-4441 (The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI ...) - qemu 1:2.6+dfsg-2 (bug #824856) [jessie] - qemu <no-dsa> (Minor issue; can be fixed along with a future DSA) @@ -54877,8 +54972,8 @@ RESERVED CVE-2015-8258 (AXIS Communications products with firmware through 5.80.x allow remote ...) NOT-FOR-US: AXIS Communications -CVE-2015-8257 - RESERVED +CVE-2015-8257 (The devtools.sh script in AXIS network cameras allows remote ...) + TODO: check CVE-2015-8256 (Multiple cross-site scripting (XSS) vulnerabilities in Axis network ...) NOT-FOR-US: Axis network cameras CVE-2015-8255 (AXIS Communications products allow CSRF, as demonstrated by ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits