Author: sectracker
Date: 2017-05-02 21:10:12 +0000 (Tue, 02 May 2017)
New Revision: 51288
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-05-02 21:06:55 UTC (rev 51287)
+++ data/CVE/list 2017-05-02 21:10:12 UTC (rev 51288)
@@ -1,3 +1,103 @@
+CVE-2017-8452
+ RESERVED
+CVE-2017-8451
+ RESERVED
+CVE-2017-8450
+ RESERVED
+CVE-2017-8449
+ RESERVED
+CVE-2017-8448
+ RESERVED
+CVE-2017-8447
+ RESERVED
+CVE-2017-8446
+ RESERVED
+CVE-2017-8445
+ RESERVED
+CVE-2017-8444
+ RESERVED
+CVE-2017-8443
+ RESERVED
+CVE-2017-8442
+ RESERVED
+CVE-2017-8441
+ RESERVED
+CVE-2017-8440
+ RESERVED
+CVE-2017-8439
+ RESERVED
+CVE-2017-8438
+ RESERVED
+CVE-2017-8437
+ RESERVED
+CVE-2017-8436
+ RESERVED
+CVE-2017-8435
+ RESERVED
+CVE-2017-8434
+ RESERVED
+CVE-2017-8433
+ RESERVED
+CVE-2017-8432
+ RESERVED
+CVE-2017-8431
+ RESERVED
+CVE-2017-8430
+ RESERVED
+CVE-2017-8429
+ RESERVED
+CVE-2017-8428
+ RESERVED
+CVE-2017-8427
+ RESERVED
+CVE-2017-8426
+ RESERVED
+CVE-2017-8425
+ RESERVED
+CVE-2017-8424
+ RESERVED
+CVE-2017-8423
+ RESERVED
+CVE-2017-8422
+ RESERVED
+CVE-2017-8421 (The function coff_set_alignment_hook in coffcode.h in Binary
File ...)
+ TODO: check
+CVE-2017-8420
+ RESERVED
+CVE-2017-8419 (LAME through 3.99.5 relies on the signed integer data type for
values ...)
+ TODO: check
+CVE-2016-10366
+ RESERVED
+CVE-2016-10365
+ RESERVED
+CVE-2016-10364
+ RESERVED
+CVE-2016-10363
+ RESERVED
+CVE-2016-10362
+ RESERVED
+CVE-2016-10361
+ RESERVED
+CVE-2016-10360
+ RESERVED
+CVE-2016-10359
+ RESERVED
+CVE-2016-10358
+ RESERVED
+CVE-2016-10357
+ RESERVED
+CVE-2016-10356
+ RESERVED
+CVE-2016-10355
+ RESERVED
+CVE-2016-10354
+ RESERVED
+CVE-2016-10353
+ RESERVED
+CVE-2016-10352
+ RESERVED
+CVE-2015-9056
+ RESERVED
CVE-2017-XXXX [possible memory corruption via failsafe callback / XSA-215]
- xen 4.8.0~rc3-1 (bug #861662)
NOTE: https://xenbits.xen.org/xsa/advisory-215.html
@@ -7,7 +107,7 @@
CVE-2017-XXXX [64bit PV guest breakout / XSA-213]
- xen 4.8.1-1+deb9u1 (bug #861659)
NOTE: https://xenbits.xen.org/xsa/advisory-213.html
-CVE-2017-8418 [Insecure use of /tmp]
+CVE-2017-8418 (RuboCop 0.48.1 and earlier does not use /tmp in safe way,
allowing ...)
- rubocop <unfixed>
NOTE: https://github.com/bbatsov/rubocop/issues/4336
CVE-2017-8417
@@ -735,8 +835,7 @@
NOTE:
https://github.com/roundcube/roundcubemail/commit/271426429bfbb5b63e6dec91b1e4780e8ef1c67e
(1.0.x)
CVE-2017-8113
RESERVED
-CVE-2017-8112 [vmw_pvscsi: infinite loop in pvscsi_log2]
- RESERVED
+CVE-2017-8112 (hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allow local
guest OS ...)
- qemu <unfixed> (bug #861351)
[wheezy] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <not-affected> (Vulnerable code not present)
@@ -746,7 +845,7 @@
RESERVED
CVE-2017-8110 (www.modified-shop.org modified eCommerce Shopsoftware 2.0.2.2
rev 10690 ...)
NOT-FOR-US: modified eCommerce Shopsoftware
-CVE-2017-8109 (The salt-ssh minion code in SaltStack Salt before 2016.11.4
copied over ...)
+CVE-2017-8109 (The salt-ssh minion code in SaltStack Salt 2016.11 before
2016.11.4 ...)
- salt <unfixed> (bug #861219)
[jessie] - salt <not-affected> (Vulnerable code not present)
NOTE: https://github.com/saltstack/salt/issues/40075
@@ -802,8 +901,7 @@
RESERVED
CVE-2017-8087
RESERVED
-CVE-2017-8086 [9pfs: host memory leakage via v9pfs_list_xattr]
- RESERVED
+CVE-2017-8086 (Memory leak in the v9fs_list_xattr function in
hw/9pfs/9p-xattr.c in ...)
- qemu <unfixed> (bug #861348)
- qemu-kvm <removed>
NOTE: Fixed by:
http://git.qemu.org/?p=qemu.git;a=commit;h=4ffcdef4277a91af15a3c09f7d16af072c29f3f2
(v2.9.0-rc4)
@@ -2544,8 +2642,7 @@
RESERVED
CVE-2017-7484
RESERVED
-CVE-2017-7483 [Integer Overflow in rxvt]
- RESERVED
+CVE-2017-7483 (Rxvt 2.7.10 is vulnerable to a denial of service attack by
passing the ...)
- rxvt <unfixed> (bug #861694)
NOTE: http://www.openwall.com/lists/oss-security/2017/05/01/15
CVE-2017-7482
@@ -2565,8 +2662,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2017/04/25/4
NOTE: Fixed by:
https://git.kernel.org/linus/4d6fa57b4dab0d77f4d8e9d9c73d1e63f6fe8fee
NOTE: Fixed by:
https://git.kernel.org/linus/5294b83086cc1c35b4efeca03644cf9d12282e5b
-CVE-2017-7476 [Out-of-bounds write by setting a large TZ variable]
- RESERVED
+CVE-2017-7476 (Gnulib before 2017-04-26 has a heap-based buffer overflow with
the TZ ...)
- gnulib <not-affected> (Vulnerable code introduced later)
NOTE: Fixed by:
http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=commitdiff;h=94e01571
NOTE: Introduced with 4bc76593 and 4e6e16b3f.
@@ -2679,8 +2775,8 @@
RESERVED
CVE-2017-7441
RESERVED
-CVE-2017-7440
- RESERVED
+CVE-2017-7440 (Kerio Connect 8.0.0 through 9.2.2, and Kerio Connect Client
desktop ...)
+ TODO: check
CVE-2017-7439
RESERVED
CVE-2017-7438
@@ -3595,8 +3691,8 @@
NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2017-7217 (The Management Web Interface in Palo Alto Networks PAN-OS
before ...)
NOT-FOR-US: Palo Alto Networks PAN-OS
-CVE-2017-7216
- RESERVED
+CVE-2017-7216 (The Management Web Interface in Palo Alto Networks PAN-OS
before 7.1.9 ...)
+ TODO: check
CVE-2016-10255 (The __libelf_set_rawdata_wrlock function in elf_getdata.c in
elfutils ...)
- elfutils 0.168-0.2 (low)
[jessie] - elfutils <no-dsa> (Minor issue)
@@ -5128,8 +5224,8 @@
NOT-FOR-US: Quest One Identity Privilege Manager for Unix
CVE-2017-6552 (Livebox 3 Sagemcom SG30_sip-fr-5.15.8.1 devices have an
insufficiently ...)
NOT-FOR-US: Livebox 3 Sagemcom
-CVE-2017-6551
- RESERVED
+CVE-2017-6551 (Pexip Infinity before 14.2 allows remote attackers to cause a
denial ...)
+ TODO: check
CVE-2017-6550 (Multiple SQL injection vulnerabilities in Kinsey Infor-Lawson
...)
NOT-FOR-US: Kinsey Infor-Lawson
CVE-2017-6549 (Session hijack vulnerability in httpd on ASUS RT-N56U, RT-N66U,
...)
@@ -5371,8 +5467,7 @@
NOTE: Fixed in 2.7:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog?h=VER-2-7
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36
NOTE: Fixed by:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a660e3de422731b94d4a134d27555430cbb6fb39
(VER-2-7)
-CVE-2016-10243 [arbitrary code execution]
- RESERVED
+CVE-2016-10243 (TeX Live allows remote attackers to execute arbitrary commands
by ...)
{DSA-3803-1 DLA-847-1}
- texlive-bin <unfixed> (unimportant)
- texlive-base 2016.20161130-1
@@ -7687,8 +7782,8 @@
RESERVED
CVE-2017-5690
RESERVED
-CVE-2017-5689
- RESERVED
+CVE-2017-5689 (An unprivileged network attacker could gain system privileges
to ...)
+ TODO: check
CVE-2017-5688
RESERVED
CVE-2017-5687
@@ -14255,6 +14350,7 @@
CVE-2017-3524 (Vulnerability in the PeopleSoft Enterprise SCM Strategic
Sourcing ...)
NOT-FOR-US: Oracle
CVE-2017-3523 (Vulnerability in the MySQL Connectors component of Oracle MySQL
...)
+ {DSA-3840-1}
- mysql-connector-java 5.1.41-1
NOTE:
https://www.computest.nl/advisories/CT-2017-0425_MySQL-Connector-J.txt
CVE-2017-3522 (Vulnerability in the PeopleSoft Enterprise SCM eSupplier
Connection ...)
@@ -34652,8 +34748,8 @@
NOT-FOR-US: Moxa
CVE-2016-5811 (An issue was discovered in Visonic PowerLink2, all versions
prior to ...)
NOT-FOR-US: Visonic PowerLink
-CVE-2016-5810
- RESERVED
+CVE-2016-5810 (upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows
remote ...)
+ TODO: check
CVE-2016-5809 (An issue was discovered on Schneider Electric IONXXXX series
power ...)
NOT-FOR-US: Schneider
CVE-2016-5808
@@ -37890,8 +37986,8 @@
NOT-FOR-US: Sierra Wireless GX 440 devices with ALEOS firmware
CVE-2016-5064
RESERVED
-CVE-2016-5063
- RESERVED
+CVE-2016-5063 (The RSCD agent in BMC Server Automation before 8.6 SP1 Patch 2
and 8.7 ...)
+ TODO: check
CVE-2016-5062 (The web server in Aternity before 9.0.1 does not require ...)
NOT-FOR-US: Aternity
CVE-2016-5061 (Multiple cross-site scripting (XSS) vulnerabilities in the web
server ...)
@@ -38007,8 +38103,8 @@
NOTE: Upstream bug:
https://github.com/spring-projects/spring-security/issues/3964
NOTE: Mitigations exists in https://pivotal.io/security/cve-2016-5007
NOTE: Other (already unsupported) versions are affected as well by the
issue
-CVE-2016-5006
- RESERVED
+CVE-2016-5006 (The Cloud Controller in Cloud Foundry before 239 logs
user-provided ...)
+ TODO: check
CVE-2016-5005 (Cross-site scripting (XSS) vulnerability in Apache Archiva
1.3.9 and ...)
NOT-FOR-US: Apache Archiva
CVE-2016-5004
@@ -39777,8 +39873,7 @@
NOT-FOR-US: Apache Archiva
CVE-2016-4468 (SQL injection vulnerability in Pivotal Cloud Foundry (PCF)
before 238; ...)
NOT-FOR-US: Pivotal Cloud Foundry
-CVE-2016-4467 [Failure to verify that the server host name matches the
certificate host name on Windows]
- RESERVED
+CVE-2016-4467 (The C client and C-based client bindings in the Apache Qpid
Proton ...)
- qpid-proton <not-affected> (Windows-specific)
CVE-2016-4466
RESERVED
@@ -39855,8 +39950,8 @@
NOT-FOR-US: setroubleshoot
CVE-2016-4443 (Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows
local ...)
NOT-FOR-US: org.ovirt.engine-root / engine-setup (Red Hat)
-CVE-2016-4442
- RESERVED
+CVE-2016-4442 (The rack-mini-profiler gem before 0.10.1 for Ruby allows remote
...)
+ TODO: check
CVE-2016-4441 (The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI
...)
- qemu 1:2.6+dfsg-2 (bug #824856)
[jessie] - qemu <no-dsa> (Minor issue; can be fixed along with a future
DSA)
@@ -54877,8 +54972,8 @@
RESERVED
CVE-2015-8258 (AXIS Communications products with firmware through 5.80.x allow
remote ...)
NOT-FOR-US: AXIS Communications
-CVE-2015-8257
- RESERVED
+CVE-2015-8257 (The devtools.sh script in AXIS network cameras allows remote
...)
+ TODO: check
CVE-2015-8256 (Multiple cross-site scripting (XSS) vulnerabilities in Axis
network ...)
NOT-FOR-US: Axis network cameras
CVE-2015-8255 (AXIS Communications products allow CSRF, as demonstrated by ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
