Author: sectracker Date: 2017-05-05 09:10:17 +0000 (Fri, 05 May 2017) New Revision: 51350
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-05-05 07:31:27 UTC (rev 51349) +++ data/CVE/list 2017-05-05 09:10:17 UTC (rev 51350) @@ -1,3 +1,31 @@ +CVE-2017-8796 + RESERVED +CVE-2017-8795 + RESERVED +CVE-2017-8794 + RESERVED +CVE-2017-8793 + RESERVED +CVE-2017-8792 + RESERVED +CVE-2017-8791 + RESERVED +CVE-2017-8790 + RESERVED +CVE-2017-8789 + RESERVED +CVE-2017-8788 + RESERVED +CVE-2017-8787 (The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function in ...) + TODO: check +CVE-2017-8786 (pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of ...) + TODO: check +CVE-2017-8785 + RESERVED +CVE-2017-8784 + RESERVED +CVE-2017-8783 + RESERVED CVE-2017-8782 RESERVED CVE-2017-8781 @@ -31,8 +59,8 @@ RESERVED CVE-2017-8769 RESERVED -CVE-2017-8768 - RESERVED +CVE-2017-8768 (Atlassian SourceTree v2.5c and prior are affected by a command ...) + TODO: check CVE-2017-8767 RESERVED CVE-2017-8766 @@ -1707,12 +1735,12 @@ [jessie] - linux <not-affected> (Introduced in 4.9-rc1 in combination with VMAP_STACK) [wheezy] - linux <not-affected> (Introduced in 4.9-rc1 in combination with VMAP_STACK) NOTE: Fixed by: https://git.kernel.org/linus/67b0503db9c29b04eadfeede6bebbfe5ddad94ef -CVE-2017-8060 - RESERVED -CVE-2017-8059 - RESERVED -CVE-2017-8058 - RESERVED +CVE-2017-8060 (Acceptance of invalid/self-signed TLS certificates in "Panda Mobile ...) + TODO: check +CVE-2017-8059 (Acceptance of invalid/self-signed TLS certificates in "Foxit PDF - PDF ...) + TODO: check +CVE-2017-8058 (Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat ...) + TODO: check CVE-2017-8057 (In Joomla! 3.4.0 through 3.6.5 (fixed in 3.7.0), multiple files caused ...) NOT-FOR-US: Joomla CVE-2017-8056 (WatchGuard Fireware v11.12.1 and earlier mishandles requests referring ...) @@ -5910,8 +5938,8 @@ NOT-FOR-US: Agora-Project CVE-2017-6558 (iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n ...) NOT-FOR-US: iball Baton -CVE-2017-6557 - RESERVED +CVE-2017-6557 (SQL injection vulnerability in ArrayOS before AG 9.4.0.135, when the ...) + TODO: check CVE-2017-6556 (Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) ...) NOT-FOR-US: CMS Made Simple CVE-2017-6555 (Cross-site scripting (XSS) vulnerability in /admin/moduleinterface.php ...) @@ -7959,44 +7987,44 @@ [wheezy] - libarchive <no-dsa> (Minor issue, not reproducible in Debian) NOTE: https://github.com/libarchive/libarchive/issues/842 NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/42a3408ac7df1e69bea9ea12b72e14f59f7400c0 (v3.3.0) -CVE-2017-5919 - RESERVED -CVE-2017-5918 - RESERVED +CVE-2017-5919 (The 21st Century Insurance app 10.0.0 for iOS does not verify X.509 ...) + TODO: check +CVE-2017-5918 (The Banco de Costa Rica BCR Movil app 3.7 for iOS does not verify X.509 ...) + TODO: check CVE-2017-5917 - RESERVED -CVE-2017-5916 - RESERVED -CVE-2017-5915 - RESERVED -CVE-2017-5914 - RESERVED -CVE-2017-5913 - RESERVED -CVE-2017-5912 - RESERVED -CVE-2017-5911 - RESERVED + REJECTED +CVE-2017-5916 (The America's First Federal Credit Union (FCU) Mobile Banking app 3.1.0 ...) + TODO: check +CVE-2017-5915 (The Emirates NBD Bank P.J.S.C Emirates NBD KSA app 3.10.0 through ...) + TODO: check +CVE-2017-5914 (The DOT IT Banque Zitouna app 2.1 for iOS does not verify X.509 ...) + TODO: check +CVE-2017-5913 (The TradeKing Forex for iPhone app 1.2.1 for iOS does not verify X.509 ...) + TODO: check +CVE-2017-5912 (The FOREX.com FOREXTrader for iPhone app 2.9.12 through 2.9.14 for iOS ...) + TODO: check +CVE-2017-5911 (The Banco Santander Mexico SA Supermovil app 3.5 through 3.7 for iOS ...) + TODO: check CVE-2017-5910 RESERVED -CVE-2017-5909 - RESERVED +CVE-2017-5909 (The Electronic Funds Source (EFS) Mobile Driver Source app 2.5 for iOS ...) + TODO: check CVE-2017-5908 - RESERVED -CVE-2017-5907 - RESERVED -CVE-2017-5906 - RESERVED -CVE-2017-5905 - RESERVED + REJECTED +CVE-2017-5907 (The Great Southern Bank Great Southern Mobile Banking app before 4.0.4 ...) + TODO: check +CVE-2017-5906 (The Everyday Health Diabetes in Check: Blood Glucose & Carb Tracker app ...) + TODO: check +CVE-2017-5905 (The Dollar Bank Mobile app 2.6.3 for iOS does not verify X.509 ...) + TODO: check CVE-2017-5904 RESERVED CVE-2017-5903 RESERVED -CVE-2017-5902 - RESERVED -CVE-2017-5901 - RESERVED +CVE-2017-5902 (The PayQuicker app 1.0.0 for iOS does not verify X.509 certificates ...) + TODO: check +CVE-2017-5901 (The State Bank of India State Bank Anywhere app 5.1.0 for iOS does not ...) + TODO: check CVE-2017-5900 (Cross-site scripting (XSS) vulnerability in the NetComm NB16WV-02 ...) NOT-FOR-US: NetComm CVE-2017-5896 (Heap-based buffer overflow in the fz_subsample_pixmap function in ...) @@ -15990,10 +16018,10 @@ RESERVED CVE-2017-3214 RESERVED -CVE-2017-3213 - RESERVED -CVE-2017-3212 - RESERVED +CVE-2017-3213 (The Think Mutual Bank Mobile Banking app 3.1.5 for iOS does not verify ...) + TODO: check +CVE-2017-3212 (The Space Coast Credit Union Mobile app 2.2 for iOS and 2.1.0.1104 for ...) + TODO: check CVE-2017-3211 RESERVED CVE-2017-3210 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits