[Secure-testing-commits] r51421 - data/CVE

security tracker role Mon, 08 May 2017 14:10:31 -0700

Author: sectracker
Date: 2017-05-08 21:10:12 +0000 (Mon, 08 May 2017)
New Revision: 51421


Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-05-08 20:44:40 UTC (rev 51420)
+++ data/CVE/list       2017-05-08 21:10:12 UTC (rev 51421)
@@ -1,4 +1,40 @@
-CVE-2016-10369 [insecure use of /tmp for socket files]
+CVE-2017-8851
+       RESERVED
+CVE-2017-8850
+       RESERVED
+CVE-2017-8849
+       RESERVED
+CVE-2017-8848 (Allen Disk 1.6 has CSRF in setpass.php with an impact of 
changing a ...)
+       TODO: check
+CVE-2017-8847 (The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so 
in ...)
+       TODO: check
+CVE-2017-8846 (The read_stream function in stream.c in liblrzip.so in lrzip 
0.631 ...)
+       TODO: check
+CVE-2017-8845 (The lzo1x_decompress function in lzo1x_d.ch in LZO 2.08, as 
used in ...)
+       TODO: check
+CVE-2017-8844 (The read_1g function in stream.c in liblrzip.so in lrzip 0.631 
allows ...)
+       TODO: check
+CVE-2017-8843 (The join_pthread function in stream.c in liblrzip.so in lrzip 
0.631 ...)
+       TODO: check
+CVE-2017-8842 (The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so 
in ...)
+       TODO: check
+CVE-2017-8841
+       RESERVED
+CVE-2017-8840
+       RESERVED
+CVE-2017-8839
+       RESERVED
+CVE-2017-8838
+       RESERVED
+CVE-2017-8837
+       RESERVED
+CVE-2017-8836
+       RESERVED
+CVE-2017-8835
+       RESERVED
+CVE-2016-10370
+       RESERVED
+CVE-2016-10369 (unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp 
for a ...)
        - lxterminal <unfixed> (bug #862098)
        NOTE: Fixed by: 
https://git.lxde.org/gitweb/?p=lxde/lxterminal.git;a=commit;h=f99163c6ff8b2f57c5f37b1ce5d62cf7450d4648
 CVE-2017-8834
@@ -19,8 +55,8 @@
        NOT-FOR-US: GenixCMS
 CVE-2017-8826
        RESERVED
-CVE-2017-8825
-       RESERVED
+CVE-2017-8825 (A null dereference vulnerability has been found in the MIME 
handling ...)
+       TODO: check
 CVE-2017-8824
        RESERVED
 CVE-2017-8823
@@ -5207,8 +5243,8 @@
        NOT-FOR-US: wordpress Anyone plugin
 CVE-2017-6954 (An issue was discovered in includes/component.php in the 
BuddyPress ...)
        NOT-FOR-US: wordpress buddypress docs plugin
-CVE-2017-6953
-       RESERVED
+CVE-2017-6953 (Gemalto SmartDiag Diagnosis Tool v2.5 has a stack-based Buffer 
Overflow ...)
+       TODO: check
 CVE-2017-6952 (Integer overflow in the cs_winkernel_malloc function in 
winkernel_mm.c ...)
        - capstone <not-affected> (Vulnerable code not present, in Windows 
specific distribution)
 CVE-2017-9999
@@ -7723,8 +7759,8 @@
        RESERVED
 CVE-2017-6052 (A Man-in-the-Middle issue was discovered in Hyundai Motor 
America Blue ...)
        NOT-FOR-US: Hyundai
-CVE-2017-6051
-       RESERVED
+CVE-2017-6051 (An Uncontrolled Search Path Element issue was discovered in 
BLF-Tech ...)
+       TODO: check
 CVE-2017-6050
        RESERVED
 CVE-2017-6049
@@ -21412,18 +21448,18 @@
        RESERVED
 CVE-2017-0896
        RESERVED
-CVE-2017-0895
-       RESERVED
-CVE-2017-0894
-       RESERVED
-CVE-2017-0893
-       RESERVED
-CVE-2017-0892
-       RESERVED
-CVE-2017-0891
-       RESERVED
-CVE-2017-0890
-       RESERVED
+CVE-2017-0895 (Nextcloud Server before 10.0.4 and 11.0.2 are vulnerable to 
disclosure ...)
+       TODO: check
+CVE-2017-0894 (Nextcloud Server before 11.0.3 is vulnerable to disclosure of 
valid ...)
+       TODO: check
+CVE-2017-0893 (Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are 
shipping a ...)
+       TODO: check
+CVE-2017-0892 (Nextcloud Server before 11.0.3 is vulnerable to an improper 
session ...)
+       TODO: check
+CVE-2017-0891 (Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are 
vulnerable to ...)
+       TODO: check
+CVE-2017-0890 (Nextcloud Server before 11.0.3 is vulnerable to an inadequate 
escaping ...)
+       TODO: check
 CVE-2017-0889
        RESERVED
 CVE-2017-0888 (Nextcloud Server before 9.0.55 and 10.0.2 suffers from a ...)
@@ -24927,7 +24963,7 @@
        NOT-FOR-US: Siemens SIMATIC WinCC
 CVE-2016-9159 (A vulnerability in SIEMENS SIMATIC S7-300 PN CPUs (all versions 
...)
        NOT-FOR-US: Siemens SIMATIC
-CVE-2016-9158 (A vulnerability in SIEMENS SIMATIC S7-300 PN CPUs (all versions 
...)
+CVE-2016-9158 (A vulnerability in SIEMENS SIMATIC S7-300 PN CPUs before 
V3.X.14 and ...)
        NOT-FOR-US: Siemens SIMATIC
 CVE-2016-9157 (A vulnerability in Siemens SICAM PAS (all versions including 
V8.08) ...)
        NOT-FOR-US: Siemens SICAM PAS
@@ -27905,8 +27941,8 @@
        NOT-FOR-US: EMC Data Protection Advisor
 CVE-2016-8210
        RESERVED
-CVE-2016-8209
-       RESERVED
+CVE-2016-8209 (Improper checks for unusual or exceptional conditions in 
Brocade ...)
+       TODO: check
 CVE-2016-8208
        RESERVED
 CVE-2016-8207 (A Directory Traversal vulnerability in CliMonitorReportServlet 
in the ...)
@@ -27919,8 +27955,8 @@
        NOT-FOR-US: Brocade Network Advisor
 CVE-2016-8203 (A memory corruption in the IPsec code path of Brocade NetIron 
OS on ...)
        NOT-FOR-US: Brocade
-CVE-2016-8202
-       RESERVED
+CVE-2016-8202 (A privilege escalation vulnerability in Brocade Fibre Channel 
SAN ...)
+       TODO: check
 CVE-2016-8201 (A CSRF vulnerability in Brocade Virtual Traffic Manager 
versions ...)
        NOT-FOR-US: Brocade
 CVE-2016-7444 (The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in 
GnuTLS ...)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r51421 - data/CVE

Reply via email to