Author: sectracker Date: 2017-05-08 21:10:12 +0000 (Mon, 08 May 2017) New Revision: 51421
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-05-08 20:44:40 UTC (rev 51420) +++ data/CVE/list 2017-05-08 21:10:12 UTC (rev 51421) @@ -1,4 +1,40 @@ -CVE-2016-10369 [insecure use of /tmp for socket files] +CVE-2017-8851 + RESERVED +CVE-2017-8850 + RESERVED +CVE-2017-8849 + RESERVED +CVE-2017-8848 (Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a ...) + TODO: check +CVE-2017-8847 (The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in ...) + TODO: check +CVE-2017-8846 (The read_stream function in stream.c in liblrzip.so in lrzip 0.631 ...) + TODO: check +CVE-2017-8845 (The lzo1x_decompress function in lzo1x_d.ch in LZO 2.08, as used in ...) + TODO: check +CVE-2017-8844 (The read_1g function in stream.c in liblrzip.so in lrzip 0.631 allows ...) + TODO: check +CVE-2017-8843 (The join_pthread function in stream.c in liblrzip.so in lrzip 0.631 ...) + TODO: check +CVE-2017-8842 (The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in ...) + TODO: check +CVE-2017-8841 + RESERVED +CVE-2017-8840 + RESERVED +CVE-2017-8839 + RESERVED +CVE-2017-8838 + RESERVED +CVE-2017-8837 + RESERVED +CVE-2017-8836 + RESERVED +CVE-2017-8835 + RESERVED +CVE-2016-10370 + RESERVED +CVE-2016-10369 (unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a ...) - lxterminal <unfixed> (bug #862098) NOTE: Fixed by: https://git.lxde.org/gitweb/?p=lxde/lxterminal.git;a=commit;h=f99163c6ff8b2f57c5f37b1ce5d62cf7450d4648 CVE-2017-8834 @@ -19,8 +55,8 @@ NOT-FOR-US: GenixCMS CVE-2017-8826 RESERVED -CVE-2017-8825 - RESERVED +CVE-2017-8825 (A null dereference vulnerability has been found in the MIME handling ...) + TODO: check CVE-2017-8824 RESERVED CVE-2017-8823 @@ -5207,8 +5243,8 @@ NOT-FOR-US: wordpress Anyone plugin CVE-2017-6954 (An issue was discovered in includes/component.php in the BuddyPress ...) NOT-FOR-US: wordpress buddypress docs plugin -CVE-2017-6953 - RESERVED +CVE-2017-6953 (Gemalto SmartDiag Diagnosis Tool v2.5 has a stack-based Buffer Overflow ...) + TODO: check CVE-2017-6952 (Integer overflow in the cs_winkernel_malloc function in winkernel_mm.c ...) - capstone <not-affected> (Vulnerable code not present, in Windows specific distribution) CVE-2017-9999 @@ -7723,8 +7759,8 @@ RESERVED CVE-2017-6052 (A Man-in-the-Middle issue was discovered in Hyundai Motor America Blue ...) NOT-FOR-US: Hyundai -CVE-2017-6051 - RESERVED +CVE-2017-6051 (An Uncontrolled Search Path Element issue was discovered in BLF-Tech ...) + TODO: check CVE-2017-6050 RESERVED CVE-2017-6049 @@ -21412,18 +21448,18 @@ RESERVED CVE-2017-0896 RESERVED -CVE-2017-0895 - RESERVED -CVE-2017-0894 - RESERVED -CVE-2017-0893 - RESERVED -CVE-2017-0892 - RESERVED -CVE-2017-0891 - RESERVED -CVE-2017-0890 - RESERVED +CVE-2017-0895 (Nextcloud Server before 10.0.4 and 11.0.2 are vulnerable to disclosure ...) + TODO: check +CVE-2017-0894 (Nextcloud Server before 11.0.3 is vulnerable to disclosure of valid ...) + TODO: check +CVE-2017-0893 (Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are shipping a ...) + TODO: check +CVE-2017-0892 (Nextcloud Server before 11.0.3 is vulnerable to an improper session ...) + TODO: check +CVE-2017-0891 (Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are vulnerable to ...) + TODO: check +CVE-2017-0890 (Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping ...) + TODO: check CVE-2017-0889 RESERVED CVE-2017-0888 (Nextcloud Server before 9.0.55 and 10.0.2 suffers from a ...) @@ -24927,7 +24963,7 @@ NOT-FOR-US: Siemens SIMATIC WinCC CVE-2016-9159 (A vulnerability in SIEMENS SIMATIC S7-300 PN CPUs (all versions ...) NOT-FOR-US: Siemens SIMATIC -CVE-2016-9158 (A vulnerability in SIEMENS SIMATIC S7-300 PN CPUs (all versions ...) +CVE-2016-9158 (A vulnerability in SIEMENS SIMATIC S7-300 PN CPUs before V3.X.14 and ...) NOT-FOR-US: Siemens SIMATIC CVE-2016-9157 (A vulnerability in Siemens SICAM PAS (all versions including V8.08) ...) NOT-FOR-US: Siemens SICAM PAS @@ -27905,8 +27941,8 @@ NOT-FOR-US: EMC Data Protection Advisor CVE-2016-8210 RESERVED -CVE-2016-8209 - RESERVED +CVE-2016-8209 (Improper checks for unusual or exceptional conditions in Brocade ...) + TODO: check CVE-2016-8208 RESERVED CVE-2016-8207 (A Directory Traversal vulnerability in CliMonitorReportServlet in the ...) @@ -27919,8 +27955,8 @@ NOT-FOR-US: Brocade Network Advisor CVE-2016-8203 (A memory corruption in the IPsec code path of Brocade NetIron OS on ...) NOT-FOR-US: Brocade -CVE-2016-8202 - RESERVED +CVE-2016-8202 (A privilege escalation vulnerability in Brocade Fibre Channel SAN ...) + TODO: check CVE-2016-8201 (A CSRF vulnerability in Brocade Virtual Traffic Manager versions ...) NOT-FOR-US: Brocade CVE-2016-7444 (The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits