Author: sectracker Date: 2017-06-06 21:10:14 +0000 (Tue, 06 Jun 2017) New Revision: 52364
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-06-06 20:43:19 UTC (rev 52363) +++ data/CVE/list 2017-06-06 21:10:14 UTC (rev 52364) @@ -1,3 +1,29 @@ +CVE-2017-9460 + RESERVED +CVE-2017-9459 + RESERVED +CVE-2017-9458 + RESERVED +CVE-2017-9457 + RESERVED +CVE-2017-9456 + RESERVED +CVE-2017-9455 + RESERVED +CVE-2017-9454 + RESERVED +CVE-2017-9453 + RESERVED +CVE-2017-9452 (Cross-site scripting (XSS) vulnerability in admin.php in Piwigo 2.9.0 ...) + TODO: check +CVE-2017-9451 (Cross site scripting (XSS) vulnerability in pages.edit_form.php in ...) + TODO: check +CVE-2017-9450 + RESERVED +CVE-2017-9449 (SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote ...) + TODO: check +CVE-2017-9448 (Cross-site scripting (XSS) vulnerabilities in BigTree CMS through ...) + TODO: check CVE-2017-XXXX [allows remote users unauthorized access to a hg serve --stdio instance] - mercurial <unfixed> (bug #861243) NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.1.3_.282017-4-18.29 @@ -73,7 +99,7 @@ CVE-2017-9423 RESERVED CVE-2017-9422 - RESERVED + REJECTED CVE-2017-9421 RESERVED CVE-2017-9420 (Cross site scripting (XSS) vulnerability in the Spiffy Calendar plugin ...) @@ -331,8 +357,8 @@ RESERVED CVE-2017-9333 RESERVED -CVE-2017-9332 - RESERVED +CVE-2017-9332 (The smarty_self function in modules/module_smarty.php in PivotX 2.3.11 ...) + TODO: check CVE-2017-9331 (The Agenda component in Telaxus EPESI 1.8.2 and earlier has a Stored ...) NOT-FOR-US: Telaxus EPESI CVE-2017-9329 @@ -1066,7 +1092,7 @@ - imagemagick 8:6.9.7.4+dfsg-9 (bug #863123) NOTE: https://github.com/ImageMagick/ImageMagick/issues/456 NOTE: https://github.com/ImageMagick/ImageMagick/commit/7b8c1df65b25d6671f113e2306982eded44ce3b4 -CVE-2017-9140 (Cross-site scripting (XSS) vulnerability in Telerik Reporting for ...) +CVE-2017-9140 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: Telerik CVE-2017-9139 (There is a stack-based buffer overflow on some Tenda routers ...) NOT-FOR-US: Tenda @@ -1686,8 +1712,8 @@ NOTE: Fixed by: https://sourceforge.net/p/flightgear/flightgear/ci/faf872e7f71ca14c567ac7080561fc785d8d2fd0/ (next) NOTE: Fixed by: https://sourceforge.net/p/flightgear/flightgear/ci/19ab09406e4249f2c6f8ac51938258d1c51eace0/ (2016.4) NOTE: Fixed by: https://sourceforge.net/p/flightgear/flightgear/ci/c8250b10bb9a116889f831d2299678b0ef70fec2/ (3.0.0) -CVE-2017-8920 - RESERVED +CVE-2017-8920 (irc.cgi in CGI:IRC before 0.5.12 reflects user-supplied input from the ...) + TODO: check CVE-2017-8919 RESERVED CVE-2017-8918 @@ -2082,6 +2108,7 @@ CVE-2017-8783 RESERVED CVE-2017-8782 (The readString function in util/read.c and util/old/read.c in libming ...) + {DLA-980-1} - ming <removed> NOTE: https://github.com/libming/libming/issues/70 CVE-2017-8781 @@ -3776,8 +3803,8 @@ - jenkins <removed> CVE-2017-8084 RESERVED -CVE-2017-8083 - RESERVED +CVE-2017-8083 (CompuLab Intense PC and MintBox 2 devices with BIOS before 2017-05-21 ...) + TODO: check CVE-2017-8082 (concrete5 8.1.0 has CSRF in Thumbnail Editor in the File Manager, which ...) NOT-FOR-US: concrete5 CVE-2017-8081 (Poor cryptographic salt initialization in ...) @@ -5450,8 +5477,8 @@ RESERVED CVE-2017-7516 RESERVED -CVE-2017-7515 - RESERVED +CVE-2017-7515 (poppler through version 0.55.0 is vulnerable to an uncontrolled ...) + TODO: check CVE-2017-7514 RESERVED CVE-2017-7513 @@ -6186,8 +6213,7 @@ RESERVED CVE-2016-10298 RESERVED -CVE-2016-10297 - RESERVED +CVE-2016-10297 (In TrustZone in all Android releases from CAF using the Linux kernel, ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10296 (An information disclosure vulnerability in the Qualcomm shared memory ...) NOT-FOR-US: Qualcomm driver for Android @@ -6259,14 +6285,11 @@ RESERVED CVE-2015-9008 RESERVED -CVE-2015-9007 - RESERVED +CVE-2015-9007 (In TrustZone in all Android releases from CAF using the Linux kernel, ...) NOT-FOR-US: Qualcomm components for Android -CVE-2015-9006 - RESERVED +CVE-2015-9006 (In Resource Power Manager (RPM) in all Android releases from CAF using ...) NOT-FOR-US: Qualcomm components for Android -CVE-2015-9005 - RESERVED +CVE-2015-9005 (In TrustZone in all Android releases from CAF using the Linux kernel, ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9004 (kernel/events/core.c in the Linux kernel before 3.19 mishandles ...) - linux 3.16.7-ckt7-1 @@ -6285,41 +6308,29 @@ RESERVED CVE-2014-9953 RESERVED -CVE-2014-9952 - RESERVED +CVE-2014-9952 (In the Secure File System in all Android releases from CAF using the ...) NOT-FOR-US: Qualcomm components for Android -CVE-2014-9951 - RESERVED +CVE-2014-9951 (In TrustZone in all Android releases from CAF using the Linux kernel, ...) NOT-FOR-US: Qualcomm components for Android -CVE-2014-9950 - RESERVED +CVE-2014-9950 (In Core Kernel in all Android releases from CAF using the Linux ...) NOT-FOR-US: Qualcomm components for Android -CVE-2014-9949 - RESERVED +CVE-2014-9949 (In TrustZone in all Android releases from CAF using the Linux kernel, ...) NOT-FOR-US: Qualcomm components for Android -CVE-2014-9948 - RESERVED +CVE-2014-9948 (In TrustZone in all Android releases from CAF using the Linux kernel, ...) NOT-FOR-US: Qualcomm components for Android -CVE-2014-9947 - RESERVED +CVE-2014-9947 (In TrustZone in all Android releases from CAF using the Linux kernel, ...) NOT-FOR-US: Qualcomm components for Android -CVE-2014-9946 - RESERVED +CVE-2014-9946 (In Core Kernel in all Android releases from CAF using the Linux ...) NOT-FOR-US: Qualcomm components for Android -CVE-2014-9945 - RESERVED +CVE-2014-9945 (In TrustZone in all Android releases from CAF using the Linux kernel, ...) NOT-FOR-US: Qualcomm components for Android -CVE-2014-9944 - RESERVED +CVE-2014-9944 (In the Secure File System in all Android releases from CAF using the ...) NOT-FOR-US: Qualcomm components for Android -CVE-2014-9943 - RESERVED +CVE-2014-9943 (In Core Kernel in all Android releases from CAF using the Linux ...) NOT-FOR-US: Qualcomm components for Android -CVE-2014-9942 - RESERVED +CVE-2014-9942 (In Boot in all Android releases from CAF using the Linux kernel, a Use ...) NOT-FOR-US: Qualcomm components for Android -CVE-2014-9941 - RESERVED +CVE-2014-9941 (In the Embedded File System in all Android releases from CAF using the ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9940 (The regulator_ena_gpio_free function in drivers/regulator/core.c in ...) - linux 4.0.2-1 @@ -8799,29 +8810,21 @@ NOT-FOR-US: Qualcomm components for Android CVE-2014-9931 (A buffer overflow vulnerability in all Android releases from CAF using ...) NOT-FOR-US: Qualcomm components for Android -CVE-2014-9930 - RESERVED +CVE-2014-9930 (In WCDMA in all Android releases from CAF using the Linux kernel, a ...) NOT-FOR-US: Qualcomm components for Android -CVE-2014-9929 - RESERVED +CVE-2014-9929 (In WCDMA in all Android releases from CAF using the Linux kernel, a ...) NOT-FOR-US: Qualcomm components for Android -CVE-2014-9928 - RESERVED +CVE-2014-9928 (In GERAN in all Android releases from CAF using the Linux kernel, a ...) NOT-FOR-US: Qualcomm components for Android -CVE-2014-9927 - RESERVED +CVE-2014-9927 (In UIM in all Android releases from CAF using the Linux kernel, a ...) NOT-FOR-US: Qualcomm components for Android -CVE-2014-9926 - RESERVED +CVE-2014-9926 (In GNSS in all Android releases from CAF using the Linux kernel, a Use ...) NOT-FOR-US: Qualcomm components for Android -CVE-2014-9925 - RESERVED +CVE-2014-9925 (In HDR in all Android releases from CAF using the Linux kernel, a ...) NOT-FOR-US: Qualcomm components for Android -CVE-2014-9924 - RESERVED +CVE-2014-9924 (In 1x in all Android releases from CAF using the Linux kernel, a ...) NOT-FOR-US: Qualcomm components for Android -CVE-2014-9923 - RESERVED +CVE-2014-9923 (In NAS in all Android releases from CAF using the Linux kernel, a ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9922 (The eCryptfs subsystem in the Linux kernel before 3.18 allows local ...) - linux 4.0.2-1 @@ -11043,8 +11046,8 @@ NOTE: https://blogs.gentoo.org/ago/2017/01/29/mp3splt-null-pointer-dereference-in-splt_cue_export_to_file-cue-c NOTE: https://sourceforge.net/p/mp3splt/bugs/209/ NOTE: No security impact, crash in CLI tool -CVE-2017-5664 - RESERVED +CVE-2017-5664 (The error page mechanism of the Java Servlet Specification requires ...) + TODO: check CVE-2017-5663 RESERVED CVE-2017-5662 (In Apache Batik before 1.9, files lying on the filesystem of the ...) @@ -12765,8 +12768,8 @@ RESERVED CVE-2017-5244 RESERVED -CVE-2017-5243 - RESERVED +CVE-2017-5243 (The default SSH configuration in Rapid7 Nexpose hardware appliances ...) + TODO: check CVE-2017-5242 RESERVED CVE-2017-5241 @@ -16663,14 +16666,12 @@ NOTE: https://bugs.exim.org/show_bug.cgi?id=1996 NOTE: http://www.openwall.com/lists/oss-security/2016/12/16/1 NOTE: https://exim.org/static/doc/CVE-2016-9963.txt -CVE-2016-9961 - RESERVED +CVE-2016-9961 (game-music-emu before 0.6.1 mishandles unspecified integer values. ...) {DSA-3735-1 DLA-750-1} - game-music-emu 0.6.0-4 (bug #848071) NOTE: http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html NOTE: http://www.openwall.com/lists/oss-security/2016/12/15/1 -CVE-2016-9960 - RESERVED +CVE-2016-9960 (game-music-emu before 0.6.1 allows local users to cause a denial of ...) {DSA-3735-1 DLA-750-1} - game-music-emu 0.6.0-4 (bug #848071) NOTE: http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html @@ -41219,8 +41220,7 @@ NOT-FOR-US: Cloud Foundry CVE-2016-5005 (Cross-site scripting (XSS) vulnerability in Apache Archiva 1.3.9 and ...) NOT-FOR-US: Apache Archiva -CVE-2016-5004 - RESERVED +CVE-2016-5004 (The Content-Encoding HTTP header feature in ws-xmlrpc 3.1.3 as used in ...) NOT-FOR-US: Apache Archiva CVE-2016-5003 RESERVED @@ -46692,8 +46692,7 @@ NOTE: http://www.openwall.com/lists/oss-security/2016/04/28/1 NOTE: Fixed in 7.0.6 NOTE: https://bugs.php.net/bug.php?id=71923 -CVE-2016-3077 - RESERVED +CVE-2016-3077 (The VersionMapper.fromKernelVersionString method in oVirt Engine ...) NOT-FOR-US: ovirt-engine CVE-2016-3076 (Heap-based buffer overflow in the j2k_encode_entry function in Pillow ...) - pillow <unfixed> (unimportant) @@ -46749,8 +46748,7 @@ NOTE: https://selenic.com/repo/hg-stable/rev/34d43cb85de8 CVE-2016-3067 (Cygwin before 2.5.0 does not properly handle updating permissions when ...) NOT-FOR-US: Cygwin -CVE-2016-3066 [hijacks clipboard and sends contents to remote servers] - RESERVED +CVE-2016-3066 (The spice-gtk widget allows remote authenticated users to obtain ...) - spice-gtk <unfixed> (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1320263 NOTE: Hardly a security issue per se, but a design limitation/risky feature @@ -49788,8 +49786,8 @@ - postgresql-8.4 <not-affected> (Only affects 9.5.x) NOTE: http://www.postgresql.org/about/news/1656/ NOTE: http://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=db69e58a0642ef7fa46d62f6c4cf2460c3a1b41b -CVE-2016-2192 - RESERVED +CVE-2016-2192 (PostgreSQL PL/Java before 1.5.0 allows remote authenticated users to ...) + TODO: check CVE-2016-2191 (The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before ...) {DSA-3546-1} - optipng 0.7.6-1 (bug #820068) @@ -54985,10 +54983,10 @@ NOT-FOR-US: Wordpress plugin CVE-2016-0769 (Multiple SQL injection vulnerabilities in eshop-orders.php in the ...) NOT-FOR-US: Wordpress plugin -CVE-2016-0768 - RESERVED -CVE-2016-0767 - RESERVED +CVE-2016-0768 (PostgreSQL PL/Java after 9.0 does not honor access controls on large ...) + TODO: check +CVE-2016-0767 (PostgreSQL PL/Java before 1.5.0 allows remote authenticated users with ...) + TODO: check CVE-2016-0766 (PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, ...) {DSA-3476-1 DSA-3475-1} - postgresql-9.5 9.5.1 @@ -55185,8 +55183,7 @@ NOTE: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1528050 NOTE: http://www.halfdog.net/Security/2015/NtpCronjobUserNtpToRootPrivilegeEscalation/ NOTE: Originally addressed in 1:4.2.8p8+dfsg-1.1, then refixed in 1:4.2.8p9+dfsg-2 -CVE-2016-0726 - RESERVED +CVE-2016-0726 (The Fedora Nagios package uses "nagiosadmin" as the default password ...) - nagios3 <not-affected> (Specific to Fedora installation) CVE-2016-0725 (Cross-site scripting (XSS) vulnerability in the search_pagination ...) - moodle <not-affected> (Only affects 3.0 to 3.0.1, 2.9 to 2.9.3 and 2.8 to 2.8.9) @@ -70543,8 +70540,8 @@ NOT-FOR-US: libstagefright in Android CVE-2015-3831 (Buffer overflow in the readAt function in BpMediaHTTPConnection in ...) NOT-FOR-US: mediaserver service in Android -CVE-2015-3830 - RESERVED +CVE-2015-3830 (The stock Android browser address bar in all Android operating systems ...) + TODO: check CVE-2015-3829 (Off-by-one error in the MPEG4Extractor::parseChunk function in ...) NOT-FOR-US: libstagefright in Android CVE-2015-3828 (The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp ...) @@ -79053,8 +79050,8 @@ [squeeze] - chromium-browser <end-of-life> CVE-2015-1208 RESERVED -CVE-2015-1207 - RESERVED +CVE-2015-1207 (Double-free vulnerability in libavformat/mov.c in FFMPEG in Google ...) + TODO: check CVE-2015-1206 RESERVED CVE-2015-1204 (Cross-site scripting (XSS) vulnerability in the Save Filters ...) @@ -86582,8 +86579,7 @@ CVE-2014-8181 [scsi: do not fill dirty page content in the SG_IO buffer] RESERVED - linux <not-affected> (Specific to RHEL 7) -CVE-2014-8180 - RESERVED +CVE-2014-8180 (MongoDB on Red Hat Satellite 6 allows local users to bypass ...) NOT-FOR-US: Red Hat Satellite CVE-2014-8179 RESERVED _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits