Author: sectracker
Date: 2017-06-06 21:10:14 +0000 (Tue, 06 Jun 2017)
New Revision: 52364
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-06-06 20:43:19 UTC (rev 52363)
+++ data/CVE/list 2017-06-06 21:10:14 UTC (rev 52364)
@@ -1,3 +1,29 @@
+CVE-2017-9460
+ RESERVED
+CVE-2017-9459
+ RESERVED
+CVE-2017-9458
+ RESERVED
+CVE-2017-9457
+ RESERVED
+CVE-2017-9456
+ RESERVED
+CVE-2017-9455
+ RESERVED
+CVE-2017-9454
+ RESERVED
+CVE-2017-9453
+ RESERVED
+CVE-2017-9452 (Cross-site scripting (XSS) vulnerability in admin.php in Piwigo
2.9.0 ...)
+ TODO: check
+CVE-2017-9451 (Cross site scripting (XSS) vulnerability in pages.edit_form.php
in ...)
+ TODO: check
+CVE-2017-9450
+ RESERVED
+CVE-2017-9449 (SQL injection vulnerability in BigTree CMS through 4.2.18
allows remote ...)
+ TODO: check
+CVE-2017-9448 (Cross-site scripting (XSS) vulnerabilities in BigTree CMS
through ...)
+ TODO: check
CVE-2017-XXXX [allows remote users unauthorized access to a hg serve --stdio
instance]
- mercurial <unfixed> (bug #861243)
NOTE:
https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.1.3_.282017-4-18.29
@@ -73,7 +99,7 @@
CVE-2017-9423
RESERVED
CVE-2017-9422
- RESERVED
+ REJECTED
CVE-2017-9421
RESERVED
CVE-2017-9420 (Cross site scripting (XSS) vulnerability in the Spiffy Calendar
plugin ...)
@@ -331,8 +357,8 @@
RESERVED
CVE-2017-9333
RESERVED
-CVE-2017-9332
- RESERVED
+CVE-2017-9332 (The smarty_self function in modules/module_smarty.php in PivotX
2.3.11 ...)
+ TODO: check
CVE-2017-9331 (The Agenda component in Telaxus EPESI 1.8.2 and earlier has a
Stored ...)
NOT-FOR-US: Telaxus EPESI
CVE-2017-9329
@@ -1066,7 +1092,7 @@
- imagemagick 8:6.9.7.4+dfsg-9 (bug #863123)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/456
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/7b8c1df65b25d6671f113e2306982eded44ce3b4
-CVE-2017-9140 (Cross-site scripting (XSS) vulnerability in Telerik Reporting
for ...)
+CVE-2017-9140 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: Telerik
CVE-2017-9139 (There is a stack-based buffer overflow on some Tenda routers
...)
NOT-FOR-US: Tenda
@@ -1686,8 +1712,8 @@
NOTE: Fixed by:
https://sourceforge.net/p/flightgear/flightgear/ci/faf872e7f71ca14c567ac7080561fc785d8d2fd0/
(next)
NOTE: Fixed by:
https://sourceforge.net/p/flightgear/flightgear/ci/19ab09406e4249f2c6f8ac51938258d1c51eace0/
(2016.4)
NOTE: Fixed by:
https://sourceforge.net/p/flightgear/flightgear/ci/c8250b10bb9a116889f831d2299678b0ef70fec2/
(3.0.0)
-CVE-2017-8920
- RESERVED
+CVE-2017-8920 (irc.cgi in CGI:IRC before 0.5.12 reflects user-supplied input
from the ...)
+ TODO: check
CVE-2017-8919
RESERVED
CVE-2017-8918
@@ -2082,6 +2108,7 @@
CVE-2017-8783
RESERVED
CVE-2017-8782 (The readString function in util/read.c and util/old/read.c in
libming ...)
+ {DLA-980-1}
- ming <removed>
NOTE: https://github.com/libming/libming/issues/70
CVE-2017-8781
@@ -3776,8 +3803,8 @@
- jenkins <removed>
CVE-2017-8084
RESERVED
-CVE-2017-8083
- RESERVED
+CVE-2017-8083 (CompuLab Intense PC and MintBox 2 devices with BIOS before
2017-05-21 ...)
+ TODO: check
CVE-2017-8082 (concrete5 8.1.0 has CSRF in Thumbnail Editor in the File
Manager, which ...)
NOT-FOR-US: concrete5
CVE-2017-8081 (Poor cryptographic salt initialization in ...)
@@ -5450,8 +5477,8 @@
RESERVED
CVE-2017-7516
RESERVED
-CVE-2017-7515
- RESERVED
+CVE-2017-7515 (poppler through version 0.55.0 is vulnerable to an uncontrolled
...)
+ TODO: check
CVE-2017-7514
RESERVED
CVE-2017-7513
@@ -6186,8 +6213,7 @@
RESERVED
CVE-2016-10298
RESERVED
-CVE-2016-10297
- RESERVED
+CVE-2016-10297 (In TrustZone in all Android releases from CAF using the Linux
kernel, ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2016-10296 (An information disclosure vulnerability in the Qualcomm shared
memory ...)
NOT-FOR-US: Qualcomm driver for Android
@@ -6259,14 +6285,11 @@
RESERVED
CVE-2015-9008
RESERVED
-CVE-2015-9007
- RESERVED
+CVE-2015-9007 (In TrustZone in all Android releases from CAF using the Linux
kernel, ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2015-9006
- RESERVED
+CVE-2015-9006 (In Resource Power Manager (RPM) in all Android releases from
CAF using ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2015-9005
- RESERVED
+CVE-2015-9005 (In TrustZone in all Android releases from CAF using the Linux
kernel, ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2015-9004 (kernel/events/core.c in the Linux kernel before 3.19 mishandles
...)
- linux 3.16.7-ckt7-1
@@ -6285,41 +6308,29 @@
RESERVED
CVE-2014-9953
RESERVED
-CVE-2014-9952
- RESERVED
+CVE-2014-9952 (In the Secure File System in all Android releases from CAF
using the ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2014-9951
- RESERVED
+CVE-2014-9951 (In TrustZone in all Android releases from CAF using the Linux
kernel, ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2014-9950
- RESERVED
+CVE-2014-9950 (In Core Kernel in all Android releases from CAF using the Linux
...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2014-9949
- RESERVED
+CVE-2014-9949 (In TrustZone in all Android releases from CAF using the Linux
kernel, ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2014-9948
- RESERVED
+CVE-2014-9948 (In TrustZone in all Android releases from CAF using the Linux
kernel, ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2014-9947
- RESERVED
+CVE-2014-9947 (In TrustZone in all Android releases from CAF using the Linux
kernel, ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2014-9946
- RESERVED
+CVE-2014-9946 (In Core Kernel in all Android releases from CAF using the Linux
...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2014-9945
- RESERVED
+CVE-2014-9945 (In TrustZone in all Android releases from CAF using the Linux
kernel, ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2014-9944
- RESERVED
+CVE-2014-9944 (In the Secure File System in all Android releases from CAF
using the ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2014-9943
- RESERVED
+CVE-2014-9943 (In Core Kernel in all Android releases from CAF using the Linux
...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2014-9942
- RESERVED
+CVE-2014-9942 (In Boot in all Android releases from CAF using the Linux
kernel, a Use ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2014-9941
- RESERVED
+CVE-2014-9941 (In the Embedded File System in all Android releases from CAF
using the ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2014-9940 (The regulator_ena_gpio_free function in
drivers/regulator/core.c in ...)
- linux 4.0.2-1
@@ -8799,29 +8810,21 @@
NOT-FOR-US: Qualcomm components for Android
CVE-2014-9931 (A buffer overflow vulnerability in all Android releases from
CAF using ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2014-9930
- RESERVED
+CVE-2014-9930 (In WCDMA in all Android releases from CAF using the Linux
kernel, a ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2014-9929
- RESERVED
+CVE-2014-9929 (In WCDMA in all Android releases from CAF using the Linux
kernel, a ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2014-9928
- RESERVED
+CVE-2014-9928 (In GERAN in all Android releases from CAF using the Linux
kernel, a ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2014-9927
- RESERVED
+CVE-2014-9927 (In UIM in all Android releases from CAF using the Linux kernel,
a ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2014-9926
- RESERVED
+CVE-2014-9926 (In GNSS in all Android releases from CAF using the Linux
kernel, a Use ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2014-9925
- RESERVED
+CVE-2014-9925 (In HDR in all Android releases from CAF using the Linux kernel,
a ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2014-9924
- RESERVED
+CVE-2014-9924 (In 1x in all Android releases from CAF using the Linux kernel,
a ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2014-9923
- RESERVED
+CVE-2014-9923 (In NAS in all Android releases from CAF using the Linux kernel,
a ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2014-9922 (The eCryptfs subsystem in the Linux kernel before 3.18 allows
local ...)
- linux 4.0.2-1
@@ -11043,8 +11046,8 @@
NOTE:
https://blogs.gentoo.org/ago/2017/01/29/mp3splt-null-pointer-dereference-in-splt_cue_export_to_file-cue-c
NOTE: https://sourceforge.net/p/mp3splt/bugs/209/
NOTE: No security impact, crash in CLI tool
-CVE-2017-5664
- RESERVED
+CVE-2017-5664 (The error page mechanism of the Java Servlet Specification
requires ...)
+ TODO: check
CVE-2017-5663
RESERVED
CVE-2017-5662 (In Apache Batik before 1.9, files lying on the filesystem of
the ...)
@@ -12765,8 +12768,8 @@
RESERVED
CVE-2017-5244
RESERVED
-CVE-2017-5243
- RESERVED
+CVE-2017-5243 (The default SSH configuration in Rapid7 Nexpose hardware
appliances ...)
+ TODO: check
CVE-2017-5242
RESERVED
CVE-2017-5241
@@ -16663,14 +16666,12 @@
NOTE: https://bugs.exim.org/show_bug.cgi?id=1996
NOTE: http://www.openwall.com/lists/oss-security/2016/12/16/1
NOTE: https://exim.org/static/doc/CVE-2016-9963.txt
-CVE-2016-9961
- RESERVED
+CVE-2016-9961 (game-music-emu before 0.6.1 mishandles unspecified integer
values. ...)
{DSA-3735-1 DLA-750-1}
- game-music-emu 0.6.0-4 (bug #848071)
NOTE:
http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html
NOTE: http://www.openwall.com/lists/oss-security/2016/12/15/1
-CVE-2016-9960
- RESERVED
+CVE-2016-9960 (game-music-emu before 0.6.1 allows local users to cause a
denial of ...)
{DSA-3735-1 DLA-750-1}
- game-music-emu 0.6.0-4 (bug #848071)
NOTE:
http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html
@@ -41219,8 +41220,7 @@
NOT-FOR-US: Cloud Foundry
CVE-2016-5005 (Cross-site scripting (XSS) vulnerability in Apache Archiva
1.3.9 and ...)
NOT-FOR-US: Apache Archiva
-CVE-2016-5004
- RESERVED
+CVE-2016-5004 (The Content-Encoding HTTP header feature in ws-xmlrpc 3.1.3 as
used in ...)
NOT-FOR-US: Apache Archiva
CVE-2016-5003
RESERVED
@@ -46692,8 +46692,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/04/28/1
NOTE: Fixed in 7.0.6
NOTE: https://bugs.php.net/bug.php?id=71923
-CVE-2016-3077
- RESERVED
+CVE-2016-3077 (The VersionMapper.fromKernelVersionString method in oVirt
Engine ...)
NOT-FOR-US: ovirt-engine
CVE-2016-3076 (Heap-based buffer overflow in the j2k_encode_entry function in
Pillow ...)
- pillow <unfixed> (unimportant)
@@ -46749,8 +46748,7 @@
NOTE: https://selenic.com/repo/hg-stable/rev/34d43cb85de8
CVE-2016-3067 (Cygwin before 2.5.0 does not properly handle updating
permissions when ...)
NOT-FOR-US: Cygwin
-CVE-2016-3066 [hijacks clipboard and sends contents to remote servers]
- RESERVED
+CVE-2016-3066 (The spice-gtk widget allows remote authenticated users to
obtain ...)
- spice-gtk <unfixed> (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1320263
NOTE: Hardly a security issue per se, but a design limitation/risky
feature
@@ -49788,8 +49786,8 @@
- postgresql-8.4 <not-affected> (Only affects 9.5.x)
NOTE: http://www.postgresql.org/about/news/1656/
NOTE:
http://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=db69e58a0642ef7fa46d62f6c4cf2460c3a1b41b
-CVE-2016-2192
- RESERVED
+CVE-2016-2192 (PostgreSQL PL/Java before 1.5.0 allows remote authenticated
users to ...)
+ TODO: check
CVE-2016-2191 (The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG
before ...)
{DSA-3546-1}
- optipng 0.7.6-1 (bug #820068)
@@ -54985,10 +54983,10 @@
NOT-FOR-US: Wordpress plugin
CVE-2016-0769 (Multiple SQL injection vulnerabilities in eshop-orders.php in
the ...)
NOT-FOR-US: Wordpress plugin
-CVE-2016-0768
- RESERVED
-CVE-2016-0767
- RESERVED
+CVE-2016-0768 (PostgreSQL PL/Java after 9.0 does not honor access controls on
large ...)
+ TODO: check
+CVE-2016-0767 (PostgreSQL PL/Java before 1.5.0 allows remote authenticated
users with ...)
+ TODO: check
CVE-2016-0766 (PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before
9.3.11, ...)
{DSA-3476-1 DSA-3475-1}
- postgresql-9.5 9.5.1
@@ -55185,8 +55183,7 @@
NOTE: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1528050
NOTE:
http://www.halfdog.net/Security/2015/NtpCronjobUserNtpToRootPrivilegeEscalation/
NOTE: Originally addressed in 1:4.2.8p8+dfsg-1.1, then refixed in
1:4.2.8p9+dfsg-2
-CVE-2016-0726
- RESERVED
+CVE-2016-0726 (The Fedora Nagios package uses "nagiosadmin" as the
default password ...)
- nagios3 <not-affected> (Specific to Fedora installation)
CVE-2016-0725 (Cross-site scripting (XSS) vulnerability in the
search_pagination ...)
- moodle <not-affected> (Only affects 3.0 to 3.0.1, 2.9 to 2.9.3 and
2.8 to 2.8.9)
@@ -70543,8 +70540,8 @@
NOT-FOR-US: libstagefright in Android
CVE-2015-3831 (Buffer overflow in the readAt function in BpMediaHTTPConnection
in ...)
NOT-FOR-US: mediaserver service in Android
-CVE-2015-3830
- RESERVED
+CVE-2015-3830 (The stock Android browser address bar in all Android operating
systems ...)
+ TODO: check
CVE-2015-3829 (Off-by-one error in the MPEG4Extractor::parseChunk function in
...)
NOT-FOR-US: libstagefright in Android
CVE-2015-3828 (The MPEG4Extractor::parse3GPPMetaData function in
MPEG4Extractor.cpp ...)
@@ -79053,8 +79050,8 @@
[squeeze] - chromium-browser <end-of-life>
CVE-2015-1208
RESERVED
-CVE-2015-1207
- RESERVED
+CVE-2015-1207 (Double-free vulnerability in libavformat/mov.c in FFMPEG in
Google ...)
+ TODO: check
CVE-2015-1206
RESERVED
CVE-2015-1204 (Cross-site scripting (XSS) vulnerability in the Save Filters
...)
@@ -86582,8 +86579,7 @@
CVE-2014-8181 [scsi: do not fill dirty page content in the SG_IO buffer]
RESERVED
- linux <not-affected> (Specific to RHEL 7)
-CVE-2014-8180
- RESERVED
+CVE-2014-8180 (MongoDB on Red Hat Satellite 6 allows local users to bypass ...)
NOT-FOR-US: Red Hat Satellite
CVE-2014-8179
RESERVED
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
