Author: sectracker
Date: 2017-10-07 09:10:14 +0000 (Sat, 07 Oct 2017)
New Revision: 56486
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-07 09:04:04 UTC (rev 56485)
+++ data/CVE/list 2017-10-07 09:10:14 UTC (rev 56486)
@@ -1,3 +1,5 @@
+CVE-2017-15084 (The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows
logout ...)
+ TODO: check
CVE-2017-15083
RESERVED
CVE-2017-15082
@@ -957,6 +959,7 @@
CVE-2017-14738 (FileRun (version 2017.09.18 and below) suffers from a remote
SQL ...)
NOT-FOR-US: FileRun
CVE-2017-14737 (A cryptographic cache-based side channel in the RSA
implementation in ...)
+ {DLA-1125-1}
- botan1.10 <unfixed> (bug #877436)
NOTE: https://github.com/randombit/botan/issues/1222
NOTE:
https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/wang-shuai
@@ -3795,6 +3798,7 @@
NOTE: This is in libxkbfile in wheezy
CVE-2017-13722 [pcfGetProperties: Check string boundaries]
RESERVED
+ {DLA-1126-1}
- libxfont 1:2.0.1-4
NOTE: Fixed by:
https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=672bb944311392e2415b39c0d63b1e1902905bcd
CVE-2017-13721 [Xext/shm: Validate shmseg resource id]
@@ -3804,6 +3808,7 @@
NOTE: In wheezy this is possibly libxext, src/XShm.c?
CVE-2017-13720 [Check for end of string in PatternMatch]
RESERVED
+ {DLA-1126-1}
- libxfont 1:2.0.1-4
NOTE: Fixed by:
https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d1e670a4a8704b8708e493ab6155589bcd570608
CVE-2017-13719
@@ -42046,6 +42051,7 @@
- chromium-browser 55.0.2883.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-0380 (The rend_service_intro_established function in or/rendservice.c
in Tor ...)
+ {DSA-3993-1}
- tor 0.3.1.7-1 (bug #876221)
[jessie] - tor <not-affected> (Issue introduced in 0.2.7.2-alpha)
[wheezy] - tor <not-affected> (Issue introduced in 0.2.7.2-alpha)
@@ -91220,8 +91226,8 @@
[wheezy] - nova <no-dsa> (Minor issue)
NOTE: This is no longer a security issue starting with icehouse, so
marking 2014.1 as fixed
NOTE: https://bugs.launchpad.net/nova/+bug/1419577
-CVE-2015-2673
- RESERVED
+CVE-2015-2673 (The ec_ajax_update_option and ec_ajax_clear_all_taxrates
functions in ...)
+ TODO: check
CVE-2015-2671
RESERVED
CVE-2015-2670
@@ -92845,20 +92851,20 @@
NOTE: http://xenbits.xen.org/xsa/advisory-120.html
CVE-2015-2149 (Multiple cross-site scripting (XSS) vulnerabilities in the
administrative ...)
NOT-FOR-US: MyBB
-CVE-2015-2148
- RESERVED
-CVE-2015-2147
- RESERVED
-CVE-2015-2146
- RESERVED
-CVE-2015-2145
- RESERVED
-CVE-2015-2144
- RESERVED
-CVE-2015-2143
- RESERVED
-CVE-2015-2142
- RESERVED
+CVE-2015-2148 (Multiple cross-site scripting (XSS) vulnerabilities in
Issuetracker ...)
+ TODO: check
+CVE-2015-2147 (Multiple SQL injection vulnerabilities in Issuetracker
phpBugTracker ...)
+ TODO: check
+CVE-2015-2146 (Multiple SQL injection vulnerabilities in Issuetracker
phpBugTracker ...)
+ TODO: check
+CVE-2015-2145 (Multiple cross-site scripting (XSS) vulnerabilities in
Issuetracker ...)
+ TODO: check
+CVE-2015-2144 (Multiple cross-site scriping (XSS) vulnerabilities in
Issuetracker ...)
+ TODO: check
+CVE-2015-2143 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
+ TODO: check
+CVE-2015-2142 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
+ TODO: check
CVE-2015-2141 (The InvertibleRWFunction::CalculateInverse function in rw.cpp
in ...)
{DSA-3296-1 DLA-262-1}
- libcrypto++ 5.6.1-7
@@ -93702,8 +93708,8 @@
NOTE:
http://activemq.apache.org/security-advisories.data/CVE-2015-1830-announcement.txt
CVE-2015-1829 (Unspecified vulnerability in the Oracle HTTP Server component
in ...)
NOT-FOR-US: Oracle Fusion Middleware
-CVE-2015-1828
- RESERVED
+CVE-2015-1828 (The Ruby http gem before 0.7.3 does not verify hostnames in SSL
...)
+ TODO: check
CVE-2015-1827 (The get_user_grouplist function in the extdom plug-in in
FreeIPA ...)
- freeipa <not-affected> (Only affects 4.1, see bug #781224)
NOTE: https://fedorahosted.org/freeipa/ticket/4908
@@ -95004,8 +95010,8 @@
NOT-FOR-US: Little forum
CVE-2015-1434 (Multiple SQL injection vulnerabilities in my little forum
before 2.3.4 ...)
NOT-FOR-US: Little forum
-CVE-2015-1429
- RESERVED
+CVE-2015-1429 (Directory traversal vulnerability in Cybele Software Thinfinity
Remote ...)
+ TODO: check
CVE-2015-1428 (Multiple SQL injection vulnerabilities in Sefrengo before 1.6.2
allow ...)
NOT-FOR-US: Sefrengo
CVE-2015-1427 (The Groovy scripting engine in Elasticsearch before 1.3.8 and
1.4.x ...)
@@ -100664,8 +100670,7 @@
- libapache2-mod-cluster <itp> (bug #731410)
CVE-2015-0297 (Red Hat JBoss Operations Network 3.3.1 does not properly
restrict ...)
NOT-FOR-US: RHQ
-CVE-2015-0296
- RESERVED
+CVE-2015-0296 (The pre-install script in texlive 3.1.20140525_r34255.fc21 as
packaged ...)
- texlive-base <not-affected> (Specific to Red Hat packaging/postinst)
CVE-2015-0295 (The BMP decoder in QtGui in QT before 5.5 does not properly
calculate ...)
{DLA-210-1}
@@ -101512,8 +101517,8 @@
NOTE:
https://github.com/phpmyadmin/phpmyadmin/commit/42b64e12b5f596366f94ef72365fd69a019ba820
and
NOTE:
https://github.com/phpmyadmin/phpmyadmin/commit/c7685e5acd3f8e722f4f374c6fa821590865b68d
need
NOTE: to be backported to 3.4
-CVE-2014-8957
- RESERVED
+CVE-2014-8957 (Cross-site scripting (XSS) vulnerability in OpenKM before
6.4.19 ...)
+ TODO: check
CVE-2014-8956 (Stack-based buffer overflow in the K7Sentry.sys kernel mode
driver ...)
NOT-FOR-US: K7 Computing
CVE-2014-8955 (Cross-site scripting (XSS) vulnerability in the Contact Form
Clean and ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
