Author: sectracker Date: 2017-10-07 09:10:14 +0000 (Sat, 07 Oct 2017) New Revision: 56486
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-10-07 09:04:04 UTC (rev 56485) +++ data/CVE/list 2017-10-07 09:10:14 UTC (rev 56486) @@ -1,3 +1,5 @@ +CVE-2017-15084 (The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout ...) + TODO: check CVE-2017-15083 RESERVED CVE-2017-15082 @@ -957,6 +959,7 @@ CVE-2017-14738 (FileRun (version 2017.09.18 and below) suffers from a remote SQL ...) NOT-FOR-US: FileRun CVE-2017-14737 (A cryptographic cache-based side channel in the RSA implementation in ...) + {DLA-1125-1} - botan1.10 <unfixed> (bug #877436) NOTE: https://github.com/randombit/botan/issues/1222 NOTE: https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/wang-shuai @@ -3795,6 +3798,7 @@ NOTE: This is in libxkbfile in wheezy CVE-2017-13722 [pcfGetProperties: Check string boundaries] RESERVED + {DLA-1126-1} - libxfont 1:2.0.1-4 NOTE: Fixed by: https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=672bb944311392e2415b39c0d63b1e1902905bcd CVE-2017-13721 [Xext/shm: Validate shmseg resource id] @@ -3804,6 +3808,7 @@ NOTE: In wheezy this is possibly libxext, src/XShm.c? CVE-2017-13720 [Check for end of string in PatternMatch] RESERVED + {DLA-1126-1} - libxfont 1:2.0.1-4 NOTE: Fixed by: https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d1e670a4a8704b8708e493ab6155589bcd570608 CVE-2017-13719 @@ -42046,6 +42051,7 @@ - chromium-browser 55.0.2883.75-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) CVE-2017-0380 (The rend_service_intro_established function in or/rendservice.c in Tor ...) + {DSA-3993-1} - tor 0.3.1.7-1 (bug #876221) [jessie] - tor <not-affected> (Issue introduced in 0.2.7.2-alpha) [wheezy] - tor <not-affected> (Issue introduced in 0.2.7.2-alpha) @@ -91220,8 +91226,8 @@ [wheezy] - nova <no-dsa> (Minor issue) NOTE: This is no longer a security issue starting with icehouse, so marking 2014.1 as fixed NOTE: https://bugs.launchpad.net/nova/+bug/1419577 -CVE-2015-2673 - RESERVED +CVE-2015-2673 (The ec_ajax_update_option and ec_ajax_clear_all_taxrates functions in ...) + TODO: check CVE-2015-2671 RESERVED CVE-2015-2670 @@ -92845,20 +92851,20 @@ NOTE: http://xenbits.xen.org/xsa/advisory-120.html CVE-2015-2149 (Multiple cross-site scripting (XSS) vulnerabilities in the administrative ...) NOT-FOR-US: MyBB -CVE-2015-2148 - RESERVED -CVE-2015-2147 - RESERVED -CVE-2015-2146 - RESERVED -CVE-2015-2145 - RESERVED -CVE-2015-2144 - RESERVED -CVE-2015-2143 - RESERVED -CVE-2015-2142 - RESERVED +CVE-2015-2148 (Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker ...) + TODO: check +CVE-2015-2147 (Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker ...) + TODO: check +CVE-2015-2146 (Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker ...) + TODO: check +CVE-2015-2145 (Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker ...) + TODO: check +CVE-2015-2144 (Multiple cross-site scriping (XSS) vulnerabilities in Issuetracker ...) + TODO: check +CVE-2015-2143 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) + TODO: check +CVE-2015-2142 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) + TODO: check CVE-2015-2141 (The InvertibleRWFunction::CalculateInverse function in rw.cpp in ...) {DSA-3296-1 DLA-262-1} - libcrypto++ 5.6.1-7 @@ -93702,8 +93708,8 @@ NOTE: http://activemq.apache.org/security-advisories.data/CVE-2015-1830-announcement.txt CVE-2015-1829 (Unspecified vulnerability in the Oracle HTTP Server component in ...) NOT-FOR-US: Oracle Fusion Middleware -CVE-2015-1828 - RESERVED +CVE-2015-1828 (The Ruby http gem before 0.7.3 does not verify hostnames in SSL ...) + TODO: check CVE-2015-1827 (The get_user_grouplist function in the extdom plug-in in FreeIPA ...) - freeipa <not-affected> (Only affects 4.1, see bug #781224) NOTE: https://fedorahosted.org/freeipa/ticket/4908 @@ -95004,8 +95010,8 @@ NOT-FOR-US: Little forum CVE-2015-1434 (Multiple SQL injection vulnerabilities in my little forum before 2.3.4 ...) NOT-FOR-US: Little forum -CVE-2015-1429 - RESERVED +CVE-2015-1429 (Directory traversal vulnerability in Cybele Software Thinfinity Remote ...) + TODO: check CVE-2015-1428 (Multiple SQL injection vulnerabilities in Sefrengo before 1.6.2 allow ...) NOT-FOR-US: Sefrengo CVE-2015-1427 (The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x ...) @@ -100664,8 +100670,7 @@ - libapache2-mod-cluster <itp> (bug #731410) CVE-2015-0297 (Red Hat JBoss Operations Network 3.3.1 does not properly restrict ...) NOT-FOR-US: RHQ -CVE-2015-0296 - RESERVED +CVE-2015-0296 (The pre-install script in texlive 3.1.20140525_r34255.fc21 as packaged ...) - texlive-base <not-affected> (Specific to Red Hat packaging/postinst) CVE-2015-0295 (The BMP decoder in QtGui in QT before 5.5 does not properly calculate ...) {DLA-210-1} @@ -101512,8 +101517,8 @@ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/42b64e12b5f596366f94ef72365fd69a019ba820 and NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/c7685e5acd3f8e722f4f374c6fa821590865b68d need NOTE: to be backported to 3.4 -CVE-2014-8957 - RESERVED +CVE-2014-8957 (Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 ...) + TODO: check CVE-2014-8956 (Stack-based buffer overflow in the K7Sentry.sys kernel mode driver ...) NOT-FOR-US: K7 Computing CVE-2014-8955 (Cross-site scripting (XSS) vulnerability in the Contact Form Clean and ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits