Author: sectracker
Date: 2017-10-10 18:45:48 +0000 (Tue, 10 Oct 2017)
New Revision: 56576
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-10 18:36:10 UTC (rev 56575)
+++ data/CVE/list 2017-10-10 18:45:48 UTC (rev 56576)
@@ -1,3 +1,5 @@
+CVE-2017-15216 (MISP before 2.4.81 has a potential reflected XSS in a
quickDelete ...)
+ TODO: check
CVE-2017-15215 (Reflected XSS vulnerability in Shaarli v0.9.1 allows an
unauthenticated ...)
- shaarli <itp> (bug #864559)
CVE-2017-15214 (Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6
allows an ...)
@@ -4173,8 +4175,8 @@
NOT-FOR-US: VX Search Enterprise
CVE-2017-13707 (Privilege escalation in Replibit Backup Manager earlier than
version ...)
NOT-FOR-US: Replibit
-CVE-2017-13706
- RESERVED
+CVE-2017-13706 (XML external entity (XXE) vulnerability in the import package
...)
+ TODO: check
CVE-2017-13709 (In FlightGear before version 2017.3.1, Main/logger.cxx in the
FGLogger ...)
- flightgear 1:2017.2.1+dfsg-4 (low; bug #873439)
[stretch] - flightgear <no-dsa> (Minor issue)
@@ -6702,10 +6704,10 @@
{DLA-1117-1}
- opencv <unfixed> (bug #875342)
NOTE: https://github.com/opencv/opencv/issues/9370
-CVE-2017-12861
- RESERVED
-CVE-2017-12860
- RESERVED
+CVE-2017-12861 (The Epson "EasyMP" software (tested on version 2.86)
is designed to ...)
+ TODO: check
+CVE-2017-12860 (The Epson "EasyMP" software (tested on version 2.86)
is designed to ...)
+ TODO: check
CVE-2017-12859 (NetApp Data ONTAP before 8.2.5, when operating in 7-Mode in
NFS ...)
NOT-FOR-US: NetApp
CVE-2017-12858 (Double free vulnerability in the _zip_dirent_read function in
...)
@@ -7378,8 +7380,7 @@
RESERVED
CVE-2017-12624
RESERVED
-CVE-2017-12623
- RESERVED
+CVE-2017-12623 (An authorized user could upload a template which contained
malicious ...)
NOT-FOR-US: Apache NiFi
CVE-2017-12622
RESERVED
@@ -75545,8 +75546,7 @@
NOTE:
https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe
NOTE: Introduced/Uncovered by
https://git.gnome.org/browse/libxml2/commit/?id=a7dfab7411cbf545f359dd3157e5df1eb0e7ce31
(fix for CVE-2015-7941)
NOTE: http://www.openwall.com/lists/oss-security/2015/11/17/5
-CVE-2015-8239 [race condition checking digests/checksums in sudoers]
- RESERVED
+CVE-2015-8239 (The SHA-2 digest support in the sudoers plugin in sudo after
1.8.7 ...)
- sudo 1.8.17p1-1 (bug #805563)
[jessie] - sudo <no-dsa> (Minor issue)
[wheezy] - sudo <not-affected> (Command digests are only supported by
version 1.8.7 or higher)
@@ -76920,8 +76920,8 @@
NOT-FOR-US: ManageEngine Firewall Analyzer
CVE-2015-7779
REJECTED
-CVE-2015-7778
- RESERVED
+CVE-2015-7778 (Gurunavi App for iOS before 6.0.0 does not verify SSL
certificates ...)
+ TODO: check
CVE-2015-7777 (Cross-site scripting (XSS) vulnerability in index.php in
JosephErnest ...)
NOT-FOR-US: JosephErnest Void
CVE-2015-7776 (Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly
restrict ...)
@@ -77108,8 +77108,7 @@
- linux <not-affected> (Issue fixed before the src:linux-2.6 rename)
- linux-2.6 2.6.25-1
NOTE:
https://git.kernel.org/linus/124d3b7041f9a0ca7c43a6293e1cae4576c32fd5
(v2.6.25-rc1)
-CVE-2008-7315 [Shell escape vulnerability]
- RESERVED
+CVE-2008-7315 (UI-Dialog 1.09 and earlier allows remote attackers to execute
...)
- libui-dialog-perl <unfixed> (bug #496448)
[jessie] - libui-dialog-perl <no-dsa> (Minor issue)
[wheezy] - libui-dialog-perl <no-dsa> (Minor issue)
@@ -77857,8 +77856,7 @@
[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2015-11/msg06342.html
NOTE: Xen not affected in wheezy, CVE covered by XSA-162:
https://marc.info/?l=oss-security&m=144888089404618&w=2
-CVE-2015-7503 [Potential Information Disclosure in
Zend\Crypt\PublicKey\Rsa\PublicKey]
- RESERVED
+CVE-2015-7503 (Zend Framework before 2.4.9, zend-framework/zend-crypt 2.4.x
before ...)
NOT-FOR-US: php-zend-crypt
NOTE: http://framework.zend.com/security/advisory/ZF2015-10
CVE-2015-7502 (Red Hat CloudForms 3.2 Management Engine (CFME) 5.4.4 and
CloudForms ...)
@@ -78114,8 +78112,7 @@
NOT-FOR-US: Gallery - Photo Albums - Portfolio plugin for WordPress
CVE-2015-7385 (Cross-site scripting (XSS) vulnerability in Open-Xchange OX
Guard ...)
NOT-FOR-US: Open-Xchange
-CVE-2015-7384 [HTTP Denial of Service Vulnerability]
- RESERVED
+CVE-2015-7384 (Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to
cause a ...)
- nodejs 4.1.1~dfsg-3 (bug #800580)
[jessie] - nodejs <not-affected> (Vulnerability not present)
NOTE: https://groups.google.com/forum/#!topic/nodejs-sec/fSNEQiuof6I
@@ -79278,8 +79275,7 @@
NOT-FOR-US: sourceAFRICA plugin for WordPress
CVE-2015-6919 (Cross-site scripting (XSS) vulnerability in the googleSearch
(CSE) ...)
NOT-FOR-US: googleSearch (CSE) component for Joomla!
-CVE-2015-6918 [git module leaks authentication details into log]
- RESERVED
+CVE-2015-6918 (salt before 2015.5.5 leaks git usernames and passwords to the
log. ...)
- salt 2015.8.1+ds-1 (bug #803182)
[jessie] - salt <no-dsa> (Minor issue)
NOTE:
https://github.com/saltstack/salt/commit/28aa9b105804ff433d8f663b2f9b804f2b75495a
@@ -80446,8 +80442,8 @@
- php5 <not-affected> (Specific to PHP 7)
NOTE:
http://git.php.net/?p=php-src.git;a=commit;h=6aeee47b2cd47915ccfa3b41433a3f57aea24dd5
NOTE: https://bugs.php.net/bug.php?id=70140
-CVE-2015-6521
- RESERVED
+CVE-2015-6521 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor
LMS ...)
+ TODO: check
CVE-2015-6519 (SQL injection vulnerability in Arab Portal 3 allows remote
attackers ...)
NOT-FOR-US: Arab Portal 3
CVE-2015-6518 (Multiple cross-site scripting (XSS) vulnerabilities in
phpLiteAdmin ...)
@@ -82595,8 +82591,7 @@
NOT-FOR-US: bsnmpd
CVE-2015-5676
RESERVED
-CVE-2015-5675 [IRET privilege escalation]
- RESERVED
+CVE-2015-5675 (The sys_amd64 IRET Handler in the kernel in FreeBSD 9.3 and
10.1 ...)
- kfreebsd-10 10.1~svn274115-10 (unimportant; bug #796996)
NOTE: kfreebsd not covered by security support in Jessie
- kfreebsd-9 <removed> (bug #796997)
@@ -82682,8 +82677,8 @@
NOT-FOR-US: baserCMS
CVE-2015-5640 (baserCMS before 3.0.8 allows remote authenticated users to
modify ...)
NOT-FOR-US: baserCMS
-CVE-2015-5639
- RESERVED
+CVE-2015-5639 (niconico App for iOS before 6.38 does not verify SSL
certificates ...)
+ TODO: check
CVE-2015-5638 (Directory traversal vulnerability in H2O before 1.4.5 and 1.5.x
before ...)
NOT-FOR-US: H2O
CVE-2015-5637 (The Newphoria Photon application before 1.2 for Android allows
...)
@@ -90458,8 +90453,8 @@
NOT-FOR-US: desknet NEO
CVE-2015-2989 (Cross-site scripting (XSS) vulnerability in index.php in
LEMON-S PHP ...)
NOT-FOR-US: LEMON-S
-CVE-2015-2988
- RESERVED
+CVE-2015-2988 (Rakuten card App for iOS 5.2.0 through 5.2.4 does not verify
SSL ...)
+ TODO: check
CVE-2015-2987 (Type74 ED before 4.0 misuses 128-bit ECB encryption for small
files, ...)
NOT-FOR-US: Type74 ED
CVE-2015-2986 (Cross-site scripting (XSS) vulnerability in rakuto.net hitSuji
...)
@@ -90757,8 +90752,8 @@
NOT-FOR-US: Datalex airline booking software
CVE-2015-2857 (Accellion File Transfer Appliance before FTA_9_11_210 allows
remote ...)
NOT-FOR-US: Accellion File Transfer Appliance
-CVE-2015-2856
- RESERVED
+CVE-2015-2856 (Directory traversal vulnerability in the template function in
...)
+ TODO: check
CVE-2015-2855 (The WebUI component in Blue Coat SSL Visibility Appliance
SV800, ...)
NOT-FOR-US: Blue Coat SSL Visibility Appliance
CVE-2015-2854 (The WebUI component in Blue Coat SSL Visibility Appliance
SV800, ...)
@@ -100840,8 +100835,7 @@
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=86449
NOTE:
http://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-4-3&id=b4840d3632e4404bee4bd192a7db916cbad3a401
NOTE: fixed in experimental with 1:4.4.0~beta1-1
-CVE-2014-9092
- RESERVED
+CVE-2014-9092 (libjpeg-turbo before 1.3.1 allows remote attackers to cause a
denial ...)
- libjpeg-turbo 1:1.3.1-11 (bug #768369)
CVE-2014-9090 (The do_double_fault function in arch/x86/kernel/traps.c in the
Linux ...)
{DSA-3093-1 DLA-103-1}
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
