Author: sectracker Date: 2017-05-10 21:10:14 +0000 (Wed, 10 May 2017) New Revision: 51516
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-05-10 20:13:54 UTC (rev 51515) +++ data/CVE/list 2017-05-10 21:10:14 UTC (rev 51516) @@ -1,24 +1,58 @@ -CVE-2017-8890 [dccp/tcp: do not inherit mc_list from parent] - - linux <unfixed> - NOTE: Fixed by: https://git.kernel.org/linus/657831ffc38e30092a2d5f03d385d710eb88b09a -CVE-2017-8876 +CVE-2017-8894 RESERVED -CVE-2017-8875 +CVE-2017-8893 RESERVED -CVE-2017-8874 +CVE-2017-8892 (Cross-site scripting (XSS) vulnerability in OpenText Tempo Box 10.0.3 ...) + TODO: check +CVE-2017-8891 (Dropbox Lepton 1.2.1 allows DoS (SEGV and application crash) via a ...) + TODO: check +CVE-2017-8889 RESERVED +CVE-2017-8888 + RESERVED +CVE-2017-8887 + RESERVED +CVE-2017-8886 + RESERVED +CVE-2017-8885 + RESERVED +CVE-2017-8884 + RESERVED +CVE-2017-8883 + RESERVED +CVE-2017-8882 + RESERVED +CVE-2017-8881 + RESERVED +CVE-2017-8880 + RESERVED +CVE-2017-8879 (Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the ...) + TODO: check +CVE-2017-8878 (ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 ...) + TODO: check +CVE-2017-8877 (ASUS RT-AC* and RT-N* devices with firmware through 3.0.0.4.380.7378 ...) + TODO: check +CVE-2017-8890 (The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in ...) + - linux <unfixed> + NOTE: Fixed by: https://git.kernel.org/linus/657831ffc38e30092a2d5f03d385d710eb88b09a +CVE-2017-8876 (Symphony 2 2.6.11 has XSS in the meta[navigation_group] parameter to ...) + TODO: check +CVE-2017-8875 (CSRF in the Clean Login plugin before 1.8 for WordPress allows remote ...) + TODO: check +CVE-2017-8874 (Multiple cross-site request forgery (CSRF) vulnerabilities in Mautic ...) + TODO: check CVE-2017-8873 RESERVED -CVE-2017-8872 - RESERVED +CVE-2017-8872 (The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 ...) + TODO: check CVE-2017-8871 RESERVED CVE-2017-8870 RESERVED CVE-2017-8869 RESERVED -CVE-2017-8868 - RESERVED +CVE-2017-8868 (acp/core/files.browser.php in flatCore 1.4.7 allows file deletion via ...) + TODO: check CVE-2017-8867 RESERVED CVE-2017-8866 @@ -43,8 +77,8 @@ NOT-FOR-US: Veritas NetBackup CVE-2017-8856 (In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and ...) NOT-FOR-US: Veritas NetBackup -CVE-2016-10371 - RESERVED +CVE-2016-10371 (The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in ...) + TODO: check CVE-2017-1000044 [Incorrect boundaries check when updating framebuffer] - gtk-vnc 0.4.3-1 NOTE: Fixed by: https://git.gnome.org/browse/gtk-vnc/commit/?id=f3fc5e57a78d4be9872f1394f697b9929873a737 (release-0.4.3) @@ -55,8 +89,8 @@ - wolfssl 3.10.2+dfsg-1 CVE-2017-8853 (Fiyo CMS v2.0.7 has an arbitrary file delete vulnerability in ...) NOT-FOR-US: Fiyo CMS -CVE-2017-8852 - RESERVED +CVE-2017-8852 (SAP SAPCAR 721.510 has a Heap Based Buffer Overflow Vulnerability. It ...) + TODO: check CVE-2017-8851 RESERVED CVE-2017-8850 @@ -283,7 +317,7 @@ CVE-2017-8777 RESERVED CVE-2017-8779 (rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through ...) - {DSA-3845-1} + {DSA-3845-1 DLA-937-1 DLA-936-1} - rpcbind 0.2.3-0.6 (bug #861835) - libtirpc 0.2.5-1.2 (bug #861834) - ntirpc <unfixed> (bug #861836) @@ -1169,7 +1203,7 @@ RESERVED CVE-2017-8386 RESERVED - {DSA-3848-1} + {DSA-3848-1 DLA-938-1} - git 1:2.11.0-3 NOTE: http://lkml.iu.edu/hypermail/linux/kernel/1705.1/01337.html NOTE: http://lkml.iu.edu/hypermail/linux/kernel/1705.1/01346.html @@ -2563,16 +2597,13 @@ NOT-FOR-US: SourceBans++ CVE-2017-7890 RESERVED -CVE-2017-7888 - RESERVED +CVE-2017-7888 (Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which ...) - dolibarr <unfixed> NOTE: http://www.openwall.com/lists/oss-security/2017/05/10/6 -CVE-2017-7887 - RESERVED +CVE-2017-7887 (Dolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall ...) - dolibarr <unfixed> NOTE: http://www.openwall.com/lists/oss-security/2017/05/10/6 -CVE-2017-7886 - RESERVED +CVE-2017-7886 (Dolibarr ERP/CRM 4.0.4 has SQL Injection in ...) - dolibarr <unfixed> NOTE: http://www.openwall.com/lists/oss-security/2017/05/10/6 CVE-2017-7885 (Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to ...) @@ -3088,8 +3119,8 @@ NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=8fc0af859de4993951a915ad735be350221f3f53 CVE-2017-7699 RESERVED -CVE-2017-7698 - RESERVED +CVE-2017-7698 (A Use After Free in the pdf2swf part of swftools 0.9.2 and earlier ...) + TODO: check CVE-2017-7697 (In libsamplerate before 0.1.9, a buffer over-read occurs in the ...) - libsamplerate <unfixed> (bug #860159) [jessie] - libsamplerate <no-dsa> (Minor issue) @@ -5379,7 +5410,7 @@ [jessie] - apng2gif <no-dsa> (Minor issue; can be fixed via point release) NOTE: Reproduced on wheezy, jessie and sid. CVE-2017-6959 - RESERVED + REJECTED CVE-2017-6958 (An XSS vulnerability in the MantisBT Source Integration Plugin (before ...) NOT-FOR-US: MantisBT Source Integration Plugin CVE-2017-6957 (Stack-based buffer overflow in the firmware in Broadcom Wi-Fi HardMAC ...) @@ -8423,10 +8454,10 @@ RESERVED CVE-2017-5893 RESERVED -CVE-2017-5892 - RESERVED -CVE-2017-5891 - RESERVED +CVE-2017-5892 (ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 ...) + TODO: check +CVE-2017-5891 (ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 ...) + TODO: check CVE-2017-5898 (Integer overflow in the emulated_apdu_from_guest function in ...) {DLA-845-1 DLA-842-1} - qemu 1:2.8+dfsg-3 (bug #854729) @@ -12028,10 +12059,10 @@ RESERVED CVE-2017-4897 RESERVED -CVE-2017-4896 - RESERVED -CVE-2017-4895 - RESERVED +CVE-2017-4896 (Airwatch Inbox for Android contains a vulnerability that may allow a ...) + TODO: check +CVE-2017-4895 (Airwatch Agent for Android contains a vulnerability that may allow a ...) + TODO: check CVE-2017-4894 RESERVED CVE-2017-4893 @@ -14114,8 +14145,8 @@ [jessie] - slurm-llnl <no-dsa> (Minor issue) NOTE: https://www.schedmd.com/news.php?id=178 NOTE: https://github.com/SchedMD/slurm/commit/92362a92fffe60187df61f99ab11c249d44120ee -CVE-2017-3894 - RESERVED +CVE-2017-3894 (A stored cross site scripting vulnerability in the Management Console ...) + TODO: check CVE-2017-3893 RESERVED CVE-2017-3892 @@ -21116,8 +21147,8 @@ RESERVED CVE-2017-1138 RESERVED -CVE-2017-1137 - RESERVED +CVE-2017-1137 (IBM WebSphere Application Server 8.0 and 8.5.5 could provide weaker ...) + TODO: check CVE-2017-1136 RESERVED CVE-2017-1135 @@ -21184,8 +21215,8 @@ RESERVED CVE-2017-1104 RESERVED -CVE-2017-1103 - RESERVED +CVE-2017-1103 (IBM Team Concert (RTC) is vulnerable to a denial of service, caused by ...) + TODO: check CVE-2017-1102 RESERVED CVE-2017-1101 @@ -24913,8 +24944,8 @@ NOT-FOR-US: F5 BIG-IP CVE-2016-9251 (In F5 BIG-IP 12.0.0 through 12.1.2, an authenticated attacker may be ...) NOT-FOR-US: F5 -CVE-2016-9250 - RESERVED +CVE-2016-9250 (In F5 BIG-IP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through 12.1.2, ...) + TODO: check CVE-2016-9249 (An undisclosed traffic pattern received by a BIG-IP Virtual Server ...) NOT-FOR-US: F5 CVE-2016-9248 @@ -35404,12 +35435,12 @@ NOT-FOR-US: IBM CVE-2016-6038 (Directory traversal vulnerability in Eclipse Help in IBM Tivoli ...) NOT-FOR-US: Tivoli -CVE-2016-6037 - RESERVED +CVE-2016-6037 (IBM Rational Team Concert (RTC) is vulnerable to HTML injection. A ...) + TODO: check CVE-2016-6036 (IBM Rational Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to ...) NOT-FOR-US: IBM -CVE-2016-6035 - RESERVED +CVE-2016-6035 (IBM Rational Quality Manager is vulnerable to cross-site scripting. ...) + TODO: check CVE-2016-6034 (IBM Tivoli Storage Manager for Virtual Environments (VMware) could ...) NOT-FOR-US: IBM CVE-2016-6033 (IBM Tivoli Storage Manager for Virtual Environments 7.1 (VMware) is ...) @@ -35700,10 +35731,10 @@ RESERVED CVE-2016-5890 (IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before ...) NOT-FOR-US: IBM -CVE-2016-5889 - RESERVED -CVE-2016-5888 - RESERVED +CVE-2016-5889 (IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site ...) + TODO: check +CVE-2016-5888 (IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site ...) + TODO: check CVE-2016-5887 RESERVED CVE-2016-5886 @@ -44965,8 +44996,8 @@ NOT-FOR-US: IBM CVE-2016-3033 (IBM AppScan Source 8.7 through 9.0.3.3 allows remote authenticated ...) NOT-FOR-US: IBM -CVE-2016-3032 - RESERVED +CVE-2016-3032 (IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This ...) + TODO: check CVE-2016-3031 (IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This ...) NOT-FOR-US: IBM CVE-2016-3030 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits