Author: sectracker
Date: 2017-05-16 09:10:13 +0000 (Tue, 16 May 2017)
New Revision: 51673
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-05-16 08:11:07 UTC (rev 51672)
+++ data/CVE/list 2017-05-16 09:10:13 UTC (rev 51673)
@@ -1,3 +1,173 @@
+CVE-2017-9019
+ RESERVED
+CVE-2017-9018
+ RESERVED
+CVE-2017-9017
+ RESERVED
+CVE-2017-9016
+ RESERVED
+CVE-2017-9015
+ RESERVED
+CVE-2017-9014
+ RESERVED
+CVE-2017-9013
+ RESERVED
+CVE-2017-9012
+ RESERVED
+CVE-2017-9011
+ RESERVED
+CVE-2017-9010
+ RESERVED
+CVE-2017-9009
+ RESERVED
+CVE-2017-9008
+ RESERVED
+CVE-2017-9007
+ RESERVED
+CVE-2017-9006
+ RESERVED
+CVE-2017-9005
+ RESERVED
+CVE-2017-9004
+ RESERVED
+CVE-2017-9003
+ RESERVED
+CVE-2017-9002
+ RESERVED
+CVE-2017-9001
+ RESERVED
+CVE-2017-9000
+ RESERVED
+CVE-2017-8999
+ RESERVED
+CVE-2017-8998
+ RESERVED
+CVE-2017-8997
+ RESERVED
+CVE-2017-8996
+ RESERVED
+CVE-2017-8995
+ RESERVED
+CVE-2017-8994
+ RESERVED
+CVE-2017-8993
+ RESERVED
+CVE-2017-8992
+ RESERVED
+CVE-2017-8991
+ RESERVED
+CVE-2017-8990
+ RESERVED
+CVE-2017-8989
+ RESERVED
+CVE-2017-8988
+ RESERVED
+CVE-2017-8987
+ RESERVED
+CVE-2017-8986
+ RESERVED
+CVE-2017-8985
+ RESERVED
+CVE-2017-8984
+ RESERVED
+CVE-2017-8983
+ RESERVED
+CVE-2017-8982
+ RESERVED
+CVE-2017-8981
+ RESERVED
+CVE-2017-8980
+ RESERVED
+CVE-2017-8979
+ RESERVED
+CVE-2017-8978
+ RESERVED
+CVE-2017-8977
+ RESERVED
+CVE-2017-8976
+ RESERVED
+CVE-2017-8975
+ RESERVED
+CVE-2017-8974
+ RESERVED
+CVE-2017-8973
+ RESERVED
+CVE-2017-8972
+ RESERVED
+CVE-2017-8971
+ RESERVED
+CVE-2017-8970
+ RESERVED
+CVE-2017-8969
+ RESERVED
+CVE-2017-8968
+ RESERVED
+CVE-2017-8967
+ RESERVED
+CVE-2017-8966
+ RESERVED
+CVE-2017-8965
+ RESERVED
+CVE-2017-8964
+ RESERVED
+CVE-2017-8963
+ RESERVED
+CVE-2017-8962
+ RESERVED
+CVE-2017-8961
+ RESERVED
+CVE-2017-8960
+ RESERVED
+CVE-2017-8959
+ RESERVED
+CVE-2017-8958
+ RESERVED
+CVE-2017-8957
+ RESERVED
+CVE-2017-8956
+ RESERVED
+CVE-2017-8955
+ RESERVED
+CVE-2017-8954
+ RESERVED
+CVE-2017-8953
+ RESERVED
+CVE-2017-8952
+ RESERVED
+CVE-2017-8951
+ RESERVED
+CVE-2017-8950
+ RESERVED
+CVE-2017-8949
+ RESERVED
+CVE-2017-8948
+ RESERVED
+CVE-2017-8947
+ RESERVED
+CVE-2017-8946
+ RESERVED
+CVE-2017-8945
+ RESERVED
+CVE-2017-8944
+ RESERVED
+CVE-2017-8943 (The PUMA PUMATRAC app 3.0.2 for iOS does not verify X.509
certificates ...)
+ TODO: check
+CVE-2017-8942 (The YottaMark ShopWell - Healthy Diet & Grocery Food
Scanner app 5.3.7 ...)
+ TODO: check
+CVE-2017-8941 (The Interval International app 3.3 through 3.5.1 for iOS does
not ...)
+ TODO: check
+CVE-2017-8940 (The Zipongo - Healthy Recipes and Grocery Deals app before 6.3
for iOS ...)
+ TODO: check
+CVE-2017-8939 (The Warner Bros. ellentube app 3.1.1 through 3.1.3 for iOS does
not ...)
+ TODO: check
+CVE-2017-8938 (The Radio Javan app 9.3.4 through 9.6.1 for iOS does not verify
X.509 ...)
+ TODO: check
+CVE-2017-8937 (The Life Before Us Yo app 2.5.8 for iOS does not verify X.509
...)
+ TODO: check
+CVE-2017-8936 (The MoboTap Dolphin Web Browser - Fast Private Internet Search
app ...)
+ TODO: check
+CVE-2017-8935 (The Quest Information Systems Indiana Voters app 1.1.24 for iOS
does ...)
+ TODO: check
CVE-2017-XXXX [perltidy.ERR tried to be deleted but not checked if suceeds;
then futher used, allowing file overwrite via symlink attack]
- perltidy <unfixed> (bug #862667)
CVE-2017-8932
@@ -26,10 +196,10 @@
[jessie] - menu-cache <no-dsa> (Minor issue)
[wheezy] - menu-cache <no-dsa> (Minor issue)
NOTE: Fixed by:
https://git.lxde.org/gitweb/?p=lxde/menu-cache.git;a=commitdiff;h=56f66684592abf257c4004e6e1fff041c64a12ce
-CVE-2017-8927
- RESERVED
-CVE-2017-8926
- RESERVED
+CVE-2017-8927 (Buffer overflow in Larson VizEx Reader 9.7.5 allows attackers
to cause ...)
+ TODO: check
+CVE-2017-8926 (Buffer overflow in Halliburton LogView Pro 10.0.1 allows
attackers to ...)
+ TODO: check
CVE-2017-8925 (The omninet_open function in drivers/usb/serial/omninet.c in
the Linux ...)
- linux 4.9.16-1 (low)
NOTE: Fixed by:
https://git.kernel.org/linus/30572418b445d85fcfe6c8fe84c947d2606767d8
@@ -1335,8 +1505,8 @@
NOT-FOR-US: Craft CMS
CVE-2017-8383 (Craft CMS before 2.6.2976 does not properly restrict viewing
the ...)
NOT-FOR-US: Craft CMS
-CVE-2017-8382
- RESERVED
+CVE-2017-8382 (admidio 3.2.8 has CSRF in ...)
+ TODO: check
CVE-2017-8381
RESERVED
CVE-2017-8380 [scsi: megasas: out-of-bounds read in megasas_mmio_write]
@@ -2434,10 +2604,10 @@
RESERVED
CVE-2017-7954
RESERVED
-CVE-2017-7953
- RESERVED
-CVE-2017-7952
- RESERVED
+CVE-2017-7953 (INFOR EAM V11.0 Build 201410 has XSS via comment fields. ...)
+ TODO: check
+CVE-2017-7952 (INFOR EAM V11.0 Build 201410 has SQL injection via search
fields, ...)
+ TODO: check
CVE-2017-7951 (WonderCMS before 2.0.3 has CSRF because of lack of a token in
an ...)
NOT-FOR-US: WonderCMS
CVE-2017-7950
@@ -3790,16 +3960,15 @@
CVE-2017-7500
RESERVED
CVE-2017-7499
- RESERVED
+ REJECTED
CVE-2017-7498
- RESERVED
+ REJECTED
CVE-2017-7497
RESERVED
NOT-FOR-US: Red Hat CloudForms Management Engine
CVE-2017-7496
RESERVED
-CVE-2017-7495 [ext4: power failure during write(2) causes on-disk information
leak]
- RESERVED
+CVE-2017-7495 (fs/ext4/inode.c in the Linux kernel before 4.6.2, when ext4 ...)
- linux 4.6.2-1
[jessie] - linux 3.16.39-1
[wheezy] - linux <not-affected> (Vulnerable code introduced later)
@@ -3863,8 +4032,7 @@
NOTE: Fixed by:
https://github.com/ansible/ansible/commit/ed56f51f185a1ffd7ea57130d260098686fcc7c2
CVE-2017-7480
RESERVED
-CVE-2017-7479 [Drop packets instead of assert out if packet id rolls over]
- RESERVED
+CVE-2017-7479 (OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable
to ...)
- openvpn 2.4.0-5 (low)
[jessie] - openvpn <no-dsa> (Minor issue)
NOTE:
https://github.com/OpenVPN/openvpn/commit/e498cb0ea8d3a451b39eaf6f9b6a7488f18250b8
(master)
@@ -3872,8 +4040,7 @@
NOTE:
https://github.com/OpenVPN/openvpn/commit/b727643cdf4e078f132a90e1c474a879a5760578
(2.3.x)
NOTE:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14643.html
(3 patches for 2.2.x)
NOTE:
https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits
-CVE-2017-7478 [Don't assert out on receiving too-large control packets]
- RESERVED
+CVE-2017-7478 (OpenVPN version 2.3.12 and newer is vulnerable to
unauthenticated ...)
- openvpn 2.4.0-5
[jessie] - openvpn <not-affected> (Vulnerable code introduced later)
[wheezy] - openvpn <not-affected> (Vulnerable code introduced later)
@@ -5687,10 +5854,10 @@
RESERVED
CVE-2017-6891
RESERVED
-CVE-2017-6890
- RESERVED
-CVE-2017-6889
- RESERVED
+CVE-2017-6890 (A boundary error within the "foveon_load_camf()"
function ...)
+ TODO: check
+CVE-2017-6889 (An integer overflow error within the
"foveon_load_camf()" function ...)
+ TODO: check
CVE-2017-6888
RESERVED
CVE-2017-6887
@@ -21825,8 +21992,8 @@
- piwigo <removed>
[squeeze] - piwigo <end-of-life> (Unsupported in squeeze-lts)
NOTE: Request to mark the package as unsupported in #779104
-CVE-2016-9750
- RESERVED
+CVE-2016-9750 (IBM QRadar 7.2 and 7.3 stores user credentials in plain in
clear text ...)
+ TODO: check
CVE-2016-9749
RESERVED
CVE-2016-9748 (IBM Rational DOORS Next Generation 5.0 and 6.0 discloses
sensitive ...)
@@ -21855,8 +22022,8 @@
NOT-FOR-US: IBM
CVE-2016-9736
RESERVED
-CVE-2016-9735
- RESERVED
+CVE-2016-9735 (IBM Jazz Foundation could allow an authenticated user to obtain
...)
+ TODO: check
CVE-2016-9734
RESERVED
CVE-2016-9733
@@ -35683,8 +35850,8 @@
NOT-FOR-US: IBM
CVE-2016-5980 (IBM TRIRIGA Application Platform is vulnerable to cross-site
...)
NOT-FOR-US: IBM
-CVE-2016-5979
- RESERVED
+CVE-2016-5979 (IBM Distributed Marketing 8.6, 9.0, and 10.0 could allow a
privileged ...)
+ TODO: check
CVE-2016-5978 (Cross-site scripting (XSS) vulnerability in the Web UI in the
web ...)
NOT-FOR-US: IBM
CVE-2016-5977 (Open redirect vulnerability in the web portal in IBM Tealeaf
Customer ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
