Author: sectracker Date: 2017-05-16 09:10:13 +0000 (Tue, 16 May 2017) New Revision: 51673
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-05-16 08:11:07 UTC (rev 51672) +++ data/CVE/list 2017-05-16 09:10:13 UTC (rev 51673) @@ -1,3 +1,173 @@ +CVE-2017-9019 + RESERVED +CVE-2017-9018 + RESERVED +CVE-2017-9017 + RESERVED +CVE-2017-9016 + RESERVED +CVE-2017-9015 + RESERVED +CVE-2017-9014 + RESERVED +CVE-2017-9013 + RESERVED +CVE-2017-9012 + RESERVED +CVE-2017-9011 + RESERVED +CVE-2017-9010 + RESERVED +CVE-2017-9009 + RESERVED +CVE-2017-9008 + RESERVED +CVE-2017-9007 + RESERVED +CVE-2017-9006 + RESERVED +CVE-2017-9005 + RESERVED +CVE-2017-9004 + RESERVED +CVE-2017-9003 + RESERVED +CVE-2017-9002 + RESERVED +CVE-2017-9001 + RESERVED +CVE-2017-9000 + RESERVED +CVE-2017-8999 + RESERVED +CVE-2017-8998 + RESERVED +CVE-2017-8997 + RESERVED +CVE-2017-8996 + RESERVED +CVE-2017-8995 + RESERVED +CVE-2017-8994 + RESERVED +CVE-2017-8993 + RESERVED +CVE-2017-8992 + RESERVED +CVE-2017-8991 + RESERVED +CVE-2017-8990 + RESERVED +CVE-2017-8989 + RESERVED +CVE-2017-8988 + RESERVED +CVE-2017-8987 + RESERVED +CVE-2017-8986 + RESERVED +CVE-2017-8985 + RESERVED +CVE-2017-8984 + RESERVED +CVE-2017-8983 + RESERVED +CVE-2017-8982 + RESERVED +CVE-2017-8981 + RESERVED +CVE-2017-8980 + RESERVED +CVE-2017-8979 + RESERVED +CVE-2017-8978 + RESERVED +CVE-2017-8977 + RESERVED +CVE-2017-8976 + RESERVED +CVE-2017-8975 + RESERVED +CVE-2017-8974 + RESERVED +CVE-2017-8973 + RESERVED +CVE-2017-8972 + RESERVED +CVE-2017-8971 + RESERVED +CVE-2017-8970 + RESERVED +CVE-2017-8969 + RESERVED +CVE-2017-8968 + RESERVED +CVE-2017-8967 + RESERVED +CVE-2017-8966 + RESERVED +CVE-2017-8965 + RESERVED +CVE-2017-8964 + RESERVED +CVE-2017-8963 + RESERVED +CVE-2017-8962 + RESERVED +CVE-2017-8961 + RESERVED +CVE-2017-8960 + RESERVED +CVE-2017-8959 + RESERVED +CVE-2017-8958 + RESERVED +CVE-2017-8957 + RESERVED +CVE-2017-8956 + RESERVED +CVE-2017-8955 + RESERVED +CVE-2017-8954 + RESERVED +CVE-2017-8953 + RESERVED +CVE-2017-8952 + RESERVED +CVE-2017-8951 + RESERVED +CVE-2017-8950 + RESERVED +CVE-2017-8949 + RESERVED +CVE-2017-8948 + RESERVED +CVE-2017-8947 + RESERVED +CVE-2017-8946 + RESERVED +CVE-2017-8945 + RESERVED +CVE-2017-8944 + RESERVED +CVE-2017-8943 (The PUMA PUMATRAC app 3.0.2 for iOS does not verify X.509 certificates ...) + TODO: check +CVE-2017-8942 (The YottaMark ShopWell - Healthy Diet & Grocery Food Scanner app 5.3.7 ...) + TODO: check +CVE-2017-8941 (The Interval International app 3.3 through 3.5.1 for iOS does not ...) + TODO: check +CVE-2017-8940 (The Zipongo - Healthy Recipes and Grocery Deals app before 6.3 for iOS ...) + TODO: check +CVE-2017-8939 (The Warner Bros. ellentube app 3.1.1 through 3.1.3 for iOS does not ...) + TODO: check +CVE-2017-8938 (The Radio Javan app 9.3.4 through 9.6.1 for iOS does not verify X.509 ...) + TODO: check +CVE-2017-8937 (The Life Before Us Yo app 2.5.8 for iOS does not verify X.509 ...) + TODO: check +CVE-2017-8936 (The MoboTap Dolphin Web Browser - Fast Private Internet Search app ...) + TODO: check +CVE-2017-8935 (The Quest Information Systems Indiana Voters app 1.1.24 for iOS does ...) + TODO: check CVE-2017-XXXX [perltidy.ERR tried to be deleted but not checked if suceeds; then futher used, allowing file overwrite via symlink attack] - perltidy <unfixed> (bug #862667) CVE-2017-8932 @@ -26,10 +196,10 @@ [jessie] - menu-cache <no-dsa> (Minor issue) [wheezy] - menu-cache <no-dsa> (Minor issue) NOTE: Fixed by: https://git.lxde.org/gitweb/?p=lxde/menu-cache.git;a=commitdiff;h=56f66684592abf257c4004e6e1fff041c64a12ce -CVE-2017-8927 - RESERVED -CVE-2017-8926 - RESERVED +CVE-2017-8927 (Buffer overflow in Larson VizEx Reader 9.7.5 allows attackers to cause ...) + TODO: check +CVE-2017-8926 (Buffer overflow in Halliburton LogView Pro 10.0.1 allows attackers to ...) + TODO: check CVE-2017-8925 (The omninet_open function in drivers/usb/serial/omninet.c in the Linux ...) - linux 4.9.16-1 (low) NOTE: Fixed by: https://git.kernel.org/linus/30572418b445d85fcfe6c8fe84c947d2606767d8 @@ -1335,8 +1505,8 @@ NOT-FOR-US: Craft CMS CVE-2017-8383 (Craft CMS before 2.6.2976 does not properly restrict viewing the ...) NOT-FOR-US: Craft CMS -CVE-2017-8382 - RESERVED +CVE-2017-8382 (admidio 3.2.8 has CSRF in ...) + TODO: check CVE-2017-8381 RESERVED CVE-2017-8380 [scsi: megasas: out-of-bounds read in megasas_mmio_write] @@ -2434,10 +2604,10 @@ RESERVED CVE-2017-7954 RESERVED -CVE-2017-7953 - RESERVED -CVE-2017-7952 - RESERVED +CVE-2017-7953 (INFOR EAM V11.0 Build 201410 has XSS via comment fields. ...) + TODO: check +CVE-2017-7952 (INFOR EAM V11.0 Build 201410 has SQL injection via search fields, ...) + TODO: check CVE-2017-7951 (WonderCMS before 2.0.3 has CSRF because of lack of a token in an ...) NOT-FOR-US: WonderCMS CVE-2017-7950 @@ -3790,16 +3960,15 @@ CVE-2017-7500 RESERVED CVE-2017-7499 - RESERVED + REJECTED CVE-2017-7498 - RESERVED + REJECTED CVE-2017-7497 RESERVED NOT-FOR-US: Red Hat CloudForms Management Engine CVE-2017-7496 RESERVED -CVE-2017-7495 [ext4: power failure during write(2) causes on-disk information leak] - RESERVED +CVE-2017-7495 (fs/ext4/inode.c in the Linux kernel before 4.6.2, when ext4 ...) - linux 4.6.2-1 [jessie] - linux 3.16.39-1 [wheezy] - linux <not-affected> (Vulnerable code introduced later) @@ -3863,8 +4032,7 @@ NOTE: Fixed by: https://github.com/ansible/ansible/commit/ed56f51f185a1ffd7ea57130d260098686fcc7c2 CVE-2017-7480 RESERVED -CVE-2017-7479 [Drop packets instead of assert out if packet id rolls over] - RESERVED +CVE-2017-7479 (OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to ...) - openvpn 2.4.0-5 (low) [jessie] - openvpn <no-dsa> (Minor issue) NOTE: https://github.com/OpenVPN/openvpn/commit/e498cb0ea8d3a451b39eaf6f9b6a7488f18250b8 (master) @@ -3872,8 +4040,7 @@ NOTE: https://github.com/OpenVPN/openvpn/commit/b727643cdf4e078f132a90e1c474a879a5760578 (2.3.x) NOTE: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14643.html (3 patches for 2.2.x) NOTE: https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits -CVE-2017-7478 [Don't assert out on receiving too-large control packets] - RESERVED +CVE-2017-7478 (OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated ...) - openvpn 2.4.0-5 [jessie] - openvpn <not-affected> (Vulnerable code introduced later) [wheezy] - openvpn <not-affected> (Vulnerable code introduced later) @@ -5687,10 +5854,10 @@ RESERVED CVE-2017-6891 RESERVED -CVE-2017-6890 - RESERVED -CVE-2017-6889 - RESERVED +CVE-2017-6890 (A boundary error within the "foveon_load_camf()" function ...) + TODO: check +CVE-2017-6889 (An integer overflow error within the "foveon_load_camf()" function ...) + TODO: check CVE-2017-6888 RESERVED CVE-2017-6887 @@ -21825,8 +21992,8 @@ - piwigo <removed> [squeeze] - piwigo <end-of-life> (Unsupported in squeeze-lts) NOTE: Request to mark the package as unsupported in #779104 -CVE-2016-9750 - RESERVED +CVE-2016-9750 (IBM QRadar 7.2 and 7.3 stores user credentials in plain in clear text ...) + TODO: check CVE-2016-9749 RESERVED CVE-2016-9748 (IBM Rational DOORS Next Generation 5.0 and 6.0 discloses sensitive ...) @@ -21855,8 +22022,8 @@ NOT-FOR-US: IBM CVE-2016-9736 RESERVED -CVE-2016-9735 - RESERVED +CVE-2016-9735 (IBM Jazz Foundation could allow an authenticated user to obtain ...) + TODO: check CVE-2016-9734 RESERVED CVE-2016-9733 @@ -35683,8 +35850,8 @@ NOT-FOR-US: IBM CVE-2016-5980 (IBM TRIRIGA Application Platform is vulnerable to cross-site ...) NOT-FOR-US: IBM -CVE-2016-5979 - RESERVED +CVE-2016-5979 (IBM Distributed Marketing 8.6, 9.0, and 10.0 could allow a privileged ...) + TODO: check CVE-2016-5978 (Cross-site scripting (XSS) vulnerability in the Web UI in the web ...) NOT-FOR-US: IBM CVE-2016-5977 (Open redirect vulnerability in the web portal in IBM Tealeaf Customer ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits