Author: sectracker
Date: 2017-05-16 21:10:15 +0000 (Tue, 16 May 2017)
New Revision: 51686
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-05-16 20:35:45 UTC (rev 51685)
+++ data/CVE/list 2017-05-16 21:10:15 UTC (rev 51686)
@@ -1,3 +1,15 @@
+CVE-2017-9023
+ RESERVED
+CVE-2017-9022
+ RESERVED
+CVE-2017-9021
+ RESERVED
+CVE-2017-9020
+ RESERVED
+CVE-2016-10373
+ RESERVED
+CVE-2016-10372 (The Eir D1000 modem does not properly restrict the TR-064
protocol, ...)
+ TODO: check
CVE-2017-9019
RESERVED
CVE-2017-9018
@@ -184,7 +196,6 @@
CVE-2017-8928 (mailcow 0.14, as used in "mailcow: dockerized" and
other products, has ...)
NOT-FOR-US: mailcow
CVE-2017-XXXX [deluge-webui: directory traversal attack vulnerability]
- {DLA-943-1}
- deluge 1.3.13+git20161130.48cedf63-3 (bug #862611)
[wheezy] - deluge 1.3.3-2+nmu1+deb7u2
NOTE: Workaround entry for DLA-943-1 until CVE assigned
@@ -3503,11 +3514,9 @@
RESERVED
CVE-2017-7663
RESERVED
-CVE-2017-7662
- RESERVED
+CVE-2017-7662 (Apache CXF Fediz ships with an OpenId Connect (OIDC) service
which has ...)
NOT-FOR-US: Apache CXF
-CVE-2017-7661
- RESERVED
+CVE-2017-7661 (Apache CXF Fediz ships with a number of container-specific
plugins to ...)
NOT-FOR-US: Apache CXF
CVE-2017-7660
RESERVED
@@ -3998,8 +4007,7 @@
CVE-2017-7489 (In Moodle 2.x and 3.x, remote authenticated users can take
ownership of ...)
- moodle <unfixed>
NOTE: https://moodle.org/mod/forum/discuss.php?d=352353
-CVE-2017-7488
- RESERVED
+CVE-2017-7488 (Authconfig version 6.2.8 is vulnerable to an Information
exposure ...)
NOT-FOR-US: authconfig in Red Hat
CVE-2017-7487 (The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux
kernel ...)
- linux <unfixed>
@@ -4042,6 +4050,7 @@
CVE-2017-7480
RESERVED
CVE-2017-7479 (OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable
to ...)
+ {DLA-944-1}
- openvpn 2.4.0-5 (low)
[jessie] - openvpn <no-dsa> (Minor issue)
NOTE:
https://github.com/OpenVPN/openvpn/commit/e498cb0ea8d3a451b39eaf6f9b6a7488f18250b8
(master)
@@ -5874,12 +5883,12 @@
TODO: check
CVE-2017-6888
RESERVED
-CVE-2017-6887
- RESERVED
-CVE-2017-6886
- RESERVED
-CVE-2017-6885
- RESERVED
+CVE-2017-6887 (A boundary error within the "parse_tiff_ifd()"
function ...)
+ TODO: check
+CVE-2017-6886 (An error within the "parse_tiff_ifd()" function ...)
+ TODO: check
+CVE-2017-6885 (An error when handling certain external commands and services
related ...)
+ TODO: check
CVE-2017-6903 (In ioquake3 before 2017-03-14, the auto-downloading feature has
...)
{DSA-3812-1}
- ioquake3 1.36+u20161101+dfsg1-2 (bug #857699)
@@ -6414,10 +6423,10 @@
RESERVED
CVE-2017-6659
RESERVED
-CVE-2017-6658
- RESERVED
-CVE-2017-6657
- RESERVED
+CVE-2017-6658 (Cisco Sourcefire Snort 3.0 before build 233 has a Buffer
Overread ...)
+ TODO: check
+CVE-2017-6657 (Cisco Sourcefire Snort 3.0 before build 233 mishandles Ether
Type ...)
+ TODO: check
CVE-2017-6656
RESERVED
CVE-2017-6655
@@ -6428,8 +6437,8 @@
RESERVED
CVE-2017-6652
RESERVED
-CVE-2017-6651
- RESERVED
+CVE-2017-6651 (A vulnerability in Cisco WebEx Meetings Server could allow ...)
+ TODO: check
CVE-2017-6650
RESERVED
CVE-2017-6649
@@ -7190,22 +7199,19 @@
CVE-2017-6423
RESERVED
NOT-FOR-US: Qualcomm driver for Android
-CVE-2016-10242
- RESERVED
+CVE-2016-10242 (A time-of-check time-of-use race condition could potentially
exist in ...)
+ TODO: check
CVE-2016-10241
RESERVED
NOT-FOR-US: Qualcomm components for Android
CVE-2016-10240
RESERVED
NOT-FOR-US: Qualcomm components for Android
-CVE-2016-10239
- RESERVED
+CVE-2016-10239 (In TrustZone access control policy may potentially be bypassed
in all ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2016-10238
- RESERVED
+CVE-2016-10238 (In QSEE in all Android releases from CAF using the Linux
kernel access ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2016-10237
- RESERVED
+CVE-2016-10237 (If shared content protection memory were passed as the secure
camera ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2016-10236
RESERVED
@@ -7232,32 +7238,23 @@
[jessie] - linux 3.16.7-ckt20-1+deb8u2
[wheezy] - linux 3.2.73-2+deb7u2
NOTE: Fixed by:
https://git.kernel.org/linus/197c949e7798fbf28cfadc69d9ca0c2abbf93191 (v4.5-rc1)
-CVE-2015-9003
- RESERVED
+CVE-2015-9003 (In TrustZone a cryptographic issue can potentially occur in all
...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2015-9002
- RESERVED
+CVE-2015-9002 (In TrustZone an out-of-range pointer offset vulnerability can
...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2015-9001
- RESERVED
+CVE-2015-9001 (In TrustZone an information exposure vulnerability can
potentially ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2015-9000
- RESERVED
+CVE-2015-9000 (In TrustZone an untrusted pointer dereference vulnerability can
...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2015-8999
- RESERVED
+CVE-2015-8999 (In TrustZone a buffer overflow vulnerability can potentially
occur in ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2015-8998
- RESERVED
+CVE-2015-8998 (In TrustZone an integer overflow vulnerability can potentially
occur ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2015-8997
- RESERVED
+CVE-2015-8997 (In TrustZone a time-of-check time-of-use race condition could
...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2015-8996
- RESERVED
+CVE-2015-8996 (In TrustZone a time-of-check time-of-use race condition could
...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2015-8995
- RESERVED
+CVE-2015-8995 (In TrustZone an integer overflow vulnerability can potentially
occur ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2014-9938 (contrib/completion/git-prompt.sh in Git before 1.9.3 does not
sanitize ...)
- git 1:2.0.0~rc2-1
@@ -7265,26 +7262,19 @@
NOTE:
https://github.com/git/git/commit/8976500cbbb13270398d3b3e07a17b8cc7bff43f
NOTE: https://github.com/njhartwell/pw3nage
NOTE: Vulnerability likely introduced by the "pc_mode" in
https://github.com/git/git/commit/1bfc51ac814125de03ddf1900245e42d6ce0d250
-CVE-2014-9937
- RESERVED
+CVE-2014-9937 (In TrustZone a buffer overflow vulnerability can potentially
occur in ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2014-9936
- RESERVED
+CVE-2014-9936 (In TrustZone a time-of-check time-of-use race condition could
...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2014-9935
- RESERVED
+CVE-2014-9935 (In TrustZone an integer overflow vulnerability leading to a
buffer ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2014-9934
- RESERVED
+CVE-2014-9934 (A PKCS#1 v1.5 signature verification routine in all Android
releases ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2014-9933
- RESERVED
+CVE-2014-9933 (Due to missing input validation in all Android releases from
CAF using ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2014-9932
- RESERVED
+CVE-2014-9932 (In TrustZone, an integer overflow vulnerability can potentially
occur ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2014-9931
- RESERVED
+CVE-2014-9931 (A buffer overflow vulnerability in all Android releases from
CAF using ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2014-9930
RESERVED
@@ -8193,8 +8183,8 @@
- zammad <itp> (bug #841355)
CVE-2017-6080 (An issue was discovered in Zammad before 1.0.4, 1.1.x before
1.1.3, and ...)
- zammad <itp> (bug #841355)
-CVE-2017-6079
- RESERVED
+CVE-2017-6079 (The HTTP web-management application on Edgewater Networks
Edgemarc ...)
+ TODO: check
CVE-2017-6078 (FastStone MaxView 3.0 and 3.1 allows user-assisted attackers to
cause a ...)
NOT-FOR-US: FastStone MaxView
CVE-2017-6077 (ping.cgi on NETGEAR DGN2200 devices with firmware through
10.0.0.50 ...)
@@ -14501,8 +14491,7 @@
NOT-FOR-US: Cisco
CVE-2017-3883
RESERVED
-CVE-2017-3882
- RESERVED
+CVE-2017-3882 (A vulnerability in the Universal Plug-and-Play (UPnP)
implementation in ...)
NOT-FOR-US: Cisco
CVE-2017-3881 (A vulnerability in the Cisco Cluster Management Protocol (CMP)
...)
NOT-FOR-US: Cisco
@@ -14514,15 +14503,13 @@
NOT-FOR-US: Cisco
CVE-2017-3877 (A vulnerability in the web framework of Cisco Unified
Communications ...)
NOT-FOR-US: Cisco
-CVE-2017-3876
- RESERVED
+CVE-2017-3876 (A vulnerability in the Event Management Service daemon (emsd)
of Cisco ...)
NOT-FOR-US: Cisco
CVE-2017-3875 (An Access-Control Filtering Mechanisms Bypass vulnerability in
certain ...)
NOT-FOR-US: Cisco
CVE-2017-3874 (A vulnerability in the web framework of Cisco Unified
Communications ...)
NOT-FOR-US: Cisco
-CVE-2017-3873
- RESERVED
+CVE-2017-3873 (A vulnerability in the Plug-and-Play (PnP) subsystem of the
Cisco ...)
NOT-FOR-US: Cisco
CVE-2017-3872 (A cross-site scripting (XSS) filter bypass vulnerability in the
...)
NOT-FOR-US: Cisco
@@ -14618,8 +14605,7 @@
NOT-FOR-US: Cisco
CVE-2017-3826 (A vulnerability in the Stream Control Transmission Protocol
(SCTP) ...)
NOT-FOR-US: Cisco
-CVE-2017-3825
- RESERVED
+CVE-2017-3825 (A vulnerability in the ICMP ingress packet processing of Cisco
...)
NOT-FOR-US: Cisco
CVE-2017-3824 (A vulnerability in the handling of list headers in Cisco cBR
Series ...)
NOT-FOR-US: Cisco
@@ -113971,7 +113957,7 @@
- xen 4.4.0-1
[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
CVE-2013-4360
- RESERVED
+ REJECTED
CVE-2013-4359 (Integer overflow in kbdint.c in mod_sftp in ProFTPD 1.3.4d and
1.3.5r3 ...)
{DSA-2767-1}
- proftpd-dfsg 1.3.5~rc3-2.1 (bug #723179)
@@ -134097,7 +134083,7 @@
[squeeze] - tomcat6 6.0.35-1+squeeze3
NOTE: DSA 2725
CVE-2012-3545
- RESERVED
+ REJECTED
CVE-2012-3544 (Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not
...)
{DSA-2897-1 DSA-2725-1}
- tomcat6 6.0.37
@@ -139124,7 +139110,7 @@
CVE-2012-1620 (slock 0.9 does not properly handle the XRaiseWindow event when
the ...)
- suckless-tools 39-1 (unimportant; bug #667796)
CVE-2012-1619
- RESERVED
+ REJECTED
CVE-2012-1618 (Interaction error in the PostgreSQL JDBC driver before 8.2,
when used ...)
- libpgjava <not-affected> (Even the version in oldstable had 8.2)
CVE-2012-1617 (Directory traversal vulnerability in combine.php in OSClass
before ...)
@@ -156605,7 +156591,7 @@
[squeeze] - fuse <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-0541
CVE-2011-0540
- RESERVED
+ REJECTED
CVE-2011-0539 (The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6
and 5.7, ...)
- openssh 1:5.8p1-2
[squeeze] - openssh <not-affected> (Only affects OpenSSH 5.6 and 5.7)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
