Author: sectracker Date: 2017-05-16 21:10:15 +0000 (Tue, 16 May 2017) New Revision: 51686
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-05-16 20:35:45 UTC (rev 51685) +++ data/CVE/list 2017-05-16 21:10:15 UTC (rev 51686) @@ -1,3 +1,15 @@ +CVE-2017-9023 + RESERVED +CVE-2017-9022 + RESERVED +CVE-2017-9021 + RESERVED +CVE-2017-9020 + RESERVED +CVE-2016-10373 + RESERVED +CVE-2016-10372 (The Eir D1000 modem does not properly restrict the TR-064 protocol, ...) + TODO: check CVE-2017-9019 RESERVED CVE-2017-9018 @@ -184,7 +196,6 @@ CVE-2017-8928 (mailcow 0.14, as used in "mailcow: dockerized" and other products, has ...) NOT-FOR-US: mailcow CVE-2017-XXXX [deluge-webui: directory traversal attack vulnerability] - {DLA-943-1} - deluge 1.3.13+git20161130.48cedf63-3 (bug #862611) [wheezy] - deluge 1.3.3-2+nmu1+deb7u2 NOTE: Workaround entry for DLA-943-1 until CVE assigned @@ -3503,11 +3514,9 @@ RESERVED CVE-2017-7663 RESERVED -CVE-2017-7662 - RESERVED +CVE-2017-7662 (Apache CXF Fediz ships with an OpenId Connect (OIDC) service which has ...) NOT-FOR-US: Apache CXF -CVE-2017-7661 - RESERVED +CVE-2017-7661 (Apache CXF Fediz ships with a number of container-specific plugins to ...) NOT-FOR-US: Apache CXF CVE-2017-7660 RESERVED @@ -3998,8 +4007,7 @@ CVE-2017-7489 (In Moodle 2.x and 3.x, remote authenticated users can take ownership of ...) - moodle <unfixed> NOTE: https://moodle.org/mod/forum/discuss.php?d=352353 -CVE-2017-7488 - RESERVED +CVE-2017-7488 (Authconfig version 6.2.8 is vulnerable to an Information exposure ...) NOT-FOR-US: authconfig in Red Hat CVE-2017-7487 (The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel ...) - linux <unfixed> @@ -4042,6 +4050,7 @@ CVE-2017-7480 RESERVED CVE-2017-7479 (OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to ...) + {DLA-944-1} - openvpn 2.4.0-5 (low) [jessie] - openvpn <no-dsa> (Minor issue) NOTE: https://github.com/OpenVPN/openvpn/commit/e498cb0ea8d3a451b39eaf6f9b6a7488f18250b8 (master) @@ -5874,12 +5883,12 @@ TODO: check CVE-2017-6888 RESERVED -CVE-2017-6887 - RESERVED -CVE-2017-6886 - RESERVED -CVE-2017-6885 - RESERVED +CVE-2017-6887 (A boundary error within the "parse_tiff_ifd()" function ...) + TODO: check +CVE-2017-6886 (An error within the "parse_tiff_ifd()" function ...) + TODO: check +CVE-2017-6885 (An error when handling certain external commands and services related ...) + TODO: check CVE-2017-6903 (In ioquake3 before 2017-03-14, the auto-downloading feature has ...) {DSA-3812-1} - ioquake3 1.36+u20161101+dfsg1-2 (bug #857699) @@ -6414,10 +6423,10 @@ RESERVED CVE-2017-6659 RESERVED -CVE-2017-6658 - RESERVED -CVE-2017-6657 - RESERVED +CVE-2017-6658 (Cisco Sourcefire Snort 3.0 before build 233 has a Buffer Overread ...) + TODO: check +CVE-2017-6657 (Cisco Sourcefire Snort 3.0 before build 233 mishandles Ether Type ...) + TODO: check CVE-2017-6656 RESERVED CVE-2017-6655 @@ -6428,8 +6437,8 @@ RESERVED CVE-2017-6652 RESERVED -CVE-2017-6651 - RESERVED +CVE-2017-6651 (A vulnerability in Cisco WebEx Meetings Server could allow ...) + TODO: check CVE-2017-6650 RESERVED CVE-2017-6649 @@ -7190,22 +7199,19 @@ CVE-2017-6423 RESERVED NOT-FOR-US: Qualcomm driver for Android -CVE-2016-10242 - RESERVED +CVE-2016-10242 (A time-of-check time-of-use race condition could potentially exist in ...) + TODO: check CVE-2016-10241 RESERVED NOT-FOR-US: Qualcomm components for Android CVE-2016-10240 RESERVED NOT-FOR-US: Qualcomm components for Android -CVE-2016-10239 - RESERVED +CVE-2016-10239 (In TrustZone access control policy may potentially be bypassed in all ...) NOT-FOR-US: Qualcomm components for Android -CVE-2016-10238 - RESERVED +CVE-2016-10238 (In QSEE in all Android releases from CAF using the Linux kernel access ...) NOT-FOR-US: Qualcomm components for Android -CVE-2016-10237 - RESERVED +CVE-2016-10237 (If shared content protection memory were passed as the secure camera ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10236 RESERVED @@ -7232,32 +7238,23 @@ [jessie] - linux 3.16.7-ckt20-1+deb8u2 [wheezy] - linux 3.2.73-2+deb7u2 NOTE: Fixed by: https://git.kernel.org/linus/197c949e7798fbf28cfadc69d9ca0c2abbf93191 (v4.5-rc1) -CVE-2015-9003 - RESERVED +CVE-2015-9003 (In TrustZone a cryptographic issue can potentially occur in all ...) NOT-FOR-US: Qualcomm components for Android -CVE-2015-9002 - RESERVED +CVE-2015-9002 (In TrustZone an out-of-range pointer offset vulnerability can ...) NOT-FOR-US: Qualcomm components for Android -CVE-2015-9001 - RESERVED +CVE-2015-9001 (In TrustZone an information exposure vulnerability can potentially ...) NOT-FOR-US: Qualcomm components for Android -CVE-2015-9000 - RESERVED +CVE-2015-9000 (In TrustZone an untrusted pointer dereference vulnerability can ...) NOT-FOR-US: Qualcomm components for Android -CVE-2015-8999 - RESERVED +CVE-2015-8999 (In TrustZone a buffer overflow vulnerability can potentially occur in ...) NOT-FOR-US: Qualcomm components for Android -CVE-2015-8998 - RESERVED +CVE-2015-8998 (In TrustZone an integer overflow vulnerability can potentially occur ...) NOT-FOR-US: Qualcomm components for Android -CVE-2015-8997 - RESERVED +CVE-2015-8997 (In TrustZone a time-of-check time-of-use race condition could ...) NOT-FOR-US: Qualcomm components for Android -CVE-2015-8996 - RESERVED +CVE-2015-8996 (In TrustZone a time-of-check time-of-use race condition could ...) NOT-FOR-US: Qualcomm components for Android -CVE-2015-8995 - RESERVED +CVE-2015-8995 (In TrustZone an integer overflow vulnerability can potentially occur ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9938 (contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize ...) - git 1:2.0.0~rc2-1 @@ -7265,26 +7262,19 @@ NOTE: https://github.com/git/git/commit/8976500cbbb13270398d3b3e07a17b8cc7bff43f NOTE: https://github.com/njhartwell/pw3nage NOTE: Vulnerability likely introduced by the "pc_mode" in https://github.com/git/git/commit/1bfc51ac814125de03ddf1900245e42d6ce0d250 -CVE-2014-9937 - RESERVED +CVE-2014-9937 (In TrustZone a buffer overflow vulnerability can potentially occur in ...) NOT-FOR-US: Qualcomm components for Android -CVE-2014-9936 - RESERVED +CVE-2014-9936 (In TrustZone a time-of-check time-of-use race condition could ...) NOT-FOR-US: Qualcomm components for Android -CVE-2014-9935 - RESERVED +CVE-2014-9935 (In TrustZone an integer overflow vulnerability leading to a buffer ...) NOT-FOR-US: Qualcomm components for Android -CVE-2014-9934 - RESERVED +CVE-2014-9934 (A PKCS#1 v1.5 signature verification routine in all Android releases ...) NOT-FOR-US: Qualcomm components for Android -CVE-2014-9933 - RESERVED +CVE-2014-9933 (Due to missing input validation in all Android releases from CAF using ...) NOT-FOR-US: Qualcomm components for Android -CVE-2014-9932 - RESERVED +CVE-2014-9932 (In TrustZone, an integer overflow vulnerability can potentially occur ...) NOT-FOR-US: Qualcomm components for Android -CVE-2014-9931 - RESERVED +CVE-2014-9931 (A buffer overflow vulnerability in all Android releases from CAF using ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9930 RESERVED @@ -8193,8 +8183,8 @@ - zammad <itp> (bug #841355) CVE-2017-6080 (An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and ...) - zammad <itp> (bug #841355) -CVE-2017-6079 - RESERVED +CVE-2017-6079 (The HTTP web-management application on Edgewater Networks Edgemarc ...) + TODO: check CVE-2017-6078 (FastStone MaxView 3.0 and 3.1 allows user-assisted attackers to cause a ...) NOT-FOR-US: FastStone MaxView CVE-2017-6077 (ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 ...) @@ -14501,8 +14491,7 @@ NOT-FOR-US: Cisco CVE-2017-3883 RESERVED -CVE-2017-3882 - RESERVED +CVE-2017-3882 (A vulnerability in the Universal Plug-and-Play (UPnP) implementation in ...) NOT-FOR-US: Cisco CVE-2017-3881 (A vulnerability in the Cisco Cluster Management Protocol (CMP) ...) NOT-FOR-US: Cisco @@ -14514,15 +14503,13 @@ NOT-FOR-US: Cisco CVE-2017-3877 (A vulnerability in the web framework of Cisco Unified Communications ...) NOT-FOR-US: Cisco -CVE-2017-3876 - RESERVED +CVE-2017-3876 (A vulnerability in the Event Management Service daemon (emsd) of Cisco ...) NOT-FOR-US: Cisco CVE-2017-3875 (An Access-Control Filtering Mechanisms Bypass vulnerability in certain ...) NOT-FOR-US: Cisco CVE-2017-3874 (A vulnerability in the web framework of Cisco Unified Communications ...) NOT-FOR-US: Cisco -CVE-2017-3873 - RESERVED +CVE-2017-3873 (A vulnerability in the Plug-and-Play (PnP) subsystem of the Cisco ...) NOT-FOR-US: Cisco CVE-2017-3872 (A cross-site scripting (XSS) filter bypass vulnerability in the ...) NOT-FOR-US: Cisco @@ -14618,8 +14605,7 @@ NOT-FOR-US: Cisco CVE-2017-3826 (A vulnerability in the Stream Control Transmission Protocol (SCTP) ...) NOT-FOR-US: Cisco -CVE-2017-3825 - RESERVED +CVE-2017-3825 (A vulnerability in the ICMP ingress packet processing of Cisco ...) NOT-FOR-US: Cisco CVE-2017-3824 (A vulnerability in the handling of list headers in Cisco cBR Series ...) NOT-FOR-US: Cisco @@ -113971,7 +113957,7 @@ - xen 4.4.0-1 [squeeze] - xen <end-of-life> (Unsupported in squeeze-lts) CVE-2013-4360 - RESERVED + REJECTED CVE-2013-4359 (Integer overflow in kbdint.c in mod_sftp in ProFTPD 1.3.4d and 1.3.5r3 ...) {DSA-2767-1} - proftpd-dfsg 1.3.5~rc3-2.1 (bug #723179) @@ -134097,7 +134083,7 @@ [squeeze] - tomcat6 6.0.35-1+squeeze3 NOTE: DSA 2725 CVE-2012-3545 - RESERVED + REJECTED CVE-2012-3544 (Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not ...) {DSA-2897-1 DSA-2725-1} - tomcat6 6.0.37 @@ -139124,7 +139110,7 @@ CVE-2012-1620 (slock 0.9 does not properly handle the XRaiseWindow event when the ...) - suckless-tools 39-1 (unimportant; bug #667796) CVE-2012-1619 - RESERVED + REJECTED CVE-2012-1618 (Interaction error in the PostgreSQL JDBC driver before 8.2, when used ...) - libpgjava <not-affected> (Even the version in oldstable had 8.2) CVE-2012-1617 (Directory traversal vulnerability in combine.php in OSClass before ...) @@ -156605,7 +156591,7 @@ [squeeze] - fuse <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-0541 CVE-2011-0540 - RESERVED + REJECTED CVE-2011-0539 (The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, ...) - openssh 1:5.8p1-2 [squeeze] - openssh <not-affected> (Only affects OpenSSH 5.6 and 5.7) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits