Author: sectracker
Date: 2017-05-23 09:10:12 +0000 (Tue, 23 May 2017)
New Revision: 51873
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-05-23 09:03:59 UTC (rev 51872)
+++ data/CVE/list 2017-05-23 09:10:12 UTC (rev 51873)
@@ -1,28 +1,132 @@
-CVE-2017-9210
+CVE-2017-9211 (The crypto_skcipher_init_tfm function in crypto/skcipher.c in
the Linux ...)
+ TODO: check
+CVE-2017-9200 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be
represented in type ...)
+ TODO: check
+CVE-2017-9199 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be
represented in type ...)
+ TODO: check
+CVE-2017-9198 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be
represented in type ...)
+ TODO: check
+CVE-2017-9197 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be
represented in type ...)
+ TODO: check
+CVE-2017-9196 (libautotrace.a in AutoTrace 0.31.1 has a
"negative-size-param" issue in ...)
+ TODO: check
+CVE-2017-9195 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer
over-read in ...)
+ TODO: check
+CVE-2017-9194 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer
over-read in ...)
+ TODO: check
+CVE-2017-9193 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer
over-read in ...)
+ TODO: check
+CVE-2017-9192 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer
overflow in ...)
+ TODO: check
+CVE-2017-9191 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer
overflow in ...)
+ TODO: check
+CVE-2017-9190 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to
cause a ...)
+ TODO: check
+CVE-2017-9189 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to
cause a ...)
+ TODO: check
+CVE-2017-9188 (libautotrace.a in AutoTrace 0.31.1 has a "left shift ...
cannot be ...)
+ TODO: check
+CVE-2017-9187 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be
represented in type ...)
+ TODO: check
+CVE-2017-9186 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be
represented in type ...)
+ TODO: check
+CVE-2017-9185 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be
represented in type ...)
+ TODO: check
+CVE-2017-9184 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be
represented in type ...)
+ TODO: check
+CVE-2017-9183 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be
represented in type ...)
+ TODO: check
+CVE-2017-9182 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to
cause a ...)
+ TODO: check
+CVE-2017-9181 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to
cause a ...)
+ TODO: check
+CVE-2017-9180 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to
cause a ...)
+ TODO: check
+CVE-2017-9179 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to
cause a ...)
+ TODO: check
+CVE-2017-9178 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to
cause a ...)
+ TODO: check
+CVE-2017-9177 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to
cause a ...)
+ TODO: check
+CVE-2017-9176 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to
cause a ...)
+ TODO: check
+CVE-2017-9175 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to
cause a ...)
+ TODO: check
+CVE-2017-9174 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to
cause a ...)
+ TODO: check
+CVE-2017-9173 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer
overflow in ...)
+ TODO: check
+CVE-2017-9172 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer
overflow in ...)
+ TODO: check
+CVE-2017-9171 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer
over-read in ...)
+ TODO: check
+CVE-2017-9170 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer
overflow in ...)
+ TODO: check
+CVE-2017-9169 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer
overflow in ...)
+ TODO: check
+CVE-2017-9168 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer
overflow in ...)
+ TODO: check
+CVE-2017-9167 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer
overflow in ...)
+ TODO: check
+CVE-2017-9166 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer
over-read in ...)
+ TODO: check
+CVE-2017-9165 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer
over-read in ...)
+ TODO: check
+CVE-2017-9164 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer
over-read in ...)
+ TODO: check
+CVE-2017-9163 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be
represented in type ...)
+ TODO: check
+CVE-2017-9162 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be
represented in type ...)
+ TODO: check
+CVE-2017-9161 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be
represented in type ...)
+ TODO: check
+CVE-2017-9160 (libautotrace.a in AutoTrace 0.31.1 has a stack-based buffer
overflow in ...)
+ TODO: check
+CVE-2017-9159 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to
cause a ...)
+ TODO: check
+CVE-2017-9158 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to
cause a ...)
+ TODO: check
+CVE-2017-9157 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to
cause a ...)
+ TODO: check
+CVE-2017-9156 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to
cause a ...)
+ TODO: check
+CVE-2017-9155 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to
cause a ...)
+ TODO: check
+CVE-2017-9154 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to
cause a ...)
+ TODO: check
+CVE-2017-9153 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer
overflow in ...)
+ TODO: check
+CVE-2017-9152 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer
over-read in ...)
+ TODO: check
+CVE-2017-9151 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer
overflow in ...)
+ TODO: check
+CVE-2017-9150 (The do_check function in kernel/bpf/verifier.c in the Linux
kernel ...)
+ TODO: check
+CVE-2017-9210 (libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a
denial of ...)
- qpdf <unfixed>
[jessie] - qpdf <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2017/05/23/10
-CVE-2017-9209
+CVE-2017-9209 (libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a
denial of ...)
- qpdf <unfixed>
[jessie] - qpdf <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2017/05/23/10
-CVE-2017-9208
+CVE-2017-9208 (libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a
denial of ...)
- qpdf <unfixed>
[jessie] - qpdf <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2017/05/23/10
-CVE-2017-9207
+CVE-2017-9207 (The iw_get_ui16be function in imagew-util.c:422:24 in ...)
NOT-FOR-US: ImageWorsener
-CVE-2017-9206
+CVE-2017-9206 (The iw_get_ui16le function in imagew-util.c:405:23 in ...)
NOT-FOR-US: ImageWorsener
-CVE-2017-9205
+CVE-2017-9205 (The iw_get_ui16be function in imagew-util.c:422:24 in ...)
NOT-FOR-US: ImageWorsener
-CVE-2017-9204
+CVE-2017-9204 (The iw_get_ui16le function in imagew-util.c:405:23 in ...)
NOT-FOR-US: ImageWorsener
-CVE-2017-9203
+CVE-2017-9203 (imagew-main.c:960:12 in libimageworsener.a in ImageWorsener
1.3.1 ...)
NOT-FOR-US: ImageWorsener
-CVE-2017-9202
+CVE-2017-9202 (imagew-cmd.c:854:45 in libimageworsener.a in ImageWorsener
1.3.1 allows ...)
NOT-FOR-US: ImageWorsener
-CVE-2017-9201
+CVE-2017-9201 (imagew-cmd.c:850:46 in libimageworsener.a in ImageWorsener
1.3.1 allows ...)
NOT-FOR-US: ImageWorsener
CVE-2017-9148
RESERVED
@@ -641,12 +745,12 @@
NOT-FOR-US: Joomla
CVE-2017-8916
RESERVED
-CVE-2017-8915
- RESERVED
-CVE-2017-8914
- RESERVED
-CVE-2017-8913
- RESERVED
+CVE-2017-8915 (sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote
attackers ...)
+ TODO: check
+CVE-2017-8914 (sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote
attackers ...)
+ TODO: check
+CVE-2017-8913 (The Visual Composer VC70RUNTIME component in SAP NetWeaver AS
JAVA 7.5 ...)
+ TODO: check
CVE-2017-8912 (** DISPUTED ** CMS Made Simple (CMSMS) 2.1.6 allows remote ...)
NOT-FOR-US: CMS Made Simple
CVE-2017-8911 (An integer underflow has been identified in the
unicode_to_utf8() ...)
@@ -1935,8 +2039,7 @@
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04147.html
NOTE: Introduced by:
http://git.qemu.org/?p=qemu.git;a=commit;h=e23d04984a78490d8aaa5c45724a3a334933331f
(v2.2.0-rc0)
NOTE: Fixed by:
http://git.qemu.org/?p=qemu.git;a=commit;h=24dfa9fa2f90a95ac33c7372de4f4f2c8a2c141f
-CVE-2017-8379 [input: host memory lekage via keyboard]
- RESERVED
+CVE-2017-8379 (Memory leak in the keyboard input event handlers support in
QEMU (aka ...)
- qemu 1:2.8+dfsg-5 (bug #862289)
[jessie] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
@@ -2133,8 +2236,7 @@
RESERVED
CVE-2017-8310
RESERVED
-CVE-2017-8309 [audio: host memory leakage via capture buffer]
- RESERVED
+CVE-2017-8309 (Memory leak in the audio/audio.c in QEMU (aka Quick Emulator)
allows ...)
- qemu 1:2.8+dfsg-5 (bug #862280)
[jessie] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
@@ -5049,8 +5151,8 @@
NOT-FOR-US: XOOPS
CVE-2017-7289
RESERVED
-CVE-2017-7288
- RESERVED
+CVE-2017-7288 (Cross-site scripting (XSS) vulnerability in Zimbra
Collaboration Suite ...)
+ TODO: check
CVE-2017-7287
RESERVED
CVE-2017-7286
@@ -5654,7 +5756,7 @@
{DSA-3856-1 DLA-863-1}
- deluge 1.3.13+git20161130.48cedf63-2 (bug #857903)
NOTE:
http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable&id=318ab179865e0707d7945edc3a13a464a108d583
-CVE-2017-9149 ["Clean metadata" contextual menu silently fails]
+CVE-2017-9149 (Metadata Anonymisation Toolkit (MAT) 0.6 and 0.6.1 silently
fails to ...)
- mat 0.6.1-4 (bug #858058)
[jessie] - mat <not-affected> (Vulnerable code not present)
[wheezy] - mat <not-affected> (Vulnerable code not present)
@@ -6490,8 +6592,8 @@
NOT-FOR-US: Fiyo CMS
CVE-2017-6822
RESERVED
-CVE-2017-6821
- RESERVED
+CVE-2017-6821 (Directory traversal vulnerability in Zimbra Collaboration Suite
(aka ...)
+ TODO: check
CVE-2017-6820 (rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before
1.2.4 is ...)
{DLA-855-1}
- roundcube 1.2.3+dfsg.1-3 (bug #857473)
@@ -6499,8 +6601,8 @@
NOTE:
https://github.com/roundcube/roundcubemail/commit/cbd35626f7db7855f3b5e2db00d28ecc1554e9f4
NOTE:
https://github.com/roundcube/roundcubemail/wiki/Changelog#release-124
NOTE: https://github.com/roundcube/roundcubemail/releases/tag/1.1.8
-CVE-2017-6813
- RESERVED
+CVE-2017-6813 (A service provided by Zimbra Collaboration Suite (ZCS) before
8.7.6 ...)
+ TODO: check
CVE-2017-6812 (paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected
XSS in ...)
NOT-FOR-US: MaNGOSWebV4
CVE-2017-6811 (paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected
XSS in ...)
@@ -7046,7 +7148,7 @@
NOT-FOR-US: CMS Made Simple
CVE-2017-6555 (Cross-site scripting (XSS) vulnerability in
/admin/moduleinterface.php ...)
NOT-FOR-US: CMS Made Simple
-CVE-2017-6554 (pmmasterd in Quest Privilege Manager 6.0.0-27 and 6.0.0-50
allows ...)
+CVE-2017-6554 (pmmasterd in Quest Privilege Manager before 6.0.0.061, when
configured ...)
NOT-FOR-US: Quest Privilege Manager
CVE-2017-6553 (Buffer Overflow in Quest One Identity Privilege Manager for
Unix before ...)
NOT-FOR-US: Quest One Identity Privilege Manager for Unix
@@ -8929,10 +9031,10 @@
{DLA-922-1}
- linux 4.9.13-1 (low)
[jessie] - linux 3.16.43-1
-CVE-2017-5966
- RESERVED
-CVE-2017-5965
- RESERVED
+CVE-2017-5966 (Sitecore CRM 8.1 Rev 151207 allows remote authenticated
administrators ...)
+ TODO: check
+CVE-2017-5965 (The package manager in Sitecore CRM 8.1 Rev 151207 allows
remote ...)
+ TODO: check
CVE-2017-5964 (An issue was discovered in Emoncms through 9.8.0. The
vulnerability ...)
NOT-FOR-US: Emoncms
CVE-2017-5963 (An issue was discovered in caddy (for TYPO3) before 7.2.10. The
...)
@@ -9309,8 +9411,7 @@
NOT-FOR-US: Unisys ClearPath
CVE-2017-5871
RESERVED
-CVE-2017-5870
- RESERVED
+CVE-2017-5870 (Multiple cross-site scripting (XSS) vulnerabilities in
ViMbAdmin ...)
NOT-FOR-US: ViMbAdmin
CVE-2017-5869 (Directory traversal vulnerability in the file import feature in
Nuxeo ...)
NOT-FOR-US: Nuxeo
@@ -14792,8 +14893,8 @@
NOTE:
https://legalhackers.com/advisories/SwiftMailer-Exploit-Remote-Code-Exec-CVE-2016-10074-Vuln.html
NOTE: https://github.com/swiftmailer/swiftmailer/issues/844
NOTE: Fixed by
https://github.com/swiftmailer/swiftmailer/commit/e6ccf40d856af9598b76eb313b215eed25ae9e86
-CVE-2016-10073
- RESERVED
+CVE-2016-10073 (The from method in library/core/class.email.php in Vanilla
Forums ...)
+ TODO: check
CVE-2016-10072 (** DISPUTED ** WampServer 3.0.6 has two files called
'wampmanager.exe' ...)
NOT-FOR-US: WampServer
CVE-2016-10044 (The aio_mount function in fs/aio.c in the Linux kernel before
4.7.7 ...)
@@ -17889,29 +17990,25 @@
[wheezy] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <not-affected> (Vulnerable code not present)
NOTE:
https://lists.nongnu.org/archive/html/qemu-devel/2016-11/msg00019.html
-CVE-2016-9843
- RESERVED
+CVE-2016-9843 (The crc32_big function in crc32.c in zlib 1.2.8 might allow ...)
- zlib 1:1.2.8.dfsg-3 (bug #847275)
[jessie] - zlib <no-dsa> (Minor issue)
[wheezy] - zlib <no-dsa> (Minor issue)
NOTE:
https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811
NOTE: Report: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
-CVE-2016-9842
- RESERVED
+CVE-2016-9842 (The inflateMark function in inflate.c in zlib 1.2.8 might allow
...)
- zlib 1:1.2.8.dfsg-3 (bug #847274)
[jessie] - zlib <no-dsa> (Minor issue)
[wheezy] - zlib <no-dsa> (Minor issue)
NOTE:
https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958
NOTE: Report: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
-CVE-2016-9841
- RESERVED
+CVE-2016-9841 (inffast.c in zlib 1.2.8 might allow context-dependent attackers
to ...)
- zlib 1:1.2.8.dfsg-4 (bug #847270)
[jessie] - zlib <no-dsa> (Minor issue)
[wheezy] - zlib <no-dsa> (Minor issue)
NOTE:
https://github.com/madler/zlib/commit/9aaec95e82117c1cb0f9624264c3618fc380cecb
NOTE: Report: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
-CVE-2016-9840
- RESERVED
+CVE-2016-9840 (inftrees.c in zlib 1.2.8 might allow context-dependent
attackers to ...)
- zlib 1:1.2.8.dfsg-3 (bug #847270)
[jessie] - zlib <no-dsa> (Minor issue)
[wheezy] - zlib <no-dsa> (Minor issue)
@@ -28279,8 +28376,7 @@
RESERVED
CVE-2016-1000245
RESERVED
-CVE-2016-7979 [type confusion in .initialize_dsc_parser allows remote code
execution]
- RESERVED
+CVE-2016-7979 (Ghostscript before 9.21 might allow remote attackers to bypass
the ...)
{DSA-3691-1 DLA-674-1}
- ghostscript 9.19~dfsg-3.1 (bug #839846)
NOTE: Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697190
@@ -28288,16 +28384,14 @@
NOTE: Patch:
http://git.ghostscript.com/?p=ghostpdl.git;h=875a0095f37626a721c7ff57d606a0f95af03913
NOTE: http://www.openwall.com/lists/oss-security/2016/10/05/7
NOTE: http://www.openwall.com/lists/oss-security/2016/10/05/19
-CVE-2016-7978 [reference leak in .setdevice allows use-after-free and remote
code execution]
- RESERVED
+CVE-2016-7978 (Use-after-free vulnerability in Ghostscript 9.20 might allow
remote ...)
{DSA-3691-1 DLA-674-1}
- ghostscript 9.19~dfsg-3.1 (bug #839845)
NOTE: Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697179
NOTE: Reproducer: http://bugs.ghostscript.com/show_bug.cgi?id=697179#c0
NOTE: Patch:
http://git.ghostscript.com/?p=ghostpdl.git;h=6f749c0c44e7b9e09737b9f29edf29925a34f0cf
NOTE: http://www.openwall.com/lists/oss-security/2016/10/05/7
-CVE-2016-7977 [.libfile doesn't check PermitFileReading array, allowing remote
file disclosure]
- RESERVED
+CVE-2016-7977 (Ghostscript before 9.21 might allow remote attackers to bypass
the ...)
{DSA-3691-1 DLA-674-1}
- ghostscript 9.19~dfsg-3.1 (high; bug #839841)
NOTE: Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697169
@@ -37075,8 +37169,8 @@
RESERVED
CVE-2016-5736 (The default configuration of the IPsec IKE peer listener in F5
BIG-IP ...)
NOT-FOR-US: BIG-IP
-CVE-2016-5735
- RESERVED
+CVE-2016-5735 (Integer overflow in the rwpng_read_image24_libpng function in
rwpng.c ...)
+ TODO: check
CVE-2016-5734 (phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and
4.6.x ...)
- phpmyadmin 4:4.6.3-1
[jessie] - phpmyadmin <no-dsa> (Vulnerable only with a php version
earlier than the one in jessie)
@@ -39365,13 +39459,11 @@
NOTE: https://c-ares.haxx.se/CVE-2016-5180.patch
CVE-2016-5179
RESERVED
-CVE-2016-5178
- RESERVED
+CVE-2016-5178 (Multiple unspecified vulnerabilities in Google Chrome before
...)
{DSA-3683-1}
- chromium-browser 53.0.2785.143-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-5177
- RESERVED
+CVE-2016-5177 (Use-after-free vulnerability in V8 in Google Chrome before ...)
{DSA-3683-1}
- chromium-browser 53.0.2785.143-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
@@ -50057,8 +50149,8 @@
RESERVED
CVE-2016-1877
RESERVED
-CVE-2016-1876
- RESERVED
+CVE-2016-1876 (The backend service process in Lenovo Solution Center (aka LSC)
before ...)
+ TODO: check
CVE-2016-1875
RESERVED
CVE-2016-1874
@@ -57357,8 +57449,8 @@
NOTE:
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixOVIR
CVE-2015-8100 (The net-snmp package in OpenBSD through 5.8 uses 0644
permissions for ...)
- net-snmp <not-affected> (Specific to packaging in OpenBSD)
-CVE-2015-8089
- RESERVED
+CVE-2015-8089 (The GPU driver in Huawei P7 phones with software P7-L00 before
...)
+ TODO: check
CVE-2015-8088 (Heap-based buffer overflow in the HIFI driver in Huawei Mate 7
phones ...)
NOT-FOR-US: Huawei
CVE-2015-8087 (Huawei NE20E-S, NE40E-M, and NE40E-M2 routers with software
before ...)
@@ -61107,8 +61199,7 @@
NOTE: starting with 3.6.0-1 the web front is no longer built from
src:ganglia so marking this version as fixed
NOTE: http://www.openwall.com/lists/oss-security/2015/09/04/2
NOTE: https://github.com/ganglia/ganglia-web/issues/267
-CVE-2015-6817 [authentication bypass]
- RESERVED
+CVE-2015-6817 (PgBouncer 1.6.x before 1.6.1, when configured with auth_user,
allows ...)
- pgbouncer 1.6.1-1
[jessie] - pgbouncer <not-affected> (Introduced in 1.6)
[wheezy] - pgbouncer <not-affected> (Introduced in 1.6)
@@ -61727,8 +61818,8 @@
{DSA-3320-1 DLA-342-1}
- openafs 1.6.13-1
NOTE: http://www.openafs.org/pages/security/OPENAFS-SA-2015-006.txt
-CVE-2015-6586
- RESERVED
+CVE-2015-6586 (The mDNS module in Huawei WLAN AC6005, AC6605, and ACU2 devices
with ...)
+ TODO: check
CVE-2015-6585
RESERVED
CVE-2015-6584 (Cross-site scripting (XSS) vulnerability in the DataTables
plugin ...)
@@ -64058,8 +64149,8 @@
RESERVED
CVE-2015-5683
RESERVED
-CVE-2015-5682
- RESERVED
+CVE-2015-5682 (upload.php in the Powerplay Gallery plugin 3.3 for WordPress
allows ...)
+ TODO: check
CVE-2015-5681 (Unrestricted file upload vulnerability in upload.php in the
Powerplay ...)
NOT-FOR-US: Powerplay Gallery plugin for WordPress
CVE-2015-5680
@@ -64230,8 +64321,8 @@
NOT-FOR-US: Uconnect
CVE-2015-5610 (The RSM (aka RSMWinService) service in SolarWinds N-Able
N-Central ...)
NOT-FOR-US: SolarWinds
-CVE-2015-5609
- RESERVED
+CVE-2015-5609 (Absolute path traversal vulnerability in the Image Export
plugin 1.1 ...)
+ TODO: check
CVE-2015-5608
RESERVED
CVE-2015-5606
@@ -64606,10 +64697,10 @@
NOT-FOR-US: IBS Mappro plugin for WordPress
CVE-2015-5471 (Absolute path traversal vulnerability in
include/user/download.php in ...)
NOT-FOR-US: Swim Team plugin for WordPress
-CVE-2015-5469
- RESERVED
-CVE-2015-5468
- RESERVED
+CVE-2015-5469 (Absolute path traversal vulnerability in the MDC YouTube
Downloader ...)
+ TODO: check
+CVE-2015-5468 (Directory traversal vulnerability in the WP e-Commerce Shop
Styling ...)
+ TODO: check
CVE-2015-5467
RESERVED
CVE-2015-5466
@@ -64770,8 +64861,8 @@
NOT-FOR-US: HP Systems Insight Manager
CVE-2015-5402 (HP Systems Insight Manager (SIM) before 7.5.0, as used in HP
Matrix ...)
NOT-FOR-US: HP Systems Insight Manager
-CVE-2015-5401
- RESERVED
+CVE-2015-5401 (Teradata Gateway before 15.00.03.02-1 and 15.10.x before
15.10.00.01-1 ...)
+ TODO: check
CVE-2015-5399 (Cross-site scripting (XSS) vulnerability in PHPVibe before 4.21
allows ...)
NOT-FOR-US: PHPVibe
CVE-2015-5398
@@ -64894,20 +64985,17 @@
NOTE: http://www.openwall.com/lists/oss-security/2015/07/07/6
NOTE: https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/
NOTE: Patch:
http://downloads.powerdns.com/patches/2015-01/rec-3.7.2.patch
-CVE-2015-5383 [potential info disclosure from temp directory]
- RESERVED
+CVE-2015-5383 (Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to
obtain ...)
- roundcube <not-affected> (protection is done in apache config in
binary package)
NOTE: http://www.openwall.com/lists/oss-security/2015/07/06/10
NOTE: http://trac.roundcube.net/ticket/1490378
-CVE-2015-5382 [security improvement in contact photo handling]
- RESERVED
+CVE-2015-5382 (program/steps/addressbook/photo.inc in Roundcube Webmail before
1.0.6 ...)
- roundcube 1.1.2+dfsg.1-1 (bug #791643)
[wheezy] - roundcube <not-affected> (Vulnerable code not present)
[squeeze] - roundcube <not-affected> (Vulnerable code not present)
NOTE: http://www.openwall.com/lists/oss-security/2015/07/06/10
NOTE: http://trac.roundcube.net/ticket/1490379
-CVE-2015-5381 [XSS vulnerability in _mbox argument]
- RESERVED
+CVE-2015-5381 (Cross-site scripting (XSS) vulnerability in
program/include/rcmail.php ...)
- roundcube 1.1.2+dfsg.1-1 (bug #791643)
[wheezy] - roundcube <not-affected> (Vulnerable code not present)
[squeeze] - roundcube <not-affected> (Vulnerable code not present)
@@ -67081,8 +67169,7 @@
CVE-2015-4706 [IPython XSS in JSON error responses -- /api/contents path]
RESERVED
- ipython <not-affected> (Only affects 3.x)
-CVE-2015-4704
- RESERVED
+CVE-2015-4704 (Directory traversal vulnerability in the Download Zip
Attachments ...)
NOT-FOR-US: WordPress plugin download-zip-attachments
CVE-2015-4703 (Absolute path traversal vulnerability in mysqldump_download.php
in the ...)
NOT-FOR-US: WordPress plugin wp-instance-rename
@@ -67748,8 +67835,7 @@
{DSA-3363-1}
- owncloud-client 1.8.4+dfsg-1
NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-009
-CVE-2015-4455
- RESERVED
+CVE-2015-4455 (Unrestricted file upload vulnerability in includes/upload.php
in the ...)
NOT-FOR-US: WordPress plugin
aviary-image-editor-add-on-for-gravity-forms
CVE-2015-4454 (SQL injection vulnerability in the get_hash_graph_template
function in ...)
{DSA-3295-1 DLA-255-1}
@@ -68790,8 +68876,7 @@
RESERVED
CVE-2012-6691 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the ...)
NOT-FOR-US: osCMax
-CVE-2015-4054 [remote crash/DoS - invalid packet order causes lookup of NULL
pointer]
- RESERVED
+CVE-2015-4054 (PgBouncer before 1.5.5 allows remote attackers to cause a
denial of ...)
- pgbouncer 1.5.5-1
[jessie] - pgbouncer 1.5.4-6+deb8u1
[wheezy] - pgbouncer 1.5.2-4+deb7u1
@@ -68804,10 +68889,10 @@
REJECTED
CVE-2015-8146
REJECTED
-CVE-2015-4046
- RESERVED
-CVE-2015-4045
- RESERVED
+CVE-2015-4046 (The asset discovery scanner in AlienVault OSSIM before 5.0.1
allows ...)
+ TODO: check
+CVE-2015-4045 (The sudoers file in the asset discovery scanner in AlienVault
OSSIM ...)
+ TODO: check
CVE-2015-4044
RESERVED
CVE-2015-4043
@@ -75032,8 +75117,7 @@
NOTE: Fixed upstream in 2.22
NOTE: Fixed by:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bdf1ff052a8e23d637f2c838fa5642d78fcedc33
NOTE: http://www.openwall.com/lists/oss-security/2015/02/22/15
-CVE-2015-8477 [Potential XSS vulnerability when rendering some flash messages]
- RESERVED
+CVE-2015-8477 (Cross-site scripting (XSS) vulnerability in Redmine before
2.6.2 ...)
- redmine 3.0~20140825-5 (low)
[squeeze] - redmine <end-of-life> (Redmine not supported because of
rails)
[wheezy] - redmine <end-of-life> (Redmine not supported because of
rails)
@@ -76433,8 +76517,8 @@
RESERVED
CVE-2015-1530
RESERVED
-CVE-2015-1529
- RESERVED
+CVE-2015-1529 (Integer overflow in soundtrigger/ISoundTriggerHwService.cpp in
Android ...)
+ TODO: check
CVE-2015-1528 (Integer overflow in the native_handle_create function in ...)
NOT-FOR-US: Android
CVE-2015-1527
@@ -211374,7 +211458,7 @@
NOT-FOR-US: WSPortal
CVE-2007-3127 (content.php in WSPortal 1.0, when magic_quotes_gpc is disabled,
allows ...)
NOT-FOR-US: WSPortal
-CVE-2007-3126 (Gimp 2.3.14 allows context-dependent attackers to cause a
denial of ...)
+CVE-2007-3126 (Gimp before 2.8.22 allows context-dependent attackers to cause
a ...)
- gimp <unfixed> (unimportant)
CVE-2007-3125
REJECTED
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
