Author: sectracker Date: 2017-06-02 09:10:13 +0000 (Fri, 02 Jun 2017) New Revision: 52226
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-06-02 08:45:36 UTC (rev 52225) +++ data/CVE/list 2017-06-02 09:10:13 UTC (rev 52226) @@ -1,36 +1,54 @@ -CVE-2017-9358 [AST-2017-004: Memory exhaustion on short SCCP packets] +CVE-2017-9366 (Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS) ...) + TODO: check +CVE-2017-9365 (CSRF exists in BigTree CMS through 4.2.18 with the force parameter to ...) + TODO: check +CVE-2017-9364 (Unrestricted File Upload exists in BigTree CMS through 4.2.18: if an ...) + TODO: check +CVE-2017-9363 (Untrusted Java serialization in Soffid IAM console before 1.7.5 allows ...) + TODO: check +CVE-2017-9362 + RESERVED +CVE-2017-9361 (WebsiteBaker v2.10.0 has a stored XSS vulnerability in ...) + TODO: check +CVE-2017-9360 (WebsiteBaker v2.10.0 has a SQL injection vulnerability in ...) + TODO: check +CVE-2017-9357 + RESERVED +CVE-2017-9356 + RESERVED +CVE-2017-9358 (A memory exhaustion vulnerability exists in Asterisk Open Source 13.x ...) - asterisk <unfixed> (bug #863906) NOTE: http://downloads.asterisk.org/pub/security/AST-2017-004.txt -CVE-2017-9359 [AST-2017-003: Crash in PJSIP multi-part body parser] +CVE-2017-9359 (The multi-part body parser in PJSIP, as used in Asterisk Open Source ...) - pjproject <unfixed> (bug #863902) NOTE: http://downloads.asterisk.org/pub/security/AST-2017-003.txt NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-26939 CVE-2017-9355 RESERVED -CVE-2017-9354 - RESERVED -CVE-2017-9353 - RESERVED -CVE-2017-9352 - RESERVED -CVE-2017-9351 - RESERVED -CVE-2017-9350 - RESERVED -CVE-2017-9349 - RESERVED -CVE-2017-9348 - RESERVED -CVE-2017-9347 - RESERVED -CVE-2017-9346 - RESERVED -CVE-2017-9345 - RESERVED -CVE-2017-9344 - RESERVED -CVE-2017-9343 - RESERVED +CVE-2017-9354 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector ...) + TODO: check +CVE-2017-9353 (In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. This was ...) + TODO: check +CVE-2017-9352 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector ...) + TODO: check +CVE-2017-9351 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector ...) + TODO: check +CVE-2017-9350 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY ...) + TODO: check +CVE-2017-9349 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector ...) + TODO: check +CVE-2017-9348 (In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end ...) + TODO: check +CVE-2017-9347 (In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL ...) + TODO: check +CVE-2017-9346 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector ...) + TODO: check +CVE-2017-9345 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector ...) + TODO: check +CVE-2017-9344 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP ...) + TODO: check +CVE-2017-9343 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector ...) + TODO: check CVE-2017-9342 RESERVED CVE-2017-9341 @@ -408,6 +426,7 @@ CVE-2017-9243 (Aries QWR-1104 Wireless-N Router with Firmware Version WRC.253.2.0913 ...) NOT-FOR-US: Aries QWR-1104 Wireless-N Router CVE-2015-9059 (picocom before 2.0 has a command injection vulnerability in the 'send ...) + {DLA-974-1} - picocom <unfixed> (bug #863671) NOTE: https://github.com/npat-efault/picocom/commit/1ebc60b20fbe9a02436d5cbbf8951714e749ddb1 CVE-2017-9242 (The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux ...) @@ -46308,7 +46327,7 @@ NOTE: PHP bug: https://bugs.php.net/bug.php?id=71912 NOTE: HHVM fix: https://github.com/facebook/hhvm/commit/29a6487d648d1593e1e2fa615d9b3a844756ddc3 CVE-2016-3073 - RESERVED + REJECTED CVE-2016-3072 (Multiple SQL injection vulnerabilities in the scoped_search function ...) NOT-FOR-US: Katello CVE-2016-3071 (Libreswan 3.16 might allow remote attackers to cause a denial of ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits