[Secure-testing-commits] r52339 - data/CVE

security tracker role Mon, 05 Jun 2017 14:10:32 -0700

Author: sectracker
Date: 2017-06-05 21:10:14 +0000 (Mon, 05 Jun 2017)
New Revision: 52339


Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-06-05 20:49:27 UTC (rev 52338)
+++ data/CVE/list       2017-06-05 21:10:14 UTC (rev 52339)
@@ -1,4 +1,30 @@
-CVE-2017-9434 [out-of-bounds read in zinflate]
+CVE-2017-9447
+       RESERVED
+CVE-2017-9446
+       RESERVED
+CVE-2017-9445
+       RESERVED
+CVE-2017-9444 (BigTree CMS through 4.2.18 has CSRF related to the ...)
+       TODO: check
+CVE-2017-9443 (** DISPUTED ** BigTree CMS through 4.2.18 allows remote 
authenticated ...)
+       TODO: check
+CVE-2017-9442 (** DISPUTED ** BigTree CMS through 4.2.18 allows remote 
authenticated ...)
+       TODO: check
+CVE-2017-9441 (** DISPUTED ** Multiple cross-site scripting (XSS) 
vulnerabilities in ...)
+       TODO: check
+CVE-2017-9440 (In ImageMagick 7.0.5-5, a memory leak was found in the function 
...)
+       TODO: check
+CVE-2017-9439 (In ImageMagick 7.0.5-5, a memory leak was found in the function 
...)
+       TODO: check
+CVE-2017-9438 (libyara/re.c in the regexp module in YARA 3.5.0 allows remote 
attackers ...)
+       TODO: check
+CVE-2017-9437 (Openbravo Business Suite 3.0 is affected by SQL injection. This 
...)
+       TODO: check
+CVE-2017-9436 (TeamPass before 2.1.27.4 is vulnerable to a SQL injection in 
...)
+       TODO: check
+CVE-2017-9435 (Dolibarr ERP/CRM before 5.0.3 is vulnerable to a SQL injection 
in ...)
+       TODO: check
+CVE-2017-9434 (Crypto++ (aka cryptopp) through 5.6.5 contains an out-of-bounds 
read ...)
        - libcrypto++ 5.6.4-7 (bug #864214)
        NOTE: https://github.com/weidai11/cryptopp/issues/414
        NOTE: 
https://github.com/weidai11/cryptopp/commit/07dbcc3d9644b18e05c1776db2a57fe04d780965
@@ -11,8 +37,7 @@
        - grpc 1.3.2-0.1 (bug #864210)
        NOTE: https://github.com/grpc/grpc/pull/10492
        NOTE: Fixed by: 
https://github.com/grpc/grpc/commit/c6ec1155d026c91b1badb07ef1605bb747cff064
-CVE-2017-9430 [stack-based buffer overflow]
-       RESERVED
+CVE-2017-9430 (Stack-based buffer overflow in dnstracer through 1.9 allows 
attackers ...)
        - dnstracer <unfixed> (unimportant)
        NOTE: Crash in CLI tool, disputable if any exposed service makes use of 
dnstrace.
        NOTE: One scenario would be to have a web application that launches 
dnstracer
@@ -35,8 +60,8 @@
        RESERVED
 CVE-2017-9421
        RESERVED
-CVE-2017-9420
-       RESERVED
+CVE-2017-9420 (Cross site scripting (XSS) vulnerability in the Spiffy Calendar 
plugin ...)
+       TODO: check
 CVE-2017-9419
        RESERVED
 CVE-2017-9418
@@ -487,13 +512,12 @@
        RESERVED
 CVE-2014-9971
        RESERVED
-CVE-2017-1000368 [Arbitrary terminal access]
-       RESERVED
+CVE-2017-1000368 (Todd Miller's sudo version 1.8.20p1 and earlier is 
vulnerable to an ...)
        - sudo 1.8.20p1-1.1 (bug #863897)
        [stretch] - sudo 1.8.19p1-2.1
        NOTE: http://www.openwall.com/lists/oss-security/2017/06/02/7
        NOTE: https://www.sudo.ws/repos/sudo/raw-rev/15a46f4007dd
-CVE-2017-1000367 [Potential overwrite of arbitrary files]
+CVE-2017-1000367 (Todd Miller's sudo version 1.8.20 and earlier is vulnerable 
to an ...)
        {DSA-3867-1 DLA-970-1}
        - sudo 1.8.20p1-1 (bug #863731)
        [stretch] - sudo 1.8.19p1-2
@@ -969,6 +993,7 @@
 CVE-2017-9201 (imagew-cmd.c:850:46 in libimageworsener.a in ImageWorsener 
1.3.1 allows ...)
        NOT-FOR-US: ImageWorsener
 CVE-2017-9148 (The TLS session cache in FreeRADIUS before 3.0.14 fails to 
reliably ...)
+       {DLA-977-1}
        - freeradius 3.0.12+dfsg-5 (bug #863673)
        NOTE: http://www.openwall.com/lists/oss-security/2017/05/29/1
        NOTE: http://freeradius.org/security.html#session-resumption-2017
@@ -1835,20 +1860,20 @@
        NOTE: https://github.com/ckolivas/lrzip/issues/66
        NOTE: 
https://blogs.gentoo.org/ago/2017/05/07/lrzip-divide-by-zero-in-bufreadget-libzpaq-h/
        NOTE: Crash in CLI tool, no security implications
-CVE-2017-8841
-       RESERVED
-CVE-2017-8840
-       RESERVED
-CVE-2017-8839
-       RESERVED
-CVE-2017-8838
-       RESERVED
-CVE-2017-8837
-       RESERVED
-CVE-2017-8836
-       RESERVED
-CVE-2017-8835
-       RESERVED
+CVE-2017-8841 (Arbitrary file deletion exists on Peplink Balance 305, 380, 
580, 710, ...)
+       TODO: check
+CVE-2017-8840 (Debug information disclosure exists on Peplink Balance 305, 
380, 580, ...)
+       TODO: check
+CVE-2017-8839 (XSS via orig_url exists on Peplink Balance 305, 380, 580, 710, 
1350, ...)
+       TODO: check
+CVE-2017-8838 (XSS via syncid exists on Peplink Balance 305, 380, 580, 710, 
1350, and ...)
+       TODO: check
+CVE-2017-8837 (Cleartext password storage exists on Peplink Balance 305, 380, 
580, ...)
+       TODO: check
+CVE-2017-8836 (CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 
2500 ...)
+       TODO: check
+CVE-2017-8835 (SQL injection exists on Peplink Balance 305, 380, 580, 710, 
1350, and ...)
+       TODO: check
 CVE-2016-10370 (An issue was discovered on OnePlus devices such as the 3T. The 
OnePlus ...)
        NOT-FOR-US: OnePlus
 CVE-2016-10369 (unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp 
for a ...)
@@ -2722,14 +2747,14 @@
        RESERVED
 CVE-2017-8442
        RESERVED
-CVE-2017-8441
-       RESERVED
-CVE-2017-8440
-       RESERVED
-CVE-2017-8439
-       RESERVED
-CVE-2017-8438
-       RESERVED
+CVE-2017-8441 (Elastic X-Pack Security versions prior to 5.4.1 and 5.3.3 did 
not ...)
+       TODO: check
+CVE-2017-8440 (Starting in version 5.3.0, Kibana had a cross-site scripting 
(XSS) ...)
+       TODO: check
+CVE-2017-8439 (Kibana version 5.4.0 was affected by a Cross Site Scripting 
(XSS) bug ...)
+       TODO: check
+CVE-2017-8438 (Elastic X-Pack Security versions 5.0.0 to 5.4.0 contain a 
privilege ...)
+       TODO: check
 CVE-2017-8437
        RESERVED
 CVE-2017-8436
@@ -8213,7 +8238,7 @@
 CVE-2017-6513 (The WHMCS Reseller Module V2 2.0.2 in Softaculous Virtualizor 
before ...)
        NOT-FOR-US: Softaculous Virtualizor
 CVE-2017-6512 (Race condition in the rmtree and remove_tree functions in the 
...)
-       {DSA-3873-1}
+       {DSA-3873-1 DLA-978-1}
        - perl 5.24.1-3 (bug #863870)
        NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=121951
        NOTE: 
https://github.com/jkeenan/File-Path/commit/e5ef95276ee8ad471c66ee574a5d42552b3a6af2
@@ -68167,6 +68192,7 @@
        {DSA-3302-1 DLA-257-1}
        - libwmf 0.2.8.4-10.4 (bug #784205)
 CVE-2015-4680 (FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not 
properly ...)
+       {DLA-977-1}
        - freeradius 2.2.8+dfsg-0.1 (bug #789623)
        [jessie] - freeradius <no-dsa> (Minor issue)
        [squeeze] - freeradius <no-dsa> (Minor issue)
@@ -102553,6 +102579,7 @@
 CVE-2014-2027 (eGroupware before 1.8.006.20140217 allows remote attackers to 
conduct ...)
        - egroupware <removed>
 CVE-2014-2015 (Stack-based buffer overflow in the normify function in the 
rlm_pap ...)
+       {DLA-977-1}
        - freeradius 2.2.5+dfsg-0.1 (low; bug #742820)
        [squeeze] - freeradius <no-dsa> (Minor issue)
        NOTE: 
http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000610.html


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r52339 - data/CVE

Reply via email to