Author: sectracker Date: 2017-06-05 21:10:14 +0000 (Mon, 05 Jun 2017) New Revision: 52339
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-06-05 20:49:27 UTC (rev 52338) +++ data/CVE/list 2017-06-05 21:10:14 UTC (rev 52339) @@ -1,4 +1,30 @@ -CVE-2017-9434 [out-of-bounds read in zinflate] +CVE-2017-9447 + RESERVED +CVE-2017-9446 + RESERVED +CVE-2017-9445 + RESERVED +CVE-2017-9444 (BigTree CMS through 4.2.18 has CSRF related to the ...) + TODO: check +CVE-2017-9443 (** DISPUTED ** BigTree CMS through 4.2.18 allows remote authenticated ...) + TODO: check +CVE-2017-9442 (** DISPUTED ** BigTree CMS through 4.2.18 allows remote authenticated ...) + TODO: check +CVE-2017-9441 (** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in ...) + TODO: check +CVE-2017-9440 (In ImageMagick 7.0.5-5, a memory leak was found in the function ...) + TODO: check +CVE-2017-9439 (In ImageMagick 7.0.5-5, a memory leak was found in the function ...) + TODO: check +CVE-2017-9438 (libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers ...) + TODO: check +CVE-2017-9437 (Openbravo Business Suite 3.0 is affected by SQL injection. This ...) + TODO: check +CVE-2017-9436 (TeamPass before 2.1.27.4 is vulnerable to a SQL injection in ...) + TODO: check +CVE-2017-9435 (Dolibarr ERP/CRM before 5.0.3 is vulnerable to a SQL injection in ...) + TODO: check +CVE-2017-9434 (Crypto++ (aka cryptopp) through 5.6.5 contains an out-of-bounds read ...) - libcrypto++ 5.6.4-7 (bug #864214) NOTE: https://github.com/weidai11/cryptopp/issues/414 NOTE: https://github.com/weidai11/cryptopp/commit/07dbcc3d9644b18e05c1776db2a57fe04d780965 @@ -11,8 +37,7 @@ - grpc 1.3.2-0.1 (bug #864210) NOTE: https://github.com/grpc/grpc/pull/10492 NOTE: Fixed by: https://github.com/grpc/grpc/commit/c6ec1155d026c91b1badb07ef1605bb747cff064 -CVE-2017-9430 [stack-based buffer overflow] - RESERVED +CVE-2017-9430 (Stack-based buffer overflow in dnstracer through 1.9 allows attackers ...) - dnstracer <unfixed> (unimportant) NOTE: Crash in CLI tool, disputable if any exposed service makes use of dnstrace. NOTE: One scenario would be to have a web application that launches dnstracer @@ -35,8 +60,8 @@ RESERVED CVE-2017-9421 RESERVED -CVE-2017-9420 - RESERVED +CVE-2017-9420 (Cross site scripting (XSS) vulnerability in the Spiffy Calendar plugin ...) + TODO: check CVE-2017-9419 RESERVED CVE-2017-9418 @@ -487,13 +512,12 @@ RESERVED CVE-2014-9971 RESERVED -CVE-2017-1000368 [Arbitrary terminal access] - RESERVED +CVE-2017-1000368 (Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an ...) - sudo 1.8.20p1-1.1 (bug #863897) [stretch] - sudo 1.8.19p1-2.1 NOTE: http://www.openwall.com/lists/oss-security/2017/06/02/7 NOTE: https://www.sudo.ws/repos/sudo/raw-rev/15a46f4007dd -CVE-2017-1000367 [Potential overwrite of arbitrary files] +CVE-2017-1000367 (Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an ...) {DSA-3867-1 DLA-970-1} - sudo 1.8.20p1-1 (bug #863731) [stretch] - sudo 1.8.19p1-2 @@ -969,6 +993,7 @@ CVE-2017-9201 (imagew-cmd.c:850:46 in libimageworsener.a in ImageWorsener 1.3.1 allows ...) NOT-FOR-US: ImageWorsener CVE-2017-9148 (The TLS session cache in FreeRADIUS before 3.0.14 fails to reliably ...) + {DLA-977-1} - freeradius 3.0.12+dfsg-5 (bug #863673) NOTE: http://www.openwall.com/lists/oss-security/2017/05/29/1 NOTE: http://freeradius.org/security.html#session-resumption-2017 @@ -1835,20 +1860,20 @@ NOTE: https://github.com/ckolivas/lrzip/issues/66 NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-divide-by-zero-in-bufreadget-libzpaq-h/ NOTE: Crash in CLI tool, no security implications -CVE-2017-8841 - RESERVED -CVE-2017-8840 - RESERVED -CVE-2017-8839 - RESERVED -CVE-2017-8838 - RESERVED -CVE-2017-8837 - RESERVED -CVE-2017-8836 - RESERVED -CVE-2017-8835 - RESERVED +CVE-2017-8841 (Arbitrary file deletion exists on Peplink Balance 305, 380, 580, 710, ...) + TODO: check +CVE-2017-8840 (Debug information disclosure exists on Peplink Balance 305, 380, 580, ...) + TODO: check +CVE-2017-8839 (XSS via orig_url exists on Peplink Balance 305, 380, 580, 710, 1350, ...) + TODO: check +CVE-2017-8838 (XSS via syncid exists on Peplink Balance 305, 380, 580, 710, 1350, and ...) + TODO: check +CVE-2017-8837 (Cleartext password storage exists on Peplink Balance 305, 380, 580, ...) + TODO: check +CVE-2017-8836 (CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 ...) + TODO: check +CVE-2017-8835 (SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and ...) + TODO: check CVE-2016-10370 (An issue was discovered on OnePlus devices such as the 3T. The OnePlus ...) NOT-FOR-US: OnePlus CVE-2016-10369 (unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a ...) @@ -2722,14 +2747,14 @@ RESERVED CVE-2017-8442 RESERVED -CVE-2017-8441 - RESERVED -CVE-2017-8440 - RESERVED -CVE-2017-8439 - RESERVED -CVE-2017-8438 - RESERVED +CVE-2017-8441 (Elastic X-Pack Security versions prior to 5.4.1 and 5.3.3 did not ...) + TODO: check +CVE-2017-8440 (Starting in version 5.3.0, Kibana had a cross-site scripting (XSS) ...) + TODO: check +CVE-2017-8439 (Kibana version 5.4.0 was affected by a Cross Site Scripting (XSS) bug ...) + TODO: check +CVE-2017-8438 (Elastic X-Pack Security versions 5.0.0 to 5.4.0 contain a privilege ...) + TODO: check CVE-2017-8437 RESERVED CVE-2017-8436 @@ -8213,7 +8238,7 @@ CVE-2017-6513 (The WHMCS Reseller Module V2 2.0.2 in Softaculous Virtualizor before ...) NOT-FOR-US: Softaculous Virtualizor CVE-2017-6512 (Race condition in the rmtree and remove_tree functions in the ...) - {DSA-3873-1} + {DSA-3873-1 DLA-978-1} - perl 5.24.1-3 (bug #863870) NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=121951 NOTE: https://github.com/jkeenan/File-Path/commit/e5ef95276ee8ad471c66ee574a5d42552b3a6af2 @@ -68167,6 +68192,7 @@ {DSA-3302-1 DLA-257-1} - libwmf 0.2.8.4-10.4 (bug #784205) CVE-2015-4680 (FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly ...) + {DLA-977-1} - freeradius 2.2.8+dfsg-0.1 (bug #789623) [jessie] - freeradius <no-dsa> (Minor issue) [squeeze] - freeradius <no-dsa> (Minor issue) @@ -102553,6 +102579,7 @@ CVE-2014-2027 (eGroupware before 1.8.006.20140217 allows remote attackers to conduct ...) - egroupware <removed> CVE-2014-2015 (Stack-based buffer overflow in the normify function in the rlm_pap ...) + {DLA-977-1} - freeradius 2.2.5+dfsg-0.1 (low; bug #742820) [squeeze] - freeradius <no-dsa> (Minor issue) NOTE: http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000610.html _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits