[Secure-testing-commits] r52661 - data/CVE

security tracker role Sat, 17 Jun 2017 02:10:36 -0700

Author: sectracker
Date: 2017-06-17 09:10:13 +0000 (Sat, 17 Jun 2017)
New Revision: 52661


Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-06-17 08:22:13 UTC (rev 52660)
+++ data/CVE/list       2017-06-17 09:10:13 UTC (rev 52661)
@@ -25,7 +25,7 @@
        RESERVED
 CVE-2017-9726
        RESERVED
-CVE-2017-9735 [timing channel in Password.java]
+CVE-2017-9735 (Jetty through 9.4.x is prone to a timing channel in ...)
        - jetty9 <unfixed> (bug #864898)
        - jetty8 <removed>
        - jetty <removed>
@@ -526,8 +526,7 @@
        NOT-FOR-US: Atlassian Confluence
 CVE-2017-9504
        RESERVED
-CVE-2017-9503 [scsi: null pointer dereference while processing megasas command]
-       RESERVED
+CVE-2017-9503 (QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 
Host ...)
        - qemu <unfixed>
        - qemu-kvm <removed>
        NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg01313.html
@@ -887,20 +886,17 @@
        RESERVED
 CVE-2017-9376
        RESERVED
-CVE-2017-9375 [usb: xhci infinite recursive call via xhci_kick_ep]
-       RESERVED
+CVE-2017-9375 (QEMU (aka Quick Emulator), when built with USB xHCI controller 
...)
        - qemu <unfixed> (bug #864219)
        - qemu-kvm <removed>
        NOTE: Fixed by: 
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=96d87bdda3919bb16f754b3d3fd1227e1f38f13c
-CVE-2017-9374 [usb: ehci host memory leakage during hotunplug]
-       RESERVED
+CVE-2017-9374 (Memory leak in QEMU (aka Quick Emulator), when built with USB 
EHCI ...)
        - qemu <unfixed> (bug #864568)
        [stretch] - qemu <no-dsa> (Minor issue)
        [jessie] - qemu <no-dsa> (Minor issue)
        - qemu-kvm <removed>
        NOTE: Fixed by: 
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=d710e1e7bd3d5bfc26b631f02ae87901ebe646b0
-CVE-2017-9373 [ide: ahci host memory leakage during hotunplug]
-       RESERVED
+CVE-2017-9373 (Memory leak in QEMU (aka Quick Emulator), when built with IDE 
AHCI ...)
        - qemu <unfixed> (bug #864216)
        - qemu-kvm <removed>
        NOTE: Fixed by: 
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=d68f0f778e7f4fbd674627274267f269e40f0b04
@@ -1443,8 +1439,8 @@
        RESERVED
 CVE-2017-9232 (Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 
uses ...)
        - juju <removed>
-CVE-2017-9231
-       RESERVED
+CVE-2017-9231 (XML external entity (XXE) vulnerability in Citrix XenMobile 
Server 9.x ...)
+       TODO: check
 CVE-2017-9230 (The Bitcoin Proof-of-Work algorithm does not consider a certain 
attack ...)
        NOT-FOR-US: Bitcoin Proof-of-Work algorithm
 CVE-2017-9229 (An issue was discovered in Oniguruma 6.2.0, as used in 
Oniguruma-mod in ...)
@@ -3461,14 +3457,14 @@
        NOT-FOR-US: Proxmox Mail Gateway
 CVE-2015-9057 (Multiple cross-site scripting (XSS) vulnerabilities in Proxmox 
Mail ...)
        NOT-FOR-US: Proxmox Mail Gateway
-CVE-2017-8452
-       RESERVED
-CVE-2017-8451
-       RESERVED
-CVE-2017-8450
-       RESERVED
-CVE-2017-8449
-       RESERVED
+CVE-2017-8452 (Kibana versions prior to 5.2.1 configured for SSL client 
access, file ...)
+       TODO: check
+CVE-2017-8451 (With X-Pack installed, Kibana versions before 5.3.1 have an 
open ...)
+       TODO: check
+CVE-2017-8450 (X-Pack 5.1.1 did not properly apply document and field level 
security ...)
+       TODO: check
+CVE-2017-8449 (X-Pack Security 5.2.x would allow access to more fields than 
the user ...)
+       TODO: check
 CVE-2017-8448
        RESERVED
 CVE-2017-8447
@@ -3543,16 +3539,16 @@
        NOTE: https://sourceforge.net/p/lame/bugs/458/
        NOTE: Issue addressed in Debian via: 
https://sources.debian.net/patches/lame/3.99.5%2Brepack1-9/0001-Add-check-for-invalid-input-sample-rate.patch/
        NOTE: in the revised version as included in 3.99.5+repack1-7
-CVE-2016-10366
-       RESERVED
-CVE-2016-10365
-       RESERVED
-CVE-2016-10364
-       RESERVED
-CVE-2016-10363
-       RESERVED
-CVE-2016-10362
-       RESERVED
+CVE-2016-10366 (Kibana versions after and including 4.3 and before 4.6.2 are 
...)
+       TODO: check
+CVE-2016-10365 (Kibana versions before 4.6.3 and 5.0.1 have an open redirect 
...)
+       TODO: check
+CVE-2016-10364 (With X-Pack installed, Kibana versions 5.0.0 and 5.0.1 were 
not ...)
+       TODO: check
+CVE-2016-10363 (Logstash versions prior to 2.3.3, when using the Netflow Codec 
plugin, ...)
+       TODO: check
+CVE-2016-10362 (Prior to Logstash version 5.0.1, Elasticsearch Output plugin 
when ...)
+       TODO: check
 CVE-2016-10361
        RESERVED
 CVE-2016-10360
@@ -3573,8 +3569,8 @@
        RESERVED
 CVE-2016-10352
        RESERVED
-CVE-2015-9056
-       RESERVED
+CVE-2015-9056 (Kibana versions prior to 4.1.3 and 4.2.1 are vulnerable to a 
XSS ...)
+       TODO: check
 CVE-2017-8905 (Xen through 4.6.x on 64-bit platforms mishandles a failsafe 
callback, ...)
        {DSA-3847-1 DLA-964-1}
        - xen 4.8.0~rc3-1 (bug #861662)
@@ -34184,17 +34180,13 @@
        NOTE: https://code.wireshark.org/review/16965
        NOTE: Affected versions: 2.0.0 to 2.0.5
        NOTE: Fixed versions: 2.0.6
-CVE-2016-1000222
-       RESERVED
+CVE-2016-1000222 (Logstash prior to version 2.1.2, the CSV output can be 
attacked via ...)
        - logstash <itp> (bug #664841)
-CVE-2016-1000221
-       RESERVED
+CVE-2016-1000221 (Logstash prior to version 2.3.4, Elasticsearch Output plugin 
would log ...)
        - logstash <itp> (bug #664841)
-CVE-2016-1000220
-       RESERVED
+CVE-2016-1000220 (Kibana before 4.5.4 and 4.1.11 are vulnerable to an XSS 
attack that ...)
        - kibana <itp> (bug #700337)
-CVE-2016-1000219
-       RESERVED
+CVE-2016-1000219 (Kibana before 4.5.4 and 4.1.11 when a custom output is 
configured for ...)
        - kibana <itp> (bug #700337)
 CVE-2016-1000217 (Zotpress plugin for WordPress SQLi in zp_get_account() ...)
        NOT-FOR-US: WordPress plugin zotpress
@@ -37347,8 +37339,7 @@
        NOTE: 
https://github.com/collectd/collectd/commit/8b4fed9940e02138b7e273e56863df03d1a39ef7
 CVE-2016-6253 (mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 
6.1.5, ...)
        NOT-FOR-US: mail.local in NetBSD
-CVE-2016-1000218
-       RESERVED
+CVE-2016-1000218 (Kibana Reporting plugin version 2.4.0 is vulnerable to a 
CSRF ...)
        - kibana <itp> (bug #700337)
 CVE-2016-1000212 [Mitigation for HTTPoxy vulnerability]
        {DSA-3642-1 DLA-583-1}
@@ -73150,8 +73141,8 @@
        [wheezy] - policykit-1 <no-dsa> (Minor issue)
        [squeeze] - policykit-1 <no-dsa> (Minor issue)
        NOTE: 
http://cgit.freedesktop.org/polkit/commit/?id=9f5e0c731784003bd4d6fc75ab739ff8b2ea269f
-CVE-2015-3254
-       RESERVED
+CVE-2015-3254 (The client libraries in Apache Thrift before 0.9.3 might allow 
remote ...)
+       TODO: check
 CVE-2015-3253 (The MethodClosure class in runtime/MethodClosure.java in Apache 
Groovy ...)
        {DLA-274-1}
        - groovy 2.4.6-1 (bug #793397)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r52661 - data/CVE

Reply via email to