Author: sectracker Date: 2017-10-10 09:10:15 +0000 (Tue, 10 Oct 2017) New Revision: 56566
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-10-10 07:34:52 UTC (rev 56565) +++ data/CVE/list 2017-10-10 09:10:15 UTC (rev 56566) @@ -1,4 +1,60 @@ -CVE-2017-15194 [XSS related to URI or refresh page] +CVE-2017-15215 (Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated ...) + TODO: check +CVE-2017-15214 (Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an ...) + TODO: check +CVE-2017-15213 (Stored XSS vulnerability in Flyspray before 1.0-rc6 allows an ...) + TODO: check +CVE-2017-15212 (In Kanboard before 1.0.47, by altering form data, an authenticated user ...) + TODO: check +CVE-2017-15211 (In Kanboard before 1.0.47, by altering form data, an authenticated user ...) + TODO: check +CVE-2017-15210 (In Kanboard before 1.0.47, by altering form data, an authenticated user ...) + TODO: check +CVE-2017-15209 (In Kanboard before 1.0.47, by altering form data, an authenticated user ...) + TODO: check +CVE-2017-15208 (In Kanboard before 1.0.47, by altering form data, an authenticated user ...) + TODO: check +CVE-2017-15207 (In Kanboard before 1.0.47, by altering form data, an authenticated user ...) + TODO: check +CVE-2017-15206 (In Kanboard before 1.0.47, by altering form data, an authenticated user ...) + TODO: check +CVE-2017-15205 (In Kanboard before 1.0.47, by altering form data, an authenticated user ...) + TODO: check +CVE-2017-15204 (In Kanboard before 1.0.47, by altering form data, an authenticated user ...) + TODO: check +CVE-2017-15203 (In Kanboard before 1.0.47, by altering form data, an authenticated user ...) + TODO: check +CVE-2017-15202 (In Kanboard before 1.0.47, by altering form data, an authenticated user ...) + TODO: check +CVE-2017-15201 (In Kanboard before 1.0.47, by altering form data, an authenticated user ...) + TODO: check +CVE-2017-15200 (In Kanboard before 1.0.47, by altering form data, an authenticated user ...) + TODO: check +CVE-2017-15199 (In Kanboard before 1.0.47, by altering form data, an authenticated user ...) + TODO: check +CVE-2017-15198 (In Kanboard before 1.0.47, by altering form data, an authenticated user ...) + TODO: check +CVE-2017-15197 (In Kanboard before 1.0.47, by altering form data, an authenticated user ...) + TODO: check +CVE-2017-15196 (In Kanboard before 1.0.47, by altering form data, an authenticated user ...) + TODO: check +CVE-2017-15195 (In Kanboard before 1.0.47, by altering form data, an authenticated user ...) + TODO: check +CVE-2017-15193 + RESERVED +CVE-2017-15192 + RESERVED +CVE-2017-15191 + RESERVED +CVE-2017-15190 + RESERVED +CVE-2017-15189 + RESERVED +CVE-2017-15188 (A persistent (stored) XSS vulnerability in the EyesOfNetwork web ...) + TODO: check +CVE-2017-15187 + RESERVED +CVE-2017-15194 (include/global_session.php in Cacti 1.1.25 has XSS related to (1) the ...) - cacti <unfixed> NOTE: https://github.com/Cacti/cacti/issues/1010 NOTE: https://github.com/Cacti/cacti/commit/93f661d8adcfa6618b11522cdab30e97bada33fd @@ -515,6 +571,7 @@ CVE-2017-14998 RESERVED CVE-2017-14997 (GraphicsMagick 1.3.26 allows remote attackers to cause a denial of ...) + {DLA-1130-1} - graphicsmagick 1.3.26-13 NOTE: https://sourceforge.net/p/graphicsmagick/code/ci/0683f8724200495059606c03f04e0d589b33ebe8/ NOTE: https://sourceforge.net/p/graphicsmagick/bugs/511/ @@ -523,6 +580,7 @@ CVE-2017-14995 (The Management Console in WSO2 Application Server 5.3.0, WSO2 Business ...) NOT-FOR-US: WSO2 Application Server CVE-2017-14994 (ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote ...) + {DLA-1130-1} - graphicsmagick 1.3.26-13 NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=b3eca3eaa264 NOTE: https://sourceforge.net/p/graphicsmagick/bugs/512/ @@ -665,8 +723,8 @@ NOT-FOR-US: GSView (different from gv) CVE-2017-14944 (Inedo ProGet before 4.7.14 does not properly address dangerous package ...) NOT-FOR-US: Inedo ProGet -CVE-2017-14943 - RESERVED +CVE-2017-14943 (Trapeze TransitMaster is vulnerable to information disclosure (emails / ...) + TODO: check CVE-2017-14942 (Intelbras WRN 150 devices allow remote attackers to read the ...) NOT-FOR-US: Intelbras WRN 150 devices CVE-2017-14941 (Jaspersoft JasperReports 4.7 suffers from a saved credential disclosure ...) @@ -1198,6 +1256,7 @@ CVE-2017-14734 (The build_msps function in libbpg.c in libbpg 0.9.7 allows remote ...) NOT-FOR-US: libbpg CVE-2017-14733 (ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE ...) + {DLA-1130-1} - graphicsmagick 1.3.26-13 NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=5381c71724e3 NOTE: https://sourceforge.net/p/graphicsmagick/bugs/458/ @@ -1822,6 +1881,7 @@ NOTE: https://github.com/ImageMagick/ImageMagick/commit/6ad5fc3c9b652eec27fc0b1a0817159f8547d5d9 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/f7b0cf098bc800c5b6181dc522a99997bfee8948 CVE-2017-14504 (ReadPNMImage in coders/pnm.c in GraphicsMagick 1.3.26 does not ensure ...) + {DLA-1130-1} - graphicsmagick 1.3.26-11 NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=fb09ca6dd22c NOTE: https://sourceforge.net/p/graphicsmagick/bugs/465/ @@ -2353,6 +2413,7 @@ CVE-2017-14315 (In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation ...) NOT-FOR-US: Apple CVE-2017-14314 (Off-by-one error in the DrawImage function in magick/render.c in ...) + {DLA-1130-1} - graphicsmagick 1.3.26-10 NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/2835184bfb78 NOTE: https://sourceforge.net/p/graphicsmagick/bugs/448/ @@ -3023,6 +3084,7 @@ - linux 4.12.6-1 NOTE: Fixed by: https://git.kernel.org/linus/499350a5a6e7512d9ed369ed63a4244b6536f4f8 (v4.12-rc3) CVE-2017-14103 (The ReadJNGImage and ReadOneJNGImage functions in coders/png.c in ...) + {DLA-1130-1} - graphicsmagick 1.3.26-8 [stretch] - graphicsmagick <not-affected> (Incomplete fix for CVE-2017-11403 not applied) [jessie] - graphicsmagick <not-affected> (Incomplete fix for CVE-2017-11403 not applied) @@ -28077,8 +28139,7 @@ CVE-2017-5638 (The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 ...) - libstruts1.2-java <not-affected> (Only affects Struts 2.3.5 - Struts 2.3.31, Struts 2.5 - Struts 2.5.10) NOTE: https://cwiki.apache.org/confluence/display/WW/S2-045 -CVE-2017-5637 - RESERVED +CVE-2017-5637 (Two four letter word commands "wchp/wchc" are CPU intensive and could ...) {DSA-3871-1 DLA-986-1} - zookeeper 3.4.9-3 (bug #863811) NOTE: https://issues.apache.org/jira/browse/ZOOKEEPER-2693 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits