Author: sectracker
Date: 2017-10-10 09:10:15 +0000 (Tue, 10 Oct 2017)
New Revision: 56566
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-10 07:34:52 UTC (rev 56565)
+++ data/CVE/list 2017-10-10 09:10:15 UTC (rev 56566)
@@ -1,4 +1,60 @@
-CVE-2017-15194 [XSS related to URI or refresh page]
+CVE-2017-15215 (Reflected XSS vulnerability in Shaarli v0.9.1 allows an
unauthenticated ...)
+ TODO: check
+CVE-2017-15214 (Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6
allows an ...)
+ TODO: check
+CVE-2017-15213 (Stored XSS vulnerability in Flyspray before 1.0-rc6 allows an
...)
+ TODO: check
+CVE-2017-15212 (In Kanboard before 1.0.47, by altering form data, an
authenticated user ...)
+ TODO: check
+CVE-2017-15211 (In Kanboard before 1.0.47, by altering form data, an
authenticated user ...)
+ TODO: check
+CVE-2017-15210 (In Kanboard before 1.0.47, by altering form data, an
authenticated user ...)
+ TODO: check
+CVE-2017-15209 (In Kanboard before 1.0.47, by altering form data, an
authenticated user ...)
+ TODO: check
+CVE-2017-15208 (In Kanboard before 1.0.47, by altering form data, an
authenticated user ...)
+ TODO: check
+CVE-2017-15207 (In Kanboard before 1.0.47, by altering form data, an
authenticated user ...)
+ TODO: check
+CVE-2017-15206 (In Kanboard before 1.0.47, by altering form data, an
authenticated user ...)
+ TODO: check
+CVE-2017-15205 (In Kanboard before 1.0.47, by altering form data, an
authenticated user ...)
+ TODO: check
+CVE-2017-15204 (In Kanboard before 1.0.47, by altering form data, an
authenticated user ...)
+ TODO: check
+CVE-2017-15203 (In Kanboard before 1.0.47, by altering form data, an
authenticated user ...)
+ TODO: check
+CVE-2017-15202 (In Kanboard before 1.0.47, by altering form data, an
authenticated user ...)
+ TODO: check
+CVE-2017-15201 (In Kanboard before 1.0.47, by altering form data, an
authenticated user ...)
+ TODO: check
+CVE-2017-15200 (In Kanboard before 1.0.47, by altering form data, an
authenticated user ...)
+ TODO: check
+CVE-2017-15199 (In Kanboard before 1.0.47, by altering form data, an
authenticated user ...)
+ TODO: check
+CVE-2017-15198 (In Kanboard before 1.0.47, by altering form data, an
authenticated user ...)
+ TODO: check
+CVE-2017-15197 (In Kanboard before 1.0.47, by altering form data, an
authenticated user ...)
+ TODO: check
+CVE-2017-15196 (In Kanboard before 1.0.47, by altering form data, an
authenticated user ...)
+ TODO: check
+CVE-2017-15195 (In Kanboard before 1.0.47, by altering form data, an
authenticated user ...)
+ TODO: check
+CVE-2017-15193
+ RESERVED
+CVE-2017-15192
+ RESERVED
+CVE-2017-15191
+ RESERVED
+CVE-2017-15190
+ RESERVED
+CVE-2017-15189
+ RESERVED
+CVE-2017-15188 (A persistent (stored) XSS vulnerability in the EyesOfNetwork
web ...)
+ TODO: check
+CVE-2017-15187
+ RESERVED
+CVE-2017-15194 (include/global_session.php in Cacti 1.1.25 has XSS related to
(1) the ...)
- cacti <unfixed>
NOTE: https://github.com/Cacti/cacti/issues/1010
NOTE:
https://github.com/Cacti/cacti/commit/93f661d8adcfa6618b11522cdab30e97bada33fd
@@ -515,6 +571,7 @@
CVE-2017-14998
RESERVED
CVE-2017-14997 (GraphicsMagick 1.3.26 allows remote attackers to cause a
denial of ...)
+ {DLA-1130-1}
- graphicsmagick 1.3.26-13
NOTE:
https://sourceforge.net/p/graphicsmagick/code/ci/0683f8724200495059606c03f04e0d589b33ebe8/
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/511/
@@ -523,6 +580,7 @@
CVE-2017-14995 (The Management Console in WSO2 Application Server 5.3.0, WSO2
Business ...)
NOT-FOR-US: WSO2 Application Server
CVE-2017-14994 (ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows
remote ...)
+ {DLA-1130-1}
- graphicsmagick 1.3.26-13
NOTE:
http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=b3eca3eaa264
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/512/
@@ -665,8 +723,8 @@
NOT-FOR-US: GSView (different from gv)
CVE-2017-14944 (Inedo ProGet before 4.7.14 does not properly address dangerous
package ...)
NOT-FOR-US: Inedo ProGet
-CVE-2017-14943
- RESERVED
+CVE-2017-14943 (Trapeze TransitMaster is vulnerable to information disclosure
(emails / ...)
+ TODO: check
CVE-2017-14942 (Intelbras WRN 150 devices allow remote attackers to read the
...)
NOT-FOR-US: Intelbras WRN 150 devices
CVE-2017-14941 (Jaspersoft JasperReports 4.7 suffers from a saved credential
disclosure ...)
@@ -1198,6 +1256,7 @@
CVE-2017-14734 (The build_msps function in libbpg.c in libbpg 0.9.7 allows
remote ...)
NOT-FOR-US: libbpg
CVE-2017-14733 (ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26
mishandles RLE ...)
+ {DLA-1130-1}
- graphicsmagick 1.3.26-13
NOTE:
http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=5381c71724e3
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/458/
@@ -1822,6 +1881,7 @@
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/6ad5fc3c9b652eec27fc0b1a0817159f8547d5d9
NOTE: ImageMagick-6:
https://github.com/ImageMagick/ImageMagick/commit/f7b0cf098bc800c5b6181dc522a99997bfee8948
CVE-2017-14504 (ReadPNMImage in coders/pnm.c in GraphicsMagick 1.3.26 does not
ensure ...)
+ {DLA-1130-1}
- graphicsmagick 1.3.26-11
NOTE:
http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=fb09ca6dd22c
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/465/
@@ -2353,6 +2413,7 @@
CVE-2017-14315 (In Apple iOS 7 through 9, due to a BlueBorne flaw in the
implementation ...)
NOT-FOR-US: Apple
CVE-2017-14314 (Off-by-one error in the DrawImage function in magick/render.c
in ...)
+ {DLA-1130-1}
- graphicsmagick 1.3.26-10
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/2835184bfb78
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/448/
@@ -3023,6 +3084,7 @@
- linux 4.12.6-1
NOTE: Fixed by:
https://git.kernel.org/linus/499350a5a6e7512d9ed369ed63a4244b6536f4f8
(v4.12-rc3)
CVE-2017-14103 (The ReadJNGImage and ReadOneJNGImage functions in coders/png.c
in ...)
+ {DLA-1130-1}
- graphicsmagick 1.3.26-8
[stretch] - graphicsmagick <not-affected> (Incomplete fix for
CVE-2017-11403 not applied)
[jessie] - graphicsmagick <not-affected> (Incomplete fix for
CVE-2017-11403 not applied)
@@ -28077,8 +28139,7 @@
CVE-2017-5638 (The Jakarta Multipart parser in Apache Struts 2 2.3.x before
2.3.32 ...)
- libstruts1.2-java <not-affected> (Only affects Struts 2.3.5 - Struts
2.3.31, Struts 2.5 - Struts 2.5.10)
NOTE: https://cwiki.apache.org/confluence/display/WW/S2-045
-CVE-2017-5637
- RESERVED
+CVE-2017-5637 (Two four letter word commands "wchp/wchc" are CPU
intensive and could ...)
{DSA-3871-1 DLA-986-1}
- zookeeper 3.4.9-3 (bug #863811)
NOTE: https://issues.apache.org/jira/browse/ZOOKEEPER-2693
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
