Author: sectracker Date: 2016-12-06 21:10:11 +0000 (Tue, 06 Dec 2016) New Revision: 46834
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2016-12-06 21:06:21 UTC (rev 46833) +++ data/CVE/list 2016-12-06 21:10:11 UTC (rev 46834) @@ -1,3 +1,203 @@ +CVE-2017-3229 + RESERVED +CVE-2017-3228 + RESERVED +CVE-2017-3227 + RESERVED +CVE-2017-3226 + RESERVED +CVE-2017-3225 + RESERVED +CVE-2017-3224 + RESERVED +CVE-2017-3223 + RESERVED +CVE-2017-3222 + RESERVED +CVE-2017-3221 + RESERVED +CVE-2017-3220 + RESERVED +CVE-2017-3219 + RESERVED +CVE-2017-3218 + RESERVED +CVE-2017-3217 + RESERVED +CVE-2017-3216 + RESERVED +CVE-2017-3215 + RESERVED +CVE-2017-3214 + RESERVED +CVE-2017-3213 + RESERVED +CVE-2017-3212 + RESERVED +CVE-2017-3211 + RESERVED +CVE-2017-3210 + RESERVED +CVE-2017-3209 + RESERVED +CVE-2017-3208 + RESERVED +CVE-2017-3207 + RESERVED +CVE-2017-3206 + RESERVED +CVE-2017-3205 + RESERVED +CVE-2017-3204 + RESERVED +CVE-2017-3203 + RESERVED +CVE-2017-3202 + RESERVED +CVE-2017-3201 + RESERVED +CVE-2017-3200 + RESERVED +CVE-2017-3199 + RESERVED +CVE-2017-3198 + RESERVED +CVE-2017-3197 + RESERVED +CVE-2017-3196 + RESERVED +CVE-2017-3195 + RESERVED +CVE-2017-3194 + RESERVED +CVE-2017-3193 + RESERVED +CVE-2017-3192 + RESERVED +CVE-2017-3191 + RESERVED +CVE-2017-3190 + RESERVED +CVE-2017-3189 + RESERVED +CVE-2017-3188 + RESERVED +CVE-2017-3187 + RESERVED +CVE-2017-3186 + RESERVED +CVE-2017-3185 + RESERVED +CVE-2017-3184 + RESERVED +CVE-2017-3183 + RESERVED +CVE-2017-3182 + RESERVED +CVE-2017-3181 + RESERVED +CVE-2017-3180 + RESERVED +CVE-2017-3179 + RESERVED +CVE-2017-3178 + RESERVED +CVE-2017-3177 + RESERVED +CVE-2017-3176 + RESERVED +CVE-2017-3175 + RESERVED +CVE-2017-3174 + RESERVED +CVE-2017-3173 + RESERVED +CVE-2017-3172 + RESERVED +CVE-2017-3171 + RESERVED +CVE-2017-3170 + RESERVED +CVE-2017-3169 + RESERVED +CVE-2017-3168 + RESERVED +CVE-2017-3167 + RESERVED +CVE-2017-3166 + RESERVED +CVE-2017-3165 + RESERVED +CVE-2017-3164 + RESERVED +CVE-2017-3163 + RESERVED +CVE-2017-3162 + RESERVED +CVE-2017-3161 + RESERVED +CVE-2017-3160 + RESERVED +CVE-2017-3159 + RESERVED +CVE-2017-3158 + RESERVED +CVE-2017-3157 + RESERVED +CVE-2017-3156 + RESERVED +CVE-2017-3155 + RESERVED +CVE-2017-3154 + RESERVED +CVE-2017-3153 + RESERVED +CVE-2017-3152 + RESERVED +CVE-2017-3151 + RESERVED +CVE-2017-3150 + RESERVED +CVE-2016-9866 + RESERVED +CVE-2016-9865 + RESERVED +CVE-2016-9864 + RESERVED +CVE-2016-9863 + RESERVED +CVE-2016-9862 + RESERVED +CVE-2016-9861 + RESERVED +CVE-2016-9860 + RESERVED +CVE-2016-9859 + RESERVED +CVE-2016-9858 + RESERVED +CVE-2016-9857 + RESERVED +CVE-2016-9856 + RESERVED +CVE-2016-9855 + RESERVED +CVE-2016-9854 + RESERVED +CVE-2016-9853 + RESERVED +CVE-2016-9852 + RESERVED +CVE-2016-9851 + RESERVED +CVE-2016-9850 + RESERVED +CVE-2016-9849 + RESERVED +CVE-2016-9848 + RESERVED +CVE-2016-9847 + RESERVED CVE-2016-XXXX [cross-site scripting vulnerability] - html5lib 0.999999999-1 [jessie] - html5lib <no-dsa> (Minor issue) @@ -455,6 +655,7 @@ CVE-2017-2925 RESERVED CVE-2016-9839 + RESERVED - mapserver 7.0.3-1 [jessie] - mapserver <no-dsa> (Minor issue) NOTE: https://lists.osgeo.org/pipermail/mapserver-dev/2016-December/014979.html @@ -464,8 +665,8 @@ RESERVED CVE-2016-9837 RESERVED -CVE-2016-9836 - RESERVED +CVE-2016-9836 (The file scanning mechanism of JFilterInput::isFileSafe() in Joomla! ...) + TODO: check CVE-2016-9835 (Directory traversal vulnerability in file "jcss.php" in Zikula 1.3.x ...) TODO: check CVE-2016-9834 @@ -541,6 +742,7 @@ CVE-2016-9757 RESERVED CVE-2016-9846 [display: virtio-gpu: memory leakage while updating cursor] + RESERVED - qemu <unfixed> [wheezy] - qemu <not-affected> (Vulnerable code not present) - qemu-kvm <removed> @@ -548,6 +750,7 @@ NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg00029.html TODO: check affected versions CVE-2016-9845 [display: virtio-gpu-3d: information leakage in virgl_cmd_get_capset_info] + RESERVED - qemu <unfixed> [wheezy] - qemu <not-affected> (Vulnerable code not present) - qemu-kvm <removed> @@ -555,23 +758,29 @@ NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2016-11/msg00019.html TODO: check affected versions CVE-2016-9843 + RESERVED - zlib <unfixed> NOTE: https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811 CVE-2016-9842 + RESERVED - zlib <unfixed> (bug #847274) NOTE: https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958 CVE-2016-9841 + RESERVED - zlib <unfixed> (bug #847270) NOTE: https://github.com/madler/zlib/commit/9aaec95e82117c1cb0f9624264c3618fc380cecb CVE-2016-9840 + RESERVED - zlib <unfixed> (bug #847270) NOTE: https://github.com/madler/zlib/commit/6a043145ca6e9c55184013841a67b2fef87e44c0 CVE-2016-9844 [zipinfo buffer overflow] + RESERVED - unzip <unfixed> NOTE: https://launchpad.net/bugs/1643750 NOTE: http://www.openwall.com/lists/oss-security/2016/12/05/13 NOTE: Proposed patch in http://www.openwall.com/lists/oss-security/2016/12/05/19 CVE-2014-9913 + RESERVED - unzip <unfixed> NOTE: http://www.openwall.com/lists/oss-security/2014/11/03/5 CVE-2016-XXXX [heap-based buffer overflow in TIFFFillStrip (tif_read.c)] @@ -6247,7 +6456,7 @@ - qemu <not-affected> (Vulnerability specific to Xen) - qemu-kvm <not-affected> (Vulnerability specific to Xen) - xen 4.4.0-1 - NOTE: Xen switched to qemu-system in 4.4.0-1 + NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: https://xenbits.xen.org/xsa/advisory-199.html CVE-2016-9620 RESERVED @@ -7941,8 +8150,7 @@ RESERVED CVE-2016-9153 RESERVED -CVE-2016-9152 [cross-site scripting] - RESERVED +CVE-2016-9152 (Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php in ...) - spip <unfixed> (bug #847156) NOTE: https://core.spip.net/projects/spip/repository/revisions/23290 CVE-2016-9151 (Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x ...) @@ -8983,8 +9191,7 @@ RESERVED CVE-2016-8741 RESERVED -CVE-2016-8740 - RESERVED +CVE-2016-8740 (The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, ...) - apache2 <unfixed> (bug #847124) [jessie] - apache2 <not-affected> (Vulnerable code not present) [wheezy] - apache2 <not-affected> (Vulnerable code not present) @@ -14054,8 +14261,8 @@ RESERVED CVE-2016-7172 RESERVED -CVE-2016-7171 - RESERVED +CVE-2016-7171 (NetApp Plug-in for Symantec NetBackup prior to version 2.0.1 makes use ...) + TODO: check CVE-2016-7170 [vmware_vga: OOB stack memory access when processing svga command] RESERVED {DLA-653-1 DLA-652-1} @@ -20325,8 +20532,8 @@ TODO: check CVE-2016-5342 (Heap-based buffer overflow in the wcnss_wlan_write function in ...) TODO: check -CVE-2016-5341 - RESERVED +CVE-2016-5341 (The GPS component in Android before 2016-12-05 allows ...) + TODO: check CVE-2016-5340 (The is_ashmem_file function in drivers/staging/android/ashmem.c in a ...) TODO: check CVE-2016-5339 @@ -224173,7 +224380,7 @@ - phpbb2 2.0.8 (low) CVE-2004-2349 (Multiple SQL injection vulnerabilities in Tunez before 1.20-pre2 allow ...) NOT-FOR-US: Tunez -CVE-2004-2348 (Sybari AntiGen for Domino 7.0 Build 722 SR2 alows remote attackers to ...) +CVE-2004-2348 (Sybari AntiGen for Domino 7.0 Build 722 SR2 allows remote attackers to ...) NOT-FOR-US: Sybari AntiGen for Domino CVE-2004-2347 (blog.cgi in Leif M. Wright Web Blog 1.1 and 1.1.5 allows remote ...) NOT-FOR-US: Leif M. Wright Web Blog @@ -234620,7 +234827,7 @@ NOT-FOR-US: Safari CVE-2004-1121 (Apple Safari 1.0 through 1.2.3 allows remote attackers to spoof the ...) NOT-FOR-US: Safari -CVE-2004-1120 (Mulitple buffer overflows in (1) http.c, (2) http-retr.c, (3) main.c ...) +CVE-2004-1120 (Multiple buffer overflows in (1) http.c, (2) http-retr.c, (3) main.c ...) {DSA-663-1} - prozilla 1:1.3.7.3-1 CVE-2004-1119 (Stack-based buffer overflow in IN_CDDA.dll in Winamp 5.05, and ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits