Author: sectracker
Date: 2017-03-16 21:10:12 +0000 (Thu, 16 Mar 2017)
New Revision: 49724
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-03-16 20:29:24 UTC (rev 49723)
+++ data/CVE/list 2017-03-16 21:10:12 UTC (rev 49724)
@@ -1,3 +1,72 @@
+CVE-2017-9999
+ REJECTED
+ TODO: check
+CVE-2017-6951 (The keyring_search_aux function in security/keys/keyring.c in
the Linux ...)
+ TODO: check
+CVE-2017-6950
+ RESERVED
+CVE-2017-6949 (An issue was discovered in CHICKEN Scheme through 4.12.0. When
using a ...)
+ TODO: check
+CVE-2017-6948
+ RESERVED
+CVE-2017-6947
+ RESERVED
+CVE-2017-6946
+ RESERVED
+CVE-2017-6945
+ RESERVED
+CVE-2017-6944
+ RESERVED
+CVE-2017-6943
+ RESERVED
+CVE-2017-6942
+ RESERVED
+CVE-2017-6941
+ RESERVED
+CVE-2017-6940
+ RESERVED
+CVE-2017-6939
+ RESERVED
+CVE-2017-6938
+ RESERVED
+CVE-2017-6937
+ RESERVED
+CVE-2017-6936
+ RESERVED
+CVE-2017-6935
+ RESERVED
+CVE-2017-6934
+ RESERVED
+CVE-2017-6933
+ RESERVED
+CVE-2017-6932
+ RESERVED
+CVE-2017-6931
+ RESERVED
+CVE-2017-6930
+ RESERVED
+CVE-2017-6929
+ RESERVED
+CVE-2017-6928
+ RESERVED
+CVE-2017-6927
+ RESERVED
+CVE-2017-6926
+ RESERVED
+CVE-2017-6925
+ RESERVED
+CVE-2017-6924
+ RESERVED
+CVE-2017-6923
+ RESERVED
+CVE-2017-6922
+ RESERVED
+CVE-2017-6921
+ RESERVED
+CVE-2017-6920
+ RESERVED
+CVE-2017-6919
+ RESERVED
CVE-2017-6918 (CSRF exists in BigTree CMS 4.2.16 with the value[#][*]
parameter to the ...)
NOT-FOR-US: BigTree CMS
CVE-2017-6917 (CSRF exists in BigTree CMS 4.2.16 with the value parameter to
the ...)
@@ -228,14 +297,12 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/10/20/5
NOTE: Not suitable for code injection, hardly denial of service
NOTE:
https://github.com/mdadams/jasper/commit/2e82fa00466ae525339754bb3ab0a0474a31d4bd
-CVE-2016-10247
- RESERVED
+CVE-2016-10247 (Buffer overflow in the my_getline function in jstest_main.c in
...)
- mupdf <unfixed> (unimportant)
NOTE: Although jstest_main.c compiled during build and mujstest is
created
NOTE: it is not included in the produced binary packages
NOTE: http://www.openwall.com/lists/oss-security/2016/10/16/19
-CVE-2016-10246
- RESERVED
+CVE-2016-10246 (Buffer overflow in the main function in jstest_main.c in
Mujstest in ...)
- mupdf <unfixed> (unimportant)
NOTE: Although jstest_main.c compiled during build and mujstest is
created
NOTE: it is not included in the produced binary packages
@@ -893,8 +960,8 @@
RESERVED
CVE-2017-6511 (andrzuk/FineCMS before 2017-03-06 is vulnerable to a reflected
XSS in ...)
NOT-FOR-US: FineCMS
-CVE-2017-6510
- RESERVED
+CVE-2017-6510 (Easy File Sharing FTP Server version 3.6 is vulnerable to a
directory ...)
+ TODO: check
CVE-2017-6509 (Smith0r/burgundy-cms before 2017-03-06 is vulnerable to a
reflected XSS ...)
NOT-FOR-US: burgundy-cms
CVE-2017-6507
@@ -1402,20 +1469,17 @@
RESERVED
CVE-2017-6382
RESERVED
-CVE-2017-6381
- RESERVED
+CVE-2017-6381 (A 3rd party development library including with Drupal 8
development ...)
- drupal8 <itp> (bug #756305)
NOTE: https://www.drupal.org/SA-2017-001
CVE-2017-6380
RESERVED
-CVE-2017-6379
- RESERVED
+CVE-2017-6379 (Some administrative paths in Drupal 8.2.x before 8.2.7 did not
include ...)
- drupal8 <itp> (bug #756305)
NOTE: https://www.drupal.org/SA-2017-001
CVE-2017-6378
RESERVED
-CVE-2017-6377
- RESERVED
+CVE-2017-6377 (When adding a private file via the editor in Drupal 8.2.x
before ...)
- drupal8 <itp> (bug #756305)
NOTE: https://www.drupal.org/SA-2017-001
CVE-2017-6376
@@ -3299,16 +3363,14 @@
NOTE: http://karmainsecurity.com/KIS-2017-01
CVE-2017-5676
RESERVED
-CVE-2017-5857 [Qemu: display: virtio-gpu-3d: host memory leakage in
virgl_cmd_resource_unref]
- RESERVED
+CVE-2017-5857 (Memory leak in the virgl_cmd_resource_unref function in ...)
- qemu 1:2.8+dfsg-3 (bug #853996; unimportant)
[jessie] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <not-affected> (Vulnerable code not present)
NOTE:
https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg04615.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1418382
NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/21
-CVE-2017-5856 [Qemu: scsi: megasas: host memory leakage in megasas_handle_dcmd]
- RESERVED
+CVE-2017-5856 (Memory leak in the megasas_handle_dcmd function in
hw/scsi/megasas.c ...)
- qemu 1:2.8+dfsg-3 (bug #853996)
[jessie] - qemu <no-dsa> (Minor issue; can be fixed in future DSA or
point release)
[wheezy] - qemu <not-affected> (Vulnerable code not present)
@@ -3328,8 +3390,7 @@
NOTE:
https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-pdfinfoguessformat-pdfinfo-cpp/
NOTE:
https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936
NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2017/02/02/21
-CVE-2015-8981 [Heap overflow in the function ReadXRefSubsection]
- RESERVED
+CVE-2015-8981 (Heap-based buffer overflow in the PdfParser::ReadXRefSubsection
...)
- libpodofo 0.9.4-1 (bug #854599)
[jessie] - libpodofo <no-dsa> (Minor issue)
[wheezy] - libpodofo <no-dsa> (Minor issue)
@@ -3443,8 +3504,8 @@
RESERVED
CVE-2017-5644
RESERVED
-CVE-2017-5643
- RESERVED
+CVE-2017-5643 (Apache Camel's Validation Component is vulnerable against SSRF
via ...)
+ TODO: check
CVE-2017-5642
RESERVED
CVE-2017-5641
@@ -3545,8 +3606,7 @@
NOT-FOR-US: Netgear
CVE-2004-2778
RESERVED
-CVE-2017-5667 [sd: sdhci OOB access during multi block SDMA transfer]
- RESERVED
+CVE-2017-5667 (The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c
in QEMU ...)
- qemu 1:2.8+dfsg-3 (bug #853996)
[jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <not-affected> (Vulnerable code not present)
@@ -3586,8 +3646,7 @@
NOTE:
https://github.com/netblue30/firejail/commit/38d418505e9ee2d326557e5639e8da49c298858f
(0.9.44.6)
NOTE:
https://github.com/netblue30/firejail/commit/b8a4ff9775318ca5e679183884a6a63f3da8f863
(0.9.44.6)
NOTE: http://www.openwall.com/lists/oss-security/2017/01/29/4
-CVE-2016-10187 [javascript in books can access files on the computer using
XMLHttpRequest]
- RESERVED
+CVE-2016-10187 (The E-book viewer in calibre before 2.75 allows remote
attackers to ...)
- calibre 2.75.1+dfsg-1 (bug #853004)
NOTE: Upstream report: https://launchpad.net/bugs/1651728
NOTE: Upstream fix:
https://github.com/kovidgoyal/calibre/commit/3a89718664cb8cce0449d1758eee585ed0d0433c
@@ -3603,8 +3662,7 @@
NOT-FOR-US: MuJS
CVE-2017-5627 (An issue was discovered in Artifex Software, Inc. MuJS before
...)
NOT-FOR-US: MuJS
-CVE-2017-5617 [SSRF issue]
- RESERVED
+CVE-2017-5617 (The SVG Salamander (aka svgSalamander) library, when used in a
web ...)
{DSA-3781-1 DLA-816-1}
- svgsalamander 1.1.1+dfsg-2 (bug #853134)
NOTE: https://github.com/blackears/svgSalamander/issues/11
@@ -4609,8 +4667,7 @@
NOT-FOR-US: BLU
CVE-2016-10135 (An issue was discovered on LG devices using the MTK chipset
with ...)
NOT-FOR-US: LG
-CVE-2017-5505
- RESERVED
+CVE-2017-5505 (The jas_matrix_asl function in jas_seq.c in JasPer 1.900.27
allows ...)
- jasper <removed> (unimportant)
NOTE:
https://blogs.gentoo.org/ago/2017/01/16/jasper-invalid-memory-read-in-jas_matrix_asl-jas_seq-c
NOTE: https://github.com/mdadams/jasper/issues/88
@@ -20238,7 +20295,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/10/18/1
CVE-2016-8673 (Cross-site request forgery (CSRF) vulnerability in the
integrated web ...)
NOT-FOR-US: Siemens SIMATIC CP
-CVE-2016-8672 (The integrated web server on Siemens SIMATIC CP 343-1 Advanced
before ...)
+CVE-2016-8672 (The integrated web server on Siemens SIMATIC CP 343-1 Advanced
prior to ...)
NOT-FOR-US: Siemens SIMATIC CP
CVE-2005-4900 (SHA-1 is not collision resistant, which makes it easier for ...)
NOT-FOR-US: Generic protocol issue
@@ -46871,8 +46928,8 @@
[wheezy] - samba <not-affected> (Vulnerable code not present)
[squeeze] - samba <not-affected> (Vulnerable code not present)
NOTE: https://www.samba.org/samba/security/CVE-2016-0771.html
-CVE-2016-0770
- RESERVED
+CVE-2016-0770 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
CVE-2016-0769 (Multiple SQL injection vulnerabilities in eshop-orders.php in
the ...)
TODO: check
CVE-2016-0768
@@ -47178,25 +47235,25 @@
[wheezy] - openssl <not-affected> (Only affects 1.0.2)
[squeeze] - openssl <not-affected> (Only affects 1.0.2)
CVE-2015-8591
- RESERVED
+ REJECTED
CVE-2015-8590
- RESERVED
+ REJECTED
CVE-2015-8589
- RESERVED
+ REJECTED
CVE-2015-8588
- RESERVED
+ REJECTED
CVE-2015-8587
- RESERVED
+ REJECTED
CVE-2015-8586
- RESERVED
+ REJECTED
CVE-2015-8585
- RESERVED
+ REJECTED
CVE-2015-8584
- RESERVED
+ REJECTED
CVE-2015-8583
- RESERVED
+ REJECTED
CVE-2015-8582
- RESERVED
+ REJECTED
CVE-2015-8581 (The EjbObjectInputStream class in Apache TomEE allows remote
attackers ...)
NOT-FOR-US: Apache TomEE
CVE-2015-8580 (Multiple use-after-free vulnerabilities in the (1) Print method
and ...)
@@ -50955,11 +51012,11 @@
CVE-2015-7923 (Westermo WeOS before 4.19.0 uses the same SSL private key
across ...)
NOT-FOR-US: Westermo
CVE-2015-7922
- RESERVED
+ REJECTED
CVE-2015-7921 (The FTP server in Pro-face GP-Pro EX EX-ED before 4.05.000,
PFXEXEDV ...)
TODO: check
CVE-2015-7920
- RESERVED
+ REJECTED
CVE-2015-7919 (SearchBlox 8.3 before 8.3.1 allows remote attackers to write to
the ...)
NOT-FOR-US: SearchBlox
CVE-2015-7918 (Multiple buffer overflows in the F1BookView ActiveX control in
F1 ...)
@@ -55061,7 +55118,7 @@
CVE-2015-6488 (Cross-site scripting (XSS) vulnerability in the web server on
...)
NOT-FOR-US: Allen-Bradley MicroLogix
CVE-2015-6487
- RESERVED
+ REJECTED
CVE-2015-6486 (SQL injection vulnerability on Allen-Bradley MicroLogix 1100
devices ...)
NOT-FOR-US: Allen-Bradley MicroLogix
CVE-2015-6485 (Schneider Electric Telvent Sage 2300 RTUs with firmware before
...)
@@ -55125,7 +55182,7 @@
CVE-2015-6456 (GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise
before ...)
NOT-FOR-US: PulseNET
CVE-2015-6455
- RESERVED
+ REJECTED
CVE-2015-6454 (Everest PeakHMI before 8.7.0.2, when the video server is used,
allows ...)
NOT-FOR-US: PeakHMI
CVE-2015-6453
@@ -62133,7 +62190,7 @@
CVE-2015-3976
RESERVED
CVE-2015-3975
- RESERVED
+ REJECTED
CVE-2015-3974 (EasyIO EasyIO-30P-SF controllers with firmware before 0.5.21
and 2.x ...)
NOT-FOR-US: EasyIO EasyIO-30P-SF controllers
CVE-2015-3973 (Janitza UMG 508, 509, 511, 604, and 605 devices improperly
generate ...)
@@ -62193,15 +62250,15 @@
CVE-2015-3946 (Cross-site request forgery (CSRF) vulnerability in Advantech
WebAccess ...)
NOT-FOR-US: Advantech WebAccess
CVE-2015-3945
- RESERVED
+ REJECTED
CVE-2015-3944
- RESERVED
+ REJECTED
CVE-2015-3943 (Advantech WebAccess before 8.1 allows remote attackers to read
...)
NOT-FOR-US: Advantech WebAccess
CVE-2015-3942 (Multiple cross-site scripting (XSS) vulnerabilities in the
web-server ...)
NOT-FOR-US: Belden GarrettCom switches
CVE-2015-3941
- RESERVED
+ REJECTED
CVE-2015-3940 (Untrusted search path vulnerability in Schneider Electric
Wonderware ...)
NOT-FOR-US: Schneider Electric
CVE-2015-3939 (Directory traversal vulnerability in the NC854 and NC856
modules for ...)
@@ -71713,7 +71770,7 @@
CVE-2015-0984 (Directory traversal vulnerability in the FTP server on
Honeywell Excel ...)
NOT-FOR-US: Honeywell Excel Web
CVE-2015-0983
- RESERVED
+ REJECTED
CVE-2015-0982 (Buffer overflow in an unspecified DLL in Schneider Electric
Pelco ...)
NOT-FOR-US: Schneider Electric
CVE-2015-0981 (The SOAP web interface in SCADA Engine BACnet OPC Server before
...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
