Author: sectracker Date: 2017-03-23 09:10:13 +0000 (Thu, 23 Mar 2017) New Revision: 49955
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-03-23 07:44:00 UTC (rev 49954) +++ data/CVE/list 2017-03-23 09:10:13 UTC (rev 49955) @@ -1,3 +1,11 @@ +CVE-2017-7235 (An issue was discovered in cloudflare-scrape 1.6.6 through 1.7.1. A ...) + TODO: check +CVE-2017-7234 + RESERVED +CVE-2017-7233 + RESERVED +CVE-2017-7232 + RESERVED CVE-2017-7231 (pngdefry through 2017-03-22 is prone to a heap-based buffer-overflow ...) NOT-FOR-US: pngdefry CVE-2017-7230 (A buffer overflow vulnerability in Disk Sorter Enterprise 9.5.12 and ...) @@ -1617,21 +1625,22 @@ CVE-2017-6507 RESERVED CVE-2017-6814 (In WordPress before 4.7.3, there is authenticated Cross-Site Scripting ...) - {DLA-860-1} + {DSA-3815-1 DLA-860-1} - wordpress 4.7.3+dfsg-1 (bug #857026) NOTE: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/ NOTE: https://github.com/WordPress/WordPress/commit/28f838ca3ee205b6f39cd2bf23eb4e5f52796bd7 CVE-2017-6815 (In WordPress before 4.7.3 (wp-includes/pluggable.php), control ...) - {DLA-860-1} + {DSA-3815-1 DLA-860-1} - wordpress 4.7.3+dfsg-1 (bug #857026) NOTE: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/ NOTE: https://github.com/WordPress/WordPress/commit/288cd469396cfe7055972b457eb589cea51ce40e CVE-2017-6816 (In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can ...) - {DLA-860-1} + {DSA-3815-1 DLA-860-1} - wordpress 4.7.3+dfsg-1 (bug #857026) NOTE: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/ NOTE: https://github.com/WordPress/WordPress/commit/4d80f8b3e1b00a3edcee0774dc9c2f4c78f9e663 CVE-2017-6817 (In WordPress before 4.7.3 (wp-includes/embed.php), there is ...) + {DSA-3815-1} - wordpress 4.7.3+dfsg-1 (bug #857026) [wheezy] - wordpress <not-affected> (vulnerable code was introduced later) NOTE: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/ @@ -1886,6 +1895,7 @@ NOTE: https://redmine.openinfosecfoundation.org/issues/2022 NOTE: Fixed by: https://github.com/inliniac/suricata/commit/20990f7a7eb7939946a275dfc9a95426b0080a19 (3.2.1) CVE-2017-7177 (Suricata before 3.2.1 has an IPv4 defragmentation evasion issue caused ...) + {DLA-865-1} - suricata 3.2.1-1 (bug #856649) [jessie] - suricata <no-dsa> (Minor issue) NOTE: https://redmine.openinfosecfoundation.org/issues/2019 @@ -19680,12 +19690,12 @@ RESERVED CVE-2016-9170 RESERVED -CVE-2016-9169 - RESERVED -CVE-2016-9168 - RESERVED -CVE-2016-9167 - RESERVED +CVE-2016-9169 (A reflected XSS vulnerability exists in the web console of the Document ...) + TODO: check +CVE-2016-9168 (A missing X-Frame-Options header in the NDS Utility Monitor in NDSD in ...) + TODO: check +CVE-2016-9167 (NDSD in Novell eDirectory before 9.0.2 did not calculate ACLs on LDAP ...) + TODO: check CVE-2016-9166 RESERVED CVE-2016-9165 (The get_sessions servlet in CA Unified Infrastructure Management ...) @@ -30569,30 +30579,30 @@ RESERVED CVE-2016-5759 RESERVED -CVE-2016-5758 - RESERVED -CVE-2016-5757 - RESERVED -CVE-2016-5756 - RESERVED -CVE-2016-5755 - RESERVED -CVE-2016-5754 - RESERVED +CVE-2016-5758 (A cross site request forgery protection mechanism in NetIQ Access ...) + TODO: check +CVE-2016-5757 (iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix ...) + TODO: check +CVE-2016-5756 (Multiple components of the web tools in NetIQ Access Manager 4.1 before ...) + TODO: check +CVE-2016-5755 (NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 ...) + TODO: check +CVE-2016-5754 (Presence of a .htaccess file could leak information in NetIQ Access ...) + TODO: check CVE-2016-5753 RESERVED -CVE-2016-5752 - RESERVED -CVE-2016-5751 - RESERVED -CVE-2016-5750 - RESERVED -CVE-2016-5749 - RESERVED -CVE-2016-5748 - RESERVED -CVE-2016-5747 - RESERVED +CVE-2016-5752 (The SAML2 implementation in Identity Server in NetIQ Access Manager 4.1 ...) + TODO: check +CVE-2016-5751 (An unfiltered finalizer target URL in the SAML processing feature in ...) + TODO: check +CVE-2016-5750 (The certificate upload feature in iManager in NetIQ Access Manager 4.1 ...) + TODO: check +CVE-2016-5749 (NetIQ Access Manager 4.1 before 4.1.2 HF 1 and 4.2 before 4.2.2 was ...) + TODO: check +CVE-2016-5748 (External Entity Processing (XXE) vulnerability in the "risk score" ...) + TODO: check +CVE-2016-5747 (A security vulnerability in cookie handling in the http stack ...) + TODO: check CVE-2016-5746 (libstorage, libstorage-ng, and yast-storage improperly store ...) NOT-FOR-US: libstorage CVE-2016-5745 (F5 BIG-IP LTM systems 11.x before 11.2.1 HF16, 11.3.x, 11.4.x before ...) @@ -37470,6 +37480,7 @@ CVE-2016-3823 (The secure-session feature in the mm-video-v4l2 venc component in ...) NOT-FOR-US: Android CVE-2016-3822 (exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android ...) + {DLA-864-1} - jhead 1:3.00-4 (bug #858213) CVE-2016-3821 (libmedia in mediaserver in Android 4.x before 4.4.4, 5.0.x before ...) NOT-FOR-US: Android Mediaserver @@ -44840,10 +44851,10 @@ NOT-FOR-US: NetIQ Sentinel CVE-2016-1604 RESERVED -CVE-2016-1603 - RESERVED -CVE-2016-1602 - RESERVED +CVE-2016-1603 (An information leak in the NetIQ IDM ServiceNow Driver before 1.0.0.1 ...) + TODO: check +CVE-2016-1602 (A code injection in the supportconfig data collection tool in ...) + TODO: check CVE-2016-1601 (yast2-users before 3.1.47, as used in SUSE Linux Enterprise 12 SP1, ...) NOT-FOR-US: yast2-users / SuSE YAST CVE-2016-1600 @@ -44852,8 +44863,8 @@ NOT-FOR-US: NetIQ Self Service Password Reset CVE-2016-1598 (XSS in NetIQ IDM 4.5 Identity Applications before 4.5.4 allows ...) NOT-FOR-US: NetIQ IDM -CVE-2016-1597 - RESERVED +CVE-2016-1597 (A logged-in user in NetIQ Access Governance Suite 6.0 through 6.4 could ...) + TODO: check CVE-2016-1596 (Multiple cross-site scripting (XSS) vulnerabilities in Micro Focus ...) NOT-FOR-US: Micro Focus CVE-2016-1595 (LiveTime/WebObjects/LiveTime.woa/wa/DownloadAction/downloadFile in ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits