[Secure-testing-commits] r49955 - data/CVE

security tracker role Thu, 23 Mar 2017 02:10:32 -0700

Author: sectracker
Date: 2017-03-23 09:10:13 +0000 (Thu, 23 Mar 2017)
New Revision: 49955


Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-03-23 07:44:00 UTC (rev 49954)
+++ data/CVE/list       2017-03-23 09:10:13 UTC (rev 49955)
@@ -1,3 +1,11 @@
+CVE-2017-7235 (An issue was discovered in cloudflare-scrape 1.6.6 through 
1.7.1. A ...)
+       TODO: check
+CVE-2017-7234
+       RESERVED
+CVE-2017-7233
+       RESERVED
+CVE-2017-7232
+       RESERVED
 CVE-2017-7231 (pngdefry through 2017-03-22 is prone to a heap-based 
buffer-overflow ...)
        NOT-FOR-US: pngdefry
 CVE-2017-7230 (A buffer overflow vulnerability in Disk Sorter Enterprise 
9.5.12 and ...)
@@ -1617,21 +1625,22 @@
 CVE-2017-6507
        RESERVED
 CVE-2017-6814 (In WordPress before 4.7.3, there is authenticated Cross-Site 
Scripting ...)
-       {DLA-860-1}
+       {DSA-3815-1 DLA-860-1}
        - wordpress 4.7.3+dfsg-1 (bug #857026)
        NOTE: 
https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
        NOTE: 
https://github.com/WordPress/WordPress/commit/28f838ca3ee205b6f39cd2bf23eb4e5f52796bd7
 CVE-2017-6815 (In WordPress before 4.7.3 (wp-includes/pluggable.php), control 
...)
-       {DLA-860-1}
+       {DSA-3815-1 DLA-860-1}
        - wordpress 4.7.3+dfsg-1 (bug #857026)
        NOTE: 
https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
        NOTE: 
https://github.com/WordPress/WordPress/commit/288cd469396cfe7055972b457eb589cea51ce40e
 CVE-2017-6816 (In WordPress before 4.7.3 (wp-admin/plugins.php), unintended 
files can ...)
-       {DLA-860-1}
+       {DSA-3815-1 DLA-860-1}
        - wordpress 4.7.3+dfsg-1 (bug #857026)
        NOTE: 
https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
        NOTE: 
https://github.com/WordPress/WordPress/commit/4d80f8b3e1b00a3edcee0774dc9c2f4c78f9e663
 CVE-2017-6817 (In WordPress before 4.7.3 (wp-includes/embed.php), there is ...)
+       {DSA-3815-1}
        - wordpress 4.7.3+dfsg-1 (bug #857026)
        [wheezy] - wordpress <not-affected> (vulnerable code was introduced 
later)
        NOTE: 
https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
@@ -1886,6 +1895,7 @@
        NOTE: https://redmine.openinfosecfoundation.org/issues/2022
        NOTE: Fixed by: 
https://github.com/inliniac/suricata/commit/20990f7a7eb7939946a275dfc9a95426b0080a19
 (3.2.1)
 CVE-2017-7177 (Suricata before 3.2.1 has an IPv4 defragmentation evasion issue 
caused ...)
+       {DLA-865-1}
        - suricata 3.2.1-1 (bug #856649)
        [jessie] - suricata <no-dsa> (Minor issue)
        NOTE: https://redmine.openinfosecfoundation.org/issues/2019
@@ -19680,12 +19690,12 @@
        RESERVED
 CVE-2016-9170
        RESERVED
-CVE-2016-9169
-       RESERVED
-CVE-2016-9168
-       RESERVED
-CVE-2016-9167
-       RESERVED
+CVE-2016-9169 (A reflected XSS vulnerability exists in the web console of the 
Document ...)
+       TODO: check
+CVE-2016-9168 (A missing X-Frame-Options header in the NDS Utility Monitor in 
NDSD in ...)
+       TODO: check
+CVE-2016-9167 (NDSD in Novell eDirectory before 9.0.2 did not calculate ACLs 
on LDAP ...)
+       TODO: check
 CVE-2016-9166
        RESERVED
 CVE-2016-9165 (The get_sessions servlet in CA Unified Infrastructure 
Management ...)
@@ -30569,30 +30579,30 @@
        RESERVED
 CVE-2016-5759
        RESERVED
-CVE-2016-5758
-       RESERVED
-CVE-2016-5757
-       RESERVED
-CVE-2016-5756
-       RESERVED
-CVE-2016-5755
-       RESERVED
-CVE-2016-5754
-       RESERVED
+CVE-2016-5758 (A cross site request forgery protection mechanism in NetIQ 
Access ...)
+       TODO: check
+CVE-2016-5757 (iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 
Hot Fix ...)
+       TODO: check
+CVE-2016-5756 (Multiple components of the web tools in NetIQ Access Manager 
4.1 before ...)
+       TODO: check
+CVE-2016-5755 (NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 
4.2.2 ...)
+       TODO: check
+CVE-2016-5754 (Presence of a .htaccess file could leak information in NetIQ 
Access ...)
+       TODO: check
 CVE-2016-5753
        RESERVED
-CVE-2016-5752
-       RESERVED
-CVE-2016-5751
-       RESERVED
-CVE-2016-5750
-       RESERVED
-CVE-2016-5749
-       RESERVED
-CVE-2016-5748
-       RESERVED
-CVE-2016-5747
-       RESERVED
+CVE-2016-5752 (The SAML2 implementation in Identity Server in NetIQ Access 
Manager 4.1 ...)
+       TODO: check
+CVE-2016-5751 (An unfiltered finalizer target URL in the SAML processing 
feature in ...)
+       TODO: check
+CVE-2016-5750 (The certificate upload feature in iManager in NetIQ Access 
Manager 4.1 ...)
+       TODO: check
+CVE-2016-5749 (NetIQ Access Manager 4.1 before 4.1.2 HF 1 and 4.2 before 4.2.2 
was ...)
+       TODO: check
+CVE-2016-5748 (External Entity Processing (XXE) vulnerability in the 
&quot;risk score&quot; ...)
+       TODO: check
+CVE-2016-5747 (A security vulnerability in cookie handling in the http stack 
...)
+       TODO: check
 CVE-2016-5746 (libstorage, libstorage-ng, and yast-storage improperly store 
...)
        NOT-FOR-US: libstorage
 CVE-2016-5745 (F5 BIG-IP LTM systems 11.x before 11.2.1 HF16, 11.3.x, 11.4.x 
before ...)
@@ -37470,6 +37480,7 @@
 CVE-2016-3823 (The secure-session feature in the mm-video-v4l2 venc component 
in ...)
        NOT-FOR-US: Android
 CVE-2016-3822 (exif.c in Matthias Wandel jhead 2.87, as used in libjhead in 
Android ...)
+       {DLA-864-1}
        - jhead 1:3.00-4 (bug #858213)
 CVE-2016-3821 (libmedia in mediaserver in Android 4.x before 4.4.4, 5.0.x 
before ...)
        NOT-FOR-US: Android Mediaserver
@@ -44840,10 +44851,10 @@
        NOT-FOR-US: NetIQ Sentinel
 CVE-2016-1604
        RESERVED
-CVE-2016-1603
-       RESERVED
-CVE-2016-1602
-       RESERVED
+CVE-2016-1603 (An information leak in the NetIQ IDM ServiceNow Driver before 
1.0.0.1 ...)
+       TODO: check
+CVE-2016-1602 (A code injection in the supportconfig data collection tool in 
...)
+       TODO: check
 CVE-2016-1601 (yast2-users before 3.1.47, as used in SUSE Linux Enterprise 12 
SP1, ...)
        NOT-FOR-US: yast2-users / SuSE YAST
 CVE-2016-1600
@@ -44852,8 +44863,8 @@
        NOT-FOR-US: NetIQ Self Service Password Reset
 CVE-2016-1598 (XSS in NetIQ IDM 4.5 Identity Applications before 4.5.4 allows 
...)
        NOT-FOR-US: NetIQ IDM
-CVE-2016-1597
-       RESERVED
+CVE-2016-1597 (A logged-in user in NetIQ Access Governance Suite 6.0 through 
6.4 could ...)
+       TODO: check
 CVE-2016-1596 (Multiple cross-site scripting (XSS) vulnerabilities in Micro 
Focus ...)
        NOT-FOR-US: Micro Focus
 CVE-2016-1595 (LiveTime/WebObjects/LiveTime.woa/wa/DownloadAction/downloadFile 
in ...)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r49955 - data/CVE

Reply via email to