Author: sectracker Date: 2017-03-24 09:10:12 +0000 (Fri, 24 Mar 2017) New Revision: 49986
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-03-24 05:56:27 UTC (rev 49985) +++ data/CVE/list 2017-03-24 09:10:12 UTC (rev 49986) @@ -1,3 +1,25 @@ +CVE-2017-7254 + RESERVED +CVE-2017-7253 + RESERVED +CVE-2017-7252 + RESERVED +CVE-2017-7251 (A Cross-Site Scripting (XSS) was discovered in pi-engine/pi 2.5.0. The ...) + TODO: check +CVE-2017-7250 (A Cross-Site Scripting (XSS) was discovered in Gazelle before ...) + TODO: check +CVE-2017-7249 (Multiple Cross-Site Scripting (XSS) were discovered in Gazelle before ...) + TODO: check +CVE-2017-7248 (A Cross-Site Scripting (XSS) was discovered in Gazelle before ...) + TODO: check +CVE-2017-7247 (Multiple Cross-Site Scripting (XSS) were discovered in Gazelle before ...) + TODO: check +CVE-2017-7246 (Stack-based buffer overflow in the pcre32_copy_substring function in ...) + TODO: check +CVE-2017-7245 (Stack-based buffer overflow in the pcre32_copy_substring function in ...) + TODO: check +CVE-2017-7244 (The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 ...) + TODO: check CVE-2017-7243 RESERVED CVE-2017-7242 (Multiple Cross-Site Scripting (XSS) were discovered in admin/modules ...) @@ -1657,8 +1679,8 @@ NOT-FOR-US: Easy File Sharing FTP Server CVE-2017-6509 (Smith0r/burgundy-cms before 2017-03-06 is vulnerable to a reflected XSS ...) NOT-FOR-US: burgundy-cms -CVE-2017-6507 - RESERVED +CVE-2017-6507 (An issue was discovered in AppArmor before 2.12. Incorrect handling of ...) + TODO: check CVE-2017-6814 (In WordPress before 4.7.3, there is authenticated Cross-Site Scripting ...) {DSA-3815-1 DLA-860-1} - wordpress 4.7.3+dfsg-1 (bug #857026) @@ -1725,7 +1747,7 @@ [wheezy] - imagemagick <not-affected> (vulnerable code not present) NOTE: https://github.com/ImageMagick/ImageMagick/commit/d31fec57e9dfb0516deead2053a856e3c71e9751 CVE-2017-6500 (An issue was discovered in ImageMagick 6.9.7. A specially crafted sun ...) - {DSA-3808-1} + {DSA-3808-1 DLA-868-1} - imagemagick 8:6.9.7.4+dfsg-2 (bug #856879) NOTE: https://github.com/ImageMagick/ImageMagick/commit/3007531bfd326c5c1e29cd41d2cd80c166de8528 NOTE: https://github.com/ImageMagick/ImageMagick/issues/375 @@ -1737,7 +1759,7 @@ NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=23&p=142634 NOTE: https://github.com/ImageMagick/ImageMagick/commit/3358f060fc182551822576b2c0a8850faab5d543 CVE-2017-6498 (An issue was discovered in ImageMagick 6.9.7. Incorrect TGA files could ...) - {DSA-3808-1} + {DSA-3808-1 DLA-868-1} - imagemagick 8:6.9.7.4+dfsg-2 (bug #856878) NOTE: https://github.com/ImageMagick/ImageMagick/commit/65f75a32a93ae4044c528a987a68366ecd4b46b9 NOTE: https://github.com/ImageMagick/ImageMagick/pull/359 @@ -2242,8 +2264,8 @@ RESERVED CVE-2017-6370 (TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI in ...) NOT-FOR-US: Typo3 -CVE-2017-6369 - RESERVED +CVE-2017-6369 (Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 ...) + TODO: check CVE-2017-6368 RESERVED CVE-2017-6367 (In Cerberus FTP Server 8.0.10.1, a crafted HTTP request causes the ...) @@ -5848,7 +5870,7 @@ NOT-FOR-US: Rapid7 CVE-2017-5228 (All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 ...) NOT-FOR-US: Rapid7 -CVE-2017-5227 (QNAP QTS before 4.2.4 Build 20170313 allows attackers to obtain ...) +CVE-2017-5227 (QNAP QTS before 4.2.4 Build 20170313 allows local users to obtain ...) NOT-FOR-US: QNAP CVE-2017-5225 (LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the ...) {DLA-795-1} @@ -6004,10 +6026,10 @@ CVE-2017-5206 (Firejail before 0.9.44.4, when running on a Linux kernel before 4.8, ...) - firejail 0.9.44.4-1 (bug #850558) NOTE: Fixed by: https://github.com/netblue30/firejail/commit/6b8dba29d73257311564ee7f27b9b14758cc693e -CVE-2017-5199 - RESERVED -CVE-2017-5198 - RESERVED +CVE-2017-5199 (The editbanner feature in SolarWinds LEM (aka SIEM) through 6.3.1 ...) + TODO: check +CVE-2017-5198 (SolarWinds LEM (aka SIEM) before 6.3.1 has an incorrect sudo ...) + TODO: check CVE-2017-5197 (There is XSS in SilverStripe CMS before 3.4.4 and 3.5.x before 3.5.2. ...) NOT-FOR-US: SilverStripe CVE-2017-5192 [local_batch client external authentication not respected] @@ -12953,7 +12975,7 @@ NOTE: Debian uses an old fork of netpbm NOTE: http://www.openwall.com/lists/oss-security/2017/02/05/7 CVE-2017-2577 - RESERVED + REJECTED CVE-2017-2575 RESERVED CVE-2017-2574 @@ -18743,7 +18765,7 @@ NOTE: https://github.com/ImageMagick/ImageMagick/commit/2bb6941a2d557f26a2f2049ade466e118eeaab91 NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3 CVE-2016-10062 (The ReadGROUP4Image function in coders/tiff.c in ImageMagick does not ...) - {DSA-3799-1} + {DSA-3799-1 DLA-868-1} - imagemagick 8:6.9.7.4+dfsg-1 (bug #849439) NOTE: https://github.com/ImageMagick/ImageMagick/issues/196 NOTE: https://github.com/ImageMagick/ImageMagick/issues/352 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits