Author: sectracker Date: 2017-06-07 21:10:12 +0000 (Wed, 07 Jun 2017) New Revision: 52400
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-06-07 21:00:21 UTC (rev 52399) +++ data/CVE/list 2017-06-07 21:10:12 UTC (rev 52400) @@ -1,3 +1,15 @@ +CVE-2017-9504 + RESERVED +CVE-2017-9503 + RESERVED +CVE-2017-9502 + RESERVED +CVE-2017-9501 (In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the ...) + TODO: check +CVE-2017-9500 (In ImageMagick 7.0.5-8 Q16, an assertion failure was found in the ...) + TODO: check +CVE-2017-9499 (In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the ...) + TODO: check CVE-2017-9498 RESERVED CVE-2017-9497 @@ -371,8 +383,8 @@ CVE-2017-9372 (PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x ...) - pjproject 2.5.5~dfsg-6 (bug #863901) NOTE: http://downloads.asterisk.org/pub/security/AST-2017-002.txt -CVE-2017-9355 - RESERVED +CVE-2017-9355 (XML external entity (XXE) vulnerability in the import playlist feature ...) + TODO: check CVE-2017-9354 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector ...) - wireshark <unfixed> (bug #864058) NOTE: https://www.wireshark.org/security/wnpa-sec-2017-32.html @@ -1141,7 +1153,7 @@ NOT-FOR-US: ImageWorsener CVE-2017-9201 (imagew-cmd.c:850:46 in libimageworsener.a in ImageWorsener 1.3.1 allows ...) NOT-FOR-US: ImageWorsener -CVE-2017-9148 (The TLS session cache in FreeRADIUS before 3.0.14 fails to reliably ...) +CVE-2017-9148 (The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before ...) {DLA-977-1} - freeradius 3.0.12+dfsg-5 (bug #863673) [jessie] - freeradius <not-affected> (Only affects 2.1.1 to 2.1.7 and 3.0 to 3.0.13) @@ -4208,10 +4220,10 @@ NOT-FOR-US: Schneider CVE-2017-7967 (All versions of VAMPSET software produced by Schneider Electric, prior ...) NOT-FOR-US: Schneider -CVE-2017-7966 - RESERVED -CVE-2017-7965 - RESERVED +CVE-2017-7966 (A DLL Hijacking vulnerability in the programming software in Schneider ...) + TODO: check +CVE-2017-7965 (A buffer overflow vulnerability exists in Programming Software ...) + TODO: check CVE-2017-7964 (Zyxel WRE6505 devices have a default TELNET password of 1234 for the ...) NOT-FOR-US: Zyxel CVE-2017-7963 (** DISPUTED ** The GNU Multiple Precision Arithmetic Library (GMP) ...) @@ -5457,10 +5469,10 @@ NOT-FOR-US: MyBB CVE-2017-7565 (Splunk Hadoop Connect App has a path traversal vulnerability that ...) NOT-FOR-US: Splunk Hadoop Connect App -CVE-2017-7564 - RESERVED -CVE-2017-7563 - RESERVED +CVE-2017-7564 (In ARM Trusted Firmware through 1.3, the secure self-hosted invasive ...) + TODO: check +CVE-2017-7563 (In ARM Trusted Firmware 1.3, RO memory is always executable at AArch64 ...) + TODO: check CVE-2016-10320 (textract before 1.5.0 allows OS Command Injection attacks via a ...) NOT-FOR-US: textract CVE-2016-10319 (In ARM Trusted Firmware 1.2 and 1.3, a malformed firmware update SMC ...) @@ -6191,12 +6203,12 @@ RESERVED CVE-2017-7315 RESERVED -CVE-2017-7314 - RESERVED -CVE-2017-7313 - RESERVED -CVE-2017-7312 - RESERVED +CVE-2017-7314 (An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. ...) + TODO: check +CVE-2017-7313 (An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. ...) + TODO: check +CVE-2017-7312 (An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. ...) + TODO: check CVE-2017-7311 RESERVED CVE-2017-7310 (A buffer overflow vulnerability in Import Command in Sync Breeze ...) @@ -7570,7 +7582,7 @@ NOT-FOR-US: Siemens CVE-2017-6866 RESERVED -CVE-2017-6865 (Siemens SIMATIC WinCC (TIA Portal) (V13 all versions before SP2 and V14 ...) +CVE-2017-6865 (Siemens SIMATIC WinCC (TIA Portal) (V13 all versions before SP2 and ...) NOT-FOR-US: Siemens CVE-2017-6864 (The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at ...) NOT-FOR-US: Siemens @@ -14041,14 +14053,14 @@ RESERVED CVE-2017-4918 RESERVED -CVE-2017-4917 - RESERVED +CVE-2017-4917 (VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x ...) + TODO: check CVE-2017-4916 (VMware Workstation Pro/Player contains a NULL pointer dereference ...) NOT-FOR-US: VMware CVE-2017-4915 (VMware Workstation Pro/Player contains an insecure library loading ...) NOT-FOR-US: VMware -CVE-2017-4914 - RESERVED +CVE-2017-4914 (VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x ...) + TODO: check CVE-2017-4913 RESERVED CVE-2017-4912 @@ -14065,22 +14077,22 @@ RESERVED CVE-2017-4906 RESERVED -CVE-2017-4905 - RESERVED -CVE-2017-4904 - RESERVED -CVE-2017-4903 - RESERVED -CVE-2017-4902 - RESERVED +CVE-2017-4905 (VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without ...) + TODO: check +CVE-2017-4904 (The XHCI controller in VMware ESXi 6.5 without patch ...) + TODO: check +CVE-2017-4903 (VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without ...) + TODO: check +CVE-2017-4902 (VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without ...) + TODO: check CVE-2017-4901 RESERVED -CVE-2017-4900 - RESERVED -CVE-2017-4899 - RESERVED -CVE-2017-4898 - RESERVED +CVE-2017-4900 (VMware Workstation Pro/Player 12.x before 12.5.3 contains a NULL ...) + TODO: check +CVE-2017-4899 (VMware Workstation Pro/Player 12.x before 12.5.3 contains a security ...) + TODO: check +CVE-2017-4898 (VMware Workstation Pro/Player 12.x before 12.5.3 contains a DLL ...) + TODO: check CVE-2017-4897 (VMware Horizon DaaS before 7.0.0 contains a vulnerability that exists ...) NOT-FOR-US: VMware Horizon DaaS CVE-2017-4896 (Airwatch Inbox for Android contains a vulnerability that may allow a ...) @@ -16625,8 +16637,8 @@ NOT-FOR-US: IBM CVE-2016-9978 (IBM Curam Social Program Management 5.2, 6.0, and 7.0 could allow an ...) NOT-FOR-US: IBM -CVE-2016-9977 - RESERVED +CVE-2016-9977 (IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote ...) + TODO: check CVE-2016-9976 (IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote ...) NOT-FOR-US: IBM CVE-2016-9975 (IBM Jazz for Service Management 1.1.2.1 and 1.1.3 is vulnerable to ...) @@ -19121,8 +19133,8 @@ NOT-FOR-US: Joomla CVE-2016-9835 (Directory traversal vulnerability in file "jcss.php" in Zikula 1.3.x ...) NOT-FOR-US: Zikula -CVE-2016-9834 - RESERVED +CVE-2016-9834 (An XSS vulnerability allows remote attackers to execute arbitrary ...) + TODO: check CVE-2016-9833 RESERVED CVE-2016-9832 (PricewaterhouseCoopers (PwC) ACE-ABAP 8.10.304 for SAP Security allows ...) @@ -22877,8 +22889,8 @@ RESERVED CVE-2017-1306 RESERVED -CVE-2017-1305 - RESERVED +CVE-2017-1305 (IBM DOORS Next Generation (DNG/RRC) 6.0.2 and 6.0.3 is vulnerable to ...) + TODO: check CVE-2017-1304 RESERVED CVE-2017-1303 @@ -23095,8 +23107,8 @@ RESERVED CVE-2017-1197 RESERVED -CVE-2017-1196 - RESERVED +CVE-2017-1196 (IBM BigFix Compliance (TEMA SUAv1 SCA SCM) 1.9.70 does not require ...) + TODO: check CVE-2017-1195 RESERVED CVE-2017-1194 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...) @@ -23132,8 +23144,8 @@ NOT-FOR-US: IBM TRIRIGA Document Manager CVE-2017-1179 RESERVED -CVE-2017-1178 - RESERVED +CVE-2017-1178 (IBM Endpoint Manager for Security and Compliance 1.9.70 is vulnerable ...) + TODO: check CVE-2017-1177 RESERVED CVE-2017-1176 @@ -23238,8 +23250,8 @@ NOT-FOR-US: IBM CVE-2017-1126 RESERVED -CVE-2017-1125 - RESERVED +CVE-2017-1125 (IBM Cognos Analytics 10.1 and 10.2 could allow a local user to craft a ...) + TODO: check CVE-2017-1124 (IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local ...) NOT-FOR-US: IBM CVE-2017-1123 @@ -23821,8 +23833,8 @@ RESERVED CVE-2016-9711 RESERVED -CVE-2016-9710 - RESERVED +CVE-2016-9710 (IBM Predictive Solutions Foundation (formerly PMQ) could allow a ...) + TODO: check CVE-2016-9709 RESERVED CVE-2016-9708 @@ -27892,8 +27904,8 @@ NOT-FOR-US: IBM CVE-2016-8940 (IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and ...) NOT-FOR-US: IBM -CVE-2016-8939 - RESERVED +CVE-2016-8939 (IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) ...) + TODO: check CVE-2016-8938 (IBM UrbanCode Deploy could allow a user to execute code using a ...) NOT-FOR-US: IBM CVE-2016-8937 @@ -37399,12 +37411,12 @@ REJECTED CVE-2016-6090 (IBM WebSphere Commerce contains an unspecified vulnerability that ...) NOT-FOR-US: IBM -CVE-2016-6089 - RESERVED +CVE-2016-6089 (IBM WebSphere MQ 9.0.0.1 and 9.0.2 could allow a local user to write ...) + TODO: check CVE-2016-6088 RESERVED -CVE-2016-6087 - RESERVED +CVE-2016-6087 (IBM Domino 8.5 and 9.0 could allow an attacker to steal credentials ...) + TODO: check CVE-2016-6086 RESERVED CVE-2016-6085 (IBM BigFix Platform could allow an attacker on the local network to ...) @@ -37657,10 +37669,10 @@ RESERVED CVE-2016-5961 RESERVED -CVE-2016-5960 - RESERVED -CVE-2016-5959 - RESERVED +CVE-2016-5960 (IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores user ...) + TODO: check +CVE-2016-5959 (IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores ...) + TODO: check CVE-2016-5958 (IBM Security Privileged Identity Manager could allow a remote attacker ...) NOT-FOR-US: IBM CVE-2016-5957 (IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x ...) @@ -41425,8 +41437,7 @@ RESERVED CVE-2016-4974 (Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS (AMQP 1.0) before ...) NOT-FOR-US: Apache Qpid Java Broker -CVE-2016-4973 - RESERVED +CVE-2016-4973 (Binaries compiled against targets that use the libssp library in GCC ...) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1324759 - gcc-6 <not-affected> (Uses glibc-internal SSP) - gcc-5 <not-affected> (Uses glibc-internal SSP) @@ -46963,8 +46974,8 @@ NOT-FOR-US: IBM CVE-2016-3052 (IBM WebSphere MQ 8.0, under nonstandard configurations, sends password ...) NOT-FOR-US: IBM -CVE-2016-3051 - RESERVED +CVE-2016-3051 (IBM Security Access Manager for Web 9.0.0 could allow an authenticated ...) + TODO: check CVE-2016-3050 RESERVED CVE-2016-3049 @@ -47031,8 +47042,8 @@ NOT-FOR-US: IBM CVE-2016-3020 (IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could ...) NOT-FOR-US: IBM -CVE-2016-3019 - RESERVED +CVE-2016-3019 (IBM Security Access Manager for Web 9.0.0 uses weaker than expected ...) + TODO: check CVE-2016-3018 (IBM Security Access Manager for Web is vulnerable to cross-site ...) NOT-FOR-US: IBM CVE-2016-3017 (IBM Security Access Manager for Web could allow a remote attacker to ...) @@ -56787,8 +56798,8 @@ RESERVED CVE-2016-0255 (IBM Marketing Platform 9.1 and 10.0 is vulnerable to stored cross-site ...) NOT-FOR-US: IBM -CVE-2016-0254 - RESERVED +CVE-2016-0254 (IBM Cognos Business Intelligence 10.1 and 10.2 is vulnerable to a ...) + TODO: check CVE-2016-0253 RESERVED CVE-2016-0252 (IBM Control Center 6.x before 6.0.0.1 iFix06 and Sterling Control ...) @@ -56895,8 +56906,7 @@ NOT-FOR-US: IBM CVE-2016-0201 (GSKit in IBM Security Network Protection 5.3.1 before 5.3.1.7 and ...) NOT-FOR-US: IBM -CVE-2015-8538 [a out of bound read bug is found in libdwarf] - RESERVED +CVE-2015-8538 (dwarf_leb.c in libdwarf allows attackers to cause a denial of service ...) {DLA-669-1} - dwarfutils 20160507-1 (bug #807817) [jessie] - dwarfutils 20120410-2+deb8u1 @@ -57950,8 +57960,7 @@ RESERVED CVE-2015-8322 (NetApp OnCommand System Manager 8.3.x before 8.3.2 allows remote ...) NOT-FOR-US: NetApp -CVE-2015-8326 [Use of predictable names for temporary files] - RESERVED +CVE-2015-8326 (The IPTables-Parse module before 1.6 for Perl allows local users to ...) - libiptables-parse-perl 1.6-1 [jessie] - libiptables-parse-perl 1.1-1+deb8u1 [wheezy] - libiptables-parse-perl 1.1-1+deb7u1 @@ -58207,8 +58216,8 @@ RESERVED CVE-2015-8236 (Arista EOS before 4.11.12, 4.12 before 4.12.11, 4.13 before 4.13.14M, ...) NOT-FOR-US: Arista EOS -CVE-2015-8235 - RESERVED +CVE-2015-8235 (Directory traversal vulnerability in Spiffy before 5.4. ...) + TODO: check CVE-2015-8233 (Cross-site scripting (XSS) vulnerability in the MAYO theme 7.x-1.x ...) NOT-FOR-US: Drupal theme CVE-2015-8232 (The UC Profile module 6.x-1.x before 6.x-1.3 for Drupal does not ...) @@ -59247,8 +59256,8 @@ RESERVED CVE-2015-7889 RESERVED -CVE-2015-7888 - RESERVED +CVE-2015-7888 (Directory traversal vulnerability in the WifiHs20UtilityService on the ...) + TODO: check CVE-2015-7887 RESERVED CVE-2015-7886 (NetApp Data ONTAP before 8.2.4P1, when 7-Mode and HTTP access are ...) @@ -59770,15 +59779,13 @@ NOT-FOR-US: SAP HANA CVE-2015-7725 (Multiple SQL injection vulnerabilities in the Web-based Development ...) NOT-FOR-US: SAP HANA -CVE-2015-7724 [Privilege Escalation Via Symlink Attacks On POSIX Shared Memory With Insecure Permissions In AMD fglrx-driver] - RESERVED +CVE-2015-7724 (AMD fglrx-driver before 15.9 allows local users to gain privileges via ...) - fglrx-driver 1:15.9-1 (bug #803517) [jessie] - fglrx-driver <no-dsa> (Non-free not supported) [wheezy] - fglrx-driver <no-dsa> (non-free not supported) [squeeze] - fglrx-driver <no-dsa> (non-free not supported) NOTE: http://seclists.org/fulldisclosure/2015/Oct/103 -CVE-2015-7723 [Privilege Escalation Via Symlink Attacks On POSIX Shared Memory With Insecure Permissions In AMD fglrx-driver] - RESERVED +CVE-2015-7723 (AMD fglrx-driver before 15.7 allows local users to gain privileges via ...) - fglrx-driver 1:15.7-1 (bug #803517) [jessie] - fglrx-driver <no-dsa> (Non-free not supported) [wheezy] - fglrx-driver <no-dsa> (non-free not supported) @@ -60512,8 +60519,7 @@ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1285326 NOTE: https://os-s.net/advisories/OSS-2016-05_aiptek.pdf NOTE: Upstream commit: https://git.kernel.org/linus/8e20cf2bce122ce9262d6034ee5d5b76fbb92f96 (v4.4-rc6) -CVE-2015-7514 - RESERVED +CVE-2015-7514 (OpenStack Ironic 4.2.0 through 4.2.1 does not "clean" the disk after ...) - ironic 1:4.2.2-1 (bug #807269) CVE-2015-7513 (arch/x86/kvm/x86.c in the Linux kernel before 4.4 does not reset the ...) {DSA-3434-1} @@ -60990,8 +60996,7 @@ CVE-2015-7327 (Mozilla Firefox before 41.0 does not properly restrict the ...) - iceweasel <not-affected> (Windows-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-114/ -CVE-2015-7326 [XXE vulnerability in Milton Webdav] - RESERVED +CVE-2015-7326 (XML External Entity (XXE) vulnerability in Milton Webdav before ...) NOT-FOR-US: Milton Webdav CVE-2015-7325 RESERVED @@ -61919,8 +61924,8 @@ RESERVED CVE-2015-6960 RESERVED -CVE-2015-6959 - RESERVED +CVE-2015-6959 (Cross-site scripting (XSS) vulnerability in Vindula 1.9. ...) + TODO: check CVE-2015-6958 RESERVED CVE-2015-6957 @@ -63114,8 +63119,8 @@ REJECTED CVE-2015-6541 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Mail ...) NOT-FOR-US: Zimbra -CVE-2015-6540 - RESERVED +CVE-2015-6540 (Cross-site scripting (XSS) vulnerability in Intellect Design Arena ...) + TODO: check CVE-2015-6539 RESERVED CVE-2015-6538 (The login page in Epiphany Cardio Server 3.3, 4.0, and 4.1 mishandles ...) @@ -65778,8 +65783,7 @@ REJECTED CVE-2015-5516 (Memory leak in the last hop kernel module in F5 BIG-IP LTM, GTM, and ...) NOT-FOR-US: F5 BIG-IP -CVE-2015-6240 [ansible zone/chroot/jail escape] - RESERVED +CVE-2015-6240 (The chroot, jail, and zone connection plugins in ansible before 1.9.2 ...) - ansible 1.9.2+dfsg-1 (low) [jessie] - ansible <no-dsa> (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2015/07/14/3 @@ -66753,8 +66757,7 @@ [wheezy] - icedtea-web <no-dsa> (Minor issue) CVE-2015-5233 (Foreman before 1.8.4 and 1.9.x before 1.9.1 do not properly apply ...) - foreman <itp> (bug #663101) -CVE-2015-5232 - RESERVED +CVE-2015-5232 (Race conditions in opa-fm before 10.4.0.0.196 and opa-ff before ...) NOT-FOR-US: OPA Fabric Manager and OPA tools and Fast Fabric CVE-2015-5231 (The service daemon in CRIU does not properly restrict access to ...) - criu 1.8-2 (bug #797110) @@ -66868,8 +66871,7 @@ NOTE: Analysis/More information: https://bugzilla.redhat.com/show_bug.cgi?id=1254242#c3 NOTE: The patch http://sf.net/projects/mancha/files/sec/jasper-1.900.1_CVE-2015-5203.diff NOTE: breaks ABI. -CVE-2015-5202 - RESERVED +CVE-2015-5202 (Red Hat Satellite 6 allows remote authenticated users with privileged ...) NOT-FOR-US: Satellite6 CVE-2015-5201 RESERVED @@ -66969,8 +66971,7 @@ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-5177 CVE-2015-5176 (The PortletRequestDispatcher in PortletBridge, as used in Red Hat ...) NOT-FOR-US: PortletBridge component in JBoss Portal -CVE-2015-5175 - RESERVED +CVE-2015-5175 (Application plugins in Apache CXF Fediz before 1.1.3 and 1.2.x before ...) NOT-FOR-US: Apache CXF Fediz CVE-2015-5174 (Directory traversal vulnerability in RequestUtil.java in Apache Tomcat ...) {DSA-3609-1 DSA-3552-1 DSA-3530-1 DLA-435-1} _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits