Author: sectracker
Date: 2017-06-13 21:10:13 +0000 (Tue, 13 Jun 2017)
New Revision: 52543
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-06-13 20:51:06 UTC (rev 52542)
+++ data/CVE/list 2017-06-13 21:10:13 UTC (rev 52543)
@@ -1,9 +1,15 @@
-CVE-2017-9605 [drm/vmwgfx: 4 byte read of uninitialised kernel memory in
vmw_gb_surface_define_ioctl()]
+CVE-2017-9604 (KDE kmail before 5.5.2 and messagelib before 5.5.2, as
distributed in ...)
+ TODO: check
+CVE-2017-1000379
+ RESERVED
+CVE-2017-1000378
+ RESERVED
+CVE-2017-9605 (The vmw_gb_surface_define_ioctl function (accessible via ...)
- linux <unfixed>
NOTE: http://www.openwall.com/lists/oss-security/2017/06/13/2
NOTE: Fixed by:
https://git.kernel.org/linus/07678eca2cf9c9a18584e546c2b2a0d0c9a3150c
(v4.12-rc5)
-CVE-2017-9603
- RESERVED
+CVE-2017-9603 (SQL injection vulnerability in the WP Jobs plugin before 1.5
for ...)
+ TODO: check
CVE-2017-9602
RESERVED
CVE-2017-9601
@@ -104,8 +110,8 @@
RESERVED
CVE-2017-9553
RESERVED
-CVE-2017-9552
- RESERVED
+CVE-2017-9552 (A design flaw in authentication in Synology Photo Station
6.0-2528 ...)
+ TODO: check
CVE-2015-9097 (The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail
Library) is ...)
TODO: check
CVE-2015-9096 (Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command
injection ...)
@@ -443,8 +449,8 @@
NOTE: Crash in CLI tool, disputable if any exposed service makes use of
dnstrace.
NOTE: One scenario would be to have a web application that launches
dnstracer
NOTE: with user supplied name strings to evaluate.
-CVE-2017-9429
- RESERVED
+CVE-2017-9429 (SQL injection vulnerability in the Event List plugin 0.7.8 for
...)
+ TODO: check
CVE-2017-9428 (A directory traversal vulnerability exists in ...)
NOT-FOR-US: BigTree CMS
CVE-2017-9427 (SQL injection vulnerability in BigTree CMS through 4.2.18
allows remote ...)
@@ -512,6 +518,7 @@
[jessie] - imagemagick <no-dsa> (Minor issue, wait until more severe
issues arise)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/457
CVE-2017-9404 (In LibTIFF 4.0.7, a memory leak vulnerability was found in the
function ...)
+ {DLA-984-1 DLA-983-1}
- tiff 4.0.8-1
- tiff3 <removed>
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2688
@@ -527,6 +534,7 @@
NOTE: with backtrace following the methods in
http://bugzilla.maptools.org/show_bug.cgi?id=2688
NOTE: is shown.
CVE-2017-9403 (In LibTIFF 4.0.7, a memory leak vulnerability was found in the
function ...)
+ {DLA-984-1 DLA-983-1}
- tiff 4.0.8-1
- tiff3 <removed>
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2689
@@ -926,6 +934,7 @@
CVE-2014-9971
RESERVED
CVE-2017-1000380 [infoleak due to a data race in ALSA timer]
+ RESERVED
- linux <unfixed>
NOTE: Fixed by:
https://git.kernel.org/linus/d11662f4f798b50d8c8743f433842c3e40fe3378
(v4.12-rc5)
NOTE: Fixed by:
https://git.kernel.org/linus/ba3021b2c79b2fa9114f92790a99deb27a65b728
(v4.12-rc5)
@@ -1089,8 +1098,8 @@
RESERVED
CVE-2017-9247
RESERVED
-CVE-2017-9246
- RESERVED
+CVE-2017-9246 (New Relic .NET Agent before 6.3.123.0 adds SQL injection flaws
to safe ...)
+ TODO: check
CVE-2017-9245
RESERVED
CVE-2017-9244
@@ -1418,6 +1427,7 @@
NOTE: http://freeradius.org/security.html#session-resumption-2017
NOTE:
https://anonscm.debian.org/cgit/pkg-freeradius/freeradius.git/commit/?id=8d681449aa95ee4388b5e3c266bdb070a264f563
CVE-2017-9147 (LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField
function in ...)
+ {DLA-984-1 DLA-983-1}
- tiff 4.0.8-2 (bug #863185)
[stretch] - tiff <no-dsa> (Minor issue)
[jessie] - tiff <no-dsa> (Minor issue)
@@ -3808,26 +3818,26 @@
- linux <not-affected> (Android-specific patch)
CVE-2017-8243
RESERVED
-CVE-2017-8242
- RESERVED
-CVE-2017-8241
- RESERVED
-CVE-2017-8240
- RESERVED
-CVE-2017-8239
- RESERVED
-CVE-2017-8238
- RESERVED
-CVE-2017-8237
- RESERVED
-CVE-2017-8236
- RESERVED
-CVE-2017-8235
- RESERVED
-CVE-2017-8234
- RESERVED
-CVE-2017-8233
- RESERVED
+CVE-2017-8242 (In all Android releases from CAF using the Linux kernel, a race
...)
+ TODO: check
+CVE-2017-8241 (In all Android releases from CAF using the Linux kernel, a
buffer ...)
+ TODO: check
+CVE-2017-8240 (In all Android releases from CAF using the Linux kernel, a
kernel ...)
+ TODO: check
+CVE-2017-8239 (In all Android releases from CAF using the Linux kernel, ...)
+ TODO: check
+CVE-2017-8238 (In all Android releases from CAF using the Linux kernel, a
buffer ...)
+ TODO: check
+CVE-2017-8237 (In all Android releases from CAF using the Linux kernel, a
buffer ...)
+ TODO: check
+CVE-2017-8236 (In all Android releases from CAF using the Linux kernel, a
buffer ...)
+ TODO: check
+CVE-2017-8235 (In all Android releases from CAF using the Linux kernel, a
memory ...)
+ TODO: check
+CVE-2017-8234 (In all Android releases from CAF using the Linux kernel, an out
of ...)
+ TODO: check
+CVE-2017-8233 (In a camera driver function in all Android releases from CAF
using the ...)
+ TODO: check
CVE-2017-8232
RESERVED
CVE-2017-8231
@@ -4684,28 +4694,28 @@
RESERVED
CVE-2016-10343
RESERVED
-CVE-2016-10342
- RESERVED
-CVE-2016-10341
- RESERVED
-CVE-2016-10340
- RESERVED
-CVE-2016-10339
- RESERVED
-CVE-2016-10338
- RESERVED
-CVE-2016-10337
- RESERVED
-CVE-2016-10336
- RESERVED
-CVE-2016-10335
- RESERVED
-CVE-2016-10334
- RESERVED
-CVE-2016-10333
- RESERVED
-CVE-2016-10332
- RESERVED
+CVE-2016-10342 (In all Android releases from CAF using the Linux kernel, a
buffer ...)
+ TODO: check
+CVE-2016-10341 (In all Android releases from CAF using the Linux kernel, 3rd
party ...)
+ TODO: check
+CVE-2016-10340 (In all Android releases from CAF using the Linux kernel, an
integer ...)
+ TODO: check
+CVE-2016-10339 (In all Android releases from CAF using the Linux kernel, HLOS
can ...)
+ TODO: check
+CVE-2016-10338 (In all Android releases from CAF using the Linux kernel, there
was an ...)
+ TODO: check
+CVE-2016-10337 (In all Android releases from CAF using the Linux kernel, some
...)
+ TODO: check
+CVE-2016-10336 (In all Android releases from CAF using the Linux kernel, some
regions ...)
+ TODO: check
+CVE-2016-10335 (In all Android releases from CAF using the Linux kernel,
libtomcrypt ...)
+ TODO: check
+CVE-2016-10334 (In all Android releases from CAF using the Linux kernel, a ...)
+ TODO: check
+CVE-2016-10333 (In all Android releases from CAF using the Linux kernel, a
sensitive ...)
+ TODO: check
+CVE-2016-10332 (In all Android releases from CAF using the Linux kernel, stack
...)
+ TODO: check
CVE-2016-10331 (Directory traversal vulnerability in download.php in Synology
Photo ...)
NOT-FOR-US: Synology Photo Station
CVE-2016-10330 (Directory traversal vulnerability in synophoto_dsm_user, a
SUID ...)
@@ -4754,54 +4764,54 @@
RESERVED
CVE-2015-9034
RESERVED
-CVE-2015-9033
- RESERVED
-CVE-2015-9032
- RESERVED
-CVE-2015-9031
- RESERVED
-CVE-2015-9030
- RESERVED
-CVE-2015-9029
- RESERVED
-CVE-2015-9028
- RESERVED
-CVE-2015-9027
- RESERVED
-CVE-2015-9026
- RESERVED
-CVE-2015-9025
- RESERVED
-CVE-2015-9024
- RESERVED
-CVE-2015-9023
- RESERVED
-CVE-2015-9022
- RESERVED
-CVE-2015-9021
- RESERVED
-CVE-2015-9020
- RESERVED
+CVE-2015-9033 (In all Android releases from CAF using the Linux kernel, a QTEE
system ...)
+ TODO: check
+CVE-2015-9032 (In all Android releases from CAF using the Linux kernel, a DRM
key was ...)
+ TODO: check
+CVE-2015-9031 (In all Android releases from CAF using the Linux kernel, a TZ
memory ...)
+ TODO: check
+CVE-2015-9030 (In all Android releases from CAF using the Linux kernel, the
...)
+ TODO: check
+CVE-2015-9029 (In all Android releases from CAF using the Linux kernel, a ...)
+ TODO: check
+CVE-2015-9028 (In all Android releases from CAF using the Linux kernel, a
buffer ...)
+ TODO: check
+CVE-2015-9027 (In all Android releases from CAF using the Linux kernel, an
untrusted ...)
+ TODO: check
+CVE-2015-9026 (In all Android releases from CAF using the Linux kernel, an
untrusted ...)
+ TODO: check
+CVE-2015-9025 (In all Android releases from CAF using the Linux kernel, a
buffer ...)
+ TODO: check
+CVE-2015-9024 (In all Android releases from CAF using the Linux kernel, some
...)
+ TODO: check
+CVE-2015-9023 (In all Android releases from CAF using the Linux kernel, a
buffer ...)
+ TODO: check
+CVE-2015-9022 (In all Android releases from CAF using the Linux kernel,
time-of-check ...)
+ TODO: check
+CVE-2015-9021 (In all Android releases from CAF using the Linux kernel, access
...)
+ TODO: check
+CVE-2015-9020 (In all Android releases from CAF using the Linux kernel, an
untrusted ...)
+ TODO: check
CVE-2014-9969
RESERVED
CVE-2014-9968
RESERVED
-CVE-2014-9967
- RESERVED
-CVE-2014-9966
- RESERVED
-CVE-2014-9965
- RESERVED
-CVE-2014-9964
- RESERVED
-CVE-2014-9963
- RESERVED
-CVE-2014-9962
- RESERVED
-CVE-2014-9961
- RESERVED
-CVE-2014-9960
- RESERVED
+CVE-2014-9967 (In all Android releases from CAF using the Linux kernel, an
untrusted ...)
+ TODO: check
+CVE-2014-9966 (In all Android releases from CAF using the Linux kernel, a ...)
+ TODO: check
+CVE-2014-9965 (In all Android releases from CAF using the Linux kernel, a ...)
+ TODO: check
+CVE-2014-9964 (In all Android releases from CAF using the Linux kernel, an
integer ...)
+ TODO: check
+CVE-2014-9963 (In all Android releases from CAF using the Linux kernel, a
buffer ...)
+ TODO: check
+CVE-2014-9962 (In all Android releases from CAF using the Linux kernel, a ...)
+ TODO: check
+CVE-2014-9961 (In all Android releases from CAF using the Linux kernel, a ...)
+ TODO: check
+CVE-2014-9960 (In all Android releases from CAF using the Linux kernel, a
buffer ...)
+ TODO: check
CVE-2017-7894
RESERVED
CVE-2017-7893
@@ -4953,7 +4963,7 @@
CVE-2017-7854 (The consume_init_expr function in wasm.c in radare2 1.3.0
allows remote ...)
- radare2 <not-affected> (Vulnerable code introduced later)
CVE-2017-7853 (In libosip2 in GNU oSIP 4.1.0 and 5.0.0, a malformed SIP
message can ...)
- {DLA-898-1}
+ {DSA-3879-1 DLA-898-1}
- libosip2 4.1.0-2.1 (bug #860287)
NOTE: https://savannah.gnu.org/support/index.php?109265
NOTE: Fixed by:
https://git.savannah.gnu.org/cgit/osip.git/commit/?id=1ae06daf3b2375c34af23083394a6f010be24a45
@@ -4962,17 +4972,17 @@
CVE-2017-7851
RESERVED
CVE-2016-10326 (In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can
lead to a ...)
- {DLA-898-1}
+ {DSA-3879-1 DLA-898-1}
- libosip2 4.1.0-2.1 (bug #860287)
NOTE: https://savannah.gnu.org/support/index.php?109132
NOTE: Fixed by:
https://git.savannah.gnu.org/cgit/osip.git/commit/?id=b9dd097b5b24f5ee54b0a8739e59641cd51b6ead
CVE-2016-10325 (In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can
lead to a ...)
- {DLA-898-1}
+ {DSA-3879-1 DLA-898-1}
- libosip2 4.1.0-2.1 (bug #860287)
NOTE: https://savannah.gnu.org/support/index.php?109131
NOTE:
https://git.savannah.gnu.org/cgit/osip.git/commit/?id=1d9fb1d3a71cc85ef95352e549b140c706cf8696
CVE-2016-10324 (In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can
lead to a ...)
- {DLA-898-1}
+ {DSA-3879-1 DLA-898-1}
- libosip2 4.1.0-2.1 (bug #860287)
NOTE: https://savannah.gnu.org/support/index.php?109133
NOTE:
https://git.savannah.gnu.org/cgit/osip.git/commit/?id=7e0793e15e21f68337e130c67b031ca38edf055f
@@ -6364,24 +6374,24 @@
[jessie] - linux <not-affected> (Vulnerable code not present;
Introduced in 4.2-rc1)
[wheezy] - linux <not-affected> (Vulnerable code not present;
Introduced in 4.2-rc1)
NOTE: Fixed by:
https://git.kernel.org/linus/1b53cf9815bb4744958d41f3795d5d5a1d365e2d (4.11-rc4)
-CVE-2017-7373
- RESERVED
-CVE-2017-7372
- RESERVED
-CVE-2017-7371
- RESERVED
-CVE-2017-7370
- RESERVED
-CVE-2017-7369
- RESERVED
-CVE-2017-7368
- RESERVED
-CVE-2017-7367
- RESERVED
-CVE-2017-7366
- RESERVED
-CVE-2017-7365
- RESERVED
+CVE-2017-7373 (In all Android releases from CAF using the Linux kernel, a
double free ...)
+ TODO: check
+CVE-2017-7372 (In all Android releases from CAF using the Linux kernel, a race
...)
+ TODO: check
+CVE-2017-7371 (In all Android releases from CAF using the Linux kernel, a data
...)
+ TODO: check
+CVE-2017-7370 (In all Android releases from CAF using the Linux kernel, a race
...)
+ TODO: check
+CVE-2017-7369 (In all Android releases from CAF using the Linux kernel, an
array ...)
+ TODO: check
+CVE-2017-7368 (In all Android releases from CAF using the Linux kernel, a race
...)
+ TODO: check
+CVE-2017-7367 (In all Android releases from CAF using the Linux kernel, an
integer ...)
+ TODO: check
+CVE-2017-7366 (In all Android releases from CAF using the Linux kernel, a KGSL
ioctl ...)
+ TODO: check
+CVE-2017-7365 (In all Android releases from CAF using the Linux kernel, a
buffer ...)
+ TODO: check
CVE-2017-7364
RESERVED
CVE-2017-7363 (Pixie 1.0.4 allows an admin/index.php
s=publish&m=module&x= XSS ...)
@@ -14210,6 +14220,7 @@
CVE-2017-4955 (An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x
versions ...)
TODO: check
CVE-2016-10095 (Stack-based buffer overflow in the _TIFFVGetField function in
...)
+ {DLA-984-1 DLA-983-1}
- tiff 4.0.8-2 (bug #850316)
- tiff3 <removed>
NOTE: This is a duplicate of CVE-2015-7554, both were reported against
tiffsplit
@@ -16911,8 +16922,8 @@
RESERVED
CVE-2016-9985 (IBM Cognos Server 10.1.1 and 10.2 stores highly sensitive
information ...)
NOT-FOR-US: IBM
-CVE-2016-9984
- RESERVED
+CVE-2016-9984 (IBM Maximo Asset Management 7.5 and 7.6 could allow a remote
...)
+ TODO: check
CVE-2016-9983
RESERVED
CVE-2016-9982
@@ -16933,8 +16944,8 @@
NOT-FOR-US: IBM
CVE-2016-9974
RESERVED
-CVE-2016-9973
- RESERVED
+CVE-2016-9973 (IBM Jazz Foundation is vulnerable to cross-site scripting. This
...)
+ TODO: check
CVE-2016-9972
RESERVED
CVE-2016-9971
@@ -23584,18 +23595,18 @@
RESERVED
CVE-2017-1105
RESERVED
-CVE-2017-1104
- RESERVED
+CVE-2017-1104 (IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to
...)
+ TODO: check
CVE-2017-1103 (IBM Team Concert (RTC) is vulnerable to a denial of service,
caused by ...)
NOT-FOR-US: IBM
-CVE-2017-1102
- RESERVED
-CVE-2017-1101
- RESERVED
-CVE-2017-1100
- RESERVED
-CVE-2017-1099
- RESERVED
+CVE-2017-1102 (IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to
...)
+ TODO: check
+CVE-2017-1101 (IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to
...)
+ TODO: check
+CVE-2017-1100 (IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to
...)
+ TODO: check
+CVE-2017-1099 (IBM Jazz Foundation could expose potentially sensitive
information to ...)
+ TODO: check
CVE-2017-1098
RESERVED
CVE-2017-1097
@@ -39692,8 +39703,7 @@
[wheezy] - linux <not-affected> (Transactional memory not supported)
NOTE: https://marc.info/?l=kvm&m=146968629127349&w=2
NOTE:
https://git.kernel.org/linus/93d17397e4e2182fdaad503e2f9da46202c0f1c3 (v4.8-rc1)
-CVE-2016-5411
- RESERVED
+CVE-2016-5411 (/var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat
QuickStart ...)
NOT-FOR-US: ovirt engine
CVE-2016-5410 (firewalld.py in firewalld before 0.4.3.3 allows local users to
bypass ...)
- firewalld 0.4.3.3-1 (bug #834529)
@@ -39759,8 +39769,7 @@
- hadoop <itp> (bug #793644)
CVE-2016-5392 (The API server in Kubernetes, as used in Red Hat OpenShift
Enterprise ...)
NOT-FOR-US: OpenShift
-CVE-2016-5391
- RESERVED
+CVE-2016-5391 (libreswan before 3.18 allows remote attackers to cause a denial
of ...)
- libreswan <not-affected> (Fixed before the initial upload to Debian)
NOTE: https://libreswan.org/security/CVE-2016-5391/CVE-2016-5391.txt
CVE-2016-5390 (Foreman before 1.11.4 and 1.12.x before 1.12.1 allow remote ...)
@@ -45543,8 +45552,7 @@
- libxml2 2.9.3+dfsg1-1.1 (bug #823414)
NOTE:
https://git.gnome.org/browse/libxml2/commit/?id=8f30bdff69edac9075f4663ce3b56b0c52d48ce6
(v2.9.4)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=765207
-CVE-2016-3704
- RESERVED
+CVE-2016-3704 (Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to
generate ...)
NOT-FOR-US: Pulp (Red Hat)
CVE-2016-3703 (Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly
validate the ...)
NOT-FOR-US: OpenShift
@@ -45569,8 +45577,7 @@
- runc 0.1.0+dfsg-1
NOTE:
https://github.com/opencontainers/runc/commit/69af385de62ea68e2e608335cffbb0f4aa3db091
(runc, v0.1.0)
NOTE:
https://github.com/docker/docker/commit/da38ac6c79fe902ed0687afc73d731c95c6d491a
(docker)
-CVE-2016-3696
- RESERVED
+CVE-2016-3696 (The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local
users ...)
NOT-FOR-US: Pulp (Red Hat)
CVE-2016-3695
RESERVED
@@ -68867,8 +68874,8 @@
NOT-FOR-US: TYPO3 extension jobfair
CVE-2015-4597
RESERVED
-CVE-2015-4596
- RESERVED
+CVE-2015-4596 (Lenovo Mouse Suite before 6.73 allows local users to run
arbitrary ...)
+ TODO: check
CVE-2015-4595
RESERVED
CVE-2015-4594 (eClinicalWorks Population Health (CCMR) suffers from a session
...)
@@ -72811,8 +72818,7 @@
[jessie] - neutron <not-affected> (ipset code introduced in Juno)
NOTE: https://bugs.launchpad.net/neutron/+bug/1461054/comments/18
NOTE: 2014.2 versions through 2014.2.3 and 2015.1.0 version
-CVE-2015-3220
- RESERVED
+CVE-2015-3220 (The tlslite library before 0.4.9 for Python allows remote
attackers to ...)
- tlslite <removed>
CVE-2015-3219 (Cross-site scripting (XSS) vulnerability in the
Orchestration/Stack ...)
{DSA-3617-1}
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
