Author: sectracker Date: 2017-07-18 21:10:15 +0000 (Tue, 18 Jul 2017) New Revision: 53630
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-07-18 20:56:40 UTC (rev 53629) +++ data/CVE/list 2017-07-18 21:10:15 UTC (rev 53630) @@ -1,3 +1,29 @@ +CVE-2017-11434 + RESERVED +CVE-2017-11433 + RESERVED +CVE-2017-11432 + RESERVED +CVE-2017-11431 + RESERVED +CVE-2017-11430 + RESERVED +CVE-2017-11429 + RESERVED +CVE-2017-11428 + RESERVED +CVE-2017-11427 + RESERVED +CVE-2017-11426 + RESERVED +CVE-2017-11425 + RESERVED +CVE-2017-11424 + RESERVED +CVE-2017-11423 (The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, ...) + TODO: check +CVE-2017-11422 + RESERVED CVE-2017-11420 (Stack-based buffer overflow in ASUS_Discovery.c in networkmap in ...) NOT-FOR-US: ASUS CVE-2017-11419 (Fiyo CMS 2.0.7 has SQL injection in ...) @@ -41,7 +67,7 @@ RESERVED CVE-2017-11400 RESERVED -CVE-2017-11421 [Thumbnail generation for MSI files executes arbitrary VBScript] +CVE-2017-11421 (gnome-exe-thumbnailer before 0.9.5 is prone to a VBScript Injection ...) - gnome-exe-thumbnailer 0.9.5-1 (bug #868705) [stretch] - gnome-exe-thumbnailer <no-dsa> (Minor issue) NOTE: http://news.dieweltistgarnichtso.net/posts/gnome-thumbnailer-msi-fail.html @@ -508,7 +534,7 @@ RESERVED CVE-2017-1000083 [Evince command injection vulnerability in CBT handler] RESERVED - {DSA-3911-1} + {DSA-3911-1 DLA-1031-1} - evince 3.22.1-4 - atril <unfixed> (bug #868500) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=784630 @@ -1432,10 +1458,10 @@ RESERVED CVE-2017-10963 RESERVED -CVE-2017-10962 - RESERVED -CVE-2017-10961 - RESERVED +CVE-2017-10962 (REDCap before 7.5.1 has XSS via the query string. ...) + TODO: check +CVE-2017-10961 (REDCap before 7.5.1 has CSRF in the deletion feature of the File ...) + TODO: check CVE-2017-10960 RESERVED CVE-2017-10959 @@ -1960,8 +1986,8 @@ RESERVED CVE-2017-10709 (The lockscreen on Elephone P9000 devices (running Android 6.0) allows ...) NOT-FOR-US: Elephone P9000 devices -CVE-2017-10708 - RESERVED +CVE-2017-10708 (An issue was discovered in Apport through 2.20.x. In apport/report.py, ...) + TODO: check CVE-2017-10707 RESERVED CVE-2017-10706 (When Antiy Antivirus Engine before 5.0.0.05171547 scans a special ZIP ...) @@ -2763,7 +2789,7 @@ - apache2 <not-affected> (Only affected 2.4.26) NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27 CVE-2017-9788 (In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value ...) - {DLA-1028-1} + {DSA-3913-1 DLA-1028-1} - apache2 2.4.27-1 (bug #868467) NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27 NOTE: Fixed by (2.4.x): https://svn.apache.org/r1800955 @@ -10841,8 +10867,7 @@ NOTE: https://gitlab.com/gnutls/gnutls/commit/4c4d35264fada08b6536425c051fb8e0b05ee86b NOTE: https://gitlab.com/gnutls/gnutls/commit/3efb6c5fd0e3822ec11879d5bcbea0e8d322cd03 NOTE: https://gitlab.com/gnutls/gnutls/commit/e1d6c59a7b0392fb3b8b75035614084a53e2c8c9 -CVE-2017-7506 - RESERVED +CVE-2017-7506 (spice versions though 0.13 are vulnerable to out-of-bounds memory ...) {DSA-3907-1} - spice <unfixed> (bug #868083) CVE-2017-7505 (Foreman since version 1.5 is vulnerable to an incorrect authorization ...) @@ -14511,8 +14536,8 @@ NOTE: Fixed by: https://git.kernel.org/linus/8b74d439e1697110c5e5c600643e823eb1dd0762 CVE-2017-6321 RESERVED -CVE-2017-6320 - RESERVED +CVE-2017-6320 (A remote command injection vulnerability exists in the Barracuda Load ...) + TODO: check CVE-2017-6319 (The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 ...) - radare2 1.1.0+dfsg-3 (bug #856579) [jessie] - radare2 <not-affected> (Vulnerable code introduced in 1.1.0) @@ -18201,12 +18226,12 @@ RESERVED CVE-2017-5248 RESERVED -CVE-2017-5247 - RESERVED -CVE-2017-5246 - RESERVED +CVE-2017-5247 (Biscom Secure File Transfer is vulnerable to cross-site scripting in ...) + TODO: check +CVE-2017-5246 (Biscom Secure File Transfer is vulnerable to AngularJS expression ...) + TODO: check CVE-2017-5245 - RESERVED + REJECTED CVE-2017-5244 (Routes used to stop running Metasploit tasks (either particular ones ...) NOT-FOR-US: Metasploit CVE-2017-5243 (The default SSH configuration in Rapid7 Nexpose hardware appliances ...) @@ -28241,8 +28266,8 @@ NOT-FOR-US: IBM CVE-2017-1319 (IBM Tivoli Federated Identity Manager 6.2 is affected by a ...) NOT-FOR-US: IBM -CVE-2017-1318 - RESERVED +CVE-2017-1318 (IBM MQ Appliance 8.0 and 9.0 could allow an authenticated messaging ...) + TODO: check CVE-2017-1317 RESERVED CVE-2017-1316 @@ -236158,7 +236183,7 @@ NOT-FOR-US: Destiney CVE-2006-2532 (stats.php in Destiney Rated Images Script 0.5.0 allows remote ...) NOT-FOR-US: Destiney -CVE-2006-2531 (Ipswitch WhatsUp Professional 2006 only verifies the users identity ...) +CVE-2006-2531 (Ipswitch WhatsUp Professional 2006 only verifies the user's identity ...) NOT-FOR-US: Ipswitch CVE-2006-2530 (avatar_upload.asp in Avatar MOD 1.3 for Snitz Forums 3.4, and possibly ...) NOT-FOR-US: Snitz mod @@ -251409,7 +251434,7 @@ - proftpd 1.2.4-1 CVE-2001-1499 (Check Point VPN-1 4.1SP4 using SecuRemote returns different error ...) NOT-FOR-US: Check Point -CVE-2001-1498 (Buffer overflow in mod_bf 0.2 allows local users execute arbitrary ...) +CVE-2001-1498 (Buffer overflow in mod_bf 0.2 allows local users to execute arbitrary ...) NOT-FOR-US: mod_bf CVE-2001-1497 (Microsoft Internet Explorer 4.0 through 6.0 could allow local users to ...) NOT-FOR-US: Microsoft @@ -258691,7 +258716,7 @@ {DSA-639-1} NOTE: unstable not vulnerable according to DSA, DSA was wrong.. - mc 1:4.6.0-4.6.1-pre3-1 -CVE-2004-1175 (fish.c in midnight commander allows remote attackers execute arbitrary ...) +CVE-2004-1175 (fish.c in midnight commander allows remote attackers to execute ...) {DSA-639-1} NOTE: unstable not vulnerable according to DSA, DSA was wrong.. - mc 1:4.6.0-4.6.1-pre3-1 @@ -269900,7 +269925,7 @@ NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0956 (The NeXT NetInfo _writers property allows local users to gain root ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-1999-0955 (Race condition in wu-ftpd and BSDI ftpd allows remote attackers gain ...) +CVE-1999-0955 (Race condition in wu-ftpd and BSDI ftpd allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0954 (WWWBoard has a default username and default password. ...) NOT-FOR-US: Data pre-dating the Security Tracker _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits