Author: sectracker
Date: 2017-07-18 21:10:15 +0000 (Tue, 18 Jul 2017)
New Revision: 53630
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-07-18 20:56:40 UTC (rev 53629)
+++ data/CVE/list 2017-07-18 21:10:15 UTC (rev 53630)
@@ -1,3 +1,29 @@
+CVE-2017-11434
+ RESERVED
+CVE-2017-11433
+ RESERVED
+CVE-2017-11432
+ RESERVED
+CVE-2017-11431
+ RESERVED
+CVE-2017-11430
+ RESERVED
+CVE-2017-11429
+ RESERVED
+CVE-2017-11428
+ RESERVED
+CVE-2017-11427
+ RESERVED
+CVE-2017-11426
+ RESERVED
+CVE-2017-11425
+ RESERVED
+CVE-2017-11424
+ RESERVED
+CVE-2017-11423 (The cabd_read_string function in mspack/cabd.c in libmspack
0.5alpha, ...)
+ TODO: check
+CVE-2017-11422
+ RESERVED
CVE-2017-11420 (Stack-based buffer overflow in ASUS_Discovery.c in networkmap
in ...)
NOT-FOR-US: ASUS
CVE-2017-11419 (Fiyo CMS 2.0.7 has SQL injection in ...)
@@ -41,7 +67,7 @@
RESERVED
CVE-2017-11400
RESERVED
-CVE-2017-11421 [Thumbnail generation for MSI files executes arbitrary VBScript]
+CVE-2017-11421 (gnome-exe-thumbnailer before 0.9.5 is prone to a VBScript
Injection ...)
- gnome-exe-thumbnailer 0.9.5-1 (bug #868705)
[stretch] - gnome-exe-thumbnailer <no-dsa> (Minor issue)
NOTE:
http://news.dieweltistgarnichtso.net/posts/gnome-thumbnailer-msi-fail.html
@@ -508,7 +534,7 @@
RESERVED
CVE-2017-1000083 [Evince command injection vulnerability in CBT handler]
RESERVED
- {DSA-3911-1}
+ {DSA-3911-1 DLA-1031-1}
- evince 3.22.1-4
- atril <unfixed> (bug #868500)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=784630
@@ -1432,10 +1458,10 @@
RESERVED
CVE-2017-10963
RESERVED
-CVE-2017-10962
- RESERVED
-CVE-2017-10961
- RESERVED
+CVE-2017-10962 (REDCap before 7.5.1 has XSS via the query string. ...)
+ TODO: check
+CVE-2017-10961 (REDCap before 7.5.1 has CSRF in the deletion feature of the
File ...)
+ TODO: check
CVE-2017-10960
RESERVED
CVE-2017-10959
@@ -1960,8 +1986,8 @@
RESERVED
CVE-2017-10709 (The lockscreen on Elephone P9000 devices (running Android 6.0)
allows ...)
NOT-FOR-US: Elephone P9000 devices
-CVE-2017-10708
- RESERVED
+CVE-2017-10708 (An issue was discovered in Apport through 2.20.x. In
apport/report.py, ...)
+ TODO: check
CVE-2017-10707
RESERVED
CVE-2017-10706 (When Antiy Antivirus Engine before 5.0.0.05171547 scans a
special ZIP ...)
@@ -2763,7 +2789,7 @@
- apache2 <not-affected> (Only affected 2.4.26)
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27
CVE-2017-9788 (In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the
value ...)
- {DLA-1028-1}
+ {DSA-3913-1 DLA-1028-1}
- apache2 2.4.27-1 (bug #868467)
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27
NOTE: Fixed by (2.4.x): https://svn.apache.org/r1800955
@@ -10841,8 +10867,7 @@
NOTE:
https://gitlab.com/gnutls/gnutls/commit/4c4d35264fada08b6536425c051fb8e0b05ee86b
NOTE:
https://gitlab.com/gnutls/gnutls/commit/3efb6c5fd0e3822ec11879d5bcbea0e8d322cd03
NOTE:
https://gitlab.com/gnutls/gnutls/commit/e1d6c59a7b0392fb3b8b75035614084a53e2c8c9
-CVE-2017-7506
- RESERVED
+CVE-2017-7506 (spice versions though 0.13 are vulnerable to out-of-bounds
memory ...)
{DSA-3907-1}
- spice <unfixed> (bug #868083)
CVE-2017-7505 (Foreman since version 1.5 is vulnerable to an incorrect
authorization ...)
@@ -14511,8 +14536,8 @@
NOTE: Fixed by:
https://git.kernel.org/linus/8b74d439e1697110c5e5c600643e823eb1dd0762
CVE-2017-6321
RESERVED
-CVE-2017-6320
- RESERVED
+CVE-2017-6320 (A remote command injection vulnerability exists in the
Barracuda Load ...)
+ TODO: check
CVE-2017-6319 (The dex_parse_debug_item function in libr/bin/p/bin_dex.c in
radare2 ...)
- radare2 1.1.0+dfsg-3 (bug #856579)
[jessie] - radare2 <not-affected> (Vulnerable code introduced in 1.1.0)
@@ -18201,12 +18226,12 @@
RESERVED
CVE-2017-5248
RESERVED
-CVE-2017-5247
- RESERVED
-CVE-2017-5246
- RESERVED
+CVE-2017-5247 (Biscom Secure File Transfer is vulnerable to cross-site
scripting in ...)
+ TODO: check
+CVE-2017-5246 (Biscom Secure File Transfer is vulnerable to AngularJS
expression ...)
+ TODO: check
CVE-2017-5245
- RESERVED
+ REJECTED
CVE-2017-5244 (Routes used to stop running Metasploit tasks (either particular
ones ...)
NOT-FOR-US: Metasploit
CVE-2017-5243 (The default SSH configuration in Rapid7 Nexpose hardware
appliances ...)
@@ -28241,8 +28266,8 @@
NOT-FOR-US: IBM
CVE-2017-1319 (IBM Tivoli Federated Identity Manager 6.2 is affected by a ...)
NOT-FOR-US: IBM
-CVE-2017-1318
- RESERVED
+CVE-2017-1318 (IBM MQ Appliance 8.0 and 9.0 could allow an authenticated
messaging ...)
+ TODO: check
CVE-2017-1317
RESERVED
CVE-2017-1316
@@ -236158,7 +236183,7 @@
NOT-FOR-US: Destiney
CVE-2006-2532 (stats.php in Destiney Rated Images Script 0.5.0 allows remote
...)
NOT-FOR-US: Destiney
-CVE-2006-2531 (Ipswitch WhatsUp Professional 2006 only verifies the users
identity ...)
+CVE-2006-2531 (Ipswitch WhatsUp Professional 2006 only verifies the user's
identity ...)
NOT-FOR-US: Ipswitch
CVE-2006-2530 (avatar_upload.asp in Avatar MOD 1.3 for Snitz Forums 3.4, and
possibly ...)
NOT-FOR-US: Snitz mod
@@ -251409,7 +251434,7 @@
- proftpd 1.2.4-1
CVE-2001-1499 (Check Point VPN-1 4.1SP4 using SecuRemote returns different
error ...)
NOT-FOR-US: Check Point
-CVE-2001-1498 (Buffer overflow in mod_bf 0.2 allows local users execute
arbitrary ...)
+CVE-2001-1498 (Buffer overflow in mod_bf 0.2 allows local users to execute
arbitrary ...)
NOT-FOR-US: mod_bf
CVE-2001-1497 (Microsoft Internet Explorer 4.0 through 6.0 could allow local
users to ...)
NOT-FOR-US: Microsoft
@@ -258691,7 +258716,7 @@
{DSA-639-1}
NOTE: unstable not vulnerable according to DSA, DSA was wrong..
- mc 1:4.6.0-4.6.1-pre3-1
-CVE-2004-1175 (fish.c in midnight commander allows remote attackers execute
arbitrary ...)
+CVE-2004-1175 (fish.c in midnight commander allows remote attackers to execute
...)
{DSA-639-1}
NOTE: unstable not vulnerable according to DSA, DSA was wrong..
- mc 1:4.6.0-4.6.1-pre3-1
@@ -269900,7 +269925,7 @@
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0956 (The NeXT NetInfo _writers property allows local users to gain
root ...)
NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0955 (Race condition in wu-ftpd and BSDI ftpd allows remote attackers
gain ...)
+CVE-1999-0955 (Race condition in wu-ftpd and BSDI ftpd allows remote attackers
to ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0954 (WWWBoard has a default username and default password. ...)
NOT-FOR-US: Data pre-dating the Security Tracker
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
