Author: sectracker Date: 2017-07-20 09:10:15 +0000 (Thu, 20 Jul 2017) New Revision: 53703
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-07-20 09:06:02 UTC (rev 53702) +++ data/CVE/list 2017-07-20 09:10:15 UTC (rev 53703) @@ -1,9 +1,31 @@ -CVE-2017-11473 [x86/acpi: Prevent out of bound access caused by broken ACPI tables] +CVE-2017-11477 + RESERVED +CVE-2017-11476 + RESERVED +CVE-2017-11475 (GLPI before 9.1.5.1 has SQL Injection in the condition rule field, ...) + TODO: check +CVE-2017-11474 (GLPI before 9.1.5.1 has SQL Injection in the $crit variable in ...) + TODO: check +CVE-2017-11471 (IDERA Uptime Monitor 7.8 has SQL injection in ...) + TODO: check +CVE-2017-11470 (IDERA Uptime Monitor 7.8 has SQL injection in ...) + TODO: check +CVE-2017-11469 (get2post.php in IDERA Uptime Monitor 7.8 has directory traversal in the ...) + TODO: check +CVE-2017-11468 + RESERVED +CVE-2017-11467 (OrientDB through 2.2.22 does not enforce privilege requirements during ...) + TODO: check +CVE-2017-11465 (The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows ...) + TODO: check +CVE-2017-11464 (A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in ...) + TODO: check +CVE-2017-11473 (Buffer overflow in the mp_override_legacy_irq() function in ...) - linux <unfixed> -CVE-2017-11472 [ACPICA: Namespace: fix operand cache leak] +CVE-2017-11472 (The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in ...) - linux <unfixed> NOTE: Fixed by: https://git.kernel.org/linus/3b2d69114fefa474fca542e51119036dceb4aa6f (4.12-rc1) -CVE-2017-11466 +CVE-2017-11466 (Arbitrary file upload vulnerability in ...) NOT-FOR-US: dotCMS CVE-2017-11463 RESERVED @@ -2191,13 +2213,14 @@ - piwigo <removed> CVE-2017-10677 RESERVED -CVE-2017-10676 - RESERVED +CVE-2017-10676 (On D-Link DIR-600M devices before C1_v3.05ENB01_beta_20170306, XSS was ...) + TODO: check CVE-2017-10675 RESERVED CVE-2017-10674 (Antiy Antivirus Engine 5.0.0.06281654 allows local users to cause a ...) NOT-FOR-US: Antiy Antivirus Engine CVE-2015-9106 + RESERVED NOT-FOR-US: WordPress plugin the-holiday-calendar CVE-2015-9105 (Multiple cross-site scripting (XSS) vulnerabilities in Synology Video ...) NOT-FOR-US: Synology @@ -2498,6 +2521,7 @@ CVE-2017-9952 RESERVED CVE-2017-9951 (The try_read_command function in memcached.c in memcached before 1.4.39 ...) + {DLA-1033-1} - memcached <unfixed> (bug #868701) NOTE: https://www.twistlock.com/2017/07/13/cve-2017-9951-heap-overflow-memcached-server-1-4-38-twistlock-vulnerability-report/ NOTE: https://github.com/memcached/memcached/commit/328629445c71e6c17074f6e9e0e3ef585b58f167 @@ -4347,8 +4371,7 @@ - wireshark <unfixed> NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13811 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d6e888400ba64de3147d1111a4c23edf389b0000 -CVE-2017-9765 - RESERVED +CVE-2017-9765 (Integer overflow in the soap_get function in Genivia gSOAP 2.7.x and ...) - gsoap 2.8.48-1 NOTE: http://blog.senr.io/blog/devils-ivy-flaw-in-widely-used-third-party-code-impacts-millions NOTE: https://www.genivia.com/changelog.html#Version_2.8.48_upd_(06/21/2017) @@ -14847,8 +14870,8 @@ - sane-backends 1.0.25-4 (low; bug #854804) [jessie] - sane-backends <no-dsa> (Minor issue) NOTE: Upstream patch: https://anonscm.debian.org/cgit/sane/sane-backends.git/commit/frontend/saned.c?id=42896939822b44f44ecd1b6d35afdfa4473ed35d -CVE-2017-6316 - RESERVED +CVE-2017-6316 (Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote ...) + TODO: check CVE-2017-6315 RESERVED CVE-2017-6335 (The QuantumTransferMode function in coders/tiff.c in GraphicsMagick ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits