Author: sectracker
Date: 2017-07-20 09:10:15 +0000 (Thu, 20 Jul 2017)
New Revision: 53703
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-07-20 09:06:02 UTC (rev 53702)
+++ data/CVE/list 2017-07-20 09:10:15 UTC (rev 53703)
@@ -1,9 +1,31 @@
-CVE-2017-11473 [x86/acpi: Prevent out of bound access caused by broken ACPI
tables]
+CVE-2017-11477
+ RESERVED
+CVE-2017-11476
+ RESERVED
+CVE-2017-11475 (GLPI before 9.1.5.1 has SQL Injection in the condition rule
field, ...)
+ TODO: check
+CVE-2017-11474 (GLPI before 9.1.5.1 has SQL Injection in the $crit variable in
...)
+ TODO: check
+CVE-2017-11471 (IDERA Uptime Monitor 7.8 has SQL injection in ...)
+ TODO: check
+CVE-2017-11470 (IDERA Uptime Monitor 7.8 has SQL injection in ...)
+ TODO: check
+CVE-2017-11469 (get2post.php in IDERA Uptime Monitor 7.8 has directory
traversal in the ...)
+ TODO: check
+CVE-2017-11468
+ RESERVED
+CVE-2017-11467 (OrientDB through 2.2.22 does not enforce privilege
requirements during ...)
+ TODO: check
+CVE-2017-11465 (The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1
allows ...)
+ TODO: check
+CVE-2017-11464 (A SIGFPE is raised in the function box_blur_line of
rsvg-filter.c in ...)
+ TODO: check
+CVE-2017-11473 (Buffer overflow in the mp_override_legacy_irq() function in
...)
- linux <unfixed>
-CVE-2017-11472 [ACPICA: Namespace: fix operand cache leak]
+CVE-2017-11472 (The acpi_ns_terminate() function in
drivers/acpi/acpica/nsutils.c in ...)
- linux <unfixed>
NOTE: Fixed by:
https://git.kernel.org/linus/3b2d69114fefa474fca542e51119036dceb4aa6f (4.12-rc1)
-CVE-2017-11466
+CVE-2017-11466 (Arbitrary file upload vulnerability in ...)
NOT-FOR-US: dotCMS
CVE-2017-11463
RESERVED
@@ -2191,13 +2213,14 @@
- piwigo <removed>
CVE-2017-10677
RESERVED
-CVE-2017-10676
- RESERVED
+CVE-2017-10676 (On D-Link DIR-600M devices before C1_v3.05ENB01_beta_20170306,
XSS was ...)
+ TODO: check
CVE-2017-10675
RESERVED
CVE-2017-10674 (Antiy Antivirus Engine 5.0.0.06281654 allows local users to
cause a ...)
NOT-FOR-US: Antiy Antivirus Engine
CVE-2015-9106
+ RESERVED
NOT-FOR-US: WordPress plugin the-holiday-calendar
CVE-2015-9105 (Multiple cross-site scripting (XSS) vulnerabilities in Synology
Video ...)
NOT-FOR-US: Synology
@@ -2498,6 +2521,7 @@
CVE-2017-9952
RESERVED
CVE-2017-9951 (The try_read_command function in memcached.c in memcached
before 1.4.39 ...)
+ {DLA-1033-1}
- memcached <unfixed> (bug #868701)
NOTE:
https://www.twistlock.com/2017/07/13/cve-2017-9951-heap-overflow-memcached-server-1-4-38-twistlock-vulnerability-report/
NOTE:
https://github.com/memcached/memcached/commit/328629445c71e6c17074f6e9e0e3ef585b58f167
@@ -4347,8 +4371,7 @@
- wireshark <unfixed>
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13811
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d6e888400ba64de3147d1111a4c23edf389b0000
-CVE-2017-9765
- RESERVED
+CVE-2017-9765 (Integer overflow in the soap_get function in Genivia gSOAP
2.7.x and ...)
- gsoap 2.8.48-1
NOTE:
http://blog.senr.io/blog/devils-ivy-flaw-in-widely-used-third-party-code-impacts-millions
NOTE:
https://www.genivia.com/changelog.html#Version_2.8.48_upd_(06/21/2017)
@@ -14847,8 +14870,8 @@
- sane-backends 1.0.25-4 (low; bug #854804)
[jessie] - sane-backends <no-dsa> (Minor issue)
NOTE: Upstream patch:
https://anonscm.debian.org/cgit/sane/sane-backends.git/commit/frontend/saned.c?id=42896939822b44f44ecd1b6d35afdfa4473ed35d
-CVE-2017-6316
- RESERVED
+CVE-2017-6316 (Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow
remote ...)
+ TODO: check
CVE-2017-6315
RESERVED
CVE-2017-6335 (The QuantumTransferMode function in coders/tiff.c in
GraphicsMagick ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
