Author: sectracker
Date: 2017-07-24 21:10:14 +0000 (Mon, 24 Jul 2017)
New Revision: 53872
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-07-24 20:23:41 UTC (rev 53871)
+++ data/CVE/list 2017-07-24 21:10:14 UTC (rev 53872)
@@ -1,3 +1,11 @@
+CVE-2017-11611
+ RESERVED
+CVE-2017-11610
+ RESERVED
+CVE-2017-11609
+ RESERVED
+CVE-2017-11608 (There is a heap-based buffer over-read in the ...)
+ TODO: check
CVE-2017-11607
RESERVED
CVE-2017-11606
@@ -459,8 +467,8 @@
- libmspack <unfixed> (bug #868956)
NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11873 (not public)
NOTE: https://github.com/hackerlib/hackerlib-vul/tree/master/clamav-vul
-CVE-2017-11422
- RESERVED
+CVE-2017-11422 (Statamic framework before 2.6.0 does not correctly check a
session's ...)
+ TODO: check
CVE-2017-11420 (Stack-based buffer overflow in ASUS_Discovery.c in networkmap
in ...)
NOT-FOR-US: ASUS
CVE-2017-11419 (Fiyo CMS 2.0.7 has SQL injection in ...)
@@ -742,14 +750,14 @@
CVE-2017-11328 (Heap buffer overflow in the yr_object_array_set_item()
function in ...)
- yara 3.6.3+dfsg-1
NOTE: Fixed by:
https://github.com/VirusTotal/yara/commit/4a342f01e5439b9bb901aff1c6c23c536baeeb3f
-CVE-2017-11327
- RESERVED
-CVE-2017-11326
- RESERVED
-CVE-2017-11325
- RESERVED
-CVE-2017-11324
- RESERVED
+CVE-2017-11327 (An issue was discovered in Tilde CMS 1.0.1. It is possible to
retrieve ...)
+ TODO: check
+CVE-2017-11326 (An issue was discovered in Tilde CMS 1.0.1. It is possible to
bypass ...)
+ TODO: check
+CVE-2017-11325 (An issue was discovered in Tilde CMS 1.0.1. Arbitrary files
can be read ...)
+ TODO: check
+CVE-2017-11324 (An issue was discovered in Tilde CMS 1.0.1. Due to missing
escaping of ...)
+ TODO: check
CVE-2017-11323
RESERVED
CVE-2017-11322
@@ -1459,7 +1467,7 @@
[jessie] - nasm <no-dsa> (Minor issue)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392415
CVE-2017-11110 (The ole_init function in ole.c in catdoc 0.95 allows remote
attackers ...)
- {DSA-3917-1}
+ {DSA-3917-1 DLA-1037-1}
- catdoc 1:0.95-3 (bug #867717)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1468471
CVE-2017-11109 (Vim 8.0 allows attackers to cause a denial of service (invalid
free) or ...)
@@ -2281,6 +2289,7 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1467004
NOTE: No security impact as built in Debian
CVE-2017-10790 (The _asn1_check_identifier function in GNU Libtasn1 through
4.12 causes ...)
+ {DLA-1038-1}
- libtasn1-6 <unfixed> (bug #867398)
[stretch] - libtasn1-6 <no-dsa> (Minor issue)
[jessie] - libtasn1-6 <no-dsa> (Minor issue)
@@ -2447,8 +2456,8 @@
RESERVED
CVE-2017-10712
RESERVED
-CVE-2017-10711
- RESERVED
+CVE-2017-10711 (In SimpleRisk 20170614-001, a CSRF attack on reset.php (aka
the Send ...)
+ TODO: check
CVE-2017-10710
RESERVED
CVE-2017-10709 (The lockscreen on Elephone P9000 devices (running Android 6.0)
allows ...)
@@ -4675,6 +4684,7 @@
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13811
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d6e888400ba64de3147d1111a4c23edf389b0000
CVE-2017-9765 (Integer overflow in the soap_get function in Genivia gSOAP
2.7.x and ...)
+ {DLA-1036-1}
- gsoap 2.8.48-1
NOTE:
http://blog.senr.io/blog/devils-ivy-flaw-in-widely-used-third-party-code-impacts-millions
NOTE:
https://www.genivia.com/changelog.html#Version_2.8.48_upd_(06/21/2017)
@@ -5336,10 +5346,10 @@
RESERVED
CVE-2017-9555
RESERVED
-CVE-2017-9554
- RESERVED
-CVE-2017-9553
- RESERVED
+CVE-2017-9554 (An information exposure vulnerability in forget_passwd.cgi in
Synology ...)
+ TODO: check
+CVE-2017-9553 (A design flaw in SYNO.API.Encryption in Synology DiskStation
Manager ...)
+ TODO: check
CVE-2017-9552 (A design flaw in authentication in Synology Photo Station
6.0-2528 ...)
NOT-FOR-US: Synology Photo Station
CVE-2015-9096 (Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command
injection ...)
@@ -9691,8 +9701,8 @@
RESERVED
CVE-2017-8037
RESERVED
-CVE-2017-8036
- RESERVED
+CVE-2017-8036 (An issue was discovered in the Cloud Controller API in Cloud
Foundry ...)
+ TODO: check
CVE-2017-8035
RESERVED
CVE-2017-8034 (The Cloud Controller and Router in Cloud Foundry (CAPI-release
capi ...)
@@ -26255,7 +26265,7 @@
- jenkins <removed>
NOTE: https://jenkins.io/security/advisory/2017-02-01/
CVE-2017-2605
- RESERVED
+ REJECTED
- jenkins <removed>
NOTE: https://jenkins.io/security/advisory/2017-02-01/
CVE-2017-2604
@@ -66007,8 +66017,7 @@
NOTE:
http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
NOTE: Original ntp fix applied in 1:4.2.8p4+dfsg-1for CVE-2015-7704 is
apparently broken
NOTE: http://lists.ntp.org/pipermail/pool/2015-October/007631.html
-CVE-2015-7703
- RESERVED
+CVE-2015-7703 (The "pidfile" or "driftfile" directives in
NTP ntpd 4.2.x before ...)
{DSA-3388-1 DLA-335-1}
- ntp 1:4.2.8p4+dfsg-1
NOTE:
http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
@@ -81699,10 +81708,10 @@
NOT-FOR-US: SAP
CVE-2015-2281 (Stack-based buffer overflow in collectoragent.exe in Fortinet
Single ...)
NOT-FOR-US: Fortinet Single Sign On
-CVE-2015-2280
- RESERVED
-CVE-2015-2279
- RESERVED
+CVE-2015-2280 (snwrite.cgi in AirLink101 SkyIPCam1620W Wireless N MPEG4 3GPP
network ...)
+ TODO: check
+CVE-2015-2279 (cgi_test.cgi in AirLive BU-2015 with firmware 1.03.18, BU-3026
with ...)
+ TODO: check
CVE-2015-2278 (The LZH decompression implementation (CsObjectInt::BuildHufTree
...)
NOT-FOR-US: SAP
CVE-2015-2277
@@ -82917,8 +82926,8 @@
CVE-2015-1848 (The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set
the ...)
- pcs <not-affected> (Fixed before initial release to Debian)
NOTE:
https://github.com/feist/pcs/commit/898204596a779673c88097bbdbe2d7ed6ed0cc8b
(0.9.140)
-CVE-2015-1847
- RESERVED
+CVE-2015-1847 (Directory traversal vulnerability in the web request/response
...)
+ TODO: check
CVE-2015-1846 (unzoo allows remote attackers to cause a denial of service
(infinite ...)
- unzoo <removed>
CVE-2015-1845 (Buffer overflow in the EntrReadArch function in unzoo might
allow ...)
@@ -150611,7 +150620,7 @@
- freeradius 2.1.12+dfsg-1.2 (low; bug #694407)
[squeeze] - freeradius <no-dsa> (Minor issue)
CVE-2011-4965
- RESERVED
+ REJECTED
CVE-2011-4964
REJECTED
CVE-2011-4963 (nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows
remote ...)
@@ -150692,16 +150701,16 @@
RESERVED
NOT-FOR-US: Joomla
CVE-2011-4936
- RESERVED
+ REJECTED
NOT-FOR-US: Joomla
CVE-2011-4935
- RESERVED
+ REJECTED
NOT-FOR-US: Joomla
CVE-2011-4934
- RESERVED
+ REJECTED
NOT-FOR-US: Joomla
CVE-2011-4933
- RESERVED
+ REJECTED
NOT-FOR-US: Joomla
CVE-2011-4932 (Eval injection vulnerability in ...)
NOT-FOR-US: ImpressPages CMS not in Debian
@@ -155317,7 +155326,7 @@
RESERVED
- jbossas4 <not-affected> (Only builds a few libraries, not the full
application server, #581226)
CVE-2011-3608
- RESERVED
+ REJECTED
CVE-2011-3607 (Integer overflow in the ap_pregsub function in server/util.c in
the ...)
{DSA-2405-1}
- apache2 2.2.21-4
@@ -167197,7 +167206,7 @@
- pootle 2.0.5-0.3 (low; bug #604060)
[lenny] - pootle <not-affected> (Vulnerable code not present)
CVE-2010-4244
- RESERVED
+ REJECTED
CVE-2010-4243 (fs/exec.c in the Linux kernel before 2.6.37 does not enable the
OOM ...)
{DSA-2153-1}
- linux-2.6 2.6.32-30
@@ -169738,7 +169747,7 @@
{DSA-2126-1}
- linux-2.6 2.6.32-25
CVE-2010-3309
- RESERVED
+ REJECTED
CVE-2010-3308 (Buffer overflow in programs/pluto/xauth.c in the client in
Openswan ...)
- openswan 1:2.6.28+dfsg-2
[lenny] - openswan <not-affected> (Introduced in version 2.6.25)
@@ -173182,7 +173191,7 @@
- xen-3 3.2.1-2
NOTE: The respective patch is present in Lenny's version of xen-3,
might be fixed even earlier
CVE-2010-2069
- RESERVED
+ REJECTED
CVE-2010-2068 (mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server
2.2.9 ...)
- apache2 <not-affected> (does not affect UNIX, only Windows, etc.)
CVE-2010-2067 (Stack-based buffer overflow in the TIFFFetchSubjectDistance
function ...)
@@ -174418,7 +174427,7 @@
CVE-2010-1632 (Apache Axis2 before 1.5.2, as used in IBM WebSphere Application
Server ...)
- axis2c 1.6.0-1
CVE-2010-1631
- RESERVED
+ REJECTED
CVE-2010-1630 (Unspecified vulnerability in posting.php in phpBB before 3.0.5
has ...)
- phpbb3 3.0.7-PL1-1 (low)
[lenny] - phpbb3 <no-dsa> (Minor issue)
@@ -175083,7 +175092,7 @@
CVE-2010-1432
RESERVED
CVE-2010-1430
- RESERVED
+ REJECTED
CVE-2010-1429 (Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or
JBEAP) ...)
- jbossas4 <not-affected> (Only builds a few libraries, not the full
application server, #581226)
CVE-2010-1428 (The Web Console (aka web-console) in JBossAs in Red Hat JBoss
...)
@@ -175987,7 +175996,7 @@
- irssi 0.8.15-1 (low)
[lenny] - irssi <no-dsa> (Minor issue)
CVE-2010-1154
- RESERVED
+ REJECTED
- irssi 0.8.15-1 (low)
[lenny] - irssi <no-dsa> (Minor issue)
CVE-2010-1153 (PHP remote file inclusion vulnerability in the autoloader in
TYPO3 ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
