Author: sectracker
Date: 2017-09-07 09:10:14 +0000 (Thu, 07 Sep 2017)
New Revision: 55532
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-09-07 08:38:48 UTC (rev 55531)
+++ data/CVE/list 2017-09-07 09:10:14 UTC (rev 55532)
@@ -1,3 +1,21 @@
+CVE-2017-14175 (In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in
ReadXBMImage() due ...)
+ TODO: check
+CVE-2017-14174 (In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ...)
+ TODO: check
+CVE-2017-14173 (In the function ReadTXTImage() in coders/txt.c in ImageMagick
7.0.6-10, ...)
+ TODO: check
+CVE-2017-14172 (In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in
ReadPSImage() due ...)
+ TODO: check
+CVE-2017-14171 (In libavformat/nsvdec.c in FFmpeg 3.3.3, a DoS in ...)
+ TODO: check
+CVE-2017-14170 (In libavformat/mxfdec.c in FFmpeg 3.3.3, a DoS in ...)
+ TODO: check
+CVE-2017-14169 (In the mxf_read_primer_pack function in libavformat/mxfdec.c
in FFmpeg ...)
+ TODO: check
+CVE-2017-14168
+ RESERVED
+CVE-2017-14167
+ RESERVED
CVE-2017-14163
RESERVED
CVE-2017-14162
@@ -72012,8 +72030,7 @@
NOTE: Commit fixing the issue:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=744692dc059845b2a3022119871846e74d4f6e11
(v2.6.34-rc1)
CVE-2015-8320 (Apache Cordova-Android before 3.7.0 improperly generates random
values ...)
NOT-FOR-US: Apache Cordova
-CVE-2015-8316
- RESERVED
+CVE-2015-8316 (Array index error in LightDM (aka Light Display Manager)
1.14.3, ...)
- lightdm 1.16.6-1
[jessie] - lightdm <not-affected> (Affects 1.14.x, 1.16.x and
development 1.17.x)
[wheezy] - lightdm <not-affected> (Affects 1.14.x, 1.16.x and
development 1.17.x)
@@ -75026,8 +75043,7 @@
NOTE: http://xenbits.xen.org/xsa/advisory-142.html
CVE-2015-7296 (Securifi Almond devices with firmware before
AL1-R201EXP10-L304-W34 ...)
NOT-FOR-US: Securifi Almond devices
-CVE-2015-7294 [LDAP Injection]
- RESERVED
+CVE-2015-7294 (ldapauth-fork before 2.3.3 allows remote attackers to perform
LDAP ...)
NOT-FOR-US: NodeJS ldapauth
NOTE: http://www.openwall.com/lists/oss-security/2015/09/18/4
NOTE: https://github.com/vesse/node-ldapauth-fork/issues/21
@@ -75137,8 +75153,8 @@
NOT-FOR-US: Boxoft
CVE-2015-7242 (Cross-site scripting (XSS) vulnerability in the
Push-Service-Mails ...)
NOT-FOR-US: AVM
-CVE-2015-7241
- RESERVED
+CVE-2015-7241 (XML External Entity (XXE) vulnerability in SAP Netweaver before
7.01. ...)
+ TODO: check
CVE-2015-7240
RESERVED
CVE-2015-7239 (SQL injection vulnerability in the BP_FIND_JOBS_WITH_PROGRAM
function ...)
@@ -76309,8 +76325,7 @@
NOTE: https://bugs.php.net/bug.php?id=70366
NOTE: http://www.openwall.com/lists/oss-security/2015/09/07/5
NOTE: Fixed in 5.5.45 and 5.6.13
-CVE-2015-7225 [TOTP Replay Attack]
- RESERVED
+CVE-2015-7225 (Tinfoil Devise-two-factor before 2.0.0 does not strictly follow
...)
- ruby-devise-two-factor 2.0.0-1 (bug #798466)
NOTE: http://www.openwall.com/lists/oss-security/2015/09/06/2
CVE-2015-8777 (The process_envvars function in elf/rtld.c in the GNU C Library
(aka ...)
@@ -78289,8 +78304,7 @@
[wheezy] - wireshark <not-affected> (Vulnerable code not present)
[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://www.wireshark.org/security/wnpa-sec-2015-29.html
-CVE-2015-6250
- RESERVED
+CVE-2015-6250 (simple-php-captcha before commit ...)
NOT-FOR-US: simple-php-captcha
CVE-2015-5986 (openpgpkey_61.c in named in ISC BIND 9.9.7 before 9.9.7-P3 and
9.10.x ...)
- bind9 <not-affected> (Vulnerable code present only since 9.9.7)
@@ -78491,10 +78505,10 @@
[squeeze] - vlc <not-affected> (Vulnerability introduced by later
changes)
NOTE:
https://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=ce91452460a75d7424b165c4dc8db98114c3cbd9;hp=9e12195d3e4316278af1fa4bcb6a705ff27456fd
NOTE: http://www.ocert.org/advisories/ocert-2015-009.html
-CVE-2015-5948
- RESERVED
-CVE-2015-5947
- RESERVED
+CVE-2015-5948 (Race condition in SuiteCRM before 7.2.3 allows remote attackers
to ...)
+ TODO: check
+CVE-2015-5947 (SuiteCRM before 7.2.3 allows remote attackers to execute
arbitrary ...)
+ TODO: check
CVE-2015-5946 (Incomplete blacklist vulnerability in SuiteCRM 7.2.2 allows
remote ...)
NOT-FOR-US: SugarCRM
CVE-2015-5945 (The Sandbox subsystem in Apple OS X before 10.11.1 allows local
users ...)
@@ -78905,8 +78919,7 @@
NOT-FOR-US: Veeam
CVE-2015-5738 (The RSA-CRT implementation in the Cavium Software Development
Kit ...)
- openssl <not-affected> (OpenSSL upstream is not affected)
-CVE-2015-5959
- RESERVED
+CVE-2015-5959 (Froxlor before 0.9.33.2 with the default configuration/setup
might ...)
- froxlor <itp> (bug #581792)
CVE-2015-5957 (Buffer overflow in the DumpSysVar function in var.c in Remind
before ...)
{DLA-289-1}
@@ -79222,8 +79235,7 @@
RESERVED
CVE-2002-2446 (GE Healthcare Millennium MG, NC, and MyoSIGHT has a password of
...)
NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-2015-5705 [argument injection vulnerability]
- RESERVED
+CVE-2015-5705 (Argument injection vulnerability in devscripts before 2.15.7
allows ...)
- devscripts 2.15.8 (bug #794365)
[jessie] - devscripts <not-affected> (Vulnerable code not present)
[wheezy] - devscripts <not-affected> (Vulnerable code not present)
@@ -80866,8 +80878,7 @@
NOT-FOR-US: JBoss EAP
CVE-2015-5187 (Candlepin allows remote attackers to obtain sensitive
information by ...)
NOT-FOR-US: candlepin / subscription-manager
-CVE-2015-5186 [log terminal emulator escape sequences handling]
- RESERVED
+CVE-2015-5186 (Audit before 2.4.4 in Linux does not sanitize escape characters
in ...)
- audit 1:2.4.4-1 (unimportant; bug #795457)
NOTE: Hardening, not a vulnerability. This is treated as a
vulnerability in terminal emulators
NOTE: https://fedorahosted.org/audit/changeset/1122
@@ -85634,14 +85645,14 @@
- virtualbox-ose <removed>
NOTE:
http://www.oracle.com/technetwork/topics/security/alert-cve-2015-3456-2542656.html
NOTE: http://venom.crowdstrike.com/
-CVE-2015-3454
- RESERVED
+CVE-2015-3454 (TelescopeJS before 0.15 leaks user bcrypt password hashes in
websocket ...)
+ TODO: check
CVE-2015-3453
RESERVED
CVE-2015-3452
RESERVED
-CVE-2015-3450
- RESERVED
+CVE-2015-3450 (Heap-based buffer overflow in libaxl 0.6.9 allows attackers to
cause a ...)
+ TODO: check
CVE-2015-3449 (The Windows client in SAP Afaria 7.0.6398.0 uses weak
permissions ...)
NOT-FOR-US: SAP Afaria
CVE-2015-3448 (REST client for Ruby (aka rest-client) before 1.7.3 logs
usernames and ...)
@@ -86700,14 +86711,14 @@
NOTE: Patch 1/3:
http://cgit.freedesktop.org/xorg/xserver/commit/?id=c4534a38b68aa07fb82318040dc8154fb48a9588
NOTE: Patch 2/3:
http://cgit.freedesktop.org/xorg/xserver/commit/?id=4b4b9086d02b80549981d205fb1f495edc373538
NOTE: Patch 3/3:
http://cgit.freedesktop.org/xorg/xserver/commit/?id=76636ac12f2d1dbdf7be08222f80e7505d53c451
-CVE-2015-3163
- RESERVED
-CVE-2015-3162
- RESERVED
-CVE-2015-3161
- RESERVED
-CVE-2015-3160
- RESERVED
+CVE-2015-3163 (The admin pages for power types and key types in Beaker before
20.1 do ...)
+ TODO: check
+CVE-2015-3162 (Cross-site scripting (XSS) vulnerability in the edit comment
dialog in ...)
+ TODO: check
+CVE-2015-3161 (The search bar code in bkr/server/widgets.py in Beaker before
20.1 ...)
+ TODO: check
+CVE-2015-3160 (XML external entity (XXE) vulnerability in bkr/server/jobs.py
in ...)
+ TODO: check
CVE-2015-3159
RESERVED
NOT-FOR-US: abrt is Red Hat / Fedora specific
@@ -87279,8 +87290,8 @@
NOT-FOR-US: Hajime Fujimoto mt-phpincgi
CVE-2015-2944 (Multiple cross-site scripting (XSS) vulnerabilities in Apache
Sling ...)
NOT-FOR-US: Apache Sling
-CVE-2015-2943
- RESERVED
+CVE-2015-2943 (Honda Moto LINC 1.6.1 does not verify SSL certificates. ...)
+ TODO: check
CVE-2015-3026 (Icecast before 2.4.2, when a stream_auth handler is defined for
URL ...)
{DSA-3239-1}
- icecast2 2.4.2-1 (bug #782120)
@@ -89699,8 +89710,8 @@
- tcllib 1.16-dfsg-2 (low; bug #780100)
[wheezy] - tcllib 1.14-dfsg-3+deb7u1
[squeeze] - tcllib <no-dsa> (Minor issue)
-CVE-2015-2210
- RESERVED
+CVE-2015-2210 (The help window in Epicor CRS Retail Store before 3.2.03.01.008
allows ...)
+ TODO: check
CVE-2015-2209 (DLGuard 4.5 allows remote attackers to obtain the installation
path ...)
NOT-FOR-US: DLGuard
CVE-2015-2208 (The saveObject function in moadmin.php in phpMoAdmin 1.1.2
allows ...)
@@ -94378,8 +94389,7 @@
[jessie] - shutter 0.92-0.1+deb8u1
[squeeze] - shutter <no-dsa> (Minor issue)
NOTE: https://bugs.launchpad.net/shutter/+bug/1495163
-CVE-2015-0853 [insecure use of os.system()]
- RESERVED
+CVE-2015-0853 (svn-workbench 1.6.2 and earlier on a system with xeyes
installed ...)
- svn-workbench 1.7.0-1 (low; bug #798863)
[jessie] - svn-workbench <no-dsa> (Minor issue)
[wheezy] - svn-workbench <no-dsa> (Minor issue)
@@ -104933,8 +104943,7 @@
[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-6439 (Cross-site scripting (XSS) vulnerability in the CORS
functionality in ...)
- elasticsearch 1.0.3+dfsg-4 (bug #763958; low)
-CVE-2014-6438
- RESERVED
+CVE-2014-6438 (The URI.decode_www_form_component method in Ruby before
1.9.2-p330 ...)
{DLA-275-1}
- ruby1.9.1 1.9.3.0-1
- ruby1.8 <not-affected> (Vulnerable code not present)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
