Author: sectracker
Date: 2017-09-07 21:10:14 +0000 (Thu, 07 Sep 2017)
New Revision: 55558
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-09-07 21:03:15 UTC (rev 55557)
+++ data/CVE/list 2017-09-07 21:10:14 UTC (rev 55558)
@@ -1,4 +1,88 @@
-CVE-2017-14181
+CVE-2017-14218
+ RESERVED
+CVE-2017-14217
+ RESERVED
+CVE-2017-14216
+ RESERVED
+CVE-2017-14215
+ RESERVED
+CVE-2017-14214
+ RESERVED
+CVE-2017-14213
+ RESERVED
+CVE-2017-14212
+ RESERVED
+CVE-2017-14211
+ RESERVED
+CVE-2017-14210
+ RESERVED
+CVE-2017-14209
+ RESERVED
+CVE-2017-14208
+ RESERVED
+CVE-2017-14207
+ RESERVED
+CVE-2017-14206
+ RESERVED
+CVE-2017-14205
+ RESERVED
+CVE-2017-14204
+ RESERVED
+CVE-2017-14203
+ RESERVED
+CVE-2017-14202
+ RESERVED
+CVE-2017-14201
+ RESERVED
+CVE-2017-14200
+ RESERVED
+CVE-2017-14199
+ RESERVED
+CVE-2017-14198
+ RESERVED
+CVE-2017-14197
+ RESERVED
+CVE-2017-14196
+ RESERVED
+CVE-2017-14195 (The call_msg function in controllers/Form.php in dayrui
FineCms 5.0.11 ...)
+ TODO: check
+CVE-2017-14194 (The out function in controllers/member/Login.php in dayrui
FineCms ...)
+ TODO: check
+CVE-2017-14193 (The oauth function in controllers/member/api.php in dayrui
FineCms ...)
+ TODO: check
+CVE-2017-14192 (The checktitle function in controllers/member/api.php in
dayrui FineCms ...)
+ TODO: check
+CVE-2017-14191
+ RESERVED
+CVE-2017-14190
+ RESERVED
+CVE-2017-14189
+ RESERVED
+CVE-2017-14188
+ RESERVED
+CVE-2017-14187
+ RESERVED
+CVE-2017-14186
+ RESERVED
+CVE-2017-14185
+ RESERVED
+CVE-2017-14184
+ RESERVED
+CVE-2017-14183
+ RESERVED
+CVE-2017-14182
+ RESERVED
+CVE-2017-14180
+ RESERVED
+CVE-2017-14179
+ RESERVED
+CVE-2017-14178
+ RESERVED
+CVE-2017-14177
+ RESERVED
+CVE-2017-14176
+ RESERVED
+CVE-2017-14181 (DeleteBitBuffer in libbitbuf/bitbuffer.c in mp4tools
aacplusenc 0.17.5 ...)
NOT-FOR-US: aacplusenc
CVE-2017-14175 (In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in
ReadXBMImage() due ...)
- imagemagick <unfixed>
@@ -103,8 +187,8 @@
NOT-FOR-US: GoAhead
CVE-2017-14148
RESERVED
-CVE-2017-14147
- RESERVED
+CVE-2017-14147 (An issue was discovered on FiberHome User End Routers Bearing
Model ...)
+ TODO: check
CVE-2017-14146 (HelpDEZk 1.1.1 allows remote authenticated users to execute
arbitrary ...)
NOT-FOR-US: HelpDEZk
CVE-2017-14145 (HelpDEZk 1.1.1 has SQL Injection in ...)
@@ -191,6 +275,7 @@
[wheezy] - unrar-free <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2017/08/20/1
CVE-2017-14120 (unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a
directory ...)
+ {DLA-1091-1}
- unrar-free 1:0.0.1+cvs20140707-2 (bug #874059)
NOTE: http://www.openwall.com/lists/oss-security/2017/08/20/1
NOTE: Proposed patch:
https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=874059;filename=874059.diff.txt;msg=29
@@ -974,8 +1059,8 @@
RESERVED
CVE-2017-13772
RESERVED
-CVE-2017-13771
- RESERVED
+CVE-2017-13771 (Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network
...)
+ TODO: check
CVE-2017-13770
RESERVED
CVE-2017-13769 (The WriteTHUMBNAILImage function in coders/thumbnail.c in
ImageMagick ...)
@@ -1048,8 +1133,8 @@
[jessie] - sleuthkit <no-dsa> (Minor issue)
[wheezy] - sleuthkit <ignored> (Minor issue)
NOTE: https://github.com/sleuthkit/sleuthkit/issues/913
-CVE-2017-13754
- RESERVED
+CVE-2017-13754 (Cross-site scripting (XSS) vulnerability in the "advanced
settings - ...)
+ TODO: check
CVE-2016-10507 (Integer overflow vulnerability in the bmp24toimage function in
...)
- openjpeg2 2.1.2-1
[jessie] - openjpeg2 <not-affected> (Vulnerable code introduced later)
@@ -1253,8 +1338,8 @@
NOTE: Introduced by:
https://git.kernel.org/linus/b3baa0fbd02a1a9d493d8cb92ae4a4491b9e9d13 (4.2-rc1)
CVE-2017-13714
RESERVED
-CVE-2017-13713
- RESERVED
+CVE-2017-13713 (T&W WIFI Repeater BE126 allows remote authenticated users
to execute ...)
+ TODO: check
CVE-2017-13712 (NULL Pointer Dereference in the id3v2AddAudioDuration function
in ...)
- lame <unfixed>
[stretch] - lame <no-dsa> (Minor issue)
@@ -3152,10 +3237,10 @@
RESERVED
CVE-2017-12913
RESERVED
-CVE-2017-12912
- RESERVED
-CVE-2017-12911
- RESERVED
+CVE-2017-12912 (The "mpglibDBL/layer3.c" file in MP3Gain 1.5.2.r2
has a vulnerability ...)
+ TODO: check
+CVE-2017-12911 (The "apetag.c" file in MP3Gain 1.5.2.r2 has a
vulnerability which ...)
+ TODO: check
CVE-2017-12910 (SQL injection vulnerability in massmail.php in NexusPHP 1.5
allows ...)
NOT-FOR-US: NexusPHP
CVE-2017-12909 (SQL injection vulnerability in modtask.php in NexusPHP 1.5
allows ...)
@@ -3164,8 +3249,8 @@
NOT-FOR-US: NexusPHP
CVE-2017-12907 (Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via
the url ...)
NOT-FOR-US: NexusPHP
-CVE-2017-12906
- RESERVED
+CVE-2017-12906 (Multiple cross-site scripting (XSS) vulnerabilities in
NexusPHP allow ...)
+ TODO: check
CVE-2017-12905
RESERVED
CVE-2017-12904 (Improper Neutralization of Special Elements used in an OS
Command in ...)
@@ -3882,8 +3967,8 @@
NOTE: DESLock+
CVE-2017-12839
RESERVED
-CVE-2017-12838
- RESERVED
+CVE-2017-12838 (Cross-site request forgery (CSRF) vulnerability in NexusPHP
1.5 allows ...)
+ TODO: check
CVE-2017-12837
RESERVED
CVE-2017-12835
@@ -3964,8 +4049,8 @@
RESERVED
CVE-2017-12800
RESERVED
-CVE-2016-10405
- RESERVED
+CVE-2016-10405 (Session fixation vulnerability in D-Link DIR-600L routers
(rev. Ax) ...)
+ TODO: check
CVE-2017-12836 (CVS 1.12.x, when configured to use SSH for remote
repositories, might ...)
{DSA-3940-1 DLA-1056-1}
- cvs 2:1.12.13+real-24 (bug #871810)
@@ -3990,8 +4075,7 @@
RESERVED
CVE-2017-12795
RESERVED
-CVE-2017-12794 [Possible XSS in traceback section of technical 500 debug page]
- RESERVED
+CVE-2017-12794 (In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML
...)
- python-django 1:1.11.5-1 (low; bug #874415)
[stretch] - python-django <postponed> (Only affects debug mode)
[jessie] - python-django <not-affected> (Vulnerable code do not exist)
@@ -5026,8 +5110,8 @@
NOTE: ImageMagick-6:
https://github.com/ImageMagick/ImageMagick/commit/bfd93888beccf2eff49cc9abfa6b5167c9c9109d
CVE-2017-12417
RESERVED
-CVE-2017-12416
- RESERVED
+CVE-2017-12416 (Cross-site scripting (XSS) vulnerability in the GlobalProtect
internal ...)
+ TODO: check
CVE-2017-12415
RESERVED
CVE-2015-9107 (Zoho ManageEngine OpManager 11 through 12.2 uses a custom
encryption ...)
@@ -5625,8 +5709,7 @@
- linux <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-229.html
NOTE:
https://git.kernel.org/linus/462cdace790ac2ed6aad1b19c9c0af0143b6aab0
(v4.13-rc6)
-CVE-2017-12133 [Use-after-free in error path in clntudp_call]
- RESERVED
+CVE-2017-12133 (The DNS stub resolver in the GNU C Library (glibc) before
version ...)
- glibc 2.24-15 (bug #870648)
[stretch] - glibc <no-dsa> (Minor issue)
[jessie] - glibc <no-dsa> (Minor issue)
@@ -7130,8 +7213,8 @@
{DSA-3958-1 DLA-1065-1}
- fontforge <unfixed> (bug #869614)
NOTE: https://github.com/fontforge/fontforge/issues/3089
-CVE-2017-11567
- RESERVED
+CVE-2017-11567 (Cross-site request forgery (CSRF) vulnerability in Mongoose
Web Server ...)
+ TODO: check
CVE-2017-11566 (AppUse 4.0 allows shell command injection via a proxy field.
...)
NOT-FOR-US: AppUse
CVE-2017-1002151 [pagure: private repositories accessible through ssh]
@@ -10419,8 +10502,8 @@
- ghostscript <unfixed> (bug #869907)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697985
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=cfde94be1d4286bc47633c6e6eaf4e659bd78066
-CVE-2017-9834
- RESERVED
+CVE-2017-9834 (SQL injection vulnerability in the WatuPRO plugin before
5.5.3.7 for ...)
+ TODO: check
CVE-2017-9833 (/cgi-bin/wapopen in BOA Webserver 0.94.14rc21 allows the
injection of ...)
NOT-FOR-US: Undetermined product
NOTE: /wapopen is not part of BOA, it's probably an insecure CGI
@@ -11934,8 +12017,8 @@
CVE-2017-9781 (A cross site scripting (XSS) vulnerability exists in Check_MK
versions ...)
- check-mk <unfixed> (bug #865497)
NOTE:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commitdiff;h=c248f0b6ff7b15ced9f07a3df8a80fad656ea5b1
-CVE-2017-9779
- RESERVED
+CVE-2017-9779 (OCaml compiler allows attackers to have unspecified impact via
unknown ...)
+ TODO: check
CVE-2012-6706 (A VMSF_DELTA memory corruption was discovered in unrar before
5.5.5, as ...)
{DLA-1014-1 DLA-1003-1}
- unrar-nonfree 1:5.5.5-1 (bug #865461)
@@ -12980,8 +13063,8 @@
RESERVED
CVE-2017-9459 (Cross-site scripting (XSS) vulnerability in the management web
...)
NOT-FOR-US: Palo Alto Networks PAN-OS
-CVE-2017-9458
- RESERVED
+CVE-2017-9458 (XML external entity (XXE) vulnerability in the GlobalProtect
internal ...)
+ TODO: check
CVE-2017-9457 (Intense PC Phoenix SecureCore UEFI firmware does not perform
capsule ...)
NOT-FOR-US: Intense PC (aka MintBox 2) Phoenix SecureCore UEFI firmware
CVE-2017-9456
@@ -22774,8 +22857,7 @@
RESERVED
CVE-2017-6363
RESERVED
-CVE-2017-6362 [Double-free in gdImagePngPtr()]
- RESERVED
+CVE-2017-6362 (Double free vulnerability in the gdImagePngPtr function in
libgd2 ...)
{DSA-3961-1}
- libgd2 2.2.5-1
NOTE: https://github.com/libgd/libgd/issues/381
@@ -36484,8 +36566,8 @@
NOT-FOR-US: IBM
CVE-2017-1503
RESERVED
-CVE-2017-1502
- RESERVED
+CVE-2017-1502 (IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is
vulnerable to ...)
+ TODO: check
CVE-2017-1501 (IBM WebSphere Application Server 8.0, 8.5, and 9.0 could
provide ...)
NOT-FOR-US: IBM
CVE-2017-1500 (A Reflected Cross Site Scripting (XSS) vulnerability exists in
the ...)
@@ -37110,8 +37192,8 @@
RESERVED
CVE-2017-1190 (IBM Emptoris Strategic Supply Management Platform 10.x and 10.1
could ...)
NOT-FOR-US: IBM
-CVE-2017-1189
- RESERVED
+CVE-2017-1189 (IBM WebSphere Portal and Web Content Manager 6.1, 7.0, and 8.0
is ...)
+ TODO: check
CVE-2017-1188
RESERVED
CVE-2017-1187
@@ -37292,8 +37374,8 @@
NOT-FOR-US: IBM
CVE-2017-1099 (IBM Jazz Foundation could expose potentially sensitive
information to ...)
NOT-FOR-US: IBM
-CVE-2017-1098
- RESERVED
+CVE-2017-1098 (IBM Emptoris Supplier Lifecycle Management 10.1.0.x is
vulnerable to ...)
+ TODO: check
CVE-2017-1097 (IBM Emptoris Strategic Supply Management Platform 10.0.0.x
through ...)
NOT-FOR-US: IBM
CVE-2017-1096 (IBM Jazz Reporting Service (JRS) 5.0 and 6.0 is vulnerable to
...)
@@ -69385,8 +69467,8 @@
NOTE:
https://activemq.apache.org/security-advisories.data/CVE-2016-0734-announcement.txt
CVE-2016-0733 (The Admin UI in Apache Ranger before 0.5.1 does not properly
handle ...)
NOT-FOR-US: Apache Ranger
-CVE-2016-0732
- RESERVED
+CVE-2016-0732 (The identity zones feature in Pivotal Cloud Foundry 208 through
229; ...)
+ TODO: check
CVE-2016-0731 (The File Browser View in Apache Ambari before 2.2.1 allows
remote ...)
NOT-FOR-US: Apache Ambari
CVE-2016-0730
@@ -72798,8 +72880,7 @@
NOTE:
https://github.com/apache/commons-collections/commit/3eee44cf63b1ebb0da6925e98b3dcc6ef1e4d610
NOTE:
https://github.com/apache/commons-collections/commit/78d47d4d098ab814a7a00a0b1c81646b27f050cf
NOTE:
https://github.com/apache/commons-collections/commit/b2b8f4adc557e4ef1ee2fe5e0ab46866c06ec55b
-CVE-2015-8079
- RESERVED
+CVE-2015-8079 (qt5-qtwebkit before 5.4 records private browsing URLs to its
favicon ...)
- qtwebkit <unfixed> (unimportant)
NOTE: qtwebkit not covered by security support
CVE-2015-8080 (Integer overflow in the getnum function in lua_struct.c in
Redis 2.8.x ...)
@@ -74047,8 +74128,8 @@
NOT-FOR-US: MOVEit File Transfer web- and mobile application
CVE-2015-7675 (The "Send as attachment" feature in Ipswitch MOVEit
DMZ before 8.2 and ...)
NOT-FOR-US: MOVEit File Transfer web- and mobile application
-CVE-2015-7672
- RESERVED
+CVE-2015-7672 (Cross-site scripting (XSS) vulnerability in Centreon 2.6.1. ...)
+ TODO: check
CVE-2014-9751 (The read_network_packet function in ntp_io.c in ntpd in NTP 4.x
before ...)
{DSA-3154-1 DLA-149-1}
- ntp 1:4.2.6.p5+dfsg-4
@@ -81382,8 +81463,8 @@
- silverstripe <itp> (bug #528461)
CVE-2015-5061 (Cross-site scripting (XSS) vulnerability in Zoho ManageEngine
...)
NOT-FOR-US: Zoho ManageEngine AssetExplorer
-CVE-2015-5060
- RESERVED
+CVE-2015-5060 (Cross-site scripting (XSS) vulnerability in anchor-cms before
0.9-dev. ...)
+ TODO: check
CVE-2015-5058 (Memory leak in the virtual server component in F5 Big-IP LTM,
AAM, ...)
NOT-FOR-US: F5 BIG-IP
CVE-2015-5056
@@ -81396,8 +81477,8 @@
- nvidia-graphics-drivers 352.41-1
[jessie] - nvidia-graphics-drivers <not-affected> (Only affects R352
and R346 Linux branches)
[wheezy] - nvidia-graphics-drivers <not-affected> (Only affects R352
and R346 Linux branches)
-CVE-2015-5052
- RESERVED
+CVE-2015-5052 (SQL injection vulnerability in Sefrengo before 1.6.5 beta2. ...)
+ TODO: check
CVE-2015-5051 (IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6
before ...)
NOT-FOR-US: IBM
CVE-2015-5050 (Cross-site request forgery (CSRF) vulnerability in IBM Emptoris
...)
@@ -82282,14 +82363,14 @@
NOT-FOR-US: AudioShare
CVE-2015-4725 (Cross-site scripting (XSS) vulnerability in forgot.php in
AudioShare ...)
NOT-FOR-US: AudioShare
-CVE-2015-4724
- RESERVED
+CVE-2015-4724 (SQL injection vulnerability in Concrete5 5.7.3.1. ...)
+ TODO: check
CVE-2015-4723
RESERVED
CVE-2015-4722
RESERVED
-CVE-2015-4721
- RESERVED
+CVE-2015-4721 (Multiple cross-site scripting (XSS) vulnerabilities in
Concrete5 ...)
+ TODO: check
CVE-2015-4720
REJECTED
CVE-2015-4719
@@ -82339,8 +82420,7 @@
NOT-FOR-US: Cloud4Wi
CVE-2015-4698
RESERVED
-CVE-2015-4697
- RESERVED
+CVE-2015-4697 (Cross-site request forgery (CSRF) vulnerability in Google
Analyticator ...)
NOT-FOR-US: WordPress plugin google-analyticator
CVE-2015-4694 (Directory traversal vulnerability in download.php in the Zip
...)
NOT-FOR-US: Zip Attachments plugin for WordPress
@@ -82567,12 +82647,12 @@
RESERVED
CVE-2015-4630
RESERVED
-CVE-2015-4629
- RESERVED
+CVE-2015-4629 (Huawei E5756S before V200R002B146D23SP00C00 allows remote
attackers to ...)
+ TODO: check
CVE-2015-4628 (SQL injection vulnerability in ...)
- limesurvey <itp> (bug #472802)
-CVE-2015-4627
- RESERVED
+CVE-2015-4627 (SQL injection vulnerability in Pragyan CMS 3.0. ...)
+ TODO: check
CVE-2015-4626 (B.A.S C2Box before 4.0.0 (r19171) relies on client-side
validation, ...)
NOT-FOR-US: B.A.S C2Box
CVE-2015-4624 (Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF
tokens. ...)
@@ -82587,8 +82667,8 @@
{DSA-3304-1 DLA-270-1}
- bind9 1:9.9.5.dfsg-10 (bug #791715)
NOTE: https://kb.isc.org/article/AA-01267
-CVE-2015-4619
- RESERVED
+CVE-2015-4619 (Cross-site request forgery (CSRF) vulnerability in Spina before
commit ...)
+ TODO: check
CVE-2015-4618
RESERVED
CVE-2015-4617
@@ -84324,8 +84404,7 @@
NOT-FOR-US: Actian Matrix
CVE-2015-3992
RESERVED
-CVE-2015-3991 [strongSwan DoS and potential RCE]
- RESERVED
+CVE-2015-3991 (strongSwan 5.2.2 and 5.3.0 allows remote attackers to cause a
denial ...)
- strongswan 5.3.0-2
[jessie] - strongswan <not-affected> (only affects 5.2.2+ and 5.3.0+)
[wheezy] - strongswan <not-affected> (only affects 5.2.2+ and 5.3.0+)
@@ -85800,8 +85879,8 @@
RESERVED
CVE-2015-3443 (Cross-site scripting (XSS) vulnerability in the basic dashboard
in ...)
NOT-FOR-US: Thycotic Secret Server
-CVE-2015-3442
- RESERVED
+CVE-2015-3442 (Soreco Xpert.Line 3.0 allows local users to spoof users and ...)
+ TODO: check
CVE-2015-3441 (The Parental Control panel in Genexis devices with DRGOS before
1.14.1 ...)
NOT-FOR-US: Genexis devices
CVE-2015-3437
@@ -86188,10 +86267,10 @@
NOT-FOR-US: CA Common Services in ca.com products
CVE-2015-3316 (CA Common Services, as used in CA Client Automation r12.5 SP01,
r12.8, ...)
NOT-FOR-US: CA Common Services in ca.com products
-CVE-2015-3314
- RESERVED
-CVE-2015-3313
- RESERVED
+CVE-2015-3314 (SQL injection vulnerability in WordPress Tune Library plugin
before ...)
+ TODO: check
+CVE-2015-3313 (SQL injection vulnerability in WordPress Community Events
plugin ...)
+ TODO: check
CVE-2015-3312
RESERVED
CVE-2015-3311
@@ -86405,8 +86484,7 @@
NOT-FOR-US: Apache CloudStack
CVE-2015-3251 (Apache CloudStack before 4.5.2 might allow remote authenticated
...)
NOT-FOR-US: Apache CloudStack
-CVE-2015-3250 [timing attack vulnerability]
- RESERVED
+CVE-2015-3250 (Apache Directory LDAP API before 1.0.0-M31 allows attackers to
conduct ...)
- apache-directory-api 1.0.0~M20-3 (bug #791957)
NOTE: http://www.openwall.com/lists/oss-security/2015/07/07/5
CVE-2015-3249
@@ -86551,8 +86629,8 @@
NOTE:
https://git.samba.org/?p=samba.git;a=commit;h=fb456954f332c07a645226d59b3b00ec252f8b26
(v4-1-stable)
NOTE:
https://git.samba.org/?p=samba.git;a=commit;h=bb1b783ee9d7259cfc6a1fe882f22189747f8684
(v4-1-stable)
NOTE: Samba update needs as well fixed ldb
-CVE-2015-3222
- RESERVED
+CVE-2015-3222 (syscheck/seechanges.c in OSSEC 2.7 through 2.8.1 on NIX systems
allows ...)
+ TODO: check
CVE-2015-3221 (OpenStack Neutron before 2014.2.4 (juno) and 2015.1.x before
2015.1.1 ...)
- neutron 2015.1.0+2015.06.24.git61.bdf194a0e1-1 (bug #789713)
[jessie] - neutron <not-affected> (ipset code introduced in Juno)
@@ -86791,8 +86869,7 @@
NOTE: https://github.com/sosreport/sos/issues/425
CVE-2015-3170 (selinux-policy when sysctl fs.protected_hardlinks are set to 0
allows ...)
NOT-FOR-US: Red Hat specific issue with selinux-policy rpm package
-CVE-2015-3169 [XSS]
- RESERVED
+CVE-2015-3169 (Cross-site scripting (XSS) vulnerability in askbot ...)
- askbot <itp> (bug #687966)
CVE-2015-3168
REJECTED
@@ -87257,8 +87334,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2015/04/13/1
NOTE: Upstream patch:
https://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791/
NOTE: https://sourceforge.net/p/net-snmp/bugs/2615/ (currently not
public)
-CVE-2015-4085 [read-only directory traversal in Etherpad frontend tests]
- RESERVED
+CVE-2015-4085 (Directory traversal vulnerability in
node/hooks/express/tests.js in ...)
- etherpad-lite <itp> (bug #576998)
NOTE: http://www.openwall.com/lists/oss-security/2015/04/11/10
CVE-2015-3297 (Directory traversal vulnerability in node/utils/Minify.js in
Etherpad ...)
@@ -90212,8 +90288,8 @@
NOT-FOR-US: Googlemaps plugin for Joomla!
CVE-2013-7429
RESERVED
-CVE-2013-7428
- RESERVED
+CVE-2013-7428 (The Googlemaps plugin before 3.1 for Joomla! allows remote
attackers ...)
+ TODO: check
CVE-2015-2085
RESERVED
CVE-2015-2084 (Cross-site request forgery (CSRF) vulnerability in the Easy
Social ...)
@@ -93322,8 +93398,7 @@
CVE-2015-1591 (The kamailio build in kamailio before 4.2.0-2 process allows
local ...)
- kamailio 4.2.0-2 (bug #775681)
NOTE: https://github.com/kamailio/kamailio/issues/48
-CVE-2015-1590
- RESERVED
+CVE-2015-1590 (The kamcmd administrative utility and default configuration in
...)
- kamailio 4.2.0-2 (bug #775681)
NOTE: https://github.com/kamailio/kamailio/issues/48
CVE-2015-XXXX [insecure configuration permissions]
@@ -95287,8 +95362,8 @@
NOT-FOR-US: ProjectSend
CVE-2014-9566 (Multiple SQL injection vulnerabilities in the Manage Accounts
page in ...)
NOT-FOR-US: SolarWinds
-CVE-2014-9565
- RESERVED
+CVE-2014-9565 (Cross-site request forgery (CSRF) vulnerability in IBM Flex
System ...)
+ TODO: check
CVE-2014-9564 (CRLF injection vulnerability in IBM Flex System EN6131 40Gb
Ethernet ...)
NOT-FOR-US: IBM
CVE-2014-9563
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
