Author: sectracker
Date: 2017-10-23 21:10:17 +0000 (Mon, 23 Oct 2017)
New Revision: 56928
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-23 18:53:20 UTC (rev 56927)
+++ data/CVE/list 2017-10-23 21:10:17 UTC (rev 56928)
@@ -1,3 +1,19 @@
+CVE-2017-15812 (The Easy Appointments plugin before 1.12.0 for WordPress has
XSS via a ...)
+ TODO: check
+CVE-2017-15811 (The Pootle Button plugin before 1.2.0 for WordPress has XSS
via the ...)
+ TODO: check
+CVE-2017-15810 (The PopCash.Net Code Integration Tool plugin before 1.1 for
WordPress ...)
+ TODO: check
+CVE-2017-15809 (In phpMyFaq before 2.9.9, there is XSS in admin/tags.main.php
via a ...)
+ TODO: check
+CVE-2017-15808 (In phpMyFaq before 2.9.9, there is CSRF in
admin/ajax.config.php. ...)
+ TODO: check
+CVE-2017-15807
+ RESERVED
+CVE-2017-15806
+ RESERVED
+CVE-2016-10516 (Cross-site scripting (XSS) vulnerability in the render_full
function in ...)
+ TODO: check
CVE-2017-15805 (Cisco Small Business SA520 and SA540 devices with firmware
2.1.71 and ...)
NOT-FOR-US: Cisco
CVE-2017-15804 (The glob function in glob.c in the GNU C Library (aka glibc or
libc6) ...)
@@ -5336,8 +5352,8 @@
NOT-FOR-US: Hikvision
CVE-2017-13773
RESERVED
-CVE-2017-13772
- RESERVED
+CVE-2017-13772 (Multiple stack-based buffer overflows in TP-Link WR940N WiFi
routers ...)
+ TODO: check
CVE-2017-13771 (Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network
...)
NOT-FOR-US: Lexmark Scan To Network
CVE-2017-13770
@@ -5769,10 +5785,10 @@
NOTE: Crash in the command-line shell program, not the the core SQLite
library.
CVE-2017-13684 (Unisys Libra 64xx and 84xx and FS601 class systems with
MCP-FIRMWARE ...)
NOT-FOR-US: Unisys Libra
-CVE-2017-13683
- RESERVED
-CVE-2017-13682
- RESERVED
+CVE-2017-13683 (In Symantec Endpoint Encryption before SEE 11.1.3HF3, a kernel
memory ...)
+ TODO: check
+CVE-2017-13682 (In Symantec Encryption Desktop before SED 10.4.1 MP2HF1, a
kernel ...)
+ TODO: check
CVE-2017-13681
RESERVED
CVE-2017-13680
@@ -81348,8 +81364,8 @@
NOTE:
https://src.openvz.org/projects/OVZL/repos/vzctl/commits/9e98ea630ac0e88b44e3e23c878a5166aeb74e1c
NOTE: https://plus.google.com/+OpenVZorg/posts/gidyrouNi7D
NOTE: https://wiki.openvz.org/Download/vzctl/4.9.4
-CVE-2015-6839
- RESERVED
+CVE-2015-6839 (The parse function in MSA vot.Ar 3.1 does not check whether a
...)
+ TODO: check
CVE-2015-6829 (Multiple SQL injection vulnerabilities in the getip function in
...)
NOT-FOR-US: getip function in wp-limit-login-attempts.php in the WP
Limit Login Attempts plugin for WordPress
CVE-2015-6828 (The tweet_info function in class/__functions.php in the
SecureMoz ...)
@@ -84827,11 +84843,9 @@
NOT-FOR-US: qTranslate plugin for wordpress
CVE-2015-5534 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Oxwall ...)
NOT-FOR-US: Oxwall
-CVE-2015-5533
- RESERVED
+CVE-2015-5533 (SQL injection vulnerability in counter-options.php in the Count
Per ...)
NOT-FOR-US: WordPress plugin count-per-day
-CVE-2015-5532
- RESERVED
+CVE-2015-5532 (Multiple cross-site scripting (XSS) vulnerabilities in the Paid
...)
NOT-FOR-US: WordPress plugin paid-memberships-pro
CVE-2015-5530 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Free ...)
NOT-FOR-US: Free Reprintables
@@ -85165,8 +85179,7 @@
RESERVED
CVE-2015-5384
RESERVED
-CVE-2015-5379
- RESERVED
+CVE-2015-5379 (Cross-site scripting (XSS) vulnerability in actions.hsp in the
Ajax ...)
NOT-FOR-US: Axigen
CVE-2015-5378 (Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows
remote ...)
- logstash <itp> (bug #664841)
@@ -88144,9 +88157,9 @@
RESERVED
CVE-2015-4423
RESERVED
-CVE-2015-4422 (The TEEOS module in Huawei Mate 7 (Mate7-TL10) smartphone
before ...)
+CVE-2015-4422 (The TEEOS module in Huawei Mate 7 (Mate7-TL10) smartphones
before ...)
NOT-FOR-US: TEEOS module in Huawei Mate 7
-CVE-2015-4421 (The tzdriver module in Huawei Mate 7 (Mate7-TL10) smartphone
before ...)
+CVE-2015-4421 (The tzdriver module in Huawei Mate 7 (Mate7-TL10) smartphones
before ...)
NOT-FOR-US: tzdriver module in Huawei Mate 7
CVE-2015-4420 (Multiple cross-site scripting (XSS) vulnerabilities in Opsview
4.6.2 ...)
NOT-FOR-US: Opsview
@@ -92550,8 +92563,8 @@
NOT-FOR-US: TRENDnet WiFi Baby Cam TV-IP743SIC
CVE-2015-2879
RESERVED
-CVE-2015-2878
- RESERVED
+CVE-2015-2878 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Hexis ...)
+ TODO: check
CVE-2015-2877 (** DISPUTED ** Kernel Samepage Merging (KSM) in the Linux
kernel ...)
- linux <unfixed> (unimportant)
- linux-2.6 <removed> (unimportant)
@@ -116500,15 +116513,15 @@
RESERVED
CVE-2014-3745
RESERVED
-CVE-2014-3744
- RESERVED
+CVE-2014-3744 (Directory traversal vulnerability in the st module before 0.2.5
for ...)
+ TODO: check
CVE-2014-3743
RESERVED
- node-marked 0.3.1+dfsg-1
CVE-2014-3742 (The hapi server framework 2.0.x and 2.1.x before 2.2.0 for
Node.js ...)
NOT-FOR-US: hapi framework for Node.js
-CVE-2014-3741
- RESERVED
+CVE-2014-3741 (The printDirect function in lib/printer.js in the node-printer
module ...)
+ TODO: check
CVE-2014-3740 (Cross-site scripting (XSS) vulnerability in SpiceWorks before
...)
NOT-FOR-US: SpiceWorks
CVE-2014-3737 (Cross-site scripting (XSS) vulnerability in ...)
@@ -117580,8 +117593,8 @@
NOT-FOR-US: tomato module for Node.js
CVE-2013-7378
RESERVED
-CVE-2013-7377
- RESERVED
+CVE-2013-7377 (The codem-transcode module before 0.5.0 for Node.js, when
ffprobe is ...)
+ TODO: check
CVE-2013-7376 (Multiple cross-site request forgery (CSRF) vulnerabilities in
OpenX ...)
NOT-FOR-US: OpenX
CVE-2014-3800 (XBMC 13.0 uses world-readable permissions for ...)
@@ -152024,17 +152037,13 @@
- python-keyring 0.9.2-1 (bug #675379)
[wheezy] - python-keyring 0.7.1-1+deb7u1
[squeeze] - python-keyring <no-dsa> (Minor issue)
-CVE-2012-4570 [sql injection]
- RESERVED
+CVE-2012-4570 (SQL injection vulnerability in
LetoDMS_Core/Core/inc.ClassDMS.php in ...)
- php-letodms-core 3.3.8-1
-CVE-2012-4569 [multiple xss in 3.3.9]
- RESERVED
+CVE-2012-4569 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- letodms 3.3.9+dfsg-1
-CVE-2012-4568 [csrf]
- RESERVED
+CVE-2012-4568 (Multiple cross-site request forgery (CSRF) vulnerabilities in
LetoDMS ...)
- letodms 3.3.9+dfsg-1
-CVE-2012-4567 [multiple xss in 3.3.8]
- RESERVED
+CVE-2012-4567 (Multiple cross-site scripting (XSS) vulnerabilities in LetoDMS
...)
- letodms 3.3.9+dfsg-1
CVE-2012-4566 (The DTLS support in radsecproxy before 1.6.2 does not properly
verify ...)
{DSA-2573-1}
@@ -165755,11 +165764,9 @@
NOT-FOR-US: Tiki Wiki
CVE-2011-4335 (Multiple cross-site scripting (XSS) vulnerabilities in Contao
before ...)
NOT-FOR-US: Contao
-CVE-2011-4334
- RESERVED
+CVE-2011-4334 (edit.php in LabWiki 1.1 and earlier does not properly verify
uploaded ...)
NOT-FOR-US: LabWiki
-CVE-2011-4333
- RESERVED
+CVE-2011-4333 (Multiple cross-site scripting (XSS) vulnerabilities in LabWiki
1.1 and ...)
NOT-FOR-US: LabWiki
CVE-2011-4332 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla!
1.6.3 ...)
NOT-FOR-US: Joomla
@@ -171056,13 +171063,11 @@
- openoffice.org 1:3.3.0-1
[lenny] - openoffice.org <not-affected> (Vulnerable code not present)
NOTE: Since 3.3.0 openoffice.org is a transitional source package to
migrate to libreoffice
-CVE-2011-2684
- RESERVED
+CVE-2011-2684 (foo2zjs before 20110722dfsg-3ubuntu1 as packaged in Ubuntu, ...)
- foo2zjs 20110722dfsg-1 (low; bug #633870)
[lenny] - foo2zjs <no-dsa> (Minor issue)
[squeeze] - foo2zjs 20090908dfsg-5.1+squeeze0
-CVE-2011-2683
- RESERVED
+CVE-2011-2683 (reseed seeds random numbers from an insecure HTTP request to
...)
- reseed <removed>
[lenny] - reseed <no-dsa> (Minor issue)
CVE-2010-4814 (SQL injection vulnerability in index1.php in Best Soft Inc.
(BSI) ...)
@@ -185570,8 +185575,8 @@
- tiff 3.9.4-2
- tiff3 <not-affected> (fixed prior to initial upload)
[lenny] - tiff <not-affected> (Only affects 3.9.x)
-CVE-2010-2232
- RESERVED
+CVE-2010-2232 (In Apache Derby 10.1.2.1, 10.2.2.0, 10.3.1.4, and 10.4.1.3,
Export ...)
+ TODO: check
CVE-2010-2231 (Cross-site request forgery (CSRF) vulnerability in ...)
{DSA-2115-1}
- moodle 1.9.9-1 (bug #586280)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
