Author: sectracker Date: 2017-10-23 21:10:17 +0000 (Mon, 23 Oct 2017) New Revision: 56928
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-10-23 18:53:20 UTC (rev 56927) +++ data/CVE/list 2017-10-23 21:10:17 UTC (rev 56928) @@ -1,3 +1,19 @@ +CVE-2017-15812 (The Easy Appointments plugin before 1.12.0 for WordPress has XSS via a ...) + TODO: check +CVE-2017-15811 (The Pootle Button plugin before 1.2.0 for WordPress has XSS via the ...) + TODO: check +CVE-2017-15810 (The PopCash.Net Code Integration Tool plugin before 1.1 for WordPress ...) + TODO: check +CVE-2017-15809 (In phpMyFaq before 2.9.9, there is XSS in admin/tags.main.php via a ...) + TODO: check +CVE-2017-15808 (In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php. ...) + TODO: check +CVE-2017-15807 + RESERVED +CVE-2017-15806 + RESERVED +CVE-2016-10516 (Cross-site scripting (XSS) vulnerability in the render_full function in ...) + TODO: check CVE-2017-15805 (Cisco Small Business SA520 and SA540 devices with firmware 2.1.71 and ...) NOT-FOR-US: Cisco CVE-2017-15804 (The glob function in glob.c in the GNU C Library (aka glibc or libc6) ...) @@ -5336,8 +5352,8 @@ NOT-FOR-US: Hikvision CVE-2017-13773 RESERVED -CVE-2017-13772 - RESERVED +CVE-2017-13772 (Multiple stack-based buffer overflows in TP-Link WR940N WiFi routers ...) + TODO: check CVE-2017-13771 (Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network ...) NOT-FOR-US: Lexmark Scan To Network CVE-2017-13770 @@ -5769,10 +5785,10 @@ NOTE: Crash in the command-line shell program, not the the core SQLite library. CVE-2017-13684 (Unisys Libra 64xx and 84xx and FS601 class systems with MCP-FIRMWARE ...) NOT-FOR-US: Unisys Libra -CVE-2017-13683 - RESERVED -CVE-2017-13682 - RESERVED +CVE-2017-13683 (In Symantec Endpoint Encryption before SEE 11.1.3HF3, a kernel memory ...) + TODO: check +CVE-2017-13682 (In Symantec Encryption Desktop before SED 10.4.1 MP2HF1, a kernel ...) + TODO: check CVE-2017-13681 RESERVED CVE-2017-13680 @@ -81348,8 +81364,8 @@ NOTE: https://src.openvz.org/projects/OVZL/repos/vzctl/commits/9e98ea630ac0e88b44e3e23c878a5166aeb74e1c NOTE: https://plus.google.com/+OpenVZorg/posts/gidyrouNi7D NOTE: https://wiki.openvz.org/Download/vzctl/4.9.4 -CVE-2015-6839 - RESERVED +CVE-2015-6839 (The parse function in MSA vot.Ar 3.1 does not check whether a ...) + TODO: check CVE-2015-6829 (Multiple SQL injection vulnerabilities in the getip function in ...) NOT-FOR-US: getip function in wp-limit-login-attempts.php in the WP Limit Login Attempts plugin for WordPress CVE-2015-6828 (The tweet_info function in class/__functions.php in the SecureMoz ...) @@ -84827,11 +84843,9 @@ NOT-FOR-US: qTranslate plugin for wordpress CVE-2015-5534 (Multiple cross-site request forgery (CSRF) vulnerabilities in Oxwall ...) NOT-FOR-US: Oxwall -CVE-2015-5533 - RESERVED +CVE-2015-5533 (SQL injection vulnerability in counter-options.php in the Count Per ...) NOT-FOR-US: WordPress plugin count-per-day -CVE-2015-5532 - RESERVED +CVE-2015-5532 (Multiple cross-site scripting (XSS) vulnerabilities in the Paid ...) NOT-FOR-US: WordPress plugin paid-memberships-pro CVE-2015-5530 (Multiple cross-site request forgery (CSRF) vulnerabilities in Free ...) NOT-FOR-US: Free Reprintables @@ -85165,8 +85179,7 @@ RESERVED CVE-2015-5384 RESERVED -CVE-2015-5379 - RESERVED +CVE-2015-5379 (Cross-site scripting (XSS) vulnerability in actions.hsp in the Ajax ...) NOT-FOR-US: Axigen CVE-2015-5378 (Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote ...) - logstash <itp> (bug #664841) @@ -88144,9 +88157,9 @@ RESERVED CVE-2015-4423 RESERVED -CVE-2015-4422 (The TEEOS module in Huawei Mate 7 (Mate7-TL10) smartphone before ...) +CVE-2015-4422 (The TEEOS module in Huawei Mate 7 (Mate7-TL10) smartphones before ...) NOT-FOR-US: TEEOS module in Huawei Mate 7 -CVE-2015-4421 (The tzdriver module in Huawei Mate 7 (Mate7-TL10) smartphone before ...) +CVE-2015-4421 (The tzdriver module in Huawei Mate 7 (Mate7-TL10) smartphones before ...) NOT-FOR-US: tzdriver module in Huawei Mate 7 CVE-2015-4420 (Multiple cross-site scripting (XSS) vulnerabilities in Opsview 4.6.2 ...) NOT-FOR-US: Opsview @@ -92550,8 +92563,8 @@ NOT-FOR-US: TRENDnet WiFi Baby Cam TV-IP743SIC CVE-2015-2879 RESERVED -CVE-2015-2878 - RESERVED +CVE-2015-2878 (Multiple cross-site request forgery (CSRF) vulnerabilities in Hexis ...) + TODO: check CVE-2015-2877 (** DISPUTED ** Kernel Samepage Merging (KSM) in the Linux kernel ...) - linux <unfixed> (unimportant) - linux-2.6 <removed> (unimportant) @@ -116500,15 +116513,15 @@ RESERVED CVE-2014-3745 RESERVED -CVE-2014-3744 - RESERVED +CVE-2014-3744 (Directory traversal vulnerability in the st module before 0.2.5 for ...) + TODO: check CVE-2014-3743 RESERVED - node-marked 0.3.1+dfsg-1 CVE-2014-3742 (The hapi server framework 2.0.x and 2.1.x before 2.2.0 for Node.js ...) NOT-FOR-US: hapi framework for Node.js -CVE-2014-3741 - RESERVED +CVE-2014-3741 (The printDirect function in lib/printer.js in the node-printer module ...) + TODO: check CVE-2014-3740 (Cross-site scripting (XSS) vulnerability in SpiceWorks before ...) NOT-FOR-US: SpiceWorks CVE-2014-3737 (Cross-site scripting (XSS) vulnerability in ...) @@ -117580,8 +117593,8 @@ NOT-FOR-US: tomato module for Node.js CVE-2013-7378 RESERVED -CVE-2013-7377 - RESERVED +CVE-2013-7377 (The codem-transcode module before 0.5.0 for Node.js, when ffprobe is ...) + TODO: check CVE-2013-7376 (Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX ...) NOT-FOR-US: OpenX CVE-2014-3800 (XBMC 13.0 uses world-readable permissions for ...) @@ -152024,17 +152037,13 @@ - python-keyring 0.9.2-1 (bug #675379) [wheezy] - python-keyring 0.7.1-1+deb7u1 [squeeze] - python-keyring <no-dsa> (Minor issue) -CVE-2012-4570 [sql injection] - RESERVED +CVE-2012-4570 (SQL injection vulnerability in LetoDMS_Core/Core/inc.ClassDMS.php in ...) - php-letodms-core 3.3.8-1 -CVE-2012-4569 [multiple xss in 3.3.9] - RESERVED +CVE-2012-4569 (Multiple cross-site scripting (XSS) vulnerabilities in ...) - letodms 3.3.9+dfsg-1 -CVE-2012-4568 [csrf] - RESERVED +CVE-2012-4568 (Multiple cross-site request forgery (CSRF) vulnerabilities in LetoDMS ...) - letodms 3.3.9+dfsg-1 -CVE-2012-4567 [multiple xss in 3.3.8] - RESERVED +CVE-2012-4567 (Multiple cross-site scripting (XSS) vulnerabilities in LetoDMS ...) - letodms 3.3.9+dfsg-1 CVE-2012-4566 (The DTLS support in radsecproxy before 1.6.2 does not properly verify ...) {DSA-2573-1} @@ -165755,11 +165764,9 @@ NOT-FOR-US: Tiki Wiki CVE-2011-4335 (Multiple cross-site scripting (XSS) vulnerabilities in Contao before ...) NOT-FOR-US: Contao -CVE-2011-4334 - RESERVED +CVE-2011-4334 (edit.php in LabWiki 1.1 and earlier does not properly verify uploaded ...) NOT-FOR-US: LabWiki -CVE-2011-4333 - RESERVED +CVE-2011-4333 (Multiple cross-site scripting (XSS) vulnerabilities in LabWiki 1.1 and ...) NOT-FOR-US: LabWiki CVE-2011-4332 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.6.3 ...) NOT-FOR-US: Joomla @@ -171056,13 +171063,11 @@ - openoffice.org 1:3.3.0-1 [lenny] - openoffice.org <not-affected> (Vulnerable code not present) NOTE: Since 3.3.0 openoffice.org is a transitional source package to migrate to libreoffice -CVE-2011-2684 - RESERVED +CVE-2011-2684 (foo2zjs before 20110722dfsg-3ubuntu1 as packaged in Ubuntu, ...) - foo2zjs 20110722dfsg-1 (low; bug #633870) [lenny] - foo2zjs <no-dsa> (Minor issue) [squeeze] - foo2zjs 20090908dfsg-5.1+squeeze0 -CVE-2011-2683 - RESERVED +CVE-2011-2683 (reseed seeds random numbers from an insecure HTTP request to ...) - reseed <removed> [lenny] - reseed <no-dsa> (Minor issue) CVE-2010-4814 (SQL injection vulnerability in index1.php in Best Soft Inc. (BSI) ...) @@ -185570,8 +185575,8 @@ - tiff 3.9.4-2 - tiff3 <not-affected> (fixed prior to initial upload) [lenny] - tiff <not-affected> (Only affects 3.9.x) -CVE-2010-2232 - RESERVED +CVE-2010-2232 (In Apache Derby 10.1.2.1, 10.2.2.0, 10.3.1.4, and 10.4.1.3, Export ...) + TODO: check CVE-2010-2231 (Cross-site request forgery (CSRF) vulnerability in ...) {DSA-2115-1} - moodle 1.9.9-1 (bug #586280) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits