Author: sectracker
Date: 2017-03-28 09:10:12 +0000 (Tue, 28 Mar 2017)
New Revision: 50121
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-03-28 08:52:12 UTC (rev 50120)
+++ data/CVE/list 2017-03-28 09:10:12 UTC (rev 50121)
@@ -1,3 +1,135 @@
+CVE-2017-7286
+ RESERVED
+CVE-2016-10303
+ RESERVED
+CVE-2016-10302
+ RESERVED
+CVE-2016-10301
+ RESERVED
+CVE-2016-10300
+ RESERVED
+CVE-2016-10299
+ RESERVED
+CVE-2016-10298
+ RESERVED
+CVE-2016-10297
+ RESERVED
+CVE-2016-10296
+ RESERVED
+CVE-2016-10295
+ RESERVED
+CVE-2016-10294
+ RESERVED
+CVE-2016-10293
+ RESERVED
+CVE-2016-10292
+ RESERVED
+CVE-2016-10291
+ RESERVED
+CVE-2016-10290
+ RESERVED
+CVE-2016-10289
+ RESERVED
+CVE-2016-10288
+ RESERVED
+CVE-2016-10287
+ RESERVED
+CVE-2016-10286
+ RESERVED
+CVE-2016-10285
+ RESERVED
+CVE-2016-10284
+ RESERVED
+CVE-2016-10283
+ RESERVED
+CVE-2016-10282
+ RESERVED
+CVE-2016-10281
+ RESERVED
+CVE-2016-10280
+ RESERVED
+CVE-2016-10279
+ RESERVED
+CVE-2016-10278
+ RESERVED
+CVE-2016-10277
+ RESERVED
+CVE-2016-10276
+ RESERVED
+CVE-2016-10275
+ RESERVED
+CVE-2016-10274
+ RESERVED
+CVE-2015-9018
+ RESERVED
+CVE-2015-9017
+ RESERVED
+CVE-2015-9016
+ RESERVED
+CVE-2015-9015
+ RESERVED
+CVE-2015-9014
+ RESERVED
+CVE-2015-9013
+ RESERVED
+CVE-2015-9012
+ RESERVED
+CVE-2015-9011
+ RESERVED
+CVE-2015-9010
+ RESERVED
+CVE-2015-9009
+ RESERVED
+CVE-2015-9008
+ RESERVED
+CVE-2015-9007
+ RESERVED
+CVE-2015-9006
+ RESERVED
+CVE-2015-9005
+ RESERVED
+CVE-2015-9004
+ RESERVED
+CVE-2014-9959
+ RESERVED
+CVE-2014-9958
+ RESERVED
+CVE-2014-9957
+ RESERVED
+CVE-2014-9956
+ RESERVED
+CVE-2014-9955
+ RESERVED
+CVE-2014-9954
+ RESERVED
+CVE-2014-9953
+ RESERVED
+CVE-2014-9952
+ RESERVED
+CVE-2014-9951
+ RESERVED
+CVE-2014-9950
+ RESERVED
+CVE-2014-9949
+ RESERVED
+CVE-2014-9948
+ RESERVED
+CVE-2014-9947
+ RESERVED
+CVE-2014-9946
+ RESERVED
+CVE-2014-9945
+ RESERVED
+CVE-2014-9944
+ RESERVED
+CVE-2014-9943
+ RESERVED
+CVE-2014-9942
+ RESERVED
+CVE-2014-9941
+ RESERVED
+CVE-2014-9940
+ RESERVED
CVE-2017-7285
RESERVED
CVE-2017-7284
@@ -14,8 +146,8 @@
RESERVED
CVE-2017-7278
RESERVED
-CVE-2017-7277
- RESERVED
+CVE-2017-7277 (The TCP stack in the Linux kernel through 4.10.6 mishandles the
...)
+ TODO: check
CVE-2017-7276
RESERVED
CVE-2017-7275 (The ReadPCXImage function in coders/pcx.c in ImageMagick
7.0.4.9 allows ...)
@@ -35,6 +167,7 @@
- linux 4.9.6-1
NOTE: Fixed by:
https://git.kernel.org/linus/1ebb71143758f45dc0fa76e2f48429e13b16d110
CVE-2017-7272 (PHP through 7.1.3 enables potential SSRF in applications that
accept an ...)
+ {DLA-875-1}
- php7.1 <unfixed>
- php7.0 <unfixed>
- php5 <removed>
@@ -851,8 +984,8 @@
[wheezy] - binutils <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21137
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=03f7786e2f440b9892b1c34a58fb26222ce1b493
-CVE-2017-6964 [dmcrypt-get-device does not check the return values of setuid()
or setgid()]
- RESERVED
+CVE-2017-6964 (dmcrypt-get-device, as shipped in the eject package of Debian
and ...)
+ {DLA-876-1}
- eject 2.1.5+deb1+cvs20081104-13.2 (bug #858872)
NOTE: https://bugs.launchpad.net/ubuntu/+source/eject/+bug/1673627
CVE-2017-6963
@@ -6016,12 +6149,12 @@
RESERVED
CVE-2017-5240
RESERVED
-CVE-2017-5239
- RESERVED
-CVE-2017-5238
- RESERVED
-CVE-2017-5237
- RESERVED
+CVE-2017-5239 (Due to a lack of standard encryption when transmitting
sensitive ...)
+ TODO: check
+CVE-2017-5238 (Due to a lack of bounds checking, several input configuration
fields ...)
+ TODO: check
+CVE-2017-5237 (Due to a lack of authentication, an unauthenticated user who
knows the ...)
+ TODO: check
CVE-2017-5236
RESERVED
CVE-2017-5235 (Rapid7 Metasploit Pro installers prior to version
4.13.0-2017022101 ...)
@@ -15983,8 +16116,8 @@
NOT-FOR-US: IBM
CVE-2017-1154
RESERVED
-CVE-2017-1153
- RESERVED
+CVE-2017-1153 (IBM TRIRIGA Report Manager 3.2 through 3.5 contains a
vulnerability ...)
+ TODO: check
CVE-2017-1152
RESERVED
CVE-2017-1151 (IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using
OpenID ...)
@@ -16003,10 +16136,10 @@
NOT-FOR-US: IBM
CVE-2017-1144
RESERVED
-CVE-2017-1143
- RESERVED
-CVE-2017-1142
- RESERVED
+CVE-2017-1143 (IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a
remote ...)
+ TODO: check
+CVE-2017-1142 (IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a
remote ...)
+ TODO: check
CVE-2017-1141
RESERVED
CVE-2017-1140
@@ -16049,8 +16182,8 @@
RESERVED
CVE-2017-1121 (IBM WebSphere Application Server 7.0, 8.0, and 9.0 is
vulnerable to ...)
NOT-FOR-US: IBM
-CVE-2017-1120
- RESERVED
+CVE-2017-1120 (IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site
...)
+ TODO: check
CVE-2017-1119
RESERVED
CVE-2017-1118
@@ -16525,13 +16658,12 @@
RESERVED
CVE-2017-0883
RESERVED
-CVE-2017-0882 [Information Disclosure in Issue and Merge Request Trackers]
- RESERVED
+CVE-2017-0882 (Multiple versions of GitLab expose sensitive user credentials
when ...)
- gitlab 8.13.11+dfsg-7 (bug #858410)
NOTE: https://gitlab.com/gitlab-org/gitlab-ce/issues/29661
NOTE:
https://about.gitlab.com/2017/03/20/gitlab-8-dot-17-dot-4-security-release/
-CVE-2017-0881
- RESERVED
+CVE-2017-0881 (An error in the implementation of an autosubscribe feature in
the ...)
+ TODO: check
CVE-2016-9754 (The ring_buffer_resize function in kernel/trace/ring_buffer.c
in the ...)
- linux 4.6.1-1
[jessie] - linux 3.16.39-1
@@ -16571,8 +16703,8 @@
NOT-FOR-US: IBM
CVE-2016-9738
RESERVED
-CVE-2016-9737
- RESERVED
+CVE-2016-9737 (IBM TRIRIGA 3.3, 3.4, and 3.5 is vulnerable to cross-site
scripting. ...)
+ TODO: check
CVE-2016-9736
RESERVED
CVE-2016-9735
@@ -18766,49 +18898,48 @@
RESERVED
CVE-2016-9474
RESERVED
-CVE-2016-9473
- RESERVED
-CVE-2016-9472
- RESERVED
-CVE-2016-9471
- RESERVED
-CVE-2016-9470
- RESERVED
-CVE-2016-9469 [Denial-of-Service and Data Corruption Vulnerability in Issue
and Merge Request Trackers]
- RESERVED
+CVE-2016-9473 (Brave Browser iOS before 1.2.18 and Brave Browser Android
1.9.56 and ...)
+ TODO: check
+CVE-2016-9472 (Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected
XSS. The ...)
+ TODO: check
+CVE-2016-9471 (Revive Adserver before 3.2.5 and 4.0.0 suffers from Special
Element ...)
+ TODO: check
+CVE-2016-9470 (Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected
File ...)
+ TODO: check
+CVE-2016-9469 (Multiple versions of GitLab expose a dangerous method to any
...)
- gitlab 8.13.6+dfsg2-2 (bug #847157)
NOTE: https://about.gitlab.com/2016/12/05/cve-2016-9469/
NOTE: https://gitlab.com/gitlab-org/gitlab-ce/issues/25064
-CVE-2016-9468
- RESERVED
-CVE-2016-9467
- RESERVED
-CVE-2016-9466
- RESERVED
-CVE-2016-9465
- RESERVED
-CVE-2016-9464
- RESERVED
-CVE-2016-9463
- RESERVED
-CVE-2016-9462
- RESERVED
-CVE-2016-9461
- RESERVED
-CVE-2016-9460
- RESERVED
-CVE-2016-9459
- RESERVED
+CVE-2016-9468 (Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server
before ...)
+ TODO: check
+CVE-2016-9467 (Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server
before ...)
+ TODO: check
+CVE-2016-9466 (Nextcloud Server before 10.0.1 & ownCloud Server before
9.0.6 and ...)
+ TODO: check
+CVE-2016-9465 (Nextcloud Server before 10.0.1 & ownCloud Server before
9.0.6 and 9.1.2 ...)
+ TODO: check
+CVE-2016-9464 (Nextcloud Server before 9.0.54 and 10.0.0 suffers from an
improper ...)
+ TODO: check
+CVE-2016-9463 (Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server
before ...)
+ TODO: check
+CVE-2016-9462 (Nextcloud Server before 9.0.52 & ownCloud Server before
9.0.4 are not ...)
+ TODO: check
+CVE-2016-9461 (Nextcloud Server before 9.0.52 & ownCloud Server before
9.0.4 are not ...)
+ TODO: check
+CVE-2016-9460 (Nextcloud Server before 9.0.52 & ownCloud Server before
9.0.4 are ...)
+ TODO: check
+CVE-2016-9459 (Nextcloud Server before 9.0.52 & ownCloud Server before
9.0.4 are ...)
+ TODO: check
CVE-2016-9458
RESERVED
-CVE-2016-9457
- RESERVED
-CVE-2016-9456
- RESERVED
-CVE-2016-9455
- RESERVED
-CVE-2016-9454
- RESERVED
+CVE-2016-9457 (Revive Adserver before 3.2.3 suffers from Reflected XSS. ...)
+ TODO: check
+CVE-2016-9456 (Revive Adserver before 3.2.3 suffers from Cross-Site Request
Forgery ...)
+ TODO: check
+CVE-2016-9455 (Revive Adserver before 3.2.3 suffers from Cross-Site Request
Forgery ...)
+ TODO: check
+CVE-2016-9454 (Revive Adserver before 3.2.3 suffers from Persistent XSS. A
vector for ...)
+ TODO: check
CVE-2016-9444 (named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5,
and ...)
{DSA-3758-1 DLA-805-1}
[experimental] - bind9 1:9.10.4-P5-1
@@ -20026,26 +20157,26 @@
[experimental] - bind9 1:9.10.4-P5-1
- bind9 1:9.10.3.dfsg.P4-11 (bug #851065)
NOTE: https://kb.isc.org/article/AA-01439/0
-CVE-2016-9130
- RESERVED
-CVE-2016-9129
- RESERVED
-CVE-2016-9128
- RESERVED
-CVE-2016-9127
- RESERVED
-CVE-2016-9126
- RESERVED
-CVE-2016-9125
- RESERVED
-CVE-2016-9124
- RESERVED
-CVE-2016-9123
- RESERVED
-CVE-2016-9122
- RESERVED
-CVE-2016-9121
- RESERVED
+CVE-2016-9130 (Revive Adserver before 3.2.3 suffers from Persistent XSS. A
vector for ...)
+ TODO: check
+CVE-2016-9129 (Revive Adserver before 3.2.3 suffers from Information Exposure
Through ...)
+ TODO: check
+CVE-2016-9128 (Revive Adserver before 3.2.3 suffers from reflected XSS. The
...)
+ TODO: check
+CVE-2016-9127 (Revive Adserver before 3.2.3 suffers from Cross-Site Request
Forgery ...)
+ TODO: check
+CVE-2016-9126 (Revive Adserver before 3.2.3 suffers from persistent XSS.
Usernames are ...)
+ TODO: check
+CVE-2016-9125 (Revive Adserver before 3.2.3 suffers from session fixation, by
...)
+ TODO: check
+CVE-2016-9124 (Revive Adserver before 3.2.3 suffers from Improper Restriction
of ...)
+ TODO: check
+CVE-2016-9123 (go-jose before 1.0.5 suffers from a CBC-HMAC integer overflow
on 32-bit ...)
+ TODO: check
+CVE-2016-9122 (go-jose before 1.0.4 suffers from multiple signatures
exploitation. ...)
+ TODO: check
+CVE-2016-9121 (go-jose before 1.0.4 suffers from an invalid curve attack for
the ...)
+ TODO: check
CVE-2016-9140 [RCE]
RESERVED
- zabbix 1:3.0.6+dfsg-1 (bug #842702; unimportant)
@@ -20537,8 +20668,8 @@
RESERVED
CVE-2016-8961 (IBM BigFix Inventory v9 could allow a remote attacker to
conduct ...)
NOT-FOR-US: IBM
-CVE-2016-8960
- RESERVED
+CVE-2016-8960 (IBM Cognos Business Intelligence 10.2 could allow a user with
lower ...)
+ TODO: check
CVE-2016-8959
RESERVED
CVE-2016-8958
@@ -25193,6 +25324,7 @@
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73257
NOTE: Fixed in 7.0.12
CVE-2016-7479 (In all versions of PHP 7, during the unserialization process,
resizing ...)
+ {DLA-875-1}
- php7.1 7.1.1-1
- php7.0 7.0.15-1
- php5 <removed>
@@ -25205,7 +25337,7 @@
NOTE: PHP 7, because this also prevents a wide range of other
__wakeup() based
NOTE: attacks.
CVE-2016-7478 (Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and
7.x ...)
- {DSA-3732-1}
+ {DSA-3732-1 DLA-875-1}
- php7.1 <not-affected> (Fixed before initial upload to Debian)
- php7.0 7.0.13-1
- php5 <removed>
@@ -30067,8 +30199,8 @@
NOT-FOR-US: IBM
CVE-2016-6103 (IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 is vulnerable to
...)
NOT-FOR-US: IBM
-CVE-2016-6102
- RESERVED
+CVE-2016-6102 (IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 stores sensitive
...)
+ TODO: check
CVE-2016-6101
RESERVED
CVE-2016-6100
@@ -30159,8 +30291,8 @@
RESERVED
CVE-2016-6057
RESERVED
-CVE-2016-6056
- RESERVED
+CVE-2016-6056 (IBM Call Center for Commerce 9.3 and 9.4 is vulnerable to
cross-site ...)
+ TODO: check
CVE-2016-6055 (IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is
vulnerable to ...)
NOT-FOR-US: IBM
CVE-2016-6054 (IBM Jazz Foundation is vulnerable to cross-site scripting. This
...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
