Author: sectracker
Date: 2017-04-01 09:10:13 +0000 (Sat, 01 Apr 2017)
New Revision: 50238
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-04-01 08:06:12 UTC (rev 50237)
+++ data/CVE/list 2017-04-01 09:10:13 UTC (rev 50238)
@@ -1,3 +1,71 @@
+CVE-2017-7397
+ RESERVED
+CVE-2017-7396 (In TigerVNC 1.7.1 (CConnection.cxx CConnection::CConnection),
an ...)
+ TODO: check
+CVE-2017-7395 (In TigerVNC 1.7.1 (SMsgReader.cxx
SMsgReader::readClientCutText), by ...)
+ TODO: check
+CVE-2017-7394 (In TigerVNC 1.7.1 (SSecurityPlain.cxx
SSecurityPlain::processMsg), ...)
+ TODO: check
+CVE-2017-7393 (In TigerVNC 1.7.1 (VNCSConnectionST.cxx
VNCSConnectionST::fence), an ...)
+ TODO: check
+CVE-2017-7392 (In TigerVNC 1.7.1 (SSecurityVeNCrypt.cxx ...)
+ TODO: check
+CVE-2017-7391 (A Cross-Site Scripting (XSS) was discovered in 'Magmi 0.7.22'.
The ...)
+ TODO: check
+CVE-2017-7390 (A Cross-Site Scripting (XSS) was discovered in 'SocialNetwork
v1.2.1'. ...)
+ TODO: check
+CVE-2017-7389 (Multiple Cross-Site Scripting (XSS) were discovered in
'openeclass ...)
+ TODO: check
+CVE-2017-7388 (A Cross-Site Scripting (XSS) was discovered in 'wallacepos
v1.4.1'. The ...)
+ TODO: check
+CVE-2017-7387 (TheFirstQuestion/HelpMeWatchWho before 2017-03-28 is vulnerable
to a ...)
+ TODO: check
+CVE-2017-7386 (citymont/symetrie v.0.9.6 is vulnerable to a reflected XSS in
...)
+ TODO: check
+CVE-2017-7385
+ RESERVED
+CVE-2017-7384
+ RESERVED
+CVE-2017-7383
+ RESERVED
+CVE-2017-7382
+ RESERVED
+CVE-2017-7381
+ RESERVED
+CVE-2017-7380
+ RESERVED
+CVE-2017-7379
+ RESERVED
+CVE-2017-7378
+ RESERVED
+CVE-2017-7377
+ RESERVED
+CVE-2017-7376
+ RESERVED
+CVE-2017-7375
+ RESERVED
+CVE-2017-7374 (Use-after-free vulnerability in fs/crypto/ in the Linux kernel
before ...)
+ TODO: check
+CVE-2017-7373
+ RESERVED
+CVE-2017-7372
+ RESERVED
+CVE-2017-7371
+ RESERVED
+CVE-2017-7370
+ RESERVED
+CVE-2017-7369
+ RESERVED
+CVE-2017-7368
+ RESERVED
+CVE-2017-7367
+ RESERVED
+CVE-2017-7366
+ RESERVED
+CVE-2017-7365
+ RESERVED
+CVE-2017-7364
+ RESERVED
CVE-2017-7363 (Pixie 1.0.4 allows an admin/index.php
s=publish&m=module&x= XSS ...)
NOT-FOR-US: Pixie CMS
CVE-2017-7362 (Pixie 1.0.4 allows an admin/index.php
s=publish&m=dynamic&x= XSS ...)
@@ -10043,8 +10111,8 @@
NOT-FOR-US: IBM
CVE-2016-9991
RESERVED
-CVE-2016-9990
- RESERVED
+CVE-2016-9990 (IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting.
This ...)
+ TODO: check
CVE-2016-9989
RESERVED
CVE-2016-9988
@@ -12248,10 +12316,10 @@
RESERVED
CVE-2017-3011
RESERVED
-CVE-2017-3010
- RESERVED
-CVE-2017-3009
- RESERVED
+CVE-2017-3010 (Adobe Acrobat Reader versions 15.020.20042 and earlier,
15.006.30244 ...)
+ TODO: check
+CVE-2017-3009 (Adobe Acrobat Reader versions 15.020.20042 and earlier,
15.006.30244 ...)
+ TODO: check
CVE-2017-3008
RESERVED
CVE-2017-3007
@@ -12983,8 +13051,8 @@
RESERVED
CVE-2017-2776
RESERVED
-CVE-2017-2775
- RESERVED
+CVE-2017-2775 (An exploitable memory corruption vulnerability exists in the
...)
+ TODO: check
CVE-2017-2774
RESERVED
CVE-2017-2773
@@ -16374,8 +16442,8 @@
RESERVED
CVE-2017-1172
RESERVED
-CVE-2017-1171
- RESERVED
+CVE-2017-1171 (The IBM TRIRIGA Application Platform 3.3, 3,4, and 3,5 contain
a ...)
+ TODO: check
CVE-2017-1170
RESERVED
CVE-2017-1169
@@ -16408,8 +16476,8 @@
RESERVED
CVE-2017-1155 (IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and
5.1.0 could ...)
NOT-FOR-US: IBM
-CVE-2017-1154
- RESERVED
+CVE-2017-1154 (IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and
5.1.0 could ...)
+ TODO: check
CVE-2017-1153 (IBM TRIRIGA Report Manager 3.2 through 3.5 contains a
vulnerability ...)
NOT-FOR-US: IBM
CVE-2017-1152
@@ -16448,7 +16516,7 @@
RESERVED
CVE-2017-1135
RESERVED
-CVE-2017-1134 (IBM Power Hardware Management Console (HMC) 3.3.2 and 4.1 could
allow ...)
+CVE-2017-1134 (IBM Reliable Scalable Cluster Technology could allow a local
user to ...)
NOT-FOR-US: IBM
CVE-2017-1133 (IBM QRadar 7.2 is vulnerable to cross-site scripting. This ...)
NOT-FOR-US: IBM
@@ -17057,8 +17125,8 @@
RESERVED
CVE-2016-9708
RESERVED
-CVE-2016-9707
- RESERVED
+CVE-2016-9707 (IBM Jazz Foundation is vulnerable to a denial of service,
caused by an ...)
+ TODO: check
CVE-2016-9706 (IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker
SOAP ...)
NOT-FOR-US: IBM
CVE-2016-9705
@@ -21021,8 +21089,8 @@
RESERVED
CVE-2016-8936 (IBM Social Rendering Templates for Digital Data Connector is
...)
NOT-FOR-US: IBM
-CVE-2016-8935
- RESERVED
+CVE-2016-8935 (IBM Kenexa LMS on Cloud 13.1, 13.2, 13.2.2, 13.2.3, 13.2.4 and
14.0.0 ...)
+ TODO: check
CVE-2016-8934 (IBM WebSphere Application Server is vulnerable to cross-site
...)
NOT-FOR-US: IBM
CVE-2016-8933 (IBM Kenexa LMS on Cloud could allow a remote attacker to
traverse ...)
@@ -21057,8 +21125,8 @@
NOT-FOR-US: IBM
CVE-2016-8918 (IBM Integration Bus, under non default configurations, could
allow a ...)
NOT-FOR-US: IBM
-CVE-2016-8917
- RESERVED
+CVE-2016-8917 (IBM Sterling Order Management 9.2 - 9.5 is vulnerable to
cross-site ...)
+ TODO: check
CVE-2016-8916
RESERVED
CVE-2016-8915 (IBM WebSphere MQ 8.0 could allow an authenticated user with
access to ...)
@@ -24262,8 +24330,8 @@
RESERVED
CVE-2016-8033
RESERVED
-CVE-2016-8032
- RESERVED
+CVE-2016-8032 (Software Integrity Attacks vulnerability in Intel Security
Anti-Virus ...)
+ TODO: check
CVE-2016-8031 (Software Integrity Attacks vulnerability in Intel Security
Anti-Virus ...)
NOT-FOR-US: Intel antivirus
CVE-2016-8030
@@ -24982,7 +25050,7 @@
NOT-FOR-US: Exponent CMS
CVE-2016-7789 (SQL injection vulnerability in
framework/core/models/expConfig.php in ...)
NOT-FOR-US: Exponent CMS
-CVE-2016-7788 (SQL injection vulnerability in
ramework/modules/users/models/user.php ...)
+CVE-2016-7788 (SQL injection vulnerability in
framework/modules/users/models/user.php ...)
NOT-FOR-US: Exponent CMS
CVE-2016-7787 (A maliciously crafted command line for kdesu can result in the
user ...)
- kde-cli-tools 4:5.8.0-1 (bug #839865)
@@ -28709,10 +28777,10 @@
RESERVED
CVE-2016-6562
RESERVED
-CVE-2016-6561
- RESERVED
-CVE-2016-6560
- RESERVED
+CVE-2016-6561 (illumos smbsrv NULL pointer dereference allows system crash.
...)
+ TODO: check
+CVE-2016-6560 (illumos osnet-incorporation bcopy() and bzero() implementations
make ...)
+ TODO: check
CVE-2016-6559
RESERVED
CVE-2016-6558
@@ -30082,8 +30150,7 @@
NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72558
NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
-CVE-2016-6209 [Reflected XSS vulnerability and possible phishing vector]
- RESERVED
+CVE-2016-6209 (Cross-site scripting (XSS) vulnerability in Nagios. ...)
- nagios3 <removed> (bug #831698)
[jessie] - nagios3 <no-dsa> (Minor issue)
[wheezy] - nagios3 <no-dsa> (Minor issue)
@@ -30485,8 +30552,8 @@
NOT-FOR-US: IBM
CVE-2016-6112
RESERVED
-CVE-2016-6111
- RESERVED
+CVE-2016-6111 (IBM Curam Social Program Management 6.0 and 7.0 are vulnerable
to a ...)
+ TODO: check
CVE-2016-6110 (IBM Tivoli Storage Manager undisclosed unencrypted login
credentials ...)
NOT-FOR-US: IBM
CVE-2016-6109
@@ -30635,8 +30702,8 @@
NOT-FOR-US: Tivoli
CVE-2016-6037
RESERVED
-CVE-2016-6036
- RESERVED
+CVE-2016-6036 (IBM Rational Quality Manager (RQM) 4.0, 5.0, and 6.0 are
vulnerable to ...)
+ TODO: check
CVE-2016-6035
RESERVED
CVE-2016-6034 (IBM Tivoli Storage Manager for Virtual Environments (VMware)
could ...)
@@ -30645,8 +30712,8 @@
NOT-FOR-US: IBM
CVE-2016-6032 (IBM Rational Team Concert 4.0, 5.0 and 6.0 is vulnerable to
cross-site ...)
NOT-FOR-US: IBM
-CVE-2016-6031
- RESERVED
+CVE-2016-6031 (IBM Rational Quality Manager 4.0, 5.0, and 6.0 are vulnerable
to ...)
+ TODO: check
CVE-2016-6030 (IBM Jazz Foundation is vulnerable to cross-site scripting. This
...)
NOT-FOR-US: IBM
CVE-2016-6029
@@ -30663,8 +30730,8 @@
RESERVED
CVE-2016-6023 (Directory traversal vulnerability in the Configuration Manager
in IBM ...)
NOT-FOR-US: IBM
-CVE-2016-6022
- RESERVED
+CVE-2016-6022 (IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to
...)
+ TODO: check
CVE-2016-6021
RESERVED
CVE-2016-6020 (IBM Sterling B2B Integrator Standard Edition could allow a
remote ...)
@@ -38074,7 +38141,7 @@
CVE-2016-3823 (The secure-session feature in the mm-video-v4l2 venc component
in ...)
NOT-FOR-US: Android
CVE-2016-3822 (exif.c in Matthias Wandel jhead 2.87, as used in libjhead in
Android ...)
- {DLA-864-1}
+ {DSA-3825-1 DLA-864-1}
- jhead 1:3.00-4 (bug #858213)
CVE-2016-3821 (libmedia in mediaserver in Android 4.x before 4.4.4, 5.0.x
before ...)
NOT-FOR-US: Android Mediaserver
@@ -61701,8 +61768,8 @@
RESERVED
CVE-2015-4626 (B.A.S C2Box before 4.0.0 (r19171) relies on client-side
validation, ...)
NOT-FOR-US: B.A.S C2Box
-CVE-2015-4624
- RESERVED
+CVE-2015-4624 (Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF
tokens. ...)
+ TODO: check
CVE-2015-4623
RESERVED
CVE-2015-4622
@@ -76831,8 +76898,7 @@
- mutt 1.5.23-2 (bug #771125)
NOTE: Detailed analysis in
https://bugzilla.redhat.com/show_bug.cgi?id=1168463#c4
NOTE: Upstream bugreport: http://dev.mutt.org/trac/ticket/3716
-CVE-2014-9114 [blkid command injection]
- RESERVED
+CVE-2014-9114 (Blkid in util-linux before 2.26rc-1 allows local users to
execute ...)
- util-linux 2.25.2-4 (bug #771274)
[squeeze] - util-linux <no-dsa> (Minor issue)
[wheezy] - util-linux <no-dsa> (Minor issue)
@@ -87683,13 +87749,11 @@
- bozohttpd <removed> (bug #755197)
[squeeze] - bozohttpd <no-dsa> (Minor issue)
NOTE: Fixed by:
http://cvsweb.netbsd.org/bsdweb.cgi/src/libexec/httpd/bozohttpd.c.diff?r1=1.52&r2=1.53&only_with_tag=MAIN
-CVE-2014-5009 [Incorrect fix for CVE-2014-5008]
- RESERVED
+CVE-2014-5009 (Snoopy allows remote attackers to execute arbitrary commands.
NOTE: ...)
- libphp-snoopy <not-affected> (Incorrect fix not applied)
NOTE: This issue exists because of an incorrect fix for CVE-2014-5008.
NOTE: https://github.com/cogdog/feed2js/pull/12#issuecomment-48283706
-CVE-2014-5008 [Incorrect fix for CVE-2008-4796, escapeshellarg required]
- RESERVED
+CVE-2014-5008 (Snoopy allows remote attackers to execute arbitrary commands.
...)
{DSA-3248-1 DLA-357-1}
- libphp-snoopy 2.0.0-1 (bug #778634)
NOTE:
http://mstrokin.com/sec/feed2js-magpierss-0day-vulnerability-not-really-it-is-actually-cve-2005-3330-cve-2008-4796/
@@ -90286,8 +90350,8 @@
NOT-FOR-US: Drupal module AddressField Tokens
CVE-2014-3932 (SQL injection vulnerability in the device registration
component in ...)
NOT-FOR-US: CoSoSys Endpoint Protector
-CVE-2014-3931
- RESERVED
+CVE-2014-3931 (fastping.c in MRLG (aka Multi-Router Looking Glass) before
5.5.0 ...)
+ TODO: check
CVE-2014-3930
RESERVED
CVE-2014-3929
@@ -126236,8 +126300,7 @@
NOT-FOR-US: Websense
CVE-2009-5119 (The default configuration of Apache Tomcat in Websense Manager
in ...)
NOT-FOR-US: Websense
-CVE-2008-7313 [Incomplete fix for CVE-2008-4796]
- RESERVED
+CVE-2008-7313 (The _httpsrequest function in Snoopy allows remote attackers to
...)
{DSA-3248-1 DLA-357-1}
- libphp-snoopy 2.0.0-1 (bug #778634)
NOTE: additional commit missing, so fix for CVE-2008-4796 was incomplete
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
