Author: sectracker
Date: 2017-04-03 09:10:13 +0000 (Mon, 03 Apr 2017)
New Revision: 50275
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-04-03 07:24:28 UTC (rev 50274)
+++ data/CVE/list 2017-04-03 09:10:13 UTC (rev 50275)
@@ -1,3 +1,30 @@
+CVE-2017-1001000 (The register_routes function in ...)
+ TODO: check
+CVE-2016-10316 (Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m
(Rev. 3), ...)
+ TODO: check
+CVE-2016-10315 (Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m
(Rev. 3), ...)
+ TODO: check
+CVE-2016-10314 (Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m
(Rev. 3), ...)
+ TODO: check
+CVE-2016-10313 (Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m
(Rev. 3), ...)
+ TODO: check
+CVE-2016-10312 (Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m
(Rev. 3), ...)
+ TODO: check
+CVE-2016-1000351
+ REJECTED
+ TODO: check
+CVE-2016-1000350
+ REJECTED
+ TODO: check
+CVE-2016-1000349
+ REJECTED
+ TODO: check
+CVE-2016-1000348
+ REJECTED
+ TODO: check
+CVE-2016-1000268
+ REJECTED
+ TODO: check
CVE-2017-7399
RESERVED
CVE-2017-7398
@@ -37,32 +64,26 @@
RESERVED
CVE-2017-7384
RESERVED
-CVE-2017-7383
- RESERVED
+CVE-2017-7383 (The PdfFontFactory.cpp:195:62 code in PoDoFo 0.9.5 allows
remote ...)
- libpodofo <unfixed> (bug #859329)
NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/3
NOTE: https://github.com/asarubbo/poc/blob/master/00252-podofo-nullptr4
-CVE-2017-7382
- RESERVED
+CVE-2017-7382 (The PdfFontFactory.cpp:200:88 code in PoDoFo 0.9.5 allows
remote ...)
- libpodofo <unfixed> (bug #859329)
NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/3
NOTE: https://github.com/asarubbo/poc/blob/master/00251-podofo-nullptr3
-CVE-2017-7381
- RESERVED
+CVE-2017-7381 (The doc/PdfPage.cpp:609:23 code in PoDoFo 0.9.5 allows remote
attackers ...)
- libpodofo <unfixed> (bug #859329)
NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/3
NOTE: https://github.com/asarubbo/poc/blob/master/00251-podofo-nullptr2
-CVE-2017-7380
- RESERVED
+CVE-2017-7380 (The doc/PdfPage.cpp:614:20 code in PoDoFo 0.9.5 allows remote
attackers ...)
- libpodofo <unfixed> (bug #859329)
NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/3
NOTE: https://github.com/asarubbo/poc/blob/master/00250-podofo-nullptr1
-CVE-2017-7379 [heap-based buffer overflow in
PoDoFo::PdfSimpleEncoding::ConvertToEncoding (PdfEncoding.cpp)]
- RESERVED
+CVE-2017-7379 (The PoDoFo::PdfSimpleEncoding::ConvertToEncoding function in
...)
- libpodofo <unfixed> (bug #859331)
NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/2
-CVE-2017-7378 [heap-based buffer overflow in PoDoFo::PdfPainter::ExpandTabs
(PdfPainter.cpp)]
- RESERVED
+CVE-2017-7378 (The PoDoFo::PdfPainter::ExpandTabs function in PdfPainter.cpp
in PoDoFo ...)
- libpodofo <unfixed> (bug #859330)
NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/1
CVE-2017-7377
@@ -2584,8 +2605,8 @@
RESERVED
CVE-2017-6449
RESERVED
-CVE-2017-6448
- RESERVED
+CVE-2017-6448 (The dalvik_disassemble function in libr/asm/p/asm_dalvik.c in
radare2 ...)
+ TODO: check
CVE-2017-6447
RESERVED
CVE-2017-6446 (XSS was discovered in Dotclear v2.11.2, affecting
admin/blogs.php and ...)
@@ -2612,8 +2633,8 @@
NOTE: Fixed by:
https://github.com/inliniac/suricata/commit/4a04f814b15762eb446a5ead4d69d021512df6f8
(3.2.1)
CVE-2017-6442
RESERVED
-CVE-2017-6441
- RESERVED
+CVE-2017-6441 (** DISPUTED ** The _zval_get_long_func_ex in
Zend/zend_operators.c in ...)
+ TODO: check
CVE-2017-6440 (The parse_data_node function in bplist.c in libimobiledevice
libplist ...)
- libplist 1.12+git+1+e37ca00-0.2 (bug #858055)
[jessie] - libplist <no-dsa> (Minor issue)
@@ -3427,8 +3448,8 @@
NOTE: Possibly introduced only after
http://git.ghostscript.com/?p=ghostpdl.git;h=cffb5712bc10c2c2f46adf311fc74aaae74cb784
CVE-2017-6195
RESERVED
-CVE-2017-6194
- RESERVED
+CVE-2017-6194 (The relocs function in libr/bin/p/bin_bflt.c in radare2 1.2.1
allows ...)
+ TODO: check
CVE-2017-6193
RESERVED
CVE-2017-6192
@@ -3451,8 +3472,8 @@
NOT-FOR-US: Sophos
CVE-2017-6182 (In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the
...)
NOT-FOR-US: Sophos
-CVE-2017-6181
- RESERVED
+CVE-2017-6181 (The parse_char_class function in regparse.c in the Onigmo (aka
...)
+ TODO: check
CVE-2017-6180 (Keekoon KK002 devices 1.8.12 HD have a Cross Site Request
Forgery ...)
NOT-FOR-US: Keekoon KK002 devices
CVE-2017-6179
@@ -3709,8 +3730,8 @@
RESERVED
CVE-2017-6063
RESERVED
-CVE-2016-10226
- RESERVED
+CVE-2016-10226 (JavaScriptCore in WebKit, as distributed in Safari Technology
Preview ...)
+ TODO: check
CVE-2017-6061 (Cross-site scripting (XSS) vulnerability in the help component
of SAP ...)
NOT-FOR-US: SAP
CVE-2017-6060 (Stack-based buffer overflow in jstest_main.c in mujstest in
Artifex ...)
@@ -4038,12 +4059,12 @@
NOTE: Fixed by
https://github.com/vim/vim/commit/399c297aa93afe2c0a39e2a1b3f972aebba44c9d
CVE-2017-5952
RESERVED
-CVE-2017-5951
- RESERVED
-CVE-2017-5950
- RESERVED
-CVE-2017-5949
- RESERVED
+CVE-2017-5951 (The mem_get_bits_rectangle function in base/gdevmem.c in
Artifex ...)
+ TODO: check
+CVE-2017-5950 (The SingleDocParser::HandleNode function in yaml-cpp (aka
LibYaml-C++) ...)
+ TODO: check
+CVE-2017-5949 (JavaScriptCore in WebKit, as distributed in Safari Technology
Preview ...)
+ TODO: check
CVE-2017-5948
RESERVED
CVE-2017-5947
@@ -4061,18 +4082,18 @@
RESERVED
CVE-2017-5942 (An issue was discovered in the WP Mail plugin before 1.2 for
WordPress. ...)
NOT-FOR-US: Wordpress plugin
-CVE-2016-10222
- RESERVED
-CVE-2016-10221
- RESERVED
-CVE-2016-10220
- RESERVED
-CVE-2016-10219
- RESERVED
-CVE-2016-10218
- RESERVED
-CVE-2016-10217
- RESERVED
+CVE-2016-10222 (runtime/JSONObject.cpp in JavaScriptCore in WebKit, as
distributed in ...)
+ TODO: check
+CVE-2016-10221 (The count_entries function in pdf-layer.c in Artifex Software,
Inc. ...)
+ TODO: check
+CVE-2016-10220 (The gs_makewordimagedevice function in base/gsdevmem.c in
Artifex ...)
+ TODO: check
+CVE-2016-10219 (The intersect function in base/gxfill.c in Artifex Software,
Inc. ...)
+ TODO: check
+CVE-2016-10218 (The pdf14_pop_transparency_group function in base/gdevp14.c in
the PDF ...)
+ TODO: check
+CVE-2016-10217 (The pdf14_open function in base/gdevp14.c in Artifex Software,
Inc. ...)
+ TODO: check
CVE-2016-10216 (An issue was discovered in IT ITems DataBase (ITDB) through
1.23. The ...)
NOT-FOR-US: IT ITems DataBase
CVE-2016-10215 (An issue was discovered in Fastspot BigTree
bigtree-form-builder before ...)
@@ -4134,22 +4155,22 @@
NOT-FOR-US: Hardware issue in some Intel CPUs
CVE-2017-5925 (Page table walks conducted by the MMU during virtual to
physical ...)
NOT-FOR-US: Hardware issue in some Intel CPUs
-CVE-2017-5924
- RESERVED
-CVE-2017-5923
- RESERVED
+CVE-2017-5924 (libyara/grammar.y in YARA 3.5.0 allows remote attackers to
cause a ...)
+ TODO: check
+CVE-2017-5923 (libyara/grammar.y in YARA 3.5.0 allows remote attackers to
cause a ...)
+ TODO: check
CVE-2017-5922
RESERVED
CVE-2017-5921
RESERVED
CVE-2017-5920
RESERVED
-CVE-2016-10211
- RESERVED
-CVE-2016-10210
- RESERVED
-CVE-2016-10209
- RESERVED
+CVE-2016-10211 (libyara/grammar.y in YARA 3.5.0 allows remote attackers to
cause a ...)
+ TODO: check
+CVE-2016-10210 (libyara/lexer.l in YARA 3.5.0 allows remote attackers to cause
a denial ...)
+ TODO: check
+CVE-2016-10209 (The archive_wstring_append_from_mbs function in
archive_string.c in ...)
+ TODO: check
CVE-2017-5919
RESERVED
CVE-2017-5918
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
