Author: sectracker Date: 2017-04-03 09:10:13 +0000 (Mon, 03 Apr 2017) New Revision: 50275
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-04-03 07:24:28 UTC (rev 50274) +++ data/CVE/list 2017-04-03 09:10:13 UTC (rev 50275) @@ -1,3 +1,30 @@ +CVE-2017-1001000 (The register_routes function in ...) + TODO: check +CVE-2016-10316 (Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), ...) + TODO: check +CVE-2016-10315 (Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), ...) + TODO: check +CVE-2016-10314 (Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), ...) + TODO: check +CVE-2016-10313 (Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), ...) + TODO: check +CVE-2016-10312 (Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), ...) + TODO: check +CVE-2016-1000351 + REJECTED + TODO: check +CVE-2016-1000350 + REJECTED + TODO: check +CVE-2016-1000349 + REJECTED + TODO: check +CVE-2016-1000348 + REJECTED + TODO: check +CVE-2016-1000268 + REJECTED + TODO: check CVE-2017-7399 RESERVED CVE-2017-7398 @@ -37,32 +64,26 @@ RESERVED CVE-2017-7384 RESERVED -CVE-2017-7383 - RESERVED +CVE-2017-7383 (The PdfFontFactory.cpp:195:62 code in PoDoFo 0.9.5 allows remote ...) - libpodofo <unfixed> (bug #859329) NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/3 NOTE: https://github.com/asarubbo/poc/blob/master/00252-podofo-nullptr4 -CVE-2017-7382 - RESERVED +CVE-2017-7382 (The PdfFontFactory.cpp:200:88 code in PoDoFo 0.9.5 allows remote ...) - libpodofo <unfixed> (bug #859329) NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/3 NOTE: https://github.com/asarubbo/poc/blob/master/00251-podofo-nullptr3 -CVE-2017-7381 - RESERVED +CVE-2017-7381 (The doc/PdfPage.cpp:609:23 code in PoDoFo 0.9.5 allows remote attackers ...) - libpodofo <unfixed> (bug #859329) NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/3 NOTE: https://github.com/asarubbo/poc/blob/master/00251-podofo-nullptr2 -CVE-2017-7380 - RESERVED +CVE-2017-7380 (The doc/PdfPage.cpp:614:20 code in PoDoFo 0.9.5 allows remote attackers ...) - libpodofo <unfixed> (bug #859329) NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/3 NOTE: https://github.com/asarubbo/poc/blob/master/00250-podofo-nullptr1 -CVE-2017-7379 [heap-based buffer overflow in PoDoFo::PdfSimpleEncoding::ConvertToEncoding (PdfEncoding.cpp)] - RESERVED +CVE-2017-7379 (The PoDoFo::PdfSimpleEncoding::ConvertToEncoding function in ...) - libpodofo <unfixed> (bug #859331) NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/2 -CVE-2017-7378 [heap-based buffer overflow in PoDoFo::PdfPainter::ExpandTabs (PdfPainter.cpp)] - RESERVED +CVE-2017-7378 (The PoDoFo::PdfPainter::ExpandTabs function in PdfPainter.cpp in PoDoFo ...) - libpodofo <unfixed> (bug #859330) NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/1 CVE-2017-7377 @@ -2584,8 +2605,8 @@ RESERVED CVE-2017-6449 RESERVED -CVE-2017-6448 - RESERVED +CVE-2017-6448 (The dalvik_disassemble function in libr/asm/p/asm_dalvik.c in radare2 ...) + TODO: check CVE-2017-6447 RESERVED CVE-2017-6446 (XSS was discovered in Dotclear v2.11.2, affecting admin/blogs.php and ...) @@ -2612,8 +2633,8 @@ NOTE: Fixed by: https://github.com/inliniac/suricata/commit/4a04f814b15762eb446a5ead4d69d021512df6f8 (3.2.1) CVE-2017-6442 RESERVED -CVE-2017-6441 - RESERVED +CVE-2017-6441 (** DISPUTED ** The _zval_get_long_func_ex in Zend/zend_operators.c in ...) + TODO: check CVE-2017-6440 (The parse_data_node function in bplist.c in libimobiledevice libplist ...) - libplist 1.12+git+1+e37ca00-0.2 (bug #858055) [jessie] - libplist <no-dsa> (Minor issue) @@ -3427,8 +3448,8 @@ NOTE: Possibly introduced only after http://git.ghostscript.com/?p=ghostpdl.git;h=cffb5712bc10c2c2f46adf311fc74aaae74cb784 CVE-2017-6195 RESERVED -CVE-2017-6194 - RESERVED +CVE-2017-6194 (The relocs function in libr/bin/p/bin_bflt.c in radare2 1.2.1 allows ...) + TODO: check CVE-2017-6193 RESERVED CVE-2017-6192 @@ -3451,8 +3472,8 @@ NOT-FOR-US: Sophos CVE-2017-6182 (In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the ...) NOT-FOR-US: Sophos -CVE-2017-6181 - RESERVED +CVE-2017-6181 (The parse_char_class function in regparse.c in the Onigmo (aka ...) + TODO: check CVE-2017-6180 (Keekoon KK002 devices 1.8.12 HD have a Cross Site Request Forgery ...) NOT-FOR-US: Keekoon KK002 devices CVE-2017-6179 @@ -3709,8 +3730,8 @@ RESERVED CVE-2017-6063 RESERVED -CVE-2016-10226 - RESERVED +CVE-2016-10226 (JavaScriptCore in WebKit, as distributed in Safari Technology Preview ...) + TODO: check CVE-2017-6061 (Cross-site scripting (XSS) vulnerability in the help component of SAP ...) NOT-FOR-US: SAP CVE-2017-6060 (Stack-based buffer overflow in jstest_main.c in mujstest in Artifex ...) @@ -4038,12 +4059,12 @@ NOTE: Fixed by https://github.com/vim/vim/commit/399c297aa93afe2c0a39e2a1b3f972aebba44c9d CVE-2017-5952 RESERVED -CVE-2017-5951 - RESERVED -CVE-2017-5950 - RESERVED -CVE-2017-5949 - RESERVED +CVE-2017-5951 (The mem_get_bits_rectangle function in base/gdevmem.c in Artifex ...) + TODO: check +CVE-2017-5950 (The SingleDocParser::HandleNode function in yaml-cpp (aka LibYaml-C++) ...) + TODO: check +CVE-2017-5949 (JavaScriptCore in WebKit, as distributed in Safari Technology Preview ...) + TODO: check CVE-2017-5948 RESERVED CVE-2017-5947 @@ -4061,18 +4082,18 @@ RESERVED CVE-2017-5942 (An issue was discovered in the WP Mail plugin before 1.2 for WordPress. ...) NOT-FOR-US: Wordpress plugin -CVE-2016-10222 - RESERVED -CVE-2016-10221 - RESERVED -CVE-2016-10220 - RESERVED -CVE-2016-10219 - RESERVED -CVE-2016-10218 - RESERVED -CVE-2016-10217 - RESERVED +CVE-2016-10222 (runtime/JSONObject.cpp in JavaScriptCore in WebKit, as distributed in ...) + TODO: check +CVE-2016-10221 (The count_entries function in pdf-layer.c in Artifex Software, Inc. ...) + TODO: check +CVE-2016-10220 (The gs_makewordimagedevice function in base/gsdevmem.c in Artifex ...) + TODO: check +CVE-2016-10219 (The intersect function in base/gxfill.c in Artifex Software, Inc. ...) + TODO: check +CVE-2016-10218 (The pdf14_pop_transparency_group function in base/gdevp14.c in the PDF ...) + TODO: check +CVE-2016-10217 (The pdf14_open function in base/gdevp14.c in Artifex Software, Inc. ...) + TODO: check CVE-2016-10216 (An issue was discovered in IT ITems DataBase (ITDB) through 1.23. The ...) NOT-FOR-US: IT ITems DataBase CVE-2016-10215 (An issue was discovered in Fastspot BigTree bigtree-form-builder before ...) @@ -4134,22 +4155,22 @@ NOT-FOR-US: Hardware issue in some Intel CPUs CVE-2017-5925 (Page table walks conducted by the MMU during virtual to physical ...) NOT-FOR-US: Hardware issue in some Intel CPUs -CVE-2017-5924 - RESERVED -CVE-2017-5923 - RESERVED +CVE-2017-5924 (libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a ...) + TODO: check +CVE-2017-5923 (libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a ...) + TODO: check CVE-2017-5922 RESERVED CVE-2017-5921 RESERVED CVE-2017-5920 RESERVED -CVE-2016-10211 - RESERVED -CVE-2016-10210 - RESERVED -CVE-2016-10209 - RESERVED +CVE-2016-10211 (libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a ...) + TODO: check +CVE-2016-10210 (libyara/lexer.l in YARA 3.5.0 allows remote attackers to cause a denial ...) + TODO: check +CVE-2016-10209 (The archive_wstring_append_from_mbs function in archive_string.c in ...) + TODO: check CVE-2017-5919 RESERVED CVE-2017-5918 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits