[Secure-testing-commits] r50736 - data/CVE

security tracker role Mon, 17 Apr 2017 14:11:03 -0700

Author: sectracker
Date: 2017-04-17 21:10:25 +0000 (Mon, 17 Apr 2017)
New Revision: 50736


Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-04-17 20:42:01 UTC (rev 50735)
+++ data/CVE/list       2017-04-17 21:10:25 UTC (rev 50736)
@@ -1,3 +1,7 @@
+CVE-2017-7891 (sourcebans-pp (SourceBans++) 1.5.4.7 has XSS in admin.comms.php 
via the ...)
+       TODO: check
+CVE-2017-7890
+       RESERVED
 CVE-2017-7888
        RESERVED
 CVE-2017-7887
@@ -30,6 +34,7 @@
 CVE-2017-7876
        RESERVED
 CVE-2017-7875 (In wallpaper.c in feh before v2.18.3, if a malicious client 
pretends to ...)
+       {DLA-899-1}
        - feh 2.18-2 (low; bug #860367)
        [jessie] - feh <no-dsa> (Minor issue)
        NOTE: Fixed by: 
https://github.com/derf/feh/commit/f7a547b7ef8fc8ebdeaa4c28515c9d72e592fb6d
@@ -102,6 +107,7 @@
 CVE-2017-7856 (LibreOffice before 2017-03-11 has an out-of-bounds write caused 
by a ...)
        - libreoffice <not-affected> (Didn't affect the 5.2 backport)
 CVE-2016-10328 (FreeType 2 before 2016-12-16 has an out-of-bounds write caused 
by a ...)
+       {DLA-900-1}
        [experimental] - freetype 2.7.1-0.1
        - freetype <unfixed> (bug #860303)
        NOTE: 
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=beecf80a6deecbaf5d264d4f864451bde4fe98b8
@@ -3877,6 +3883,7 @@
 CVE-2017-6449
        RESERVED
 CVE-2017-6448 (The dalvik_disassemble function in libr/asm/p/asm_dalvik.c in 
radare2 ...)
+       {DLA-901-1}
        [experimental] - radare2 1.3.0+dfsg-1
        - radare2 1.1.0+dfsg-4 (bug #859447)
        [jessie] - radare2 <no-dsa> (Minor issue)
@@ -6315,8 +6322,8 @@
        RESERVED
 CVE-2017-5660
        RESERVED
-CVE-2017-5659
-       RESERVED
+CVE-2017-5659 (Apache Traffic Server before 6.2.1 generates a coredump when 
there is ...)
+       TODO: check
 CVE-2017-5658
        RESERVED
 CVE-2017-5657
@@ -6331,15 +6338,13 @@
        RESERVED
 CVE-2017-5652
        RESERVED
-CVE-2017-5651
-       RESERVED
+CVE-2017-5651 (In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the 
...)
        - tomcat9 <itp> (bug #802312)
        - tomcat8 8.5.11-2 (bug #860071)
        [jessie] - tomcat8 <not-affected> (Only affects 8.5 and later)
        NOTE: http://www.openwall.com/lists/oss-security/2017/04/10/21
        NOTE: Fixed by: http://svn.apache.org/r1788546 (8.5.x)
-CVE-2017-5650
-       RESERVED
+CVE-2017-5650 (In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the 
...)
        - tomcat9 <itp> (bug #802312)
        - tomcat8 8.5.11-2 (bug #860070)
        [jessie] - tomcat8 <not-affected> (Only affects 8.5 and later)
@@ -6347,8 +6352,7 @@
        NOTE: Fixed by: http://svn.apache.org/r1788480 (8.5.x)
 CVE-2017-5649 (Apache Geode before 1.1.1, when a cluster has enabled security 
by ...)
        NOT-FOR-US: Apache Geode
-CVE-2017-5648
-       RESERVED
+CVE-2017-5648 (While investigating bug 60718, it was noticed that some calls 
to ...)
        - tomcat9 <itp> (bug #802312)
        - tomcat8 8.5.11-2 (bug #860069)
        - tomcat7 7.0.72-3
@@ -6358,8 +6362,7 @@
        NOTE: Fixed by: http://svn.apache.org/r1785775 (8.5.x)
        NOTE: Fixed by: http://svn.apache.org/r1785776 (8.0.x)
        NOTE: Fixed by: http://svn.apache.org/r1785777 (7.0.x)
-CVE-2017-5647
-       RESERVED
+CVE-2017-5647 (A bug in the handling of the pipelined requests in Apache 
Tomcat ...)
        - tomcat9 <itp> (bug #802312)
        - tomcat8 8.5.11-2 (bug #860068)
        - tomcat7 7.0.72-3
@@ -28118,8 +28121,7 @@
        - linux-2.6 2.6.37-1
 CVE-2010-5327 (Liferay Portal through 6.2.10 allows remote authenticated users 
to ...)
        NOT-FOR-US: Liferay Portal
-CVE-2016-7551 [AST-2016-007]
-       RESERVED
+CVE-2016-7551 (chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 
13.11.1 ...)
        {DSA-3700-1 DLA-781-1}
        - asterisk 1:13.11.2~dfsg-1 (bug #838832)
        NOTE: http://downloads.asterisk.org/pub/security/AST-2016-007.html
@@ -29556,10 +29558,10 @@
 CVE-2016-6728 (An elevation of privilege vulnerability in the kernel ION 
subsystem in ...)
        NOT-FOR-US: Rowhammer hardware vulnerability on Android devices
        NOTE: https://www.vusec.net/projects/drammer/
-CVE-2016-6727
-       RESERVED
-CVE-2016-6726
-       RESERVED
+CVE-2016-6727 (The Qualcomm GPS subsystem in Android on Android One devices 
allows ...)
+       TODO: check
+CVE-2016-6726 (Unspecified vulnerability in Qualcomm components in Android on 
Nexus 6 ...)
+       TODO: check
 CVE-2016-6725 (A remote code execution vulnerability in the Qualcomm crypto 
driver in ...)
        NOT-FOR-US: Qualcomm driver for Android
 CVE-2016-6724 (A denial of service vulnerability in the Input Manager Service 
in ...)
@@ -34192,8 +34194,8 @@
        NOT-FOR-US: JBoss BPMS
 CVE-2016-5397
        RESERVED
-CVE-2016-5396
-       RESERVED
+CVE-2016-5396 (Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK 
Bomb ...)
+       TODO: check
 CVE-2016-5395 (Cross-site scripting (XSS) vulnerability in the create user ...)
        NOT-FOR-US: Apache Ranger
 CVE-2016-5394
@@ -36672,26 +36674,26 @@
        RESERVED
 CVE-2016-4875 (Multiple cross-site scripting (XSS) vulnerabilities in the 
IVYWE (1) ...)
        NOT-FOR-US: IVYWE
-CVE-2016-4874
-       RESERVED
-CVE-2016-4873
-       RESERVED
-CVE-2016-4872
-       RESERVED
-CVE-2016-4871
-       RESERVED
-CVE-2016-4870
-       RESERVED
-CVE-2016-4869
-       RESERVED
-CVE-2016-4868
-       RESERVED
-CVE-2016-4867
-       RESERVED
-CVE-2016-4866
-       RESERVED
-CVE-2016-4865
-       RESERVED
+CVE-2016-4874 (Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to 
conduct ...)
+       TODO: check
+CVE-2016-4873 (The &quot;Project&quot; function in Cybozu Office 9.0.0 through 
10.4.0 does not ...)
+       TODO: check
+CVE-2016-4872 (The &quot;breadcrumb trail&quot; component in Cybozu Office 
9.0.0 through 10.4.0 ...)
+       TODO: check
+CVE-2016-4871 (Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to 
cause a ...)
+       TODO: check
+CVE-2016-4870 (Cross-site scripting (XSS) vulnerability in 
&quot;Schedule&quot; function in ...)
+       TODO: check
+CVE-2016-4869 (Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to 
obtain ...)
+       TODO: check
+CVE-2016-4868 (Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to 
inject ...)
+       TODO: check
+CVE-2016-4867 (The &quot;Project&quot; function in Cybozu 9.0.0 through 10.4.0 
allows remote ...)
+       TODO: check
+CVE-2016-4866 (Cross-site scripting (XSS) vulnerability in the 
&quot;Project&quot; function in ...)
+       TODO: check
+CVE-2016-4865 (Cross-site scripting (XSS) vulnerability in the 
&quot;Customapp&quot; function ...)
+       TODO: check
 CVE-2016-4864
        RESERVED
 CVE-2016-4863
@@ -52976,8 +52978,8 @@
        NOT-FOR-US: AXIS Communications
 CVE-2015-8257
        RESERVED
-CVE-2015-8256
-       RESERVED
+CVE-2015-8256 (Multiple cross-site scripting (XSS) vulnerabilities in Axis 
network ...)
+       TODO: check
 CVE-2015-8255 (AXIS Communications products allow CSRF, as demonstrated by ...)
        NOT-FOR-US: AXIS Communications
 CVE-2015-8254 (The Frontel protocol before 3 on RSI Video Technologies 
Videofied ...)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r50736 - data/CVE

Reply via email to