Author: sectracker Date: 2017-04-17 21:10:25 +0000 (Mon, 17 Apr 2017) New Revision: 50736
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-04-17 20:42:01 UTC (rev 50735) +++ data/CVE/list 2017-04-17 21:10:25 UTC (rev 50736) @@ -1,3 +1,7 @@ +CVE-2017-7891 (sourcebans-pp (SourceBans++) 1.5.4.7 has XSS in admin.comms.php via the ...) + TODO: check +CVE-2017-7890 + RESERVED CVE-2017-7888 RESERVED CVE-2017-7887 @@ -30,6 +34,7 @@ CVE-2017-7876 RESERVED CVE-2017-7875 (In wallpaper.c in feh before v2.18.3, if a malicious client pretends to ...) + {DLA-899-1} - feh 2.18-2 (low; bug #860367) [jessie] - feh <no-dsa> (Minor issue) NOTE: Fixed by: https://github.com/derf/feh/commit/f7a547b7ef8fc8ebdeaa4c28515c9d72e592fb6d @@ -102,6 +107,7 @@ CVE-2017-7856 (LibreOffice before 2017-03-11 has an out-of-bounds write caused by a ...) - libreoffice <not-affected> (Didn't affect the 5.2 backport) CVE-2016-10328 (FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a ...) + {DLA-900-1} [experimental] - freetype 2.7.1-0.1 - freetype <unfixed> (bug #860303) NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=beecf80a6deecbaf5d264d4f864451bde4fe98b8 @@ -3877,6 +3883,7 @@ CVE-2017-6449 RESERVED CVE-2017-6448 (The dalvik_disassemble function in libr/asm/p/asm_dalvik.c in radare2 ...) + {DLA-901-1} [experimental] - radare2 1.3.0+dfsg-1 - radare2 1.1.0+dfsg-4 (bug #859447) [jessie] - radare2 <no-dsa> (Minor issue) @@ -6315,8 +6322,8 @@ RESERVED CVE-2017-5660 RESERVED -CVE-2017-5659 - RESERVED +CVE-2017-5659 (Apache Traffic Server before 6.2.1 generates a coredump when there is ...) + TODO: check CVE-2017-5658 RESERVED CVE-2017-5657 @@ -6331,15 +6338,13 @@ RESERVED CVE-2017-5652 RESERVED -CVE-2017-5651 - RESERVED +CVE-2017-5651 (In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the ...) - tomcat9 <itp> (bug #802312) - tomcat8 8.5.11-2 (bug #860071) [jessie] - tomcat8 <not-affected> (Only affects 8.5 and later) NOTE: http://www.openwall.com/lists/oss-security/2017/04/10/21 NOTE: Fixed by: http://svn.apache.org/r1788546 (8.5.x) -CVE-2017-5650 - RESERVED +CVE-2017-5650 (In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the ...) - tomcat9 <itp> (bug #802312) - tomcat8 8.5.11-2 (bug #860070) [jessie] - tomcat8 <not-affected> (Only affects 8.5 and later) @@ -6347,8 +6352,7 @@ NOTE: Fixed by: http://svn.apache.org/r1788480 (8.5.x) CVE-2017-5649 (Apache Geode before 1.1.1, when a cluster has enabled security by ...) NOT-FOR-US: Apache Geode -CVE-2017-5648 - RESERVED +CVE-2017-5648 (While investigating bug 60718, it was noticed that some calls to ...) - tomcat9 <itp> (bug #802312) - tomcat8 8.5.11-2 (bug #860069) - tomcat7 7.0.72-3 @@ -6358,8 +6362,7 @@ NOTE: Fixed by: http://svn.apache.org/r1785775 (8.5.x) NOTE: Fixed by: http://svn.apache.org/r1785776 (8.0.x) NOTE: Fixed by: http://svn.apache.org/r1785777 (7.0.x) -CVE-2017-5647 - RESERVED +CVE-2017-5647 (A bug in the handling of the pipelined requests in Apache Tomcat ...) - tomcat9 <itp> (bug #802312) - tomcat8 8.5.11-2 (bug #860068) - tomcat7 7.0.72-3 @@ -28118,8 +28121,7 @@ - linux-2.6 2.6.37-1 CVE-2010-5327 (Liferay Portal through 6.2.10 allows remote authenticated users to ...) NOT-FOR-US: Liferay Portal -CVE-2016-7551 [AST-2016-007] - RESERVED +CVE-2016-7551 (chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 ...) {DSA-3700-1 DLA-781-1} - asterisk 1:13.11.2~dfsg-1 (bug #838832) NOTE: http://downloads.asterisk.org/pub/security/AST-2016-007.html @@ -29556,10 +29558,10 @@ CVE-2016-6728 (An elevation of privilege vulnerability in the kernel ION subsystem in ...) NOT-FOR-US: Rowhammer hardware vulnerability on Android devices NOTE: https://www.vusec.net/projects/drammer/ -CVE-2016-6727 - RESERVED -CVE-2016-6726 - RESERVED +CVE-2016-6727 (The Qualcomm GPS subsystem in Android on Android One devices allows ...) + TODO: check +CVE-2016-6726 (Unspecified vulnerability in Qualcomm components in Android on Nexus 6 ...) + TODO: check CVE-2016-6725 (A remote code execution vulnerability in the Qualcomm crypto driver in ...) NOT-FOR-US: Qualcomm driver for Android CVE-2016-6724 (A denial of service vulnerability in the Input Manager Service in ...) @@ -34192,8 +34194,8 @@ NOT-FOR-US: JBoss BPMS CVE-2016-5397 RESERVED -CVE-2016-5396 - RESERVED +CVE-2016-5396 (Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK Bomb ...) + TODO: check CVE-2016-5395 (Cross-site scripting (XSS) vulnerability in the create user ...) NOT-FOR-US: Apache Ranger CVE-2016-5394 @@ -36672,26 +36674,26 @@ RESERVED CVE-2016-4875 (Multiple cross-site scripting (XSS) vulnerabilities in the IVYWE (1) ...) NOT-FOR-US: IVYWE -CVE-2016-4874 - RESERVED -CVE-2016-4873 - RESERVED -CVE-2016-4872 - RESERVED -CVE-2016-4871 - RESERVED -CVE-2016-4870 - RESERVED -CVE-2016-4869 - RESERVED -CVE-2016-4868 - RESERVED -CVE-2016-4867 - RESERVED -CVE-2016-4866 - RESERVED -CVE-2016-4865 - RESERVED +CVE-2016-4874 (Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct ...) + TODO: check +CVE-2016-4873 (The "Project" function in Cybozu Office 9.0.0 through 10.4.0 does not ...) + TODO: check +CVE-2016-4872 (The "breadcrumb trail" component in Cybozu Office 9.0.0 through 10.4.0 ...) + TODO: check +CVE-2016-4871 (Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a ...) + TODO: check +CVE-2016-4870 (Cross-site scripting (XSS) vulnerability in "Schedule" function in ...) + TODO: check +CVE-2016-4869 (Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to obtain ...) + TODO: check +CVE-2016-4868 (Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to inject ...) + TODO: check +CVE-2016-4867 (The "Project" function in Cybozu 9.0.0 through 10.4.0 allows remote ...) + TODO: check +CVE-2016-4866 (Cross-site scripting (XSS) vulnerability in the "Project" function in ...) + TODO: check +CVE-2016-4865 (Cross-site scripting (XSS) vulnerability in the "Customapp" function ...) + TODO: check CVE-2016-4864 RESERVED CVE-2016-4863 @@ -52976,8 +52978,8 @@ NOT-FOR-US: AXIS Communications CVE-2015-8257 RESERVED -CVE-2015-8256 - RESERVED +CVE-2015-8256 (Multiple cross-site scripting (XSS) vulnerabilities in Axis network ...) + TODO: check CVE-2015-8255 (AXIS Communications products allow CSRF, as demonstrated by ...) NOT-FOR-US: AXIS Communications CVE-2015-8254 (The Frontel protocol before 3 on RSI Video Technologies Videofied ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits