[Secure-testing-commits] r52238 - data/CVE

security tracker role Fri, 02 Jun 2017 14:11:13 -0700

Author: sectracker
Date: 2017-06-02 21:10:14 +0000 (Fri, 02 Jun 2017)
New Revision: 52238


Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-06-02 18:58:06 UTC (rev 52237)
+++ data/CVE/list       2017-06-02 21:10:14 UTC (rev 52238)
@@ -1,3 +1,93 @@
+CVE-2017-9412
+       RESERVED
+CVE-2017-9411
+       RESERVED
+CVE-2017-9410
+       RESERVED
+CVE-2017-9409 (In ImageMagick 7.0.5-5, the ReadMPCImage function in mpc.c 
allows ...)
+       TODO: check
+CVE-2017-9408 (In Poppler 0.54.0, a memory leak vulnerability was found in the 
...)
+       TODO: check
+CVE-2017-9407 (In ImageMagick 7.0.5-5, the ReadPALMImage function in palm.c 
allows ...)
+       TODO: check
+CVE-2017-9406 (In Poppler 0.54.0, a memory leak vulnerability was found in the 
...)
+       TODO: check
+CVE-2017-9405 (In ImageMagick 7.0.5-5, the ReadICONImage function in 
icon.c:452 allows ...)
+       TODO: check
+CVE-2017-9404 (In LibTIFF 4.0.7, a memory leak vulnerability was found in the 
function ...)
+       TODO: check
+CVE-2017-9403 (In LibTIFF 4.0.7, a memory leak vulnerability was found in the 
function ...)
+       TODO: check
+CVE-2017-9402
+       RESERVED
+CVE-2017-9401
+       RESERVED
+CVE-2017-9400
+       RESERVED
+CVE-2017-9399
+       RESERVED
+CVE-2017-9398
+       RESERVED
+CVE-2017-9397
+       RESERVED
+CVE-2017-9396
+       RESERVED
+CVE-2017-9395
+       RESERVED
+CVE-2017-9394
+       RESERVED
+CVE-2017-9393
+       RESERVED
+CVE-2017-9392
+       RESERVED
+CVE-2017-9391
+       RESERVED
+CVE-2017-9390
+       RESERVED
+CVE-2017-9389
+       RESERVED
+CVE-2017-9388
+       RESERVED
+CVE-2017-9387
+       RESERVED
+CVE-2017-9386
+       RESERVED
+CVE-2017-9385
+       RESERVED
+CVE-2017-9384
+       RESERVED
+CVE-2017-9383
+       RESERVED
+CVE-2017-9382
+       RESERVED
+CVE-2017-9381
+       RESERVED
+CVE-2017-9380 (OpenEMR 5.0.0 and prior allows low-privilege users to upload 
files of ...)
+       TODO: check
+CVE-2017-9379 (Multiple CSRF issues exist in BigTree CMS through 4.2.18 - the 
clear ...)
+       TODO: check
+CVE-2017-9378 (BigTree CMS through 4.2.18 does not prevent a user from 
deleting their ...)
+       TODO: check
+CVE-2017-9377
+       RESERVED
+CVE-2017-9376
+       RESERVED
+CVE-2017-9375
+       RESERVED
+CVE-2017-9374
+       RESERVED
+CVE-2017-9373
+       RESERVED
+CVE-2017-9371
+       RESERVED
+CVE-2017-9370
+       RESERVED
+CVE-2017-9369
+       RESERVED
+CVE-2017-9368
+       RESERVED
+CVE-2017-9367
+       RESERVED
 CVE-2017-9366 (Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site 
Scripting (XSS) ...)
        NOT-FOR-US: Telaxus EPESI
 CVE-2017-9365 (CSRF exists in BigTree CMS through 4.2.18 with the force 
parameter to ...)
@@ -24,7 +114,7 @@
        - pjproject 2.5.5~dfsg-6 (bug #863902)
        NOTE: http://downloads.asterisk.org/pub/security/AST-2017-003.txt
        NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-26939
-CVE-2017-9372 [AST-2017-002: Buffer Overrun in PJSIP transaction layer]
+CVE-2017-9372 (PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 
14.x ...)
        - pjproject 2.5.5~dfsg-6 (bug #863901)
        NOTE: http://downloads.asterisk.org/pub/security/AST-2017-002.txt
 CVE-2017-9355
@@ -1139,27 +1229,27 @@
        NOTE: https://wordpress.org/news/2017/05/wordpress-4-7-5/
        NOTE: 
https://github.com/WordPress/WordPress/commit/76d77e927bb4d0f87c7262a50e28d84e01fd2b11
 CVE-2017-9065 (In WordPress before 4.7.5, there is a lack of capability checks 
for ...)
-       {DSA-3870-1}
+       {DSA-3870-1 DLA-975-1}
        - wordpress 4.7.5+dfsg-1 (bug #862816)
        NOTE: https://wordpress.org/news/2017/05/wordpress-4-7-5/
        NOTE: 
https://github.com/WordPress/WordPress/commit/e88a48a066ab2200ce3091b131d43e2fab2460a4
 CVE-2017-9064 (In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) 
...)
-       {DSA-3870-1}
+       {DSA-3870-1 DLA-975-1}
        - wordpress 4.7.5+dfsg-1 (bug #862816)
        NOTE: https://wordpress.org/news/2017/05/wordpress-4-7-5/
        NOTE: 
https://github.com/WordPress/WordPress/commit/38347d7c580be4cdd8476e4bbc653d5c79ed9b67
 CVE-2017-9063 (In WordPress before 4.7.5, a cross-site scripting (XSS) 
vulnerability ...)
-       {DSA-3870-1}
+       {DSA-3870-1 DLA-975-1}
        - wordpress 4.7.5+dfsg-1 (bug #862816)
        NOTE: https://wordpress.org/news/2017/05/wordpress-4-7-5/
        NOTE: 
https://github.com/WordPress/WordPress/commit/3d10fef22d788f29aed745b0f5ff6f6baea69af3
 CVE-2017-9062 (In WordPress before 4.7.5, there is improper handling of post 
meta data ...)
-       {DSA-3870-1}
+       {DSA-3870-1 DLA-975-1}
        - wordpress 4.7.5+dfsg-1 (bug #862816)
        NOTE: https://wordpress.org/news/2017/05/wordpress-4-7-5/
        NOTE: 
https://github.com/WordPress/WordPress/commit/3d95e3ae816f4d7c638f40d3e936a4be19724381
 CVE-2017-9061 (In WordPress before 4.7.5, a cross-site scripting (XSS) 
vulnerability ...)
-       {DSA-3870-1}
+       {DSA-3870-1 DLA-975-1}
        - wordpress 4.7.5+dfsg-1 (bug #862816)
        NOTE: https://wordpress.org/news/2017/05/wordpress-4-7-5/
        NOTE: 
https://github.com/WordPress/WordPress/commit/8c7ea71edbbffca5d9766b7bea7c7f3722ffafa6
@@ -2995,7 +3085,7 @@
        NOTE: patch in BTS gives workaround to always prompt for password and 
do not save to database
        NOTE: http://www.openwall.com/lists/oss-security/2017/04/25/9
 CVE-2017-8295 (WordPress through 4.7.4 relies on the Host HTTP header for a 
...)
-       {DSA-3870-1}
+       {DSA-3870-1 DLA-975-1}
        - wordpress <unfixed> (bug #862053)
        NOTE: 
https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html
        NOTE: 
http://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html
@@ -4714,8 +4804,7 @@
        RESERVED
 CVE-2017-7670
        RESERVED
-CVE-2017-7669
-       RESERVED
+CVE-2017-7669 (In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the ...)
        - hadoop <itp> (bug #793644)
 CVE-2017-7668
        RESERVED
@@ -9507,8 +9596,8 @@
        RESERVED
 CVE-2017-6040
        RESERVED
-CVE-2017-6039
-       RESERVED
+CVE-2017-6039 (A Use of Hard-Coded Password issue was discovered in Phoenix 
Broadband ...)
+       TODO: check
 CVE-2017-6038
        RESERVED
 CVE-2017-6037 (A Heap-Based Buffer Overflow issue was discovered in Wecon 
Technologies ...)
@@ -23230,8 +23319,8 @@
        RESERVED
 CVE-2017-0897
        RESERVED
-CVE-2017-0896
-       RESERVED
+CVE-2017-0896 (Zulip Server 1.5.1 and below suffer from an error in the ...)
+       TODO: check
 CVE-2017-0895 (Nextcloud Server before 10.0.4 and 11.0.2 are vulnerable to 
disclosure ...)
        - nextcloud <itp> (bug #835086)
 CVE-2017-0894 (Nextcloud Server before 11.0.3 is vulnerable to disclosure of 
valid ...)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r52238 - data/CVE

Reply via email to