Author: sectracker Date: 2017-06-02 21:10:14 +0000 (Fri, 02 Jun 2017) New Revision: 52238
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-06-02 18:58:06 UTC (rev 52237) +++ data/CVE/list 2017-06-02 21:10:14 UTC (rev 52238) @@ -1,3 +1,93 @@ +CVE-2017-9412 + RESERVED +CVE-2017-9411 + RESERVED +CVE-2017-9410 + RESERVED +CVE-2017-9409 (In ImageMagick 7.0.5-5, the ReadMPCImage function in mpc.c allows ...) + TODO: check +CVE-2017-9408 (In Poppler 0.54.0, a memory leak vulnerability was found in the ...) + TODO: check +CVE-2017-9407 (In ImageMagick 7.0.5-5, the ReadPALMImage function in palm.c allows ...) + TODO: check +CVE-2017-9406 (In Poppler 0.54.0, a memory leak vulnerability was found in the ...) + TODO: check +CVE-2017-9405 (In ImageMagick 7.0.5-5, the ReadICONImage function in icon.c:452 allows ...) + TODO: check +CVE-2017-9404 (In LibTIFF 4.0.7, a memory leak vulnerability was found in the function ...) + TODO: check +CVE-2017-9403 (In LibTIFF 4.0.7, a memory leak vulnerability was found in the function ...) + TODO: check +CVE-2017-9402 + RESERVED +CVE-2017-9401 + RESERVED +CVE-2017-9400 + RESERVED +CVE-2017-9399 + RESERVED +CVE-2017-9398 + RESERVED +CVE-2017-9397 + RESERVED +CVE-2017-9396 + RESERVED +CVE-2017-9395 + RESERVED +CVE-2017-9394 + RESERVED +CVE-2017-9393 + RESERVED +CVE-2017-9392 + RESERVED +CVE-2017-9391 + RESERVED +CVE-2017-9390 + RESERVED +CVE-2017-9389 + RESERVED +CVE-2017-9388 + RESERVED +CVE-2017-9387 + RESERVED +CVE-2017-9386 + RESERVED +CVE-2017-9385 + RESERVED +CVE-2017-9384 + RESERVED +CVE-2017-9383 + RESERVED +CVE-2017-9382 + RESERVED +CVE-2017-9381 + RESERVED +CVE-2017-9380 (OpenEMR 5.0.0 and prior allows low-privilege users to upload files of ...) + TODO: check +CVE-2017-9379 (Multiple CSRF issues exist in BigTree CMS through 4.2.18 - the clear ...) + TODO: check +CVE-2017-9378 (BigTree CMS through 4.2.18 does not prevent a user from deleting their ...) + TODO: check +CVE-2017-9377 + RESERVED +CVE-2017-9376 + RESERVED +CVE-2017-9375 + RESERVED +CVE-2017-9374 + RESERVED +CVE-2017-9373 + RESERVED +CVE-2017-9371 + RESERVED +CVE-2017-9370 + RESERVED +CVE-2017-9369 + RESERVED +CVE-2017-9368 + RESERVED +CVE-2017-9367 + RESERVED CVE-2017-9366 (Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS) ...) NOT-FOR-US: Telaxus EPESI CVE-2017-9365 (CSRF exists in BigTree CMS through 4.2.18 with the force parameter to ...) @@ -24,7 +114,7 @@ - pjproject 2.5.5~dfsg-6 (bug #863902) NOTE: http://downloads.asterisk.org/pub/security/AST-2017-003.txt NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-26939 -CVE-2017-9372 [AST-2017-002: Buffer Overrun in PJSIP transaction layer] +CVE-2017-9372 (PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x ...) - pjproject 2.5.5~dfsg-6 (bug #863901) NOTE: http://downloads.asterisk.org/pub/security/AST-2017-002.txt CVE-2017-9355 @@ -1139,27 +1229,27 @@ NOTE: https://wordpress.org/news/2017/05/wordpress-4-7-5/ NOTE: https://github.com/WordPress/WordPress/commit/76d77e927bb4d0f87c7262a50e28d84e01fd2b11 CVE-2017-9065 (In WordPress before 4.7.5, there is a lack of capability checks for ...) - {DSA-3870-1} + {DSA-3870-1 DLA-975-1} - wordpress 4.7.5+dfsg-1 (bug #862816) NOTE: https://wordpress.org/news/2017/05/wordpress-4-7-5/ NOTE: https://github.com/WordPress/WordPress/commit/e88a48a066ab2200ce3091b131d43e2fab2460a4 CVE-2017-9064 (In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) ...) - {DSA-3870-1} + {DSA-3870-1 DLA-975-1} - wordpress 4.7.5+dfsg-1 (bug #862816) NOTE: https://wordpress.org/news/2017/05/wordpress-4-7-5/ NOTE: https://github.com/WordPress/WordPress/commit/38347d7c580be4cdd8476e4bbc653d5c79ed9b67 CVE-2017-9063 (In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability ...) - {DSA-3870-1} + {DSA-3870-1 DLA-975-1} - wordpress 4.7.5+dfsg-1 (bug #862816) NOTE: https://wordpress.org/news/2017/05/wordpress-4-7-5/ NOTE: https://github.com/WordPress/WordPress/commit/3d10fef22d788f29aed745b0f5ff6f6baea69af3 CVE-2017-9062 (In WordPress before 4.7.5, there is improper handling of post meta data ...) - {DSA-3870-1} + {DSA-3870-1 DLA-975-1} - wordpress 4.7.5+dfsg-1 (bug #862816) NOTE: https://wordpress.org/news/2017/05/wordpress-4-7-5/ NOTE: https://github.com/WordPress/WordPress/commit/3d95e3ae816f4d7c638f40d3e936a4be19724381 CVE-2017-9061 (In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability ...) - {DSA-3870-1} + {DSA-3870-1 DLA-975-1} - wordpress 4.7.5+dfsg-1 (bug #862816) NOTE: https://wordpress.org/news/2017/05/wordpress-4-7-5/ NOTE: https://github.com/WordPress/WordPress/commit/8c7ea71edbbffca5d9766b7bea7c7f3722ffafa6 @@ -2995,7 +3085,7 @@ NOTE: patch in BTS gives workaround to always prompt for password and do not save to database NOTE: http://www.openwall.com/lists/oss-security/2017/04/25/9 CVE-2017-8295 (WordPress through 4.7.4 relies on the Host HTTP header for a ...) - {DSA-3870-1} + {DSA-3870-1 DLA-975-1} - wordpress <unfixed> (bug #862053) NOTE: https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html NOTE: http://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html @@ -4714,8 +4804,7 @@ RESERVED CVE-2017-7670 RESERVED -CVE-2017-7669 - RESERVED +CVE-2017-7669 (In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the ...) - hadoop <itp> (bug #793644) CVE-2017-7668 RESERVED @@ -9507,8 +9596,8 @@ RESERVED CVE-2017-6040 RESERVED -CVE-2017-6039 - RESERVED +CVE-2017-6039 (A Use of Hard-Coded Password issue was discovered in Phoenix Broadband ...) + TODO: check CVE-2017-6038 RESERVED CVE-2017-6037 (A Heap-Based Buffer Overflow issue was discovered in Wecon Technologies ...) @@ -23230,8 +23319,8 @@ RESERVED CVE-2017-0897 RESERVED -CVE-2017-0896 - RESERVED +CVE-2017-0896 (Zulip Server 1.5.1 and below suffer from an error in the ...) + TODO: check CVE-2017-0895 (Nextcloud Server before 10.0.4 and 11.0.2 are vulnerable to disclosure ...) - nextcloud <itp> (bug #835086) CVE-2017-0894 (Nextcloud Server before 11.0.3 is vulnerable to disclosure of valid ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits