Author: sectracker
Date: 2017-06-07 21:10:12 +0000 (Wed, 07 Jun 2017)
New Revision: 52400
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-06-07 21:00:21 UTC (rev 52399)
+++ data/CVE/list 2017-06-07 21:10:12 UTC (rev 52400)
@@ -1,3 +1,15 @@
+CVE-2017-9504
+ RESERVED
+CVE-2017-9503
+ RESERVED
+CVE-2017-9502
+ RESERVED
+CVE-2017-9501 (In ImageMagick 7.0.5-7 Q16, an assertion failure was found in
the ...)
+ TODO: check
+CVE-2017-9500 (In ImageMagick 7.0.5-8 Q16, an assertion failure was found in
the ...)
+ TODO: check
+CVE-2017-9499 (In ImageMagick 7.0.5-7 Q16, an assertion failure was found in
the ...)
+ TODO: check
CVE-2017-9498
RESERVED
CVE-2017-9497
@@ -371,8 +383,8 @@
CVE-2017-9372 (PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and
14.x ...)
- pjproject 2.5.5~dfsg-6 (bug #863901)
NOTE: http://downloads.asterisk.org/pub/security/AST-2017-002.txt
-CVE-2017-9355
- RESERVED
+CVE-2017-9355 (XML external entity (XXE) vulnerability in the import playlist
feature ...)
+ TODO: check
CVE-2017-9354 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP
dissector ...)
- wireshark <unfixed> (bug #864058)
NOTE: https://www.wireshark.org/security/wnpa-sec-2017-32.html
@@ -1141,7 +1153,7 @@
NOT-FOR-US: ImageWorsener
CVE-2017-9201 (imagew-cmd.c:850:46 in libimageworsener.a in ImageWorsener
1.3.1 allows ...)
NOT-FOR-US: ImageWorsener
-CVE-2017-9148 (The TLS session cache in FreeRADIUS before 3.0.14 fails to
reliably ...)
+CVE-2017-9148 (The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x
before ...)
{DLA-977-1}
- freeradius 3.0.12+dfsg-5 (bug #863673)
[jessie] - freeradius <not-affected> (Only affects 2.1.1 to 2.1.7 and
3.0 to 3.0.13)
@@ -4208,10 +4220,10 @@
NOT-FOR-US: Schneider
CVE-2017-7967 (All versions of VAMPSET software produced by Schneider
Electric, prior ...)
NOT-FOR-US: Schneider
-CVE-2017-7966
- RESERVED
-CVE-2017-7965
- RESERVED
+CVE-2017-7966 (A DLL Hijacking vulnerability in the programming software in
Schneider ...)
+ TODO: check
+CVE-2017-7965 (A buffer overflow vulnerability exists in Programming Software
...)
+ TODO: check
CVE-2017-7964 (Zyxel WRE6505 devices have a default TELNET password of 1234
for the ...)
NOT-FOR-US: Zyxel
CVE-2017-7963 (** DISPUTED ** The GNU Multiple Precision Arithmetic Library
(GMP) ...)
@@ -5457,10 +5469,10 @@
NOT-FOR-US: MyBB
CVE-2017-7565 (Splunk Hadoop Connect App has a path traversal vulnerability
that ...)
NOT-FOR-US: Splunk Hadoop Connect App
-CVE-2017-7564
- RESERVED
-CVE-2017-7563
- RESERVED
+CVE-2017-7564 (In ARM Trusted Firmware through 1.3, the secure self-hosted
invasive ...)
+ TODO: check
+CVE-2017-7563 (In ARM Trusted Firmware 1.3, RO memory is always executable at
AArch64 ...)
+ TODO: check
CVE-2016-10320 (textract before 1.5.0 allows OS Command Injection attacks via
a ...)
NOT-FOR-US: textract
CVE-2016-10319 (In ARM Trusted Firmware 1.2 and 1.3, a malformed firmware
update SMC ...)
@@ -6191,12 +6203,12 @@
RESERVED
CVE-2017-7315
RESERVED
-CVE-2017-7314
- RESERVED
-CVE-2017-7313
- RESERVED
-CVE-2017-7312
- RESERVED
+CVE-2017-7314 (An issue was discovered in Personify360 e-Business 7.5.2
through 7.6.1. ...)
+ TODO: check
+CVE-2017-7313 (An issue was discovered in Personify360 e-Business 7.5.2
through 7.6.1. ...)
+ TODO: check
+CVE-2017-7312 (An issue was discovered in Personify360 e-Business 7.5.2
through 7.6.1. ...)
+ TODO: check
CVE-2017-7311
RESERVED
CVE-2017-7310 (A buffer overflow vulnerability in Import Command in Sync
Breeze ...)
@@ -7570,7 +7582,7 @@
NOT-FOR-US: Siemens
CVE-2017-6866
RESERVED
-CVE-2017-6865 (Siemens SIMATIC WinCC (TIA Portal) (V13 all versions before SP2
and V14 ...)
+CVE-2017-6865 (Siemens SIMATIC WinCC (TIA Portal) (V13 all versions before SP2
and ...)
NOT-FOR-US: Siemens
CVE-2017-6864 (The integrated web server in Siemens RUGGEDCOM ROX I (all
versions) at ...)
NOT-FOR-US: Siemens
@@ -14041,14 +14053,14 @@
RESERVED
CVE-2017-4918
RESERVED
-CVE-2017-4917
- RESERVED
+CVE-2017-4917 (VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and
5.5.x ...)
+ TODO: check
CVE-2017-4916 (VMware Workstation Pro/Player contains a NULL pointer
dereference ...)
NOT-FOR-US: VMware
CVE-2017-4915 (VMware Workstation Pro/Player contains an insecure library
loading ...)
NOT-FOR-US: VMware
-CVE-2017-4914
- RESERVED
+CVE-2017-4914 (VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and
5.5.x ...)
+ TODO: check
CVE-2017-4913
RESERVED
CVE-2017-4912
@@ -14065,22 +14077,22 @@
RESERVED
CVE-2017-4906
RESERVED
-CVE-2017-4905
- RESERVED
-CVE-2017-4904
- RESERVED
-CVE-2017-4903
- RESERVED
-CVE-2017-4902
- RESERVED
+CVE-2017-4905 (VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3
without ...)
+ TODO: check
+CVE-2017-4904 (The XHCI controller in VMware ESXi 6.5 without patch ...)
+ TODO: check
+CVE-2017-4903 (VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3
without ...)
+ TODO: check
+CVE-2017-4902 (VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5
without ...)
+ TODO: check
CVE-2017-4901
RESERVED
-CVE-2017-4900
- RESERVED
-CVE-2017-4899
- RESERVED
-CVE-2017-4898
- RESERVED
+CVE-2017-4900 (VMware Workstation Pro/Player 12.x before 12.5.3 contains a
NULL ...)
+ TODO: check
+CVE-2017-4899 (VMware Workstation Pro/Player 12.x before 12.5.3 contains a
security ...)
+ TODO: check
+CVE-2017-4898 (VMware Workstation Pro/Player 12.x before 12.5.3 contains a DLL
...)
+ TODO: check
CVE-2017-4897 (VMware Horizon DaaS before 7.0.0 contains a vulnerability that
exists ...)
NOT-FOR-US: VMware Horizon DaaS
CVE-2017-4896 (Airwatch Inbox for Android contains a vulnerability that may
allow a ...)
@@ -16625,8 +16637,8 @@
NOT-FOR-US: IBM
CVE-2016-9978 (IBM Curam Social Program Management 5.2, 6.0, and 7.0 could
allow an ...)
NOT-FOR-US: IBM
-CVE-2016-9977
- RESERVED
+CVE-2016-9977 (IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a
remote ...)
+ TODO: check
CVE-2016-9976 (IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a
remote ...)
NOT-FOR-US: IBM
CVE-2016-9975 (IBM Jazz for Service Management 1.1.2.1 and 1.1.3 is vulnerable
to ...)
@@ -19121,8 +19133,8 @@
NOT-FOR-US: Joomla
CVE-2016-9835 (Directory traversal vulnerability in file "jcss.php"
in Zikula 1.3.x ...)
NOT-FOR-US: Zikula
-CVE-2016-9834
- RESERVED
+CVE-2016-9834 (An XSS vulnerability allows remote attackers to execute
arbitrary ...)
+ TODO: check
CVE-2016-9833
RESERVED
CVE-2016-9832 (PricewaterhouseCoopers (PwC) ACE-ABAP 8.10.304 for SAP Security
allows ...)
@@ -22877,8 +22889,8 @@
RESERVED
CVE-2017-1306
RESERVED
-CVE-2017-1305
- RESERVED
+CVE-2017-1305 (IBM DOORS Next Generation (DNG/RRC) 6.0.2 and 6.0.3 is
vulnerable to ...)
+ TODO: check
CVE-2017-1304
RESERVED
CVE-2017-1303
@@ -23095,8 +23107,8 @@
RESERVED
CVE-2017-1197
RESERVED
-CVE-2017-1196
- RESERVED
+CVE-2017-1196 (IBM BigFix Compliance (TEMA SUAv1 SCA SCM) 1.9.70 does not
require ...)
+ TODO: check
CVE-2017-1195
RESERVED
CVE-2017-1194 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is
vulnerable ...)
@@ -23132,8 +23144,8 @@
NOT-FOR-US: IBM TRIRIGA Document Manager
CVE-2017-1179
RESERVED
-CVE-2017-1178
- RESERVED
+CVE-2017-1178 (IBM Endpoint Manager for Security and Compliance 1.9.70 is
vulnerable ...)
+ TODO: check
CVE-2017-1177
RESERVED
CVE-2017-1176
@@ -23238,8 +23250,8 @@
NOT-FOR-US: IBM
CVE-2017-1126
RESERVED
-CVE-2017-1125
- RESERVED
+CVE-2017-1125 (IBM Cognos Analytics 10.1 and 10.2 could allow a local user to
craft a ...)
+ TODO: check
CVE-2017-1124 (IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a
local ...)
NOT-FOR-US: IBM
CVE-2017-1123
@@ -23821,8 +23833,8 @@
RESERVED
CVE-2016-9711
RESERVED
-CVE-2016-9710
- RESERVED
+CVE-2016-9710 (IBM Predictive Solutions Foundation (formerly PMQ) could allow
a ...)
+ TODO: check
CVE-2016-9709
RESERVED
CVE-2016-9708
@@ -27892,8 +27904,8 @@
NOT-FOR-US: IBM
CVE-2016-8940 (IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2,
6.3, and ...)
NOT-FOR-US: IBM
-CVE-2016-8939
- RESERVED
+CVE-2016-8939 (IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1)
...)
+ TODO: check
CVE-2016-8938 (IBM UrbanCode Deploy could allow a user to execute code using a
...)
NOT-FOR-US: IBM
CVE-2016-8937
@@ -37399,12 +37411,12 @@
REJECTED
CVE-2016-6090 (IBM WebSphere Commerce contains an unspecified vulnerability
that ...)
NOT-FOR-US: IBM
-CVE-2016-6089
- RESERVED
+CVE-2016-6089 (IBM WebSphere MQ 9.0.0.1 and 9.0.2 could allow a local user to
write ...)
+ TODO: check
CVE-2016-6088
RESERVED
-CVE-2016-6087
- RESERVED
+CVE-2016-6087 (IBM Domino 8.5 and 9.0 could allow an attacker to steal
credentials ...)
+ TODO: check
CVE-2016-6086
RESERVED
CVE-2016-6085 (IBM BigFix Platform could allow an attacker on the local
network to ...)
@@ -37657,10 +37669,10 @@
RESERVED
CVE-2016-5961
RESERVED
-CVE-2016-5960
- RESERVED
-CVE-2016-5959
- RESERVED
+CVE-2016-5960 (IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores
user ...)
+ TODO: check
+CVE-2016-5959 (IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores
...)
+ TODO: check
CVE-2016-5958 (IBM Security Privileged Identity Manager could allow a remote
attacker ...)
NOT-FOR-US: IBM
CVE-2016-5957 (IBM Security Privileged Identity Manager (ISPIM) Virtual
Appliance 2.x ...)
@@ -41425,8 +41437,7 @@
RESERVED
CVE-2016-4974 (Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS (AMQP 1.0)
before ...)
NOT-FOR-US: Apache Qpid Java Broker
-CVE-2016-4973
- RESERVED
+CVE-2016-4973 (Binaries compiled against targets that use the libssp library
in GCC ...)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1324759
- gcc-6 <not-affected> (Uses glibc-internal SSP)
- gcc-5 <not-affected> (Uses glibc-internal SSP)
@@ -46963,8 +46974,8 @@
NOT-FOR-US: IBM
CVE-2016-3052 (IBM WebSphere MQ 8.0, under nonstandard configurations, sends
password ...)
NOT-FOR-US: IBM
-CVE-2016-3051
- RESERVED
+CVE-2016-3051 (IBM Security Access Manager for Web 9.0.0 could allow an
authenticated ...)
+ TODO: check
CVE-2016-3050
RESERVED
CVE-2016-3049
@@ -47031,8 +47042,8 @@
NOT-FOR-US: IBM
CVE-2016-3020 (IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0
could ...)
NOT-FOR-US: IBM
-CVE-2016-3019
- RESERVED
+CVE-2016-3019 (IBM Security Access Manager for Web 9.0.0 uses weaker than
expected ...)
+ TODO: check
CVE-2016-3018 (IBM Security Access Manager for Web is vulnerable to cross-site
...)
NOT-FOR-US: IBM
CVE-2016-3017 (IBM Security Access Manager for Web could allow a remote
attacker to ...)
@@ -56787,8 +56798,8 @@
RESERVED
CVE-2016-0255 (IBM Marketing Platform 9.1 and 10.0 is vulnerable to stored
cross-site ...)
NOT-FOR-US: IBM
-CVE-2016-0254
- RESERVED
+CVE-2016-0254 (IBM Cognos Business Intelligence 10.1 and 10.2 is vulnerable to
a ...)
+ TODO: check
CVE-2016-0253
RESERVED
CVE-2016-0252 (IBM Control Center 6.x before 6.0.0.1 iFix06 and Sterling
Control ...)
@@ -56895,8 +56906,7 @@
NOT-FOR-US: IBM
CVE-2016-0201 (GSKit in IBM Security Network Protection 5.3.1 before 5.3.1.7
and ...)
NOT-FOR-US: IBM
-CVE-2015-8538 [a out of bound read bug is found in libdwarf]
- RESERVED
+CVE-2015-8538 (dwarf_leb.c in libdwarf allows attackers to cause a denial of
service ...)
{DLA-669-1}
- dwarfutils 20160507-1 (bug #807817)
[jessie] - dwarfutils 20120410-2+deb8u1
@@ -57950,8 +57960,7 @@
RESERVED
CVE-2015-8322 (NetApp OnCommand System Manager 8.3.x before 8.3.2 allows
remote ...)
NOT-FOR-US: NetApp
-CVE-2015-8326 [Use of predictable names for temporary files]
- RESERVED
+CVE-2015-8326 (The IPTables-Parse module before 1.6 for Perl allows local
users to ...)
- libiptables-parse-perl 1.6-1
[jessie] - libiptables-parse-perl 1.1-1+deb8u1
[wheezy] - libiptables-parse-perl 1.1-1+deb7u1
@@ -58207,8 +58216,8 @@
RESERVED
CVE-2015-8236 (Arista EOS before 4.11.12, 4.12 before 4.12.11, 4.13 before
4.13.14M, ...)
NOT-FOR-US: Arista EOS
-CVE-2015-8235
- RESERVED
+CVE-2015-8235 (Directory traversal vulnerability in Spiffy before 5.4. ...)
+ TODO: check
CVE-2015-8233 (Cross-site scripting (XSS) vulnerability in the MAYO theme
7.x-1.x ...)
NOT-FOR-US: Drupal theme
CVE-2015-8232 (The UC Profile module 6.x-1.x before 6.x-1.3 for Drupal does
not ...)
@@ -59247,8 +59256,8 @@
RESERVED
CVE-2015-7889
RESERVED
-CVE-2015-7888
- RESERVED
+CVE-2015-7888 (Directory traversal vulnerability in the WifiHs20UtilityService
on the ...)
+ TODO: check
CVE-2015-7887
RESERVED
CVE-2015-7886 (NetApp Data ONTAP before 8.2.4P1, when 7-Mode and HTTP access
are ...)
@@ -59770,15 +59779,13 @@
NOT-FOR-US: SAP HANA
CVE-2015-7725 (Multiple SQL injection vulnerabilities in the Web-based
Development ...)
NOT-FOR-US: SAP HANA
-CVE-2015-7724 [Privilege Escalation Via Symlink Attacks On POSIX Shared Memory
With Insecure Permissions In AMD fglrx-driver]
- RESERVED
+CVE-2015-7724 (AMD fglrx-driver before 15.9 allows local users to gain
privileges via ...)
- fglrx-driver 1:15.9-1 (bug #803517)
[jessie] - fglrx-driver <no-dsa> (Non-free not supported)
[wheezy] - fglrx-driver <no-dsa> (non-free not supported)
[squeeze] - fglrx-driver <no-dsa> (non-free not supported)
NOTE: http://seclists.org/fulldisclosure/2015/Oct/103
-CVE-2015-7723 [Privilege Escalation Via Symlink Attacks On POSIX Shared Memory
With Insecure Permissions In AMD fglrx-driver]
- RESERVED
+CVE-2015-7723 (AMD fglrx-driver before 15.7 allows local users to gain
privileges via ...)
- fglrx-driver 1:15.7-1 (bug #803517)
[jessie] - fglrx-driver <no-dsa> (Non-free not supported)
[wheezy] - fglrx-driver <no-dsa> (non-free not supported)
@@ -60512,8 +60519,7 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1285326
NOTE: https://os-s.net/advisories/OSS-2016-05_aiptek.pdf
NOTE: Upstream commit:
https://git.kernel.org/linus/8e20cf2bce122ce9262d6034ee5d5b76fbb92f96 (v4.4-rc6)
-CVE-2015-7514
- RESERVED
+CVE-2015-7514 (OpenStack Ironic 4.2.0 through 4.2.1 does not "clean"
the disk after ...)
- ironic 1:4.2.2-1 (bug #807269)
CVE-2015-7513 (arch/x86/kvm/x86.c in the Linux kernel before 4.4 does not
reset the ...)
{DSA-3434-1}
@@ -60990,8 +60996,7 @@
CVE-2015-7327 (Mozilla Firefox before 41.0 does not properly restrict the ...)
- iceweasel <not-affected> (Windows-specific)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-114/
-CVE-2015-7326 [XXE vulnerability in Milton Webdav]
- RESERVED
+CVE-2015-7326 (XML External Entity (XXE) vulnerability in Milton Webdav before
...)
NOT-FOR-US: Milton Webdav
CVE-2015-7325
RESERVED
@@ -61919,8 +61924,8 @@
RESERVED
CVE-2015-6960
RESERVED
-CVE-2015-6959
- RESERVED
+CVE-2015-6959 (Cross-site scripting (XSS) vulnerability in Vindula 1.9. ...)
+ TODO: check
CVE-2015-6958
RESERVED
CVE-2015-6957
@@ -63114,8 +63119,8 @@
REJECTED
CVE-2015-6541 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the Mail ...)
NOT-FOR-US: Zimbra
-CVE-2015-6540
- RESERVED
+CVE-2015-6540 (Cross-site scripting (XSS) vulnerability in Intellect Design
Arena ...)
+ TODO: check
CVE-2015-6539
RESERVED
CVE-2015-6538 (The login page in Epiphany Cardio Server 3.3, 4.0, and 4.1
mishandles ...)
@@ -65778,8 +65783,7 @@
REJECTED
CVE-2015-5516 (Memory leak in the last hop kernel module in F5 BIG-IP LTM,
GTM, and ...)
NOT-FOR-US: F5 BIG-IP
-CVE-2015-6240 [ansible zone/chroot/jail escape]
- RESERVED
+CVE-2015-6240 (The chroot, jail, and zone connection plugins in ansible before
1.9.2 ...)
- ansible 1.9.2+dfsg-1 (low)
[jessie] - ansible <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2015/07/14/3
@@ -66753,8 +66757,7 @@
[wheezy] - icedtea-web <no-dsa> (Minor issue)
CVE-2015-5233 (Foreman before 1.8.4 and 1.9.x before 1.9.1 do not properly
apply ...)
- foreman <itp> (bug #663101)
-CVE-2015-5232
- RESERVED
+CVE-2015-5232 (Race conditions in opa-fm before 10.4.0.0.196 and opa-ff before
...)
NOT-FOR-US: OPA Fabric Manager and OPA tools and Fast Fabric
CVE-2015-5231 (The service daemon in CRIU does not properly restrict access to
...)
- criu 1.8-2 (bug #797110)
@@ -66868,8 +66871,7 @@
NOTE: Analysis/More information:
https://bugzilla.redhat.com/show_bug.cgi?id=1254242#c3
NOTE: The patch
http://sf.net/projects/mancha/files/sec/jasper-1.900.1_CVE-2015-5203.diff
NOTE: breaks ABI.
-CVE-2015-5202
- RESERVED
+CVE-2015-5202 (Red Hat Satellite 6 allows remote authenticated users with
privileged ...)
NOT-FOR-US: Satellite6
CVE-2015-5201
RESERVED
@@ -66969,8 +66971,7 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-5177
CVE-2015-5176 (The PortletRequestDispatcher in PortletBridge, as used in Red
Hat ...)
NOT-FOR-US: PortletBridge component in JBoss Portal
-CVE-2015-5175
- RESERVED
+CVE-2015-5175 (Application plugins in Apache CXF Fediz before 1.1.3 and 1.2.x
before ...)
NOT-FOR-US: Apache CXF Fediz
CVE-2015-5174 (Directory traversal vulnerability in RequestUtil.java in Apache
Tomcat ...)
{DSA-3609-1 DSA-3552-1 DSA-3530-1 DLA-435-1}
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
