Author: sectracker Date: 2017-06-15 21:10:13 +0000 (Thu, 15 Jun 2017) New Revision: 52595
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-06-15 20:24:55 UTC (rev 52594) +++ data/CVE/list 2017-06-15 21:10:13 UTC (rev 52595) @@ -1,3 +1,125 @@ +CVE-2017-9725 + RESERVED +CVE-2017-9724 + RESERVED +CVE-2017-9723 + RESERVED +CVE-2017-9722 + RESERVED +CVE-2017-9721 + RESERVED +CVE-2017-9720 + RESERVED +CVE-2017-9719 + RESERVED +CVE-2017-9718 + RESERVED +CVE-2017-9717 + RESERVED +CVE-2017-9716 + RESERVED +CVE-2017-9715 + RESERVED +CVE-2017-9714 + RESERVED +CVE-2017-9713 + RESERVED +CVE-2017-9712 + RESERVED +CVE-2017-9711 + RESERVED +CVE-2017-9710 + RESERVED +CVE-2017-9709 + RESERVED +CVE-2017-9708 + RESERVED +CVE-2017-9707 + RESERVED +CVE-2017-9706 + RESERVED +CVE-2017-9705 + RESERVED +CVE-2017-9704 + RESERVED +CVE-2017-9703 + RESERVED +CVE-2017-9702 + RESERVED +CVE-2017-9701 + RESERVED +CVE-2017-9700 + RESERVED +CVE-2017-9699 + RESERVED +CVE-2017-9698 + RESERVED +CVE-2017-9697 + RESERVED +CVE-2017-9696 + RESERVED +CVE-2017-9695 + RESERVED +CVE-2017-9694 + RESERVED +CVE-2017-9693 + RESERVED +CVE-2017-9692 + RESERVED +CVE-2017-9691 + RESERVED +CVE-2017-9690 + RESERVED +CVE-2017-9689 + RESERVED +CVE-2017-9688 + RESERVED +CVE-2017-9687 + RESERVED +CVE-2017-9686 + RESERVED +CVE-2017-9685 + RESERVED +CVE-2017-9684 + RESERVED +CVE-2017-9683 + RESERVED +CVE-2017-9682 + RESERVED +CVE-2017-9681 + RESERVED +CVE-2017-9680 + RESERVED +CVE-2017-9679 + RESERVED +CVE-2017-9678 + RESERVED +CVE-2017-9677 + RESERVED +CVE-2017-9676 + RESERVED +CVE-2017-9675 (On D-Link DIR-605L devices, firmware before 2.08UIBetaB01.bin allows an ...) + TODO: check +CVE-2017-9674 (In SimpleCE 2.3.0, an authenticated XSS vulnerability was found on ...) + TODO: check +CVE-2017-9673 (In SimpleCE 2.3.0, a CSRF vulnerability can be exploited to add an ...) + TODO: check +CVE-2017-9672 + RESERVED +CVE-2017-9671 + RESERVED +CVE-2017-9670 (An uninitialized stack variable vulnerability in load_tic_series() in ...) + TODO: check +CVE-2017-9669 + RESERVED +CVE-2017-9668 + RESERVED +CVE-2017-9667 + RESERVED +CVE-2017-9666 + RESERVED +CVE-2017-9665 + RESERVED CVE-2017-9664 RESERVED CVE-2017-9663 @@ -104,8 +226,8 @@ RESERVED CVE-2017-9614 RESERVED -CVE-2017-9613 - RESERVED +CVE-2017-9613 (Stored Cross-site scripting (XSS) vulnerability in SAP SuccessFactors ...) + TODO: check CVE-2017-9612 RESERVED CVE-2017-9611 @@ -353,8 +475,8 @@ RESERVED CVE-2017-9506 RESERVED -CVE-2017-9505 - RESERVED +CVE-2017-9505 (Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if ...) + TODO: check CVE-2017-9504 RESERVED CVE-2017-9503 [scsi: null pointer dereference while processing megasas command] @@ -594,8 +716,8 @@ RESERVED CVE-2017-9420 (Cross site scripting (XSS) vulnerability in the Spiffy Calendar plugin ...) NOT-FOR-US: Spiffy Calendar plugin for WordPress -CVE-2017-9419 - RESERVED +CVE-2017-9419 (Cross-site scripting (XSS) vulnerability in the Webhammer WP Custom ...) + TODO: check CVE-2017-9418 (SQL injection vulnerability in the WP-Testimonials plugin 3.4.1 for ...) NOT-FOR-US: WP-Testimonials plugin for WordPress CVE-2017-9417 (Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute ...) @@ -926,8 +1048,8 @@ [jessie] - yara <no-dsa> (Minor issue) NOTE: https://github.com/VirusTotal/yara/issues/674 NOTE: https://github.com/VirusTotal/yara/commit/925bcf3c3b0a28b5b78e25d9efda5c0bf27ae699 -CVE-2016-10395 - RESERVED +CVE-2016-10395 (In FlexNet Publisher versions before Luton SP1 (11.14.1.1) running ...) + TODO: check CVE-2016-10394 RESERVED CVE-2016-10393 @@ -3084,7 +3206,7 @@ RESERVED CVE-2017-8553 (An information disclosure vulnerability exists in Microsoft Windows ...) NOT-FOR-US: Microsoft -CVE-2017-8552 (A kernel-mode driver in Windows Server 2008 SP2 and R2 SP1, and ...) +CVE-2017-8552 (A kernel-mode driver in Microsoft Windows XP SP3, Windows XP x64 XP2, ...) NOT-FOR-US: Microsoft CVE-2017-8551 (An elevation of privilege vulnerability exists when Microsoft ...) NOT-FOR-US: Microsoft @@ -3102,7 +3224,7 @@ NOT-FOR-US: Microsoft CVE-2017-8544 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows ...) NOT-FOR-US: Microsoft -CVE-2017-8543 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows ...) +CVE-2017-8543 (Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, ...) NOT-FOR-US: Microsoft CVE-2017-8542 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...) NOT-FOR-US: Microsoft @@ -3214,8 +3336,8 @@ NOT-FOR-US: Microsoft CVE-2017-8488 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...) NOT-FOR-US: Microsoft -CVE-2017-8487 - RESERVED +CVE-2017-8487 (Windows OLE in Windows XP and Windows Server 2003 allows an attacker ...) + TODO: check CVE-2017-8486 RESERVED CVE-2017-8485 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...) @@ -3266,8 +3388,8 @@ RESERVED CVE-2017-8462 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...) NOT-FOR-US: Microsoft -CVE-2017-8461 - RESERVED +CVE-2017-8461 (Windows RPC with Routing and Remote Access enabled in Windows XP and ...) + TODO: check CVE-2017-8460 (Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows ...) NOT-FOR-US: Microsoft CVE-2017-8459 (** DISPUTED ** Brave 0.12.4 has a Status Bar Obfuscation issue in which ...) @@ -4992,8 +5114,8 @@ NOT-FOR-US: flatCore CVE-2017-7877 (CSRF vulnerability in flatCore version 1.4.6 allows remote attackers to ...) NOT-FOR-US: flatCore -CVE-2017-7876 - RESERVED +CVE-2017-7876 (QNAP QTS before 4.2.6 build 20170517 allows command injection. ...) + TODO: check CVE-2017-7875 (In wallpaper.c in feh before v2.18.3, if a malicious client pretends to ...) {DLA-899-1} - feh 2.18-2 (low; bug #860367) @@ -5752,8 +5874,8 @@ RESERVED CVE-2017-7630 RESERVED -CVE-2017-7629 - RESERVED +CVE-2017-7629 (QNAP QTS before 4.2.6 build 20170517 has a flaw in the change password ...) + TODO: check CVE-2017-7628 (The "Smart related articles" extension 1.1 for Joomla! has SQL ...) NOT-FOR-US: Joomla extension CVE-2017-7627 (The "Smart related articles" extension 1.1 for Joomla! does not prevent ...) @@ -10799,9 +10921,11 @@ NOT-FOR-US: Moodle plugin CVE-2017-5944 [Remote code execution in dashboard interface] RESERVED + {DSA-3882-1} - request-tracker4 4.4.1-4 CVE-2017-5943 [CSRF verification token information leak] RESERVED + {DSA-3882-1} - request-tracker4 4.4.1-4 CVE-2017-5942 (An issue was discovered in the WP Mail plugin before 1.2 for WordPress. ...) NOT-FOR-US: Wordpress plugin @@ -11836,7 +11960,7 @@ NOTE: https://cwiki.apache.org/confluence/display/WW/S2-045 CVE-2017-5637 RESERVED - {DSA-3871-1} + {DSA-3871-1 DLA-986-1} - zookeeper 3.4.9-3 (bug #863811) NOTE: https://issues.apache.org/jira/browse/ZOOKEEPER-2693 CVE-2017-5636 @@ -13073,6 +13197,7 @@ RESERVED CVE-2017-5361 [Timing side-channel vulnerability in password verification] RESERVED + {DSA-3883-1 DSA-3882-1} - request-tracker4 4.4.1-4 - rt-authen-externalauth <removed> NOTE: https://github.com/bestpractical/rt-authen-externalauth/commit/436255c04b4881bb6d8eec9a57b8593033d863a9 @@ -13464,8 +13589,8 @@ RESERVED CVE-2017-5245 RESERVED -CVE-2017-5244 - RESERVED +CVE-2017-5244 (Routes used to stop running Metasploit tasks (either particular ones ...) + TODO: check CVE-2017-5243 (The default SSH configuration in Rapid7 Nexpose hardware appliances ...) NOT-FOR-US: Rapid7 Nexpose hardware appliances CVE-2017-5242 @@ -23337,8 +23462,8 @@ RESERVED CVE-2017-1380 RESERVED -CVE-2017-1379 - RESERVED +CVE-2017-1379 (IBM API Connect 5.0.0.0 could allow a remote attacker to obtain ...) + TODO: check CVE-2017-1378 RESERVED CVE-2017-1377 @@ -23701,8 +23826,8 @@ RESERVED CVE-2017-1198 RESERVED -CVE-2017-1197 - RESERVED +CVE-2017-1197 (IBM BigFix Compliance (TEMA SUAv1 SCA SCM) uses an inadequate account ...) + TODO: check CVE-2017-1196 (IBM BigFix Compliance (TEMA SUAv1 SCA SCM) 1.9.70 does not require ...) NOT-FOR-US: IBM CVE-2017-1195 @@ -37957,6 +38082,7 @@ NOTE: libtomcrypt, thus keep that source package as well for now associated. CVE-2016-6127 [XSS in file uploads] RESERVED + {DSA-3882-1} - request-tracker4 4.4.1-4 CVE-2016-6126 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote ...) NOT-FOR-US: IBM @@ -60368,8 +60494,8 @@ RESERVED CVE-2015-7733 RESERVED -CVE-2015-7732 - RESERVED +CVE-2015-7732 (The Avira Mobile Security app before 1.5.11 for iOS sends sensitive ...) + TODO: check CVE-2015-7731 RESERVED CVE-2015-7730 (SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits