Author: sectracker
Date: 2017-06-15 21:10:13 +0000 (Thu, 15 Jun 2017)
New Revision: 52595
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-06-15 20:24:55 UTC (rev 52594)
+++ data/CVE/list 2017-06-15 21:10:13 UTC (rev 52595)
@@ -1,3 +1,125 @@
+CVE-2017-9725
+ RESERVED
+CVE-2017-9724
+ RESERVED
+CVE-2017-9723
+ RESERVED
+CVE-2017-9722
+ RESERVED
+CVE-2017-9721
+ RESERVED
+CVE-2017-9720
+ RESERVED
+CVE-2017-9719
+ RESERVED
+CVE-2017-9718
+ RESERVED
+CVE-2017-9717
+ RESERVED
+CVE-2017-9716
+ RESERVED
+CVE-2017-9715
+ RESERVED
+CVE-2017-9714
+ RESERVED
+CVE-2017-9713
+ RESERVED
+CVE-2017-9712
+ RESERVED
+CVE-2017-9711
+ RESERVED
+CVE-2017-9710
+ RESERVED
+CVE-2017-9709
+ RESERVED
+CVE-2017-9708
+ RESERVED
+CVE-2017-9707
+ RESERVED
+CVE-2017-9706
+ RESERVED
+CVE-2017-9705
+ RESERVED
+CVE-2017-9704
+ RESERVED
+CVE-2017-9703
+ RESERVED
+CVE-2017-9702
+ RESERVED
+CVE-2017-9701
+ RESERVED
+CVE-2017-9700
+ RESERVED
+CVE-2017-9699
+ RESERVED
+CVE-2017-9698
+ RESERVED
+CVE-2017-9697
+ RESERVED
+CVE-2017-9696
+ RESERVED
+CVE-2017-9695
+ RESERVED
+CVE-2017-9694
+ RESERVED
+CVE-2017-9693
+ RESERVED
+CVE-2017-9692
+ RESERVED
+CVE-2017-9691
+ RESERVED
+CVE-2017-9690
+ RESERVED
+CVE-2017-9689
+ RESERVED
+CVE-2017-9688
+ RESERVED
+CVE-2017-9687
+ RESERVED
+CVE-2017-9686
+ RESERVED
+CVE-2017-9685
+ RESERVED
+CVE-2017-9684
+ RESERVED
+CVE-2017-9683
+ RESERVED
+CVE-2017-9682
+ RESERVED
+CVE-2017-9681
+ RESERVED
+CVE-2017-9680
+ RESERVED
+CVE-2017-9679
+ RESERVED
+CVE-2017-9678
+ RESERVED
+CVE-2017-9677
+ RESERVED
+CVE-2017-9676
+ RESERVED
+CVE-2017-9675 (On D-Link DIR-605L devices, firmware before 2.08UIBetaB01.bin
allows an ...)
+ TODO: check
+CVE-2017-9674 (In SimpleCE 2.3.0, an authenticated XSS vulnerability was found
on ...)
+ TODO: check
+CVE-2017-9673 (In SimpleCE 2.3.0, a CSRF vulnerability can be exploited to add
an ...)
+ TODO: check
+CVE-2017-9672
+ RESERVED
+CVE-2017-9671
+ RESERVED
+CVE-2017-9670 (An uninitialized stack variable vulnerability in
load_tic_series() in ...)
+ TODO: check
+CVE-2017-9669
+ RESERVED
+CVE-2017-9668
+ RESERVED
+CVE-2017-9667
+ RESERVED
+CVE-2017-9666
+ RESERVED
+CVE-2017-9665
+ RESERVED
CVE-2017-9664
RESERVED
CVE-2017-9663
@@ -104,8 +226,8 @@
RESERVED
CVE-2017-9614
RESERVED
-CVE-2017-9613
- RESERVED
+CVE-2017-9613 (Stored Cross-site scripting (XSS) vulnerability in SAP
SuccessFactors ...)
+ TODO: check
CVE-2017-9612
RESERVED
CVE-2017-9611
@@ -353,8 +475,8 @@
RESERVED
CVE-2017-9506
RESERVED
-CVE-2017-9505
- RESERVED
+CVE-2017-9505 (Atlassian Confluence starting with 4.3.0 before 6.2.1 did not
check if ...)
+ TODO: check
CVE-2017-9504
RESERVED
CVE-2017-9503 [scsi: null pointer dereference while processing megasas command]
@@ -594,8 +716,8 @@
RESERVED
CVE-2017-9420 (Cross site scripting (XSS) vulnerability in the Spiffy Calendar
plugin ...)
NOT-FOR-US: Spiffy Calendar plugin for WordPress
-CVE-2017-9419
- RESERVED
+CVE-2017-9419 (Cross-site scripting (XSS) vulnerability in the Webhammer WP
Custom ...)
+ TODO: check
CVE-2017-9418 (SQL injection vulnerability in the WP-Testimonials plugin 3.4.1
for ...)
NOT-FOR-US: WP-Testimonials plugin for WordPress
CVE-2017-9417 (Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute
...)
@@ -926,8 +1048,8 @@
[jessie] - yara <no-dsa> (Minor issue)
NOTE: https://github.com/VirusTotal/yara/issues/674
NOTE:
https://github.com/VirusTotal/yara/commit/925bcf3c3b0a28b5b78e25d9efda5c0bf27ae699
-CVE-2016-10395
- RESERVED
+CVE-2016-10395 (In FlexNet Publisher versions before Luton SP1 (11.14.1.1)
running ...)
+ TODO: check
CVE-2016-10394
RESERVED
CVE-2016-10393
@@ -3084,7 +3206,7 @@
RESERVED
CVE-2017-8553 (An information disclosure vulnerability exists in Microsoft
Windows ...)
NOT-FOR-US: Microsoft
-CVE-2017-8552 (A kernel-mode driver in Windows Server 2008 SP2 and R2 SP1, and
...)
+CVE-2017-8552 (A kernel-mode driver in Microsoft Windows XP SP3, Windows XP
x64 XP2, ...)
NOT-FOR-US: Microsoft
CVE-2017-8551 (An elevation of privilege vulnerability exists when Microsoft
...)
NOT-FOR-US: Microsoft
@@ -3102,7 +3224,7 @@
NOT-FOR-US: Microsoft
CVE-2017-8544 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1,
Windows ...)
NOT-FOR-US: Microsoft
-CVE-2017-8543 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1,
Windows ...)
+CVE-2017-8543 (Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server
2003 SP2, ...)
NOT-FOR-US: Microsoft
CVE-2017-8542 (The Microsoft Malware Protection Engine running on Microsoft
Forefront ...)
NOT-FOR-US: Microsoft
@@ -3214,8 +3336,8 @@
NOT-FOR-US: Microsoft
CVE-2017-8488 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1,
Windows 7 ...)
NOT-FOR-US: Microsoft
-CVE-2017-8487
- RESERVED
+CVE-2017-8487 (Windows OLE in Windows XP and Windows Server 2003 allows an
attacker ...)
+ TODO: check
CVE-2017-8486
RESERVED
CVE-2017-8485 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1,
Windows 7 ...)
@@ -3266,8 +3388,8 @@
RESERVED
CVE-2017-8462 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1,
Windows 7 ...)
NOT-FOR-US: Microsoft
-CVE-2017-8461
- RESERVED
+CVE-2017-8461 (Windows RPC with Routing and Remote Access enabled in Windows
XP and ...)
+ TODO: check
CVE-2017-8460 (Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2,
Windows ...)
NOT-FOR-US: Microsoft
CVE-2017-8459 (** DISPUTED ** Brave 0.12.4 has a Status Bar Obfuscation issue
in which ...)
@@ -4992,8 +5114,8 @@
NOT-FOR-US: flatCore
CVE-2017-7877 (CSRF vulnerability in flatCore version 1.4.6 allows remote
attackers to ...)
NOT-FOR-US: flatCore
-CVE-2017-7876
- RESERVED
+CVE-2017-7876 (QNAP QTS before 4.2.6 build 20170517 allows command injection.
...)
+ TODO: check
CVE-2017-7875 (In wallpaper.c in feh before v2.18.3, if a malicious client
pretends to ...)
{DLA-899-1}
- feh 2.18-2 (low; bug #860367)
@@ -5752,8 +5874,8 @@
RESERVED
CVE-2017-7630
RESERVED
-CVE-2017-7629
- RESERVED
+CVE-2017-7629 (QNAP QTS before 4.2.6 build 20170517 has a flaw in the change
password ...)
+ TODO: check
CVE-2017-7628 (The "Smart related articles" extension 1.1 for
Joomla! has SQL ...)
NOT-FOR-US: Joomla extension
CVE-2017-7627 (The "Smart related articles" extension 1.1 for
Joomla! does not prevent ...)
@@ -10799,9 +10921,11 @@
NOT-FOR-US: Moodle plugin
CVE-2017-5944 [Remote code execution in dashboard interface]
RESERVED
+ {DSA-3882-1}
- request-tracker4 4.4.1-4
CVE-2017-5943 [CSRF verification token information leak]
RESERVED
+ {DSA-3882-1}
- request-tracker4 4.4.1-4
CVE-2017-5942 (An issue was discovered in the WP Mail plugin before 1.2 for
WordPress. ...)
NOT-FOR-US: Wordpress plugin
@@ -11836,7 +11960,7 @@
NOTE: https://cwiki.apache.org/confluence/display/WW/S2-045
CVE-2017-5637
RESERVED
- {DSA-3871-1}
+ {DSA-3871-1 DLA-986-1}
- zookeeper 3.4.9-3 (bug #863811)
NOTE: https://issues.apache.org/jira/browse/ZOOKEEPER-2693
CVE-2017-5636
@@ -13073,6 +13197,7 @@
RESERVED
CVE-2017-5361 [Timing side-channel vulnerability in password verification]
RESERVED
+ {DSA-3883-1 DSA-3882-1}
- request-tracker4 4.4.1-4
- rt-authen-externalauth <removed>
NOTE:
https://github.com/bestpractical/rt-authen-externalauth/commit/436255c04b4881bb6d8eec9a57b8593033d863a9
@@ -13464,8 +13589,8 @@
RESERVED
CVE-2017-5245
RESERVED
-CVE-2017-5244
- RESERVED
+CVE-2017-5244 (Routes used to stop running Metasploit tasks (either particular
ones ...)
+ TODO: check
CVE-2017-5243 (The default SSH configuration in Rapid7 Nexpose hardware
appliances ...)
NOT-FOR-US: Rapid7 Nexpose hardware appliances
CVE-2017-5242
@@ -23337,8 +23462,8 @@
RESERVED
CVE-2017-1380
RESERVED
-CVE-2017-1379
- RESERVED
+CVE-2017-1379 (IBM API Connect 5.0.0.0 could allow a remote attacker to obtain
...)
+ TODO: check
CVE-2017-1378
RESERVED
CVE-2017-1377
@@ -23701,8 +23826,8 @@
RESERVED
CVE-2017-1198
RESERVED
-CVE-2017-1197
- RESERVED
+CVE-2017-1197 (IBM BigFix Compliance (TEMA SUAv1 SCA SCM) uses an inadequate
account ...)
+ TODO: check
CVE-2017-1196 (IBM BigFix Compliance (TEMA SUAv1 SCA SCM) 1.9.70 does not
require ...)
NOT-FOR-US: IBM
CVE-2017-1195
@@ -37957,6 +38082,7 @@
NOTE: libtomcrypt, thus keep that source package as well for now
associated.
CVE-2016-6127 [XSS in file uploads]
RESERVED
+ {DSA-3882-1}
- request-tracker4 4.4.1-4
CVE-2016-6126 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a
remote ...)
NOT-FOR-US: IBM
@@ -60368,8 +60494,8 @@
RESERVED
CVE-2015-7733
RESERVED
-CVE-2015-7732
- RESERVED
+CVE-2015-7732 (The Avira Mobile Security app before 1.5.11 for iOS sends
sensitive ...)
+ TODO: check
CVE-2015-7731
RESERVED
CVE-2015-7730 (SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0,
and ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
