Author: sectracker Date: 2017-06-21 21:10:13 +0000 (Wed, 21 Jun 2017) New Revision: 52790
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-06-21 20:21:15 UTC (rev 52789) +++ data/CVE/list 2017-06-21 21:10:13 UTC (rev 52790) @@ -1,3 +1,9 @@ +CVE-2017-9782 (JasPer 2.0.12 allows remote attackers to cause a denial of service ...) + TODO: check +CVE-2017-9781 (A cross site scripting (XSS) vulnerability exists in Check_MK versions ...) + TODO: check +CVE-2017-9779 + RESERVED CVE-2017-XXXX [VMSF_DELTA filter in unrar allows arbitrary memory write] - unrar-nonfree <unfixed> (bug #865461) [stretch] - unrar-nonfree <no-dsa> (Non-free not supported) @@ -13,10 +19,10 @@ RESERVED CVE-2017-9775 RESERVED -CVE-2017-9774 - RESERVED -CVE-2017-9773 - RESERVED +CVE-2017-9774 (Remote Code Execution was found in Horde_Image 2.x before 2.5.0 via a ...) + TODO: check +CVE-2017-9773 (Denial of Service was found in Horde_Image 2.x before 2.5.0 via a ...) + TODO: check CVE-2017-9772 RESERVED CVE-2017-9771 (install\save.php in WebsiteBaker v2.10.0 allows remote attackers to ...) @@ -37,7 +43,7 @@ RESERVED CVE-2017-9764 RESERVED -CVE-2017-9780 [Flatpak security issue #845 involving setuid/world-writable files] +CVE-2017-9780 (In Flatpak before 0.8.7, a third-party app repository could include ...) - flatpak 0.8.7-1 (bug #865413) NOTE: https://github.com/flatpak/flatpak/issues/845 CVE-2017-XXXX [XSA 225] @@ -262,6 +268,7 @@ CVE-2017-9737 RESERVED CVE-2017-9736 (SPIP 3.1.x before 3.1.6 and 3.2.x before Beta 3 does not remove shell ...) + {DSA-3890-1} - spip 3.1.4-3 (bug #864921) [jessie] - spip <not-affected> (Vulnerable code not present) [wheezy] - spip <not-affected> (Vulnerable code not present) @@ -5204,16 +5211,16 @@ RESERVED CVE-2017-7923 (A Password in Configuration File issue was discovered in Hikvision ...) NOT-FOR-US: Hikvision -CVE-2017-7922 - RESERVED +CVE-2017-7922 (An Improper Privilege Management issue was discovered in Cambium ...) + TODO: check CVE-2017-7921 (An Improper Authentication issue was discovered in Hikvision ...) NOT-FOR-US: Hikvision CVE-2017-7920 RESERVED CVE-2017-7919 RESERVED -CVE-2017-7918 - RESERVED +CVE-2017-7918 (An Improper Access Control issue was discovered in Cambium Networks ...) + TODO: check CVE-2017-7917 (A Cross-Site Request Forgery issue was discovered in Moxa OnCell ...) NOT-FOR-US: Moxa CVE-2017-7916 @@ -8558,7 +8565,7 @@ NOT-FOR-US: concrete5 CVE-2017-6907 (An issue was discovered in Open.GL before 2017-03-13. The vulnerability ...) NOT-FOR-US: Open.GL -CVE-2017-6906 (An issue was discovered in SiberianCMS before 4.10.0. The vulnerability ...) +CVE-2017-6906 (An issue was discovered in SiberianCMS before 4.10.0. The ...) NOT-FOR-US: SiberianCMS CVE-2017-6905 (An issue was discovered in concrete5 <= 5.6.3.4. The vulnerability ...) NOT-FOR-US: concrete5 @@ -10967,14 +10974,14 @@ NOT-FOR-US: eParakstitajs and eParaksts Java lib CVE-2017-6054 (A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai ...) NOT-FOR-US: Hyundai -CVE-2017-6053 - RESERVED +CVE-2017-6053 (A Cross-Site Scripting issue was discovered in Trihedral VTScada ...) + TODO: check CVE-2017-6052 (A Man-in-the-Middle issue was discovered in Hyundai Motor America Blue ...) NOT-FOR-US: Hyundai CVE-2017-6051 (An Uncontrolled Search Path Element issue was discovered in BLF-Tech ...) NOT-FOR-US: BLF-Tech LLC VisualView HMI -CVE-2017-6050 - RESERVED +CVE-2017-6050 (A SQL Injection issue was discovered in Ecava IntegraXor Versions ...) + TODO: check CVE-2017-6049 RESERVED CVE-2017-6048 (A Command Injection issue was discovered in Satel Iberia SenNet Data ...) @@ -10983,12 +10990,12 @@ RESERVED CVE-2017-6046 RESERVED -CVE-2017-6045 - RESERVED +CVE-2017-6045 (An Information Exposure issue was discovered in Trihedral VTScada ...) + TODO: check CVE-2017-6044 RESERVED -CVE-2017-6043 - RESERVED +CVE-2017-6043 (A Resource Consumption issue was discovered in Trihedral VTScada ...) + TODO: check CVE-2017-6042 RESERVED CVE-2017-6041 @@ -14949,12 +14956,12 @@ NOT-FOR-US: Cloud Foundry CVE-2017-4991 (An issue was discovered in Cloud Foundry Foundation cf-release versions ...) NOT-FOR-US: Cloud Foundry -CVE-2017-4990 - RESERVED -CVE-2017-4989 - RESERVED -CVE-2017-4988 - RESERVED +CVE-2017-4990 (In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, ...) + TODO: check +CVE-2017-4989 (In EMC Avamar Server Software 7.3.1-125, 7.3.0-233, 7.3.0-226, ...) + TODO: check +CVE-2017-4988 (EMC Isilon OneFS 8.0.1.0, 8.0.0 - 8.0.0.3, 7.2.0 - 7.2.1.4, 7.1.x is ...) + TODO: check CVE-2017-4987 (In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions ...) NOT-FOR-US: EMC CVE-2017-4986 (EMC ESRS VE 3.18 or earlier contains Authentication Bypass that could ...) @@ -19581,10 +19588,10 @@ RESERVED CVE-2017-3220 RESERVED -CVE-2017-3219 - RESERVED -CVE-2017-3218 - RESERVED +CVE-2017-3219 (Acronis True Image up to and including version 2017 Build 8053 ...) + TODO: check +CVE-2017-3218 (Samsung Magician 5.0 fails to validate TLS certificates for HTTPS ...) + TODO: check CVE-2017-3217 RESERVED CVE-2017-3216 (WiMAX routers based on the MediaTek SDK (libmtk) that use a custom ...) @@ -20681,16 +20688,16 @@ RESERVED CVE-2017-2832 RESERVED -CVE-2017-2831 - RESERVED -CVE-2017-2830 - RESERVED -CVE-2017-2829 - RESERVED -CVE-2017-2828 - RESERVED -CVE-2017-2827 - RESERVED +CVE-2017-2831 (An exploitable buffer overflow vulnerability exists in the web ...) + TODO: check +CVE-2017-2830 (An exploitable buffer overflow vulnerability exists in the web ...) + TODO: check +CVE-2017-2829 (An exploitable directory traversal vulnerability exists in the web ...) + TODO: check +CVE-2017-2828 (An exploitable command injection vulnerability exists in the web ...) + TODO: check +CVE-2017-2827 (An exploitable command injection vulnerability exists in the web ...) + TODO: check CVE-2017-2826 RESERVED CVE-2017-2825 @@ -20722,8 +20729,8 @@ RESERVED CVE-2017-2814 RESERVED -CVE-2017-2813 - RESERVED +CVE-2017-2813 (An exploitable integer overflow vulnerability exists in the JPEG 2000 ...) + TODO: check CVE-2017-2812 RESERVED CVE-2017-2811 @@ -20742,8 +20749,8 @@ RESERVED CVE-2017-2806 (An exploitable arbitrary read exists in the XLS parsing of the Lexmark ...) NOT-FOR-US: Lexmark Perspective Document Filters conversion functionality -CVE-2017-2805 - RESERVED +CVE-2017-2805 (An exploitable stack-based buffer overflow vulnerability exists in the ...) + TODO: check CVE-2017-2804 RESERVED CVE-2017-2803 @@ -21854,7 +21861,7 @@ NOT-FOR-US: Apple CVE-2017-2381 (An issue was discovered in certain Apple products. macOS before ...) NOT-FOR-US: Apple, that's likely just a broken sudo config -CVE-2017-2380 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) +CVE-2017-2380 (An issue was discovered in certain Apple products. iOS before 10.3 ...) NOT-FOR-US: Apple CVE-2017-2379 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple @@ -24025,8 +24032,8 @@ RESERVED CVE-2017-1305 (IBM DOORS Next Generation (DNG/RRC) 6.0.2 and 6.0.3 is vulnerable to ...) NOT-FOR-US: IBM -CVE-2017-1304 - RESERVED +CVE-2017-1304 (IBM has identified a vulnerability with IBM Spectrum Scale/GPFS ...) + TODO: check CVE-2017-1303 RESERVED CVE-2017-1302 @@ -24400,8 +24407,8 @@ RESERVED CVE-2017-1118 RESERVED -CVE-2017-1117 - RESERVED +CVE-2017-1117 (IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to ...) + TODO: check CVE-2017-1116 RESERVED CVE-2017-1115 @@ -28815,7 +28822,7 @@ REJECTED CVE-2016-9040 RESERVED -CVE-2016-9039 (An exploitable denial of service exists in the the Joyent SmartOS ...) +CVE-2016-9039 (An exploitable denial of service exists in the Joyent SmartOS ...) NOT-FOR-US: Joyent CVE-2016-9038 RESERVED @@ -29523,8 +29530,8 @@ NOT-FOR-US: Joyent SmartOS CVE-2016-8732 RESERVED -CVE-2016-8731 - RESERVED +CVE-2016-8731 (Hard-coded FTP credentials (r:r) are included in the Foscam C1 running ...) + TODO: check CVE-2016-8730 RESERVED CVE-2016-8729 @@ -33627,8 +33634,8 @@ NOTE: found. CVE-2016-7509 RESERVED -CVE-2016-7508 - RESERVED +CVE-2016-7508 (Multiple SQL injection vulnerabilities in GLPI 0.90.4 allow an ...) + TODO: check CVE-2016-7507 RESERVED CVE-2016-7506 (An out-of-bounds read vulnerability was observed in Sp_replace_regexp ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits