[Secure-testing-commits] r52790 - data/CVE

security tracker role Wed, 21 Jun 2017 14:11:29 -0700

Author: sectracker
Date: 2017-06-21 21:10:13 +0000 (Wed, 21 Jun 2017)
New Revision: 52790


Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-06-21 20:21:15 UTC (rev 52789)
+++ data/CVE/list       2017-06-21 21:10:13 UTC (rev 52790)
@@ -1,3 +1,9 @@
+CVE-2017-9782 (JasPer 2.0.12 allows remote attackers to cause a denial of 
service ...)
+       TODO: check
+CVE-2017-9781 (A cross site scripting (XSS) vulnerability exists in Check_MK 
versions ...)
+       TODO: check
+CVE-2017-9779
+       RESERVED
 CVE-2017-XXXX [VMSF_DELTA filter in unrar allows arbitrary memory write]
        - unrar-nonfree <unfixed> (bug #865461)
        [stretch] - unrar-nonfree <no-dsa> (Non-free not supported)
@@ -13,10 +19,10 @@
        RESERVED
 CVE-2017-9775
        RESERVED
-CVE-2017-9774
-       RESERVED
-CVE-2017-9773
-       RESERVED
+CVE-2017-9774 (Remote Code Execution was found in Horde_Image 2.x before 2.5.0 
via a ...)
+       TODO: check
+CVE-2017-9773 (Denial of Service was found in Horde_Image 2.x before 2.5.0 via 
a ...)
+       TODO: check
 CVE-2017-9772
        RESERVED
 CVE-2017-9771 (install\save.php in WebsiteBaker v2.10.0 allows remote 
attackers to ...)
@@ -37,7 +43,7 @@
        RESERVED
 CVE-2017-9764
        RESERVED
-CVE-2017-9780 [Flatpak security issue #845 involving setuid/world-writable 
files]
+CVE-2017-9780 (In Flatpak before 0.8.7, a third-party app repository could 
include ...)
        - flatpak 0.8.7-1 (bug #865413)
        NOTE: https://github.com/flatpak/flatpak/issues/845
 CVE-2017-XXXX [XSA 225]
@@ -262,6 +268,7 @@
 CVE-2017-9737
        RESERVED
 CVE-2017-9736 (SPIP 3.1.x before 3.1.6 and 3.2.x before Beta 3 does not remove 
shell ...)
+       {DSA-3890-1}
        - spip 3.1.4-3 (bug #864921)
        [jessie] - spip <not-affected> (Vulnerable code not present)
        [wheezy] - spip <not-affected> (Vulnerable code not present)
@@ -5204,16 +5211,16 @@
        RESERVED
 CVE-2017-7923 (A Password in Configuration File issue was discovered in 
Hikvision ...)
        NOT-FOR-US: Hikvision
-CVE-2017-7922
-       RESERVED
+CVE-2017-7922 (An Improper Privilege Management issue was discovered in 
Cambium ...)
+       TODO: check
 CVE-2017-7921 (An Improper Authentication issue was discovered in Hikvision 
...)
        NOT-FOR-US: Hikvision
 CVE-2017-7920
        RESERVED
 CVE-2017-7919
        RESERVED
-CVE-2017-7918
-       RESERVED
+CVE-2017-7918 (An Improper Access Control issue was discovered in Cambium 
Networks ...)
+       TODO: check
 CVE-2017-7917 (A Cross-Site Request Forgery issue was discovered in Moxa 
OnCell ...)
        NOT-FOR-US: Moxa
 CVE-2017-7916
@@ -8558,7 +8565,7 @@
        NOT-FOR-US: concrete5
 CVE-2017-6907 (An issue was discovered in Open.GL before 2017-03-13. The 
vulnerability ...)
        NOT-FOR-US: Open.GL
-CVE-2017-6906 (An issue was discovered in SiberianCMS before 4.10.0. The 
vulnerability ...)
+CVE-2017-6906 (An issue was discovered in SiberianCMS before 4.10.0.  The ...)
        NOT-FOR-US: SiberianCMS
 CVE-2017-6905 (An issue was discovered in concrete5 &lt;= 5.6.3.4. The 
vulnerability ...)
        NOT-FOR-US: concrete5
@@ -10967,14 +10974,14 @@
        NOT-FOR-US: eParakstitajs and eParaksts Java lib
 CVE-2017-6054 (A Use of Hard-Coded Cryptographic Key issue was discovered in 
Hyundai ...)
        NOT-FOR-US: Hyundai
-CVE-2017-6053
-       RESERVED
+CVE-2017-6053 (A Cross-Site Scripting issue was discovered in Trihedral 
VTScada ...)
+       TODO: check
 CVE-2017-6052 (A Man-in-the-Middle issue was discovered in Hyundai Motor 
America Blue ...)
        NOT-FOR-US: Hyundai
 CVE-2017-6051 (An Uncontrolled Search Path Element issue was discovered in 
BLF-Tech ...)
        NOT-FOR-US: BLF-Tech LLC VisualView HMI
-CVE-2017-6050
-       RESERVED
+CVE-2017-6050 (A SQL Injection issue was discovered in Ecava IntegraXor 
Versions ...)
+       TODO: check
 CVE-2017-6049
        RESERVED
 CVE-2017-6048 (A Command Injection issue was discovered in Satel Iberia SenNet 
Data ...)
@@ -10983,12 +10990,12 @@
        RESERVED
 CVE-2017-6046
        RESERVED
-CVE-2017-6045
-       RESERVED
+CVE-2017-6045 (An Information Exposure issue was discovered in Trihedral 
VTScada ...)
+       TODO: check
 CVE-2017-6044
        RESERVED
-CVE-2017-6043
-       RESERVED
+CVE-2017-6043 (A Resource Consumption issue was discovered in Trihedral 
VTScada ...)
+       TODO: check
 CVE-2017-6042
        RESERVED
 CVE-2017-6041
@@ -14949,12 +14956,12 @@
        NOT-FOR-US: Cloud Foundry
 CVE-2017-4991 (An issue was discovered in Cloud Foundry Foundation cf-release 
versions ...)
        NOT-FOR-US: Cloud Foundry
-CVE-2017-4990
-       RESERVED
-CVE-2017-4989
-       RESERVED
-CVE-2017-4988
-       RESERVED
+CVE-2017-4990 (In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 
...)
+       TODO: check
+CVE-2017-4989 (In EMC Avamar Server Software 7.3.1-125, 7.3.0-233, 7.3.0-226, 
...)
+       TODO: check
+CVE-2017-4988 (EMC Isilon OneFS 8.0.1.0, 8.0.0 - 8.0.0.3, 7.2.0 - 7.2.1.4, 
7.1.x is ...)
+       TODO: check
 CVE-2017-4987 (In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 
versions ...)
        NOT-FOR-US: EMC
 CVE-2017-4986 (EMC ESRS VE 3.18 or earlier contains Authentication Bypass that 
could ...)
@@ -19581,10 +19588,10 @@
        RESERVED
 CVE-2017-3220
        RESERVED
-CVE-2017-3219
-       RESERVED
-CVE-2017-3218
-       RESERVED
+CVE-2017-3219 (Acronis True Image up to and including version 2017 Build 8053 
...)
+       TODO: check
+CVE-2017-3218 (Samsung Magician 5.0 fails to validate TLS certificates for 
HTTPS ...)
+       TODO: check
 CVE-2017-3217
        RESERVED
 CVE-2017-3216 (WiMAX routers based on the MediaTek SDK (libmtk) that use a 
custom ...)
@@ -20681,16 +20688,16 @@
        RESERVED
 CVE-2017-2832
        RESERVED
-CVE-2017-2831
-       RESERVED
-CVE-2017-2830
-       RESERVED
-CVE-2017-2829
-       RESERVED
-CVE-2017-2828
-       RESERVED
-CVE-2017-2827
-       RESERVED
+CVE-2017-2831 (An exploitable buffer overflow vulnerability exists in the web 
...)
+       TODO: check
+CVE-2017-2830 (An exploitable buffer overflow vulnerability exists in the web 
...)
+       TODO: check
+CVE-2017-2829 (An exploitable directory traversal vulnerability exists in the 
web ...)
+       TODO: check
+CVE-2017-2828 (An exploitable command injection vulnerability exists in the 
web ...)
+       TODO: check
+CVE-2017-2827 (An exploitable command injection vulnerability exists in the 
web ...)
+       TODO: check
 CVE-2017-2826
        RESERVED
 CVE-2017-2825
@@ -20722,8 +20729,8 @@
        RESERVED
 CVE-2017-2814
        RESERVED
-CVE-2017-2813
-       RESERVED
+CVE-2017-2813 (An exploitable integer overflow vulnerability exists in the 
JPEG 2000 ...)
+       TODO: check
 CVE-2017-2812
        RESERVED
 CVE-2017-2811
@@ -20742,8 +20749,8 @@
        RESERVED
 CVE-2017-2806 (An exploitable arbitrary read exists in the XLS parsing of the 
Lexmark ...)
        NOT-FOR-US: Lexmark Perspective Document Filters conversion 
functionality
-CVE-2017-2805
-       RESERVED
+CVE-2017-2805 (An exploitable stack-based buffer overflow vulnerability exists 
in the ...)
+       TODO: check
 CVE-2017-2804
        RESERVED
 CVE-2017-2803
@@ -21854,7 +21861,7 @@
        NOT-FOR-US: Apple
 CVE-2017-2381 (An issue was discovered in certain Apple products. macOS before 
...)
        NOT-FOR-US: Apple, that's likely just a broken sudo config
-CVE-2017-2380 (An issue was discovered in certain Apple products. iOS before 
10.3 is ...)
+CVE-2017-2380 (An issue was discovered in certain Apple products.  iOS before 
10.3 ...)
        NOT-FOR-US: Apple
 CVE-2017-2379 (An issue was discovered in certain Apple products. iOS before 
10.3 is ...)
        NOT-FOR-US: Apple
@@ -24025,8 +24032,8 @@
        RESERVED
 CVE-2017-1305 (IBM DOORS Next Generation (DNG/RRC) 6.0.2 and 6.0.3 is 
vulnerable to ...)
        NOT-FOR-US: IBM
-CVE-2017-1304
-       RESERVED
+CVE-2017-1304 (IBM has identified a vulnerability with IBM Spectrum Scale/GPFS 
...)
+       TODO: check
 CVE-2017-1303
        RESERVED
 CVE-2017-1302
@@ -24400,8 +24407,8 @@
        RESERVED
 CVE-2017-1118
        RESERVED
-CVE-2017-1117
-       RESERVED
+CVE-2017-1117 (IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user 
to ...)
+       TODO: check
 CVE-2017-1116
        RESERVED
 CVE-2017-1115
@@ -28815,7 +28822,7 @@
        REJECTED
 CVE-2016-9040
        RESERVED
-CVE-2016-9039 (An exploitable denial of service exists in the the Joyent 
SmartOS ...)
+CVE-2016-9039 (An exploitable denial of service exists in the Joyent SmartOS 
...)
        NOT-FOR-US: Joyent
 CVE-2016-9038
        RESERVED
@@ -29523,8 +29530,8 @@
        NOT-FOR-US: Joyent SmartOS
 CVE-2016-8732
        RESERVED
-CVE-2016-8731
-       RESERVED
+CVE-2016-8731 (Hard-coded FTP credentials (r:r) are included in the Foscam C1 
running ...)
+       TODO: check
 CVE-2016-8730
        RESERVED
 CVE-2016-8729
@@ -33627,8 +33634,8 @@
        NOTE: found.
 CVE-2016-7509
        RESERVED
-CVE-2016-7508
-       RESERVED
+CVE-2016-7508 (Multiple SQL injection vulnerabilities in GLPI 0.90.4 allow an 
...)
+       TODO: check
 CVE-2016-7507
        RESERVED
 CVE-2016-7506 (An out-of-bounds read vulnerability was observed in 
Sp_replace_regexp ...)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r52790 - data/CVE

Reply via email to