Author: sectracker
Date: 2017-07-10 21:10:14 +0000 (Mon, 10 Jul 2017)
New Revision: 53363
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-07-10 14:45:18 UTC (rev 53362)
+++ data/CVE/list 2017-07-10 21:10:14 UTC (rev 53363)
@@ -1,3 +1,205 @@
+CVE-2017-11169
+ RESERVED
+CVE-2017-11168
+ RESERVED
+CVE-2017-11167
+ RESERVED
+CVE-2017-11166 (The ReadXWDImage function in coders\xwd.c in ImageMagick
7.0.5-6 has a ...)
+ TODO: check
+CVE-2017-11165
+ RESERVED
+CVE-2017-11164
+ RESERVED
+CVE-2017-11163 (Cross-site scripting (XSS) vulnerability in
aggregate_graphs.php in ...)
+ TODO: check
+CVE-2017-11162
+ RESERVED
+CVE-2017-11161
+ RESERVED
+CVE-2017-11160
+ RESERVED
+CVE-2017-11159
+ RESERVED
+CVE-2017-11158
+ RESERVED
+CVE-2017-11157
+ RESERVED
+CVE-2017-11156
+ RESERVED
+CVE-2017-11155
+ RESERVED
+CVE-2017-11154
+ RESERVED
+CVE-2017-11153
+ RESERVED
+CVE-2017-11152
+ RESERVED
+CVE-2017-11151
+ RESERVED
+CVE-2017-11150
+ RESERVED
+CVE-2017-11149
+ RESERVED
+CVE-2017-11148
+ RESERVED
+CVE-2017-11146 (In PHP through 5.6.31, 7.x through 7.0.21, and 7.1.x through
7.1.7, ...)
+ TODO: check
+CVE-2017-11145 (In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before
7.1.7, lack ...)
+ TODO: check
+CVE-2017-1000362
+ RESERVED
+CVE-2017-1000081
+ RESERVED
+CVE-2017-1000080
+ RESERVED
+CVE-2017-1000079
+ RESERVED
+CVE-2017-1000078
+ RESERVED
+CVE-2017-1000077
+ RESERVED
+CVE-2017-1000076
+ RESERVED
+CVE-2017-1000075
+ RESERVED
+CVE-2017-1000074
+ RESERVED
+CVE-2017-1000073
+ RESERVED
+CVE-2017-1000072
+ RESERVED
+CVE-2017-1000071
+ RESERVED
+CVE-2017-1000070
+ RESERVED
+CVE-2017-1000069
+ RESERVED
+CVE-2017-1000068
+ RESERVED
+CVE-2017-1000067
+ RESERVED
+CVE-2017-1000066
+ RESERVED
+CVE-2017-1000065
+ RESERVED
+CVE-2017-1000064
+ RESERVED
+CVE-2017-1000063
+ RESERVED
+CVE-2017-1000062
+ RESERVED
+CVE-2017-1000061
+ RESERVED
+CVE-2017-1000060
+ RESERVED
+CVE-2017-1000059
+ RESERVED
+CVE-2017-1000058
+ RESERVED
+CVE-2017-1000057
+ RESERVED
+CVE-2017-1000056
+ RESERVED
+CVE-2017-1000055
+ RESERVED
+CVE-2017-1000054
+ RESERVED
+CVE-2017-1000053
+ RESERVED
+CVE-2017-1000052
+ RESERVED
+CVE-2017-1000051
+ RESERVED
+CVE-2017-1000049
+ RESERVED
+CVE-2017-1000048
+ RESERVED
+CVE-2017-1000047
+ RESERVED
+CVE-2017-1000046
+ RESERVED
+CVE-2017-1000045
+ RESERVED
+CVE-2017-1000043
+ RESERVED
+CVE-2017-1000042
+ RESERVED
+CVE-2017-1000039
+ RESERVED
+CVE-2017-1000038
+ RESERVED
+CVE-2017-1000037
+ RESERVED
+CVE-2017-1000036
+ RESERVED
+CVE-2017-1000035
+ RESERVED
+CVE-2017-1000034
+ RESERVED
+CVE-2017-1000033
+ RESERVED
+CVE-2017-1000032
+ RESERVED
+CVE-2017-1000031
+ RESERVED
+CVE-2017-1000030
+ RESERVED
+CVE-2017-1000029
+ RESERVED
+CVE-2017-1000028
+ RESERVED
+CVE-2017-1000027
+ RESERVED
+CVE-2017-1000026
+ RESERVED
+CVE-2017-1000025
+ RESERVED
+CVE-2017-1000024
+ RESERVED
+CVE-2017-1000023
+ RESERVED
+CVE-2017-1000022
+ RESERVED
+CVE-2017-1000021
+ RESERVED
+CVE-2017-1000020
+ RESERVED
+CVE-2017-1000018
+ RESERVED
+CVE-2017-1000017
+ RESERVED
+CVE-2017-1000016
+ RESERVED
+CVE-2017-1000015
+ RESERVED
+CVE-2017-1000014
+ RESERVED
+CVE-2017-1000013
+ RESERVED
+CVE-2017-1000012
+ RESERVED
+CVE-2017-1000011
+ RESERVED
+CVE-2017-1000010
+ RESERVED
+CVE-2017-1000009
+ RESERVED
+CVE-2017-1000008
+ RESERVED
+CVE-2017-1000007
+ RESERVED
+CVE-2017-1000006
+ RESERVED
+CVE-2017-1000005
+ RESERVED
+CVE-2017-1000004
+ RESERVED
+CVE-2017-1000003
+ RESERVED
+CVE-2017-1000002
+ RESERVED
+CVE-2017-1000001
+ RESERVED
CVE-2017-11141 (The ReadMATImage function in coders\mat.c in ImageMagick
7.0.5-6 has a ...)
- imagemagick <unfixed> (low)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/469
@@ -31,7 +233,7 @@
RESERVED
CVE-2017-11127
RESERVED
-CVE-2017-11126 (The III_i_stereo function in libmpg123/layer3.c in mpg123
before 1.25.1 ...)
+CVE-2017-11126 (The III_i_stereo function in libmpg123/layer3.c in mpg123
through ...)
TODO: check
CVE-2017-11125 (libxar.so in xar 1.6.1 has a NULL pointer dereference in the
...)
- xar <removed>
@@ -109,6 +311,7 @@
CVE-2017-11105
RESERVED
CVE-2017-1000050 [NULL Pointer Dereference jp2_encode (jp2_enc.c)]
+ RESERVED
- jasper <removed>
NOTE: http://www.openwall.com/lists/oss-security/2017/03/06/1
NOTE: https://github.com/mdadams/jasper/issues/120
@@ -402,7 +605,7 @@
[wheezy] - cacti <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/Cacti/cacti/issues/838
NOTE:
https://github.com/Cacti/cacti/commit/3381cba6a9e36b01ed0ab0acfd41b00487966cb5
-CVE-2017-11147 [Seg fault when loading hostile phar]
+CVE-2017-11147 (In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive
handler ...)
- php7.1 7.1.1-1
- php7.0 7.0.15-1
- php5 <removed>
@@ -411,7 +614,7 @@
NOTE: Fixed in 7.1.1, 7.0.15, 5.6.30
NOTE:
http://git.php.net/?p=php-src.git;a=commitdiff;h=e5246580a85f031e1a3b8064edbaa55c1643a451
NOTE: http://openwall.com/lists/oss-security/2017/07/10/6
-CVE-2016-10397 [parse_url return wrong hostname]
+CVE-2016-10397 (In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling
of ...)
- php7.1 <not-affected> (Fixed with initial upload to unstable)
- php7.0 7.0.13-1
- php5 <removed>
@@ -428,7 +631,7 @@
NOTE: Fixed in 7.0.21
NOTE:
http://git.php.net/?p=php-src.git;a=commitdiff;h=2aae60461c2ff7b7fbcdd194c789ac841d0747d7
(5.6.x)
NOTE:
http://git.php.net/?p=php-src.git;a=commitdiff;h=6b18d956de38ecd8913c3d82ce96eb0368a1f9e5
(7.0.x)
-CVE-2017-11144 [negative-size-param (-1) in memcpy in zif_openssl_seal()]
+CVE-2017-11144 (In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before
7.1.7, the ...)
- php7.1 <unfixed>
- php7.0 <unfixed>
- php5 <removed>
@@ -438,7 +641,7 @@
NOTE:
http://git.php.net/?p=php-src.git;a=commit;h=73cabfedf519298e1a11192699f44d53c529315e
NOTE:
http://git.php.net/?p=php-src.git;a=commit;h=91826a311dd37f4c4e5d605fa7af331e80ddd4c3
NOTE: http://openwall.com/lists/oss-security/2017/07/10/6
-CVE-2017-11143 [wddx parsing empty boolean tag leads to SIGSEGV]
+CVE-2017-11143 (In PHP before 5.6.31, an invalid free in the WDDX
deserialization of ...)
- php7.1 <unfixed>
- php7.0 <unfixed>
- php5 <removed>
@@ -447,7 +650,7 @@
NOTE:
http://git.php.net/?p=php-src.git;a=commitdiff;h=f269cdcd4f76accbecd03884f327cffb9a7f1ca9
TODO: check, claimed to be fixed in 7.0.21 but not listed, needs
double-check
NOTE: http://openwall.com/lists/oss-security/2017/07/10/6
-CVE-2017-11142 [Performance problem with processing post request over 2000000
chars]
+CVE-2017-11142 (In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before
7.1.3, remote ...)
- php7.1 7.1.3+-1
- php7.0 7.0.17-1
- php5 <removed>
@@ -1785,8 +1988,8 @@
RESERVED
CVE-2017-9792
RESERVED
-CVE-2017-9791
- RESERVED
+CVE-2017-9791 (The Struts 1 plugin in Apache Struts 2.3.x might allow remote
code ...)
+ TODO: check
CVE-2017-9790
RESERVED
CVE-2017-9789
@@ -5949,6 +6152,7 @@
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2612
NOTE: Fixed by:
https://github.com/vadz/libtiff/commit/0abd094b6e5079c4d8be733829240491cb230f3d
CVE-2017-1000044 [Incorrect boundaries check when updating framebuffer]
+ RESERVED
- gtk-vnc 0.4.3-1
NOTE: Fixed by:
https://git.gnome.org/browse/gtk-vnc/commit/?id=f3fc5e57a78d4be9872f1394f697b9929873a737
(release-0.4.3)
CVE-2017-8855 (wolfSSL before 3.11.0 does not prevent wc_DhAgree from
accepting a ...)
@@ -7900,6 +8104,7 @@
CVE-2017-8085 (In Exponent CMS before 2.4.1 Patch #5, XSS in elFinder is
possible in ...)
NOT-FOR-US: Exponent CMS
CVE-2017-1000363 [lp.c Out-of-Bounds Write via Kernel Command-line]
+ RESERVED
- linux 4.9.30-1
NOTE: Fixed by:
https://git.kernel.org/linus/3e21f4af170bebf47c187c1ff8bf155583c9f3b1 (4.12-rc2)
NOTE: https://alephsecurity.com/vulns/aleph-2017023
@@ -8080,8 +8285,8 @@
RESERVED
CVE-2017-8033
RESERVED
-CVE-2017-8032
- RESERVED
+CVE-2017-8032 (In Cloud Foundry cf-release versions prior to v264; UAA release
all ...)
+ TODO: check
CVE-2017-8031
RESERVED
CVE-2017-8030
@@ -9311,8 +9516,7 @@
RESERVED
CVE-2017-7671
RESERVED
-CVE-2017-7670
- RESERVED
+CVE-2017-7670 (The Traffic Router component of the incubating Apache Traffic
Control ...)
NOT-FOR-US: Apache Traffic Control
CVE-2017-7669 (In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the ...)
- hadoop <itp> (bug #793644)
@@ -11197,8 +11401,8 @@
NOTE: Introduced by:
https://0xacab.org/mat/mat/commit/0d1fe2555e90db35eeb531a1b6026ff64f1f5ae5
CVE-2017-7176
RESERVED
-CVE-2017-7175
- RESERVED
+CVE-2017-7175 (NfSen before 1.3.8 allows remote attackers to execute arbitrary
OS ...)
+ TODO: check
CVE-2017-7174 (The user-account creation feature in Chef Manage 2.1.0 through
2.4.4 ...)
NOT-FOR-US: Chef Manage
CVE-2017-7173
@@ -12222,26 +12426,26 @@
RESERVED
CVE-2017-6736
RESERVED
-CVE-2017-6735
- RESERVED
-CVE-2017-6734
- RESERVED
-CVE-2017-6733
- RESERVED
-CVE-2017-6732
- RESERVED
-CVE-2017-6731
- RESERVED
-CVE-2017-6730
- RESERVED
-CVE-2017-6729
- RESERVED
-CVE-2017-6728
- RESERVED
-CVE-2017-6727
- RESERVED
-CVE-2017-6726
- RESERVED
+CVE-2017-6735 (A vulnerability in the backup and restore functionality of
Cisco ...)
+ TODO: check
+CVE-2017-6734 (A vulnerability in the web-based management interface of Cisco
Identity ...)
+ TODO: check
+CVE-2017-6733 (A vulnerability in the web-based application interface of the
Cisco ...)
+ TODO: check
+CVE-2017-6732 (A vulnerability in the installation procedure for Cisco Prime
Network ...)
+ TODO: check
+CVE-2017-6731 (A vulnerability in Multicast Source Discovery Protocol (MSDP)
ingress ...)
+ TODO: check
+CVE-2017-6730 (A vulnerability in the web-based GUI of Cisco Wide Area
Application ...)
+ TODO: check
+CVE-2017-6729 (A vulnerability in the Border Gateway Protocol (BGP) processing
...)
+ TODO: check
+CVE-2017-6728 (A vulnerability in the CLI of Cisco IOS XR Software could allow
an ...)
+ TODO: check
+CVE-2017-6727 (A vulnerability in the Server Message Block (SMB) protocol of
Cisco ...)
+ TODO: check
+CVE-2017-6726 (A vulnerability in the CLI of the Cisco Prime Network Gateway
could ...)
+ TODO: check
CVE-2017-6725 (A vulnerability in the web framework code of Cisco Prime
Infrastructure ...)
NOT-FOR-US: Cisco
CVE-2017-6724 (A vulnerability in the web framework code of Cisco Prime
Infrastructure ...)
@@ -15525,8 +15729,8 @@
NOT-FOR-US: Apache Ambari
CVE-2017-5653 (JAX-RS XML Security streaming clients in Apache CXF before
3.1.11 and ...)
NOT-FOR-US: Apache CXF
-CVE-2017-5652
- RESERVED
+CVE-2017-5652 (During a routine security analysis, it was found that one of
the ports ...)
+ TODO: check
CVE-2017-5651 (In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the
...)
- tomcat9 <itp> (bug #802312)
- tomcat8 8.5.11-2 (bug #860071)
@@ -15586,8 +15790,8 @@
NOT-FOR-US: Apache Ambari
CVE-2017-5641
RESERVED
-CVE-2017-5640
- RESERVED
+CVE-2017-5640 (It was noticed that a malicious process impersonating an Impala
daemon ...)
+ TODO: check
CVE-2017-5639
RESERVED
CVE-2017-5638 (The Jakarta Multipart parser in Apache Struts 2 2.3.x before
2.3.32 ...)
@@ -25250,7 +25454,7 @@
NOT-FOR-US: Juniper
CVE-2017-2316 (A buffer overflow vulnerability in Juniper Networks NorthStar
...)
NOT-FOR-US: Juniper
-CVE-2017-2315 (On Juniper Networks EX Series Ethernet Switchs running affected
Junos ...)
+CVE-2017-2315 (On Juniper Networks EX Series Ethernet Switches running
affected Junos ...)
NOT-FOR-US: Juniper
CVE-2017-2314
RESERVED
@@ -27090,8 +27294,8 @@
RESERVED
CVE-2017-1399
RESERVED
-CVE-2017-1398
- RESERVED
+CVE-2017-1398 (IBM WebSphere Commerce Enterprise, Professional, Express, and
...)
+ TODO: check
CVE-2017-1397
RESERVED
CVE-2017-1396
@@ -27212,8 +27416,8 @@
RESERVED
CVE-2017-1338
RESERVED
-CVE-2017-1337
- RESERVED
+CVE-2017-1337 (IBM WebSphere MQ 9.0.1 and 9.0.2 Java/JMS application can
incorrectly ...)
+ TODO: check
CVE-2017-1336
RESERVED
CVE-2017-1335
@@ -27318,8 +27522,8 @@
RESERVED
CVE-2017-1285
RESERVED
-CVE-2017-1284
- RESERVED
+CVE-2017-1284 (IBM WebSphere MQ 9.0.1 and 9.0.2 could allow a local user with
ability ...)
+ TODO: check
CVE-2017-1283
RESERVED
CVE-2017-1282 (IBM Content Navigator & CMIS 2.0 and 3.0 is vulnerable to
cross-site ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
