Author: sectracker Date: 2017-07-10 21:10:14 +0000 (Mon, 10 Jul 2017) New Revision: 53363
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-07-10 14:45:18 UTC (rev 53362) +++ data/CVE/list 2017-07-10 21:10:14 UTC (rev 53363) @@ -1,3 +1,205 @@ +CVE-2017-11169 + RESERVED +CVE-2017-11168 + RESERVED +CVE-2017-11167 + RESERVED +CVE-2017-11166 (The ReadXWDImage function in coders\xwd.c in ImageMagick 7.0.5-6 has a ...) + TODO: check +CVE-2017-11165 + RESERVED +CVE-2017-11164 + RESERVED +CVE-2017-11163 (Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in ...) + TODO: check +CVE-2017-11162 + RESERVED +CVE-2017-11161 + RESERVED +CVE-2017-11160 + RESERVED +CVE-2017-11159 + RESERVED +CVE-2017-11158 + RESERVED +CVE-2017-11157 + RESERVED +CVE-2017-11156 + RESERVED +CVE-2017-11155 + RESERVED +CVE-2017-11154 + RESERVED +CVE-2017-11153 + RESERVED +CVE-2017-11152 + RESERVED +CVE-2017-11151 + RESERVED +CVE-2017-11150 + RESERVED +CVE-2017-11149 + RESERVED +CVE-2017-11148 + RESERVED +CVE-2017-11146 (In PHP through 5.6.31, 7.x through 7.0.21, and 7.1.x through 7.1.7, ...) + TODO: check +CVE-2017-11145 (In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, lack ...) + TODO: check +CVE-2017-1000362 + RESERVED +CVE-2017-1000081 + RESERVED +CVE-2017-1000080 + RESERVED +CVE-2017-1000079 + RESERVED +CVE-2017-1000078 + RESERVED +CVE-2017-1000077 + RESERVED +CVE-2017-1000076 + RESERVED +CVE-2017-1000075 + RESERVED +CVE-2017-1000074 + RESERVED +CVE-2017-1000073 + RESERVED +CVE-2017-1000072 + RESERVED +CVE-2017-1000071 + RESERVED +CVE-2017-1000070 + RESERVED +CVE-2017-1000069 + RESERVED +CVE-2017-1000068 + RESERVED +CVE-2017-1000067 + RESERVED +CVE-2017-1000066 + RESERVED +CVE-2017-1000065 + RESERVED +CVE-2017-1000064 + RESERVED +CVE-2017-1000063 + RESERVED +CVE-2017-1000062 + RESERVED +CVE-2017-1000061 + RESERVED +CVE-2017-1000060 + RESERVED +CVE-2017-1000059 + RESERVED +CVE-2017-1000058 + RESERVED +CVE-2017-1000057 + RESERVED +CVE-2017-1000056 + RESERVED +CVE-2017-1000055 + RESERVED +CVE-2017-1000054 + RESERVED +CVE-2017-1000053 + RESERVED +CVE-2017-1000052 + RESERVED +CVE-2017-1000051 + RESERVED +CVE-2017-1000049 + RESERVED +CVE-2017-1000048 + RESERVED +CVE-2017-1000047 + RESERVED +CVE-2017-1000046 + RESERVED +CVE-2017-1000045 + RESERVED +CVE-2017-1000043 + RESERVED +CVE-2017-1000042 + RESERVED +CVE-2017-1000039 + RESERVED +CVE-2017-1000038 + RESERVED +CVE-2017-1000037 + RESERVED +CVE-2017-1000036 + RESERVED +CVE-2017-1000035 + RESERVED +CVE-2017-1000034 + RESERVED +CVE-2017-1000033 + RESERVED +CVE-2017-1000032 + RESERVED +CVE-2017-1000031 + RESERVED +CVE-2017-1000030 + RESERVED +CVE-2017-1000029 + RESERVED +CVE-2017-1000028 + RESERVED +CVE-2017-1000027 + RESERVED +CVE-2017-1000026 + RESERVED +CVE-2017-1000025 + RESERVED +CVE-2017-1000024 + RESERVED +CVE-2017-1000023 + RESERVED +CVE-2017-1000022 + RESERVED +CVE-2017-1000021 + RESERVED +CVE-2017-1000020 + RESERVED +CVE-2017-1000018 + RESERVED +CVE-2017-1000017 + RESERVED +CVE-2017-1000016 + RESERVED +CVE-2017-1000015 + RESERVED +CVE-2017-1000014 + RESERVED +CVE-2017-1000013 + RESERVED +CVE-2017-1000012 + RESERVED +CVE-2017-1000011 + RESERVED +CVE-2017-1000010 + RESERVED +CVE-2017-1000009 + RESERVED +CVE-2017-1000008 + RESERVED +CVE-2017-1000007 + RESERVED +CVE-2017-1000006 + RESERVED +CVE-2017-1000005 + RESERVED +CVE-2017-1000004 + RESERVED +CVE-2017-1000003 + RESERVED +CVE-2017-1000002 + RESERVED +CVE-2017-1000001 + RESERVED CVE-2017-11141 (The ReadMATImage function in coders\mat.c in ImageMagick 7.0.5-6 has a ...) - imagemagick <unfixed> (low) NOTE: https://github.com/ImageMagick/ImageMagick/issues/469 @@ -31,7 +233,7 @@ RESERVED CVE-2017-11127 RESERVED -CVE-2017-11126 (The III_i_stereo function in libmpg123/layer3.c in mpg123 before 1.25.1 ...) +CVE-2017-11126 (The III_i_stereo function in libmpg123/layer3.c in mpg123 through ...) TODO: check CVE-2017-11125 (libxar.so in xar 1.6.1 has a NULL pointer dereference in the ...) - xar <removed> @@ -109,6 +311,7 @@ CVE-2017-11105 RESERVED CVE-2017-1000050 [NULL Pointer Dereference jp2_encode (jp2_enc.c)] + RESERVED - jasper <removed> NOTE: http://www.openwall.com/lists/oss-security/2017/03/06/1 NOTE: https://github.com/mdadams/jasper/issues/120 @@ -402,7 +605,7 @@ [wheezy] - cacti <not-affected> (Vulnerable code introduced later) NOTE: https://github.com/Cacti/cacti/issues/838 NOTE: https://github.com/Cacti/cacti/commit/3381cba6a9e36b01ed0ab0acfd41b00487966cb5 -CVE-2017-11147 [Seg fault when loading hostile phar] +CVE-2017-11147 (In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler ...) - php7.1 7.1.1-1 - php7.0 7.0.15-1 - php5 <removed> @@ -411,7 +614,7 @@ NOTE: Fixed in 7.1.1, 7.0.15, 5.6.30 NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=e5246580a85f031e1a3b8064edbaa55c1643a451 NOTE: http://openwall.com/lists/oss-security/2017/07/10/6 -CVE-2016-10397 [parse_url return wrong hostname] +CVE-2016-10397 (In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of ...) - php7.1 <not-affected> (Fixed with initial upload to unstable) - php7.0 7.0.13-1 - php5 <removed> @@ -428,7 +631,7 @@ NOTE: Fixed in 7.0.21 NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=2aae60461c2ff7b7fbcdd194c789ac841d0747d7 (5.6.x) NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=6b18d956de38ecd8913c3d82ce96eb0368a1f9e5 (7.0.x) -CVE-2017-11144 [negative-size-param (-1) in memcpy in zif_openssl_seal()] +CVE-2017-11144 (In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the ...) - php7.1 <unfixed> - php7.0 <unfixed> - php5 <removed> @@ -438,7 +641,7 @@ NOTE: http://git.php.net/?p=php-src.git;a=commit;h=73cabfedf519298e1a11192699f44d53c529315e NOTE: http://git.php.net/?p=php-src.git;a=commit;h=91826a311dd37f4c4e5d605fa7af331e80ddd4c3 NOTE: http://openwall.com/lists/oss-security/2017/07/10/6 -CVE-2017-11143 [wddx parsing empty boolean tag leads to SIGSEGV] +CVE-2017-11143 (In PHP before 5.6.31, an invalid free in the WDDX deserialization of ...) - php7.1 <unfixed> - php7.0 <unfixed> - php5 <removed> @@ -447,7 +650,7 @@ NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=f269cdcd4f76accbecd03884f327cffb9a7f1ca9 TODO: check, claimed to be fixed in 7.0.21 but not listed, needs double-check NOTE: http://openwall.com/lists/oss-security/2017/07/10/6 -CVE-2017-11142 [Performance problem with processing post request over 2000000 chars] +CVE-2017-11142 (In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remote ...) - php7.1 7.1.3+-1 - php7.0 7.0.17-1 - php5 <removed> @@ -1785,8 +1988,8 @@ RESERVED CVE-2017-9792 RESERVED -CVE-2017-9791 - RESERVED +CVE-2017-9791 (The Struts 1 plugin in Apache Struts 2.3.x might allow remote code ...) + TODO: check CVE-2017-9790 RESERVED CVE-2017-9789 @@ -5949,6 +6152,7 @@ NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2612 NOTE: Fixed by: https://github.com/vadz/libtiff/commit/0abd094b6e5079c4d8be733829240491cb230f3d CVE-2017-1000044 [Incorrect boundaries check when updating framebuffer] + RESERVED - gtk-vnc 0.4.3-1 NOTE: Fixed by: https://git.gnome.org/browse/gtk-vnc/commit/?id=f3fc5e57a78d4be9872f1394f697b9929873a737 (release-0.4.3) CVE-2017-8855 (wolfSSL before 3.11.0 does not prevent wc_DhAgree from accepting a ...) @@ -7900,6 +8104,7 @@ CVE-2017-8085 (In Exponent CMS before 2.4.1 Patch #5, XSS in elFinder is possible in ...) NOT-FOR-US: Exponent CMS CVE-2017-1000363 [lp.c Out-of-Bounds Write via Kernel Command-line] + RESERVED - linux 4.9.30-1 NOTE: Fixed by: https://git.kernel.org/linus/3e21f4af170bebf47c187c1ff8bf155583c9f3b1 (4.12-rc2) NOTE: https://alephsecurity.com/vulns/aleph-2017023 @@ -8080,8 +8285,8 @@ RESERVED CVE-2017-8033 RESERVED -CVE-2017-8032 - RESERVED +CVE-2017-8032 (In Cloud Foundry cf-release versions prior to v264; UAA release all ...) + TODO: check CVE-2017-8031 RESERVED CVE-2017-8030 @@ -9311,8 +9516,7 @@ RESERVED CVE-2017-7671 RESERVED -CVE-2017-7670 - RESERVED +CVE-2017-7670 (The Traffic Router component of the incubating Apache Traffic Control ...) NOT-FOR-US: Apache Traffic Control CVE-2017-7669 (In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the ...) - hadoop <itp> (bug #793644) @@ -11197,8 +11401,8 @@ NOTE: Introduced by: https://0xacab.org/mat/mat/commit/0d1fe2555e90db35eeb531a1b6026ff64f1f5ae5 CVE-2017-7176 RESERVED -CVE-2017-7175 - RESERVED +CVE-2017-7175 (NfSen before 1.3.8 allows remote attackers to execute arbitrary OS ...) + TODO: check CVE-2017-7174 (The user-account creation feature in Chef Manage 2.1.0 through 2.4.4 ...) NOT-FOR-US: Chef Manage CVE-2017-7173 @@ -12222,26 +12426,26 @@ RESERVED CVE-2017-6736 RESERVED -CVE-2017-6735 - RESERVED -CVE-2017-6734 - RESERVED -CVE-2017-6733 - RESERVED -CVE-2017-6732 - RESERVED -CVE-2017-6731 - RESERVED -CVE-2017-6730 - RESERVED -CVE-2017-6729 - RESERVED -CVE-2017-6728 - RESERVED -CVE-2017-6727 - RESERVED -CVE-2017-6726 - RESERVED +CVE-2017-6735 (A vulnerability in the backup and restore functionality of Cisco ...) + TODO: check +CVE-2017-6734 (A vulnerability in the web-based management interface of Cisco Identity ...) + TODO: check +CVE-2017-6733 (A vulnerability in the web-based application interface of the Cisco ...) + TODO: check +CVE-2017-6732 (A vulnerability in the installation procedure for Cisco Prime Network ...) + TODO: check +CVE-2017-6731 (A vulnerability in Multicast Source Discovery Protocol (MSDP) ingress ...) + TODO: check +CVE-2017-6730 (A vulnerability in the web-based GUI of Cisco Wide Area Application ...) + TODO: check +CVE-2017-6729 (A vulnerability in the Border Gateway Protocol (BGP) processing ...) + TODO: check +CVE-2017-6728 (A vulnerability in the CLI of Cisco IOS XR Software could allow an ...) + TODO: check +CVE-2017-6727 (A vulnerability in the Server Message Block (SMB) protocol of Cisco ...) + TODO: check +CVE-2017-6726 (A vulnerability in the CLI of the Cisco Prime Network Gateway could ...) + TODO: check CVE-2017-6725 (A vulnerability in the web framework code of Cisco Prime Infrastructure ...) NOT-FOR-US: Cisco CVE-2017-6724 (A vulnerability in the web framework code of Cisco Prime Infrastructure ...) @@ -15525,8 +15729,8 @@ NOT-FOR-US: Apache Ambari CVE-2017-5653 (JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and ...) NOT-FOR-US: Apache CXF -CVE-2017-5652 - RESERVED +CVE-2017-5652 (During a routine security analysis, it was found that one of the ports ...) + TODO: check CVE-2017-5651 (In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the ...) - tomcat9 <itp> (bug #802312) - tomcat8 8.5.11-2 (bug #860071) @@ -15586,8 +15790,8 @@ NOT-FOR-US: Apache Ambari CVE-2017-5641 RESERVED -CVE-2017-5640 - RESERVED +CVE-2017-5640 (It was noticed that a malicious process impersonating an Impala daemon ...) + TODO: check CVE-2017-5639 RESERVED CVE-2017-5638 (The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 ...) @@ -25250,7 +25454,7 @@ NOT-FOR-US: Juniper CVE-2017-2316 (A buffer overflow vulnerability in Juniper Networks NorthStar ...) NOT-FOR-US: Juniper -CVE-2017-2315 (On Juniper Networks EX Series Ethernet Switchs running affected Junos ...) +CVE-2017-2315 (On Juniper Networks EX Series Ethernet Switches running affected Junos ...) NOT-FOR-US: Juniper CVE-2017-2314 RESERVED @@ -27090,8 +27294,8 @@ RESERVED CVE-2017-1399 RESERVED -CVE-2017-1398 - RESERVED +CVE-2017-1398 (IBM WebSphere Commerce Enterprise, Professional, Express, and ...) + TODO: check CVE-2017-1397 RESERVED CVE-2017-1396 @@ -27212,8 +27416,8 @@ RESERVED CVE-2017-1338 RESERVED -CVE-2017-1337 - RESERVED +CVE-2017-1337 (IBM WebSphere MQ 9.0.1 and 9.0.2 Java/JMS application can incorrectly ...) + TODO: check CVE-2017-1336 RESERVED CVE-2017-1335 @@ -27318,8 +27522,8 @@ RESERVED CVE-2017-1285 RESERVED -CVE-2017-1284 - RESERVED +CVE-2017-1284 (IBM WebSphere MQ 9.0.1 and 9.0.2 could allow a local user with ability ...) + TODO: check CVE-2017-1283 RESERVED CVE-2017-1282 (IBM Content Navigator & CMIS 2.0 and 3.0 is vulnerable to cross-site ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits