Author: sectracker Date: 2017-07-11 21:10:16 +0000 (Tue, 11 Jul 2017) New Revision: 53390
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-07-11 21:09:02 UTC (rev 53389) +++ data/CVE/list 2017-07-11 21:10:16 UTC (rev 53390) @@ -1,3 +1,7 @@ +CVE-2017-11171 (Bad reference counting in the context of accept_ice_connection() in ...) + TODO: check +CVE-2017-11170 (The ReadTGAImage function in coders\tga.c in ImageMagick 7.0.5-6 has a ...) + TODO: check CVE-2017-11169 RESERVED CVE-2017-11168 @@ -1275,7 +1279,7 @@ CVE-2017-10689 RESERVED CVE-2017-10688 (In LibTIFF 4.0.8, there is a assertion abort in the ...) - {DSA-3903-1} + {DSA-3903-1 DLA-1022-1} - tiff 4.0.8-3 (bug #866611) - tiff3 <removed> [wheezy] - tiff3 <not-affected> (vulnerable code not present) @@ -1495,8 +1499,8 @@ RESERVED CVE-2017-10601 RESERVED -CVE-2017-10600 - RESERVED +CVE-2017-10600 (ubuntu-image 1.0 before 2017-07-07, when invoked as non-root, creates ...) + TODO: check CVE-2017-9996 (The cdxl_decode_frame function in libavcodec/cdxl.c in FFmpeg 2.8.x ...) - ffmpeg 7:3.2.5-1 - libav <undetermined> @@ -1664,7 +1668,7 @@ NOTE: to see this as an issue in libjbig itself. TODO: wait for futher development on upstream CVE-2017-9936 (In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF ...) - {DSA-3903-1} + {DSA-3903-1 DLA-1023-1 DLA-1022-1} - tiff 4.0.8-3 (bug #866113) - tiff3 <removed> NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2706 @@ -9383,16 +9387,16 @@ RESERVED CVE-2017-7731 (A weak password recovery vulnerability in Fortinet FortiPortal ...) NOT-FOR-US: Fortinet FortiPortal -CVE-2017-7730 - RESERVED -CVE-2017-7729 - RESERVED -CVE-2017-7728 - RESERVED +CVE-2017-7730 (iSmartAlarm cube devices allow Denial of Service. Sending a SYN flood ...) + TODO: check +CVE-2017-7729 (On iSmartAlarm cube devices, there is Incorrect Access Control because ...) + TODO: check +CVE-2017-7728 (On iSmartAlarm cube devices, there is authentication bypass leading to ...) + TODO: check CVE-2017-7727 - RESERVED -CVE-2017-7726 - RESERVED + REJECTED +CVE-2017-7726 (iSmartAlarm cube devices have an SSL Certificate Validation ...) + TODO: check CVE-2017-7725 (concrete5 8.1.0 places incorrect trust in the HTTP Host header during ...) NOT-FOR-US: concrete5 CVE-2017-7724 @@ -11841,7 +11845,7 @@ - mantis <removed> [wheezy] - mantis <end-of-life> (Unsupported in Wheezy LTS) NOTE: http://www.openwall.com/lists/oss-security/2017/03/30/4 -CVE-2017-6972 (Unspecified vulnerability in AlienVault USM and OSSIM before 5.3.7 and ...) +CVE-2017-6972 (AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an ...) NOT-FOR-US: AlienVault CVE-2017-6971 (AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow ...) NOT-FOR-US: AlienVault @@ -51621,7 +51625,7 @@ NOT-FOR-US: IBM CVE-2016-3053 (IBM AIX contains an unspecified vulnerability that would allow a ...) NOT-FOR-US: IBM -CVE-2016-3052 (IBM WebSphere MQ 8.0, under nonstandard configurations, sends password ...) +CVE-2016-3052 (Under non-standard configurations, IBM WebSphere MQ might send ...) NOT-FOR-US: IBM CVE-2016-3051 (IBM Security Access Manager for Web 9.0.0 could allow an authenticated ...) NOT-FOR-US: IBM @@ -238949,7 +238953,7 @@ NOT-FOR-US: Sauerbraten / cube engine CVE-2006-1099 (PHP remote file include vulnerability in logIT 1.3 and 1.4 allows ...) NOT-FOR-US: logIT -CVE-2006-1098 (** DISPUTED ** ...) +CVE-2006-1098 (** DISPUTED ** Multiple SQL injection vulnerabilities in NZ Ecommerce ...) NOT-FOR-US: NZ Ecommerce CVE-2006-1097 (Multiple cross-site scripting (XSS) vulnerabilities in Datenbank MOD ...) NOT-FOR-US: Woltlab Burning Board @@ -250459,7 +250463,7 @@ NOT-FOR-US: PHProjekt CVE-2002-1760 (Multiple SQL injection vulnerabilities in PHProjekt 2.0 through 3.1 ...) NOT-FOR-US: PHProjekt -CVE-2002-1759 (The upload function in PHPProjekt 2.0 through 3.1 does not properly ...) +CVE-2002-1759 (The upload function in PHProjekt 2.0 through 3.1 does not properly ...) NOT-FOR-US: PHProjekt CVE-2002-1758 (PHProjekt 2.0 through 3.1 allows remote attackers to view or modify ...) NOT-FOR-US: PHProjekt @@ -255510,7 +255514,7 @@ - uim 1:0.4.6beta2-1 CVE-2005-0502 (Directory traversal vulnerability in Xinkaa 1.0.3 and earlier allows ...) NOT-FOR-US: Xinkaa -CVE-2005-0501 (Buffer overflow in Bontago 1.1 and earlier allows remote attackers ...) +CVE-2005-0501 (Buffer overflow in Bontago 1.1 and earlier allows remote attackers to ...) NOT-FOR-US: Bontago CVE-2005-0500 (Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to ...) NOT-FOR-US: MSIE6 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits