[Secure-testing-commits] r53390 - data/CVE

Tue, 11 Jul 2017 14:10:38 -0700 

Author: sectracker
Date: 2017-07-11 21:10:16 +0000 (Tue, 11 Jul 2017)
New Revision: 53390

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-07-11 21:09:02 UTC (rev 53389)
+++ data/CVE/list       2017-07-11 21:10:16 UTC (rev 53390)
@@ -1,3 +1,7 @@
+CVE-2017-11171 (Bad reference counting in the context of 
accept_ice_connection() in ...)
+       TODO: check
+CVE-2017-11170 (The ReadTGAImage function in coders\tga.c in ImageMagick 
7.0.5-6 has a ...)
+       TODO: check
 CVE-2017-11169
        RESERVED
 CVE-2017-11168
@@ -1275,7 +1279,7 @@
 CVE-2017-10689
        RESERVED
 CVE-2017-10688 (In LibTIFF 4.0.8, there is a assertion abort in the ...)
-       {DSA-3903-1}
+       {DSA-3903-1 DLA-1022-1}
        - tiff 4.0.8-3 (bug #866611)
        - tiff3 <removed>
        [wheezy] - tiff3 <not-affected> (vulnerable code not present)
@@ -1495,8 +1499,8 @@
        RESERVED
 CVE-2017-10601
        RESERVED
-CVE-2017-10600
-       RESERVED
+CVE-2017-10600 (ubuntu-image 1.0 before 2017-07-07, when invoked as non-root, 
creates ...)
+       TODO: check
 CVE-2017-9996 (The cdxl_decode_frame function in libavcodec/cdxl.c in FFmpeg 
2.8.x ...)
        - ffmpeg 7:3.2.5-1
        - libav <undetermined>
@@ -1664,7 +1668,7 @@
        NOTE: to see this as an issue in libjbig itself.
        TODO: wait for futher development on upstream
 CVE-2017-9936 (In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A 
crafted TIFF ...)
-       {DSA-3903-1}
+       {DSA-3903-1 DLA-1023-1 DLA-1022-1}
        - tiff 4.0.8-3 (bug #866113)
        - tiff3 <removed>
        NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2706
@@ -9383,16 +9387,16 @@
        RESERVED
 CVE-2017-7731 (A weak password recovery vulnerability in Fortinet FortiPortal 
...)
        NOT-FOR-US: Fortinet FortiPortal
-CVE-2017-7730
-       RESERVED
-CVE-2017-7729
-       RESERVED
-CVE-2017-7728
-       RESERVED
+CVE-2017-7730 (iSmartAlarm cube devices allow Denial of Service. Sending a SYN 
flood ...)
+       TODO: check
+CVE-2017-7729 (On iSmartAlarm cube devices, there is Incorrect Access Control 
because ...)
+       TODO: check
+CVE-2017-7728 (On iSmartAlarm cube devices, there is authentication bypass 
leading to ...)
+       TODO: check
 CVE-2017-7727
-       RESERVED
-CVE-2017-7726
-       RESERVED
+       REJECTED
+CVE-2017-7726 (iSmartAlarm cube devices have an SSL Certificate Validation ...)
+       TODO: check
 CVE-2017-7725 (concrete5 8.1.0 places incorrect trust in the HTTP Host header 
during ...)
        NOT-FOR-US: concrete5
 CVE-2017-7724
@@ -11841,7 +11845,7 @@
        - mantis <removed>
        [wheezy] - mantis <end-of-life> (Unsupported in Wheezy LTS)
        NOTE: http://www.openwall.com/lists/oss-security/2017/03/30/4
-CVE-2017-6972 (Unspecified vulnerability in AlienVault USM and OSSIM before 
5.3.7 and ...)
+CVE-2017-6972 (AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 
have an ...)
        NOT-FOR-US: AlienVault
 CVE-2017-6971 (AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 
allow ...)
        NOT-FOR-US: AlienVault
@@ -51621,7 +51625,7 @@
        NOT-FOR-US: IBM
 CVE-2016-3053 (IBM AIX contains an unspecified vulnerability that would allow 
a ...)
        NOT-FOR-US: IBM
-CVE-2016-3052 (IBM WebSphere MQ 8.0, under nonstandard configurations, sends 
password ...)
+CVE-2016-3052 (Under non-standard configurations, IBM WebSphere MQ might send 
...)
        NOT-FOR-US: IBM
 CVE-2016-3051 (IBM Security Access Manager for Web 9.0.0 could allow an 
authenticated ...)
        NOT-FOR-US: IBM
@@ -238949,7 +238953,7 @@
        NOT-FOR-US: Sauerbraten / cube engine
 CVE-2006-1099 (PHP remote file include vulnerability in logIT 1.3 and 1.4 
allows ...)
        NOT-FOR-US: logIT
-CVE-2006-1098 (** DISPUTED ** ...)
+CVE-2006-1098 (** DISPUTED ** Multiple SQL injection vulnerabilities in NZ 
Ecommerce ...)
        NOT-FOR-US: NZ Ecommerce
 CVE-2006-1097 (Multiple cross-site scripting (XSS) vulnerabilities in 
Datenbank MOD ...)
        NOT-FOR-US: Woltlab Burning Board
@@ -250459,7 +250463,7 @@
        NOT-FOR-US: PHProjekt
 CVE-2002-1760 (Multiple SQL injection vulnerabilities in PHProjekt 2.0 through 
3.1 ...)
        NOT-FOR-US: PHProjekt
-CVE-2002-1759 (The upload function in PHPProjekt 2.0 through 3.1 does not 
properly ...)
+CVE-2002-1759 (The upload function in PHProjekt 2.0 through 3.1 does not 
properly ...)
        NOT-FOR-US: PHProjekt
 CVE-2002-1758 (PHProjekt 2.0 through 3.1 allows remote attackers to view or 
modify ...)
        NOT-FOR-US: PHProjekt
@@ -255510,7 +255514,7 @@
        - uim 1:0.4.6beta2-1
 CVE-2005-0502 (Directory traversal vulnerability in Xinkaa 1.0.3 and earlier 
allows ...)
        NOT-FOR-US: Xinkaa
-CVE-2005-0501 (Buffer overflow in Bontago 1.1 and earlier allows remote 
attackers ...)
+CVE-2005-0501 (Buffer overflow in Bontago 1.1 and earlier allows remote 
attackers to ...)
        NOT-FOR-US: Bontago
 CVE-2005-0500 (Internet Explorer 6.0 on Windows XP SP2 allows remote attackers 
to ...)
        NOT-FOR-US: MSIE6


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to