Author: sectracker
Date: 2017-07-13 21:10:15 +0000 (Thu, 13 Jul 2017)
New Revision: 53470
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-07-13 21:09:49 UTC (rev 53469)
+++ data/CVE/list 2017-07-13 21:10:15 UTC (rev 53470)
@@ -1,4 +1,211 @@
+CVE-2017-11311 (soundlib/Load_psm.cpp in OpenMPT through 1.26.12.00 and
libopenmpt ...)
+ TODO: check
+CVE-2017-11310 (The read_user_chunk_callback function in coders\png.c in
ImageMagick ...)
+ TODO: check
+CVE-2017-11309
+ RESERVED
+CVE-2017-11308
+ RESERVED
+CVE-2017-11307
+ RESERVED
+CVE-2017-11306
+ RESERVED
+CVE-2017-11305
+ RESERVED
+CVE-2017-11304
+ RESERVED
+CVE-2017-11303
+ RESERVED
+CVE-2017-11302
+ RESERVED
+CVE-2017-11301
+ RESERVED
+CVE-2017-11300
+ RESERVED
+CVE-2017-11299
+ RESERVED
+CVE-2017-11298
+ RESERVED
+CVE-2017-11297
+ RESERVED
+CVE-2017-11296
+ RESERVED
+CVE-2017-11295
+ RESERVED
+CVE-2017-11294
+ RESERVED
+CVE-2017-11293
+ RESERVED
+CVE-2017-11292
+ RESERVED
+CVE-2017-11291
+ RESERVED
+CVE-2017-11290
+ RESERVED
+CVE-2017-11289
+ RESERVED
+CVE-2017-11288
+ RESERVED
+CVE-2017-11287
+ RESERVED
+CVE-2017-11286
+ RESERVED
+CVE-2017-11285
+ RESERVED
+CVE-2017-11284
+ RESERVED
+CVE-2017-11283
+ RESERVED
+CVE-2017-11282
+ RESERVED
+CVE-2017-11281
+ RESERVED
+CVE-2017-11280
+ RESERVED
+CVE-2017-11279
+ RESERVED
+CVE-2017-11278
+ RESERVED
+CVE-2017-11277
+ RESERVED
+CVE-2017-11276
+ RESERVED
+CVE-2017-11275
+ RESERVED
+CVE-2017-11274
+ RESERVED
+CVE-2017-11273
+ RESERVED
+CVE-2017-11272
+ RESERVED
+CVE-2017-11271
+ RESERVED
+CVE-2017-11270
+ RESERVED
+CVE-2017-11269
+ RESERVED
+CVE-2017-11268
+ RESERVED
+CVE-2017-11267
+ RESERVED
+CVE-2017-11266
+ RESERVED
+CVE-2017-11265
+ RESERVED
+CVE-2017-11264
+ RESERVED
+CVE-2017-11263
+ RESERVED
+CVE-2017-11262
+ RESERVED
+CVE-2017-11261
+ RESERVED
+CVE-2017-11260
+ RESERVED
+CVE-2017-11259
+ RESERVED
+CVE-2017-11258
+ RESERVED
+CVE-2017-11257
+ RESERVED
+CVE-2017-11256
+ RESERVED
+CVE-2017-11255
+ RESERVED
+CVE-2017-11254
+ RESERVED
+CVE-2017-11253
+ RESERVED
+CVE-2017-11252
+ RESERVED
+CVE-2017-11251
+ RESERVED
+CVE-2017-11250
+ RESERVED
+CVE-2017-11249
+ RESERVED
+CVE-2017-11248
+ RESERVED
+CVE-2017-11247
+ RESERVED
+CVE-2017-11246
+ RESERVED
+CVE-2017-11245
+ RESERVED
+CVE-2017-11244
+ RESERVED
+CVE-2017-11243
+ RESERVED
+CVE-2017-11242
+ RESERVED
+CVE-2017-11241
+ RESERVED
+CVE-2017-11240
+ RESERVED
+CVE-2017-11239
+ RESERVED
+CVE-2017-11238
+ RESERVED
+CVE-2017-11237
+ RESERVED
+CVE-2017-11236
+ RESERVED
+CVE-2017-11235
+ RESERVED
+CVE-2017-11234
+ RESERVED
+CVE-2017-11233
+ RESERVED
+CVE-2017-11232
+ RESERVED
+CVE-2017-11231
+ RESERVED
+CVE-2017-11230
+ RESERVED
+CVE-2017-11229
+ RESERVED
+CVE-2017-11228
+ RESERVED
+CVE-2017-11227
+ RESERVED
+CVE-2017-11226
+ RESERVED
+CVE-2017-11225
+ RESERVED
+CVE-2017-11224
+ RESERVED
+CVE-2017-11223
+ RESERVED
+CVE-2017-11222
+ RESERVED
+CVE-2017-11221
+ RESERVED
+CVE-2017-11220
+ RESERVED
+CVE-2017-11219
+ RESERVED
+CVE-2017-11218
+ RESERVED
+CVE-2017-11217
+ RESERVED
+CVE-2017-11216
+ RESERVED
+CVE-2017-11215
+ RESERVED
+CVE-2017-11214
+ RESERVED
+CVE-2017-11213
+ RESERVED
+CVE-2017-11212
+ RESERVED
+CVE-2017-11211
+ RESERVED
+CVE-2017-11210
+ RESERVED
+CVE-2017-11209
+ RESERVED
CVE-2017-1000083 [Evince command injection vulnerability in CBT handler]
+ RESERVED
- evince 3.22.1-4
- atril <unfixed>
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=784630
@@ -85,30 +292,43 @@
CVE-2017-11172
RESERVED
CVE-2017-1000096
+ RESERVED
NOT-FOR-US: Jenkins plugin
CVE-2017-1000095
+ RESERVED
NOT-FOR-US: Jenkins plugin
CVE-2017-1000094
+ RESERVED
NOT-FOR-US: Jenkins plugin
CVE-2017-1000093
+ RESERVED
NOT-FOR-US: Jenkins plugin
CVE-2017-1000092
+ RESERVED
NOT-FOR-US: Jenkins plugin
CVE-2017-1000091
+ RESERVED
NOT-FOR-US: Jenkins plugin
CVE-2017-1000090
+ RESERVED
NOT-FOR-US: Jenkins plugin
CVE-2017-1000089
+ RESERVED
NOT-FOR-US: Jenkins plugin
CVE-2017-1000088
+ RESERVED
NOT-FOR-US: Jenkins plugin
CVE-2017-1000087
+ RESERVED
NOT-FOR-US: Jenkins plugin
CVE-2017-1000086
+ RESERVED
NOT-FOR-US: Jenkins plugin
CVE-2017-1000085
+ RESERVED
NOT-FOR-US: Jenkins plugin
CVE-2017-1000084
+ RESERVED
NOT-FOR-US: Jenkins plugin
CVE-2017-11171 (Bad reference counting in the context of
accept_ice_connection() in ...)
- gnome-session 2.30.0-1
@@ -186,160 +406,160 @@
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74819
NOTE: https://gist.github.com/anonymous/bd77ac90d3bdf31ce2a5251ad92e9e75
NOTE: http://openwall.com/lists/oss-security/2017/07/10/6
-CVE-2017-1000362
- RESERVED
-CVE-2017-1000081
- RESERVED
-CVE-2017-1000080
- RESERVED
-CVE-2017-1000079
- RESERVED
-CVE-2017-1000078
- RESERVED
+CVE-2017-1000362 (The re-key admin monitor was introduced in Jenkins 1.498 and
...)
+ TODO: check
+CVE-2017-1000081 (Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated
upload of ...)
+ TODO: check
+CVE-2017-1000080 (Linux foundation ONOS 1.9.0 allows unauthenticated use of
websockets ...)
+ TODO: check
+CVE-2017-1000079 (Linux foundation ONOS 1.9.0 is vulnerable to a DoS ...)
+ TODO: check
+CVE-2017-1000078 (Linux foundation ONOS 1.9 is vulnerable to XSS in the device
...)
+ TODO: check
CVE-2017-1000077
RESERVED
CVE-2017-1000076
RESERVED
-CVE-2017-1000075
- RESERVED
-CVE-2017-1000074
- RESERVED
-CVE-2017-1000073
- RESERVED
-CVE-2017-1000072
- RESERVED
-CVE-2017-1000071
- RESERVED
-CVE-2017-1000070
- RESERVED
-CVE-2017-1000069
- RESERVED
-CVE-2017-1000068
- RESERVED
-CVE-2017-1000067
- RESERVED
-CVE-2017-1000066
- RESERVED
-CVE-2017-1000065
- RESERVED
-CVE-2017-1000064
- RESERVED
-CVE-2017-1000063
- RESERVED
-CVE-2017-1000062
- RESERVED
-CVE-2017-1000061
- RESERVED
-CVE-2017-1000060
- RESERVED
-CVE-2017-1000059
- RESERVED
-CVE-2017-1000058
- RESERVED
-CVE-2017-1000057
- RESERVED
-CVE-2017-1000056
- RESERVED
+CVE-2017-1000075 (Creolabs Gravity version 1.0 is vulnerable to a stack
overflow in the ...)
+ TODO: check
+CVE-2017-1000074 (Creolabs Gravity version 1.0 is vulnerable to a stack
overflow in the ...)
+ TODO: check
+CVE-2017-1000073 (Creolabs Gravity version 1.0 is vulnerable to a heap
overflow in an ...)
+ TODO: check
+CVE-2017-1000072 (Creolabs Gravity version 1.0 is vulnerable to a Double Free
in ...)
+ TODO: check
+CVE-2017-1000071 (Jasig phpCAS version 1.3.4 is vulnerable to an
authentication bypass ...)
+ TODO: check
+CVE-2017-1000070 (The Bitly oauth2_proxy in version 2.1 and earlier was
affected by an ...)
+ TODO: check
+CVE-2017-1000069 (CSRF in Bitly oauth2_proxy 2.1 during authentication flow
...)
+ TODO: check
+CVE-2017-1000068 (TestTrack Server versions 1.0 and earlier are vulnerable to
an ...)
+ TODO: check
+CVE-2017-1000067 (MODX Revolution version 2.x - 2.5.6 is vulnerable to blind
SQL ...)
+ TODO: check
+CVE-2017-1000066 (The entry details view funcion in KeePass version 1.32
inadvertently ...)
+ TODO: check
+CVE-2017-1000065 (Multiple Cross-site scripting (XSS) vulnerabilities in
rpc.php in ...)
+ TODO: check
+CVE-2017-1000064 (kittoframework kitto version 0.5.1 is vulnerable to memory
exhaustion ...)
+ TODO: check
+CVE-2017-1000063 (kittoframework kitto version 0.5.1 is vulnerable to an XSS
in the 404 ...)
+ TODO: check
+CVE-2017-1000062 (kittoframework kitto 0.5.1 is vulnerable to directory
traversal in the ...)
+ TODO: check
+CVE-2017-1000061 (xmlsec 1.2.23 and before is vulnerable to XML External
Entity ...)
+ TODO: check
+CVE-2017-1000060 (EyesOfNetwork (EON) 5.1 Unauthenticated SQL Injection in
eonweb ...)
+ TODO: check
+CVE-2017-1000059 (Live Helper Chat version 2.06v and older is vulnerable to
Cross-Site ...)
+ TODO: check
+CVE-2017-1000058 (Stored XSS in chevereto CMS before version 3.8.11 ...)
+ TODO: check
+CVE-2017-1000057 (A reflected cross-site scripting vulnerability in GetSimple
CMS ...)
+ TODO: check
+CVE-2017-1000056 (Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege
escalation ...)
+ TODO: check
CVE-2017-1000055
- RESERVED
-CVE-2017-1000054
- RESERVED
-CVE-2017-1000053
- RESERVED
-CVE-2017-1000052
- RESERVED
-CVE-2017-1000051
- RESERVED
-CVE-2017-1000049
- RESERVED
-CVE-2017-1000048
- RESERVED
-CVE-2017-1000047
- RESERVED
-CVE-2017-1000046
- RESERVED
-CVE-2017-1000045
- RESERVED
-CVE-2017-1000043
- RESERVED
-CVE-2017-1000042
- RESERVED
-CVE-2017-1000039
- RESERVED
-CVE-2017-1000038
- RESERVED
-CVE-2017-1000037
- RESERVED
-CVE-2017-1000036
- RESERVED
-CVE-2017-1000035
- RESERVED
-CVE-2017-1000034
- RESERVED
-CVE-2017-1000033
- RESERVED
-CVE-2017-1000032
- RESERVED
-CVE-2017-1000031
- RESERVED
-CVE-2017-1000030
- RESERVED
-CVE-2017-1000029
- RESERVED
-CVE-2017-1000028
- RESERVED
-CVE-2017-1000027
- RESERVED
-CVE-2017-1000026
- RESERVED
-CVE-2017-1000025
- RESERVED
-CVE-2017-1000024
- RESERVED
-CVE-2017-1000023
- RESERVED
-CVE-2017-1000022
- RESERVED
-CVE-2017-1000021
- RESERVED
-CVE-2017-1000020
- RESERVED
-CVE-2017-1000018
- RESERVED
-CVE-2017-1000017
- RESERVED
-CVE-2017-1000016
- RESERVED
-CVE-2017-1000015
- RESERVED
-CVE-2017-1000014
- RESERVED
-CVE-2017-1000013
- RESERVED
-CVE-2017-1000012
- RESERVED
-CVE-2017-1000011
- RESERVED
-CVE-2017-1000010
- RESERVED
-CVE-2017-1000009
- RESERVED
-CVE-2017-1000008
- RESERVED
-CVE-2017-1000007
- RESERVED
-CVE-2017-1000006
- RESERVED
-CVE-2017-1000005
- RESERVED
-CVE-2017-1000004
- RESERVED
-CVE-2017-1000003
- RESERVED
-CVE-2017-1000002
- RESERVED
-CVE-2017-1000001
- RESERVED
+ REJECTED
+CVE-2017-1000054 (Rocket.Chat version 0.8.0 and newer is vulnerable to XSS in
the ...)
+ TODO: check
+CVE-2017-1000053 (Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is
vulnerable to ...)
+ TODO: check
+CVE-2017-1000052 (Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is
vulnerable to ...)
+ TODO: check
+CVE-2017-1000051 (Cross-site scripting (XSS) vulnerability in pad export in
XWiki labs ...)
+ TODO: check
+CVE-2017-1000049 (Roundcube Webmail 1.1.5 is vulnerable to Persistent Xss ...)
+ TODO: check
+CVE-2017-1000048 (the web framework using ljharb's qs module older than
v6.3.2, v6.2.3, ...)
+ TODO: check
+CVE-2017-1000047 (rbenv (all current versions) is vulnerable to Directory
Traversal in ...)
+ TODO: check
+CVE-2017-1000046 (Mautic 2.6.1 and earlier fails to set flags on session
cookies ...)
+ TODO: check
+CVE-2017-1000045 (Mautic SSO/OAuth2 plugins are vulnerable to CSRF of the
state ...)
+ TODO: check
+CVE-2017-1000043 (Mapbox.js versions 1.x prior to 1.6.6 and 2.x prior to 2.2.4
are ...)
+ TODO: check
+CVE-2017-1000042 (Mapbox.js versions 1.x prior to 1.6.5 and 2.x prior to 2.1.7
are ...)
+ TODO: check
+CVE-2017-1000039 (Framadate version 1.0 is vulnerable to Formula Injection in
the CSV ...)
+ TODO: check
+CVE-2017-1000038 (WordPress plugin Relevanssi version 3.5.7.1 is vulnerable to
stored ...)
+ TODO: check
+CVE-2017-1000037 (RVM automatically loads environment variables from files in
$PWD ...)
+ TODO: check
+CVE-2017-1000036 (All versions of Candy Chat are vulnerable to an XSS attack
by message ...)
+ TODO: check
+CVE-2017-1000035 (Tiny Tiny RSS before 829d478f is vulnerable to XSS
window.opener ...)
+ TODO: check
+CVE-2017-1000034 (Akka versions <=2.4.16 and 2.5-M1 are vulnerable to a
java ...)
+ TODO: check
+CVE-2017-1000033 (Wordpress Plugin Vospari Forms version < 1.4 is
vulnerable to a ...)
+ TODO: check
+CVE-2017-1000032 (Cross-Site scripting (XSS) vulnerabilities in Cacti 0.8.8b
allow ...)
+ TODO: check
+CVE-2017-1000031 (SQL injection vulnerability in graph_templates_inputs.php in
Cacti ...)
+ TODO: check
+CVE-2017-1000030 (Oracle, GlassFish Server Open Source Edition 3.0.1 (build
22) is ...)
+ TODO: check
+CVE-2017-1000029 (Oracle, GlassFish Server Open Source Edition 3.0.1 (build
22) is ...)
+ TODO: check
+CVE-2017-1000028 (Oracle, GlassFish Server Open Source Edition 4.1 is
vulnerable to both ...)
+ TODO: check
+CVE-2017-1000027 (Koozali Foundation SME Server versions 8.x, 9.x, 10.x are
vulnerable ...)
+ TODO: check
+CVE-2017-1000026 (Chef Software's mixlib-archive versions 0.3.0 and older are
vulnerable ...)
+ TODO: check
+CVE-2017-1000025 (GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6,
3.20 ...)
+ TODO: check
+CVE-2017-1000024 (Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is
vulnerable ...)
+ TODO: check
+CVE-2017-1000023 (LogicalDoc CommunityEdition 7.5.3 and prior is vulnerable to
an XSS ...)
+ TODO: check
+CVE-2017-1000022 (LogicalDoc CommunityEdition 7.5.3 and prior contain an
Incorrect ...)
+ TODO: check
+CVE-2017-1000021 (LogicalDoc CommunityEdition 7.5.3 and prior is vulnerable to
XXE when ...)
+ TODO: check
+CVE-2017-1000020 (SYN Flood or FIN Flood attack in ECos 1 and other versions
embedded ...)
+ TODO: check
+CVE-2017-1000018 (phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack
in the ...)
+ TODO: check
+CVE-2017-1000017 (phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness
where a user ...)
+ TODO: check
+CVE-2017-1000016 (A weakness was discovered where an attacker can inject
arbitrary ...)
+ TODO: check
+CVE-2017-1000015 (phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS
injection attack ...)
+ TODO: check
+CVE-2017-1000014 (phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a DOS
weakness in the ...)
+ TODO: check
+CVE-2017-1000013 (phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to an open
redirect ...)
+ TODO: check
+CVE-2017-1000012 (MySQL Dumper version 1.24 is vulnerable to stored XSS when
displaying ...)
+ TODO: check
+CVE-2017-1000011 (MyWebSQL version 3.6 is vulnerable to stored XSS in the
database ...)
+ TODO: check
+CVE-2017-1000010 (Audacity version 2.1.2 is vulnerable to Dll HIjacking in the
...)
+ TODO: check
+CVE-2017-1000009 (Akeneo PIM CE and EE <1.6.6, <1.5.15, <1.4.28 are
vulnerable to shell ...)
+ TODO: check
+CVE-2017-1000008 (Chyrp Lite version 2016.04 is vulnerable to a CSRF in the
user ...)
+ TODO: check
+CVE-2017-1000007 (txAWS (all current versions) fail to perform complete
certificate ...)
+ TODO: check
+CVE-2017-1000006 (Plotly, Inc. plotly.js versions prior to 1.16.0 are
vulrenable to an ...)
+ TODO: check
+CVE-2017-1000005 (PHPMiniAdmin version 1.9.160630 is vulnerable to stored XSS
in the ...)
+ TODO: check
+CVE-2017-1000004 (ATutor versions 2.2.1 and earlier are vulnerable to a SQL
injection ...)
+ TODO: check
+CVE-2017-1000003 (ATutor versions 2.2.1 and earlier are vulnerable to a
incorrect access ...)
+ TODO: check
+CVE-2017-1000002 (ATutor versions 2.2.1 and earlier are vulnerable to a
directory ...)
+ TODO: check
+CVE-2017-1000001 (FedMsg 0.18.1 and older is vulnerable to a message
validation flaw ...)
+ TODO: check
CVE-2017-11141 (The ReadMATImage function in coders\mat.c in ImageMagick
7.0.5-6 has a ...)
- imagemagick <unfixed> (low)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/469
@@ -414,7 +634,7 @@
- imagemagick <unfixed> (bug #867808)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/518
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/224bc946b24824a77e8e8c52ee07e9bc65796e30
-CVE-2017-11188 [CPU exhaustion in ReadDPXImage]
+CVE-2017-11188 (The ReadDPXImage function in coders\dpx.c in ImageMagick
7.0.6-0 has a ...)
- imagemagick <unfixed> (bug #867806)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/509
CVE-2017-11113 (In ncurses 6.0, there is a NULL Pointer Dereference in the ...)
@@ -455,16 +675,14 @@
RESERVED
CVE-2017-11105
RESERVED
-CVE-2017-1000050 [NULL Pointer Dereference jp2_encode (jp2_enc.c)]
- RESERVED
+CVE-2017-1000050 (JasPer 2.0.12 is vulnerable to a NULL pointer exception in
the ...)
- jasper <removed> (unimportant)
NOTE: http://www.openwall.com/lists/oss-security/2017/03/06/1
NOTE: https://github.com/mdadams/jasper/issues/120
NOTE: Fixed by:
https://github.com/mdadams/jasper/commit/58ba0365d911b9f9dd68e9abf826682c0b4f2293
CVE-2017-1002024
NOT-FOR-US: kindeditor
-CVE-2017-11103
- RESERVED
+CVE-2017-11103 (Heimdal before 7.4 allows remote attackers to impersonate
services with ...)
- heimdal <unfixed> (bug #868208)
- samba <unfixed> (bug #868209)
[wheezy] - samba <not-affected> (Heimdal is only used in 4.x, wheezy
ships 3.6.6)
@@ -2173,12 +2391,12 @@
NOTE: Issue is specific to Struts 2.x.
CVE-2017-9790
RESERVED
-CVE-2017-9789
- RESERVED
-CVE-2017-9788
- RESERVED
-CVE-2017-9787
- RESERVED
+CVE-2017-9789 (When under stress, closing many connections, the HTTP/2
handling code ...)
+ TODO: check
+CVE-2017-9788 (In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the
value ...)
+ TODO: check
+CVE-2017-9787 (When using a Spring AOP functionality to secure Struts actions
it is ...)
+ TODO: check
CVE-2017-9786
RESERVED
CVE-2017-9785
@@ -6337,8 +6555,7 @@
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2535
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2612
NOTE: Fixed by:
https://github.com/vadz/libtiff/commit/0abd094b6e5079c4d8be733829240491cb230f3d
-CVE-2017-1000044 [Incorrect boundaries check when updating framebuffer]
- RESERVED
+CVE-2017-1000044 (gtk-vnc 0.4.2 and older doesn't check framebuffer boundaries
correctly ...)
- gtk-vnc 0.4.3-1
NOTE: Fixed by:
https://git.gnome.org/browse/gtk-vnc/commit/?id=f3fc5e57a78d4be9872f1394f697b9929873a737
(release-0.4.3)
CVE-2017-8855 (wolfSSL before 3.11.0 does not prevent wc_DhAgree from
accepting a ...)
@@ -8290,8 +8507,7 @@
NOTE: partially fix CVE-2016-9602.
CVE-2017-8085 (In Exponent CMS before 2.4.1 Patch #5, XSS in elFinder is
possible in ...)
NOT-FOR-US: Exponent CMS
-CVE-2017-1000363 [lp.c Out-of-Bounds Write via Kernel Command-line]
- RESERVED
+CVE-2017-1000363 (Linux drivers/char/lp.c Out-of-Bounds Write. Due to a
missing bounds ...)
- linux 4.9.30-1
NOTE: Fixed by:
https://git.kernel.org/linus/3e21f4af170bebf47c187c1ff8bf155583c9f3b1 (4.12-rc2)
NOTE: https://alephsecurity.com/vulns/aleph-2017023
@@ -9707,8 +9923,8 @@
CVE-2017-7673
RESERVED
NOT-FOR-US: Apache OpenMeetings
-CVE-2017-7672
- RESERVED
+CVE-2017-7672 (If an application allows enter an URL in a form field and
built-in ...)
+ TODO: check
CVE-2017-7671
RESERVED
CVE-2017-7670 (The Traffic Router component of the incubating Apache Traffic
Control ...)
@@ -10148,8 +10364,7 @@
RESERVED
CVE-2017-7530
RESERVED
-CVE-2017-7529
- RESERVED
+CVE-2017-7529 (Nginx versions since 0.5.6 up to and including 1.13.2 are
vulnerable ...)
{DSA-3908-1 DLA-1024-1}
- nginx <unfixed> (bug #868109)
NOTE: http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html
@@ -14165,8 +14380,8 @@
RESERVED
CVE-2017-6250 (NVIDIA GeForce Experience contains a vulnerability in NVIDIA
Web ...)
NOT-FOR-US: NVIDIA GeForce Experience
-CVE-2017-6249
- RESERVED
+CVE-2017-6249 (An elevation of privilege vulnerability in the NVIDIA sound
driver ...)
+ TODO: check
CVE-2017-6248 (An elevation of privilege vulnerability in the NVIDIA sound
driver ...)
NOT-FOR-US: NVIDIA driver for Android
CVE-2017-6247 (An elevation of privilege vulnerability in the NVIDIA sound
driver ...)
@@ -23409,13 +23624,13 @@
RESERVED
CVE-2017-3143 [An error in TSIG authentication can permit unauthorized dynamic
updates]
RESERVED
- {DSA-3904-1}
+ {DSA-3904-1 DLA-1025-1}
- bind9 <unfixed> (bug #866564)
NOTE: https://kb.isc.org/article/AA-01503
NOTE: Fixed by (master):
https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=581c1526ab0f74a177980da9ff0514f795ed8669
CVE-2017-3142 [An error in TSIG authentication can permit unauthorized zone
transfers]
RESERVED
- {DSA-3904-1}
+ {DSA-3904-1 DLA-1025-1}
- bind9 <unfixed> (bug #866564)
NOTE: https://kb.isc.org/article/AA-01504
NOTE: Fixed by (master):
https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=581c1526ab0f74a177980da9ff0514f795ed8669
@@ -27692,8 +27907,8 @@
NOT-FOR-US: IBM
CVE-2017-1309
RESERVED
-CVE-2017-1308
- RESERVED
+CVE-2017-1308 (IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1
and 5.0 ...)
+ TODO: check
CVE-2017-1307
RESERVED
CVE-2017-1306
@@ -32687,8 +32902,8 @@
NOT-FOR-US: IBM
CVE-2016-8965
RESERVED
-CVE-2016-8964
- RESERVED
+CVE-2016-8964 (IBM BigFix Inventory v9 9.2 uses an inadequate account lockout
setting ...)
+ TODO: check
CVE-2016-8963 (IBM BigFix Inventory v9 stores potentially sensitive
information in ...)
NOT-FOR-US: IBM
CVE-2016-8962 (IBM BigFix Inventory 9.2 does not require that users should
have ...)
@@ -32711,10 +32926,10 @@
NOT-FOR-US: IBM
CVE-2016-8953 (IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote
...)
NOT-FOR-US: IBM
-CVE-2016-8952
- RESERVED
-CVE-2016-8951
- RESERVED
+CVE-2016-8952 (IBM Emptoris Strategic Supply Management Platform 10.0.0.x
through ...)
+ TODO: check
+CVE-2016-8951 (IBM Emptoris Strategic Supply Management Platform 10.0.0.x
through ...)
+ TODO: check
CVE-2016-8950 (IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to
cross-site ...)
NOT-FOR-US: IBM
CVE-2016-8949
@@ -42394,8 +42609,8 @@
RESERVED
CVE-2016-6020 (IBM Sterling B2B Integrator Standard Edition could allow a
remote ...)
NOT-FOR-US: IBM
-CVE-2016-6019
- RESERVED
+CVE-2016-6019 (IBM Emptoris Strategic Supply Management Platform 10.0.0.x
through ...)
+ TODO: check
CVE-2016-6018
RESERVED
CVE-2016-6017
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
