[Secure-testing-commits] r53608 - data/CVE

security tracker role Tue, 18 Jul 2017 02:10:28 -0700

Author: sectracker
Date: 2017-07-18 09:10:12 +0000 (Tue, 18 Jul 2017)
New Revision: 53608


Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-07-18 09:09:40 UTC (rev 53607)
+++ data/CVE/list       2017-07-18 09:10:12 UTC (rev 53608)
@@ -1,3 +1,45 @@
+CVE-2017-11420 (Stack-based buffer overflow in ASUS_Discovery.c in networkmap 
in ...)
+       TODO: check
+CVE-2017-11419 (Fiyo CMS 2.0.7 has SQL injection in ...)
+       TODO: check
+CVE-2017-11418 (Fiyo CMS 2.0.7 has SQL injection in ...)
+       TODO: check
+CVE-2017-11417 (Fiyo CMS 2.0.7 has SQL injection in ...)
+       TODO: check
+CVE-2017-11416 (Fiyo CMS 2.0.7 has SQL injection in ...)
+       TODO: check
+CVE-2017-11415 (Fiyo CMS 2.0.7 has SQL injection in ...)
+       TODO: check
+CVE-2017-11414 (Fiyo CMS 2.0.7 has SQL injection in ...)
+       TODO: check
+CVE-2017-11413 (Fiyo CMS 2.0.7 has SQL injection in ...)
+       TODO: check
+CVE-2017-11412 (Fiyo CMS 2.0.7 has SQL injection in ...)
+       TODO: check
+CVE-2017-11411
+       RESERVED
+CVE-2017-11410
+       RESERVED
+CVE-2017-11409
+       RESERVED
+CVE-2017-11408
+       RESERVED
+CVE-2017-11407
+       RESERVED
+CVE-2017-11406
+       RESERVED
+CVE-2017-11405 (In CMS Made Simple (CMSMS) 2.2.2, remote authenticated 
administrators ...)
+       TODO: check
+CVE-2017-11404 (In CMS Made Simple (CMSMS) 2.2.2, remote authenticated 
administrators ...)
+       TODO: check
+CVE-2017-11403 (The ReadMNGImage function in coders/png.c in GraphicsMagick 
1.3.26 has ...)
+       TODO: check
+CVE-2017-11402
+       RESERVED
+CVE-2017-11401
+       RESERVED
+CVE-2017-11400
+       RESERVED
 CVE-2017-XXXX [unsafe use of /tmp]
        - gnome-exe-thumbnailer <unfixed> (bug #868737)
        [stretch] - gnome-exe-thumbnailer <no-dsa> (Minor issue)
@@ -938,6 +980,7 @@
        [wheezy] - catdoc <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1468471
 CVE-2017-11109 (Vim 8.0 allows attackers to cause a denial of service (invalid 
free) or ...)
+       {DLA-1030-1}
        - vim 2:8.0.0197-5 (low; bug #867720)
        [stretch] - vim <no-dsa> (Minor issue)
        [jessie] - vim <no-dsa> (Minor issue)
@@ -2370,10 +2413,10 @@
        - tiff <unfixed> (bug #866109)
        - tiff3 <removed>
        NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2704
-CVE-2017-9934
-       RESERVED
-CVE-2017-9933
-       RESERVED
+CVE-2017-9934 (Missing CSRF token checks and improper input validation in 
Joomla! CMS ...)
+       TODO: check
+CVE-2017-9933 (Improper cache invalidation in Joomla! CMS 1.7.3 through 3.7.2 
leads ...)
+       TODO: check
 CVE-2017-9932
        RESERVED
 CVE-2017-9931
@@ -2671,14 +2714,14 @@
 CVE-2017-9814 (cairo-truetype-subset.c in cairo 1.15.6 and earlier allows 
remote ...)
        - cairo <unfixed> (bug #868580)
        NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101547
-CVE-2017-9813
-       RESERVED
-CVE-2017-9812
-       RESERVED
-CVE-2017-9811
-       RESERVED
-CVE-2017-9810
-       RESERVED
+CVE-2017-9813 (In Kaspersky Anti-Virus for Linux File Server before 
Maintenance Pack ...)
+       TODO: check
+CVE-2017-9812 (The reportId parameter of the getReportStatus action method can 
be ...)
+       TODO: check
+CVE-2017-9811 (The kluser is able to interact with the kav4fs-control binary 
in ...)
+       TODO: check
+CVE-2017-9810 (There are no Anti-CSRF tokens in any forms on the web interface 
in ...)
+       TODO: check
 CVE-2017-9809
        RESERVED
 CVE-2017-9808
@@ -4393,8 +4436,7 @@
        NOT-FOR-US: SimpleCE
 CVE-2017-9672
        RESERVED
-CVE-2017-9671
-       RESERVED
+CVE-2017-9671 (A heap overflow in apk (Alpine Linux's package manager) allows 
a ...)
        NOT-FOR-US: apk (Alpine's package manager)
 CVE-2017-9670 (An uninitialized stack variable vulnerability in 
load_tic_series() in ...)
        - gnuplot 5.0.5+dfsg1-7 (unimportant; bug #864901)
@@ -4408,8 +4450,7 @@
        NOTE: Fixed by: 
https://github.com/gnuplot/gnuplot/commit/4e39b1d7b274c7d4a69cbaba85ff321264f4457e
        NOTE: Introduced by: 
https://github.com/gnuplot/gnuplot/commit/cd4b777389379598740fc02decff772b0e7bcbd6
        NOTE: Crash in a CLI tool, no security impact
-CVE-2017-9669
-       RESERVED
+CVE-2017-9669 (A heap overflow in apk (Alpine Linux's package manager) allows 
a ...)
        NOT-FOR-US: apk (Alpine's package manager)
 CVE-2017-9668 (In admin\addgroup.php in CMS Made Simple 2.1.6, when adding a 
user ...)
        NOT-FOR-US: CMS Made Simple
@@ -4531,8 +4572,8 @@
        RESERVED
 CVE-2017-9610
        RESERVED
-CVE-2017-9609
-       RESERVED
+CVE-2017-9609 (Cross-site scripting (XSS) vulnerability in Blackcat CMS 1.2 
allows ...)
+       TODO: check
 CVE-2017-9608
        RESERVED
 CVE-2017-9607
@@ -4567,7 +4608,7 @@
        NOT-FOR-US: "FNB Kemp Mobile Banking" by First National Bank of Kemp app
 CVE-2017-9600 (The &quot;Peoples Bank Tulsa&quot; by Peoples Bank - OK app 
3.0.2 -- aka ...)
        NOT-FOR-US: "Peoples Bank Tulsa" by Peoples Bank - OK app
-CVE-2017-9599 (The &quot;Fountain Trust Mobile Banking&quot; by FOUNTAIN TRUST 
COMPANY app 3.0.0 ...)
+CVE-2017-9599 (The &quot;Fountain Trust Mobile Banking&quot; by FOUNTAIN TRUST 
COMPANY app ...)
        NOT-FOR-US: "Fountain Trust Mobile Banking" by FOUNTAIN TRUST COMPANY 
app
 CVE-2017-9598 (The &quot;Morton Credit Union Mobile Banking&quot; by Morton 
Credit Union app ...)
        NOT-FOR-US: "Morton Credit Union Mobile Banking" by Morton Credit Union 
app
@@ -5287,12 +5328,12 @@
        RESERVED
 CVE-2017-9341
        RESERVED
-CVE-2017-9340
-       RESERVED
-CVE-2017-9339
-       RESERVED
-CVE-2017-9338
-       RESERVED
+CVE-2017-9340 (An attacker is logged in as a normal user and can somehow make 
admin ...)
+       TODO: check
+CVE-2017-9339 (A logical error in ownCloud Server before 10.0.2 caused 
disclosure of ...)
+       TODO: check
+CVE-2017-9338 (Inadequate escaping lead to XSS vulnerability in the search 
module in ...)
+       TODO: check
 CVE-2017-9337 (The Markdown on Save Improved plugin 2.5 for WordPress has a 
stored XSS ...)
        NOT-FOR-US: Wordpress plugin
 CVE-2017-9336 (The WP Editor.MD plugin 1.6 for WordPress has a stored XSS ...)
@@ -6779,8 +6820,8 @@
        NOT-FOR-US: Invision Power Services
 CVE-2017-8897 (Invision Power Services (IPS) Community Suite 4.1.19.2 and 
earlier has ...)
        NOT-FOR-US: Invision Power Services
-CVE-2017-8896
-       RESERVED
+CVE-2017-8896 (ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x 
before ...)
+       TODO: check
 CVE-2017-8895 (In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 
before ...)
        NOT-FOR-US: Veritas
 CVE-2017-8894 (AeroAdmin 4.1 uses an insecure protocol (HTTP) to perform 
software ...)
@@ -9230,8 +9271,8 @@
        NOTE: Fixed by: 
http://git.ghostscript.com/?p=ghostpdl.git;h=8210a2864372723b49c526e2b102fdc00c9c4699
        NOTE: edgebuffer scan converter was made default only in: 
http://git.ghostscript.com/?p=ghostpdl.git;h=dd5da2cb3e08398ac6d86598b36b00994d058308
        NOTE: But the vulnerable code via base/gxscan.c, a new scan converter 
introduced in 9.20 is present.
-CVE-2017-7947
-       RESERVED
+CVE-2017-7947 (NetApp Clustered Data ONTAP before 8.3.2P11, 9.0 before P4, and 
9.1 ...)
+       TODO: check
 CVE-2016-10347
        RESERVED
 CVE-2016-10346
@@ -13149,24 +13190,24 @@
        RESERVED
 CVE-2017-6745
        RESERVED
-CVE-2017-6744
-       RESERVED
-CVE-2017-6743
-       RESERVED
-CVE-2017-6742
-       RESERVED
-CVE-2017-6741
-       RESERVED
-CVE-2017-6740
-       RESERVED
-CVE-2017-6739
-       RESERVED
-CVE-2017-6738
-       RESERVED
-CVE-2017-6737
-       RESERVED
-CVE-2017-6736
-       RESERVED
+CVE-2017-6744 (The Simple Network Management Protocol (SNMP) subsystem of 
Cisco IOS ...)
+       TODO: check
+CVE-2017-6743 (The Simple Network Management Protocol (SNMP) subsystem of 
Cisco IOS ...)
+       TODO: check
+CVE-2017-6742 (The Simple Network Management Protocol (SNMP) subsystem of 
Cisco IOS ...)
+       TODO: check
+CVE-2017-6741 (The Simple Network Management Protocol (SNMP) subsystem of 
Cisco IOS ...)
+       TODO: check
+CVE-2017-6740 (The Simple Network Management Protocol (SNMP) subsystem of 
Cisco IOS ...)
+       TODO: check
+CVE-2017-6739 (The Simple Network Management Protocol (SNMP) subsystem of 
Cisco IOS ...)
+       TODO: check
+CVE-2017-6738 (The Simple Network Management Protocol (SNMP) subsystem of 
Cisco IOS ...)
+       TODO: check
+CVE-2017-6737 (The Simple Network Management Protocol (SNMP) subsystem of 
Cisco IOS ...)
+       TODO: check
+CVE-2017-6736 (The Simple Network Management Protocol (SNMP) subsystem of 
Cisco IOS ...)
+       TODO: check
 CVE-2017-6735 (A vulnerability in the backup and restore functionality of 
Cisco ...)
        NOT-FOR-US: Cisco
 CVE-2017-6734 (A vulnerability in the web-based management interface of Cisco 
Identity ...)
@@ -35374,7 +35415,7 @@
        RESERVED
 CVE-2016-1000223
        RESERVED
-CVE-2016-1000031 (Apache Commons FileUpload DiskFileItem File Manipulation 
Remote Code ...)
+CVE-2016-1000031 (Apache Commons FileUpload before 1.3.3 DiskFileItem File 
Manipulation ...)
        - libcommons-fileupload-java <unfixed> (unimportant)
        NOTE: https://www.tenable.com/security/research/tra-2016-12
        NOTE: Marked as unimportant since even though the CVE is assigned for 
Apache Commons FileUpload


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r53608 - data/CVE

Reply via email to