Author: sectracker Date: 2017-07-18 09:10:12 +0000 (Tue, 18 Jul 2017) New Revision: 53608
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-07-18 09:09:40 UTC (rev 53607) +++ data/CVE/list 2017-07-18 09:10:12 UTC (rev 53608) @@ -1,3 +1,45 @@ +CVE-2017-11420 (Stack-based buffer overflow in ASUS_Discovery.c in networkmap in ...) + TODO: check +CVE-2017-11419 (Fiyo CMS 2.0.7 has SQL injection in ...) + TODO: check +CVE-2017-11418 (Fiyo CMS 2.0.7 has SQL injection in ...) + TODO: check +CVE-2017-11417 (Fiyo CMS 2.0.7 has SQL injection in ...) + TODO: check +CVE-2017-11416 (Fiyo CMS 2.0.7 has SQL injection in ...) + TODO: check +CVE-2017-11415 (Fiyo CMS 2.0.7 has SQL injection in ...) + TODO: check +CVE-2017-11414 (Fiyo CMS 2.0.7 has SQL injection in ...) + TODO: check +CVE-2017-11413 (Fiyo CMS 2.0.7 has SQL injection in ...) + TODO: check +CVE-2017-11412 (Fiyo CMS 2.0.7 has SQL injection in ...) + TODO: check +CVE-2017-11411 + RESERVED +CVE-2017-11410 + RESERVED +CVE-2017-11409 + RESERVED +CVE-2017-11408 + RESERVED +CVE-2017-11407 + RESERVED +CVE-2017-11406 + RESERVED +CVE-2017-11405 (In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators ...) + TODO: check +CVE-2017-11404 (In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators ...) + TODO: check +CVE-2017-11403 (The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 has ...) + TODO: check +CVE-2017-11402 + RESERVED +CVE-2017-11401 + RESERVED +CVE-2017-11400 + RESERVED CVE-2017-XXXX [unsafe use of /tmp] - gnome-exe-thumbnailer <unfixed> (bug #868737) [stretch] - gnome-exe-thumbnailer <no-dsa> (Minor issue) @@ -938,6 +980,7 @@ [wheezy] - catdoc <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1468471 CVE-2017-11109 (Vim 8.0 allows attackers to cause a denial of service (invalid free) or ...) + {DLA-1030-1} - vim 2:8.0.0197-5 (low; bug #867720) [stretch] - vim <no-dsa> (Minor issue) [jessie] - vim <no-dsa> (Minor issue) @@ -2370,10 +2413,10 @@ - tiff <unfixed> (bug #866109) - tiff3 <removed> NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2704 -CVE-2017-9934 - RESERVED -CVE-2017-9933 - RESERVED +CVE-2017-9934 (Missing CSRF token checks and improper input validation in Joomla! CMS ...) + TODO: check +CVE-2017-9933 (Improper cache invalidation in Joomla! CMS 1.7.3 through 3.7.2 leads ...) + TODO: check CVE-2017-9932 RESERVED CVE-2017-9931 @@ -2671,14 +2714,14 @@ CVE-2017-9814 (cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote ...) - cairo <unfixed> (bug #868580) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101547 -CVE-2017-9813 - RESERVED -CVE-2017-9812 - RESERVED -CVE-2017-9811 - RESERVED -CVE-2017-9810 - RESERVED +CVE-2017-9813 (In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack ...) + TODO: check +CVE-2017-9812 (The reportId parameter of the getReportStatus action method can be ...) + TODO: check +CVE-2017-9811 (The kluser is able to interact with the kav4fs-control binary in ...) + TODO: check +CVE-2017-9810 (There are no Anti-CSRF tokens in any forms on the web interface in ...) + TODO: check CVE-2017-9809 RESERVED CVE-2017-9808 @@ -4393,8 +4436,7 @@ NOT-FOR-US: SimpleCE CVE-2017-9672 RESERVED -CVE-2017-9671 - RESERVED +CVE-2017-9671 (A heap overflow in apk (Alpine Linux's package manager) allows a ...) NOT-FOR-US: apk (Alpine's package manager) CVE-2017-9670 (An uninitialized stack variable vulnerability in load_tic_series() in ...) - gnuplot 5.0.5+dfsg1-7 (unimportant; bug #864901) @@ -4408,8 +4450,7 @@ NOTE: Fixed by: https://github.com/gnuplot/gnuplot/commit/4e39b1d7b274c7d4a69cbaba85ff321264f4457e NOTE: Introduced by: https://github.com/gnuplot/gnuplot/commit/cd4b777389379598740fc02decff772b0e7bcbd6 NOTE: Crash in a CLI tool, no security impact -CVE-2017-9669 - RESERVED +CVE-2017-9669 (A heap overflow in apk (Alpine Linux's package manager) allows a ...) NOT-FOR-US: apk (Alpine's package manager) CVE-2017-9668 (In admin\addgroup.php in CMS Made Simple 2.1.6, when adding a user ...) NOT-FOR-US: CMS Made Simple @@ -4531,8 +4572,8 @@ RESERVED CVE-2017-9610 RESERVED -CVE-2017-9609 - RESERVED +CVE-2017-9609 (Cross-site scripting (XSS) vulnerability in Blackcat CMS 1.2 allows ...) + TODO: check CVE-2017-9608 RESERVED CVE-2017-9607 @@ -4567,7 +4608,7 @@ NOT-FOR-US: "FNB Kemp Mobile Banking" by First National Bank of Kemp app CVE-2017-9600 (The "Peoples Bank Tulsa" by Peoples Bank - OK app 3.0.2 -- aka ...) NOT-FOR-US: "Peoples Bank Tulsa" by Peoples Bank - OK app -CVE-2017-9599 (The "Fountain Trust Mobile Banking" by FOUNTAIN TRUST COMPANY app 3.0.0 ...) +CVE-2017-9599 (The "Fountain Trust Mobile Banking" by FOUNTAIN TRUST COMPANY app ...) NOT-FOR-US: "Fountain Trust Mobile Banking" by FOUNTAIN TRUST COMPANY app CVE-2017-9598 (The "Morton Credit Union Mobile Banking" by Morton Credit Union app ...) NOT-FOR-US: "Morton Credit Union Mobile Banking" by Morton Credit Union app @@ -5287,12 +5328,12 @@ RESERVED CVE-2017-9341 RESERVED -CVE-2017-9340 - RESERVED -CVE-2017-9339 - RESERVED -CVE-2017-9338 - RESERVED +CVE-2017-9340 (An attacker is logged in as a normal user and can somehow make admin ...) + TODO: check +CVE-2017-9339 (A logical error in ownCloud Server before 10.0.2 caused disclosure of ...) + TODO: check +CVE-2017-9338 (Inadequate escaping lead to XSS vulnerability in the search module in ...) + TODO: check CVE-2017-9337 (The Markdown on Save Improved plugin 2.5 for WordPress has a stored XSS ...) NOT-FOR-US: Wordpress plugin CVE-2017-9336 (The WP Editor.MD plugin 1.6 for WordPress has a stored XSS ...) @@ -6779,8 +6820,8 @@ NOT-FOR-US: Invision Power Services CVE-2017-8897 (Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has ...) NOT-FOR-US: Invision Power Services -CVE-2017-8896 - RESERVED +CVE-2017-8896 (ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before ...) + TODO: check CVE-2017-8895 (In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before ...) NOT-FOR-US: Veritas CVE-2017-8894 (AeroAdmin 4.1 uses an insecure protocol (HTTP) to perform software ...) @@ -9230,8 +9271,8 @@ NOTE: Fixed by: http://git.ghostscript.com/?p=ghostpdl.git;h=8210a2864372723b49c526e2b102fdc00c9c4699 NOTE: edgebuffer scan converter was made default only in: http://git.ghostscript.com/?p=ghostpdl.git;h=dd5da2cb3e08398ac6d86598b36b00994d058308 NOTE: But the vulnerable code via base/gxscan.c, a new scan converter introduced in 9.20 is present. -CVE-2017-7947 - RESERVED +CVE-2017-7947 (NetApp Clustered Data ONTAP before 8.3.2P11, 9.0 before P4, and 9.1 ...) + TODO: check CVE-2016-10347 RESERVED CVE-2016-10346 @@ -13149,24 +13190,24 @@ RESERVED CVE-2017-6745 RESERVED -CVE-2017-6744 - RESERVED -CVE-2017-6743 - RESERVED -CVE-2017-6742 - RESERVED -CVE-2017-6741 - RESERVED -CVE-2017-6740 - RESERVED -CVE-2017-6739 - RESERVED -CVE-2017-6738 - RESERVED -CVE-2017-6737 - RESERVED -CVE-2017-6736 - RESERVED +CVE-2017-6744 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS ...) + TODO: check +CVE-2017-6743 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS ...) + TODO: check +CVE-2017-6742 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS ...) + TODO: check +CVE-2017-6741 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS ...) + TODO: check +CVE-2017-6740 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS ...) + TODO: check +CVE-2017-6739 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS ...) + TODO: check +CVE-2017-6738 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS ...) + TODO: check +CVE-2017-6737 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS ...) + TODO: check +CVE-2017-6736 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS ...) + TODO: check CVE-2017-6735 (A vulnerability in the backup and restore functionality of Cisco ...) NOT-FOR-US: Cisco CVE-2017-6734 (A vulnerability in the web-based management interface of Cisco Identity ...) @@ -35374,7 +35415,7 @@ RESERVED CVE-2016-1000223 RESERVED -CVE-2016-1000031 (Apache Commons FileUpload DiskFileItem File Manipulation Remote Code ...) +CVE-2016-1000031 (Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation ...) - libcommons-fileupload-java <unfixed> (unimportant) NOTE: https://www.tenable.com/security/research/tra-2016-12 NOTE: Marked as unimportant since even though the CVE is assigned for Apache Commons FileUpload _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits