Author: sectracker
Date: 2017-07-19 09:10:15 +0000 (Wed, 19 Jul 2017)
New Revision: 53653
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-07-19 09:03:24 UTC (rev 53652)
+++ data/CVE/list 2017-07-19 09:10:15 UTC (rev 53653)
@@ -1,3 +1,47 @@
+CVE-2017-11456 (Geneko GWR routers allow directory traversal sequences
starting with a ...)
+ TODO: check
+CVE-2017-11455
+ RESERVED
+CVE-2017-11454
+ RESERVED
+CVE-2017-11453
+ RESERVED
+CVE-2017-11452
+ RESERVED
+CVE-2017-11451
+ RESERVED
+CVE-2017-11450 (coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote
attackers to ...)
+ TODO: check
+CVE-2017-11449 (coders/mpc.c in ImageMagick before 7.0.6-1 does not enable
seekable ...)
+ TODO: check
+CVE-2017-11448 (The ReadJPEGImage function in coders/jpeg.c in ImageMagick
before ...)
+ TODO: check
+CVE-2017-11447 (The ReadSCREENSHOTImage function in coders/screenshot.c in
ImageMagick ...)
+ TODO: check
+CVE-2017-11446 (The ReadPESImage function in coders\pes.c in ImageMagick
7.0.6-1 has an ...)
+ TODO: check
+CVE-2017-11445 (Subrion CMS before 4.1.6 has a SQL injection vulnerability in
...)
+ TODO: check
+CVE-2017-11444 (Subrion CMS before 4.1.5.10 has a SQL injection vulnerability
in ...)
+ TODO: check
+CVE-2017-11443
+ RESERVED
+CVE-2017-11442
+ RESERVED
+CVE-2017-11441 (The WHM Upload Locale interface in cPanel before 56.0.51, 58.x
before ...)
+ TODO: check
+CVE-2017-11440 (In Sitecore 8.2, there is absolute path traversal via the ...)
+ TODO: check
+CVE-2017-11439 (In Sitecore 8.2, there is reflected XSS in the ...)
+ TODO: check
+CVE-2017-11438
+ RESERVED
+CVE-2017-11437
+ RESERVED
+CVE-2017-11436 (D-Link DIR-615 before v20.12PTb04 has a second admin account
with a 0x1 ...)
+ TODO: check
+CVE-2017-11435 (The Humax Wi-Fi Router model HG100R-* 2.0.6 is prone to an ...)
+ TODO: check
CVE-2017-11434 [slirp: out-of-bounds read while parsing dhcp options]
RESERVED
- qemu <unfixed>
@@ -45,18 +89,18 @@
NOT-FOR-US: Fiyo CMS
CVE-2017-11412 (Fiyo CMS 2.0.7 has SQL injection in ...)
NOT-FOR-US: Fiyo CMS
-CVE-2017-11411
- RESERVED
-CVE-2017-11410
- RESERVED
-CVE-2017-11409
- RESERVED
-CVE-2017-11408
- RESERVED
-CVE-2017-11407
- RESERVED
-CVE-2017-11406
- RESERVED
+CVE-2017-11411 (In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the
openSAFETY ...)
+ TODO: check
+CVE-2017-11410 (In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the WBXML
...)
+ TODO: check
+CVE-2017-11409 (In Wireshark 2.0.0 to 2.0.13, the GPRS LLC dissector could go
into a ...)
+ TODO: check
+CVE-2017-11408 (In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the AMQP
dissector ...)
+ TODO: check
+CVE-2017-11407 (In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the MQ
dissector could ...)
+ TODO: check
+CVE-2017-11406 (In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS
dissector ...)
+ TODO: check
CVE-2017-11405 (In CMS Made Simple (CMSMS) 2.2.2, remote authenticated
administrators ...)
NOT-FOR-US: CMS Made Simple
CVE-2017-11404 (In CMS Made Simple (CMSMS) 2.2.2, remote authenticated
administrators ...)
@@ -159,6 +203,7 @@
CVE-2017-11361 (Inteno routers have a JUCI ACL misconfiguration that allows
the "user" ...)
NOT-FOR-US: Inteno routers
CVE-2017-11360 (The ReadRLEImage function in coders\rle.c in ImageMagick
7.0.6-1 has a ...)
+ {DSA-3914-1}
- imagemagick 8:6.9.7.4+dfsg-12 (bug #867808)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/518
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/224bc946b24824a77e8e8c52ee07e9bc65796e30
@@ -686,6 +731,7 @@
CVE-2017-11171 (Bad reference counting in the context of
accept_ice_connection() in ...)
- gnome-session 2.30.0-1
CVE-2017-11170 (The ReadTGAImage function in coders\tga.c in ImageMagick
7.0.5-6 has a ...)
+ {DSA-3914-1}
- imagemagick 8:6.9.7.4+dfsg-12 (low; bug #868184)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/472
CVE-2017-11169
@@ -865,7 +911,7 @@
CVE-2017-1000032 (Cross-Site scripting (XSS) vulnerabilities in Cacti 0.8.8b
allow ...)
NOTE: Seems like a duplicate, contacted MITRE for rejection
CVE-2017-1000031 (SQL injection vulnerability in graph_templates_inputs.php in
Cacti ...)
- - cacti <unfixed>
+ - cacti <unfixed>
NOTE:
https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-007/?fid=7789
CVE-2017-1000030 (Oracle, GlassFish Server Open Source Edition 3.0.1 (build
22) is ...)
- glassfish <not-affected> (Vulnerable code not included, see bug
#853998)
@@ -935,6 +981,7 @@
- fedmsg <unfixed> (bug #868508)
NOTE: https://github.com/fedora-infra/fedmsg/commit/5c21cf88a
CVE-2017-11141 (The ReadMATImage function in coders\mat.c in ImageMagick
7.0.5-6 has a ...)
+ {DSA-3914-1}
- imagemagick 8:6.9.7.4+dfsg-12 (low; bug #868264)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/469
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/353b942bd83da7e1356ba99c942848bd1871ee9f
@@ -1011,6 +1058,7 @@
[jessie] - imagemagick 8:6.8.9.9-5+deb8u10
NOTE: https://github.com/ImageMagick/ImageMagick/issues/519
CVE-2017-11188 (The ReadDPXImage function in coders\dpx.c in ImageMagick
7.0.6-0 has a ...)
+ {DSA-3914-1}
- imagemagick 8:6.9.7.4+dfsg-12 (bug #867806)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/509
CVE-2017-11113 (In ncurses 6.0, there is a NULL Pointer Dereference in the ...)
@@ -1565,6 +1613,7 @@
NOTE: https://github.com/radare/radare2/issues/7855
NOTE:
https://github.com/radare/radare2/commit/c57997e76ec70862174a1b3b3aeb62a6f8570e85
CVE-2017-10928 (In ImageMagick 7.0.6-0, a heap-based buffer over-read in the
...)
+ {DSA-3914-1}
- imagemagick 8:6.9.7.4+dfsg-12 (bug #867367)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/539
CVE-2017-10927
@@ -1806,8 +1855,8 @@
NOT-FOR-US: Odoo
CVE-2017-10802
RESERVED
-CVE-2017-10801
- RESERVED
+CVE-2017-10801 (phpSocial (formerly phpDolphin) before 3.0.1 has XSS in the
PATH_INFO ...)
+ TODO: check
CVE-2017-10800 (When GraphicsMagick 1.3.25 processes a MATLAB image in
coders/mat.c, it ...)
- graphicsmagick 1.3.26-1 (bug #867060)
[stretch] - graphicsmagick <no-dsa> (Minor issue)
@@ -4904,12 +4953,12 @@
CVE-2017-9502 (In curl before 7.54.1 on Windows and DOS, libcurl's default
protocol ...)
- curl <not-affected> (Windows only)
CVE-2017-9501 (In ImageMagick 7.0.5-7 Q16, an assertion failure was found in
the ...)
- {DLA-1000-1}
+ {DSA-3914-1 DLA-1000-1}
- imagemagick 8:6.9.7.4+dfsg-12 (low; bug #867721)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/491
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/01843366d6a7b96e22ad7bb67f3df7d9fd4d5d74
CVE-2017-9500 (In ImageMagick 7.0.5-8 Q16, an assertion failure was found in
the ...)
- {DLA-1000-1}
+ {DSA-3914-1 DLA-1000-1}
- imagemagick 8:6.9.7.4+dfsg-12 (low; bug #867778)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/500
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/5d95b4c24a964114e2b1ae85c2b36769251ed11d
@@ -5069,12 +5118,13 @@
CVE-2017-9441 (** DISPUTED ** Multiple cross-site scripting (XSS)
vulnerabilities in ...)
NOT-FOR-US: BigTree CMS
CVE-2017-9440 (In ImageMagick 7.0.5-5, a memory leak was found in the function
...)
+ {DSA-3914-1}
- imagemagick 8:6.9.7.4+dfsg-12 (low; bug #864273)
[wheezy] - imagemagick <not-affected> (vulnerable code not present)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/462
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/c2be129c25763680afeca59f4de5d6d4240ca2cf
CVE-2017-9439 (In ImageMagick 7.0.5-5, a memory leak was found in the function
...)
- {DLA-1000-1}
+ {DSA-3914-1 DLA-1000-1}
- imagemagick 8:6.9.7.4+dfsg-12 (low; bug #864274)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/460
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/6c6abed989ea4a3ef472db65ab487c1809a3a718
@@ -5793,8 +5843,8 @@
RESERVED
CVE-2017-9246 (New Relic .NET Agent before 6.3.123.0 adds SQL injection flaws
to safe ...)
NOT-FOR-US: New Relic .NET Agent
-CVE-2017-9245
- RESERVED
+CVE-2017-9245 (The Google News and Weather application before 3.3.1 for
Android allows ...)
+ TODO: check
CVE-2017-9244
RESERVED
CVE-2017-9243 (Aries QWR-1104 Wireless-N Router with Firmware Version
WRC.253.2.0913 ...)
@@ -6151,6 +6201,7 @@
CVE-2017-9145 (TikiFilter.php in Tiki Wiki CMS Groupware 12.x through 16.x
does not ...)
- tikiwiki <removed>
CVE-2017-11352 (In ImageMagick before 7.0.5-10, a crafted RLE image can
trigger a crash ...)
+ {DSA-3914-1}
- imagemagick 8:6.9.7.4+dfsg-12 (bug #868469)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/502
CVE-2017-9144 (In ImageMagick 7.0.5-5, a crafted RLE image can trigger a crash
because ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
