Author: sectracker Date: 2017-07-19 09:10:15 +0000 (Wed, 19 Jul 2017) New Revision: 53653
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-07-19 09:03:24 UTC (rev 53652) +++ data/CVE/list 2017-07-19 09:10:15 UTC (rev 53653) @@ -1,3 +1,47 @@ +CVE-2017-11456 (Geneko GWR routers allow directory traversal sequences starting with a ...) + TODO: check +CVE-2017-11455 + RESERVED +CVE-2017-11454 + RESERVED +CVE-2017-11453 + RESERVED +CVE-2017-11452 + RESERVED +CVE-2017-11451 + RESERVED +CVE-2017-11450 (coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to ...) + TODO: check +CVE-2017-11449 (coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable ...) + TODO: check +CVE-2017-11448 (The ReadJPEGImage function in coders/jpeg.c in ImageMagick before ...) + TODO: check +CVE-2017-11447 (The ReadSCREENSHOTImage function in coders/screenshot.c in ImageMagick ...) + TODO: check +CVE-2017-11446 (The ReadPESImage function in coders\pes.c in ImageMagick 7.0.6-1 has an ...) + TODO: check +CVE-2017-11445 (Subrion CMS before 4.1.6 has a SQL injection vulnerability in ...) + TODO: check +CVE-2017-11444 (Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in ...) + TODO: check +CVE-2017-11443 + RESERVED +CVE-2017-11442 + RESERVED +CVE-2017-11441 (The WHM Upload Locale interface in cPanel before 56.0.51, 58.x before ...) + TODO: check +CVE-2017-11440 (In Sitecore 8.2, there is absolute path traversal via the ...) + TODO: check +CVE-2017-11439 (In Sitecore 8.2, there is reflected XSS in the ...) + TODO: check +CVE-2017-11438 + RESERVED +CVE-2017-11437 + RESERVED +CVE-2017-11436 (D-Link DIR-615 before v20.12PTb04 has a second admin account with a 0x1 ...) + TODO: check +CVE-2017-11435 (The Humax Wi-Fi Router model HG100R-* 2.0.6 is prone to an ...) + TODO: check CVE-2017-11434 [slirp: out-of-bounds read while parsing dhcp options] RESERVED - qemu <unfixed> @@ -45,18 +89,18 @@ NOT-FOR-US: Fiyo CMS CVE-2017-11412 (Fiyo CMS 2.0.7 has SQL injection in ...) NOT-FOR-US: Fiyo CMS -CVE-2017-11411 - RESERVED -CVE-2017-11410 - RESERVED -CVE-2017-11409 - RESERVED -CVE-2017-11408 - RESERVED -CVE-2017-11407 - RESERVED -CVE-2017-11406 - RESERVED +CVE-2017-11411 (In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the openSAFETY ...) + TODO: check +CVE-2017-11410 (In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the WBXML ...) + TODO: check +CVE-2017-11409 (In Wireshark 2.0.0 to 2.0.13, the GPRS LLC dissector could go into a ...) + TODO: check +CVE-2017-11408 (In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the AMQP dissector ...) + TODO: check +CVE-2017-11407 (In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the MQ dissector could ...) + TODO: check +CVE-2017-11406 (In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS dissector ...) + TODO: check CVE-2017-11405 (In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators ...) NOT-FOR-US: CMS Made Simple CVE-2017-11404 (In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators ...) @@ -159,6 +203,7 @@ CVE-2017-11361 (Inteno routers have a JUCI ACL misconfiguration that allows the "user" ...) NOT-FOR-US: Inteno routers CVE-2017-11360 (The ReadRLEImage function in coders\rle.c in ImageMagick 7.0.6-1 has a ...) + {DSA-3914-1} - imagemagick 8:6.9.7.4+dfsg-12 (bug #867808) NOTE: https://github.com/ImageMagick/ImageMagick/issues/518 NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/224bc946b24824a77e8e8c52ee07e9bc65796e30 @@ -686,6 +731,7 @@ CVE-2017-11171 (Bad reference counting in the context of accept_ice_connection() in ...) - gnome-session 2.30.0-1 CVE-2017-11170 (The ReadTGAImage function in coders\tga.c in ImageMagick 7.0.5-6 has a ...) + {DSA-3914-1} - imagemagick 8:6.9.7.4+dfsg-12 (low; bug #868184) NOTE: https://github.com/ImageMagick/ImageMagick/issues/472 CVE-2017-11169 @@ -865,7 +911,7 @@ CVE-2017-1000032 (Cross-Site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow ...) NOTE: Seems like a duplicate, contacted MITRE for rejection CVE-2017-1000031 (SQL injection vulnerability in graph_templates_inputs.php in Cacti ...) - - cacti <unfixed> + - cacti <unfixed> NOTE: https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-007/?fid=7789 CVE-2017-1000030 (Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is ...) - glassfish <not-affected> (Vulnerable code not included, see bug #853998) @@ -935,6 +981,7 @@ - fedmsg <unfixed> (bug #868508) NOTE: https://github.com/fedora-infra/fedmsg/commit/5c21cf88a CVE-2017-11141 (The ReadMATImage function in coders\mat.c in ImageMagick 7.0.5-6 has a ...) + {DSA-3914-1} - imagemagick 8:6.9.7.4+dfsg-12 (low; bug #868264) NOTE: https://github.com/ImageMagick/ImageMagick/issues/469 NOTE: https://github.com/ImageMagick/ImageMagick/commit/353b942bd83da7e1356ba99c942848bd1871ee9f @@ -1011,6 +1058,7 @@ [jessie] - imagemagick 8:6.8.9.9-5+deb8u10 NOTE: https://github.com/ImageMagick/ImageMagick/issues/519 CVE-2017-11188 (The ReadDPXImage function in coders\dpx.c in ImageMagick 7.0.6-0 has a ...) + {DSA-3914-1} - imagemagick 8:6.9.7.4+dfsg-12 (bug #867806) NOTE: https://github.com/ImageMagick/ImageMagick/issues/509 CVE-2017-11113 (In ncurses 6.0, there is a NULL Pointer Dereference in the ...) @@ -1565,6 +1613,7 @@ NOTE: https://github.com/radare/radare2/issues/7855 NOTE: https://github.com/radare/radare2/commit/c57997e76ec70862174a1b3b3aeb62a6f8570e85 CVE-2017-10928 (In ImageMagick 7.0.6-0, a heap-based buffer over-read in the ...) + {DSA-3914-1} - imagemagick 8:6.9.7.4+dfsg-12 (bug #867367) NOTE: https://github.com/ImageMagick/ImageMagick/issues/539 CVE-2017-10927 @@ -1806,8 +1855,8 @@ NOT-FOR-US: Odoo CVE-2017-10802 RESERVED -CVE-2017-10801 - RESERVED +CVE-2017-10801 (phpSocial (formerly phpDolphin) before 3.0.1 has XSS in the PATH_INFO ...) + TODO: check CVE-2017-10800 (When GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, it ...) - graphicsmagick 1.3.26-1 (bug #867060) [stretch] - graphicsmagick <no-dsa> (Minor issue) @@ -4904,12 +4953,12 @@ CVE-2017-9502 (In curl before 7.54.1 on Windows and DOS, libcurl's default protocol ...) - curl <not-affected> (Windows only) CVE-2017-9501 (In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the ...) - {DLA-1000-1} + {DSA-3914-1 DLA-1000-1} - imagemagick 8:6.9.7.4+dfsg-12 (low; bug #867721) NOTE: https://github.com/ImageMagick/ImageMagick/issues/491 NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/01843366d6a7b96e22ad7bb67f3df7d9fd4d5d74 CVE-2017-9500 (In ImageMagick 7.0.5-8 Q16, an assertion failure was found in the ...) - {DLA-1000-1} + {DSA-3914-1 DLA-1000-1} - imagemagick 8:6.9.7.4+dfsg-12 (low; bug #867778) NOTE: https://github.com/ImageMagick/ImageMagick/issues/500 NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/5d95b4c24a964114e2b1ae85c2b36769251ed11d @@ -5069,12 +5118,13 @@ CVE-2017-9441 (** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: BigTree CMS CVE-2017-9440 (In ImageMagick 7.0.5-5, a memory leak was found in the function ...) + {DSA-3914-1} - imagemagick 8:6.9.7.4+dfsg-12 (low; bug #864273) [wheezy] - imagemagick <not-affected> (vulnerable code not present) NOTE: https://github.com/ImageMagick/ImageMagick/issues/462 NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/c2be129c25763680afeca59f4de5d6d4240ca2cf CVE-2017-9439 (In ImageMagick 7.0.5-5, a memory leak was found in the function ...) - {DLA-1000-1} + {DSA-3914-1 DLA-1000-1} - imagemagick 8:6.9.7.4+dfsg-12 (low; bug #864274) NOTE: https://github.com/ImageMagick/ImageMagick/issues/460 NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/6c6abed989ea4a3ef472db65ab487c1809a3a718 @@ -5793,8 +5843,8 @@ RESERVED CVE-2017-9246 (New Relic .NET Agent before 6.3.123.0 adds SQL injection flaws to safe ...) NOT-FOR-US: New Relic .NET Agent -CVE-2017-9245 - RESERVED +CVE-2017-9245 (The Google News and Weather application before 3.3.1 for Android allows ...) + TODO: check CVE-2017-9244 RESERVED CVE-2017-9243 (Aries QWR-1104 Wireless-N Router with Firmware Version WRC.253.2.0913 ...) @@ -6151,6 +6201,7 @@ CVE-2017-9145 (TikiFilter.php in Tiki Wiki CMS Groupware 12.x through 16.x does not ...) - tikiwiki <removed> CVE-2017-11352 (In ImageMagick before 7.0.5-10, a crafted RLE image can trigger a crash ...) + {DSA-3914-1} - imagemagick 8:6.9.7.4+dfsg-12 (bug #868469) NOTE: https://github.com/ImageMagick/ImageMagick/issues/502 CVE-2017-9144 (In ImageMagick 7.0.5-5, a crafted RLE image can trigger a crash because ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits