Author: sectracker
Date: 2017-08-02 21:10:13 +0000 (Wed, 02 Aug 2017)
New Revision: 54212
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-08-02 21:09:59 UTC (rev 54211)
+++ data/CVE/list 2017-08-02 21:10:13 UTC (rev 54212)
@@ -1,3 +1,5 @@
+CVE-2016-10403
+ RESERVED
CVE-2107-XXXX [Bogusly large chunk sizes may cause assert]
- varnish <unfixed> (bug #870467)
[stretch] - varnish 5.0.0-7+deb9u1
@@ -1758,8 +1760,8 @@
RESERVED
CVE-2017-11495 (PHICOMM K2(PSG1218) devices V22.5.11.5 and earlier allow ...)
NOT-FOR-US: PHICOMM
-CVE-2017-11494
- RESERVED
+CVE-2017-11494 (SQL injection vulnerability in SOL.Connect ISET-mpp meter
1.2.4.2 and ...)
+ TODO: check
CVE-2017-11493
RESERVED
CVE-2017-11492
@@ -1898,12 +1900,10 @@
NOT-FOR-US: Sitecore
CVE-2017-11439 (In Sitecore 8.2, there is reflected XSS in the ...)
NOT-FOR-US: Sitecore
-CVE-2017-11438 [Projects in subgroups authorization bypass with SQL wildcards]
- RESERVED
+CVE-2017-11438 (GitLab Community Edition (CE) and Enterprise Edition (EE)
before ...)
- gitlab <not-affected> (Only affects 8.5 onwards)
NOTE: https://about.gitlab.com/2017/07/19/gitlab-9-dot-3-dot-8-released/
-CVE-2017-11437 [Unauthorized repository access by using project mirrors and CI]
- RESERVED
+CVE-2017-11437 (GitLab Enterprise Edition (EE) before 8.17.7, 9.0.11, 9.1.8,
9.2.8, ...)
- gitlab <not-affected> (Only affects Enterprise Edition)
NOTE: https://gitlab.com/gitlab-org/gitlab-ee/issues/2905
NOTE: https://about.gitlab.com/2017/07/19/gitlab-9-dot-3-dot-8-released/
@@ -2092,8 +2092,8 @@
RESERVED
CVE-2017-11365
RESERVED
-CVE-2017-11364
- RESERVED
+CVE-2017-11364 (The CMS installer in Joomla! before 3.7.4 does not verify a
user's ...)
+ TODO: check
CVE-2017-11363
RESERVED
CVE-2017-11362 (In PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ...)
@@ -2124,10 +2124,10 @@
NOTE: Upstream bug report https://sourceforge.net/p/sox/bugs/296/
CVE-2017-11357
RESERVED
-CVE-2017-11356
- RESERVED
-CVE-2017-11355
- RESERVED
+CVE-2017-11356 (The application distribution export functionality in PEGA
Platform 7.2 ...)
+ TODO: check
+CVE-2017-11355 (Multiple cross-site scripting (XSS) vulnerabilities in PEGA
Platform ...)
+ TODO: check
CVE-2017-11354 (Fiyo CMS v2.0.7 has an SQL injection vulnerability in ...)
NOT-FOR-US: Fiyo CMS
CVE-2017-11351
@@ -2220,8 +2220,7 @@
{DSA-3914-1}
- imagemagick 8:6.9.7.4+dfsg-12 (bug #867798)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/506
-CVE-2017-11334 [exec: oob access during dma operation]
- RESERVED
+CVE-2017-11334 (The address_space_write_continue function in exec.c in QEMU
(aka Quick ...)
- qemu <unfixed> (bug #869173)
- qemu-kvm <removed>
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg03775.html
@@ -3752,8 +3751,7 @@
RESERVED
CVE-2017-10808
RESERVED
-CVE-2017-10806 [usb-redirect: stack buffer overflow in debug logging]
- RESERVED
+CVE-2017-10806 (Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka
Quick ...)
- qemu <unfixed> (bug #867751)
[stretch] - qemu <no-dsa> (Minor issue)
[jessie] - qemu <no-dsa> (Minor issue)
@@ -4127,8 +4125,7 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1465756
CVE-2017-9997
RESERVED
-CVE-2017-10664 [qemu-nbd: server breaks with SIGPIPE upon client abort]
- RESERVED
+CVE-2017-10664 (qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE,
which ...)
{DSA-3920-1}
- qemu <unfixed> (bug #866674)
[jessie] - qemu <no-dsa> (Minor issue)
@@ -6231,10 +6228,10 @@
NOTE: https://caml.inria.fr/mantis/view.php?id=7557
CVE-2017-9771 (install\save.php in WebsiteBaker v2.10.0 allows remote
attackers to ...)
NOT-FOR-US: WebsiteBaker
-CVE-2017-9770
- RESERVED
-CVE-2017-9769
- RESERVED
+CVE-2017-9770 (A specially crafted IOCTL can be issued to the rzpnk.sys driver
in ...)
+ TODO: check
+CVE-2017-9769 (A specially crafted IOCTL can be issued to the rzpnk.sys driver
in ...)
+ TODO: check
CVE-2017-9768
RESERVED
CVE-2017-9767
@@ -7185,8 +7182,8 @@
- irssi 1.0.3-1 (bug #864400)
NOTE:
https://github.com/irssi/irssi/commit/528f51bfbe5c65c5b24546faa244009dd5b3c586
NOTE: https://irssi.org/security/irssi_sa_2017_06.txt
-CVE-2017-9467
- RESERVED
+CVE-2017-9467 (Cross-site scripting (XSS) vulnerability in the GlobalProtect
external ...)
+ TODO: check
CVE-2017-9466 (The executable httpd on the TP-Link WR841N V8 router before ...)
NOT-FOR-US: TP-Link
CVE-2017-9465 (The yr_arena_write_data function in YARA 3.6.1 allows remote
attackers ...)
@@ -7201,8 +7198,8 @@
- piwigo <removed>
CVE-2017-9460
RESERVED
-CVE-2017-9459
- RESERVED
+CVE-2017-9459 (Cross-site scripting (XSS) vulnerability in the management web
...)
+ TODO: check
CVE-2017-9458
RESERVED
CVE-2017-9457 (Intense PC (aka MintBox 2) Phoenix SecureCore UEFI firmware
does not ...)
@@ -8003,14 +8000,14 @@
NOT-FOR-US: Allen Disk
CVE-2017-9248 (Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX
before R2 ...)
NOT-FOR-US: Progress Telerik UI for ASP.NET AJAX
-CVE-2017-9247
- RESERVED
+CVE-2017-9247 (Multiple unquoted Windows search path vulnerabilities in Sierra
...)
+ TODO: check
CVE-2017-9246 (New Relic .NET Agent before 6.3.123.0 adds SQL injection flaws
to safe ...)
NOT-FOR-US: New Relic .NET Agent
CVE-2017-9245 (The Google News and Weather application before 3.3.1 for
Android allows ...)
NOT-FOR-US: Google News and Weather application for Android
-CVE-2017-9244
- RESERVED
+CVE-2017-9244 (Cross-site scripting (XSS) vulnerability in the Trello app
before ...)
+ TODO: check
CVE-2017-9243 (Aries QWR-1104 Wireless-N Router with Firmware Version
WRC.253.2.0913 ...)
NOT-FOR-US: Aries QWR-1104 Wireless-N Router
CVE-2015-9059 (picocom before 2.0 has a command injection vulnerability in the
'send ...)
@@ -10355,8 +10352,8 @@
NOTE: Introduced by:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=3239a4231ff79bf8b67b8faaf414b1667486167c
CVE-2017-8391 (The OS Installation Management component in CA Client
Automation r12.9, ...)
NOT-FOR-US: OS Installation Management component in CA Client Automation
-CVE-2017-8390
- RESERVED
+CVE-2017-8390 (The DNS Proxy in Palo Alto Networks PAN-OS before 6.1.18, 7.x
before ...)
+ TODO: check
CVE-2017-8389
RESERVED
CVE-2017-8388 (GeniXCMS 1.0.2 allows remote attackers to bypass the
alertDanger ...)
@@ -11812,8 +11809,7 @@
NOTE: So far only Apple's compiler has been shown to apply the
problematic optimization, fixed in 0.5.3.1 upstream
CVE-2017-7891 (sourcebans-pp (SourceBans++) 1.5.4.7 has XSS in admin.comms.php
via the ...)
NOT-FOR-US: SourceBans++
-CVE-2017-7890 [Buffer over-read into uninitialized memory]
- RESERVED
+CVE-2017-7890 (The GIF decoding function gdImageCreateFromGifCtx in
gd_gif_in.c in ...)
- php7.1 <unfixed> (unimportant)
- php7.0 <unfixed> (unimportant)
- php5 <removed> (unimportant)
@@ -12646,8 +12642,8 @@
NOT-FOR-US: Management Web Interface in Palo Alto Networks PAN-OS
CVE-2017-7643 (Proxifier for Mac before 2.19 allows local users to gain
privileges ...)
NOT-FOR-US: Proxifier for Mac
-CVE-2017-7642
- RESERVED
+CVE-2017-7642 (The sudo helper in the HashiCorp Vagrant VMware Fusion plugin
(aka ...)
+ TODO: check
CVE-2017-7641
RESERVED
CVE-2017-7640
@@ -24334,8 +24330,8 @@
NOT-FOR-US: IBM
CVE-2016-9982 (IBM Sterling B2B Integrator Standard Edition 5.2 could allow an
...)
NOT-FOR-US: IBM
-CVE-2016-9981
- RESERVED
+CVE-2016-9981 (IBM AppScan Enterprise Edition 9.0 contains an unspecified ...)
+ TODO: check
CVE-2016-9980 (IBM Curam Social Program Management 5.2, 6.0, and 7.0 is
vulnerable to ...)
NOT-FOR-US: IBM
CVE-2016-9979 (IBM Curam Social Program Management 5.2, 6.0, and 7.0 is
vulnerable to ...)
@@ -28775,28 +28771,28 @@
NOT-FOR-US: mcollective-puppet-agent plugin on Windows
CVE-2017-2289
RESERVED
-CVE-2017-2288
- RESERVED
-CVE-2017-2287
- RESERVED
-CVE-2017-2286
- RESERVED
-CVE-2017-2285
- RESERVED
-CVE-2017-2284
- RESERVED
-CVE-2017-2283
- RESERVED
-CVE-2017-2282
- RESERVED
-CVE-2017-2281
- RESERVED
-CVE-2017-2280
- RESERVED
-CVE-2017-2279
- RESERVED
-CVE-2017-2278
- RESERVED
+CVE-2017-2288 (Untrusted search path vulnerability in LhaForge Ver.1.6.5 and
earlier ...)
+ TODO: check
+CVE-2017-2287 (Untrusted search path vulnerability in NFC Port Software
remover ...)
+ TODO: check
+CVE-2017-2286 (Untrusted search path vulnerability in NFC Port Software
Version ...)
+ TODO: check
+CVE-2017-2285 (Cross-site scripting vulnerability in Simple Custom CSS and JS
prior ...)
+ TODO: check
+CVE-2017-2284 (Cross-site scripting vulnerability in Popup Maker prior to
version ...)
+ TODO: check
+CVE-2017-2283 (WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded ...)
+ TODO: check
+CVE-2017-2282 (Buffer overflow in WN-AX1167GR firmware version 3.00 and
earlier ...)
+ TODO: check
+CVE-2017-2281 (WN-AX1167GR firmware version 3.00 and earlier allows an
attacker to ...)
+ TODO: check
+CVE-2017-2280 (WN-AX1167GR firmware version 3.00 and earlier uses hardcoded
...)
+ TODO: check
+CVE-2017-2279 (Untrusted search path vulnerability in Tween Ver1.6.6.0 and
earlier ...)
+ TODO: check
+CVE-2017-2278 (The RBB SPEED TEST App for Android version 2.0.3 and earlier,
RBB ...)
+ TODO: check
CVE-2017-2277 (WG-C10 v3.0.79 and earlier allows an attacker to bypass access
...)
NOT-FOR-US: WG-C10
CVE-2017-2276 (Buffer overflow in WG-C10 v3.0.79 and earlier allows an
attacker to ...)
@@ -29075,8 +29071,8 @@
NOT-FOR-US: Tablacus Explorer
CVE-2017-2139 (CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and
v3), ...)
NOT-FOR-US: CS-Cart
-CVE-2017-2138
- RESERVED
+CVE-2017-2138 (Cross-site request forgery (CSRF) vulnerability in CS-Cart
Japanese ...)
+ TODO: check
CVE-2017-2137 (ProSAFE Plus Configuration Utility prior to 2.3.29 allows
remote ...)
NOT-FOR-US: ProSAFE Plus Configuration Utility
CVE-2017-2136 (Cross-site scripting vulnerability in WP Statistics version
12.0.4 and ...)
@@ -30351,7 +30347,7 @@
RESERVED
CVE-2017-1501
RESERVED
-CVE-2017-1500 (IBM Worklight 6.1, 6.2, 6.3, 7.0, 7.1, and 8.0 is vulnerable to
...)
+CVE-2017-1500 (A Reflected Cross Site Scripting (XSS) vulnerability exists in
the ...)
NOT-FOR-US: IBM
CVE-2017-1499
RESERVED
@@ -30361,8 +30357,8 @@
RESERVED
CVE-2017-1496 (IBM Sterling B2B Integrator Standard Edition 5.2.x is
vulnerable to ...)
NOT-FOR-US: IBM
-CVE-2017-1495
- RESERVED
+CVE-2017-1495 (IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could
allow a ...)
+ TODO: check
CVE-2017-1494
RESERVED
CVE-2017-1493
@@ -30415,10 +30411,10 @@
RESERVED
CVE-2017-1469
RESERVED
-CVE-2017-1468
- RESERVED
-CVE-2017-1467
- RESERVED
+CVE-2017-1468 (IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could
allow a ...)
+ TODO: check
+CVE-2017-1467 (A network layer security vulnerability in InfoSphere
Information ...)
+ TODO: check
CVE-2017-1466
RESERVED
CVE-2017-1465
@@ -30585,8 +30581,8 @@
RESERVED
CVE-2017-1384
RESERVED
-CVE-2017-1383
- RESERVED
+CVE-2017-1383 (IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is
vulnerable to ...)
+ TODO: check
CVE-2017-1382 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 might
create ...)
NOT-FOR-US: IBM
CVE-2017-1381 (IBM WebSphere Application Server Proxy Server or
On-demand-router ...)
@@ -31115,8 +31111,8 @@
NOT-FOR-US: IBM
CVE-2017-1119
RESERVED
-CVE-2017-1118
- RESERVED
+CVE-2017-1118 (IBM WebSphere MQ Internet Pass-Thru 2.0 and 2.1 could allow n
attacker ...)
+ TODO: check
CVE-2017-1117 (IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user
to ...)
NOT-FOR-US: IBM
CVE-2017-1116
@@ -39629,10 +39625,10 @@
REJECTED
CVE-2016-7846
REJECTED
-CVE-2016-7845
- RESERVED
-CVE-2016-7844
- RESERVED
+CVE-2016-7845 (GigaCC OFFICE ver.2.3 and earlier allows remote attackers to
upload ...)
+ TODO: check
+CVE-2016-7844 (GigaCC OFFICE ver.2.3 and earlier allows remote attackers to
execute ...)
+ TODO: check
CVE-2016-7843 (Directory traversal vulnerability in AttacheCase for Java 0.60
and ...)
NOT-FOR-US: AttacheCase
CVE-2016-7842 (Directory traversal vulnerability in AttacheCase 2.8.2.8 and
earlier ...)
@@ -39698,8 +39694,8 @@
NOT-FOR-US: I-O DATA DEVICE
CVE-2016-7813 (Cross-site scripting vulnerability in DERAEMON-CMS version
0.8.9 and ...)
NOT-FOR-US: DERAEMON-CMS
-CVE-2016-7812
- RESERVED
+CVE-2016-7812 (The Bank of Tokyo-Mitsubishi UFJ, Ltd. App for Android
ver5.3.1, ...)
+ TODO: check
CVE-2016-7811 (Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows an
attacker ...)
NOT-FOR-US: Corega
CVE-2016-7810 (Cross-site scripting vulnerability in Corega CG-WLR300NX
firmware Ver. ...)
@@ -66020,8 +66016,8 @@
RESERVED
CVE-2015-8265 (Huawei Mobile WiFi E5151 routers with software before ...)
NOT-FOR-US: Huawei
-CVE-2015-8264
- RESERVED
+CVE-2015-8264 (Untrusted search path vulnerability in F-Secure Online Scanner
allows ...)
+ TODO: check
CVE-2015-8263 (NETGEAR WNR1000v3 devices with firmware 1.0.2.68 use the same
source ...)
NOT-FOR-US: NETGEAR
CVE-2015-8262 (Buffalo WZR-600DHP2 devices with firmware 2.09, 2.13, and 2.16
use an ...)
@@ -67128,8 +67124,8 @@
NOT-FOR-US: Samsung
CVE-2015-7892
RESERVED
-CVE-2015-7891
- RESERVED
+CVE-2015-7891 (Race condition in the ioctl implementation in the Samsung
Graphics 2D ...)
+ TODO: check
CVE-2015-7890
RESERVED
CVE-2015-7889
@@ -74732,8 +74728,7 @@
RESERVED
CVE-2015-5204 (CRLF injection vulnerability in the Apache Cordova File
Transfer ...)
NOT-FOR-US: Apache Cordova Android File Transfer Plugin
-CVE-2015-5203 [double free triggered by jasper_image_stop_load function]
- RESERVED
+CVE-2015-5203 (Double free vulnerability in the jasper_image_stop_load
function in ...)
- jasper <removed> (bug #796107)
[jessie] - jasper <no-dsa> (Minor issue)
[wheezy] - jasper <no-dsa> (Minor issue)
@@ -76823,9 +76818,9 @@
NOT-FOR-US: WordPress plugin zM Ajax Login & Register
CVE-2015-4464
RESERVED
-CVE-2015-4463 (Unrestricted file upload vulnerability in eFront CMS before
3.6.15.5 ...)
+CVE-2015-4463 (The file_manager component in eFront CMS before 3.6.15.5 allows
remote ...)
NOT-FOR-US: eFront CMS
-CVE-2015-4462 (Unrestricted file upload vulnerability in eFront CMS before
3.6.15.5 ...)
+CVE-2015-4462 (Absolute path traversal vulnerability in the file_manager
component of ...)
NOT-FOR-US: eFront CMS
CVE-2015-4461
RESERVED
@@ -79137,8 +79132,8 @@
NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/8
CVE-2015-3643
RESERVED
-CVE-2015-3642
- RESERVED
+CVE-2015-3642 (The TLS and DTLS processing functionality in Citrix NetScaler
...)
+ TODO: check
CVE-2015-3641
RESERVED
CVE-2015-3640 (phpMyBackupPro 2.5 and earlier does not properly escape the
"." ...)
@@ -82159,8 +82154,8 @@
NOT-FOR-US: AdBlock
CVE-2015-2691
RESERVED
-CVE-2015-2690
- RESERVED
+CVE-2015-2690 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
CVE-2015-2704 (realmd allows remote attackers to inject arbitrary
configurations in ...)
- realmd 0.16.0-1 (bug #781179)
[jessie] - realmd <no-dsa> (Minor issue)
@@ -82552,8 +82547,8 @@
NOT-FOR-US: Joomla component com_ecommercewd
CVE-2015-2561
RESERVED
-CVE-2015-2560
- RESERVED
+CVE-2015-2560 (Manage Engine Desktop Central 9 before build 90135 allows
remote ...)
+ TODO: check
CVE-2015-2558 (Use-after-free vulnerability in Microsoft Excel 2007 SP3, Excel
2010 ...)
NOT-FOR-US: Microsoft
CVE-2015-2557 (Buffer overflow in Microsoft Visio 2007 SP3 and 2010 SP2 allows
remote ...)
@@ -87071,8 +87066,8 @@
NOT-FOR-US: Exponent CMS
CVE-2015-1176 (Cross-site scripting (XSS) vulnerability in
upload/scp/tickets.php in ...)
NOT-FOR-US: osTicket
-CVE-2015-1174
- RESERVED
+CVE-2015-1174 (Session fixation vulnerability in Unit4 Polska TETA Web
(formerly TETA ...)
+ TODO: check
CVE-2015-1173 (Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 does
not ...)
NOT-FOR-US: Unit4 Polska TETA Web
CVE-2015-1172 (Unrestricted file upload vulnerability in admin/upload-file.php
in the ...)
@@ -88423,8 +88418,7 @@
{DSA-3217-1 DLA-220-1}
- dpkg 1.17.25
NOTE: Ubuntu fix for 1.15.x (version in squeeze):
http://launchpadlibrarian.net/202647129/dpkg_1.15.5.6ubuntu4.9_1.15.5.6ubuntu4.10.diff.gz
-CVE-2015-0839 [hp-plugin binary driver verification]
- RESERVED
+CVE-2015-0839 (The hp-plugin utility in HP Linux Imaging and Printing (HPLIP)
makes ...)
{DLA-775-1}
- hplip 3.15.11+repack0-1 (bug #787353; bug #796015)
[jessie] - hplip 3.14.6-1+deb8u1
@@ -92081,8 +92075,8 @@
NOT-FOR-US: IBM
CVE-2015-0195 (Cross-site scripting (XSS) vulnerability in IBM Content
Template ...)
NOT-FOR-US: IBM
-CVE-2015-0194
- RESERVED
+CVE-2015-0194 (XML External Entity (XXE) vulnerability in IBM Sterling B2B
Integrator ...)
+ TODO: check
CVE-2015-0193 (Cross-site scripting (XSS) vulnerability in IBM Business
Process ...)
NOT-FOR-US: IBM Business Process Manager
CVE-2015-0192 (Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before
SR2 ...)
@@ -92667,8 +92661,8 @@
RESERVED
CVE-2014-8904 (lquerylv in cmdlvm in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x
allows ...)
NOT-FOR-US: IBM AIX, VIOS
-CVE-2014-8903
- RESERVED
+CVE-2014-8903 (IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4
before ...)
+ TODO: check
CVE-2014-8902 (Cross-site scripting (XSS) vulnerability in the Blog Portlet in
IBM ...)
NOT-FOR-US: IBM WebSphere Portal
CVE-2014-8901 (IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5,
10.1 ...)
@@ -139488,8 +139482,8 @@
NOT-FOR-US: Cisco IOS
CVE-2012-5031
RESERVED
-CVE-2012-5030
- RESERVED
+CVE-2012-5030 (Cisco IOS before 15.2(4)S6 does not initialize an unspecified
...)
+ TODO: check
CVE-2012-5029
RESERVED
CVE-2012-5028
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
