Author: sectracker Date: 2017-08-22 21:10:39 +0000 (Tue, 22 Aug 2017) New Revision: 54972
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-08-22 18:46:02 UTC (rev 54971) +++ data/CVE/list 2017-08-22 21:10:39 UTC (rev 54972) @@ -1,3 +1,123 @@ +CVE-2017-13126 + RESERVED +CVE-2017-13125 + RESERVED +CVE-2017-13124 + RESERVED +CVE-2017-13123 + RESERVED +CVE-2017-13122 + RESERVED +CVE-2017-13121 + RESERVED +CVE-2017-13120 + RESERVED +CVE-2017-13119 + RESERVED +CVE-2017-13118 + RESERVED +CVE-2017-13117 + RESERVED +CVE-2017-13116 + RESERVED +CVE-2017-13115 + RESERVED +CVE-2017-13114 + RESERVED +CVE-2017-13113 + RESERVED +CVE-2017-13112 + RESERVED +CVE-2017-13111 + RESERVED +CVE-2017-13110 + RESERVED +CVE-2017-13109 + RESERVED +CVE-2017-13108 + RESERVED +CVE-2017-13107 + RESERVED +CVE-2017-13106 + RESERVED +CVE-2017-13105 + RESERVED +CVE-2017-13104 + RESERVED +CVE-2017-13103 + RESERVED +CVE-2017-13102 + RESERVED +CVE-2017-13101 + RESERVED +CVE-2017-13100 + RESERVED +CVE-2017-13099 + RESERVED +CVE-2017-13098 + RESERVED +CVE-2017-13097 + RESERVED +CVE-2017-13096 + RESERVED +CVE-2017-13095 + RESERVED +CVE-2017-13094 + RESERVED +CVE-2017-13093 + RESERVED +CVE-2017-13092 + RESERVED +CVE-2017-13091 + RESERVED +CVE-2017-13090 + RESERVED +CVE-2017-13089 + RESERVED +CVE-2017-13088 + RESERVED +CVE-2017-13087 + RESERVED +CVE-2017-13086 + RESERVED +CVE-2017-13085 + RESERVED +CVE-2017-13084 + RESERVED +CVE-2017-13083 + RESERVED +CVE-2017-13082 + RESERVED +CVE-2017-13081 + RESERVED +CVE-2017-13080 + RESERVED +CVE-2017-13079 + RESERVED +CVE-2017-13078 + RESERVED +CVE-2017-13077 + RESERVED +CVE-2017-13076 + RESERVED +CVE-2017-13075 + RESERVED +CVE-2017-13074 + RESERVED +CVE-2017-13073 + RESERVED +CVE-2017-13072 + RESERVED +CVE-2017-13071 + RESERVED +CVE-2017-13070 + RESERVED +CVE-2017-13069 + RESERVED +CVE-2017-13068 + RESERVED +CVE-2017-13067 + RESERVED CVE-2017-13066 (GraphicsMagick 1.3.26 has a memory leak vulnerability in the function ...) - graphicsmagick <unfixed> (unimportant) NOTE: https://sourceforge.net/p/graphicsmagick/bugs/430/ @@ -1136,8 +1256,7 @@ RESERVED CVE-2017-12844 RESERVED -CVE-2017-12843 [dlist: don't allow overwrite of arbitrary files] - RESERVED +CVE-2017-12843 (Cyrus IMAP before 3.0.3 allows remote authenticated users to write to ...) - cyrus-imapd <not-affected> (Vulnerable code introduced later) - cyrus-imapd-2.4 <not-affected> (Vulnerable code introduced later) NOTE: https://github.com/cyrusimap/cyrus-imapd/commit/d734a23122155f3522a8cb6aef118223aa73cde0 @@ -1268,12 +1387,12 @@ RESERVED CVE-2017-12788 RESERVED -CVE-2017-12787 - RESERVED -CVE-2017-12786 - RESERVED -CVE-2017-12785 - RESERVED +CVE-2017-12787 (A network interface of the novi_process_manager_daemon service, ...) + TODO: check +CVE-2017-12786 (Network interfaces of the cliengine and noviengine services, included ...) + TODO: check +CVE-2017-12785 (The novish command-line interface, included in the NoviWare software ...) + TODO: check CVE-2017-12784 (In Youngzsoft CCFile (aka CC File Transfer) 3.6, by sending a crafted ...) NOT-FOR-US: Youngzsoft CCFile CVE-2017-12783 @@ -15883,8 +16002,7 @@ RESERVED CVE-2017-7558 RESERVED -CVE-2017-7557 [Alteration of ACLs via API authentication bypass] - RESERVED +CVE-2017-7557 (dnsdist version 1.1.0 is vulnerable to a flaw in authentication ...) - dnsdist 1.2.0-1 (low; bug #872854) [stretch] - dnsdist <no-dsa> (Minor issue) NOTE: https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2017-02.html @@ -24555,8 +24673,7 @@ - icoutils 0.31.1-1 NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=4fbe9222fd79ee31b7ec031b0be070a9a400d1d3 NOTE: http://www.openwall.com/lists/oss-security/2017/01/10/4 -CVE-2017-5208 [wrestool: exploitable crash] - RESERVED +CVE-2017-5208 (Integer overflow in the wrestool program in icoutils before 0.31.1 ...) {DSA-3756-1 DLA-789-1} - icoutils 0.31.0-4 (bug #850017) NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=0d569f458f306b88f60156d60c9cf058125cf173 @@ -33571,8 +33688,8 @@ RESERVED CVE-2017-1423 RESERVED -CVE-2017-1422 - RESERVED +CVE-2017-1422 (IBM MaaS360 DTM all versions up to 3.81 does not perform proper ...) + TODO: check CVE-2017-1421 RESERVED CVE-2017-1420 @@ -47258,11 +47375,9 @@ NOTE: https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html CVE-2016-6312 (The mod_dontdothat component of the mod_dav_svn Apache module in ...) - apr-util <not-affected> (RHEL-5.11 specific regression) -CVE-2016-6311 - RESERVED +CVE-2016-6311 (Get requests in JBoss Enterprise Application Platform (EAP) 7 ...) NOT-FOR-US: WildFly / Red Hat JBoss EAP -CVE-2016-6310 - RESERVED +CVE-2016-6310 (oVirt Engine discloses the ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD in ...) NOT-FOR-US: ovirt-engine CVE-2016-6309 (statem/statem.c in OpenSSL 1.1.0a does not consider memory-block ...) [experimental] - openssl 1.1.0b-1 @@ -54021,8 +54136,8 @@ RESERVED CVE-2016-4461 RESERVED -CVE-2016-4460 - RESERVED +CVE-2016-4460 (Apache Pony Mail 0.6c through 0.8b allows remote attackers to bypass ...) + TODO: check CVE-2016-4459 (Stack-based buffer overflow in native/mod_manager/node.c in ...) - libapache2-mod-cluster <itp> (bug #731410) CVE-2016-4458 @@ -61186,8 +61301,7 @@ NOT-FOR-US: Red Hat Satellite CVE-2016-2103 (Multiple cross-site scripting (XSS) vulnerabilities in Red Hat ...) NOT-FOR-US: Red Hat Satellite -CVE-2016-2102 - RESERVED +CVE-2016-2102 (HAProxy statistics in openstack-tripleo-image-elements are ...) - tripleo-image-elements <not-affected> (Configuration not found in Debian's version) CVE-2016-2101 RESERVED @@ -74231,10 +74345,10 @@ NOT-FOR-US: ServeMaster CVE-2015-6474 (IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allow remote attackers ...) NOT-FOR-US: ServeMaster -CVE-2015-6473 - RESERVED -CVE-2015-6472 - RESERVED +CVE-2015-6473 (WAGO IO 750-849 01.01.27 and WAGO IO 750-881 01.02.05 do not contain ...) + TODO: check +CVE-2015-6472 (WAGO IO 750-849 01.01.27 and 01.02.05, WAGO IO 750-881, and WAGO IO ...) + TODO: check CVE-2015-6471 (Eaton Cooper Power Systems ProView 4.x and 5.x before 5.1 on Form 6 ...) NOT-FOR-US: Eaton Cooper Power Systems ProView CVE-2015-6470 (Resource Data Management Data Manager before 2.2 allows remote ...) @@ -77566,8 +77680,7 @@ [wheezy] - subversion <not-affected> (Only affects 1.9.0 through 1.9.2 (inclusive)) [squeeze] - subversion <not-affected> (Only affects 1.9.0 through 1.9.2 (inclusive)) NOTE: https://subversion.apache.org/security/CVE-2015-5259-advisory.txt -CVE-2015-5258 - RESERVED +CVE-2015-5258 (Cross-site request forgery (CSRF) vulnerability in ...) NOT-FOR-US: springframework-social CVE-2015-5257 (drivers/usb/serial/whiteheat.c in the Linux kernel before 4.2.4 allows ...) {DSA-3372-1 DLA-325-1} @@ -82216,8 +82329,8 @@ RESERVED CVE-2015-3618 RESERVED -CVE-2015-3617 - RESERVED +CVE-2015-3617 (Fortinet FortiManager 5.0 before 5.0.11 and 5.2 before 5.2.2 allow ...) + TODO: check CVE-2015-3616 (SQL injection vulnerability in Fortinet FortiManager 5.0.x before ...) NOT-FOR-US: Fortinet CVE-2015-3615 (Cross-site scripting (XSS) vulnerability in Fortinet FortiManager ...) @@ -84462,8 +84575,8 @@ NOT-FOR-US: Intel McAfee ePolicy Orchestrator CVE-2015-2858 (Datalex airline booking software before 2015-09-03 allows remote ...) NOT-FOR-US: Datalex airline booking software -CVE-2015-2857 - RESERVED +CVE-2015-2857 (Accellion File Transfer Appliance before FTA_9_11_210 allows remote ...) + TODO: check CVE-2015-2856 RESERVED CVE-2015-2855 (The WebUI component in Blue Coat SSL Visibility Appliance SV800, ...) @@ -102594,8 +102707,8 @@ RESERVED CVE-2014-6190 (The log viewer in IBM Workload Deployer 3.1 before 3.1.0.7 allows ...) NOT-FOR-US: IBM -CVE-2014-6189 - RESERVED +CVE-2014-6189 (Cross-site scripting (XSS) vulnerability in IBM Security Network ...) + TODO: check CVE-2014-6188 (Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere ...) NOT-FOR-US: IBM CVE-2014-6187 (Multiple cross-site request forgery (CSRF) vulnerabilities in IBM ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits