Author: sectracker
Date: 2017-08-22 21:10:39 +0000 (Tue, 22 Aug 2017)
New Revision: 54972
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-08-22 18:46:02 UTC (rev 54971)
+++ data/CVE/list 2017-08-22 21:10:39 UTC (rev 54972)
@@ -1,3 +1,123 @@
+CVE-2017-13126
+ RESERVED
+CVE-2017-13125
+ RESERVED
+CVE-2017-13124
+ RESERVED
+CVE-2017-13123
+ RESERVED
+CVE-2017-13122
+ RESERVED
+CVE-2017-13121
+ RESERVED
+CVE-2017-13120
+ RESERVED
+CVE-2017-13119
+ RESERVED
+CVE-2017-13118
+ RESERVED
+CVE-2017-13117
+ RESERVED
+CVE-2017-13116
+ RESERVED
+CVE-2017-13115
+ RESERVED
+CVE-2017-13114
+ RESERVED
+CVE-2017-13113
+ RESERVED
+CVE-2017-13112
+ RESERVED
+CVE-2017-13111
+ RESERVED
+CVE-2017-13110
+ RESERVED
+CVE-2017-13109
+ RESERVED
+CVE-2017-13108
+ RESERVED
+CVE-2017-13107
+ RESERVED
+CVE-2017-13106
+ RESERVED
+CVE-2017-13105
+ RESERVED
+CVE-2017-13104
+ RESERVED
+CVE-2017-13103
+ RESERVED
+CVE-2017-13102
+ RESERVED
+CVE-2017-13101
+ RESERVED
+CVE-2017-13100
+ RESERVED
+CVE-2017-13099
+ RESERVED
+CVE-2017-13098
+ RESERVED
+CVE-2017-13097
+ RESERVED
+CVE-2017-13096
+ RESERVED
+CVE-2017-13095
+ RESERVED
+CVE-2017-13094
+ RESERVED
+CVE-2017-13093
+ RESERVED
+CVE-2017-13092
+ RESERVED
+CVE-2017-13091
+ RESERVED
+CVE-2017-13090
+ RESERVED
+CVE-2017-13089
+ RESERVED
+CVE-2017-13088
+ RESERVED
+CVE-2017-13087
+ RESERVED
+CVE-2017-13086
+ RESERVED
+CVE-2017-13085
+ RESERVED
+CVE-2017-13084
+ RESERVED
+CVE-2017-13083
+ RESERVED
+CVE-2017-13082
+ RESERVED
+CVE-2017-13081
+ RESERVED
+CVE-2017-13080
+ RESERVED
+CVE-2017-13079
+ RESERVED
+CVE-2017-13078
+ RESERVED
+CVE-2017-13077
+ RESERVED
+CVE-2017-13076
+ RESERVED
+CVE-2017-13075
+ RESERVED
+CVE-2017-13074
+ RESERVED
+CVE-2017-13073
+ RESERVED
+CVE-2017-13072
+ RESERVED
+CVE-2017-13071
+ RESERVED
+CVE-2017-13070
+ RESERVED
+CVE-2017-13069
+ RESERVED
+CVE-2017-13068
+ RESERVED
+CVE-2017-13067
+ RESERVED
CVE-2017-13066 (GraphicsMagick 1.3.26 has a memory leak vulnerability in the
function ...)
- graphicsmagick <unfixed> (unimportant)
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/430/
@@ -1136,8 +1256,7 @@
RESERVED
CVE-2017-12844
RESERVED
-CVE-2017-12843 [dlist: don't allow overwrite of arbitrary files]
- RESERVED
+CVE-2017-12843 (Cyrus IMAP before 3.0.3 allows remote authenticated users to
write to ...)
- cyrus-imapd <not-affected> (Vulnerable code introduced later)
- cyrus-imapd-2.4 <not-affected> (Vulnerable code introduced later)
NOTE:
https://github.com/cyrusimap/cyrus-imapd/commit/d734a23122155f3522a8cb6aef118223aa73cde0
@@ -1268,12 +1387,12 @@
RESERVED
CVE-2017-12788
RESERVED
-CVE-2017-12787
- RESERVED
-CVE-2017-12786
- RESERVED
-CVE-2017-12785
- RESERVED
+CVE-2017-12787 (A network interface of the novi_process_manager_daemon
service, ...)
+ TODO: check
+CVE-2017-12786 (Network interfaces of the cliengine and noviengine services,
included ...)
+ TODO: check
+CVE-2017-12785 (The novish command-line interface, included in the NoviWare
software ...)
+ TODO: check
CVE-2017-12784 (In Youngzsoft CCFile (aka CC File Transfer) 3.6, by sending a
crafted ...)
NOT-FOR-US: Youngzsoft CCFile
CVE-2017-12783
@@ -15883,8 +16002,7 @@
RESERVED
CVE-2017-7558
RESERVED
-CVE-2017-7557 [Alteration of ACLs via API authentication bypass]
- RESERVED
+CVE-2017-7557 (dnsdist version 1.1.0 is vulnerable to a flaw in authentication
...)
- dnsdist 1.2.0-1 (low; bug #872854)
[stretch] - dnsdist <no-dsa> (Minor issue)
NOTE:
https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2017-02.html
@@ -24555,8 +24673,7 @@
- icoutils 0.31.1-1
NOTE: Fixed by:
http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=4fbe9222fd79ee31b7ec031b0be070a9a400d1d3
NOTE: http://www.openwall.com/lists/oss-security/2017/01/10/4
-CVE-2017-5208 [wrestool: exploitable crash]
- RESERVED
+CVE-2017-5208 (Integer overflow in the wrestool program in icoutils before
0.31.1 ...)
{DSA-3756-1 DLA-789-1}
- icoutils 0.31.0-4 (bug #850017)
NOTE: Fixed by:
http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=0d569f458f306b88f60156d60c9cf058125cf173
@@ -33571,8 +33688,8 @@
RESERVED
CVE-2017-1423
RESERVED
-CVE-2017-1422
- RESERVED
+CVE-2017-1422 (IBM MaaS360 DTM all versions up to 3.81 does not perform proper
...)
+ TODO: check
CVE-2017-1421
RESERVED
CVE-2017-1420
@@ -47258,11 +47375,9 @@
NOTE:
https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html
CVE-2016-6312 (The mod_dontdothat component of the mod_dav_svn Apache module
in ...)
- apr-util <not-affected> (RHEL-5.11 specific regression)
-CVE-2016-6311
- RESERVED
+CVE-2016-6311 (Get requests in JBoss Enterprise Application Platform (EAP) 7
...)
NOT-FOR-US: WildFly / Red Hat JBoss EAP
-CVE-2016-6310
- RESERVED
+CVE-2016-6310 (oVirt Engine discloses the
ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD in ...)
NOT-FOR-US: ovirt-engine
CVE-2016-6309 (statem/statem.c in OpenSSL 1.1.0a does not consider
memory-block ...)
[experimental] - openssl 1.1.0b-1
@@ -54021,8 +54136,8 @@
RESERVED
CVE-2016-4461
RESERVED
-CVE-2016-4460
- RESERVED
+CVE-2016-4460 (Apache Pony Mail 0.6c through 0.8b allows remote attackers to
bypass ...)
+ TODO: check
CVE-2016-4459 (Stack-based buffer overflow in native/mod_manager/node.c in ...)
- libapache2-mod-cluster <itp> (bug #731410)
CVE-2016-4458
@@ -61186,8 +61301,7 @@
NOT-FOR-US: Red Hat Satellite
CVE-2016-2103 (Multiple cross-site scripting (XSS) vulnerabilities in Red Hat
...)
NOT-FOR-US: Red Hat Satellite
-CVE-2016-2102
- RESERVED
+CVE-2016-2102 (HAProxy statistics in openstack-tripleo-image-elements are ...)
- tripleo-image-elements <not-affected> (Configuration not found in
Debian's version)
CVE-2016-2101
RESERVED
@@ -74231,10 +74345,10 @@
NOT-FOR-US: ServeMaster
CVE-2015-6474 (IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allow remote
attackers ...)
NOT-FOR-US: ServeMaster
-CVE-2015-6473
- RESERVED
-CVE-2015-6472
- RESERVED
+CVE-2015-6473 (WAGO IO 750-849 01.01.27 and WAGO IO 750-881 01.02.05 do not
contain ...)
+ TODO: check
+CVE-2015-6472 (WAGO IO 750-849 01.01.27 and 01.02.05, WAGO IO 750-881, and
WAGO IO ...)
+ TODO: check
CVE-2015-6471 (Eaton Cooper Power Systems ProView 4.x and 5.x before 5.1 on
Form 6 ...)
NOT-FOR-US: Eaton Cooper Power Systems ProView
CVE-2015-6470 (Resource Data Management Data Manager before 2.2 allows remote
...)
@@ -77566,8 +77680,7 @@
[wheezy] - subversion <not-affected> (Only affects 1.9.0 through 1.9.2
(inclusive))
[squeeze] - subversion <not-affected> (Only affects 1.9.0 through 1.9.2
(inclusive))
NOTE: https://subversion.apache.org/security/CVE-2015-5259-advisory.txt
-CVE-2015-5258
- RESERVED
+CVE-2015-5258 (Cross-site request forgery (CSRF) vulnerability in ...)
NOT-FOR-US: springframework-social
CVE-2015-5257 (drivers/usb/serial/whiteheat.c in the Linux kernel before 4.2.4
allows ...)
{DSA-3372-1 DLA-325-1}
@@ -82216,8 +82329,8 @@
RESERVED
CVE-2015-3618
RESERVED
-CVE-2015-3617
- RESERVED
+CVE-2015-3617 (Fortinet FortiManager 5.0 before 5.0.11 and 5.2 before 5.2.2
allow ...)
+ TODO: check
CVE-2015-3616 (SQL injection vulnerability in Fortinet FortiManager 5.0.x
before ...)
NOT-FOR-US: Fortinet
CVE-2015-3615 (Cross-site scripting (XSS) vulnerability in Fortinet
FortiManager ...)
@@ -84462,8 +84575,8 @@
NOT-FOR-US: Intel McAfee ePolicy Orchestrator
CVE-2015-2858 (Datalex airline booking software before 2015-09-03 allows
remote ...)
NOT-FOR-US: Datalex airline booking software
-CVE-2015-2857
- RESERVED
+CVE-2015-2857 (Accellion File Transfer Appliance before FTA_9_11_210 allows
remote ...)
+ TODO: check
CVE-2015-2856
RESERVED
CVE-2015-2855 (The WebUI component in Blue Coat SSL Visibility Appliance
SV800, ...)
@@ -102594,8 +102707,8 @@
RESERVED
CVE-2014-6190 (The log viewer in IBM Workload Deployer 3.1 before 3.1.0.7
allows ...)
NOT-FOR-US: IBM
-CVE-2014-6189
- RESERVED
+CVE-2014-6189 (Cross-site scripting (XSS) vulnerability in IBM Security
Network ...)
+ TODO: check
CVE-2014-6188 (Multiple cross-site scripting (XSS) vulnerabilities in IBM
WebSphere ...)
NOT-FOR-US: IBM
CVE-2014-6187 (Multiple cross-site request forgery (CSRF) vulnerabilities in
IBM ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
