Author: sectracker
Date: 2017-08-09 21:10:19 +0000 (Wed, 09 Aug 2017)
New Revision: 54490
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-08-09 19:37:56 UTC (rev 54489)
+++ data/CVE/list 2017-08-09 21:10:19 UTC (rev 54490)
@@ -1,3 +1,163 @@
+CVE-2017-12773
+ RESERVED
+CVE-2017-12772
+ RESERVED
+CVE-2017-12771
+ RESERVED
+CVE-2017-12770
+ RESERVED
+CVE-2017-12769
+ RESERVED
+CVE-2017-12768
+ RESERVED
+CVE-2017-12767
+ RESERVED
+CVE-2017-12766
+ RESERVED
+CVE-2017-12765
+ RESERVED
+CVE-2017-12764
+ RESERVED
+CVE-2017-12763
+ RESERVED
+CVE-2017-12762
+ RESERVED
+CVE-2017-12761
+ RESERVED
+CVE-2017-12760
+ RESERVED
+CVE-2017-12759
+ RESERVED
+CVE-2017-12758
+ RESERVED
+CVE-2017-12757
+ RESERVED
+CVE-2017-12756
+ RESERVED
+CVE-2017-12755
+ RESERVED
+CVE-2017-12754 (Stack buffer overflow in httpd in Asuswrt-Merlin firmware ...)
+ TODO: check
+CVE-2017-12753
+ RESERVED
+CVE-2017-12752
+ RESERVED
+CVE-2017-12751
+ RESERVED
+CVE-2017-12750
+ RESERVED
+CVE-2017-12749
+ RESERVED
+CVE-2017-12748
+ RESERVED
+CVE-2017-12747
+ RESERVED
+CVE-2017-12746
+ RESERVED
+CVE-2017-12745
+ RESERVED
+CVE-2017-12744
+ RESERVED
+CVE-2017-12743
+ RESERVED
+CVE-2017-12742
+ RESERVED
+CVE-2017-12741
+ RESERVED
+CVE-2017-12740
+ RESERVED
+CVE-2017-12739
+ RESERVED
+CVE-2017-12738
+ RESERVED
+CVE-2017-12737
+ RESERVED
+CVE-2017-12736
+ RESERVED
+CVE-2017-12735
+ RESERVED
+CVE-2017-12734
+ RESERVED
+CVE-2017-12733
+ RESERVED
+CVE-2017-12732
+ RESERVED
+CVE-2017-12731
+ RESERVED
+CVE-2017-12730
+ RESERVED
+CVE-2017-12729
+ RESERVED
+CVE-2017-12728
+ RESERVED
+CVE-2017-12727
+ RESERVED
+CVE-2017-12726
+ RESERVED
+CVE-2017-12725
+ RESERVED
+CVE-2017-12724
+ RESERVED
+CVE-2017-12723
+ RESERVED
+CVE-2017-12722
+ RESERVED
+CVE-2017-12721
+ RESERVED
+CVE-2017-12720
+ RESERVED
+CVE-2017-12719
+ RESERVED
+CVE-2017-12718
+ RESERVED
+CVE-2017-12717
+ RESERVED
+CVE-2017-12716
+ RESERVED
+CVE-2017-12715
+ RESERVED
+CVE-2017-12714
+ RESERVED
+CVE-2017-12713
+ RESERVED
+CVE-2017-12712
+ RESERVED
+CVE-2017-12711
+ RESERVED
+CVE-2017-12710
+ RESERVED
+CVE-2017-12709
+ RESERVED
+CVE-2017-12708
+ RESERVED
+CVE-2017-12707
+ RESERVED
+CVE-2017-12706
+ RESERVED
+CVE-2017-12705
+ RESERVED
+CVE-2017-12704
+ RESERVED
+CVE-2017-12703
+ RESERVED
+CVE-2017-12702
+ RESERVED
+CVE-2017-12701
+ RESERVED
+CVE-2017-12700
+ RESERVED
+CVE-2017-12699
+ RESERVED
+CVE-2017-12698
+ RESERVED
+CVE-2017-12697
+ RESERVED
+CVE-2017-12696
+ RESERVED
+CVE-2017-12695
+ RESERVED
+CVE-2017-12694
+ RESERVED
CVE-2017-1000101 [URL globbing out of bounds read]
- curl <unfixed> (bug #871554)
NOTE: https://curl.haxx.se/docs/adv_20170809A.html
@@ -2875,8 +3035,8 @@
RESERVED
CVE-2017-11507
RESERVED
-CVE-2017-11506
- RESERVED
+CVE-2017-11506 (When linking a Nessus scanner or agent to Tenable.io or other
manager, ...)
+ TODO: check
CVE-2017-11565 (debian/tor.init in the Debian tor_0.2.9.11-1~deb9u1 package
for Tor was ...)
- tor <unfixed> (bug #869153)
[stretch] - tor <no-dsa> (Minor issue)
@@ -3245,8 +3405,7 @@
RESERVED
CVE-2017-11369
RESERVED
-CVE-2017-11368 [Invalid S4U2Self or S4U2Proxy request causes assertion failure]
- RESERVED
+CVE-2017-11368 (In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated
attacker ...)
- krb5 1.15.1-2 (bug #869260)
[stretch] - krb5 <no-dsa> (Minor issue; can be fixed along with a
future DSA)
[jessie] - krb5 <no-dsa> (Minor issue; can be fixed along with a future
DSA)
@@ -8360,7 +8519,7 @@
NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2017-9458
RESERVED
-CVE-2017-9457 (Intense PC (aka MintBox 2) Phoenix SecureCore UEFI firmware
does not ...)
+CVE-2017-9457 (Intense PC Phoenix SecureCore UEFI firmware does not perform
capsule ...)
NOT-FOR-US: Intense PC (aka MintBox 2) Phoenix SecureCore UEFI firmware
CVE-2017-9456
RESERVED
@@ -8646,8 +8805,8 @@
NOTE: Fixed by:
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=d68f0f778e7f4fbd674627274267f269e40f0b04
CVE-2017-9371
RESERVED
-CVE-2017-9370
- RESERVED
+CVE-2017-9370 (An information disclosure / elevation of privilege
vulnerability in ...)
+ TODO: check
CVE-2017-9369
RESERVED
CVE-2017-9368
@@ -19784,10 +19943,10 @@
NOT-FOR-US: Intel
CVE-2017-5696
RESERVED
-CVE-2017-5695
- RESERVED
-CVE-2017-5694
- RESERVED
+CVE-2017-5695 (Data corruption vulnerability in firmware in Intel Solid-State
Drive ...)
+ TODO: check
+CVE-2017-5694 (Data corruption vulnerability in firmware in Intel Solid-State
Drive ...)
+ TODO: check
CVE-2017-5693
RESERVED
CVE-2017-5692
@@ -31719,8 +31878,8 @@
RESERVED
CVE-2017-1449
RESERVED
-CVE-2017-1448
- RESERVED
+CVE-2017-1448 (IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x
could ...)
+ TODO: check
CVE-2017-1447
RESERVED
CVE-2017-1446
@@ -31901,8 +32060,8 @@
RESERVED
CVE-2017-1358
RESERVED
-CVE-2017-1357
- RESERVED
+CVE-2017-1357 (IBM Maximo Asset Management 7.5 and 7.6 could allow an
authenticated ...)
+ TODO: check
CVE-2017-1356
RESERVED
CVE-2017-1355
@@ -37028,8 +37187,8 @@
NOT-FOR-US: IBM
CVE-2016-8950 (IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to
cross-site ...)
NOT-FOR-US: IBM
-CVE-2016-8949
- RESERVED
+CVE-2016-8949 (IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x
could ...)
+ TODO: check
CVE-2016-8948 (IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to
cross-site ...)
NOT-FOR-US: IBM
CVE-2016-8947 (IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote
...)
@@ -46499,8 +46658,8 @@
NOT-FOR-US: IBM
CVE-2016-6122 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 discloses
answers to ...)
NOT-FOR-US: IBM
-CVE-2016-6121
- RESERVED
+CVE-2016-6121 (IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x is
...)
+ TODO: check
CVE-2016-6120
RESERVED
CVE-2016-6119
@@ -47638,8 +47797,8 @@
RESERVED
CVE-2016-5717
RESERVED
-CVE-2016-5716
- RESERVED
+CVE-2016-5716 (The console in Puppet Enterprise 2015.x and 2016.x prior to
2016.4.0 ...)
+ TODO: check
CVE-2016-5715 (Open redirect vulnerability in the Console in Puppet Enterprise
2015.x ...)
- puppet <not-affected> (Limited to Puppet Enterprise)
CVE-2016-5714
@@ -68378,8 +68537,8 @@
RESERVED
CVE-2015-7895 (Samsung Gallery on the Samsung Galaxy S6 allows local users to
cause a ...)
NOT-FOR-US: Samsung
-CVE-2015-7894
- RESERVED
+CVE-2015-7894 (The DCMProvider service in Samsung LibQjpeg on a Samsung
SM-G925V ...)
+ TODO: check
CVE-2015-7893 (SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email
content, ...)
NOT-FOR-US: Samsung
CVE-2015-7892
@@ -68818,8 +68977,8 @@
{DSA-3380-1 DLA-341-1}
- php5 5.6.14+dfsg-1 (low)
NOTE: https://bugs.php.net/bug.php?id=69720
-CVE-2015-7764
- RESERVED
+CVE-2015-7764 (Lemur 0.1.4 does not use sufficient entropy in its IV when
encrypting ...)
+ TODO: check
CVE-2015-7763 (rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15,
and ...)
{DSA-3387-1 DLA-342-1}
- openafs 1.6.15-1
@@ -71075,8 +71234,7 @@
- serendipity <removed>
CVE-2015-6942
RESERVED
-CVE-2015-6941 [win_useradd module and salt-cloud display passwords in debug
log]
- RESERVED
+CVE-2015-6941 (win_useradd, salt-cloud and the Linode driver in salt 2015.5.x
before ...)
- salt 2015.8.1+ds-1
[jessie] - salt <no-dsa> (Minor issue)
NOTE: https://docs.saltstack.com/en/latest/topics/releases/2015.8.1.html
@@ -71498,8 +71656,7 @@
[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
NOTE: http://www.openwall.com/lists/oss-security/2015/09/04/4
NOTE: Upstream fix:
https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg01199.html
-CVE-2015-6816 [Ganglia-web auth bypass]
- RESERVED
+CVE-2015-6816 (ganglia-web before 3.7.1 allows remote attackers to bypass ...)
- ganglia-web <unfixed> (unimportant; bug #798213)
- ganglia 3.6.0-1 (unimportant)
[squeeze] - ganglia <not-affected> (affected code not present)
@@ -72382,8 +72539,7 @@
NOTE:
https://github.com/owncloud/core/commit/9f8c0a3a8d14f1c127b2034faa14d8d309f962e9
CVE-2015-6499
RESERVED
-CVE-2015-6498
- RESERVED
+CVE-2015-6498 (Alcatel-Lucent Home Device Manager before 4.1.10, 4.2.x before
4.2.2 ...)
NOT-FOR-US: Alcatel-Lucent Home Device Manager
CVE-2015-6497
RESERVED
@@ -74597,8 +74753,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2015/07/28/2
CVE-2015-5620
RESERVED
-CVE-2015-5619
- RESERVED
+CVE-2015-5619 (Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with
Lumberjack ...)
- logstash <itp> (bug #664841)
CVE-2015-5618 (Chiyu BF-630 and BF-630W fingerprint access-control devices
allow ...)
NOT-FOR-US: Chiyu BF-630 and BF-630W fingerprint access-control devices
@@ -78785,8 +78940,7 @@
RESERVED
CVE-2015-4166 (Cloudera Key Trustee Server before 5.4.3 does not store keys
...)
NOT-FOR-US: Cloudera
-CVE-2015-4165 [unspecified arbitrary files modification vulnerability]
- RESERVED
+CVE-2015-4165 (The snapshot API in Elasticsearch before 1.6.0 when another ...)
- elasticsearch 1.6.0+dfsg-1 (bug #788471)
[jessie] - elasticsearch <end-of-life> (No longer supported, see DSA
3389)
NOTE: https://github.com/elastic/elasticsearch/issues/11068
@@ -81366,8 +81520,7 @@
NOTE:
http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7365
CVE-2015-3278 (The cipherstring parsing code in nss_compat_ossl while in ...)
NOT-FOR-US: nss_compat_ossl (OpenSSL to NSS Porting Library)
-CVE-2015-3277 [incorrect multi-keyword mode cipherstring parsing]
- RESERVED
+CVE-2015-3277 (The mod_nss module before 1.0.11 in Fedora allows remote
attackers to ...)
- libapache2-mod-nss <unfixed> (bug #795657)
[stretch] - libapache2-mod-nss <no-dsa> (Minor issue)
[jessie] - libapache2-mod-nss <not-affected> (Vulnerability introduced
in 1.0.11)
@@ -82321,8 +82474,7 @@
CVE-2015-3010 (ceph-deploy before 1.5.23 uses weak permissions (644) for ...)
- ceph-deploy <itp> (bug #694013)
NOTE: http://www.openwall.com/lists/oss-security/2015/04/09/9
-CVE-2015-3405 [ntp-keygen may generate non-random symmetric keys on big-endian
systems]
- RESERVED
+CVE-2015-3405 (ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before
4.3.12 ...)
{DSA-3223-1 DLA-192-1}
- ntp 1:4.2.6.p5+dfsg-7
NOTE: https://bugs.ntp.org/show_bug.cgi?id=2797
@@ -83443,8 +83595,7 @@
{DSA-3203-1 DLA-178-1}
- tor 0.2.5.11-1
NOTE: https://trac.torproject.org/projects/tor/ticket/15083
-CVE-2015-2687 [information leak when live-migration failed]
- RESERVED
+CVE-2015-2687 (OpenStack Compute (nova) Icehouse, Juno and Havana when live
migration ...)
- nova 2014.1-1
[wheezy] - nova <no-dsa> (Minor issue)
NOTE: This is no longer a security issue starting with icehouse, so
marking 2014.1 as fixed
@@ -84502,8 +84653,8 @@
NOT-FOR-US: WordPress plugin wordpress-seo
CVE-2015-2292 (Multiple SQL injection vulnerabilities in ...)
NOT-FOR-US: WordPress plugin wordpress-seo
-CVE-2015-2291
- RESERVED
+CVE-2015-2291 ((1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0
in the ...)
+ TODO: check
CVE-2015-2290
RESERVED
CVE-2015-2288
@@ -84520,17 +84671,13 @@
RESERVED
CVE-2014-9698
RESERVED
-CVE-2015-2313 [CPU usage amplification attack #2]
- RESERVED
+CVE-2015-2313 (Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.2,
when an ...)
- capnproto 0.4.1-3 (bug #780568)
-CVE-2015-2312 [CPU usage amplification attack]
- RESERVED
+CVE-2015-2312 (Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1
allows ...)
- capnproto 0.4.1-3 (bug #780567)
-CVE-2015-2311 [Integer underflow in pointer validation]
- RESERVED
+CVE-2015-2311 (Integer underflow in Sandstorm Cap'n Proto before 0.4.1.1 and
0.5.x ...)
- capnproto 0.4.1-3 (bug #780566)
-CVE-2015-2310 [Integer overflow in pointer validation]
- RESERVED
+CVE-2015-2310 (Integer overflow in layout.c++ in Sandstorm Cap'n Proto before
0.4.1.1 ...)
- capnproto 0.4.1-3 (bug #780565)
CVE-2015-8856 (Cross-site scripting (XSS) vulnerability in the serve-index
package ...)
- node-serve-index <unfixed> (unimportant)
@@ -84629,8 +84776,7 @@
NOT-FOR-US: Open edX
CVE-2015-2285 (The logrotation script (/etc/cron.daily/upstart) in the Ubuntu
Upstart ...)
- upstart <not-affected> (Vulnerable cron.daily script not present)
-CVE-2014-9701 [XSS issue in MantisBT permalink_page.php]
- RESERVED
+CVE-2014-9701 (Cross-site scripting (XSS) vulnerability in MantisBT before
1.2.19 and ...)
- mantis <removed> (bug #780875)
[wheezy] - mantis <no-dsa> (Minor issue)
[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
@@ -84664,8 +84810,7 @@
NOT-FOR-US: SolarWinds Firewall Security Manager
CVE-2010-5322 (Cross-site scripting (XSS) vulnerability in ZeusCart 4.0 and
earlier ...)
NOT-FOR-US: ZeusCart
-CVE-2015-2674 [Doesn't Validate TLS]
- RESERVED
+CVE-2015-2674 (Restkit allows man-in-the-middle attackers to spoof TLS servers
by ...)
- python-restkit <unfixed> (bug #781813)
[stretch] - python-restkit <no-dsa> (Minor issue)
[jessie] - python-restkit <no-dsa> (Minor issue)
@@ -85968,8 +86113,7 @@
{DSA-3222-1 DLA-193-1}
- chrony 1.30-2 (bug #782160)
NOTE: Fix:
http://git.tuxfamily.org/chrony/chrony.git/commit/?h=1.31-security&id=cf19042ecb656b8afec0cc4906e7dd3ea9266ac8
-CVE-2015-1820 [session fixation vulnerability]
- RESERVED
+CVE-2015-1820 (REST client for Ruby (aka rest-client) before 1.8.0 allows
remote ...)
- ruby-rest-client 1.6.7-6 (bug #781238)
[wheezy] - ruby-rest-client <no-dsa> (The correction introduces a
dependency on a package not available in wheezy)
- librestclient-ruby <removed>
@@ -89866,20 +90010,20 @@
REJECTED
CVE-2015-0787 (XSS in NetIQ Designer for Identity Manager before 4.5.3 allows
remote ...)
NOT-FOR-US: NetIQ Designer for Identity Manager
-CVE-2015-0786
- RESERVED
-CVE-2015-0785
- RESERVED
-CVE-2015-0784
- RESERVED
-CVE-2015-0783
- RESERVED
-CVE-2015-0782
- RESERVED
-CVE-2015-0781
- RESERVED
-CVE-2015-0780
- RESERVED
+CVE-2015-0786 (Stack-based buffer overflow in the logging functionality in the
...)
+ TODO: check
+CVE-2015-0785 (com.novell.zenworks.inventory.rtr.actionclasses.wcreports in
Novell ...)
+ TODO: check
+CVE-2015-0784 (Rtrlet.class in Novell ZENworks Configuration Management (ZCM)
allows ...)
+ TODO: check
+CVE-2015-0783 (The FileViewer class in Novell ZENworks Configuration
Management (ZCM) ...)
+ TODO: check
+CVE-2015-0782 (SQL injection vulnerability in the ScheduleQuery method of the
...)
+ TODO: check
+CVE-2015-0781 (Directory traversal vulnerability in the doPost method of the
Rtrlet ...)
+ TODO: check
+CVE-2015-0780 (SQL injection vulnerability in the GetReRequestData method of
the ...)
+ TODO: check
CVE-2015-0779 (Directory traversal vulnerability in UploadServlet in Novell
ZENworks ...)
NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2015-0778 (osc before 0.151.0 allows remote attackers to execute arbitrary
...)
@@ -100216,8 +100360,7 @@
CVE-2014-6394 (visionmedia send before 0.8.4 for Node.js uses a partial
comparison ...)
- node-send 0.9.4-1
NOTE: https://nodesecurity.io/advisories/send-directory-traversal
-CVE-2014-6393 [cross-site scripting via content-type header]
- RESERVED
+CVE-2014-6393 (The Express web framework before 3.11 and 4.x before 4.5 for
Node.js ...)
- node-express <unfixed> (unimportant)
NOTE: libv8 is not covered by security support
CVE-2014-6392 (** DISPUTED ** Cross-site scripting (XSS) vulnerability in the
...)
@@ -103224,8 +103367,8 @@
[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-5145
RESERVED
-CVE-2014-5144
- RESERVED
+CVE-2014-5144 (Cross-site scripting (XSS) vulnerability in Telescope before
0.9.3 ...)
+ TODO: check
CVE-2014-5143
RESERVED
CVE-2014-5142
@@ -146852,16 +146995,16 @@
[squeeze] - ffmpeg 4:0.5.10-1 (bug #688849)
CVE-2012-2782 (Unspecified vulnerability in the decode_slice_header function
in ...)
- libav <not-affected> (Doesn't affect libav)
-CVE-2012-2781
- RESERVED
-CVE-2012-2780
- RESERVED
+CVE-2012-2781 (Unspecified vulnerability in FFmpeg before 0.10.3 has unknown
impact ...)
+ TODO: check
+CVE-2012-2780 (Unspecified vulnerability in FFmpeg before 0.10.3 has unknown
impact ...)
+ TODO: check
CVE-2012-2779 (Unspecified vulnerability in the decode_frame function in ...)
- ffmpeg 7:2.4.1-1
[squeeze] - ffmpeg <not-affected> (Vulnerable code not present, bug
#688849)
- libav 6:0.8.4-1 (bug #688847)
-CVE-2012-2778
- RESERVED
+CVE-2012-2778 (Unspecified vulnerability in FFmpeg before 0.10.3 has unknown
impact ...)
+ TODO: check
CVE-2012-2777 (Unspecified vulnerability in the decode_pic function in ...)
{DSA-2624-1}
[squeeze] - ffmpeg 4:0.5.9-1 (bug #688849)
@@ -146880,14 +147023,14 @@
- libav <not-affected> (there is no crash, just a couple uninitialized
reads, harmless according to Janne)
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=59a4b73531428d2f420b4dad545172c8483ced0f
NOTE: patch proposed: http://patches.libav.org/patch/32644/
-CVE-2012-2773
- RESERVED
+CVE-2012-2773 (Unspecified vulnerability in FFmpeg before 0.10.3 has unknown
impact ...)
+ TODO: check
CVE-2012-2772 (Unspecified vulnerability in the ff_rv34_decode_frame function
in ...)
- ffmpeg 7:2.4.1-1
[squeeze] - ffmpeg <not-affected> (Vulnerable code not present, bug
#688849)
- libav 6:0.8.4-1 (bug #688847)
-CVE-2012-2771
- RESERVED
+CVE-2012-2771 (Unspecified vulnerability in FFmpeg before 0.10.3 has unknown
impact ...)
+ TODO: check
CVE-2012-2770 (The Authen::ExternalAuth extension before 0.11 for Best
Practical ...)
- rt-authen-externalauth 0.10-2 (bug #683288)
CVE-2012-2769 (Multiple cross-site scripting (XSS) vulnerabilities in the
topic ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
