[Secure-testing-commits] r49597 - data/CVE

security tracker role Sun, 12 Mar 2017 01:11:54 -0800

Author: sectracker
Date: 2017-03-12 09:10:40 +0000 (Sun, 12 Mar 2017)
New Revision: 49597


Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-03-11 21:10:12 UTC (rev 49596)
+++ data/CVE/list       2017-03-12 09:10:40 UTC (rev 49597)
@@ -1,3 +1,29 @@
+CVE-2017-6826
+       RESERVED
+CVE-2017-6825
+       RESERVED
+CVE-2017-6824
+       RESERVED
+CVE-2017-6823 (Fiyo CMS 2.0.6.1 allows remote authenticated users to gain 
privileges ...)
+       TODO: check
+CVE-2017-6822
+       RESERVED
+CVE-2017-6821
+       RESERVED
+CVE-2017-6820 (rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 
1.2.4 is ...)
+       TODO: check
+CVE-2017-6819 (In WordPress before 4.7.3, there is cross-site request forgery 
(CSRF) ...)
+       TODO: check
+CVE-2017-6818 (In WordPress before 4.7.3 (wp-admin/js/tags-box.js), there is 
...)
+       TODO: check
+CVE-2017-6817 (In WordPress before 4.7.3 (wp-includes/embed.php), there is ...)
+       TODO: check
+CVE-2017-6816 (In WordPress before 4.7.3 (wp-admin/plugins.php), unintended 
files can ...)
+       TODO: check
+CVE-2017-6815 (In WordPress before 4.7.3 (wp-includes/pluggable.php), control 
...)
+       TODO: check
+CVE-2017-6814 (In WordPress before 4.7.3, there is authenticated Cross-Site 
Scripting ...)
+       TODO: check
 CVE-2017-XXXX [XSS issue in handling of a style tag inside of an svg element]
        - roundcube <unfixed> (bug #857473)
        NOTE: 
https://github.com/roundcube/roundcubemail/commit/fa2824fdcd44af3f970b2797feb47652482c8305
@@ -851,8 +877,8 @@
        - dotclear <removed>
 CVE-2017-6445 (The auto-update feature of Open Embedded Linux Entertainment 
Center ...)
        NOT-FOR-US: OpenELEC
-CVE-2017-6444
-       RESERVED
+CVE-2017-6444 (The MikroTik Router hAP Lite 6.25 has no protection mechanism 
for ...)
+       TODO: check
 CVE-2017-6443
        RESERVED
 CVE-2002-2447
@@ -3206,12 +3232,12 @@
        NOTE: pear performs no kind of authentication/integrity checks for 
downloads, so an attacker can MITM freely anyway
 CVE-2017-5629
        RESERVED
-CVE-2017-5626
-       RESERVED
+CVE-2017-5626 (OxygenOS before version 4.0.2, on OnePlus 3 and 3T, has two 
hidden ...)
+       TODO: check
 CVE-2017-5625
        RESERVED
-CVE-2017-5624
-       RESERVED
+CVE-2017-5624 (An issue was discovered in OxygenOS before 4.0.3 for OnePlus 3 
and 3T. ...)
+       TODO: check
 CVE-2017-5623
        RESERVED
 CVE-2017-5622
@@ -70199,8 +70225,7 @@
        - linux-2.6 <removed>
        [squeeze] - linux-2.6 <not-affected> (Introduced in v2.6.38-rc1)
        NOTE: 
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4943ba16bbc2
 (v3.19-rc1)
-CVE-2014-9645 [modprobe wrongly accepts paths as module names]
-       RESERVED
+CVE-2014-9645 (The add_probe function in modutils/modprobe.c in BusyBox before 
1.23.0 ...)
        - busybox 1:1.22.0-15 (low; bug #776186)
        [jessie] - busybox <no-dsa> (Minor issue)
        [wheezy] - busybox <no-dsa> (Minor issue)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r49597 - data/CVE

Reply via email to