Author: sectracker
Date: 2017-04-25 21:10:13 +0000 (Tue, 25 Apr 2017)
New Revision: 51046
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-04-25 21:01:42 UTC (rev 51045)
+++ data/CVE/list 2017-04-25 21:10:13 UTC (rev 51046)
@@ -1,3 +1,239 @@
+CVE-2017-8225 (On Wireless IP Camera (P2P) WIFICAM devices, access to .ini
files ...)
+ TODO: check
+CVE-2017-8224 (Wireless IP Camera (P2P) WIFICAM devices have a backdoor root
account ...)
+ TODO: check
+CVE-2017-8223 (On Wireless IP Camera (P2P) WIFICAM devices, an attacker can
use the ...)
+ TODO: check
+CVE-2017-8222 (Wireless IP Camera (P2P) WIFICAM devices have an "Apple
Production IOS ...)
+ TODO: check
+CVE-2017-8221 (Wireless IP Camera (P2P) WIFICAM devices rely on a cleartext
UDP tunnel ...)
+ TODO: check
+CVE-2017-8220 (TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0
Build ...)
+ TODO: check
+CVE-2017-8219 (TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0
Build ...)
+ TODO: check
+CVE-2017-8218 (vsftpd on TP-Link C2 and C20i devices through firmware 0.9.1
4.2 ...)
+ TODO: check
+CVE-2017-8217 (TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0
Build ...)
+ TODO: check
+CVE-2017-8216
+ RESERVED
+CVE-2017-8215
+ RESERVED
+CVE-2017-8214
+ RESERVED
+CVE-2017-8213
+ RESERVED
+CVE-2017-8212
+ RESERVED
+CVE-2017-8211
+ RESERVED
+CVE-2017-8210
+ RESERVED
+CVE-2017-8209
+ RESERVED
+CVE-2017-8208
+ RESERVED
+CVE-2017-8207
+ RESERVED
+CVE-2017-8206
+ RESERVED
+CVE-2017-8205
+ RESERVED
+CVE-2017-8204
+ RESERVED
+CVE-2017-8203
+ RESERVED
+CVE-2017-8202
+ RESERVED
+CVE-2017-8201
+ RESERVED
+CVE-2017-8200
+ RESERVED
+CVE-2017-8199
+ RESERVED
+CVE-2017-8198
+ RESERVED
+CVE-2017-8197
+ RESERVED
+CVE-2017-8196
+ RESERVED
+CVE-2017-8195
+ RESERVED
+CVE-2017-8194
+ RESERVED
+CVE-2017-8193
+ RESERVED
+CVE-2017-8192
+ RESERVED
+CVE-2017-8191
+ RESERVED
+CVE-2017-8190
+ RESERVED
+CVE-2017-8189
+ RESERVED
+CVE-2017-8188
+ RESERVED
+CVE-2017-8187
+ RESERVED
+CVE-2017-8186
+ RESERVED
+CVE-2017-8185
+ RESERVED
+CVE-2017-8184
+ RESERVED
+CVE-2017-8183
+ RESERVED
+CVE-2017-8182
+ RESERVED
+CVE-2017-8181
+ RESERVED
+CVE-2017-8180
+ RESERVED
+CVE-2017-8179
+ RESERVED
+CVE-2017-8178
+ RESERVED
+CVE-2017-8177
+ RESERVED
+CVE-2017-8176
+ RESERVED
+CVE-2017-8175
+ RESERVED
+CVE-2017-8174
+ RESERVED
+CVE-2017-8173
+ RESERVED
+CVE-2017-8172
+ RESERVED
+CVE-2017-8171
+ RESERVED
+CVE-2017-8170
+ RESERVED
+CVE-2017-8169
+ RESERVED
+CVE-2017-8168
+ RESERVED
+CVE-2017-8167
+ RESERVED
+CVE-2017-8166
+ RESERVED
+CVE-2017-8165
+ RESERVED
+CVE-2017-8164
+ RESERVED
+CVE-2017-8163
+ RESERVED
+CVE-2017-8162
+ RESERVED
+CVE-2017-8161
+ RESERVED
+CVE-2017-8160
+ RESERVED
+CVE-2017-8159
+ RESERVED
+CVE-2017-8158
+ RESERVED
+CVE-2017-8157
+ RESERVED
+CVE-2017-8156
+ RESERVED
+CVE-2017-8155
+ RESERVED
+CVE-2017-8154
+ RESERVED
+CVE-2017-8153
+ RESERVED
+CVE-2017-8152
+ RESERVED
+CVE-2017-8151
+ RESERVED
+CVE-2017-8150
+ RESERVED
+CVE-2017-8149
+ RESERVED
+CVE-2017-8148
+ RESERVED
+CVE-2017-8147
+ RESERVED
+CVE-2017-8146
+ RESERVED
+CVE-2017-8145
+ RESERVED
+CVE-2017-8144
+ RESERVED
+CVE-2017-8143
+ RESERVED
+CVE-2017-8142
+ RESERVED
+CVE-2017-8141
+ RESERVED
+CVE-2017-8140
+ RESERVED
+CVE-2017-8139
+ RESERVED
+CVE-2017-8138
+ RESERVED
+CVE-2017-8137
+ RESERVED
+CVE-2017-8136
+ RESERVED
+CVE-2017-8135
+ RESERVED
+CVE-2017-8134
+ RESERVED
+CVE-2017-8133
+ RESERVED
+CVE-2017-8132
+ RESERVED
+CVE-2017-8131
+ RESERVED
+CVE-2017-8130
+ RESERVED
+CVE-2017-8129
+ RESERVED
+CVE-2017-8128
+ RESERVED
+CVE-2017-8127
+ RESERVED
+CVE-2017-8126
+ RESERVED
+CVE-2017-8125
+ RESERVED
+CVE-2017-8124
+ RESERVED
+CVE-2017-8123
+ RESERVED
+CVE-2017-8122
+ RESERVED
+CVE-2017-8121
+ RESERVED
+CVE-2017-8120
+ RESERVED
+CVE-2017-8119
+ RESERVED
+CVE-2017-8118
+ RESERVED
+CVE-2017-8117
+ RESERVED
+CVE-2017-8116
+ RESERVED
+CVE-2017-8115 (Directory traversal in setup/processors/url_search.php (aka the
search ...)
+ TODO: check
+CVE-2017-8114
+ RESERVED
+CVE-2017-8113
+ RESERVED
+CVE-2017-8112
+ RESERVED
+CVE-2017-8111
+ RESERVED
+CVE-2017-8110 (www.modified-shop.org modified eCommerce Shopsoftware 2.0.2.2
rev 10690 ...)
+ TODO: check
+CVE-2017-8109 (The salt-ssh minion code in SaltStack Salt before 2016.11.4
copied over ...)
+ TODO: check
+CVE-2017-8108
+ RESERVED
CVE-2017-8107
RESERVED
CVE-2017-8106 (The handle_invept function in arch/x86/kvm/vmx.c in the Linux
kernel ...)
@@ -155,8 +391,8 @@
RESERVED
CVE-2017-8058
RESERVED
-CVE-2017-8057
- RESERVED
+CVE-2017-8057 (In Joomla! 3.4.0 through 3.6.5 (fixed in 3.7.0), multiple files
caused ...)
+ TODO: check
CVE-2017-8056 (WatchGuard Fireware v11.12.1 and earlier mishandles requests
referring ...)
NOT-FOR-US: WatchGuard
CVE-2017-8055 (WatchGuard Fireware allows user enumeration, e.g., in the
Firebox ...)
@@ -299,20 +535,20 @@
NOT-FOR-US: Exponent CMS
CVE-2017-7990 (The Reporting Module 1.12.0 for OpenMRS allows CSRF attacks
with ...)
NOT-FOR-US: OpenMRS
-CVE-2017-7989
- RESERVED
-CVE-2017-7988
- RESERVED
-CVE-2017-7987
- RESERVED
-CVE-2017-7986
- RESERVED
-CVE-2017-7985
- RESERVED
-CVE-2017-7984
- RESERVED
-CVE-2017-7983
- RESERVED
+CVE-2017-7989 (In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate
MIME type ...)
+ TODO: check
+CVE-2017-7988 (In Joomla! 1.6.0 through 3.6.5 (fixed in 3.7.0), inadequate
filtering ...)
+ TODO: check
+CVE-2017-7987 (In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate
escaping of ...)
+ TODO: check
+CVE-2017-7986 (In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate
filtering ...)
+ TODO: check
+CVE-2017-7985 (In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate
filtering ...)
+ TODO: check
+CVE-2017-7984 (In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate
filtering ...)
+ TODO: check
+CVE-2017-7983 (In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), mail sent
using the ...)
+ TODO: check
CVE-2017-7982 (Integer overflow in the plist_from_bin function in bplist.c in
...)
- libplist <unfixed> (bug #860945)
[jessie] - libplist <no-dsa> (Minor issue)
@@ -1770,8 +2006,7 @@
RESERVED
CVE-2017-7478
RESERVED
-CVE-2017-7477
- RESERVED
+CVE-2017-7477 (Heap-based buffer overflow in drivers/net/macsec.c in the
MACsec module ...)
- linux <unfixed>
[jessie] - linux <not-affected> (Introduced in 4.6)
[wheezy] - linux <not-affected> (Introduced in 4.6)
@@ -2742,8 +2977,8 @@
CVE-2017-7222 (A cross-site scripting (XSS) vulnerability in MantisBT before
2.1.1 ...)
- mantis <removed>
[wheezy] - mantis <end-of-life> (Unsupported in Wheezy LTS)
-CVE-2017-7221
- RESERVED
+CVE-2017-7221 (OpenText Documentum Content Server has an inadequate protection
...)
+ TODO: check
CVE-2017-7220 (OpenText Documentum Content Server allows superuser access via
...)
NOT-FOR-US: OpenText Documentum Content Server
CVE-2017-7219 (A heap overflow vulnerability in Citrix NetScaler Gateway
versions 10.1 ...)
@@ -7199,8 +7434,8 @@
RESERVED
CVE-2017-5626 (OxygenOS before version 4.0.2, on OnePlus 3 and 3T, has two
hidden ...)
NOT-FOR-US: OxygenOS
-CVE-2017-5625
- RESERVED
+CVE-2017-5625 (In OxygenOS before 4.0.3 on OnePlus 3 and 3T devices, an
unauthorized ...)
+ TODO: check
CVE-2017-5624 (An issue was discovered in OxygenOS before 4.0.3 for OnePlus 3
and 3T. ...)
NOT-FOR-US: OxygenOS
CVE-2017-5623 (An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3
and 3T ...)
@@ -13187,6 +13422,7 @@
CVE-2017-3601 (Vulnerability in the Oracle API Gateway component of Oracle
Fusion ...)
NOT-FOR-US: Oracle
CVE-2017-3600 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ {DSA-3834-1 DLA-916-1}
- mariadb-10.1 <not-affected> (Fixed before initial upload to Debian)
- mariadb-10.0 10.0.28-1
[jessie] - mariadb-10.0 10.0.28-0+deb8u1
@@ -13508,15 +13744,19 @@
- mysql-5.7 <unfixed> (bug #860547)
- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2017-3464 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ {DSA-3834-1 DLA-916-1}
- mysql-5.7 <unfixed> (bug #860547)
- mysql-5.5 <removed> (bug #860544)
CVE-2017-3463 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ {DSA-3834-1 DLA-916-1}
- mysql-5.7 <unfixed> (bug #860547)
- mysql-5.5 <removed> (bug #860544)
CVE-2017-3462 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ {DSA-3834-1 DLA-916-1}
- mysql-5.7 <unfixed> (bug #860547)
- mysql-5.5 <removed> (bug #860544)
CVE-2017-3461 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ {DSA-3834-1 DLA-916-1}
- mysql-5.7 <unfixed> (bug #860547)
- mysql-5.5 <removed> (bug #860544)
CVE-2017-3460 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
@@ -13532,6 +13772,7 @@
- mysql-5.7 <unfixed> (bug #860547)
- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2017-3456 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ {DSA-3834-1 DLA-916-1}
- mysql-5.7 <unfixed> (bug #860547)
- mysql-5.5 <removed> (bug #860544)
CVE-2017-3455 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
@@ -13541,6 +13782,7 @@
- mysql-5.7 <unfixed> (bug #860547)
- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2017-3453 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ {DSA-3834-1 DLA-916-1}
- mysql-5.7 <unfixed> (bug #860547)
- mysql-5.5 <removed> (bug #860544)
CVE-2017-3452 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
@@ -13581,8 +13823,8 @@
NOT-FOR-US: Oracle
CVE-2017-3435 (Vulnerability in the Oracle One-to-One Fulfillment component of
Oracle ...)
NOT-FOR-US: Oracle
-CVE-2017-3434
- RESERVED
+CVE-2017-3434 (Vulnerability in the Oracle One-to-One Fulfillment component of
Oracle ...)
+ TODO: check
CVE-2017-3433 (Vulnerability in the Oracle One-to-One Fulfillment component of
Oracle ...)
NOT-FOR-US: Oracle
CVE-2017-3432 (Vulnerability in the Oracle One-to-One Fulfillment component of
Oracle ...)
@@ -13737,10 +13979,10 @@
NOT-FOR-US: Oracle
CVE-2017-3357 (Vulnerability in the Oracle Marketing component of Oracle
E-Business ...)
NOT-FOR-US: Oracle
-CVE-2017-3356
- RESERVED
-CVE-2017-3355
- RESERVED
+CVE-2017-3356 (Vulnerability in the Oracle Marketing component of Oracle
E-Business ...)
+ TODO: check
+CVE-2017-3355 (Vulnerability in the Oracle Marketing component of Oracle
E-Business ...)
+ TODO: check
CVE-2017-3354 (Vulnerability in the Oracle Marketing component of Oracle
E-Business ...)
NOT-FOR-US: Oracle
CVE-2017-3353 (Vulnerability in the Oracle Marketing component of Oracle
E-Business ...)
@@ -13755,18 +13997,18 @@
NOT-FOR-US: Oracle
CVE-2017-3348 (Vulnerability in the Oracle Marketing component of Oracle
E-Business ...)
NOT-FOR-US: Oracle
-CVE-2017-3347
- RESERVED
+CVE-2017-3347 (Vulnerability in the Oracle Marketing component of Oracle
E-Business ...)
+ TODO: check
CVE-2017-3346 (Vulnerability in the Oracle Marketing component of Oracle
E-Business ...)
NOT-FOR-US: Oracle
-CVE-2017-3345
- RESERVED
+CVE-2017-3345 (Vulnerability in the Oracle Marketing component of Oracle
E-Business ...)
+ TODO: check
CVE-2017-3344 (Vulnerability in the Oracle Marketing component of Oracle
E-Business ...)
NOT-FOR-US: Oracle
CVE-2017-3343 (Vulnerability in the Oracle Marketing component of Oracle
E-Business ...)
NOT-FOR-US: Oracle
-CVE-2017-3342
- RESERVED
+CVE-2017-3342 (Vulnerability in the Oracle Marketing component of Oracle
E-Business ...)
+ TODO: check
CVE-2017-3341 (Vulnerability in the Oracle Marketing component of Oracle
E-Business ...)
NOT-FOR-US: Oracle
CVE-2017-3340 (Vulnerability in the Oracle Marketing component of Oracle
E-Business ...)
@@ -13795,6 +14037,7 @@
CVE-2017-3330 (Vulnerability in the Siebel UI Framework component of Oracle
Siebel ...)
NOT-FOR-US: Oracle Siebel
CVE-2017-3329 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ {DSA-3834-1 DLA-916-1}
- mysql-5.7 <unfixed> (bug #860547)
- mysql-5.5 <removed> (bug #860544)
CVE-2017-3328 (Vulnerability in the Oracle Common Applications component of
Oracle ...)
@@ -13862,9 +14105,11 @@
CVE-2017-3310 (Vulnerability in the OJVM component of Oracle Database Server.
...)
NOT-FOR-US: Oracle
CVE-2017-3309 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ {DSA-3834-1 DLA-916-1}
- mysql-5.7 <unfixed> (bug #860547)
- mysql-5.5 <removed> (bug #860544)
CVE-2017-3308 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ {DSA-3834-1 DLA-916-1}
- mysql-5.7 <unfixed> (bug #860547)
- mysql-5.5 <removed> (bug #860544)
CVE-2017-3307 (Vulnerability in the MySQL Enterprise Monitor component of
Oracle ...)
@@ -13872,6 +14117,7 @@
CVE-2017-3306 (Vulnerability in the MySQL Enterprise Monitor component of
Oracle ...)
NOT-FOR-US: MySQL Enterprise Monitor
CVE-2017-3305 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
+ {DSA-3834-1 DLA-916-1}
- mysql-5.7 <not-affected> (Fixed before the initial release to Debian)
- mysql-5.5 <removed> (bug #860544)
NOTE: The issue arises because of an improper fix for the issue known
under
@@ -13887,7 +14133,7 @@
CVE-2017-3303 (Vulnerability in the Oracle XML Gateway component of Oracle
E-Business ...)
NOT-FOR-US: Oracle
CVE-2017-3302 (Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and
5.7.x ...)
- {DSA-3809-1 DLA-819-1}
+ {DSA-3834-1 DSA-3809-1 DLA-916-1 DLA-819-1}
- mariadb-10.1 10.1.22-1
- mariadb-10.0 <removed>
- mysql-5.7 <not-affected> (Fixed before initial release in Debian)
@@ -15423,6 +15669,7 @@
RESERVED
CVE-2017-2801 [Incorrect comparison in X.509 DN strings]
RESERVED
+ {DLA-915-1}
- botan1.10 <unfixed> (bug #860072)
NOTE:
https://github.com/randombit/botan/commit/c927101675e5f63fc0bdd93c5a4825adc54323b4
(1.10.16)
NOTE: Bug introduced in 1.6.0 or earlier, fixed in 2.1.0 and 1.10.16
@@ -18719,8 +18966,8 @@
RESERVED
CVE-2017-1275
RESERVED
-CVE-2017-1274
- RESERVED
+CVE-2017-1274 (IBM Domino 8.5.3, and 9.0 is vulnerable to a stack based
overflow in ...)
+ TODO: check
CVE-2017-1273
RESERVED
CVE-2017-1272
@@ -18970,8 +19217,8 @@
NOT-FOR-US: IBM
CVE-2017-1150 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect
Server) ...)
NOT-FOR-US: IBM
-CVE-2017-1149
- RESERVED
+CVE-2017-1149 (IBM UrbanCode Deploy (UCD) 6.0, 6.1, and 6.2 is vulnerable to a
denial ...)
+ TODO: check
CVE-2017-1148
RESERVED
CVE-2017-1147
@@ -26888,8 +27135,8 @@
NOT-FOR-US: Intel Security Anti-Virus
CVE-2016-8031 (Software Integrity Attacks vulnerability in Intel Security
Anti-Virus ...)
NOT-FOR-US: Intel antivirus
-CVE-2016-8030
- RESERVED
+CVE-2016-8030 (A memory corruption vulnerability in Scriptscan COM Object in
McAfee ...)
+ TODO: check
CVE-2016-8029
RESERVED
CVE-2016-8028
@@ -34829,7 +35076,8 @@
CVE-2016-5484
RESERVED
CVE-2016-5483
- RESERVED
+ REJECTED
+ {DSA-3834-1 DLA-916-1}
- mariadb-10.1 <not-affected> (Fixed before initial upload to Debian)
- mariadb-10.0 10.0.28-1
[jessie] - mariadb-10.0 10.0.28-0+deb8u1
@@ -56945,11 +57193,11 @@
NOT-FOR-US: ZTE router
CVE-2015-7248 (ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE
allow ...)
NOT-FOR-US: ZTE router
-CVE-2015-7247 (DLink DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or
W2000EN-00 ...)
+CVE-2015-7247 (D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or ...)
NOT-FOR-US: D-Link
-CVE-2015-7246 (DLink DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or
W2000EN-00 ...)
+CVE-2015-7246 (D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or ...)
NOT-FOR-US: D-Link
-CVE-2015-7245 (Directory traversal vulnerability in DLink DVG-N5402SP with
firmware ...)
+CVE-2015-7245 (Directory traversal vulnerability in D-Link DVG-N5402SP with
firmware ...)
NOT-FOR-US: D-Link
CVE-2015-7244 (The default configuration of the server in MobaXterm before 8.3
has a ...)
NOT-FOR-US: MobaXterm
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
