Author: sectracker
Date: 2017-04-27 21:10:12 +0000 (Thu, 27 Apr 2017)
New Revision: 51121
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-04-27 21:03:47 UTC (rev 51120)
+++ data/CVE/list 2017-04-27 21:10:12 UTC (rev 51121)
@@ -1,3 +1,39 @@
+CVE-2017-8308 (In Avast Antivirus before v17, an unprivileged user (and thus
malware ...)
+ TODO: check
+CVE-2017-8307 (In Avast Antivirus before v17, using the LPC interface API
exposed by ...)
+ TODO: check
+CVE-2017-8306
+ RESERVED
+CVE-2017-8304
+ RESERVED
+CVE-2017-8303
+ RESERVED
+CVE-2017-8302 (Mura CMS 7.0.6967 allows admin/?muraAction= XSS attacks,
related to ...)
+ TODO: check
+CVE-2017-8300
+ RESERVED
+CVE-2017-8299
+ RESERVED
+CVE-2017-8298 (cnvs.io Canvas 3.3.0 has XSS in the title and content fields of
a ...)
+ TODO: check
+CVE-2017-8297 (A path traversal vulnerability exists in simple-file-manager
before ...)
+ TODO: check
+CVE-2017-8296 (kedpm 0.5 and 1.0 creates a history file in ~/.kedpm/history
that is ...)
+ TODO: check
+CVE-2017-8295
+ RESERVED
+CVE-2017-8294 (libyara/re.c in the regex component in YARA 3.5.0 allows remote
...)
+ TODO: check
+CVE-2017-8293
+ RESERVED
+CVE-2017-8292
+ RESERVED
+CVE-2017-8290
+ RESERVED
+CVE-2017-8289 (Stack-based buffer overflow in the ipv6_addr_from_str function
in ...)
+ TODO: check
+CVE-2017-8288 (gnome-shell 3.22 through 3.24.1 mishandles extensions that fail
to ...)
+ TODO: check
CVE-2017-XXXX [kedpm: information disclosure in command history file]
- kedpm <unfixed> (bug #860817)
NOTE: patch gives workaround, will be removed from stretch/sid
@@ -3,14 +39,15 @@
NOTE: http://www.openwall.com/lists/oss-security/2017/04/25/9
CVE-2017-8305 [Buffer overflow in own strlcpy implementation]
+ RESERVED
- udfclient <unfixed> (bug #861347)
-CVE-2017-8301 [Missing TLS Certificate Validation]
+CVE-2017-8301 (LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if
...)
- libressl <itp> (bug #754513)
NOTE: http://www.openwall.com/lists/oss-security/2017/04/27/11
-CVE-2017-8291 [shell injection]
+CVE-2017-8291 (Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass
and ...)
- ghostscript <unfixed> (bug #861295)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697808 (duplicate of
697799)
- NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697799 (made
private)
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697799 (made private)
NOTE: Full report viewable at:
https://bugzilla.suse.com/show_bug.cgi?id=1036453
-CVE-2017-8287 [out-of-bounds write via t1_builder_close_contour function]
+CVE-2017-8287 (FreeType 2 before 2017-03-26 has an out-of-bounds write caused
by a ...)
- freetype <unfixed> (bug #861308)
NOTE: Fixed by:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3774fc08b502c3e685afca098b6e8a195aded6a0
@@ -480,7 +517,7 @@
CVE-2017-8074 (On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve
...)
NOT-FOR-US: TP-Link
CVE-2017-8073 (WeeChat before 1.7.1 allows a remote crash by sending a
filename via ...)
- {DLA-919-1}
+ {DSA-3836-1 DLA-919-1}
- weechat 1.7-3 (bug #861121)
NOTE:
https://github.com/weechat/weechat/commit/2fb346f25f79e412cf0ed314fdf791763c19b70b
CVE-2017-8072 (The cp2112_gpio_direction_input function in
drivers/hid/hid-cp2112.c ...)
@@ -1116,7 +1153,7 @@
CVE-2016-1000258
REJECTED
CVE-2017-7870 (LibreOffice before 2017-01-02 has an out-of-bounds write caused
by a ...)
- {DLA-910-1}
+ {DSA-3837-1 DLA-910-1}
- libreoffice 1:5.2.5-1
NOTE: Fixed by:
https://github.com/LibreOffice/core/commit/62a97e6a561ce65e88d4c537a1b82c336f012722
CVE-2017-7869 (GnuTLS before 2017-02-20 has an out-of-bounds write caused by
an ...)
@@ -1600,7 +1637,7 @@
NOT-FOR-US: Symphony CMS
CVE-2017-7693
RESERVED
-CVE-2017-7692 (SquirrelMail 1.4.22 allows post-authentication remote code
execution ...)
+CVE-2017-7692 (SquirrelMail 1.4.22 (and other versions before
20170427_0200-SVN) ...)
- squirrelmail <removed>
NOTE: http://www.openwall.com/lists/oss-security/2017/04/19/6
NOTE:
https://legalhackers.com/advisories/SquirrelMail-Exploit-Remote-Code-Exec-CVE-2017-7692-Vuln.html
@@ -2330,8 +2367,8 @@
RESERVED
CVE-2017-7416
RESERVED
-CVE-2017-7415
- RESERVED
+CVE-2017-7415 (Atlassian Confluence 6.x before 6.0.7 allows remote attackers
to bypass ...)
+ TODO: check
CVE-2016-10318 (A missing authorization check in the fscrypt_process_policy
function in ...)
- linux 4.7.4-1
[jessie] - linux <not-affected> (Vulnerable code not present)
@@ -6262,12 +6299,12 @@
RESERVED
CVE-2017-6038
RESERVED
-CVE-2017-6037
- RESERVED
+CVE-2017-6037 (A Heap-Based Buffer Overflow issue was discovered in Wecon
Technologies ...)
+ TODO: check
CVE-2017-6036
RESERVED
-CVE-2017-6035
- RESERVED
+CVE-2017-6035 (A Stack-Based Buffer Overflow issue was discovered in Wecon ...)
+ TODO: check
CVE-2017-6034
RESERVED
CVE-2017-6033 (A DLL Hijacking issue was discovered in Schneider Electric
Interactive ...)
@@ -9404,8 +9441,8 @@
RESERVED
CVE-2017-5187
RESERVED
-CVE-2017-5186
- RESERVED
+CVE-2017-5186 (Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x
before ...)
+ TODO: check
CVE-2017-5185 (A vulnerability was discovered in NetIQ Sentinel Server 8.0
before ...)
NOT-FOR-US: NetIQ Sentinel
CVE-2017-5184 (A vulnerability was discovered in NetIQ Sentinel Server 8.0
before ...)
@@ -9588,8 +9625,8 @@
- firejail 0.9.44.2-3 (bug #850160)
NOTE: http://www.openwall.com/lists/oss-security/2017/01/04/1
NOTE: https://github.com/netblue30/firejail/issues/1020
-CVE-2017-5135
- RESERVED
+CVE-2017-5135 (Certain Technicolor devices have an SNMP access-control bypass,
...)
+ TODO: check
CVE-2017-5134
RESERVED
CVE-2017-5133
@@ -12426,6 +12463,7 @@
CVE-2016-10031 (** DISPUTED ** WampServer 3.0.6 installs two services called
...)
NOT-FOR-US: WampServer
CVE-2016-10030 (The _prolog_error function in slurmd/req.c in Slurm before
15.08.13, ...)
+ {DLA-921-1}
- slurm-llnl 16.05.8-1 (bug #850491)
[jessie] - slurm-llnl <no-dsa> (Minor issue)
NOTE: https://www.schedmd.com/news.php?id=178
@@ -15041,8 +15079,8 @@
RESERVED
CVE-2017-3067
RESERVED
-CVE-2017-3066
- RESERVED
+CVE-2017-3066 (Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11
update 11 and ...)
+ TODO: check
CVE-2017-3065 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280
and ...)
NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3064 (Adobe Flash Player versions 25.0.0.127 and earlier have an
exploitable ...)
@@ -15157,8 +15195,8 @@
NOT-FOR-US: Adobe
CVE-2017-3009 (Adobe Acrobat Reader versions 15.020.20042 and earlier,
15.006.30244 ...)
NOT-FOR-US: Adobe
-CVE-2017-3008
- RESERVED
+CVE-2017-3008 (Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11
update 11 and ...)
+ TODO: check
CVE-2017-3007 (Adobe Thor versions 3.9.5.353 and earlier have a vulnerability
in the ...)
NOT-FOR-US: Adobe Thor
CVE-2017-3006 (Adobe Thor versions 3.9.5.353 and earlier have a vulnerability
related ...)
@@ -48684,7 +48722,7 @@
NOTE: Fix spread across multiple commits:
https://github.com/tatsuhiro-t/nghttp2/compare/v1.7.0...v1.7.1
NOTE: Commits between 1.7.0 and 1.7.1 seem almost limited to this
issue, cf.
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1308461#c3
-CVE-2016-1543 (The RPC API in RSCD agent in BMC BladeLogic Server Automation
(BSA) ...)
+CVE-2016-1543 (The RPC API in the RSCD agent in BMC BladeLogic Server
Automation ...)
NOT-FOR-US: BMC
CVE-2016-1542 (The RPC API in RSCD agent in BMC BladeLogic Server Automation
(BSA) ...)
NOT-FOR-US: BMC
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
