[Secure-testing-commits] r51731 - data/CVE

security tracker role Thu, 18 May 2017 14:10:38 -0700

Author: sectracker
Date: 2017-05-18 21:10:16 +0000 (Thu, 18 May 2017)
New Revision: 51731


Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-05-18 20:56:08 UTC (rev 51730)
+++ data/CVE/list       2017-05-18 21:10:16 UTC (rev 51731)
@@ -1,3 +1,17 @@
+CVE-2017-9072 (Two CalendarXP products have XSS in common parts of HTML files. 
...)
+       TODO: check
+CVE-2017-9071 (In MODX Revolution before 2.5.7, an attacker might be able to 
trigger ...)
+       TODO: check
+CVE-2017-9070 (In MODX Revolution before 2.5.7, a user with resource edit 
permissions ...)
+       TODO: check
+CVE-2017-9069 (In MODX Revolution before 2.5.7, a user with file upload 
permissions is ...)
+       TODO: check
+CVE-2017-9068 (In MODX Revolution before 2.5.7, an attacker is able to trigger 
...)
+       TODO: check
+CVE-2017-9067 (In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an 
attacker is ...)
+       TODO: check
+CVE-2017-9060
+       RESERVED
 CVE-2017-9059 (The NFSv4 implementation in the Linux kernel through 4.11.1 
allows ...)
        - linux <unfixed>
 CVE-2017-9057
@@ -101,27 +115,27 @@
        NOT-FOR-US: HooHoo Trip Mate
 CVE-2017-9025 (Heap buffer overflow in vshttpd (aka ioos) in HooToo Trip Mate 
6 (TM6) ...)
        NOT-FOR-US: HooHoo Trip Mate
-CVE-2017-9066
+CVE-2017-9066 (In WordPress before 4.7.5, there is insufficient redirect 
validation in ...)
        - wordpress 4.7.5+dfsg-1 (bug #862816)
        NOTE: https://wordpress.org/news/2017/05/wordpress-4-7-5/
        NOTE: 
https://github.com/WordPress/WordPress/commit/76d77e927bb4d0f87c7262a50e28d84e01fd2b11
-CVE-2017-9065
+CVE-2017-9065 (In WordPress before 4.7.5, there is a lack of capability checks 
for ...)
        - wordpress 4.7.5+dfsg-1 (bug #862816)
        NOTE: https://wordpress.org/news/2017/05/wordpress-4-7-5/
        NOTE: 
https://github.com/WordPress/WordPress/commit/e88a48a066ab2200ce3091b131d43e2fab2460a4
-CVE-2017-9064
+CVE-2017-9064 (In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) 
...)
        - wordpress 4.7.5+dfsg-1 (bug #862816)
        NOTE: https://wordpress.org/news/2017/05/wordpress-4-7-5/
        NOTE: 
https://github.com/WordPress/WordPress/commit/38347d7c580be4cdd8476e4bbc653d5c79ed9b67
-CVE-2017-9063
+CVE-2017-9063 (In WordPress before 4.7.5, a cross-site scripting (XSS) 
vulnerability ...)
        - wordpress 4.7.5+dfsg-1 (bug #862816)
        NOTE: https://wordpress.org/news/2017/05/wordpress-4-7-5/
        NOTE: 
https://github.com/WordPress/WordPress/commit/3d10fef22d788f29aed745b0f5ff6f6baea69af3
-CVE-2017-9062
+CVE-2017-9062 (In WordPress before 4.7.5, there is improper handling of post 
meta data ...)
        - wordpress 4.7.5+dfsg-1 (bug #862816)
        NOTE: https://wordpress.org/news/2017/05/wordpress-4-7-5/
        NOTE: 
https://github.com/WordPress/WordPress/commit/3d95e3ae816f4d7c638f40d3e936a4be19724381
-CVE-2017-9061
+CVE-2017-9061 (In WordPress before 4.7.5, a cross-site scripting (XSS) 
vulnerability ...)
        - wordpress 4.7.5+dfsg-1 (bug #862816)
        NOTE: https://wordpress.org/news/2017/05/wordpress-4-7-5/
        NOTE: 
https://github.com/WordPress/WordPress/commit/8c7ea71edbbffca5d9766b7bea7c7f3722ffafa6
@@ -327,7 +341,7 @@
 CVE-2017-8928 (mailcow 0.14, as used in &quot;mailcow: dockerized&quot; and 
other products, has ...)
        NOT-FOR-US: mailcow
 CVE-2017-9031 (The WebUI component in Deluge before 1.3.15 contains a 
directory ...)
-       {DLA-943-1}
+       {DSA-3856-1 DLA-943-1}
        - deluge 1.3.13+git20161130.48cedf63-3 (bug #862611)
        NOTE: http://dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.15
        NOTE: Fixed by: 
http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable&id=41acade01ae88f7b7bbdba308a0886771aa582fd
@@ -2688,12 +2702,12 @@
 CVE-2017-7977
        RESERVED
 CVE-2017-7976 (Artifex jbig2dec 0.13 allows out-of-bounds writes and reads 
because of ...)
-       {DLA-942-1}
+       {DSA-3855-1 DLA-942-1}
        - jbig2dec 0.13-4.1 (bug #860787)
        NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697683
        NOTE: Fixed by: 
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ed6c5133a1004ce8d
 CVE-2017-7975 (Artifex jbig2dec 0.13, as used in Ghostscript, allows 
out-of-bounds ...)
-       {DLA-942-1}
+       {DSA-3855-1 DLA-942-1}
        - jbig2dec 0.13-4.1 (bug #860788)
        NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697693
        NOTE: Fixed by: 
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5e57e483298dae8b
@@ -3046,7 +3060,7 @@
        - dolibarr <unfixed>
        NOTE: http://www.openwall.com/lists/oss-security/2017/05/10/6
 CVE-2017-7885 (Artifex jbig2dec 0.13 has a heap-based buffer over-read leading 
to ...)
-       {DLA-942-1}
+       {DSA-3855-1 DLA-942-1}
        - jbig2dec 0.13-4.1 (bug #860460)
        NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697703
        NOTE: Fixed by: 
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=b184e783702246e15
@@ -4097,8 +4111,8 @@
        RESERVED
 CVE-2017-7504
        RESERVED
-CVE-2017-7503
-       RESERVED
+CVE-2017-7503 (It was found that the Red Hat JBoss EAP 7.0.5 implementation of 
...)
+       TODO: check
 CVE-2017-7502
        RESERVED
 CVE-2017-7501
@@ -4339,8 +4353,8 @@
        RESERVED
 CVE-2017-7434
        RESERVED
-CVE-2017-7433
-       RESERVED
+CVE-2017-7433 (An absolute path traversal vulnerability (CWE-36) in Micro 
Focus Vibe ...)
+       TODO: check
 CVE-2017-7432 (Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ 
iManager ...)
        NOT-FOR-US: Novell Novell iManager and NetIQ iManager
 CVE-2017-7431 (Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ 
iManager ...)
@@ -5389,7 +5403,7 @@
        NOTE: 
https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_ucd.c?r1=316&r2=670&sortby=date 
(for pcre2)
        NOTE: 
https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_internal.h?r1=600&r2=670&sortby=date
 (for pcre2)
 CVE-2017-7178 (CSRF was discovered in the web UI in Deluge before 1.3.14. The 
...)
-       {DLA-863-1}
+       {DSA-3856-1 DLA-863-1}
        - deluge 1.3.13+git20161130.48cedf63-2 (bug #857903)
        NOTE: 
http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable&id=318ab179865e0707d7945edc3a13a464a108d583
 CVE-2017-XXXX ["Clean metadata" contextual menu silently fails]
@@ -6569,8 +6583,7 @@
        RESERVED
 CVE-2017-6653
        RESERVED
-CVE-2017-6652
-       RESERVED
+CVE-2017-6652 (A vulnerability in the web framework of the Cisco TelePresence 
IX5000 ...)
        NOT-FOR-US: Cisco
 CVE-2017-6651 (A vulnerability in Cisco WebEx Meetings Server could allow ...)
        NOT-FOR-US: Cisco
@@ -6628,14 +6641,11 @@
        NOT-FOR-US: Cisco
 CVE-2017-6624 (A vulnerability in Cisco IOS 15.5(3)M Software for Cisco 
CallManager ...)
        NOT-FOR-US: Cisco
-CVE-2017-6623
-       RESERVED
+CVE-2017-6623 (A vulnerability in a script file that is installed as part of 
the Cisco ...)
        NOT-FOR-US: Cisco
-CVE-2017-6622
-       RESERVED
+CVE-2017-6622 (A vulnerability in the web interface for Cisco Prime 
Collaboration ...)
        NOT-FOR-US: Cisco
-CVE-2017-6621
-       RESERVED
+CVE-2017-6621 (A vulnerability in the web interface of Cisco Prime 
Collaboration ...)
        NOT-FOR-US: Cisco
 CVE-2017-6620 (A vulnerability in the remote management access control list 
(ACL) ...)
        NOT-FOR-US: Cisco
@@ -14346,8 +14356,8 @@
        RESERVED
 CVE-2017-3981
        RESERVED
-CVE-2017-3980
-       RESERVED
+CVE-2017-3980 (A directory traversal vulnerability in the ePO Extension in 
McAfee ...)
+       TODO: check
 CVE-2017-3979
        RESERVED
 CVE-2017-3978
@@ -15780,7 +15790,7 @@
 CVE-2017-3590 (Vulnerability in the MySQL Connectors component of Oracle MySQL 
...)
        - mysql-connector-python <unfixed> (bug #861511)
 CVE-2017-3589 (Vulnerability in the MySQL Connectors component of Oracle MySQL 
...)
-       {DLA-945-1}
+       {DSA-3857-1 DLA-945-1}
        - mysql-connector-java 5.1.42-1
 CVE-2017-3588
        RESERVED
@@ -15789,7 +15799,7 @@
        [jessie] - virtualbox <end-of-life> (DSA-3699-1)
        [wheezy] - virtualbox <end-of-life> (DSA 3454)
 CVE-2017-3586 (Vulnerability in the MySQL Connectors component of Oracle MySQL 
...)
-       {DLA-945-1}
+       {DSA-3857-1 DLA-945-1}
        - mysql-connector-java 5.1.42-1
 CVE-2017-3585 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) 
component of ...)
        NOT-FOR-US: Solaris
@@ -16527,7 +16537,7 @@
        NOT-FOR-US: Oracle
 CVE-2017-3285 (Vulnerability in the Oracle Service Fulfillment Manager 
component of ...)
        NOT-FOR-US: Oracle
-CVE-2017-3284 (Vulnerability in the Oracle Fulfillment Manager component of 
Oracle ...)
+CVE-2017-3284 (Vulnerability in the Oracle Service Fulfillment Manager 
component of ...)
        NOT-FOR-US: Oracle
 CVE-2017-3283 (Vulnerability in the Oracle Partner Management component of 
Oracle ...)
        NOT-FOR-US: Oracle
@@ -49684,7 +49694,7 @@
        - symfony 2.7.9+dfsg-1
        NOTE: 
http://symfony.com/blog/cve-2016-1902-securerandom-s-fallback-not-secure-when-openssl-fails
        NOTE: https://github.com/symfony/symfony/pull/17359
-CVE-2016-1906 (The API server in Kubernetes might allow remote attackers to 
gain ...)
+CVE-2016-1906 (Openshift allows remote attackers to gain privileges by 
updating a ...)
        - kubernetes <not-affected> (Openshift Specific)
        NOTE: https://github.com/openshift/origin/issues/6556
        NOTE: https://github.com/openshift/origin/pull/6576


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r51731 - data/CVE

Reply via email to