Author: sectracker
Date: 2017-05-22 21:10:14 +0000 (Mon, 22 May 2017)
New Revision: 51852
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-05-22 20:37:48 UTC (rev 51851)
+++ data/CVE/list 2017-05-22 21:10:14 UTC (rev 51852)
@@ -1,15 +1,25 @@
-CVE-2017-9144 [Check for EOF conditions for RLE image format]
+CVE-2017-9149 (Metadata Anonymisation Toolkit (MAT) 0.6 and 0.6.1 silently
fails to ...)
+ TODO: check
+CVE-2017-9148
+ RESERVED
+CVE-2017-9147 (LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField
function in ...)
+ TODO: check
+CVE-2017-9146 (The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef
through ...)
+ TODO: check
+CVE-2017-9145
+ RESERVED
+CVE-2017-9144 (In ImageMagick 7.0.5-5, a crafted RLE image can trigger a crash
because ...)
- imagemagick <unfixed> (bug #863126)
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/7fdf9ea808caa3c81a0eb42656e5fafc59084198
-CVE-2017-9142 [A crafted file revealed an assertion failure in blob.c]
+CVE-2017-9142 (In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an
assertion ...)
- imagemagick <unfixed> (bug #863125)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/490
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/72f5c8632bff2daf3c95005f9b4cf2982786b52a
-CVE-2017-9141 [A crafted file revealed an assertion failure in profile.c]
+CVE-2017-9141 (In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an
assertion ...)
- imagemagick <unfixed> (bug #863124)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/489
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/f5910e91b0778e03ded45b9022be8eb8f77942cd
-CVE-2017-9143 [Specially crafted arts file could lead to memory leak]
+CVE-2017-9143 (In ImageMagick 7.0.5-5, the ReadARTImage function in
coders/art.c ...)
- imagemagick <unfixed> (bug #863123)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/456
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/7b8c1df65b25d6671f113e2306982eded44ce3b4
@@ -930,6 +940,7 @@
CVE-2017-8799 (Untrusted input execution via igetwild in all iRODS versions
before ...)
NOT-FOR-US: iRODS
CVE-2017-8798 (Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221
through ...)
+ {DLA-949-1}
- miniupnpc 1.9.20140610-3 (bug #862273)
NOTE:
https://github.com/tintinweb/pub/blob/master/pocs/cve-2017-8798/Readme.md
NOTE: Fixed by:
https://github.com/miniupnp/miniupnp/commit/f0f1f4b22d6a98536377a1bb07e7c20e4703d229
@@ -3941,7 +3952,7 @@
NOT-FOR-US: dde-daemon
CVE-2017-7621 (Cross Site Scripting Vulnerability in core-eMLi in AuroMeera
...)
NOT-FOR-US: core-eMLi
-CVE-2017-7620 (MantisBT before 2.4.1 allows Permalink Injection via CSRF
attacks on a ...)
+CVE-2017-7620 (MantisBT before 1.3.11, 2.x before 2.3.3, and 2.4.x before
2.4.1 omits ...)
- mantis <removed>
[wheezy] - mantis <end-of-life> (Not supported in Wheezy LTS)
NOTE: https://mantisbt.org/bugs/view.php?id=22909
@@ -4342,7 +4353,7 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1451709
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2017-05/msg03663.html
CVE-2017-7492
- RESERVED
+ REJECTED
- resteasy <undetermined>
CVE-2017-7491 (In Moodle 2.x and 3.x, a CSRF attack is possible that allows
attackers ...)
- moodle <unfixed>
@@ -6226,8 +6237,8 @@
RESERVED
CVE-2017-6892
RESERVED
-CVE-2017-6891
- RESERVED
+CVE-2017-6891 (Two errors in the "asn1_find_node()" function
(lib/parser_aux.c) ...)
+ TODO: check
CVE-2017-6890 (A boundary error within the "foveon_load_camf()"
function ...)
TODO: check
CVE-2017-6889 (An integer overflow error within the
"foveon_load_camf()" function ...)
@@ -9882,8 +9893,8 @@
NOTE: evaluate related backport to 6.2:
https://github.com/apache/trafficserver/pull/1153
CVE-2017-5658
RESERVED
-CVE-2017-5657
- RESERVED
+CVE-2017-5657 (Several REST service endpoints of Apache Archiva are not
protected ...)
+ TODO: check
CVE-2017-5656 (Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed
way of ...)
NOT-FOR-US: Apache CXF
CVE-2017-5655 (In Ambari 2.2.2 through 2.4.2 and Ambari 2.5.0, sensitive data
may be ...)
@@ -12684,10 +12695,10 @@
RESERVED
CVE-2017-4917
RESERVED
-CVE-2017-4916
- RESERVED
-CVE-2017-4915
- RESERVED
+CVE-2017-4916 (VMware Workstation Pro/Player contains a NULL pointer
dereference ...)
+ TODO: check
+CVE-2017-4915 (VMware Workstation Pro/Player contains an insecure library
loading ...)
+ TODO: check
CVE-2017-4914
RESERVED
CVE-2017-4913
@@ -19751,22 +19762,22 @@
RESERVED
CVE-2017-2176
RESERVED
-CVE-2017-2175
- RESERVED
-CVE-2017-2174
- RESERVED
-CVE-2017-2173
- RESERVED
+CVE-2017-2175 (Untrusted search path vulnerability in Empirical Project
Monitor - ...)
+ TODO: check
+CVE-2017-2174 (Cross-site scripting vulnerability in Empirical Project Monitor
- ...)
+ TODO: check
+CVE-2017-2173 (Cross-site scripting vulnerability in Empirical Project Monitor
- ...)
+ TODO: check
CVE-2017-2172
RESERVED
-CVE-2017-2171
- RESERVED
+CVE-2017-2171 (Cross-site scripting vulnerability in Captcha prior to version
4.3.0, ...)
+ TODO: check
CVE-2017-2170
RESERVED
-CVE-2017-2169
- RESERVED
-CVE-2017-2168
- RESERVED
+CVE-2017-2169 (Cross-site scripting vulnerability in MaxButtons prior to
version 6.19 ...)
+ TODO: check
+CVE-2017-2168 (Cross-site scripting vulnerability in WP Booking System Free
version ...)
+ TODO: check
CVE-2017-2167 (Untrusted search path vulnerability in Installer for PrimeDrive
...)
NOT-FOR-US: PrimeDrive
CVE-2017-2166
@@ -19777,10 +19788,10 @@
NOT-FOR-US: SOY CMS
CVE-2017-2163 (Directory traversal vulnerability in SOY CMS Ver.1.8.1 to
Ver.1.8.12 ...)
NOT-FOR-US: SOY CMS
-CVE-2017-2162
- RESERVED
-CVE-2017-2161
- RESERVED
+CVE-2017-2162 (FlashAirTM SDHC Memory Card (SD-WE Series <W-03>)
V3.00.02 and earlier ...)
+ TODO: check
+CVE-2017-2161 (FlashAirTM SDHC Memory Card (SD-WE Series <W-03>)
V3.00.02 and earlier ...)
+ TODO: check
CVE-2017-2160
RESERVED
CVE-2017-2159
@@ -21461,8 +21472,8 @@
RESERVED
CVE-2017-1321
RESERVED
-CVE-2017-1320
- RESERVED
+CVE-2017-1320 (IBM Tivoli Federated Identity Manager 6.2 is vulnerable to
cross-site ...)
+ TODO: check
CVE-2017-1319
RESERVED
CVE-2017-1318
@@ -21523,8 +21534,7 @@
RESERVED
CVE-2017-1290
RESERVED
-CVE-2017-1289
- RESERVED
+CVE-2017-1289 (IBM SDK, Java Technology Edition is vulnerable XML External
Entity ...)
NOT-FOR-US: IBM JDK
CVE-2017-1288
RESERVED
@@ -21538,8 +21548,8 @@
RESERVED
CVE-2017-1283
RESERVED
-CVE-2017-1282
- RESERVED
+CVE-2017-1282 (IBM Content Navigator & CMIS 2.0 and 3.0 is vulnerable to
cross-site ...)
+ TODO: check
CVE-2017-1281
RESERVED
CVE-2017-1280
@@ -21785,8 +21795,8 @@
NOT-FOR-US: IBM
CVE-2017-1160 (IBM Financial Transaction Manager for ACH Services for
Multi-Platform ...)
NOT-FOR-US: IBM
-CVE-2017-1159
- RESERVED
+CVE-2017-1159 (IBM Business Process Manager 8.0 and 8.5 could allow a remote
attacker ...)
+ TODO: check
CVE-2017-1158
RESERVED
CVE-2017-1157
@@ -21919,8 +21929,8 @@
RESERVED
CVE-2017-1093 (IBM AIX 6.1, 7.1, and 7.2 could allow a local user to exploit a
...)
NOT-FOR-US: IBM AIX
-CVE-2017-1092
- RESERVED
+CVE-2017-1092 (IBM Informix Open Admin Tool 11.5, 11.7, and 12.1 could allow
an ...)
+ TODO: check
CVE-2017-1091
RESERVED
CVE-2017-1090
@@ -30445,8 +30455,8 @@
RESERVED
CVE-2016-7805
RESERVED
-CVE-2016-7804
- RESERVED
+CVE-2016-7804 (Untrusted search path vulnerability in 7 Zip for Windows 16.02
and ...)
+ TODO: check
CVE-2016-7803
RESERVED
CVE-2016-7802
@@ -35967,8 +35977,8 @@
RESERVED
CVE-2016-6113 (IBM Verse is vulnerable to cross-site scripting. This
vulnerability ...)
NOT-FOR-US: IBM
-CVE-2016-6112
- RESERVED
+CVE-2016-6112 (IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1,
and ...)
+ TODO: check
CVE-2016-6111 (IBM Curam Social Program Management 6.0 and 7.0 are vulnerable
to a ...)
NOT-FOR-US: IBM
CVE-2016-6110 (IBM Tivoli Storage Manager undisclosed unencrypted login
credentials ...)
@@ -40468,35 +40478,35 @@
RESERVED
CVE-2016-4906
RESERVED
-CVE-2016-4905
- RESERVED
-CVE-2016-4904
- RESERVED
-CVE-2016-4903
- RESERVED
+CVE-2016-4905 (SQL injection vulnerability in the WP-OliveCart versions prior
to ...)
+ TODO: check
+CVE-2016-4904 (Cross-site request forgery (CSRF) vulnerability in WP-OliveCart
...)
+ TODO: check
+CVE-2016-4903 (Cross-site scripting vulnerability in WP-OliveCart versions
prior to ...)
+ TODO: check
CVE-2016-4902
RESERVED
-CVE-2016-4901
- RESERVED
-CVE-2016-4900
- RESERVED
+CVE-2016-4901 (Untrusted search path vulnerability in The installer of e-Tax
Software ...)
+ TODO: check
+CVE-2016-4900 (Untrusted search path vulnerability in Evernote for Windows
versions ...)
+ TODO: check
CVE-2016-4899 (The datamover module in the Linux version of NovaBACKUP
DataCenter ...)
NOT-FOR-US: NovaBACKUP
CVE-2016-4898 (The datamover module in the Linux version of NovaBACKUP
DataCenter ...)
NOT-FOR-US: NovaBACKUP
CVE-2016-4897 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
NOT-FOR-US: Usermin
-CVE-2016-4896 (SetucoCMS allows remote attackers to alter or disclose
information, ...)
+CVE-2016-4896 (SetsucoCMS all versions does not properly manage sessions,
which ...)
NOT-FOR-US: SetucoCMS
-CVE-2016-4895 (SetucoCMS allows remote authenticated users to execute
arbitrary code. ...)
+CVE-2016-4895 (SetsucoCMS all versions allows remote authenticated attackers
to ...)
NOT-FOR-US: SetucoCMS
-CVE-2016-4894 (SetucoCMS allows remote attackers to cause a denial of service.
...)
+CVE-2016-4894 (SetsucoCMS all versions allows remote attackers to cause a
denial of ...)
NOT-FOR-US: SetucoCMS
-CVE-2016-4893 (SQL injection vulnerability in SetucoCMS. ...)
+CVE-2016-4893 (SQL injection vulnerability in the SetsucoCMS all versions
allows ...)
NOT-FOR-US: SetucoCMS
-CVE-2016-4892 (Cross-site scripting (XSS) vulnerability in SetucoCMS. ...)
+CVE-2016-4892 (Cross-site scripting vulnerability in SetsucoCMS all versions
allows ...)
NOT-FOR-US: SetucoCMS
-CVE-2016-4891 (Cross-site request forgery (CSRF) vulnerability in SetucoCMS.
...)
+CVE-2016-4891 (Cross-site request forgery (CSRF) vulnerability in SetsucoCMS
all ...)
NOT-FOR-US: SetucoCMS
CVE-2016-4890 (ZOHO ManageEngine ServiceDesk Plus before 9.2 uses an insecure
method ...)
NOT-FOR-US: ZOHO ManageEngine ServiceDesk Plus
@@ -40532,28 +40542,28 @@
NOT-FOR-US: IVYWE
CVE-2016-4874 (Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to
conduct ...)
NOT-FOR-US: Cybozu
-CVE-2016-4873 (The "Project" function in Cybozu Office 9.0.0 through
10.4.0 does not ...)
+CVE-2016-4873 (Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated
attackers to ...)
NOT-FOR-US: Cybozu
-CVE-2016-4872 (The "breadcrumb trail" component in Cybozu Office
9.0.0 through 10.4.0 ...)
+CVE-2016-4872 (Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated
attackers to ...)
NOT-FOR-US: Cybozu
CVE-2016-4871 (Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to
cause a ...)
NOT-FOR-US: Cybozu
-CVE-2016-4870 (Cross-site scripting (XSS) vulnerability in
"Schedule" function in ...)
+CVE-2016-4870 (Cross-site scripting vulnerability in Cybozu Office 9.0.0 to
10.4.0 ...)
NOT-FOR-US: Cybozu
-CVE-2016-4869 (Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to
obtain ...)
+CVE-2016-4869 (Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain
session ...)
NOT-FOR-US: Cybozu
-CVE-2016-4868 (Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to
inject ...)
+CVE-2016-4868 (Email header injection vulnerability in Cybozu Office 9.0.0 to
10.4.0 ...)
NOT-FOR-US: Cybozu
-CVE-2016-4867 (The "Project" function in Cybozu 9.0.0 through 10.4.0
allows remote ...)
+CVE-2016-4867 (Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated
attackers to ...)
NOT-FOR-US: Cybozu
-CVE-2016-4866 (Cross-site scripting (XSS) vulnerability in the
"Project" function in ...)
+CVE-2016-4866 (Cross-site scripting vulnerability in Cybozu Office 9.0.0 to
10.4.0 ...)
NOT-FOR-US: Cybozu
-CVE-2016-4865 (Cross-site scripting (XSS) vulnerability in the
"Customapp" function ...)
+CVE-2016-4865 (Cross-site scripting vulnerability in Cybozu Office 9.0.0 to
10.4.0 ...)
NOT-FOR-US: Cybozu
CVE-2016-4864 (H2O versions 2.0.3 and earlier and 2.1.0-beta2 and earlier
allows ...)
NOT-FOR-US: H2O
-CVE-2016-4863
- RESERVED
+CVE-2016-4863 (The Toshiba FlashAir SD-WD/WC series Class 6 model with
firmware ...)
+ TODO: check
CVE-2016-4862 (Twigmo bundled with CS-Cart 4.3.9 and earlier and Twigmo
bundled with ...)
NOT-FOR-US: Twigmo
CVE-2016-4861 (The (1) order and (2) group methods in Zend_Db_Select in the
Zend ...)
@@ -40581,8 +40591,8 @@
NOTE: https://jvn.jp/en/jp/JVN48237713/
NOTE: https://github.com/ADOdb/ADOdb/commit/ecb93d8c1
NOTE: Vulnerable file is shipped as an example only
-CVE-2016-4854
- RESERVED
+CVE-2016-4854 (Cross-site request forgery (CSRF) vulnerability in L-04D
firmware ...)
+ TODO: check
CVE-2016-4853 (AKABEi SOFT2 games allow remote attackers to execute arbitrary
OS ...)
NOT-FOR-US: AKABEi SOFT2
CVE-2016-4852 (YoruFukurou (NightOwl) before 2.85 relies on support for emoji
...)
@@ -48683,7 +48693,7 @@
CVE-2016-2173 (org.springframework.core.serializer.DefaultDeserializer in
Spring AMQP ...)
NOT-FOR-US: Spring AMQP
CVE-2016-2172
- RESERVED
+ REJECTED
CVE-2016-2171 (The User Manager service in Apache Jetspeed before 2.3.1 does
not ...)
NOT-FOR-US: Apache Jetspeed
CVE-2016-2170 (Apache OFBiz 12.04.x before 12.04.06 and 13.07.x before
13.07.03 allow ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
