Author: sectracker
Date: 2017-07-14 21:10:16 +0000 (Fri, 14 Jul 2017)
New Revision: 53497
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-07-14 19:35:14 UTC (rev 53496)
+++ data/CVE/list 2017-07-14 21:10:16 UTC (rev 53497)
@@ -1,3 +1,17 @@
+CVE-2017-11334
+ RESERVED
+CVE-2017-11333
+ RESERVED
+CVE-2017-11332
+ RESERVED
+CVE-2017-11331
+ RESERVED
+CVE-2017-11330
+ RESERVED
+CVE-2017-11329 (GLPI before 9.1.5 allows SQL injection via an
ajax/getDropdownValue.php ...)
+ TODO: check
+CVE-2016-10398 (Android 6.0 has an authentication bypass for attackers with
root and ...)
+ TODO: check
CVE-2017-11328 (Heap buffer overflow in the yr_object_array_set_item()
function in ...)
TODO: check
CVE-2017-11327
@@ -243,6 +257,7 @@
RESERVED
CVE-2017-1000083 [Evince command injection vulnerability in CBT handler]
RESERVED
+ {DSA-3911-1}
- evince 3.22.1-4
- atril <unfixed>
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=784630
@@ -474,7 +489,7 @@
TODO: check
CVE-2017-1000067 (MODX Revolution version 2.x - 2.5.6 is vulnerable to blind
SQL ...)
TODO: check
-CVE-2017-1000066 (The entry details view funcion in KeePass version 1.32
inadvertently ...)
+CVE-2017-1000066 (The entry details view function in KeePass version 1.32
inadvertently ...)
TODO: check
CVE-2017-1000065 (Multiple Cross-site scripting (XSS) vulnerabilities in
rpc.php in ...)
TODO: check
@@ -588,7 +603,7 @@
TODO: check
CVE-2017-1000007 (txAWS (all current versions) fail to perform complete
certificate ...)
TODO: check
-CVE-2017-1000006 (Plotly, Inc. plotly.js versions prior to 1.16.0 are
vulrenable to an ...)
+CVE-2017-1000006 (Plotly, Inc. plotly.js versions prior to 1.16.0 are
vulnerable to an ...)
TODO: check
CVE-2017-1000005 (PHPMiniAdmin version 1.9.160630 is vulnerable to stored XSS
in the ...)
TODO: check
@@ -723,6 +738,7 @@
CVE-2017-1002024
NOT-FOR-US: kindeditor
CVE-2017-11103 (Heimdal before 7.4 allows remote attackers to impersonate
services with ...)
+ {DSA-3909-1 DLA-1027-1}
- heimdal <unfixed> (bug #868208)
- samba 2:4.6.5+dfsg-4 (bug #868209)
[wheezy] - samba <not-affected> (Heimdal is only used in 4.x, wheezy
ships 3.6.6)
@@ -1081,12 +1097,12 @@
NOTE:
https://github.com/php/php-src/commit/0f8cf3b8497dc45c010c44ed9e96518e11e19fc3
NOTE: http://openwall.com/lists/oss-security/2017/07/10/6
CVE-2017-10972 (Uninitialized data in endianness conversion in the XEvent
handling of ...)
- {DSA-3905-1}
+ {DSA-3905-1 DLA-1026-1}
- xorg-server 2:1.19.3-2 (bug #867492)
NOTE:
https://cgit.freedesktop.org/xorg/xserver/commit/?id=05442de962d3dc624f79fc1a00eca3ffc5489ced
NOTE: http://www.openwall.com/lists/oss-security/2017/07/06/6
CVE-2017-10971 (In the X.Org X server before 2017-06-19, a user authenticated
to an X ...)
- {DSA-3905-1}
+ {DSA-3905-1 DLA-1026-1}
- xorg-server 2:1.19.3-2 (bug #867492)
NOTE:
https://cgit.freedesktop.org/xorg/xserver/commit/?id=ba336b24052122b136486961c82deac76bbde455
NOTE:
https://cgit.freedesktop.org/xorg/xserver/commit/?id=8caed4df36b1f802b4992edcfd282cbeeec35d9d
@@ -1896,16 +1912,16 @@
RESERVED
CVE-2017-10606
RESERVED
-CVE-2017-10605
- RESERVED
-CVE-2017-10604
- RESERVED
-CVE-2017-10603
- RESERVED
-CVE-2017-10602
- RESERVED
-CVE-2017-10601
- RESERVED
+CVE-2017-10605 (On all vSRX and SRX Series devices, when the DHCP or DHCP
relay is ...)
+ TODO: check
+CVE-2017-10604 (When the device is configured to perform account lockout with
a ...)
+ TODO: check
+CVE-2017-10603 (An XML injection vulnerability in Junos OS CLI can allow a
locally ...)
+ TODO: check
+CVE-2017-10602 (A buffer overflow vulnerability in Junos OS CLI may allow a
local ...)
+ TODO: check
+CVE-2017-10601 (A specific device configuration can result in a commit failure
...)
+ TODO: check
CVE-2017-10600 (ubuntu-image 1.0 before 2017-07-07, when invoked as non-root,
creates ...)
NOT-FOR-US: ubuntu-image
CVE-2017-9996 (The cdxl_decode_frame function in libavcodec/cdxl.c in FFmpeg
2.8.x ...)
@@ -2347,6 +2363,7 @@
CVE-2017-9826
RESERVED
CVE-2017-11104 (Knot DNS before 2.4.5 and 2.5.x before 2.5.2 contains a flaw
within the ...)
+ {DSA-3910-1}
- knot <unfixed> (bug #865678)
NOTE:
https://lists.nic.cz/pipermail/knot-dns-users/2017-June/001144.html
NOTE:
http://www.synacktiv.ninja/ressources/Knot_DNS_TSIG_Signature_Forgery.pdf
@@ -9924,30 +9941,23 @@
NOT-FOR-US: Proxifier for Mac
CVE-2017-7689 (A Command Injection vulnerability in Schneider Electric
homeLYnk ...)
NOT-FOR-US: Schneider Electric
-CVE-2017-7688
- RESERVED
+CVE-2017-7688 (Apache OpenMeetings 1.0.0 updates user password in insecure
manner. ...)
NOT-FOR-US: Apache OpenMeetings
CVE-2017-7687
RESERVED
CVE-2017-7686 (Apache Ignite 1.0.0-RC3 to 2.0 uses an update notifier
component to ...)
NOT-FOR-US: Apache Ignite
-CVE-2017-7685
- RESERVED
+CVE-2017-7685 (Apache OpenMeetings 1.0.0 responds to the following insecure
HTTP ...)
NOT-FOR-US: Apache OpenMeetings
-CVE-2017-7684
- RESERVED
+CVE-2017-7684 (Apache OpenMeetings 1.0.0 doesn't check contents of files being
...)
NOT-FOR-US: Apache OpenMeetings
-CVE-2017-7683
- RESERVED
+CVE-2017-7683 (Apache OpenMeetings 1.0.0 displays Tomcat version and detailed
error ...)
NOT-FOR-US: Apache OpenMeetings
-CVE-2017-7682
- RESERVED
+CVE-2017-7682 (Apache OpenMeetings 3.2.0 is vulnerable to parameter
manipulation ...)
NOT-FOR-US: Apache OpenMeetings
-CVE-2017-7681
- RESERVED
+CVE-2017-7681 (Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This
allows ...)
NOT-FOR-US: Apache OpenMeetings
-CVE-2017-7680
- RESERVED
+CVE-2017-7680 (Apache OpenMeetings 1.0.0 has an overly permissive
crossdomain.xml ...)
NOT-FOR-US: Apache OpenMeetings
CVE-2017-7679 (In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26,
mod_mime ...)
{DSA-3896-1 DLA-1009-1}
@@ -9962,8 +9972,7 @@
RESERVED
CVE-2017-7674
RESERVED
-CVE-2017-7673
- RESERVED
+CVE-2017-7673 (Apache OpenMeetings 1.0.0 uses not very strong cryptographic
storage, ...)
NOT-FOR-US: Apache OpenMeetings
CVE-2017-7672 (If an application allows enter an URL in a form field and
built-in ...)
TODO: check
@@ -9978,16 +9987,13 @@
- apache2 2.4.25-4
CVE-2017-7667 (Apache NiFi before 0.7.4 and 1.x before 1.3.0 need to establish
the ...)
NOT-FOR-US: Apache NiFi
-CVE-2017-7666
- RESERVED
+CVE-2017-7666 (Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request
Forgery ...)
NOT-FOR-US: Apache OpenMeetings
CVE-2017-7665 (In Apache NiFi before 0.7.4 and 1.x before 1.3.0, there are
certain ...)
NOT-FOR-US: Apache NiFi
-CVE-2017-7664
- RESERVED
+CVE-2017-7664 (Uploaded XML documents were not correctly validated in Apache
...)
NOT-FOR-US: Apache OpenMeetings
-CVE-2017-7663
- RESERVED
+CVE-2017-7663 (Both global and Room chat are vulnerable to XSS attack in
Apache ...)
NOT-FOR-US: Apache OpenMeetings
CVE-2017-7662 (Apache CXF Fediz ships with an OpenId Connect (OIDC) service
which has ...)
NOT-FOR-US: Apache CXF
@@ -25859,36 +25865,36 @@
CVE-2017-2350 (An issue was discovered in certain Apple products. iOS before
10.2.1 ...)
- webkit2gtk 2.14.4-1 (unimportant)
NOTE: Not covered by security support
-CVE-2017-2349
- RESERVED
-CVE-2017-2348
- RESERVED
-CVE-2017-2347
- RESERVED
-CVE-2017-2346
- RESERVED
-CVE-2017-2345
- RESERVED
-CVE-2017-2344
- RESERVED
-CVE-2017-2343
- RESERVED
-CVE-2017-2342
- RESERVED
-CVE-2017-2341
- RESERVED
+CVE-2017-2349 (A command injection vulnerability in the IDP feature of Juniper
...)
+ TODO: check
+CVE-2017-2348 (The Juniper Enhanced jdhcpd daemon may experience high CPU ...)
+ TODO: check
+CVE-2017-2347 (A denial of service vulnerability in rpd daemon of Juniper
Networks ...)
+ TODO: check
+CVE-2017-2346 (An MS-MPC or MS-MIC Service PIC may crash when large fragmented
...)
+ TODO: check
+CVE-2017-2345 (On Junos OS devices with SNMP enabled, a network based attacker
with ...)
+ TODO: check
+CVE-2017-2344 (A routine within an internal Junos OS sockets library is
vulnerable to ...)
+ TODO: check
+CVE-2017-2343 (The Integrated User Firewall (UserFW) feature was introduced in
Junos ...)
+ TODO: check
+CVE-2017-2342 (MACsec feature on Juniper Networks Junos OS 15.1X49 prior to
...)
+ TODO: check
+CVE-2017-2341 (An insufficient authentication vulnerability on platforms where
Junos ...)
+ TODO: check
CVE-2017-2340 (On Juniper Networks Junos OS 15.1 releases from 15.1R3 to
15.1R4, 16.1 ...)
NOT-FOR-US: Juniper
-CVE-2017-2339
- RESERVED
-CVE-2017-2338
- RESERVED
-CVE-2017-2337
- RESERVED
-CVE-2017-2336
- RESERVED
-CVE-2017-2335
- RESERVED
+CVE-2017-2339 (A security researcher testing a Juniper NetScreen Firewall+VPN
found ...)
+ TODO: check
+CVE-2017-2338 (A security researcher testing a Juniper NetScreen Firewall+VPN
found ...)
+ TODO: check
+CVE-2017-2337 (A security researcher testing a Juniper NetScreen Firewall+VPN
found ...)
+ TODO: check
+CVE-2017-2336 (A security researcher testing a Juniper NetScreen Firewall+VPN
found ...)
+ TODO: check
+CVE-2017-2335 (A security researcher testing a Juniper NetScreen Firewall+VPN
found ...)
+ TODO: check
CVE-2017-2334 (An information leak vulnerability in Juniper Networks NorthStar
...)
NOT-FOR-US: Juniper
CVE-2017-2333 (A persistent denial of service vulnerability in Juniper
Networks ...)
@@ -25929,8 +25935,8 @@
NOT-FOR-US: Juniper
CVE-2017-2315 (On Juniper Networks EX Series Ethernet Switches running
affected Junos ...)
NOT-FOR-US: Juniper
-CVE-2017-2314
- RESERVED
+CVE-2017-2314 (Receipt of a malformed BGP OPEN message may cause the routing
protocol ...)
+ TODO: check
CVE-2017-2313 (Juniper Networks devices running affected Junos OS versions may
be ...)
NOT-FOR-US: Juniper
CVE-2017-2312 (On Juniper Networks devices running Junos OS affected versions
and ...)
@@ -26019,22 +26025,22 @@
RESERVED
CVE-2017-2273
RESERVED
-CVE-2017-2272
- RESERVED
-CVE-2017-2271
- RESERVED
-CVE-2017-2270
- RESERVED
-CVE-2017-2269
- RESERVED
-CVE-2017-2268
- RESERVED
-CVE-2017-2267
- RESERVED
-CVE-2017-2266
- RESERVED
-CVE-2017-2265
- RESERVED
+CVE-2017-2272 (Untrusted search path vulnerability in Self-extracting
encrypted files ...)
+ TODO: check
+CVE-2017-2271 (Untrusted search path vulnerability in Self-extracting
encrypted files ...)
+ TODO: check
+CVE-2017-2270 (Untrusted search path vulnerability in Encrypted files in ...)
+ TODO: check
+CVE-2017-2269 (Untrusted search path vulnerability in FileCapsule Deluxe
Portable ...)
+ TODO: check
+CVE-2017-2268 (Untrusted search path vulnerability in Encrypted files in ...)
+ TODO: check
+CVE-2017-2267 (Untrusted search path vulnerability in FileCapsule Deluxe
Portable ...)
+ TODO: check
+CVE-2017-2266 (Untrusted search path vulnerability in Encrypted files in ...)
+ TODO: check
+CVE-2017-2265 (Untrusted search path vulnerability in FileCapsule Deluxe
Portable ...)
+ TODO: check
CVE-2017-2264
RESERVED
CVE-2017-2263
@@ -26057,22 +26063,22 @@
RESERVED
CVE-2017-2254
RESERVED
-CVE-2017-2253
- RESERVED
-CVE-2017-2252
- RESERVED
+CVE-2017-2253 (Untrusted search path vulnerability in Installer of Yahoo!
Toolbar ...)
+ TODO: check
+CVE-2017-2252 (Untrusted search path vulnerability in Self-extracting archive
files ...)
+ TODO: check
CVE-2017-2251
RESERVED
CVE-2017-2250
RESERVED
-CVE-2017-2249
- RESERVED
-CVE-2017-2248
- RESERVED
-CVE-2017-2247
- RESERVED
-CVE-2017-2246
- RESERVED
+CVE-2017-2249 (Untrusted search path vulnerability in Self-extracting archive
files ...)
+ TODO: check
+CVE-2017-2248 (Untrusted search path vulnerability in Installer of Lhaz+
version ...)
+ TODO: check
+CVE-2017-2247 (Untrusted search path vulnerability in Self-extracting archive
files ...)
+ TODO: check
+CVE-2017-2246 (Untrusted search path vulnerability in Installer of Lhaz
version 2.4.0 ...)
+ TODO: check
CVE-2017-2245 (Directory traversal vulnerability in Shortcodes Ultimate prior
to ...)
NOT-FOR-US: Shortcodes Ultimate
CVE-2017-2244 (Cross-site request forgery (CSRF) vulnerability in MFC-J960DWN
...)
@@ -26081,10 +26087,10 @@
NOT-FOR-US: Responsive Lightbox
CVE-2017-2242
RESERVED
-CVE-2017-2241
- RESERVED
-CVE-2017-2240
- RESERVED
+CVE-2017-2241 (SQL injection vulnerability in the AssetView for MacOS
Ver.9.2.0 and ...)
+ TODO: check
+CVE-2017-2240 (Directory traversal vulnerability in AssetView for MacOS
Ver.9.2.0 and ...)
+ TODO: check
CVE-2017-2239 (Marp versions v0.0.10 and earlier may allow an attacker to
access ...)
NOT-FOR-US: Marp
CVE-2017-2238 (Cross-site request forgery (CSRF) vulnerability in Toshiba Home
...)
@@ -28197,13 +28203,12 @@
RESERVED
CVE-2017-1184
RESERVED
-CVE-2017-1183
- RESERVED
-CVE-2017-1182
- RESERVED
+CVE-2017-1183 (IBM Tivoli Monitoring Portal v6 could allow a local (network
adjacent) ...)
+ TODO: check
+CVE-2017-1182 (IBM Tivoli Monitoring Portal v6 could allow a local (network
adjacent) ...)
NOT-FOR-US: Oracle Primavera
-CVE-2017-1181
- RESERVED
+CVE-2017-1181 (IBM Tivoli Monitoring Portal V6 client could allow a local
attacker to ...)
+ TODO: check
CVE-2017-1180 (The IBM TRIRIGA Document Manager contains a vulnerability that
could ...)
NOT-FOR-US: IBM TRIRIGA Document Manager
CVE-2017-1179 (IBM BigFix Compliance Analytics 1.9.79 uses weaker than
expected ...)
@@ -35520,8 +35525,8 @@
RESERVED
CVE-2017-0197 (Microsoft OneNote 2007 SP3 and Microsoft OneNote 2010 SP2 allow
remote ...)
NOT-FOR-US: Microsoft
-CVE-2017-0196
- RESERVED
+CVE-2017-0196 (An information disclosure vulnerability in Microsoft scripting
engine ...)
+ TODO: check
CVE-2017-0195 (Microsoft Excel Services on Microsoft SharePoint Server 2010
SP1 and ...)
NOT-FOR-US: Microsoft
CVE-2017-0194 (Microsoft Excel 2007 SP3, Microsoft Excel 2010 SP2, and Office
...)
@@ -35608,8 +35613,8 @@
NOT-FOR-US: Microsoft
CVE-2017-0153
RESERVED
-CVE-2017-0152
- RESERVED
+CVE-2017-0152 (A remote code execution vulnerability exists in the way
affected ...)
+ TODO: check
CVE-2017-0151 (A remote code execution vulnerability exists in the way
affected ...)
NOT-FOR-US: Microsoft
CVE-2017-0150 (A remote code execution vulnerability exists in the way
affected ...)
@@ -35856,8 +35861,8 @@
NOT-FOR-US: Microsoft
CVE-2017-0029 (Microsoft Office 2010 SP2, Word 2010 SP2, Word 2013 RT SP1, and
Word ...)
NOT-FOR-US: Microsoft
-CVE-2017-0028
- RESERVED
+CVE-2017-0028 (A remote code execution vulnerability exists when Microsoft
scripting ...)
+ TODO: check
CVE-2017-0027 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 RT SP1,
Excel ...)
NOT-FOR-US: Microsoft
CVE-2017-0026 (The kernel-mode drivers in Microsoft Windows 10 Gold, 1511, and
1607 ...)
@@ -39757,8 +39762,7 @@
NOTE: Fixed by: http://svn.apache.org/r1754727 (8.0.x)
NOTE: Fixed by: http://svn.apache.org/r1754728 (7.0.x)
NOTE: Fixed by:
https://svn.apache.org/viewvc?view=revision&revision=1754733 (6.0.x)
-CVE-2016-6793
- RESERVED
+CVE-2016-6793 (The DiskFileItem class in Apache Wicket 6.x before 6.25.0 and
1.5.x ...)
NOT-FOR-US: Apache Wicket
CVE-2015-8954 (The MemcmpLowercase function in Suricata before 2.0.6
improperly ...)
- suricata 2.0.6-1 (bug #777523)
@@ -41393,8 +41397,7 @@
NOTE:
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=98980e2fd29ad62903c78fa6521489fce651cdda
NOTE:
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=6199cd963d1fba86e0b7b9e2de4b6c00b945193a
NOTE:
https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html
-CVE-2016-6312
- RESERVED
+CVE-2016-6312 (The mod_dontdothat component of the mod_dav_svn Apache module
in ...)
- apr-util <not-affected> (RHEL-5.11 specific regression)
CVE-2016-6311
RESERVED
@@ -46468,8 +46471,7 @@
- linux 4.6.2-2
[wheezy] - linux <no-dsa> (Only exploitable by privileged user; too
many changes to backport)
NOTE: Non-privileged user namespaces disabled by default, only
vulnerable with sysctl kernel.unprivileged_userns_clone=1
-CVE-2016-4996
- RESERVED
+CVE-2016-4996 (discovery-debug in Foreman before 6.2 when the ssh service has
been ...)
- foreman <itp> (bug #663101)
CVE-2016-4995 (Foreman before 1.11.4 and 1.12.x before 1.12.1 does not
properly ...)
- foreman <itp> (bug #663101)
@@ -46501,14 +46503,12 @@
CVE-2016-4985 (The ironic-api service in OpenStack Ironic before 4.2.5
(Liberty) and ...)
- ironic 1:5.1.2-1 (bug #827886)
NOTE: Affects >=2014.2, >=4.0.0 <=4.2.4, >=4.3.0 <=5.1.1
-CVE-2016-4984
- RESERVED
+CVE-2016-4984 (/usr/libexec/openldap/generate-server-cert.sh in
openldap-servers sets ...)
- openldap <not-affected> (Red Hat-specific)
CVE-2016-4983
RESERVED
- dovecot <not-affected> (Specific to Red Hat packaging)
-CVE-2016-4982
- RESERVED
+CVE-2016-4982 (authd sets weak permissions for /etc/ident.key, which allows
local ...)
NOT-FOR-US: authd
CVE-2016-4981
RESERVED
@@ -60214,8 +60214,7 @@
[jessie] - postgresql-9.1 <not-affected> (postgresql-9.1 in jessie only
provides PL/Perl)
CVE-2016-0765 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: Wordpress plugin
-CVE-2016-0764 [Race conditions that could disclose connection secrets to
authenticated local users]
- RESERVED
+CVE-2016-0764 (Race condition in Network Manager before 1.0.12 as packaged in
Red Hat ...)
- network-manager 1.1.91-1 (bug #820354)
[jessie] - network-manager <no-dsa> (Minor issue)
[wheezy] - network-manager <no-dsa> (Minor issue)
@@ -72200,8 +72199,7 @@
CVE-2015-5153
RESERVED
NOT-FOR-US: Pulp (Red Hat)
-CVE-2015-5152
- RESERVED
+CVE-2015-5152 (Foreman after 1.1 and before 1.9.0-RC1 does not redirect HTTP
requests ...)
- foreman <itp> (bug #663101)
CVE-2015-5151 (Cross-site scripting (XSS) vulnerability in the Slider
Revolution ...)
NOT-FOR-US: Slider Revolution (revslider) plugin for WordPress
@@ -89090,8 +89088,7 @@
NOTE: https://issues.apache.org/jira/browse/BATIK-1113
NOTE: Commit disabling external xml entities:
https://svn.apache.org/viewvc/xmlgraphics/batik/trunk/sources/org/apache/batik/dom/util/SAXDocumentFactory.java?r1=662304&r2=1664335&diff_format=h
NOTE: PoC: https://www.ernw.de/download/xxe_batik.tar.xz
-CVE-2015-0249
- RESERVED
+CVE-2015-0249 (The weblog page template in Apache Roller 5.1 through 5.1.1
allows ...)
NOT-FOR-US: Apache Roller
CVE-2015-0248 (The (1) mod_dav_svn and (2) svnserve servers in Subversion
1.6.0 ...)
{DSA-3231-1 DLA-207-1}
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
