automatic update

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@51873 e39458fd-73e7-0310-bf30-c45bca0a0e42
author: security tracker role <sectracker@debian.org> 2017-05-23 09:10:12 +0000
committer: security tracker role <sectracker@debian.org> 2017-05-23 09:10:12 +0000
commit: a501faaa74d67cbde45c83786f27393142c4c8cf (patch)
tree: 8925f551810988ef11ad94595f02592d5a377a74 /data/CVE
parent: d5412fe156a14382338255a70242cf5d904b4f7b (diff)
4 files changed, 179 insertions, 95 deletions
diff --git a/data/CVE/2007.list b/data/CVE/2007.list
index 04e6dcd224..c3a713178f 100644
--- a/data/CVE/2007.list
+++ b/data/CVE/2007.list
@@ -8644,7 +8644,7 @@ CVE-2007-3128 (SQL injection vulnerability in content.php in WSPortal 1.0, when
 	NOT-FOR-US: WSPortal
 CVE-2007-3127 (content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows ...)
 	NOT-FOR-US: WSPortal
-CVE-2007-3126 (Gimp 2.3.14 allows context-dependent attackers to cause a denial of ...)
+CVE-2007-3126 (Gimp before 2.8.22 allows context-dependent attackers to cause a ...)
 	- gimp <unfixed> (unimportant)
 CVE-2007-3125
 	REJECTED
diff --git a/data/CVE/2015.list b/data/CVE/2015.list
index bef6468452..6a815c2d2f 100644
--- a/data/CVE/2015.list
+++ b/data/CVE/2015.list
@@ -3509,8 +3509,8 @@ CVE-2015-8104 (The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.
 	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixOVIR
 CVE-2015-8100 (The net-snmp package in OpenBSD through 5.8 uses 0644 permissions for ...)
 	- net-snmp <not-affected> (Specific to packaging in OpenBSD)
-CVE-2015-8089
-	RESERVED
+CVE-2015-8089 (The GPU driver in Huawei P7 phones with software P7-L00 before ...)
+	TODO: check
 CVE-2015-8088 (Heap-based buffer overflow in the HIFI driver in Huawei Mate 7 phones ...)
 	NOT-FOR-US: Huawei
 CVE-2015-8087 (Huawei NE20E-S, NE40E-M, and NE40E-M2 routers with software before ...)
@@ -7183,8 +7183,7 @@ CVE-2015-6816 [Ganglia-web auth bypass]
 	NOTE: starting with 3.6.0-1 the web front is no longer built from src:ganglia so marking this version as fixed
 	NOTE: http://www.openwall.com/lists/oss-security/2015/09/04/2
 	NOTE: https://github.com/ganglia/ganglia-web/issues/267
-CVE-2015-6817 [authentication bypass]
-	RESERVED
+CVE-2015-6817 (PgBouncer 1.6.x before 1.6.1, when configured with auth_user, allows ...)
 	- pgbouncer 1.6.1-1
 	[jessie] - pgbouncer <not-affected> (Introduced in 1.6)
 	[wheezy] - pgbouncer <not-affected> (Introduced in 1.6)
@@ -7799,8 +7798,8 @@ CVE-2015-6587 (The vlserver in OpenAFS before 1.6.13 allows remote authenticated
 	{DSA-3320-1 DLA-342-1}
 	- openafs 1.6.13-1
 	NOTE: http://www.openafs.org/pages/security/OPENAFS-SA-2015-006.txt
-CVE-2015-6586
-	RESERVED
+CVE-2015-6586 (The mDNS module in Huawei WLAN AC6005, AC6605, and ACU2 devices with ...)
+	TODO: check
 CVE-2015-6585
 	RESERVED
 CVE-2015-6584 (Cross-site scripting (XSS) vulnerability in the DataTables plugin ...)
@@ -10103,8 +10102,8 @@ CVE-2015-5684
 	RESERVED
 CVE-2015-5683
 	RESERVED
-CVE-2015-5682
-	RESERVED
+CVE-2015-5682 (upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows ...)
+	TODO: check
 CVE-2015-5681 (Unrestricted file upload vulnerability in upload.php in the Powerplay ...)
 	NOT-FOR-US: Powerplay Gallery plugin for WordPress
 CVE-2015-5680
@@ -10275,8 +10274,8 @@ CVE-2015-5611 (Unspecified vulnerability in Uconnect before 15.26.1, as used in
 	NOT-FOR-US: Uconnect
 CVE-2015-5610 (The RSM (aka RSMWinService) service in SolarWinds N-Able N-Central ...)
 	NOT-FOR-US: SolarWinds
-CVE-2015-5609
-	RESERVED
+CVE-2015-5609 (Absolute path traversal vulnerability in the Image Export plugin 1.1 ...)
+	TODO: check
 CVE-2015-5608
 	RESERVED
 CVE-2015-5606
@@ -10651,10 +10650,10 @@ CVE-2015-5472 (Absolute path traversal vulnerability in lib/download.php in the
 	NOT-FOR-US: IBS Mappro plugin for WordPress
 CVE-2015-5471 (Absolute path traversal vulnerability in include/user/download.php in ...)
 	NOT-FOR-US: Swim Team plugin for WordPress
-CVE-2015-5469
-	RESERVED
-CVE-2015-5468
-	RESERVED
+CVE-2015-5469 (Absolute path traversal vulnerability in the MDC YouTube Downloader ...)
+	TODO: check
+CVE-2015-5468 (Directory traversal vulnerability in the WP e-Commerce Shop Styling ...)
+	TODO: check
 CVE-2015-5467
 	RESERVED
 CVE-2015-5466
@@ -10797,8 +10796,8 @@ CVE-2015-5403 (HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matr
 	NOT-FOR-US: HP Systems Insight Manager
 CVE-2015-5402 (HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix ...)
 	NOT-FOR-US: HP Systems Insight Manager
-CVE-2015-5401
-	RESERVED
+CVE-2015-5401 (Teradata Gateway before 15.00.03.02-1 and 15.10.x before 15.10.00.01-1 ...)
+	TODO: check
 CVE-2015-5399 (Cross-site scripting (XSS) vulnerability in PHPVibe before 4.21 allows ...)
 	NOT-FOR-US: PHPVibe
 CVE-2015-5398
@@ -10890,20 +10889,17 @@ CVE-2015-5470 (The label decompression functionality in PowerDNS Recursor before
 	NOTE: http://www.openwall.com/lists/oss-security/2015/07/07/6
 	NOTE: https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/
 	NOTE: Patch: http://downloads.powerdns.com/patches/2015-01/rec-3.7.2.patch
-CVE-2015-5383 [potential info disclosure from temp directory]
-	RESERVED
+CVE-2015-5383 (Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to obtain ...)
 	- roundcube <not-affected> (protection is done in apache config in binary package)
 	NOTE: http://www.openwall.com/lists/oss-security/2015/07/06/10
 	NOTE: http://trac.roundcube.net/ticket/1490378
-CVE-2015-5382 [security improvement in contact photo handling]
-	RESERVED
+CVE-2015-5382 (program/steps/addressbook/photo.inc in Roundcube Webmail before 1.0.6 ...)
 	- roundcube 1.1.2+dfsg.1-1 (bug #791643)
 	[wheezy] - roundcube <not-affected> (Vulnerable code not present)
 	[squeeze] - roundcube <not-affected> (Vulnerable code not present)
 	NOTE: http://www.openwall.com/lists/oss-security/2015/07/06/10
 	NOTE: http://trac.roundcube.net/ticket/1490379
-CVE-2015-5381 [XSS vulnerability in _mbox argument]
-	RESERVED
+CVE-2015-5381 (Cross-site scripting (XSS) vulnerability in program/include/rcmail.php ...)
 	- roundcube 1.1.2+dfsg.1-1 (bug #791643)
 	[wheezy] - roundcube <not-affected> (Vulnerable code not present)
 	[squeeze] - roundcube <not-affected> (Vulnerable code not present)
@@ -13073,8 +13069,7 @@ CVE-2015-4707 [IPython XSS in JSON error responses -- /api/notebooks path]
 CVE-2015-4706 [IPython XSS in JSON error responses -- /api/contents path]
 	RESERVED
 	- ipython <not-affected> (Only affects 3.x)
-CVE-2015-4704
-	RESERVED
+CVE-2015-4704 (Directory traversal vulnerability in the Download Zip Attachments ...)
 	NOT-FOR-US: WordPress plugin download-zip-attachments
 CVE-2015-4703 (Absolute path traversal vulnerability in mysqldump_download.php in the ...)
 	NOT-FOR-US: WordPress plugin wp-instance-rename
@@ -13736,8 +13731,7 @@ CVE-2015-4456 (ownCloud Desktop Client before 1.8.2 does not call ...)
 	{DSA-3363-1}
 	- owncloud-client 1.8.4+dfsg-1
 	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-009
-CVE-2015-4455
-	RESERVED
+CVE-2015-4455 (Unrestricted file upload vulnerability in includes/upload.php in the ...)
 	NOT-FOR-US: WordPress plugin aviary-image-editor-add-on-for-gravity-forms
 CVE-2015-4454 (SQL injection vulnerability in the get_hash_graph_template function in ...)
 	{DSA-3295-1 DLA-255-1}
@@ -14722,8 +14716,7 @@ CVE-2015-4049 (Unisys Libra 43xx, 63xx, and 83xx, and FS600 class systems with .
 	NOT-FOR-US: Unisys Libra
 CVE-2015-4048
 	RESERVED
-CVE-2015-4054 [remote crash/DoS - invalid packet order causes lookup of NULL pointer]
-	RESERVED
+CVE-2015-4054 (PgBouncer before 1.5.5 allows remote attackers to cause a denial of ...)
 	- pgbouncer 1.5.5-1
 	[jessie] - pgbouncer 1.5.4-6+deb8u1
 	[wheezy] - pgbouncer 1.5.2-4+deb7u1
@@ -14736,10 +14729,10 @@ CVE-2015-8147
 	REJECTED
 CVE-2015-8146
 	REJECTED
-CVE-2015-4046
-	RESERVED
-CVE-2015-4045
-	RESERVED
+CVE-2015-4046 (The asset discovery scanner in AlienVault OSSIM before 5.0.1 allows ...)
+	TODO: check
+CVE-2015-4045 (The sudoers file in the asset discovery scanner in AlienVault OSSIM ...)
+	TODO: check
 CVE-2015-4044
 	RESERVED
 CVE-2015-4043
@@ -20658,8 +20651,7 @@ CVE-2015-8983 (Integer overflow in the _IO_wstr_overflow function in libio/wstro
 	NOTE: Fixed upstream in 2.22
 	NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bdf1ff052a8e23d637f2c838fa5642d78fcedc33
 	NOTE: http://www.openwall.com/lists/oss-security/2015/02/22/15
-CVE-2015-8477 [Potential XSS vulnerability when rendering some flash messages]
-	RESERVED
+CVE-2015-8477 (Cross-site scripting (XSS) vulnerability in Redmine before 2.6.2 ...)
 	- redmine 3.0~20140825-5 (low)
 	[squeeze] - redmine <end-of-life> (Redmine not supported because of rails)
 	[wheezy] - redmine <end-of-life> (Redmine not supported because of rails)
@@ -22016,8 +22008,8 @@ CVE-2015-1531
 	RESERVED
 CVE-2015-1530
 	RESERVED
-CVE-2015-1529
-	RESERVED
+CVE-2015-1529 (Integer overflow in soundtrigger/ISoundTriggerHwService.cpp in Android ...)
+	TODO: check
 CVE-2015-1528 (Integer overflow in the native_handle_create function in ...)
 	NOT-FOR-US: Android
 CVE-2015-1527
diff --git a/data/CVE/2016.list b/data/CVE/2016.list
index 1a604869bb..d9400bad99 100644
--- a/data/CVE/2016.list
+++ b/data/CVE/2016.list
@@ -1083,8 +1083,8 @@ CVE-2016-10074 (The mail transport (aka Swift_Transport_MailTransport) in Swift
 	NOTE: https://legalhackers.com/advisories/SwiftMailer-Exploit-Remote-Code-Exec-CVE-2016-10074-Vuln.html
 	NOTE: https://github.com/swiftmailer/swiftmailer/issues/844
 	NOTE: Fixed by https://github.com/swiftmailer/swiftmailer/commit/e6ccf40d856af9598b76eb313b215eed25ae9e86
-CVE-2016-10073
-	RESERVED
+CVE-2016-10073 (The from method in library/core/class.email.php in Vanilla Forums ...)
+	TODO: check
 CVE-2016-10072 (** DISPUTED ** WampServer 3.0.6 has two files called 'wampmanager.exe' ...)
 	NOT-FOR-US: WampServer
 CVE-2016-10044 (The aio_mount function in fs/aio.c in the Linux kernel before 4.7.7 ...)
@@ -1938,29 +1938,25 @@ CVE-2016-9845 (QEMU (aka Quick Emulator) built with the Virtio GPU Device emulat
 	[wheezy] - qemu <not-affected> (Vulnerable code not present)
 	- qemu-kvm <not-affected> (Vulnerable code not present)
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2016-11/msg00019.html
-CVE-2016-9843
-	RESERVED
+CVE-2016-9843 (The crc32_big function in crc32.c in zlib 1.2.8 might allow ...)
 	- zlib 1:1.2.8.dfsg-3 (bug #847275)
 	[jessie] - zlib <no-dsa> (Minor issue)
 	[wheezy] - zlib <no-dsa> (Minor issue)
 	NOTE: https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811
 	NOTE: Report: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
-CVE-2016-9842
-	RESERVED
+CVE-2016-9842 (The inflateMark function in inflate.c in zlib 1.2.8 might allow ...)
 	- zlib 1:1.2.8.dfsg-3 (bug #847274)
 	[jessie] - zlib <no-dsa> (Minor issue)
 	[wheezy] - zlib <no-dsa> (Minor issue)
 	NOTE: https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958
 	NOTE: Report: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
-CVE-2016-9841
-	RESERVED
+CVE-2016-9841 (inffast.c in zlib 1.2.8 might allow context-dependent attackers to ...)
 	- zlib 1:1.2.8.dfsg-4 (bug #847270)
 	[jessie] - zlib <no-dsa> (Minor issue)
 	[wheezy] - zlib <no-dsa> (Minor issue)
 	NOTE: https://github.com/madler/zlib/commit/9aaec95e82117c1cb0f9624264c3618fc380cecb
 	NOTE: Report: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
-CVE-2016-9840
-	RESERVED
+CVE-2016-9840 (inftrees.c in zlib 1.2.8 might allow context-dependent attackers to ...)
 	- zlib 1:1.2.8.dfsg-3 (bug #847270)
 	[jessie] - zlib <no-dsa> (Minor issue)
 	[wheezy] - zlib <no-dsa> (Minor issue)
@@ -6600,8 +6596,7 @@ CVE-2016-1000246
 	RESERVED
 CVE-2016-1000245
 	RESERVED
-CVE-2016-7979 [type confusion in .initialize_dsc_parser allows remote code execution]
-	RESERVED
+CVE-2016-7979 (Ghostscript before 9.21 might allow remote attackers to bypass the ...)
 	{DSA-3691-1 DLA-674-1}
 	- ghostscript 9.19~dfsg-3.1 (bug #839846)
 	NOTE: Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697190
@@ -6609,16 +6604,14 @@ CVE-2016-7979 [type confusion in .initialize_dsc_parser allows remote code execu
 	NOTE: Patch: http://git.ghostscript.com/?p=ghostpdl.git;h=875a0095f37626a721c7ff57d606a0f95af03913
 	NOTE: http://www.openwall.com/lists/oss-security/2016/10/05/7
 	NOTE: http://www.openwall.com/lists/oss-security/2016/10/05/19
-CVE-2016-7978 [reference leak in .setdevice allows use-after-free and remote code execution]
-	RESERVED
+CVE-2016-7978 (Use-after-free vulnerability in Ghostscript 9.20 might allow remote ...)
 	{DSA-3691-1 DLA-674-1}
 	- ghostscript 9.19~dfsg-3.1 (bug #839845)
 	NOTE: Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697179
 	NOTE: Reproducer: http://bugs.ghostscript.com/show_bug.cgi?id=697179#c0
 	NOTE: Patch: http://git.ghostscript.com/?p=ghostpdl.git;h=6f749c0c44e7b9e09737b9f29edf29925a34f0cf
 	NOTE: http://www.openwall.com/lists/oss-security/2016/10/05/7
-CVE-2016-7977 [.libfile doesn't check PermitFileReading array, allowing remote file disclosure]
-	RESERVED
+CVE-2016-7977 (Ghostscript before 9.21 might allow remote attackers to bypass the ...)
 	{DSA-3691-1 DLA-674-1}
 	- ghostscript 9.19~dfsg-3.1 (high; bug #839841)
 	NOTE: Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697169
@@ -14527,8 +14520,8 @@ CVE-2016-5738
 	RESERVED
 CVE-2016-5736 (The default configuration of the IPsec IKE peer listener in F5 BIG-IP ...)
 	NOT-FOR-US: BIG-IP
-CVE-2016-5735
-	RESERVED
+CVE-2016-5735 (Integer overflow in the rwpng_read_image24_libpng function in rwpng.c ...)
+	TODO: check
 CVE-2016-5734 (phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x ...)
 	- phpmyadmin 4:4.6.3-1
 	[jessie] - phpmyadmin <no-dsa> (Vulnerable only with a php version earlier than the one in jessie)
@@ -16454,13 +16447,11 @@ CVE-2016-5180 (Heap-based buffer overflow in the ares_create_query function in c
 	NOTE: https://c-ares.haxx.se/CVE-2016-5180.patch
 CVE-2016-5179
 	RESERVED
-CVE-2016-5178
-	RESERVED
+CVE-2016-5178 (Multiple unspecified vulnerabilities in Google Chrome before ...)
 	{DSA-3683-1}
 	- chromium-browser 53.0.2785.143-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-5177
-	RESERVED
+CVE-2016-5177 (Use-after-free vulnerability in V8 in Google Chrome before ...)
 	{DSA-3683-1}
 	- chromium-browser 53.0.2785.143-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
@@ -26370,8 +26361,8 @@ CVE-2016-1878
 	RESERVED
 CVE-2016-1877
 	RESERVED
-CVE-2016-1876
-	RESERVED
+CVE-2016-1876 (The backend service process in Lenovo Solution Center (aka LSC) before ...)
+	TODO: check
 CVE-2016-1875
 	RESERVED
 CVE-2016-1874
diff --git a/data/CVE/2017.list b/data/CVE/2017.list
index befd176ec0..bcf20d2c7b 100644
--- a/data/CVE/2017.list
+++ b/data/CVE/2017.list
@@ -1,28 +1,132 @@
-CVE-2017-9210
+CVE-2017-9211 (The crypto_skcipher_init_tfm function in crypto/skcipher.c in the Linux ...)
+	TODO: check
+CVE-2017-9200 (libautotrace.a in AutoTrace 0.31.1 has a &quot;cannot be represented in type ...)
+	TODO: check
+CVE-2017-9199 (libautotrace.a in AutoTrace 0.31.1 has a &quot;cannot be represented in type ...)
+	TODO: check
+CVE-2017-9198 (libautotrace.a in AutoTrace 0.31.1 has a &quot;cannot be represented in type ...)
+	TODO: check
+CVE-2017-9197 (libautotrace.a in AutoTrace 0.31.1 has a &quot;cannot be represented in type ...)
+	TODO: check
+CVE-2017-9196 (libautotrace.a in AutoTrace 0.31.1 has a &quot;negative-size-param&quot; issue in ...)
+	TODO: check
+CVE-2017-9195 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in ...)
+	TODO: check
+CVE-2017-9194 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in ...)
+	TODO: check
+CVE-2017-9193 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in ...)
+	TODO: check
+CVE-2017-9192 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...)
+	TODO: check
+CVE-2017-9191 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...)
+	TODO: check
+CVE-2017-9190 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...)
+	TODO: check
+CVE-2017-9189 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...)
+	TODO: check
+CVE-2017-9188 (libautotrace.a in AutoTrace 0.31.1 has a &quot;left shift ... cannot be ...)
+	TODO: check
+CVE-2017-9187 (libautotrace.a in AutoTrace 0.31.1 has a &quot;cannot be represented in type ...)
+	TODO: check
+CVE-2017-9186 (libautotrace.a in AutoTrace 0.31.1 has a &quot;cannot be represented in type ...)
+	TODO: check
+CVE-2017-9185 (libautotrace.a in AutoTrace 0.31.1 has a &quot;cannot be represented in type ...)
+	TODO: check
+CVE-2017-9184 (libautotrace.a in AutoTrace 0.31.1 has a &quot;cannot be represented in type ...)
+	TODO: check
+CVE-2017-9183 (libautotrace.a in AutoTrace 0.31.1 has a &quot;cannot be represented in type ...)
+	TODO: check
+CVE-2017-9182 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...)
+	TODO: check
+CVE-2017-9181 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...)
+	TODO: check
+CVE-2017-9180 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...)
+	TODO: check
+CVE-2017-9179 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...)
+	TODO: check
+CVE-2017-9178 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...)
+	TODO: check
+CVE-2017-9177 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...)
+	TODO: check
+CVE-2017-9176 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...)
+	TODO: check
+CVE-2017-9175 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...)
+	TODO: check
+CVE-2017-9174 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...)
+	TODO: check
+CVE-2017-9173 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...)
+	TODO: check
+CVE-2017-9172 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...)
+	TODO: check
+CVE-2017-9171 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in ...)
+	TODO: check
+CVE-2017-9170 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...)
+	TODO: check
+CVE-2017-9169 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...)
+	TODO: check
+CVE-2017-9168 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...)
+	TODO: check
+CVE-2017-9167 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...)
+	TODO: check
+CVE-2017-9166 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in ...)
+	TODO: check
+CVE-2017-9165 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in ...)
+	TODO: check
+CVE-2017-9164 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in ...)
+	TODO: check
+CVE-2017-9163 (libautotrace.a in AutoTrace 0.31.1 has a &quot;cannot be represented in type ...)
+	TODO: check
+CVE-2017-9162 (libautotrace.a in AutoTrace 0.31.1 has a &quot;cannot be represented in type ...)
+	TODO: check
+CVE-2017-9161 (libautotrace.a in AutoTrace 0.31.1 has a &quot;cannot be represented in type ...)
+	TODO: check
+CVE-2017-9160 (libautotrace.a in AutoTrace 0.31.1 has a stack-based buffer overflow in ...)
+	TODO: check
+CVE-2017-9159 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...)
+	TODO: check
+CVE-2017-9158 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...)
+	TODO: check
+CVE-2017-9157 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...)
+	TODO: check
+CVE-2017-9156 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...)
+	TODO: check
+CVE-2017-9155 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...)
+	TODO: check
+CVE-2017-9154 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...)
+	TODO: check
+CVE-2017-9153 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...)
+	TODO: check
+CVE-2017-9152 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in ...)
+	TODO: check
+CVE-2017-9151 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...)
+	TODO: check
+CVE-2017-9150 (The do_check function in kernel/bpf/verifier.c in the Linux kernel ...)
+	TODO: check
+CVE-2017-9210 (libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of ...)
 	- qpdf <unfixed>
 	[jessie] - qpdf <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/05/23/10
-CVE-2017-9209
+CVE-2017-9209 (libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of ...)
 	- qpdf <unfixed>
 	[jessie] - qpdf <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/05/23/10
-CVE-2017-9208
+CVE-2017-9208 (libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of ...)
 	- qpdf <unfixed>
 	[jessie] - qpdf <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/05/23/10
-CVE-2017-9207
+CVE-2017-9207 (The iw_get_ui16be function in imagew-util.c:422:24 in ...)
 	NOT-FOR-US: ImageWorsener
-CVE-2017-9206
+CVE-2017-9206 (The iw_get_ui16le function in imagew-util.c:405:23 in ...)
 	NOT-FOR-US: ImageWorsener
-CVE-2017-9205
+CVE-2017-9205 (The iw_get_ui16be function in imagew-util.c:422:24 in ...)
 	NOT-FOR-US: ImageWorsener
-CVE-2017-9204
+CVE-2017-9204 (The iw_get_ui16le function in imagew-util.c:405:23 in ...)
 	NOT-FOR-US: ImageWorsener
-CVE-2017-9203
+CVE-2017-9203 (imagew-main.c:960:12 in libimageworsener.a in ImageWorsener 1.3.1 ...)
 	NOT-FOR-US: ImageWorsener
-CVE-2017-9202
+CVE-2017-9202 (imagew-cmd.c:854:45 in libimageworsener.a in ImageWorsener 1.3.1 allows ...)
 	NOT-FOR-US: ImageWorsener
-CVE-2017-9201
+CVE-2017-9201 (imagew-cmd.c:850:46 in libimageworsener.a in ImageWorsener 1.3.1 allows ...)
 	NOT-FOR-US: ImageWorsener
 CVE-2017-9148
 	RESERVED
@@ -629,12 +733,12 @@ CVE-2017-8917 (SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows
 	NOT-FOR-US: Joomla
 CVE-2017-8916
 	RESERVED
-CVE-2017-8915
-	RESERVED
-CVE-2017-8914
-	RESERVED
-CVE-2017-8913
-	RESERVED
+CVE-2017-8915 (sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers ...)
+	TODO: check
+CVE-2017-8914 (sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers ...)
+	TODO: check
+CVE-2017-8913 (The Visual Composer VC70RUNTIME component in SAP NetWeaver AS JAVA 7.5 ...)
+	TODO: check
 CVE-2017-8912 (** DISPUTED ** CMS Made Simple (CMSMS) 2.1.6 allows remote ...)
 	NOT-FOR-US: CMS Made Simple
 CVE-2017-8911 (An integer underflow has been identified in the unicode_to_utf8() ...)
@@ -1838,8 +1942,7 @@ CVE-2017-8380 [scsi: megasas: out-of-bounds read in  megasas_mmio_write]
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04147.html
 	NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commit;h=e23d04984a78490d8aaa5c45724a3a334933331f (v2.2.0-rc0)
 	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=24dfa9fa2f90a95ac33c7372de4f4f2c8a2c141f
-CVE-2017-8379 [input: host memory lekage via keyboard]
-	RESERVED
+CVE-2017-8379 (Memory leak in the keyboard input event handlers support in QEMU (aka ...)
 	- qemu 1:2.8+dfsg-5 (bug #862289)
 	[jessie] - qemu <no-dsa> (Minor issue)
 	- qemu-kvm <removed>
@@ -2025,8 +2128,7 @@ CVE-2017-8311
 	RESERVED
 CVE-2017-8310
 	RESERVED
-CVE-2017-8309 [audio: host memory leakage via capture buffer]
-	RESERVED
+CVE-2017-8309 (Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows ...)
 	- qemu 1:2.8+dfsg-5 (bug #862280)
 	[jessie] - qemu <no-dsa> (Minor issue)
 	- qemu-kvm <removed>
@@ -4695,8 +4797,8 @@ CVE-2017-7290 (SQL injection vulnerability in XOOPS 2.5.7.2 and other versions b
 	NOT-FOR-US: XOOPS
 CVE-2017-7289
 	RESERVED
-CVE-2017-7288
-	RESERVED
+CVE-2017-7288 (Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite ...)
+	TODO: check
 CVE-2017-7287
 	RESERVED
 CVE-2017-7286
@@ -5051,7 +5153,7 @@ CVE-2017-7178 (CSRF was discovered in the web UI in Deluge before 1.3.14. The ..
 	{DSA-3856-1 DLA-863-1}
 	- deluge 1.3.13+git20161130.48cedf63-2 (bug #857903)
 	NOTE: http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable&id=318ab179865e0707d7945edc3a13a464a108d583
-CVE-2017-9149 ["Clean metadata" contextual menu silently fails]
+CVE-2017-9149 (Metadata Anonymisation Toolkit (MAT) 0.6 and 0.6.1 silently fails to ...)
 	- mat 0.6.1-4 (bug #858058)
 	[jessie] - mat <not-affected> (Vulnerable code not present)
 	[wheezy] - mat <not-affected> (Vulnerable code not present)
@@ -5861,8 +5963,8 @@ CVE-2017-6823 (Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privil
 	NOT-FOR-US: Fiyo CMS
 CVE-2017-6822
 	RESERVED
-CVE-2017-6821
-	RESERVED
+CVE-2017-6821 (Directory traversal vulnerability in Zimbra Collaboration Suite (aka ...)
+	TODO: check
 CVE-2017-6820 (rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is ...)
 	{DLA-855-1}
 	- roundcube 1.2.3+dfsg.1-3 (bug #857473)
@@ -5870,8 +5972,8 @@ CVE-2017-6820 (rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4
 	NOTE: https://github.com/roundcube/roundcubemail/commit/cbd35626f7db7855f3b5e2db00d28ecc1554e9f4
 	NOTE: https://github.com/roundcube/roundcubemail/wiki/Changelog#release-124
 	NOTE: https://github.com/roundcube/roundcubemail/releases/tag/1.1.8
-CVE-2017-6813
-	RESERVED
+CVE-2017-6813 (A service provided by Zimbra Collaboration Suite (ZCS) before 8.7.6 ...)
+	TODO: check
 CVE-2017-6812 (paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in ...)
 	NOT-FOR-US: MaNGOSWebV4
 CVE-2017-6811 (paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in ...)
@@ -6417,7 +6519,7 @@ CVE-2017-6556 (Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSM
 	NOT-FOR-US: CMS Made Simple
 CVE-2017-6555 (Cross-site scripting (XSS) vulnerability in /admin/moduleinterface.php ...)
 	NOT-FOR-US: CMS Made Simple
-CVE-2017-6554 (pmmasterd in Quest Privilege Manager 6.0.0-27 and 6.0.0-50 allows ...)
+CVE-2017-6554 (pmmasterd in Quest Privilege Manager before 6.0.0.061, when configured ...)
 	NOT-FOR-US: Quest Privilege Manager
 CVE-2017-6553 (Buffer Overflow in Quest One Identity Privilege Manager for Unix before ...)
 	NOT-FOR-US: Quest One Identity Privilege Manager for Unix
@@ -8118,10 +8220,10 @@ CVE-2017-5967 (The time subsystem in the Linux kernel through 4.9.9, when ...)
 	{DLA-922-1}
 	- linux 4.9.13-1 (low)
 	[jessie] - linux 3.16.43-1
-CVE-2017-5966
-	RESERVED
-CVE-2017-5965
-	RESERVED
+CVE-2017-5966 (Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators ...)
+	TODO: check
+CVE-2017-5965 (The package manager in Sitecore CRM 8.1 Rev 151207 allows remote ...)
+	TODO: check
 CVE-2017-5964 (An issue was discovered in Emoncms through 9.8.0. The vulnerability ...)
 	NOT-FOR-US: Emoncms
 CVE-2017-5963 (An issue was discovered in caddy (for TYPO3) before 7.2.10. The ...)
@@ -8412,8 +8514,7 @@ CVE-2017-5872 (The TCP/IP networking module in Unisys ClearPath MCP systems with
 	NOT-FOR-US: Unisys ClearPath
 CVE-2017-5871
 	RESERVED
-CVE-2017-5870
-	RESERVED
+CVE-2017-5870 (Multiple cross-site scripting (XSS) vulnerabilities in ViMbAdmin ...)
 	NOT-FOR-US: ViMbAdmin
 CVE-2017-5869 (Directory traversal vulnerability in the file import feature in Nuxeo ...)
 	NOT-FOR-US: Nuxeo
author	security tracker role <sectracker@debian.org>	2017-05-23 09:10:12 +0000
committer	security tracker role <sectracker@debian.org>	2017-05-23 09:10:12 +0000
commit	a501faaa74d67cbde45c83786f27393142c4c8cf (patch)
tree	8925f551810988ef11ad94595f02592d5a377a74 /data/CVE
parent	d5412fe156a14382338255a70242cf5d904b4f7b (diff)