diff options
author | security tracker role <sectracker@debian.org> | 2017-05-23 09:10:12 +0000 |
---|---|---|
committer | security tracker role <sectracker@debian.org> | 2017-05-23 09:10:12 +0000 |
commit | a501faaa74d67cbde45c83786f27393142c4c8cf (patch) | |
tree | 8925f551810988ef11ad94595f02592d5a377a74 /data | |
parent | d5412fe156a14382338255a70242cf5d904b4f7b (diff) |
automatic update
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@51873 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/2007.list | 2 | ||||
-rw-r--r-- | data/CVE/2015.list | 64 | ||||
-rw-r--r-- | data/CVE/2016.list | 39 | ||||
-rw-r--r-- | data/CVE/2017.list | 169 |
4 files changed, 179 insertions, 95 deletions
diff --git a/data/CVE/2007.list b/data/CVE/2007.list index 04e6dcd224..c3a713178f 100644 --- a/data/CVE/2007.list +++ b/data/CVE/2007.list @@ -8644,7 +8644,7 @@ CVE-2007-3128 (SQL injection vulnerability in content.php in WSPortal 1.0, when NOT-FOR-US: WSPortal CVE-2007-3127 (content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows ...) NOT-FOR-US: WSPortal -CVE-2007-3126 (Gimp 2.3.14 allows context-dependent attackers to cause a denial of ...) +CVE-2007-3126 (Gimp before 2.8.22 allows context-dependent attackers to cause a ...) - gimp <unfixed> (unimportant) CVE-2007-3125 REJECTED diff --git a/data/CVE/2015.list b/data/CVE/2015.list index bef6468452..6a815c2d2f 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -3509,8 +3509,8 @@ CVE-2015-8104 (The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3. NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixOVIR CVE-2015-8100 (The net-snmp package in OpenBSD through 5.8 uses 0644 permissions for ...) - net-snmp <not-affected> (Specific to packaging in OpenBSD) -CVE-2015-8089 - RESERVED +CVE-2015-8089 (The GPU driver in Huawei P7 phones with software P7-L00 before ...) + TODO: check CVE-2015-8088 (Heap-based buffer overflow in the HIFI driver in Huawei Mate 7 phones ...) NOT-FOR-US: Huawei CVE-2015-8087 (Huawei NE20E-S, NE40E-M, and NE40E-M2 routers with software before ...) @@ -7183,8 +7183,7 @@ CVE-2015-6816 [Ganglia-web auth bypass] NOTE: starting with 3.6.0-1 the web front is no longer built from src:ganglia so marking this version as fixed NOTE: http://www.openwall.com/lists/oss-security/2015/09/04/2 NOTE: https://github.com/ganglia/ganglia-web/issues/267 -CVE-2015-6817 [authentication bypass] - RESERVED +CVE-2015-6817 (PgBouncer 1.6.x before 1.6.1, when configured with auth_user, allows ...) - pgbouncer 1.6.1-1 [jessie] - pgbouncer <not-affected> (Introduced in 1.6) [wheezy] - pgbouncer <not-affected> (Introduced in 1.6) @@ -7799,8 +7798,8 @@ CVE-2015-6587 (The vlserver in OpenAFS before 1.6.13 allows remote authenticated {DSA-3320-1 DLA-342-1} - openafs 1.6.13-1 NOTE: http://www.openafs.org/pages/security/OPENAFS-SA-2015-006.txt -CVE-2015-6586 - RESERVED +CVE-2015-6586 (The mDNS module in Huawei WLAN AC6005, AC6605, and ACU2 devices with ...) + TODO: check CVE-2015-6585 RESERVED CVE-2015-6584 (Cross-site scripting (XSS) vulnerability in the DataTables plugin ...) @@ -10103,8 +10102,8 @@ CVE-2015-5684 RESERVED CVE-2015-5683 RESERVED -CVE-2015-5682 - RESERVED +CVE-2015-5682 (upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows ...) + TODO: check CVE-2015-5681 (Unrestricted file upload vulnerability in upload.php in the Powerplay ...) NOT-FOR-US: Powerplay Gallery plugin for WordPress CVE-2015-5680 @@ -10275,8 +10274,8 @@ CVE-2015-5611 (Unspecified vulnerability in Uconnect before 15.26.1, as used in NOT-FOR-US: Uconnect CVE-2015-5610 (The RSM (aka RSMWinService) service in SolarWinds N-Able N-Central ...) NOT-FOR-US: SolarWinds -CVE-2015-5609 - RESERVED +CVE-2015-5609 (Absolute path traversal vulnerability in the Image Export plugin 1.1 ...) + TODO: check CVE-2015-5608 RESERVED CVE-2015-5606 @@ -10651,10 +10650,10 @@ CVE-2015-5472 (Absolute path traversal vulnerability in lib/download.php in the NOT-FOR-US: IBS Mappro plugin for WordPress CVE-2015-5471 (Absolute path traversal vulnerability in include/user/download.php in ...) NOT-FOR-US: Swim Team plugin for WordPress -CVE-2015-5469 - RESERVED -CVE-2015-5468 - RESERVED +CVE-2015-5469 (Absolute path traversal vulnerability in the MDC YouTube Downloader ...) + TODO: check +CVE-2015-5468 (Directory traversal vulnerability in the WP e-Commerce Shop Styling ...) + TODO: check CVE-2015-5467 RESERVED CVE-2015-5466 @@ -10797,8 +10796,8 @@ CVE-2015-5403 (HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matr NOT-FOR-US: HP Systems Insight Manager CVE-2015-5402 (HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix ...) NOT-FOR-US: HP Systems Insight Manager -CVE-2015-5401 - RESERVED +CVE-2015-5401 (Teradata Gateway before 15.00.03.02-1 and 15.10.x before 15.10.00.01-1 ...) + TODO: check CVE-2015-5399 (Cross-site scripting (XSS) vulnerability in PHPVibe before 4.21 allows ...) NOT-FOR-US: PHPVibe CVE-2015-5398 @@ -10890,20 +10889,17 @@ CVE-2015-5470 (The label decompression functionality in PowerDNS Recursor before NOTE: http://www.openwall.com/lists/oss-security/2015/07/07/6 NOTE: https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/ NOTE: Patch: http://downloads.powerdns.com/patches/2015-01/rec-3.7.2.patch -CVE-2015-5383 [potential info disclosure from temp directory] - RESERVED +CVE-2015-5383 (Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to obtain ...) - roundcube <not-affected> (protection is done in apache config in binary package) NOTE: http://www.openwall.com/lists/oss-security/2015/07/06/10 NOTE: http://trac.roundcube.net/ticket/1490378 -CVE-2015-5382 [security improvement in contact photo handling] - RESERVED +CVE-2015-5382 (program/steps/addressbook/photo.inc in Roundcube Webmail before 1.0.6 ...) - roundcube 1.1.2+dfsg.1-1 (bug #791643) [wheezy] - roundcube <not-affected> (Vulnerable code not present) [squeeze] - roundcube <not-affected> (Vulnerable code not present) NOTE: http://www.openwall.com/lists/oss-security/2015/07/06/10 NOTE: http://trac.roundcube.net/ticket/1490379 -CVE-2015-5381 [XSS vulnerability in _mbox argument] - RESERVED +CVE-2015-5381 (Cross-site scripting (XSS) vulnerability in program/include/rcmail.php ...) - roundcube 1.1.2+dfsg.1-1 (bug #791643) [wheezy] - roundcube <not-affected> (Vulnerable code not present) [squeeze] - roundcube <not-affected> (Vulnerable code not present) @@ -13073,8 +13069,7 @@ CVE-2015-4707 [IPython XSS in JSON error responses -- /api/notebooks path] CVE-2015-4706 [IPython XSS in JSON error responses -- /api/contents path] RESERVED - ipython <not-affected> (Only affects 3.x) -CVE-2015-4704 - RESERVED +CVE-2015-4704 (Directory traversal vulnerability in the Download Zip Attachments ...) NOT-FOR-US: WordPress plugin download-zip-attachments CVE-2015-4703 (Absolute path traversal vulnerability in mysqldump_download.php in the ...) NOT-FOR-US: WordPress plugin wp-instance-rename @@ -13736,8 +13731,7 @@ CVE-2015-4456 (ownCloud Desktop Client before 1.8.2 does not call ...) {DSA-3363-1} - owncloud-client 1.8.4+dfsg-1 NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-009 -CVE-2015-4455 - RESERVED +CVE-2015-4455 (Unrestricted file upload vulnerability in includes/upload.php in the ...) NOT-FOR-US: WordPress plugin aviary-image-editor-add-on-for-gravity-forms CVE-2015-4454 (SQL injection vulnerability in the get_hash_graph_template function in ...) {DSA-3295-1 DLA-255-1} @@ -14722,8 +14716,7 @@ CVE-2015-4049 (Unisys Libra 43xx, 63xx, and 83xx, and FS600 class systems with . NOT-FOR-US: Unisys Libra CVE-2015-4048 RESERVED -CVE-2015-4054 [remote crash/DoS - invalid packet order causes lookup of NULL pointer] - RESERVED +CVE-2015-4054 (PgBouncer before 1.5.5 allows remote attackers to cause a denial of ...) - pgbouncer 1.5.5-1 [jessie] - pgbouncer 1.5.4-6+deb8u1 [wheezy] - pgbouncer 1.5.2-4+deb7u1 @@ -14736,10 +14729,10 @@ CVE-2015-8147 REJECTED CVE-2015-8146 REJECTED -CVE-2015-4046 - RESERVED -CVE-2015-4045 - RESERVED +CVE-2015-4046 (The asset discovery scanner in AlienVault OSSIM before 5.0.1 allows ...) + TODO: check +CVE-2015-4045 (The sudoers file in the asset discovery scanner in AlienVault OSSIM ...) + TODO: check CVE-2015-4044 RESERVED CVE-2015-4043 @@ -20658,8 +20651,7 @@ CVE-2015-8983 (Integer overflow in the _IO_wstr_overflow function in libio/wstro NOTE: Fixed upstream in 2.22 NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bdf1ff052a8e23d637f2c838fa5642d78fcedc33 NOTE: http://www.openwall.com/lists/oss-security/2015/02/22/15 -CVE-2015-8477 [Potential XSS vulnerability when rendering some flash messages] - RESERVED +CVE-2015-8477 (Cross-site scripting (XSS) vulnerability in Redmine before 2.6.2 ...) - redmine 3.0~20140825-5 (low) [squeeze] - redmine <end-of-life> (Redmine not supported because of rails) [wheezy] - redmine <end-of-life> (Redmine not supported because of rails) @@ -22016,8 +22008,8 @@ CVE-2015-1531 RESERVED CVE-2015-1530 RESERVED -CVE-2015-1529 - RESERVED +CVE-2015-1529 (Integer overflow in soundtrigger/ISoundTriggerHwService.cpp in Android ...) + TODO: check CVE-2015-1528 (Integer overflow in the native_handle_create function in ...) NOT-FOR-US: Android CVE-2015-1527 diff --git a/data/CVE/2016.list b/data/CVE/2016.list index 1a604869bb..d9400bad99 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -1083,8 +1083,8 @@ CVE-2016-10074 (The mail transport (aka Swift_Transport_MailTransport) in Swift NOTE: https://legalhackers.com/advisories/SwiftMailer-Exploit-Remote-Code-Exec-CVE-2016-10074-Vuln.html NOTE: https://github.com/swiftmailer/swiftmailer/issues/844 NOTE: Fixed by https://github.com/swiftmailer/swiftmailer/commit/e6ccf40d856af9598b76eb313b215eed25ae9e86 -CVE-2016-10073 - RESERVED +CVE-2016-10073 (The from method in library/core/class.email.php in Vanilla Forums ...) + TODO: check CVE-2016-10072 (** DISPUTED ** WampServer 3.0.6 has two files called 'wampmanager.exe' ...) NOT-FOR-US: WampServer CVE-2016-10044 (The aio_mount function in fs/aio.c in the Linux kernel before 4.7.7 ...) @@ -1938,29 +1938,25 @@ CVE-2016-9845 (QEMU (aka Quick Emulator) built with the Virtio GPU Device emulat [wheezy] - qemu <not-affected> (Vulnerable code not present) - qemu-kvm <not-affected> (Vulnerable code not present) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2016-11/msg00019.html -CVE-2016-9843 - RESERVED +CVE-2016-9843 (The crc32_big function in crc32.c in zlib 1.2.8 might allow ...) - zlib 1:1.2.8.dfsg-3 (bug #847275) [jessie] - zlib <no-dsa> (Minor issue) [wheezy] - zlib <no-dsa> (Minor issue) NOTE: https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811 NOTE: Report: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf -CVE-2016-9842 - RESERVED +CVE-2016-9842 (The inflateMark function in inflate.c in zlib 1.2.8 might allow ...) - zlib 1:1.2.8.dfsg-3 (bug #847274) [jessie] - zlib <no-dsa> (Minor issue) [wheezy] - zlib <no-dsa> (Minor issue) NOTE: https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958 NOTE: Report: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf -CVE-2016-9841 - RESERVED +CVE-2016-9841 (inffast.c in zlib 1.2.8 might allow context-dependent attackers to ...) - zlib 1:1.2.8.dfsg-4 (bug #847270) [jessie] - zlib <no-dsa> (Minor issue) [wheezy] - zlib <no-dsa> (Minor issue) NOTE: https://github.com/madler/zlib/commit/9aaec95e82117c1cb0f9624264c3618fc380cecb NOTE: Report: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf -CVE-2016-9840 - RESERVED +CVE-2016-9840 (inftrees.c in zlib 1.2.8 might allow context-dependent attackers to ...) - zlib 1:1.2.8.dfsg-3 (bug #847270) [jessie] - zlib <no-dsa> (Minor issue) [wheezy] - zlib <no-dsa> (Minor issue) @@ -6600,8 +6596,7 @@ CVE-2016-1000246 RESERVED CVE-2016-1000245 RESERVED -CVE-2016-7979 [type confusion in .initialize_dsc_parser allows remote code execution] - RESERVED +CVE-2016-7979 (Ghostscript before 9.21 might allow remote attackers to bypass the ...) {DSA-3691-1 DLA-674-1} - ghostscript 9.19~dfsg-3.1 (bug #839846) NOTE: Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697190 @@ -6609,16 +6604,14 @@ CVE-2016-7979 [type confusion in .initialize_dsc_parser allows remote code execu NOTE: Patch: http://git.ghostscript.com/?p=ghostpdl.git;h=875a0095f37626a721c7ff57d606a0f95af03913 NOTE: http://www.openwall.com/lists/oss-security/2016/10/05/7 NOTE: http://www.openwall.com/lists/oss-security/2016/10/05/19 -CVE-2016-7978 [reference leak in .setdevice allows use-after-free and remote code execution] - RESERVED +CVE-2016-7978 (Use-after-free vulnerability in Ghostscript 9.20 might allow remote ...) {DSA-3691-1 DLA-674-1} - ghostscript 9.19~dfsg-3.1 (bug #839845) NOTE: Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697179 NOTE: Reproducer: http://bugs.ghostscript.com/show_bug.cgi?id=697179#c0 NOTE: Patch: http://git.ghostscript.com/?p=ghostpdl.git;h=6f749c0c44e7b9e09737b9f29edf29925a34f0cf NOTE: http://www.openwall.com/lists/oss-security/2016/10/05/7 -CVE-2016-7977 [.libfile doesn't check PermitFileReading array, allowing remote file disclosure] - RESERVED +CVE-2016-7977 (Ghostscript before 9.21 might allow remote attackers to bypass the ...) {DSA-3691-1 DLA-674-1} - ghostscript 9.19~dfsg-3.1 (high; bug #839841) NOTE: Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697169 @@ -14527,8 +14520,8 @@ CVE-2016-5738 RESERVED CVE-2016-5736 (The default configuration of the IPsec IKE peer listener in F5 BIG-IP ...) NOT-FOR-US: BIG-IP -CVE-2016-5735 - RESERVED +CVE-2016-5735 (Integer overflow in the rwpng_read_image24_libpng function in rwpng.c ...) + TODO: check CVE-2016-5734 (phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x ...) - phpmyadmin 4:4.6.3-1 [jessie] - phpmyadmin <no-dsa> (Vulnerable only with a php version earlier than the one in jessie) @@ -16454,13 +16447,11 @@ CVE-2016-5180 (Heap-based buffer overflow in the ares_create_query function in c NOTE: https://c-ares.haxx.se/CVE-2016-5180.patch CVE-2016-5179 RESERVED -CVE-2016-5178 - RESERVED +CVE-2016-5178 (Multiple unspecified vulnerabilities in Google Chrome before ...) {DSA-3683-1} - chromium-browser 53.0.2785.143-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2016-5177 - RESERVED +CVE-2016-5177 (Use-after-free vulnerability in V8 in Google Chrome before ...) {DSA-3683-1} - chromium-browser 53.0.2785.143-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) @@ -26370,8 +26361,8 @@ CVE-2016-1878 RESERVED CVE-2016-1877 RESERVED -CVE-2016-1876 - RESERVED +CVE-2016-1876 (The backend service process in Lenovo Solution Center (aka LSC) before ...) + TODO: check CVE-2016-1875 RESERVED CVE-2016-1874 diff --git a/data/CVE/2017.list b/data/CVE/2017.list index befd176ec0..bcf20d2c7b 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -1,28 +1,132 @@ -CVE-2017-9210 +CVE-2017-9211 (The crypto_skcipher_init_tfm function in crypto/skcipher.c in the Linux ...) + TODO: check +CVE-2017-9200 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type ...) + TODO: check +CVE-2017-9199 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type ...) + TODO: check +CVE-2017-9198 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type ...) + TODO: check +CVE-2017-9197 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type ...) + TODO: check +CVE-2017-9196 (libautotrace.a in AutoTrace 0.31.1 has a "negative-size-param" issue in ...) + TODO: check +CVE-2017-9195 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in ...) + TODO: check +CVE-2017-9194 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in ...) + TODO: check +CVE-2017-9193 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in ...) + TODO: check +CVE-2017-9192 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...) + TODO: check +CVE-2017-9191 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...) + TODO: check +CVE-2017-9190 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...) + TODO: check +CVE-2017-9189 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...) + TODO: check +CVE-2017-9188 (libautotrace.a in AutoTrace 0.31.1 has a "left shift ... cannot be ...) + TODO: check +CVE-2017-9187 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type ...) + TODO: check +CVE-2017-9186 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type ...) + TODO: check +CVE-2017-9185 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type ...) + TODO: check +CVE-2017-9184 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type ...) + TODO: check +CVE-2017-9183 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type ...) + TODO: check +CVE-2017-9182 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...) + TODO: check +CVE-2017-9181 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...) + TODO: check +CVE-2017-9180 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...) + TODO: check +CVE-2017-9179 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...) + TODO: check +CVE-2017-9178 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...) + TODO: check +CVE-2017-9177 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...) + TODO: check +CVE-2017-9176 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...) + TODO: check +CVE-2017-9175 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...) + TODO: check +CVE-2017-9174 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...) + TODO: check +CVE-2017-9173 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...) + TODO: check +CVE-2017-9172 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...) + TODO: check +CVE-2017-9171 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in ...) + TODO: check +CVE-2017-9170 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...) + TODO: check +CVE-2017-9169 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...) + TODO: check +CVE-2017-9168 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...) + TODO: check +CVE-2017-9167 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...) + TODO: check +CVE-2017-9166 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in ...) + TODO: check +CVE-2017-9165 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in ...) + TODO: check +CVE-2017-9164 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in ...) + TODO: check +CVE-2017-9163 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type ...) + TODO: check +CVE-2017-9162 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type ...) + TODO: check +CVE-2017-9161 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type ...) + TODO: check +CVE-2017-9160 (libautotrace.a in AutoTrace 0.31.1 has a stack-based buffer overflow in ...) + TODO: check +CVE-2017-9159 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...) + TODO: check +CVE-2017-9158 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...) + TODO: check +CVE-2017-9157 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...) + TODO: check +CVE-2017-9156 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...) + TODO: check +CVE-2017-9155 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...) + TODO: check +CVE-2017-9154 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...) + TODO: check +CVE-2017-9153 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...) + TODO: check +CVE-2017-9152 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in ...) + TODO: check +CVE-2017-9151 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...) + TODO: check +CVE-2017-9150 (The do_check function in kernel/bpf/verifier.c in the Linux kernel ...) + TODO: check +CVE-2017-9210 (libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of ...) - qpdf <unfixed> [jessie] - qpdf <no-dsa> (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2017/05/23/10 -CVE-2017-9209 +CVE-2017-9209 (libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of ...) - qpdf <unfixed> [jessie] - qpdf <no-dsa> (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2017/05/23/10 -CVE-2017-9208 +CVE-2017-9208 (libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of ...) - qpdf <unfixed> [jessie] - qpdf <no-dsa> (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2017/05/23/10 -CVE-2017-9207 +CVE-2017-9207 (The iw_get_ui16be function in imagew-util.c:422:24 in ...) NOT-FOR-US: ImageWorsener -CVE-2017-9206 +CVE-2017-9206 (The iw_get_ui16le function in imagew-util.c:405:23 in ...) NOT-FOR-US: ImageWorsener -CVE-2017-9205 +CVE-2017-9205 (The iw_get_ui16be function in imagew-util.c:422:24 in ...) NOT-FOR-US: ImageWorsener -CVE-2017-9204 +CVE-2017-9204 (The iw_get_ui16le function in imagew-util.c:405:23 in ...) NOT-FOR-US: ImageWorsener -CVE-2017-9203 +CVE-2017-9203 (imagew-main.c:960:12 in libimageworsener.a in ImageWorsener 1.3.1 ...) NOT-FOR-US: ImageWorsener -CVE-2017-9202 +CVE-2017-9202 (imagew-cmd.c:854:45 in libimageworsener.a in ImageWorsener 1.3.1 allows ...) NOT-FOR-US: ImageWorsener -CVE-2017-9201 +CVE-2017-9201 (imagew-cmd.c:850:46 in libimageworsener.a in ImageWorsener 1.3.1 allows ...) NOT-FOR-US: ImageWorsener CVE-2017-9148 RESERVED @@ -629,12 +733,12 @@ CVE-2017-8917 (SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows NOT-FOR-US: Joomla CVE-2017-8916 RESERVED -CVE-2017-8915 - RESERVED -CVE-2017-8914 - RESERVED -CVE-2017-8913 - RESERVED +CVE-2017-8915 (sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers ...) + TODO: check +CVE-2017-8914 (sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers ...) + TODO: check +CVE-2017-8913 (The Visual Composer VC70RUNTIME component in SAP NetWeaver AS JAVA 7.5 ...) + TODO: check CVE-2017-8912 (** DISPUTED ** CMS Made Simple (CMSMS) 2.1.6 allows remote ...) NOT-FOR-US: CMS Made Simple CVE-2017-8911 (An integer underflow has been identified in the unicode_to_utf8() ...) @@ -1838,8 +1942,7 @@ CVE-2017-8380 [scsi: megasas: out-of-bounds read in megasas_mmio_write] NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04147.html NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commit;h=e23d04984a78490d8aaa5c45724a3a334933331f (v2.2.0-rc0) NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=24dfa9fa2f90a95ac33c7372de4f4f2c8a2c141f -CVE-2017-8379 [input: host memory lekage via keyboard] - RESERVED +CVE-2017-8379 (Memory leak in the keyboard input event handlers support in QEMU (aka ...) - qemu 1:2.8+dfsg-5 (bug #862289) [jessie] - qemu <no-dsa> (Minor issue) - qemu-kvm <removed> @@ -2025,8 +2128,7 @@ CVE-2017-8311 RESERVED CVE-2017-8310 RESERVED -CVE-2017-8309 [audio: host memory leakage via capture buffer] - RESERVED +CVE-2017-8309 (Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows ...) - qemu 1:2.8+dfsg-5 (bug #862280) [jessie] - qemu <no-dsa> (Minor issue) - qemu-kvm <removed> @@ -4695,8 +4797,8 @@ CVE-2017-7290 (SQL injection vulnerability in XOOPS 2.5.7.2 and other versions b NOT-FOR-US: XOOPS CVE-2017-7289 RESERVED -CVE-2017-7288 - RESERVED +CVE-2017-7288 (Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite ...) + TODO: check CVE-2017-7287 RESERVED CVE-2017-7286 @@ -5051,7 +5153,7 @@ CVE-2017-7178 (CSRF was discovered in the web UI in Deluge before 1.3.14. The .. {DSA-3856-1 DLA-863-1} - deluge 1.3.13+git20161130.48cedf63-2 (bug #857903) NOTE: http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable&id=318ab179865e0707d7945edc3a13a464a108d583 -CVE-2017-9149 ["Clean metadata" contextual menu silently fails] +CVE-2017-9149 (Metadata Anonymisation Toolkit (MAT) 0.6 and 0.6.1 silently fails to ...) - mat 0.6.1-4 (bug #858058) [jessie] - mat <not-affected> (Vulnerable code not present) [wheezy] - mat <not-affected> (Vulnerable code not present) @@ -5861,8 +5963,8 @@ CVE-2017-6823 (Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privil NOT-FOR-US: Fiyo CMS CVE-2017-6822 RESERVED -CVE-2017-6821 - RESERVED +CVE-2017-6821 (Directory traversal vulnerability in Zimbra Collaboration Suite (aka ...) + TODO: check CVE-2017-6820 (rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is ...) {DLA-855-1} - roundcube 1.2.3+dfsg.1-3 (bug #857473) @@ -5870,8 +5972,8 @@ CVE-2017-6820 (rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 NOTE: https://github.com/roundcube/roundcubemail/commit/cbd35626f7db7855f3b5e2db00d28ecc1554e9f4 NOTE: https://github.com/roundcube/roundcubemail/wiki/Changelog#release-124 NOTE: https://github.com/roundcube/roundcubemail/releases/tag/1.1.8 -CVE-2017-6813 - RESERVED +CVE-2017-6813 (A service provided by Zimbra Collaboration Suite (ZCS) before 8.7.6 ...) + TODO: check CVE-2017-6812 (paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in ...) NOT-FOR-US: MaNGOSWebV4 CVE-2017-6811 (paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in ...) @@ -6417,7 +6519,7 @@ CVE-2017-6556 (Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSM NOT-FOR-US: CMS Made Simple CVE-2017-6555 (Cross-site scripting (XSS) vulnerability in /admin/moduleinterface.php ...) NOT-FOR-US: CMS Made Simple -CVE-2017-6554 (pmmasterd in Quest Privilege Manager 6.0.0-27 and 6.0.0-50 allows ...) +CVE-2017-6554 (pmmasterd in Quest Privilege Manager before 6.0.0.061, when configured ...) NOT-FOR-US: Quest Privilege Manager CVE-2017-6553 (Buffer Overflow in Quest One Identity Privilege Manager for Unix before ...) NOT-FOR-US: Quest One Identity Privilege Manager for Unix @@ -8118,10 +8220,10 @@ CVE-2017-5967 (The time subsystem in the Linux kernel through 4.9.9, when ...) {DLA-922-1} - linux 4.9.13-1 (low) [jessie] - linux 3.16.43-1 -CVE-2017-5966 - RESERVED -CVE-2017-5965 - RESERVED +CVE-2017-5966 (Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators ...) + TODO: check +CVE-2017-5965 (The package manager in Sitecore CRM 8.1 Rev 151207 allows remote ...) + TODO: check CVE-2017-5964 (An issue was discovered in Emoncms through 9.8.0. The vulnerability ...) NOT-FOR-US: Emoncms CVE-2017-5963 (An issue was discovered in caddy (for TYPO3) before 7.2.10. The ...) @@ -8412,8 +8514,7 @@ CVE-2017-5872 (The TCP/IP networking module in Unisys ClearPath MCP systems with NOT-FOR-US: Unisys ClearPath CVE-2017-5871 RESERVED -CVE-2017-5870 - RESERVED +CVE-2017-5870 (Multiple cross-site scripting (XSS) vulnerabilities in ViMbAdmin ...) NOT-FOR-US: ViMbAdmin CVE-2017-5869 (Directory traversal vulnerability in the file import feature in Nuxeo ...) NOT-FOR-US: Nuxeo |