diff options
author | security tracker role <sectracker@debian.org> | 2017-04-01 09:10:13 +0000 |
---|---|---|
committer | security tracker role <sectracker@debian.org> | 2017-04-01 09:10:13 +0000 |
commit | b99ff66211e3eb4512065cc22f602e4f7397dd65 (patch) | |
tree | 410bb2808c140865b74bad0108f743a20824db4d /data | |
parent | 329ef6408284ed9c9faa9c4801e6d1f49a52576d (diff) |
automatic update
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@50238 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/2008.list | 3 | ||||
-rw-r--r-- | data/CVE/2014.list | 13 | ||||
-rw-r--r-- | data/CVE/2015.list | 4 | ||||
-rw-r--r-- | data/CVE/2016.list | 51 | ||||
-rw-r--r-- | data/CVE/2017.list | 90 |
5 files changed, 112 insertions, 49 deletions
diff --git a/data/CVE/2008.list b/data/CVE/2008.list index d537fcf1e4..37aa2096c7 100644 --- a/data/CVE/2008.list +++ b/data/CVE/2008.list @@ -16,8 +16,7 @@ CVE-2008-7315 [Shell escape vulnerability] NOTE: http://www.openwall.com/lists/oss-security/2015/10/08/2 CVE-2008-7314 RESERVED -CVE-2008-7313 [Incomplete fix for CVE-2008-4796] - RESERVED +CVE-2008-7313 (The _httpsrequest function in Snoopy allows remote attackers to ...) {DSA-3248-1 DLA-357-1} - libphp-snoopy 2.0.0-1 (bug #778634) NOTE: additional commit missing, so fix for CVE-2008-4796 was incomplete diff --git a/data/CVE/2014.list b/data/CVE/2014.list index 5c6458449e..34fc45e014 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -2974,8 +2974,7 @@ CVE-2014-9116 (The write_one_header function in mutt 1.5.23 does not properly ha - mutt 1.5.23-2 (bug #771125) NOTE: Detailed analysis in https://bugzilla.redhat.com/show_bug.cgi?id=1168463#c4 NOTE: Upstream bugreport: http://dev.mutt.org/trac/ticket/3716 -CVE-2014-9114 [blkid command injection] - RESERVED +CVE-2014-9114 (Blkid in util-linux before 2.26rc-1 allows local users to execute ...) - util-linux 2.25.2-4 (bug #771274) [squeeze] - util-linux <no-dsa> (Minor issue) [wheezy] - util-linux <no-dsa> (Minor issue) @@ -12876,13 +12875,11 @@ CVE-2014-5015 (bozotic HTTP server (aka bozohttpd) before 20140708, as used in . - bozohttpd <removed> (bug #755197) [squeeze] - bozohttpd <no-dsa> (Minor issue) NOTE: Fixed by: http://cvsweb.netbsd.org/bsdweb.cgi/src/libexec/httpd/bozohttpd.c.diff?r1=1.52&r2=1.53&only_with_tag=MAIN -CVE-2014-5009 [Incorrect fix for CVE-2014-5008] - RESERVED +CVE-2014-5009 (Snoopy allows remote attackers to execute arbitrary commands. NOTE: ...) - libphp-snoopy <not-affected> (Incorrect fix not applied) NOTE: This issue exists because of an incorrect fix for CVE-2014-5008. NOTE: https://github.com/cogdog/feed2js/pull/12#issuecomment-48283706 -CVE-2014-5008 [Incorrect fix for CVE-2008-4796, escapeshellarg required] - RESERVED +CVE-2014-5008 (Snoopy allows remote attackers to execute arbitrary commands. ...) {DSA-3248-1 DLA-357-1} - libphp-snoopy 2.0.0-1 (bug #778634) NOTE: http://mstrokin.com/sec/feed2js-magpierss-0day-vulnerability-not-really-it-is-actually-cve-2005-3330-cve-2008-4796/ @@ -15461,8 +15458,8 @@ CVE-2014-3933 (Cross-site scripting (XSS) vulnerability in the address component NOT-FOR-US: Drupal module AddressField Tokens CVE-2014-3932 (SQL injection vulnerability in the device registration component in ...) NOT-FOR-US: CoSoSys Endpoint Protector -CVE-2014-3931 - RESERVED +CVE-2014-3931 (fastping.c in MRLG (aka Multi-Router Looking Glass) before 5.5.0 ...) + TODO: check CVE-2014-3930 RESERVED CVE-2014-3929 diff --git a/data/CVE/2015.list b/data/CVE/2015.list index f91ceb7276..daed284baf 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -13138,8 +13138,8 @@ CVE-2015-4627 RESERVED CVE-2015-4626 (B.A.S C2Box before 4.0.0 (r19171) relies on client-side validation, ...) NOT-FOR-US: B.A.S C2Box -CVE-2015-4624 - RESERVED +CVE-2015-4624 (Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens. ...) + TODO: check CVE-2015-4623 RESERVED CVE-2015-4622 diff --git a/data/CVE/2016.list b/data/CVE/2016.list index 2cc9db3bd1..bf494f19c3 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -966,8 +966,8 @@ CVE-2016-9992 (IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to NOT-FOR-US: IBM CVE-2016-9991 RESERVED -CVE-2016-9990 - RESERVED +CVE-2016-9990 (IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This ...) + TODO: check CVE-2016-9989 RESERVED CVE-2016-9988 @@ -1927,8 +1927,8 @@ CVE-2016-9709 RESERVED CVE-2016-9708 RESERVED -CVE-2016-9707 - RESERVED +CVE-2016-9707 (IBM Jazz Foundation is vulnerable to a denial of service, caused by an ...) + TODO: check CVE-2016-9706 (IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP ...) NOT-FOR-US: IBM CVE-2016-9705 @@ -4612,8 +4612,8 @@ CVE-2016-8937 RESERVED CVE-2016-8936 (IBM Social Rendering Templates for Digital Data Connector is ...) NOT-FOR-US: IBM -CVE-2016-8935 - RESERVED +CVE-2016-8935 (IBM Kenexa LMS on Cloud 13.1, 13.2, 13.2.2, 13.2.3, 13.2.4 and 14.0.0 ...) + TODO: check CVE-2016-8934 (IBM WebSphere Application Server is vulnerable to cross-site ...) NOT-FOR-US: IBM CVE-2016-8933 (IBM Kenexa LMS on Cloud could allow a remote attacker to traverse ...) @@ -4648,8 +4648,8 @@ CVE-2016-8919 (IBM WebSphere Application Server may be vulnerable to a denial of NOT-FOR-US: IBM CVE-2016-8918 (IBM Integration Bus, under non default configurations, could allow a ...) NOT-FOR-US: IBM -CVE-2016-8917 - RESERVED +CVE-2016-8917 (IBM Sterling Order Management 9.2 - 9.5 is vulnerable to cross-site ...) + TODO: check CVE-2016-8916 RESERVED CVE-2016-8915 (IBM WebSphere MQ 8.0 could allow an authenticated user with access to ...) @@ -7219,8 +7219,8 @@ CVE-2016-8034 RESERVED CVE-2016-8033 RESERVED -CVE-2016-8032 - RESERVED +CVE-2016-8032 (Software Integrity Attacks vulnerability in Intel Security Anti-Virus ...) + TODO: check CVE-2016-8031 (Software Integrity Attacks vulnerability in Intel Security Anti-Virus ...) NOT-FOR-US: Intel antivirus CVE-2016-8030 @@ -7939,7 +7939,7 @@ CVE-2016-7790 (Exponent CMS 2.3.9 suffers from a remote code execution vulnerabi NOT-FOR-US: Exponent CMS CVE-2016-7789 (SQL injection vulnerability in framework/core/models/expConfig.php in ...) NOT-FOR-US: Exponent CMS -CVE-2016-7788 (SQL injection vulnerability in ramework/modules/users/models/user.php ...) +CVE-2016-7788 (SQL injection vulnerability in framework/modules/users/models/user.php ...) NOT-FOR-US: Exponent CMS CVE-2016-7787 (A maliciously crafted command line for kdesu can result in the user ...) - kde-cli-tools 4:5.8.0-1 (bug #839865) @@ -11590,10 +11590,10 @@ CVE-2016-6563 RESERVED CVE-2016-6562 RESERVED -CVE-2016-6561 - RESERVED -CVE-2016-6560 - RESERVED +CVE-2016-6561 (illumos smbsrv NULL pointer dereference allows system crash. ...) + TODO: check +CVE-2016-6560 (illumos osnet-incorporation bcopy() and bzero() implementations make ...) + TODO: check CVE-2016-6559 RESERVED CVE-2016-6558 @@ -12934,8 +12934,7 @@ CVE-2016-6207 (Integer overflow in the _gdContributionsAlloc function in ...) NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72558 NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd -CVE-2016-6209 [Reflected XSS vulnerability and possible phishing vector] - RESERVED +CVE-2016-6209 (Cross-site scripting (XSS) vulnerability in Nagios. ...) - nagios3 <removed> (bug #831698) [jessie] - nagios3 <no-dsa> (Minor issue) [wheezy] - nagios3 <no-dsa> (Minor issue) @@ -13326,8 +13325,8 @@ CVE-2016-6113 (IBM Verse is vulnerable to cross-site scripting. This vulnerabili NOT-FOR-US: IBM CVE-2016-6112 RESERVED -CVE-2016-6111 - RESERVED +CVE-2016-6111 (IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a ...) + TODO: check CVE-2016-6110 (IBM Tivoli Storage Manager undisclosed unencrypted login credentials ...) NOT-FOR-US: IBM CVE-2016-6109 @@ -13476,8 +13475,8 @@ CVE-2016-6038 (Directory traversal vulnerability in Eclipse Help in IBM Tivoli . NOT-FOR-US: Tivoli CVE-2016-6037 RESERVED -CVE-2016-6036 - RESERVED +CVE-2016-6036 (IBM Rational Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to ...) + TODO: check CVE-2016-6035 RESERVED CVE-2016-6034 (IBM Tivoli Storage Manager for Virtual Environments (VMware) could ...) @@ -13486,8 +13485,8 @@ CVE-2016-6033 (IBM Tivoli Storage Manager for Virtual Environments 7.1 (VMware) NOT-FOR-US: IBM CVE-2016-6032 (IBM Rational Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site ...) NOT-FOR-US: IBM -CVE-2016-6031 - RESERVED +CVE-2016-6031 (IBM Rational Quality Manager 4.0, 5.0, and 6.0 are vulnerable to ...) + TODO: check CVE-2016-6030 (IBM Jazz Foundation is vulnerable to cross-site scripting. This ...) NOT-FOR-US: IBM CVE-2016-6029 @@ -13504,8 +13503,8 @@ CVE-2016-6024 RESERVED CVE-2016-6023 (Directory traversal vulnerability in the Configuration Manager in IBM ...) NOT-FOR-US: IBM -CVE-2016-6022 - RESERVED +CVE-2016-6022 (IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to ...) + TODO: check CVE-2016-6021 RESERVED CVE-2016-6020 (IBM Sterling B2B Integrator Standard Edition could allow a remote ...) @@ -20030,7 +20029,7 @@ CVE-2016-3824 (omx/OMXNodeInstance.cpp in libstagefright in mediaserver in Andro CVE-2016-3823 (The secure-session feature in the mm-video-v4l2 venc component in ...) NOT-FOR-US: Android CVE-2016-3822 (exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android ...) - {DLA-864-1} + {DSA-3825-1 DLA-864-1} - jhead 1:3.00-4 (bug #858213) CVE-2016-3821 (libmedia in mediaserver in Android 4.x before 4.4.4, 5.0.x before ...) NOT-FOR-US: Android Mediaserver diff --git a/data/CVE/2017.list b/data/CVE/2017.list index 02582576af..865a4c5728 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -1,3 +1,71 @@ +CVE-2017-7397 + RESERVED +CVE-2017-7396 (In TigerVNC 1.7.1 (CConnection.cxx CConnection::CConnection), an ...) + TODO: check +CVE-2017-7395 (In TigerVNC 1.7.1 (SMsgReader.cxx SMsgReader::readClientCutText), by ...) + TODO: check +CVE-2017-7394 (In TigerVNC 1.7.1 (SSecurityPlain.cxx SSecurityPlain::processMsg), ...) + TODO: check +CVE-2017-7393 (In TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), an ...) + TODO: check +CVE-2017-7392 (In TigerVNC 1.7.1 (SSecurityVeNCrypt.cxx ...) + TODO: check +CVE-2017-7391 (A Cross-Site Scripting (XSS) was discovered in 'Magmi 0.7.22'. The ...) + TODO: check +CVE-2017-7390 (A Cross-Site Scripting (XSS) was discovered in 'SocialNetwork v1.2.1'. ...) + TODO: check +CVE-2017-7389 (Multiple Cross-Site Scripting (XSS) were discovered in 'openeclass ...) + TODO: check +CVE-2017-7388 (A Cross-Site Scripting (XSS) was discovered in 'wallacepos v1.4.1'. The ...) + TODO: check +CVE-2017-7387 (TheFirstQuestion/HelpMeWatchWho before 2017-03-28 is vulnerable to a ...) + TODO: check +CVE-2017-7386 (citymont/symetrie v.0.9.6 is vulnerable to a reflected XSS in ...) + TODO: check +CVE-2017-7385 + RESERVED +CVE-2017-7384 + RESERVED +CVE-2017-7383 + RESERVED +CVE-2017-7382 + RESERVED +CVE-2017-7381 + RESERVED +CVE-2017-7380 + RESERVED +CVE-2017-7379 + RESERVED +CVE-2017-7378 + RESERVED +CVE-2017-7377 + RESERVED +CVE-2017-7376 + RESERVED +CVE-2017-7375 + RESERVED +CVE-2017-7374 (Use-after-free vulnerability in fs/crypto/ in the Linux kernel before ...) + TODO: check +CVE-2017-7373 + RESERVED +CVE-2017-7372 + RESERVED +CVE-2017-7371 + RESERVED +CVE-2017-7370 + RESERVED +CVE-2017-7369 + RESERVED +CVE-2017-7368 + RESERVED +CVE-2017-7367 + RESERVED +CVE-2017-7366 + RESERVED +CVE-2017-7365 + RESERVED +CVE-2017-7364 + RESERVED CVE-2017-7363 (Pixie 1.0.4 allows an admin/index.php s=publish&m=module&x= XSS ...) NOT-FOR-US: Pixie CMS CVE-2017-7362 (Pixie 1.0.4 allows an admin/index.php s=publish&m=dynamic&x= XSS ...) @@ -10471,10 +10539,10 @@ CVE-2017-3012 RESERVED CVE-2017-3011 RESERVED -CVE-2017-3010 - RESERVED -CVE-2017-3009 - RESERVED +CVE-2017-3010 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...) + TODO: check +CVE-2017-3009 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...) + TODO: check CVE-2017-3008 RESERVED CVE-2017-3007 @@ -10947,8 +11015,8 @@ CVE-2017-2777 RESERVED CVE-2017-2776 RESERVED -CVE-2017-2775 - RESERVED +CVE-2017-2775 (An exploitable memory corruption vulnerability exists in the ...) + TODO: check CVE-2017-2774 RESERVED CVE-2017-2773 @@ -14338,8 +14406,8 @@ CVE-2017-1173 RESERVED CVE-2017-1172 RESERVED -CVE-2017-1171 - RESERVED +CVE-2017-1171 (The IBM TRIRIGA Application Platform 3.3, 3,4, and 3,5 contain a ...) + TODO: check CVE-2017-1170 RESERVED CVE-2017-1169 @@ -14372,8 +14440,8 @@ CVE-2017-1156 RESERVED CVE-2017-1155 (IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could ...) NOT-FOR-US: IBM -CVE-2017-1154 - RESERVED +CVE-2017-1154 (IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could ...) + TODO: check CVE-2017-1153 (IBM TRIRIGA Report Manager 3.2 through 3.5 contains a vulnerability ...) NOT-FOR-US: IBM CVE-2017-1152 @@ -14412,7 +14480,7 @@ CVE-2017-1136 RESERVED CVE-2017-1135 RESERVED -CVE-2017-1134 (IBM Power Hardware Management Console (HMC) 3.3.2 and 4.1 could allow ...) +CVE-2017-1134 (IBM Reliable Scalable Cluster Technology could allow a local user to ...) NOT-FOR-US: IBM CVE-2017-1133 (IBM QRadar 7.2 is vulnerable to cross-site scripting. This ...) NOT-FOR-US: IBM |