diff options
author | security tracker role <sectracker@debian.org> | 2017-07-18 21:10:15 +0000 |
---|---|---|
committer | security tracker role <sectracker@debian.org> | 2017-07-18 21:10:15 +0000 |
commit | 3c743c55e72d42f9191070a881fecf7209565391 (patch) | |
tree | 9ebc35414ecdfbe8cfc47a31d6ee13e6b8909789 | |
parent | eb7f21be495f71c862c46e9ae1ca525ef48e88c1 (diff) |
automatic update
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@53630 e39458fd-73e7-0310-bf30-c45bca0a0e42
-rw-r--r-- | data/CVE/list.1999 | 2 | ||||
-rw-r--r-- | data/CVE/list.2001 | 2 | ||||
-rw-r--r-- | data/CVE/list.2004 | 2 | ||||
-rw-r--r-- | data/CVE/list.2006 | 2 | ||||
-rw-r--r-- | data/CVE/list.2017 | 65 |
5 files changed, 49 insertions, 24 deletions
diff --git a/data/CVE/list.1999 b/data/CVE/list.1999 index 430656ea1e..cca642087a 100644 --- a/data/CVE/list.1999 +++ b/data/CVE/list.1999 @@ -497,7 +497,7 @@ CVE-1999-0957 (MajorCool mj_key_cache program allows local users to modify files NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0956 (The NeXT NetInfo _writers property allows local users to gain root ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-1999-0955 (Race condition in wu-ftpd and BSDI ftpd allows remote attackers gain ...) +CVE-1999-0955 (Race condition in wu-ftpd and BSDI ftpd allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0954 (WWWBoard has a default username and default password. ...) NOT-FOR-US: Data pre-dating the Security Tracker diff --git a/data/CVE/list.2001 b/data/CVE/list.2001 index c9c75ebc0a..8b70e0f08b 100644 --- a/data/CVE/list.2001 +++ b/data/CVE/list.2001 @@ -210,7 +210,7 @@ CVE-2001-1500 (ProFTPD 1.2.2rc2, and possibly other versions, does not properly - proftpd 1.2.4-1 CVE-2001-1499 (Check Point VPN-1 4.1SP4 using SecuRemote returns different error ...) NOT-FOR-US: Check Point -CVE-2001-1498 (Buffer overflow in mod_bf 0.2 allows local users execute arbitrary ...) +CVE-2001-1498 (Buffer overflow in mod_bf 0.2 allows local users to execute arbitrary ...) NOT-FOR-US: mod_bf CVE-2001-1497 (Microsoft Internet Explorer 4.0 through 6.0 could allow local users to ...) NOT-FOR-US: Microsoft diff --git a/data/CVE/list.2004 b/data/CVE/list.2004 index 299ca50667..cf87a3b51e 100644 --- a/data/CVE/list.2004 +++ b/data/CVE/list.2004 @@ -3376,7 +3376,7 @@ CVE-2004-1176 (Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and {DSA-639-1} NOTE: unstable not vulnerable according to DSA, DSA was wrong.. - mc 1:4.6.0-4.6.1-pre3-1 -CVE-2004-1175 (fish.c in midnight commander allows remote attackers execute arbitrary ...) +CVE-2004-1175 (fish.c in midnight commander allows remote attackers to execute ...) {DSA-639-1} NOTE: unstable not vulnerable according to DSA, DSA was wrong.. - mc 1:4.6.0-4.6.1-pre3-1 diff --git a/data/CVE/list.2006 b/data/CVE/list.2006 index f2585cb205..556d554ddc 100644 --- a/data/CVE/list.2006 +++ b/data/CVE/list.2006 @@ -10609,7 +10609,7 @@ CVE-2006-2533 (Cross-site scripting (XSS) vulnerability in (1) addWeblog.php and NOT-FOR-US: Destiney CVE-2006-2532 (stats.php in Destiney Rated Images Script 0.5.0 allows remote ...) NOT-FOR-US: Destiney -CVE-2006-2531 (Ipswitch WhatsUp Professional 2006 only verifies the users identity ...) +CVE-2006-2531 (Ipswitch WhatsUp Professional 2006 only verifies the user's identity ...) NOT-FOR-US: Ipswitch CVE-2006-2530 (avatar_upload.asp in Avatar MOD 1.3 for Snitz Forums 3.4, and possibly ...) NOT-FOR-US: Snitz mod diff --git a/data/CVE/list.2017 b/data/CVE/list.2017 index f2b0837436..3e38181cc8 100644 --- a/data/CVE/list.2017 +++ b/data/CVE/list.2017 @@ -1,3 +1,29 @@ +CVE-2017-11434 + RESERVED +CVE-2017-11433 + RESERVED +CVE-2017-11432 + RESERVED +CVE-2017-11431 + RESERVED +CVE-2017-11430 + RESERVED +CVE-2017-11429 + RESERVED +CVE-2017-11428 + RESERVED +CVE-2017-11427 + RESERVED +CVE-2017-11426 + RESERVED +CVE-2017-11425 + RESERVED +CVE-2017-11424 + RESERVED +CVE-2017-11423 (The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, ...) + TODO: check +CVE-2017-11422 + RESERVED CVE-2017-11420 (Stack-based buffer overflow in ASUS_Discovery.c in networkmap in ...) NOT-FOR-US: ASUS CVE-2017-11419 (Fiyo CMS 2.0.7 has SQL injection in ...) @@ -41,7 +67,7 @@ CVE-2017-11401 RESERVED CVE-2017-11400 RESERVED -CVE-2017-11421 [Thumbnail generation for MSI files executes arbitrary VBScript] +CVE-2017-11421 (gnome-exe-thumbnailer before 0.9.5 is prone to a VBScript Injection ...) - gnome-exe-thumbnailer 0.9.5-1 (bug #868705) [stretch] - gnome-exe-thumbnailer <no-dsa> (Minor issue) NOTE: http://news.dieweltistgarnichtso.net/posts/gnome-thumbnailer-msi-fail.html @@ -506,7 +532,7 @@ CVE-2017-11209 RESERVED CVE-2017-1000083 [Evince command injection vulnerability in CBT handler] RESERVED - {DSA-3911-1} + {DSA-3911-1 DLA-1031-1} - evince 3.22.1-4 - atril <unfixed> (bug #868500) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=784630 @@ -1421,10 +1447,10 @@ CVE-2017-10964 RESERVED CVE-2017-10963 RESERVED -CVE-2017-10962 - RESERVED -CVE-2017-10961 - RESERVED +CVE-2017-10962 (REDCap before 7.5.1 has XSS via the query string. ...) + TODO: check +CVE-2017-10961 (REDCap before 7.5.1 has CSRF in the deletion feature of the File ...) + TODO: check CVE-2017-10960 RESERVED CVE-2017-10959 @@ -1945,8 +1971,8 @@ CVE-2017-10710 RESERVED CVE-2017-10709 (The lockscreen on Elephone P9000 devices (running Android 6.0) allows ...) NOT-FOR-US: Elephone P9000 devices -CVE-2017-10708 - RESERVED +CVE-2017-10708 (An issue was discovered in Apport through 2.20.x. In apport/report.py, ...) + TODO: check CVE-2017-10707 RESERVED CVE-2017-10706 (When Antiy Antivirus Engine before 5.0.0.05171547 scans a special ZIP ...) @@ -2738,7 +2764,7 @@ CVE-2017-9789 (When under stress, closing many connections, the HTTP/2 handling - apache2 <not-affected> (Only affected 2.4.26) NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27 CVE-2017-9788 (In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value ...) - {DLA-1028-1} + {DSA-3913-1 DLA-1028-1} - apache2 2.4.27-1 (bug #868467) NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27 NOTE: Fixed by (2.4.x): https://svn.apache.org/r1800955 @@ -10331,8 +10357,7 @@ CVE-2017-7507 (GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer NOTE: https://gitlab.com/gnutls/gnutls/commit/4c4d35264fada08b6536425c051fb8e0b05ee86b NOTE: https://gitlab.com/gnutls/gnutls/commit/3efb6c5fd0e3822ec11879d5bcbea0e8d322cd03 NOTE: https://gitlab.com/gnutls/gnutls/commit/e1d6c59a7b0392fb3b8b75035614084a53e2c8c9 -CVE-2017-7506 - RESERVED +CVE-2017-7506 (spice versions though 0.13 are vulnerable to out-of-bounds memory ...) {DSA-3907-1} - spice <unfixed> (bug #868083) CVE-2017-7505 (Foreman since version 1.5 is vulnerable to an incorrect authorization ...) @@ -13527,8 +13552,8 @@ CVE-2017-6345 (The LLC subsystem in the Linux kernel before 4.9.13 does not ensu NOTE: Fixed by: https://git.kernel.org/linus/8b74d439e1697110c5e5c600643e823eb1dd0762 CVE-2017-6321 RESERVED -CVE-2017-6320 - RESERVED +CVE-2017-6320 (A remote command injection vulnerability exists in the Barracuda Load ...) + TODO: check CVE-2017-6319 (The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 ...) - radare2 1.1.0+dfsg-3 (bug #856579) [jessie] - radare2 <not-affected> (Vulnerable code introduced in 1.1.0) @@ -16790,12 +16815,12 @@ CVE-2017-5249 RESERVED CVE-2017-5248 RESERVED -CVE-2017-5247 - RESERVED -CVE-2017-5246 - RESERVED +CVE-2017-5247 (Biscom Secure File Transfer is vulnerable to cross-site scripting in ...) + TODO: check +CVE-2017-5246 (Biscom Secure File Transfer is vulnerable to AngularJS expression ...) + TODO: check CVE-2017-5245 - RESERVED + REJECTED CVE-2017-5244 (Routes used to stop running Metasploit tasks (either particular ones ...) NOT-FOR-US: Metasploit CVE-2017-5243 (The default SSH configuration in Rapid7 Nexpose hardware appliances ...) @@ -25591,8 +25616,8 @@ CVE-2017-1320 (IBM Tivoli Federated Identity Manager 6.2 is vulnerable to cross- NOT-FOR-US: IBM CVE-2017-1319 (IBM Tivoli Federated Identity Manager 6.2 is affected by a ...) NOT-FOR-US: IBM -CVE-2017-1318 - RESERVED +CVE-2017-1318 (IBM MQ Appliance 8.0 and 9.0 could allow an authenticated messaging ...) + TODO: check CVE-2017-1317 RESERVED CVE-2017-1316 |