diff options
author | security tracker role <sectracker@debian.org> | 2017-06-27 21:10:14 +0000 |
---|---|---|
committer | security tracker role <sectracker@debian.org> | 2017-06-27 21:10:14 +0000 |
commit | cc963178c0b93061c8cf4f77d2e26f35066fd3c3 (patch) | |
tree | f0cbef672174a176aed8d40683448d6b89c8bda0 | |
parent | 0713a42f69b3ea6690ddc6af897271f5c58735c5 (diff) |
automatic update
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@52964 e39458fd-73e7-0310-bf30-c45bca0a0e42
-rw-r--r-- | data/CVE/2004.list | 3 | ||||
-rw-r--r-- | data/CVE/2012.list | 4 | ||||
-rw-r--r-- | data/CVE/2014.list | 8 | ||||
-rw-r--r-- | data/CVE/2015.list | 49 | ||||
-rw-r--r-- | data/CVE/2016.list | 28 | ||||
-rw-r--r-- | data/CVE/2017.list | 115 |
6 files changed, 98 insertions, 109 deletions
diff --git a/data/CVE/2004.list b/data/CVE/2004.list index c559b61a3c..299ca50667 100644 --- a/data/CVE/2004.list +++ b/data/CVE/2004.list @@ -1,5 +1,4 @@ -CVE-2004-2778 - RESERVED +CVE-2004-2778 (Ebuild in Gentoo may change directory and file permissions depending ...) NOT-FOR-US: Gentoo ebuilds dir permissions at install time CVE-2004-2777 (GE Healthcare Centricity Image Vault 3.x has a password of (1) gemnet ...) NOT-FOR-US: GE Healthcare Centricity Image Vault diff --git a/data/CVE/2012.list b/data/CVE/2012.list index 7ab2429768..01be06d33c 100644 --- a/data/CVE/2012.list +++ b/data/CVE/2012.list @@ -4240,8 +4240,8 @@ CVE-2012-5012 RESERVED CVE-2012-5011 RESERVED -CVE-2012-5010 - RESERVED +CVE-2012-5010 (ASA 5515-X Adaptive Security Appliance Adaptive Security Appliance ...) + TODO: check CVE-2012-5009 RESERVED CVE-2012-5008 diff --git a/data/CVE/2014.list b/data/CVE/2014.list index 51b44381bd..d26d8868a0 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -5420,8 +5420,8 @@ CVE-2014-8150 (CRLF injection vulnerability in libcurl 6.0 through 7.x before 7. {DSA-3122-1 DLA-134-1} - curl 7.38.0-4 NOTE: http://curl.haxx.se/docs/adv_20150108B.html -CVE-2014-8149 - RESERVED +CVE-2014-8149 (OpenDaylight defense4all 1.1.0 and earlier allows remote authenticated ...) + TODO: check CVE-2014-8148 (The default D-Bus access control rule in Midgard2 10.05.7.1 allows ...) - midgard2-core <removed> (bug #774630) CVE-2014-8147 (The resolveImplicitLevels function in common/ubidi.c in the Unicode ...) @@ -9826,8 +9826,8 @@ CVE-2014-6356 (Array index error in Microsoft Word 2007 SP3, Word 2010 SP2, and NOT-FOR-US: Microsoft Word CVE-2014-6355 (The Graphics Component in Microsoft Windows Server 2003 SP2, Windows ...) NOT-FOR-US: Microsft Windows -CVE-2014-6354 - RESERVED +CVE-2014-6354 (Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, ...) + TODO: check CVE-2014-6353 (Microsoft Internet Explorer 6 through 10 allows remote attackers to ...) NOT-FOR-US: Microsoft CVE-2014-6352 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...) diff --git a/data/CVE/2015.list b/data/CVE/2015.list index b5f5689e3c..a16ed8f0ff 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -1923,8 +1923,7 @@ CVE-2015-8616 (Use-after-free vulnerability in the Collator::sortWithSortKeys .. - php7.0 7.0.1-1 NOTE: https://bugs.php.net/bug.php?id=71020 NOTE: http://www.openwall.com/lists/oss-security/2015/12/22/4 -CVE-2015-8697 [Insecure use of temporary files] - RESERVED +CVE-2015-8697 (stalin 0.11-5 allows local users to write to arbitrary files. ...) - stalin <unfixed> (unimportant; bug #808730) [squeeze] - stalin <no-dsa> (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2015/12/27/1 @@ -4177,14 +4176,14 @@ CVE-2015-7901 (Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6. NOT-FOR-US: Mango Automation CVE-2015-7900 (Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 ...) NOT-FOR-US: Mango Automation -CVE-2015-7898 - RESERVED +CVE-2015-7898 (Samsung Gallery in the Samsung Galaxy S6 allows local users to cause a ...) + TODO: check CVE-2015-7897 (The media scanning functionality in the face recognition library in ...) NOT-FOR-US: Samsung CVE-2015-7896 RESERVED -CVE-2015-7895 - RESERVED +CVE-2015-7895 (Samsung Gallery on the Samsung Galaxy S6 allows local users to cause a ...) + TODO: check CVE-2015-7894 RESERVED CVE-2015-7893 (SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email content, ...) @@ -4582,10 +4581,10 @@ CVE-2015-7783 (Cross-site scripting (XSS) vulnerability in Let's PHP! p++BBS bef NOT-FOR-US: p++BBS CVE-2015-7782 (Cross-site scripting (XSS) vulnerability in Let's PHP! Frame ...) NOT-FOR-US: Let's PHP! -CVE-2015-7781 - RESERVED -CVE-2015-7780 - RESERVED +CVE-2015-7781 (ManageEngine Firewall Analyzer before 8.0 does not restrict access ...) + TODO: check +CVE-2015-7780 (Directory traversal vulnerability in ManageEngine Firewall Analyzer ...) + TODO: check CVE-2015-7779 REJECTED CVE-2015-7778 @@ -5119,8 +5118,8 @@ CVE-2015-7584 REJECTED CVE-2015-7583 REJECTED -CVE-2015-7582 - RESERVED +CVE-2015-7582 (Satellite 6.1.0 allows remote authenticated users to read ...) + TODO: check CVE-2015-7581 (actionpack/lib/action_dispatch/routing/route_set.rb in Action Pack in ...) {DSA-3464-1} - rails 2:4.2.5.1-1 @@ -10909,8 +10908,7 @@ CVE-2015-5384 CVE-2015-5379 RESERVED NOT-FOR-US: Axigen -CVE-2015-5378 - RESERVED +CVE-2015-5378 (Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote ...) - logstash <itp> (bug #664841) CVE-2015-5377 [Remote code execution vulnerability] RESERVED @@ -11739,8 +11737,7 @@ CVE-2015-5182 CVE-2015-5181 RESERVED NOT-FOR-US: A-MQ's Hawtio console -CVE-2015-5180 [DNS resolver NULL pointer dereference with crafted record type] - RESERVED +CVE-2015-5180 (res_query in libresolv in glibc before 2.25 allows remote attackers to ...) - glibc 2.24-9 (low; bug #796106) [jessie] - glibc <no-dsa> (Minor issue, too intrusive to backport) - eglibc <removed> (low) @@ -15335,8 +15332,8 @@ CVE-2015-3842 (Multiple heap-based buffer overflows in libeffects in the Audio P NOT-FOR-US: Android CVE-2015-3841 RESERVED -CVE-2015-3840 - RESERVED +CVE-2015-3840 (The MessageStatusReceiver service in the AndroidManifest.XML in ...) + TODO: check CVE-2015-3839 RESERVED CVE-2015-3838 @@ -20142,8 +20139,8 @@ CVE-2015-2247 (Unspecified vulnerability in Boosted Boards skateboards allows .. NOT-FOR-US: Boosted Boards skateboards CVE-2015-2246 (The MeWidget module on Huawei P7 smartphones with software P7-L10 ...) NOT-FOR-US: Huawei -CVE-2015-2245 - RESERVED +CVE-2015-2245 (Huawei Ascend P7 allows remote attackers to cause a denial of service ...) + TODO: check CVE-2015-2244 (Multiple cross-site scripting (XSS) vulnerabilities in Webshop hun ...) NOT-FOR-US: Webshop hun CVE-2015-2243 (Directory traversal vulnerability in Webshop hun 1.062S allows remote ...) @@ -21380,8 +21377,7 @@ CVE-2015-1796 (The PKIX trust engines in Shibboleth Identity Provider before 2.4 [jessie] - libopensaml2-java <no-dsa> (Minor issue) NOTE: Only change between 2.6.4 and 2.6.5 seems http://svn.shibboleth.net/view/java-opensaml2/branches/REL_2/src/main/java/org/opensaml/saml2/metadata/provider/AbstractReloadingMetadataProvider.java?r1=1656&r2=1680 NOTE: http://shibboleth.net/community/advisories/secadv_20150225.txt -CVE-2015-1795 - RESERVED +CVE-2015-1795 (Red Hat Gluster Storage RPM Package 3.2 allows local users to gain ...) - glusterfs <not-affected> (Vulnerable code specific to glusterfs.spec and not present in source in Debian) CVE-2015-1794 (The ssl3_get_key_exchange function in ssl/s3_clnt.c in OpenSSL 1.0.2 ...) - openssl 1.0.2e-1 @@ -21460,8 +21456,7 @@ CVE-2015-1779 (The VNC websocket frame decoder in QEMU allows remote attackers t NOTE: Original patches have problem: https://lists.gnu.org/archive/html/qemu-devel/2015-03/msg04995.html NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=a2bebfd6e09d NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=2cdb5e142fb93 -CVE-2015-1778 - RESERVED +CVE-2015-1778 (The custom authentication realm used by karaf-tomcat's "opendaylight" ...) NOT-FOR-US: OpenDaylight CVE-2015-1777 [rhnreg_ks fails to properly validate SSL/TLS certificates] RESERVED @@ -23358,8 +23353,7 @@ CVE-2015-4470 (Off-by-one error in the inflate function in mszipd.c in libmspack CVE-2015-4472 (Off-by-one error in the READ_ENCINT macro in chmd.c in libmspack ...) - libmspack 0.5-1 (bug #775687) NOTE: http://www.openwall.com/lists/oss-security/2015/02/03/11 -CVE-2015-1591 - RESERVED +CVE-2015-1591 (The kamailio build in kamailio before 4.2.0-2 process allows local ...) - kamailio 4.2.0-2 (bug #775681) NOTE: https://github.com/kamailio/kamailio/issues/48 CVE-2015-1590 @@ -23864,8 +23858,7 @@ CVE-2015-0957 RESERVED CVE-2015-0956 RESERVED -CVE-2015-0955 - RESERVED +CVE-2015-0955 (Cross-site scripting (XSS) vulnerability in Adobe Experience Manager ...) NOT-FOR-US: Adobe Experience Manager CVE-2015-0954 RESERVED diff --git a/data/CVE/2016.list b/data/CVE/2016.list index 66d78ce580..1288ee9248 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -1325,8 +1325,8 @@ CVE-2016-9974 RESERVED CVE-2016-9973 (IBM Jazz Foundation is vulnerable to cross-site scripting. This ...) NOT-FOR-US: IBM -CVE-2016-9972 - RESERVED +CVE-2016-9972 (IBM QRadar 7.2 and 7.3 could allow a remote attacker to obtain ...) + TODO: check CVE-2016-9971 RESERVED CVE-2016-9970 @@ -2184,8 +2184,8 @@ CVE-2016-9740 (IBM QRadar 7.2 could allow a remote attacker to consume all resou NOT-FOR-US: IBM CVE-2016-9739 (IBM Security Identity Manager Virtual Appliance stores user ...) NOT-FOR-US: IBM -CVE-2016-9738 - RESERVED +CVE-2016-9738 (IBM QRadar 7.2 and 7.3 does not require that users should have strong ...) + TODO: check CVE-2016-9737 (IBM TRIRIGA 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. ...) NOT-FOR-US: IBM CVE-2016-9736 (IBM WebSphere Application Server using malformed SOAP requests could ...) @@ -10334,8 +10334,7 @@ CVE-2016-7064 RESERVED CVE-2016-7063 RESERVED -CVE-2016-7062 - RESERVED +CVE-2016-7062 (rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage ...) NOT-FOR-US: Red Hat rhscon-core CVE-2016-7061 RESERVED @@ -12508,8 +12507,7 @@ CVE-2016-6344 (Red Hat JBoss BPM Suite 6.3.x does not include the HTTPOnly flag CVE-2016-6343 RESERVED NOT-FOR-US: JBoss BPMS -CVE-2016-6342 [posting entry as arbitrary username by improper authentication] - RESERVED +CVE-2016-6342 (elog 3.1.1 allows remote attackers to post data as any username in the ...) - elog 3.1.2-1-1 (bug #836505) [jessie] - elog 2.9.2+2014.05.11git44800a7-2+deb8u1 NOTE: https://bitbucket.org/ritt/elog/commits/2f6a300572bd6048351af8c45394ae62230c83d9 @@ -13735,8 +13733,8 @@ CVE-2016-6085 (IBM BigFix Platform could allow an attacker on the local network NOT-FOR-US: IBM CVE-2016-6084 (IBM BigFix Platform could allow an attacker on the local network to ...) NOT-FOR-US: IBM -CVE-2016-6083 - RESERVED +CVE-2016-6083 (IBM Tivoli Monitoring V6 could allow an unauthenticated user to access ...) + TODO: check CVE-2016-6082 (IBM BigFix Platform could allow a remote attacker to execute arbitrary ...) NOT-FOR-US: IBM CVE-2016-6081 @@ -15541,8 +15539,7 @@ CVE-2016-5416 (389 Directory Server in Red Hat Enterprise Linux Desktop 6 throug NOTE: Potentially related: https://fedorahosted.org/389/ticket/48354 CVE-2016-5415 RESERVED -CVE-2016-5414 [incorrect check for SubjectAltNames during CA ACL check] - RESERVED +CVE-2016-5414 (FreeIPA 4.4.0 allows remote attackers to request an arbitrary SAN name ...) - freeipa <not-affected> (Vulnerable code introduced in the 4.4.0 release) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1360757 NOTE: https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=25ed36fda14b30d6a50746a536939e3b428993cb @@ -18919,8 +18916,8 @@ CVE-2016-4385 (The RMI service in HP Network Automation Software 9.1x, 9.2x, 10. NOT-FOR-US: HPE Network Automation CVE-2016-4384 (HPE Performance Center before 12.50 and LoadRunner before 12.50 allow ...) NOT-FOR-US: HPE Performance Center -CVE-2016-4383 - RESERVED +CVE-2016-4383 (The glance-manage db in all versions of HPE Helion Openstack Glance ...) + TODO: check CVE-2016-4382 (HPE Performance Center 11.52, 12.00, 12.01, 12.20, and 12.50 allows ...) NOT-FOR-US: HPE Performance Center CVE-2016-4381 (HPE XP7 Command View Advanced Edition (CVAE) Suite 6.x through 8.x ...) @@ -28841,8 +28838,7 @@ CVE-2016-0961 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before NOT-FOR-US: Adobe Flash CVE-2016-0960 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before ...) NOT-FOR-US: Adobe Flash -CVE-2016-0959 - RESERVED +CVE-2016-0959 (Use after free vulnerability in Adobe Flash Player Desktop Runtime ...) NOT-FOR-US: Adobe Flash CVE-2016-0958 (Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 might allow remote ...) NOT-FOR-US: Adobe diff --git a/data/CVE/2017.list b/data/CVE/2017.list index da455aaeba..975f727822 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -1,3 +1,7 @@ +CVE-2017-9983 + RESERVED +CVE-2017-9982 (TeamSpeak Client 3.0.19 allows remote attackers to cause a denial of ...) + TODO: check CVE-2017-9981 RESERVED CVE-2017-9980 @@ -312,8 +316,8 @@ CVE-2017-9843 RESERVED CVE-2017-9842 RESERVED -CVE-2017-9841 - RESERVED +CVE-2017-9841 (Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 ...) + TODO: check CVE-2017-9840 (Dolibarr ERP/CRM 5.0.3 and prior allows low-privilege users to upload ...) - dolibarr <unfixed> CVE-2017-9839 @@ -340,8 +344,8 @@ CVE-2017-9831 (An integer overflow vulnerability in the ptp_unpack_EOS_CustomFun [jessie] - libmtp <no-dsa> (Minor issue; can be fixed in a point release) NOTE: https://sourceforge.net/p/libmtp/mailman/message/35735992/ NOTE: https://sourceforge.net/p/libmtp/code/ci/aa7d91a789873a9d86969028e57f888a1241c085/ -CVE-2017-9830 - RESERVED +CVE-2017-9830 (Remote Code Execution is possible in Code42 CrashPlan 5.4.x via the ...) + TODO: check CVE-2017-9829 ('/cgi-bin/admin/downloadMedias.cgi' of the web service in most of the ...) NOT-FOR-US: VIVOTEK Network Cameras CVE-2017-9828 ('/cgi-bin/admin/testserver.cgi' of the web service in most of the ...) @@ -3183,16 +3187,16 @@ CVE-2017-9259 RESERVED CVE-2017-9258 RESERVED -CVE-2017-9257 - RESERVED -CVE-2017-9256 - RESERVED -CVE-2017-9255 - RESERVED -CVE-2017-9254 - RESERVED -CVE-2017-9253 - RESERVED +CVE-2017-9257 (The mp4ff_read_ctts function in common/mp4ff/mp4atom.c in Freeware ...) + TODO: check +CVE-2017-9256 (The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware ...) + TODO: check +CVE-2017-9255 (The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware ...) + TODO: check +CVE-2017-9254 (The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware ...) + TODO: check +CVE-2017-9253 (The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware ...) + TODO: check CVE-2017-9287 (servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to ...) {DSA-3868-1 DLA-972-1} - openldap 2.4.44+dfsg-5 (bug #863563) @@ -3291,18 +3295,18 @@ CVE-2017-9224 (An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma- [jessie] - libonig <no-dsa> (Minor issue) NOTE: https://github.com/kkos/oniguruma/commit/690313a061f7a4fa614ec5cc8368b4f2284e059b NOTE: https://github.com/kkos/oniguruma/issues/57 -CVE-2017-9223 - RESERVED -CVE-2017-9222 - RESERVED -CVE-2017-9221 - RESERVED -CVE-2017-9220 - RESERVED -CVE-2017-9219 - RESERVED -CVE-2017-9218 - RESERVED +CVE-2017-9223 (The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware ...) + TODO: check +CVE-2017-9222 (The mp4ff_parse_tag function in common/mp4ff/mp4meta.c in Freeware ...) + TODO: check +CVE-2017-9221 (The mp4ff_read_mdhd function in common/mp4ff/mp4atom.c in Freeware ...) + TODO: check +CVE-2017-9220 (The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware ...) + TODO: check +CVE-2017-9219 (The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware ...) + TODO: check +CVE-2017-9218 (The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware ...) + TODO: check CVE-2017-9217 (systemd-resolved through 233 allows remote attackers to cause a denial ...) [experimental] - systemd 233-8 - systemd 232-24 (bug #863277) @@ -7843,12 +7847,11 @@ CVE-2017-7526 RESERVED CVE-2017-7525 RESERVED -CVE-2017-7524 - RESERVED +CVE-2017-7524 (tpm2-tools versions before 1.1.1 are vulnerable to a password leak due ...) + TODO: check CVE-2017-7523 RESERVED -CVE-2017-7522 [Crash mbed TLS/PolarSSL-based server] - RESERVED +CVE-2017-7522 (OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to ...) - openvpn 2.4.3-1 (unimportant) [jessie] - openvpn <not-affected> (x509-track implemented in 2.4.0) [wheezy] - openvpn <not-affected> (x509-track implemented in 2.4.0) @@ -7857,8 +7860,8 @@ CVE-2017-7522 [Crash mbed TLS/PolarSSL-based server] NOTE: http://www.openwall.com/lists/oss-security/2017/06/21/6 NOTE: In Debian openvpn is compiled against OpenSSL, thus even affected NOTE: code present. -CVE-2017-7521 [Potential double-free in --x509-alt-username and memory leaks] - RESERVED +CVE-2017-7521 (OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to ...) + {DSA-3900-1} - openvpn 2.4.3-1 (bug #865480) NOTE: Fixed by (master): https://github.com/OpenVPN/openvpn/commit/2d032c7fcdfd692c851ea2fa858b4c2d9ea7d52d NOTE: Fixed by (master): https://github.com/OpenVPN/openvpn/commit/cb4e35ece4a5b70b10ef9013be3bff263d82f32b @@ -7868,9 +7871,8 @@ CVE-2017-7521 [Potential double-free in --x509-alt-username and memory leaks] NOTE: Fixed by (2.3.x): https://github.com/OpenVPN/openvpn/commit/1dde0cd6e5e6a0f2f45ec9969b7ff1b6537514ad NOTE: https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243 NOTE: http://www.openwall.com/lists/oss-security/2017/06/21/6 -CVE-2017-7520 [Pre-authentication remote crash/information disclosure for clients] - RESERVED - {DLA-999-1} +CVE-2017-7520 (OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to ...) + {DSA-3900-1 DLA-999-1} - openvpn 2.4.3-1 (bug #865480) NOTE: Fixed by (master): https://github.com/OpenVPN/openvpn/commit/7718c8984f04b507c1885f363970e2124e3c6c77 NOTE: Fixed by (2.4.x): https://github.com/OpenVPN/openvpn/commit/043fe327878eba75efa13794c9845f85c3c629f2 @@ -7916,8 +7918,8 @@ CVE-2017-7510 CVE-2017-7509 RESERVED NOT-FOR-US: Red Hat Certificate System -CVE-2017-7508 [Remotely-triggerable ASSERT() on malformed IPv6 packet] - RESERVED +CVE-2017-7508 (OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to ...) + {DSA-3900-1} - openvpn 2.4.3-1 (bug #865480) NOTE: http://www.openwall.com/lists/oss-security/2017/06/21/6 NOTE: https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243 @@ -11691,8 +11693,7 @@ CVE-2017-6088 (Multiple SQL injection vulnerabilities in EyesOfNetwork (aka EON) NOT-FOR-US: EyesOfNetwork CVE-2017-6087 (EyesOfNetwork ("EON") 5.0 and earlier allows remote authenticated ...) NOT-FOR-US: EyesOfNetwork -CVE-2017-6086 - RESERVED +CVE-2017-6086 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...) NOT-FOR-US: ViMbAdmin CVE-2017-6085 RESERVED @@ -19803,12 +19804,12 @@ CVE-2017-2845 RESERVED CVE-2017-2844 RESERVED -CVE-2017-2843 - RESERVED -CVE-2017-2842 - RESERVED -CVE-2017-2841 - RESERVED +CVE-2017-2843 (In the web management interface in Foscam C1 Indoor HD Camera running ...) + TODO: check +CVE-2017-2842 (In the web management interface in Foscam C1 Indoor HD Camera running ...) + TODO: check +CVE-2017-2841 (An exploitable command injection vulnerability exists in the web ...) + TODO: check CVE-2017-2840 RESERVED CVE-2017-2839 @@ -20751,8 +20752,8 @@ CVE-2017-2493 RESERVED CVE-2017-2492 RESERVED -CVE-2017-2491 - RESERVED +CVE-2017-2491 (Use after free vulnerability in the String.replace method ...) + TODO: check CVE-2017-2490 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple involving Kernel component CVE-2017-2489 (An issue was discovered in certain Apple products. macOS before ...) @@ -23126,8 +23127,8 @@ CVE-2017-1330 RESERVED CVE-2017-1329 RESERVED -CVE-2017-1328 - RESERVED +CVE-2017-1328 (IBM API Connect 5.0.0.0 - 5.0.6.0 could allow a remote attacker to ...) + TODO: check CVE-2017-1327 RESERVED CVE-2017-1326 (IBM Sterling File Gateway does not properly restrict user requests ...) @@ -23138,8 +23139,8 @@ CVE-2017-1324 RESERVED CVE-2017-1323 RESERVED -CVE-2017-1322 - RESERVED +CVE-2017-1322 (IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity ...) + TODO: check CVE-2017-1321 RESERVED CVE-2017-1320 (IBM Tivoli Federated Identity Manager 6.2 is vulnerable to cross-site ...) @@ -23188,8 +23189,8 @@ CVE-2017-1299 RESERVED CVE-2017-1298 REJECTED -CVE-2017-1297 - RESERVED +CVE-2017-1297 (IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 ...) + TODO: check CVE-2017-1296 RESERVED CVE-2017-1295 @@ -23314,8 +23315,8 @@ CVE-2017-1236 RESERVED CVE-2017-1235 RESERVED -CVE-2017-1234 - RESERVED +CVE-2017-1234 (IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. This ...) + TODO: check CVE-2017-1233 RESERVED CVE-2017-1232 @@ -23573,8 +23574,8 @@ CVE-2017-1107 RESERVED CVE-2017-1106 RESERVED -CVE-2017-1105 - RESERVED +CVE-2017-1105 (IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 ...) + TODO: check CVE-2017-1104 (IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to ...) NOT-FOR-US: IBM CVE-2017-1103 (IBM Team Concert (RTC) is vulnerable to a denial of service, caused by ...) |