automatic update

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@54857 e39458fd-73e7-0310-bf30-c45bca0a0e42
author: security tracker role <sectracker@debian.org> 2017-08-18 21:10:16 +0000
committer: security tracker role <sectracker@debian.org> 2017-08-18 21:10:16 +0000
commit: 126a07533a5a46623cf557e8d4dc9ebc4ac82102 (patch)
tree: 1ba6dc5d7583b4483563d38bd54008421ecd26fe /data/CVE
parent: f82fcefdd3a4424b331f665563cab4d129202b29 (diff)
5 files changed, 314 insertions, 303 deletions
diff --git a/data/CVE/2007.list b/data/CVE/2007.list
index e49cd99e55..23aafeea3e 100644
--- a/data/CVE/2007.list
+++ b/data/CVE/2007.list
@@ -3395,8 +3395,8 @@ CVE-2007-5342 (The default catalina.policy in the JULI logging component in Apac
 	{DSA-1447-1}
 	- tomcat5.5 5.5.25-4 (low; bug #458237)
 	- tomcat5 <not-affected> (Vulnerable code not present)
-CVE-2007-5341
-	RESERVED
+CVE-2007-5341 (Remote code execution in the Venkman script debugger in Mozilla ...)
+	TODO: check
 CVE-2007-5340 (Multiple vulnerabilities in the Javascript engine in Mozilla Firefox ...)
 	{DSA-1401-1 DSA-1396-1 DSA-1392-1 DSA-1391-1 DTSA-69-1 DTSA-71-1 DTSA-80-1}
 	- iceweasel 2.0.0.8-1 (high)
@@ -3752,8 +3752,8 @@ CVE-2007-5200 (hugin, as used on various operating systems including SUSE openSU
 	{DTSA-74-1}
 	- hugin 0.6.1-1.1 (low; bug #447344)
 	[etch] - hugin <no-dsa> (Minor issue)
-CVE-2007-5199
-	RESERVED
+CVE-2007-5199 (A single byte overflow in catalogue.c in X.Org libXfont 1.3.1 allows ...)
+	TODO: check
 CVE-2007-5198 (Buffer overflow in the redir function in check_http.c in Nagios ...)
 	{DSA-1495-1 DTSA-67-1}
 	- nagios-plugins 1.4.8-2.2 (low; bug #445475)
diff --git a/data/CVE/2014.list b/data/CVE/2014.list
index 496b2bb18b..68e01bbd60 100644
--- a/data/CVE/2014.list
+++ b/data/CVE/2014.list
@@ -77,37 +77,37 @@ CVE-2014-9984 (nscd in the GNU C Library (aka glibc or libc6) before version 2.2
 	NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c44496df2f090a56d3bf75df930592dac6bba46f
 CVE-2014-9982
 	RESERVED
-CVE-2014-9981
-	RESERVED
-CVE-2014-9980
-	RESERVED
-CVE-2014-9979
-	RESERVED
-CVE-2014-9978
-	RESERVED
-CVE-2014-9977
-	RESERVED
-CVE-2014-9976
-	RESERVED
-CVE-2014-9975
-	RESERVED
-CVE-2014-9974
-	RESERVED
-CVE-2014-9973
-	RESERVED
-CVE-2014-9972
-	RESERVED
-CVE-2014-9971
-	RESERVED
+CVE-2014-9981 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2014-9980 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2014-9979 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2014-9978 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2014-9977 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2014-9976 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2014-9975 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2014-9974 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2014-9973 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2014-9972 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2014-9971 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
 CVE-2014-9970 (jasypt before 1.9.2 allows a timing attack against the password hash ...)
 	- jasypt 1.9.2-1
 	[jessie] - jasypt <no-dsa> (Minor issue)
 	[wheezy] - jasypt <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/jasypt/code/668/
-CVE-2014-9969
-	RESERVED
-CVE-2014-9968
-	RESERVED
+CVE-2014-9969 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2014-9968 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
 CVE-2014-9967 (In all Android releases from CAF using the Linux kernel, an untrusted ...)
 	NOT-FOR-US: Qualcomm component for Android
 CVE-2014-9966 (In all Android releases from CAF using the Linux kernel, a ...)
@@ -2081,8 +2081,8 @@ CVE-2014-9424 (Double free vulnerability in the ssl_parse_clienthello_use_srtp_e
 	- libressl <itp> (bug #754513)
 CVE-2014-9412 (Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access ...)
 	NOT-FOR-US: NetIQ Access Manager
-CVE-2014-9411
-	RESERVED
+CVE-2014-9411 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
 CVE-2014-9410 (The vfe31_proc_general function in ...)
 	NOT-FOR-US: Qualcomm driver for Android
 CVE-2014-9409
@@ -17201,8 +17201,7 @@ CVE-2014-3454 (Cross-site request forgery (CSRF) vulnerability in ...)
 	NOT-FOR-US: MediaWiki extension SemanticForms
 CVE-2014-3452 (Filters\LAV\avfilter-lav-4.dll in K-lite Codec 10.4.5 and earlier ...)
 	NOT-FOR-US: K-lite Codec
-CVE-2014-3451
-	RESERVED
+CVE-2014-3451 (OpenFire XMPP Server before 3.10 accepts self-signed certificates, ...)
 	NOT-FOR-US: Openfire
 CVE-2014-3450 (Unspecified vulnerability in Panda Gold Protection and Global ...)
 	NOT-FOR-US: Panda
diff --git a/data/CVE/2015.list b/data/CVE/2015.list
index 9d62a98ece..f5fd53996c 100644
--- a/data/CVE/2015.list
+++ b/data/CVE/2015.list
@@ -304,34 +304,34 @@ CVE-2015-9075
 	RESERVED
 CVE-2015-9074
 	RESERVED
-CVE-2015-9073
-	RESERVED
-CVE-2015-9072
-	RESERVED
-CVE-2015-9071
-	RESERVED
-CVE-2015-9070
-	RESERVED
-CVE-2015-9069
-	RESERVED
-CVE-2015-9068
-	RESERVED
-CVE-2015-9067
-	RESERVED
-CVE-2015-9066
-	RESERVED
-CVE-2015-9065
-	RESERVED
-CVE-2015-9064
-	RESERVED
-CVE-2015-9063
-	RESERVED
-CVE-2015-9062
-	RESERVED
-CVE-2015-9061
-	RESERVED
-CVE-2015-9060
-	RESERVED
+CVE-2015-9073 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2015-9072 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2015-9071 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2015-9070 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2015-9069 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2015-9068 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2015-9067 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2015-9066 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2015-9065 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2015-9064 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2015-9063 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2015-9062 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2015-9061 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2015-9060 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
 CVE-2015-9059 (picocom before 2.0 has a command injection vulnerability in the 'send ...)
 	{DLA-974-1}
 	- picocom 1.7-2 (bug #863671)
@@ -343,50 +343,50 @@ CVE-2015-9057 (Multiple cross-site scripting (XSS) vulnerabilities in Proxmox Ma
 	NOT-FOR-US: Proxmox Mail Gateway
 CVE-2015-9056 (Kibana versions prior to 4.1.3 and 4.2.1 are vulnerable to a XSS ...)
 	- kibana <itp> (bug #700337)
-CVE-2015-9055
-	RESERVED
-CVE-2015-9054
-	RESERVED
-CVE-2015-9053
-	RESERVED
-CVE-2015-9052
-	RESERVED
-CVE-2015-9051
-	RESERVED
-CVE-2015-9050
-	RESERVED
-CVE-2015-9049
-	RESERVED
-CVE-2015-9048
-	RESERVED
-CVE-2015-9047
-	RESERVED
-CVE-2015-9046
-	RESERVED
-CVE-2015-9045
-	RESERVED
-CVE-2015-9044
-	RESERVED
-CVE-2015-9043
-	RESERVED
-CVE-2015-9042
-	RESERVED
-CVE-2015-9041
-	RESERVED
-CVE-2015-9040
-	RESERVED
-CVE-2015-9039
-	RESERVED
-CVE-2015-9038
-	RESERVED
-CVE-2015-9037
-	RESERVED
-CVE-2015-9036
-	RESERVED
-CVE-2015-9035
-	RESERVED
-CVE-2015-9034
-	RESERVED
+CVE-2015-9055 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2015-9054 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2015-9053 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2015-9052 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2015-9051 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2015-9050 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2015-9049 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2015-9048 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2015-9047 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2015-9046 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2015-9045 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2015-9044 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2015-9043 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2015-9042 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2015-9041 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2015-9040 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2015-9039 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2015-9038 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2015-9037 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2015-9036 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2015-9035 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2015-9034 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
 CVE-2015-9033 (In all Android releases from CAF using the Linux kernel, a QTEE system ...)
 	NOT-FOR-US: Qualcomm component for Android
 CVE-2015-9032 (In all Android releases from CAF using the Linux kernel, a DRM key was ...)
@@ -2270,16 +2270,16 @@ CVE-2015-8598
 	RESERVED
 CVE-2015-8597 (Open redirect vulnerability in Blue Coat ProxySG 6.5 before 6.5.8.8 ...)
 	NOT-FOR-US: Blue Coat
-CVE-2015-8596
-	RESERVED
-CVE-2015-8595
-	RESERVED
-CVE-2015-8594
-	RESERVED
-CVE-2015-8593
-	RESERVED
-CVE-2015-8592
-	RESERVED
+CVE-2015-8596 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2015-8595 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2015-8594 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2015-8593 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2015-8592 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
 CVE-2015-8612 (The EnableNetwork method in the Network class in ...)
 	{DSA-3427-1}
 	- blueman 2.0.3-1
@@ -4267,8 +4267,7 @@ CVE-2015-7947
 	RESERVED
 CVE-2015-7946
 	RESERVED
-CVE-2015-7945 [DRBD secret leak]
-	RESERVED
+CVE-2015-7945 (The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti ...)
 	{DSA-3431-1}
 	- ganeti 2.15.2-1 (bug #809538)
 	[squeeze] - ganeti <end-of-life> (Depends on KVM/Xen, unsupported in Squeeze LTS)
@@ -4277,8 +4276,7 @@ CVE-2015-7945 [DRBD secret leak]
 	NOTE: http://git.ganeti.org/?p=ganeti.git;a=commit;h=6e94ad76446904961744f9b0826414a5e4120693
 	NOTE: http://git.ganeti.org/?p=ganeti.git;a=commit;h=6d44be24c50944fc35de7a490bc836938a82e1df
 	NOTE: http://git.ganeti.org/?p=ganeti.git;a=commit;h=6f9ba80f8312d5607da70841f698c49000a31126
-CVE-2015-7944 [DoS]
-	RESERVED
+CVE-2015-7944 (The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti ...)
 	{DSA-3431-1}
 	- ganeti 2.15.2-1 (bug #809537)
 	[squeeze] - ganeti <end-of-life> (Depends on KVM/Xen, unsupported in Squeeze LTS)
@@ -12115,8 +12113,7 @@ CVE-2015-5154 (Heap-based buffer overflow in the IDE subsystem in QEMU, as used
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=cb72cba83021fa42719e73a5249c12096a4d1cfc
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=03441c3a4a42beb25460dd11592539030337d0f8
 	NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=ce560dcf20c14194db5ef3b9fc1ea592d4e68109 (v1.3.0-rc0)
-CVE-2015-5153
-	RESERVED
+CVE-2015-5153 (Pulp does not remove permissions for named objects upon deletion, ...)
 	NOT-FOR-US: Pulp (Red Hat)
 CVE-2015-5152 (Foreman after 1.1 and before 1.9.0-RC1 does not redirect HTTP requests ...)
 	- foreman <itp> (bug #663101)
@@ -12299,8 +12296,7 @@ CVE-2015-5147 (Stack-based buffer overflow in the header_anchor function in the
 	- ruby-redcarpet <not-affected> (Affects v3.3.0 - v3.3.1)
 	NOTE: https://github.com/vmg/redcarpet/commit/2cee777c1e5babe8a1e2683d31ea75cc4afe55fb
 	NOTE: http://www.openwall.com/lists/oss-security/2015/06/29/3
-CVE-2015-5081 [CSRF]
-	RESERVED
+CVE-2015-5081 (Cross-site request forgery (CSRF) vulnerability in django CMS before ...)
 	- python-django-cms <itp> (bug #516183)
 CVE-2015-5073 (Heap-based buffer overflow in the find_fixedlength function in ...)
 	- pcre3 2:8.35-7 (bug #790000)
@@ -13349,8 +13345,7 @@ CVE-2015-5059 (The &quot;Project Documentation&quot; feature in MantisBT 1.2.19
 	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
 	NOTE: http://github.com/mantisbt/mantisbt/commit/f39cf525 (1.2.x)
 	NOTE: https://mantisbt.org/bugs/view.php?id=19873
-CVE-2015-5057
-	RESERVED
+CVE-2015-5057 (Cross-site scripting (XSS) vulnerability exists in the Wordpress admin ...)
 	NOT-FOR-US: WordPress plugin broken-link-checker
 CVE-2015-4707 [IPython XSS in JSON error responses -- /api/notebooks path]
 	RESERVED
@@ -13951,8 +13946,8 @@ CVE-2015-4466
 	RESERVED
 CVE-2015-4465 (Cross-site scripting (XSS) vulnerability in the zM Ajax Login &amp; ...)
 	NOT-FOR-US: WordPress plugin zM Ajax Login & Register
-CVE-2015-4464
-	RESERVED
+CVE-2015-4464 (Kguard Digital Video Recorder 104, 108, v2 does not have any ...)
+	TODO: check
 CVE-2015-4463 (The file_manager component in eFront CMS before 3.6.15.5 allows remote ...)
 	NOT-FOR-US: eFront CMS
 CVE-2015-4462 (Absolute path traversal vulnerability in the file_manager component of ...)
@@ -14935,8 +14930,8 @@ CVE-2015-4073
 	RESERVED
 CVE-2015-4072
 	RESERVED
-CVE-2015-4071
-	RESERVED
+CVE-2015-4071 (The Helpdesk Pro Plugin before 1.4.0 for Joomla! allows remote ...)
+	TODO: check
 CVE-2015-4070 (Open redirect vulnerability in the proxyimages function in ...)
 	NOT-FOR-US: Wow Moodboard Lite
 CVE-2015-4069 (The EdgeServiceImpl web service in Arcserve UDP before 5.0 Update 4 ...)
@@ -14967,8 +14962,7 @@ CVE-2015-XXXX [hwclock(8) SUID privilege escalation]
 	NOTE: hwclock is not installed suid in Debian
 	NOTE: https://github.com/karelzak/util-linux/commit/687cc5d58942b24a9f4013c68876d8cbea907ab1
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/26/10
-CVE-2015-4082 [encrypted backups attack]
-	RESERVED
+CVE-2015-4082 (attic before 0.15 does not confirm unencrypted backups with the user, ...)
 	- attic 0.16-1 (bug #787435)
 	[jessie] - attic <no-dsa> (Minor issue)
 	NOTE: https://github.com/jborg/attic/issues/271
@@ -16001,8 +15995,8 @@ CVE-2015-3651
 	RESERVED
 CVE-2015-3650 (vmware-vmx.exe in VMware Workstation 7.x through 10.x before 10.0.7 ...)
 	NOT-FOR-US: VMware
-CVE-2015-3649
-	RESERVED
+CVE-2015-3649 (The open-uri-cached rubygem allows local users to execute arbitrary ...)
+	TODO: check
 CVE-2015-3648 (Directory traversal vulnerability in pages/setup.php in Montala ...)
 	NOT-FOR-US: ResourceSpace
 CVE-2015-3647 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
@@ -20485,8 +20479,7 @@ CVE-2015-2194 (Unrestricted file upload vulnerability in the fusion_options func
 	NOT-FOR-US: fusion_options function in functions.php in the Fusion theme for WordPress
 CVE-2015-2193
 	RESERVED
-CVE-2015-2675 [Invalid pointer dereference in the GNOME librest library]
-	RESERVED
+CVE-2015-2675 (The OAuth implementation in librest before 0.7.93 incorrectly ...)
 	- librest 0.7.92-3 (bug #780101)
 	[wheezy] - librest <not-affected> (rest_proxy_call_get_url not yet used)
 	[squeeze] - librest <not-affected> (rest_proxy_call_get_url not yet used)
@@ -21274,8 +21267,8 @@ CVE-2015-2034 (Cross-site scripting (XSS) vulnerability in the administrative ba
 	- piwigo <removed>
 	[squeeze] - piwigo <end-of-life> (Unsupported in squeeze-lts)
 	NOTE: Request to mark the package as unsupported in #779104
-CVE-2015-1878
-	RESERVED
+CVE-2015-1878 (Thales nShield Connect hardware models 500, 1500, 6000, 500+, 1500+, ...)
+	TODO: check
 CVE-2015-1876
 	RESERVED
 CVE-2015-1875 (SQL injection vulnerability in a2billing/customer/iridium_threed.php ...)
@@ -21502,8 +21495,7 @@ CVE-2015-1819 (The xmlreader in libxml allows remote attackers to cause a denial
 	NOTE: Concerns by Florian Weimer: https://bugzilla.gnome.org/show_bug.cgi?id=748278
 CVE-2015-1818 (XML external entity (XXE) vulnerability in the dashbuilder import ...)
 	NOT-FOR-US: JBoss dashbuilder
-CVE-2015-1817 [stack-based buffer overflow in ipv6 literal parsing]
-	RESERVED
+CVE-2015-1817 (Stack-based buffer overflow in the inet_pton function in ...)
 	- musl 1.1.5-2 (bug #781497)
 CVE-2015-1816 (Forman before 1.7.4 does not verify SSL certificates for LDAP ...)
 	- foreman <itp> (bug #663101)
@@ -25078,12 +25070,12 @@ CVE-2015-0578 (Cisco Adaptive Security Appliance (ASA) Software, when a DHCPv6 r
 	NOT-FOR-US: Cisco Adaptive Security Appliance
 CVE-2015-0577 (Multiple cross-site scripting (XSS) vulnerabilities in the IronPort ...)
 	NOT-FOR-US: Cisco AsyncOS
-CVE-2015-0576
-	RESERVED
-CVE-2015-0575
-	RESERVED
-CVE-2015-0574
-	RESERVED
+CVE-2015-0576 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2015-0575 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2015-0574 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
 CVE-2015-0573 (drivers/media/platform/msm/broadcast/tsc.c in the TSC driver for the ...)
 	NOT-FOR-US: Qualcomm driver for Android
 CVE-2015-0572 (Multiple race conditions in drivers/char/adsprpc.c and ...)
diff --git a/data/CVE/2016.list b/data/CVE/2016.list
index ee4500a0e4..ca9b0f64e2 100644
--- a/data/CVE/2016.list
+++ b/data/CVE/2016.list
@@ -233,32 +233,32 @@ CVE-2016-10394
 	RESERVED
 CVE-2016-10393
 	RESERVED
-CVE-2016-10392
-	RESERVED
-CVE-2016-10391
-	RESERVED
-CVE-2016-10390
-	RESERVED
-CVE-2016-10389
-	RESERVED
-CVE-2016-10388
-	RESERVED
-CVE-2016-10387
-	RESERVED
-CVE-2016-10386
-	RESERVED
-CVE-2016-10385
-	RESERVED
-CVE-2016-10384
-	RESERVED
-CVE-2016-10383
-	RESERVED
-CVE-2016-10382
-	RESERVED
-CVE-2016-10381
-	RESERVED
-CVE-2016-10380
-	RESERVED
+CVE-2016-10392 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2016-10391 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2016-10390 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2016-10389 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2016-10388 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2016-10387 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2016-10386 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2016-10385 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2016-10384 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2016-10383 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2016-10382 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2016-10381 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2016-10380 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
 CVE-2016-10379 (The VirtueMart com_virtuemart component 3.0.14 for Joomla! allows SQL ...)
 	NOT-FOR-US: Joomla addon
 CVE-2016-10378 (e107 2.1.1 allows SQL injection by remote authenticated administrators ...)
@@ -386,18 +386,18 @@ CVE-2016-10349 (The archive_le32dec function in archive_endian.h in libarchive 3
 	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/88eb9e1d73fef46f04677c25b1697b8e25777ed3
 CVE-2016-10348
 	RESERVED
-CVE-2016-10347
-	RESERVED
-CVE-2016-10346
-	RESERVED
+CVE-2016-10347 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2016-10346 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
 CVE-2016-10345 (In Phusion Passenger before 5.1.0, a known /tmp filename was used ...)
 	- passenger <unfixed> (unimportant)
 	NOTE: https://github.com/phusion/passenger/commit/e5b4b0824d6b648525b4bf63d9fa37e5beeae441
 	NOTE: Source present, but passenger-install-nginx-module not installed
-CVE-2016-10344
-	RESERVED
-CVE-2016-10343
-	RESERVED
+CVE-2016-10344 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2016-10343 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
 CVE-2016-10342 (In all Android releases from CAF using the Linux kernel, a buffer ...)
 	NOT-FOR-US: Qualcomm component for Android
 CVE-2016-10341 (In all Android releases from CAF using the Linux kernel, 3rd party ...)
@@ -14435,10 +14435,10 @@ CVE-2016-5875 [tiff: heap-based buffer overflow when using the PixarLog compress
 	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0205/
 CVE-2016-5874 (Siemens SIMATIC NET PC-Software before 13 SP2 allows remote attackers ...)
 	NOT-FOR-US: Siemens
-CVE-2016-5872
-	RESERVED
-CVE-2016-5871
-	RESERVED
+CVE-2016-5872 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2016-5871 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
 CVE-2016-5870 (The msm_ipc_router_close function in net/ipc_router/ipc_router_socket.c ...)
 	- linux <not-affected> (Qualcomm-specific kernel patch)
 CVE-2016-5869
diff --git a/data/CVE/2017.list b/data/CVE/2017.list
index 0a067d94a6..447794c13a 100644
--- a/data/CVE/2017.list
+++ b/data/CVE/2017.list
@@ -1,36 +1,62 @@
-CVE-2017-12942 [buffer overflow in the Unpack::LongLZ function]
+CVE-2017-12954
+	RESERVED
+CVE-2017-12953
+	RESERVED
+CVE-2017-12952
+	RESERVED
+CVE-2017-12951
+	RESERVED
+CVE-2017-12950
+	RESERVED
+CVE-2017-12949 (lib\modules\contributors\contributor_list_table.php in the Podlove ...)
+	TODO: check
+CVE-2017-12948 (Core\Admin\PFTemplater.php in the PressForward plugin 4.3.0 and earlier ...)
+	TODO: check
+CVE-2017-12947 (classes\controller\admin\modals.php in the Easy Modal plugin before ...)
+	TODO: check
+CVE-2017-12946 (classes\controller\admin\modals.php in the Easy Modal plugin before ...)
+	TODO: check
+CVE-2017-12945
+	RESERVED
+CVE-2017-12944 (The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 ...)
+	TODO: check
+CVE-2017-12943 (D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers ...)
+	TODO: check
+CVE-2017-12939 (A Remote Code Execution vulnerability was identified in all Windows ...)
+	TODO: check
+CVE-2017-12942 (libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the ...)
 	- unrar-nonfree <unfixed>
 	[stretch] - unrar-nonfree <no-dsa> (Non-free not supported)	
 	[jessie] - unrar-nonfree <no-dsa> (Non-free not supported)
 	[wheezy] - unrar-nonfree <no-dsa> (Non-free not supported)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/6
-CVE-2017-12941 [out-of-bounds read in the Unpack::Unpack20 function]
+CVE-2017-12941 (libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the ...)
 	- unrar-nonfree <unfixed>
 	[stretch] - unrar-nonfree <no-dsa> (Non-free not supported)	
 	[jessie] - unrar-nonfree <no-dsa> (Non-free not supported)
 	[wheezy] - unrar-nonfree <no-dsa> (Non-free not supported)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/6
-CVE-2017-12940 [out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function]
+CVE-2017-12940 (libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the ...)
 	- unrar-nonfree <unfixed>
 	[stretch] - unrar-nonfree <no-dsa> (Non-free not supported)	
 	[jessie] - unrar-nonfree <no-dsa> (Non-free not supported)
 	[wheezy] - unrar-nonfree <no-dsa> (Non-free not supported)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/6
-CVE-2017-12938 [directory traversal]
+CVE-2017-12938 (UnRAR before 5.5.7 allows remote attackers to bypass a ...)
 	- unrar-nonfree <unfixed>
 	[stretch] - unrar-nonfree <no-dsa> (Non-free not supported)	
 	[jessie] - unrar-nonfree <no-dsa> (Non-free not supported)
 	[wheezy] - unrar-nonfree <no-dsa> (Non-free not supported)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/2
-CVE-2017-12937 [heap-based buffer overflow in ReadSUNImage (sun.c)]
+CVE-2017-12937 (The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has ...)
 	- graphicsmagick <unfixed> (bug #872574)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/5
 	NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/95d00d55e978
-CVE-2017-12936 [use-after-free in ReadWMFImage (wmf.c)]
+CVE-2017-12936 (The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has ...)
 	- graphicsmagick <unfixed> (bug #872575)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/3
 	NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/be898b7c97bd
-CVE-2017-12935 [invalid memory read in SetImageColorCallBack (image.c)]
+CVE-2017-12935 (The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 ...)
 	- graphicsmagick <unfixed> (bug #872576)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/4
 	NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/cd699a44f188
@@ -93,6 +119,7 @@ CVE-2017-12905
 	RESERVED
 CVE-2017-12904 [RCE in newbeuter when bookmarking malicious article]
 	RESERVED
+	{DSA-3947-1}
 	- newsbeuter 2.9-6
 	NOTE: https://github.com/akrennmair/newsbeuter/issues/591
 	NOTE: https://github.com/akrennmair/newsbeuter/commit/96e9506ae9e252c548665152d1b8968297128307
@@ -170,11 +197,9 @@ CVE-2017-12884
 	RESERVED
 CVE-2017-12883
 	RESERVED
-CVE-2017-12882
-	RESERVED
+CVE-2017-12882 (Stored Cross-site scripting (XSS) vulnerability in Spring Batch Admin ...)
 	NOT-FOR-US: Spring Batch Admin
-CVE-2017-12881
-	RESERVED
+CVE-2017-12881 (Cross-site request forgery (CSRF) vulnerability in the Spring Batch ...)
 	NOT-FOR-US: Spring Batch Admin
 CVE-2017-12880
 	REJECTED
@@ -212,8 +237,8 @@ CVE-2017-12861
 	RESERVED
 CVE-2017-12860
 	RESERVED
-CVE-2017-12859
-	RESERVED
+CVE-2017-12859 (NetApp Data ONTAP before 8.2.5, when operating in 7-Mode in NFS ...)
+	TODO: check
 CVE-2017-12858
 	RESERVED
 CVE-2017-12857
@@ -471,8 +496,8 @@ CVE-2017-1000115 [path traversal via symlink]
 	NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.282017-08-10.29
 CVE-2017-12777 (Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via some ...)
 	NOT-FOR-US: NexusPHP
-CVE-2017-12776
-	RESERVED
+CVE-2017-12776 (SQL injection vulnerability in reports.php in NexusPHP 1.5 allows ...)
+	TODO: check
 CVE-2017-12775
 	RESERVED
 CVE-2017-12774 (finecms in 1.9.5\controllers\member\ContentController.php allows ...)
@@ -679,8 +704,8 @@ CVE-2017-12682
 	RESERVED
 CVE-2017-12681
 	RESERVED
-CVE-2017-12680
-	RESERVED
+CVE-2017-12680 (Cross-Site Scripting (XSS) exists in NexusPHP 1.5 via the type ...)
+	TODO: check
 CVE-2017-12679
 	RESERVED
 CVE-2017-12678 (In TagLib 1.11.1, the rebuildAggregateFrames function in ...)
@@ -885,16 +910,16 @@ CVE-2017-12595
 	RESERVED
 CVE-2017-12594
 	RESERVED
-CVE-2017-12593
-	RESERVED
-CVE-2017-12592
-	RESERVED
-CVE-2017-12591
-	RESERVED
+CVE-2017-12593 (ASUS DSL-N10S V2.1.16_APAC devices allow CSRF. ...)
+	TODO: check
+CVE-2017-12592 (ASUS DSL-N10S V2.1.16_APAC devices have a privilege escalation ...)
+	TODO: check
+CVE-2017-12591 (ASUS DSL-N10S V2.1.16_APAC devices have reflected and stored cross ...)
+	TODO: check
 CVE-2017-12590
 	RESERVED
-CVE-2017-12589
-	RESERVED
+CVE-2017-12589 (ToMAX R60G R60GV2-V2.0-v.2.6.3-170330 devices do not have any ...)
+	TODO: check
 CVE-2017-12588 (The zmq3 input and output modules in rsyslog before 8.28.0 interpreted ...)
 	- rsyslog 8.28.0-1 (unimportant)
 	NOTE: https://github.com/rsyslog/rsyslog/commit/062d0c671a29f7c6f7dff4a2f1f35df375bbb30b
@@ -916,8 +941,8 @@ CVE-2017-12583 (DokuWiki through 2017-02-19b has XSS in the at parameter (aka th
 	[jessie] - dokuwiki <not-affected> (Vulnerable code not present)
 	[wheezy] - dokuwiki <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/splitbrain/dokuwiki/issues/2061
-CVE-2017-12582
-	RESERVED
+CVE-2017-12582 (Unprivileged user can access all functions in the Surveillance Station ...)
+	TODO: check
 CVE-2017-12581 (GitHub Electron before 1.6.8 allows remote command execution because of ...)
 	NOT-FOR-US: Electron
 CVE-2017-12580
@@ -1283,8 +1308,8 @@ CVE-2017-12442 (The row_is_empty function in base/4bitmap.c:272 in minidjvu 0.8
 CVE-2017-12441 (The row_is_empty function in base/4bitmap.c:274 in minidjvu 0.8 can ...)
 	- minidjvu <unfixed> (unimportant; bug #871495)
 	NOTE: https://sourceforge.net/p/minidjvu/bugs/8/
-CVE-2017-12440
-	RESERVED
+CVE-2017-12440 (Aodh as packaged in Openstack Ocata and Newton before change-ID ...)
+	TODO: check
 CVE-2017-12439 (SocuSoft Flash Slideshow Maker Professional through v5.20, when the ...)
 	NOT-FOR-US: SocuSoft Flash Slideshow Maker Professional
 CVE-2017-12438
@@ -1339,8 +1364,8 @@ CVE-2017-12422
 	RESERVED
 CVE-2017-12421
 	RESERVED
-CVE-2017-12420
-	RESERVED
+CVE-2017-12420 (Heap-based buffer overflow in the SMB implementation in NetApp ...)
+	TODO: check
 CVE-2017-12419 (If, after successful installation of MantisBT through 2.5.2 on ...)
 	- mantis <removed>
 	[wheezy] - mantis <end-of-life> (Not supported in Wheezy)
@@ -3106,10 +3131,10 @@ CVE-2017-11654 (An out-of-bounds read and write flaw was found in the way SIPcra
 	[jessie] - sipcrack <no-dsa> (Minor issue)
 	[wheezy] - sipcrack <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/07/26/1
-CVE-2017-11653
-	RESERVED
-CVE-2017-11652
-	RESERVED
+CVE-2017-11653 (Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the ...)
+	TODO: check
+CVE-2017-11652 (Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the ...)
+	TODO: check
 CVE-2017-11651 (NexusPHP V1.5 has XSS via a javascript: or data: URL in a UBBCode url ...)
 	NOT-FOR-US: NexusPHP
 CVE-2017-11650
@@ -4407,8 +4432,8 @@ CVE-2017-11187 (phpMyFAQ before 2.9.8 does not properly mitigate brute-force att
 	NOT-FOR-US: phpMyFAQ
 CVE-2017-11186
 	RESERVED
-CVE-2017-11185 [denial of service in the gmp plugin]
-	RESERVED
+CVE-2017-11185 (The gmp plugin in strongSwan before 5.6.0 allows remote attackers to ...)
+	{DLA-1059-1}
 	- strongswan <unfixed> (bug #872155)
 	NOTE: https://www.strongswan.org/blog/2017/08/14/strongswan-vulnerability-(cve-2017-11185).html
 	NOTE: https://git.strongswan.org/?p=strongswan.git;a=commit;h=ef5c37fcdf47273feea320091598135688df4ef7
@@ -4518,8 +4543,8 @@ CVE-2017-11162
 	RESERVED
 CVE-2017-11161
 	RESERVED
-CVE-2017-11160
-	RESERVED
+CVE-2017-11160 (Multiple untrusted search path vulnerabilities in installer in ...)
+	TODO: check
 CVE-2017-11159
 	RESERVED
 CVE-2017-11158
@@ -5583,14 +5608,14 @@ CVE-2017-10826
 	RESERVED
 CVE-2017-10825
 	RESERVED
-CVE-2017-10824
-	RESERVED
-CVE-2017-10823
-	RESERVED
-CVE-2017-10822
-	RESERVED
-CVE-2017-10821
-	RESERVED
+CVE-2017-10824 (Untrusted search path vulnerability in TDB CA TypeA use software ...)
+	TODO: check
+CVE-2017-10823 (Untrusted search path vulnerability in Installer for Shin Kinkyuji ...)
+	TODO: check
+CVE-2017-10822 (Untrusted search path vulnerability in Installer for Shin Sekiyu Yunyu ...)
+	TODO: check
+CVE-2017-10821 (Untrusted search path vulnerability in Installer for Shin Kikan Toukei ...)
+	TODO: check
 CVE-2017-10820 (Untrusted search path vulnerability in Installer of IP Messenger for ...)
 	NOT-FOR-US: Installer of IP Messenger for Win
 CVE-2017-10819 (MaLion for Mac 4.3.0 to 5.2.1 does not properly validate certificates, ...)
@@ -5609,8 +5634,8 @@ CVE-2017-10813
 	RESERVED
 CVE-2017-10812
 	RESERVED
-CVE-2017-10811
-	RESERVED
+CVE-2017-10811 (Buffalo WCR-1166DS devices with firmware 1.30 and earlier allow an ...)
+	TODO: check
 CVE-2017-10810 (Memory leak in the virtio_gpu_object_create function in ...)
 	{DSA-3927-1}
 	- linux 4.11.11-1 (low)
@@ -5978,8 +6003,8 @@ CVE-2017-10667 (In index.php in Zen Cart 1.6.0, the products_id parameter can ca
 	NOT-FOR-US: Zen Cart
 CVE-2017-10666
 	RESERVED
-CVE-2017-10665
-	RESERVED
+CVE-2017-10665 (Directory traversal vulnerability in ajaxfileupload.php in Kayson ...)
+	TODO: check
 CVE-2017-9998 (The _dwarf_decode_s_leb128_chk function in dwarf_leb.c in libdwarf ...)
 	- dwarfutils 20170416-3 (bug #866968)
 	[stretch] - dwarfutils 20161124-1+deb9u1
@@ -6622,8 +6647,8 @@ CVE-2017-9818
 	RESERVED
 CVE-2017-9817
 	RESERVED
-CVE-2017-9816
-	RESERVED
+CVE-2017-9816 (Cross-site scripting (XSS) vulnerability in Paessler PRTG Network ...)
+	TODO: check
 CVE-2017-9815 (In LibTIFF 4.0.7, the TIFFReadDirEntryLong8Array function in ...)
 	- tiff 4.0.8-1
 	[jessie] - tiff <no-dsa> (Minor issue)
@@ -8090,8 +8115,8 @@ CVE-2017-9769 (A specially crafted IOCTL can be issued to the rzpnk.sys driver i
 	NOT-FOR-US: Razer Synapse
 CVE-2017-9768
 	RESERVED
-CVE-2017-9767
-	RESERVED
+CVE-2017-9767 (Multiple cross-site scripting (XSS) vulnerabilities in Quali ...)
+	TODO: check
 CVE-2017-9766 (In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows ...)
 	- wireshark 2.4.0-1 (bug #870175)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13811
@@ -8489,27 +8514,22 @@ CVE-2017-9687
 	RESERVED
 CVE-2017-9686
 	RESERVED
-CVE-2017-9685
-	RESERVED
-CVE-2017-9684
-	RESERVED
+CVE-2017-9685 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2017-9684 (In all Qualcomm products with Android releases from CAF using the ...)
 	NOT-FOR-US: Qualcomm driver for Android
 CVE-2017-9683
 	RESERVED
-CVE-2017-9682
-	RESERVED
+CVE-2017-9682 (In all Qualcomm products with Android releases from CAF using the ...)
 	NOT-FOR-US: Qualcomm driver for Android
 CVE-2017-9681
 	RESERVED
 	NOT-FOR-US: Google drivers for Android
-CVE-2017-9680
-	RESERVED
+CVE-2017-9680 (In all Qualcomm products with Android releases from CAF using the ...)
 	NOT-FOR-US: Google drivers for Android
-CVE-2017-9679
-	RESERVED
+CVE-2017-9679 (In all Qualcomm products with Android releases from CAF using the ...)
 	NOT-FOR-US: Google drivers for Android
-CVE-2017-9678
-	RESERVED
+CVE-2017-9678 (In all Qualcomm products with Android releases from CAF using the ...)
 	NOT-FOR-US: Qualcomm driver for Android
 CVE-2017-9677
 	RESERVED
@@ -9082,8 +9102,8 @@ CVE-2017-9456
 	RESERVED
 CVE-2017-9455
 	RESERVED
-CVE-2017-9454
-	RESERVED
+CVE-2017-9454 (Buffer overflow in the ares_parse_a_reply function in the embedded ...)
+	TODO: check
 CVE-2017-9453
 	RESERVED
 CVE-2017-9452 (Cross-site scripting (XSS) vulnerability in admin.php in Piwigo 2.9.0 ...)
@@ -11814,10 +11834,10 @@ CVE-2017-8448
 	RESERVED
 CVE-2017-8447
 	RESERVED
-CVE-2017-8446
-	RESERVED
-CVE-2017-8445
-	RESERVED
+CVE-2017-8446 (The Reporting feature in X-Pack in versions prior to 5.5.2 and ...)
+	TODO: check
+CVE-2017-8445 (An error was found in the X-Pack Security TLS trust manager for ...)
+	TODO: check
 CVE-2017-8444
 	RESERVED
 CVE-2017-8443 (In Kibana X-Pack security versions prior to 5.4.3 if a Kibana user ...)
@@ -12366,46 +12386,46 @@ CVE-2017-8274
 	RESERVED
 CVE-2017-8273 (In all Qualcomm products with Android release from CAF using the Linux ...)
 	NOT-FOR-US: Qualcomm driver for Android
-CVE-2017-8272
-	RESERVED
+CVE-2017-8272 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
 CVE-2017-8271 (Out of bound memory write can happen in the MDSS Rotator driver in all ...)
 	NOT-FOR-US: Qualcomm driver for Android
-CVE-2017-8270
-	RESERVED
+CVE-2017-8270 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
 CVE-2017-8269 (Userspace-controlled non null terminated parameter for IPA WAN ioctl ...)
 	NOT-FOR-US: Qualcomm driver for Android
-CVE-2017-8268
-	RESERVED
-CVE-2017-8267
-	RESERVED
-CVE-2017-8266
-	RESERVED
-CVE-2017-8265
-	RESERVED
+CVE-2017-8268 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2017-8267 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2017-8266 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2017-8265 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
 CVE-2017-8264 (A userspace process can cause a Denial of Service in the camera driver ...)
 	NOT-FOR-US: Qualcomm driver for Android
-CVE-2017-8263
-	RESERVED
-CVE-2017-8262
-	RESERVED
-CVE-2017-8261
-	RESERVED
-CVE-2017-8260
-	RESERVED
+CVE-2017-8263 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2017-8262 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2017-8261 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2017-8260 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
 CVE-2017-8259 (In the service locator in all Qualcomm products with Android releases ...)
 	NOT-FOR-US: Qualcomm driver for Android
 CVE-2017-8258 (An array out-of-bounds access in all Qualcomm products with Android ...)
 	NOT-FOR-US: Qualcomm driver for Android
-CVE-2017-8257
-	RESERVED
-CVE-2017-8256
-	RESERVED
-CVE-2017-8255
-	RESERVED
-CVE-2017-8254
-	RESERVED
-CVE-2017-8253
-	RESERVED
+CVE-2017-8257 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2017-8256 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2017-8255 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2017-8254 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
+CVE-2017-8253 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
 CVE-2017-8252
 	RESERVED
 CVE-2017-8251
@@ -15195,8 +15215,8 @@ CVE-2017-7366 (In all Android releases from CAF using the Linux kernel, a KGSL i
 	NOT-FOR-US: Android driver
 CVE-2017-7365 (In all Android releases from CAF using the Linux kernel, a buffer ...)
 	NOT-FOR-US: Android
-CVE-2017-7364
-	RESERVED
+CVE-2017-7364 (In all Qualcomm products with Android releases from CAF using the ...)
+	TODO: check
 CVE-2017-7363 (Pixie 1.0.4 allows an admin/index.php s=publish&amp;m=module&amp;x= XSS ...)
 	NOT-FOR-US: Pixie CMS
 CVE-2017-7362 (Pixie 1.0.4 allows an admin/index.php s=publish&amp;m=dynamic&amp;x= XSS ...)
@@ -15405,8 +15425,8 @@ CVE-2017-7280 (An issue was discovered in api/includes/systems.php in Unitrends
 	NOT-FOR-US: Unitrends Enterprise Backup
 CVE-2017-7279 (An unprivileged user of the Unitrends Enterprise Backup before 9.0.0 ...)
 	NOT-FOR-US: Unitrends Enterprise Backup
-CVE-2017-7278
-	RESERVED
+CVE-2017-7278 (Unspecified vulnerability in ASSA ABLOY APTUS Styra Porttelefonkort ...)
+	TODO: check
 CVE-2017-7277 (The TCP stack in the Linux kernel through 4.10.6 mishandles the ...)
 	- linux <not-affected> (Vulnerable code introduced in 4.10-rc1)
 CVE-2017-7276 (There is reflected XSS in TOPdesk before 5.7.6 and 6.x and 7.x before ...)
@@ -24623,8 +24643,8 @@ CVE-2017-3758
 	RESERVED
 CVE-2017-3757
 	RESERVED
-CVE-2017-3756
-	RESERVED
+CVE-2017-3756 (A privilege escalation vulnerability was identified in Lenovo Active ...)
+	TODO: check
 CVE-2017-3755
 	RESERVED
 CVE-2017-3754 (Some Lenovo brand notebook systems do not have write protections ...)
@@ -28264,8 +28284,8 @@ CVE-2017-2291
 	RESERVED
 CVE-2017-2290 (On Windows installations of the mcollective-puppet-agent plugin, ...)
 	NOT-FOR-US: mcollective-puppet-agent plugin on Windows
-CVE-2017-2289
-	RESERVED
+CVE-2017-2289 (Untrusted search path vulnerability in Installer of Qua station ...)
+	TODO: check
 CVE-2017-2288 (Untrusted search path vulnerability in LhaForge Ver.1.6.5 and earlier ...)
 	NOT-FOR-US: LhaForge
 CVE-2017-2287 (Untrusted search path vulnerability in NFC Port Software remover ...)
@@ -28386,8 +28406,8 @@ CVE-2017-2230 (Untrusted search path vulnerability in Douro Kouji Kanseizutou Ch
 	NOT-FOR-US: Douro Kouji Kanseizutou Check Program
 CVE-2017-2229 (Untrusted search path vulnerability in Douroshisetu Kihon Data Sakusei ...)
 	NOT-FOR-US: Douroshisetu Kihon Data Sakusei System
-CVE-2017-2228
-	RESERVED
+CVE-2017-2228 (Untrusted search path vulnerability in Teikihoukokusho Sakuseishien ...)
+	TODO: check
 CVE-2017-2227 (Untrusted search path vulnerability in The installer of Charamin OMP ...)
 	NOT-FOR-US: installer of Charamin OMP
 CVE-2017-2226 (Untrusted search path vulnerability in Setup file of advance ...)
@@ -29840,8 +29860,8 @@ CVE-2017-1503
 	RESERVED
 CVE-2017-1502
 	RESERVED
-CVE-2017-1501
-	RESERVED
+CVE-2017-1501 (IBM WebSphere Application Server 8.0, 8.5, and 9.0 could provide ...)
+	TODO: check
 CVE-2017-1500 (A Reflected Cross Site Scripting (XSS) vulnerability exists in the ...)
 	NOT-FOR-US: IBM
 CVE-2017-1499
@@ -30166,8 +30186,8 @@ CVE-2017-1340
 	RESERVED
 CVE-2017-1339
 	RESERVED
-CVE-2017-1338
-	RESERVED
+CVE-2017-1338 (IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to ...)
+	TODO: check
 CVE-2017-1337 (IBM WebSphere MQ 9.0.1 and 9.0.2 Java/JMS application can incorrectly ...)
 	NOT-FOR-US: IBM
 CVE-2017-1336
@@ -31473,8 +31493,8 @@ CVE-2017-0689 (A denial of service vulnerability in the Android media framework.
 	NOT-FOR-US: Android media framework
 CVE-2017-0688 (A denial of service vulnerability in the Android media framework. ...)
 	NOT-FOR-US: Android media framework
-CVE-2017-0687
-	RESERVED
+CVE-2017-0687 (A denial of service vulnerability in the Android media framework ...)
+	TODO: check
 CVE-2017-0686 (A denial of service vulnerability in the Android media framework. ...)
 	NOT-FOR-US: Android media framework
 CVE-2017-0685 (A denial of service vulnerability in the Android media framework. ...)
author	security tracker role <sectracker@debian.org>	2017-08-18 21:10:16 +0000
committer	security tracker role <sectracker@debian.org>	2017-08-18 21:10:16 +0000
commit	126a07533a5a46623cf557e8d4dc9ebc4ac82102 (patch)
tree	1ba6dc5d7583b4483563d38bd54008421ecd26fe /data/CVE
parent	f82fcefdd3a4424b331f665563cab4d129202b29 (diff)