diff options
author | security tracker role <sectracker@debian.org> | 2017-08-18 21:10:16 +0000 |
---|---|---|
committer | security tracker role <sectracker@debian.org> | 2017-08-18 21:10:16 +0000 |
commit | 126a07533a5a46623cf557e8d4dc9ebc4ac82102 (patch) | |
tree | 1ba6dc5d7583b4483563d38bd54008421ecd26fe /data/CVE | |
parent | f82fcefdd3a4424b331f665563cab4d129202b29 (diff) |
automatic update
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@54857 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data/CVE')
-rw-r--r-- | data/CVE/2007.list | 8 | ||||
-rw-r--r-- | data/CVE/2014.list | 59 | ||||
-rw-r--r-- | data/CVE/2015.list | 216 | ||||
-rw-r--r-- | data/CVE/2016.list | 76 | ||||
-rw-r--r-- | data/CVE/2017.list | 258 |
5 files changed, 314 insertions, 303 deletions
diff --git a/data/CVE/2007.list b/data/CVE/2007.list index e49cd99e55..23aafeea3e 100644 --- a/data/CVE/2007.list +++ b/data/CVE/2007.list @@ -3395,8 +3395,8 @@ CVE-2007-5342 (The default catalina.policy in the JULI logging component in Apac {DSA-1447-1} - tomcat5.5 5.5.25-4 (low; bug #458237) - tomcat5 <not-affected> (Vulnerable code not present) -CVE-2007-5341 - RESERVED +CVE-2007-5341 (Remote code execution in the Venkman script debugger in Mozilla ...) + TODO: check CVE-2007-5340 (Multiple vulnerabilities in the Javascript engine in Mozilla Firefox ...) {DSA-1401-1 DSA-1396-1 DSA-1392-1 DSA-1391-1 DTSA-69-1 DTSA-71-1 DTSA-80-1} - iceweasel 2.0.0.8-1 (high) @@ -3752,8 +3752,8 @@ CVE-2007-5200 (hugin, as used on various operating systems including SUSE openSU {DTSA-74-1} - hugin 0.6.1-1.1 (low; bug #447344) [etch] - hugin <no-dsa> (Minor issue) -CVE-2007-5199 - RESERVED +CVE-2007-5199 (A single byte overflow in catalogue.c in X.Org libXfont 1.3.1 allows ...) + TODO: check CVE-2007-5198 (Buffer overflow in the redir function in check_http.c in Nagios ...) {DSA-1495-1 DTSA-67-1} - nagios-plugins 1.4.8-2.2 (low; bug #445475) diff --git a/data/CVE/2014.list b/data/CVE/2014.list index 496b2bb18b..68e01bbd60 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -77,37 +77,37 @@ CVE-2014-9984 (nscd in the GNU C Library (aka glibc or libc6) before version 2.2 NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c44496df2f090a56d3bf75df930592dac6bba46f CVE-2014-9982 RESERVED -CVE-2014-9981 - RESERVED -CVE-2014-9980 - RESERVED -CVE-2014-9979 - RESERVED -CVE-2014-9978 - RESERVED -CVE-2014-9977 - RESERVED -CVE-2014-9976 - RESERVED -CVE-2014-9975 - RESERVED -CVE-2014-9974 - RESERVED -CVE-2014-9973 - RESERVED -CVE-2014-9972 - RESERVED -CVE-2014-9971 - RESERVED +CVE-2014-9981 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2014-9980 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2014-9979 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2014-9978 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2014-9977 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2014-9976 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2014-9975 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2014-9974 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2014-9973 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2014-9972 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2014-9971 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check CVE-2014-9970 (jasypt before 1.9.2 allows a timing attack against the password hash ...) - jasypt 1.9.2-1 [jessie] - jasypt <no-dsa> (Minor issue) [wheezy] - jasypt <no-dsa> (Minor issue) NOTE: https://sourceforge.net/p/jasypt/code/668/ -CVE-2014-9969 - RESERVED -CVE-2014-9968 - RESERVED +CVE-2014-9969 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2014-9968 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check CVE-2014-9967 (In all Android releases from CAF using the Linux kernel, an untrusted ...) NOT-FOR-US: Qualcomm component for Android CVE-2014-9966 (In all Android releases from CAF using the Linux kernel, a ...) @@ -2081,8 +2081,8 @@ CVE-2014-9424 (Double free vulnerability in the ssl_parse_clienthello_use_srtp_e - libressl <itp> (bug #754513) CVE-2014-9412 (Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access ...) NOT-FOR-US: NetIQ Access Manager -CVE-2014-9411 - RESERVED +CVE-2014-9411 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check CVE-2014-9410 (The vfe31_proc_general function in ...) NOT-FOR-US: Qualcomm driver for Android CVE-2014-9409 @@ -17201,8 +17201,7 @@ CVE-2014-3454 (Cross-site request forgery (CSRF) vulnerability in ...) NOT-FOR-US: MediaWiki extension SemanticForms CVE-2014-3452 (Filters\LAV\avfilter-lav-4.dll in K-lite Codec 10.4.5 and earlier ...) NOT-FOR-US: K-lite Codec -CVE-2014-3451 - RESERVED +CVE-2014-3451 (OpenFire XMPP Server before 3.10 accepts self-signed certificates, ...) NOT-FOR-US: Openfire CVE-2014-3450 (Unspecified vulnerability in Panda Gold Protection and Global ...) NOT-FOR-US: Panda diff --git a/data/CVE/2015.list b/data/CVE/2015.list index 9d62a98ece..f5fd53996c 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -304,34 +304,34 @@ CVE-2015-9075 RESERVED CVE-2015-9074 RESERVED -CVE-2015-9073 - RESERVED -CVE-2015-9072 - RESERVED -CVE-2015-9071 - RESERVED -CVE-2015-9070 - RESERVED -CVE-2015-9069 - RESERVED -CVE-2015-9068 - RESERVED -CVE-2015-9067 - RESERVED -CVE-2015-9066 - RESERVED -CVE-2015-9065 - RESERVED -CVE-2015-9064 - RESERVED -CVE-2015-9063 - RESERVED -CVE-2015-9062 - RESERVED -CVE-2015-9061 - RESERVED -CVE-2015-9060 - RESERVED +CVE-2015-9073 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2015-9072 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2015-9071 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2015-9070 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2015-9069 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2015-9068 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2015-9067 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2015-9066 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2015-9065 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2015-9064 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2015-9063 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2015-9062 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2015-9061 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2015-9060 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check CVE-2015-9059 (picocom before 2.0 has a command injection vulnerability in the 'send ...) {DLA-974-1} - picocom 1.7-2 (bug #863671) @@ -343,50 +343,50 @@ CVE-2015-9057 (Multiple cross-site scripting (XSS) vulnerabilities in Proxmox Ma NOT-FOR-US: Proxmox Mail Gateway CVE-2015-9056 (Kibana versions prior to 4.1.3 and 4.2.1 are vulnerable to a XSS ...) - kibana <itp> (bug #700337) -CVE-2015-9055 - RESERVED -CVE-2015-9054 - RESERVED -CVE-2015-9053 - RESERVED -CVE-2015-9052 - RESERVED -CVE-2015-9051 - RESERVED -CVE-2015-9050 - RESERVED -CVE-2015-9049 - RESERVED -CVE-2015-9048 - RESERVED -CVE-2015-9047 - RESERVED -CVE-2015-9046 - RESERVED -CVE-2015-9045 - RESERVED -CVE-2015-9044 - RESERVED -CVE-2015-9043 - RESERVED -CVE-2015-9042 - RESERVED -CVE-2015-9041 - RESERVED -CVE-2015-9040 - RESERVED -CVE-2015-9039 - RESERVED -CVE-2015-9038 - RESERVED -CVE-2015-9037 - RESERVED -CVE-2015-9036 - RESERVED -CVE-2015-9035 - RESERVED -CVE-2015-9034 - RESERVED +CVE-2015-9055 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2015-9054 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2015-9053 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2015-9052 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2015-9051 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2015-9050 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2015-9049 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2015-9048 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2015-9047 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2015-9046 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2015-9045 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2015-9044 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2015-9043 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2015-9042 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2015-9041 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2015-9040 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2015-9039 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2015-9038 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2015-9037 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2015-9036 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2015-9035 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2015-9034 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check CVE-2015-9033 (In all Android releases from CAF using the Linux kernel, a QTEE system ...) NOT-FOR-US: Qualcomm component for Android CVE-2015-9032 (In all Android releases from CAF using the Linux kernel, a DRM key was ...) @@ -2270,16 +2270,16 @@ CVE-2015-8598 RESERVED CVE-2015-8597 (Open redirect vulnerability in Blue Coat ProxySG 6.5 before 6.5.8.8 ...) NOT-FOR-US: Blue Coat -CVE-2015-8596 - RESERVED -CVE-2015-8595 - RESERVED -CVE-2015-8594 - RESERVED -CVE-2015-8593 - RESERVED -CVE-2015-8592 - RESERVED +CVE-2015-8596 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2015-8595 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2015-8594 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2015-8593 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2015-8592 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check CVE-2015-8612 (The EnableNetwork method in the Network class in ...) {DSA-3427-1} - blueman 2.0.3-1 @@ -4267,8 +4267,7 @@ CVE-2015-7947 RESERVED CVE-2015-7946 RESERVED -CVE-2015-7945 [DRBD secret leak] - RESERVED +CVE-2015-7945 (The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti ...) {DSA-3431-1} - ganeti 2.15.2-1 (bug #809538) [squeeze] - ganeti <end-of-life> (Depends on KVM/Xen, unsupported in Squeeze LTS) @@ -4277,8 +4276,7 @@ CVE-2015-7945 [DRBD secret leak] NOTE: http://git.ganeti.org/?p=ganeti.git;a=commit;h=6e94ad76446904961744f9b0826414a5e4120693 NOTE: http://git.ganeti.org/?p=ganeti.git;a=commit;h=6d44be24c50944fc35de7a490bc836938a82e1df NOTE: http://git.ganeti.org/?p=ganeti.git;a=commit;h=6f9ba80f8312d5607da70841f698c49000a31126 -CVE-2015-7944 [DoS] - RESERVED +CVE-2015-7944 (The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti ...) {DSA-3431-1} - ganeti 2.15.2-1 (bug #809537) [squeeze] - ganeti <end-of-life> (Depends on KVM/Xen, unsupported in Squeeze LTS) @@ -12115,8 +12113,7 @@ CVE-2015-5154 (Heap-based buffer overflow in the IDE subsystem in QEMU, as used NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=cb72cba83021fa42719e73a5249c12096a4d1cfc NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=03441c3a4a42beb25460dd11592539030337d0f8 NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=ce560dcf20c14194db5ef3b9fc1ea592d4e68109 (v1.3.0-rc0) -CVE-2015-5153 - RESERVED +CVE-2015-5153 (Pulp does not remove permissions for named objects upon deletion, ...) NOT-FOR-US: Pulp (Red Hat) CVE-2015-5152 (Foreman after 1.1 and before 1.9.0-RC1 does not redirect HTTP requests ...) - foreman <itp> (bug #663101) @@ -12299,8 +12296,7 @@ CVE-2015-5147 (Stack-based buffer overflow in the header_anchor function in the - ruby-redcarpet <not-affected> (Affects v3.3.0 - v3.3.1) NOTE: https://github.com/vmg/redcarpet/commit/2cee777c1e5babe8a1e2683d31ea75cc4afe55fb NOTE: http://www.openwall.com/lists/oss-security/2015/06/29/3 -CVE-2015-5081 [CSRF] - RESERVED +CVE-2015-5081 (Cross-site request forgery (CSRF) vulnerability in django CMS before ...) - python-django-cms <itp> (bug #516183) CVE-2015-5073 (Heap-based buffer overflow in the find_fixedlength function in ...) - pcre3 2:8.35-7 (bug #790000) @@ -13349,8 +13345,7 @@ CVE-2015-5059 (The "Project Documentation" feature in MantisBT 1.2.19 [squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts) NOTE: http://github.com/mantisbt/mantisbt/commit/f39cf525 (1.2.x) NOTE: https://mantisbt.org/bugs/view.php?id=19873 -CVE-2015-5057 - RESERVED +CVE-2015-5057 (Cross-site scripting (XSS) vulnerability exists in the Wordpress admin ...) NOT-FOR-US: WordPress plugin broken-link-checker CVE-2015-4707 [IPython XSS in JSON error responses -- /api/notebooks path] RESERVED @@ -13951,8 +13946,8 @@ CVE-2015-4466 RESERVED CVE-2015-4465 (Cross-site scripting (XSS) vulnerability in the zM Ajax Login & ...) NOT-FOR-US: WordPress plugin zM Ajax Login & Register -CVE-2015-4464 - RESERVED +CVE-2015-4464 (Kguard Digital Video Recorder 104, 108, v2 does not have any ...) + TODO: check CVE-2015-4463 (The file_manager component in eFront CMS before 3.6.15.5 allows remote ...) NOT-FOR-US: eFront CMS CVE-2015-4462 (Absolute path traversal vulnerability in the file_manager component of ...) @@ -14935,8 +14930,8 @@ CVE-2015-4073 RESERVED CVE-2015-4072 RESERVED -CVE-2015-4071 - RESERVED +CVE-2015-4071 (The Helpdesk Pro Plugin before 1.4.0 for Joomla! allows remote ...) + TODO: check CVE-2015-4070 (Open redirect vulnerability in the proxyimages function in ...) NOT-FOR-US: Wow Moodboard Lite CVE-2015-4069 (The EdgeServiceImpl web service in Arcserve UDP before 5.0 Update 4 ...) @@ -14967,8 +14962,7 @@ CVE-2015-XXXX [hwclock(8) SUID privilege escalation] NOTE: hwclock is not installed suid in Debian NOTE: https://github.com/karelzak/util-linux/commit/687cc5d58942b24a9f4013c68876d8cbea907ab1 NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/26/10 -CVE-2015-4082 [encrypted backups attack] - RESERVED +CVE-2015-4082 (attic before 0.15 does not confirm unencrypted backups with the user, ...) - attic 0.16-1 (bug #787435) [jessie] - attic <no-dsa> (Minor issue) NOTE: https://github.com/jborg/attic/issues/271 @@ -16001,8 +15995,8 @@ CVE-2015-3651 RESERVED CVE-2015-3650 (vmware-vmx.exe in VMware Workstation 7.x through 10.x before 10.0.7 ...) NOT-FOR-US: VMware -CVE-2015-3649 - RESERVED +CVE-2015-3649 (The open-uri-cached rubygem allows local users to execute arbitrary ...) + TODO: check CVE-2015-3648 (Directory traversal vulnerability in pages/setup.php in Montala ...) NOT-FOR-US: ResourceSpace CVE-2015-3647 (Multiple cross-site scripting (XSS) vulnerabilities in ...) @@ -20485,8 +20479,7 @@ CVE-2015-2194 (Unrestricted file upload vulnerability in the fusion_options func NOT-FOR-US: fusion_options function in functions.php in the Fusion theme for WordPress CVE-2015-2193 RESERVED -CVE-2015-2675 [Invalid pointer dereference in the GNOME librest library] - RESERVED +CVE-2015-2675 (The OAuth implementation in librest before 0.7.93 incorrectly ...) - librest 0.7.92-3 (bug #780101) [wheezy] - librest <not-affected> (rest_proxy_call_get_url not yet used) [squeeze] - librest <not-affected> (rest_proxy_call_get_url not yet used) @@ -21274,8 +21267,8 @@ CVE-2015-2034 (Cross-site scripting (XSS) vulnerability in the administrative ba - piwigo <removed> [squeeze] - piwigo <end-of-life> (Unsupported in squeeze-lts) NOTE: Request to mark the package as unsupported in #779104 -CVE-2015-1878 - RESERVED +CVE-2015-1878 (Thales nShield Connect hardware models 500, 1500, 6000, 500+, 1500+, ...) + TODO: check CVE-2015-1876 RESERVED CVE-2015-1875 (SQL injection vulnerability in a2billing/customer/iridium_threed.php ...) @@ -21502,8 +21495,7 @@ CVE-2015-1819 (The xmlreader in libxml allows remote attackers to cause a denial NOTE: Concerns by Florian Weimer: https://bugzilla.gnome.org/show_bug.cgi?id=748278 CVE-2015-1818 (XML external entity (XXE) vulnerability in the dashbuilder import ...) NOT-FOR-US: JBoss dashbuilder -CVE-2015-1817 [stack-based buffer overflow in ipv6 literal parsing] - RESERVED +CVE-2015-1817 (Stack-based buffer overflow in the inet_pton function in ...) - musl 1.1.5-2 (bug #781497) CVE-2015-1816 (Forman before 1.7.4 does not verify SSL certificates for LDAP ...) - foreman <itp> (bug #663101) @@ -25078,12 +25070,12 @@ CVE-2015-0578 (Cisco Adaptive Security Appliance (ASA) Software, when a DHCPv6 r NOT-FOR-US: Cisco Adaptive Security Appliance CVE-2015-0577 (Multiple cross-site scripting (XSS) vulnerabilities in the IronPort ...) NOT-FOR-US: Cisco AsyncOS -CVE-2015-0576 - RESERVED -CVE-2015-0575 - RESERVED -CVE-2015-0574 - RESERVED +CVE-2015-0576 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2015-0575 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2015-0574 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check CVE-2015-0573 (drivers/media/platform/msm/broadcast/tsc.c in the TSC driver for the ...) NOT-FOR-US: Qualcomm driver for Android CVE-2015-0572 (Multiple race conditions in drivers/char/adsprpc.c and ...) diff --git a/data/CVE/2016.list b/data/CVE/2016.list index ee4500a0e4..ca9b0f64e2 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -233,32 +233,32 @@ CVE-2016-10394 RESERVED CVE-2016-10393 RESERVED -CVE-2016-10392 - RESERVED -CVE-2016-10391 - RESERVED -CVE-2016-10390 - RESERVED -CVE-2016-10389 - RESERVED -CVE-2016-10388 - RESERVED -CVE-2016-10387 - RESERVED -CVE-2016-10386 - RESERVED -CVE-2016-10385 - RESERVED -CVE-2016-10384 - RESERVED -CVE-2016-10383 - RESERVED -CVE-2016-10382 - RESERVED -CVE-2016-10381 - RESERVED -CVE-2016-10380 - RESERVED +CVE-2016-10392 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2016-10391 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2016-10390 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2016-10389 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2016-10388 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2016-10387 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2016-10386 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2016-10385 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2016-10384 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2016-10383 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2016-10382 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2016-10381 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2016-10380 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check CVE-2016-10379 (The VirtueMart com_virtuemart component 3.0.14 for Joomla! allows SQL ...) NOT-FOR-US: Joomla addon CVE-2016-10378 (e107 2.1.1 allows SQL injection by remote authenticated administrators ...) @@ -386,18 +386,18 @@ CVE-2016-10349 (The archive_le32dec function in archive_endian.h in libarchive 3 NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/88eb9e1d73fef46f04677c25b1697b8e25777ed3 CVE-2016-10348 RESERVED -CVE-2016-10347 - RESERVED -CVE-2016-10346 - RESERVED +CVE-2016-10347 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2016-10346 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check CVE-2016-10345 (In Phusion Passenger before 5.1.0, a known /tmp filename was used ...) - passenger <unfixed> (unimportant) NOTE: https://github.com/phusion/passenger/commit/e5b4b0824d6b648525b4bf63d9fa37e5beeae441 NOTE: Source present, but passenger-install-nginx-module not installed -CVE-2016-10344 - RESERVED -CVE-2016-10343 - RESERVED +CVE-2016-10344 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2016-10343 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check CVE-2016-10342 (In all Android releases from CAF using the Linux kernel, a buffer ...) NOT-FOR-US: Qualcomm component for Android CVE-2016-10341 (In all Android releases from CAF using the Linux kernel, 3rd party ...) @@ -14435,10 +14435,10 @@ CVE-2016-5875 [tiff: heap-based buffer overflow when using the PixarLog compress NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0205/ CVE-2016-5874 (Siemens SIMATIC NET PC-Software before 13 SP2 allows remote attackers ...) NOT-FOR-US: Siemens -CVE-2016-5872 - RESERVED -CVE-2016-5871 - RESERVED +CVE-2016-5872 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2016-5871 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check CVE-2016-5870 (The msm_ipc_router_close function in net/ipc_router/ipc_router_socket.c ...) - linux <not-affected> (Qualcomm-specific kernel patch) CVE-2016-5869 diff --git a/data/CVE/2017.list b/data/CVE/2017.list index 0a067d94a6..447794c13a 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -1,36 +1,62 @@ -CVE-2017-12942 [buffer overflow in the Unpack::LongLZ function] +CVE-2017-12954 + RESERVED +CVE-2017-12953 + RESERVED +CVE-2017-12952 + RESERVED +CVE-2017-12951 + RESERVED +CVE-2017-12950 + RESERVED +CVE-2017-12949 (lib\modules\contributors\contributor_list_table.php in the Podlove ...) + TODO: check +CVE-2017-12948 (Core\Admin\PFTemplater.php in the PressForward plugin 4.3.0 and earlier ...) + TODO: check +CVE-2017-12947 (classes\controller\admin\modals.php in the Easy Modal plugin before ...) + TODO: check +CVE-2017-12946 (classes\controller\admin\modals.php in the Easy Modal plugin before ...) + TODO: check +CVE-2017-12945 + RESERVED +CVE-2017-12944 (The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 ...) + TODO: check +CVE-2017-12943 (D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers ...) + TODO: check +CVE-2017-12939 (A Remote Code Execution vulnerability was identified in all Windows ...) + TODO: check +CVE-2017-12942 (libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the ...) - unrar-nonfree <unfixed> [stretch] - unrar-nonfree <no-dsa> (Non-free not supported) [jessie] - unrar-nonfree <no-dsa> (Non-free not supported) [wheezy] - unrar-nonfree <no-dsa> (Non-free not supported) NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/6 -CVE-2017-12941 [out-of-bounds read in the Unpack::Unpack20 function] +CVE-2017-12941 (libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the ...) - unrar-nonfree <unfixed> [stretch] - unrar-nonfree <no-dsa> (Non-free not supported) [jessie] - unrar-nonfree <no-dsa> (Non-free not supported) [wheezy] - unrar-nonfree <no-dsa> (Non-free not supported) NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/6 -CVE-2017-12940 [out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function] +CVE-2017-12940 (libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the ...) - unrar-nonfree <unfixed> [stretch] - unrar-nonfree <no-dsa> (Non-free not supported) [jessie] - unrar-nonfree <no-dsa> (Non-free not supported) [wheezy] - unrar-nonfree <no-dsa> (Non-free not supported) NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/6 -CVE-2017-12938 [directory traversal] +CVE-2017-12938 (UnRAR before 5.5.7 allows remote attackers to bypass a ...) - unrar-nonfree <unfixed> [stretch] - unrar-nonfree <no-dsa> (Non-free not supported) [jessie] - unrar-nonfree <no-dsa> (Non-free not supported) [wheezy] - unrar-nonfree <no-dsa> (Non-free not supported) NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/2 -CVE-2017-12937 [heap-based buffer overflow in ReadSUNImage (sun.c)] +CVE-2017-12937 (The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has ...) - graphicsmagick <unfixed> (bug #872574) NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/5 NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/95d00d55e978 -CVE-2017-12936 [use-after-free in ReadWMFImage (wmf.c)] +CVE-2017-12936 (The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has ...) - graphicsmagick <unfixed> (bug #872575) NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/3 NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/be898b7c97bd -CVE-2017-12935 [invalid memory read in SetImageColorCallBack (image.c)] +CVE-2017-12935 (The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 ...) - graphicsmagick <unfixed> (bug #872576) NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/4 NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/cd699a44f188 @@ -93,6 +119,7 @@ CVE-2017-12905 RESERVED CVE-2017-12904 [RCE in newbeuter when bookmarking malicious article] RESERVED + {DSA-3947-1} - newsbeuter 2.9-6 NOTE: https://github.com/akrennmair/newsbeuter/issues/591 NOTE: https://github.com/akrennmair/newsbeuter/commit/96e9506ae9e252c548665152d1b8968297128307 @@ -170,11 +197,9 @@ CVE-2017-12884 RESERVED CVE-2017-12883 RESERVED -CVE-2017-12882 - RESERVED +CVE-2017-12882 (Stored Cross-site scripting (XSS) vulnerability in Spring Batch Admin ...) NOT-FOR-US: Spring Batch Admin -CVE-2017-12881 - RESERVED +CVE-2017-12881 (Cross-site request forgery (CSRF) vulnerability in the Spring Batch ...) NOT-FOR-US: Spring Batch Admin CVE-2017-12880 REJECTED @@ -212,8 +237,8 @@ CVE-2017-12861 RESERVED CVE-2017-12860 RESERVED -CVE-2017-12859 - RESERVED +CVE-2017-12859 (NetApp Data ONTAP before 8.2.5, when operating in 7-Mode in NFS ...) + TODO: check CVE-2017-12858 RESERVED CVE-2017-12857 @@ -471,8 +496,8 @@ CVE-2017-1000115 [path traversal via symlink] NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.282017-08-10.29 CVE-2017-12777 (Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via some ...) NOT-FOR-US: NexusPHP -CVE-2017-12776 - RESERVED +CVE-2017-12776 (SQL injection vulnerability in reports.php in NexusPHP 1.5 allows ...) + TODO: check CVE-2017-12775 RESERVED CVE-2017-12774 (finecms in 1.9.5\controllers\member\ContentController.php allows ...) @@ -679,8 +704,8 @@ CVE-2017-12682 RESERVED CVE-2017-12681 RESERVED -CVE-2017-12680 - RESERVED +CVE-2017-12680 (Cross-Site Scripting (XSS) exists in NexusPHP 1.5 via the type ...) + TODO: check CVE-2017-12679 RESERVED CVE-2017-12678 (In TagLib 1.11.1, the rebuildAggregateFrames function in ...) @@ -885,16 +910,16 @@ CVE-2017-12595 RESERVED CVE-2017-12594 RESERVED -CVE-2017-12593 - RESERVED -CVE-2017-12592 - RESERVED -CVE-2017-12591 - RESERVED +CVE-2017-12593 (ASUS DSL-N10S V2.1.16_APAC devices allow CSRF. ...) + TODO: check +CVE-2017-12592 (ASUS DSL-N10S V2.1.16_APAC devices have a privilege escalation ...) + TODO: check +CVE-2017-12591 (ASUS DSL-N10S V2.1.16_APAC devices have reflected and stored cross ...) + TODO: check CVE-2017-12590 RESERVED -CVE-2017-12589 - RESERVED +CVE-2017-12589 (ToMAX R60G R60GV2-V2.0-v.2.6.3-170330 devices do not have any ...) + TODO: check CVE-2017-12588 (The zmq3 input and output modules in rsyslog before 8.28.0 interpreted ...) - rsyslog 8.28.0-1 (unimportant) NOTE: https://github.com/rsyslog/rsyslog/commit/062d0c671a29f7c6f7dff4a2f1f35df375bbb30b @@ -916,8 +941,8 @@ CVE-2017-12583 (DokuWiki through 2017-02-19b has XSS in the at parameter (aka th [jessie] - dokuwiki <not-affected> (Vulnerable code not present) [wheezy] - dokuwiki <not-affected> (Vulnerable code not present) NOTE: https://github.com/splitbrain/dokuwiki/issues/2061 -CVE-2017-12582 - RESERVED +CVE-2017-12582 (Unprivileged user can access all functions in the Surveillance Station ...) + TODO: check CVE-2017-12581 (GitHub Electron before 1.6.8 allows remote command execution because of ...) NOT-FOR-US: Electron CVE-2017-12580 @@ -1283,8 +1308,8 @@ CVE-2017-12442 (The row_is_empty function in base/4bitmap.c:272 in minidjvu 0.8 CVE-2017-12441 (The row_is_empty function in base/4bitmap.c:274 in minidjvu 0.8 can ...) - minidjvu <unfixed> (unimportant; bug #871495) NOTE: https://sourceforge.net/p/minidjvu/bugs/8/ -CVE-2017-12440 - RESERVED +CVE-2017-12440 (Aodh as packaged in Openstack Ocata and Newton before change-ID ...) + TODO: check CVE-2017-12439 (SocuSoft Flash Slideshow Maker Professional through v5.20, when the ...) NOT-FOR-US: SocuSoft Flash Slideshow Maker Professional CVE-2017-12438 @@ -1339,8 +1364,8 @@ CVE-2017-12422 RESERVED CVE-2017-12421 RESERVED -CVE-2017-12420 - RESERVED +CVE-2017-12420 (Heap-based buffer overflow in the SMB implementation in NetApp ...) + TODO: check CVE-2017-12419 (If, after successful installation of MantisBT through 2.5.2 on ...) - mantis <removed> [wheezy] - mantis <end-of-life> (Not supported in Wheezy) @@ -3106,10 +3131,10 @@ CVE-2017-11654 (An out-of-bounds read and write flaw was found in the way SIPcra [jessie] - sipcrack <no-dsa> (Minor issue) [wheezy] - sipcrack <no-dsa> (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2017/07/26/1 -CVE-2017-11653 - RESERVED -CVE-2017-11652 - RESERVED +CVE-2017-11653 (Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the ...) + TODO: check +CVE-2017-11652 (Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the ...) + TODO: check CVE-2017-11651 (NexusPHP V1.5 has XSS via a javascript: or data: URL in a UBBCode url ...) NOT-FOR-US: NexusPHP CVE-2017-11650 @@ -4407,8 +4432,8 @@ CVE-2017-11187 (phpMyFAQ before 2.9.8 does not properly mitigate brute-force att NOT-FOR-US: phpMyFAQ CVE-2017-11186 RESERVED -CVE-2017-11185 [denial of service in the gmp plugin] - RESERVED +CVE-2017-11185 (The gmp plugin in strongSwan before 5.6.0 allows remote attackers to ...) + {DLA-1059-1} - strongswan <unfixed> (bug #872155) NOTE: https://www.strongswan.org/blog/2017/08/14/strongswan-vulnerability-(cve-2017-11185).html NOTE: https://git.strongswan.org/?p=strongswan.git;a=commit;h=ef5c37fcdf47273feea320091598135688df4ef7 @@ -4518,8 +4543,8 @@ CVE-2017-11162 RESERVED CVE-2017-11161 RESERVED -CVE-2017-11160 - RESERVED +CVE-2017-11160 (Multiple untrusted search path vulnerabilities in installer in ...) + TODO: check CVE-2017-11159 RESERVED CVE-2017-11158 @@ -5583,14 +5608,14 @@ CVE-2017-10826 RESERVED CVE-2017-10825 RESERVED -CVE-2017-10824 - RESERVED -CVE-2017-10823 - RESERVED -CVE-2017-10822 - RESERVED -CVE-2017-10821 - RESERVED +CVE-2017-10824 (Untrusted search path vulnerability in TDB CA TypeA use software ...) + TODO: check +CVE-2017-10823 (Untrusted search path vulnerability in Installer for Shin Kinkyuji ...) + TODO: check +CVE-2017-10822 (Untrusted search path vulnerability in Installer for Shin Sekiyu Yunyu ...) + TODO: check +CVE-2017-10821 (Untrusted search path vulnerability in Installer for Shin Kikan Toukei ...) + TODO: check CVE-2017-10820 (Untrusted search path vulnerability in Installer of IP Messenger for ...) NOT-FOR-US: Installer of IP Messenger for Win CVE-2017-10819 (MaLion for Mac 4.3.0 to 5.2.1 does not properly validate certificates, ...) @@ -5609,8 +5634,8 @@ CVE-2017-10813 RESERVED CVE-2017-10812 RESERVED -CVE-2017-10811 - RESERVED +CVE-2017-10811 (Buffalo WCR-1166DS devices with firmware 1.30 and earlier allow an ...) + TODO: check CVE-2017-10810 (Memory leak in the virtio_gpu_object_create function in ...) {DSA-3927-1} - linux 4.11.11-1 (low) @@ -5978,8 +6003,8 @@ CVE-2017-10667 (In index.php in Zen Cart 1.6.0, the products_id parameter can ca NOT-FOR-US: Zen Cart CVE-2017-10666 RESERVED -CVE-2017-10665 - RESERVED +CVE-2017-10665 (Directory traversal vulnerability in ajaxfileupload.php in Kayson ...) + TODO: check CVE-2017-9998 (The _dwarf_decode_s_leb128_chk function in dwarf_leb.c in libdwarf ...) - dwarfutils 20170416-3 (bug #866968) [stretch] - dwarfutils 20161124-1+deb9u1 @@ -6622,8 +6647,8 @@ CVE-2017-9818 RESERVED CVE-2017-9817 RESERVED -CVE-2017-9816 - RESERVED +CVE-2017-9816 (Cross-site scripting (XSS) vulnerability in Paessler PRTG Network ...) + TODO: check CVE-2017-9815 (In LibTIFF 4.0.7, the TIFFReadDirEntryLong8Array function in ...) - tiff 4.0.8-1 [jessie] - tiff <no-dsa> (Minor issue) @@ -8090,8 +8115,8 @@ CVE-2017-9769 (A specially crafted IOCTL can be issued to the rzpnk.sys driver i NOT-FOR-US: Razer Synapse CVE-2017-9768 RESERVED -CVE-2017-9767 - RESERVED +CVE-2017-9767 (Multiple cross-site scripting (XSS) vulnerabilities in Quali ...) + TODO: check CVE-2017-9766 (In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows ...) - wireshark 2.4.0-1 (bug #870175) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13811 @@ -8489,27 +8514,22 @@ CVE-2017-9687 RESERVED CVE-2017-9686 RESERVED -CVE-2017-9685 - RESERVED -CVE-2017-9684 - RESERVED +CVE-2017-9685 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2017-9684 (In all Qualcomm products with Android releases from CAF using the ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-9683 RESERVED -CVE-2017-9682 - RESERVED +CVE-2017-9682 (In all Qualcomm products with Android releases from CAF using the ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-9681 RESERVED NOT-FOR-US: Google drivers for Android -CVE-2017-9680 - RESERVED +CVE-2017-9680 (In all Qualcomm products with Android releases from CAF using the ...) NOT-FOR-US: Google drivers for Android -CVE-2017-9679 - RESERVED +CVE-2017-9679 (In all Qualcomm products with Android releases from CAF using the ...) NOT-FOR-US: Google drivers for Android -CVE-2017-9678 - RESERVED +CVE-2017-9678 (In all Qualcomm products with Android releases from CAF using the ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-9677 RESERVED @@ -9082,8 +9102,8 @@ CVE-2017-9456 RESERVED CVE-2017-9455 RESERVED -CVE-2017-9454 - RESERVED +CVE-2017-9454 (Buffer overflow in the ares_parse_a_reply function in the embedded ...) + TODO: check CVE-2017-9453 RESERVED CVE-2017-9452 (Cross-site scripting (XSS) vulnerability in admin.php in Piwigo 2.9.0 ...) @@ -11814,10 +11834,10 @@ CVE-2017-8448 RESERVED CVE-2017-8447 RESERVED -CVE-2017-8446 - RESERVED -CVE-2017-8445 - RESERVED +CVE-2017-8446 (The Reporting feature in X-Pack in versions prior to 5.5.2 and ...) + TODO: check +CVE-2017-8445 (An error was found in the X-Pack Security TLS trust manager for ...) + TODO: check CVE-2017-8444 RESERVED CVE-2017-8443 (In Kibana X-Pack security versions prior to 5.4.3 if a Kibana user ...) @@ -12366,46 +12386,46 @@ CVE-2017-8274 RESERVED CVE-2017-8273 (In all Qualcomm products with Android release from CAF using the Linux ...) NOT-FOR-US: Qualcomm driver for Android -CVE-2017-8272 - RESERVED +CVE-2017-8272 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check CVE-2017-8271 (Out of bound memory write can happen in the MDSS Rotator driver in all ...) NOT-FOR-US: Qualcomm driver for Android -CVE-2017-8270 - RESERVED +CVE-2017-8270 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check CVE-2017-8269 (Userspace-controlled non null terminated parameter for IPA WAN ioctl ...) NOT-FOR-US: Qualcomm driver for Android -CVE-2017-8268 - RESERVED -CVE-2017-8267 - RESERVED -CVE-2017-8266 - RESERVED -CVE-2017-8265 - RESERVED +CVE-2017-8268 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2017-8267 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2017-8266 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2017-8265 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check CVE-2017-8264 (A userspace process can cause a Denial of Service in the camera driver ...) NOT-FOR-US: Qualcomm driver for Android -CVE-2017-8263 - RESERVED -CVE-2017-8262 - RESERVED -CVE-2017-8261 - RESERVED -CVE-2017-8260 - RESERVED +CVE-2017-8263 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2017-8262 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2017-8261 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2017-8260 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check CVE-2017-8259 (In the service locator in all Qualcomm products with Android releases ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-8258 (An array out-of-bounds access in all Qualcomm products with Android ...) NOT-FOR-US: Qualcomm driver for Android -CVE-2017-8257 - RESERVED -CVE-2017-8256 - RESERVED -CVE-2017-8255 - RESERVED -CVE-2017-8254 - RESERVED -CVE-2017-8253 - RESERVED +CVE-2017-8257 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2017-8256 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2017-8255 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2017-8254 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check +CVE-2017-8253 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check CVE-2017-8252 RESERVED CVE-2017-8251 @@ -15195,8 +15215,8 @@ CVE-2017-7366 (In all Android releases from CAF using the Linux kernel, a KGSL i NOT-FOR-US: Android driver CVE-2017-7365 (In all Android releases from CAF using the Linux kernel, a buffer ...) NOT-FOR-US: Android -CVE-2017-7364 - RESERVED +CVE-2017-7364 (In all Qualcomm products with Android releases from CAF using the ...) + TODO: check CVE-2017-7363 (Pixie 1.0.4 allows an admin/index.php s=publish&m=module&x= XSS ...) NOT-FOR-US: Pixie CMS CVE-2017-7362 (Pixie 1.0.4 allows an admin/index.php s=publish&m=dynamic&x= XSS ...) @@ -15405,8 +15425,8 @@ CVE-2017-7280 (An issue was discovered in api/includes/systems.php in Unitrends NOT-FOR-US: Unitrends Enterprise Backup CVE-2017-7279 (An unprivileged user of the Unitrends Enterprise Backup before 9.0.0 ...) NOT-FOR-US: Unitrends Enterprise Backup -CVE-2017-7278 - RESERVED +CVE-2017-7278 (Unspecified vulnerability in ASSA ABLOY APTUS Styra Porttelefonkort ...) + TODO: check CVE-2017-7277 (The TCP stack in the Linux kernel through 4.10.6 mishandles the ...) - linux <not-affected> (Vulnerable code introduced in 4.10-rc1) CVE-2017-7276 (There is reflected XSS in TOPdesk before 5.7.6 and 6.x and 7.x before ...) @@ -24623,8 +24643,8 @@ CVE-2017-3758 RESERVED CVE-2017-3757 RESERVED -CVE-2017-3756 - RESERVED +CVE-2017-3756 (A privilege escalation vulnerability was identified in Lenovo Active ...) + TODO: check CVE-2017-3755 RESERVED CVE-2017-3754 (Some Lenovo brand notebook systems do not have write protections ...) @@ -28264,8 +28284,8 @@ CVE-2017-2291 RESERVED CVE-2017-2290 (On Windows installations of the mcollective-puppet-agent plugin, ...) NOT-FOR-US: mcollective-puppet-agent plugin on Windows -CVE-2017-2289 - RESERVED +CVE-2017-2289 (Untrusted search path vulnerability in Installer of Qua station ...) + TODO: check CVE-2017-2288 (Untrusted search path vulnerability in LhaForge Ver.1.6.5 and earlier ...) NOT-FOR-US: LhaForge CVE-2017-2287 (Untrusted search path vulnerability in NFC Port Software remover ...) @@ -28386,8 +28406,8 @@ CVE-2017-2230 (Untrusted search path vulnerability in Douro Kouji Kanseizutou Ch NOT-FOR-US: Douro Kouji Kanseizutou Check Program CVE-2017-2229 (Untrusted search path vulnerability in Douroshisetu Kihon Data Sakusei ...) NOT-FOR-US: Douroshisetu Kihon Data Sakusei System -CVE-2017-2228 - RESERVED +CVE-2017-2228 (Untrusted search path vulnerability in Teikihoukokusho Sakuseishien ...) + TODO: check CVE-2017-2227 (Untrusted search path vulnerability in The installer of Charamin OMP ...) NOT-FOR-US: installer of Charamin OMP CVE-2017-2226 (Untrusted search path vulnerability in Setup file of advance ...) @@ -29840,8 +29860,8 @@ CVE-2017-1503 RESERVED CVE-2017-1502 RESERVED -CVE-2017-1501 - RESERVED +CVE-2017-1501 (IBM WebSphere Application Server 8.0, 8.5, and 9.0 could provide ...) + TODO: check CVE-2017-1500 (A Reflected Cross Site Scripting (XSS) vulnerability exists in the ...) NOT-FOR-US: IBM CVE-2017-1499 @@ -30166,8 +30186,8 @@ CVE-2017-1340 RESERVED CVE-2017-1339 RESERVED -CVE-2017-1338 - RESERVED +CVE-2017-1338 (IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to ...) + TODO: check CVE-2017-1337 (IBM WebSphere MQ 9.0.1 and 9.0.2 Java/JMS application can incorrectly ...) NOT-FOR-US: IBM CVE-2017-1336 @@ -31473,8 +31493,8 @@ CVE-2017-0689 (A denial of service vulnerability in the Android media framework. NOT-FOR-US: Android media framework CVE-2017-0688 (A denial of service vulnerability in the Android media framework. ...) NOT-FOR-US: Android media framework -CVE-2017-0687 - RESERVED +CVE-2017-0687 (A denial of service vulnerability in the Android media framework ...) + TODO: check CVE-2017-0686 (A denial of service vulnerability in the Android media framework. ...) NOT-FOR-US: Android media framework CVE-2017-0685 (A denial of service vulnerability in the Android media framework. ...) |