automatic update

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@51165 e39458fd-73e7-0310-bf30-c45bca0a0e42
author: security tracker role <sectracker@debian.org> 2017-04-28 21:10:11 +0000
committer: security tracker role <sectracker@debian.org> 2017-04-28 21:10:11 +0000
commit: d38900f4f272112b28a34498851b0a309b779f82 (patch)
tree: 095a4788a4b6c666650897012cf451278c6a2df1 /data
parent: 609f34315aab5b7a09d364216daf9471648c7f70 (diff)
5 files changed, 196 insertions, 158 deletions
diff --git a/data/CVE/2007.list b/data/CVE/2007.list
index 4768f5e5ff..93cec202a9 100644
--- a/data/CVE/2007.list
+++ b/data/CVE/2007.list
@@ -9012,7 +9012,7 @@ CVE-2007-XXXX [webpy HTTP response splitting vulnerability]
 	NOTE: needs to go through a point update
 CVE-2007-2967 (Multiple F-Secure anti-virus products for Microsoft Windows and Linux ...)
 	NOT-FOR-US: F-Secure
-CVE-2007-2966 (Buffer overflow in the LHA decompresion component in F-Secure ...)
+CVE-2007-2966 (Buffer overflow in the LHA decompression component in F-Secure ...)
 	NOT-FOR-US: F-Secure
 CVE-2007-2965 (Unspecified vulnerability in the Real-time Scanning component in ...)
 	NOT-FOR-US: F-Secure
diff --git a/data/CVE/2012.list b/data/CVE/2012.list
index 9af73554dc..9a6539f135 100644
--- a/data/CVE/2012.list
+++ b/data/CVE/2012.list
@@ -8956,7 +8956,7 @@ CVE-2012-3120 (Unspecified vulnerability in Oracle Sun Solaris 8 allows remote .
 	NOT-FOR-US: Oracle Sun Solaris
 CVE-2012-3119 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
 	NOT-FOR-US: Oracle PeopleSoft Products (PeopleSoft Enterprise HRMS)
-CVE-2012-3118 (Unspecified vulnerability in the PeoleSoft Enterprise PeopleTools ...)
+CVE-2012-3118 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
 	NOT-FOR-US: Oracle PeopleSoft Products (PeopleSoft Enterprise PeopleTools)
 CVE-2012-3117 (Unspecified vulnerability in the Oracle Transportation Management ...)
 	NOT-FOR-US: Oracle Supply Chain Products Suite
diff --git a/data/CVE/2014.list b/data/CVE/2014.list
index e1aca60e82..8dc82bfe3c 100644
--- a/data/CVE/2014.list
+++ b/data/CVE/2014.list
@@ -19529,7 +19529,7 @@ CVE-2014-2523 (net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel throu
 	[wheezy] - linux 3.2.57-1
 	- linux-2.6 <removed>
 	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/nf_conntrack_proto_dccp.c?id=b22f5126a24b3b2f15448c3f2a254fc10cbc2b92
-CVE-2014-2522 (curl and libcurl 7.27.0 through 7.35.0, when runnning on Windows and ...)
+CVE-2014-2522 (curl and libcurl 7.27.0 through 7.35.0, when running on Windows and ...)
 	- curl <not-affected> (Only present in code only running on Windows)
 CVE-2014-2497 (The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP ...)
 	{DSA-3215-1 DLA-189-1}
diff --git a/data/CVE/2016.list b/data/CVE/2016.list
index 0fe27136a0..7a74482c72 100644
--- a/data/CVE/2016.list
+++ b/data/CVE/2016.list
@@ -320,7 +320,7 @@ CVE-2016-10246 (Buffer overflow in the main function in jstest_main.c in Mujstes
 CVE-2016-10245
 	RESERVED
 CVE-2016-10244 (The parse_charstrings function in type1/t1load.c in FreeType 2 before ...)
-	{DLA-848-1}
+	{DSA-3839-1 DLA-848-1}
 	[experimental] - freetype 2.7.1-0.1
 	- freetype 2.6.3-3.1 (bug #856971)
 	NOTE: Fixed in 2.7: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog?h=VER-2-7
@@ -397,12 +397,12 @@ CVE-2016-10221 (The count_entries function in pdf-layer.c in Artifex Software, I
 	- mupdf <not-affected> (Vulnerable code not yet present)
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697400
 CVE-2016-10220 (The gs_makewordimagedevice function in base/gsdevmem.c in Artifex ...)
-	{DLA-905-1}
+	{DSA-3838-1 DLA-905-1}
 	- ghostscript 9.20~dfsg-3.1 (bug #859694)
 	NOTE: http://www.ghostscript.com/cgi-bin/findgit.cgi?daf85701dab05f17e924a48a81edc9195b4a04e8
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697450
 CVE-2016-10219 (The intersect function in base/gxfill.c in Artifex Software, Inc. ...)
-	{DLA-905-1}
+	{DSA-3838-1 DLA-905-1}
 	- ghostscript 9.20~dfsg-3.1 (bug #859666)
 	NOTE: http://www.ghostscript.com/cgi-bin/findgit.cgi?4bef1a1d32e29b68855616020dbff574b9cda08f
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697453
@@ -5968,26 +5968,26 @@ CVE-2016-8605 (The mkdir procedure of GNU Guile temporarily changed the process'
 	[wheezy] - guile-1.8 <no-dsa> (Minor issue)
 	NOTE: http://bugs.gnu.org/24659
 	NOTE: Patch: http://git.savannah.gnu.org/cgit/guile.git/commit/?h=stable-2.0&id=245608911698adb3472803856019bdd5670b6614
-CVE-2016-8593
-	RESERVED
-CVE-2016-8592
-	RESERVED
-CVE-2016-8591
-	RESERVED
-CVE-2016-8590
-	RESERVED
-CVE-2016-8589
-	RESERVED
-CVE-2016-8588
-	RESERVED
-CVE-2016-8587
-	RESERVED
-CVE-2016-8586
-	RESERVED
-CVE-2016-8585
-	RESERVED
-CVE-2016-8584
-	RESERVED
+CVE-2016-8593 (Directory traversal vulnerability in upload.cgi in Trend Micro Threat ...)
+	TODO: check
+CVE-2016-8592 (log_query_system.cgi in Trend Micro Threat Discovery Appliance ...)
+	TODO: check
+CVE-2016-8591 (log_query.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and ...)
+	TODO: check
+CVE-2016-8590 (log_query_dlp.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 ...)
+	TODO: check
+CVE-2016-8589 (log_query_dae.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 ...)
+	TODO: check
+CVE-2016-8588 (The hotfix_upload.cgi in Trend Micro Threat Discovery Appliance ...)
+	TODO: check
+CVE-2016-8587 (dlp_policy_upload.cgi in Trend Micro Threat Discovery Appliance ...)
+	TODO: check
+CVE-2016-8586 (detected_potential_files.cgi in Trend Micro Threat Discovery Appliance ...)
+	TODO: check
+CVE-2016-8585 (admin_sys_time.cgi in Trend Micro Threat Discovery Appliance ...)
+	TODO: check
+CVE-2016-8584 (Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier uses ...)
+	TODO: check
 CVE-2016-8583 (Multiple GET parameters in the vulnerability scan scheduler of ...)
 	NOT-FOR-US: AlienVault
 CVE-2016-8582 (A vulnerability exists in gauge.php of AlienVault OSSIM and USM before ...)
@@ -8005,16 +8005,16 @@ CVE-2016-7845
 	RESERVED
 CVE-2016-7844
 	RESERVED
-CVE-2016-7843
-	RESERVED
-CVE-2016-7842
-	RESERVED
-CVE-2016-7841
-	RESERVED
-CVE-2016-7840
-	RESERVED
-CVE-2016-7839
-	RESERVED
+CVE-2016-7843 (Directory traversal vulnerability in AttacheCase for Java 0.60 and ...)
+	TODO: check
+CVE-2016-7842 (Directory traversal vulnerability in AttacheCase 2.8.2.8 and earlier ...)
+	TODO: check
+CVE-2016-7841 (Cross-site scripting vulnerability in Olive Diary DX allows remote ...)
+	TODO: check
+CVE-2016-7840 (Cross-site scripting vulnerability in WEB SCHEDULE allows remote ...)
+	TODO: check
+CVE-2016-7839 (Cross-site scripting vulnerability in Olive Blog allows remote ...)
+	TODO: check
 CVE-2016-7838
 	RESERVED
 CVE-2016-7837 [Buffer overflow in parse_line function]
@@ -8065,8 +8065,8 @@ CVE-2016-7817
 	RESERVED
 CVE-2016-7816
 	RESERVED
-CVE-2016-7815
-	RESERVED
+CVE-2016-7815 (Remote Service Manager 3.0.0 to 3.1.4 fails to verify client ...)
+	TODO: check
 CVE-2016-7814
 	RESERVED
 CVE-2016-7813
diff --git a/data/CVE/2017.list b/data/CVE/2017.list
index 6cb69248ca..53ab8102bf 100644
--- a/data/CVE/2017.list
+++ b/data/CVE/2017.list
@@ -1,3 +1,35 @@
+CVE-2017-8324
+	RESERVED
+CVE-2017-8323
+	RESERVED
+CVE-2017-8322
+	RESERVED
+CVE-2017-8321
+	RESERVED
+CVE-2017-8320
+	RESERVED
+CVE-2017-8319
+	RESERVED
+CVE-2017-8318
+	RESERVED
+CVE-2017-8317
+	RESERVED
+CVE-2017-8316
+	RESERVED
+CVE-2017-8315
+	RESERVED
+CVE-2017-8314
+	RESERVED
+CVE-2017-8313
+	RESERVED
+CVE-2017-8312
+	RESERVED
+CVE-2017-8311
+	RESERVED
+CVE-2017-8310
+	RESERVED
+CVE-2017-8309
+	RESERVED
 CVE-2017-8308 (In Avast Antivirus before v17, an unprivileged user (and thus malware ...)
 	NOT-FOR-US: Avast Antivirus
 CVE-2017-8307 (In Avast Antivirus before v17, using the LPC interface API exposed by ...)
@@ -44,6 +76,7 @@ CVE-2017-8301 (LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if ...
 	- libressl <itp> (bug #754513)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/04/27/11
 CVE-2017-8291 (Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and ...)
+	{DSA-3838-1}
 	- ghostscript 9.20~dfsg-3.1 (bug #861295)
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697808 (duplicate of 697799)
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697799 (made private)
@@ -51,6 +84,7 @@ CVE-2017-8291 (Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and
 	NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=04b37bbce174eed24edec7ad5b920eb93db4d47d
 	NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=4f83478c88c2e05d6e8d79ca4557eb039354d2f3
 CVE-2017-8287 (FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a ...)
+	{DSA-3839-1}
 	- freetype <unfixed> (bug #861308)
 	NOTE: Fixed by: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3774fc08b502c3e685afca098b6e8a195aded6a0
 CVE-2017-8286
@@ -438,7 +472,7 @@ CVE-2017-8106 (The handle_invept function in arch/x86/kvm/vmx.c in the Linux ker
 	NOTE: Introduced by: https://git.kernel.org/linus/bfd0a56b90005f8c8a004baf407ad90045c2b11e (3.12-rc1)
 	NOTE: Fixed by: https://git.kernel.org/linus/4b855078601fc422dbac3059f2215e776f49780f (3.16-rc4)
 CVE-2017-8105 (FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a ...)
-	{DLA-918-1}
+	{DSA-3839-1 DLA-918-1}
 	- freetype <unfixed> (bug #861220)
 	NOTE: Fixed by: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f958c48ee431bef8d4d466b40c9cb2d4dbcb7791
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=935
@@ -2792,6 +2826,7 @@ CVE-2017-7208 (The decode_residual function in libavcodec in libav 9.21 allows r
 	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1000
 	NOTE: https://git.libav.org/?p=libav.git;a=commit;h=522d850e68ec4b77d3477b3c8f55b1ba00a9d69a
 CVE-2017-7207 (The mem_get_bits_rectangle function in Artifex Software, Inc. ...)
+	{DSA-3838-1}
 	- ghostscript 9.20~dfsg-3 (bug #858350)
 	[wheezy] - ghostscript <no-dsa> (Minor issue)
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=309eca4e0a31ea70dcc844812691439312dad091
@@ -4143,6 +4178,7 @@ CVE-2017-6598 (A vulnerability in the debug plug-in functionality of the Cisco U
 CVE-2017-6597 (A vulnerability in the local-mgmt CLI command of the Cisco Unified ...)
 	NOT-FOR-US: Cisco
 CVE-2017-6596 (partclone.chkimg in partclone 0.2.89 is prone to a heap-based buffer ...)
+	{DLA-923-1}
 	[experimental] - partclone 0.2.90-1
 	- partclone 0.2.89-3 (bug #857966)
 	[jessie] - partclone <no-dsa> (Minor issue)
@@ -5923,7 +5959,7 @@ CVE-2017-5953 (vim before patch 8.0.0322 does not properly validate values for t
 CVE-2017-5952
 	RESERVED
 CVE-2017-5951 (The mem_get_bits_rectangle function in base/gdevmem.c in Artifex ...)
-	{DLA-905-1}
+	{DSA-3838-1 DLA-905-1}
 	- ghostscript 9.20~dfsg-3.1 (bug #859696)
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697548
 	NOTE: Fixed by: http://git.ghostscript.com/?p=user/chrisl/ghostpdl.git;a=commitdiff;h=bfa6b2ecbe48edc69a7d9d22a12419aed25960b8
@@ -6761,6 +6797,7 @@ CVE-2017-5650 (In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the .
 CVE-2017-5649 (Apache Geode before 1.1.1, when a cluster has enabled security by ...)
 	NOT-FOR-US: Apache Geode
 CVE-2017-5648 (While investigating bug 60718, it was noticed that some calls to ...)
+	{DLA-924-1}
 	- tomcat9 <itp> (bug #802312)
 	- tomcat8 8.5.11-2 (bug #860069)
 	- tomcat7 7.0.72-3
@@ -6771,6 +6808,7 @@ CVE-2017-5648 (While investigating bug 60718, it was noticed that some calls to
 	NOTE: Fixed by: http://svn.apache.org/r1785776 (8.0.x)
 	NOTE: Fixed by: http://svn.apache.org/r1785777 (7.0.x)
 CVE-2017-5647 (A bug in the handling of the pipelined requests in Apache Tomcat ...)
+	{DLA-924-1}
 	- tomcat9 <itp> (bug #802312)
 	- tomcat8 8.5.11-2 (bug #860068)
 	- tomcat7 7.0.72-3
@@ -15113,140 +15151,140 @@ CVE-2017-2158
 	RESERVED
 CVE-2017-2157
 	RESERVED
-CVE-2017-2156
-	RESERVED
-CVE-2017-2155
-	RESERVED
-CVE-2017-2154
-	RESERVED
-CVE-2017-2153
-	RESERVED
-CVE-2017-2152
-	RESERVED
-CVE-2017-2151
-	RESERVED
-CVE-2017-2150
-	RESERVED
-CVE-2017-2149
-	RESERVED
-CVE-2017-2148
-	RESERVED
-CVE-2017-2147
-	RESERVED
+CVE-2017-2156 (Untrusted search path vulnerability in Vivaldi installer for Windows ...)
+	TODO: check
+CVE-2017-2155 (Buffer overflow in Hoozin Viewer 2, 3, 4.1.5.15 and earlier, 5.1.2.13 ...)
+	TODO: check
+CVE-2017-2154 (Cross-site scripting vulnerability in Booking Calendar version 7.1 and ...)
+	TODO: check
+CVE-2017-2153 (SEIL/x86 Fuji 1.70 to 5.62, SEIL/BPV4 5.00 to 5.62, SEIL/X1 1.30 to ...)
+	TODO: check
+CVE-2017-2152 (WNC01WH firmware 1.0.0.9 and earlier allows authenticated attackers to ...)
+	TODO: check
+CVE-2017-2151 (Cross-site scripting vulnerability in Booking Calendar version 7.1 and ...)
+	TODO: check
+CVE-2017-2150 (Directory traversal vulnerability in Booking Calendar version 7.0 and ...)
+	TODO: check
+CVE-2017-2149 (Untrusted search path vulnerability in installers of the software for ...)
+	TODO: check
+CVE-2017-2148 (Cross-site scripting vulnerability in WN-AC1167GR firmware version ...)
+	TODO: check
+CVE-2017-2147 (Cross-site scripting vulnerability in WP Statistics version 12.0.4 and ...)
+	TODO: check
 CVE-2017-2146
 	RESERVED
 CVE-2017-2145
 	RESERVED
 CVE-2017-2144
 	RESERVED
-CVE-2017-2143
-	RESERVED
-CVE-2017-2142
-	RESERVED
-CVE-2017-2141
-	RESERVED
-CVE-2017-2140
-	RESERVED
-CVE-2017-2139
-	RESERVED
+CVE-2017-2143 (CS-Cart Japanese Edition v4.3.10-jp-1 and earlier, CS-Cart Multivendor ...)
+	TODO: check
+CVE-2017-2142 (Buffer overflow in WN-G300R3 firmware Ver.1.03 and earlier allows ...)
+	TODO: check
+CVE-2017-2141 (WN-G300R3 firmware 1.03 and earlier allows attackers with ...)
+	TODO: check
+CVE-2017-2140 (Tablacus Explorer 17.3.30 and earlier allows arbitrary scripts to be ...)
+	TODO: check
+CVE-2017-2139 (CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), ...)
+	TODO: check
 CVE-2017-2138
 	RESERVED
-CVE-2017-2137
-	RESERVED
-CVE-2017-2136
-	RESERVED
-CVE-2017-2135
-	RESERVED
-CVE-2017-2134
-	RESERVED
+CVE-2017-2137 (ProSAFE Plus Configuration Utility prior to 2.3.29 allows remote ...)
+	TODO: check
+CVE-2017-2136 (Cross-site scripting vulnerability in WP Statistics version 12.0.4 and ...)
+	TODO: check
+CVE-2017-2135 (Cross-site scripting vulnerability in WP Statistics version 12.0.1 and ...)
+	TODO: check
+CVE-2017-2134 (Cross-site scripting vulnerability in ASSETBASE 8.0 and earlier allows ...)
+	TODO: check
 CVE-2017-2133
 	RESERVED
 CVE-2017-2132
 	RESERVED
 CVE-2017-2131
 	RESERVED
-CVE-2017-2130
-	RESERVED
+CVE-2017-2130 (Untrusted search path vulnerability in the installer of PhishWall ...)
+	TODO: check
 CVE-2017-2129
 	RESERVED
-CVE-2017-2128
-	RESERVED
-CVE-2017-2127
-	RESERVED
+CVE-2017-2128 (Security guide for website operators allows remote attackers to ...)
+	TODO: check
+CVE-2017-2127 (Cross-site scripting vulnerability in YOP Poll versions prior to 5.8.1 ...)
+	TODO: check
 CVE-2017-2126
 	RESERVED
-CVE-2017-2125
-	RESERVED
-CVE-2017-2124
-	RESERVED
-CVE-2017-2123
-	RESERVED
+CVE-2017-2125 (Privilege escalation vulnerability in CentreCOM AR260S V2 remote ...)
+	TODO: check
+CVE-2017-2124 (Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven's Door ...)
+	TODO: check
+CVE-2017-2123 (Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven's Door ...)
+	TODO: check
 CVE-2017-2122
 	RESERVED
 CVE-2017-2121
 	RESERVED
-CVE-2017-2120
-	RESERVED
-CVE-2017-2119
-	RESERVED
-CVE-2017-2118
-	RESERVED
-CVE-2017-2117
-	RESERVED
-CVE-2017-2116
-	RESERVED
-CVE-2017-2115
-	RESERVED
-CVE-2017-2114
-	RESERVED
-CVE-2017-2113
-	RESERVED
-CVE-2017-2112
-	RESERVED
-CVE-2017-2111
-	RESERVED
-CVE-2017-2110
-	RESERVED
-CVE-2017-2109
-	RESERVED
-CVE-2017-2108
-	RESERVED
-CVE-2017-2107
-	RESERVED
-CVE-2017-2106
-	RESERVED
-CVE-2017-2105
-	RESERVED
-CVE-2017-2104
-	RESERVED
-CVE-2017-2103
-	RESERVED
-CVE-2017-2102
-	RESERVED
-CVE-2017-2101
-	RESERVED
-CVE-2017-2100
-	RESERVED
-CVE-2017-2099
-	RESERVED
-CVE-2017-2098
-	RESERVED
-CVE-2017-2097
-	RESERVED
-CVE-2017-2096
-	RESERVED
-CVE-2017-2095
-	RESERVED
-CVE-2017-2094
-	RESERVED
-CVE-2017-2093
-	RESERVED
-CVE-2017-2092
-	RESERVED
-CVE-2017-2091
-	RESERVED
-CVE-2017-2090
-	RESERVED
+CVE-2017-2120 (SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows ...)
+	TODO: check
+CVE-2017-2119 (Directory traversal vulnerability in WBCE CMS 1.1.10 and earlier ...)
+	TODO: check
+CVE-2017-2118 (Cross-site scripting vulnerability in WBCE CMS 1.1.10 and earlier ...)
+	TODO: check
+CVE-2017-2117 (Directory traversal vulnerability in CubeCart versions prior to 6.1.5 ...)
+	TODO: check
+CVE-2017-2116 (Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers ...)
+	TODO: check
+CVE-2017-2115 (Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers ...)
+	TODO: check
+CVE-2017-2114 (Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 ...)
+	TODO: check
+CVE-2017-2113 (Buffer overflow in TS-WPTCAM firmware version 1.18 and earlier, ...)
+	TODO: check
+CVE-2017-2112 (TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware ...)
+	TODO: check
+CVE-2017-2111 (HTTP header injection vulnerability in TS-WPTCAM firmware version 1.18 ...)
+	TODO: check
+CVE-2017-2110 (The Access CX App for Android prior to 2.0.0.1 and for iOS prior to ...)
+	TODO: check
+CVE-2017-2109 (Cybozu KUNAI for Android 3.0.4 to 3.0.5.1 allow remote attackers to ...)
+	TODO: check
+CVE-2017-2108 (Untrusted search path vulnerability in PrimeDrive Desktop Application ...)
+	TODO: check
+CVE-2017-2107 (Untrusted search path vulnerability in Self-extracting archive files ...)
+	TODO: check
+CVE-2017-2106 (Multiple cross-site scripting vulnerabilities in Webmin versions prior ...)
+	TODO: check
+CVE-2017-2105 (The TVer App for Android 3.2.7 and earlier does not verify X.509 ...)
+	TODO: check
+CVE-2017-2104 (The Business LaLa Call App for Android 1.4.7 and earlier does not ...)
+	TODO: check
+CVE-2017-2103 (The LaLa Call App for Android 2.4.7 and earlier does not verify X.509 ...)
+	TODO: check
+CVE-2017-2102 (Cross-site request forgery (CSRF) vulnerability in Hands-on ...)
+	TODO: check
+CVE-2017-2101 (Hands-on Vulnerability Learning Tool &quot;AppGoat&quot; for Web Application ...)
+	TODO: check
+CVE-2017-2100 (Hands-on Vulnerability Learning Tool &quot;AppGoat&quot; for Web Application ...)
+	TODO: check
+CVE-2017-2099 (Hands-on Vulnerability Learning Tool &quot;AppGoat&quot; for Web Application ...)
+	TODO: check
+CVE-2017-2098 (Directory traversal vulnerability in CubeCart versions prior to 6.1.4 ...)
+	TODO: check
+CVE-2017-2097 (Cross-site request forgery (CSRF) vulnerability in Knowledge versions ...)
+	TODO: check
+CVE-2017-2096 (smalruby-editor v0.4.0 and earlier allows remote attackers to execute ...)
+	TODO: check
+CVE-2017-2095 (Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to ...)
+	TODO: check
+CVE-2017-2094 (Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to ...)
+	TODO: check
+CVE-2017-2093 (Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens ...)
+	TODO: check
+CVE-2017-2092 (Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 ...)
+	TODO: check
+CVE-2017-2091 (Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to ...)
+	TODO: check
+CVE-2017-2090 (Directory traversal vulnerability in CubeCart versions prior to 6.1.4 ...)
+	TODO: check
 CVE-2017-2089
 	RESERVED
 CVE-2017-2088
@@ -16829,8 +16867,8 @@ CVE-2017-1300
 	RESERVED
 CVE-2017-1299
 	RESERVED
-CVE-2017-1298
-	RESERVED
+CVE-2017-1298 (A denial of service vulnerability has been discovered in 40-GbE ...)
+	TODO: check
 CVE-2017-1297
 	RESERVED
 CVE-2017-1296
@@ -17037,8 +17075,8 @@ CVE-2017-1196
 	RESERVED
 CVE-2017-1195
 	RESERVED
-CVE-2017-1194
-	RESERVED
+CVE-2017-1194 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...)
+	TODO: check
 CVE-2017-1193
 	RESERVED
 CVE-2017-1192
@@ -17144,8 +17182,8 @@ CVE-2017-1143 (IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remot
 	NOT-FOR-US: IBM
 CVE-2017-1142 (IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote ...)
 	NOT-FOR-US: IBM
-CVE-2017-1141
-	RESERVED
+CVE-2017-1141 (IBM Insights Foundation for Energy 1.0, 1.5, and 1.6 could allow an ...)
+	TODO: check
 CVE-2017-1140
 	RESERVED
 CVE-2017-1139
author	security tracker role <sectracker@debian.org>	2017-04-28 21:10:11 +0000
committer	security tracker role <sectracker@debian.org>	2017-04-28 21:10:11 +0000
commit	d38900f4f272112b28a34498851b0a309b779f82 (patch)
tree	095a4788a4b6c666650897012cf451278c6a2df1 /data
parent	609f34315aab5b7a09d364216daf9471648c7f70 (diff)