diff options
author | security tracker role <sectracker@debian.org> | 2017-04-28 21:10:11 +0000 |
---|---|---|
committer | security tracker role <sectracker@debian.org> | 2017-04-28 21:10:11 +0000 |
commit | d38900f4f272112b28a34498851b0a309b779f82 (patch) | |
tree | 095a4788a4b6c666650897012cf451278c6a2df1 /data | |
parent | 609f34315aab5b7a09d364216daf9471648c7f70 (diff) |
automatic update
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@51165 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/2007.list | 2 | ||||
-rw-r--r-- | data/CVE/2012.list | 2 | ||||
-rw-r--r-- | data/CVE/2014.list | 2 | ||||
-rw-r--r-- | data/CVE/2016.list | 70 | ||||
-rw-r--r-- | data/CVE/2017.list | 278 |
5 files changed, 196 insertions, 158 deletions
diff --git a/data/CVE/2007.list b/data/CVE/2007.list index 4768f5e5ff..93cec202a9 100644 --- a/data/CVE/2007.list +++ b/data/CVE/2007.list @@ -9012,7 +9012,7 @@ CVE-2007-XXXX [webpy HTTP response splitting vulnerability] NOTE: needs to go through a point update CVE-2007-2967 (Multiple F-Secure anti-virus products for Microsoft Windows and Linux ...) NOT-FOR-US: F-Secure -CVE-2007-2966 (Buffer overflow in the LHA decompresion component in F-Secure ...) +CVE-2007-2966 (Buffer overflow in the LHA decompression component in F-Secure ...) NOT-FOR-US: F-Secure CVE-2007-2965 (Unspecified vulnerability in the Real-time Scanning component in ...) NOT-FOR-US: F-Secure diff --git a/data/CVE/2012.list b/data/CVE/2012.list index 9af73554dc..9a6539f135 100644 --- a/data/CVE/2012.list +++ b/data/CVE/2012.list @@ -8956,7 +8956,7 @@ CVE-2012-3120 (Unspecified vulnerability in Oracle Sun Solaris 8 allows remote . NOT-FOR-US: Oracle Sun Solaris CVE-2012-3119 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) NOT-FOR-US: Oracle PeopleSoft Products (PeopleSoft Enterprise HRMS) -CVE-2012-3118 (Unspecified vulnerability in the PeoleSoft Enterprise PeopleTools ...) +CVE-2012-3118 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) NOT-FOR-US: Oracle PeopleSoft Products (PeopleSoft Enterprise PeopleTools) CVE-2012-3117 (Unspecified vulnerability in the Oracle Transportation Management ...) NOT-FOR-US: Oracle Supply Chain Products Suite diff --git a/data/CVE/2014.list b/data/CVE/2014.list index e1aca60e82..8dc82bfe3c 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -19529,7 +19529,7 @@ CVE-2014-2523 (net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel throu [wheezy] - linux 3.2.57-1 - linux-2.6 <removed> NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/nf_conntrack_proto_dccp.c?id=b22f5126a24b3b2f15448c3f2a254fc10cbc2b92 -CVE-2014-2522 (curl and libcurl 7.27.0 through 7.35.0, when runnning on Windows and ...) +CVE-2014-2522 (curl and libcurl 7.27.0 through 7.35.0, when running on Windows and ...) - curl <not-affected> (Only present in code only running on Windows) CVE-2014-2497 (The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP ...) {DSA-3215-1 DLA-189-1} diff --git a/data/CVE/2016.list b/data/CVE/2016.list index 0fe27136a0..7a74482c72 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -320,7 +320,7 @@ CVE-2016-10246 (Buffer overflow in the main function in jstest_main.c in Mujstes CVE-2016-10245 RESERVED CVE-2016-10244 (The parse_charstrings function in type1/t1load.c in FreeType 2 before ...) - {DLA-848-1} + {DSA-3839-1 DLA-848-1} [experimental] - freetype 2.7.1-0.1 - freetype 2.6.3-3.1 (bug #856971) NOTE: Fixed in 2.7: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog?h=VER-2-7 @@ -397,12 +397,12 @@ CVE-2016-10221 (The count_entries function in pdf-layer.c in Artifex Software, I - mupdf <not-affected> (Vulnerable code not yet present) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697400 CVE-2016-10220 (The gs_makewordimagedevice function in base/gsdevmem.c in Artifex ...) - {DLA-905-1} + {DSA-3838-1 DLA-905-1} - ghostscript 9.20~dfsg-3.1 (bug #859694) NOTE: http://www.ghostscript.com/cgi-bin/findgit.cgi?daf85701dab05f17e924a48a81edc9195b4a04e8 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697450 CVE-2016-10219 (The intersect function in base/gxfill.c in Artifex Software, Inc. ...) - {DLA-905-1} + {DSA-3838-1 DLA-905-1} - ghostscript 9.20~dfsg-3.1 (bug #859666) NOTE: http://www.ghostscript.com/cgi-bin/findgit.cgi?4bef1a1d32e29b68855616020dbff574b9cda08f NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697453 @@ -5968,26 +5968,26 @@ CVE-2016-8605 (The mkdir procedure of GNU Guile temporarily changed the process' [wheezy] - guile-1.8 <no-dsa> (Minor issue) NOTE: http://bugs.gnu.org/24659 NOTE: Patch: http://git.savannah.gnu.org/cgit/guile.git/commit/?h=stable-2.0&id=245608911698adb3472803856019bdd5670b6614 -CVE-2016-8593 - RESERVED -CVE-2016-8592 - RESERVED -CVE-2016-8591 - RESERVED -CVE-2016-8590 - RESERVED -CVE-2016-8589 - RESERVED -CVE-2016-8588 - RESERVED -CVE-2016-8587 - RESERVED -CVE-2016-8586 - RESERVED -CVE-2016-8585 - RESERVED -CVE-2016-8584 - RESERVED +CVE-2016-8593 (Directory traversal vulnerability in upload.cgi in Trend Micro Threat ...) + TODO: check +CVE-2016-8592 (log_query_system.cgi in Trend Micro Threat Discovery Appliance ...) + TODO: check +CVE-2016-8591 (log_query.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and ...) + TODO: check +CVE-2016-8590 (log_query_dlp.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 ...) + TODO: check +CVE-2016-8589 (log_query_dae.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 ...) + TODO: check +CVE-2016-8588 (The hotfix_upload.cgi in Trend Micro Threat Discovery Appliance ...) + TODO: check +CVE-2016-8587 (dlp_policy_upload.cgi in Trend Micro Threat Discovery Appliance ...) + TODO: check +CVE-2016-8586 (detected_potential_files.cgi in Trend Micro Threat Discovery Appliance ...) + TODO: check +CVE-2016-8585 (admin_sys_time.cgi in Trend Micro Threat Discovery Appliance ...) + TODO: check +CVE-2016-8584 (Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier uses ...) + TODO: check CVE-2016-8583 (Multiple GET parameters in the vulnerability scan scheduler of ...) NOT-FOR-US: AlienVault CVE-2016-8582 (A vulnerability exists in gauge.php of AlienVault OSSIM and USM before ...) @@ -8005,16 +8005,16 @@ CVE-2016-7845 RESERVED CVE-2016-7844 RESERVED -CVE-2016-7843 - RESERVED -CVE-2016-7842 - RESERVED -CVE-2016-7841 - RESERVED -CVE-2016-7840 - RESERVED -CVE-2016-7839 - RESERVED +CVE-2016-7843 (Directory traversal vulnerability in AttacheCase for Java 0.60 and ...) + TODO: check +CVE-2016-7842 (Directory traversal vulnerability in AttacheCase 2.8.2.8 and earlier ...) + TODO: check +CVE-2016-7841 (Cross-site scripting vulnerability in Olive Diary DX allows remote ...) + TODO: check +CVE-2016-7840 (Cross-site scripting vulnerability in WEB SCHEDULE allows remote ...) + TODO: check +CVE-2016-7839 (Cross-site scripting vulnerability in Olive Blog allows remote ...) + TODO: check CVE-2016-7838 RESERVED CVE-2016-7837 [Buffer overflow in parse_line function] @@ -8065,8 +8065,8 @@ CVE-2016-7817 RESERVED CVE-2016-7816 RESERVED -CVE-2016-7815 - RESERVED +CVE-2016-7815 (Remote Service Manager 3.0.0 to 3.1.4 fails to verify client ...) + TODO: check CVE-2016-7814 RESERVED CVE-2016-7813 diff --git a/data/CVE/2017.list b/data/CVE/2017.list index 6cb69248ca..53ab8102bf 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -1,3 +1,35 @@ +CVE-2017-8324 + RESERVED +CVE-2017-8323 + RESERVED +CVE-2017-8322 + RESERVED +CVE-2017-8321 + RESERVED +CVE-2017-8320 + RESERVED +CVE-2017-8319 + RESERVED +CVE-2017-8318 + RESERVED +CVE-2017-8317 + RESERVED +CVE-2017-8316 + RESERVED +CVE-2017-8315 + RESERVED +CVE-2017-8314 + RESERVED +CVE-2017-8313 + RESERVED +CVE-2017-8312 + RESERVED +CVE-2017-8311 + RESERVED +CVE-2017-8310 + RESERVED +CVE-2017-8309 + RESERVED CVE-2017-8308 (In Avast Antivirus before v17, an unprivileged user (and thus malware ...) NOT-FOR-US: Avast Antivirus CVE-2017-8307 (In Avast Antivirus before v17, using the LPC interface API exposed by ...) @@ -44,6 +76,7 @@ CVE-2017-8301 (LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if ... - libressl <itp> (bug #754513) NOTE: http://www.openwall.com/lists/oss-security/2017/04/27/11 CVE-2017-8291 (Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and ...) + {DSA-3838-1} - ghostscript 9.20~dfsg-3.1 (bug #861295) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697808 (duplicate of 697799) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697799 (made private) @@ -51,6 +84,7 @@ CVE-2017-8291 (Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=04b37bbce174eed24edec7ad5b920eb93db4d47d NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=4f83478c88c2e05d6e8d79ca4557eb039354d2f3 CVE-2017-8287 (FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a ...) + {DSA-3839-1} - freetype <unfixed> (bug #861308) NOTE: Fixed by: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3774fc08b502c3e685afca098b6e8a195aded6a0 CVE-2017-8286 @@ -438,7 +472,7 @@ CVE-2017-8106 (The handle_invept function in arch/x86/kvm/vmx.c in the Linux ker NOTE: Introduced by: https://git.kernel.org/linus/bfd0a56b90005f8c8a004baf407ad90045c2b11e (3.12-rc1) NOTE: Fixed by: https://git.kernel.org/linus/4b855078601fc422dbac3059f2215e776f49780f (3.16-rc4) CVE-2017-8105 (FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a ...) - {DLA-918-1} + {DSA-3839-1 DLA-918-1} - freetype <unfixed> (bug #861220) NOTE: Fixed by: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f958c48ee431bef8d4d466b40c9cb2d4dbcb7791 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=935 @@ -2792,6 +2826,7 @@ CVE-2017-7208 (The decode_residual function in libavcodec in libav 9.21 allows r NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1000 NOTE: https://git.libav.org/?p=libav.git;a=commit;h=522d850e68ec4b77d3477b3c8f55b1ba00a9d69a CVE-2017-7207 (The mem_get_bits_rectangle function in Artifex Software, Inc. ...) + {DSA-3838-1} - ghostscript 9.20~dfsg-3 (bug #858350) [wheezy] - ghostscript <no-dsa> (Minor issue) NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=309eca4e0a31ea70dcc844812691439312dad091 @@ -4143,6 +4178,7 @@ CVE-2017-6598 (A vulnerability in the debug plug-in functionality of the Cisco U CVE-2017-6597 (A vulnerability in the local-mgmt CLI command of the Cisco Unified ...) NOT-FOR-US: Cisco CVE-2017-6596 (partclone.chkimg in partclone 0.2.89 is prone to a heap-based buffer ...) + {DLA-923-1} [experimental] - partclone 0.2.90-1 - partclone 0.2.89-3 (bug #857966) [jessie] - partclone <no-dsa> (Minor issue) @@ -5923,7 +5959,7 @@ CVE-2017-5953 (vim before patch 8.0.0322 does not properly validate values for t CVE-2017-5952 RESERVED CVE-2017-5951 (The mem_get_bits_rectangle function in base/gdevmem.c in Artifex ...) - {DLA-905-1} + {DSA-3838-1 DLA-905-1} - ghostscript 9.20~dfsg-3.1 (bug #859696) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697548 NOTE: Fixed by: http://git.ghostscript.com/?p=user/chrisl/ghostpdl.git;a=commitdiff;h=bfa6b2ecbe48edc69a7d9d22a12419aed25960b8 @@ -6761,6 +6797,7 @@ CVE-2017-5650 (In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the . CVE-2017-5649 (Apache Geode before 1.1.1, when a cluster has enabled security by ...) NOT-FOR-US: Apache Geode CVE-2017-5648 (While investigating bug 60718, it was noticed that some calls to ...) + {DLA-924-1} - tomcat9 <itp> (bug #802312) - tomcat8 8.5.11-2 (bug #860069) - tomcat7 7.0.72-3 @@ -6771,6 +6808,7 @@ CVE-2017-5648 (While investigating bug 60718, it was noticed that some calls to NOTE: Fixed by: http://svn.apache.org/r1785776 (8.0.x) NOTE: Fixed by: http://svn.apache.org/r1785777 (7.0.x) CVE-2017-5647 (A bug in the handling of the pipelined requests in Apache Tomcat ...) + {DLA-924-1} - tomcat9 <itp> (bug #802312) - tomcat8 8.5.11-2 (bug #860068) - tomcat7 7.0.72-3 @@ -15113,140 +15151,140 @@ CVE-2017-2158 RESERVED CVE-2017-2157 RESERVED -CVE-2017-2156 - RESERVED -CVE-2017-2155 - RESERVED -CVE-2017-2154 - RESERVED -CVE-2017-2153 - RESERVED -CVE-2017-2152 - RESERVED -CVE-2017-2151 - RESERVED -CVE-2017-2150 - RESERVED -CVE-2017-2149 - RESERVED -CVE-2017-2148 - RESERVED -CVE-2017-2147 - RESERVED +CVE-2017-2156 (Untrusted search path vulnerability in Vivaldi installer for Windows ...) + TODO: check +CVE-2017-2155 (Buffer overflow in Hoozin Viewer 2, 3, 4.1.5.15 and earlier, 5.1.2.13 ...) + TODO: check +CVE-2017-2154 (Cross-site scripting vulnerability in Booking Calendar version 7.1 and ...) + TODO: check +CVE-2017-2153 (SEIL/x86 Fuji 1.70 to 5.62, SEIL/BPV4 5.00 to 5.62, SEIL/X1 1.30 to ...) + TODO: check +CVE-2017-2152 (WNC01WH firmware 1.0.0.9 and earlier allows authenticated attackers to ...) + TODO: check +CVE-2017-2151 (Cross-site scripting vulnerability in Booking Calendar version 7.1 and ...) + TODO: check +CVE-2017-2150 (Directory traversal vulnerability in Booking Calendar version 7.0 and ...) + TODO: check +CVE-2017-2149 (Untrusted search path vulnerability in installers of the software for ...) + TODO: check +CVE-2017-2148 (Cross-site scripting vulnerability in WN-AC1167GR firmware version ...) + TODO: check +CVE-2017-2147 (Cross-site scripting vulnerability in WP Statistics version 12.0.4 and ...) + TODO: check CVE-2017-2146 RESERVED CVE-2017-2145 RESERVED CVE-2017-2144 RESERVED -CVE-2017-2143 - RESERVED -CVE-2017-2142 - RESERVED -CVE-2017-2141 - RESERVED -CVE-2017-2140 - RESERVED -CVE-2017-2139 - RESERVED +CVE-2017-2143 (CS-Cart Japanese Edition v4.3.10-jp-1 and earlier, CS-Cart Multivendor ...) + TODO: check +CVE-2017-2142 (Buffer overflow in WN-G300R3 firmware Ver.1.03 and earlier allows ...) + TODO: check +CVE-2017-2141 (WN-G300R3 firmware 1.03 and earlier allows attackers with ...) + TODO: check +CVE-2017-2140 (Tablacus Explorer 17.3.30 and earlier allows arbitrary scripts to be ...) + TODO: check +CVE-2017-2139 (CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), ...) + TODO: check CVE-2017-2138 RESERVED -CVE-2017-2137 - RESERVED -CVE-2017-2136 - RESERVED -CVE-2017-2135 - RESERVED -CVE-2017-2134 - RESERVED +CVE-2017-2137 (ProSAFE Plus Configuration Utility prior to 2.3.29 allows remote ...) + TODO: check +CVE-2017-2136 (Cross-site scripting vulnerability in WP Statistics version 12.0.4 and ...) + TODO: check +CVE-2017-2135 (Cross-site scripting vulnerability in WP Statistics version 12.0.1 and ...) + TODO: check +CVE-2017-2134 (Cross-site scripting vulnerability in ASSETBASE 8.0 and earlier allows ...) + TODO: check CVE-2017-2133 RESERVED CVE-2017-2132 RESERVED CVE-2017-2131 RESERVED -CVE-2017-2130 - RESERVED +CVE-2017-2130 (Untrusted search path vulnerability in the installer of PhishWall ...) + TODO: check CVE-2017-2129 RESERVED -CVE-2017-2128 - RESERVED -CVE-2017-2127 - RESERVED +CVE-2017-2128 (Security guide for website operators allows remote attackers to ...) + TODO: check +CVE-2017-2127 (Cross-site scripting vulnerability in YOP Poll versions prior to 5.8.1 ...) + TODO: check CVE-2017-2126 RESERVED -CVE-2017-2125 - RESERVED -CVE-2017-2124 - RESERVED -CVE-2017-2123 - RESERVED +CVE-2017-2125 (Privilege escalation vulnerability in CentreCOM AR260S V2 remote ...) + TODO: check +CVE-2017-2124 (Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven's Door ...) + TODO: check +CVE-2017-2123 (Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven's Door ...) + TODO: check CVE-2017-2122 RESERVED CVE-2017-2121 RESERVED -CVE-2017-2120 - RESERVED -CVE-2017-2119 - RESERVED -CVE-2017-2118 - RESERVED -CVE-2017-2117 - RESERVED -CVE-2017-2116 - RESERVED -CVE-2017-2115 - RESERVED -CVE-2017-2114 - RESERVED -CVE-2017-2113 - RESERVED -CVE-2017-2112 - RESERVED -CVE-2017-2111 - RESERVED -CVE-2017-2110 - RESERVED -CVE-2017-2109 - RESERVED -CVE-2017-2108 - RESERVED -CVE-2017-2107 - RESERVED -CVE-2017-2106 - RESERVED -CVE-2017-2105 - RESERVED -CVE-2017-2104 - RESERVED -CVE-2017-2103 - RESERVED -CVE-2017-2102 - RESERVED -CVE-2017-2101 - RESERVED -CVE-2017-2100 - RESERVED -CVE-2017-2099 - RESERVED -CVE-2017-2098 - RESERVED -CVE-2017-2097 - RESERVED -CVE-2017-2096 - RESERVED -CVE-2017-2095 - RESERVED -CVE-2017-2094 - RESERVED -CVE-2017-2093 - RESERVED -CVE-2017-2092 - RESERVED -CVE-2017-2091 - RESERVED -CVE-2017-2090 - RESERVED +CVE-2017-2120 (SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows ...) + TODO: check +CVE-2017-2119 (Directory traversal vulnerability in WBCE CMS 1.1.10 and earlier ...) + TODO: check +CVE-2017-2118 (Cross-site scripting vulnerability in WBCE CMS 1.1.10 and earlier ...) + TODO: check +CVE-2017-2117 (Directory traversal vulnerability in CubeCart versions prior to 6.1.5 ...) + TODO: check +CVE-2017-2116 (Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers ...) + TODO: check +CVE-2017-2115 (Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers ...) + TODO: check +CVE-2017-2114 (Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 ...) + TODO: check +CVE-2017-2113 (Buffer overflow in TS-WPTCAM firmware version 1.18 and earlier, ...) + TODO: check +CVE-2017-2112 (TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware ...) + TODO: check +CVE-2017-2111 (HTTP header injection vulnerability in TS-WPTCAM firmware version 1.18 ...) + TODO: check +CVE-2017-2110 (The Access CX App for Android prior to 2.0.0.1 and for iOS prior to ...) + TODO: check +CVE-2017-2109 (Cybozu KUNAI for Android 3.0.4 to 3.0.5.1 allow remote attackers to ...) + TODO: check +CVE-2017-2108 (Untrusted search path vulnerability in PrimeDrive Desktop Application ...) + TODO: check +CVE-2017-2107 (Untrusted search path vulnerability in Self-extracting archive files ...) + TODO: check +CVE-2017-2106 (Multiple cross-site scripting vulnerabilities in Webmin versions prior ...) + TODO: check +CVE-2017-2105 (The TVer App for Android 3.2.7 and earlier does not verify X.509 ...) + TODO: check +CVE-2017-2104 (The Business LaLa Call App for Android 1.4.7 and earlier does not ...) + TODO: check +CVE-2017-2103 (The LaLa Call App for Android 2.4.7 and earlier does not verify X.509 ...) + TODO: check +CVE-2017-2102 (Cross-site request forgery (CSRF) vulnerability in Hands-on ...) + TODO: check +CVE-2017-2101 (Hands-on Vulnerability Learning Tool "AppGoat" for Web Application ...) + TODO: check +CVE-2017-2100 (Hands-on Vulnerability Learning Tool "AppGoat" for Web Application ...) + TODO: check +CVE-2017-2099 (Hands-on Vulnerability Learning Tool "AppGoat" for Web Application ...) + TODO: check +CVE-2017-2098 (Directory traversal vulnerability in CubeCart versions prior to 6.1.4 ...) + TODO: check +CVE-2017-2097 (Cross-site request forgery (CSRF) vulnerability in Knowledge versions ...) + TODO: check +CVE-2017-2096 (smalruby-editor v0.4.0 and earlier allows remote attackers to execute ...) + TODO: check +CVE-2017-2095 (Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to ...) + TODO: check +CVE-2017-2094 (Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to ...) + TODO: check +CVE-2017-2093 (Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens ...) + TODO: check +CVE-2017-2092 (Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 ...) + TODO: check +CVE-2017-2091 (Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to ...) + TODO: check +CVE-2017-2090 (Directory traversal vulnerability in CubeCart versions prior to 6.1.4 ...) + TODO: check CVE-2017-2089 RESERVED CVE-2017-2088 @@ -16829,8 +16867,8 @@ CVE-2017-1300 RESERVED CVE-2017-1299 RESERVED -CVE-2017-1298 - RESERVED +CVE-2017-1298 (A denial of service vulnerability has been discovered in 40-GbE ...) + TODO: check CVE-2017-1297 RESERVED CVE-2017-1296 @@ -17037,8 +17075,8 @@ CVE-2017-1196 RESERVED CVE-2017-1195 RESERVED -CVE-2017-1194 - RESERVED +CVE-2017-1194 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...) + TODO: check CVE-2017-1193 RESERVED CVE-2017-1192 @@ -17144,8 +17182,8 @@ CVE-2017-1143 (IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remot NOT-FOR-US: IBM CVE-2017-1142 (IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote ...) NOT-FOR-US: IBM -CVE-2017-1141 - RESERVED +CVE-2017-1141 (IBM Insights Foundation for Energy 1.0, 1.5, and 1.6 could allow an ...) + TODO: check CVE-2017-1140 RESERVED CVE-2017-1139 |