Author: sectracker
Date: 2017-10-11 09:10:12 +0000 (Wed, 11 Oct 2017)
New Revision: 56596
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-11 09:04:44 UTC (rev 56595)
+++ data/CVE/list 2017-10-11 09:10:12 UTC (rev 56596)
@@ -1,6 +1,104 @@
-CVE-2016-10514
+CVE-2017-15265
+ RESERVED
+CVE-2017-15264
+ RESERVED
+CVE-2017-15263
+ RESERVED
+CVE-2017-15262
+ RESERVED
+CVE-2017-15261
+ RESERVED
+CVE-2017-15260
+ RESERVED
+CVE-2017-15259
+ RESERVED
+CVE-2017-15258
+ RESERVED
+CVE-2017-15257
+ RESERVED
+CVE-2017-15256
+ RESERVED
+CVE-2017-15255
+ RESERVED
+CVE-2017-15254
+ RESERVED
+CVE-2017-15253
+ RESERVED
+CVE-2017-15252
+ RESERVED
+CVE-2017-15251
+ RESERVED
+CVE-2017-15250
+ RESERVED
+CVE-2017-15249
+ RESERVED
+CVE-2017-15248
+ RESERVED
+CVE-2017-15247
+ RESERVED
+CVE-2017-15246
+ RESERVED
+CVE-2017-15245
+ RESERVED
+CVE-2017-15244
+ RESERVED
+CVE-2017-15243
+ RESERVED
+CVE-2017-15242
+ RESERVED
+CVE-2017-15241
+ RESERVED
+CVE-2017-15240
+ RESERVED
+CVE-2017-15239
+ RESERVED
+CVE-2017-15238 (ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26 has a
...)
+ TODO: check
+CVE-2017-15237
+ RESERVED
+CVE-2017-15236 (Tiandy IP cameras 5.56.17.120 do not properly restrict a
certain ...)
+ TODO: check
+CVE-2017-15235 (The File Manager (gollem) module 3.0.11 in Horde Groupware
5.2.21 ...)
+ TODO: check
+CVE-2017-15234
+ RESERVED
+CVE-2017-15233
+ RESERVED
+CVE-2017-15232 (libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in
jdpostct.c and ...)
+ TODO: check
+CVE-2017-15231
+ RESERVED
+CVE-2017-15230
+ RESERVED
+CVE-2017-15229
+ RESERVED
+CVE-2017-15228
+ RESERVED
+CVE-2017-15227
+ RESERVED
+CVE-2017-15226 (Zyxel NBG6716 V1.00(AAKG.9)C0 devices allow command injection
in the ...)
+ TODO: check
+CVE-2017-15225 (_bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File
...)
+ TODO: check
+CVE-2017-15224
+ RESERVED
+CVE-2017-15223
+ RESERVED
+CVE-2017-15222
+ RESERVED
+CVE-2017-15221
+ RESERVED
+CVE-2017-15220
+ RESERVED
+CVE-2017-15219 (The dotCMS 4.1.1 application is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2017-15218 (ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in
...)
+ TODO: check
+CVE-2017-15217 (ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in
coders/sgi.c. ...)
+ TODO: check
+CVE-2016-10514 (url_check_format in include/functions.inc.php in Piwigo before
2.8.3 ...)
- piwigo <removed>
-CVE-2016-10513
+CVE-2016-10513 (Cross Site Scripting (XSS) exists in Piwigo before 2.8.3 via a
crafted ...)
- piwigo <removed>
CVE-2017-15216 (MISP before 2.4.81 has a potential reflected XSS in a
quickDelete ...)
NOT-FOR-US: MISP
@@ -46,16 +144,16 @@
- kanboard <itp> (bug #790814)
CVE-2017-15195 (In Kanboard before 1.0.47, by altering form data, an
authenticated user ...)
- kanboard <itp> (bug #790814)
-CVE-2017-15193
- RESERVED
-CVE-2017-15192
- RESERVED
-CVE-2017-15191
- RESERVED
-CVE-2017-15190
- RESERVED
-CVE-2017-15189
- RESERVED
+CVE-2017-15193 (In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the MBIM
dissector ...)
+ TODO: check
+CVE-2017-15192 (In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the BT ATT
dissector ...)
+ TODO: check
+CVE-2017-15191 (In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to
2.0.15, the ...)
+ TODO: check
+CVE-2017-15190 (In Wireshark 2.4.0 to 2.4.1, the RTSP dissector could crash.
This was ...)
+ TODO: check
+CVE-2017-15189 (In Wireshark 2.4.0 to 2.4.1, the DOCSIS dissector could go
into an ...)
+ TODO: check
CVE-2017-15188 (A persistent (stored) XSS vulnerability in the EyesOfNetwork
web ...)
NOT-FOR-US: EyesOfNetwork (EON)
CVE-2017-15187
@@ -489,11 +587,13 @@
- lame <unfixed>
NOTE: https://sourceforge.net/p/lame/bugs/480/
CVE-2017-15017 (ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference
vulnerability in ...)
+ {DLA-1131-1}
- imagemagick <unfixed>
NOTE: https://github.com/ImageMagick/ImageMagick/issues/723
NOTE: ImageMagick-6:
https://github.com/ImageMagick/ImageMagick/commit/5a1006a249516a875558c3d642e719b1eac8f820
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/0cff8bac0a47f8693cfe57f026fcd752689ff375
CVE-2017-15016 (ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference
vulnerability in ...)
+ {DLA-1131-1}
- imagemagick <unfixed>
NOTE: https://github.com/ImageMagick/ImageMagick/issues/725
NOTE: ImageMagick-6:
https://github.com/ImageMagick/ImageMagick/commit/8254d24b86a62803231773ecf54c707aef4a1457
@@ -610,6 +710,7 @@
- wordpress 4.8.2+dfsg-2 (bug #877629)
NOTE: https://core.trac.wordpress.org/ticket/38474
CVE-2017-14989 (A use-after-free in RenderFreetype in MagickCore/annotate.c in
...)
+ {DLA-1131-1}
- imagemagick <unfixed>
NOTE: https://github.com/ImageMagick/ImageMagick/issues/781
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/97740ccc177ee264e79091fa573d994eb6b05628
@@ -1237,6 +1338,7 @@
CVE-2017-14742
RESERVED
CVE-2017-14741 (The ReadCAPTIONImage function in coders/caption.c in
ImageMagick ...)
+ {DLA-1131-1}
- imagemagick <unfixed>
NOTE: https://github.com/ImageMagick/ImageMagick/issues/771
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/7d8e14899c562157c7760a77fc91625a27cb596f
@@ -1244,6 +1346,7 @@
CVE-2017-14740
RESERVED
CVE-2017-14739 (The AcquireResampleFilterThreadSet function in ...)
+ {DLA-1131-1}
- imagemagick <unfixed>
NOTE: https://github.com/ImageMagick/ImageMagick/issues/780
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/6017a80fe8327fefb77fa677d81154db2b857d1d
@@ -1411,6 +1514,7 @@
CVE-2017-14683 (geminabox (aka Gem in a Box) before 0.13.7 has CSRF, as
demonstrated by ...)
NOT-FOR-US: geminabox
CVE-2017-14682 (GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows
remote ...)
+ {DLA-1131-1}
- imagemagick <unfixed> (bug #876488)
NOTE:
https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32726
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/3bee958ee63eb6ec62834d0c7b28b4b6835e6a00
@@ -1633,6 +1737,7 @@
NOTE:
https://github.com/LibRaw/LibRaw/commit/d13e8f6d1e987b7491182040a188c16a395f1d21
NOTE: https://github.com/LibRaw/LibRaw/issues/101
CVE-2017-14607 (In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related
to ...)
+ {DLA-1131-1}
- imagemagick <unfixed> (low)
NOTE: IM6 patch:
https://github.com/ImageMagick/ImageMagick/commit/cd665c3d05b46d1579c738a72214175ff50aec74
NOTE: https://github.com/ImageMagick/ImageMagick/issues/765
@@ -1892,6 +1997,7 @@
CVE-2017-14506 (geminabox (aka Gem in a Box) before 0.13.6 has XSS, as
demonstrated by ...)
NOT-FOR-US: geminabox
CVE-2017-14505 (DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick
7.0.7-1 ...)
+ {DLA-1131-1}
- imagemagick <unfixed>
NOTE: https://github.com/ImageMagick/ImageMagick/issues/716
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/6ad5fc3c9b652eec27fc0b1a0817159f8547d5d9
@@ -2219,6 +2325,7 @@
CVE-2017-14401 (The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL
injection ...)
NOT-FOR-US: EyesOfNetwork (EON)
CVE-2017-14400 (In ImageMagick 7.0.7-1 Q16, the PersistPixelCache function in
...)
+ {DLA-1131-1}
- imagemagick <unfixed> (low)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/746
NOTE: im6 patch:
https://github.com/ImageMagick/ImageMagick/commit/04b863f15effa4375e4ee42f413f0246062b48af
@@ -2346,6 +2453,7 @@
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/4e378ea8fb99e869768f34e900105e8c769adfcd
NOTE: ImageMagick-6:
https://github.com/ImageMagick/ImageMagick/commit/6d5b22baedd49ef8a35011789bd600762ce1ef21
CVE-2017-14341 (ImageMagick 7.0.6-6 has a large loop vulnerability in
ReadWPGImage in ...)
+ {DLA-1131-1}
- imagemagick <unfixed> (low; bug #876105)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/654
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/7d63315a64267c565d1f34b9cb523a14616fed24
@@ -2413,17 +2521,21 @@
CVE-2017-14320 (Mirasvit Helpdesk MX before 1.5.3 might allow remote attackers
to ...)
NOT-FOR-US: Mirasvit Helpdesk MX
CVE-2017-14319 (A grant unmapping issue was discovered in Xen through 4.9.x.
When ...)
+ {DLA-1132-1}
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-234.html
CVE-2017-14318 (An issue was discovered in Xen 4.5.x through 4.9.x. The
function ...)
+ {DLA-1132-1}
- xen <unfixed>
[jessie] - xen <not-affected> (Only affects 4.5 and later)
NOTE: https://xenbits.xen.org/xsa/advisory-232.html
NOTE: Wheezy will be affected with the upcoming grant table backport
CVE-2017-14317 (A domain cleanup issue was discovered in the C xenstore daemon
(aka ...)
+ {DLA-1132-1}
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-233.html
CVE-2017-14316 (A parameter verification issue was discovered in Xen through
4.9.x. The ...)
+ {DLA-1132-1}
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-231.html
CVE-2017-14315 (In Apple iOS 7 through 9, due to a BlueBorne flaw in the
implementation ...)
@@ -2597,6 +2709,7 @@
CVE-2017-14250
RESERVED
CVE-2017-14249 (ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage
in ...)
+ {DLA-1131-1}
- imagemagick <unfixed> (low; bug #876099)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/708
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/2071d67ebf729f76d73c33c1152df4816d1d79ac
@@ -2706,6 +2819,7 @@
- libav <undetermined>
NOTE:
https://github.com/FFmpeg/FFmpeg/commit/837cb4325b712ff1aab531bf41668933f61d75d2
CVE-2017-14224 (A heap-based buffer overflow in WritePCXImage in coders/pcx.c
in ...)
+ {DLA-1131-1}
- imagemagick <unfixed> (bug #876097)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/733
NOTE: ImageMagick-6:
https://github.com/ImageMagick/ImageMagick/commit/7f2d6fe34d695d3445e2d50937db5541a1b76bde
@@ -2811,19 +2925,23 @@
CVE-2017-14181 (DeleteBitBuffer in libbitbuf/bitbuffer.c in mp4tools
aacplusenc 0.17.5 ...)
NOT-FOR-US: aacplusenc
CVE-2017-14175 (In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in
ReadXBMImage() due ...)
+ {DLA-1131-1}
- imagemagick <unfixed> (bug #875502)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/712
NOTE: ImageMagick-6:
https://github.com/ImageMagick/ImageMagick/commit/b8c63b156bf26b52e710b1a0643c846a6cd01e56
CVE-2017-14174 (In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ...)
+ {DLA-1131-1}
- imagemagick <unfixed> (bug #875503)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/714
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/04a567494786d5bb50894fc8bb8fea0cf496bea8
NOTE: ImageMagick-6:
https://github.com/ImageMagick/ImageMagick/commit/f68a98a9d385838a1c73ec960a14102949940a64
CVE-2017-14173 (In the function ReadTXTImage() in coders/txt.c in ImageMagick
7.0.6-10, ...)
+ {DLA-1131-1}
- imagemagick <unfixed> (bug #875504)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/713
NOTE: ImageMagick-6:
https://github.com/ImageMagick/ImageMagick/commit/48bcf7c39302cdf9b0d9202ad03bf1b95152c44d
CVE-2017-14172 (In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in
ReadPSImage() due ...)
+ {DLA-1131-1}
- imagemagick <unfixed> (bug #875506)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/715
NOTE: ImageMagick-6:
https://github.com/ImageMagick/ImageMagick/commit/8598a497e2d1f556a34458cf54b40ba40674734c
@@ -3226,6 +3344,7 @@
- libidn <not-affected> (Vulnerable code not present)
NOTE:
https://gitlab.com/libidn/libidn2/commit/16853b6973a1e72fee2b7cccda85472cb9951305
CVE-2017-14060 (In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is
present in ...)
+ {DLA-1131-1}
- imagemagick <unfixed>
NOTE: https://github.com/ImageMagick/ImageMagick/issues/710
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/c535e1f1a6b1faaa35e007df4fc535ec08daa97c
@@ -3858,6 +3977,7 @@
CVE-2017-13770
RESERVED
CVE-2017-13769 (The WriteTHUMBNAILImage function in coders/thumbnail.c in
ImageMagick ...)
+ {DLA-1131-1}
- imagemagick <unfixed> (low)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/705
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/45d342155b5e9b83904c695411d20f33cf9b524c
@@ -3866,6 +3986,7 @@
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/5a3897693a8b4e97add649c0ca1d538bd90f59c9
NOTE: ImageMagick-6:
https://github.com/ImageMagick/ImageMagick/commit/abb9d1322317733b799e8b87b2e346b3038f3260
CVE-2017-13768 (Null Pointer Dereference in the IdentifyImage function in ...)
+ {DLA-1131-1}
- imagemagick <unfixed> (low; bug #875352)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/706
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/152e510e2b7858efe5992ed95090d8e0049417f3
@@ -3904,6 +4025,7 @@
CVE-2017-13759
RESERVED
CVE-2017-13758 (In ImageMagick 7.0.6-10, there is a heap-based buffer overflow
in the ...)
+ {DLA-1131-1}
- imagemagick <unfixed>
NOTE:
https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32583
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/ef6cee1bcf144b7c9285787920361a53296e7907
@@ -6704,6 +6826,7 @@
NOTE: https://github.com/ImageMagick/ImageMagick/issues/663
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/1cc6f0ccc92c20c7cab6c4a7335daf29c91f0d8e
CVE-2017-12875 (The WritePixelCachePixels function in ImageMagick 7.0.6-6
allows ...)
+ {DLA-1131-1}
- imagemagick <unfixed> (bug #873871)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/659
NOTE: ImageMagick-6:
https://github.com/ImageMagick/ImageMagick/commit/6f95e543c80319721e22d623bb23712cd29afa9e
@@ -6771,7 +6894,7 @@
- simplesamlphp 1.14.15-1
NOTE: https://simplesamlphp.org/security/201708-01
CVE-2017-12855 (Xen maintains the _GTF_{read,writ}ing bits as appropriate, to
inform ...)
- {DSA-3969-1}
+ {DSA-3969-1 DLA-1132-1}
- xen 4.8.1-1+deb9u3
NOTE: https://xenbits.xen.org/xsa/advisory-230.html
CVE-2017-12853 (The RealTime RWR-3G-100 Router Firmware Version : Ver1.0.56 is
...)
@@ -7205,16 +7328,19 @@
NOTE: https://curl.haxx.se/CVE-2017-1000099.patch
NOTE: Introduced by: https://github.com/curl/curl/commit/7c312f84ea930d8
CVE-2017-12693 (The ReadBMPImage function in coders/bmp.c in ImageMagick
7.0.6-6 ...)
+ {DLA-1131-1}
- imagemagick <unfixed> (bug #875341)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/652
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/75fcbf5d649bba046c6a0db650a518f7bfc0fb3f
NOTE: ImageMagick-6:
https://github.com/ImageMagick/ImageMagick/commit/6709bd585b9609a9cf98a7042089f3e725886d5e
CVE-2017-12692 (The ReadVIFFImage function in coders/viff.c in ImageMagick
7.0.6-6 ...)
+ {DLA-1131-1}
- imagemagick <unfixed> (bug #875339)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/653
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/4a25fe5447bfb3a1918a2e9d595928e853b09d2e
NOTE: ImageMagick-6:
https://github.com/ImageMagick/ImageMagick/commit/5919dc606bc1d6022d3d2d205a91fdbe98de9e15
CVE-2017-12691 (The ReadOneLayer function in coders/xcf.c in ImageMagick
7.0.6-6 ...)
+ {DLA-1131-1}
- imagemagick <unfixed> (bug #875338)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/656
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/f1ea048a3a34df293764502401d966aeacf9179d
@@ -8627,7 +8753,7 @@
CVE-2017-12138 (XOOPS Core 2.5.8 has a stored URL redirect bypass
vulnerability in ...)
NOT-FOR-US: XOOPS
CVE-2017-12137 (arch/x86/mm.c in Xen allows local PV guest OS users to gain
host OS ...)
- {DSA-3969-1}
+ {DSA-3969-1 DLA-1132-1}
- xen 4.8.1-1+deb9u3
NOTE: https://xenbits.xen.org/xsa/advisory-227.html
CVE-2017-12136 (Race condition in the grant table code in Xen 4.6.x through
4.9.x ...)
@@ -8637,7 +8763,7 @@
[wheezy] - xen <not-affected> (Only affects 4.6 and later)
NOTE: https://xenbits.xen.org/xsa/advisory-228.html
CVE-2017-12135 (Xen allows local OS guest users to cause a denial of service
(crash) ...)
- {DSA-3969-1}
+ {DSA-3969-1 DLA-1132-1}
- xen 4.8.1-1+deb9u3
NOTE: https://xenbits.xen.org/xsa/advisory-226.html
CVE-2017-12134 (The xen_biovec_phys_mergeable function in
drivers/xen/biomerge.c in ...)
@@ -11794,50 +11920,50 @@
RESERVED
CVE-2017-11068
RESERVED
-CVE-2017-11067
- RESERVED
+CVE-2017-11067 (In Android for MSM, Firefox OS for MSM, QRD Android, with all
Android ...)
+ TODO: check
CVE-2017-11066
RESERVED
CVE-2017-11065
RESERVED
-CVE-2017-11064
- RESERVED
-CVE-2017-11063
- RESERVED
-CVE-2017-11062
- RESERVED
-CVE-2017-11061
- RESERVED
-CVE-2017-11060
- RESERVED
-CVE-2017-11059
- RESERVED
+CVE-2017-11064 (In Android for MSM, Firefox OS for MSM, QRD Android, with all
Android ...)
+ TODO: check
+CVE-2017-11063 (In Android for MSM, Firefox OS for MSM, QRD Android, with all
Android ...)
+ TODO: check
+CVE-2017-11062 (In Android for MSM, Firefox OS for MSM, QRD Android, with all
Android ...)
+ TODO: check
+CVE-2017-11061 (In Android for MSM, Firefox OS for MSM, QRD Android, with all
Android ...)
+ TODO: check
+CVE-2017-11060 (In Android for MSM, Firefox OS for MSM, QRD Android, with all
Android ...)
+ TODO: check
+CVE-2017-11059 (In Android for MSM, Firefox OS for MSM, QRD Android, with all
Android ...)
+ TODO: check
CVE-2017-11058
RESERVED
-CVE-2017-11057
- RESERVED
-CVE-2017-11056
- RESERVED
-CVE-2017-11055
- RESERVED
-CVE-2017-11054
- RESERVED
-CVE-2017-11053
- RESERVED
-CVE-2017-11052
- RESERVED
-CVE-2017-11051
- RESERVED
-CVE-2017-11050
- RESERVED
+CVE-2017-11057 (In Android for MSM, Firefox OS for MSM, QRD Android, with all
Android ...)
+ TODO: check
+CVE-2017-11056 (In Android for MSM, Firefox OS for MSM, QRD Android, with all
Android ...)
+ TODO: check
+CVE-2017-11055 (In Android for MSM, Firefox OS for MSM, QRD Android, with all
Android ...)
+ TODO: check
+CVE-2017-11054 (In Android for MSM, Firefox OS for MSM, QRD Android, with all
Android ...)
+ TODO: check
+CVE-2017-11053 (In Android for MSM, Firefox OS for MSM, QRD Android, with all
Android ...)
+ TODO: check
+CVE-2017-11052 (In Android for MSM, Firefox OS for MSM, QRD Android, with all
Android ...)
+ TODO: check
+CVE-2017-11051 (In Android for MSM, Firefox OS for MSM, QRD Android, with all
Android ...)
+ TODO: check
+CVE-2017-11050 (In Android for MSM, Firefox OS for MSM, QRD Android, with all
Android ...)
+ TODO: check
CVE-2017-11049
RESERVED
-CVE-2017-11048
- RESERVED
+CVE-2017-11048 (In Android for MSM, Firefox OS for MSM, QRD Android, with all
Android ...)
+ TODO: check
CVE-2017-11047
RESERVED
-CVE-2017-11046
- RESERVED
+CVE-2017-11046 (In Android for MSM, Firefox OS for MSM, QRD Android, with all
Android ...)
+ TODO: check
CVE-2017-11045
RESERVED
CVE-2017-11044
@@ -15051,15 +15177,15 @@
[wheezy] - xen <not-affected> (Vulnerable code not present)
NOTE: https://xenbits.xen.org/xsa/advisory-225.html
CVE-2017-10922 (The grant-table feature in Xen through 4.8.x mishandles MMIO
region ...)
- {DSA-3969-1}
+ {DSA-3969-1 DLA-1132-1}
- xen 4.8.1-1+deb9u3
NOTE: https://xenbits.xen.org/xsa/advisory-224.html
CVE-2017-10921 (The grant-table feature in Xen through 4.8.x does not ensure
sufficient ...)
- {DSA-3969-1}
+ {DSA-3969-1 DLA-1132-1}
- xen 4.8.1-1+deb9u3
NOTE: https://xenbits.xen.org/xsa/advisory-224.html
CVE-2017-10920 (The grant-table feature in Xen through 4.8.x mishandles a ...)
- {DSA-3969-1}
+ {DSA-3969-1 DLA-1132-1}
- xen 4.8.1-1+deb9u3
NOTE: https://xenbits.xen.org/xsa/advisory-224.html
CVE-2017-10919 (Xen through 4.8.x mishandles virtual interrupt injection,
which allows ...)
@@ -15069,7 +15195,7 @@
[wheezy] - xen <not-affected> (arm not supported)
NOTE: https://xenbits.xen.org/xsa/advisory-223.html
CVE-2017-10918 (Xen through 4.8.x does not validate memory allocations during
certain ...)
- {DSA-3969-1}
+ {DSA-3969-1 DLA-1132-1}
- xen 4.8.1-1+deb9u3
NOTE: https://xenbits.xen.org/xsa/advisory-222.html
CVE-2017-10917 (Xen through 4.8.x does not validate the port numbers of polled
event ...)
@@ -15084,19 +15210,19 @@
[wheezy] - xen <not-affected> (Vulnerable code not present)
NOTE: https://xenbits.xen.org/xsa/advisory-220.html
CVE-2017-10915 (The shadow-paging feature in Xen through 4.8.x mismanages page
...)
- {DSA-3969-1}
+ {DSA-3969-1 DLA-1132-1}
- xen 4.8.1-1+deb9u3
NOTE: https://xenbits.xen.org/xsa/advisory-219.html
CVE-2017-10914 (The grant-table feature in Xen through 4.8.x has a race
condition ...)
- {DSA-3969-1}
+ {DSA-3969-1 DLA-1132-1}
- xen 4.8.1-1+deb9u3
NOTE: https://xenbits.xen.org/xsa/advisory-218.html
CVE-2017-10913 (The grant-table feature in Xen through 4.8.x provides false
mapping ...)
- {DSA-3969-1}
+ {DSA-3969-1 DLA-1132-1}
- xen 4.8.1-1+deb9u3
NOTE: https://xenbits.xen.org/xsa/advisory-218.html
CVE-2017-10912 (Xen through 4.8.x mishandles page transfer, which allows guest
OS users ...)
- {DSA-3969-1}
+ {DSA-3969-1 DLA-1132-1}
- xen 4.8.1-1+deb9u3
NOTE: https://xenbits.xen.org/xsa/advisory-217.html
CVE-2017-10911 (The make_response function in
drivers/block/xen-blkback/blkback.c in ...)
@@ -15376,14 +15502,14 @@
RESERVED
CVE-2017-9718
RESERVED
-CVE-2017-9717
- RESERVED
+CVE-2017-9717 (In Android for MSM, Firefox OS for MSM, QRD Android, with all
Android ...)
+ TODO: check
CVE-2017-9716
RESERVED
-CVE-2017-9715
- RESERVED
-CVE-2017-9714
- RESERVED
+CVE-2017-9715 (In Android for MSM, Firefox OS for MSM, QRD Android, with all
Android ...)
+ TODO: check
+CVE-2017-9714 (In Android for MSM, Firefox OS for MSM, QRD Android, with all
Android ...)
+ TODO: check
CVE-2017-9713
RESERVED
CVE-2017-9712
@@ -15398,8 +15524,8 @@
RESERVED
CVE-2017-9707
RESERVED
-CVE-2017-9706
- RESERVED
+CVE-2017-9706 (In Android for MSM, Firefox OS for MSM, QRD Android, with all
Android ...)
+ TODO: check
CVE-2017-9705
RESERVED
CVE-2017-9704
@@ -15416,8 +15542,8 @@
RESERVED
CVE-2017-9698
RESERVED
-CVE-2017-9697
- RESERVED
+CVE-2017-9697 (In Android for MSM, Firefox OS for MSM, QRD Android, with all
Android ...)
+ TODO: check
CVE-2017-9696
RESERVED
CVE-2017-9695
@@ -15440,16 +15566,16 @@
RESERVED
CVE-2017-9688
RESERVED
-CVE-2017-9687
- RESERVED
-CVE-2017-9686
- RESERVED
+CVE-2017-9687 (In Android for MSM, Firefox OS for MSM, QRD Android, with all
Android ...)
+ TODO: check
+CVE-2017-9686 (In Android for MSM, Firefox OS for MSM, QRD Android, with all
Android ...)
+ TODO: check
CVE-2017-9685 (In all Qualcomm products with Android releases from CAF using
the ...)
NOT-FOR-US: Qualcomm driver for Android
CVE-2017-9684 (In all Qualcomm products with Android releases from CAF using
the ...)
NOT-FOR-US: Qualcomm driver for Android
-CVE-2017-9683
- RESERVED
+CVE-2017-9683 (In Android for MSM, Firefox OS for MSM, QRD Android, with all
Android ...)
+ TODO: check
CVE-2017-9682 (In all Qualcomm products with Android releases from CAF using
the ...)
NOT-FOR-US: Qualcomm driver for Android
CVE-2017-9681
@@ -17737,8 +17863,8 @@
RESERVED
CVE-2017-8995
RESERVED
-CVE-2017-8994
- RESERVED
+CVE-2017-8994 (A input validation vulnerability in HPE Operations
Orchestration ...)
+ TODO: check
CVE-2017-8993
RESERVED
CVE-2017-8992
@@ -22839,8 +22965,8 @@
RESERVED
CVE-2017-7353
RESERVED
-CVE-2017-7352
- RESERVED
+CVE-2017-7352 (Stored Cross-site scripting (XSS) vulnerability in Pure Storage
Purity ...)
+ TODO: check
CVE-2017-7351
RESERVED
CVE-2017-7350
@@ -27722,10 +27848,10 @@
RESERVED
CVE-2017-5723
RESERVED
-CVE-2017-5722
- RESERVED
-CVE-2017-5721
- RESERVED
+CVE-2017-5722 (Incorrect policy enforcement in system firmware for Intel
NUC7i3BNK, ...)
+ TODO: check
+CVE-2017-5721 (Insufficient input validation in system firmware for Intel
NUC7i3BNK, ...)
+ TODO: check
CVE-2017-5720
RESERVED
CVE-2017-5719
@@ -27764,10 +27890,10 @@
RESERVED
CVE-2017-5702
RESERVED
-CVE-2017-5701
- RESERVED
-CVE-2017-5700
- RESERVED
+CVE-2017-5701 (Insecure platform configuration in system firmware for Intel
...)
+ TODO: check
+CVE-2017-5700 (Insufficient protection of password storage in system firmware
for ...)
+ TODO: check
CVE-2017-5699
RESERVED
CVE-2017-5698 (Intel Active Management Technology, Intel Standard
Manageability, and ...)
@@ -39652,8 +39778,8 @@
RESERVED
CVE-2017-1539 (IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to
...)
NOT-FOR-US: IBM
-CVE-2017-1538
- RESERVED
+CVE-2017-1538 (IBM Financial Transaction Manager for ACH Services for
Multi-Platform ...)
+ TODO: check
CVE-2017-1537
RESERVED
CVE-2017-1536
@@ -39722,8 +39848,8 @@
RESERVED
CVE-2017-1504 (IBM WebSphere Application Server version 9.0.0.4 could provide
weaker ...)
NOT-FOR-US: IBM
-CVE-2017-1503
- RESERVED
+CVE-2017-1503 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is
vulnerable ...)
+ TODO: check
CVE-2017-1502 (IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is
vulnerable to ...)
NOT-FOR-US: IBM
CVE-2017-1501 (IBM WebSphere Application Server 8.0, 8.5, and 9.0 could
provide ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
