Author: sectracker Date: 2017-07-13 21:10:15 +0000 (Thu, 13 Jul 2017) New Revision: 53470
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-07-13 21:09:49 UTC (rev 53469) +++ data/CVE/list 2017-07-13 21:10:15 UTC (rev 53470) @@ -1,4 +1,211 @@ +CVE-2017-11311 (soundlib/Load_psm.cpp in OpenMPT through 1.26.12.00 and libopenmpt ...) + TODO: check +CVE-2017-11310 (The read_user_chunk_callback function in coders\png.c in ImageMagick ...) + TODO: check +CVE-2017-11309 + RESERVED +CVE-2017-11308 + RESERVED +CVE-2017-11307 + RESERVED +CVE-2017-11306 + RESERVED +CVE-2017-11305 + RESERVED +CVE-2017-11304 + RESERVED +CVE-2017-11303 + RESERVED +CVE-2017-11302 + RESERVED +CVE-2017-11301 + RESERVED +CVE-2017-11300 + RESERVED +CVE-2017-11299 + RESERVED +CVE-2017-11298 + RESERVED +CVE-2017-11297 + RESERVED +CVE-2017-11296 + RESERVED +CVE-2017-11295 + RESERVED +CVE-2017-11294 + RESERVED +CVE-2017-11293 + RESERVED +CVE-2017-11292 + RESERVED +CVE-2017-11291 + RESERVED +CVE-2017-11290 + RESERVED +CVE-2017-11289 + RESERVED +CVE-2017-11288 + RESERVED +CVE-2017-11287 + RESERVED +CVE-2017-11286 + RESERVED +CVE-2017-11285 + RESERVED +CVE-2017-11284 + RESERVED +CVE-2017-11283 + RESERVED +CVE-2017-11282 + RESERVED +CVE-2017-11281 + RESERVED +CVE-2017-11280 + RESERVED +CVE-2017-11279 + RESERVED +CVE-2017-11278 + RESERVED +CVE-2017-11277 + RESERVED +CVE-2017-11276 + RESERVED +CVE-2017-11275 + RESERVED +CVE-2017-11274 + RESERVED +CVE-2017-11273 + RESERVED +CVE-2017-11272 + RESERVED +CVE-2017-11271 + RESERVED +CVE-2017-11270 + RESERVED +CVE-2017-11269 + RESERVED +CVE-2017-11268 + RESERVED +CVE-2017-11267 + RESERVED +CVE-2017-11266 + RESERVED +CVE-2017-11265 + RESERVED +CVE-2017-11264 + RESERVED +CVE-2017-11263 + RESERVED +CVE-2017-11262 + RESERVED +CVE-2017-11261 + RESERVED +CVE-2017-11260 + RESERVED +CVE-2017-11259 + RESERVED +CVE-2017-11258 + RESERVED +CVE-2017-11257 + RESERVED +CVE-2017-11256 + RESERVED +CVE-2017-11255 + RESERVED +CVE-2017-11254 + RESERVED +CVE-2017-11253 + RESERVED +CVE-2017-11252 + RESERVED +CVE-2017-11251 + RESERVED +CVE-2017-11250 + RESERVED +CVE-2017-11249 + RESERVED +CVE-2017-11248 + RESERVED +CVE-2017-11247 + RESERVED +CVE-2017-11246 + RESERVED +CVE-2017-11245 + RESERVED +CVE-2017-11244 + RESERVED +CVE-2017-11243 + RESERVED +CVE-2017-11242 + RESERVED +CVE-2017-11241 + RESERVED +CVE-2017-11240 + RESERVED +CVE-2017-11239 + RESERVED +CVE-2017-11238 + RESERVED +CVE-2017-11237 + RESERVED +CVE-2017-11236 + RESERVED +CVE-2017-11235 + RESERVED +CVE-2017-11234 + RESERVED +CVE-2017-11233 + RESERVED +CVE-2017-11232 + RESERVED +CVE-2017-11231 + RESERVED +CVE-2017-11230 + RESERVED +CVE-2017-11229 + RESERVED +CVE-2017-11228 + RESERVED +CVE-2017-11227 + RESERVED +CVE-2017-11226 + RESERVED +CVE-2017-11225 + RESERVED +CVE-2017-11224 + RESERVED +CVE-2017-11223 + RESERVED +CVE-2017-11222 + RESERVED +CVE-2017-11221 + RESERVED +CVE-2017-11220 + RESERVED +CVE-2017-11219 + RESERVED +CVE-2017-11218 + RESERVED +CVE-2017-11217 + RESERVED +CVE-2017-11216 + RESERVED +CVE-2017-11215 + RESERVED +CVE-2017-11214 + RESERVED +CVE-2017-11213 + RESERVED +CVE-2017-11212 + RESERVED +CVE-2017-11211 + RESERVED +CVE-2017-11210 + RESERVED +CVE-2017-11209 + RESERVED CVE-2017-1000083 [Evince command injection vulnerability in CBT handler] + RESERVED - evince 3.22.1-4 - atril <unfixed> NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=784630 @@ -85,30 +292,43 @@ CVE-2017-11172 RESERVED CVE-2017-1000096 + RESERVED NOT-FOR-US: Jenkins plugin CVE-2017-1000095 + RESERVED NOT-FOR-US: Jenkins plugin CVE-2017-1000094 + RESERVED NOT-FOR-US: Jenkins plugin CVE-2017-1000093 + RESERVED NOT-FOR-US: Jenkins plugin CVE-2017-1000092 + RESERVED NOT-FOR-US: Jenkins plugin CVE-2017-1000091 + RESERVED NOT-FOR-US: Jenkins plugin CVE-2017-1000090 + RESERVED NOT-FOR-US: Jenkins plugin CVE-2017-1000089 + RESERVED NOT-FOR-US: Jenkins plugin CVE-2017-1000088 + RESERVED NOT-FOR-US: Jenkins plugin CVE-2017-1000087 + RESERVED NOT-FOR-US: Jenkins plugin CVE-2017-1000086 + RESERVED NOT-FOR-US: Jenkins plugin CVE-2017-1000085 + RESERVED NOT-FOR-US: Jenkins plugin CVE-2017-1000084 + RESERVED NOT-FOR-US: Jenkins plugin CVE-2017-11171 (Bad reference counting in the context of accept_ice_connection() in ...) - gnome-session 2.30.0-1 @@ -186,160 +406,160 @@ NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74819 NOTE: https://gist.github.com/anonymous/bd77ac90d3bdf31ce2a5251ad92e9e75 NOTE: http://openwall.com/lists/oss-security/2017/07/10/6 -CVE-2017-1000362 - RESERVED -CVE-2017-1000081 - RESERVED -CVE-2017-1000080 - RESERVED -CVE-2017-1000079 - RESERVED -CVE-2017-1000078 - RESERVED +CVE-2017-1000362 (The re-key admin monitor was introduced in Jenkins 1.498 and ...) + TODO: check +CVE-2017-1000081 (Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of ...) + TODO: check +CVE-2017-1000080 (Linux foundation ONOS 1.9.0 allows unauthenticated use of websockets ...) + TODO: check +CVE-2017-1000079 (Linux foundation ONOS 1.9.0 is vulnerable to a DoS ...) + TODO: check +CVE-2017-1000078 (Linux foundation ONOS 1.9 is vulnerable to XSS in the device ...) + TODO: check CVE-2017-1000077 RESERVED CVE-2017-1000076 RESERVED -CVE-2017-1000075 - RESERVED -CVE-2017-1000074 - RESERVED -CVE-2017-1000073 - RESERVED -CVE-2017-1000072 - RESERVED -CVE-2017-1000071 - RESERVED -CVE-2017-1000070 - RESERVED -CVE-2017-1000069 - RESERVED -CVE-2017-1000068 - RESERVED -CVE-2017-1000067 - RESERVED -CVE-2017-1000066 - RESERVED -CVE-2017-1000065 - RESERVED -CVE-2017-1000064 - RESERVED -CVE-2017-1000063 - RESERVED -CVE-2017-1000062 - RESERVED -CVE-2017-1000061 - RESERVED -CVE-2017-1000060 - RESERVED -CVE-2017-1000059 - RESERVED -CVE-2017-1000058 - RESERVED -CVE-2017-1000057 - RESERVED -CVE-2017-1000056 - RESERVED +CVE-2017-1000075 (Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the ...) + TODO: check +CVE-2017-1000074 (Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the ...) + TODO: check +CVE-2017-1000073 (Creolabs Gravity version 1.0 is vulnerable to a heap overflow in an ...) + TODO: check +CVE-2017-1000072 (Creolabs Gravity version 1.0 is vulnerable to a Double Free in ...) + TODO: check +CVE-2017-1000071 (Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass ...) + TODO: check +CVE-2017-1000070 (The Bitly oauth2_proxy in version 2.1 and earlier was affected by an ...) + TODO: check +CVE-2017-1000069 (CSRF in Bitly oauth2_proxy 2.1 during authentication flow ...) + TODO: check +CVE-2017-1000068 (TestTrack Server versions 1.0 and earlier are vulnerable to an ...) + TODO: check +CVE-2017-1000067 (MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL ...) + TODO: check +CVE-2017-1000066 (The entry details view funcion in KeePass version 1.32 inadvertently ...) + TODO: check +CVE-2017-1000065 (Multiple Cross-site scripting (XSS) vulnerabilities in rpc.php in ...) + TODO: check +CVE-2017-1000064 (kittoframework kitto version 0.5.1 is vulnerable to memory exhaustion ...) + TODO: check +CVE-2017-1000063 (kittoframework kitto version 0.5.1 is vulnerable to an XSS in the 404 ...) + TODO: check +CVE-2017-1000062 (kittoframework kitto 0.5.1 is vulnerable to directory traversal in the ...) + TODO: check +CVE-2017-1000061 (xmlsec 1.2.23 and before is vulnerable to XML External Entity ...) + TODO: check +CVE-2017-1000060 (EyesOfNetwork (EON) 5.1 Unauthenticated SQL Injection in eonweb ...) + TODO: check +CVE-2017-1000059 (Live Helper Chat version 2.06v and older is vulnerable to Cross-Site ...) + TODO: check +CVE-2017-1000058 (Stored XSS in chevereto CMS before version 3.8.11 ...) + TODO: check +CVE-2017-1000057 (A reflected cross-site scripting vulnerability in GetSimple CMS ...) + TODO: check +CVE-2017-1000056 (Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation ...) + TODO: check CVE-2017-1000055 - RESERVED -CVE-2017-1000054 - RESERVED -CVE-2017-1000053 - RESERVED -CVE-2017-1000052 - RESERVED -CVE-2017-1000051 - RESERVED -CVE-2017-1000049 - RESERVED -CVE-2017-1000048 - RESERVED -CVE-2017-1000047 - RESERVED -CVE-2017-1000046 - RESERVED -CVE-2017-1000045 - RESERVED -CVE-2017-1000043 - RESERVED -CVE-2017-1000042 - RESERVED -CVE-2017-1000039 - RESERVED -CVE-2017-1000038 - RESERVED -CVE-2017-1000037 - RESERVED -CVE-2017-1000036 - RESERVED -CVE-2017-1000035 - RESERVED -CVE-2017-1000034 - RESERVED -CVE-2017-1000033 - RESERVED -CVE-2017-1000032 - RESERVED -CVE-2017-1000031 - RESERVED -CVE-2017-1000030 - RESERVED -CVE-2017-1000029 - RESERVED -CVE-2017-1000028 - RESERVED -CVE-2017-1000027 - RESERVED -CVE-2017-1000026 - RESERVED -CVE-2017-1000025 - RESERVED -CVE-2017-1000024 - RESERVED -CVE-2017-1000023 - RESERVED -CVE-2017-1000022 - RESERVED -CVE-2017-1000021 - RESERVED -CVE-2017-1000020 - RESERVED -CVE-2017-1000018 - RESERVED -CVE-2017-1000017 - RESERVED -CVE-2017-1000016 - RESERVED -CVE-2017-1000015 - RESERVED -CVE-2017-1000014 - RESERVED -CVE-2017-1000013 - RESERVED -CVE-2017-1000012 - RESERVED -CVE-2017-1000011 - RESERVED -CVE-2017-1000010 - RESERVED -CVE-2017-1000009 - RESERVED -CVE-2017-1000008 - RESERVED -CVE-2017-1000007 - RESERVED -CVE-2017-1000006 - RESERVED -CVE-2017-1000005 - RESERVED -CVE-2017-1000004 - RESERVED -CVE-2017-1000003 - RESERVED -CVE-2017-1000002 - RESERVED -CVE-2017-1000001 - RESERVED + REJECTED +CVE-2017-1000054 (Rocket.Chat version 0.8.0 and newer is vulnerable to XSS in the ...) + TODO: check +CVE-2017-1000053 (Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to ...) + TODO: check +CVE-2017-1000052 (Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to ...) + TODO: check +CVE-2017-1000051 (Cross-site scripting (XSS) vulnerability in pad export in XWiki labs ...) + TODO: check +CVE-2017-1000049 (Roundcube Webmail 1.1.5 is vulnerable to Persistent Xss ...) + TODO: check +CVE-2017-1000048 (the web framework using ljharb's qs module older than v6.3.2, v6.2.3, ...) + TODO: check +CVE-2017-1000047 (rbenv (all current versions) is vulnerable to Directory Traversal in ...) + TODO: check +CVE-2017-1000046 (Mautic 2.6.1 and earlier fails to set flags on session cookies ...) + TODO: check +CVE-2017-1000045 (Mautic SSO/OAuth2 plugins are vulnerable to CSRF of the state ...) + TODO: check +CVE-2017-1000043 (Mapbox.js versions 1.x prior to 1.6.6 and 2.x prior to 2.2.4 are ...) + TODO: check +CVE-2017-1000042 (Mapbox.js versions 1.x prior to 1.6.5 and 2.x prior to 2.1.7 are ...) + TODO: check +CVE-2017-1000039 (Framadate version 1.0 is vulnerable to Formula Injection in the CSV ...) + TODO: check +CVE-2017-1000038 (WordPress plugin Relevanssi version 3.5.7.1 is vulnerable to stored ...) + TODO: check +CVE-2017-1000037 (RVM automatically loads environment variables from files in $PWD ...) + TODO: check +CVE-2017-1000036 (All versions of Candy Chat are vulnerable to an XSS attack by message ...) + TODO: check +CVE-2017-1000035 (Tiny Tiny RSS before 829d478f is vulnerable to XSS window.opener ...) + TODO: check +CVE-2017-1000034 (Akka versions <=2.4.16 and 2.5-M1 are vulnerable to a java ...) + TODO: check +CVE-2017-1000033 (Wordpress Plugin Vospari Forms version < 1.4 is vulnerable to a ...) + TODO: check +CVE-2017-1000032 (Cross-Site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow ...) + TODO: check +CVE-2017-1000031 (SQL injection vulnerability in graph_templates_inputs.php in Cacti ...) + TODO: check +CVE-2017-1000030 (Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is ...) + TODO: check +CVE-2017-1000029 (Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is ...) + TODO: check +CVE-2017-1000028 (Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both ...) + TODO: check +CVE-2017-1000027 (Koozali Foundation SME Server versions 8.x, 9.x, 10.x are vulnerable ...) + TODO: check +CVE-2017-1000026 (Chef Software's mixlib-archive versions 0.3.0 and older are vulnerable ...) + TODO: check +CVE-2017-1000025 (GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 ...) + TODO: check +CVE-2017-1000024 (Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable ...) + TODO: check +CVE-2017-1000023 (LogicalDoc CommunityEdition 7.5.3 and prior is vulnerable to an XSS ...) + TODO: check +CVE-2017-1000022 (LogicalDoc CommunityEdition 7.5.3 and prior contain an Incorrect ...) + TODO: check +CVE-2017-1000021 (LogicalDoc CommunityEdition 7.5.3 and prior is vulnerable to XXE when ...) + TODO: check +CVE-2017-1000020 (SYN Flood or FIN Flood attack in ECos 1 and other versions embedded ...) + TODO: check +CVE-2017-1000018 (phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack in the ...) + TODO: check +CVE-2017-1000017 (phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user ...) + TODO: check +CVE-2017-1000016 (A weakness was discovered where an attacker can inject arbitrary ...) + TODO: check +CVE-2017-1000015 (phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack ...) + TODO: check +CVE-2017-1000014 (phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a DOS weakness in the ...) + TODO: check +CVE-2017-1000013 (phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to an open redirect ...) + TODO: check +CVE-2017-1000012 (MySQL Dumper version 1.24 is vulnerable to stored XSS when displaying ...) + TODO: check +CVE-2017-1000011 (MyWebSQL version 3.6 is vulnerable to stored XSS in the database ...) + TODO: check +CVE-2017-1000010 (Audacity version 2.1.2 is vulnerable to Dll HIjacking in the ...) + TODO: check +CVE-2017-1000009 (Akeneo PIM CE and EE <1.6.6, <1.5.15, <1.4.28 are vulnerable to shell ...) + TODO: check +CVE-2017-1000008 (Chyrp Lite version 2016.04 is vulnerable to a CSRF in the user ...) + TODO: check +CVE-2017-1000007 (txAWS (all current versions) fail to perform complete certificate ...) + TODO: check +CVE-2017-1000006 (Plotly, Inc. plotly.js versions prior to 1.16.0 are vulrenable to an ...) + TODO: check +CVE-2017-1000005 (PHPMiniAdmin version 1.9.160630 is vulnerable to stored XSS in the ...) + TODO: check +CVE-2017-1000004 (ATutor versions 2.2.1 and earlier are vulnerable to a SQL injection ...) + TODO: check +CVE-2017-1000003 (ATutor versions 2.2.1 and earlier are vulnerable to a incorrect access ...) + TODO: check +CVE-2017-1000002 (ATutor versions 2.2.1 and earlier are vulnerable to a directory ...) + TODO: check +CVE-2017-1000001 (FedMsg 0.18.1 and older is vulnerable to a message validation flaw ...) + TODO: check CVE-2017-11141 (The ReadMATImage function in coders\mat.c in ImageMagick 7.0.5-6 has a ...) - imagemagick <unfixed> (low) NOTE: https://github.com/ImageMagick/ImageMagick/issues/469 @@ -414,7 +634,7 @@ - imagemagick <unfixed> (bug #867808) NOTE: https://github.com/ImageMagick/ImageMagick/issues/518 NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/224bc946b24824a77e8e8c52ee07e9bc65796e30 -CVE-2017-11188 [CPU exhaustion in ReadDPXImage] +CVE-2017-11188 (The ReadDPXImage function in coders\dpx.c in ImageMagick 7.0.6-0 has a ...) - imagemagick <unfixed> (bug #867806) NOTE: https://github.com/ImageMagick/ImageMagick/issues/509 CVE-2017-11113 (In ncurses 6.0, there is a NULL Pointer Dereference in the ...) @@ -455,16 +675,14 @@ RESERVED CVE-2017-11105 RESERVED -CVE-2017-1000050 [NULL Pointer Dereference jp2_encode (jp2_enc.c)] - RESERVED +CVE-2017-1000050 (JasPer 2.0.12 is vulnerable to a NULL pointer exception in the ...) - jasper <removed> (unimportant) NOTE: http://www.openwall.com/lists/oss-security/2017/03/06/1 NOTE: https://github.com/mdadams/jasper/issues/120 NOTE: Fixed by: https://github.com/mdadams/jasper/commit/58ba0365d911b9f9dd68e9abf826682c0b4f2293 CVE-2017-1002024 NOT-FOR-US: kindeditor -CVE-2017-11103 - RESERVED +CVE-2017-11103 (Heimdal before 7.4 allows remote attackers to impersonate services with ...) - heimdal <unfixed> (bug #868208) - samba <unfixed> (bug #868209) [wheezy] - samba <not-affected> (Heimdal is only used in 4.x, wheezy ships 3.6.6) @@ -2173,12 +2391,12 @@ NOTE: Issue is specific to Struts 2.x. CVE-2017-9790 RESERVED -CVE-2017-9789 - RESERVED -CVE-2017-9788 - RESERVED -CVE-2017-9787 - RESERVED +CVE-2017-9789 (When under stress, closing many connections, the HTTP/2 handling code ...) + TODO: check +CVE-2017-9788 (In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value ...) + TODO: check +CVE-2017-9787 (When using a Spring AOP functionality to secure Struts actions it is ...) + TODO: check CVE-2017-9786 RESERVED CVE-2017-9785 @@ -6337,8 +6555,7 @@ NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2535 NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2612 NOTE: Fixed by: https://github.com/vadz/libtiff/commit/0abd094b6e5079c4d8be733829240491cb230f3d -CVE-2017-1000044 [Incorrect boundaries check when updating framebuffer] - RESERVED +CVE-2017-1000044 (gtk-vnc 0.4.2 and older doesn't check framebuffer boundaries correctly ...) - gtk-vnc 0.4.3-1 NOTE: Fixed by: https://git.gnome.org/browse/gtk-vnc/commit/?id=f3fc5e57a78d4be9872f1394f697b9929873a737 (release-0.4.3) CVE-2017-8855 (wolfSSL before 3.11.0 does not prevent wc_DhAgree from accepting a ...) @@ -8290,8 +8507,7 @@ NOTE: partially fix CVE-2016-9602. CVE-2017-8085 (In Exponent CMS before 2.4.1 Patch #5, XSS in elFinder is possible in ...) NOT-FOR-US: Exponent CMS -CVE-2017-1000363 [lp.c Out-of-Bounds Write via Kernel Command-line] - RESERVED +CVE-2017-1000363 (Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds ...) - linux 4.9.30-1 NOTE: Fixed by: https://git.kernel.org/linus/3e21f4af170bebf47c187c1ff8bf155583c9f3b1 (4.12-rc2) NOTE: https://alephsecurity.com/vulns/aleph-2017023 @@ -9707,8 +9923,8 @@ CVE-2017-7673 RESERVED NOT-FOR-US: Apache OpenMeetings -CVE-2017-7672 - RESERVED +CVE-2017-7672 (If an application allows enter an URL in a form field and built-in ...) + TODO: check CVE-2017-7671 RESERVED CVE-2017-7670 (The Traffic Router component of the incubating Apache Traffic Control ...) @@ -10148,8 +10364,7 @@ RESERVED CVE-2017-7530 RESERVED -CVE-2017-7529 - RESERVED +CVE-2017-7529 (Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable ...) {DSA-3908-1 DLA-1024-1} - nginx <unfixed> (bug #868109) NOTE: http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html @@ -14165,8 +14380,8 @@ RESERVED CVE-2017-6250 (NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web ...) NOT-FOR-US: NVIDIA GeForce Experience -CVE-2017-6249 - RESERVED +CVE-2017-6249 (An elevation of privilege vulnerability in the NVIDIA sound driver ...) + TODO: check CVE-2017-6248 (An elevation of privilege vulnerability in the NVIDIA sound driver ...) NOT-FOR-US: NVIDIA driver for Android CVE-2017-6247 (An elevation of privilege vulnerability in the NVIDIA sound driver ...) @@ -23409,13 +23624,13 @@ RESERVED CVE-2017-3143 [An error in TSIG authentication can permit unauthorized dynamic updates] RESERVED - {DSA-3904-1} + {DSA-3904-1 DLA-1025-1} - bind9 <unfixed> (bug #866564) NOTE: https://kb.isc.org/article/AA-01503 NOTE: Fixed by (master): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=581c1526ab0f74a177980da9ff0514f795ed8669 CVE-2017-3142 [An error in TSIG authentication can permit unauthorized zone transfers] RESERVED - {DSA-3904-1} + {DSA-3904-1 DLA-1025-1} - bind9 <unfixed> (bug #866564) NOTE: https://kb.isc.org/article/AA-01504 NOTE: Fixed by (master): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=581c1526ab0f74a177980da9ff0514f795ed8669 @@ -27692,8 +27907,8 @@ NOT-FOR-US: IBM CVE-2017-1309 RESERVED -CVE-2017-1308 - RESERVED +CVE-2017-1308 (IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0 ...) + TODO: check CVE-2017-1307 RESERVED CVE-2017-1306 @@ -32687,8 +32902,8 @@ NOT-FOR-US: IBM CVE-2016-8965 RESERVED -CVE-2016-8964 - RESERVED +CVE-2016-8964 (IBM BigFix Inventory v9 9.2 uses an inadequate account lockout setting ...) + TODO: check CVE-2016-8963 (IBM BigFix Inventory v9 stores potentially sensitive information in ...) NOT-FOR-US: IBM CVE-2016-8962 (IBM BigFix Inventory 9.2 does not require that users should have ...) @@ -32711,10 +32926,10 @@ NOT-FOR-US: IBM CVE-2016-8953 (IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote ...) NOT-FOR-US: IBM -CVE-2016-8952 - RESERVED -CVE-2016-8951 - RESERVED +CVE-2016-8952 (IBM Emptoris Strategic Supply Management Platform 10.0.0.x through ...) + TODO: check +CVE-2016-8951 (IBM Emptoris Strategic Supply Management Platform 10.0.0.x through ...) + TODO: check CVE-2016-8950 (IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site ...) NOT-FOR-US: IBM CVE-2016-8949 @@ -42394,8 +42609,8 @@ RESERVED CVE-2016-6020 (IBM Sterling B2B Integrator Standard Edition could allow a remote ...) NOT-FOR-US: IBM -CVE-2016-6019 - RESERVED +CVE-2016-6019 (IBM Emptoris Strategic Supply Management Platform 10.0.0.x through ...) + TODO: check CVE-2016-6018 RESERVED CVE-2016-6017 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits