Author: sectracker Date: 2017-12-20 21:10:12 +0000 (Wed, 20 Dec 2017) New Revision: 58740
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-12-20 20:37:38 UTC (rev 58739) +++ data/CVE/list 2017-12-20 21:10:12 UTC (rev 58740) @@ -78,42 +78,42 @@ RESERVED CVE-2018-3560 RESERVED -CVE-2017-17804 - RESERVED -CVE-2017-17803 - RESERVED -CVE-2017-17802 - RESERVED -CVE-2017-17801 - RESERVED -CVE-2017-17800 - RESERVED -CVE-2017-17799 - RESERVED -CVE-2017-17798 - RESERVED -CVE-2017-17797 - RESERVED -CVE-2017-17796 - RESERVED -CVE-2017-17795 - RESERVED -CVE-2017-17794 - RESERVED -CVE-2017-17793 - RESERVED -CVE-2017-17792 - RESERVED +CVE-2017-17804 (In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows ...) + TODO: check +CVE-2017-17803 (In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) ...) + TODO: check +CVE-2017-17802 (In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) ...) + TODO: check +CVE-2017-17801 (In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) ...) + TODO: check +CVE-2017-17800 (In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) ...) + TODO: check +CVE-2017-17799 (In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) ...) + TODO: check +CVE-2017-17798 (In TG Soft Vir.IT eXplorer Lite 8.5.42, the driver file (VIRAGTLT.SYS) ...) + TODO: check +CVE-2017-17797 (In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows ...) + TODO: check +CVE-2017-17796 (In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) ...) + TODO: check +CVE-2017-17795 (In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows ...) + TODO: check +CVE-2017-17794 (validate_form_preferences in admin/preferences.php in BlogoText through ...) + TODO: check +CVE-2017-17793 (Information Disclosure vulnerability in creer_fichier_zip in ...) + TODO: check +CVE-2017-17792 (Cross site scripting (XSS) vulnerability in the markup_clean_href ...) + TODO: check CVE-2017-17791 RESERVED -CVE-2017-17790 - RESERVED -CVE-2017-17783 - RESERVED -CVE-2017-17782 - RESERVED -CVE-2017-17781 - RESERVED +CVE-2017-17790 (The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 ...) + TODO: check +CVE-2017-17783 (In GraphicsMagick 1.3.27a, there is a buffer over-read in ReadPALMImage ...) + TODO: check +CVE-2017-17782 (In GraphicsMagick 1.3.27a, there is a heap-based buffer over-read in ...) + TODO: check +CVE-2017-17781 (In Horde Groupware through 5.2.22, SQL Injection exists via the group ...) + TODO: check CVE-2017-17780 (The Clockwork SMS clockwork-test-message.php component has XSS via a ...) NOT-FOR-US: Clockwork SMS plugins for WordPress CVE-2017-17779 (Paid To Read Script 2.0.5 has SQL injection via the referrals.php id ...) @@ -154,20 +154,18 @@ RESERVED CVE-2017-17761 (An issue was discovered on Ichano AtHome IP Camera devices. The device ...) NOT-FOR-US: Ichano AtHome IP Camera -CVE-2017-17476 [OSA-2017-10: Session hijacking] - RESERVED +CVE-2017-17476 (Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x before ...) + {DSA-4069-1} - otrs2 6.0.3-1 (bug #884801) NOTE: https://www.otrs.com/security-advisory-2017-10-security-update-otrs-framework/ NOTE: OTRS-6: https://github.com/OTRS/otrs/commit/36e3be99cfe8a9e09afa1b75fdc39f3e28f561fc NOTE: OTRS-5: https://github.com/OTRS/otrs/commit/720c73fbf53e476ca7dfdf2ae1d4d3d2aad2b953 NOTE: OTRS-4: https://github.com/OTRS/otrs/commit/26707eaaa791648e6c7ad6aeaa27efd70e7c66eb -CVE-2017-17785 [gimp: Heap overflow in FLI import] - RESERVED +CVE-2017-17785 (In GIMP 2.8.22, there is a heap-based buffer overflow in the ...) - gimp <unfixed> (bug #884836) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=739133 NOTE: Can be reproduced (at least in wheezy) with "valgrind --trace-children=yes gimp <reproducerfile>" -CVE-2017-17786 [gimp: OOB read in TGA] - RESERVED +CVE-2017-17786 (In GIMP 2.8.22, there is a heap-based buffer over-read in ReadImage in ...) - gimp <unfixed> (unimportant; bug #884862) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=739134 NOTE: https://git.gnome.org/browse/gimp/commit/?id=674b62ad45b6579ec6d7923dc3cb1ef4e8b5498b (master) @@ -175,27 +173,23 @@ NOTE: https://git.gnome.org/browse/gimp/commit/?h=gimp-2-8&id=ef9c821fff8b637a2178eab1c78cae6764c50e12 (gimp-2-8) NOTE: https://git.gnome.org/browse/gimp/commit/?h=gimp-2-8&id=22e2571c25425f225abdb11a566cc281fca6f366 (gimp-2-8) NOTE: Crash in desktop tool, no/negligable security impact -CVE-2017-17788 [gimp: OOB read in XCF] - RESERVED +CVE-2017-17788 (In GIMP 2.8.22, there is a stack-based buffer over-read in ...) - gimp <unfixed> (unimportant) NOTE: https://git.gnome.org/browse/gimp/commit/?id=702c4227e8b6169f781e4bb5ae4b5733f51ab126 (master) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=790783 NOTE: Crash in desktop tool, no/negligable security impact -CVE-2017-17784 [gimp: OOB read in GBR] - RESERVED +CVE-2017-17784 (In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in ...) - gimp <unfixed> (unimportant) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=790784 NOTE: Crash in desktop tool, no/negligable security impact -CVE-2017-17789 [gimp: Heap overflow in PSP] - RESERVED +CVE-2017-17789 (In GIMP 2.8.22, there is a heap-based buffer overflow in ...) - gimp <unfixed> (bug #884837) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=790849 NOTE: https://git.gnome.org/browse/GIMP/commit/?id=28e95fbeb5720e6005a088fa811f5bf3c1af48b8 (master) NOTE: https://git.gnome.org/browse/GIMP/commit/?id=01898f10f87a094665a7fdcf7153990f4e511d3f (gimp-2-8) NOTE: Cannot be reproduced in wheezy with "valgrind --trace-children=yes gimp <reproducerfile>" NOTE: Some OOB read/write can be reproduced in sid with "valgrind --trace-children=yes gimp <reproducerfile>" -CVE-2017-17787 [gimp: OOB read in PSP] - RESERVED +CVE-2017-17787 (In GIMP 2.8.22, there is a heap-based buffer over-read in ...) - gimp <unfixed> (unimportant) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=790853 NOTE: Crash in desktop tool, no/negligable security impact @@ -215,8 +209,8 @@ RESERVED CVE-2017-17753 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) NOT-FOR-US: esb-csv-import-export plugin for WordPress -CVE-2017-17752 - RESERVED +CVE-2017-17752 (Ability Mail Server 3.3.2 has Cross Site Scripting (XSS) via the body ...) + TODO: check CVE-2017-17751 RESERVED CVE-2017-17750 @@ -225,12 +219,12 @@ RESERVED CVE-2017-17748 RESERVED -CVE-2017-17747 - RESERVED -CVE-2017-17746 - RESERVED -CVE-2017-17745 - RESERVED +CVE-2017-17747 (Weak access controls in the Device Logout functionality on the TP-Link ...) + TODO: check +CVE-2017-17746 (Weak access control methods on the TP-Link TL-SG108E 1.0.0 allow any ...) + TODO: check +CVE-2017-17745 (Cross-site scripting (XSS) vulnerability in system_name_set.cgi in ...) + TODO: check CVE-2017-17744 (A cross-site scripting (XSS) vulnerability in the custom-map plugin ...) NOT-FOR-US: custom-map plugin for WordPress CVE-2017-17743 @@ -10032,8 +10026,7 @@ NOT-FOR-US: b3log Symphony CVE-2017-16819 (A stored cross-site scripting vulnerability in the Icon Time Systems ...) NOT-FOR-US: Icon Time Systems RTC-1000 -CVE-2017-16818 [Failed assertion through user input in ceph_assert() function in rgw_iam_policy.cc] - RESERVED +CVE-2017-16818 (RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote ...) - ceph <not-affected> (Vulnerable code introduced after 12.1.0) NOTE: https://github.com/ceph/ceph/commit/b3118cabb8060a8cc6a01c4e8264cb18e7b1745a CVE-2017-16817 @@ -10245,16 +10238,16 @@ RESERVED CVE-2017-16736 RESERVED -CVE-2017-16735 - RESERVED +CVE-2017-16735 (A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 ...) + TODO: check CVE-2017-16734 RESERVED -CVE-2017-16733 - RESERVED +CVE-2017-16733 (A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 ...) + TODO: check CVE-2017-16732 RESERVED -CVE-2017-16731 - RESERVED +CVE-2017-16731 (An Unprotected Transport of Credentials issue was discovered in ABB ...) + TODO: check CVE-2017-16730 RESERVED CVE-2017-16729 @@ -10265,8 +10258,8 @@ RESERVED CVE-2017-16726 RESERVED -CVE-2017-16725 - RESERVED +CVE-2017-16725 (A Stack-based Buffer Overflow issue was discovered in Xiongmai ...) + TODO: check CVE-2017-16724 RESERVED CVE-2017-16723 (A Cross-site Scripting issue was discovered in PHOENIX CONTACT FL ...) @@ -10281,8 +10274,8 @@ NOT-FOR-US: Moxa CVE-2017-16718 RESERVED -CVE-2017-16717 - RESERVED +CVE-2017-16717 (A Heap-based Buffer Overflow issue was discovered in WECON LeviStudio ...) + TODO: check CVE-2017-16716 RESERVED CVE-2017-16715 (An Information Exposure issue was discovered in Moxa NPort 5110 Version ...) @@ -10638,44 +10631,44 @@ RESERVED CVE-2017-16590 RESERVED -CVE-2017-16589 - RESERVED -CVE-2017-16588 - RESERVED -CVE-2017-16587 - RESERVED -CVE-2017-16586 - RESERVED -CVE-2017-16585 - RESERVED -CVE-2017-16584 - RESERVED -CVE-2017-16583 - RESERVED -CVE-2017-16582 - RESERVED -CVE-2017-16581 - RESERVED -CVE-2017-16580 - RESERVED -CVE-2017-16579 - RESERVED -CVE-2017-16578 - RESERVED -CVE-2017-16577 - RESERVED -CVE-2017-16576 - RESERVED -CVE-2017-16575 - RESERVED -CVE-2017-16574 - RESERVED -CVE-2017-16573 - RESERVED -CVE-2017-16572 - RESERVED -CVE-2017-16571 - RESERVED +CVE-2017-16589 (This vulnerability allows remote attackers to disclose sensitive ...) + TODO: check +CVE-2017-16588 (This vulnerability allows remote attackers to disclose sensitive ...) + TODO: check +CVE-2017-16587 (This vulnerability allows remote attackers to execute arbitrary code ...) + TODO: check +CVE-2017-16586 (This vulnerability allows remote attackers to execute arbitrary code ...) + TODO: check +CVE-2017-16585 (This vulnerability allows remote attackers to execute arbitrary code ...) + TODO: check +CVE-2017-16584 (This vulnerability allows remote attackers to disclose sensitive ...) + TODO: check +CVE-2017-16583 (This vulnerability allows remote attackers to execute arbitrary code ...) + TODO: check +CVE-2017-16582 (This vulnerability allows remote attackers to execute arbitrary code ...) + TODO: check +CVE-2017-16581 (This vulnerability allows remote attackers to execute arbitrary code ...) + TODO: check +CVE-2017-16580 (This vulnerability allows remote attackers to disclose sensitive ...) + TODO: check +CVE-2017-16579 (This vulnerability allows remote attackers to disclose sensitive ...) + TODO: check +CVE-2017-16578 (This vulnerability allows remote attackers to execute arbitrary code ...) + TODO: check +CVE-2017-16577 (This vulnerability allows remote attackers to execute arbitrary code ...) + TODO: check +CVE-2017-16576 (This vulnerability allows remote attackers to execute arbitrary code ...) + TODO: check +CVE-2017-16575 (This vulnerability allows remote attackers to execute arbitrary code ...) + TODO: check +CVE-2017-16574 (This vulnerability allows remote attackers to disclose sensitive ...) + TODO: check +CVE-2017-16573 (This vulnerability allows remote attackers to disclose sensitive ...) + TODO: check +CVE-2017-16572 (This vulnerability allows remote attackers to execute arbitrary code ...) + TODO: check +CVE-2017-16571 (This vulnerability allows remote attackers to execute arbitrary code ...) + TODO: check CVE-2017-16570 (KeystoneJS before 4.0.0-beta.7 allows application-wide CSRF bypass by ...) NOT-FOR-US: KeystoneJS CVE-2017-16569 (An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018 via an ...) @@ -13525,8 +13518,8 @@ RESERVED CVE-2017-15533 RESERVED -CVE-2017-15532 - RESERVED +CVE-2017-15532 (Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a ...) + TODO: check CVE-2017-15531 RESERVED CVE-2017-15530 (Prior to 4.4.1.10, the Norton Family Android App can be susceptible to ...) @@ -15462,22 +15455,22 @@ NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339085.html NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339086.html NOTE: Not considered a security issue by upstream, see #877543 -CVE-2017-14969 - RESERVED -CVE-2017-14968 - RESERVED -CVE-2017-14967 - RESERVED -CVE-2017-14966 - RESERVED -CVE-2017-14965 - RESERVED -CVE-2017-14964 - RESERVED -CVE-2017-14963 - RESERVED -CVE-2017-14962 - RESERVED +CVE-2017-14969 (In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an ...) + TODO: check +CVE-2017-14968 (In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an ...) + TODO: check +CVE-2017-14967 (In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an ...) + TODO: check +CVE-2017-14966 (In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an ...) + TODO: check +CVE-2017-14965 (In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an ...) + TODO: check +CVE-2017-14964 (In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an ...) + TODO: check +CVE-2017-14963 (In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an ...) + TODO: check +CVE-2017-14962 (In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an ...) + TODO: check CVE-2017-14961 (In IKARUS anti.virus 2.16.7, the ntguard.sys driver contains an ...) NOT-FOR-US: IKARUS anti.virus CVE-2017-14960 @@ -15876,46 +15869,46 @@ NOT-FOR-US: TeamWork Photo Fusion CVE-2017-14838 (TeamWork Job Links allows Arbitrary File Upload in profileChange and ...) NOT-FOR-US: TeamWork Job Links -CVE-2017-14837 - RESERVED -CVE-2017-14836 - RESERVED -CVE-2017-14835 - RESERVED -CVE-2017-14834 - RESERVED -CVE-2017-14833 - RESERVED -CVE-2017-14832 - RESERVED -CVE-2017-14831 - RESERVED -CVE-2017-14830 - RESERVED -CVE-2017-14829 - RESERVED -CVE-2017-14828 - RESERVED -CVE-2017-14827 - RESERVED -CVE-2017-14826 - RESERVED -CVE-2017-14825 - RESERVED -CVE-2017-14824 - RESERVED -CVE-2017-14823 - RESERVED -CVE-2017-14822 - RESERVED -CVE-2017-14821 - RESERVED -CVE-2017-14820 - RESERVED -CVE-2017-14819 - RESERVED -CVE-2017-14818 - RESERVED +CVE-2017-14837 (This vulnerability allows remote attackers to execute arbitrary code ...) + TODO: check +CVE-2017-14836 (This vulnerability allows remote attackers to execute arbitrary code ...) + TODO: check +CVE-2017-14835 (This vulnerability allows remote attackers to execute arbitrary code ...) + TODO: check +CVE-2017-14834 (This vulnerability allows remote attackers to execute arbitrary code ...) + TODO: check +CVE-2017-14833 (This vulnerability allows remote attackers to execute arbitrary code ...) + TODO: check +CVE-2017-14832 (This vulnerability allows remote attackers to execute arbitrary code ...) + TODO: check +CVE-2017-14831 (This vulnerability allows remote attackers to execute arbitrary code ...) + TODO: check +CVE-2017-14830 (This vulnerability allows remote attackers to execute arbitrary code ...) + TODO: check +CVE-2017-14829 (This vulnerability allows remote attackers to execute arbitrary code ...) + TODO: check +CVE-2017-14828 (This vulnerability allows remote attackers to execute arbitrary code ...) + TODO: check +CVE-2017-14827 (This vulnerability allows remote attackers to execute arbitrary code ...) + TODO: check +CVE-2017-14826 (This vulnerability allows remote attackers to execute arbitrary code ...) + TODO: check +CVE-2017-14825 (This vulnerability allows remote attackers to execute arbitrary code ...) + TODO: check +CVE-2017-14824 (This vulnerability allows remote attackers to execute arbitrary code ...) + TODO: check +CVE-2017-14823 (This vulnerability allows remote attackers to execute arbitrary code ...) + TODO: check +CVE-2017-14822 (This vulnerability allows remote attackers to disclose sensitive ...) + TODO: check +CVE-2017-14821 (This vulnerability allows remote attackers to disclose sensitive ...) + TODO: check +CVE-2017-14820 (This vulnerability allows remote attackers to disclose sensitive ...) + TODO: check +CVE-2017-14819 (This vulnerability allows remote attackers to disclose sensitive ...) + TODO: check +CVE-2017-14818 (This vulnerability allows remote attackers to disclose sensitive on ...) + TODO: check CVE-2017-14817 RESERVED CVE-2017-14816 @@ -24004,8 +23997,8 @@ NOT-FOR-US: Synology CVE-2017-12073 RESERVED -CVE-2017-12072 - RESERVED +CVE-2017-12072 (Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in ...) + TODO: check CVE-2017-12071 (Server-side request forgery (SSRF) vulnerability in file_upload.php in ...) NOT-FOR-US: Synology CVE-2017-12070 @@ -27430,14 +27423,14 @@ NOT-FOR-US: REDCap CVE-2017-10960 RESERVED -CVE-2017-10959 - RESERVED -CVE-2017-10958 - RESERVED -CVE-2017-10957 - RESERVED -CVE-2017-10956 - RESERVED +CVE-2017-10959 (This vulnerability allows remote attackers to execute arbitrary code ...) + TODO: check +CVE-2017-10958 (This vulnerability allows remote attackers to execute arbitrary code ...) + TODO: check +CVE-2017-10957 (This vulnerability allows remote attackers to execute arbitrary code ...) + TODO: check +CVE-2017-10956 (This vulnerability allows remote attackers to disclose sensitive ...) + TODO: check CVE-2017-10955 (** DISPUTED ** This vulnerability allows remote attackers to execute ...) NOT-FOR-US: EMC CVE-2017-10954 (This vulnerability allows remote attackers to execute arbitrary code ...) @@ -42377,8 +42370,8 @@ NOT-FOR-US: Mail Masta plugin for Wordpress CVE-2017-6095 (A SQL injection issue was discovered in the Mail Masta (aka mail-masta) ...) NOT-FOR-US: Mail Masta plugin for Wordpress -CVE-2017-6094 - RESERVED +CVE-2017-6094 (CPEs used by subscribers on the access network receive their ...) + TODO: check CVE-2017-6093 RESERVED CVE-2017-6092 @@ -46801,14 +46794,14 @@ RESERVED CVE-2017-4944 RESERVED -CVE-2017-4943 - RESERVED +CVE-2017-4943 (VMware vCenter Server Appliance (vCSA) (6.5 before 6.5 U1d) contains a ...) + TODO: check CVE-2017-4942 (VMware AirWatch Console (AWC) contains a Broken Access Control ...) NOT-FOR-US: VMware -CVE-2017-4941 - RESERVED -CVE-2017-4940 - RESERVED +CVE-2017-4941 (VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ...) + TODO: check +CVE-2017-4940 (The ESXi Host Client in VMware ESXi (6.5 before ESXi650-201712103-SG, ...) + TODO: check CVE-2017-4939 (VMware Workstation (12.x before 12.5.8) installer contains a DLL ...) NOT-FOR-US: VMware CVE-2017-4938 (VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) ...) @@ -46821,8 +46814,8 @@ NOT-FOR-US: VMware CVE-2017-4934 (VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) ...) NOT-FOR-US: VMware -CVE-2017-4933 - RESERVED +CVE-2017-4933 (VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x ...) + TODO: check CVE-2017-4932 (VMware AirWatch Launcher for Android prior to 3.2.2 contains a ...) NOT-FOR-US: VMware CVE-2017-4931 (VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability ...) @@ -55041,8 +55034,8 @@ RESERVED CVE-2017-1758 RESERVED -CVE-2017-1757 - RESERVED +CVE-2017-1757 (IBM Security Guardium 10.0 is vulnerable to SQL injection. A remote ...) + TODO: check CVE-2017-1756 RESERVED CVE-2017-1755 @@ -55053,8 +55046,8 @@ RESERVED CVE-2017-1752 RESERVED -CVE-2017-1751 - RESERVED +CVE-2017-1751 (IBM Robotic Process Automation with Automation Anywhere 10.0.0 is ...) + TODO: check CVE-2017-1750 RESERVED CVE-2017-1749 @@ -55063,8 +55056,8 @@ RESERVED CVE-2017-1747 RESERVED -CVE-2017-1746 - RESERVED +CVE-2017-1746 (IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is ...) + TODO: check CVE-2017-1745 RESERVED CVE-2017-1744 @@ -55163,12 +55156,12 @@ RESERVED CVE-2017-1697 RESERVED -CVE-2017-1696 - RESERVED +CVE-2017-1696 (IBM QRadar 7.2 and 7.3 could allow a remote authenticated attacker to ...) + TODO: check CVE-2017-1695 RESERVED -CVE-2017-1694 - RESERVED +CVE-2017-1694 (IBM Integration Bus 9.0 and 10.0 transmits user credentials in plain ...) + TODO: check CVE-2017-1693 RESERVED CVE-2017-1692 @@ -55293,8 +55286,8 @@ RESERVED CVE-2017-1632 (IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. ...) TODO: check -CVE-2017-1631 - RESERVED +CVE-2017-1631 (IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is ...) + TODO: check CVE-2017-1630 RESERVED CVE-2017-1629 @@ -55355,18 +55348,18 @@ RESERVED CVE-2017-1601 RESERVED -CVE-2017-1600 - RESERVED +CVE-2017-1600 (IBM Security Guardium 10.0 Database Activity Monitor is vulnerable to ...) + TODO: check CVE-2017-1599 RESERVED -CVE-2017-1598 - RESERVED +CVE-2017-1598 (IBM Security Guardium 10.0 Database Activity Monitor uses weaker than ...) + TODO: check CVE-2017-1597 RESERVED -CVE-2017-1596 - RESERVED -CVE-2017-1595 - RESERVED +CVE-2017-1596 (IBM Security Guardium 10.0 Database Activity Monitor could allow a ...) + TODO: check +CVE-2017-1595 (IBM Security Guardium 10.0 Database Activity Monitor could allow a ...) + TODO: check CVE-2017-1594 RESERVED CVE-2017-1593 (IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to ...) @@ -55567,8 +55560,8 @@ NOT-FOR-US: IBM CVE-2017-1495 (IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a ...) NOT-FOR-US: IBM -CVE-2017-1494 - RESERVED +CVE-2017-1494 (IBM Business Process Manager 8.5 is vulnerable to cross-site ...) + TODO: check CVE-2017-1493 RESERVED CVE-2017-1492 @@ -55709,8 +55702,8 @@ NOT-FOR-US: IBM CVE-2017-1424 (IBM Business Process Manager 8.5.7 is vulnerable to cross-site ...) NOT-FOR-US: IBM -CVE-2017-1423 - RESERVED +CVE-2017-1423 (IBM WebSphere Portal 8.5 and 9.0 exposes backend server URLs that are ...) + TODO: check CVE-2017-1422 (IBM MaaS360 DTM all versions up to 3.81 does not perform proper ...) NOT-FOR-US: IBM CVE-2017-1421 (IBM iNotes is vulnerable to cross-site scripting. This vulnerability ...) @@ -56015,34 +56008,34 @@ RESERVED CVE-2017-1271 (IBM Security Guardium 9.0, 9.1, and 9.5 supports interaction between ...) NOT-FOR-US: IBM -CVE-2017-1270 - RESERVED +CVE-2017-1270 (IBM Security Guardium 10.0 does not renew a session variable after a ...) + TODO: check CVE-2017-1269 (IBM Security Guardium 10.0 and 10.1 is vulnerable to SQL injection. A ...) NOT-FOR-US: IBM CVE-2017-1268 RESERVED CVE-2017-1267 (IBM Security Guardium 10.0 and 10.1 processes patches, image backups ...) NOT-FOR-US: IBM -CVE-2017-1266 - RESERVED +CVE-2017-1266 (IBM Security Guardium 10.0 specifies permissions for a ...) + TODO: check CVE-2017-1265 RESERVED CVE-2017-1264 (IBM Security Guardium 10.0 does not prove or insufficiently proves ...) NOT-FOR-US: IBM CVE-2017-1263 RESERVED -CVE-2017-1262 - RESERVED -CVE-2017-1261 - RESERVED +CVE-2017-1262 (IBM Security Guardium 10.0 is vulnerable to HTTP response splitting ...) + TODO: check +CVE-2017-1261 (IBM Security Guardium 10.0 stores potentially sensitive information in ...) + TODO: check CVE-2017-1260 RESERVED CVE-2017-1259 RESERVED CVE-2017-1258 (IBM Security Guardium 10.0 and 10.1 does not perform an authentication ...) NOT-FOR-US: IBM -CVE-2017-1257 - RESERVED +CVE-2017-1257 (IBM Security Guardium 10.0 discloses sensitive information to ...) + TODO: check CVE-2017-1256 (IBM Security Guardium 10.0, 10.1 is vulnerable to cross-site ...) NOT-FOR-US: IBM CVE-2017-1255 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits