Author: sectracker
Date: 2017-12-20 21:10:12 +0000 (Wed, 20 Dec 2017)
New Revision: 58740
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-20 20:37:38 UTC (rev 58739)
+++ data/CVE/list 2017-12-20 21:10:12 UTC (rev 58740)
@@ -78,42 +78,42 @@
RESERVED
CVE-2018-3560
RESERVED
-CVE-2017-17804
- RESERVED
-CVE-2017-17803
- RESERVED
-CVE-2017-17802
- RESERVED
-CVE-2017-17801
- RESERVED
-CVE-2017-17800
- RESERVED
-CVE-2017-17799
- RESERVED
-CVE-2017-17798
- RESERVED
-CVE-2017-17797
- RESERVED
-CVE-2017-17796
- RESERVED
-CVE-2017-17795
- RESERVED
-CVE-2017-17794
- RESERVED
-CVE-2017-17793
- RESERVED
-CVE-2017-17792
- RESERVED
+CVE-2017-17804 (In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS)
allows ...)
+ TODO: check
+CVE-2017-17803 (In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file
(VIRAGTLT.SYS) ...)
+ TODO: check
+CVE-2017-17802 (In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file
(VIRAGTLT.SYS) ...)
+ TODO: check
+CVE-2017-17801 (In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file
(VIRAGTLT.SYS) ...)
+ TODO: check
+CVE-2017-17800 (In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file
(VIRAGTLT.SYS) ...)
+ TODO: check
+CVE-2017-17799 (In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file
(VIRAGTLT.SYS) ...)
+ TODO: check
+CVE-2017-17798 (In TG Soft Vir.IT eXplorer Lite 8.5.42, the driver file
(VIRAGTLT.SYS) ...)
+ TODO: check
+CVE-2017-17797 (In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS)
allows ...)
+ TODO: check
+CVE-2017-17796 (In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file
(VIRAGTLT.SYS) ...)
+ TODO: check
+CVE-2017-17795 (In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS)
allows ...)
+ TODO: check
+CVE-2017-17794 (validate_form_preferences in admin/preferences.php in
BlogoText through ...)
+ TODO: check
+CVE-2017-17793 (Information Disclosure vulnerability in creer_fichier_zip in
...)
+ TODO: check
+CVE-2017-17792 (Cross site scripting (XSS) vulnerability in the
markup_clean_href ...)
+ TODO: check
CVE-2017-17791
RESERVED
-CVE-2017-17790
- RESERVED
-CVE-2017-17783
- RESERVED
-CVE-2017-17782
- RESERVED
-CVE-2017-17781
- RESERVED
+CVE-2017-17790 (The lazy_initialize function in lib/resolv.rb in Ruby through
2.4.3 ...)
+ TODO: check
+CVE-2017-17783 (In GraphicsMagick 1.3.27a, there is a buffer over-read in
ReadPALMImage ...)
+ TODO: check
+CVE-2017-17782 (In GraphicsMagick 1.3.27a, there is a heap-based buffer
over-read in ...)
+ TODO: check
+CVE-2017-17781 (In Horde Groupware through 5.2.22, SQL Injection exists via
the group ...)
+ TODO: check
CVE-2017-17780 (The Clockwork SMS clockwork-test-message.php component has XSS
via a ...)
NOT-FOR-US: Clockwork SMS plugins for WordPress
CVE-2017-17779 (Paid To Read Script 2.0.5 has SQL injection via the
referrals.php id ...)
@@ -154,20 +154,18 @@
RESERVED
CVE-2017-17761 (An issue was discovered on Ichano AtHome IP Camera devices.
The device ...)
NOT-FOR-US: Ichano AtHome IP Camera
-CVE-2017-17476 [OSA-2017-10: Session hijacking]
- RESERVED
+CVE-2017-17476 (Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x
before ...)
+ {DSA-4069-1}
- otrs2 6.0.3-1 (bug #884801)
NOTE:
https://www.otrs.com/security-advisory-2017-10-security-update-otrs-framework/
NOTE: OTRS-6:
https://github.com/OTRS/otrs/commit/36e3be99cfe8a9e09afa1b75fdc39f3e28f561fc
NOTE: OTRS-5:
https://github.com/OTRS/otrs/commit/720c73fbf53e476ca7dfdf2ae1d4d3d2aad2b953
NOTE: OTRS-4:
https://github.com/OTRS/otrs/commit/26707eaaa791648e6c7ad6aeaa27efd70e7c66eb
-CVE-2017-17785 [gimp: Heap overflow in FLI import]
- RESERVED
+CVE-2017-17785 (In GIMP 2.8.22, there is a heap-based buffer overflow in the
...)
- gimp <unfixed> (bug #884836)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=739133
NOTE: Can be reproduced (at least in wheezy) with "valgrind
--trace-children=yes gimp <reproducerfile>"
-CVE-2017-17786 [gimp: OOB read in TGA]
- RESERVED
+CVE-2017-17786 (In GIMP 2.8.22, there is a heap-based buffer over-read in
ReadImage in ...)
- gimp <unfixed> (unimportant; bug #884862)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=739134
NOTE:
https://git.gnome.org/browse/gimp/commit/?id=674b62ad45b6579ec6d7923dc3cb1ef4e8b5498b
(master)
@@ -175,27 +173,23 @@
NOTE:
https://git.gnome.org/browse/gimp/commit/?h=gimp-2-8&id=ef9c821fff8b637a2178eab1c78cae6764c50e12
(gimp-2-8)
NOTE:
https://git.gnome.org/browse/gimp/commit/?h=gimp-2-8&id=22e2571c25425f225abdb11a566cc281fca6f366
(gimp-2-8)
NOTE: Crash in desktop tool, no/negligable security impact
-CVE-2017-17788 [gimp: OOB read in XCF]
- RESERVED
+CVE-2017-17788 (In GIMP 2.8.22, there is a stack-based buffer over-read in ...)
- gimp <unfixed> (unimportant)
NOTE:
https://git.gnome.org/browse/gimp/commit/?id=702c4227e8b6169f781e4bb5ae4b5733f51ab126
(master)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=790783
NOTE: Crash in desktop tool, no/negligable security impact
-CVE-2017-17784 [gimp: OOB read in GBR]
- RESERVED
+CVE-2017-17784 (In GIMP 2.8.22, there is a heap-based buffer over-read in
load_image in ...)
- gimp <unfixed> (unimportant)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=790784
NOTE: Crash in desktop tool, no/negligable security impact
-CVE-2017-17789 [gimp: Heap overflow in PSP]
- RESERVED
+CVE-2017-17789 (In GIMP 2.8.22, there is a heap-based buffer overflow in ...)
- gimp <unfixed> (bug #884837)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=790849
NOTE:
https://git.gnome.org/browse/GIMP/commit/?id=28e95fbeb5720e6005a088fa811f5bf3c1af48b8
(master)
NOTE:
https://git.gnome.org/browse/GIMP/commit/?id=01898f10f87a094665a7fdcf7153990f4e511d3f
(gimp-2-8)
NOTE: Cannot be reproduced in wheezy with "valgrind
--trace-children=yes gimp <reproducerfile>"
NOTE: Some OOB read/write can be reproduced in sid with "valgrind
--trace-children=yes gimp <reproducerfile>"
-CVE-2017-17787 [gimp: OOB read in PSP]
- RESERVED
+CVE-2017-17787 (In GIMP 2.8.22, there is a heap-based buffer over-read in ...)
- gimp <unfixed> (unimportant)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=790853
NOTE: Crash in desktop tool, no/negligable security impact
@@ -215,8 +209,8 @@
RESERVED
CVE-2017-17753 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
NOT-FOR-US: esb-csv-import-export plugin for WordPress
-CVE-2017-17752
- RESERVED
+CVE-2017-17752 (Ability Mail Server 3.3.2 has Cross Site Scripting (XSS) via
the body ...)
+ TODO: check
CVE-2017-17751
RESERVED
CVE-2017-17750
@@ -225,12 +219,12 @@
RESERVED
CVE-2017-17748
RESERVED
-CVE-2017-17747
- RESERVED
-CVE-2017-17746
- RESERVED
-CVE-2017-17745
- RESERVED
+CVE-2017-17747 (Weak access controls in the Device Logout functionality on the
TP-Link ...)
+ TODO: check
+CVE-2017-17746 (Weak access control methods on the TP-Link TL-SG108E 1.0.0
allow any ...)
+ TODO: check
+CVE-2017-17745 (Cross-site scripting (XSS) vulnerability in
system_name_set.cgi in ...)
+ TODO: check
CVE-2017-17744 (A cross-site scripting (XSS) vulnerability in the custom-map
plugin ...)
NOT-FOR-US: custom-map plugin for WordPress
CVE-2017-17743
@@ -10032,8 +10026,7 @@
NOT-FOR-US: b3log Symphony
CVE-2017-16819 (A stored cross-site scripting vulnerability in the Icon Time
Systems ...)
NOT-FOR-US: Icon Time Systems RTC-1000
-CVE-2017-16818 [Failed assertion through user input in ceph_assert() function
in rgw_iam_policy.cc]
- RESERVED
+CVE-2017-16818 (RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote ...)
- ceph <not-affected> (Vulnerable code introduced after 12.1.0)
NOTE:
https://github.com/ceph/ceph/commit/b3118cabb8060a8cc6a01c4e8264cb18e7b1745a
CVE-2017-16817
@@ -10245,16 +10238,16 @@
RESERVED
CVE-2017-16736
RESERVED
-CVE-2017-16735
- RESERVED
+CVE-2017-16735 (A SQL Injection issue was discovered in Ecava IntegraXor v
6.1.1030.1 ...)
+ TODO: check
CVE-2017-16734
RESERVED
-CVE-2017-16733
- RESERVED
+CVE-2017-16733 (A SQL Injection issue was discovered in Ecava IntegraXor v
6.1.1030.1 ...)
+ TODO: check
CVE-2017-16732
RESERVED
-CVE-2017-16731
- RESERVED
+CVE-2017-16731 (An Unprotected Transport of Credentials issue was discovered
in ABB ...)
+ TODO: check
CVE-2017-16730
RESERVED
CVE-2017-16729
@@ -10265,8 +10258,8 @@
RESERVED
CVE-2017-16726
RESERVED
-CVE-2017-16725
- RESERVED
+CVE-2017-16725 (A Stack-based Buffer Overflow issue was discovered in Xiongmai
...)
+ TODO: check
CVE-2017-16724
RESERVED
CVE-2017-16723 (A Cross-site Scripting issue was discovered in PHOENIX CONTACT
FL ...)
@@ -10281,8 +10274,8 @@
NOT-FOR-US: Moxa
CVE-2017-16718
RESERVED
-CVE-2017-16717
- RESERVED
+CVE-2017-16717 (A Heap-based Buffer Overflow issue was discovered in WECON
LeviStudio ...)
+ TODO: check
CVE-2017-16716
RESERVED
CVE-2017-16715 (An Information Exposure issue was discovered in Moxa NPort
5110 Version ...)
@@ -10638,44 +10631,44 @@
RESERVED
CVE-2017-16590
RESERVED
-CVE-2017-16589
- RESERVED
-CVE-2017-16588
- RESERVED
-CVE-2017-16587
- RESERVED
-CVE-2017-16586
- RESERVED
-CVE-2017-16585
- RESERVED
-CVE-2017-16584
- RESERVED
-CVE-2017-16583
- RESERVED
-CVE-2017-16582
- RESERVED
-CVE-2017-16581
- RESERVED
-CVE-2017-16580
- RESERVED
-CVE-2017-16579
- RESERVED
-CVE-2017-16578
- RESERVED
-CVE-2017-16577
- RESERVED
-CVE-2017-16576
- RESERVED
-CVE-2017-16575
- RESERVED
-CVE-2017-16574
- RESERVED
-CVE-2017-16573
- RESERVED
-CVE-2017-16572
- RESERVED
-CVE-2017-16571
- RESERVED
+CVE-2017-16589 (This vulnerability allows remote attackers to disclose
sensitive ...)
+ TODO: check
+CVE-2017-16588 (This vulnerability allows remote attackers to disclose
sensitive ...)
+ TODO: check
+CVE-2017-16587 (This vulnerability allows remote attackers to execute
arbitrary code ...)
+ TODO: check
+CVE-2017-16586 (This vulnerability allows remote attackers to execute
arbitrary code ...)
+ TODO: check
+CVE-2017-16585 (This vulnerability allows remote attackers to execute
arbitrary code ...)
+ TODO: check
+CVE-2017-16584 (This vulnerability allows remote attackers to disclose
sensitive ...)
+ TODO: check
+CVE-2017-16583 (This vulnerability allows remote attackers to execute
arbitrary code ...)
+ TODO: check
+CVE-2017-16582 (This vulnerability allows remote attackers to execute
arbitrary code ...)
+ TODO: check
+CVE-2017-16581 (This vulnerability allows remote attackers to execute
arbitrary code ...)
+ TODO: check
+CVE-2017-16580 (This vulnerability allows remote attackers to disclose
sensitive ...)
+ TODO: check
+CVE-2017-16579 (This vulnerability allows remote attackers to disclose
sensitive ...)
+ TODO: check
+CVE-2017-16578 (This vulnerability allows remote attackers to execute
arbitrary code ...)
+ TODO: check
+CVE-2017-16577 (This vulnerability allows remote attackers to execute
arbitrary code ...)
+ TODO: check
+CVE-2017-16576 (This vulnerability allows remote attackers to execute
arbitrary code ...)
+ TODO: check
+CVE-2017-16575 (This vulnerability allows remote attackers to execute
arbitrary code ...)
+ TODO: check
+CVE-2017-16574 (This vulnerability allows remote attackers to disclose
sensitive ...)
+ TODO: check
+CVE-2017-16573 (This vulnerability allows remote attackers to disclose
sensitive ...)
+ TODO: check
+CVE-2017-16572 (This vulnerability allows remote attackers to execute
arbitrary code ...)
+ TODO: check
+CVE-2017-16571 (This vulnerability allows remote attackers to execute
arbitrary code ...)
+ TODO: check
CVE-2017-16570 (KeystoneJS before 4.0.0-beta.7 allows application-wide CSRF
bypass by ...)
NOT-FOR-US: KeystoneJS
CVE-2017-16569 (An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018
via an ...)
@@ -13525,8 +13518,8 @@
RESERVED
CVE-2017-15533
RESERVED
-CVE-2017-15532
- RESERVED
+CVE-2017-15532 (Prior to 10.6.4, Symantec Messaging Gateway may be susceptible
to a ...)
+ TODO: check
CVE-2017-15531
RESERVED
CVE-2017-15530 (Prior to 4.4.1.10, the Norton Family Android App can be
susceptible to ...)
@@ -15462,22 +15455,22 @@
NOTE:
https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339085.html
NOTE:
https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339086.html
NOTE: Not considered a security issue by upstream, see #877543
-CVE-2017-14969
- RESERVED
-CVE-2017-14968
- RESERVED
-CVE-2017-14967
- RESERVED
-CVE-2017-14966
- RESERVED
-CVE-2017-14965
- RESERVED
-CVE-2017-14964
- RESERVED
-CVE-2017-14963
- RESERVED
-CVE-2017-14962
- RESERVED
+CVE-2017-14969 (In IKARUS anti.virus before 2.16.18, the ntguard.sys driver
contains an ...)
+ TODO: check
+CVE-2017-14968 (In IKARUS anti.virus before 2.16.18, the ntguard.sys driver
contains an ...)
+ TODO: check
+CVE-2017-14967 (In IKARUS anti.virus before 2.16.18, the ntguard.sys driver
contains an ...)
+ TODO: check
+CVE-2017-14966 (In IKARUS anti.virus before 2.16.18, the ntguard.sys driver
contains an ...)
+ TODO: check
+CVE-2017-14965 (In IKARUS anti.virus before 2.16.18, the ntguard.sys driver
contains an ...)
+ TODO: check
+CVE-2017-14964 (In IKARUS anti.virus before 2.16.18, the ntguard.sys driver
contains an ...)
+ TODO: check
+CVE-2017-14963 (In IKARUS anti.virus before 2.16.18, the ntguard.sys driver
contains an ...)
+ TODO: check
+CVE-2017-14962 (In IKARUS anti.virus before 2.16.18, the ntguard.sys driver
contains an ...)
+ TODO: check
CVE-2017-14961 (In IKARUS anti.virus 2.16.7, the ntguard.sys driver contains
an ...)
NOT-FOR-US: IKARUS anti.virus
CVE-2017-14960
@@ -15876,46 +15869,46 @@
NOT-FOR-US: TeamWork Photo Fusion
CVE-2017-14838 (TeamWork Job Links allows Arbitrary File Upload in
profileChange and ...)
NOT-FOR-US: TeamWork Job Links
-CVE-2017-14837
- RESERVED
-CVE-2017-14836
- RESERVED
-CVE-2017-14835
- RESERVED
-CVE-2017-14834
- RESERVED
-CVE-2017-14833
- RESERVED
-CVE-2017-14832
- RESERVED
-CVE-2017-14831
- RESERVED
-CVE-2017-14830
- RESERVED
-CVE-2017-14829
- RESERVED
-CVE-2017-14828
- RESERVED
-CVE-2017-14827
- RESERVED
-CVE-2017-14826
- RESERVED
-CVE-2017-14825
- RESERVED
-CVE-2017-14824
- RESERVED
-CVE-2017-14823
- RESERVED
-CVE-2017-14822
- RESERVED
-CVE-2017-14821
- RESERVED
-CVE-2017-14820
- RESERVED
-CVE-2017-14819
- RESERVED
-CVE-2017-14818
- RESERVED
+CVE-2017-14837 (This vulnerability allows remote attackers to execute
arbitrary code ...)
+ TODO: check
+CVE-2017-14836 (This vulnerability allows remote attackers to execute
arbitrary code ...)
+ TODO: check
+CVE-2017-14835 (This vulnerability allows remote attackers to execute
arbitrary code ...)
+ TODO: check
+CVE-2017-14834 (This vulnerability allows remote attackers to execute
arbitrary code ...)
+ TODO: check
+CVE-2017-14833 (This vulnerability allows remote attackers to execute
arbitrary code ...)
+ TODO: check
+CVE-2017-14832 (This vulnerability allows remote attackers to execute
arbitrary code ...)
+ TODO: check
+CVE-2017-14831 (This vulnerability allows remote attackers to execute
arbitrary code ...)
+ TODO: check
+CVE-2017-14830 (This vulnerability allows remote attackers to execute
arbitrary code ...)
+ TODO: check
+CVE-2017-14829 (This vulnerability allows remote attackers to execute
arbitrary code ...)
+ TODO: check
+CVE-2017-14828 (This vulnerability allows remote attackers to execute
arbitrary code ...)
+ TODO: check
+CVE-2017-14827 (This vulnerability allows remote attackers to execute
arbitrary code ...)
+ TODO: check
+CVE-2017-14826 (This vulnerability allows remote attackers to execute
arbitrary code ...)
+ TODO: check
+CVE-2017-14825 (This vulnerability allows remote attackers to execute
arbitrary code ...)
+ TODO: check
+CVE-2017-14824 (This vulnerability allows remote attackers to execute
arbitrary code ...)
+ TODO: check
+CVE-2017-14823 (This vulnerability allows remote attackers to execute
arbitrary code ...)
+ TODO: check
+CVE-2017-14822 (This vulnerability allows remote attackers to disclose
sensitive ...)
+ TODO: check
+CVE-2017-14821 (This vulnerability allows remote attackers to disclose
sensitive ...)
+ TODO: check
+CVE-2017-14820 (This vulnerability allows remote attackers to disclose
sensitive ...)
+ TODO: check
+CVE-2017-14819 (This vulnerability allows remote attackers to disclose
sensitive ...)
+ TODO: check
+CVE-2017-14818 (This vulnerability allows remote attackers to disclose
sensitive on ...)
+ TODO: check
CVE-2017-14817
RESERVED
CVE-2017-14816
@@ -24004,8 +23997,8 @@
NOT-FOR-US: Synology
CVE-2017-12073
RESERVED
-CVE-2017-12072
- RESERVED
+CVE-2017-12072 (Cross-site scripting (XSS) vulnerability in
PixlrEditorHandler.php in ...)
+ TODO: check
CVE-2017-12071 (Server-side request forgery (SSRF) vulnerability in
file_upload.php in ...)
NOT-FOR-US: Synology
CVE-2017-12070
@@ -27430,14 +27423,14 @@
NOT-FOR-US: REDCap
CVE-2017-10960
RESERVED
-CVE-2017-10959
- RESERVED
-CVE-2017-10958
- RESERVED
-CVE-2017-10957
- RESERVED
-CVE-2017-10956
- RESERVED
+CVE-2017-10959 (This vulnerability allows remote attackers to execute
arbitrary code ...)
+ TODO: check
+CVE-2017-10958 (This vulnerability allows remote attackers to execute
arbitrary code ...)
+ TODO: check
+CVE-2017-10957 (This vulnerability allows remote attackers to execute
arbitrary code ...)
+ TODO: check
+CVE-2017-10956 (This vulnerability allows remote attackers to disclose
sensitive ...)
+ TODO: check
CVE-2017-10955 (** DISPUTED ** This vulnerability allows remote attackers to
execute ...)
NOT-FOR-US: EMC
CVE-2017-10954 (This vulnerability allows remote attackers to execute
arbitrary code ...)
@@ -42377,8 +42370,8 @@
NOT-FOR-US: Mail Masta plugin for Wordpress
CVE-2017-6095 (A SQL injection issue was discovered in the Mail Masta (aka
mail-masta) ...)
NOT-FOR-US: Mail Masta plugin for Wordpress
-CVE-2017-6094
- RESERVED
+CVE-2017-6094 (CPEs used by subscribers on the access network receive their
...)
+ TODO: check
CVE-2017-6093
RESERVED
CVE-2017-6092
@@ -46801,14 +46794,14 @@
RESERVED
CVE-2017-4944
RESERVED
-CVE-2017-4943
- RESERVED
+CVE-2017-4943 (VMware vCenter Server Appliance (vCSA) (6.5 before 6.5 U1d)
contains a ...)
+ TODO: check
CVE-2017-4942 (VMware AirWatch Console (AWC) contains a Broken Access Control
...)
NOT-FOR-US: VMware
-CVE-2017-4941
- RESERVED
-CVE-2017-4940
- RESERVED
+CVE-2017-4941 (VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ...)
+ TODO: check
+CVE-2017-4940 (The ESXi Host Client in VMware ESXi (6.5 before
ESXi650-201712103-SG, ...)
+ TODO: check
CVE-2017-4939 (VMware Workstation (12.x before 12.5.8) installer contains a
DLL ...)
NOT-FOR-US: VMware
CVE-2017-4938 (VMware Workstation (12.x before 12.5.8) and Fusion (8.x before
8.5.9) ...)
@@ -46821,8 +46814,8 @@
NOT-FOR-US: VMware
CVE-2017-4934 (VMware Workstation (12.x before 12.5.8) and Fusion (8.x before
8.5.9) ...)
NOT-FOR-US: VMware
-CVE-2017-4933
- RESERVED
+CVE-2017-4933 (VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation
(12.x ...)
+ TODO: check
CVE-2017-4932 (VMware AirWatch Launcher for Android prior to 3.2.2 contains a
...)
NOT-FOR-US: VMware
CVE-2017-4931 (VMware AirWatch Console 9.x prior to 9.2.0 contains a
vulnerability ...)
@@ -55041,8 +55034,8 @@
RESERVED
CVE-2017-1758
RESERVED
-CVE-2017-1757
- RESERVED
+CVE-2017-1757 (IBM Security Guardium 10.0 is vulnerable to SQL injection. A
remote ...)
+ TODO: check
CVE-2017-1756
RESERVED
CVE-2017-1755
@@ -55053,8 +55046,8 @@
RESERVED
CVE-2017-1752
RESERVED
-CVE-2017-1751
- RESERVED
+CVE-2017-1751 (IBM Robotic Process Automation with Automation Anywhere 10.0.0
is ...)
+ TODO: check
CVE-2017-1750
RESERVED
CVE-2017-1749
@@ -55063,8 +55056,8 @@
RESERVED
CVE-2017-1747
RESERVED
-CVE-2017-1746
- RESERVED
+CVE-2017-1746 (IBM Jazz for Service Management (IBM Tivoli Components 1.1.3)
is ...)
+ TODO: check
CVE-2017-1745
RESERVED
CVE-2017-1744
@@ -55163,12 +55156,12 @@
RESERVED
CVE-2017-1697
RESERVED
-CVE-2017-1696
- RESERVED
+CVE-2017-1696 (IBM QRadar 7.2 and 7.3 could allow a remote authenticated
attacker to ...)
+ TODO: check
CVE-2017-1695
RESERVED
-CVE-2017-1694
- RESERVED
+CVE-2017-1694 (IBM Integration Bus 9.0 and 10.0 transmits user credentials in
plain ...)
+ TODO: check
CVE-2017-1693
RESERVED
CVE-2017-1692
@@ -55293,8 +55286,8 @@
RESERVED
CVE-2017-1632 (IBM Sterling File Gateway 2.2 is vulnerable to cross-site
scripting. ...)
TODO: check
-CVE-2017-1631
- RESERVED
+CVE-2017-1631 (IBM Jazz for Service Management (IBM Tivoli Components 1.1.3)
is ...)
+ TODO: check
CVE-2017-1630
RESERVED
CVE-2017-1629
@@ -55355,18 +55348,18 @@
RESERVED
CVE-2017-1601
RESERVED
-CVE-2017-1600
- RESERVED
+CVE-2017-1600 (IBM Security Guardium 10.0 Database Activity Monitor is
vulnerable to ...)
+ TODO: check
CVE-2017-1599
RESERVED
-CVE-2017-1598
- RESERVED
+CVE-2017-1598 (IBM Security Guardium 10.0 Database Activity Monitor uses
weaker than ...)
+ TODO: check
CVE-2017-1597
RESERVED
-CVE-2017-1596
- RESERVED
-CVE-2017-1595
- RESERVED
+CVE-2017-1596 (IBM Security Guardium 10.0 Database Activity Monitor could
allow a ...)
+ TODO: check
+CVE-2017-1595 (IBM Security Guardium 10.0 Database Activity Monitor could
allow a ...)
+ TODO: check
CVE-2017-1594
RESERVED
CVE-2017-1593 (IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is
vulnerable to ...)
@@ -55567,8 +55560,8 @@
NOT-FOR-US: IBM
CVE-2017-1495 (IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could
allow a ...)
NOT-FOR-US: IBM
-CVE-2017-1494
- RESERVED
+CVE-2017-1494 (IBM Business Process Manager 8.5 is vulnerable to cross-site
...)
+ TODO: check
CVE-2017-1493
RESERVED
CVE-2017-1492
@@ -55709,8 +55702,8 @@
NOT-FOR-US: IBM
CVE-2017-1424 (IBM Business Process Manager 8.5.7 is vulnerable to cross-site
...)
NOT-FOR-US: IBM
-CVE-2017-1423
- RESERVED
+CVE-2017-1423 (IBM WebSphere Portal 8.5 and 9.0 exposes backend server URLs
that are ...)
+ TODO: check
CVE-2017-1422 (IBM MaaS360 DTM all versions up to 3.81 does not perform proper
...)
NOT-FOR-US: IBM
CVE-2017-1421 (IBM iNotes is vulnerable to cross-site scripting. This
vulnerability ...)
@@ -56015,34 +56008,34 @@
RESERVED
CVE-2017-1271 (IBM Security Guardium 9.0, 9.1, and 9.5 supports interaction
between ...)
NOT-FOR-US: IBM
-CVE-2017-1270
- RESERVED
+CVE-2017-1270 (IBM Security Guardium 10.0 does not renew a session variable
after a ...)
+ TODO: check
CVE-2017-1269 (IBM Security Guardium 10.0 and 10.1 is vulnerable to SQL
injection. A ...)
NOT-FOR-US: IBM
CVE-2017-1268
RESERVED
CVE-2017-1267 (IBM Security Guardium 10.0 and 10.1 processes patches, image
backups ...)
NOT-FOR-US: IBM
-CVE-2017-1266
- RESERVED
+CVE-2017-1266 (IBM Security Guardium 10.0 specifies permissions for a ...)
+ TODO: check
CVE-2017-1265
RESERVED
CVE-2017-1264 (IBM Security Guardium 10.0 does not prove or insufficiently
proves ...)
NOT-FOR-US: IBM
CVE-2017-1263
RESERVED
-CVE-2017-1262
- RESERVED
-CVE-2017-1261
- RESERVED
+CVE-2017-1262 (IBM Security Guardium 10.0 is vulnerable to HTTP response
splitting ...)
+ TODO: check
+CVE-2017-1261 (IBM Security Guardium 10.0 stores potentially sensitive
information in ...)
+ TODO: check
CVE-2017-1260
RESERVED
CVE-2017-1259
RESERVED
CVE-2017-1258 (IBM Security Guardium 10.0 and 10.1 does not perform an
authentication ...)
NOT-FOR-US: IBM
-CVE-2017-1257
- RESERVED
+CVE-2017-1257 (IBM Security Guardium 10.0 discloses sensitive information to
...)
+ TODO: check
CVE-2017-1256 (IBM Security Guardium 10.0, 10.1 is vulnerable to cross-site
...)
NOT-FOR-US: IBM
CVE-2017-1255
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
