[Secure-testing-commits] r51012 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Mon Apr 24 21:10:13 UTC 2017
Author: sectracker
Date: 2017-04-24 21:10:13 +0000 (Mon, 24 Apr 2017)
New Revision: 51012
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-04-24 21:09:46 UTC (rev 51011)
+++ data/CVE/list 2017-04-24 21:10:13 UTC (rev 51012)
@@ -1,3 +1,55 @@
+CVE-2017-8105 (FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a ...)
+ TODO: check
+CVE-2017-8104 (In MyBB before 1.8.11, the smilie module allows Directory Traversal via ...)
+ TODO: check
+CVE-2017-8103 (In MyBB before 1.8.11, the Email MyCode component allows XSS, as ...)
+ TODO: check
+CVE-2017-8102 (Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an ...)
+ TODO: check
+CVE-2017-8101 (There is CSRF in Serendipity 2.0.5, allowing attackers to install any ...)
+ TODO: check
+CVE-2017-8100 (There is CSRF in the CopySafe Web Protection plugin before 2.6 for ...)
+ TODO: check
+CVE-2017-8099 (There is CSRF in the WHIZZ plugin before 1.1.1 for WordPress, allowing ...)
+ TODO: check
+CVE-2017-8098 (e107 2.1.4 is vulnerable to cross-site request forgery in ...)
+ TODO: check
+CVE-2017-8097
+ RESERVED
+CVE-2017-8096
+ RESERVED
+CVE-2017-8095
+ RESERVED
+CVE-2017-8094
+ RESERVED
+CVE-2017-8093
+ RESERVED
+CVE-2017-8092
+ RESERVED
+CVE-2017-8091
+ RESERVED
+CVE-2017-8090
+ RESERVED
+CVE-2017-8089
+ RESERVED
+CVE-2017-8088
+ RESERVED
+CVE-2017-8087
+ RESERVED
+CVE-2017-8086
+ RESERVED
+CVE-2017-8085 (In Exponent CMS before 2.4.1 Patch #5, XSS in elFinder is possible in ...)
+ TODO: check
+CVE-2017-1000361 (DOMRpcImplementationNotAvailableException when sending Port-Status ...)
+ TODO: check
+CVE-2017-1000360 (StreamCorruptedException and NullPointerException in OpenDaylight ...)
+ TODO: check
+CVE-2017-1000359 (Java out of memory error and significant increase in resource ...)
+ TODO: check
+CVE-2017-1000358 (Controller throws an exception and does not allow user to add ...)
+ TODO: check
+CVE-2017-1000357 (Denial of Service attack when the switch rejects to receive packets ...)
+ TODO: check
CVE-2017-8084
RESERVED
CVE-2017-8083
@@ -303,7 +355,7 @@
NOTE: PHP non-issue, might get rejected
CVE-2017-7962 (The iwgif_read_image function in imagew-gif.c in libimageworsener.a in ...)
NOT-FOR-US: ImageWorsener
-CVE-2017-7961 (The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco 0.6.11 and ...)
+CVE-2017-7961 (** DISPUTED ** The cr_tknzr_parse_rgb function in cr-tknzr.c in ...)
{DLA-909-1}
- libcroco 0.6.11-3 (bug #860961)
[jessie] - libcroco <no-dsa> (Minor issue; will be fixed via point release)
@@ -1042,8 +1094,8 @@
NOT-FOR-US: concrete5
CVE-2017-7724
RESERVED
-CVE-2017-7723
- RESERVED
+CVE-2017-7723 (XSS exists in Easy WP SMTP (before 1.2.5), a WordPress Plugin, via the ...)
+ TODO: check
CVE-2017-7722 (In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu ...)
NOT-FOR-US: SolarWinds
CVE-2017-7721
@@ -1371,19 +1423,19 @@
NOTE: https://github.com/vadz/libtiff/commit/66e7bd59520996740e4df5495a830b42fae48bc4
NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes
CVE-2017-7601 (LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" ...)
- {DLA-911-1}
+ {DLA-912-1 DLA-911-1}
- tiff 4.0.7-6
- tiff3 <removed>
NOTE: https://github.com/vadz/libtiff/commit/0a76a8c765c7b8327c59646284fa78c3c27e5490
NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes
CVE-2017-7600 (LibTIFF 4.0.7 has an "outside the range of representable values of type ...)
- {DLA-911-1}
+ {DLA-912-1 DLA-911-1}
- tiff 4.0.7-6
- tiff3 <removed>
NOTE: https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490
NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes
CVE-2017-7599 (LibTIFF 4.0.7 has an "outside the range of representable values of type ...)
- {DLA-911-1}
+ {DLA-912-1 DLA-911-1}
- tiff 4.0.7-6
- tiff3 <removed>
NOTE: https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490
@@ -1396,33 +1448,33 @@
NOTE: https://github.com/vadz/libtiff/commit/3cfd62d77c2a7e147a05bd678524c345fa9c2bb8
NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes
CVE-2017-7597 (tif_dirread.c in LibTIFF 4.0.7 has an "outside the range of ...)
- {DLA-911-1}
+ {DLA-912-1 DLA-911-1}
- tiff 4.0.7-6
- tiff3 <removed>
NOTE: https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490
NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes
CVE-2017-7596 (LibTIFF 4.0.7 has an "outside the range of representable values of type ...)
- {DLA-911-1}
+ {DLA-912-1 DLA-911-1}
- tiff 4.0.7-6
- tiff3 <removed>
NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes
NOTE: https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490
CVE-2017-7595 (The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows ...)
- {DLA-911-1}
+ {DLA-912-1 DLA-911-1}
- tiff 4.0.7-6 (low; bug #860003)
- tiff3 <removed>
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2653
NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-divide-by-zero-in-jpegsetupencode-tiff_jpeg-c
NOTE: https://github.com/vadz/libtiff/commit/47f2fb61a3a64667bce1a8398a8fcb1b348ff122
CVE-2017-7594 (The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in ...)
- {DLA-911-1}
+ {DLA-912-1 DLA-911-1}
- tiff 4.0.7-6 (low; bug #860001)
- tiff3 <removed>
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2659
NOTE: https://github.com/vadz/libtiff/commit/2ea32f7372b65c24b2816f11c04bf59b5090d05b
NOTE: https://github.com/vadz/libtiff/commit/8283e4d1b7e53340684d12932880cbcbaf23a8c1
CVE-2017-7593 (tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is ...)
- {DLA-911-1}
+ {DLA-912-1 DLA-911-1}
- tiff 4.0.7-6 (bug #860000)
- tiff3 <removed>
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2651
@@ -1742,6 +1794,7 @@
NOTE: https://curl.haxx.se/docs/adv_20170419.html
CVE-2017-7467
RESERVED
+ {DLA-914-1}
- minicom 2.7-1.1 (bug #860940)
[jessie] - minicom <no-dsa> (Minor issue; can be fixed via point release)
NOTE: http://www.openwall.com/lists/oss-security/2017/04/18/5
@@ -8927,8 +8980,8 @@
RESERVED
- salt 2016.11.2+ds-1
[jessie] - salt <not-affected> (Vulnerable code not present)
-CVE-2017-5191
- RESERVED
+CVE-2017-5191 (An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 ...)
+ TODO: check
CVE-2017-5190 (NetIQ Access Manager 4.2 before SP3 HF1 and 4.3 before SP1 HF1, when ...)
NOT-FOR-US: NetIQ Access Manager
CVE-2017-5189
@@ -13059,473 +13112,417 @@
RESERVED
CVE-2017-3627
RESERVED
-CVE-2017-3626
- RESERVED
-CVE-2017-3625
- RESERVED
+CVE-2017-3626 (Vulnerability in the Oracle GlassFish Server component of Oracle ...)
+ TODO: check
+CVE-2017-3625 (Vulnerability in the Oracle WebCenter Content component of Oracle ...)
+ TODO: check
CVE-2017-3624
RESERVED
-CVE-2017-3623
- RESERVED
+CVE-2017-3623 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
NOT-FOR-US: Solaris
-CVE-2017-3622
- RESERVED
+CVE-2017-3622 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
NOT-FOR-US: Solaris
-CVE-2017-3621
- RESERVED
+CVE-2017-3621 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of ...)
NOT-FOR-US: Solaris
-CVE-2017-3620
- RESERVED
-CVE-2017-3619
- RESERVED
-CVE-2017-3618
- RESERVED
-CVE-2017-3617
- RESERVED
-CVE-2017-3616
- RESERVED
-CVE-2017-3615
- RESERVED
-CVE-2017-3614
- RESERVED
-CVE-2017-3613
- RESERVED
-CVE-2017-3612
- RESERVED
-CVE-2017-3611
- RESERVED
-CVE-2017-3610
- RESERVED
-CVE-2017-3609
- RESERVED
-CVE-2017-3608
- RESERVED
-CVE-2017-3607
- RESERVED
-CVE-2017-3606
- RESERVED
-CVE-2017-3605
- RESERVED
-CVE-2017-3604
- RESERVED
-CVE-2017-3603
- RESERVED
-CVE-2017-3602
- RESERVED
-CVE-2017-3601
- RESERVED
-CVE-2017-3600
- RESERVED
+CVE-2017-3620 (Vulnerability in the Automatic Service Request (ASR) component of ...)
+ TODO: check
+CVE-2017-3619 (Vulnerability in the Automatic Service Request (ASR) component of ...)
+ TODO: check
+CVE-2017-3618 (Vulnerability in the Automatic Service Request (ASR) component of ...)
+ TODO: check
+CVE-2017-3617 (Vulnerability in the Data Store component of Oracle Berkeley DB. The ...)
+ TODO: check
+CVE-2017-3616 (Vulnerability in the Data Store component of Oracle Berkeley DB. The ...)
+ TODO: check
+CVE-2017-3615 (Vulnerability in the Data Store component of Oracle Berkeley DB. The ...)
+ TODO: check
+CVE-2017-3614 (Vulnerability in the Data Store component of Oracle Berkeley DB. The ...)
+ TODO: check
+CVE-2017-3613 (Vulnerability in the Data Store component of Oracle Berkeley DB. The ...)
+ TODO: check
+CVE-2017-3612 (Vulnerability in the Data Store component of Oracle Berkeley DB. The ...)
+ TODO: check
+CVE-2017-3611 (Vulnerability in the Data Store component of Oracle Berkeley DB. The ...)
+ TODO: check
+CVE-2017-3610 (Vulnerability in the Data Store component of Oracle Berkeley DB. The ...)
+ TODO: check
+CVE-2017-3609 (Vulnerability in the Data Store component of Oracle Berkeley DB. The ...)
+ TODO: check
+CVE-2017-3608 (Vulnerability in the Data Store component of Oracle Berkeley DB. The ...)
+ TODO: check
+CVE-2017-3607 (Vulnerability in the Data Store component of Oracle Berkeley DB. The ...)
+ TODO: check
+CVE-2017-3606 (Vulnerability in the Data Store component of Oracle Berkeley DB. The ...)
+ TODO: check
+CVE-2017-3605 (Vulnerability in the Data Store component of Oracle Berkeley DB. The ...)
+ TODO: check
+CVE-2017-3604 (Vulnerability in the Data Store component of Oracle Berkeley DB. The ...)
+ TODO: check
+CVE-2017-3603 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
+ TODO: check
+CVE-2017-3602 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
+ TODO: check
+CVE-2017-3601 (Vulnerability in the Oracle API Gateway component of Oracle Fusion ...)
+ TODO: check
+CVE-2017-3600 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed> (bug #860547)
- mysql-5.5 <removed> (bug #860544)
-CVE-2017-3599
- RESERVED
+CVE-2017-3599 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed> (bug #860547)
- mysql-5.5 <not-affected> (ONly affects MySQL 5.6 and 5.7)
-CVE-2017-3598
- RESERVED
-CVE-2017-3597
- RESERVED
-CVE-2017-3596
- RESERVED
-CVE-2017-3595
- RESERVED
-CVE-2017-3594
- RESERVED
-CVE-2017-3593
- RESERVED
-CVE-2017-3592
- RESERVED
-CVE-2017-3591
- RESERVED
-CVE-2017-3590
- RESERVED
+CVE-2017-3598 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
+ TODO: check
+CVE-2017-3597 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
+ TODO: check
+CVE-2017-3596 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
+ TODO: check
+CVE-2017-3595 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
+ TODO: check
+CVE-2017-3594 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
+ TODO: check
+CVE-2017-3593 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
+ TODO: check
+CVE-2017-3592 (Vulnerability in the Oracle Payables component of Oracle E-Business ...)
+ TODO: check
+CVE-2017-3591 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
+ TODO: check
+CVE-2017-3590 (Vulnerability in the MySQL Connectors component of Oracle MySQL ...)
- mysql-connector-python <unfixed>
-CVE-2017-3589
- RESERVED
+CVE-2017-3589 (Vulnerability in the MySQL Connectors component of Oracle MySQL ...)
- mysql-connector-java <unfixed>
CVE-2017-3588
RESERVED
-CVE-2017-3587
- RESERVED
+CVE-2017-3587 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
- virtualbox 5.1.20-dfsg-1
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
[wheezy] - virtualbox <end-of-life> (DSA 3454)
-CVE-2017-3586
- RESERVED
+CVE-2017-3586 (Vulnerability in the MySQL Connectors component of Oracle MySQL ...)
- mysql-connector-java <unfixed>
-CVE-2017-3585
- RESERVED
+CVE-2017-3585 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of ...)
NOT-FOR-US: Solaris
-CVE-2017-3584
- RESERVED
+CVE-2017-3584 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of ...)
NOT-FOR-US: Solaris
-CVE-2017-3583
- RESERVED
-CVE-2017-3582
- RESERVED
+CVE-2017-3583 (Vulnerability in the Primavera P6 Enterprise Project Portfolio ...)
+ TODO: check
+CVE-2017-3582 (Vulnerability in the Oracle SuperCluster Specific Software component ...)
NOT-FOR-US: Solaris
-CVE-2017-3581
- RESERVED
-CVE-2017-3580
- RESERVED
+CVE-2017-3581 (Vulnerability in the Automatic Service Request (ASR) component of ...)
+ TODO: check
+CVE-2017-3580 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of ...)
NOT-FOR-US: Solaris
-CVE-2017-3579
- RESERVED
-CVE-2017-3578
- RESERVED
+CVE-2017-3579 (Vulnerability in the Primavera P6 Enterprise Project Portfolio ...)
+ TODO: check
+CVE-2017-3578 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of ...)
NOT-FOR-US: Solaris
-CVE-2017-3577
- RESERVED
-CVE-2017-3576
- RESERVED
+CVE-2017-3577 (Vulnerability in the PeopleSoft Enterprise CS Campus Community ...)
+ TODO: check
+CVE-2017-3576 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
- virtualbox 5.1.20-dfsg-1
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
[wheezy] - virtualbox <end-of-life> (DSA 3454)
-CVE-2017-3575
- RESERVED
+CVE-2017-3575 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
- virtualbox 5.1.20-dfsg-1
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
[wheezy] - virtualbox <end-of-life> (DSA 3454)
-CVE-2017-3574
- RESERVED
-CVE-2017-3573
- RESERVED
-CVE-2017-3572
- RESERVED
-CVE-2017-3571
- RESERVED
-CVE-2017-3570
- RESERVED
-CVE-2017-3569
- RESERVED
-CVE-2017-3568
- RESERVED
-CVE-2017-3567
- RESERVED
+CVE-2017-3574 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services ...)
+ TODO: check
+CVE-2017-3573 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services ...)
+ TODO: check
+CVE-2017-3572 (Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce ...)
+ TODO: check
+CVE-2017-3571 (Vulnerability in the PeopleSoft Enterprise SCM eBill Payment component ...)
+ TODO: check
+CVE-2017-3570 (Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle ...)
+ TODO: check
+CVE-2017-3569 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services ...)
+ TODO: check
+CVE-2017-3568 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services ...)
+ TODO: check
+CVE-2017-3567 (Vulnerability in the OJVM component of Oracle Database Server. ...)
+ TODO: check
CVE-2017-3566
RESERVED
-CVE-2017-3565
- RESERVED
+CVE-2017-3565 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
NOT-FOR-US: Solaris
-CVE-2017-3564
- RESERVED
+CVE-2017-3564 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
NOT-FOR-US: Solaris
-CVE-2017-3563
- RESERVED
+CVE-2017-3563 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
- virtualbox 5.1.20-dfsg-1
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-3562
RESERVED
-CVE-2017-3561
- RESERVED
+CVE-2017-3561 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
- virtualbox 5.1.20-dfsg-1
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
[wheezy] - virtualbox <end-of-life> (DSA 3454)
-CVE-2017-3560
- RESERVED
-CVE-2017-3559
- RESERVED
+CVE-2017-3560 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services ...)
+ TODO: check
+CVE-2017-3559 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
- virtualbox 5.1.20-dfsg-1
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
[wheezy] - virtualbox <end-of-life> (DSA 3454)
-CVE-2017-3558
- RESERVED
+CVE-2017-3558 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
- virtualbox 5.1.20-dfsg-1
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
[wheezy] - virtualbox <end-of-life> (DSA 3454)
-CVE-2017-3557
- RESERVED
-CVE-2017-3556
- RESERVED
-CVE-2017-3555
- RESERVED
-CVE-2017-3554
- RESERVED
-CVE-2017-3553
- RESERVED
-CVE-2017-3552
- RESERVED
-CVE-2017-3551
- RESERVED
+CVE-2017-3557 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
+ TODO: check
+CVE-2017-3556 (Vulnerability in the Oracle Application Object Library component of ...)
+ TODO: check
+CVE-2017-3555 (Vulnerability in the Oracle iReceivables component of Oracle ...)
+ TODO: check
+CVE-2017-3554 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
+ TODO: check
+CVE-2017-3553 (Vulnerability in the Oracle Identity Manager component of Oracle ...)
+ TODO: check
+CVE-2017-3552 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services ...)
+ TODO: check
+CVE-2017-3551 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
NOT-FOR-US: Solaris
-CVE-2017-3550
- RESERVED
-CVE-2017-3549
- RESERVED
-CVE-2017-3548
- RESERVED
-CVE-2017-3547
- RESERVED
-CVE-2017-3546
- RESERVED
-CVE-2017-3545
- RESERVED
-CVE-2017-3544
- RESERVED
+CVE-2017-3550 (Vulnerability in the Oracle Customer Interaction History component of ...)
+ TODO: check
+CVE-2017-3549 (Vulnerability in the Oracle Scripting component of Oracle E-Business ...)
+ TODO: check
+CVE-2017-3548 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
+ TODO: check
+CVE-2017-3547 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
+ TODO: check
+CVE-2017-3546 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
+ TODO: check
+CVE-2017-3545 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
+ TODO: check
+CVE-2017-3544 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
- openjdk-8 <unfixed>
- openjdk-7 <removed>
- openjdk-6 <removed>
[wheezy] - openjdk-6 <end-of-life>
-CVE-2017-3543
- RESERVED
-CVE-2017-3542
- RESERVED
-CVE-2017-3541
- RESERVED
-CVE-2017-3540
- RESERVED
-CVE-2017-3539
- RESERVED
+CVE-2017-3543 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
+ TODO: check
+CVE-2017-3542 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
+ TODO: check
+CVE-2017-3541 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
+ TODO: check
+CVE-2017-3540 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
+ TODO: check
+CVE-2017-3539 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
- openjdk-8 <unfixed>
- openjdk-7 <removed>
- openjdk-6 <removed>
[wheezy] - openjdk-6 <end-of-life>
-CVE-2017-3538
- RESERVED
+CVE-2017-3538 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
- virtualbox 5.1.16-dfsg-1
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
[wheezy] - virtualbox <end-of-life> (DSA 3454)
-CVE-2017-3537
- RESERVED
-CVE-2017-3536
- RESERVED
-CVE-2017-3535
- RESERVED
-CVE-2017-3534
- RESERVED
-CVE-2017-3533
- RESERVED
+CVE-2017-3537 (Vulnerability in the Oracle Real-Time Scheduler component of Oracle ...)
+ TODO: check
+CVE-2017-3536 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
+ TODO: check
+CVE-2017-3535 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
+ TODO: check
+CVE-2017-3534 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
+ TODO: check
+CVE-2017-3533 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
- openjdk-8 <unfixed>
- openjdk-7 <removed>
- openjdk-6 <removed>
[wheezy] - openjdk-6 <end-of-life>
-CVE-2017-3532
- RESERVED
-CVE-2017-3531
- RESERVED
-CVE-2017-3530
- RESERVED
+CVE-2017-3532 (Vulnerability in the Oracle Retail Warehouse Management System ...)
+ TODO: check
+CVE-2017-3531 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
+ TODO: check
+CVE-2017-3530 (Vulnerability in the Oracle Transportation Manager component of Oracle ...)
+ TODO: check
CVE-2017-3529
RESERVED
-CVE-2017-3528
- RESERVED
-CVE-2017-3527
- RESERVED
-CVE-2017-3526
- RESERVED
+CVE-2017-3528 (Vulnerability in the Oracle Applications Framework component of Oracle ...)
+ TODO: check
+CVE-2017-3527 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
+ TODO: check
+CVE-2017-3526 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
- openjdk-8 <unfixed>
- openjdk-7 <removed>
- openjdk-6 <removed>
[wheezy] - openjdk-6 <end-of-life>
-CVE-2017-3525
- RESERVED
-CVE-2017-3524
- RESERVED
-CVE-2017-3523
- RESERVED
-CVE-2017-3522
- RESERVED
-CVE-2017-3521
- RESERVED
-CVE-2017-3520
- RESERVED
-CVE-2017-3519
- RESERVED
-CVE-2017-3518
- RESERVED
-CVE-2017-3517
- RESERVED
-CVE-2017-3516
- RESERVED
+CVE-2017-3525 (Vulnerability in the PeopleSoft Enterprise SCM Service Procurement ...)
+ TODO: check
+CVE-2017-3524 (Vulnerability in the PeopleSoft Enterprise SCM Strategic Sourcing ...)
+ TODO: check
+CVE-2017-3523 (Vulnerability in the MySQL Connectors component of Oracle MySQL ...)
+ TODO: check
+CVE-2017-3522 (Vulnerability in the PeopleSoft Enterprise SCM eSupplier Connection ...)
+ TODO: check
+CVE-2017-3521 (Vulnerability in the PeopleSoft Enterprise SCM Purchasing component of ...)
+ TODO: check
+CVE-2017-3520 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
+ TODO: check
+CVE-2017-3519 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
+ TODO: check
+CVE-2017-3518 (Vulnerability in the Enterprise Manager Base Platform component of ...)
+ TODO: check
+CVE-2017-3517 (Vulnerability in the JD Edwards EnterpriseOne Tools component of ...)
+ TODO: check
+CVE-2017-3516 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
NOT-FOR-US: Solaris
-CVE-2017-3515
- RESERVED
-CVE-2017-3514
- RESERVED
+CVE-2017-3515 (Vulnerability in the Oracle User Management component of Oracle ...)
+ TODO: check
+CVE-2017-3514 (Vulnerability in the Java SE component of Oracle Java SE ...)
- openjdk-8 <not-affected> (Windows builds only)
- openjdk-7 <not-affected> (Windows builds only)
NOTE: Upstream commit: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/95fd1952637b
-CVE-2017-3513
- RESERVED
+CVE-2017-3513 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
- virtualbox 5.1.20-dfsg-1
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
[wheezy] - virtualbox <end-of-life> (DSA 3454)
-CVE-2017-3512
- RESERVED
+CVE-2017-3512 (Vulnerability in the Java SE component of Oracle Java SE ...)
- openjdk-8 <not-affected> (MacOSX builds only)
- openjdk-7 <not-affected> (MacOSX builds only)
NOTE: Upstream commit: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/c878d0baff4a
-CVE-2017-3511
- RESERVED
+CVE-2017-3511 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
- openjdk-8 <unfixed>
- openjdk-7 <removed>
- openjdk-6 <removed>
[wheezy] - openjdk-6 <end-of-life>
-CVE-2017-3510
- RESERVED
+CVE-2017-3510 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
NOT-FOR-US: Solaris
-CVE-2017-3509
- RESERVED
+CVE-2017-3509 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
- openjdk-8 <unfixed>
- openjdk-7 <removed>
- openjdk-6 <removed>
[wheezy] - openjdk-6 <end-of-life>
-CVE-2017-3508
- RESERVED
-CVE-2017-3507
- RESERVED
-CVE-2017-3506
- RESERVED
-CVE-2017-3505
- RESERVED
-CVE-2017-3504
- RESERVED
-CVE-2017-3503
- RESERVED
-CVE-2017-3502
- RESERVED
-CVE-2017-3501
- RESERVED
-CVE-2017-3500
- RESERVED
-CVE-2017-3499
- RESERVED
-CVE-2017-3498
- RESERVED
+CVE-2017-3508 (Vulnerability in the Primavera Gateway component of Oracle Primavera ...)
+ TODO: check
+CVE-2017-3507 (Vulnerability in the Oracle Service Bus component of Oracle Fusion ...)
+ TODO: check
+CVE-2017-3506 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
+ TODO: check
+CVE-2017-3505 (Vulnerability in the Automatic Service Request (ASR) component of ...)
+ TODO: check
+CVE-2017-3504 (Vulnerability in the Automatic Service Request (ASR) component of ...)
+ TODO: check
+CVE-2017-3503 (Vulnerability in the Primavera P6 Enterprise Project Portfolio ...)
+ TODO: check
+CVE-2017-3502 (Vulnerability in the PeopleSoft Enterprise FIN Receivables component ...)
+ TODO: check
+CVE-2017-3501 (Vulnerability in the Primavera Unifier component of Oracle Primavera ...)
+ TODO: check
+CVE-2017-3500 (Vulnerability in the Primavera Gateway component of Oracle Primavera ...)
+ TODO: check
+CVE-2017-3499 (Vulnerability in the Oracle Social Network component of Oracle Fusion ...)
+ TODO: check
+CVE-2017-3498 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
NOT-FOR-US: Solaris
-CVE-2017-3497
- RESERVED
+CVE-2017-3497 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
NOT-FOR-US: Solaris
-CVE-2017-3496
- RESERVED
-CVE-2017-3495
- RESERVED
-CVE-2017-3494
- RESERVED
-CVE-2017-3493
- RESERVED
-CVE-2017-3492
- RESERVED
-CVE-2017-3491
- RESERVED
-CVE-2017-3490
- RESERVED
-CVE-2017-3489
- RESERVED
-CVE-2017-3488
- RESERVED
-CVE-2017-3487
- RESERVED
-CVE-2017-3486
- RESERVED
-CVE-2017-3485
- RESERVED
-CVE-2017-3484
- RESERVED
-CVE-2017-3483
- RESERVED
-CVE-2017-3482
- RESERVED
-CVE-2017-3481
- RESERVED
-CVE-2017-3480
- RESERVED
-CVE-2017-3479
- RESERVED
-CVE-2017-3478
- RESERVED
-CVE-2017-3477
- RESERVED
-CVE-2017-3476
- RESERVED
-CVE-2017-3475
- RESERVED
-CVE-2017-3474
- RESERVED
+CVE-2017-3496 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral ...)
+ TODO: check
+CVE-2017-3495 (Vulnerability in the Oracle FLEXCUBE Direct Banking component of ...)
+ TODO: check
+CVE-2017-3494 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
+ TODO: check
+CVE-2017-3493 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral ...)
+ TODO: check
+CVE-2017-3492 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral ...)
+ TODO: check
+CVE-2017-3491 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral ...)
+ TODO: check
+CVE-2017-3490 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral ...)
+ TODO: check
+CVE-2017-3489 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of ...)
+ TODO: check
+CVE-2017-3488 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of ...)
+ TODO: check
+CVE-2017-3487 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of ...)
+ TODO: check
+CVE-2017-3486 (Vulnerability in the SQL*Plus component of Oracle Database Server. ...)
+ TODO: check
+CVE-2017-3485 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
+ TODO: check
+CVE-2017-3484 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral ...)
+ TODO: check
+CVE-2017-3483 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral ...)
+ TODO: check
+CVE-2017-3482 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
+ TODO: check
+CVE-2017-3481 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
+ TODO: check
+CVE-2017-3480 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
+ TODO: check
+CVE-2017-3479 (Vulnerability in the Oracle FLEXCUBE Private Banking component of ...)
+ TODO: check
+CVE-2017-3478 (Vulnerability in the Oracle FLEXCUBE Private Banking component of ...)
+ TODO: check
+CVE-2017-3477 (Vulnerability in the Oracle FLEXCUBE Private Banking component of ...)
+ TODO: check
+CVE-2017-3476 (Vulnerability in the Oracle FLEXCUBE Private Banking component of ...)
+ TODO: check
+CVE-2017-3475 (Vulnerability in the Oracle FLEXCUBE Private Banking component of ...)
+ TODO: check
+CVE-2017-3474 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
NOT-FOR-US: Solaris
-CVE-2017-3473
- RESERVED
-CVE-2017-3472
- RESERVED
-CVE-2017-3471
- RESERVED
-CVE-2017-3470
- RESERVED
-CVE-2017-3469
- RESERVED
+CVE-2017-3473 (Vulnerability in the Oracle FLEXCUBE Private Banking component of ...)
+ TODO: check
+CVE-2017-3472 (Vulnerability in the Oracle FLEXCUBE Private Banking component of ...)
+ TODO: check
+CVE-2017-3471 (Vulnerability in the Oracle FLEXCUBE Private Banking component of ...)
+ TODO: check
+CVE-2017-3470 (Vulnerability in the Oracle Communications Security Gateway component ...)
+ TODO: check
+CVE-2017-3469 (Vulnerability in the MySQL Workbench component of Oracle MySQL ...)
- mysql-workbench <unfixed>
-CVE-2017-3468
- RESERVED
+CVE-2017-3468 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed> (bug #860547)
- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
-CVE-2017-3467
- RESERVED
+CVE-2017-3467 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed> (bug #860547)
- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2017-3466
RESERVED
-CVE-2017-3465
- RESERVED
+CVE-2017-3465 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed> (bug #860547)
- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
-CVE-2017-3464
- RESERVED
+CVE-2017-3464 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed> (bug #860547)
- mysql-5.5 <removed> (bug #860544)
-CVE-2017-3463
- RESERVED
+CVE-2017-3463 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed> (bug #860547)
- mysql-5.5 <removed> (bug #860544)
-CVE-2017-3462
- RESERVED
+CVE-2017-3462 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed> (bug #860547)
- mysql-5.5 <removed> (bug #860544)
-CVE-2017-3461
- RESERVED
+CVE-2017-3461 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed> (bug #860547)
- mysql-5.5 <removed> (bug #860544)
-CVE-2017-3460
- RESERVED
+CVE-2017-3460 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed> (bug #860547)
- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
-CVE-2017-3459
- RESERVED
+CVE-2017-3459 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed> (bug #860547)
- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
-CVE-2017-3458
- RESERVED
+CVE-2017-3458 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed> (bug #860547)
- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
-CVE-2017-3457
- RESERVED
+CVE-2017-3457 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed> (bug #860547)
- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
-CVE-2017-3456
- RESERVED
+CVE-2017-3456 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed> (bug #860547)
- mysql-5.5 <removed> (bug #860544)
-CVE-2017-3455
- RESERVED
+CVE-2017-3455 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed> (bug #860547)
- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
-CVE-2017-3454
- RESERVED
+CVE-2017-3454 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed> (bug #860547)
- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
-CVE-2017-3453
- RESERVED
+CVE-2017-3453 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed> (bug #860547)
- mysql-5.5 <removed> (bug #860544)
-CVE-2017-3452
- RESERVED
+CVE-2017-3452 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <not-affected> (Only affects MySQL 5.6)
- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
-CVE-2017-3451
- RESERVED
-CVE-2017-3450
- RESERVED
+CVE-2017-3451 (Vulnerability in the Oracle Retail Open Commerce Platform component of ...)
+ TODO: check
+CVE-2017-3450 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed> (bug #860547)
- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
CVE-2017-3449
@@ -13562,8 +13559,8 @@
RESERVED
CVE-2017-3433 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
NOT-FOR-US: Oracle
-CVE-2017-3432
- RESERVED
+CVE-2017-3432 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
+ TODO: check
CVE-2017-3431 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
NOT-FOR-US: Oracle
CVE-2017-3430 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
@@ -13640,8 +13637,8 @@
NOT-FOR-US: Oracle
CVE-2017-3394 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...)
NOT-FOR-US: Oracle
-CVE-2017-3393
- RESERVED
+CVE-2017-3393 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...)
+ TODO: check
CVE-2017-3392 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...)
NOT-FOR-US: Oracle
CVE-2017-3391 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...)
@@ -13752,8 +13749,8 @@
NOT-FOR-US: Oracle
CVE-2017-3338 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...)
NOT-FOR-US: Oracle
-CVE-2017-3337
- RESERVED
+CVE-2017-3337 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...)
+ TODO: check
CVE-2017-3336 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...)
NOT-FOR-US: Oracle
CVE-2017-3335 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...)
@@ -13766,14 +13763,12 @@
- virtualbox 5.1.14-dfsg-1
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
[wheezy] - virtualbox <end-of-life> (DSA 3454)
-CVE-2017-3331
- RESERVED
+CVE-2017-3331 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed> (bug #860547)
- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2017-3330 (Vulnerability in the Siebel UI Framework component of Oracle Siebel ...)
NOT-FOR-US: Oracle Siebel
-CVE-2017-3329
- RESERVED
+CVE-2017-3329 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed> (bug #860547)
- mysql-5.5 <removed> (bug #860544)
CVE-2017-3328 (Vulnerability in the Oracle Common Applications component of Oracle ...)
@@ -13840,20 +13835,17 @@
NOT-FOR-US: Oracle
CVE-2017-3310 (Vulnerability in the OJVM component of Oracle Database Server. ...)
NOT-FOR-US: Oracle
-CVE-2017-3309
- RESERVED
+CVE-2017-3309 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed> (bug #860547)
- mysql-5.5 <removed> (bug #860544)
-CVE-2017-3308
- RESERVED
+CVE-2017-3308 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed> (bug #860547)
- mysql-5.5 <removed> (bug #860544)
-CVE-2017-3307
- RESERVED
-CVE-2017-3306
- RESERVED
-CVE-2017-3305 [Incorrect enforcement of ssl-mode=REQUIRED in MySQL 5.5 and 5.6]
- RESERVED
+CVE-2017-3307 (Vulnerability in the MySQL Enterprise Monitor component of Oracle ...)
+ TODO: check
+CVE-2017-3306 (Vulnerability in the MySQL Enterprise Monitor component of Oracle ...)
+ TODO: check
+CVE-2017-3305 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <not-affected> (Fixed before the initial release to Debian)
- mysql-5.5 <removed> (bug #860544)
NOTE: The issue arises because of an improper fix for the issue known under
@@ -13864,8 +13856,7 @@
NOTE: opening CVE-2017-3305.
NOTE: Cf. https://bugzilla.redhat.com/show_bug.cgi?id=1217506#c22
NOTE: http://www.openwall.com/lists/oss-security/2017/03/17/4
-CVE-2017-3304
- RESERVED
+CVE-2017-3304 (Vulnerability in the MySQL Cluster component of Oracle MySQL ...)
- mysql-cluster <itp> (bug #833356)
CVE-2017-3303 (Vulnerability in the Oracle XML Gateway component of Oracle E-Business ...)
NOT-FOR-US: Oracle
@@ -13917,8 +13908,8 @@
- openjdk-8 8u121-b13-1
[experimental] - openjdk-7 7u121-2.6.8-2
- openjdk-7 <removed>
-CVE-2017-3288
- RESERVED
+CVE-2017-3288 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of ...)
+ TODO: check
CVE-2017-3287 (Vulnerability in the Oracle iStore component of Oracle E-Business ...)
NOT-FOR-US: Oracle
CVE-2017-3286 (Vulnerability in the Oracle Applications DBA component of Oracle ...)
@@ -14019,8 +14010,8 @@
- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2017-3255 (Vulnerability in the Oracle JDeveloper component of Oracle Fusion ...)
NOT-FOR-US: Oracle
-CVE-2017-3254
- RESERVED
+CVE-2017-3254 (Vulnerability in the Oracle Retail Invoice Matching component of ...)
+ TODO: check
CVE-2017-3253 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
{DSA-3782-1 DLA-821-1}
- openjdk-8 8u121-b13-1
@@ -14085,18 +14076,18 @@
- mysql-5.7 5.7.17-1 (bug #851235)
- mysql-5.6 5.6.35-1 (bug #851234)
- mysql-5.5 <removed> (bug #851233)
-CVE-2017-3237
- RESERVED
+CVE-2017-3237 (Vulnerability in the Automatic Service Request (ASR) component of ...)
+ TODO: check
CVE-2017-3236 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
NOT-FOR-US: Oracle FLEXCUBE
CVE-2017-3235 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
NOT-FOR-US: Oracle FLEXCUBE
-CVE-2017-3234
- RESERVED
-CVE-2017-3233
- RESERVED
-CVE-2017-3232
- RESERVED
+CVE-2017-3234 (Vulnerability in the Automatic Service Request (ASR) component of ...)
+ TODO: check
+CVE-2017-3233 (Vulnerability in the Automatic Service Request (ASR) component of ...)
+ TODO: check
+CVE-2017-3232 (Vulnerability in the Automatic Service Request (ASR) component of ...)
+ TODO: check
CVE-2017-3231 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
{DSA-3782-1 DLA-821-1}
- openjdk-8 8u121-b13-1
@@ -14104,8 +14095,8 @@
- openjdk-7 <removed>
- openjdk-6 <removed>
[wheezy] - openjdk-6 <end-of-life>
-CVE-2017-3230
- RESERVED
+CVE-2017-3230 (Vulnerability in the Oracle Fusion Middleware MapViewer component of ...)
+ TODO: check
CVE-2016-9892 (The esets_daemon service in ESET Endpoint Antivirus for macOS before ...)
NOT-FOR-US: ESET
CVE-2016-9891 (Cross-site scripting (XSS) vulnerability in admin/media.php and ...)
@@ -16567,8 +16558,8 @@
RESERVED
CVE-2017-2341
RESERVED
-CVE-2017-2340
- RESERVED
+CVE-2017-2340 (On Juniper Networks Junos OS 15.1 releases from 15.1R3 to 15.1R4, 16.1 ...)
+ TODO: check
CVE-2017-2339
RESERVED
CVE-2017-2338
@@ -16579,52 +16570,52 @@
RESERVED
CVE-2017-2335
RESERVED
-CVE-2017-2334
- RESERVED
-CVE-2017-2333
- RESERVED
-CVE-2017-2332
- RESERVED
-CVE-2017-2331
- RESERVED
-CVE-2017-2330
- RESERVED
-CVE-2017-2329
- RESERVED
-CVE-2017-2328
- RESERVED
-CVE-2017-2327
- RESERVED
-CVE-2017-2326
- RESERVED
-CVE-2017-2325
- RESERVED
-CVE-2017-2324
- RESERVED
-CVE-2017-2323
- RESERVED
-CVE-2017-2322
- RESERVED
-CVE-2017-2321
- RESERVED
-CVE-2017-2320
- RESERVED
-CVE-2017-2319
- RESERVED
-CVE-2017-2318
- RESERVED
-CVE-2017-2317
- RESERVED
-CVE-2017-2316
- RESERVED
-CVE-2017-2315
- RESERVED
+CVE-2017-2334 (An information leak vulnerability in Juniper Networks NorthStar ...)
+ TODO: check
+CVE-2017-2333 (A persistent denial of service vulnerability in Juniper Networks ...)
+ TODO: check
+CVE-2017-2332 (An insufficient authentication vulnerability in Juniper Networks ...)
+ TODO: check
+CVE-2017-2331 (A firewall bypass vulnerability in Juniper Networks NorthStar ...)
+ TODO: check
+CVE-2017-2330 (A denial of service vulnerability in Juniper Networks NorthStar ...)
+ TODO: check
+CVE-2017-2329 (An insufficient authentication vulnerability in Juniper Networks ...)
+ TODO: check
+CVE-2017-2328 (An information leak vulnerability in Juniper Networks NorthStar ...)
+ TODO: check
+CVE-2017-2327 (A denial of service vulnerability in Juniper Networks NorthStar ...)
+ TODO: check
+CVE-2017-2326 (An information disclosure vulnerability in Juniper Networks NorthStar ...)
+ TODO: check
+CVE-2017-2325 (A buffer overflow vulnerability in Juniper Networks NorthStar ...)
+ TODO: check
+CVE-2017-2324 (A command injection vulnerability in Juniper Networks NorthStar ...)
+ TODO: check
+CVE-2017-2323 (A denial of service vulnerability in Juniper Networks NorthStar ...)
+ TODO: check
+CVE-2017-2322 (A denial of service vulnerability in Juniper Networks NorthStar ...)
+ TODO: check
+CVE-2017-2321 (A vulnerability in Juniper Networks NorthStar Controller Application ...)
+ TODO: check
+CVE-2017-2320 (A vulnerability in Juniper Networks NorthStar Controller Application ...)
+ TODO: check
+CVE-2017-2319 (A vulnerability in Juniper Networks NorthStar Controller Application ...)
+ TODO: check
+CVE-2017-2318 (A vulnerability in Juniper Networks NorthStar Controller Application ...)
+ TODO: check
+CVE-2017-2317 (A denial of service vulnerability in Juniper Networks NorthStar ...)
+ TODO: check
+CVE-2017-2316 (A buffer overflow vulnerability in Juniper Networks NorthStar ...)
+ TODO: check
+CVE-2017-2315 (On Juniper Networks EX Series Ethernet Switchs running affected Junos ...)
+ TODO: check
CVE-2017-2314
RESERVED
-CVE-2017-2313
- RESERVED
-CVE-2017-2312
- RESERVED
+CVE-2017-2313 (Juniper Networks devices running affected Junos OS versions may be ...)
+ TODO: check
+CVE-2017-2312 (On Juniper Networks devices running Junos OS affected versions and ...)
+ TODO: check
CVE-2017-2311
RESERVED
CVE-2017-2310
@@ -29993,12 +29984,12 @@
RESERVED
CVE-2016-6918
RESERVED
-CVE-2016-6917
- RESERVED
-CVE-2016-6916
- RESERVED
-CVE-2016-6915
- RESERVED
+CVE-2016-6917 (Buffer overflow in nvhost_job.c in the NVIDIA video driver for ...)
+ TODO: check
+CVE-2016-6916 (Integer overflow in nvhost_job.c in the NVIDIA video driver for ...)
+ TODO: check
+CVE-2016-6915 (Stack-based buffer overflow in nvhost_job.c in the NVIDIA video driver ...)
+ TODO: check
CVE-2016-6914
RESERVED
CVE-2016-6913 (Cross-site scripting (XSS) vulnerability in AlienVault OSSIM before ...)
@@ -30055,8 +30046,7 @@
- libav <undetermined> (unimportant)
NOTE: http://www.openwall.com/lists/oss-security/2016/09/26/6
NOTE: https://github.com/FFmpeg/FFmpeg/commit/4770eac6
-CVE-2016-6902 [Shell outbreak due to bad syntax parse]
- RESERVED
+CVE-2016-6902 (lshell 0.9.16 allows remote authenticated users to break out of a ...)
- lshell <unfixed> (bug #834949)
[wheezy] - lshell <not-affected> (Vulnerable code not present)
NOTE: https://github.com/ghantoos/lshell/issues/147
@@ -30064,8 +30054,7 @@
NOTE: As for 2016-08-23 https://github.com/ghantoos/lshell/issues/147#issuecomment-241366750 ist still
NOTE: as well under the scope of CVE-2016-6902, until "there is further vendor followup
NOTE: about issues/147" and possibly a new/additional CVE assignment.
-CVE-2016-6903 [Shell outbreak with multiline commands]
- RESERVED
+CVE-2016-6903 (lshell 0.9.16 allows remote authenticated users to break out of a ...)
- lshell <unfixed> (bug #834946)
[wheezy] - lshell <not-affected> (Vulnerable code not present)
NOTE: https://github.com/ghantoos/lshell/issues/149
@@ -34645,8 +34634,7 @@
- openjdk-7 <removed>
- openjdk-6 <removed>
[wheezy] - openjdk-6 <end-of-life>
-CVE-2016-5551
- RESERVED
+CVE-2016-5551 (Vulnerability in the Solaris Cluster component of Oracle Sun Systems ...)
NOT-FOR-US: Solaris
CVE-2016-5550
RESERVED
@@ -36987,8 +36975,8 @@
NOTE: client interface, not as a production tool
NOTE: https://zookeeper.apache.org/security.html#CVE-2016-5017
NOTE: Fixed by https://git-wip-us.apache.org/repos/asf?p=zookeeper.git;a=commitdiff;h=27ecf981a15554dc8e64a28630af7a5c9e2bdf4f
-CVE-2016-5016
- RESERVED
+CVE-2016-5016 (Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and ...)
+ TODO: check
CVE-2016-5015
RESERVED
CVE-2016-5014 (In Moodle 2.x and 3.x, an unenrolled user still receives event monitor ...)
@@ -39243,8 +39231,7 @@
NOT-FOR-US: WSO2 Carbon
CVE-2016-4314 (Directory traversal vulnerability in the LogViewer Admin Service in ...)
NOT-FOR-US: WSO2 Carbon
-CVE-2016-4313
- RESERVED
+CVE-2016-4313 (Directory traversal vulnerability in unzip/extract feature in ...)
{DLA-596-1}
- extplorer <removed>
CVE-2016-4312 (XML external entity (XXE) vulnerability in the XACML flow feature in ...)
@@ -41011,8 +40998,7 @@
- foreman <itp> (bug #663101)
CVE-2016-3692
RESERVED
-CVE-2016-3691
- RESERVED
+CVE-2016-3691 (Routes in Kallithea before 0.3.2 allows remote attackers to bypass the ...)
- kallithea <itp> (bug #689573)
CVE-2016-3690
RESERVED
@@ -42441,8 +42427,7 @@
NOT-FOR-US: CA API Gateway
CVE-2016-3117
RESERVED
-CVE-2016-3114
- RESERVED
+CVE-2016-3114 (Kallithea before 0.3.2 allows remote authenticated users to edit or ...)
- kallithea <itp> (bug #689573)
CVE-2016-3113
RESERVED
@@ -42564,8 +42549,7 @@
CVE-2016-3077
RESERVED
NOT-FOR-US: ovirt-engine
-CVE-2016-3076 [j2k integer overflow error on encode]
- RESERVED
+CVE-2016-3076 (Heap-based buffer overflow in the j2k_encode_entry function in Pillow ...)
- pillow <unfixed> (unimportant)
- python-imaging <removed> (unimportant)
NOTE: https://github.com/python-pillow/Pillow/commit/a1f244343df389cf15cdfff80327594821097295 (3.1.2)
@@ -56056,19 +56040,16 @@
CVE-2015-7573
RESERVED
CVE-2015-7572
- RESERVED
+ REJECTED
NOT-FOR-US: Yeager CMS
CVE-2015-7571
RESERVED
NOT-FOR-US: Yeager CMS
-CVE-2015-7570
- RESERVED
+CVE-2015-7570 (Multiple server-side request forgery (SSRF) vulnerabilities in Yeager ...)
NOT-FOR-US: Yeager CMS
-CVE-2015-7569
- RESERVED
+CVE-2015-7569 (SQL injection vulnerability in "yeager/y.php/tab_USERLIST" in Yeager ...)
NOT-FOR-US: Yeager CMS
-CVE-2015-7568
- RESERVED
+CVE-2015-7568 (SQL injection vulnerability in the password recovery feature in Yeager ...)
NOT-FOR-US: Yeager CMS
CVE-2015-7567
RESERVED
@@ -56097,6 +56078,7 @@
NOTE: https://www.samba.org/samba/security/CVE-2015-7560.html
CVE-2015-7559 [DoS in client via shutdown command]
RESERVED
+ {DLA-913-1}
- activemq 5.14.3-3 (bug #860866)
[jessie] - activemq <no-dsa> (Minor issue)
NOTE: Upstream commit: https://git-wip-us.apache.org/repos/asf?p=activemq.git;h=b8fc78e
@@ -56936,12 +56918,12 @@
NOT-FOR-US: ZTE router
CVE-2015-7248 (ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow ...)
NOT-FOR-US: ZTE router
-CVE-2015-7247
- RESERVED
-CVE-2015-7246
- RESERVED
-CVE-2015-7245
- RESERVED
+CVE-2015-7247 (DLink DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 ...)
+ TODO: check
+CVE-2015-7246 (DLink DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 ...)
+ TODO: check
+CVE-2015-7245 (Directory traversal vulnerability in DLink DVG-N5402SP with firmware ...)
+ TODO: check
CVE-2015-7244 (The default configuration of the server in MobaXterm before 8.3 has a ...)
NOT-FOR-US: MobaXterm
CVE-2015-7243 (Buffer overflow in Boxoft WAV to MP3 Converter allows remote attackers ...)
@@ -145444,8 +145426,8 @@
CVE-2011-3439 (FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote ...)
{DSA-2350-1}
- freetype 2.4.8-1 (bug #649122)
-CVE-2011-3438
- RESERVED
+CVE-2011-3438 (WebKit, as used in Safari 5.0.6, allows remote attackers to cause a ...)
+ TODO: check
CVE-2011-3437 (Integer signedness error in Apple Type Services (ATS) in Apple Mac OS ...)
NOT-FOR-US: Apple Type Services (ATS) in Apple Mac OS
CVE-2011-3436 (Open Directory in Apple Mac OS X 10.7 before 10.7.2 does not require a ...)
@@ -145464,8 +145446,8 @@
NOT-FOR-US: Apple iOS
CVE-2011-3429 (The Settings component in Apple iOS before 5 stores a cleartext ...)
NOT-FOR-US: Apple iOS
-CVE-2011-3428
- RESERVED
+CVE-2011-3428 (Buffer overflow in QuickTime before 7.7.1 for Windows allows remote ...)
+ TODO: check
CVE-2011-3427 (The Data Security component in Apple iOS before 5 and Apple TV before ...)
NOT-FOR-US: Apple iOS
CVE-2011-3426 (Cross-site scripting (XSS) vulnerability in Safari in Apple iOS before ...)
@@ -163641,8 +163623,8 @@
NOTE: Safari only (chromium security team)
CVE-2010-1777 (Buffer overflow in Apple iTunes before 9.2.1 allows remote attackers ...)
NOT-FOR-US: Apple iTunes
-CVE-2010-1776
- RESERVED
+CVE-2010-1776 (Find My iPhone on iOS 2.0 through 3.1.3 for iPhone 3G and later and ...)
+ TODO: check
CVE-2010-1775 (Race condition in Passcode Lock in Apple iOS before 4 on the iPhone ...)
NOT-FOR-US: Apple iPhone Passcode Lock
CVE-2010-1774 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
More information about the Secure-testing-commits
mailing list