[Secure-testing-commits] r53262 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Fri Jul 7 21:10:15 UTC 2017


Author: sectracker
Date: 2017-07-07 21:10:15 +0000 (Fri, 07 Jul 2017)
New Revision: 53262

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-07-07 19:59:34 UTC (rev 53261)
+++ data/CVE/list	2017-07-07 21:10:15 UTC (rev 53262)
@@ -1,5 +1,230 @@
-CVE-2017-10989
+CVE-2017-11102 (The ReadOneJNGImage function in coders/png.c in GraphicsMagick 1.3.26 ...)
+	TODO: check
+CVE-2017-11101 (When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead ...)
+	TODO: check
+CVE-2017-11100 (When SWFTools 0.9.2 processes a crafted file in swfextract, it can lead ...)
+	TODO: check
+CVE-2017-11099 (When SWFTools 0.9.2 processes a crafted file in wav2swf, it can lead to ...)
+	TODO: check
+CVE-2017-11098 (When SWFTools 0.9.2 processes a crafted file in png2swf, it can lead to ...)
+	TODO: check
+CVE-2017-11097 (When SWFTools 0.9.2 processes a crafted file in swfc, it can lead to a ...)
+	TODO: check
+CVE-2017-11096 (When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead ...)
+	TODO: check
+CVE-2017-11095
 	RESERVED
+CVE-2017-11094
+	RESERVED
+CVE-2017-11093
+	RESERVED
+CVE-2017-11092
+	RESERVED
+CVE-2017-11091
+	RESERVED
+CVE-2017-11090
+	RESERVED
+CVE-2017-11089
+	RESERVED
+CVE-2017-11088
+	RESERVED
+CVE-2017-11087
+	RESERVED
+CVE-2017-11086
+	RESERVED
+CVE-2017-11085
+	RESERVED
+CVE-2017-11084
+	RESERVED
+CVE-2017-11083
+	RESERVED
+CVE-2017-11082
+	RESERVED
+CVE-2017-11081
+	RESERVED
+CVE-2017-11080
+	RESERVED
+CVE-2017-11079
+	RESERVED
+CVE-2017-11078
+	RESERVED
+CVE-2017-11077
+	RESERVED
+CVE-2017-11076
+	RESERVED
+CVE-2017-11075
+	RESERVED
+CVE-2017-11074
+	RESERVED
+CVE-2017-11073
+	RESERVED
+CVE-2017-11072
+	RESERVED
+CVE-2017-11071
+	RESERVED
+CVE-2017-11070
+	RESERVED
+CVE-2017-11069
+	RESERVED
+CVE-2017-11068
+	RESERVED
+CVE-2017-11067
+	RESERVED
+CVE-2017-11066
+	RESERVED
+CVE-2017-11065
+	RESERVED
+CVE-2017-11064
+	RESERVED
+CVE-2017-11063
+	RESERVED
+CVE-2017-11062
+	RESERVED
+CVE-2017-11061
+	RESERVED
+CVE-2017-11060
+	RESERVED
+CVE-2017-11059
+	RESERVED
+CVE-2017-11058
+	RESERVED
+CVE-2017-11057
+	RESERVED
+CVE-2017-11056
+	RESERVED
+CVE-2017-11055
+	RESERVED
+CVE-2017-11054
+	RESERVED
+CVE-2017-11053
+	RESERVED
+CVE-2017-11052
+	RESERVED
+CVE-2017-11051
+	RESERVED
+CVE-2017-11050
+	RESERVED
+CVE-2017-11049
+	RESERVED
+CVE-2017-11048
+	RESERVED
+CVE-2017-11047
+	RESERVED
+CVE-2017-11046
+	RESERVED
+CVE-2017-11045
+	RESERVED
+CVE-2017-11044
+	RESERVED
+CVE-2017-11043
+	RESERVED
+CVE-2017-11042
+	RESERVED
+CVE-2017-11041
+	RESERVED
+CVE-2017-11040
+	RESERVED
+CVE-2017-11039
+	RESERVED
+CVE-2017-11038
+	RESERVED
+CVE-2017-11037
+	RESERVED
+CVE-2017-11036
+	RESERVED
+CVE-2017-11035
+	RESERVED
+CVE-2017-11034
+	RESERVED
+CVE-2017-11033
+	RESERVED
+CVE-2017-11032
+	RESERVED
+CVE-2017-11031
+	RESERVED
+CVE-2017-11030
+	RESERVED
+CVE-2017-11029
+	RESERVED
+CVE-2017-11028
+	RESERVED
+CVE-2017-11027
+	RESERVED
+CVE-2017-11026
+	RESERVED
+CVE-2017-11025
+	RESERVED
+CVE-2017-11024
+	RESERVED
+CVE-2017-11023
+	RESERVED
+CVE-2017-11022
+	RESERVED
+CVE-2017-11021
+	RESERVED
+CVE-2017-11020
+	RESERVED
+CVE-2017-11019
+	RESERVED
+CVE-2017-11018
+	RESERVED
+CVE-2017-11017
+	RESERVED
+CVE-2017-11016
+	RESERVED
+CVE-2017-11015
+	RESERVED
+CVE-2017-11014
+	RESERVED
+CVE-2017-11013
+	RESERVED
+CVE-2017-11012
+	RESERVED
+CVE-2017-11011
+	RESERVED
+CVE-2017-11010
+	RESERVED
+CVE-2017-11009
+	RESERVED
+CVE-2017-11008
+	RESERVED
+CVE-2017-11007
+	RESERVED
+CVE-2017-11006
+	RESERVED
+CVE-2017-11005
+	RESERVED
+CVE-2017-11004
+	RESERVED
+CVE-2017-11003
+	RESERVED
+CVE-2017-11002
+	RESERVED
+CVE-2017-11001
+	RESERVED
+CVE-2017-11000
+	RESERVED
+CVE-2017-10999
+	RESERVED
+CVE-2017-10998
+	RESERVED
+CVE-2017-10997
+	RESERVED
+CVE-2017-10996
+	RESERVED
+CVE-2017-10995 (The mng_get_long function in coders/png.c in ImageMagick 7.0.6-0 allows ...)
+	TODO: check
+CVE-2017-10994 (Foxit Reader before 8.3.1 and PhantomPDF before 8.3.1 have an Arbitrary ...)
+	TODO: check
+CVE-2017-10993
+	RESERVED
+CVE-2017-10992
+	RESERVED
+CVE-2017-10991 (The WP Statistics plugin through 12.0.9 for WordPress has XSS in the ...)
+	TODO: check
+CVE-2017-10990
+	RESERVED
+CVE-2017-10989 (The getNodeSize function in ext/rtree/rtree.c in SQLite before 3.11.0, ...)
 	- sqlite3 <unfixed> (bug #867618)
 	NOTE: https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26
 	NOTE: https://sqlite.org/src/info/66de6f4a
@@ -28,7 +253,7 @@
 	RESERVED
 CVE-2017-10978
 	RESERVED
-CVE-2017-1000082 [fails to parse usernames that start with digits]
+CVE-2017-1000082 (systemd v233 and earlier fails to safely parse usernames starting with ...)
 	- systemd <unfixed> (unimportant)
 	[jessie] - systemd <not-affected> (Vulnerable code introduced in systemd-229)
 	[wheezy] - systemd <not-affected> (Vulnerable code introduced in systemd-229)
@@ -40,8 +265,8 @@
 	TODO: check
 CVE-2017-10975 (Cross-site scripting (XSS) vulnerability in Lutim before 0.8 might ...)
 	NOT-FOR-US: Lutim
-CVE-2017-10974
-	RESERVED
+CVE-2017-10974 (Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP ...)
+	TODO: check
 CVE-2017-10973 (In FineCMS before 2017-07-06, application/lib/ajax/get_image_data.php ...)
 	NOT-FOR-US: FineCMS
 CVE-2017-10970 (Cross-site scripting (XSS) vulnerability in link.php in Cacti 1.1.12 ...)
@@ -109,17 +334,15 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2017/07/06/6
 CVE-2017-10969
 	RESERVED
-CVE-2017-10968
-	RESERVED
+CVE-2017-10968 (In FineCMS through 2017-07-07, application\core\controller\template.php ...)
+	TODO: check
 CVE-2017-10967 (In FineCMS before 2017-07-06, application\core\controller\config.php ...)
 	NOT-FOR-US: FineCMS
-CVE-2017-10966
-	RESERVED
+CVE-2017-10966 (An issue was discovered in Irssi before 1.0.4. While updating the ...)
 	- irssi <unfixed> (bug #867598)
 	NOTE: https://irssi.org/security/irssi_sa_2017_07.txt
 	NOTE: https://github.com/irssi/irssi/commit/5e26325317c72a04c1610ad952974e206384d291
-CVE-2017-10965
-	RESERVED
+CVE-2017-10965 (An issue was discovered in Irssi before 1.0.4. When receiving messages ...)
 	- irssi <unfixed> (bug #867598)
 	NOTE: https://irssi.org/security/irssi_sa_2017_07.txt
 	NOTE: https://github.com/irssi/irssi/commit/5e26325317c72a04c1610ad952974e206384d291
@@ -2743,7 +2966,7 @@
 	- linux <unfixed>
 	- qemu <unfixed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-216.html
-CVE-2017-1000381 [c-ares NAPTR parser out of bounds access]
+CVE-2017-1000381 (The c-ares function `ares_parse_naptr_reply()`, which is used for ...)
 	{DLA-998-1}
 	- c-ares 1.12.0-4 (bug #865360)
 	[stretch] - c-ares <no-dsa> (Minor issue)
@@ -3169,16 +3392,16 @@
 	RESERVED
 CVE-2017-9632
 	RESERVED
-CVE-2017-9631
-	RESERVED
+CVE-2017-9631 (A Null Pointer Dereference issue was discovered in Schneider Electric ...)
+	TODO: check
 CVE-2017-9630
 	RESERVED
-CVE-2017-9629
-	RESERVED
+CVE-2017-9629 (A Stack-Based Buffer Overflow issue was discovered in Schneider ...)
+	TODO: check
 CVE-2017-9628
 	RESERVED
-CVE-2017-9627
-	RESERVED
+CVE-2017-9627 (An Uncontrolled Resource Consumption issue was discovered in Schneider ...)
+	TODO: check
 CVE-2017-9626
 	RESERVED
 CVE-2017-9625
@@ -6527,8 +6750,8 @@
 	RESERVED
 CVE-2017-8443 (In Kibana X-Pack security versions prior to 5.4.3 if a Kibana user ...)
 	NOT-FOR-US: Kibana X-Pack Security
-CVE-2017-8442
-	RESERVED
+CVE-2017-8442 (Elasticsearch X-Pack Security versions 5.0.0 to 5.4.3, when enabled, ...)
+	TODO: check
 CVE-2017-8441 (Elastic X-Pack Security versions prior to 5.4.1 and 5.3.3 did not ...)
 	NOT-FOR-US: Elastic X-Pack Security
 CVE-2017-8440 (Starting in version 5.3.0, Kibana had a cross-site scripting (XSS) ...)
@@ -7909,8 +8132,8 @@
 	NOT-FOR-US: INFOR EAM
 CVE-2017-7951 (WonderCMS before 2.0.3 has CSRF because of lack of a token in an ...)
 	NOT-FOR-US: WonderCMS
-CVE-2017-7950
-	RESERVED
+CVE-2017-7950 (Nitro Pro 11.0.3 and earlier allows remote attackers to cause a denial ...)
+	TODO: check
 CVE-2017-7949
 	RESERVED
 CVE-2017-7948 (Integer overflow in the mark_curve function in Artifex Ghostscript 9.21 ...)
@@ -8959,8 +9182,8 @@
 	NOT-FOR-US: Apache CXF
 CVE-2017-7661 (Apache CXF Fediz ships with a number of container-specific plugins to ...)
 	NOT-FOR-US: Apache CXF
-CVE-2017-7660
-	RESERVED
+CVE-2017-7660 (Apache Solr uses a PKI based mechanism to secure inter-node ...)
+	TODO: check
 CVE-2017-7659 [mod_http2 null pointer dereference]
 	RESERVED
 	- apache2 2.4.25-4
@@ -9832,12 +10055,12 @@
 	- curl 7.52.1-4 (unimportant; bug #859500)
 	NOTE: https://github.com/curl/curl/commit/1890d59905414ab84a35892b2e45833654aa5c13
 	NOTE: Negligable security impact
-CVE-2017-7406
-	RESERVED
-CVE-2017-7405
-	RESERVED
-CVE-2017-7404
-	RESERVED
+CVE-2017-7406 (The D-Link DIR-615 device before v20.12PTb04 doesn't use SSL for any of ...)
+	TODO: check
+CVE-2017-7405 (On the D-Link DIR-615 before v20.12PTb04, once authenticated, this ...)
+	TODO: check
+CVE-2017-7404 (On the D-Link DIR-615 before v20.12PTb04, if a victim logged in to the ...)
+	TODO: check
 CVE-2017-7403
 	RESERVED
 CVE-2017-7402 (Pixie 1.0.4 allows remote authenticated users to upload and execute ...)
@@ -11508,8 +11731,8 @@
 	RESERVED
 CVE-2017-6869
 	RESERVED
-CVE-2017-6868
-	RESERVED
+CVE-2017-6868 (An Improper Authentication issue was discovered in Siemens SIMATIC CP ...)
+	TODO: check
 CVE-2017-6867 (A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before ...)
 	NOT-FOR-US: Siemens
 CVE-2017-6866
@@ -25020,68 +25243,68 @@
 	RESERVED
 CVE-2017-2246
 	RESERVED
-CVE-2017-2245
-	RESERVED
-CVE-2017-2244
-	RESERVED
-CVE-2017-2243
-	RESERVED
+CVE-2017-2245 (Directory traversal vulnerability in Shortcodes Ultimate prior to ...)
+	TODO: check
+CVE-2017-2244 (Cross-site request forgery (CSRF) vulnerability in MFC-J960DWN ...)
+	TODO: check
+CVE-2017-2243 (Cross-site scripting vulnerability in Responsive Lightbox prior to ...)
+	TODO: check
 CVE-2017-2242
 	RESERVED
 CVE-2017-2241
 	RESERVED
 CVE-2017-2240
 	RESERVED
-CVE-2017-2239
-	RESERVED
-CVE-2017-2238
-	RESERVED
-CVE-2017-2237
-	RESERVED
-CVE-2017-2236
-	RESERVED
-CVE-2017-2235
-	RESERVED
-CVE-2017-2234
-	RESERVED
-CVE-2017-2233
-	RESERVED
-CVE-2017-2232
-	RESERVED
-CVE-2017-2231
-	RESERVED
-CVE-2017-2230
-	RESERVED
-CVE-2017-2229
-	RESERVED
+CVE-2017-2239 (Marp versions v0.0.10 and earlier may allow an attacker to access ...)
+	TODO: check
+CVE-2017-2238 (Cross-site request forgery (CSRF) vulnerability in Toshiba Home ...)
+	TODO: check
+CVE-2017-2237 (Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and ...)
+	TODO: check
+CVE-2017-2236 (Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and ...)
+	TODO: check
+CVE-2017-2235 (Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and ...)
+	TODO: check
+CVE-2017-2234 (Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and ...)
+	TODO: check
+CVE-2017-2233 (Untrusted search path vulnerability in Installer of PDF Digital ...)
+	TODO: check
+CVE-2017-2232 (Untrusted search path vulnerability in Installer of Shinseiyo Sogo ...)
+	TODO: check
+CVE-2017-2231 (Untrusted search path vulnerability in The installer of MLIT ...)
+	TODO: check
+CVE-2017-2230 (Untrusted search path vulnerability in Douro Kouji Kanseizutou Check ...)
+	TODO: check
+CVE-2017-2229 (Untrusted search path vulnerability in Douroshisetu Kihon Data Sakusei ...)
+	TODO: check
 CVE-2017-2228
 	RESERVED
-CVE-2017-2227
-	RESERVED
-CVE-2017-2226
-	RESERVED
-CVE-2017-2225
-	RESERVED
-CVE-2017-2224
-	RESERVED
-CVE-2017-2223
-	RESERVED
-CVE-2017-2222
-	RESERVED
+CVE-2017-2227 (Untrusted search path vulnerability in The installer of Charamin OMP ...)
+	TODO: check
+CVE-2017-2226 (Untrusted search path vulnerability in Setup file of advance ...)
+	TODO: check
+CVE-2017-2225 (Untrusted search path vulnerability in EbidSettingChecker.exe (version ...)
+	TODO: check
+CVE-2017-2224 (Cross-site scripting vulnerability in Event Calendar WD prior to ...)
+	TODO: check
+CVE-2017-2223 (Cross-site request forgery (CSRF) vulnerability in TS-WPTCAM, ...)
+	TODO: check
+CVE-2017-2222 (Cross-site scripting vulnerability in WP-Members prior to version ...)
+	TODO: check
 CVE-2017-2221
 	RESERVED
-CVE-2017-2220
-	RESERVED
+CVE-2017-2220 (Untrusted search path vulnerability in Installer of CASL II simulator ...)
+	TODO: check
 CVE-2017-2219 (Untrusted search path vulnerability in the [Simeji for Windows] ...)
 	NOT-FOR-US: Simeji
-CVE-2017-2218
-	RESERVED
-CVE-2017-2217
-	RESERVED
-CVE-2017-2216
-	RESERVED
-CVE-2017-2215
-	RESERVED
+CVE-2017-2218 (Untrusted search path vulnerability in Installer of QuickTime for ...)
+	TODO: check
+CVE-2017-2217 (Open redirect vulnerability in WordPress Download Manager prior to ...)
+	TODO: check
+CVE-2017-2216 (Cross-site scripting vulnerability in WordPress Download Manager prior ...)
+	TODO: check
+CVE-2017-2215 (Untrusted search path vulnerability in Installer of "Setup file of ...)
+	TODO: check
 CVE-2017-2214 (Untrusted search path vulnerability in AppCheck and AppCheck Pro prior ...)
 	NOT-FOR-US: AppCheck
 CVE-2017-2213 (Untrusted search path vulnerability in SemiDynaEXE ...)
@@ -25094,8 +25317,8 @@
 	NOT-FOR-US: PatchJGD
 CVE-2017-2209 (Untrusted search path vulnerability in the installer of Houkokusyo ...)
 	NOT-FOR-US: Houkokusyo Sakusei Shien Tool
-CVE-2017-2208
-	RESERVED
+CVE-2017-2208 (Untrusted search path vulnerability in Installer of Electronic ...)
+	TODO: check
 CVE-2017-2207 (Untrusted search path vulnerability in the installer of SaAT Personal ...)
 	NOT-FOR-US: SaAT Personal
 CVE-2017-2206 (Untrusted search path vulnerability in the installer of SaAT Netizen ...)
@@ -25122,8 +25345,8 @@
 	RESERVED
 CVE-2017-2195 (SQL injection vulnerability in the Multi Feed Reader prior to version ...)
 	NOT-FOR-US: Multi Feed Reader plugin for wordpress
-CVE-2017-2194
-	RESERVED
+CVE-2017-2194 (Cross-site scripting vulnerability in Source code security studying ...)
+	TODO: check
 CVE-2017-2193 (Untrusted search path vulnerability in the installer of Tera Term 4.94 ...)
 	NOT-FOR-US: Tera Term
 CVE-2017-2192 (Untrusted search path vulnerability in RW-5100 tool to verify ...)
@@ -25134,18 +25357,18 @@
 	NOT-FOR-US: RW4040
 CVE-2017-2189 (Untrusted search path vulnerability in RW-4040 driver installer for ...)
 	NOT-FOR-US: RW4040
-CVE-2017-2188
-	RESERVED
+CVE-2017-2188 (Untrusted search path vulnerability in Installer of Denshinouhin Check ...)
+	TODO: check
 CVE-2017-2187 (Cross-site scripting vulnerability in WP Live Chat Support prior to ...)
 	NOT-FOR-US: WP Live Chat
-CVE-2017-2186
-	RESERVED
-CVE-2017-2185
-	RESERVED
-CVE-2017-2184
-	RESERVED
-CVE-2017-2183
-	RESERVED
+CVE-2017-2186 (HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to bypass ...)
+	TODO: check
+CVE-2017-2185 (HOME SPOT CUBE2 firmware V101 and earlier allows authenticated ...)
+	TODO: check
+CVE-2017-2184 (Buffer overflow in HOME SPOT CUBE2 firmware V101 and earlier allows an ...)
+	TODO: check
+CVE-2017-2183 (HOME SPOT CUBE2 firmware V101 and earlier allows authenticated ...)
+	TODO: check
 CVE-2017-2182 (Hands-on Vulnerability Learning Tool "AppGoat" for Web Application ...)
 	NOT-FOR-US: Hands-on Vulnerability Learning Tool
 CVE-2017-2181 (Hands-on Vulnerability Learning Tool "AppGoat" for Web Application ...)
@@ -25166,8 +25389,8 @@
 	NOT-FOR-US: Empirical Project Monitor - eXtended
 CVE-2017-2173 (Cross-site scripting vulnerability in Empirical Project Monitor - ...)
 	NOT-FOR-US: Empirical Project Monitor - eXtended
-CVE-2017-2172
-	RESERVED
+CVE-2017-2172 (Cross-site scripting vulnerability in Cybozu KUNAI for Android 3.0.0 ...)
+	TODO: check
 CVE-2017-2171 (Cross-site scripting vulnerability in Captcha prior to version 4.3.0, ...)
 	NOT-FOR-US: WordPress plugins provided by BestWebSoft
 CVE-2017-2170
@@ -25218,12 +25441,12 @@
 	NOT-FOR-US: WN-AC1167GR firmware
 CVE-2017-2147 (Cross-site scripting vulnerability in WP Statistics version 12.0.4 and ...)
 	NOT-FOR-US: WP Statistics
-CVE-2017-2146
-	RESERVED
-CVE-2017-2145
-	RESERVED
-CVE-2017-2144
-	RESERVED
+CVE-2017-2146 (Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 ...)
+	TODO: check
+CVE-2017-2145 (Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows ...)
+	TODO: check
+CVE-2017-2144 (Cybozu Garoon 3.0.0 to 4.2.4 may allow an attacker to lock another ...)
+	TODO: check
 CVE-2017-2143 (CS-Cart Japanese Edition v4.3.10-jp-1 and earlier, CS-Cart Multivendor ...)
 	NOT-FOR-US: CS-Cart
 CVE-2017-2142 (Buffer overflow in WN-G300R3 firmware Ver.1.03 and earlier allows ...)
@@ -29312,8 +29535,8 @@
 	NOT-FOR-US: NVIDIA Windows drivers
 CVE-2017-0341 (All versions of the NVIDIA Windows GPU Display Driver contain a ...)
 	NOT-FOR-US: NVIDIA Windows drivers
-CVE-2017-0340
-	RESERVED
+CVE-2017-0340 (An elevation of privilege vulnerability in the NVIDIA Libnvparser ...)
+	TODO: check
 CVE-2017-0339 (An elevation of privilege vulnerability in the NVIDIA crypto driver ...)
 	NOT-FOR-US: NVIDIA driver for Android
 CVE-2017-0338 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
@@ -29340,8 +29563,8 @@
 	NOT-FOR-US: NVIDIA driver for Android
 CVE-2017-0327 (An elevation of privilege vulnerability in the NVIDIA crypto driver ...)
 	NOT-FOR-US: NVIDIA driver for Android
-CVE-2017-0326
-	RESERVED
+CVE-2017-0326 (An information disclosure vulnerability in the NVIDIA Video Driver due ...)
+	TODO: check
 CVE-2017-0325 (An elevation of privilege vulnerability in the NVIDIA I2C HID driver ...)
 	NOT-FOR-US: NVIDIA driver for Android
 CVE-2017-0324 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
@@ -77251,8 +77474,7 @@
 	RESERVED
 	- etherpad-lite <itp> (bug #576998)
 	NOTE: http://www.openwall.com/lists/oss-security/2015/04/11/10
-CVE-2015-3297 [read-only directory traversal in Etherpad Minify]
-	RESERVED
+CVE-2015-3297 (Directory traversal vulnerability in node/utils/Minify.js in Etherpad ...)
 	- etherpad-lite <itp> (bug #576998)
 CVE-2015-3010 (ceph-deploy before 1.5.23 uses weak permissions (644) for ...)
 	- ceph-deploy <itp> (bug #694013)
@@ -91456,11 +91678,10 @@
 	NOT-FOR-US: WordPress plugin Pods
 CVE-2014-7955
 	RESERVED
-CVE-2014-7954
-	RESERVED
+CVE-2014-7954 (Directory traversal vulnerability in the doSendObjectInfo method in ...)
 	NOT-FOR-US: MtpServer class in Android
-CVE-2014-7953
-	RESERVED
+CVE-2014-7953 (Race condition in the bindBackupAgent method in the ...)
+	TODO: check
 CVE-2014-7952
 	RESERVED
 CVE-2014-7951




More information about the Secure-testing-commits mailing list