[Secure-testing-commits] r53262 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Fri Jul 7 21:10:15 UTC 2017
Author: sectracker
Date: 2017-07-07 21:10:15 +0000 (Fri, 07 Jul 2017)
New Revision: 53262
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-07-07 19:59:34 UTC (rev 53261)
+++ data/CVE/list 2017-07-07 21:10:15 UTC (rev 53262)
@@ -1,5 +1,230 @@
-CVE-2017-10989
+CVE-2017-11102 (The ReadOneJNGImage function in coders/png.c in GraphicsMagick 1.3.26 ...)
+ TODO: check
+CVE-2017-11101 (When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead ...)
+ TODO: check
+CVE-2017-11100 (When SWFTools 0.9.2 processes a crafted file in swfextract, it can lead ...)
+ TODO: check
+CVE-2017-11099 (When SWFTools 0.9.2 processes a crafted file in wav2swf, it can lead to ...)
+ TODO: check
+CVE-2017-11098 (When SWFTools 0.9.2 processes a crafted file in png2swf, it can lead to ...)
+ TODO: check
+CVE-2017-11097 (When SWFTools 0.9.2 processes a crafted file in swfc, it can lead to a ...)
+ TODO: check
+CVE-2017-11096 (When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead ...)
+ TODO: check
+CVE-2017-11095
RESERVED
+CVE-2017-11094
+ RESERVED
+CVE-2017-11093
+ RESERVED
+CVE-2017-11092
+ RESERVED
+CVE-2017-11091
+ RESERVED
+CVE-2017-11090
+ RESERVED
+CVE-2017-11089
+ RESERVED
+CVE-2017-11088
+ RESERVED
+CVE-2017-11087
+ RESERVED
+CVE-2017-11086
+ RESERVED
+CVE-2017-11085
+ RESERVED
+CVE-2017-11084
+ RESERVED
+CVE-2017-11083
+ RESERVED
+CVE-2017-11082
+ RESERVED
+CVE-2017-11081
+ RESERVED
+CVE-2017-11080
+ RESERVED
+CVE-2017-11079
+ RESERVED
+CVE-2017-11078
+ RESERVED
+CVE-2017-11077
+ RESERVED
+CVE-2017-11076
+ RESERVED
+CVE-2017-11075
+ RESERVED
+CVE-2017-11074
+ RESERVED
+CVE-2017-11073
+ RESERVED
+CVE-2017-11072
+ RESERVED
+CVE-2017-11071
+ RESERVED
+CVE-2017-11070
+ RESERVED
+CVE-2017-11069
+ RESERVED
+CVE-2017-11068
+ RESERVED
+CVE-2017-11067
+ RESERVED
+CVE-2017-11066
+ RESERVED
+CVE-2017-11065
+ RESERVED
+CVE-2017-11064
+ RESERVED
+CVE-2017-11063
+ RESERVED
+CVE-2017-11062
+ RESERVED
+CVE-2017-11061
+ RESERVED
+CVE-2017-11060
+ RESERVED
+CVE-2017-11059
+ RESERVED
+CVE-2017-11058
+ RESERVED
+CVE-2017-11057
+ RESERVED
+CVE-2017-11056
+ RESERVED
+CVE-2017-11055
+ RESERVED
+CVE-2017-11054
+ RESERVED
+CVE-2017-11053
+ RESERVED
+CVE-2017-11052
+ RESERVED
+CVE-2017-11051
+ RESERVED
+CVE-2017-11050
+ RESERVED
+CVE-2017-11049
+ RESERVED
+CVE-2017-11048
+ RESERVED
+CVE-2017-11047
+ RESERVED
+CVE-2017-11046
+ RESERVED
+CVE-2017-11045
+ RESERVED
+CVE-2017-11044
+ RESERVED
+CVE-2017-11043
+ RESERVED
+CVE-2017-11042
+ RESERVED
+CVE-2017-11041
+ RESERVED
+CVE-2017-11040
+ RESERVED
+CVE-2017-11039
+ RESERVED
+CVE-2017-11038
+ RESERVED
+CVE-2017-11037
+ RESERVED
+CVE-2017-11036
+ RESERVED
+CVE-2017-11035
+ RESERVED
+CVE-2017-11034
+ RESERVED
+CVE-2017-11033
+ RESERVED
+CVE-2017-11032
+ RESERVED
+CVE-2017-11031
+ RESERVED
+CVE-2017-11030
+ RESERVED
+CVE-2017-11029
+ RESERVED
+CVE-2017-11028
+ RESERVED
+CVE-2017-11027
+ RESERVED
+CVE-2017-11026
+ RESERVED
+CVE-2017-11025
+ RESERVED
+CVE-2017-11024
+ RESERVED
+CVE-2017-11023
+ RESERVED
+CVE-2017-11022
+ RESERVED
+CVE-2017-11021
+ RESERVED
+CVE-2017-11020
+ RESERVED
+CVE-2017-11019
+ RESERVED
+CVE-2017-11018
+ RESERVED
+CVE-2017-11017
+ RESERVED
+CVE-2017-11016
+ RESERVED
+CVE-2017-11015
+ RESERVED
+CVE-2017-11014
+ RESERVED
+CVE-2017-11013
+ RESERVED
+CVE-2017-11012
+ RESERVED
+CVE-2017-11011
+ RESERVED
+CVE-2017-11010
+ RESERVED
+CVE-2017-11009
+ RESERVED
+CVE-2017-11008
+ RESERVED
+CVE-2017-11007
+ RESERVED
+CVE-2017-11006
+ RESERVED
+CVE-2017-11005
+ RESERVED
+CVE-2017-11004
+ RESERVED
+CVE-2017-11003
+ RESERVED
+CVE-2017-11002
+ RESERVED
+CVE-2017-11001
+ RESERVED
+CVE-2017-11000
+ RESERVED
+CVE-2017-10999
+ RESERVED
+CVE-2017-10998
+ RESERVED
+CVE-2017-10997
+ RESERVED
+CVE-2017-10996
+ RESERVED
+CVE-2017-10995 (The mng_get_long function in coders/png.c in ImageMagick 7.0.6-0 allows ...)
+ TODO: check
+CVE-2017-10994 (Foxit Reader before 8.3.1 and PhantomPDF before 8.3.1 have an Arbitrary ...)
+ TODO: check
+CVE-2017-10993
+ RESERVED
+CVE-2017-10992
+ RESERVED
+CVE-2017-10991 (The WP Statistics plugin through 12.0.9 for WordPress has XSS in the ...)
+ TODO: check
+CVE-2017-10990
+ RESERVED
+CVE-2017-10989 (The getNodeSize function in ext/rtree/rtree.c in SQLite before 3.11.0, ...)
- sqlite3 <unfixed> (bug #867618)
NOTE: https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26
NOTE: https://sqlite.org/src/info/66de6f4a
@@ -28,7 +253,7 @@
RESERVED
CVE-2017-10978
RESERVED
-CVE-2017-1000082 [fails to parse usernames that start with digits]
+CVE-2017-1000082 (systemd v233 and earlier fails to safely parse usernames starting with ...)
- systemd <unfixed> (unimportant)
[jessie] - systemd <not-affected> (Vulnerable code introduced in systemd-229)
[wheezy] - systemd <not-affected> (Vulnerable code introduced in systemd-229)
@@ -40,8 +265,8 @@
TODO: check
CVE-2017-10975 (Cross-site scripting (XSS) vulnerability in Lutim before 0.8 might ...)
NOT-FOR-US: Lutim
-CVE-2017-10974
- RESERVED
+CVE-2017-10974 (Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP ...)
+ TODO: check
CVE-2017-10973 (In FineCMS before 2017-07-06, application/lib/ajax/get_image_data.php ...)
NOT-FOR-US: FineCMS
CVE-2017-10970 (Cross-site scripting (XSS) vulnerability in link.php in Cacti 1.1.12 ...)
@@ -109,17 +334,15 @@
NOTE: http://www.openwall.com/lists/oss-security/2017/07/06/6
CVE-2017-10969
RESERVED
-CVE-2017-10968
- RESERVED
+CVE-2017-10968 (In FineCMS through 2017-07-07, application\core\controller\template.php ...)
+ TODO: check
CVE-2017-10967 (In FineCMS before 2017-07-06, application\core\controller\config.php ...)
NOT-FOR-US: FineCMS
-CVE-2017-10966
- RESERVED
+CVE-2017-10966 (An issue was discovered in Irssi before 1.0.4. While updating the ...)
- irssi <unfixed> (bug #867598)
NOTE: https://irssi.org/security/irssi_sa_2017_07.txt
NOTE: https://github.com/irssi/irssi/commit/5e26325317c72a04c1610ad952974e206384d291
-CVE-2017-10965
- RESERVED
+CVE-2017-10965 (An issue was discovered in Irssi before 1.0.4. When receiving messages ...)
- irssi <unfixed> (bug #867598)
NOTE: https://irssi.org/security/irssi_sa_2017_07.txt
NOTE: https://github.com/irssi/irssi/commit/5e26325317c72a04c1610ad952974e206384d291
@@ -2743,7 +2966,7 @@
- linux <unfixed>
- qemu <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-216.html
-CVE-2017-1000381 [c-ares NAPTR parser out of bounds access]
+CVE-2017-1000381 (The c-ares function `ares_parse_naptr_reply()`, which is used for ...)
{DLA-998-1}
- c-ares 1.12.0-4 (bug #865360)
[stretch] - c-ares <no-dsa> (Minor issue)
@@ -3169,16 +3392,16 @@
RESERVED
CVE-2017-9632
RESERVED
-CVE-2017-9631
- RESERVED
+CVE-2017-9631 (A Null Pointer Dereference issue was discovered in Schneider Electric ...)
+ TODO: check
CVE-2017-9630
RESERVED
-CVE-2017-9629
- RESERVED
+CVE-2017-9629 (A Stack-Based Buffer Overflow issue was discovered in Schneider ...)
+ TODO: check
CVE-2017-9628
RESERVED
-CVE-2017-9627
- RESERVED
+CVE-2017-9627 (An Uncontrolled Resource Consumption issue was discovered in Schneider ...)
+ TODO: check
CVE-2017-9626
RESERVED
CVE-2017-9625
@@ -6527,8 +6750,8 @@
RESERVED
CVE-2017-8443 (In Kibana X-Pack security versions prior to 5.4.3 if a Kibana user ...)
NOT-FOR-US: Kibana X-Pack Security
-CVE-2017-8442
- RESERVED
+CVE-2017-8442 (Elasticsearch X-Pack Security versions 5.0.0 to 5.4.3, when enabled, ...)
+ TODO: check
CVE-2017-8441 (Elastic X-Pack Security versions prior to 5.4.1 and 5.3.3 did not ...)
NOT-FOR-US: Elastic X-Pack Security
CVE-2017-8440 (Starting in version 5.3.0, Kibana had a cross-site scripting (XSS) ...)
@@ -7909,8 +8132,8 @@
NOT-FOR-US: INFOR EAM
CVE-2017-7951 (WonderCMS before 2.0.3 has CSRF because of lack of a token in an ...)
NOT-FOR-US: WonderCMS
-CVE-2017-7950
- RESERVED
+CVE-2017-7950 (Nitro Pro 11.0.3 and earlier allows remote attackers to cause a denial ...)
+ TODO: check
CVE-2017-7949
RESERVED
CVE-2017-7948 (Integer overflow in the mark_curve function in Artifex Ghostscript 9.21 ...)
@@ -8959,8 +9182,8 @@
NOT-FOR-US: Apache CXF
CVE-2017-7661 (Apache CXF Fediz ships with a number of container-specific plugins to ...)
NOT-FOR-US: Apache CXF
-CVE-2017-7660
- RESERVED
+CVE-2017-7660 (Apache Solr uses a PKI based mechanism to secure inter-node ...)
+ TODO: check
CVE-2017-7659 [mod_http2 null pointer dereference]
RESERVED
- apache2 2.4.25-4
@@ -9832,12 +10055,12 @@
- curl 7.52.1-4 (unimportant; bug #859500)
NOTE: https://github.com/curl/curl/commit/1890d59905414ab84a35892b2e45833654aa5c13
NOTE: Negligable security impact
-CVE-2017-7406
- RESERVED
-CVE-2017-7405
- RESERVED
-CVE-2017-7404
- RESERVED
+CVE-2017-7406 (The D-Link DIR-615 device before v20.12PTb04 doesn't use SSL for any of ...)
+ TODO: check
+CVE-2017-7405 (On the D-Link DIR-615 before v20.12PTb04, once authenticated, this ...)
+ TODO: check
+CVE-2017-7404 (On the D-Link DIR-615 before v20.12PTb04, if a victim logged in to the ...)
+ TODO: check
CVE-2017-7403
RESERVED
CVE-2017-7402 (Pixie 1.0.4 allows remote authenticated users to upload and execute ...)
@@ -11508,8 +11731,8 @@
RESERVED
CVE-2017-6869
RESERVED
-CVE-2017-6868
- RESERVED
+CVE-2017-6868 (An Improper Authentication issue was discovered in Siemens SIMATIC CP ...)
+ TODO: check
CVE-2017-6867 (A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before ...)
NOT-FOR-US: Siemens
CVE-2017-6866
@@ -25020,68 +25243,68 @@
RESERVED
CVE-2017-2246
RESERVED
-CVE-2017-2245
- RESERVED
-CVE-2017-2244
- RESERVED
-CVE-2017-2243
- RESERVED
+CVE-2017-2245 (Directory traversal vulnerability in Shortcodes Ultimate prior to ...)
+ TODO: check
+CVE-2017-2244 (Cross-site request forgery (CSRF) vulnerability in MFC-J960DWN ...)
+ TODO: check
+CVE-2017-2243 (Cross-site scripting vulnerability in Responsive Lightbox prior to ...)
+ TODO: check
CVE-2017-2242
RESERVED
CVE-2017-2241
RESERVED
CVE-2017-2240
RESERVED
-CVE-2017-2239
- RESERVED
-CVE-2017-2238
- RESERVED
-CVE-2017-2237
- RESERVED
-CVE-2017-2236
- RESERVED
-CVE-2017-2235
- RESERVED
-CVE-2017-2234
- RESERVED
-CVE-2017-2233
- RESERVED
-CVE-2017-2232
- RESERVED
-CVE-2017-2231
- RESERVED
-CVE-2017-2230
- RESERVED
-CVE-2017-2229
- RESERVED
+CVE-2017-2239 (Marp versions v0.0.10 and earlier may allow an attacker to access ...)
+ TODO: check
+CVE-2017-2238 (Cross-site request forgery (CSRF) vulnerability in Toshiba Home ...)
+ TODO: check
+CVE-2017-2237 (Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and ...)
+ TODO: check
+CVE-2017-2236 (Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and ...)
+ TODO: check
+CVE-2017-2235 (Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and ...)
+ TODO: check
+CVE-2017-2234 (Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and ...)
+ TODO: check
+CVE-2017-2233 (Untrusted search path vulnerability in Installer of PDF Digital ...)
+ TODO: check
+CVE-2017-2232 (Untrusted search path vulnerability in Installer of Shinseiyo Sogo ...)
+ TODO: check
+CVE-2017-2231 (Untrusted search path vulnerability in The installer of MLIT ...)
+ TODO: check
+CVE-2017-2230 (Untrusted search path vulnerability in Douro Kouji Kanseizutou Check ...)
+ TODO: check
+CVE-2017-2229 (Untrusted search path vulnerability in Douroshisetu Kihon Data Sakusei ...)
+ TODO: check
CVE-2017-2228
RESERVED
-CVE-2017-2227
- RESERVED
-CVE-2017-2226
- RESERVED
-CVE-2017-2225
- RESERVED
-CVE-2017-2224
- RESERVED
-CVE-2017-2223
- RESERVED
-CVE-2017-2222
- RESERVED
+CVE-2017-2227 (Untrusted search path vulnerability in The installer of Charamin OMP ...)
+ TODO: check
+CVE-2017-2226 (Untrusted search path vulnerability in Setup file of advance ...)
+ TODO: check
+CVE-2017-2225 (Untrusted search path vulnerability in EbidSettingChecker.exe (version ...)
+ TODO: check
+CVE-2017-2224 (Cross-site scripting vulnerability in Event Calendar WD prior to ...)
+ TODO: check
+CVE-2017-2223 (Cross-site request forgery (CSRF) vulnerability in TS-WPTCAM, ...)
+ TODO: check
+CVE-2017-2222 (Cross-site scripting vulnerability in WP-Members prior to version ...)
+ TODO: check
CVE-2017-2221
RESERVED
-CVE-2017-2220
- RESERVED
+CVE-2017-2220 (Untrusted search path vulnerability in Installer of CASL II simulator ...)
+ TODO: check
CVE-2017-2219 (Untrusted search path vulnerability in the [Simeji for Windows] ...)
NOT-FOR-US: Simeji
-CVE-2017-2218
- RESERVED
-CVE-2017-2217
- RESERVED
-CVE-2017-2216
- RESERVED
-CVE-2017-2215
- RESERVED
+CVE-2017-2218 (Untrusted search path vulnerability in Installer of QuickTime for ...)
+ TODO: check
+CVE-2017-2217 (Open redirect vulnerability in WordPress Download Manager prior to ...)
+ TODO: check
+CVE-2017-2216 (Cross-site scripting vulnerability in WordPress Download Manager prior ...)
+ TODO: check
+CVE-2017-2215 (Untrusted search path vulnerability in Installer of "Setup file of ...)
+ TODO: check
CVE-2017-2214 (Untrusted search path vulnerability in AppCheck and AppCheck Pro prior ...)
NOT-FOR-US: AppCheck
CVE-2017-2213 (Untrusted search path vulnerability in SemiDynaEXE ...)
@@ -25094,8 +25317,8 @@
NOT-FOR-US: PatchJGD
CVE-2017-2209 (Untrusted search path vulnerability in the installer of Houkokusyo ...)
NOT-FOR-US: Houkokusyo Sakusei Shien Tool
-CVE-2017-2208
- RESERVED
+CVE-2017-2208 (Untrusted search path vulnerability in Installer of Electronic ...)
+ TODO: check
CVE-2017-2207 (Untrusted search path vulnerability in the installer of SaAT Personal ...)
NOT-FOR-US: SaAT Personal
CVE-2017-2206 (Untrusted search path vulnerability in the installer of SaAT Netizen ...)
@@ -25122,8 +25345,8 @@
RESERVED
CVE-2017-2195 (SQL injection vulnerability in the Multi Feed Reader prior to version ...)
NOT-FOR-US: Multi Feed Reader plugin for wordpress
-CVE-2017-2194
- RESERVED
+CVE-2017-2194 (Cross-site scripting vulnerability in Source code security studying ...)
+ TODO: check
CVE-2017-2193 (Untrusted search path vulnerability in the installer of Tera Term 4.94 ...)
NOT-FOR-US: Tera Term
CVE-2017-2192 (Untrusted search path vulnerability in RW-5100 tool to verify ...)
@@ -25134,18 +25357,18 @@
NOT-FOR-US: RW4040
CVE-2017-2189 (Untrusted search path vulnerability in RW-4040 driver installer for ...)
NOT-FOR-US: RW4040
-CVE-2017-2188
- RESERVED
+CVE-2017-2188 (Untrusted search path vulnerability in Installer of Denshinouhin Check ...)
+ TODO: check
CVE-2017-2187 (Cross-site scripting vulnerability in WP Live Chat Support prior to ...)
NOT-FOR-US: WP Live Chat
-CVE-2017-2186
- RESERVED
-CVE-2017-2185
- RESERVED
-CVE-2017-2184
- RESERVED
-CVE-2017-2183
- RESERVED
+CVE-2017-2186 (HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to bypass ...)
+ TODO: check
+CVE-2017-2185 (HOME SPOT CUBE2 firmware V101 and earlier allows authenticated ...)
+ TODO: check
+CVE-2017-2184 (Buffer overflow in HOME SPOT CUBE2 firmware V101 and earlier allows an ...)
+ TODO: check
+CVE-2017-2183 (HOME SPOT CUBE2 firmware V101 and earlier allows authenticated ...)
+ TODO: check
CVE-2017-2182 (Hands-on Vulnerability Learning Tool "AppGoat" for Web Application ...)
NOT-FOR-US: Hands-on Vulnerability Learning Tool
CVE-2017-2181 (Hands-on Vulnerability Learning Tool "AppGoat" for Web Application ...)
@@ -25166,8 +25389,8 @@
NOT-FOR-US: Empirical Project Monitor - eXtended
CVE-2017-2173 (Cross-site scripting vulnerability in Empirical Project Monitor - ...)
NOT-FOR-US: Empirical Project Monitor - eXtended
-CVE-2017-2172
- RESERVED
+CVE-2017-2172 (Cross-site scripting vulnerability in Cybozu KUNAI for Android 3.0.0 ...)
+ TODO: check
CVE-2017-2171 (Cross-site scripting vulnerability in Captcha prior to version 4.3.0, ...)
NOT-FOR-US: WordPress plugins provided by BestWebSoft
CVE-2017-2170
@@ -25218,12 +25441,12 @@
NOT-FOR-US: WN-AC1167GR firmware
CVE-2017-2147 (Cross-site scripting vulnerability in WP Statistics version 12.0.4 and ...)
NOT-FOR-US: WP Statistics
-CVE-2017-2146
- RESERVED
-CVE-2017-2145
- RESERVED
-CVE-2017-2144
- RESERVED
+CVE-2017-2146 (Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 ...)
+ TODO: check
+CVE-2017-2145 (Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows ...)
+ TODO: check
+CVE-2017-2144 (Cybozu Garoon 3.0.0 to 4.2.4 may allow an attacker to lock another ...)
+ TODO: check
CVE-2017-2143 (CS-Cart Japanese Edition v4.3.10-jp-1 and earlier, CS-Cart Multivendor ...)
NOT-FOR-US: CS-Cart
CVE-2017-2142 (Buffer overflow in WN-G300R3 firmware Ver.1.03 and earlier allows ...)
@@ -29312,8 +29535,8 @@
NOT-FOR-US: NVIDIA Windows drivers
CVE-2017-0341 (All versions of the NVIDIA Windows GPU Display Driver contain a ...)
NOT-FOR-US: NVIDIA Windows drivers
-CVE-2017-0340
- RESERVED
+CVE-2017-0340 (An elevation of privilege vulnerability in the NVIDIA Libnvparser ...)
+ TODO: check
CVE-2017-0339 (An elevation of privilege vulnerability in the NVIDIA crypto driver ...)
NOT-FOR-US: NVIDIA driver for Android
CVE-2017-0338 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
@@ -29340,8 +29563,8 @@
NOT-FOR-US: NVIDIA driver for Android
CVE-2017-0327 (An elevation of privilege vulnerability in the NVIDIA crypto driver ...)
NOT-FOR-US: NVIDIA driver for Android
-CVE-2017-0326
- RESERVED
+CVE-2017-0326 (An information disclosure vulnerability in the NVIDIA Video Driver due ...)
+ TODO: check
CVE-2017-0325 (An elevation of privilege vulnerability in the NVIDIA I2C HID driver ...)
NOT-FOR-US: NVIDIA driver for Android
CVE-2017-0324 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
@@ -77251,8 +77474,7 @@
RESERVED
- etherpad-lite <itp> (bug #576998)
NOTE: http://www.openwall.com/lists/oss-security/2015/04/11/10
-CVE-2015-3297 [read-only directory traversal in Etherpad Minify]
- RESERVED
+CVE-2015-3297 (Directory traversal vulnerability in node/utils/Minify.js in Etherpad ...)
- etherpad-lite <itp> (bug #576998)
CVE-2015-3010 (ceph-deploy before 1.5.23 uses weak permissions (644) for ...)
- ceph-deploy <itp> (bug #694013)
@@ -91456,11 +91678,10 @@
NOT-FOR-US: WordPress plugin Pods
CVE-2014-7955
RESERVED
-CVE-2014-7954
- RESERVED
+CVE-2014-7954 (Directory traversal vulnerability in the doSendObjectInfo method in ...)
NOT-FOR-US: MtpServer class in Android
-CVE-2014-7953
- RESERVED
+CVE-2014-7953 (Race condition in the bindBackupAgent method in the ...)
+ TODO: check
CVE-2014-7952
RESERVED
CVE-2014-7951
More information about the Secure-testing-commits
mailing list