[Secure-testing-commits] r51587 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Fri May 12 21:10:13 UTC 2017


Author: sectracker
Date: 2017-05-12 21:10:13 +0000 (Fri, 12 May 2017)
New Revision: 51587

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-05-12 20:55:50 UTC (rev 51586)
+++ data/CVE/list	2017-05-12 21:10:13 UTC (rev 51587)
@@ -1,3 +1,19 @@
+CVE-2017-8923 (The zend_string_extend function in Zend/zend_string.h in PHP through ...)
+	TODO: check
+CVE-2017-8922
+	RESERVED
+CVE-2017-8921 (In FlightGear before 2017.2.1, the FGCommand interface allows ...)
+	TODO: check
+CVE-2017-8920
+	RESERVED
+CVE-2017-8919
+	RESERVED
+CVE-2017-8918
+	RESERVED
+CVE-2017-8917
+	RESERVED
+CVE-2017-8916
+	RESERVED
 CVE-2017-8915
 	RESERVED
 CVE-2017-8914
@@ -1649,12 +1665,12 @@
 	RESERVED
 CVE-2017-8247
 	RESERVED
-CVE-2017-8246
-	RESERVED
-CVE-2017-8245
-	RESERVED
-CVE-2017-8244
-	RESERVED
+CVE-2017-8246 (In function msm_pcm_playback_close() in all Android releases from CAF ...)
+	TODO: check
+CVE-2017-8245 (In all Android releases from CAF using the Linux kernel, while ...)
+	TODO: check
+CVE-2017-8244 (In core_info_read and inst_info_read in all Android releases from CAF ...)
+	TODO: check
 CVE-2017-8243
 	RESERVED
 CVE-2017-8242
@@ -2545,12 +2561,12 @@
 	RESERVED
 CVE-2016-10332
 	RESERVED
-CVE-2016-10331
-	RESERVED
-CVE-2016-10330
-	RESERVED
-CVE-2016-10329
-	RESERVED
+CVE-2016-10331 (Directory traversal vulnerability in download.php in Synology Photo ...)
+	TODO: check
+CVE-2016-10330 (Directory traversal vulnerability in synophoto_dsm_user, a SUID ...)
+	TODO: check
+CVE-2016-10329 (Command injection vulnerability in login.php in Synology Photo Station ...)
+	TODO: check
 CVE-2015-9054
 	RESERVED
 CVE-2015-9053
@@ -3751,22 +3767,22 @@
 	RESERVED
 	- linux <unfixed>
 	NOTE: Fixed by: https://git.kernel.org/linus/ee0d8d8482345ff97a75a7d747efc309f13b0d80
-CVE-2017-7486 [Restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options]
-	RESERVED
+CVE-2017-7486 (PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in ...)
+	{DSA-3851-1}
 	- postgresql-9.6 9.6.3-1
 	- postgresql-9.4 <removed>
 	- postgresql-9.1 <removed>
 	- postgresql-8.4 <not-affected> (feature not present in 8.x)
 	NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=c928addfccd7f9905472dddd94e9cd10bc3f6808
-CVE-2017-7485 [Restore libpq's recognition of the PGREQUIRESSL environment variable]
-	RESERVED
+CVE-2017-7485 (In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before ...)
+	{DSA-3851-1}
 	- postgresql-9.6 9.6.3-1
 	- postgresql-9.4 <removed>
 	- postgresql-9.1 <not-affected> (bug introduced in 9.3)
 	- postgresql-8.4 <not-affected> (bug introduced in 9.3)
 	NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=aafbd1df969135c185947c596c46608fc9f4a67c
-CVE-2017-7484 [Prevent exposure of statistical information via leaky operators]
-	RESERVED
+CVE-2017-7484 (It was found that some selectivity estimation functions in PostgreSQL ...)
+	{DSA-3851-1}
 	- postgresql-9.6 9.6.3-1
 	- postgresql-9.4 <removed>
 	- postgresql-9.1 <removed>
@@ -3823,8 +3839,7 @@
 	RESERVED
 	- cairo <undetermined>
 	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=100763
-CVE-2017-7474
-	RESERVED
+CVE-2017-7474 (It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not ...)
 	NOT-FOR-US: Keycloak
 CVE-2017-7473 [Potential information disclosure via no_log directive]
 	RESERVED
@@ -4412,56 +4427,39 @@
 CVE-2016-10297
 	RESERVED
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2016-10296
-	RESERVED
+CVE-2016-10296 (An information disclosure vulnerability in the Qualcomm shared memory ...)
 	NOT-FOR-US: Qualcomm driver for Android
-CVE-2016-10295
-	RESERVED
+CVE-2016-10295 (An information disclosure vulnerability in the Qualcomm LED driver ...)
 	NOT-FOR-US: Qualcomm driver for Android
-CVE-2016-10294
-	RESERVED
+CVE-2016-10294 (An information disclosure vulnerability in the Qualcomm power driver ...)
 	NOT-FOR-US: Qualcomm driver for Android
-CVE-2016-10293
-	RESERVED
+CVE-2016-10293 (An information disclosure vulnerability in the Qualcomm video driver ...)
 	NOT-FOR-US: Qualcomm driver for Android
-CVE-2016-10292
-	RESERVED
+CVE-2016-10292 (A denial of service vulnerability in the Qualcomm Wi-Fi driver could ...)
 	NOT-FOR-US: Qualcomm driver for Android
-CVE-2016-10291
-	RESERVED
+CVE-2016-10291 (An elevation of privilege vulnerability in the Qualcomm Slimbus driver ...)
 	NOT-FOR-US: Qualcomm driver for Android
-CVE-2016-10290
-	RESERVED
+CVE-2016-10290 (An elevation of privilege vulnerability in the Qualcomm shared memory ...)
 	NOT-FOR-US: Qualcomm driver for Android
-CVE-2016-10289
-	RESERVED
+CVE-2016-10289 (An elevation of privilege vulnerability in the Qualcomm crypto driver ...)
 	NOT-FOR-US: Qualcomm driver for Android
-CVE-2016-10288
-	RESERVED
+CVE-2016-10288 (An elevation of privilege vulnerability in the Qualcomm LED driver ...)
 	NOT-FOR-US: Qualcomm driver for Android
-CVE-2016-10287
-	RESERVED
+CVE-2016-10287 (An elevation of privilege vulnerability in the Qualcomm sound driver ...)
 	NOT-FOR-US: Qualcomm driver for Android
-CVE-2016-10286
-	RESERVED
+CVE-2016-10286 (An elevation of privilege vulnerability in the Qualcomm video driver ...)
 	NOT-FOR-US: Qualcomm driver for Android
-CVE-2016-10285
-	RESERVED
+CVE-2016-10285 (An elevation of privilege vulnerability in the Qualcomm video driver ...)
 	NOT-FOR-US: Qualcomm driver for Android
-CVE-2016-10284
-	RESERVED
+CVE-2016-10284 (An elevation of privilege vulnerability in the Qualcomm video driver ...)
 	NOT-FOR-US: Qualcomm driver for Android
-CVE-2016-10283
-	RESERVED
+CVE-2016-10283 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver ...)
 	NOT-FOR-US: Qualcomm driver for Android
-CVE-2016-10282
-	RESERVED
+CVE-2016-10282 (An elevation of privilege vulnerability in the MediaTek thermal driver ...)
 	NOT-FOR-US: Mediatek driver for Android
-CVE-2016-10281
-	RESERVED
+CVE-2016-10281 (An elevation of privilege vulnerability in the MediaTek thermal driver ...)
 	NOT-FOR-US: Mediatek driver for Android
-CVE-2016-10280
-	RESERVED
+CVE-2016-10280 (An elevation of privilege vulnerability in the MediaTek thermal driver ...)
 	NOT-FOR-US: Mediatek driver for Android
 CVE-2016-10279
 	RESERVED
@@ -4469,17 +4467,13 @@
 CVE-2016-10278
 	RESERVED
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2016-10277
-	RESERVED
+CVE-2016-10277 (An elevation of privilege vulnerability in the Motorola bootloader ...)
 	NOT-FOR-US: Motorola component for Android
-CVE-2016-10276
-	RESERVED
+CVE-2016-10276 (An elevation of privilege vulnerability in the Qualcomm bootloader ...)
 	NOT-FOR-US: Qualcomm component for Android
-CVE-2016-10275
-	RESERVED
+CVE-2016-10275 (An elevation of privilege vulnerability in the Qualcomm bootloader ...)
 	NOT-FOR-US: Qualcomm component for Android
-CVE-2016-10274
-	RESERVED
+CVE-2016-10274 (An elevation of privilege vulnerability in the MediaTek touchscreen ...)
 	NOT-FOR-US: Mediatek driver for Android
 CVE-2015-9018
 	RESERVED
@@ -19170,16 +19164,16 @@
 	RESERVED
 CVE-2017-2168
 	RESERVED
-CVE-2017-2167
-	RESERVED
+CVE-2017-2167 (Untrusted search path vulnerability in Installer for PrimeDrive ...)
+	TODO: check
 CVE-2017-2166
 	RESERVED
 CVE-2017-2165
 	RESERVED
-CVE-2017-2164
-	RESERVED
-CVE-2017-2163
-	RESERVED
+CVE-2017-2164 (Cross-site scripting vulnerability in SOY CMS with installer 1.8.12 ...)
+	TODO: check
+CVE-2017-2163 (Directory traversal vulnerability in SOY CMS Ver.1.8.1 to Ver.1.8.12 ...)
+	TODO: check
 CVE-2017-2162
 	RESERVED
 CVE-2017-2161
@@ -19190,8 +19184,8 @@
 	RESERVED
 CVE-2017-2158
 	RESERVED
-CVE-2017-2157
-	RESERVED
+CVE-2017-2157 (Untrusted search path vulnerability in installers for The Public ...)
+	TODO: check
 CVE-2017-2156 (Untrusted search path vulnerability in Vivaldi installer for Windows ...)
 	NOT-FOR-US: Vivaldi installer Windows
 CVE-2017-2155 (Buffer overflow in Hoozin Viewer 2, 3, 4.1.5.15 and earlier, 5.1.2.13 ...)
@@ -19260,8 +19254,8 @@
 	NOT-FOR-US: OneThird CMS
 CVE-2017-2123 (Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven's Door ...)
 	NOT-FOR-US: OneThird CMS
-CVE-2017-2122
-	RESERVED
+CVE-2017-2122 (Cross-site scripting vulnerability in Nessus versions 6.8.0, 6.8.1, ...)
+	TODO: check
 CVE-2017-2121
 	RESERVED
 CVE-2017-2120 (SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows ...)
@@ -22379,141 +22373,105 @@
 	RESERVED
 CVE-2017-0636
 	RESERVED
-CVE-2017-0635
-	RESERVED
-CVE-2017-0634
-	RESERVED
+CVE-2017-0635 (A remote denial of service vulnerability in HevcUtils.cpp in ...)
+	TODO: check
+CVE-2017-0634 (An information disclosure vulnerability in the Synaptics touchscreen ...)
 	NOT-FOR-US: Synaptics driver for Android
-CVE-2017-0633
-	RESERVED
+CVE-2017-0633 (An information disclosure vulnerability in the Broadcom Wi-Fi driver ...)
 	NOT-FOR-US: Broadcom driver for Android
-CVE-2017-0632
-	RESERVED
+CVE-2017-0632 (An information disclosure vulnerability in the Qualcomm sound codec ...)
 	NOT-FOR-US: Qualcomm driver for Android
-CVE-2017-0631
-	RESERVED
+CVE-2017-0631 (An information disclosure vulnerability in the Qualcomm camera driver ...)
 	NOT-FOR-US: Qualcomm driver for Android
-CVE-2017-0630
-	RESERVED
+CVE-2017-0630 (An information disclosure vulnerability in the kernel trace subsystem ...)
 	- linux <undetermined>
-CVE-2017-0629
-	RESERVED
+CVE-2017-0629 (An information disclosure vulnerability in the Qualcomm camera driver ...)
 	NOT-FOR-US: Qualcomm driver for Android
-CVE-2017-0628
-	RESERVED
+CVE-2017-0628 (An information disclosure vulnerability in the Qualcomm camera driver ...)
 	NOT-FOR-US: Qualcomm driver for Android
-CVE-2017-0627
-	RESERVED
+CVE-2017-0627 (An information disclosure vulnerability in the kernel UVC driver could ...)
 	- linux <undetermined>
-CVE-2017-0626
-	RESERVED
+CVE-2017-0626 (An information disclosure vulnerability in the Qualcomm crypto engine ...)
 	NOT-FOR-US: Qualcomm driver for Android
-CVE-2017-0625
-	RESERVED
+CVE-2017-0625 (An information disclosure vulnerability in the MediaTek command queue ...)
 	NOT-FOR-US: Mediatek driver for Android
-CVE-2017-0624
-	RESERVED
+CVE-2017-0624 (An information disclosure vulnerability in the Qualcomm Wi-Fi driver ...)
 	NOT-FOR-US: Qualcomm driver for Android
-CVE-2017-0623
-	RESERVED
+CVE-2017-0623 (An elevation of privilege vulnerability in the HTC bootloader could ...)
 	NOT-FOR-US: HTC driver for Android
-CVE-2017-0622
-	RESERVED
+CVE-2017-0622 (An elevation of privilege vulnerability in the Goodix touchscreen ...)
 	NOT-FOR-US: Goodix driver for Android
-CVE-2017-0621
-	RESERVED
+CVE-2017-0621 (An elevation of privilege vulnerability in the Qualcomm camera driver ...)
 	NOT-FOR-US: Qualcomm driver for Android
-CVE-2017-0620
-	RESERVED
+CVE-2017-0620 (An elevation of privilege vulnerability in the Qualcomm Secure Channel ...)
 	NOT-FOR-US: Qualcomm driver for Android
-CVE-2017-0619
-	RESERVED
+CVE-2017-0619 (An elevation of privilege vulnerability in the Qualcomm pin controller ...)
 	NOT-FOR-US: Qualcomm driver for Android
-CVE-2017-0618
-	RESERVED
+CVE-2017-0618 (An elevation of privilege vulnerability in the MediaTek command queue ...)
 	NOT-FOR-US: Mediatek driver for Android
-CVE-2017-0617
-	RESERVED
+CVE-2017-0617 (An elevation of privilege vulnerability in the MediaTek video driver ...)
 	NOT-FOR-US: Mediatek driver for Android
-CVE-2017-0616
-	RESERVED
+CVE-2017-0616 (An elevation of privilege vulnerability in the MediaTek system ...)
 	NOT-FOR-US: Mediatek driver for Android
-CVE-2017-0615
-	RESERVED
+CVE-2017-0615 (An elevation of privilege vulnerability in the MediaTek power driver ...)
 	NOT-FOR-US: Mediatek driver for Android
-CVE-2017-0614
-	RESERVED
+CVE-2017-0614 (An elevation of privilege vulnerability in the Qualcomm Secure ...)
 	NOT-FOR-US: Qualcomm driver for Android
-CVE-2017-0613
-	RESERVED
+CVE-2017-0613 (An elevation of privilege vulnerability in the Qualcomm Secure ...)
 	NOT-FOR-US: Qualcomm driver for Android
-CVE-2017-0612
-	RESERVED
+CVE-2017-0612 (An elevation of privilege vulnerability in the Qualcomm Secure ...)
 	NOT-FOR-US: Qualcomm driver for Android
-CVE-2017-0611
-	RESERVED
+CVE-2017-0611 (An elevation of privilege vulnerability in the Qualcomm sound driver ...)
 	NOT-FOR-US: Qualcomm driver for Android
-CVE-2017-0610
-	RESERVED
+CVE-2017-0610 (An elevation of privilege vulnerability in the Qualcomm sound driver ...)
 	NOT-FOR-US: Qualcomm driver for Android
-CVE-2017-0609
-	RESERVED
+CVE-2017-0609 (An elevation of privilege vulnerability in the Qualcomm sound driver ...)
 	NOT-FOR-US: Qualcomm driver for Android
-CVE-2017-0608
-	RESERVED
+CVE-2017-0608 (An elevation of privilege vulnerability in the Qualcomm sound driver ...)
 	NOT-FOR-US: Qualcomm driver for Android
-CVE-2017-0607
-	RESERVED
+CVE-2017-0607 (An elevation of privilege vulnerability in the Qualcomm sound driver ...)
 	NOT-FOR-US: Qualcomm driver for Android
-CVE-2017-0606
-	RESERVED
+CVE-2017-0606 (An elevation of privilege vulnerability in the Qualcomm sound driver ...)
 	NOT-FOR-US: Qualcomm driver for Android
-CVE-2017-0605
-	RESERVED
+CVE-2017-0605 (An elevation of privilege vulnerability in the kernel trace subsystem ...)
 	- linux <undetermined>
 	NOTE: https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=2161ae9a70b12cf18ac8e5952a20161ffbccb477
-CVE-2017-0604
-	RESERVED
+CVE-2017-0604 (An elevation of privilege vulnerability in the kernel Qualcomm power ...)
 	NOT-FOR-US: Qualcomm driver for Android
-CVE-2017-0603
-	RESERVED
-CVE-2017-0602
-	RESERVED
+CVE-2017-0603 (A denial of service vulnerability in libstagefright in Mediaserver ...)
+	TODO: check
+CVE-2017-0602 (An information disclosure vulnerability in Bluetooth could allow a ...)
 	NOT-FOR-US: Android
-CVE-2017-0601
-	RESERVED
+CVE-2017-0601 (An Elevation of Privilege vulnerability in Bluetooth could potentially ...)
 	NOT-FOR-US: Android
-CVE-2017-0600
-	RESERVED
-CVE-2017-0599
-	RESERVED
-CVE-2017-0598
-	RESERVED
+CVE-2017-0600 (A remote denial of service vulnerability in libstagefright in ...)
+	TODO: check
+CVE-2017-0599 (A remote denial of service vulnerability in libhevc in Mediaserver ...)
+	TODO: check
+CVE-2017-0598 (An information disclosure vulnerability in the Framework APIs could ...)
 	NOT-FOR-US: Android
-CVE-2017-0597
-	RESERVED
+CVE-2017-0597 (An elevation of privilege vulnerability in Audioserver could enable a ...)
 	NOT-FOR-US: Android Audioserver
-CVE-2017-0596
-	RESERVED
-CVE-2017-0595
-	RESERVED
-CVE-2017-0594
-	RESERVED
-CVE-2017-0593
-	RESERVED
+CVE-2017-0596 (An elevation of privilege vulnerability in libstagefright in ...)
+	TODO: check
+CVE-2017-0595 (An elevation of privilege vulnerability in libstagefright in ...)
+	TODO: check
+CVE-2017-0594 (An elevation of privilege vulnerability in ...)
+	TODO: check
+CVE-2017-0593 (An elevation of privilege vulnerability in the Framework APIs could ...)
 	NOT-FOR-US: Android
-CVE-2017-0592
-	RESERVED
-CVE-2017-0591
-	RESERVED
-CVE-2017-0590
-	RESERVED
-CVE-2017-0589
-	RESERVED
-CVE-2017-0588
-	RESERVED
-CVE-2017-0587
-	RESERVED
+CVE-2017-0592 (A remote code execution vulnerability in FLACExtractor.cpp in ...)
+	TODO: check
+CVE-2017-0591 (A remote code execution vulnerability in libavc in Mediaserver could ...)
+	TODO: check
+CVE-2017-0590 (A remote code execution vulnerability in libhevc in Mediaserver could ...)
+	TODO: check
+CVE-2017-0589 (A remote code execution vulnerability in libhevc in Mediaserver could ...)
+	TODO: check
+CVE-2017-0588 (A remote code execution vulnerability in id3/ID3.cpp in libstagefright ...)
+	TODO: check
+CVE-2017-0587 (A remote code execution vulnerability in libmpeg2 in Mediaserver could ...)
+	TODO: check
 CVE-2017-0586 (An information disclosure vulnerability in the Qualcomm sound driver ...)
 	NOT-FOR-US: Qualcomm driver for Android
 CVE-2017-0585 (An information disclosure vulnerability in the Broadcom Wi-Fi driver ...)
@@ -22712,8 +22670,7 @@
 	NOT-FOR-US: Android Mediaserver
 CVE-2017-0494 (An information disclosure vulnerability in AOSP Messaging could enable ...)
 	NOT-FOR-US: Android
-CVE-2017-0493
-	RESERVED
+CVE-2017-0493 (An information disclosure vulnerability in File-Based Encryption could ...)
 	NOT-FOR-US: Android
 CVE-2017-0492 (An elevation of privilege vulnerability in the System UI could enable ...)
 	NOT-FOR-US: Android
@@ -22769,8 +22726,7 @@
 	NOT-FOR-US: Android Mediaserver
 CVE-2017-0466 (A remote code execution vulnerability in Mediaserver could enable an ...)
 	NOT-FOR-US: Android Mediaserver
-CVE-2017-0465
-	RESERVED
+CVE-2017-0465 (An elevation of privilege vulnerability in the Qualcomm ADSPRPC driver ...)
 	NOT-FOR-US: Qualcomm driver for Android
 CVE-2017-0464 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver ...)
 	NOT-FOR-US: Qualcomm driver for Android
@@ -28271,7 +28227,7 @@
 	RESERVED
 CVE-2017-0291
 	RESERVED
-CVE-2017-0290 (NScript in mpengine in Microsoft Malware Protection Engine with Engine ...)
+CVE-2017-0290 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...)
 	NOT-FOR-US: Microsoft
 CVE-2017-0289
 	RESERVED
@@ -28289,62 +28245,62 @@
 	RESERVED
 CVE-2017-0282
 	RESERVED
-CVE-2017-0281
-	RESERVED
-CVE-2017-0280
-	RESERVED
-CVE-2017-0279
-	RESERVED
-CVE-2017-0278
-	RESERVED
-CVE-2017-0277
-	RESERVED
-CVE-2017-0276
-	RESERVED
-CVE-2017-0275
-	RESERVED
-CVE-2017-0274
-	RESERVED
-CVE-2017-0273
-	RESERVED
-CVE-2017-0272
-	RESERVED
-CVE-2017-0271
-	RESERVED
-CVE-2017-0270
-	RESERVED
-CVE-2017-0269
-	RESERVED
-CVE-2017-0268
-	RESERVED
-CVE-2017-0267
-	RESERVED
-CVE-2017-0266
-	RESERVED
-CVE-2017-0265
-	RESERVED
-CVE-2017-0264
-	RESERVED
-CVE-2017-0263
-	RESERVED
-CVE-2017-0262
-	RESERVED
-CVE-2017-0261
-	RESERVED
+CVE-2017-0281 (Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office ...)
+	TODO: check
+CVE-2017-0280 (The Microsoft Server Message Block 1.0 (SMBv1) allows denial of ...)
+	TODO: check
+CVE-2017-0279 (The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft ...)
+	TODO: check
+CVE-2017-0278 (The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft ...)
+	TODO: check
+CVE-2017-0277 (The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft ...)
+	TODO: check
+CVE-2017-0276 (Microsoft Server Message Block 1.0 (SMBv1) allows an information ...)
+	TODO: check
+CVE-2017-0275 (Microsoft Server Message Block 1.0 (SMBv1) allows an information ...)
+	TODO: check
+CVE-2017-0274 (Microsoft Server Message Block 1.0 (SMBv1) allows an information ...)
+	TODO: check
+CVE-2017-0273 (The Microsoft Server Message Block 1.0 (SMBv1) allows denial of ...)
+	TODO: check
+CVE-2017-0272 (The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft ...)
+	TODO: check
+CVE-2017-0271 (Microsoft Server Message Block 1.0 (SMBv1) allows an information ...)
+	TODO: check
+CVE-2017-0270 (Microsoft Server Message Block 1.0 (SMBv1) allows an information ...)
+	TODO: check
+CVE-2017-0269 (The Microsoft Server Message Block 1.0 (SMBv1) allows denial of ...)
+	TODO: check
+CVE-2017-0268 (Microsoft Server Message Block 1.0 (SMBv1) allows an information ...)
+	TODO: check
+CVE-2017-0267 (Microsoft Server Message Block 1.0 (SMBv1) allows an information ...)
+	TODO: check
+CVE-2017-0266 (A remote code execution vulnerability exists in Microsoft Edge in the ...)
+	TODO: check
+CVE-2017-0265 (Microsoft PowerPoint for Mac 2011 allows a remote code execution ...)
+	TODO: check
+CVE-2017-0264 (Microsoft PowerPoint for Mac 2011 allows a remote code execution ...)
+	TODO: check
+CVE-2017-0263 (The kernel-mode drivers in Microsoft Windows Server 2008 SP2 and R2 ...)
+	TODO: check
+CVE-2017-0262 (Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a ...)
+	TODO: check
+CVE-2017-0261 (Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a ...)
+	TODO: check
 CVE-2017-0260
 	RESERVED
-CVE-2017-0259
-	RESERVED
-CVE-2017-0258
-	RESERVED
+CVE-2017-0259 (The Windows kernel in Microsoft Windows 8.1, Windows Server 2012 R2, ...)
+	TODO: check
+CVE-2017-0258 (The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, ...)
+	TODO: check
 CVE-2017-0257
 	RESERVED
-CVE-2017-0256
-	RESERVED
-CVE-2017-0255
-	RESERVED
-CVE-2017-0254
-	RESERVED
+CVE-2017-0256 (A spoofing vulnerability exists when the ASP.NET Core fails to ...)
+	TODO: check
+CVE-2017-0255 (Microsoft SharePoint Foundation 2013 SP1 allows an elevation of ...)
+	TODO: check
+CVE-2017-0254 (Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office ...)
+	TODO: check
 CVE-2017-0253
 	RESERVED
 CVE-2017-0252
@@ -28353,66 +28309,66 @@
 	RESERVED
 CVE-2017-0250
 	RESERVED
-CVE-2017-0249
-	RESERVED
-CVE-2017-0248
-	RESERVED
-CVE-2017-0247
-	RESERVED
-CVE-2017-0246
-	RESERVED
-CVE-2017-0245
-	RESERVED
-CVE-2017-0244
-	RESERVED
+CVE-2017-0249 (An elevation of privilege vulnerability exists when the ASP.NET Core ...)
+	TODO: check
+CVE-2017-0248 (Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and ...)
+	TODO: check
+CVE-2017-0247 (A denial of service vulnerability exists when the ASP.NET Core fails ...)
+	TODO: check
+CVE-2017-0246 (The Graphics Component in the kernel-mode drivers in Windows Server ...)
+	TODO: check
+CVE-2017-0245 (The kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows ...)
+	TODO: check
+CVE-2017-0244 (The kernel in Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 ...)
+	TODO: check
 CVE-2017-0243
 	RESERVED
-CVE-2017-0242
-	RESERVED
-CVE-2017-0241
-	RESERVED
-CVE-2017-0240
-	RESERVED
+CVE-2017-0242 (An information disclosure vulnerability exists in the way some ActiveX ...)
+	TODO: check
+CVE-2017-0241 (An elevation of privilege vulnerability exists when Microsoft Edge ...)
+	TODO: check
+CVE-2017-0240 (A remote code execution vulnerability exists in Microsoft Edge in the ...)
+	TODO: check
 CVE-2017-0239
 	RESERVED
-CVE-2017-0238
-	RESERVED
+CVE-2017-0238 (A remote code execution vulnerability exists in Microsoft browsers in ...)
+	TODO: check
 CVE-2017-0237
 	RESERVED
-CVE-2017-0236
-	RESERVED
-CVE-2017-0235
-	RESERVED
-CVE-2017-0234
-	RESERVED
-CVE-2017-0233
-	RESERVED
+CVE-2017-0236 (A remote code execution vulnerability exists in Microsoft Edge in the ...)
+	TODO: check
+CVE-2017-0235 (A remote code execution vulnerability exists in Microsoft Edge in the ...)
+	TODO: check
+CVE-2017-0234 (A remote code execution vulnerability exists in Microsoft Edge in the ...)
+	TODO: check
+CVE-2017-0233 (An elevation of privilege vulnerability exists in Microsoft Edge that ...)
+	TODO: check
 CVE-2017-0232
 	RESERVED
-CVE-2017-0231
-	RESERVED
-CVE-2017-0230
-	RESERVED
-CVE-2017-0229
-	RESERVED
-CVE-2017-0228
-	RESERVED
-CVE-2017-0227
-	RESERVED
-CVE-2017-0226
-	RESERVED
+CVE-2017-0231 (A spoofing vulnerability exists when Microsoft browsers render ...)
+	TODO: check
+CVE-2017-0230 (A remote code execution vulnerability exists in Microsoft Edge in the ...)
+	TODO: check
+CVE-2017-0229 (A remote code execution vulnerability exists in Microsoft Edge in the ...)
+	TODO: check
+CVE-2017-0228 (A remote code execution vulnerability exists in Microsoft browsers in ...)
+	TODO: check
+CVE-2017-0227 (A remote code execution vulnerability exists in Microsoft Edge in the ...)
+	TODO: check
+CVE-2017-0226 (A remote code execution vulnerability exists when Internet Explorer ...)
+	TODO: check
 CVE-2017-0225
 	RESERVED
-CVE-2017-0224
-	RESERVED
+CVE-2017-0224 (A remote code execution vulnerability exists in the way JavaScript ...)
+	TODO: check
 CVE-2017-0223
 	RESERVED
-CVE-2017-0222
-	RESERVED
-CVE-2017-0221
-	RESERVED
-CVE-2017-0220
-	RESERVED
+CVE-2017-0222 (A remote code execution vulnerability exists when Internet Explorer ...)
+	TODO: check
+CVE-2017-0221 (A vulnerability exists when Microsoft Edge improperly accesses objects ...)
+	TODO: check
+CVE-2017-0220 (The Windows kernel in Windows Server 2008 SP2 and R2 SP1, Windows 7 ...)
+	TODO: check
 CVE-2017-0219
 	RESERVED
 CVE-2017-0218
@@ -28423,12 +28379,12 @@
 	RESERVED
 CVE-2017-0215
 	RESERVED
-CVE-2017-0214
-	RESERVED
-CVE-2017-0213
-	RESERVED
-CVE-2017-0212
-	RESERVED
+CVE-2017-0214 (Windows COM in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...)
+	TODO: check
+CVE-2017-0213 (Windows COM Aggregate Marshaler in Microsoft Windows Server 2008 SP2 ...)
+	TODO: check
+CVE-2017-0212 (Windows Hyper-V allows an elevation of privilege vulnerability when ...)
+	TODO: check
 CVE-2017-0211 (An elevation of privilege vulnerability exists in Windows 10, Windows ...)
 	NOT-FOR-US: Microsoft
 CVE-2017-0210 (An elevation of privilege vulnerability exists when Internet Explorer ...)
@@ -28471,8 +28427,8 @@
 	NOT-FOR-US: Microsoft
 CVE-2017-0191 (A denial of service vulnerability exists in the way that Windows 7, ...)
 	NOT-FOR-US: Microsoft
-CVE-2017-0190
-	RESERVED
+CVE-2017-0190 (The GDI component in Microsoft Windows Server 2008 SP2 and R2 SP1, ...)
+	TODO: check
 CVE-2017-0189 (An elevation of privilege vulnerability exists in Windows 10 when the ...)
 	NOT-FOR-US: Microsoft
 CVE-2017-0188 (A Win32k information disclosure vulnerability exists in Windows 8.1, ...)
@@ -28501,16 +28457,16 @@
 	RESERVED
 CVE-2017-0176
 	RESERVED
-CVE-2017-0175
-	RESERVED
+CVE-2017-0175 (The Windows kernel in Windows Server 2008 SP2 and R2 SP1, and Windows ...)
+	TODO: check
 CVE-2017-0174
 	RESERVED
 CVE-2017-0173
 	RESERVED
 CVE-2017-0172
 	RESERVED
-CVE-2017-0171
-	RESERVED
+CVE-2017-0171 (Windows DNS Server allows a denial of service vulnerability when ...)
+	TODO: check
 CVE-2017-0170
 	RESERVED
 CVE-2017-0169 (An information disclosure vulnerability exists when Windows Hyper-V ...)
@@ -28697,8 +28653,8 @@
 	NOT-FOR-US: Microsoft
 CVE-2017-0078 (The kernel-mode drivers in Microsoft Windows 8.1; Windows Server 2012 ...)
 	NOT-FOR-US: Microsoft
-CVE-2017-0077
-	RESERVED
+CVE-2017-0077 (The kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows ...)
+	TODO: check
 CVE-2017-0076 (Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and ...)
 	NOT-FOR-US: Microsoft
 CVE-2017-0075 (Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and ...)
@@ -28723,8 +28679,8 @@
 	NOT-FOR-US: Microsoft
 CVE-2017-0065 (Microsoft Edge allows remote attackers to obtain sensitive information ...)
 	NOT-FOR-US: Microsoft
-CVE-2017-0064
-	RESERVED
+CVE-2017-0064 (A security feature bypass vulnerability exists in Internet Explorer ...)
+	TODO: check
 CVE-2017-0063 (The Color Management Module (ICM32.dll) memory handling functionality ...)
 	NOT-FOR-US: Microsoft
 CVE-2017-0062 (The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; ...)
@@ -39914,30 +39870,30 @@
 	NOT-FOR-US: ZOHO ManageEngine ServiceDesk Plus
 CVE-2016-4888 (Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ...)
 	NOT-FOR-US: ZOHO ManageEngine ServiceDesk Plus
-CVE-2016-4887
-	RESERVED
-CVE-2016-4886
-	RESERVED
-CVE-2016-4885
-	RESERVED
-CVE-2016-4884
-	RESERVED
-CVE-2016-4883
-	RESERVED
-CVE-2016-4882
-	RESERVED
-CVE-2016-4881
-	RESERVED
-CVE-2016-4880
-	RESERVED
-CVE-2016-4879
-	RESERVED
-CVE-2016-4878
-	RESERVED
-CVE-2016-4877
-	RESERVED
-CVE-2016-4876
-	RESERVED
+CVE-2016-4887 (Cross-site request forgery (CSRF) vulnerability in baserCMS plugin ...)
+	TODO: check
+CVE-2016-4886 (Cross-site request forgery (CSRF) vulnerability in baserCMS plugin ...)
+	TODO: check
+CVE-2016-4885 (Cross-site request forgery (CSRF) vulnerability in baserCMS plugin ...)
+	TODO: check
+CVE-2016-4884 (Cross-site request forgery (CSRF) vulnerability in baserCMS plugin ...)
+	TODO: check
+CVE-2016-4883 (Cross-site scripting vulnerability in baserCMS version 3.0.10 and ...)
+	TODO: check
+CVE-2016-4882 (Cross-site request forgery (CSRF) vulnerability in baserCMS version ...)
+	TODO: check
+CVE-2016-4881 (Cross-site request forgery (CSRF) vulnerability in baserCMS plugin ...)
+	TODO: check
+CVE-2016-4880 (Cross-site scripting vulnerability in baserCMS plugin Blog version ...)
+	TODO: check
+CVE-2016-4879 (Cross-site request forgery (CSRF) vulnerability in baserCMS plugin ...)
+	TODO: check
+CVE-2016-4878 (Cross-site request forgery (CSRF) vulnerability in baserCMS version ...)
+	TODO: check
+CVE-2016-4877 (Cross-site scripting vulnerability in baserCMS plugin Mail version ...)
+	TODO: check
+CVE-2016-4876 (Cross-site request forgery (CSRF) vulnerability in baserCMS version ...)
+	TODO: check
 CVE-2016-4875 (Multiple cross-site scripting (XSS) vulnerabilities in the IVYWE (1) ...)
 	NOT-FOR-US: IVYWE
 CVE-2016-4874 (Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct ...)
@@ -39960,8 +39916,8 @@
 	NOT-FOR-US: Cybozu
 CVE-2016-4865 (Cross-site scripting (XSS) vulnerability in the "Customapp" function ...)
 	NOT-FOR-US: Cybozu
-CVE-2016-4864
-	RESERVED
+CVE-2016-4864 (H2O versions 2.0.3 and earlier and 2.1.0-beta2 and earlier allows ...)
+	TODO: check
 CVE-2016-4863
 	RESERVED
 CVE-2016-4862 (Twigmo bundled with CS-Cart 4.3.9 and earlier and Twigmo bundled with ...)
@@ -39975,16 +39931,15 @@
 	NOTE: Fixed by: https://github.com/zendframework/zf1/commit/b1c71dd94296d9000127720c85a7ea9e3b35af4b (1.12.20)
 CVE-2016-4860 (Yokogawa STARDOM FCN/FCJ controller R1.01 through R4.01 does not ...)
 	NOT-FOR-US: Yokogawa STARDOM
-CVE-2016-4859
-	RESERVED
-CVE-2016-4858
-	RESERVED
-CVE-2016-4857
-	RESERVED
-CVE-2016-4856
-	RESERVED
-CVE-2016-4855
-	RESERVED
+CVE-2016-4859 (Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.3, ...)
+	TODO: check
+CVE-2016-4858 (Cross-site scripting vulnerability in Splunk Enterprise 6.4.x prior to ...)
+	TODO: check
+CVE-2016-4857 (Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, ...)
+	TODO: check
+CVE-2016-4856 (Cross-site scripting vulnerability in Splunk Enterprise 6.3.x prior to ...)
+	TODO: check
+CVE-2016-4855 (Cross-site scripting vulnerability in ADOdb versions prior to 5.20.6 ...)
 	{DLA-620-1}
 	- libphp-adodb 5.20.6-1 (unimportant; bug #837418)
 	[jessie] - libphp-adodb 5.15-1+deb8u1
@@ -40022,10 +39977,10 @@
 	NOT-FOR-US: Cybozu
 CVE-2016-4840 (Coordinate Plus App for Android 1.0.2 and earlier and Coordinate Plus ...)
 	NOT-FOR-US: Coordinate Plus App for Android
-CVE-2016-4839
-	RESERVED
-CVE-2016-4838
-	RESERVED
+CVE-2016-4839 (The Android Apps Money Forward (prior to v7.18.0), Money Forward for ...)
+	TODO: check
+CVE-2016-4838 (The Android Apps Money Forward (prior to v7.18.0), Money Forward for ...)
+	TODO: check
 CVE-2016-4837 (SQL injection vulnerability in the Seed Coupon plugin before 1.6 for ...)
 	NOT-FOR-US: EC-CUBE
 CVE-2016-4836
@@ -56188,7 +56143,7 @@
 CVE-2015-8273
 	RESERVED
 CVE-2015-8272 (RTMPDump 2.4 allows remote attackers to trigger a denial of service ...)
-	{DLA-917-1}
+	{DSA-3850-1 DLA-917-1}
 	- rtmpdump 2.4+20151223.gitfa8646d.1-1
 	NOTE: http://git.ffmpeg.org/gitweb/rtmpdump.git/commitdiff/4312322107a94c81d3ec5b98f91bc6b923551dc5
 	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0068/
@@ -56196,7 +56151,7 @@
 	NOTE: to missing upstream source import the fixes are really only present in
 	NOTE: 2.4+20151223.gitfa8646d.1-1
 CVE-2015-8271 (The AMF3CD_AddProp function in amf.c in RTMPDump 2.4 allows remote ...)
-	{DLA-917-1}
+	{DSA-3850-1 DLA-917-1}
 	- rtmpdump 2.4+20151223.gitfa8646d.1-1
 	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0067/
 	NOTE: http://git.ffmpeg.org/gitweb/rtmpdump.git/commitdiff/39ec7eda489717d503bc4cbfaa591c93205695b6
@@ -56205,7 +56160,7 @@
 	NOTE: to missing upstream source import the fixes are really only present in
 	NOTE: 2.4+20151223.gitfa8646d.1-1
 CVE-2015-8270 (The AMF3ReadString function in amf.c in RTMPDump 2.4 allows remote ...)
-	{DLA-917-1}
+	{DSA-3850-1 DLA-917-1}
 	- rtmpdump 2.4+20151223.gitfa8646d.1-1
 	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0066/
 	NOTE: http://git.ffmpeg.org/gitweb/rtmpdump.git/commitdiff/10b580aabcec1621b25518271ba1ab2b018be88e
@@ -61202,7 +61157,7 @@
 CVE-2015-6543
 	RESERVED
 CVE-2015-6542
-	RESERVED
+	REJECTED
 CVE-2015-6541 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Mail ...)
 	NOT-FOR-US: Zimbra
 CVE-2015-6540




More information about the Secure-testing-commits mailing list