[Secure-testing-commits] r51587 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Fri May 12 21:10:13 UTC 2017
Author: sectracker
Date: 2017-05-12 21:10:13 +0000 (Fri, 12 May 2017)
New Revision: 51587
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-05-12 20:55:50 UTC (rev 51586)
+++ data/CVE/list 2017-05-12 21:10:13 UTC (rev 51587)
@@ -1,3 +1,19 @@
+CVE-2017-8923 (The zend_string_extend function in Zend/zend_string.h in PHP through ...)
+ TODO: check
+CVE-2017-8922
+ RESERVED
+CVE-2017-8921 (In FlightGear before 2017.2.1, the FGCommand interface allows ...)
+ TODO: check
+CVE-2017-8920
+ RESERVED
+CVE-2017-8919
+ RESERVED
+CVE-2017-8918
+ RESERVED
+CVE-2017-8917
+ RESERVED
+CVE-2017-8916
+ RESERVED
CVE-2017-8915
RESERVED
CVE-2017-8914
@@ -1649,12 +1665,12 @@
RESERVED
CVE-2017-8247
RESERVED
-CVE-2017-8246
- RESERVED
-CVE-2017-8245
- RESERVED
-CVE-2017-8244
- RESERVED
+CVE-2017-8246 (In function msm_pcm_playback_close() in all Android releases from CAF ...)
+ TODO: check
+CVE-2017-8245 (In all Android releases from CAF using the Linux kernel, while ...)
+ TODO: check
+CVE-2017-8244 (In core_info_read and inst_info_read in all Android releases from CAF ...)
+ TODO: check
CVE-2017-8243
RESERVED
CVE-2017-8242
@@ -2545,12 +2561,12 @@
RESERVED
CVE-2016-10332
RESERVED
-CVE-2016-10331
- RESERVED
-CVE-2016-10330
- RESERVED
-CVE-2016-10329
- RESERVED
+CVE-2016-10331 (Directory traversal vulnerability in download.php in Synology Photo ...)
+ TODO: check
+CVE-2016-10330 (Directory traversal vulnerability in synophoto_dsm_user, a SUID ...)
+ TODO: check
+CVE-2016-10329 (Command injection vulnerability in login.php in Synology Photo Station ...)
+ TODO: check
CVE-2015-9054
RESERVED
CVE-2015-9053
@@ -3751,22 +3767,22 @@
RESERVED
- linux <unfixed>
NOTE: Fixed by: https://git.kernel.org/linus/ee0d8d8482345ff97a75a7d747efc309f13b0d80
-CVE-2017-7486 [Restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options]
- RESERVED
+CVE-2017-7486 (PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in ...)
+ {DSA-3851-1}
- postgresql-9.6 9.6.3-1
- postgresql-9.4 <removed>
- postgresql-9.1 <removed>
- postgresql-8.4 <not-affected> (feature not present in 8.x)
NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=c928addfccd7f9905472dddd94e9cd10bc3f6808
-CVE-2017-7485 [Restore libpq's recognition of the PGREQUIRESSL environment variable]
- RESERVED
+CVE-2017-7485 (In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before ...)
+ {DSA-3851-1}
- postgresql-9.6 9.6.3-1
- postgresql-9.4 <removed>
- postgresql-9.1 <not-affected> (bug introduced in 9.3)
- postgresql-8.4 <not-affected> (bug introduced in 9.3)
NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=aafbd1df969135c185947c596c46608fc9f4a67c
-CVE-2017-7484 [Prevent exposure of statistical information via leaky operators]
- RESERVED
+CVE-2017-7484 (It was found that some selectivity estimation functions in PostgreSQL ...)
+ {DSA-3851-1}
- postgresql-9.6 9.6.3-1
- postgresql-9.4 <removed>
- postgresql-9.1 <removed>
@@ -3823,8 +3839,7 @@
RESERVED
- cairo <undetermined>
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=100763
-CVE-2017-7474
- RESERVED
+CVE-2017-7474 (It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not ...)
NOT-FOR-US: Keycloak
CVE-2017-7473 [Potential information disclosure via no_log directive]
RESERVED
@@ -4412,56 +4427,39 @@
CVE-2016-10297
RESERVED
NOT-FOR-US: Qualcomm components for Android
-CVE-2016-10296
- RESERVED
+CVE-2016-10296 (An information disclosure vulnerability in the Qualcomm shared memory ...)
NOT-FOR-US: Qualcomm driver for Android
-CVE-2016-10295
- RESERVED
+CVE-2016-10295 (An information disclosure vulnerability in the Qualcomm LED driver ...)
NOT-FOR-US: Qualcomm driver for Android
-CVE-2016-10294
- RESERVED
+CVE-2016-10294 (An information disclosure vulnerability in the Qualcomm power driver ...)
NOT-FOR-US: Qualcomm driver for Android
-CVE-2016-10293
- RESERVED
+CVE-2016-10293 (An information disclosure vulnerability in the Qualcomm video driver ...)
NOT-FOR-US: Qualcomm driver for Android
-CVE-2016-10292
- RESERVED
+CVE-2016-10292 (A denial of service vulnerability in the Qualcomm Wi-Fi driver could ...)
NOT-FOR-US: Qualcomm driver for Android
-CVE-2016-10291
- RESERVED
+CVE-2016-10291 (An elevation of privilege vulnerability in the Qualcomm Slimbus driver ...)
NOT-FOR-US: Qualcomm driver for Android
-CVE-2016-10290
- RESERVED
+CVE-2016-10290 (An elevation of privilege vulnerability in the Qualcomm shared memory ...)
NOT-FOR-US: Qualcomm driver for Android
-CVE-2016-10289
- RESERVED
+CVE-2016-10289 (An elevation of privilege vulnerability in the Qualcomm crypto driver ...)
NOT-FOR-US: Qualcomm driver for Android
-CVE-2016-10288
- RESERVED
+CVE-2016-10288 (An elevation of privilege vulnerability in the Qualcomm LED driver ...)
NOT-FOR-US: Qualcomm driver for Android
-CVE-2016-10287
- RESERVED
+CVE-2016-10287 (An elevation of privilege vulnerability in the Qualcomm sound driver ...)
NOT-FOR-US: Qualcomm driver for Android
-CVE-2016-10286
- RESERVED
+CVE-2016-10286 (An elevation of privilege vulnerability in the Qualcomm video driver ...)
NOT-FOR-US: Qualcomm driver for Android
-CVE-2016-10285
- RESERVED
+CVE-2016-10285 (An elevation of privilege vulnerability in the Qualcomm video driver ...)
NOT-FOR-US: Qualcomm driver for Android
-CVE-2016-10284
- RESERVED
+CVE-2016-10284 (An elevation of privilege vulnerability in the Qualcomm video driver ...)
NOT-FOR-US: Qualcomm driver for Android
-CVE-2016-10283
- RESERVED
+CVE-2016-10283 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver ...)
NOT-FOR-US: Qualcomm driver for Android
-CVE-2016-10282
- RESERVED
+CVE-2016-10282 (An elevation of privilege vulnerability in the MediaTek thermal driver ...)
NOT-FOR-US: Mediatek driver for Android
-CVE-2016-10281
- RESERVED
+CVE-2016-10281 (An elevation of privilege vulnerability in the MediaTek thermal driver ...)
NOT-FOR-US: Mediatek driver for Android
-CVE-2016-10280
- RESERVED
+CVE-2016-10280 (An elevation of privilege vulnerability in the MediaTek thermal driver ...)
NOT-FOR-US: Mediatek driver for Android
CVE-2016-10279
RESERVED
@@ -4469,17 +4467,13 @@
CVE-2016-10278
RESERVED
NOT-FOR-US: Qualcomm components for Android
-CVE-2016-10277
- RESERVED
+CVE-2016-10277 (An elevation of privilege vulnerability in the Motorola bootloader ...)
NOT-FOR-US: Motorola component for Android
-CVE-2016-10276
- RESERVED
+CVE-2016-10276 (An elevation of privilege vulnerability in the Qualcomm bootloader ...)
NOT-FOR-US: Qualcomm component for Android
-CVE-2016-10275
- RESERVED
+CVE-2016-10275 (An elevation of privilege vulnerability in the Qualcomm bootloader ...)
NOT-FOR-US: Qualcomm component for Android
-CVE-2016-10274
- RESERVED
+CVE-2016-10274 (An elevation of privilege vulnerability in the MediaTek touchscreen ...)
NOT-FOR-US: Mediatek driver for Android
CVE-2015-9018
RESERVED
@@ -19170,16 +19164,16 @@
RESERVED
CVE-2017-2168
RESERVED
-CVE-2017-2167
- RESERVED
+CVE-2017-2167 (Untrusted search path vulnerability in Installer for PrimeDrive ...)
+ TODO: check
CVE-2017-2166
RESERVED
CVE-2017-2165
RESERVED
-CVE-2017-2164
- RESERVED
-CVE-2017-2163
- RESERVED
+CVE-2017-2164 (Cross-site scripting vulnerability in SOY CMS with installer 1.8.12 ...)
+ TODO: check
+CVE-2017-2163 (Directory traversal vulnerability in SOY CMS Ver.1.8.1 to Ver.1.8.12 ...)
+ TODO: check
CVE-2017-2162
RESERVED
CVE-2017-2161
@@ -19190,8 +19184,8 @@
RESERVED
CVE-2017-2158
RESERVED
-CVE-2017-2157
- RESERVED
+CVE-2017-2157 (Untrusted search path vulnerability in installers for The Public ...)
+ TODO: check
CVE-2017-2156 (Untrusted search path vulnerability in Vivaldi installer for Windows ...)
NOT-FOR-US: Vivaldi installer Windows
CVE-2017-2155 (Buffer overflow in Hoozin Viewer 2, 3, 4.1.5.15 and earlier, 5.1.2.13 ...)
@@ -19260,8 +19254,8 @@
NOT-FOR-US: OneThird CMS
CVE-2017-2123 (Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven's Door ...)
NOT-FOR-US: OneThird CMS
-CVE-2017-2122
- RESERVED
+CVE-2017-2122 (Cross-site scripting vulnerability in Nessus versions 6.8.0, 6.8.1, ...)
+ TODO: check
CVE-2017-2121
RESERVED
CVE-2017-2120 (SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows ...)
@@ -22379,141 +22373,105 @@
RESERVED
CVE-2017-0636
RESERVED
-CVE-2017-0635
- RESERVED
-CVE-2017-0634
- RESERVED
+CVE-2017-0635 (A remote denial of service vulnerability in HevcUtils.cpp in ...)
+ TODO: check
+CVE-2017-0634 (An information disclosure vulnerability in the Synaptics touchscreen ...)
NOT-FOR-US: Synaptics driver for Android
-CVE-2017-0633
- RESERVED
+CVE-2017-0633 (An information disclosure vulnerability in the Broadcom Wi-Fi driver ...)
NOT-FOR-US: Broadcom driver for Android
-CVE-2017-0632
- RESERVED
+CVE-2017-0632 (An information disclosure vulnerability in the Qualcomm sound codec ...)
NOT-FOR-US: Qualcomm driver for Android
-CVE-2017-0631
- RESERVED
+CVE-2017-0631 (An information disclosure vulnerability in the Qualcomm camera driver ...)
NOT-FOR-US: Qualcomm driver for Android
-CVE-2017-0630
- RESERVED
+CVE-2017-0630 (An information disclosure vulnerability in the kernel trace subsystem ...)
- linux <undetermined>
-CVE-2017-0629
- RESERVED
+CVE-2017-0629 (An information disclosure vulnerability in the Qualcomm camera driver ...)
NOT-FOR-US: Qualcomm driver for Android
-CVE-2017-0628
- RESERVED
+CVE-2017-0628 (An information disclosure vulnerability in the Qualcomm camera driver ...)
NOT-FOR-US: Qualcomm driver for Android
-CVE-2017-0627
- RESERVED
+CVE-2017-0627 (An information disclosure vulnerability in the kernel UVC driver could ...)
- linux <undetermined>
-CVE-2017-0626
- RESERVED
+CVE-2017-0626 (An information disclosure vulnerability in the Qualcomm crypto engine ...)
NOT-FOR-US: Qualcomm driver for Android
-CVE-2017-0625
- RESERVED
+CVE-2017-0625 (An information disclosure vulnerability in the MediaTek command queue ...)
NOT-FOR-US: Mediatek driver for Android
-CVE-2017-0624
- RESERVED
+CVE-2017-0624 (An information disclosure vulnerability in the Qualcomm Wi-Fi driver ...)
NOT-FOR-US: Qualcomm driver for Android
-CVE-2017-0623
- RESERVED
+CVE-2017-0623 (An elevation of privilege vulnerability in the HTC bootloader could ...)
NOT-FOR-US: HTC driver for Android
-CVE-2017-0622
- RESERVED
+CVE-2017-0622 (An elevation of privilege vulnerability in the Goodix touchscreen ...)
NOT-FOR-US: Goodix driver for Android
-CVE-2017-0621
- RESERVED
+CVE-2017-0621 (An elevation of privilege vulnerability in the Qualcomm camera driver ...)
NOT-FOR-US: Qualcomm driver for Android
-CVE-2017-0620
- RESERVED
+CVE-2017-0620 (An elevation of privilege vulnerability in the Qualcomm Secure Channel ...)
NOT-FOR-US: Qualcomm driver for Android
-CVE-2017-0619
- RESERVED
+CVE-2017-0619 (An elevation of privilege vulnerability in the Qualcomm pin controller ...)
NOT-FOR-US: Qualcomm driver for Android
-CVE-2017-0618
- RESERVED
+CVE-2017-0618 (An elevation of privilege vulnerability in the MediaTek command queue ...)
NOT-FOR-US: Mediatek driver for Android
-CVE-2017-0617
- RESERVED
+CVE-2017-0617 (An elevation of privilege vulnerability in the MediaTek video driver ...)
NOT-FOR-US: Mediatek driver for Android
-CVE-2017-0616
- RESERVED
+CVE-2017-0616 (An elevation of privilege vulnerability in the MediaTek system ...)
NOT-FOR-US: Mediatek driver for Android
-CVE-2017-0615
- RESERVED
+CVE-2017-0615 (An elevation of privilege vulnerability in the MediaTek power driver ...)
NOT-FOR-US: Mediatek driver for Android
-CVE-2017-0614
- RESERVED
+CVE-2017-0614 (An elevation of privilege vulnerability in the Qualcomm Secure ...)
NOT-FOR-US: Qualcomm driver for Android
-CVE-2017-0613
- RESERVED
+CVE-2017-0613 (An elevation of privilege vulnerability in the Qualcomm Secure ...)
NOT-FOR-US: Qualcomm driver for Android
-CVE-2017-0612
- RESERVED
+CVE-2017-0612 (An elevation of privilege vulnerability in the Qualcomm Secure ...)
NOT-FOR-US: Qualcomm driver for Android
-CVE-2017-0611
- RESERVED
+CVE-2017-0611 (An elevation of privilege vulnerability in the Qualcomm sound driver ...)
NOT-FOR-US: Qualcomm driver for Android
-CVE-2017-0610
- RESERVED
+CVE-2017-0610 (An elevation of privilege vulnerability in the Qualcomm sound driver ...)
NOT-FOR-US: Qualcomm driver for Android
-CVE-2017-0609
- RESERVED
+CVE-2017-0609 (An elevation of privilege vulnerability in the Qualcomm sound driver ...)
NOT-FOR-US: Qualcomm driver for Android
-CVE-2017-0608
- RESERVED
+CVE-2017-0608 (An elevation of privilege vulnerability in the Qualcomm sound driver ...)
NOT-FOR-US: Qualcomm driver for Android
-CVE-2017-0607
- RESERVED
+CVE-2017-0607 (An elevation of privilege vulnerability in the Qualcomm sound driver ...)
NOT-FOR-US: Qualcomm driver for Android
-CVE-2017-0606
- RESERVED
+CVE-2017-0606 (An elevation of privilege vulnerability in the Qualcomm sound driver ...)
NOT-FOR-US: Qualcomm driver for Android
-CVE-2017-0605
- RESERVED
+CVE-2017-0605 (An elevation of privilege vulnerability in the kernel trace subsystem ...)
- linux <undetermined>
NOTE: https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=2161ae9a70b12cf18ac8e5952a20161ffbccb477
-CVE-2017-0604
- RESERVED
+CVE-2017-0604 (An elevation of privilege vulnerability in the kernel Qualcomm power ...)
NOT-FOR-US: Qualcomm driver for Android
-CVE-2017-0603
- RESERVED
-CVE-2017-0602
- RESERVED
+CVE-2017-0603 (A denial of service vulnerability in libstagefright in Mediaserver ...)
+ TODO: check
+CVE-2017-0602 (An information disclosure vulnerability in Bluetooth could allow a ...)
NOT-FOR-US: Android
-CVE-2017-0601
- RESERVED
+CVE-2017-0601 (An Elevation of Privilege vulnerability in Bluetooth could potentially ...)
NOT-FOR-US: Android
-CVE-2017-0600
- RESERVED
-CVE-2017-0599
- RESERVED
-CVE-2017-0598
- RESERVED
+CVE-2017-0600 (A remote denial of service vulnerability in libstagefright in ...)
+ TODO: check
+CVE-2017-0599 (A remote denial of service vulnerability in libhevc in Mediaserver ...)
+ TODO: check
+CVE-2017-0598 (An information disclosure vulnerability in the Framework APIs could ...)
NOT-FOR-US: Android
-CVE-2017-0597
- RESERVED
+CVE-2017-0597 (An elevation of privilege vulnerability in Audioserver could enable a ...)
NOT-FOR-US: Android Audioserver
-CVE-2017-0596
- RESERVED
-CVE-2017-0595
- RESERVED
-CVE-2017-0594
- RESERVED
-CVE-2017-0593
- RESERVED
+CVE-2017-0596 (An elevation of privilege vulnerability in libstagefright in ...)
+ TODO: check
+CVE-2017-0595 (An elevation of privilege vulnerability in libstagefright in ...)
+ TODO: check
+CVE-2017-0594 (An elevation of privilege vulnerability in ...)
+ TODO: check
+CVE-2017-0593 (An elevation of privilege vulnerability in the Framework APIs could ...)
NOT-FOR-US: Android
-CVE-2017-0592
- RESERVED
-CVE-2017-0591
- RESERVED
-CVE-2017-0590
- RESERVED
-CVE-2017-0589
- RESERVED
-CVE-2017-0588
- RESERVED
-CVE-2017-0587
- RESERVED
+CVE-2017-0592 (A remote code execution vulnerability in FLACExtractor.cpp in ...)
+ TODO: check
+CVE-2017-0591 (A remote code execution vulnerability in libavc in Mediaserver could ...)
+ TODO: check
+CVE-2017-0590 (A remote code execution vulnerability in libhevc in Mediaserver could ...)
+ TODO: check
+CVE-2017-0589 (A remote code execution vulnerability in libhevc in Mediaserver could ...)
+ TODO: check
+CVE-2017-0588 (A remote code execution vulnerability in id3/ID3.cpp in libstagefright ...)
+ TODO: check
+CVE-2017-0587 (A remote code execution vulnerability in libmpeg2 in Mediaserver could ...)
+ TODO: check
CVE-2017-0586 (An information disclosure vulnerability in the Qualcomm sound driver ...)
NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0585 (An information disclosure vulnerability in the Broadcom Wi-Fi driver ...)
@@ -22712,8 +22670,7 @@
NOT-FOR-US: Android Mediaserver
CVE-2017-0494 (An information disclosure vulnerability in AOSP Messaging could enable ...)
NOT-FOR-US: Android
-CVE-2017-0493
- RESERVED
+CVE-2017-0493 (An information disclosure vulnerability in File-Based Encryption could ...)
NOT-FOR-US: Android
CVE-2017-0492 (An elevation of privilege vulnerability in the System UI could enable ...)
NOT-FOR-US: Android
@@ -22769,8 +22726,7 @@
NOT-FOR-US: Android Mediaserver
CVE-2017-0466 (A remote code execution vulnerability in Mediaserver could enable an ...)
NOT-FOR-US: Android Mediaserver
-CVE-2017-0465
- RESERVED
+CVE-2017-0465 (An elevation of privilege vulnerability in the Qualcomm ADSPRPC driver ...)
NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0464 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver ...)
NOT-FOR-US: Qualcomm driver for Android
@@ -28271,7 +28227,7 @@
RESERVED
CVE-2017-0291
RESERVED
-CVE-2017-0290 (NScript in mpengine in Microsoft Malware Protection Engine with Engine ...)
+CVE-2017-0290 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...)
NOT-FOR-US: Microsoft
CVE-2017-0289
RESERVED
@@ -28289,62 +28245,62 @@
RESERVED
CVE-2017-0282
RESERVED
-CVE-2017-0281
- RESERVED
-CVE-2017-0280
- RESERVED
-CVE-2017-0279
- RESERVED
-CVE-2017-0278
- RESERVED
-CVE-2017-0277
- RESERVED
-CVE-2017-0276
- RESERVED
-CVE-2017-0275
- RESERVED
-CVE-2017-0274
- RESERVED
-CVE-2017-0273
- RESERVED
-CVE-2017-0272
- RESERVED
-CVE-2017-0271
- RESERVED
-CVE-2017-0270
- RESERVED
-CVE-2017-0269
- RESERVED
-CVE-2017-0268
- RESERVED
-CVE-2017-0267
- RESERVED
-CVE-2017-0266
- RESERVED
-CVE-2017-0265
- RESERVED
-CVE-2017-0264
- RESERVED
-CVE-2017-0263
- RESERVED
-CVE-2017-0262
- RESERVED
-CVE-2017-0261
- RESERVED
+CVE-2017-0281 (Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office ...)
+ TODO: check
+CVE-2017-0280 (The Microsoft Server Message Block 1.0 (SMBv1) allows denial of ...)
+ TODO: check
+CVE-2017-0279 (The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft ...)
+ TODO: check
+CVE-2017-0278 (The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft ...)
+ TODO: check
+CVE-2017-0277 (The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft ...)
+ TODO: check
+CVE-2017-0276 (Microsoft Server Message Block 1.0 (SMBv1) allows an information ...)
+ TODO: check
+CVE-2017-0275 (Microsoft Server Message Block 1.0 (SMBv1) allows an information ...)
+ TODO: check
+CVE-2017-0274 (Microsoft Server Message Block 1.0 (SMBv1) allows an information ...)
+ TODO: check
+CVE-2017-0273 (The Microsoft Server Message Block 1.0 (SMBv1) allows denial of ...)
+ TODO: check
+CVE-2017-0272 (The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft ...)
+ TODO: check
+CVE-2017-0271 (Microsoft Server Message Block 1.0 (SMBv1) allows an information ...)
+ TODO: check
+CVE-2017-0270 (Microsoft Server Message Block 1.0 (SMBv1) allows an information ...)
+ TODO: check
+CVE-2017-0269 (The Microsoft Server Message Block 1.0 (SMBv1) allows denial of ...)
+ TODO: check
+CVE-2017-0268 (Microsoft Server Message Block 1.0 (SMBv1) allows an information ...)
+ TODO: check
+CVE-2017-0267 (Microsoft Server Message Block 1.0 (SMBv1) allows an information ...)
+ TODO: check
+CVE-2017-0266 (A remote code execution vulnerability exists in Microsoft Edge in the ...)
+ TODO: check
+CVE-2017-0265 (Microsoft PowerPoint for Mac 2011 allows a remote code execution ...)
+ TODO: check
+CVE-2017-0264 (Microsoft PowerPoint for Mac 2011 allows a remote code execution ...)
+ TODO: check
+CVE-2017-0263 (The kernel-mode drivers in Microsoft Windows Server 2008 SP2 and R2 ...)
+ TODO: check
+CVE-2017-0262 (Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a ...)
+ TODO: check
+CVE-2017-0261 (Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a ...)
+ TODO: check
CVE-2017-0260
RESERVED
-CVE-2017-0259
- RESERVED
-CVE-2017-0258
- RESERVED
+CVE-2017-0259 (The Windows kernel in Microsoft Windows 8.1, Windows Server 2012 R2, ...)
+ TODO: check
+CVE-2017-0258 (The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, ...)
+ TODO: check
CVE-2017-0257
RESERVED
-CVE-2017-0256
- RESERVED
-CVE-2017-0255
- RESERVED
-CVE-2017-0254
- RESERVED
+CVE-2017-0256 (A spoofing vulnerability exists when the ASP.NET Core fails to ...)
+ TODO: check
+CVE-2017-0255 (Microsoft SharePoint Foundation 2013 SP1 allows an elevation of ...)
+ TODO: check
+CVE-2017-0254 (Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office ...)
+ TODO: check
CVE-2017-0253
RESERVED
CVE-2017-0252
@@ -28353,66 +28309,66 @@
RESERVED
CVE-2017-0250
RESERVED
-CVE-2017-0249
- RESERVED
-CVE-2017-0248
- RESERVED
-CVE-2017-0247
- RESERVED
-CVE-2017-0246
- RESERVED
-CVE-2017-0245
- RESERVED
-CVE-2017-0244
- RESERVED
+CVE-2017-0249 (An elevation of privilege vulnerability exists when the ASP.NET Core ...)
+ TODO: check
+CVE-2017-0248 (Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and ...)
+ TODO: check
+CVE-2017-0247 (A denial of service vulnerability exists when the ASP.NET Core fails ...)
+ TODO: check
+CVE-2017-0246 (The Graphics Component in the kernel-mode drivers in Windows Server ...)
+ TODO: check
+CVE-2017-0245 (The kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows ...)
+ TODO: check
+CVE-2017-0244 (The kernel in Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 ...)
+ TODO: check
CVE-2017-0243
RESERVED
-CVE-2017-0242
- RESERVED
-CVE-2017-0241
- RESERVED
-CVE-2017-0240
- RESERVED
+CVE-2017-0242 (An information disclosure vulnerability exists in the way some ActiveX ...)
+ TODO: check
+CVE-2017-0241 (An elevation of privilege vulnerability exists when Microsoft Edge ...)
+ TODO: check
+CVE-2017-0240 (A remote code execution vulnerability exists in Microsoft Edge in the ...)
+ TODO: check
CVE-2017-0239
RESERVED
-CVE-2017-0238
- RESERVED
+CVE-2017-0238 (A remote code execution vulnerability exists in Microsoft browsers in ...)
+ TODO: check
CVE-2017-0237
RESERVED
-CVE-2017-0236
- RESERVED
-CVE-2017-0235
- RESERVED
-CVE-2017-0234
- RESERVED
-CVE-2017-0233
- RESERVED
+CVE-2017-0236 (A remote code execution vulnerability exists in Microsoft Edge in the ...)
+ TODO: check
+CVE-2017-0235 (A remote code execution vulnerability exists in Microsoft Edge in the ...)
+ TODO: check
+CVE-2017-0234 (A remote code execution vulnerability exists in Microsoft Edge in the ...)
+ TODO: check
+CVE-2017-0233 (An elevation of privilege vulnerability exists in Microsoft Edge that ...)
+ TODO: check
CVE-2017-0232
RESERVED
-CVE-2017-0231
- RESERVED
-CVE-2017-0230
- RESERVED
-CVE-2017-0229
- RESERVED
-CVE-2017-0228
- RESERVED
-CVE-2017-0227
- RESERVED
-CVE-2017-0226
- RESERVED
+CVE-2017-0231 (A spoofing vulnerability exists when Microsoft browsers render ...)
+ TODO: check
+CVE-2017-0230 (A remote code execution vulnerability exists in Microsoft Edge in the ...)
+ TODO: check
+CVE-2017-0229 (A remote code execution vulnerability exists in Microsoft Edge in the ...)
+ TODO: check
+CVE-2017-0228 (A remote code execution vulnerability exists in Microsoft browsers in ...)
+ TODO: check
+CVE-2017-0227 (A remote code execution vulnerability exists in Microsoft Edge in the ...)
+ TODO: check
+CVE-2017-0226 (A remote code execution vulnerability exists when Internet Explorer ...)
+ TODO: check
CVE-2017-0225
RESERVED
-CVE-2017-0224
- RESERVED
+CVE-2017-0224 (A remote code execution vulnerability exists in the way JavaScript ...)
+ TODO: check
CVE-2017-0223
RESERVED
-CVE-2017-0222
- RESERVED
-CVE-2017-0221
- RESERVED
-CVE-2017-0220
- RESERVED
+CVE-2017-0222 (A remote code execution vulnerability exists when Internet Explorer ...)
+ TODO: check
+CVE-2017-0221 (A vulnerability exists when Microsoft Edge improperly accesses objects ...)
+ TODO: check
+CVE-2017-0220 (The Windows kernel in Windows Server 2008 SP2 and R2 SP1, Windows 7 ...)
+ TODO: check
CVE-2017-0219
RESERVED
CVE-2017-0218
@@ -28423,12 +28379,12 @@
RESERVED
CVE-2017-0215
RESERVED
-CVE-2017-0214
- RESERVED
-CVE-2017-0213
- RESERVED
-CVE-2017-0212
- RESERVED
+CVE-2017-0214 (Windows COM in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...)
+ TODO: check
+CVE-2017-0213 (Windows COM Aggregate Marshaler in Microsoft Windows Server 2008 SP2 ...)
+ TODO: check
+CVE-2017-0212 (Windows Hyper-V allows an elevation of privilege vulnerability when ...)
+ TODO: check
CVE-2017-0211 (An elevation of privilege vulnerability exists in Windows 10, Windows ...)
NOT-FOR-US: Microsoft
CVE-2017-0210 (An elevation of privilege vulnerability exists when Internet Explorer ...)
@@ -28471,8 +28427,8 @@
NOT-FOR-US: Microsoft
CVE-2017-0191 (A denial of service vulnerability exists in the way that Windows 7, ...)
NOT-FOR-US: Microsoft
-CVE-2017-0190
- RESERVED
+CVE-2017-0190 (The GDI component in Microsoft Windows Server 2008 SP2 and R2 SP1, ...)
+ TODO: check
CVE-2017-0189 (An elevation of privilege vulnerability exists in Windows 10 when the ...)
NOT-FOR-US: Microsoft
CVE-2017-0188 (A Win32k information disclosure vulnerability exists in Windows 8.1, ...)
@@ -28501,16 +28457,16 @@
RESERVED
CVE-2017-0176
RESERVED
-CVE-2017-0175
- RESERVED
+CVE-2017-0175 (The Windows kernel in Windows Server 2008 SP2 and R2 SP1, and Windows ...)
+ TODO: check
CVE-2017-0174
RESERVED
CVE-2017-0173
RESERVED
CVE-2017-0172
RESERVED
-CVE-2017-0171
- RESERVED
+CVE-2017-0171 (Windows DNS Server allows a denial of service vulnerability when ...)
+ TODO: check
CVE-2017-0170
RESERVED
CVE-2017-0169 (An information disclosure vulnerability exists when Windows Hyper-V ...)
@@ -28697,8 +28653,8 @@
NOT-FOR-US: Microsoft
CVE-2017-0078 (The kernel-mode drivers in Microsoft Windows 8.1; Windows Server 2012 ...)
NOT-FOR-US: Microsoft
-CVE-2017-0077
- RESERVED
+CVE-2017-0077 (The kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows ...)
+ TODO: check
CVE-2017-0076 (Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and ...)
NOT-FOR-US: Microsoft
CVE-2017-0075 (Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and ...)
@@ -28723,8 +28679,8 @@
NOT-FOR-US: Microsoft
CVE-2017-0065 (Microsoft Edge allows remote attackers to obtain sensitive information ...)
NOT-FOR-US: Microsoft
-CVE-2017-0064
- RESERVED
+CVE-2017-0064 (A security feature bypass vulnerability exists in Internet Explorer ...)
+ TODO: check
CVE-2017-0063 (The Color Management Module (ICM32.dll) memory handling functionality ...)
NOT-FOR-US: Microsoft
CVE-2017-0062 (The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; ...)
@@ -39914,30 +39870,30 @@
NOT-FOR-US: ZOHO ManageEngine ServiceDesk Plus
CVE-2016-4888 (Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ...)
NOT-FOR-US: ZOHO ManageEngine ServiceDesk Plus
-CVE-2016-4887
- RESERVED
-CVE-2016-4886
- RESERVED
-CVE-2016-4885
- RESERVED
-CVE-2016-4884
- RESERVED
-CVE-2016-4883
- RESERVED
-CVE-2016-4882
- RESERVED
-CVE-2016-4881
- RESERVED
-CVE-2016-4880
- RESERVED
-CVE-2016-4879
- RESERVED
-CVE-2016-4878
- RESERVED
-CVE-2016-4877
- RESERVED
-CVE-2016-4876
- RESERVED
+CVE-2016-4887 (Cross-site request forgery (CSRF) vulnerability in baserCMS plugin ...)
+ TODO: check
+CVE-2016-4886 (Cross-site request forgery (CSRF) vulnerability in baserCMS plugin ...)
+ TODO: check
+CVE-2016-4885 (Cross-site request forgery (CSRF) vulnerability in baserCMS plugin ...)
+ TODO: check
+CVE-2016-4884 (Cross-site request forgery (CSRF) vulnerability in baserCMS plugin ...)
+ TODO: check
+CVE-2016-4883 (Cross-site scripting vulnerability in baserCMS version 3.0.10 and ...)
+ TODO: check
+CVE-2016-4882 (Cross-site request forgery (CSRF) vulnerability in baserCMS version ...)
+ TODO: check
+CVE-2016-4881 (Cross-site request forgery (CSRF) vulnerability in baserCMS plugin ...)
+ TODO: check
+CVE-2016-4880 (Cross-site scripting vulnerability in baserCMS plugin Blog version ...)
+ TODO: check
+CVE-2016-4879 (Cross-site request forgery (CSRF) vulnerability in baserCMS plugin ...)
+ TODO: check
+CVE-2016-4878 (Cross-site request forgery (CSRF) vulnerability in baserCMS version ...)
+ TODO: check
+CVE-2016-4877 (Cross-site scripting vulnerability in baserCMS plugin Mail version ...)
+ TODO: check
+CVE-2016-4876 (Cross-site request forgery (CSRF) vulnerability in baserCMS version ...)
+ TODO: check
CVE-2016-4875 (Multiple cross-site scripting (XSS) vulnerabilities in the IVYWE (1) ...)
NOT-FOR-US: IVYWE
CVE-2016-4874 (Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct ...)
@@ -39960,8 +39916,8 @@
NOT-FOR-US: Cybozu
CVE-2016-4865 (Cross-site scripting (XSS) vulnerability in the "Customapp" function ...)
NOT-FOR-US: Cybozu
-CVE-2016-4864
- RESERVED
+CVE-2016-4864 (H2O versions 2.0.3 and earlier and 2.1.0-beta2 and earlier allows ...)
+ TODO: check
CVE-2016-4863
RESERVED
CVE-2016-4862 (Twigmo bundled with CS-Cart 4.3.9 and earlier and Twigmo bundled with ...)
@@ -39975,16 +39931,15 @@
NOTE: Fixed by: https://github.com/zendframework/zf1/commit/b1c71dd94296d9000127720c85a7ea9e3b35af4b (1.12.20)
CVE-2016-4860 (Yokogawa STARDOM FCN/FCJ controller R1.01 through R4.01 does not ...)
NOT-FOR-US: Yokogawa STARDOM
-CVE-2016-4859
- RESERVED
-CVE-2016-4858
- RESERVED
-CVE-2016-4857
- RESERVED
-CVE-2016-4856
- RESERVED
-CVE-2016-4855
- RESERVED
+CVE-2016-4859 (Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.3, ...)
+ TODO: check
+CVE-2016-4858 (Cross-site scripting vulnerability in Splunk Enterprise 6.4.x prior to ...)
+ TODO: check
+CVE-2016-4857 (Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, ...)
+ TODO: check
+CVE-2016-4856 (Cross-site scripting vulnerability in Splunk Enterprise 6.3.x prior to ...)
+ TODO: check
+CVE-2016-4855 (Cross-site scripting vulnerability in ADOdb versions prior to 5.20.6 ...)
{DLA-620-1}
- libphp-adodb 5.20.6-1 (unimportant; bug #837418)
[jessie] - libphp-adodb 5.15-1+deb8u1
@@ -40022,10 +39977,10 @@
NOT-FOR-US: Cybozu
CVE-2016-4840 (Coordinate Plus App for Android 1.0.2 and earlier and Coordinate Plus ...)
NOT-FOR-US: Coordinate Plus App for Android
-CVE-2016-4839
- RESERVED
-CVE-2016-4838
- RESERVED
+CVE-2016-4839 (The Android Apps Money Forward (prior to v7.18.0), Money Forward for ...)
+ TODO: check
+CVE-2016-4838 (The Android Apps Money Forward (prior to v7.18.0), Money Forward for ...)
+ TODO: check
CVE-2016-4837 (SQL injection vulnerability in the Seed Coupon plugin before 1.6 for ...)
NOT-FOR-US: EC-CUBE
CVE-2016-4836
@@ -56188,7 +56143,7 @@
CVE-2015-8273
RESERVED
CVE-2015-8272 (RTMPDump 2.4 allows remote attackers to trigger a denial of service ...)
- {DLA-917-1}
+ {DSA-3850-1 DLA-917-1}
- rtmpdump 2.4+20151223.gitfa8646d.1-1
NOTE: http://git.ffmpeg.org/gitweb/rtmpdump.git/commitdiff/4312322107a94c81d3ec5b98f91bc6b923551dc5
NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0068/
@@ -56196,7 +56151,7 @@
NOTE: to missing upstream source import the fixes are really only present in
NOTE: 2.4+20151223.gitfa8646d.1-1
CVE-2015-8271 (The AMF3CD_AddProp function in amf.c in RTMPDump 2.4 allows remote ...)
- {DLA-917-1}
+ {DSA-3850-1 DLA-917-1}
- rtmpdump 2.4+20151223.gitfa8646d.1-1
NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0067/
NOTE: http://git.ffmpeg.org/gitweb/rtmpdump.git/commitdiff/39ec7eda489717d503bc4cbfaa591c93205695b6
@@ -56205,7 +56160,7 @@
NOTE: to missing upstream source import the fixes are really only present in
NOTE: 2.4+20151223.gitfa8646d.1-1
CVE-2015-8270 (The AMF3ReadString function in amf.c in RTMPDump 2.4 allows remote ...)
- {DLA-917-1}
+ {DSA-3850-1 DLA-917-1}
- rtmpdump 2.4+20151223.gitfa8646d.1-1
NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0066/
NOTE: http://git.ffmpeg.org/gitweb/rtmpdump.git/commitdiff/10b580aabcec1621b25518271ba1ab2b018be88e
@@ -61202,7 +61157,7 @@
CVE-2015-6543
RESERVED
CVE-2015-6542
- RESERVED
+ REJECTED
CVE-2015-6541 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Mail ...)
NOT-FOR-US: Zimbra
CVE-2015-6540
More information about the Secure-testing-commits
mailing list