[Secure-testing-commits] r55725 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Wed Sep 13 09:10:13 UTC 2017
Author: sectracker
Date: 2017-09-13 09:10:13 +0000 (Wed, 13 Sep 2017)
New Revision: 55725
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-09-13 07:35:44 UTC (rev 55724)
+++ data/CVE/list 2017-09-13 09:10:13 UTC (rev 55725)
@@ -1,3 +1,135 @@
+CVE-2017-14412 (An invalid memory write was discovered in copy_mp in interface.c in ...)
+ TODO: check
+CVE-2017-14411 (A stack-based buffer overflow was discovered in copy_mp in interface.c ...)
+ TODO: check
+CVE-2017-14410 (A buffer over-read was discovered in III_i_stereo in layer3.c in ...)
+ TODO: check
+CVE-2017-14409 (A buffer overflow was discovered in III_dequantize_sample in layer3.c ...)
+ TODO: check
+CVE-2017-14408 (A stack-based buffer over-read was discovered in dct36 in layer3.c in ...)
+ TODO: check
+CVE-2017-14407 (A stack-based buffer over-read was discovered in filterYule in ...)
+ TODO: check
+CVE-2017-14406 (A NULL pointer dereference was discovered in sync_buffer in interface.c ...)
+ TODO: check
+CVE-2017-14405 (The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote ...)
+ TODO: check
+CVE-2017-14404 (The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows local file ...)
+ TODO: check
+CVE-2017-14403 (The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection ...)
+ TODO: check
+CVE-2017-14402 (The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection ...)
+ TODO: check
+CVE-2017-14401 (The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection ...)
+ TODO: check
+CVE-2017-14400 (In ImageMagick 7.0.7-1 Q16, the PersistPixelCache function in ...)
+ TODO: check
+CVE-2017-14399 (In BlackCat CMS 1.2.2, unrestricted file upload is possible in ...)
+ TODO: check
+CVE-2017-14398 (rzpnk.sys in Razer Synapse 2.20.15.1104 allows local users to read and ...)
+ TODO: check
+CVE-2017-14397 (AnyDesk before 3.6.1 on Windows has a DLL injection vulnerability. ...)
+ TODO: check
+CVE-2017-14396 (In osTicket 1.10, SQL injection is possible by constructing an array ...)
+ TODO: check
+CVE-2017-14395
+ RESERVED
+CVE-2017-14394
+ RESERVED
+CVE-2017-14393
+ RESERVED
+CVE-2017-14392
+ RESERVED
+CVE-2017-14391
+ RESERVED
+CVE-2017-14390
+ RESERVED
+CVE-2017-14389
+ RESERVED
+CVE-2017-14388
+ RESERVED
+CVE-2017-14387
+ RESERVED
+CVE-2017-14386
+ RESERVED
+CVE-2017-14385
+ RESERVED
+CVE-2017-14384
+ RESERVED
+CVE-2017-14383
+ RESERVED
+CVE-2017-14382
+ RESERVED
+CVE-2017-14381
+ RESERVED
+CVE-2017-14380
+ RESERVED
+CVE-2017-14379
+ RESERVED
+CVE-2017-14378
+ RESERVED
+CVE-2017-14377
+ RESERVED
+CVE-2017-14376
+ RESERVED
+CVE-2017-14375
+ RESERVED
+CVE-2017-14374
+ RESERVED
+CVE-2017-14373
+ RESERVED
+CVE-2017-14372
+ RESERVED
+CVE-2017-14371
+ RESERVED
+CVE-2017-14370
+ RESERVED
+CVE-2017-14369
+ RESERVED
+CVE-2017-14368
+ RESERVED
+CVE-2017-14367
+ RESERVED
+CVE-2017-14366
+ RESERVED
+CVE-2017-14365
+ RESERVED
+CVE-2017-14364
+ RESERVED
+CVE-2017-14363
+ RESERVED
+CVE-2017-14362
+ RESERVED
+CVE-2017-14361
+ RESERVED
+CVE-2017-14360
+ RESERVED
+CVE-2017-14359
+ RESERVED
+CVE-2017-14358
+ RESERVED
+CVE-2017-14357
+ RESERVED
+CVE-2017-14356
+ RESERVED
+CVE-2017-14355
+ RESERVED
+CVE-2017-14354
+ RESERVED
+CVE-2017-14353
+ RESERVED
+CVE-2017-14352
+ RESERVED
+CVE-2017-14351
+ RESERVED
+CVE-2017-14350
+ RESERVED
+CVE-2017-14349
+ RESERVED
+CVE-2015-9230 (In the admin/db-backup-security/db-backup-security.php page in the ...)
+ TODO: check
+CVE-2015-9229 (In the nggallery-manage-gallery page in the Photocrati NextGEN Gallery ...)
+ TODO: check
CVE-2017-14347 (NexusPHP 1.5.beta5.20120707 has XSS in the returnto parameter to ...)
NOT-FOR-US: NexusPHP
CVE-2017-14346 (upload.php in tianchoy/blog through 2017-09-12 allows unrestricted file ...)
@@ -1680,9 +1812,10 @@
NOTE: Fixed by: https://github.com/vadz/libtiff/commit/f91ca83a21a6a583050e5a5755ce1441b2bf1d7e
CVE-2017-13725
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
-CVE-2017-13724
- RESERVED
+CVE-2017-13724 (On the Axesstel MU553S MU55XS-V1.14, there is a Stored Cross Site ...)
+ TODO: check
CVE-2017-13723
RESERVED
CVE-2017-13722
@@ -1817,15 +1950,19 @@
RESERVED
CVE-2017-13690
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-13689
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-13688
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-13687
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-13686 (net/ipv4/route.c in the Linux kernel 4.13-rc1 through 4.13-rc6 is too ...)
- linux <not-affected> (Vulnerable code not present)
@@ -3127,216 +3264,287 @@
RESERVED
CVE-2017-13055
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-13054
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-13053
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-13052
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-13051
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-13050
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-13049 [buffer over-read in print-rx.c:ubik_print()]
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-13048
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-13047
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-13046
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-13045
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-13044
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-13043
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-13042
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-13041
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-13040
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-13039
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-13038
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-13037
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-13036
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-13035
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-13034
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-13033
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-13032
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-13031
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-13030
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-13029
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-13028
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-13027
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-13026
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-13025
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-13024
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-13023
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-13022
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-13021
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-13020
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-13019
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-13018
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-13017
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-13016
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-13015
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-13014
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-13013
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-13012
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-13011
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-13010
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-13009
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-13008
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-13007
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-13006
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-13005
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-13004
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-13003
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-13002
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-13001
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-13000
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-12999
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-12998
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-12997
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-12996
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-12995
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-12994
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-12993
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-12992
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-12991
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-12990
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-12989
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-12988
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-12987
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-12986
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-12985
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-12984 (PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.php, ...)
NOT-FOR-US: PHPMyWind
@@ -3643,33 +3851,43 @@
RESERVED
CVE-2017-12902
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-12901
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-12900
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-12899
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-12898
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-12897
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-12896
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-12895
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-12894
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-12893
RESERVED
+ {DSA-3971-1}
- tcpdump 4.9.2-1
CVE-2017-12925 (Double free vulnerability in DfFromLB in docfile.cxx in libfpx ...)
NOT-FOR-US: libfpx
@@ -6879,18 +7097,18 @@
RESERVED
CVE-2017-11767
RESERVED
-CVE-2017-11766
- RESERVED
+CVE-2017-11766 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and ...)
+ TODO: check
CVE-2017-11765
RESERVED
-CVE-2017-11764
- RESERVED
+CVE-2017-11764 (Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server ...)
+ TODO: check
CVE-2017-11763
RESERVED
CVE-2017-11762
RESERVED
-CVE-2017-11761
- RESERVED
+CVE-2017-11761 (Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016 ...)
+ TODO: check
CVE-2017-11760 (uploadImage.php in ProjeQtOr before 6.3.2 allows remote authenticated ...)
NOT-FOR-US: ProjeQtOr
CVE-2017-11759
@@ -7726,17 +7944,17 @@
CVE-2017-11544
REJECTED
CVE-2017-11543 (tcpdump 4.9.0 has a buffer overflow in the sliplink_print function in ...)
- {DLA-1090-1}
+ {DSA-3971-1 DLA-1090-1}
- tcpdump 4.9.1-3 (bug #873806)
NOTE: Fixed by: https://github.com/the-tcpdump-group/tcpdump/commit/7039327875525278d17edee59720e29a3e76b7b3
NOTE: https://github.com/hackerlib/hackerlib-vul/tree/master/tcpdump-vul/global-overflow/print-sl
CVE-2017-11542 (tcpdump 4.9.0 has a heap-based buffer over-read in the pimv1_print ...)
- {DLA-1090-1}
+ {DSA-3971-1 DLA-1090-1}
- tcpdump 4.9.1-3 (bug #873805)
NOTE: Fixed by: https://github.com/the-tcpdump-group/tcpdump/commit/bed48062a64fca524156d7684af19f5b4a116fae
NOTE: https://github.com/hackerlib/hackerlib-vul/tree/master/tcpdump-vul/heap-buffer-overflow/print-pim
CVE-2017-11541 (tcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print ...)
- {DLA-1090-1}
+ {DSA-3971-1 DLA-1090-1}
- tcpdump 4.9.1-3 (bug #873804)
NOTE: Fixed by: https://github.com/the-tcpdump-group/tcpdump/commit/21d702a136c5c16882e368af7c173df728242280
NOTE: https://github.com/hackerlib/hackerlib-vul/tree/master/tcpdump-vul/heap-buffer-overflow/util-print
@@ -8267,10 +8485,10 @@
NOT-FOR-US: PEGA Platform
CVE-2017-11354 (Fiyo CMS v2.0.7 has an SQL injection vulnerability in ...)
NOT-FOR-US: Fiyo CMS
-CVE-2017-11351
- RESERVED
-CVE-2017-11350
- RESERVED
+CVE-2017-11351 (Axesstel MU553S MU55XS-V1.14 devices have a default password of admin ...)
+ TODO: check
+CVE-2017-11350 (Cross-Site Request Forgery (CSRF) exists in cgi-bin/ConfigSet on ...)
+ TODO: check
CVE-2017-11349 (dataTaker DT8x dEX 1.72.007 allows remote attackers to compose programs ...)
NOT-FOR-US: dataTaker
CVE-2017-11348 (In Octopus Deploy 3.x before 3.15.4, an authenticated user with ...)
@@ -9172,7 +9390,7 @@
[jessie] - vim <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1468492
CVE-2017-11108 (tcpdump 4.9.0 allows remote attackers to cause a denial of service ...)
- {DLA-1090-1}
+ {DSA-3971-1 DLA-1090-1}
- tcpdump 4.9.1-1 (bug #867718)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1468504
NOTE: Proposed patch: https://github.com/the-tcpdump-group/tcpdump/pull/617
@@ -15866,177 +16084,176 @@
RESERVED
CVE-2017-8760 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...)
NOT-FOR-US: Accellion FTA devices
-CVE-2017-8759
- RESERVED
-CVE-2017-8758
- RESERVED
-CVE-2017-8757
- RESERVED
-CVE-2017-8756
- RESERVED
-CVE-2017-8755
- RESERVED
-CVE-2017-8754
- RESERVED
-CVE-2017-8753
- RESERVED
-CVE-2017-8752
- RESERVED
+CVE-2017-8759 (Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and ...)
+ TODO: check
+CVE-2017-8758 (Microsoft Exchange Server 2016 allows an elevation of privilege ...)
+ TODO: check
+CVE-2017-8757 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and ...)
+ TODO: check
+CVE-2017-8756 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and ...)
+ TODO: check
+CVE-2017-8755 (Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows ...)
+ TODO: check
+CVE-2017-8754 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and ...)
+ TODO: check
+CVE-2017-8753 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and ...)
+ TODO: check
+CVE-2017-8752 (Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows ...)
NOT-FOR-US: Apache Atlas
-CVE-2017-8751
- RESERVED
-CVE-2017-8750
- RESERVED
-CVE-2017-8749
- RESERVED
-CVE-2017-8748
- RESERVED
-CVE-2017-8747
- RESERVED
-CVE-2017-8746
- RESERVED
-CVE-2017-8745
- RESERVED
-CVE-2017-8744
- RESERVED
-CVE-2017-8743
- RESERVED
-CVE-2017-8742
- RESERVED
-CVE-2017-8741
- RESERVED
-CVE-2017-8740
- RESERVED
-CVE-2017-8739
- RESERVED
-CVE-2017-8738
- RESERVED
-CVE-2017-8737
- RESERVED
-CVE-2017-8736
- RESERVED
-CVE-2017-8735
- RESERVED
-CVE-2017-8734
- RESERVED
-CVE-2017-8733
- RESERVED
+CVE-2017-8751 (Microsoft Edge in Microsoft Windows 1703 allows an attacker to execute ...)
+ TODO: check
+CVE-2017-8750 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 ...)
+ TODO: check
+CVE-2017-8749 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 ...)
+ TODO: check
+CVE-2017-8748 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 ...)
+ TODO: check
+CVE-2017-8747 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 ...)
+ TODO: check
+CVE-2017-8746 (Windows Device Guard in Windows 10 1607, 1703, and Windows Server 2016 ...)
+ TODO: check
+CVE-2017-8745 (An elevation of privilege vulnerability exists in Microsoft SharePoint ...)
+ TODO: check
+CVE-2017-8744 (A remote code execution vulnerability exists in Excel Services, ...)
+ TODO: check
+CVE-2017-8743 (A remote code execution vulnerability exists in Microsoft PowerPoint ...)
+ TODO: check
+CVE-2017-8742 (A remote code execution vulnerability exists in Microsoft PowerPoint ...)
+ TODO: check
+CVE-2017-8741 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 ...)
+ TODO: check
+CVE-2017-8740 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to ...)
+ TODO: check
+CVE-2017-8739 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to ...)
+ TODO: check
+CVE-2017-8738 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and Windows ...)
+ TODO: check
+CVE-2017-8737 (Microsoft Windows PDF Library in Microsoft Windows 8.1 and Windows RT ...)
+ TODO: check
+CVE-2017-8736 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 ...)
+ TODO: check
+CVE-2017-8735 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and ...)
+ TODO: check
+CVE-2017-8734 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and ...)
+ TODO: check
+CVE-2017-8733 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 ...)
+ TODO: check
CVE-2017-8732
RESERVED
-CVE-2017-8731
- RESERVED
+CVE-2017-8731 (Microsoft Edge in Microsoft Windows 10 1607 and Windows Server 2016 ...)
+ TODO: check
CVE-2017-8730
RESERVED
-CVE-2017-8729
- RESERVED
-CVE-2017-8728
- RESERVED
+CVE-2017-8729 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to ...)
+ TODO: check
+CVE-2017-8728 (Microsoft Windows PDF Library in Microsoft Windows 8.1 and Windows RT ...)
+ TODO: check
CVE-2017-8727
RESERVED
CVE-2017-8726
RESERVED
-CVE-2017-8725
- RESERVED
-CVE-2017-8724
- RESERVED
-CVE-2017-8723
- RESERVED
+CVE-2017-8725 (A remote code execution vulnerability exists in Microsoft Publisher ...)
+ TODO: check
+CVE-2017-8724 (Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker ...)
+ TODO: check
+CVE-2017-8723 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and ...)
+ TODO: check
CVE-2017-8722
RESERVED
CVE-2017-8721
RESERVED
-CVE-2017-8720
- RESERVED
-CVE-2017-8719
- RESERVED
+CVE-2017-8720 (The Microsoft Windows graphics component on Microsoft Windows Server ...)
+ TODO: check
+CVE-2017-8719 (The Windows kernel component on Microsoft Windows Server 2008 SP2 and ...)
+ TODO: check
CVE-2017-8718
RESERVED
CVE-2017-8717
RESERVED
-CVE-2017-8716
- RESERVED
+CVE-2017-8716 (Windows Control Flow Guard in Microsoft Windows 10 Version 1703 allows ...)
+ TODO: check
CVE-2017-8715
RESERVED
-CVE-2017-8714
- RESERVED
-CVE-2017-8713
- RESERVED
-CVE-2017-8712
- RESERVED
-CVE-2017-8711
- RESERVED
-CVE-2017-8710
- RESERVED
-CVE-2017-8709
- RESERVED
-CVE-2017-8708
- RESERVED
-CVE-2017-8707
- RESERVED
-CVE-2017-8706
- RESERVED
+CVE-2017-8714 (The Windows Hyper-V component on Microsoft Windows 8.1, Windows Server ...)
+ TODO: check
+CVE-2017-8713 (The Windows Hyper-V component on Microsoft Windows Windows 8.1, ...)
+ TODO: check
+CVE-2017-8712 (The Windows Hyper-V component on Microsoft Windows 10 1607, 1703, and ...)
+ TODO: check
+CVE-2017-8711 (The Windows Hyper-V component on Microsoft Windows 10 1607 and Windows ...)
+ TODO: check
+CVE-2017-8710 (The Microsoft Common Console Document (.msc) in Microsoft Windows 7 ...)
+ TODO: check
+CVE-2017-8709 (The Windows kernel component on Microsoft Windows Server 2008 SP2 and ...)
+ TODO: check
+CVE-2017-8708 (The Windows kernel component on Microsoft Windows Server 2008 SP2 and ...)
+ TODO: check
+CVE-2017-8707 (The Windows Hyper-V component on Microsoft Windows Server 2008 SP2 and ...)
+ TODO: check
+CVE-2017-8706 (The Windows Hyper-V component on Microsoft Windows 10 Gold, 1511, ...)
+ TODO: check
CVE-2017-8705
RESERVED
-CVE-2017-8704
- RESERVED
+CVE-2017-8704 (The Windows Hyper-V component on Microsoft Windows 10 1607 and Windows ...)
+ TODO: check
CVE-2017-8703
RESERVED
-CVE-2017-8702
- RESERVED
+CVE-2017-8702 (Windows Error Reporting (WER) in Microsoft Windows 10 Gold, 1511, and ...)
+ TODO: check
CVE-2017-8701
RESERVED
CVE-2017-8700
RESERVED
-CVE-2017-8699
- RESERVED
+CVE-2017-8699 (Windows Shell in Microsoft Windows 7 SP1, Windows Server 2008 and R2 ...)
+ TODO: check
CVE-2017-8698
RESERVED
CVE-2017-8697
RESERVED
-CVE-2017-8696
- RESERVED
-CVE-2017-8695
- RESERVED
+CVE-2017-8696 (Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; ...)
+ TODO: check
+CVE-2017-8695 (Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; ...)
+ TODO: check
CVE-2017-8694
RESERVED
CVE-2017-8693
RESERVED
-CVE-2017-8692
- RESERVED
+CVE-2017-8692 (The Windows Uniscribe component on Microsoft Windows 8.1, Windows ...)
+ TODO: check
CVE-2017-8691 (Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow an ...)
NOT-FOR-US: Microsoft Windows
CVE-2017-8690
RESERVED
CVE-2017-8689
RESERVED
-CVE-2017-8688
- RESERVED
-CVE-2017-8687
- RESERVED
-CVE-2017-8686
- RESERVED
-CVE-2017-8685
- RESERVED
-CVE-2017-8684
- RESERVED
-CVE-2017-8683
- RESERVED
-CVE-2017-8682
- RESERVED
-CVE-2017-8681
- RESERVED
-CVE-2017-8680
- RESERVED
-CVE-2017-8679
- RESERVED
-CVE-2017-8678
- RESERVED
-CVE-2017-8677
- RESERVED
-CVE-2017-8676
- RESERVED
-CVE-2017-8675
- RESERVED
+CVE-2017-8688 (Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows ...)
+ TODO: check
+CVE-2017-8687 (The Windows kernel component on Microsoft Windows Server 2008 SP2 and ...)
+ TODO: check
+CVE-2017-8686 (The Windows Server DHCP service in Windows Server 2012 Gold and R2, ...)
+ TODO: check
+CVE-2017-8685 (Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, and ...)
+ TODO: check
+CVE-2017-8684 (Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows ...)
+ TODO: check
+CVE-2017-8683 (Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, ...)
+ TODO: check
+CVE-2017-8682 (Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, ...)
+ TODO: check
+CVE-2017-8681 (The Windows kernel component on Microsoft Windows Server 2008 SP2 and ...)
+ TODO: check
+CVE-2017-8680 (The Windows kernel component on Microsoft Windows Server 2008 SP2 and ...)
+ TODO: check
+CVE-2017-8679 (The Windows kernel component on Microsoft Windows Server 2008 SP2 and ...)
+ TODO: check
+CVE-2017-8678 (The Windows kernel component on Microsoft Windows Server 2008 SP2 and ...)
+ TODO: check
+CVE-2017-8677 (The Windows GDI+ component on Microsoft Windows Server 2008 SP2 and R2 ...)
+ TODO: check
+CVE-2017-8676 (The Windows Graphics Device Interface (GDI) in Microsoft Windows ...)
+ TODO: check
+CVE-2017-8675 (The Windows Kernel-Mode Drivers component on Microsoft Windows Server ...)
+ TODO: check
CVE-2017-8674 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to ...)
NOT-FOR-US: Microsoft
CVE-2017-8673 (The Remote Desktop Protocol (RDP) implementation in Microsoft Windows ...)
@@ -16065,8 +16282,8 @@
NOT-FOR-US: Microsoft
CVE-2017-8661 (Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server ...)
NOT-FOR-US: Microsoft
-CVE-2017-8660
- RESERVED
+CVE-2017-8660 (Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows ...)
+ TODO: check
CVE-2017-8659 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to ...)
NOT-FOR-US: Microsoft
CVE-2017-8658 (A remote code execution vulnerability exists in the way that the ...)
@@ -16087,10 +16304,10 @@
NOT-FOR-US: Microsoft
CVE-2017-8650 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to ...)
NOT-FOR-US: Microsoft
-CVE-2017-8649
- RESERVED
-CVE-2017-8648
- RESERVED
+CVE-2017-8649 (Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server ...)
+ TODO: check
+CVE-2017-8648 (Microsoft Edge in Microsoft Windows Version 1703 allows an attacker to ...)
+ TODO: check
CVE-2017-8647 (Microsoft Edge in Windows 10 1703 allows an attacker to execute ...)
NOT-FOR-US: Microsoft
CVE-2017-8646 (Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 ...)
@@ -16099,8 +16316,8 @@
NOT-FOR-US: Microsoft
CVE-2017-8644 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and ...)
NOT-FOR-US: Microsoft
-CVE-2017-8643
- RESERVED
+CVE-2017-8643 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and ...)
+ TODO: check
CVE-2017-8642 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to ...)
NOT-FOR-US: Microsoft
CVE-2017-8641 (Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 ...)
@@ -16121,16 +16338,15 @@
NOT-FOR-US: Microsoft
CVE-2017-8633 (Windows Error Reporting (WER) in Windows Server 2008 SP2 and R2 SP1, ...)
NOT-FOR-US: Microsoft
-CVE-2017-8632
- RESERVED
-CVE-2017-8631
- RESERVED
-CVE-2017-8630
- RESERVED
-CVE-2017-8629
- RESERVED
-CVE-2017-8628
- RESERVED
+CVE-2017-8632 (A remote code execution vulnerability exists in Microsoft Excel 2010 ...)
+ TODO: check
+CVE-2017-8631 (A remote code execution vulnerability exists in Excel Services, ...)
+ TODO: check
+CVE-2017-8630 (Microsoft Office 2016 allows a remote code execution vulnerability ...)
+ TODO: check
+CVE-2017-8629 (Microsoft SharePoint Server 2013 Service Pack 1 allows an elevation of ...)
+ TODO: check
+CVE-2017-8628 (Microsoft Bluetooth Driver in Windows Server 2008 SP2, Windows 7 SP1, ...)
NOT-FOR-US: Microsoft Windows
NOTE: https://www.armis.com/blueborne/
CVE-2017-8627 (Windows Subsystem for Linux in Windows 10 1703, allows a denial of ...)
@@ -16193,8 +16409,8 @@
NOT-FOR-US: Microsoft
CVE-2017-8598 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and ...)
NOT-FOR-US: Microsoft
-CVE-2017-8597
- RESERVED
+CVE-2017-8597 (Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker ...)
+ TODO: check
CVE-2017-8596 (Microsoft Edge in Microsoft Windows 10 1607, and 1703, and Windows ...)
NOT-FOR-US: Microsoft
CVE-2017-8595 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and ...)
@@ -16253,8 +16469,8 @@
NOT-FOR-US: Microsoft
CVE-2017-8568
RESERVED
-CVE-2017-8567
- RESERVED
+CVE-2017-8567 (A remote code execution vulnerability exists in Microsoft Excel for ...)
+ TODO: check
CVE-2017-8566 (Microsoft Windows 1607, 1703, and Windows Server 2016 allows an ...)
NOT-FOR-US: Microsoft
CVE-2017-8565 (Windows PowerShell in Windows Server 2008 SP2 and R2 SP1, Windows 7 ...)
@@ -17740,8 +17956,8 @@
RESERVED
CVE-2017-8016
RESERVED
-CVE-2017-8015
- RESERVED
+CVE-2017-8015 (EMC AppSync (all versions prior to 3.5) contains a SQL injection ...)
+ TODO: check
CVE-2017-8014
RESERVED
CVE-2017-8013
@@ -19940,8 +20156,8 @@
NOT-FOR-US: Veritas System Recovery
CVE-2017-7442 (Nitro Pro 11.0.3.173 allows remote attackers to execute arbitrary code ...)
NOT-FOR-US: Nitro Pro
-CVE-2017-7441
- RESERVED
+CVE-2017-7441 (In Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the ...)
+ TODO: check
CVE-2017-7440 (Kerio Connect 8.0.0 through 9.2.2, and Kerio Connect Client desktop ...)
NOT-FOR-US: Kerio
CVE-2017-7439 (NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 might ...)
@@ -24234,10 +24450,10 @@
- icoutils 0.31.2-1 (bug #854050)
NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=f148ae5af1c9eeb85610a5653a7f625dd6c3ac2e
NOTE: Proposed patch from Red Hat contributor: https://bugzilla.redhat.com/attachment.cgi?id=1256407
-CVE-2017-6008
- RESERVED
-CVE-2017-6007
- RESERVED
+CVE-2017-6008 (A kernel pool overflow in the driver hitmanpro37.sys in Sophos ...)
+ TODO: check
+CVE-2017-6007 (A kernel pool overflow in the driver hitmanpro37.sys in Sophos ...)
+ TODO: check
CVE-2017-6006
REJECTED
CVE-2017-6005 (Waves MaxxAudio, as installed on Dell laptops, adds a "WavesSysSvc" ...)
@@ -36994,10 +37210,10 @@
RESERVED
CVE-2017-1521
RESERVED
-CVE-2017-1520
- RESERVED
-CVE-2017-1519
- RESERVED
+CVE-2017-1520 (IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized ...)
+ TODO: check
+CVE-2017-1519 (IBM DB2 10.5 and 11.1 contains a denial of service vulnerability. A ...)
+ TODO: check
CVE-2017-1518
RESERVED
CVE-2017-1517
@@ -37130,10 +37346,10 @@
RESERVED
CVE-2017-1453
RESERVED
-CVE-2017-1452
- RESERVED
-CVE-2017-1451
- RESERVED
+CVE-2017-1452 (IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 ...)
+ TODO: check
+CVE-2017-1451 (IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 ...)
+ TODO: check
CVE-2017-1450 (IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to ...)
NOT-FOR-US: IBM
CVE-2017-1449 (IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to ...)
@@ -37156,18 +37372,18 @@
NOT-FOR-US: IBM
CVE-2017-1440 (IBM Emptoris Services Procurement 10.0.0.5 could allow a remote ...)
NOT-FOR-US: IBM
-CVE-2017-1439
- RESERVED
-CVE-2017-1438
- RESERVED
+CVE-2017-1439 (IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 ...)
+ TODO: check
+CVE-2017-1438 (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 ...)
+ TODO: check
CVE-2017-1437
RESERVED
CVE-2017-1436
RESERVED
CVE-2017-1435
RESERVED
-CVE-2017-1434
- RESERVED
+CVE-2017-1434 (IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) ...)
+ TODO: check
CVE-2017-1433
RESERVED
CVE-2017-1432
@@ -37330,8 +37546,8 @@
RESERVED
CVE-2017-1353
RESERVED
-CVE-2017-1352
- RESERVED
+CVE-2017-1352 (IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated ...)
+ TODO: check
CVE-2017-1351
RESERVED
CVE-2017-1350
@@ -37710,8 +37926,8 @@
RESERVED
CVE-2017-1163
RESERVED
-CVE-2017-1162
- RESERVED
+CVE-2017-1162 (IBM QRadar 7.2 and 7.3 discloses sensitive information to unauthorized ...)
+ TODO: check
CVE-2017-1161 (IBM API Connect 5.0.6.0 could allow a remote attacker to execute ...)
NOT-FOR-US: IBM
CVE-2017-1160 (IBM Financial Transaction Manager for ACH Services for Multi-Platform ...)
@@ -45121,8 +45337,8 @@
NOT-FOR-US: Microsoft
CVE-2017-0162 (A remote code execution vulnerability exists when Windows Hyper-V ...)
NOT-FOR-US: Microsoft
-CVE-2017-0161
- RESERVED
+CVE-2017-0161 (The Windows NetBT Session Services component on Microsoft Windows ...)
+ TODO: check
CVE-2017-0160 (Microsoft .NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 ...)
NOT-FOR-US: Microsoft
CVE-2017-0159 (A security feature bypass vulnerability exists in Windows 10 1607, ...)
More information about the Secure-testing-commits
mailing list