Salvatore Bonaccorso · Salvatore Bonaccorso · Salvatore Bonaccorso · Salvatore Bonaccorso · 89cdfe8e
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -516,7 +516,7 @@ CVE-2017-17934 (ImageMagick 7.0.7-17 Q16 x86_64 has memory leaks in coders/msl.c
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/3755d2289b032919c065f6ab11ef570063f7f828
 	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/08278c7cf1c0b4f1da4cdcfaa857ff6b2373a1b2
 CVE-2017-17933 (cgi/surgeftpmgr.cgi (aka the Web Manager interface on TCP port 7021 or ...)
-	TODO: check
+	NOT-FOR-US: NetWin SurgeFTP
 CVE-2017-17932 (A buffer overflow vulnerability exists in MediaServer.exe in ALLPlayer ...)
 	NOT-FOR-US: ALLPlayer
 CVE-2017-17931 (PHP Scripts Mall Resume Clone Script has SQL Injection via the ...)
@@ -542,15 +542,23 @@ CVE-2017-17922
 CVE-2017-17921
 	RESERVED
 CVE-2017-17920 (SQL injection vulnerability in the 'reorder' method in Ruby on Rails ...)
-	TODO: check
+	- rails <undetermined>
+	NOTE: https://kay-malwarebenchmark.github.io/blog/ruby-on-rails-arbitrary-sql-injection/
+	TODO: check (and other possible earlier source packages)
 CVE-2017-17919 (SQL injection vulnerability in the 'order' method in Ruby on Rails ...)
-	TODO: check
+	- rails <undetermined>
+	NOTE: https://kay-malwarebenchmark.github.io/blog/ruby-on-rails-arbitrary-sql-injection/
+	TODO: check (and other possible earlier source packages)
 CVE-2017-17918
 	RESERVED
 CVE-2017-17917 (SQL injection vulnerability in the 'where' method in Ruby on Rails ...)
-	TODO: check
+	- rails <undetermined>
+	NOTE: https://kay-malwarebenchmark.github.io/blog/ruby-on-rails-arbitrary-sql-injection/
+	TODO: check (and other possible earlier source packages)
 CVE-2017-17916 (SQL injection vulnerability in the 'find_by' method in Ruby on Rails ...)
-	TODO: check
+	- rails <undetermined>
+	NOTE: https://kay-malwarebenchmark.github.io/blog/ruby-on-rails-arbitrary-sql-injection/
+	TODO: check (and other possible earlier source packages)
 CVE-2017-17915 (In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based ...)
 	- graphicsmagick 1.3.27-3
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/1721f1b7e67a
@@ -1078,7 +1086,8 @@ CVE-2017-17782 (In GraphicsMagick 1.3.27a, there is a heap-based buffer over-rea
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=8e3d2264109c
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/530/
 CVE-2017-17781 (In Horde Groupware through 5.2.22, SQL Injection exists via the group ...)
-	TODO: check
+	- php-horde <undetermined>
+	NOTE: http://code610.blogspot.com/2017/12/modus-operandi-horde-52x.html
 CVE-2017-17780 (The Clockwork SMS clockwork-test-message.php component has XSS via a ...)
 	NOT-FOR-US: Clockwork SMS plugins for WordPress
 CVE-2017-17779 (Paid To Read Script 2.0.5 has SQL injection via the referrals.php id ...)
@@ -1171,6 +1180,9 @@ CVE-2017-17787 (In GIMP 2.8.22, there is a heap-based buffer over-read in ...)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=790853
 	NOTE: Crash in desktop tool, no/negligable security impact
 CVE-2017-17760 (OpenCV 3.3.1 has a Buffer Overflow in the cv::PxMDecoder::readData ...)
+	- opencv <unfixed>
+	NOTE: https://github.com/opencv/opencv/issues/10351
+	NOTE: MISC:https://github.com/opencv/opencv/pull/10369/commits/7bbe1a53cfc097b82b1589f7915a2120de39274c
 	TODO: check
 CVE-2017-17759 (Conarc iChannel allows remote attackers to obtain sensitive ...)
 	NOT-FOR-US: Conarc iChannel