[Secure-testing-commits] r40985 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Mon Apr 18 21:10:12 UTC 2016
Author: sectracker
Date: 2016-04-18 21:10:12 +0000 (Mon, 18 Apr 2016)
New Revision: 40985
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-04-18 20:15:17 UTC (rev 40984)
+++ data/CVE/list 2016-04-18 21:10:12 UTC (rev 40985)
@@ -1,3 +1,13 @@
+CVE-2016-4035
+ RESERVED
+CVE-2016-4034
+ RESERVED
+CVE-2016-4033
+ RESERVED
+CVE-2016-4032
+ RESERVED
+CVE-2016-4031
+ RESERVED
CVE-2016-4037 [usb: Infinite loop vulnerability in usb_ehci using siTD process]
- qemu <unfixed>
- qemu-kvm <removed>
@@ -318,8 +328,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/04/09/4
CVE-2016-3962
RESERVED
-CVE-2016-3961 [hugetlbfs use may crash PV Linux guests]
- RESERVED
+CVE-2016-3961 (Xen and the Linux kernel through 4.5.x do not properly suppress ...)
- linux <unfixed>
NOTE: http://xenbits.xen.org/xsa/advisory-174.html
CVE-2016-3960 [x86 shadow pagetables: address width overflow]
@@ -2132,8 +2141,8 @@
RESERVED
CVE-2016-3145
RESERVED
-CVE-2016-3144
- RESERVED
+CVE-2016-3144 (Cross-site scripting (XSS) vulnerability in the Block Class module ...)
+ TODO: check
CVE-2016-3143
RESERVED
CVE-2016-3156 [ipv4: Don't do expensive useless work during inetdev destroy]
@@ -4294,44 +4303,44 @@
RESERVED
CVE-2016-2428
RESERVED
-CVE-2016-2427
- RESERVED
-CVE-2016-2426
- RESERVED
-CVE-2016-2425
- RESERVED
-CVE-2016-2424
- RESERVED
-CVE-2016-2423
- RESERVED
-CVE-2016-2422
- RESERVED
-CVE-2016-2421
- RESERVED
-CVE-2016-2420
- RESERVED
-CVE-2016-2419
- RESERVED
-CVE-2016-2418
- RESERVED
-CVE-2016-2417
- RESERVED
-CVE-2016-2416
- RESERVED
-CVE-2016-2415
- RESERVED
-CVE-2016-2414
- RESERVED
-CVE-2016-2413
- RESERVED
-CVE-2016-2412
- RESERVED
-CVE-2016-2411
- RESERVED
-CVE-2016-2410
- RESERVED
-CVE-2016-2409
- RESERVED
+CVE-2016-2427 (asn1/cms/GCMParameters.java in the Bouncy Castle Crypto APIs 1.54 for ...)
+ TODO: check
+CVE-2016-2426 (server/content/ContentService.java in the Framework component in ...)
+ TODO: check
+CVE-2016-2425 (mail/compose/ComposeActivity.java in AOSP Mail in Android 4.x before ...)
+ TODO: check
+CVE-2016-2424 (server/content/SyncStorageEngine.java in SyncStorageEngine in Android ...)
+ TODO: check
+CVE-2016-2423 (server/telecom/CallsManager.java in Telephony in Android 4.x before ...)
+ TODO: check
+CVE-2016-2422 (Wi-Fi in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before ...)
+ TODO: check
+CVE-2016-2421 (Setup Wizard in Android 5.1.x before 5.1.1 and 6.x before 2016-04-01 ...)
+ TODO: check
+CVE-2016-2420 (rootdir/init.rc in Android 4.x before 4.4.4 does not ensure that the ...)
+ TODO: check
+CVE-2016-2419 (media/libmedia/IDrm.cpp in mediaserver in Android 6.x before ...)
+ TODO: check
+CVE-2016-2418 (media/libmedia/IOMX.cpp in mediaserver in Android 6.x before ...)
+ TODO: check
+CVE-2016-2417 (media/libmedia/IOMX.cpp in mediaserver in Android 4.x before 4.4.4, ...)
+ TODO: check
+CVE-2016-2416 (libs/gui/BufferQueueConsumer.cpp in mediaserver in Android 4.x before ...)
+ TODO: check
+CVE-2016-2415 (exchange/eas/EasAutoDiscover.java in the Autodiscover implementation ...)
+ TODO: check
+CVE-2016-2414 (The Minikin library in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, ...)
+ TODO: check
+CVE-2016-2413 (media/libmedia/IOMX.cpp in mediaserver in Android 5.0.x before 5.0.2, ...)
+ TODO: check
+CVE-2016-2412 (include/core/SkPostConfig.h in Skia, as used in System_server in ...)
+ TODO: check
+CVE-2016-2411 (A Qualcomm Power Management kernel driver in Android 6.x before ...)
+ TODO: check
+CVE-2016-2410 (A Qualcomm video kernel driver in Android 6.x before 2016-04-01 allows ...)
+ TODO: check
+CVE-2016-2409 (A Texas Instruments (TI) haptic kernel driver in Android 6.x before ...)
+ TODO: check
CVE-2016-2408
RESERVED
CVE-2016-2407
@@ -5020,8 +5029,8 @@
RESERVED
CVE-2016-2214 (Cross-site scripting (XSS) vulnerability in an unspecified portal ...)
NOT-FOR-US: Huawei
-CVE-2016-2212
- RESERVED
+CVE-2016-2212 (The getOrderByStatusUrlKey function in the Mage_Rss_Helper_Order class ...)
+ TODO: check
CVE-2016-2211
RESERVED
CVE-2016-2210
@@ -5272,12 +5281,10 @@
[jessie] - busybox <no-dsa> (Minor issue)
[wheezy] - busybox <no-dsa> (Minor issue)
NOTE: https://git.busybox.net/busybox/commit/?id=d474ffc68290e0a83651c4432eeabfa62cd51e87
-CVE-2016-2146 [DOS attack (Apache worker process crash / resource exhaustion) due to missing size checks when reading POST data.]
- RESERVED
+CVE-2016-2146 (The am_read_post_data function in mod_auth_mellon before 0.11.1 does ...)
- libapache2-mod-auth-mellon 0.12.0-1
[jessie] - libapache2-mod-auth-mellon <no-dsa> (Minor issue)
-CVE-2016-2145 [DOS attack (Apache worker process crash) due to incorrect error handling when reading POST data from client]
- RESERVED
+CVE-2016-2145 (The am_read_post_data function in mod_auth_mellon before 0.11.1 does ...)
- libapache2-mod-auth-mellon 0.12.0-1
[jessie] - libapache2-mod-auth-mellon <no-dsa> (Minor issue)
CVE-2016-2144
@@ -5646,8 +5653,8 @@
RESERVED
CVE-2016-2077
RESERVED
-CVE-2016-2076
- RESERVED
+CVE-2016-2076 (Client Integration Plugin (CIP) in VMware vCenter Server 5.5 U3a, U3b, ...)
+ TODO: check
CVE-2016-2075 (Cross-site scripting (XSS) vulnerability in VMware vRealize Business ...)
NOT-FOR-US: VMware vRealize Business Advanced and Enterprise
CVE-2016-2074 [MPLS buffer overflow]
@@ -6952,48 +6959,39 @@
RESERVED
CVE-2016-1660
RESERVED
-CVE-2016-1659
- RESERVED
+CVE-2016-1659 (Multiple unspecified vulnerabilities in Google Chrome before ...)
{DSA-3549-1}
- chromium-browser 50.0.2661.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1658
- RESERVED
+CVE-2016-1658 (The Extensions subsystem in Google Chrome before 50.0.2661.75 ...)
{DSA-3549-1}
- chromium-browser 50.0.2661.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1657
- RESERVED
+CVE-2016-1657 (The WebContentsImpl::FocusLocationBarByDefault function in ...)
{DSA-3549-1}
- chromium-browser 50.0.2661.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1656
- RESERVED
+CVE-2016-1656 (The download implementation in Google Chrome before 50.0.2661.75 on ...)
- chromium-browser <not-affected> (Android-specific)
-CVE-2016-1655
- RESERVED
+CVE-2016-1655 (Google Chrome before 50.0.2661.75 does not properly consider that ...)
{DSA-3549-1}
- chromium-browser 50.0.2661.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1654
- RESERVED
+CVE-2016-1654 (The media subsystem in Google Chrome before 50.0.2661.75 does not ...)
{DSA-3549-1}
- chromium-browser 50.0.2661.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1653
- RESERVED
+CVE-2016-1653 (The LoadBuffer implementation in Google V8, as used in Google Chrome ...)
{DSA-3549-1}
- chromium-browser 50.0.2661.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
- libv8 <unfixed> (unimportant)
NOTE: libv8 not covered by security support
-CVE-2016-1652
- RESERVED
+CVE-2016-1652 (Cross-site scripting (XSS) vulnerability in the ...)
{DSA-3549-1}
- chromium-browser 50.0.2661.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1651
- RESERVED
+CVE-2016-1651 (fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome ...)
{DSA-3549-1}
- chromium-browser 50.0.2661.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
@@ -7550,8 +7548,7 @@
[squeeze] - lighttpd <not-affected> (Regression introduced in 1.4.36)
NOTE: http://redmine.lighttpd.net/issues/2700
NOTE: Introduced in 1.4.36: http://web.archive.org/web/20150906061055/http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2976
-CVE-2016-1503 [heap overflow via malformed dhcp responses in print_option (via dhcp_envoption1) due to incorrect option length values]
- RESERVED
+CVE-2016-1503 (dhcpcd before 6.10.0, as used in Android 4.x before 4.4.4, 5.0.x ...)
- dhcpcd5 6.10.1-1 (bug #810621)
- dhcpcd <not-affected> (Vulnerable code not present)
NOTE: http://roy.marples.name/projects/dhcpcd/info/76a1609352263bd9def1300d7ba990679571fa30
@@ -7894,10 +7891,10 @@
NOT-FOR-US: Cisco
CVE-2016-1341 (Cisco NX-OS 7.0(1)N1(1), 7.0(1)N1(3), and 7.0(4)N1(1) on Nexus 2000 ...)
NOT-FOR-US: Cisco
-CVE-2016-1340
- RESERVED
-CVE-2016-1339
- RESERVED
+CVE-2016-1340 (Heap-based buffer overflow in Cisco Unified Computing System (UCS) ...)
+ TODO: check
+CVE-2016-1339 (Cisco Unified Computing System (UCS) Platform Emulator 2.5(2)TS4, ...)
+ TODO: check
CVE-2016-1338 (Cisco TelePresence Video Communication Server (VCS) X8.5.1 and X8.5.2 ...)
NOT-FOR-US: Cisco
CVE-2016-1337
@@ -8429,28 +8426,28 @@
RESERVED
CVE-2016-1275
RESERVED
-CVE-2016-1274
- RESERVED
-CVE-2016-1273
- RESERVED
+CVE-2016-1274 (Juniper Junos OS 14.1X53 before 14.1X53-D30 on QFX Series switches ...)
+ TODO: check
+CVE-2016-1273 (Juniper Junos OS before 13.2X51-D40, 14.x before 14.1X53-D30, and 15.x ...)
+ TODO: check
CVE-2016-1272
RESERVED
-CVE-2016-1271
- RESERVED
-CVE-2016-1270
- RESERVED
-CVE-2016-1269
- RESERVED
-CVE-2016-1268
- RESERVED
-CVE-2016-1267
- RESERVED
+CVE-2016-1271 (Juniper Junos OS before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.3 ...)
+ TODO: check
+CVE-2016-1270 (The rpd daemon in Juniper Junos OS before 12.1X44-D60, 12.1X46 before ...)
+ TODO: check
+CVE-2016-1269 (Juniper Junos OS before 12.1X44-D60, 12.1X46 before 12.1X46-D40, ...)
+ TODO: check
+CVE-2016-1268 (The administrative web services interface in Juniper ScreenOS before ...)
+ TODO: check
+CVE-2016-1267 (Race condition in the RPC functionality in Juniper Junos OS before ...)
+ TODO: check
CVE-2016-1266
RESERVED
CVE-2016-1265
RESERVED
-CVE-2016-1264
- RESERVED
+CVE-2016-1264 (Race condition in the Op command in Juniper Junos OS before ...)
+ TODO: check
CVE-2016-1263
RESERVED
CVE-2016-1262 (Juniper Junos OS before 12.1X46-D45, 12.1X47 before 12.1X47-D30, ...)
@@ -9577,8 +9574,8 @@
RESERVED
CVE-2016-0890
RESERVED
-CVE-2016-0889
- RESERVED
+CVE-2016-0889 (An HTTP servlet in vApp Manager in EMC Unisphere for VMAX Virtual ...)
+ TODO: check
CVE-2016-0888 (EMC Documentum D2 before 4.6 lacks intended ACLs for configuration ...)
NOT-FOR-US: EMC Documentum D2
CVE-2016-0887 (EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, ...)
@@ -9717,40 +9714,40 @@
NOT-FOR-US: Advantech
CVE-2016-0851 (Advantech WebAccess before 8.1 allows remote attackers to cause a ...)
NOT-FOR-US: Advantech
-CVE-2016-0850
- RESERVED
-CVE-2016-0849
- RESERVED
-CVE-2016-0848
- RESERVED
-CVE-2016-0847
- RESERVED
-CVE-2016-0846
- RESERVED
+CVE-2016-0850 (The PORCHE_PAIRING_CONFLICT feature in Bluetooth in Android 4.x before ...)
+ TODO: check
+CVE-2016-0849 (Multiple integer overflows in minzip/SysUtil.c in the Recovery ...)
+ TODO: check
+CVE-2016-0848 (Race condition in Download Manager in Android 4.x before 4.4.4, 5.0.x ...)
+ TODO: check
+CVE-2016-0847 (The Telecom Component in Android 5.0.x before 5.0.2, 5.1.x before ...)
+ TODO: check
+CVE-2016-0846 (libs/binder/IMemory.cpp in the IMemory Native Interface in Android 4.x ...)
+ TODO: check
CVE-2016-0845
RESERVED
-CVE-2016-0844
- RESERVED
-CVE-2016-0843
- RESERVED
-CVE-2016-0842
- RESERVED
-CVE-2016-0841
- RESERVED
-CVE-2016-0840
- RESERVED
-CVE-2016-0839
- RESERVED
-CVE-2016-0838
- RESERVED
-CVE-2016-0837
- RESERVED
-CVE-2016-0836
- RESERVED
-CVE-2016-0835
- RESERVED
-CVE-2016-0834
- RESERVED
+CVE-2016-0844 (The Qualcomm RF driver in Android 6.x before 2016-04-01 does not ...)
+ TODO: check
+CVE-2016-0843 (The Qualcomm ARM processor performance-event manager in Android 4.x ...)
+ TODO: check
+CVE-2016-0842 (The H.264 decoder in libstagefright in Android 6.x before 2016-04-01 ...)
+ TODO: check
+CVE-2016-0841 (media/libmedia/mediametadataretriever.cpp in mediaserver in Android ...)
+ TODO: check
+CVE-2016-0840 (Multiple stack-based buffer underflows in decoder/ih264d_parse_cavlc.c ...)
+ TODO: check
+CVE-2016-0839 (post_proc/volume_listener.c in mediaserver in Android 6.x before ...)
+ TODO: check
+CVE-2016-0838 (Sonivox in mediaserver in Android 4.x before 4.4.4, 5.0.x before ...)
+ TODO: check
+CVE-2016-0837 (MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x ...)
+ TODO: check
+CVE-2016-0836 (Stack-based buffer overflow in decoder/impeg2d_vld.c in mediaserver in ...)
+ TODO: check
+CVE-2016-0835 (decoder/impeg2d_dec_hdr.c in mediaserver in Android 6.x before ...)
+ TODO: check
+CVE-2016-0834 (An unspecified media codec in mediaserver in Android 6.x before ...)
+ TODO: check
CVE-2016-0833
RESERVED
CVE-2016-0832 (Setup Wizard in Android 5.1.x before LMY49H and 6.x before 2016-03-01 ...)
@@ -14686,8 +14683,7 @@
NOT-FOR-US: MOVEit File Transfer web- and mobile application
CVE-2015-7677 (The MOVEitISAPI service in Ipswitch MOVEit DMZ before 8.2 provides ...)
NOT-FOR-US: MOVEit File Transfer web- and mobile application
-CVE-2015-7676
- RESERVED
+CVE-2015-7676 (Ipswitch MOVEit File Transfer (formerly DMZ) 8.1 and earlier, when ...)
NOT-FOR-US: MOVEit File Transfer web- and mobile application
CVE-2015-7675 (The "Send as attachment" feature in Ipswitch MOVEit DMZ before 8.2 and ...)
NOT-FOR-US: MOVEit File Transfer web- and mobile application
@@ -20970,8 +20966,7 @@
RESERVED
CVE-2015-5349 (The CSV export in Apache LDAP Studio and Apache Directory Studio ...)
TODO: check
-CVE-2015-5348
- RESERVED
+CVE-2015-5348 (Apache Camel 2.6.x through 2.14.x, 2.15.x before 2.15.5, and 2.16.x ...)
NOT-FOR-US: Apache Camel
CVE-2015-5347 (Cross-site scripting (XSS) vulnerability in the ...)
TODO: check
@@ -21319,8 +21314,7 @@
- moodle 2.7.10+dfsg-1 (bug #799634)
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50576
-CVE-2015-5271 [unsafe pipeline ordering of swift staticweb middleware]
- RESERVED
+CVE-2015-5271 (The TripleO Heat templates (tripleo-heat-templates) do not properly ...)
- tripleo-heat-templates <not-affected> (Vulnerability introduced later)
NOTE: Fixed by: https://github.com/openstack/tripleo-heat-templates/commit/1730d95acdbee7c7bbcfe1eba8a48ef2b0cc1476
NOTE: Introduced by: https://github.com/openstack/tripleo-heat-templates/commit/65d64b6a52366f36955e5e48a29f4ef0ca2ff973 (0.8.2) [Puppet: Swift Overcloud Proxy/Storage support]
@@ -24315,8 +24309,7 @@
NOT-FOR-US: Siemens Climatix BACnet/IP communication module
CVE-2015-4173 (Unquoted Windows search path vulnerability in the autorun value in ...)
NOT-FOR-US: Dell SonicWall NetExtender
-CVE-2010-5325 [foomatic-rip unhtmlify() buffer overflow vulnerability]
- RESERVED
+CVE-2010-5325 (Heap-based buffer overflow in the unhtmlify function in foomatic-rip ...)
- foomatic-filters 4.0.5-6
- cups-filters <not-affected> (Vulnerable code not present)
NOTE: cups-filters 1.0.42 introduced foomatic-rip filter which already was fixed.
More information about the Secure-testing-commits
mailing list