[Secure-testing-commits] r41052 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Thu Apr 21 21:10:12 UTC 2016
Author: sectracker
Date: 2016-04-21 21:10:12 +0000 (Thu, 21 Apr 2016)
New Revision: 41052
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-04-21 20:55:43 UTC (rev 41051)
+++ data/CVE/list 2016-04-21 21:10:12 UTC (rev 41052)
@@ -1,3 +1,48 @@
+CVE-2016-6479
+ REJECTED
+ TODO: check
+CVE-2016-4055
+ RESERVED
+CVE-2016-4050
+ RESERVED
+CVE-2016-4049
+ RESERVED
+CVE-2016-4048
+ RESERVED
+CVE-2016-4047
+ RESERVED
+CVE-2016-4046
+ RESERVED
+CVE-2016-4045
+ RESERVED
+CVE-2015-8862
+ RESERVED
+CVE-2015-8861
+ RESERVED
+CVE-2015-8860
+ RESERVED
+CVE-2015-8859
+ RESERVED
+CVE-2015-8858
+ RESERVED
+CVE-2015-8857
+ RESERVED
+CVE-2015-8856
+ RESERVED
+CVE-2015-8855
+ RESERVED
+CVE-2015-8854
+ RESERVED
+CVE-2014-9772
+ RESERVED
+CVE-2013-7454
+ RESERVED
+CVE-2013-7453
+ RESERVED
+CVE-2013-7452
+ RESERVED
+CVE-2013-7451
+ RESERVED
CVE-2015-XXXX [tmux out-of-bounds heap read]
- tmux 2.1-1
NOTE: upstream issue: https://github.com/tmux/tmux/issues/92
@@ -26,18 +71,22 @@
- typo3-src <removed>
[wheezy] - typo3-src <end-of-life> (See DSA 3314)
CVE-2016-4054
+ RESERVED
- squid3 <unfixed>
- squid <removed>
TODO: check
CVE-2016-4053
+ RESERVED
- squid3 <unfixed>
- squid <removed>
TODO: check
CVE-2016-4052
+ RESERVED
- squid3 <unfixed>
- squid <removed>
TODO: check
CVE-2016-4051
+ RESERVED
- squid3 <unfixed>
- squid <removed>
TODO: check
@@ -52,6 +101,7 @@
CVE-2016-4040 (SQL injection vulnerability in the Workflow Screen in dotCMS before ...)
TODO: check
CVE-2015-8853 [Regexp-matching "hangs" indefinitely on illegal input using binmode :utf8 using 100%CPU]
+ RESERVED
- perl 5.22.1-1 (bug #821848)
NOTE: https://rt.perl.org/Public/Bug/Display.html?id=123562
NOTE: http://perl5.git.perl.org/perl.git/commitdiff/22b433eff9a1ffa2454e18405a56650f07b385b5
@@ -361,15 +411,13 @@
NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=143f299
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1324774
NOTE: http://www.openwall.com/lists/oss-security/2016/04/09/3
-CVE-2014-9770 [systemd / journald created world readable journal files (for volatile journals)]
- RESERVED
+CVE-2014-9770 (tmpfiles.d/systemd.conf in systemd before 214 uses weak permissions ...)
- systemd 215-4
[wheezy] - systemd <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=972612
NOTE: Introduced by: https://github.com/systemd/systemd/commit/a606871da508995f5ede113a8fc6538afd98966c (v213)
NOTE: Fixed by (for volatile journals): https://github.com/systemd/systemd/commit/176f2acf8dee45fee832fd2ab07243f63783a238 (v214)
-CVE-2015-8842 [systemd / journald created world readable journal files (for current persistent journal)]
- RESERVED
+CVE-2015-8842 (tmpfiles.d/systemd.conf in systemd before 229 uses weak permissions ...)
- systemd 229-1
[wheezy] - systemd <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=972612
@@ -416,6 +464,7 @@
- linux <unfixed>
NOTE: http://xenbits.xen.org/xsa/advisory-174.html
CVE-2016-3960 (Integer overflow in the x86 shadow pagetable code in Xen allows local ...)
+ {DSA-3554-1}
- xen <unfixed>
NOTE: http://xenbits.xen.org/xsa/advisory-173.html
CVE-2016-3957
@@ -1553,34 +1602,32 @@
RESERVED
CVE-2016-3467
RESERVED
-CVE-2016-3466
- RESERVED
-CVE-2016-3465
- RESERVED
+CVE-2016-3466 (Unspecified vulnerability in the Oracle Field Service component in ...)
+ TODO: check
+CVE-2016-3465 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local ...)
NOT-FOR-US: Solaris
-CVE-2016-3464
- RESERVED
-CVE-2016-3463
- RESERVED
-CVE-2016-3462
- RESERVED
+CVE-2016-3464 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...)
+ TODO: check
+CVE-2016-3463 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...)
+ TODO: check
+CVE-2016-3462 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local ...)
NOT-FOR-US: Solaris
-CVE-2016-3461
- RESERVED
-CVE-2016-3460
- RESERVED
+CVE-2016-3461 (Unspecified vulnerability in the MySQL Enterprise Monitor component in ...)
+ TODO: check
+CVE-2016-3460 (Unspecified vulnerability in the PeopleSoft Enterprise HCM component ...)
+ TODO: check
CVE-2016-3459
RESERVED
CVE-2016-3458
RESERVED
-CVE-2016-3457
- RESERVED
-CVE-2016-3456
- RESERVED
-CVE-2016-3455
- RESERVED
-CVE-2016-3454
- RESERVED
+CVE-2016-3457 (Unspecified vulnerability in the PeopleSoft Enterprise HCM ...)
+ TODO: check
+CVE-2016-3456 (Unspecified vulnerability in the Oracle Complex Maintenance, Repair, ...)
+ TODO: check
+CVE-2016-3455 (Unspecified vulnerability in the Oracle Outside In Technology ...)
+ TODO: check
+CVE-2016-3454 (Unspecified vulnerability in the Java VM component in Oracle Database ...)
+ TODO: check
CVE-2016-3453
RESERVED
CVE-2016-3452
@@ -1589,96 +1636,86 @@
RESERVED
CVE-2016-3450
RESERVED
-CVE-2016-3449
- RESERVED
+CVE-2016-3449 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 ...)
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2016-3448
RESERVED
-CVE-2016-3447
- RESERVED
+CVE-2016-3447 (Unspecified vulnerability in the Oracle Applications Framework ...)
+ TODO: check
CVE-2016-3446
RESERVED
CVE-2016-3445
RESERVED
CVE-2016-3444
RESERVED
-CVE-2016-3443
- RESERVED
+CVE-2016-3443 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 ...)
- openjdk-8 <unfixed>
- openjdk-7 <removed>
- openjdk-6 <removed>
-CVE-2016-3442
- RESERVED
-CVE-2016-3441
- RESERVED
+CVE-2016-3442 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
+ TODO: check
+CVE-2016-3441 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows ...)
NOT-FOR-US: Solaris
CVE-2016-3440
RESERVED
-CVE-2016-3439
- RESERVED
-CVE-2016-3438
- RESERVED
-CVE-2016-3437
- RESERVED
-CVE-2016-3436
- RESERVED
-CVE-2016-3435
- RESERVED
-CVE-2016-3434
- RESERVED
+CVE-2016-3439 (Unspecified vulnerability in the Oracle CRM Wireless component in ...)
+ TODO: check
+CVE-2016-3438 (Unspecified vulnerability in the Oracle Configurator component in ...)
+ TODO: check
+CVE-2016-3437 (Unspecified vulnerability in the Oracle CRM Wireless component in ...)
+ TODO: check
+CVE-2016-3436 (Unspecified vulnerability in the Oracle Common Applications Calendar ...)
+ TODO: check
+CVE-2016-3435 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
+ TODO: check
+CVE-2016-3434 (Unspecified vulnerability in the Oracle Application Object Library ...)
+ TODO: check
CVE-2016-3433
RESERVED
CVE-2016-3432
RESERVED
-CVE-2016-3431
- RESERVED
+CVE-2016-3431 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
+ TODO: check
CVE-2016-3430
RESERVED
-CVE-2016-3429
- RESERVED
+CVE-2016-3429 (Unspecified vulnerability in the Oracle Retail Xstore Point of Service ...)
NOT-FOR-US: Oracle Retail
-CVE-2016-3428
- RESERVED
-CVE-2016-3427
- RESERVED
+CVE-2016-3428 (Unspecified vulnerability in the Oracle Agile Engineering Data ...)
+ TODO: check
+CVE-2016-3427 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; ...)
- openjdk-8 <unfixed>
- openjdk-7 <removed>
- openjdk-6 <removed>
-CVE-2016-3426
- RESERVED
+CVE-2016-3426 (Unspecified vulnerability in Oracle Java SE 8u77 and Java SE Embedded ...)
- openjdk-8 <unfixed>
- openjdk-7 <removed>
- openjdk-6 <removed>
-CVE-2016-3425
- RESERVED
+CVE-2016-3425 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; ...)
- openjdk-8 <unfixed>
- openjdk-7 <removed>
- openjdk-6 <removed>
CVE-2016-3424
RESERVED
-CVE-2016-3423
- RESERVED
-CVE-2016-3422
- RESERVED
+CVE-2016-3423 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
+ TODO: check
+CVE-2016-3422 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 ...)
- openjdk-8 <unfixed>
- openjdk-7 <removed>
- openjdk-6 <removed>
-CVE-2016-3421
- RESERVED
-CVE-2016-3420
- RESERVED
-CVE-2016-3419
- RESERVED
+CVE-2016-3421 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
+ TODO: check
+CVE-2016-3420 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
+ TODO: check
+CVE-2016-3419 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows ...)
NOT-FOR-US: Solaris
-CVE-2016-3418
- RESERVED
+CVE-2016-3418 (Unspecified vulnerability in the DataStore component in Oracle ...)
NOT-FOR-US: Oracle Berkeley DB (later closed source releases)
-CVE-2016-3417
- RESERVED
-CVE-2016-3416
- RESERVED
+CVE-2016-3417 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
+ TODO: check
+CVE-2016-3416 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
+ TODO: check
CVE-2016-3415
RESERVED
CVE-2016-3414
@@ -2190,6 +2227,7 @@
CVE-2016-3160
RESERVED
CVE-2016-3159 (The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not ...)
+ {DSA-3554-1}
- xen <unfixed>
NOTE: http://xenbits.xen.org/xsa/advisory-172.html
NOTE: CVE-2016-3159 is for the code change which is applicable for later
@@ -2197,6 +2235,7 @@
NOTE: for CVE-2016-3158. Ie for the first hunk in xsa172.patch, which
NOTE: patches the function fpu_fxrstor.
CVE-2016-3158 (The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly ...)
+ {DSA-3554-1}
- xen <unfixed>
NOTE: http://xenbits.xen.org/xsa/advisory-172.html
NOTE: CVE-2016-3158 is for the code change which is required for all
@@ -3793,6 +3832,7 @@
RESERVED
CVE-2015-8852 [HTTP Smuggling issues: Double Content Length and bad EOL]
RESERVED
+ {DSA-3553-1}
- varnish 4.0.0-1 (bug #783510)
NOTE: http://www.openwall.com/lists/oss-security/2016/04/16/1
NOTE: fixed in 3.0.7 upstream, mark as fixed with first 4.x version in unstable
@@ -4912,10 +4952,10 @@
RESERVED
CVE-2016-2295
RESERVED
-CVE-2016-2294
- RESERVED
-CVE-2016-2293
- RESERVED
+CVE-2016-2294 (The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and ...)
+ TODO: check
+CVE-2016-2293 (The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and ...)
+ TODO: check
CVE-2016-2292 (Stack-based buffer overflow in Pro-face GP-Pro EX EX-ED before ...)
NOT-FOR-US: Pro-face
CVE-2016-2291 (Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, ...)
@@ -4941,8 +4981,8 @@
NOT-FOR-US: Moxa ioLogik E2200 devices
CVE-2016-2281 (Untrusted search path vulnerability in ABB Panel Builder 800 5.1 ...)
TODO: check
-CVE-2016-2280
- RESERVED
+CVE-2016-2280 (Buffer overflow in RDISERVER in Honeywell Uniformance Process History ...)
+ TODO: check
CVE-2016-2279 (Cross-site scripting (XSS) vulnerability in the web server in Rockwell ...)
NOT-FOR-US: CompactLogix
CVE-2016-2278 (Schneider Electric Struxureware Building Operations Automation Server ...)
@@ -5166,8 +5206,8 @@
RESERVED
CVE-2016-2203
RESERVED
-CVE-2016-2202
- RESERVED
+CVE-2016-2202 (The Inventory Solution component in the Management Agent in the client ...)
+ TODO: check
CVE-2016-2201 (Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote ...)
NOTE: Siemens SIMATIC
CVE-2016-2200 (Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote ...)
@@ -6031,20 +6071,20 @@
RESERVED
CVE-2016-2009
RESERVED
-CVE-2016-2008
- RESERVED
-CVE-2016-2007
- RESERVED
-CVE-2016-2006
- RESERVED
-CVE-2016-2005
- RESERVED
-CVE-2016-2004
- RESERVED
-CVE-2016-2003
- RESERVED
-CVE-2016-2002
- RESERVED
+CVE-2016-2008 (HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before ...)
+ TODO: check
+CVE-2016-2007 (HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before ...)
+ TODO: check
+CVE-2016-2006 (HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before ...)
+ TODO: check
+CVE-2016-2005 (HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before ...)
+ TODO: check
+CVE-2016-2004 (HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before ...)
+ TODO: check
+CVE-2016-2003 (HPE P9000 Command View Advanced Edition Software (CVAE) 7.x and 8.x ...)
+ TODO: check
+CVE-2016-2002 (The validateAdminConfig handler in the Analytics Management Console in ...)
+ TODO: check
CVE-2016-2001 (HPE Universal CMDB Foundation 10.0, 10.01, 10.10, 10.11, and 10.20 ...)
NOT-FOR-US: HPE Universal CMDB
CVE-2016-2000 (HPE Asset Manager 9.40, 9.41, and 9.50 and Asset Manager CloudSystem ...)
@@ -7924,8 +7964,8 @@
RESERVED
CVE-2016-1385
RESERVED
-CVE-2016-1384
- RESERVED
+CVE-2016-1384 (The NTP implementation in Cisco IOS 15.1 and 15.5 and IOS XE 3.2 ...)
+ TODO: check
CVE-2016-1383
RESERVED
CVE-2016-1382
@@ -7958,18 +7998,18 @@
RESERVED
CVE-2016-1368
RESERVED
-CVE-2016-1367
- RESERVED
+CVE-2016-1367 (The DHCPv6 relay implementation in Cisco Adaptive Security Appliance ...)
+ TODO: check
CVE-2016-1366 (The SCP and SFTP modules in Cisco IOS XR 5.0.0 through 5.2.5 on ...)
NOT-FOR-US: Cisco IOS XR
CVE-2016-1365
RESERVED
-CVE-2016-1364
- RESERVED
-CVE-2016-1363
- RESERVED
-CVE-2016-1362
- RESERVED
+CVE-2016-1364 (Cisco Wireless LAN Controller (WLC) Software 7.4 before 7.4.130.0(MD) ...)
+ TODO: check
+CVE-2016-1363 (Buffer overflow in the redirection functionality in Cisco Wireless LAN ...)
+ TODO: check
+CVE-2016-1362 (Cisco AireOS 4.1 through 7.4.120.0, 7.5.x, and 7.6.100.0 on Wireless ...)
+ TODO: check
CVE-2016-1361 (Cisco IOS XR through 4.3.2 on Gigabit Switch Router (GSR) 12000 ...)
NOT-FOR-US: Cisco
CVE-2016-1360 (Cisco Prime LAN Management Solution (LMS) through 4.2.5 uses the same ...)
@@ -9690,8 +9730,7 @@
RESERVED
CVE-2016-0892
RESERVED
-CVE-2016-0891
- RESERVED
+CVE-2016-0891 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
NOT-FOR-US: EMC ViPR SRM
CVE-2016-0890
RESERVED
@@ -10552,250 +10591,207 @@
NOTE: http://www.openwall.com/lists/oss-security/2015/12/12/1
CVE-2015-8541
RESERVED
-CVE-2016-0700
- RESERVED
-CVE-2016-0699
- RESERVED
+CVE-2016-0700 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
+ TODO: check
+CVE-2016-0699 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...)
NOT-FOR-US: Oracle FLEXCUBE
-CVE-2016-0698
- RESERVED
-CVE-2016-0697
- RESERVED
-CVE-2016-0696
- RESERVED
-CVE-2016-0695
- RESERVED
+CVE-2016-0698 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
+ TODO: check
+CVE-2016-0697 (Unspecified vulnerability in the Oracle Application Object Library ...)
+ TODO: check
+CVE-2016-0696 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
+ TODO: check
+CVE-2016-0695 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; ...)
- openjdk-8 <unfixed>
- openjdk-7 <removed>
- openjdk-6 <removed>
-CVE-2016-0694
- RESERVED
+CVE-2016-0694 (Unspecified vulnerability in the DataStore component in Oracle ...)
NOT-FOR-US: Oracle Berkeley DB (later closed source releases)
-CVE-2016-0693
- RESERVED
+CVE-2016-0693 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows ...)
NOT-FOR-US: Solaris
-CVE-2016-0692
- RESERVED
+CVE-2016-0692 (Unspecified vulnerability in the DataStore component in Oracle ...)
NOT-FOR-US: Oracle Berkeley DB (later closed source releases)
-CVE-2016-0691
- RESERVED
-CVE-2016-0690
- RESERVED
-CVE-2016-0689
- RESERVED
+CVE-2016-0691 (Unspecified vulnerability in the RDBMS Security component in Oracle ...)
+ TODO: check
+CVE-2016-0690 (Unspecified vulnerability in the RDBMS Security component in Oracle ...)
+ TODO: check
+CVE-2016-0689 (Unspecified vulnerability in the DataStore component in Oracle ...)
NOT-FOR-US: Oracle Berkeley DB (later closed source releases)
-CVE-2016-0688
- RESERVED
-CVE-2016-0687
- RESERVED
+CVE-2016-0688 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
+ TODO: check
+CVE-2016-0687 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and ...)
- openjdk-8 <unfixed>
- openjdk-7 <removed>
- openjdk-6 <removed>
-CVE-2016-0686
- RESERVED
+CVE-2016-0686 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and ...)
- openjdk-8 <unfixed>
- openjdk-7 <removed>
- openjdk-6 <removed>
-CVE-2016-0685
- RESERVED
-CVE-2016-0684
- RESERVED
+CVE-2016-0685 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
+ TODO: check
+CVE-2016-0684 (Unspecified vulnerability in the Oracle Retail MICROS ARS POS ...)
NOT-FOR-US: Oracle Retail
-CVE-2016-0683
- RESERVED
-CVE-2016-0682
- RESERVED
+CVE-2016-0683 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
+ TODO: check
+CVE-2016-0682 (Unspecified vulnerability in the DataStore component in Oracle ...)
NOT-FOR-US: Oracle Berkeley DB (later closed source releases)
-CVE-2016-0681
- RESERVED
-CVE-2016-0680
- RESERVED
-CVE-2016-0679
- RESERVED
-CVE-2016-0678
- RESERVED
+CVE-2016-0681 (Unspecified vulnerability in the Oracle OLAP component in Oracle ...)
+ TODO: check
+CVE-2016-0680 (Unspecified vulnerability in the PeopleSoft Enterprise SCM component ...)
+ TODO: check
+CVE-2016-0679 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
+ TODO: check
+CVE-2016-0678 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
- virtualbox 5.0.18-dfsg-1
[wheezy] - virtualbox <end-of-life> (DSA 3454)
-CVE-2016-0677
- RESERVED
-CVE-2016-0676
- RESERVED
+CVE-2016-0677 (Unspecified vulnerability in the RDBMS Security component in Oracle ...)
+ TODO: check
+CVE-2016-0676 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users ...)
NOT-FOR-US: Solaris
-CVE-2016-0675
- RESERVED
-CVE-2016-0674
- RESERVED
+CVE-2016-0675 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
+ TODO: check
+CVE-2016-0674 (Unspecified vulnerability in the Siebel Core - Common Components ...)
NOT-FOR-US: Siebel
-CVE-2016-0673
- RESERVED
+CVE-2016-0673 (Unspecified vulnerability in the Siebel UI Framework component in ...)
NOT-FOR-US: Siebel
-CVE-2016-0672
- RESERVED
+CVE-2016-0672 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...)
NOT-FOR-US: Oracle FLEXCUBE
-CVE-2016-0671
- RESERVED
+CVE-2016-0671 (Unspecified vulnerability in the Oracle HTTP Server component in ...)
+ TODO: check
CVE-2016-0670
RESERVED
-CVE-2016-0669
- RESERVED
+CVE-2016-0669 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local ...)
NOT-FOR-US: Solaris
-CVE-2016-0668
- RESERVED
+CVE-2016-0668 (Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and ...)
- mysql-5.6 5.6.30-1 (bug #821094)
- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and MySQL 5.7)
NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
-CVE-2016-0667
- RESERVED
+CVE-2016-0667 (Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows ...)
- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
-CVE-2016-0666
- RESERVED
+CVE-2016-0666 (Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 ...)
- mysql-5.6 5.6.30-1 (bug #821094)
- mysql-5.5 <removed> (bug #821100)
- mariadb-10.0 <undetermined>
NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
-CVE-2016-0665
- RESERVED
+CVE-2016-0665 (Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and ...)
- mysql-5.6 5.6.30-1 (bug #821094)
- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and MySQL 5.7)
NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0664
RESERVED
-CVE-2016-0663
- RESERVED
+CVE-2016-0663 (Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows ...)
- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
-CVE-2016-0662
- RESERVED
+CVE-2016-0662 (Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows ...)
- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
-CVE-2016-0661
- RESERVED
+CVE-2016-0661 (Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and ...)
- mysql-5.6 5.6.30-1 (bug #821094)
- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and MySQL 5.7)
NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0660
RESERVED
-CVE-2016-0659
- RESERVED
+CVE-2016-0659 (Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows ...)
- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
-CVE-2016-0658
- RESERVED
+CVE-2016-0658 (Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows ...)
- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
-CVE-2016-0657
- RESERVED
+CVE-2016-0657 (Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows ...)
- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
-CVE-2016-0656
- RESERVED
+CVE-2016-0656 (Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows ...)
- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
-CVE-2016-0655
- RESERVED
+CVE-2016-0655 (Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and ...)
- mysql-5.6 5.6.30-1 (bug #821094)
- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and MySQL 5.7)
NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
-CVE-2016-0654
- RESERVED
+CVE-2016-0654 (Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows ...)
- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
-CVE-2016-0653
- RESERVED
+CVE-2016-0653 (Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows ...)
- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
-CVE-2016-0652
- RESERVED
+CVE-2016-0652 (Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows ...)
- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
-CVE-2016-0651
- RESERVED
+CVE-2016-0651 (Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows ...)
- mysql-5.6 <not-affected> (Only affects MySQL 5.5)
- mysql-5.5 <removed>
[jessie] - mysql-5.5 5.5.47-0+deb8u1
[wheezy] - mysql-5.5 5.5.47-0+deb7u1
- mariadb-10.0 <undetermined>
NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
-CVE-2016-0650
- RESERVED
+CVE-2016-0650 (Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 ...)
- mysql-5.6 5.6.30-1 (bug #821094)
- mysql-5.5 <removed> (bug #821100)
- mariadb-10.0 <undetermined>
NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
-CVE-2016-0649
- RESERVED
+CVE-2016-0649 (Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 ...)
- mysql-5.6 5.6.30-1 (bug #821094)
- mysql-5.5 <removed> (bug #821100)
- mariadb-10.0 <undetermined>
NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
-CVE-2016-0648
- RESERVED
+CVE-2016-0648 (Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 ...)
- mysql-5.6 5.6.30-1 (bug #821094)
- mysql-5.5 <removed> (bug #821100)
- mariadb-10.0 <undetermined>
NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
-CVE-2016-0647
- RESERVED
+CVE-2016-0647 (Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 ...)
- mysql-5.6 5.6.30-1 (bug #821094)
- mysql-5.5 <removed> (bug #821100)
- mariadb-10.0 <undetermined>
NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
-CVE-2016-0646
- RESERVED
+CVE-2016-0646 (Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 ...)
- mysql-5.6 5.6.30-1 (bug #821094)
- mysql-5.5 <removed> (bug #821100)
- mariadb-10.0 <undetermined>
NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0645
RESERVED
-CVE-2016-0644
- RESERVED
+CVE-2016-0644 (Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 ...)
- mysql-5.6 5.6.30-1 (bug #821094)
- mysql-5.5 <removed> (bug #821100)
- mariadb-10.0 <undetermined>
NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
-CVE-2016-0643
- RESERVED
+CVE-2016-0643 (Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 ...)
- mysql-5.6 5.6.30-1 (bug #821094)
- mysql-5.5 <removed> (bug #821100)
- mariadb-10.0 <undetermined>
NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
-CVE-2016-0642
- RESERVED
+CVE-2016-0642 (Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 ...)
- mysql-5.6 5.6.30-1 (bug #821094)
- mysql-5.5 <removed> (bug #821100)
- mariadb-10.0 <undetermined>
NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
-CVE-2016-0641
- RESERVED
+CVE-2016-0641 (Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 ...)
- mysql-5.6 5.6.30-1 (bug #821094)
- mysql-5.5 <removed> (bug #821100)
- mariadb-10.0 <undetermined>
NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
-CVE-2016-0640
- RESERVED
+CVE-2016-0640 (Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 ...)
- mysql-5.6 5.6.30-1 (bug #821094)
- mysql-5.5 <removed> (bug #821100)
- mariadb-10.0 <undetermined>
NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
-CVE-2016-0639
- RESERVED
+CVE-2016-0639 (Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and ...)
- mysql-5.6 5.6.30-1 (bug #821094)
- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
-CVE-2016-0638
- RESERVED
+CVE-2016-0638 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
+ TODO: check
CVE-2016-0637
RESERVED
CVE-2016-0636 (Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 ...)
@@ -10830,8 +10826,7 @@
RESERVED
CVE-2016-0624
RESERVED
-CVE-2016-0623
- RESERVED
+CVE-2016-0623 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote ...)
NOT-FOR-US: Solaris
CVE-2016-0622
RESERVED
@@ -11212,8 +11207,8 @@
NOT-FOR-US: Oracle
CVE-2016-0480 (Unspecified vulnerability in the Oracle Application Testing Suite ...)
NOT-FOR-US: Oracle
-CVE-2016-0479
- RESERVED
+CVE-2016-0479 (Unspecified vulnerability in the Oracle Business Intelligence ...)
+ TODO: check
CVE-2016-0478 (Unspecified vulnerability in the Oracle Application Testing Suite ...)
NOT-FOR-US: Oracle
CVE-2016-0477 (Unspecified vulnerability in the Oracle Application Testing Suite ...)
@@ -11232,11 +11227,10 @@
NOT-FOR-US: Oracle
CVE-2016-0470 (Unspecified vulnerability in the Oracle BI Publisher component in ...)
NOT-FOR-US: Oracle
-CVE-2016-0469
- RESERVED
+CVE-2016-0469 (Unspecified vulnerability in the Oracle Retail MICROS C2 component in ...)
NOT-FOR-US: Oracle Retail
-CVE-2016-0468
- RESERVED
+CVE-2016-0468 (Unspecified vulnerability in the Oracle Business Intelligence ...)
+ TODO: check
CVE-2016-0467 (Unspecified vulnerability in the Security component in Oracle Database ...)
NOT-FOR-US: Oracle
CVE-2016-0466 (Unspecified vulnerability in the Java SE, Java SE Embedded, and ...)
@@ -11363,10 +11357,10 @@
RESERVED
CVE-2016-0409 (Unspecified vulnerability in the PeopleSoft Enterprise HCM Global ...)
NOT-FOR-US: Oracle
-CVE-2016-0408
- RESERVED
-CVE-2016-0407
- RESERVED
+CVE-2016-0408 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
+ TODO: check
+CVE-2016-0407 (Unspecified vulnerability in the PeopleSoft Enterprise HCM component ...)
+ TODO: check
CVE-2016-0406 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...)
NOT-FOR-US: Oracle
CVE-2016-0405 (Unspecified vulnerability in the Solaris Cluster component in Oracle ...)
@@ -14516,12 +14510,10 @@
[wheezy] - libsndfile <no-dsa> (Minor issue)
NOTE: http://www.nemux.org/2015/10/13/libsndfile-1-0-25-heap-overflow/
NOTE: https://www.exploit-db.com/exploits/38447/
-CVE-2015-7802 [Global buffer under-read]
- RESERVED
+CVE-2015-7802 (gifread.c in gif2png, as used in OptiPNG before 0.7.6, allows remote ...)
- optipng 0.7.6-1 (unimportant; bug #801700)
NOTE: Not a security flaw as the under-read does not depend on input
-CVE-2015-7801 [Use after free]
- RESERVED
+CVE-2015-7801 (Use-after-free vulnerability in OptiPNG 0.6.4 allows remote attackers ...)
{DLA-332-1}
- optipng 0.7.5-1
[wheezy] - optipng 0.6.4-1+deb7u1
@@ -18239,8 +18231,8 @@
TODO: check
CVE-2015-6480 (The MessageBrokerServlet servlet in Moxa OnCell Central Manager before ...)
TODO: check
-CVE-2015-6479
- RESERVED
+CVE-2015-6479 (ACEmanager in Sierra Wireless ALEOS 4.4.2 and earlier on ES440, ES450, ...)
+ TODO: check
CVE-2015-6478 (Unitronics VisiLogic OPLC IDE before 9.8.02 does not properly restrict ...)
TODO: check
CVE-2015-6477 (Multiple cross-site scripting (XSS) vulnerabilities in the Wind Farm ...)
@@ -18477,8 +18469,7 @@
TODO: check
CVE-2015-6361 (The administrative web interface on Cisco DPC3939 (XB3) devices with ...)
TODO: check
-CVE-2015-6360
- RESERVED
+CVE-2015-6360 (The encryption-processing feature in Cisco libSRTP before 1.5.3 allows ...)
{DSA-3539-1 DLA-393-1}
[experimental] - srtp 1.5.3~dfsg-1
- srtp 1.4.5~20130609~dfsg-1.2 (bug #807698)
More information about the Secure-testing-commits
mailing list