[Secure-testing-commits] r44103 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Mon Aug 22 21:10:12 UTC 2016 

Author: sectracker
Date: 2016-08-22 21:10:11 +0000 (Mon, 22 Aug 2016)
New Revision: 44103

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-08-22 20:24:10 UTC (rev 44102)
+++ data/CVE/list	2016-08-22 21:10:11 UTC (rev 44103)
@@ -1,3 +1,25 @@
+CVE-2016-6901
+	RESERVED
+CVE-2016-6900
+	RESERVED
+CVE-2016-6899
+	RESERVED
+CVE-2016-6898
+	RESERVED
+CVE-2016-6895
+	RESERVED
+CVE-2016-6894
+	RESERVED
+CVE-2016-6892
+	RESERVED
+CVE-2016-6891
+	RESERVED
+CVE-2016-6890
+	RESERVED
+CVE-2016-6889
+	RESERVED
+CVE-2016-6881
+	RESERVED
 CVE-2016-XXXX [Shell outbreak due to bad syntax parse]
 	- lshell <unfixed> (bug #834949)
 	NOTE: https://github.com/ghantoos/lshell/issues/147
@@ -7,16 +29,19 @@
 	NOTE: https://github.com/ghantoos/lshell/issues/149
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/08/22/15
 CVE-2016-6897
+	RESERVED
 	- wordpress <unfixed>
 	NOTE: http://seclists.org/oss-sec/2016/q3/347
 	NOTE: https://sumofpwn.nl/advisory/2016/path_traversal_vulnerability_in_wordpress_core_ajax_handlers.html
 	TODO: check
 CVE-2016-6896
+	RESERVED
 	- wordpress <unfixed>
 	NOTE: http://seclists.org/oss-sec/2016/q3/347
 	NOTE: https://sumofpwn.nl/advisory/2016/path_traversal_vulnerability_in_wordpress_core_ajax_handlers.html
 	TODO: check
 CVE-2016-6893 [CSRF protection needs to be extended to the user options page]
+	RESERVED
 	- mailman <unfixed>
 	NOTE: https://mail.python.org/pipermail/mailman-announce/2016-August/000225.html
 	NOTE: https://bugs.launchpad.net/mailman/+bug/1614841
@@ -110,6 +135,7 @@
 CVE-2016-6823
 	RESERVED
 CVE-2016-6888 [net: vmxnet: integer overflow in packet initialisation]
+	RESERVED
 	- qemu <unfixed> (bug #834902)
 	[jessie] - qemu <no-dsa> (Minor issue)
 	[wheezy] - qemu <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
@@ -619,16 +645,22 @@
 	- imagemagick <unfixed> (bug #833730)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/989f9f88ea6db09b99d25586e912c921c0da8d3f
 CVE-2016-6887 [... wrong calculation result ...]
+	RESERVED
 	- matrixssl <removed>
 CVE-2016-6886 [... crash issue ...]
+	RESERVED
 	- matrixssl <removed>
 CVE-2016-6885 [... Testing MatrixSSL's pstm_exptmod with base zero ...]
+	RESERVED
 	- matrixssl <removed>
 CVE-2016-6884 [Access Violation on Malicious TLS Record]
+	RESERVED
 	- matrixssl <removed>
 CVE-2016-6883 [Side Channel Vulnerability on RSA Cipher Suites]
+	RESERVED
 	- matrixssl <removed>
 CVE-2016-6882 [Validation of RSA Signature Creation]
+	RESERVED
 	- matrixssl <removed>
 CVE-2016-6635 (Cross-site request forgery (CSRF) vulnerability in the ...)
 	- wordpress 4.5+dfsg-1
@@ -1137,8 +1169,8 @@
 	NOTE: Fixed by: https://git.kernel.org/linus/10eec60ce79187686e052092e5383c99b4420a20
 CVE-2016-6495
 	RESERVED
-CVE-2016-6493
-	RESERVED
+CVE-2016-6493 (Citrix XenApp 6.x before 6.5 HRP07 and 7.x before 7.9 and Citrix ...)
+	TODO: check
 CVE-2016-XXXX [bruteforcable challenge responses in unprotected logfile]
 	- mongodb 1:2.6.12-1 (bug #833087)
 	[wheezy] - mongodb 1:2.0.6-1.1+deb7u1
@@ -1521,16 +1553,16 @@
 	RESERVED
 CVE-2016-6364
 	RESERVED
-CVE-2016-6363
-	RESERVED
-CVE-2016-6362
-	RESERVED
-CVE-2016-6361
-	RESERVED
+CVE-2016-6363 (The rate-limit feature in the 802.11 protocol implementation on Cisco ...)
+	TODO: check
+CVE-2016-6362 (Cisco Aironet 1800, 2800, and 3800 devices with software before ...)
+	TODO: check
+CVE-2016-6361 (The Aggregated MAC Protocol Data Unit (AMPDU) implementation on Cisco ...)
+	TODO: check
 CVE-2016-6360
 	RESERVED
-CVE-2016-6359
-	RESERVED
+CVE-2016-6359 (Cross-site scripting (XSS) vulnerability in Cisco Transport Gateway ...)
+	TODO: check
 CVE-2016-6358
 	RESERVED
 CVE-2016-6357
@@ -1607,11 +1639,9 @@
 	RESERVED
 CVE-2016-6321
 	RESERVED
-CVE-2016-6320
-	RESERVED
+CVE-2016-6320 (Cross-site scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: Red Hat Satellite
-CVE-2016-6319
-	RESERVED
+CVE-2016-6319 (Cross-site scripting (XSS) vulnerability in app/helpers/form_helper.rb ...)
 	- foreman <itp> (bug #663101)
 CVE-2016-6318 [Stack-based buffer overflow when parsing large GECOS field]
 	RESERVED
@@ -1840,8 +1870,7 @@
 	TODO: check
 CVE-2016-6256
 	RESERVED
-CVE-2016-6254
-	RESERVED
+CVE-2016-6254 (Heap-based buffer overflow in the parse_packet function in network.c ...)
 	{DSA-3636-1 DLA-575-1}
 	- collectd 5.5.2-1 (bug #832507)
 	NOTE: https://github.com/collectd/collectd/commit/b589096f907052b3a4da2b9ccc9b0e2e888dfc18
@@ -2081,8 +2110,7 @@
 	NOTE: https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html
 	NOTE: Test / Fix: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=1fbee57ef3c72db2206dd87e4162108b2f425555 (libidn-1-33)
 	NOTE: http://www.openwall.com/lists/oss-security/2016/07/20/6
-CVE-2015-8949 [Use after free in my_login() function of DBD::mysql]
-	RESERVED
+CVE-2015-8949 (Use-after-free vulnerability in the my_login function in DBD::mysql ...)
 	{DSA-3635-1 DLA-576-1}
 	- libdbd-mysql-perl 4.035-1
 	NOTE: https://github.com/perl5-dbi/DBD-mysql/pull/45
@@ -3319,8 +3347,8 @@
 	RESERVED
 CVE-2016-5818
 	RESERVED
-CVE-2016-5817
-	RESERVED
+CVE-2016-5817 (SQL injection vulnerability in news pages in Cargotec Navis WebAccess ...)
+	TODO: check
 CVE-2016-5816
 	RESERVED
 CVE-2016-5815
@@ -3467,8 +3495,7 @@
 	TODO: check
 CVE-2015-8937 (drivers/char/diag/diagchar_core.c in the Qualcomm components in ...)
 	TODO: check
-CVE-2014-9906 [use-after-free in mysql_dr_error]
-	RESERVED
+CVE-2014-9906 (Use-after-free vulnerability in DBD::mysql before 4.029 allows ...)
 	{DSA-3635-1 DLA-576-1}
 	- libdbd-mysql-perl 4.033-1
 	NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=97625
@@ -3747,8 +3774,8 @@
 	- phpmyadmin 4:4.6.3-1
 CVE-2016-5738
 	RESERVED
-CVE-2016-5736
-	RESERVED
+CVE-2016-5736 (The default configuration of the IPsec IKE peer listener in F5 BIG-IP ...)
+	TODO: check
 CVE-2016-5735
 	RESERVED
 CVE-2016-5734 (phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x ...)
@@ -4609,8 +4636,7 @@
 	NOTE: kubernetes entered experimental only so far
 CVE-2016-5391
 	RESERVED
-CVE-2016-5390
-	RESERVED
+CVE-2016-5390 (Foreman before 1.11.4 and 1.12.x before 1.12.1 allow remote ...)
 	- foreman <itp> (bug #663101)
 CVE-2016-5696 (net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly ...)
 	- linux <unfixed>
@@ -6217,8 +6243,7 @@
 CVE-2016-4996
 	RESERVED
 	- foreman <itp> (bug #663101)
-CVE-2016-4995
-	RESERVED
+CVE-2016-4995 (Foreman before 1.11.4 and 1.12.x before 1.12.1 does not properly ...)
 	- foreman <itp> (bug #663101)
 CVE-2016-4994 (Use-after-free vulnerability in the xcf_load_image function in ...)
 	{DSA-3612-1 DLA-525-1}
@@ -7995,8 +8020,7 @@
 	NOTE: http://xenbits.xen.org/xsa/advisory-176.html
 CVE-2016-4479
 	RESERVED
-CVE-2016-4475
-	RESERVED
+CVE-2016-4475 (The (1) Organization and (2) Locations APIs and UIs in Foreman before ...)
 	- foreman <itp> (bug #663101)
 CVE-2016-4474 (The image build process for the overcloud images in Red Hat OpenStack ...)
 	NOT-FOR-US: Red Hat OpenStack Overcloud image
@@ -8064,8 +8088,7 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1336650
 CVE-2016-4452
 	RESERVED
-CVE-2016-4451
-	RESERVED
+CVE-2016-4451 (The (1) Organization and (2) Locations APIs in Foreman before 1.11.3 ...)
 	- foreman <itp> (bug #663101)
 CVE-2016-4450 (os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 ...)
 	{DSA-3592-1}
@@ -8288,10 +8311,10 @@
 	RESERVED
 CVE-2016-4378
 	RESERVED
-CVE-2016-4377
-	RESERVED
-CVE-2016-4376
-	RESERVED
+CVE-2016-4377 (HPE Smart Update in Storage Sizing Tool before 13.0, Converged ...)
+	TODO: check
+CVE-2016-4376 (HPE FOS before 7.4.1d and 8.x before 8.0.1 on StoreFabric B switches ...)
+	TODO: check
 CVE-2016-4375
 	RESERVED
 CVE-2016-4374 (HPE Release Control (RC) 9.13, 9.20, and 9.21 before 9.21.0005 p4 ...)
@@ -11450,13 +11473,12 @@
 	TODO: check
 CVE-2016-3196 (Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x ...)
 	TODO: check
-CVE-2016-3195
-	RESERVED
+CVE-2016-3195 (Cross-site scripting (XSS) vulnerability in the Web-UI in Fortinet ...)
 	NOT-FOR-US: Oracle
-CVE-2016-3194
-	RESERVED
-CVE-2016-3193
-	RESERVED
+CVE-2016-3194 (Cross-site scripting (XSS) vulnerability in the address added page in ...)
+	TODO: check
+CVE-2016-3193 (Cross-site scripting (XSS) vulnerability in the appliance ...)
+	TODO: check
 CVE-2016-3192
 	RESERVED
 CVE-2016-3190 (The fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor.c ...)
@@ -11711,8 +11733,7 @@
 	RESERVED
 CVE-2016-3090
 	RESERVED
-CVE-2016-3089
-	RESERVED
+CVE-2016-3089 (Cross-site scripting (XSS) vulnerability in the SWF panel in Apache ...)
 	NOT-FOR-US: Apache OpenMeetings
 CVE-2016-3088 (The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 ...)
 	- activemq <unfixed>
@@ -17653,8 +17674,8 @@
 	RESERVED
 CVE-2016-1486
 	RESERVED
-CVE-2016-1485
-	RESERVED
+CVE-2016-1485 (Cross-site scripting (XSS) vulnerability in Cisco Identity Services ...)
+	TODO: check
 CVE-2016-1484
 	RESERVED
 CVE-2016-1483
@@ -17665,14 +17686,14 @@
 	RESERVED
 CVE-2016-1480
 	RESERVED
-CVE-2016-1479
-	RESERVED
+CVE-2016-1479 (Cisco IP Phone 8800 devices with software 11.0(1) allow remote ...)
+	TODO: check
 CVE-2016-1478 (Cisco IOS 15.5(3)S3, 15.6(1)S2, 15.6(2)S1, and 15.6(2)T1 does not ...)
 	TODO: check
 CVE-2016-1477
 	RESERVED
-CVE-2016-1476
-	RESERVED
+CVE-2016-1476 (Cross-site scripting (XSS) vulnerability on Cisco IP Phone 8800 ...)
+	TODO: check
 CVE-2016-1475
 	RESERVED
 CVE-2016-1474 (Cisco Prime Infrastructure 2.2(2) does not properly restrict use of ...)
@@ -19604,8 +19625,8 @@
 	RESERVED
 CVE-2016-0916 (EMC NetWorker 8.2.1.x and 8.2.2.x before 8.2.2.6 and 9.x before ...)
 	NOT-FOR-US: EMC NetWorker
-CVE-2016-0915
-	RESERVED
+CVE-2016-0915 (The Self-Service Portal in EMC RSA Authentication Manager (AM) Prime ...)
+	TODO: check
 CVE-2016-0914 (EMC Documentum WebTop 6.8 before Patch 13 and 6.8.1 before Patch 02, ...)
 	NOT-FOR-US: EMC Documentum WebTop and WebTop Clients
 CVE-2016-0913
@@ -20060,8 +20081,7 @@
 	RESERVED
 CVE-2016-0761
 	RESERVED
-CVE-2016-0760
-	RESERVED
+CVE-2016-0760 (Multiple incomplete blacklist vulnerabilities in Apache Sentry before ...)
 	NOT-FOR-US: Apache Hive
 CVE-2016-0759
 	RESERVED
@@ -23759,8 +23779,8 @@
 	{DSA-3398-1 DLA-345-1}
 	- strongswan 5.3.3-3
 	NOTE: https://www.strongswan.org/blog/2015/11/16/strongswan-vulnerability-%28cve-2015-8023%29.html
-CVE-2015-8022
-	RESERVED
+CVE-2015-8022 (The Configuration utility in F5 BIG-IP LTM, Analytics, APM, ASM, GTM, ...)
+	TODO: check
 CVE-2015-8021 (Incomplete blacklist vulnerability in the Configuration utility in F5 ...)
 	TODO: check
 CVE-2015-8020

More information about the Secure-testing-commits mailing list