[Secure-testing-commits] r47298 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Wed Dec 21 21:10:12 UTC 2016
Author: sectracker
Date: 2016-12-21 21:10:12 +0000 (Wed, 21 Dec 2016)
New Revision: 47298
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-12-21 20:19:43 UTC (rev 47297)
+++ data/CVE/list 2016-12-21 21:10:12 UTC (rev 47298)
@@ -1,14 +1,250 @@
+CVE-2017-3894
+ RESERVED
+CVE-2017-3893
+ RESERVED
+CVE-2017-3892
+ RESERVED
+CVE-2017-3891
+ RESERVED
+CVE-2017-3890
+ RESERVED
+CVE-2017-3889
+ RESERVED
+CVE-2017-3888
+ RESERVED
+CVE-2017-3887
+ RESERVED
+CVE-2017-3886
+ RESERVED
+CVE-2017-3885
+ RESERVED
+CVE-2017-3884
+ RESERVED
+CVE-2017-3883
+ RESERVED
+CVE-2017-3882
+ RESERVED
+CVE-2017-3881
+ RESERVED
+CVE-2017-3880
+ RESERVED
+CVE-2017-3879
+ RESERVED
+CVE-2017-3878
+ RESERVED
+CVE-2017-3877
+ RESERVED
+CVE-2017-3876
+ RESERVED
+CVE-2017-3875
+ RESERVED
+CVE-2017-3874
+ RESERVED
+CVE-2017-3873
+ RESERVED
+CVE-2017-3872
+ RESERVED
+CVE-2017-3871
+ RESERVED
+CVE-2017-3870
+ RESERVED
+CVE-2017-3869
+ RESERVED
+CVE-2017-3868
+ RESERVED
+CVE-2017-3867
+ RESERVED
+CVE-2017-3866
+ RESERVED
+CVE-2017-3865
+ RESERVED
+CVE-2017-3864
+ RESERVED
+CVE-2017-3863
+ RESERVED
+CVE-2017-3862
+ RESERVED
+CVE-2017-3861
+ RESERVED
+CVE-2017-3860
+ RESERVED
+CVE-2017-3859
+ RESERVED
+CVE-2017-3858
+ RESERVED
+CVE-2017-3857
+ RESERVED
+CVE-2017-3856
+ RESERVED
+CVE-2017-3855
+ RESERVED
+CVE-2017-3854
+ RESERVED
+CVE-2017-3853
+ RESERVED
+CVE-2017-3852
+ RESERVED
+CVE-2017-3851
+ RESERVED
+CVE-2017-3850
+ RESERVED
+CVE-2017-3849
+ RESERVED
+CVE-2017-3848
+ RESERVED
+CVE-2017-3847
+ RESERVED
+CVE-2017-3846
+ RESERVED
+CVE-2017-3845
+ RESERVED
+CVE-2017-3844
+ RESERVED
+CVE-2017-3843
+ RESERVED
+CVE-2017-3842
+ RESERVED
+CVE-2017-3841
+ RESERVED
+CVE-2017-3840
+ RESERVED
+CVE-2017-3839
+ RESERVED
+CVE-2017-3838
+ RESERVED
+CVE-2017-3837
+ RESERVED
+CVE-2017-3836
+ RESERVED
+CVE-2017-3835
+ RESERVED
+CVE-2017-3834
+ RESERVED
+CVE-2017-3833
+ RESERVED
+CVE-2017-3832
+ RESERVED
+CVE-2017-3831
+ RESERVED
+CVE-2017-3830
+ RESERVED
+CVE-2017-3829
+ RESERVED
+CVE-2017-3828
+ RESERVED
+CVE-2017-3827
+ RESERVED
+CVE-2017-3826
+ RESERVED
+CVE-2017-3825
+ RESERVED
+CVE-2017-3824
+ RESERVED
+CVE-2017-3823
+ RESERVED
+CVE-2017-3822
+ RESERVED
+CVE-2017-3821
+ RESERVED
+CVE-2017-3820
+ RESERVED
+CVE-2017-3819
+ RESERVED
+CVE-2017-3818
+ RESERVED
+CVE-2017-3817
+ RESERVED
+CVE-2017-3816
+ RESERVED
+CVE-2017-3815
+ RESERVED
+CVE-2017-3814
+ RESERVED
+CVE-2017-3813
+ RESERVED
+CVE-2017-3812
+ RESERVED
+CVE-2017-3811
+ RESERVED
+CVE-2017-3810
+ RESERVED
+CVE-2017-3809
+ RESERVED
+CVE-2017-3808
+ RESERVED
+CVE-2017-3807
+ RESERVED
+CVE-2017-3806
+ RESERVED
+CVE-2017-3805
+ RESERVED
+CVE-2017-3804
+ RESERVED
+CVE-2017-3803
+ RESERVED
+CVE-2017-3802
+ RESERVED
+CVE-2017-3801
+ RESERVED
+CVE-2017-3800
+ RESERVED
+CVE-2017-3799
+ RESERVED
+CVE-2017-3798
+ RESERVED
+CVE-2017-3797
+ RESERVED
+CVE-2017-3796
+ RESERVED
+CVE-2017-3795
+ RESERVED
+CVE-2017-3794
+ RESERVED
+CVE-2017-3793
+ RESERVED
+CVE-2017-3792
+ RESERVED
+CVE-2017-3791
+ RESERVED
+CVE-2017-3790
+ RESERVED
+CVE-2016-5103
+ REJECTED
+ TODO: check
+CVE-2016-10023
+ RESERVED
+CVE-2016-10022
+ RESERVED
+CVE-2016-10021
+ RESERVED
+CVE-2016-10020
+ RESERVED
+CVE-2016-10019
+ RESERVED
+CVE-2016-10018
+ RESERVED
+CVE-2016-10017
+ RESERVED
+CVE-2016-10016
+ RESERVED
+CVE-2016-10015
+ RESERVED
+CVE-2016-10014
+ RESERVED
CVE-2016-10026 [authorization bypass when reverting changes]
+ RESERVED
- ikiwiki 3.20161219
NOTE: http://ikiwiki.info/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed/
NOTE: Fix: http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=9cada49ed6ad24556dbe9861ad5b0a9f526167f9
NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/7
CVE-2016-10025 [x86: missing NULL pointer check in VMFUNC emulation]
+ RESERVED
- xen <unfixed>
[jessie] - xen <not-affected> (Vulnerable code introduced later)
[wheezy] - xen <not-affected> (Vulnerable code introduced later)
NOTE: https://xenbits.xen.org/xsa/advisory-203.html
CVE-2016-10024 [x86 PV guests may be able to mask interrupts]
+ RESERVED
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-202.html
CVE-2016-XXXX [display: virtio-gpu-3d: OOB access while reading virgl capabilities]
@@ -235,9 +471,11 @@
CVE-2016-10000
RESERVED
CVE-2016-10013 [x86: Mishandling of SYSCALL singlestep during emulation]
+ RESERVED
- xen <unfixed> (bug #848713)
NOTE: https://xenbits.xen.org/xsa/advisory-204.html
CVE-2016-10012 [sshd(8): shared memory manager bounds checks that could be elided by some optimising compilers potentially allow attacks against the privileged monitor process from the sandboxed privilege-separation process]
+ RESERVED
- openssh <unfixed> (low; bug #848717)
[jessie] - openssh <no-dsa> (Minor issue)
NOTE: Fixed in upstream 7.4: https://www.openssh.com/txt/release-7.4
@@ -245,16 +483,19 @@
NOTE: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/monitor.h.diff?r1=1.19&r2=1.20
TODO: check affected versions
CVE-2016-10011 [sshd(8): theoretical leak of host private key material to privilege-separated child processes via realloc()]
+ RESERVED
- openssh <unfixed> (low; bug #848716)
[jessie] - openssh <no-dsa> (Minor issue)
NOTE: Fixed in upstream 7.4: https://www.openssh.com/txt/release-7.4
NOTE: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/authfile.c.diff?r1=1.121&r2=1.122
CVE-2016-10010 [sshd(8): When privilege separation is disabled, forwarded Unix-domain sockets would be created by sshd(8) with the privileges of 'root']
+ RESERVED
- openssh <unfixed> (unimportant; bug #848715)
NOTE: Fixed in upstream 7.4: https://www.openssh.com/txt/release-7.4
NOTE: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/serverloop.c.diff?r1=1.188&r2=1.189
NOTE: Privilege separation is enabled in the Debian package
CVE-2016-10009 [ssh-agent(1): load PKCS#11 modules from paths outside a trusted whitelist]
+ RESERVED
- openssh <unfixed> (low; bug #848714)
[jessie] - openssh <no-dsa> (Minor issue)
NOTE: Fixed in upstream 7.4: https://www.openssh.com/txt/release-7.4
@@ -2439,8 +2680,8 @@
RESERVED
CVE-2016-9758
RESERVED
-CVE-2016-9757
- RESERVED
+CVE-2016-9757 (In the Create Tags page of the Rapid7 Nexpose version 6.4.12 user ...)
+ TODO: check
CVE-2016-9846 [display: virtio-gpu: memory leakage while updating cursor]
RESERVED
- qemu <unfixed> (bug #847382)
@@ -10135,7 +10376,7 @@
CVE-2016-9112 (Floating Point Exception (aka FPE or divide by zero) in ...)
- openjpeg2 <unfixed> (bug #844551)
NOTE: https://github.com/uclouvain/openjpeg/issues/855
-CVE-2016-9111 (Incorrect access control mechanisms in Citrix Receiver Desktop Lock 4.5 ...)
+CVE-2016-9111 (Incorrect access control mechanisms in Citrix Receiver Desktop Lock ...)
NOT-FOR-US: Citrix
CVE-2016-9110
RESERVED
@@ -15766,94 +16007,94 @@
RESERVED
CVE-2016-7301
RESERVED
-CVE-2016-7300
- RESERVED
+CVE-2016-7300 (Untrusted search path vulnerability in Microsoft Auto Updater for Mac ...)
+ TODO: check
CVE-2016-7299
RESERVED
-CVE-2016-7298
- RESERVED
-CVE-2016-7297
- RESERVED
-CVE-2016-7296
- RESERVED
-CVE-2016-7295
- RESERVED
+CVE-2016-7298 (Microsoft Office 2007 SP3, Office 2010 SP2, Word Viewer, Office for ...)
+ TODO: check
+CVE-2016-7297 (The scripting engines in Microsoft Edge allow remote attackers to ...)
+ TODO: check
+CVE-2016-7296 (The scripting engines in Microsoft Edge allow remote attackers to ...)
+ TODO: check
+CVE-2016-7295 (The Common Log File System (CLFS) driver in Microsoft Windows Vista ...)
+ TODO: check
CVE-2016-7294
RESERVED
CVE-2016-7293
RESERVED
-CVE-2016-7292
- RESERVED
-CVE-2016-7291
- RESERVED
-CVE-2016-7290
- RESERVED
-CVE-2016-7289
- RESERVED
-CVE-2016-7288
- RESERVED
-CVE-2016-7287
- RESERVED
-CVE-2016-7286
- RESERVED
+CVE-2016-7292 (The Installer in Microsoft Windows Vista SP2, Windows Server 2008 SP2 ...)
+ TODO: check
+CVE-2016-7291 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office ...)
+ TODO: check
+CVE-2016-7290 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office ...)
+ TODO: check
+CVE-2016-7289 (Microsoft Publisher 2010 SP2 allows remote attackers to execute ...)
+ TODO: check
+CVE-2016-7288 (The scripting engines in Microsoft Edge allow remote attackers to ...)
+ TODO: check
+CVE-2016-7287 (The scripting engines in Microsoft Internet Explorer 11 and Microsoft ...)
+ TODO: check
+CVE-2016-7286 (The scripting engines in Microsoft Edge allow remote attackers to ...)
+ TODO: check
CVE-2016-7285
RESERVED
-CVE-2016-7284
- RESERVED
-CVE-2016-7283
- RESERVED
-CVE-2016-7282
- RESERVED
-CVE-2016-7281
- RESERVED
-CVE-2016-7280
- RESERVED
-CVE-2016-7279
- RESERVED
-CVE-2016-7278
- RESERVED
-CVE-2016-7277
- RESERVED
-CVE-2016-7276
- RESERVED
-CVE-2016-7275
- RESERVED
-CVE-2016-7274
- RESERVED
-CVE-2016-7273
- RESERVED
-CVE-2016-7272
- RESERVED
-CVE-2016-7271
- RESERVED
-CVE-2016-7270
- RESERVED
+CVE-2016-7284 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
+ TODO: check
+CVE-2016-7283 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2016-7282 (Cross-site scripting (XSS) vulnerability in Microsoft Internet ...)
+ TODO: check
+CVE-2016-7281 (The Web Workers implementation in Microsoft Internet Explorer 10 and ...)
+ TODO: check
+CVE-2016-7280 (Cross-site scripting (XSS) vulnerability in Microsoft Edge allows ...)
+ TODO: check
+CVE-2016-7279 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow ...)
+ TODO: check
+CVE-2016-7278 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2016-7277 (Microsoft Office 2016 allows remote attackers to execute arbitrary ...)
+ TODO: check
+CVE-2016-7276 (Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office ...)
+ TODO: check
+CVE-2016-7275 (Microsoft Office 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 mishandles ...)
+ TODO: check
+CVE-2016-7274 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
+ TODO: check
+CVE-2016-7273 (The Graphics component in Microsoft Windows 10 Gold, 1511, and 1607 ...)
+ TODO: check
+CVE-2016-7272 (The Graphics component in Microsoft Windows Vista SP2, Windows Server ...)
+ TODO: check
+CVE-2016-7271 (The Secure Kernel Mode implementation in Microsoft Windows 10 Gold, ...)
+ TODO: check
+CVE-2016-7270 (The Data Provider for SQL Server in Microsoft .NET Framework 4.6.2 ...)
+ TODO: check
CVE-2016-7269
RESERVED
-CVE-2016-7268
- RESERVED
-CVE-2016-7267
- RESERVED
-CVE-2016-7266
- RESERVED
-CVE-2016-7265
- RESERVED
-CVE-2016-7264
- RESERVED
-CVE-2016-7263
- RESERVED
-CVE-2016-7262
- RESERVED
+CVE-2016-7268 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office ...)
+ TODO: check
+CVE-2016-7267 (Microsoft Excel 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 misparses ...)
+ TODO: check
+CVE-2016-7266 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 ...)
+ TODO: check
+CVE-2016-7265 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 ...)
+ TODO: check
+CVE-2016-7264 (Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, ...)
+ TODO: check
+CVE-2016-7263 (Microsoft Excel for Mac 2011 and Excel 2016 for Mac allow remote ...)
+ TODO: check
+CVE-2016-7262 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 ...)
+ TODO: check
CVE-2016-7261
RESERVED
-CVE-2016-7260
- RESERVED
-CVE-2016-7259
- RESERVED
-CVE-2016-7258
- RESERVED
-CVE-2016-7257
- RESERVED
+CVE-2016-7260 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
+ TODO: check
+CVE-2016-7259 (The Graphics Component in the kernel-mode drivers in Microsoft Windows ...)
+ TODO: check
+CVE-2016-7258 (The kernel in Microsoft Windows 10 Gold, 1511, and 1607 and Windows ...)
+ TODO: check
+CVE-2016-7257 (The GDI component in Microsoft Windows Vista SP2, Windows Server 2008 ...)
+ TODO: check
CVE-2016-7256 (atmfd.dll in the Windows font library in Microsoft Windows Vista SP2, ...)
NOT-FOR-US: Microsoft
CVE-2016-7255 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
@@ -15928,8 +16169,8 @@
NOT-FOR-US: Microsoft
CVE-2016-7220 (Virtual Secure Mode in Microsoft Windows 10 allows local users to ...)
NOT-FOR-US: Microsoft
-CVE-2016-7219
- RESERVED
+CVE-2016-7219 (The Crypto driver in Microsoft Windows Vista SP2, Windows Server 2008 ...)
+ TODO: check
CVE-2016-7218 (Bowser.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, ...)
NOT-FOR-US: Microsoft
CVE-2016-7217 (Media Foundation in Microsoft Windows 8.1, Windows Server 2012 Gold ...)
@@ -15954,15 +16195,15 @@
NOT-FOR-US: Microsoft
CVE-2016-7207
RESERVED
-CVE-2016-7206
- RESERVED
+CVE-2016-7206 (Cross-site scripting (XSS) vulnerability in Microsoft Edge allows ...)
+ TODO: check
CVE-2016-7205 (Animation Manager in Microsoft Windows Server 2008 R2 SP1, Windows 7 ...)
NOT-FOR-US: Microsoft
CVE-2016-7204 (Microsoft Edge allows remote attackers to access arbitrary "My ...)
NOT-FOR-US: Microsoft
CVE-2016-7203 (The Chakra JavaScript scripting engine in Microsoft Edge allows remote ...)
NOT-FOR-US: Microsoft
-CVE-2016-7202 (The Chakra JavaScript scripting engine in Microsoft Edge allows remote ...)
+CVE-2016-7202 (The scripting engines in Microsoft Internet Explorer 9 through 11 and ...)
NOT-FOR-US: Microsoft
CVE-2016-7201 (The Chakra JavaScript scripting engine in Microsoft Edge allows remote ...)
NOT-FOR-US: Microsoft
@@ -16004,8 +16245,8 @@
RESERVED
CVE-2016-7182 (The Graphics component in Microsoft Windows Vista SP2; Windows Server ...)
NOT-FOR-US: Microsoft
-CVE-2016-7181
- RESERVED
+CVE-2016-7181 (Microsoft Edge allows remote attackers to execute arbitrary code or ...)
+ TODO: check
CVE-2016-7393 [stack-based buffer overflow in aac_sync (aac_parser.c)]
RESERVED
{DLA-644-1}
@@ -22580,8 +22821,8 @@
NOT-FOR-US: Symantec
CVE-2016-5304 (Open redirect vulnerability in a report-routing component in Symantec ...)
NOT-FOR-US: Symantec
-CVE-2016-5303
- RESERVED
+CVE-2016-5303 (Cross-site scripting (XSS) vulnerability in the Horde Text Filter API ...)
+ TODO: check
CVE-2016-5302 (Citrix XenServer 7.0 before Hotfix XS70E003, when a deployment has ...)
NOT-FOR-US: Citrix
CVE-2015-8935 (The sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x ...)
@@ -24402,8 +24643,7 @@
- libusbmuxd 1.0.10-3 (bug #825554)
[jessie] - libusbmuxd <no-dsa> (Minor issue)
NOTE: https://github.com/libimobiledevice/libusbmuxd/commit/4397b3376dc4e4cb1c991d0aed61ce6482614196
-CVE-2016-4552 [XSS vulnerability in mail content page]
- RESERVED
+CVE-2016-4552 (Cross-site scripting (XSS) vulnerability in Roundcube Webmail before ...)
- roundcube 1.2.0+dfsg.1-1
[wheezy] - roundcube <not-affected> (vulnerable code not present)
NOTE: https://github.com/roundcube/roundcubemail/issues/5240
@@ -28920,7 +29160,7 @@
NOT-FOR-US: Oracle Database
CVE-2016-3466 (Unspecified vulnerability in the Oracle Field Service component in ...)
NOT-FOR-US: Oracle
-CVE-2016-3465 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local ...)
+CVE-2016-3465 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows ...)
NOT-FOR-US: Solaris
CVE-2016-3464 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...)
NOT-FOR-US: Oracle
@@ -32292,8 +32532,8 @@
RESERVED
CVE-2016-2356
RESERVED
-CVE-2016-2355
- RESERVED
+CVE-2016-2355 (SQL injection vulnerability in the REST API in dotCMS before 3.3.2 ...)
+ TODO: check
CVE-2016-2354 (The Bluetooth functionality in Lemur Vehicle Monitors BlueDriver ...)
NOT-FOR-US: Lemur Vehicle Monitors BlueDriver
CVE-2016-2353 (The Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows ...)
More information about the Secure-testing-commits
mailing list