[Secure-testing-commits] r39616 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Thu Feb 11 21:10:14 UTC 2016
Author: sectracker
Date: 2016-02-11 21:10:14 +0000 (Thu, 11 Feb 2016)
New Revision: 39616
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-02-11 20:34:46 UTC (rev 39615)
+++ data/CVE/list 2016-02-11 21:10:14 UTC (rev 39616)
@@ -1,3 +1,141 @@
+CVE-2016-2311
+ RESERVED
+CVE-2016-2310
+ RESERVED
+CVE-2016-2309
+ RESERVED
+CVE-2016-2308
+ RESERVED
+CVE-2016-2307
+ RESERVED
+CVE-2016-2306
+ RESERVED
+CVE-2016-2305
+ RESERVED
+CVE-2016-2304
+ RESERVED
+CVE-2016-2303
+ RESERVED
+CVE-2016-2302
+ RESERVED
+CVE-2016-2301
+ RESERVED
+CVE-2016-2300
+ RESERVED
+CVE-2016-2299
+ RESERVED
+CVE-2016-2298
+ RESERVED
+CVE-2016-2297
+ RESERVED
+CVE-2016-2296
+ RESERVED
+CVE-2016-2295
+ RESERVED
+CVE-2016-2294
+ RESERVED
+CVE-2016-2293
+ RESERVED
+CVE-2016-2292
+ RESERVED
+CVE-2016-2291
+ RESERVED
+CVE-2016-2290
+ RESERVED
+CVE-2016-2289
+ RESERVED
+CVE-2016-2288
+ RESERVED
+CVE-2016-2287
+ RESERVED
+CVE-2016-2286
+ RESERVED
+CVE-2016-2285
+ RESERVED
+CVE-2016-2284
+ RESERVED
+CVE-2016-2283
+ RESERVED
+CVE-2016-2282
+ RESERVED
+CVE-2016-2281
+ RESERVED
+CVE-2016-2280
+ RESERVED
+CVE-2016-2279
+ RESERVED
+CVE-2016-2278
+ RESERVED
+CVE-2016-2277
+ RESERVED
+CVE-2016-2276
+ RESERVED
+CVE-2016-2275
+ RESERVED
+CVE-2016-2274
+ RESERVED
+CVE-2016-2273
+ RESERVED
+CVE-2016-2272
+ RESERVED
+CVE-2016-2271
+ RESERVED
+CVE-2016-2270
+ RESERVED
+CVE-2016-2269
+ RESERVED
+CVE-2016-2268 (Dell SecureWorks app before 2.1 for iOS does not validate SSL ...)
+ TODO: check
+CVE-2016-2267
+ RESERVED
+CVE-2016-2266
+ RESERVED
+CVE-2016-2265
+ RESERVED
+CVE-2016-2264
+ RESERVED
+CVE-2016-2263
+ RESERVED
+CVE-2016-2262
+ RESERVED
+CVE-2016-2261
+ RESERVED
+CVE-2016-2260
+ RESERVED
+CVE-2016-2259
+ RESERVED
+CVE-2016-2258
+ RESERVED
+CVE-2016-2257
+ RESERVED
+CVE-2016-2256
+ RESERVED
+CVE-2016-2255
+ RESERVED
+CVE-2016-2254
+ RESERVED
+CVE-2016-2253
+ RESERVED
+CVE-2016-2252
+ RESERVED
+CVE-2016-2251
+ RESERVED
+CVE-2016-2250
+ RESERVED
+CVE-2016-2249
+ RESERVED
+CVE-2016-2248
+ RESERVED
+CVE-2016-2247
+ RESERVED
+CVE-2016-2246
+ RESERVED
+CVE-2016-2245
+ RESERVED
+CVE-2016-2244
+ RESERVED
+CVE-2016-2243
+ RESERVED
CVE-2015-8812 [Flaw in CXGB3 driver]
- linux <unfixed>
- linux-2.6 <removed>
@@ -7,6 +145,7 @@
NOTE: Introduced by: https://git.kernel.org/linus/04b5d028f50ff05a8f9ae049ee71f8fdfcf1f5de (v2.6.30-rc2)
TODO: check versions
CVE-2016-2313 [Authentication using web authentication as a user not in the cacti database allows complete access]
+ RESERVED
- cacti <unfixed> (bug #814353)
NOTE: http://svn.cacti.net/viewvc/cacti/tags/0.8.8g/docs/CHANGELOG?revision=7788&view=markup
NOTE: http://bugs.cacti.net/view.php?id=2656
@@ -15,6 +154,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/02/09/3
NOTE: Issue might be disputed, see maintainers comment in https://bugs.debian.org/814353#10
CVE-2016-2312 [KDE lockscreen bypass by switching display off and on]
+ RESERVED
- plasma-workspace <unfixed> (bug #814355)
NOTE: Affects plasma-workspace < 5.5.0, kscreenlocker < 5.5.5
NOTE: kscreenlocker is only in experimental
@@ -59,8 +199,8 @@
RESERVED
CVE-2016-2231
RESERVED
-CVE-2016-2230
- RESERVED
+CVE-2016-2230 (OpenELEC and RasPlex devices have a hardcoded password for the root ...)
+ TODO: check
CVE-2016-2229
RESERVED
CVE-2016-2227
@@ -74,6 +214,7 @@
CVE-2015-8809
RESERVED
CVE-2014-9765 [Buffer overflow]
+ RESERVED
- xdelta3 <unfixed> (bug #814067)
NOTE: https://github.com/jmacd/xdelta-devel/commit/ef93ff74203e030073b898c05e8b4860b5d09ef2
NOTE: http://www.openwall.com/lists/oss-security/2016/02/08/1
@@ -116,8 +257,8 @@
NOTE: https://nodejs.org/en/blog/vulnerability/february-2016-security-releases/
CVE-2016-2215
RESERVED
-CVE-2016-2214
- RESERVED
+CVE-2016-2214 (Cross-site scripting (XSS) vulnerability in an unspecified portal ...)
+ TODO: check
CVE-2016-2212
RESERVED
CVE-2016-2211
@@ -140,10 +281,10 @@
RESERVED
CVE-2016-2202
RESERVED
-CVE-2016-2201
- RESERVED
-CVE-2016-2200
- RESERVED
+CVE-2016-2201 (Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote ...)
+ TODO: check
+CVE-2016-2200 (Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote ...)
+ TODO: check
CVE-2015-8802
RESERVED
CVE-2015-8801
@@ -582,8 +723,7 @@
NOTE: https://github.com/Matroska-Org/libebml/commit/88409e2a94dd3b40ff81d08bf6d92f486d036b24
CVE-2015-8788
RESERVED
-CVE-2016-2091 [an out of bound read is found in libdwarf]
- RESERVED
+CVE-2016-2091 (The dwarf_read_cie_fde_prefix function in dwarf_frame2.c in libdwarf ...)
- dwarfutils <unfixed> (bug #813148)
[wheezy] - dwarfutils <no-dsa> (Minor issue)
[jessie] - dwarfutils <no-dsa> (Minor issue)
@@ -600,8 +740,7 @@
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=93881
NOTE: Fixed by: http://cgit.freedesktop.org/libbsd/commit/?id=c8f0723d2b4520bdd6b9eb7c3e7976de726d7ff7 (0.8.2)
NOTE: Introduced by: http://cgit.freedesktop.org/libbsd/commit/?id=a97ce513e031b29a47965b740be14fb9a84277fc (0.5.0)
-CVE-2016-2089 [matrix rows_ NULL pointer dereference in jas_matrix_clip()]
- RESERVED
+CVE-2016-2089 (The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows ...)
- jasper <unfixed> (bug #812978)
[jessie] - jasper <no-dsa> (Minor issue)
[wheezy] - jasper <no-dsa> (Minor issue)
@@ -712,8 +851,7 @@
TODO: check
CVE-2016-2051 (Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, ...)
TODO: check
-CVE-2016-2048
- RESERVED
+CVE-2016-2048 (Django 1.9.x before 1.9.2, when ModelAdmin.save_as is set to True, ...)
- python-django 1.9.2-1 (bug #813448)
[jessie] - python-django <not-affected> (Only affects 1.9)
[wheezy] - python-django <not-affected> (Only affects 1.9)
@@ -2652,14 +2790,14 @@
RESERVED
CVE-2016-1320
RESERVED
-CVE-2016-1319
- RESERVED
-CVE-2016-1318
- RESERVED
-CVE-2016-1317
- RESERVED
-CVE-2016-1316
- RESERVED
+CVE-2016-1319 (Cisco Unified Communications Manager (aka CallManager) ...)
+ TODO: check
+CVE-2016-1318 (Cross-site scripting (XSS) vulnerability in Cisco Application Policy ...)
+ TODO: check
+CVE-2016-1317 (Cisco Unified Communications Manager 11.5(0.98000.480) allows remote ...)
+ TODO: check
+CVE-2016-1316 (Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7, ...)
+ TODO: check
CVE-2016-1315
RESERVED
CVE-2016-1314
@@ -3904,50 +4042,50 @@
RESERVED
CVE-2016-0986
RESERVED
-CVE-2016-0985
- RESERVED
-CVE-2016-0984
- RESERVED
-CVE-2016-0983
- RESERVED
-CVE-2016-0982
- RESERVED
-CVE-2016-0981
- RESERVED
-CVE-2016-0980
- RESERVED
-CVE-2016-0979
- RESERVED
-CVE-2016-0978
- RESERVED
-CVE-2016-0977
- RESERVED
-CVE-2016-0976
- RESERVED
-CVE-2016-0975
- RESERVED
-CVE-2016-0974
- RESERVED
-CVE-2016-0973
- RESERVED
-CVE-2016-0972
- RESERVED
-CVE-2016-0971
- RESERVED
-CVE-2016-0970
- RESERVED
-CVE-2016-0969
- RESERVED
-CVE-2016-0968
- RESERVED
-CVE-2016-0967
- RESERVED
-CVE-2016-0966
- RESERVED
-CVE-2016-0965
- RESERVED
-CVE-2016-0964
- RESERVED
+CVE-2016-0985 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before ...)
+ TODO: check
+CVE-2016-0984 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 ...)
+ TODO: check
+CVE-2016-0983 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 ...)
+ TODO: check
+CVE-2016-0982 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 ...)
+ TODO: check
+CVE-2016-0981 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before ...)
+ TODO: check
+CVE-2016-0980 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before ...)
+ TODO: check
+CVE-2016-0979 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before ...)
+ TODO: check
+CVE-2016-0978 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before ...)
+ TODO: check
+CVE-2016-0977 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before ...)
+ TODO: check
+CVE-2016-0976 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before ...)
+ TODO: check
+CVE-2016-0975 (Use-after-free vulnerability in the instanceof function in Adobe Flash ...)
+ TODO: check
+CVE-2016-0974 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 ...)
+ TODO: check
+CVE-2016-0973 (Use-after-free vulnerability in the URLRequest object implementation ...)
+ TODO: check
+CVE-2016-0972 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before ...)
+ TODO: check
+CVE-2016-0971 (Heap-based buffer overflow in Adobe Flash Player before 18.0.0.329 and ...)
+ TODO: check
+CVE-2016-0970 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before ...)
+ TODO: check
+CVE-2016-0969 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before ...)
+ TODO: check
+CVE-2016-0968 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before ...)
+ TODO: check
+CVE-2016-0967 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before ...)
+ TODO: check
+CVE-2016-0966 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before ...)
+ TODO: check
+CVE-2016-0965 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before ...)
+ TODO: check
+CVE-2016-0964 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before ...)
+ TODO: check
CVE-2016-0963
RESERVED
CVE-2016-0962
@@ -3958,29 +4096,28 @@
RESERVED
CVE-2016-0959
RESERVED
-CVE-2016-0958
- RESERVED
-CVE-2016-0957
- RESERVED
-CVE-2016-0956
- RESERVED
+CVE-2016-0958 (Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 might allow remote ...)
+ TODO: check
+CVE-2016-0957 (Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and ...)
+ TODO: check
+CVE-2016-0956 (The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe ...)
NOT-FOR-US: Apache Sling
-CVE-2016-0955
- RESERVED
+CVE-2016-0955 (Cross-site scripting (XSS) vulnerability in Adobe Experience Manager ...)
+ TODO: check
CVE-2016-0954
RESERVED
-CVE-2016-0953
- RESERVED
-CVE-2016-0952
- RESERVED
-CVE-2016-0951
- RESERVED
-CVE-2016-0950
- RESERVED
-CVE-2016-0949
- RESERVED
-CVE-2016-0948
- RESERVED
+CVE-2016-0953 (Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before ...)
+ TODO: check
+CVE-2016-0952 (Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before ...)
+ TODO: check
+CVE-2016-0951 (Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before ...)
+ TODO: check
+CVE-2016-0950 (Adobe Connect before 95.2 allows remote attackers to spoof the user ...)
+ TODO: check
+CVE-2016-0949 (Adobe Connect before 95.2 allows remote attackers to have an ...)
+ TODO: check
+CVE-2016-0948 (Cross-site request forgery (CSRF) vulnerability in Adobe Connect ...)
+ TODO: check
CVE-2016-0947 (Untrusted search path vulnerability in Adobe Download Manager, as used ...)
NOT-FOR-US: Adobe
CVE-2016-0946 (Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC ...)
@@ -4655,6 +4792,7 @@
RESERVED
CVE-2016-0747 [CNAME resolution was insufficiently limited]
RESERVED
+ {DSA-3473-1}
- nginx 1.9.10-1 (bug #812806)
[squeeze] - nginx <not-affected> (Vulnerable code not present)
NOTE: http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html
@@ -4662,6 +4800,7 @@
NOTE: https://github.com/nginx/nginx/commit/fe89d99796d42b86816e17d9c87ab16964768024 (release-1.9.10)
CVE-2016-0746 [Use-after-free condition might occur during CNAME response processing]
RESERVED
+ {DSA-3473-1}
- nginx 1.9.10-1 (bug #812806)
[squeeze] - nginx <not-affected> (Vulnerable code not present)
NOTE: http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html
@@ -4675,7 +4814,7 @@
RESERVED
CVE-2016-0742 [Invalid pointer dereference might occur during DNS server response processing]
RESERVED
- {DLA-404-1}
+ {DSA-3473-1 DLA-404-1}
- nginx 1.9.10-1 (bug #812806)
NOTE: http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html
NOTE: https://github.com/nginx/nginx/commit/c44fd4e837f979912749a5a19490ccb9b46398d3 (release-1.9.10)
@@ -5259,8 +5398,8 @@
NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0604
RESERVED
-CVE-2016-0603
- RESERVED
+CVE-2016-0603 (Unspecified vulnerability in the Java SE component in Oracle Java SE ...)
+ TODO: check
CVE-2016-0602 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
- virtualbox <not-affected> (VirtualBox Windows Installer component)
NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixOVIR
@@ -6520,22 +6659,22 @@
RESERVED
CVE-2016-0085
RESERVED
-CVE-2016-0084
- RESERVED
+CVE-2016-0084 (Microsoft Edge allows remote attackers to execute arbitrary code or ...)
+ TODO: check
CVE-2016-0083
RESERVED
CVE-2016-0082
RESERVED
CVE-2016-0081
RESERVED
-CVE-2016-0080
- RESERVED
+CVE-2016-0080 (Microsoft Edge mishandles exceptions during window-message dispatch ...)
+ TODO: check
CVE-2016-0079
RESERVED
CVE-2016-0078
RESERVED
-CVE-2016-0077
- RESERVED
+CVE-2016-0077 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge misparse ...)
+ TODO: check
CVE-2016-0076
RESERVED
CVE-2016-0075
@@ -6544,86 +6683,86 @@
RESERVED
CVE-2016-0073
RESERVED
-CVE-2016-0072
- RESERVED
-CVE-2016-0071
- RESERVED
+CVE-2016-0072 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2016-0071 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
+ TODO: check
CVE-2016-0070
RESERVED
CVE-2016-0069
RESERVED
CVE-2016-0068
RESERVED
-CVE-2016-0067
- RESERVED
+CVE-2016-0067 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
+ TODO: check
CVE-2016-0066
RESERVED
CVE-2016-0065
RESERVED
-CVE-2016-0064
- RESERVED
-CVE-2016-0063
- RESERVED
-CVE-2016-0062
- RESERVED
-CVE-2016-0061
- RESERVED
-CVE-2016-0060
- RESERVED
-CVE-2016-0059
- RESERVED
-CVE-2016-0058
- RESERVED
+CVE-2016-0064 (Microsoft Internet Explorer 10 allows remote attackers to execute ...)
+ TODO: check
+CVE-2016-0063 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2016-0062 (Microsoft Internet Explorer 11 and Microsoft Edge allow remote ...)
+ TODO: check
+CVE-2016-0061 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow ...)
+ TODO: check
+CVE-2016-0060 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow ...)
+ TODO: check
+CVE-2016-0059 (The Hyperlink Object Library in Microsoft Internet Explorer 9 through ...)
+ TODO: check
+CVE-2016-0058 (Buffer overflow in the PDF Library in Microsoft Windows 8.1, Windows ...)
+ TODO: check
CVE-2016-0057
RESERVED
-CVE-2016-0056
- RESERVED
-CVE-2016-0055
- RESERVED
-CVE-2016-0054
- RESERVED
-CVE-2016-0053
- RESERVED
-CVE-2016-0052
- RESERVED
-CVE-2016-0051
- RESERVED
-CVE-2016-0050
- RESERVED
-CVE-2016-0049
- RESERVED
-CVE-2016-0048
- RESERVED
-CVE-2016-0047
- RESERVED
-CVE-2016-0046
- RESERVED
+CVE-2016-0056 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 ...)
+ TODO: check
+CVE-2016-0055 (Microsoft Office 2007 SP3 allows remote attackers to execute arbitrary ...)
+ TODO: check
+CVE-2016-0054 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 ...)
+ TODO: check
+CVE-2016-0053 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 ...)
+ TODO: check
+CVE-2016-0052 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 ...)
+ TODO: check
+CVE-2016-0051 (The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 ...)
+ TODO: check
+CVE-2016-0050 (Network Policy Server (NPS) in Microsoft Windows Server 2008 SP2 and ...)
+ TODO: check
+CVE-2016-0049 (Kerberos in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
+ TODO: check
+CVE-2016-0048 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
+ TODO: check
+CVE-2016-0047 (WinForms in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, ...)
+ TODO: check
+CVE-2016-0046 (Windows Reader in Microsoft Windows 8.1, Windows Server 2012 Gold and ...)
+ TODO: check
CVE-2016-0045
RESERVED
-CVE-2016-0044
- RESERVED
+CVE-2016-0044 (Sync Framework in Microsoft Windows 8.1, Windows Server 2012 R2, and ...)
+ TODO: check
CVE-2016-0043
RESERVED
-CVE-2016-0042
- RESERVED
-CVE-2016-0041
- RESERVED
-CVE-2016-0040
- RESERVED
-CVE-2016-0039
- RESERVED
-CVE-2016-0038
- RESERVED
-CVE-2016-0037
- RESERVED
-CVE-2016-0036
- RESERVED
+CVE-2016-0042 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...)
+ TODO: check
+CVE-2016-0041 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...)
+ TODO: check
+CVE-2016-0040 (The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
+ TODO: check
+CVE-2016-0039 (Cross-site scripting (XSS) vulnerability in SharePoint Server in ...)
+ TODO: check
+CVE-2016-0038 (Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 ...)
+ TODO: check
+CVE-2016-0037 (The forms-based authentication implementation in Active Directory ...)
+ TODO: check
+CVE-2016-0036 (The Remote Desktop Protocol (RDP) implementation in Microsoft Windows ...)
+ TODO: check
CVE-2016-0035 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 ...)
NOT-FOR-US: Microsoft
CVE-2016-0034 (Microsoft Silverlight 5 before 5.1.41212.0 mishandles negative offsets ...)
NOT-FOR-US: Microsoft
-CVE-2016-0033
- RESERVED
+CVE-2016-0033 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 ...)
+ TODO: check
CVE-2016-0032 (Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) ...)
NOT-FOR-US: Microsoft
CVE-2016-0031 (Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) ...)
@@ -6644,8 +6783,8 @@
NOT-FOR-US: Microsoft
CVE-2016-0023
RESERVED
-CVE-2016-0022
- RESERVED
+CVE-2016-0022 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 ...)
+ TODO: check
CVE-2016-0021
RESERVED
CVE-2016-0020 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and ...)
@@ -7041,10 +7180,10 @@
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=44a7f17d0b20e6f8d836b2957e3e357b639f19a2
CVE-2015-8362 (The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices ...)
TODO: check
-CVE-2015-8361
- RESERVED
-CVE-2015-8360
- RESERVED
+CVE-2015-8361 (Multiple unspecified services in Atlassian Bamboo before 5.9.9 and ...)
+ TODO: check
+CVE-2015-8360 (An unspecified resource in Atlassian Bamboo before 5.9.9 and 5.10.x ...)
+ TODO: check
CVE-2015-8359
RESERVED
CVE-2015-8358 (Directory traversal vulnerability in the bitrix.mpbuilder module ...)
@@ -7101,8 +7240,8 @@
[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
NOTE: http://xenbits.xen.org/xsa/advisory-158.html
TODO: chek
-CVE-2014-9757
- RESERVED
+CVE-2014-9757 (The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before ...)
+ TODO: check
CVE-2015-8374 (fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles ...)
- linux 4.2.6-2
[jessie] - linux 3.16.7-ckt20-1+deb8u1
@@ -7693,6 +7832,7 @@
CVE-2015-8127
RESERVED
CVE-2013-7447
+ RESERVED
- gtk+2.0 <unfixed> (bug #799275)
- gtk+3.0 3.10.7-1
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=703220
@@ -9196,24 +9336,19 @@
CVE-2015-7682 (Multiple SQL injection vulnerabilities in ...)
NOT-FOR-US: Pie Register plugin for WordPress
CVE-2015-7681
- RESERVED
-CVE-2015-7680
- RESERVED
+ REJECTED
+CVE-2015-7680 (Ipswitch MOVEit DMZ before 8.2 provides different error messages for ...)
NOT-FOR-US: MOVEit File Transfer web- and mobile application
-CVE-2015-7679
- RESERVED
+CVE-2015-7679 (Cross-site scripting (XSS) vulnerability in Ipswitch MOVEit Mobile ...)
NOT-FOR-US: MOVEit File Transfer web- and mobile application
-CVE-2015-7678
- RESERVED
+CVE-2015-7678 (Multiple cross-site request forgery (CSRF) vulnerabilities in Ipswitch ...)
NOT-FOR-US: MOVEit File Transfer web- and mobile application
-CVE-2015-7677
- RESERVED
+CVE-2015-7677 (The MOVEitISAPI service in Ipswitch MOVEit DMZ before 8.2 provides ...)
NOT-FOR-US: MOVEit File Transfer web- and mobile application
CVE-2015-7676
RESERVED
NOT-FOR-US: MOVEit File Transfer web- and mobile application
-CVE-2015-7675
- RESERVED
+CVE-2015-7675 (The "Send as attachment" feature in Ipswitch MOVEit DMZ before 8.2 and ...)
NOT-FOR-US: MOVEit File Transfer web- and mobile application
CVE-2015-7672
RESERVED
@@ -21547,11 +21682,9 @@
[jessie] - groovy <no-dsa> (Minor impact given the rdeps, will be fixed in a point update)
- groovy2 2.2.2+dfsg-5 (bug #793398)
[jessie] - groovy2 2.2.2+dfsg-3+deb8u1
-CVE-2015-3252
- RESERVED
+CVE-2015-3252 (Apache CloudStack before 4.5.2 does not properly preserve VNC ...)
NOT-FOR-US: Apache CloudStack
-CVE-2015-3251
- RESERVED
+CVE-2015-3251 (Apache CloudStack before 4.5.2 might allow remote authenticated ...)
NOT-FOR-US: Apache CloudStack
CVE-2015-3250 [timing attack vulnerability]
RESERVED
@@ -25552,8 +25685,8 @@
NOT-FOR-US: IBM Domino
CVE-2015-2013 (IBM WebSphere MQ 7.0.1 before 7.0.1.13 allows remote attackers to ...)
NOT-FOR-US: IBM
-CVE-2015-2012
- RESERVED
+CVE-2015-2012 (The MQXR service in WMQ Telemetry in IBM WebSphere MQ 7.1 before ...)
+ TODO: check
CVE-2015-2011 (The xmlrpc.cgi Webmin script in IBM QRadar SIEM 7.1 MR2 before Patch ...)
NOT-FOR-US: IBM
CVE-2015-2010
More information about the Secure-testing-commits
mailing list