[Secure-testing-commits] r42972 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Fri Jul 1 21:10:11 UTC 2016
Author: sectracker
Date: 2016-07-01 21:10:11 +0000 (Fri, 01 Jul 2016)
New Revision: 42972
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-07-01 20:32:14 UTC (rev 42971)
+++ data/CVE/list 2016-07-01 21:10:11 UTC (rev 42972)
@@ -1,3 +1,5 @@
+CVE-2016-6133
+ RESERVED
CVE-2016-6153 [SQLite Tempdir Selection Vulnerability]
- sqlite3 3.13.0-1
NOTE: http://www.sqlite.org/cgi/src/info/67985761aa93fb61
@@ -510,9 +512,11 @@
CVE-2016-5877
RESERVED
CVE-2016-6132 [read out-of-bands was found in the parsing of TGA files]
+ RESERVED
- libgd2 <unfixed>
NOTE: https://github.com/libgd/libgd/issues/247
CVE-2016-6131
+ RESERVED
- libiberty <unfixed> (low)
[jessie] - libiberty <no-dsa> (Minor issue)
- valgrind <unfixed> (low)
@@ -532,6 +536,7 @@
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71696
NOTE: Patches (under review): https://gcc.gnu.org/ml/gcc-patches/2016-06/msg02030.html
CVE-2016-6130
+ RESERVED
- linux 4.6.1-1
NOTE: Fixed by: https://git.kernel.org/linus/532c34b5fbf1687df63b3fcd5b2846312ac943c6
CVE-2016-6128 [Invalid color index is not properly handled leading to denial of service]
@@ -621,8 +626,8 @@
RESERVED
CVE-2016-5843
RESERVED
-CVE-2016-5840
- RESERVED
+CVE-2016-5840 (hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, ...)
+ TODO: check
CVE-2016-5831
RESERVED
CVE-2016-5830
@@ -1051,8 +1056,8 @@
CVE-2016-5737
RESERVED
NOT-FOR-US: Openstack-infra puppet-gerrit module
-CVE-2016-5729
- RESERVED
+CVE-2016-5729 (Lenovo BIOS EFI Driver allows local administrators to execute ...)
+ TODO: check
CVE-2016-5728 (Race condition in the vop_ioctl function in ...)
- linux 4.6.1-1
[wheezy] - linux <not-affected> (Vulnerable code not present)
@@ -1830,8 +1835,8 @@
RESERVED
CVE-2016-5369
RESERVED
-CVE-2016-5368
- RESERVED
+CVE-2016-5368 (Memory leak in Huawei AR3200 before V200R007C00SPC900 allows remote ...)
+ TODO: check
CVE-2016-5367 (Huawei Honor WS851 routers with software 1.1.21.1 and earlier allow ...)
TODO: check
CVE-2016-5366 (Huawei Honor WS851 routers with software 1.1.21.1 and earlier allow ...)
@@ -1882,8 +1887,7 @@
NOTE: MITRE has not assigned the CVE to the protocol flaw, but specific to libreswan, but as
NOTE: Huzaifa Sidhpurwala <huzaifas at redhat.com> pointed out that is not a libreswan issue, rather
NOTE: the protocol is flawed.
-CVE-2016-5360 [remote denial of service via reqdeny]
- RESERVED
+CVE-2016-5360 (HAproxy 1.6.x before 1.6.6, when a deny comes from a reqdeny rule, ...)
- haproxy 1.6.5-2 (bug #826869)
[jessie] - haproxy <not-affected> (Issue introduced in 1.6.0)
NOTE: Fixed by: http://git.haproxy.org/?p=haproxy-1.6.git;a=commit;h=60f01f8c89e4fb2723d5a9f2046286e699567e0b
@@ -2074,14 +2078,14 @@
RESERVED
CVE-2016-5308
RESERVED
-CVE-2016-5307
- RESERVED
-CVE-2016-5306
- RESERVED
-CVE-2016-5305
- RESERVED
-CVE-2016-5304
- RESERVED
+CVE-2016-5307 (Directory traversal vulnerability in Symantec Endpoint Protection ...)
+ TODO: check
+CVE-2016-5306 (Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 does ...)
+ TODO: check
+CVE-2016-5305 (Multiple cross-site scripting (XSS) vulnerabilities in management ...)
+ TODO: check
+CVE-2016-5304 (Open redirect vulnerability in a report-routing component in Symantec ...)
+ TODO: check
CVE-2016-5303
RESERVED
CVE-2016-5302 (Citrix XenServer 7.0 before Hotfix XS70E003, when a deployment has ...)
@@ -2347,10 +2351,10 @@
RESERVED
CVE-2016-5250
RESERVED
-CVE-2016-5249
- RESERVED
-CVE-2016-5248
- RESERVED
+CVE-2016-5249 (Lenovo Solution Center (LSC) before 3.3.003 allows local users to ...)
+ TODO: check
+CVE-2016-5248 (The StopProxy command in LSC.Services.SystemService in Lenovo Solution ...)
+ TODO: check
CVE-2016-5247
RESERVED
CVE-2016-5246
@@ -2392,8 +2396,7 @@
NOTE: Upstream will remove thumbnail from 4.0.7 release
NOTE: _TIFFVGetField isn't specific to thumbnail tool
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2561
-CVE-2016-5301 [denial of service]
- RESERVED
+CVE-2016-5301 (The parse_chunk_header function in libtorrent before 1.1.1 allows ...)
{DLA-511-1}
- libtorrent-rasterbar <unfixed> (bug #826380)
NOTE: https://github.com/arvidn/libtorrent/issues/780
@@ -2607,12 +2610,12 @@
TODO: check
CVE-2016-5233 (Huawei Mate 8 smartphones with software NXT-AL10 before ...)
TODO: check
-CVE-2016-5232
- RESERVED
-CVE-2016-5231
- RESERVED
-CVE-2016-5230
- RESERVED
+CVE-2016-5232 (Buffer overflow in Huawei Mate8 NXT-AL before NXT-AL10C00B182, NXT-CL ...)
+ TODO: check
+CVE-2016-5231 (Huawei Mate8 NXT-AL before NXT-AL10C00B182, NXT-CL before ...)
+ TODO: check
+CVE-2016-5230 (Huawei Mate8 NXT-AL before NXT-AL10C00B182, NXT-CL before ...)
+ TODO: check
CVE-2016-5229
RESERVED
CVE-2016-5228
@@ -2819,8 +2822,7 @@
RESERVED
CVE-2016-5127
RESERVED
-CVE-2015-8899 [denial of service - dnsmasq crashes querying any CNAME that points to localhost.localdomain]
- RESERVED
+CVE-2015-8899 (Dnsmasq before 2.76 allows remote servers to cause a denial of service ...)
- dnsmasq 2.76-1
[jessie] - dnsmasq <not-affected> (Vulnerable code introduced later)
[wheezy] - dnsmasq <not-affected> (Vulnerable code introduced later)
@@ -3160,8 +3162,8 @@
RESERVED
CVE-2016-5021 (The iControl REST service in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ...)
TODO: check
-CVE-2016-5020
- RESERVED
+CVE-2016-5020 (F5 BIG-IP before 12.0.0 HF3 allows remote authenticated users to ...)
+ TODO: check
CVE-2016-5019
RESERVED
CVE-2016-5018
@@ -3232,7 +3234,7 @@
- foreman <itp> (bug #663101)
CVE-2016-4994 [Use-after-free vulnerabilities in the channel and layer properties parsing process]
RESERVED
- {DLA-525-1}
+ {DSA-3612-1 DLA-525-1}
- gimp <unfixed> (bug #828179)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=767873
CVE-2016-4993
@@ -3303,8 +3305,7 @@
NOTE: Affects: Murano-dashboard: <=2015.1.1; <=1.0.2; ==2.0.0
- python-muranoclient 0.8.3-4 (bug #828063)
NOTE: Affects: Python-muranoclient: <=0.7.2; >=0.8.0<=0.8.4
-CVE-2016-4971
- RESERVED
+CVE-2016-4971 (GNU wget before 1.18 allows remote servers to write to arbitrary files ...)
{DLA-536-1}
- wget 1.18-1 (bug #827003)
[jessie] - wget <no-dsa> (Minor issue)
@@ -3953,8 +3954,8 @@
RESERVED
CVE-2016-4806
RESERVED
-CVE-2016-4803
- RESERVED
+CVE-2016-4803 (CRLF injection vulnerability in the send email functionality in dotCMS ...)
+ TODO: check
CVE-2016-4802 (Multiple untrusted search path vulnerabilities in cURL and libcurl ...)
TODO: check
CVE-2016-4801
@@ -5005,13 +5006,11 @@
CVE-2016-4475
RESERVED
- foreman <itp> (bug #663101)
-CVE-2016-4474
- RESERVED
+CVE-2016-4474 (The image build process for the overcloud images in Red Hat OpenStack ...)
NOT-FOR-US: Red Hat OpenStack Overcloud image
CVE-2016-4473
RESERVED
-CVE-2016-4472
- RESERVED
+CVE-2016-4472 (The overflow protection in Expat is removed by compilers with certain ...)
{DSA-3582-1 DLA-483-1}
- expat 2.1.1-2
NOTE: https://sourceforge.net/p/expat/code_git/ci/f0bec73b018caa07d3e75ec8dd967f3785d71bde/tree/expat/lib/xmlparse.c?diff=a238d7ea7a715ef3850c4cbdd86aeda7077b6bbc
@@ -5472,8 +5471,8 @@
RESERVED
CVE-2016-4310
RESERVED
-CVE-2016-4309
- RESERVED
+CVE-2016-4309 (Session fixation vulnerability in Symphony CMS 2.6.7, when ...)
+ TODO: check
CVE-2016-4308
RESERVED
CVE-2016-4307
@@ -5944,8 +5943,8 @@
NOTE: https://about.gitlab.com/2016/05/02/cve-2016-4340-patches/
CVE-2016-4087 (Huawei S12700 switches with software before V200R008C00SPC500 and ...)
NOT-FOR-US: Huawei
-CVE-2016-4086
- RESERVED
+CVE-2016-4086 (Huawei HiSuite (In China) before 4.0.4.301 and (Out of China) before ...)
+ TODO: check
CVE-2016-4075
RESERVED
CVE-2016-4067
@@ -6048,8 +6047,8 @@
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-19.html
CVE-2016-4058
RESERVED
-CVE-2016-4057
- RESERVED
+CVE-2016-4057 (Huawei FusionCompute before V100R005C10SPC700 allows remote ...)
+ TODO: check
CVE-2016-6479
REJECTED
CVE-2016-4055
@@ -7349,26 +7348,26 @@
NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2016-3654 (The device management command line interface (CLI) in Palo Alto ...)
NOT-FOR-US: Palo Alto Networks PAN-OS
-CVE-2016-3653
- RESERVED
-CVE-2016-3652
- RESERVED
-CVE-2016-3651
- RESERVED
-CVE-2016-3650
- RESERVED
-CVE-2016-3649
- RESERVED
-CVE-2016-3648
- RESERVED
-CVE-2016-3647
- RESERVED
-CVE-2016-3646
- RESERVED
-CVE-2016-3645
- RESERVED
-CVE-2016-3644
- RESERVED
+CVE-2016-3653 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
+ TODO: check
+CVE-2016-3652 (Multiple cross-site scripting (XSS) vulnerabilities in management ...)
+ TODO: check
+CVE-2016-3651 (Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows ...)
+ TODO: check
+CVE-2016-3650 (Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows ...)
+ TODO: check
+CVE-2016-3649 (Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows ...)
+ TODO: check
+CVE-2016-3648 (Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows ...)
+ TODO: check
+CVE-2016-3647 (Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows ...)
+ TODO: check
+CVE-2016-3646 (The AntiVirus Decomposer engine in Symantec Advanced Threat Protection ...)
+ TODO: check
+CVE-2016-3645 (Integer overflow in the TNEF unpacker in the AntiVirus Decomposer ...)
+ TODO: check
+CVE-2016-3644 (The AntiVirus Decomposer engine in Symantec Advanced Threat Protection ...)
+ TODO: check
CVE-2016-3643 (SolarWinds Virtualization Manager 6.3.1 and earlier allow local users ...)
TODO: check
CVE-2016-3642 (The RMI service in SolarWinds Virtualization Manager 6.3.1 and earlier ...)
@@ -8377,8 +8376,7 @@
[jessie] - cairo 1.14.0-2.1+deb8u1
[wheezy] - cairo <no-dsa> (Minor issue)
NOTE: https://cgit.freedesktop.org/cairo/patch/src/cairo-image-compositor.c?id=5c82d91a5e15d29b1489dcb413b24ee7fdf59934
-CVE-2016-3189 [heap use after free in bzip2recover]
- RESERVED
+CVE-2016-3189 (Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows ...)
- bzip2 <unfixed> (low; bug #827744)
[jessie] - bzip2 <no-dsa> (Minor issue)
[wheezy] - bzip2 <no-dsa> (Minor issue)
@@ -11669,16 +11667,16 @@
NOT-FOR-US: Huawei
CVE-2016-2212 (The getOrderByStatusUrlKey function in the Mage_Rss_Helper_Order class ...)
NOT-FOR-US: Magento
-CVE-2016-2211
- RESERVED
-CVE-2016-2210
- RESERVED
-CVE-2016-2209
- RESERVED
+CVE-2016-2211 (The AntiVirus Decomposer engine in Symantec Advanced Threat Protection ...)
+ TODO: check
+CVE-2016-2210 (Buffer overflow in Dec2LHA.dll in the AntiVirus Decomposer engine in ...)
+ TODO: check
+CVE-2016-2209 (Buffer overflow in Dec2SS.dll in the AntiVirus Decomposer engine in ...)
+ TODO: check
CVE-2016-2208 (The kernel component in Symantec Anti-Virus Engine (AVE) 20151.1 ...)
NOT-FOR-US: Symantec
-CVE-2016-2207
- RESERVED
+CVE-2016-2207 (The AntiVirus Decomposer engine in Symantec Advanced Threat Protection ...)
+ TODO: check
CVE-2016-2206
RESERVED
CVE-2016-2205
@@ -11695,8 +11693,8 @@
NOTE: Siemens SIMATIC
CVE-2015-8802
RESERVED
-CVE-2015-8801
- RESERVED
+CVE-2015-8801 (Race condition in the client in Symantec Endpoint Protection (SEP) ...)
+ TODO: check
CVE-2015-8800 (Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x ...)
NOT-FOR-US: Symantec
CVE-2015-8799 (Directory traversal vulnerability in the Management Server in Symantec ...)
@@ -11936,8 +11934,7 @@
NOTE: Introduced in: https://git.kernel.org/linus/6252d702c5311ce916caf75ed82e5c8245171c92 (v2.6.25-rc1)
CVE-2016-2142 (Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on ...)
NOT-FOR-US: OpenShift
-CVE-2016-2141
- RESERVED
+CVE-2016-2141 (JGroups before 4.0 does not require the proper headers for the ENCRYPT ...)
- libjgroups-java <unfixed> (low)
[jessie] - libjgroups-java <no-dsa> (Minor issue)
CVE-2016-2140 (The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) ...)
@@ -18275,10 +18272,10 @@
RESERVED
CVE-2016-0376 (The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java ...)
TODO: check
-CVE-2016-0375
- RESERVED
-CVE-2016-0374
- RESERVED
+CVE-2016-0375 (JMS Client in IBM MessageSight 1.1.x through 1.1.0.1, 1.2.x through ...)
+ TODO: check
+CVE-2016-0374 (The builder tools in IBM TRIRIGA Application Platform 3.3 before ...)
+ TODO: check
CVE-2016-0373
RESERVED
CVE-2016-0372
@@ -18295,14 +18292,14 @@
RESERVED
CVE-2016-0366
RESERVED
-CVE-2016-0365
- RESERVED
-CVE-2016-0364
- RESERVED
+CVE-2016-0365 (IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and ...)
+ TODO: check
+CVE-2016-0364 (IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and ...)
+ TODO: check
CVE-2016-0363 (The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java ...)
TODO: check
-CVE-2016-0362
- RESERVED
+CVE-2016-0362 (IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before ...)
+ TODO: check
CVE-2016-0361
RESERVED
CVE-2016-0360
More information about the Secure-testing-commits
mailing list