[Secure-testing-commits] r43183 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Wed Jul 13 21:10:14 UTC 2016
Author: sectracker
Date: 2016-07-13 21:10:14 +0000 (Wed, 13 Jul 2016)
New Revision: 43183
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-07-13 19:59:53 UTC (rev 43182)
+++ data/CVE/list 2016-07-13 21:10:14 UTC (rev 43183)
@@ -1,3 +1,61 @@
+CVE-2016-6206
+ RESERVED
+CVE-2016-6205
+ RESERVED
+CVE-2016-6204
+ RESERVED
+CVE-2016-6203
+ RESERVED
+CVE-2016-6202
+ RESERVED
+CVE-2016-6201
+ RESERVED
+CVE-2016-6200
+ RESERVED
+CVE-2016-6199
+ RESERVED
+CVE-2016-6196
+ RESERVED
+CVE-2016-6195
+ RESERVED
+CVE-2016-6194
+ RESERVED
+CVE-2016-6193
+ RESERVED
+CVE-2016-6192
+ RESERVED
+CVE-2016-1000026
+ RESERVED
+CVE-2016-1000025
+ RESERVED
+CVE-2016-1000024
+ RESERVED
+CVE-2016-1000022
+ RESERVED
+CVE-2016-1000021
+ RESERVED
+CVE-2016-1000020
+ RESERVED
+CVE-2016-1000019
+ RESERVED
+CVE-2016-1000018
+ RESERVED
+CVE-2016-1000017
+ RESERVED
+CVE-2016-1000016
+ RESERVED
+CVE-2016-1000015
+ RESERVED
+CVE-2016-1000014
+ RESERVED
+CVE-2016-1000013
+ RESERVED
+CVE-2016-1000012
+ RESERVED
+CVE-2016-1000011
+ RESERVED
+CVE-2016-1000010
+ RESERVED
CVE-2016-XXXX [Out-Of-Bounds Read in function read_image_tga of gd_tga.c]
- libgd2 <unfixed>
NOTE: https://github.com/libgd/libgd/issues/248
@@ -27,6 +85,7 @@
- tiff3 <removed>
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/07/13/3
CVE-2016-1000023
+ RESERVED
- node-minimatch <unfixed> (unimportant)
NOTE: https://nodesecurity.io/advisories/118
NOTE: https://github.com/isaacs/minimatch/commit/6944abf9e0694bd22fd9dad293faa40c2bc8a955
@@ -42,10 +101,12 @@
[jessie] - leptonlib <no-dsa> (Minor issue)
NOTE: Not exploitable with kernel hardening since jessie
CVE-2016-6198
+ RESERVED
- linux 4.5.5-1
NOTE: https://git.kernel.org/linus/54d5ca871e72f2bb172ec9323497f01cd5091ec7 (v4.6)
NOTE: https://git.kernel.org/linus/9409e22acdfc9153f88d9b1ed2bd2a5b34d2d3ca (v4.6)
CVE-2016-6197
+ RESERVED
- linux 4.6.1-1
[jessie] - linux <not-affected> (Vulnerable code not present)
[wheezy] - linux <not-affected> (Vulnerable code not present)
@@ -119,8 +180,8 @@
[wheezy] - perl <no-dsa> (Will be fixed in future DLA)
CVE-2016-6175
RESERVED
-CVE-2016-6174
- RESERVED
+CVE-2016-6174 (applications/core/modules/front/system/content.php in Invision Power ...)
+ TODO: check
CVE-2016-6169
RESERVED
CVE-2016-6168
@@ -861,8 +922,8 @@
RESERVED
CVE-2016-5852
RESERVED
-CVE-2016-5850
- RESERVED
+CVE-2016-5850 (Cross-site scripting (XSS) vulnerability in the volume backup service ...)
+ TODO: check
CVE-2016-5873
RESERVED
- php-pecl-http 3.0.1-0.1
@@ -973,8 +1034,8 @@
RESERVED
CVE-2016-5782
RESERVED
-CVE-2016-5781
- RESERVED
+CVE-2016-5781 (Stack-based buffer overflow in WECON LeviStudio allows remote ...)
+ TODO: check
CVE-2016-5780
RESERVED
CVE-2016-5779
@@ -987,8 +1048,8 @@
RESERVED
CVE-2016-5775
RESERVED
-CVE-2016-5774
- RESERVED
+CVE-2016-5774 (The HTTPS server in Blue Coat PacketShaper S-Series 11.5.x before ...)
+ TODO: check
CVE-2016-5765
RESERVED
CVE-2016-5764
@@ -1959,6 +2020,7 @@
CVE-2016-5435 (Memory leak in Huawei IPS Module, NGFW Module, NIP6300, NIP6600, and ...)
TODO: check
CVE-2016-6211 [SA-CORE-2016-002 -- User module -- Saving user accounts can sometimes grant the user all roles]
+ {DSA-3604-1}
- drupal7 7.44-1
[jessie] - drupal7 7.32-1+deb8u7
NOTE: https://www.drupal.org/SA-CORE-2016-002
@@ -2355,8 +2417,8 @@
RESERVED
CVE-2016-5309
RESERVED
-CVE-2016-5308
- RESERVED
+CVE-2016-5308 (The Client Intrusion Detection System (CIDS) driver before 15.0.6 in ...)
+ TODO: check
CVE-2016-5307 (Directory traversal vulnerability in Symantec Endpoint Protection ...)
TODO: check
CVE-2016-5306 (Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 does ...)
@@ -3205,7 +3267,7 @@
TODO: check
CVE-2014-9789 (The (1) alloc and (2) free APIs in ...)
TODO: check
-CVE-2014-9788 (Multiple buffer overflow in the voice drivers in the Qualcomm ...)
+CVE-2014-9788 (Multiple buffer overflows in the voice drivers in the Qualcomm ...)
TODO: check
CVE-2014-9787 (Integer overflow in drivers/misc/qseecom.c in the Qualcomm components ...)
TODO: check
@@ -3474,8 +3536,7 @@
NOTE: https://git.kernel.org/cgit/utils/util-linux/util-linux.git/commit/?id=50d1594c2e6142a3b51d2143c74027480df082e0
CVE-2016-5010
RESERVED
-CVE-2016-5009 [Ceph monitor crash: mon_command crashes ceph monitors on receiving empty prefix]
- RESERVED
+CVE-2016-5009 (The handle_command function in mon/Monitor.cc in Ceph allows remote ...)
- ceph <unfixed> (bug #829661)
[jessie] - ceph <no-dsa> (Minor issue)
NOTE: http://tracker.ceph.com/issues/16297
@@ -3532,8 +3593,7 @@
CVE-2016-4995
RESERVED
- foreman <itp> (bug #663101)
-CVE-2016-4994 [Use-after-free vulnerabilities in the channel and layer properties parsing process]
- RESERVED
+CVE-2016-4994 (Use-after-free vulnerability in the xcf_load_image function in ...)
{DSA-3612-1 DLA-525-1}
- gimp 2.8.16-2.2 (bug #828179)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=767873
@@ -3563,8 +3623,7 @@
RESERVED
NOT-FOR-US: Jenkins plugin
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-06-20
-CVE-2016-4985 [Ironic node information including credentials exposed to unathenticated users]
- RESERVED
+CVE-2016-4985 (The ironic-api service in OpenStack Ironic before 4.2.5 (Liberty) and ...)
- ironic 1:5.1.2-1 (bug #827886)
NOTE: Affects >=2014.2, >=4.0.0 <=4.2.4, >=4.3.0 <=5.1.1
CVE-2016-4984
@@ -4186,8 +4245,8 @@
RESERVED
CVE-2016-4832
RESERVED
-CVE-2016-4831
- RESERVED
+CVE-2016-4831 (Untrusted search path vulnerability in LINE and LINE Installer 4.7.0 ...)
+ TODO: check
CVE-2016-4830
RESERVED
CVE-2016-4829
@@ -4918,8 +4977,8 @@
NOT-FOR-US: McAfee / AV engine
CVE-2016-4534 (The McAfee VirusScan Console (mcconsol.exe) in McAfee VirusScan ...)
NOT-FOR-US: McAfee VirusScan Console
-CVE-2016-4533
- RESERVED
+CVE-2016-4533 (Heap-based buffer overflow in WECON LeviStudio allows remote attackers ...)
+ TODO: check
CVE-2016-4532 (Directory traversal vulnerability in the WAP interface in Trihedral ...)
TODO: check
CVE-2016-4531
@@ -4978,8 +5037,8 @@
NOT-FOR-US: Resource Data Management
CVE-2016-4504
RESERVED
-CVE-2016-4503
- RESERVED
+CVE-2016-4503 (Moxa Device Server Web Console 5232-N allows remote attackers to ...)
+ TODO: check
CVE-2016-4502 (Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and ...)
NOT-FOR-US: Environmental Systems Corporation
CVE-2016-4501 (Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and ...)
@@ -5469,8 +5528,7 @@
- libtirpc <unfixed>
[jessie] - libtirpc <no-dsa> (Minor issue)
[wheezy] - libtirpc <no-dsa> (Minor issue)
-CVE-2016-4428
- RESERVED
+CVE-2016-4428 (Cross-site scripting (XSS) vulnerability in OpenStack Dashboard ...)
{DSA-3617-1 DLA-520-1}
- horizon 3:9.0.1-2 (bug #828967)
NOTE: https://bugs.launchpad.net/bugs/1567673
@@ -5897,174 +5955,174 @@
RESERVED
CVE-2016-4256
RESERVED
-CVE-2016-4255
- RESERVED
-CVE-2016-4254
- RESERVED
+CVE-2016-4255 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
+ TODO: check
+CVE-2016-4254 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
+ TODO: check
CVE-2016-4253
RESERVED
-CVE-2016-4252
- RESERVED
-CVE-2016-4251
- RESERVED
-CVE-2016-4250
- RESERVED
-CVE-2016-4249
- RESERVED
-CVE-2016-4248
- RESERVED
-CVE-2016-4247
- RESERVED
-CVE-2016-4246
- RESERVED
-CVE-2016-4245
- RESERVED
-CVE-2016-4244
- RESERVED
-CVE-2016-4243
- RESERVED
-CVE-2016-4242
- RESERVED
-CVE-2016-4241
- RESERVED
-CVE-2016-4240
- RESERVED
-CVE-2016-4239
- RESERVED
-CVE-2016-4238
- RESERVED
-CVE-2016-4237
- RESERVED
-CVE-2016-4236
- RESERVED
-CVE-2016-4235
- RESERVED
-CVE-2016-4234
- RESERVED
-CVE-2016-4233
- RESERVED
-CVE-2016-4232
- RESERVED
-CVE-2016-4231
- RESERVED
-CVE-2016-4230
- RESERVED
-CVE-2016-4229
- RESERVED
-CVE-2016-4228
- RESERVED
-CVE-2016-4227
- RESERVED
-CVE-2016-4226
- RESERVED
-CVE-2016-4225
- RESERVED
-CVE-2016-4224
- RESERVED
-CVE-2016-4223
- RESERVED
-CVE-2016-4222
- RESERVED
-CVE-2016-4221
- RESERVED
-CVE-2016-4220
- RESERVED
-CVE-2016-4219
- RESERVED
-CVE-2016-4218
- RESERVED
-CVE-2016-4217
- RESERVED
-CVE-2016-4216
- RESERVED
-CVE-2016-4215
- RESERVED
-CVE-2016-4214
- RESERVED
-CVE-2016-4213
- RESERVED
-CVE-2016-4212
- RESERVED
-CVE-2016-4211
- RESERVED
-CVE-2016-4210
- RESERVED
-CVE-2016-4209
- RESERVED
-CVE-2016-4208
- RESERVED
-CVE-2016-4207
- RESERVED
-CVE-2016-4206
- RESERVED
-CVE-2016-4205
- RESERVED
-CVE-2016-4204
- RESERVED
-CVE-2016-4203
- RESERVED
-CVE-2016-4202
- RESERVED
-CVE-2016-4201
- RESERVED
-CVE-2016-4200
- RESERVED
-CVE-2016-4199
- RESERVED
-CVE-2016-4198
- RESERVED
-CVE-2016-4197
- RESERVED
-CVE-2016-4196
- RESERVED
-CVE-2016-4195
- RESERVED
-CVE-2016-4194
- RESERVED
-CVE-2016-4193
- RESERVED
-CVE-2016-4192
- RESERVED
-CVE-2016-4191
- RESERVED
-CVE-2016-4190
- RESERVED
-CVE-2016-4189
- RESERVED
-CVE-2016-4188
- RESERVED
-CVE-2016-4187
- RESERVED
-CVE-2016-4186
- RESERVED
-CVE-2016-4185
- RESERVED
-CVE-2016-4184
- RESERVED
-CVE-2016-4183
- RESERVED
-CVE-2016-4182
- RESERVED
-CVE-2016-4181
- RESERVED
-CVE-2016-4180
- RESERVED
-CVE-2016-4179
- RESERVED
-CVE-2016-4178
- RESERVED
-CVE-2016-4177
- RESERVED
-CVE-2016-4176
- RESERVED
-CVE-2016-4175
- RESERVED
-CVE-2016-4174
- RESERVED
-CVE-2016-4173
- RESERVED
-CVE-2016-4172
- RESERVED
+CVE-2016-4252 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
+ TODO: check
+CVE-2016-4251 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
+ TODO: check
+CVE-2016-4250 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
+ TODO: check
+CVE-2016-4249 (Heap-based buffer overflow in Adobe Flash Player before 18.0.0.366 and ...)
+ TODO: check
+CVE-2016-4248 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 ...)
+ TODO: check
+CVE-2016-4247 (Race condition in Adobe Flash Player before 18.0.0.366 and 19.x ...)
+ TODO: check
+CVE-2016-4246 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
+ TODO: check
+CVE-2016-4245 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
+ TODO: check
+CVE-2016-4244 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
+ TODO: check
+CVE-2016-4243 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
+ TODO: check
+CVE-2016-4242 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
+ TODO: check
+CVE-2016-4241 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
+ TODO: check
+CVE-2016-4240 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
+ TODO: check
+CVE-2016-4239 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
+ TODO: check
+CVE-2016-4238 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
+ TODO: check
+CVE-2016-4237 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
+ TODO: check
+CVE-2016-4236 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
+ TODO: check
+CVE-2016-4235 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
+ TODO: check
+CVE-2016-4234 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
+ TODO: check
+CVE-2016-4233 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
+ TODO: check
+CVE-2016-4232 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
+ TODO: check
+CVE-2016-4231 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 ...)
+ TODO: check
+CVE-2016-4230 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 ...)
+ TODO: check
+CVE-2016-4229 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 ...)
+ TODO: check
+CVE-2016-4228 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 ...)
+ TODO: check
+CVE-2016-4227 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 ...)
+ TODO: check
+CVE-2016-4226 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 ...)
+ TODO: check
+CVE-2016-4225 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
+ TODO: check
+CVE-2016-4224 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
+ TODO: check
+CVE-2016-4223 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
+ TODO: check
+CVE-2016-4222 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 ...)
+ TODO: check
+CVE-2016-4221 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
+ TODO: check
+CVE-2016-4220 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
+ TODO: check
+CVE-2016-4219 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
+ TODO: check
+CVE-2016-4218 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
+ TODO: check
+CVE-2016-4217 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
+ TODO: check
+CVE-2016-4216 (XMPCore in Adobe XMP Toolkit for Java before 5.1.3 allows remote ...)
+ TODO: check
+CVE-2016-4215 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
+ TODO: check
+CVE-2016-4214 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
+ TODO: check
+CVE-2016-4213 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
+ TODO: check
+CVE-2016-4212 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
+ TODO: check
+CVE-2016-4211 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
+ TODO: check
+CVE-2016-4210 (Integer overflow in Adobe Reader and Acrobat before 11.0.17, Acrobat ...)
+ TODO: check
+CVE-2016-4209 (Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.17, ...)
+ TODO: check
+CVE-2016-4208 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
+ TODO: check
+CVE-2016-4207 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
+ TODO: check
+CVE-2016-4206 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
+ TODO: check
+CVE-2016-4205 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
+ TODO: check
+CVE-2016-4204 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
+ TODO: check
+CVE-2016-4203 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
+ TODO: check
+CVE-2016-4202 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
+ TODO: check
+CVE-2016-4201 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
+ TODO: check
+CVE-2016-4200 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
+ TODO: check
+CVE-2016-4199 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
+ TODO: check
+CVE-2016-4198 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
+ TODO: check
+CVE-2016-4197 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
+ TODO: check
+CVE-2016-4196 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
+ TODO: check
+CVE-2016-4195 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
+ TODO: check
+CVE-2016-4194 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
+ TODO: check
+CVE-2016-4193 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
+ TODO: check
+CVE-2016-4192 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
+ TODO: check
+CVE-2016-4191 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
+ TODO: check
+CVE-2016-4190 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
+ TODO: check
+CVE-2016-4189 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
+ TODO: check
+CVE-2016-4188 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
+ TODO: check
+CVE-2016-4187 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
+ TODO: check
+CVE-2016-4186 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
+ TODO: check
+CVE-2016-4185 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
+ TODO: check
+CVE-2016-4184 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
+ TODO: check
+CVE-2016-4183 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
+ TODO: check
+CVE-2016-4182 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
+ TODO: check
+CVE-2016-4181 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
+ TODO: check
+CVE-2016-4180 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
+ TODO: check
+CVE-2016-4179 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
+ TODO: check
+CVE-2016-4178 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
+ TODO: check
+CVE-2016-4177 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
+ TODO: check
+CVE-2016-4176 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
+ TODO: check
+CVE-2016-4175 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
+ TODO: check
+CVE-2016-4174 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 ...)
+ TODO: check
+CVE-2016-4173 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 ...)
+ TODO: check
+CVE-2016-4172 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
+ TODO: check
CVE-2016-4171 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
NOT-FOR-US: Adobe Flash Player
CVE-2016-4170
@@ -6812,8 +6870,8 @@
[wheezy] - systemd <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=972612
NOTE: Introduced by: https://github.com/systemd/systemd/commit/a606871da508995f5ede113a8fc6538afd98966c (v213)
- NOTE: Starting with 215 Debian no longer ships tmpfiles.d/systemd.conf, so the fixup upstream added as
- NOTE: https://github.com/systemd/systemd/commit/afae249efa4774c6676738ac5de6aeb4daf4889f for persistent journals
+ NOTE: Starting with 215 Debian no longer ships tmpfiles.d/systemd.conf, so the fixup upstream added as
+ NOTE: https://github.com/systemd/systemd/commit/afae249efa4774c6676738ac5de6aeb4daf4889f for persistent journals
NOTE: is not needed for the packaged version. Anyone using a custom config needs to ensure proper permissions
CVE-2016-7921
REJECTED
@@ -8488,106 +8546,106 @@
RESERVED
CVE-2016-3288
RESERVED
-CVE-2016-3287
- RESERVED
-CVE-2016-3286
- RESERVED
+CVE-2016-3287 (Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT ...)
+ TODO: check
+CVE-2016-3286 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
+ TODO: check
CVE-2016-3285
RESERVED
-CVE-2016-3284
- RESERVED
-CVE-2016-3283
- RESERVED
-CVE-2016-3282
- RESERVED
-CVE-2016-3281
- RESERVED
-CVE-2016-3280
- RESERVED
-CVE-2016-3279
- RESERVED
-CVE-2016-3278
- RESERVED
-CVE-2016-3277
- RESERVED
-CVE-2016-3276
- RESERVED
+CVE-2016-3284 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 ...)
+ TODO: check
+CVE-2016-3283 (Microsoft Word Viewer allows remote attackers to execute arbitrary ...)
+ TODO: check
+CVE-2016-3282 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 ...)
+ TODO: check
+CVE-2016-3281 (Microsoft Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT ...)
+ TODO: check
+CVE-2016-3280 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 ...)
+ TODO: check
+CVE-2016-3279 (Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word ...)
+ TODO: check
+CVE-2016-3278 (Microsoft Outlook 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 allows ...)
+ TODO: check
+CVE-2016-3277 (Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote ...)
+ TODO: check
+CVE-2016-3276 (Microsoft Internet Explorer 11 and Microsoft Edge allow remote ...)
+ TODO: check
CVE-2016-3275
RESERVED
-CVE-2016-3274
- RESERVED
-CVE-2016-3273
- RESERVED
-CVE-2016-3272
- RESERVED
-CVE-2016-3271
- RESERVED
+CVE-2016-3274 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow ...)
+ TODO: check
+CVE-2016-3273 (The XSS Filter in Microsoft Internet Explorer 9 through 11 and ...)
+ TODO: check
+CVE-2016-3272 (The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, ...)
+ TODO: check
+CVE-2016-3271 (The VBScript engine in Microsoft Edge allows remote attackers to ...)
+ TODO: check
CVE-2016-3270
RESERVED
-CVE-2016-3269
- RESERVED
+CVE-2016-3269 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
+ TODO: check
CVE-2016-3268
RESERVED
CVE-2016-3267
RESERVED
CVE-2016-3266
RESERVED
-CVE-2016-3265
- RESERVED
-CVE-2016-3264
- RESERVED
+CVE-2016-3265 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
+ TODO: check
+CVE-2016-3264 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow ...)
+ TODO: check
CVE-2016-3263
RESERVED
CVE-2016-3262
RESERVED
-CVE-2016-3261
- RESERVED
-CVE-2016-3260
- RESERVED
-CVE-2016-3259
- RESERVED
-CVE-2016-3258
- RESERVED
+CVE-2016-3261 (Microsoft Internet Explorer 11 allows remote attackers to obtain ...)
+ TODO: check
+CVE-2016-3260 (The Microsoft (1) JScript 9, (2) VBScript, and (3) Chakra JavaScript ...)
+ TODO: check
+CVE-2016-3259 (The Microsoft (1) JScript 9, (2) VBScript, and (3) Chakra JavaScript ...)
+ TODO: check
+CVE-2016-3258 (Race condition in the kernel in Microsoft Windows 8.1, Windows Server ...)
+ TODO: check
CVE-2016-3257
RESERVED
-CVE-2016-3256
- RESERVED
-CVE-2016-3255
- RESERVED
-CVE-2016-3254
- RESERVED
+CVE-2016-3256 (Microsoft Windows 10 Gold and 1511 allows local users to bypass the ...)
+ TODO: check
+CVE-2016-3255 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 ...)
+ TODO: check
+CVE-2016-3254 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
+ TODO: check
CVE-2016-3253
RESERVED
-CVE-2016-3252
- RESERVED
-CVE-2016-3251
- RESERVED
-CVE-2016-3250
- RESERVED
-CVE-2016-3249
- RESERVED
-CVE-2016-3248
- RESERVED
+CVE-2016-3252 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
+ TODO: check
+CVE-2016-3251 (The GDI component in the kernel-mode drivers in Microsoft Windows ...)
+ TODO: check
+CVE-2016-3250 (The kernel-mode drivers in Microsoft Windows Server 2012 and Windows ...)
+ TODO: check
+CVE-2016-3249 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
+ TODO: check
+CVE-2016-3248 (The Microsoft (1) JScript 9, (2) VBScript, and (3) Chakra JavaScript ...)
+ TODO: check
CVE-2016-3247
RESERVED
-CVE-2016-3246
- RESERVED
-CVE-2016-3245
- RESERVED
-CVE-2016-3244
- RESERVED
-CVE-2016-3243
- RESERVED
-CVE-2016-3242
- RESERVED
-CVE-2016-3241
- RESERVED
-CVE-2016-3240
- RESERVED
-CVE-2016-3239
- RESERVED
-CVE-2016-3238
- RESERVED
+CVE-2016-3246 (Microsoft Edge allows remote attackers to execute arbitrary code or ...)
+ TODO: check
+CVE-2016-3245 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2016-3244 (Microsoft Edge allows remote attackers to bypass the ASLR protection ...)
+ TODO: check
+CVE-2016-3243 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
+ TODO: check
+CVE-2016-3242 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2016-3241 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2016-3240 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2016-3239 (The Print Spooler service in Microsoft Windows Vista SP2, Windows ...)
+ TODO: check
+CVE-2016-3238 (The Print Spooler service in Microsoft Windows Vista SP2, Windows ...)
+ TODO: check
CVE-2016-3237
RESERVED
CVE-2016-3236 (The Web Proxy Auto Discovery (WPAD) protocol implementation in ...)
@@ -8654,8 +8712,8 @@
TODO: check
CVE-2016-3205 (The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as ...)
TODO: check
-CVE-2016-3204
- RESERVED
+CVE-2016-3204 (The Microsoft (1) JScript 5.8 and 9 and (2) VBScript 5.7 and 5.8 ...)
+ TODO: check
CVE-2016-3203 (Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 ...)
TODO: check
CVE-2016-3202 (The Microsoft (1) Chakra JavaScript, (2) JScript, and (3) VBScript ...)
@@ -11966,8 +12024,8 @@
RESERVED
CVE-2016-2220
RESERVED
-CVE-2016-2219
- RESERVED
+CVE-2016-2219 (Cross-site scripting (XSS) vulnerability in the management interface ...)
+ TODO: check
CVE-2016-2218
RESERVED
CVE-2016-2224 [denial of service while parsing compressed items]
@@ -12002,10 +12060,10 @@
NOT-FOR-US: Symantec
CVE-2016-2207 (The AntiVirus Decomposer engine in Symantec Advanced Threat Protection ...)
NOT-FOR-US: Symantec
-CVE-2016-2206
- RESERVED
-CVE-2016-2205
- RESERVED
+CVE-2016-2206 (The management console in Symantec Workspace Streaming (SWS) 7.5.x ...)
+ TODO: check
+CVE-2016-2205 (Directory traversal vulnerability in the file-download configuration ...)
+ TODO: check
CVE-2016-2204 (The management console on Symantec Messaging Gateway (SMG) Appliance ...)
NOT-FOR-US: Symantec
CVE-2016-2203 (The management console on Symantec Messaging Gateway (SMG) Appliance ...)
@@ -14889,8 +14947,8 @@
RESERVED
CVE-2016-1446
RESERVED
-CVE-2016-1445
- RESERVED
+CVE-2016-1445 (Cisco Adaptive Security Appliance (ASA) Software 8.2 through 9.4.3.3 ...)
+ TODO: check
CVE-2016-1444 (The Mobile and Remote Access (MRA) component in Cisco TelePresence ...)
TODO: check
CVE-2016-1443 (The virtual network stack on Cisco AMP Threat Grid Appliance devices ...)
@@ -34777,8 +34835,7 @@
[wheezy] - openssl <not-affected> (Only affects 1.0.2)
[squeeze] - openssl <not-affected> (Only affects 1.0.2)
NOTE: https://www.openssl.org/news/secadv/20151203.txt
-CVE-2015-3192
- RESERVED
+CVE-2015-3192 (Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not ...)
- libspring-java 4.1.9-1 (low; bug #796137)
[wheezy] - libspring-java <no-dsa> (Minor issue)
[jessie] - libspring-java <no-dsa> (Minor issue)
More information about the Secure-testing-commits
mailing list