[Secure-testing-commits] r43269 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Mon Jul 18 21:10:12 UTC 2016
Author: sectracker
Date: 2016-07-18 21:10:12 +0000 (Mon, 18 Jul 2016)
New Revision: 43269
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-07-18 20:39:38 UTC (rev 43268)
+++ data/CVE/list 2016-07-18 21:10:12 UTC (rev 43269)
@@ -1,3 +1,71 @@
+CVE-2016-6247
+ RESERVED
+CVE-2016-6246
+ RESERVED
+CVE-2016-6245
+ RESERVED
+CVE-2016-6244
+ RESERVED
+CVE-2016-6243
+ RESERVED
+CVE-2016-6242
+ RESERVED
+CVE-2016-6241
+ RESERVED
+CVE-2016-6240
+ RESERVED
+CVE-2016-6239
+ RESERVED
+CVE-2016-6238
+ RESERVED
+CVE-2016-6237
+ RESERVED
+CVE-2016-6236
+ RESERVED
+CVE-2016-6235
+ RESERVED
+CVE-2016-6234
+ RESERVED
+CVE-2016-6231
+ RESERVED
+CVE-2016-6230
+ RESERVED
+CVE-2016-6229
+ RESERVED
+CVE-2016-6228
+ RESERVED
+CVE-2016-6227
+ RESERVED
+CVE-2016-6226
+ RESERVED
+CVE-2016-6225
+ RESERVED
+CVE-2016-6222
+ RESERVED
+CVE-2016-6221
+ RESERVED
+CVE-2016-6220
+ RESERVED
+CVE-2016-6219
+ RESERVED
+CVE-2016-6218
+ RESERVED
+CVE-2016-1000110
+ RESERVED
+CVE-2016-1000109
+ RESERVED
+CVE-2016-1000107
+ RESERVED
+CVE-2016-1000106
+ RESERVED
+CVE-2016-1000105
+ RESERVED
+CVE-2016-1000103
+ RESERVED
+CVE-2016-1000102
+ RESERVED
+CVE-2016-1000027
+ RESERVED
CVE-2016-XXXX [write files via POST]
- libupnp <unfixed>
NOTE: https://twitter.com/mjg59/status/755062278513319936
@@ -4,12 +72,14 @@
NOTE: Proposed fix: https://github.com/mjg59/pupnp-code/commit/be0a01bdb83395d9f3a5ea09c1308a4f1a972cbd
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/07/18/13
CVE-2016-6233 [ZF2016-02: Potential SQL injection in ORDER and GROUP statements of Zend_Db_Select]
+ RESERVED
- zendframework 1.12.19+dfsg-1
[jessie] - zendframework <not-affected> (introduced after 1.12.9)
[wheezy] - zendframework <not-affected> (introduced after 1.12.9)
NOTE: http://framework.zend.com/security/advisory/ZF2016-02
NOTE: https://github.com/zendframework/zf1/commit/bf3f40605be3d8f136a07ae991079a7dcb34d967
CVE-2016-6232
+ RESERVED
- karchive <unfixed>
- kde4libs <unfixed>
NOTE: https://git.reviewboard.kde.org/r/128185/
@@ -123,12 +193,14 @@
- gdk-pixbuf <unfixed>
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/07/13/11
CVE-2016-6224 [ecryptfs-setup-swap improperly configures encrypted swap when using GPT partitioning on a NVMe or MMC drive]
+ RESERVED
- ecryptfs-utils <not-affected> (Broken code not present; incomplete fix for CVE-2015-8946 not applied)
NOTE: Actually due to an incomplete fix of LP#1447282
NOTE: https://launchpad.net/bugs/1597154
NOTE: https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/882
NOTE: http://www.openwall.com/lists/oss-security/2016/07/13/2
CVE-2015-8946 [ecryptfs-setup-swap improperly configures encrypted swap when using GPT partitioning]
+ RESERVED
- ecryptfs-utils 111-1
[wheezy] - ecryptfs-utils <no-dsa> (Only happens if using systemd v207 onward)
NOTE: https://launchpad.net/bugs/1447282
@@ -143,6 +215,7 @@
NOTE: Different issue than CVE-2016-6132
NOTE: http://www.openwall.com/lists/oss-security/2016/07/13/5
CVE-2016-6223 [tiff: information leak in libtiff/tif_read.c]
+ RESERVED
- tiff 4.0.6-2
- tiff3 <removed>
NOTE: http://www.openwall.com/lists/oss-security/2016/07/13/3
@@ -157,6 +230,7 @@
- linux <unfixed>
CVE-2016-6186 [XSS in admin's add/change related popup]
RESERVED
+ {DSA-3622-1}
- python-django <unfixed>
NOTE: https://www.djangoproject.com/weblog/2016/jul/18/security-releases/
CVE-2016-1000009
@@ -1057,14 +1131,14 @@
RESERVED
CVE-2016-5808
RESERVED
-CVE-2016-5807
- RESERVED
+CVE-2016-5807 (Tollgrade LightHouse SMS before 5.1 patch 3 allows remote ...)
+ TODO: check
CVE-2016-5806
RESERVED
CVE-2016-5805
RESERVED
-CVE-2016-5804
- RESERVED
+CVE-2016-5804 (Moxa MGate MB3180 before 1.8, MGate MB3280 before 2.7, MGate MB3480 ...)
+ TODO: check
CVE-2016-5803
RESERVED
CVE-2016-5802
@@ -1077,8 +1151,8 @@
RESERVED
CVE-2016-5798
RESERVED
-CVE-2016-5797
- RESERVED
+CVE-2016-5797 (Tollgrade LightHouse SMS before 5.1 patch 3 provides different error ...)
+ TODO: check
CVE-2016-5796
RESERVED
CVE-2016-5795
@@ -1091,14 +1165,14 @@
RESERVED
CVE-2016-5791
RESERVED
-CVE-2016-5790
- RESERVED
+CVE-2016-5790 (Tollgrade LightHouse SMS before 5.1 patch 3 allows remote attackers to ...)
+ TODO: check
CVE-2016-5789
RESERVED
CVE-2016-5788
RESERVED
-CVE-2016-5787
- RESERVED
+CVE-2016-5787 (General Electric (GE) Digital Proficy HMI/SCADA - CIMPLICITY before ...)
+ TODO: check
CVE-2016-5786
RESERVED
CVE-2016-5785
@@ -1612,10 +1686,10 @@
RESERVED
CVE-2016-5662
RESERVED
-CVE-2016-5661
- RESERVED
-CVE-2016-5660
- RESERVED
+CVE-2016-5661 (Accela Civic Platform Citizen Access portal relies on the client to ...)
+ TODO: check
+CVE-2016-5660 (Cross-site scripting (XSS) vulnerability in AttachmentsList.aspx in ...)
+ TODO: check
CVE-2016-5659
RESERVED
CVE-2016-5658
@@ -1661,8 +1735,8 @@
RESERVED
CVE-2016-5638
RESERVED
-CVE-2016-5637
- RESERVED
+CVE-2016-5637 (The restore_tqb_pixels function in libbpg 0.9.5 through 0.9.7 ...)
+ TODO: check
CVE-2016-1000003
RESERVED
CVE-2016-5727
@@ -2230,10 +2304,13 @@
- tomcat7 <unfixed>
- tomcat6 <unfixed>
CVE-2016-1000111
+ RESERVED
- twisted <unfixed>
CVE-2016-1000108
+ RESERVED
- yaws <unfixed>
CVE-2016-1000104
+ RESERVED
- libapache2-mod-fcgid <unfixed>
CVE-2016-5387
RESERVED
@@ -5092,8 +5169,8 @@
RESERVED
CVE-2016-4530 (OSIsoft PI SQL Data Access Server (aka OLE DB) 2016 1.5 allows remote ...)
TODO: check
-CVE-2016-4529
- RESERVED
+CVE-2016-4529 (An unspecified ActiveX control in Schneider Electric SoMachine HVAC ...)
+ TODO: check
CVE-2016-4528 (Buffer overflow in Advantech WebAccess before 8.1_20160519 allows ...)
TODO: check
CVE-2016-4527 (ABB PCM600 before 2.7 improperly stores PCM600 authentication ...)
@@ -5110,8 +5187,8 @@
RESERVED
CVE-2016-4521 (Sixnet BT-5xxx and BT-6xxx M2M devices before 3.8.21 and 3.9.x before ...)
NOT-FOR-US: Sixnet
-CVE-2016-4520
- RESERVED
+CVE-2016-4520 (Schneider Electric Pelco Digital Sentry Video Management System with ...)
+ TODO: check
CVE-2016-4519 (Stack-based buffer overflow in Unitronics VisiLogic OPLC IDE before ...)
TODO: check
CVE-2016-4518 (OSIsoft PI AF Server before 2016 2.8.0 allows remote authenticated ...)
@@ -5772,8 +5849,8 @@
RESERVED
CVE-2016-4373
RESERVED
-CVE-2016-4372
- RESERVED
+CVE-2016-4372 (HPE iMC PLAT before 7.2 E0403P04, iMC EAD before 7.2 E0405P05, iMC APM ...)
+ TODO: check
CVE-2016-4371 (HPE Service Manager Software 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, ...)
NOT-FOR-US: HPE Service Manager
CVE-2016-4370 (HPE Project and Portfolio Management Center (PPM) 9.2x and 9.3x before ...)
@@ -9335,8 +9412,8 @@
RESERVED
CVE-2016-3040
RESERVED
-CVE-2016-3039
- RESERVED
+CVE-2016-3039 (IBM Traveler 8.x and 9.x before 9.0.1.12 allows remote authenticated ...)
+ TODO: check
CVE-2016-3038
RESERVED
CVE-2016-3037
@@ -9683,8 +9760,8 @@
TODO: check
CVE-2016-2866
RESERVED
-CVE-2016-2865
- RESERVED
+CVE-2016-2865 (The GIT Integration component in IBM Rational Team Concert (RTC) 5.x ...)
+ TODO: check
CVE-2016-2864
RESERVED
CVE-2016-2863 (Cross-site request forgery (CSRF) vulnerability in IBM WebSphere ...)
@@ -15033,34 +15110,34 @@
RESERVED
CVE-2016-1460
RESERVED
-CVE-2016-1459
- RESERVED
+CVE-2016-1459 (Cisco IOS 12.4 and 15.0 through 15.5 and IOS XE 3.13 through 3.17 ...)
+ TODO: check
CVE-2016-1458
RESERVED
CVE-2016-1457
RESERVED
-CVE-2016-1456
- RESERVED
+CVE-2016-1456 (The CLI in Cisco IOS XR 6.x through 6.0.1 allows local users to ...)
+ TODO: check
CVE-2016-1455
RESERVED
CVE-2016-1454
RESERVED
CVE-2016-1453
RESERVED
-CVE-2016-1452
- RESERVED
-CVE-2016-1451
- RESERVED
-CVE-2016-1450
- RESERVED
-CVE-2016-1449
- RESERVED
-CVE-2016-1448
- RESERVED
-CVE-2016-1447
- RESERVED
-CVE-2016-1446
- RESERVED
+CVE-2016-1452 (Cisco ASR 5000 devices with software 18.3 through 20.0.0 allow remote ...)
+ TODO: check
+CVE-2016-1451 (Cross-site scripting (XSS) vulnerability in the web-based management ...)
+ TODO: check
+CVE-2016-1450 (Cisco WebEx Meetings Server 2.6 allows remote authenticated users to ...)
+ TODO: check
+CVE-2016-1449 (Cross-site scripting (XSS) vulnerability in Cisco WebEx Meetings ...)
+ TODO: check
+CVE-2016-1448 (Cross-site request forgery (CSRF) vulnerability in Cisco WebEx ...)
+ TODO: check
+CVE-2016-1447 (Cross-site scripting (XSS) vulnerability in the administrator ...)
+ TODO: check
+CVE-2016-1446 (SQL injection vulnerability in Cisco WebEx Meetings Server 2.6 allows ...)
+ TODO: check
CVE-2016-1445 (Cisco Adaptive Security Appliance (ASA) Software 8.2 through 9.4.3.3 ...)
TODO: check
CVE-2016-1444 (The Mobile and Remote Access (MRA) component in Cisco TelePresence ...)
@@ -15099,8 +15176,8 @@
TODO: check
CVE-2016-1427 (The System Configuration Protocol (SCP) core messaging interface in ...)
TODO: check
-CVE-2016-1426
- RESERVED
+CVE-2016-1426 (Cisco IOS XR 5.x through 5.2.5 on NCS 6000 devices allows remote ...)
+ TODO: check
CVE-2016-1425 (Cisco IOS 15.0(2)SG5, 15.1(2)SG3, 15.2(1)E, 15.3(3)S, and 15.4(1.13)S ...)
TODO: check
CVE-2016-1424 (Cisco IOS 15.2(1)T1.11 and 15.2(2)TST allows remote attackers to cause ...)
@@ -18733,8 +18810,8 @@
RESERVED
CVE-2016-0394
RESERVED
-CVE-2016-0393
- RESERVED
+CVE-2016-0393 (IBM Maximo Asset Management 7.5 before 7.5.0.10-TIV-MBS-IFIX002 and ...)
+ TODO: check
CVE-2016-0392 (IBM General Parallel File System (GPFS) in GPFS Storage Server 2.0.0 ...)
TODO: check
CVE-2016-0391 (The IBM Watson Developer Cloud services on Bluemix platforms do not ...)
@@ -18805,8 +18882,8 @@
TODO: check
CVE-2016-0358
RESERVED
-CVE-2016-0357
- RESERVED
+CVE-2016-0357 (IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through ...)
+ TODO: check
CVE-2016-0356
RESERVED
CVE-2016-0355
@@ -18839,12 +18916,12 @@
RESERVED
CVE-2016-0341 (IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B ...)
NOT-FOR-US: IBM
-CVE-2016-0340
- RESERVED
-CVE-2016-0339
- RESERVED
-CVE-2016-0338
- RESERVED
+CVE-2016-0340 (IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through ...)
+ TODO: check
+CVE-2016-0339 (IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through ...)
+ TODO: check
+CVE-2016-0338 (IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through ...)
+ TODO: check
CVE-2016-0337
RESERVED
CVE-2016-0336
@@ -18859,8 +18936,8 @@
RESERVED
CVE-2016-0331
RESERVED
-CVE-2016-0330
- RESERVED
+CVE-2016-0330 (IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through ...)
+ TODO: check
CVE-2016-0329
RESERVED
CVE-2016-0328
@@ -18877,8 +18954,8 @@
NOT-FOR-US: IBM
CVE-2016-0322 (Cross-site scripting (XSS) vulnerability in IBM Connections 4.0 ...)
NOT-FOR-US: IBM
-CVE-2016-0321
- RESERVED
+CVE-2016-0321 (IBM Personal Communications (aka PCOMM) 6.x before 6.0.17 and 12.x ...)
+ TODO: check
CVE-2016-0320
RESERVED
CVE-2016-0319
@@ -18981,8 +19058,8 @@
TODO: check
CVE-2016-0270
RESERVED
-CVE-2016-0269
- RESERVED
+CVE-2016-0269 (Cross-site scripting (XSS) vulnerability in IBM BigFix Platform 9.x ...)
+ TODO: check
CVE-2016-0268
RESERVED
CVE-2016-0267 (IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and ...)
@@ -36944,7 +37021,7 @@
CVE-2015-2576 (Unspecified vulnerability in the MySQL Utilities component in Oracle ...)
NOT-FOR-US: MySQL Utilities component of MySQL on Windows
CVE-2015-2575 (Unspecified vulnerability in the MySQL Connectors component in Oracle ...)
- {DLA-526-1}
+ {DSA-3621-1 DLA-526-1}
- mysql-connector-java 5.1.37-1
CVE-2015-2574 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users ...)
NOT-FOR-US: Oracle Sun Solaris
@@ -38754,8 +38831,8 @@
NOT-FOR-US: IBM
CVE-2015-1978 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Security ...)
NOT-FOR-US: IBM
-CVE-2015-1977
- RESERVED
+CVE-2015-1977 (Directory traversal vulnerability in the Web Administration tool in ...)
+ TODO: check
CVE-2015-1976
RESERVED
CVE-2015-1975
More information about the Secure-testing-commits
mailing list