[Secure-testing-commits] r42428 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Thu Jun 9 21:10:11 UTC 2016
Author: sectracker
Date: 2016-06-09 21:10:11 +0000 (Thu, 09 Jun 2016)
New Revision: 42428
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-06-09 20:35:27 UTC (rev 42427)
+++ data/CVE/list 2016-06-09 21:10:11 UTC (rev 42428)
@@ -3,12 +3,14 @@
[jessie] - haproxy <not-affected> (Issue introduced in 1.6.0)
NOTE: Fixed by: http://git.haproxy.org/?p=haproxy-1.6.git;a=commit;h=60f01f8c89e4fb2723d5a9f2046286e699567e0b
CVE-2016-5338 [scsi: esp: OOB r/w access while processing ESP_FIFO]
+ RESERVED
- qemu <unfixed>
- qemu-kvm <removed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1343323
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg01507.html
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=ff589551c8e8e9e95e211b9d8daafb4ed39f1aec
CVE-2016-5337 [scsi: megasas: information leakage in megasas_ctrl_get_info]
+ RESERVED
- qemu <unfixed>
[wheezy] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <not-affected> (Vulnerable code not present)
@@ -984,8 +986,7 @@
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-14/
CVE-2016-5092
RESERVED
-CVE-2016-5108 [crash and potential code execution when processing QuickTime IMA files]
- RESERVED
+CVE-2016-5108 (Buffer overflow in the DecodeAdpcmImaQT function in ...)
{DSA-3598-1}
- vlc 2.2.3-2 (bug #825728)
[wheezy] - vlc <end-of-life> (Unsupported in wheezy-lts)
@@ -2469,8 +2470,8 @@
NOT-FOR-US: McAfee VirusScan Console
CVE-2016-4533
RESERVED
-CVE-2016-4532
- RESERVED
+CVE-2016-4532 (Directory traversal vulnerability in the WAP interface in Trihedral ...)
+ TODO: check
CVE-2016-4531
RESERVED
CVE-2016-4530
@@ -2487,8 +2488,8 @@
RESERVED
CVE-2016-4524
RESERVED
-CVE-2016-4523
- RESERVED
+CVE-2016-4523 (The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x ...)
+ TODO: check
CVE-2016-4522
RESERVED
CVE-2016-4521 (Sixnet BT-5xxx and BT-6xxx M2M devices before 3.8.21 and 3.9.x before ...)
@@ -2513,8 +2514,8 @@
RESERVED
CVE-2016-4511
RESERVED
-CVE-2016-4510
- RESERVED
+CVE-2016-4510 (The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x ...)
+ TODO: check
CVE-2016-4509
RESERVED
CVE-2016-4508
@@ -3037,34 +3038,34 @@
RESERVED
CVE-2016-4371
RESERVED
-CVE-2016-4370
- RESERVED
-CVE-2016-4369
- RESERVED
-CVE-2016-4368
- RESERVED
-CVE-2016-4367
- RESERVED
-CVE-2016-4366
- RESERVED
-CVE-2016-4365
- RESERVED
-CVE-2016-4364
- RESERVED
-CVE-2016-4363
- RESERVED
-CVE-2016-4362
- RESERVED
-CVE-2016-4361
- RESERVED
-CVE-2016-4360
- RESERVED
-CVE-2016-4359
- RESERVED
-CVE-2016-4358
- RESERVED
-CVE-2016-4357
- RESERVED
+CVE-2016-4370 (HPE Project and Portfolio Management Center (PPM) 9.2x and 9.3x before ...)
+ TODO: check
+CVE-2016-4369 (HPE Discovery and Dependency Mapping Inventory (DDMi) 9.30, 9.31, ...)
+ TODO: check
+CVE-2016-4368 (HPE Universal CMDB 10.0 through 10.21, Universal CMDB Configuration ...)
+ TODO: check
+CVE-2016-4367 (The Universal Discovery component in HPE Universal CMDB 10.0, 10.01, ...)
+ TODO: check
+CVE-2016-4366 (HPE Systems Insight Manager (SIM) before 7.5.1 allows remote attackers ...)
+ TODO: check
+CVE-2016-4365 (HPE Insight Control server deployment allows remote attackers to ...)
+ TODO: check
+CVE-2016-4364 (HPE Insight Control server deployment allows local users to gain ...)
+ TODO: check
+CVE-2016-4363 (HPE Insight Control server deployment allows remote attackers to ...)
+ TODO: check
+CVE-2016-4362 (HPE Insight Control server deployment allows remote authenticated ...)
+ TODO: check
+CVE-2016-4361 (HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 ...)
+ TODO: check
+CVE-2016-4360 (HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 ...)
+ TODO: check
+CVE-2016-4359 (HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 ...)
+ TODO: check
+CVE-2016-4358 (HPE Matrix Operating Environment before 7.5.1 allows remote attackers ...)
+ TODO: check
+CVE-2016-4357 (HPE Matrix Operating Environment before 7.5.1 allows remote ...)
+ TODO: check
CVE-2016-4351 (SQL injection vulnerability in the authentication functionality in ...)
NOT-FOR-US: Trend Micro
CVE-2016-4350 (Multiple SQL injection vulnerabilities in the Web Services web server ...)
@@ -4736,8 +4737,7 @@
- curl <unfixed> (unimportant)
NOTE: only relevant when built with mbedTLS/PolarSSL
NOTE: Source-wise fixed in 7.49.0
-CVE-2016-3738
- RESERVED
+CVE-2016-3738 (Red Hat OpenShift Enterprise 3.2 does not properly restrict access to ...)
NOT-FOR-US: OpenShift Enterprise
CVE-2016-3737
RESERVED
@@ -4847,8 +4847,7 @@
NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: http://xenbits.xen.org/xsa/advisory-179.html
NOTE: mitigation: run HVM in stubdomains, PV, default video card not vulnerable, i386-only
-CVE-2016-3711 [Setting cookie containing internal IP address of a pod]
- RESERVED
+CVE-2016-3711 (HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin ...)
NOT-FOR-US: OpenShift
CVE-2016-3710 (The VGA module in QEMU improperly performs bounds checking on banked ...)
{DSA-3573-1}
@@ -4863,8 +4862,7 @@
NOTE: mitigation: run HVM in stubdomains, PV, default video card not vulnerable, i386-only
CVE-2016-3709
RESERVED
-CVE-2016-3708
- RESERVED
+CVE-2016-3708 (Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and ...)
NOT-FOR-US: OpenShiftEnterprise / Red Hat
CVE-2016-3707 [Sending SysRq command via ICMP echo request]
RESERVED
@@ -4888,8 +4886,7 @@
CVE-2016-3704
RESERVED
NOT-FOR-US: Pulp (Red Hat)
-CVE-2016-3703
- RESERVED
+CVE-2016-3703 (Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the ...)
NOT-FOR-US: OpenShift
CVE-2016-3702
RESERVED
@@ -7123,6 +7120,7 @@
- firefox 47.0-1
CVE-2016-2831
RESERVED
+ {DSA-3600-1}
- firefox-esr 45.2.0esr-1
- firefox 47.0-1
CVE-2016-2830
@@ -7135,6 +7133,7 @@
- firefox 47.0-1
CVE-2016-2828
RESERVED
+ {DSA-3600-1}
- firefox-esr 45.2.0esr-1
- firefox 47.0-1
CVE-2016-2827
@@ -7155,10 +7154,12 @@
RESERVED
CVE-2016-2822
RESERVED
+ {DSA-3600-1}
- firefox-esr 45.2.0esr-1
- firefox 47.0-1
CVE-2016-2821
RESERVED
+ {DSA-3600-1}
- firefox-esr 45.2.0esr-1
- firefox 47.0-1
CVE-2016-2820 (The Firefox Health Reports (aka FHR or about:healthreport) feature in ...)
@@ -7168,10 +7169,12 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-48/
CVE-2016-2819
RESERVED
+ {DSA-3600-1}
- firefox-esr 45.2.0esr-1
- firefox 47.0-1
CVE-2016-2818
RESERVED
+ {DSA-3600-1}
- firefox-esr 45.2.0esr-1
- firefox 47.0-1
CVE-2016-2817 (The WebExtension sandbox feature in ...)
@@ -8761,6 +8764,7 @@
CVE-2016-2336
RESERVED
CVE-2016-2335 (The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp in 7zip ...)
+ {DSA-3599-1}
- p7zip 15.14.1+dfsg-2 (bug #824160)
NOTE: http://www.talosintel.com/reports/TALOS-2016-0094/
CVE-2016-2334 [Heap-buffer-overflow vulnerability]
@@ -8975,8 +8979,8 @@
TODO: check other versions (newest 1.3.23 is vulnerable according to reporter)
CVE-2016-2311 (Black Box AlertWerks ServSensor with firmware before SP473, AlertWerks ...)
NOT-FOR-US: AlertWerks
-CVE-2016-2310
- RESERVED
+CVE-2016-2310 (General Electric (GE) Multilink ML800, ML1200, ML1600, and ML2400 ...)
+ TODO: check
CVE-2016-2309 (iRZ RUH2 before 2b does not validate firmware patches, which allows ...)
NOT-FOR-US: iRZ RUH2
CVE-2016-2308
@@ -9285,12 +9289,12 @@
RESERVED
CVE-2015-8801
RESERVED
-CVE-2015-8800
- RESERVED
-CVE-2015-8799
- RESERVED
-CVE-2015-8798
- RESERVED
+CVE-2015-8800 (Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x ...)
+ TODO: check
+CVE-2015-8799 (Directory traversal vulnerability in the Management Server in Symantec ...)
+ TODO: check
+CVE-2015-8798 (Directory traversal vulnerability in the Management Server in Symantec ...)
+ TODO: check
CVE-2016-4009 (Integer overflow in the ImagingResampleHorizontal function in ...)
- pillow 3.1.1-1
[jessie] - pillow <not-affected>
@@ -9476,8 +9480,7 @@
TODO: check, possibly only 2.x
CVE-2016-2161
RESERVED
-CVE-2016-2160
- RESERVED
+CVE-2016-2160 (Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote ...)
NOT-FOR-US: OpenShift
CVE-2016-2159 (The save_submission function in mod/assign/externallib.php in Moodle ...)
- moodle 2.7.13+dfsg-1
@@ -9501,8 +9504,7 @@
RESERVED
{DSA-3596-1}
- spice <unfixed> (bug #826584)
-CVE-2016-2149
- RESERVED
+CVE-2016-2149 (Red Hat OpenShift Enterprise 3.2 allows remote authenticated users to ...)
NOT-FOR-US: OpenShift
CVE-2016-2148 [heap overflow in OPTION_6RD parsing]
RESERVED
@@ -9529,8 +9531,7 @@
[wheezy] - linux <no-dsa> (Architecture not supported in Wheezy LTS)
NOTE: Fixed by: https://git.kernel.org/linus/3446c13b268af86391d06611327006b059b8bab1 (v4.5)
NOTE: Introduced in: https://git.kernel.org/linus/6252d702c5311ce916caf75ed82e5c8245171c92 (v2.6.25-rc1)
-CVE-2016-2142
- RESERVED
+CVE-2016-2142 (Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on ...)
NOT-FOR-US: OpenShift
CVE-2016-2141
RESERVED
@@ -9902,8 +9903,8 @@
RESERVED
CVE-2016-2079
RESERVED
-CVE-2016-2078
- RESERVED
+CVE-2016-2078 (Cross-site scripting (XSS) vulnerability in the Web Client in VMware ...)
+ TODO: check
CVE-2016-2077 (VMware Workstation 11.x before 11.1.3 and VMware Player 7.x before ...)
NOT-FOR-US: VMware
CVE-2016-2076 (Client Integration Plugin (CIP) in VMware vCenter Server 5.5 U3a, U3b, ...)
@@ -10133,34 +10134,34 @@
RESERVED
CVE-2016-2031
RESERVED
-CVE-2016-2030
- RESERVED
-CVE-2016-2029
- RESERVED
-CVE-2016-2028
- RESERVED
-CVE-2016-2027
- RESERVED
-CVE-2016-2026
- RESERVED
+CVE-2016-2030 (HPE Systems Insight Manager (SIM) before 7.5.1 allows remote ...)
+ TODO: check
+CVE-2016-2029 (HPE Matrix Operating Environment before 7.5.1 allows remote attackers ...)
+ TODO: check
+CVE-2016-2028 (HPE Matrix Operating Environment before 7.5.1 allows remote ...)
+ TODO: check
+CVE-2016-2027 (HPE Matrix Operating Environment before 7.5.1 allows remote attackers ...)
+ TODO: check
+CVE-2016-2026 (HPE Matrix Operating Environment before 7.5.1 allows remote attackers ...)
+ TODO: check
CVE-2016-2025 (HPE Service Manager 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 ...)
NOT-FOR-US: HPE
-CVE-2016-2024
- RESERVED
+CVE-2016-2024 (HPE Insight Control before 7.5.1 allow remote attackers to obtain ...)
+ TODO: check
CVE-2016-2023 (HPE RESTful Interface Tool 1.40 allows local users to obtain sensitive ...)
NOT-FOR-US: HPE
-CVE-2016-2022
- RESERVED
-CVE-2016-2021
- RESERVED
-CVE-2016-2020
- RESERVED
-CVE-2016-2019
- RESERVED
-CVE-2016-2018
- RESERVED
-CVE-2016-2017
- RESERVED
+CVE-2016-2022 (HPE Systems Insight Manager (SIM) before 7.5.1 allows remote ...)
+ TODO: check
+CVE-2016-2021 (HPE Systems Insight Manager (SIM) before 7.5.1 allows remote ...)
+ TODO: check
+CVE-2016-2020 (HPE Systems Insight Manager (SIM) before 7.5.1 allows remote ...)
+ TODO: check
+CVE-2016-2019 (HPE Systems Insight Manager (SIM) before 7.5.1 allows remote ...)
+ TODO: check
+CVE-2016-2018 (HPE Systems Insight Manager (SIM) before 7.5.1 allows remote attackers ...)
+ TODO: check
+CVE-2016-2017 (HPE Systems Insight Manager (SIM) before 7.5.1 allows remote ...)
+ TODO: check
CVE-2016-2016 (Base-VxFS-50 B.05.00.01 through B.05.00.02, Base-VxFS-501 B.05.01.0 ...)
NOT-FOR-US: HPE
CVE-2016-2015 (HPE System Management Homepage before 7.5.5 allows local users to ...)
@@ -12194,8 +12195,8 @@
RESERVED
CVE-2016-1419
RESERVED
-CVE-2016-1418
- RESERVED
+CVE-2016-1418 (Cisco Aironet Access Point Software 8.2(100.0) on 1830e, 1830i, 1850e, ...)
+ TODO: check
CVE-2016-1417
RESERVED
CVE-2016-1416
@@ -12220,8 +12221,8 @@
NOT-FOR-US: Cisco
CVE-2016-1406 (The API web interface in Cisco Prime Infrastructure before 3.1 and ...)
NOT-FOR-US: Cisco
-CVE-2016-1405
- RESERVED
+CVE-2016-1405 (libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware ...)
+ TODO: check
CVE-2016-1404 (Cisco UCS Invicta 4.3, 4.5, and 5.0.1 on Invicta appliances and ...)
NOT-FOR-US: Cisco
CVE-2016-1403 (CISCO IP 8800 phones with software 11.0.1 and earlier allow local ...)
@@ -17664,8 +17665,8 @@
[wheezy] - ntp <no-dsa> (minor issue)
NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
NOTE: http://support.ntp.org/bin/view/Main/NtpBug2948
-CVE-2015-8157
- RESERVED
+CVE-2015-8157 (SQL injection vulnerability in the Management Server in Symantec ...)
+ TODO: check
CVE-2015-8156 (Unquoted Windows search path vulnerability in EEDService in Symantec ...)
NOT-FOR-US: Symantec
CVE-2015-8155
@@ -36316,7 +36317,7 @@
NOTE: http://bugs.ntp.org/show_bug.cgi?id=2779
NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#ntpd_accepts_unauthenticated_pac
CVE-2015-1797
- RESERVED
+ REJECTED
CVE-2015-1796 (The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 ...)
- libopensaml2-java <removed> (bug #780383)
[jessie] - libopensaml2-java <no-dsa> (Minor issue)
More information about the Secure-testing-commits
mailing list