[Secure-testing-commits] r42428 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Thu Jun 9 21:10:11 UTC 2016


Author: sectracker
Date: 2016-06-09 21:10:11 +0000 (Thu, 09 Jun 2016)
New Revision: 42428

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-06-09 20:35:27 UTC (rev 42427)
+++ data/CVE/list	2016-06-09 21:10:11 UTC (rev 42428)
@@ -3,12 +3,14 @@
 	[jessie] - haproxy <not-affected> (Issue introduced in 1.6.0)
 	NOTE: Fixed by: http://git.haproxy.org/?p=haproxy-1.6.git;a=commit;h=60f01f8c89e4fb2723d5a9f2046286e699567e0b
 CVE-2016-5338 [scsi: esp: OOB r/w access while processing ESP_FIFO]
+	RESERVED
 	- qemu <unfixed>
 	- qemu-kvm <removed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1343323
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg01507.html
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=ff589551c8e8e9e95e211b9d8daafb4ed39f1aec
 CVE-2016-5337 [scsi: megasas: information leakage in megasas_ctrl_get_info]
+	RESERVED
 	- qemu <unfixed>
 	[wheezy] - qemu <not-affected> (Vulnerable code not present)
 	- qemu-kvm <not-affected> (Vulnerable code not present)
@@ -984,8 +986,7 @@
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-14/
 CVE-2016-5092
 	RESERVED
-CVE-2016-5108 [crash and potential code execution when processing QuickTime IMA files]
-	RESERVED
+CVE-2016-5108 (Buffer overflow in the DecodeAdpcmImaQT function in ...)
 	{DSA-3598-1}
 	- vlc 2.2.3-2 (bug #825728)
 	[wheezy] - vlc <end-of-life> (Unsupported in wheezy-lts)
@@ -2469,8 +2470,8 @@
 	NOT-FOR-US: McAfee VirusScan Console
 CVE-2016-4533
 	RESERVED
-CVE-2016-4532
-	RESERVED
+CVE-2016-4532 (Directory traversal vulnerability in the WAP interface in Trihedral ...)
+	TODO: check
 CVE-2016-4531
 	RESERVED
 CVE-2016-4530
@@ -2487,8 +2488,8 @@
 	RESERVED
 CVE-2016-4524
 	RESERVED
-CVE-2016-4523
-	RESERVED
+CVE-2016-4523 (The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x ...)
+	TODO: check
 CVE-2016-4522
 	RESERVED
 CVE-2016-4521 (Sixnet BT-5xxx and BT-6xxx M2M devices before 3.8.21 and 3.9.x before ...)
@@ -2513,8 +2514,8 @@
 	RESERVED
 CVE-2016-4511
 	RESERVED
-CVE-2016-4510
-	RESERVED
+CVE-2016-4510 (The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x ...)
+	TODO: check
 CVE-2016-4509
 	RESERVED
 CVE-2016-4508
@@ -3037,34 +3038,34 @@
 	RESERVED
 CVE-2016-4371
 	RESERVED
-CVE-2016-4370
-	RESERVED
-CVE-2016-4369
-	RESERVED
-CVE-2016-4368
-	RESERVED
-CVE-2016-4367
-	RESERVED
-CVE-2016-4366
-	RESERVED
-CVE-2016-4365
-	RESERVED
-CVE-2016-4364
-	RESERVED
-CVE-2016-4363
-	RESERVED
-CVE-2016-4362
-	RESERVED
-CVE-2016-4361
-	RESERVED
-CVE-2016-4360
-	RESERVED
-CVE-2016-4359
-	RESERVED
-CVE-2016-4358
-	RESERVED
-CVE-2016-4357
-	RESERVED
+CVE-2016-4370 (HPE Project and Portfolio Management Center (PPM) 9.2x and 9.3x before ...)
+	TODO: check
+CVE-2016-4369 (HPE Discovery and Dependency Mapping Inventory (DDMi) 9.30, 9.31, ...)
+	TODO: check
+CVE-2016-4368 (HPE Universal CMDB 10.0 through 10.21, Universal CMDB Configuration ...)
+	TODO: check
+CVE-2016-4367 (The Universal Discovery component in HPE Universal CMDB 10.0, 10.01, ...)
+	TODO: check
+CVE-2016-4366 (HPE Systems Insight Manager (SIM) before 7.5.1 allows remote attackers ...)
+	TODO: check
+CVE-2016-4365 (HPE Insight Control server deployment allows remote attackers to ...)
+	TODO: check
+CVE-2016-4364 (HPE Insight Control server deployment allows local users to gain ...)
+	TODO: check
+CVE-2016-4363 (HPE Insight Control server deployment allows remote attackers to ...)
+	TODO: check
+CVE-2016-4362 (HPE Insight Control server deployment allows remote authenticated ...)
+	TODO: check
+CVE-2016-4361 (HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 ...)
+	TODO: check
+CVE-2016-4360 (HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 ...)
+	TODO: check
+CVE-2016-4359 (HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 ...)
+	TODO: check
+CVE-2016-4358 (HPE Matrix Operating Environment before 7.5.1 allows remote attackers ...)
+	TODO: check
+CVE-2016-4357 (HPE Matrix Operating Environment before 7.5.1 allows remote ...)
+	TODO: check
 CVE-2016-4351 (SQL injection vulnerability in the authentication functionality in ...)
 	NOT-FOR-US: Trend Micro
 CVE-2016-4350 (Multiple SQL injection vulnerabilities in the Web Services web server ...)
@@ -4736,8 +4737,7 @@
 	- curl <unfixed> (unimportant)
 	NOTE: only relevant when built with mbedTLS/PolarSSL
 	NOTE: Source-wise fixed in 7.49.0
-CVE-2016-3738
-	RESERVED
+CVE-2016-3738 (Red Hat OpenShift Enterprise 3.2 does not properly restrict access to ...)
 	NOT-FOR-US: OpenShift Enterprise
 CVE-2016-3737
 	RESERVED
@@ -4847,8 +4847,7 @@
 	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: http://xenbits.xen.org/xsa/advisory-179.html
 	NOTE: mitigation: run HVM in stubdomains, PV, default video card not vulnerable, i386-only
-CVE-2016-3711 [Setting cookie containing internal IP address of a pod]
-	RESERVED
+CVE-2016-3711 (HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin ...)
 	NOT-FOR-US: OpenShift
 CVE-2016-3710 (The VGA module in QEMU improperly performs bounds checking on banked ...)
 	{DSA-3573-1}
@@ -4863,8 +4862,7 @@
 	NOTE: mitigation: run HVM in stubdomains, PV, default video card not vulnerable, i386-only
 CVE-2016-3709
 	RESERVED
-CVE-2016-3708
-	RESERVED
+CVE-2016-3708 (Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and ...)
 	NOT-FOR-US: OpenShiftEnterprise / Red Hat
 CVE-2016-3707 [Sending SysRq command via ICMP echo request]
 	RESERVED
@@ -4888,8 +4886,7 @@
 CVE-2016-3704
 	RESERVED
 	NOT-FOR-US: Pulp (Red Hat)
-CVE-2016-3703
-	RESERVED
+CVE-2016-3703 (Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the ...)
 	NOT-FOR-US: OpenShift
 CVE-2016-3702
 	RESERVED
@@ -7123,6 +7120,7 @@
 	- firefox 47.0-1
 CVE-2016-2831
 	RESERVED
+	{DSA-3600-1}
 	- firefox-esr 45.2.0esr-1
 	- firefox 47.0-1
 CVE-2016-2830
@@ -7135,6 +7133,7 @@
 	- firefox 47.0-1
 CVE-2016-2828
 	RESERVED
+	{DSA-3600-1}
 	- firefox-esr 45.2.0esr-1
 	- firefox 47.0-1
 CVE-2016-2827
@@ -7155,10 +7154,12 @@
 	RESERVED
 CVE-2016-2822
 	RESERVED
+	{DSA-3600-1}
 	- firefox-esr 45.2.0esr-1
 	- firefox 47.0-1
 CVE-2016-2821
 	RESERVED
+	{DSA-3600-1}
 	- firefox-esr 45.2.0esr-1
 	- firefox 47.0-1
 CVE-2016-2820 (The Firefox Health Reports (aka FHR or about:healthreport) feature in ...)
@@ -7168,10 +7169,12 @@
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-48/
 CVE-2016-2819
 	RESERVED
+	{DSA-3600-1}
 	- firefox-esr 45.2.0esr-1
 	- firefox 47.0-1
 CVE-2016-2818
 	RESERVED
+	{DSA-3600-1}
 	- firefox-esr 45.2.0esr-1
 	- firefox 47.0-1
 CVE-2016-2817 (The WebExtension sandbox feature in ...)
@@ -8761,6 +8764,7 @@
 CVE-2016-2336
 	RESERVED
 CVE-2016-2335 (The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp in 7zip ...)
+	{DSA-3599-1}
 	- p7zip 15.14.1+dfsg-2 (bug #824160)
 	NOTE: http://www.talosintel.com/reports/TALOS-2016-0094/
 CVE-2016-2334 [Heap-buffer-overflow vulnerability]
@@ -8975,8 +8979,8 @@
 	TODO: check other versions (newest 1.3.23 is vulnerable according to reporter)
 CVE-2016-2311 (Black Box AlertWerks ServSensor with firmware before SP473, AlertWerks ...)
 	NOT-FOR-US: AlertWerks
-CVE-2016-2310
-	RESERVED
+CVE-2016-2310 (General Electric (GE) Multilink ML800, ML1200, ML1600, and ML2400 ...)
+	TODO: check
 CVE-2016-2309 (iRZ RUH2 before 2b does not validate firmware patches, which allows ...)
 	NOT-FOR-US: iRZ RUH2
 CVE-2016-2308
@@ -9285,12 +9289,12 @@
 	RESERVED
 CVE-2015-8801
 	RESERVED
-CVE-2015-8800
-	RESERVED
-CVE-2015-8799
-	RESERVED
-CVE-2015-8798
-	RESERVED
+CVE-2015-8800 (Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x ...)
+	TODO: check
+CVE-2015-8799 (Directory traversal vulnerability in the Management Server in Symantec ...)
+	TODO: check
+CVE-2015-8798 (Directory traversal vulnerability in the Management Server in Symantec ...)
+	TODO: check
 CVE-2016-4009 (Integer overflow in the ImagingResampleHorizontal function in ...)
 	- pillow 3.1.1-1
 	[jessie] - pillow <not-affected>
@@ -9476,8 +9480,7 @@
 	TODO: check, possibly only 2.x
 CVE-2016-2161
 	RESERVED
-CVE-2016-2160
-	RESERVED
+CVE-2016-2160 (Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote ...)
 	NOT-FOR-US: OpenShift
 CVE-2016-2159 (The save_submission function in mod/assign/externallib.php in Moodle ...)
 	- moodle 2.7.13+dfsg-1
@@ -9501,8 +9504,7 @@
 	RESERVED
 	{DSA-3596-1}
 	- spice <unfixed> (bug #826584)
-CVE-2016-2149
-	RESERVED
+CVE-2016-2149 (Red Hat OpenShift Enterprise 3.2 allows remote authenticated users to ...)
 	NOT-FOR-US: OpenShift
 CVE-2016-2148 [heap overflow in OPTION_6RD parsing]
 	RESERVED
@@ -9529,8 +9531,7 @@
 	[wheezy] - linux <no-dsa> (Architecture not supported in Wheezy LTS)
 	NOTE: Fixed by: https://git.kernel.org/linus/3446c13b268af86391d06611327006b059b8bab1 (v4.5)
 	NOTE: Introduced in: https://git.kernel.org/linus/6252d702c5311ce916caf75ed82e5c8245171c92 (v2.6.25-rc1)
-CVE-2016-2142
-	RESERVED
+CVE-2016-2142 (Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on ...)
 	NOT-FOR-US: OpenShift
 CVE-2016-2141
 	RESERVED
@@ -9902,8 +9903,8 @@
 	RESERVED
 CVE-2016-2079
 	RESERVED
-CVE-2016-2078
-	RESERVED
+CVE-2016-2078 (Cross-site scripting (XSS) vulnerability in the Web Client in VMware ...)
+	TODO: check
 CVE-2016-2077 (VMware Workstation 11.x before 11.1.3 and VMware Player 7.x before ...)
 	NOT-FOR-US: VMware
 CVE-2016-2076 (Client Integration Plugin (CIP) in VMware vCenter Server 5.5 U3a, U3b, ...)
@@ -10133,34 +10134,34 @@
 	RESERVED
 CVE-2016-2031
 	RESERVED
-CVE-2016-2030
-	RESERVED
-CVE-2016-2029
-	RESERVED
-CVE-2016-2028
-	RESERVED
-CVE-2016-2027
-	RESERVED
-CVE-2016-2026
-	RESERVED
+CVE-2016-2030 (HPE Systems Insight Manager (SIM) before 7.5.1 allows remote ...)
+	TODO: check
+CVE-2016-2029 (HPE Matrix Operating Environment before 7.5.1 allows remote attackers ...)
+	TODO: check
+CVE-2016-2028 (HPE Matrix Operating Environment before 7.5.1 allows remote ...)
+	TODO: check
+CVE-2016-2027 (HPE Matrix Operating Environment before 7.5.1 allows remote attackers ...)
+	TODO: check
+CVE-2016-2026 (HPE Matrix Operating Environment before 7.5.1 allows remote attackers ...)
+	TODO: check
 CVE-2016-2025 (HPE Service Manager 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 ...)
 	NOT-FOR-US: HPE
-CVE-2016-2024
-	RESERVED
+CVE-2016-2024 (HPE Insight Control before 7.5.1 allow remote attackers to obtain ...)
+	TODO: check
 CVE-2016-2023 (HPE RESTful Interface Tool 1.40 allows local users to obtain sensitive ...)
 	NOT-FOR-US: HPE
-CVE-2016-2022
-	RESERVED
-CVE-2016-2021
-	RESERVED
-CVE-2016-2020
-	RESERVED
-CVE-2016-2019
-	RESERVED
-CVE-2016-2018
-	RESERVED
-CVE-2016-2017
-	RESERVED
+CVE-2016-2022 (HPE Systems Insight Manager (SIM) before 7.5.1 allows remote ...)
+	TODO: check
+CVE-2016-2021 (HPE Systems Insight Manager (SIM) before 7.5.1 allows remote ...)
+	TODO: check
+CVE-2016-2020 (HPE Systems Insight Manager (SIM) before 7.5.1 allows remote ...)
+	TODO: check
+CVE-2016-2019 (HPE Systems Insight Manager (SIM) before 7.5.1 allows remote ...)
+	TODO: check
+CVE-2016-2018 (HPE Systems Insight Manager (SIM) before 7.5.1 allows remote attackers ...)
+	TODO: check
+CVE-2016-2017 (HPE Systems Insight Manager (SIM) before 7.5.1 allows remote ...)
+	TODO: check
 CVE-2016-2016 (Base-VxFS-50 B.05.00.01 through B.05.00.02, Base-VxFS-501 B.05.01.0 ...)
 	NOT-FOR-US: HPE
 CVE-2016-2015 (HPE System Management Homepage before 7.5.5 allows local users to ...)
@@ -12194,8 +12195,8 @@
 	RESERVED
 CVE-2016-1419
 	RESERVED
-CVE-2016-1418
-	RESERVED
+CVE-2016-1418 (Cisco Aironet Access Point Software 8.2(100.0) on 1830e, 1830i, 1850e, ...)
+	TODO: check
 CVE-2016-1417
 	RESERVED
 CVE-2016-1416
@@ -12220,8 +12221,8 @@
 	NOT-FOR-US: Cisco
 CVE-2016-1406 (The API web interface in Cisco Prime Infrastructure before 3.1 and ...)
 	NOT-FOR-US: Cisco
-CVE-2016-1405
-	RESERVED
+CVE-2016-1405 (libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware ...)
+	TODO: check
 CVE-2016-1404 (Cisco UCS Invicta 4.3, 4.5, and 5.0.1 on Invicta appliances and ...)
 	NOT-FOR-US: Cisco
 CVE-2016-1403 (CISCO IP 8800 phones with software 11.0.1 and earlier allow local ...)
@@ -17664,8 +17665,8 @@
 	[wheezy] - ntp <no-dsa> (minor issue)
 	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
 	NOTE: http://support.ntp.org/bin/view/Main/NtpBug2948
-CVE-2015-8157
-	RESERVED
+CVE-2015-8157 (SQL injection vulnerability in the Management Server in Symantec ...)
+	TODO: check
 CVE-2015-8156 (Unquoted Windows search path vulnerability in EEDService in Symantec ...)
 	NOT-FOR-US: Symantec
 CVE-2015-8155
@@ -36316,7 +36317,7 @@
 	NOTE: http://bugs.ntp.org/show_bug.cgi?id=2779
 	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#ntpd_accepts_unauthenticated_pac
 CVE-2015-1797
-	RESERVED
+	REJECTED
 CVE-2015-1796 (The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 ...)
 	- libopensaml2-java <removed> (bug #780383)
 	[jessie] - libopensaml2-java <no-dsa> (Minor issue)




More information about the Secure-testing-commits mailing list