[Secure-testing-commits] r42835 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Mon Jun 27 21:10:15 UTC 2016
Author: sectracker
Date: 2016-06-27 21:10:15 +0000 (Mon, 27 Jun 2016)
New Revision: 42835
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-06-27 19:50:44 UTC (rev 42834)
+++ data/CVE/list 2016-06-27 21:10:15 UTC (rev 42835)
@@ -1,40 +1,306 @@
+CVE-2016-5849
+ RESERVED
+CVE-2016-5848
+ RESERVED
+CVE-2016-5847
+ RESERVED
+CVE-2016-5846
+ RESERVED
+CVE-2016-5845
+ RESERVED
+CVE-2016-5843
+ RESERVED
+CVE-2016-5840
+ RESERVED
+CVE-2016-5831
+ RESERVED
+CVE-2016-5830
+ RESERVED
+CVE-2016-5822
+ RESERVED
+CVE-2016-5821
+ RESERVED
+CVE-2016-5820
+ RESERVED
+CVE-2016-5819
+ RESERVED
+CVE-2016-5818
+ RESERVED
+CVE-2016-5817
+ RESERVED
+CVE-2016-5816
+ RESERVED
+CVE-2016-5815
+ RESERVED
+CVE-2016-5814
+ RESERVED
+CVE-2016-5813
+ RESERVED
+CVE-2016-5812
+ RESERVED
+CVE-2016-5811
+ RESERVED
+CVE-2016-5810
+ RESERVED
+CVE-2016-5809
+ RESERVED
+CVE-2016-5808
+ RESERVED
+CVE-2016-5807
+ RESERVED
+CVE-2016-5806
+ RESERVED
+CVE-2016-5805
+ RESERVED
+CVE-2016-5804
+ RESERVED
+CVE-2016-5803
+ RESERVED
+CVE-2016-5802
+ RESERVED
+CVE-2016-5801
+ RESERVED
+CVE-2016-5800
+ RESERVED
+CVE-2016-5799
+ RESERVED
+CVE-2016-5798
+ RESERVED
+CVE-2016-5797
+ RESERVED
+CVE-2016-5796
+ RESERVED
+CVE-2016-5795
+ RESERVED
+CVE-2016-5794
+ RESERVED
+CVE-2016-5793
+ RESERVED
+CVE-2016-5792
+ RESERVED
+CVE-2016-5791
+ RESERVED
+CVE-2016-5790
+ RESERVED
+CVE-2016-5789
+ RESERVED
+CVE-2016-5788
+ RESERVED
+CVE-2016-5787
+ RESERVED
+CVE-2016-5786
+ RESERVED
+CVE-2016-5785
+ RESERVED
+CVE-2016-5784
+ RESERVED
+CVE-2016-5783
+ RESERVED
+CVE-2016-5782
+ RESERVED
+CVE-2016-5781
+ RESERVED
+CVE-2016-5780
+ RESERVED
+CVE-2016-5779
+ RESERVED
+CVE-2016-5778
+ RESERVED
+CVE-2016-5777
+ RESERVED
+CVE-2016-5776
+ RESERVED
+CVE-2016-5775
+ RESERVED
+CVE-2016-5774
+ RESERVED
+CVE-2016-5765
+ RESERVED
+CVE-2016-5764
+ RESERVED
+CVE-2016-5763
+ RESERVED
+CVE-2016-5762
+ RESERVED
+CVE-2016-5761
+ RESERVED
+CVE-2016-5760
+ RESERVED
+CVE-2016-5759
+ RESERVED
+CVE-2016-5758
+ RESERVED
+CVE-2016-5757
+ RESERVED
+CVE-2016-5756
+ RESERVED
+CVE-2016-5755
+ RESERVED
+CVE-2016-5754
+ RESERVED
+CVE-2016-5753
+ RESERVED
+CVE-2016-5752
+ RESERVED
+CVE-2016-5751
+ RESERVED
+CVE-2016-5750
+ RESERVED
+CVE-2016-5749
+ RESERVED
+CVE-2016-5748
+ RESERVED
+CVE-2016-5747
+ RESERVED
+CVE-2016-5746
+ RESERVED
+CVE-2016-5745
+ RESERVED
+CVE-2015-8944
+ RESERVED
+CVE-2015-8943
+ RESERVED
+CVE-2015-8942
+ RESERVED
+CVE-2015-8941
+ RESERVED
+CVE-2015-8940
+ RESERVED
+CVE-2015-8939
+ RESERVED
+CVE-2015-8938
+ RESERVED
+CVE-2015-8937
+ RESERVED
+CVE-2014-9904 (The snd_compress_check_input function in sound/core/compress_offload.c ...)
+ TODO: check
+CVE-2014-9903 (The sched_read_attr function in kernel/sched/core.c in the Linux ...)
+ TODO: check
+CVE-2014-9902
+ RESERVED
+CVE-2014-9901
+ RESERVED
+CVE-2014-9900
+ RESERVED
+CVE-2014-9899
+ RESERVED
+CVE-2014-9898
+ RESERVED
+CVE-2014-9897
+ RESERVED
+CVE-2014-9896
+ RESERVED
+CVE-2014-9895
+ RESERVED
+CVE-2014-9894
+ RESERVED
+CVE-2014-9893
+ RESERVED
+CVE-2014-9892
+ RESERVED
+CVE-2014-9891
+ RESERVED
+CVE-2014-9890
+ RESERVED
+CVE-2014-9889
+ RESERVED
+CVE-2014-9888
+ RESERVED
+CVE-2014-9887
+ RESERVED
+CVE-2014-9886
+ RESERVED
+CVE-2014-9885
+ RESERVED
+CVE-2014-9884
+ RESERVED
+CVE-2014-9883
+ RESERVED
+CVE-2014-9882
+ RESERVED
+CVE-2014-9881
+ RESERVED
+CVE-2014-9880
+ RESERVED
+CVE-2014-9879
+ RESERVED
+CVE-2014-9878
+ RESERVED
+CVE-2014-9877
+ RESERVED
+CVE-2014-9876
+ RESERVED
+CVE-2014-9875
+ RESERVED
+CVE-2014-9874
+ RESERVED
+CVE-2014-9873
+ RESERVED
+CVE-2014-9872
+ RESERVED
+CVE-2014-9871
+ RESERVED
+CVE-2014-9870
+ RESERVED
+CVE-2014-9869
+ RESERVED
+CVE-2014-9868
+ RESERVED
+CVE-2014-9867
+ RESERVED
+CVE-2014-9866
+ RESERVED
+CVE-2014-9865
+ RESERVED
+CVE-2014-9864
+ RESERVED
+CVE-2014-9863
+ RESERVED
CVE-2016-5844
+ RESERVED
- libarchive 3.2.1-1
NOTE: https://github.com/libarchive/libarchive/issues/717#event-697151157
NOTE: https://github.com/libarchive/libarchive/commit/3ad08e01b4d253c66ae56414886089684155af22
CVE-2016-5842
+ RESERVED
- imagemagick <unfixed>
NOTE: Details: http://www.openwall.com/lists/oss-security/2016/06/23/1
NOTE: https://github.com/ImageMagick/ImageMagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b
CVE-2016-5841
+ RESERVED
- imagemagick <unfixed>
NOTE: Details: http://www.openwall.com/lists/oss-security/2016/06/23/1
NOTE: https://github.com/ImageMagick/ImageMagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b
-CVE-2016-5829 [HID: hiddev buffer overflows]
+CVE-2016-5829 (Multiple heap-based buffer overflows in the hiddev_ioctl_usage ...)
- linux <unfixed>
NOTE: Fixed by: https://git.kernel.org/linus/93a2001bdfd5376c3dc2158653034c20392d15c5
-CVE-2016-5828 [powerpc/tm: Always reclaim in start_thread() for exec() class syscalls]
+CVE-2016-5828 (The start_thread function in arch/powerpc/kernel/process.c in the ...)
- linux <unfixed>
[wheezy] - linux <not-affected> (Introduced in v3.10-rc1)
NOTE: https://patchwork.ozlabs.org/patch/636776/
NOTE: Introduced in https://git.kernel.org/linus/bc2a9408fa65195288b41751016c36fd00a75a85 (v3.10-rc1)
CVE-2016-5827
+ RESERVED
- libical <unfixed>
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1281043
TODO: check
CVE-2016-5826
+ RESERVED
- libical <unfixed>
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1281041
TODO: check
CVE-2016-5825
+ RESERVED
- libical <unfixed>
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1280832
TODO: check
CVE-2016-5824
+ RESERVED
- libical <unfixed>
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1275400
TODO: check
CVE-2016-5823
+ RESERVED
- libical <unfixed>
TODO: check
CVE-2016-5744
@@ -42,42 +308,53 @@
CVE-2016-5743
RESERVED
CVE-2016-5839 [... some less secure sanitize_file_name edge cases]
+ RESERVED
- wordpress 4.5.3+dfsg-1
NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
CVE-2016-5838 [password change via stolen cookie]
+ RESERVED
- wordpress 4.5.3+dfsg-1
NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
CVE-2016-5837 [unauthorized category removal from a post]
+ RESERVED
- wordpress 4.5.3+dfsg-1
NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
CVE-2016-5836 [oEmbed denial of service]
+ RESERVED
- wordpress 4.5.3+dfsg-1
NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
CVE-2016-5835 [revision history information disclosure]
+ RESERVED
- wordpress 4.5.3+dfsg-1
NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
CVE-2016-5834 [XSS problem via attachment name]
+ RESERVED
- wordpress 4.5.3+dfsg-1
NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
CVE-2016-5833 [XSS problem via attachment name]
+ RESERVED
- wordpress 4.5.3+dfsg-1
NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
CVE-2016-5832 [redirect bypass in the customizer]
+ RESERVED
- wordpress 4.5.3+dfsg-1
NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
CVE-2016-5773 [ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize]
+ RESERVED
- php7.0 7.0.8-1
- php5 5.6.23+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72434
NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=f6aef68089221c5ea047d4a74224ee3deead99a6
NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8
CVE-2016-5772 [Double Free Courruption in wddx_deserialize]
+ RESERVED
- php7.0 7.0.8-1
- php5 5.6.23+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72340
NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=a44c89e8af7c2410f4bfc5e097be2a5d0639a60c
NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8
CVE-2016-5771 [Use After Free Vulnerability in PHP's GC algorithm and unserialize]
+ RESERVED
- php7.0 <undetermined>
- php5 5.6.23+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72433
@@ -85,24 +362,28 @@
NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8
TODO: check if really affects 7.x, CVE assignment claims not
CVE-2016-5770 [int/size_t confusion in SplFileObject::fread]
+ RESERVED
- php7.0 7.0.8-1
- php5 5.6.23+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72262
NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=7245bff300d3fa8bacbef7897ff080a6f1c23eba
NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8
CVE-2016-5769 [Heap Overflow due to integer overflows]
+ RESERVED
- php7.0 7.0.8-1
- php5 5.6.23+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72455
NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=6c5211a0cef0cc2854eaa387e0eb036e012904d0
NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8
CVE-2016-5768 [_php_mb_regex_ereg_replace_exec - double free]
+ RESERVED
- php7.0 7.0.8-1
- php5 5.6.23+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72402
NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=5b597a2e5b28e2d5a52fc1be13f425f08f47cb62
NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8
CVE-2016-5767 [Integer Overflow in gdImagePaletteToTrueColor() resulting heap overflow]
+ RESERVED
- php7.0 7.0.8-1 (unimportant)
- php5 5.6.23+dfsg-1 (unimportant)
NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
@@ -112,6 +393,7 @@
- libgd2 2.0.34~rc1-1
NOTE: Fixed by: https://github.com/libgd/libgd/commit/cfee163a5e848fc3e3fb1d05a30d7557cdd36457 (GD_2_0_34RC1)
CVE-2016-5766 [Integer Overflow in _gd2GetHeader() resulting in heap overflow]
+ RESERVED
- php7.0 7.0.8-1 (unimportant)
- php5 5.6.23+dfsg-1 (unimportant)
NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
@@ -150,6 +432,7 @@
[wheezy] - phpmyadmin <no-dsa> (Minor issue)
CVE-2016-5742 [SQL injection in MovableType xml-rpc interface]
RESERVED
+ {DLA-532-1}
- movabletype-opensource <removed>
NOTE: https://movabletype.org/news/2016/06/movable_type_626_and_613_released.html
NOTE: http://www.openwall.com/lists/oss-security/2016/06/22/3
@@ -159,8 +442,8 @@
NOT-FOR-US: Openstack-infra puppet-gerrit module
CVE-2016-5729
RESERVED
-CVE-2016-5728
- RESERVED
+CVE-2016-5728 (Race condition in the vop_ioctl function in ...)
+ TODO: check
CVE-2015-8936 [squidguard reflected XSS]
RESERVED
{DLA-524-1}
@@ -171,10 +454,10 @@
RESERVED
CVE-2016-5724
RESERVED
-CVE-2016-5723
- RESERVED
-CVE-2016-5722
- RESERVED
+CVE-2016-5723 (Huawei FusionInsight HD before V100R002C60SPC200 allows local users to ...)
+ TODO: check
+CVE-2016-5722 (OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 V3, and ...)
+ TODO: check
CVE-2016-5721
RESERVED
CVE-2016-5720
@@ -199,8 +482,8 @@
RESERVED
CVE-2016-5710
RESERVED
-CVE-2016-5709
- RESERVED
+CVE-2016-5709 (SolarWinds Virtualization Manager 6.3.1 and earlier uses weak ...)
+ TODO: check
CVE-2016-5708
RESERVED
CVE-2016-5707
@@ -782,8 +1065,8 @@
RESERVED
CVE-2016-5436
RESERVED
-CVE-2016-5435
- RESERVED
+CVE-2016-5435 (Memory leak in Huawei IPS Module, NGFW Module, NIP6300, NIP6600, and ...)
+ TODO: check
CVE-2016-XXXX [SA-CORE-2016-002 -- User module -- Saving user accounts can sometimes grant the user all roles]
- drupal7 7.44-1
[jessie] - drupal7 7.32-1+deb8u7
@@ -1464,13 +1747,11 @@
CVE-2016-5300 (The XML parser in Expat does not use sufficient entropy for hash ...)
{DSA-3597-1 DLA-508-1}
- expat 2.1.1-3
-CVE-2016-5244 [rds: fix an infoleak in rds_inc_info_copy]
- RESERVED
+CVE-2016-5244 (The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel ...)
{DLA-516-1}
- linux 4.6.2-1
NOTE: https://patchwork.ozlabs.org/patch/629110/
-CVE-2016-5243 [tipc: an infoleak in tipc_nl_compat_link_dump]
- RESERVED
+CVE-2016-5243 (The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in ...)
{DLA-516-1}
- linux 4.6.2-1
NOTE: https://patchwork.ozlabs.org/patch/629100/
@@ -2127,8 +2408,8 @@
RESERVED
CVE-2016-5088
RESERVED
-CVE-2016-5087
- RESERVED
+CVE-2016-5087 (Alertus Desktop Notification before 2.9.31.1710 on OS X uses weak ...)
+ TODO: check
CVE-2016-5086
RESERVED
CVE-2016-5085
@@ -2221,8 +2502,8 @@
RESERVED
CVE-2016-5022
RESERVED
-CVE-2016-5021
- RESERVED
+CVE-2016-5021 (The iControl REST service in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ...)
+ TODO: check
CVE-2016-5020
RESERVED
CVE-2016-5019
@@ -2940,20 +3221,20 @@
RESERVED
CVE-2016-4829
RESERVED
-CVE-2016-4828
- RESERVED
-CVE-2016-4827
- RESERVED
-CVE-2016-4826
- RESERVED
-CVE-2016-4825
- RESERVED
-CVE-2016-4824
- RESERVED
-CVE-2016-4823
- RESERVED
-CVE-2016-4822
- RESERVED
+CVE-2016-4828 (The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress ...)
+ TODO: check
+CVE-2016-4827 (Cross-site scripting (XSS) vulnerability in the Collne Welcart ...)
+ TODO: check
+CVE-2016-4826 (Cross-site scripting (XSS) vulnerability in the Collne Welcart ...)
+ TODO: check
+CVE-2016-4825 (The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows ...)
+ TODO: check
+CVE-2016-4824 (The Wi-Fi Protected Setup (WPS) implementation on Corega CG-WLR300GNV ...)
+ TODO: check
+CVE-2016-4823 (Corega CG-WLBARAGM devices allow remote attackers to cause a denial of ...)
+ TODO: check
+CVE-2016-4822 (Corega CG-WLBARGL devices allow remote authenticated users to execute ...)
+ TODO: check
CVE-2016-4821 (I-O DATA DEVICE ETX-R devices allow remote attackers to cause a denial ...)
TODO: check
CVE-2016-4820 (Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE ...)
@@ -3004,8 +3285,8 @@
RESERVED
CVE-2016-4803
RESERVED
-CVE-2016-4802
- RESERVED
+CVE-2016-4802 (Multiple untrusted search path vulnerabilities in cURL and libcurl ...)
+ TODO: check
CVE-2016-4801
RESERVED
CVE-2016-4800
@@ -3673,14 +3954,14 @@
TODO: check
CVE-2016-4529
RESERVED
-CVE-2016-4528
- RESERVED
+CVE-2016-4528 (Buffer overflow in Advantech WebAccess before 8.1_20160519 allows ...)
+ TODO: check
CVE-2016-4527 (ABB PCM600 before 2.7 improperly stores PCM600 authentication ...)
NOT-FOR-US: ABB PCM600
CVE-2016-4526
RESERVED
-CVE-2016-4525
- RESERVED
+CVE-2016-4525 (Unspecified ActiveX controls in Advantech WebAccess before ...)
+ TODO: check
CVE-2016-4524 (ABB PCM600 before 2.7 improperly stores OPC Server IEC61850 passwords ...)
NOT-FOR-US: ABB PCM600
CVE-2016-4523 (The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x ...)
@@ -3691,8 +3972,8 @@
NOT-FOR-US: Sixnet
CVE-2016-4520
RESERVED
-CVE-2016-4519
- RESERVED
+CVE-2016-4519 (Stack-based buffer overflow in Unitronics VisiLogic OPLC IDE before ...)
+ TODO: check
CVE-2016-4518 (OSIsoft PI AF Server before 2016 2.8.0 allows remote authenticated ...)
TODO: check
CVE-2016-4517
@@ -3703,8 +3984,8 @@
RESERVED
CVE-2016-4514 (Moxa PT-7728 devices with software 3.4 build 15081113 allow remote ...)
TODO: check
-CVE-2016-4513
- RESERVED
+CVE-2016-4513 (Cross-site scripting (XSS) vulnerability in the Schneider Electric ...)
+ TODO: check
CVE-2016-4512
RESERVED
CVE-2016-4511 (ABB PCM600 before 2.7 uses an improper hash algorithm for the main ...)
@@ -4064,8 +4345,7 @@
NOTE: https://sourceforge.net/p/expat/code_git/ci/f0bec73b018caa07d3e75ec8dd967f3785d71bde/tree/expat/lib/xmlparse.c?diff=a238d7ea7a715ef3850c4cbdd86aeda7077b6bbc
CVE-2016-4471
RESERVED
-CVE-2016-4470
- RESERVED
+CVE-2016-4470 (The key_reject_and_link function in security/keys/key.c in the Linux ...)
- linux 4.6.2-2
NOTE: https://www.spinics.net/lists/linux-kernel-janitors/msg26069.html
CVE-2016-4469
@@ -4163,8 +4443,7 @@
[wheezy] - qemu-kvm <no-dsa> (Minor issue; can be fixed along with a future DSA)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03274.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1337505
-CVE-2016-4440 [kvm: vmx: incorrect state update leading to MSR access]
- RESERVED
+CVE-2016-4440 (arch/x86/kvm/vmx.c in the Linux kernel through 4.6.3 mishandles the ...)
- linux 4.5.5-1
[jessie] - linux <not-affected> (Introduced in 4.5)
[wheezy] - linux <not-affected> (Introduced in 4.5)
@@ -5613,8 +5892,8 @@
NOTE: https://www.spinics.net/lists/netdev/msg367669.html
CVE-2016-3950 (Huawei AR3200 routers with software before V200R006C10SPC300 allow ...)
NOT-FOR-US: Huawei AR3200 routers
-CVE-2016-3949
- RESERVED
+CVE-2016-3949 (Siemens SIMATIC S7-300 Profinet-enabled CPU devices with firmware ...)
+ TODO: check
CVE-2016-3959 (The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x ...)
- golang 2:1.6.1-1 (bug #820369)
[jessie] - golang <no-dsa> (Minor issue)
@@ -6175,8 +6454,7 @@
- graphicsmagick 1.3.24-1
NOTE: https://sourceforge.net/p/graphicsmagick/mailman/message/35072963/
NOTE: https://sourceforge.net/p/graphicsmagick/code/ci/45998a25992d1142df201d8cf024b6c948b40748/
-CVE-2016-3713 [kvm: OOB r/w access issue with MSR 0x2F8]
- RESERVED
+CVE-2016-3713 (The msr_mtrr_valid function in arch/x86/kvm/mtrr.c in the Linux kernel ...)
- linux 4.5.4-1
[jessie] - linux <not-affected> (Introduced in v4.2-rc1)
[wheezy] - linux <not-affected> (Introduced in v4.2-rc1)
@@ -6210,8 +6488,7 @@
RESERVED
CVE-2016-3708 (Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and ...)
NOT-FOR-US: OpenShiftEnterprise / Red Hat
-CVE-2016-3707 [Sending SysRq command via ICMP echo request]
- RESERVED
+CVE-2016-3707 (The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org ...)
- linux 3.15~rc5-1~exp1 (unimportant)
NOTE: This is not really fixed in 3.15, but depends on the rt feature set patches applied
NOTE: more details in kernel-sec repository.
@@ -8170,8 +8447,8 @@
RESERVED
CVE-2016-2902
RESERVED
-CVE-2016-2901
- RESERVED
+CVE-2016-2901 (Cross-site request forgery (CSRF) vulnerability in the ...)
+ TODO: check
CVE-2016-2900
RESERVED
CVE-2016-2899
@@ -10939,7 +11216,7 @@
CVE-2016-2151 (user/index.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x ...)
- moodle 2.7.13+dfsg-1
CVE-2016-2150 (SPICE allows local guest OS users to read from or write to arbitrary ...)
- {DSA-3596-1}
+ {DSA-3596-1 DLA-531-1}
- spice 0.12.6-4.1 (bug #826584)
CVE-2016-2149 (Red Hat OpenShift Enterprise 3.2 allows remote authenticated users to ...)
NOT-FOR-US: OpenShift
@@ -13125,8 +13402,7 @@
RESERVED
CVE-2016-1584
RESERVED
-CVE-2016-1583
- RESERVED
+CVE-2016-1583 (The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the ...)
{DLA-516-1}
- linux 4.6.2-1
CVE-2016-1582 (LXD before 2.0.2 does not properly set permissions when switching an ...)
@@ -14553,18 +14829,18 @@
TODO: check
CVE-2016-1194
RESERVED
-CVE-2016-1193
- RESERVED
+CVE-2016-1193 (Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain ...)
+ TODO: check
CVE-2016-1192 (Directory traversal vulnerability in the logging implementation in ...)
TODO: check
CVE-2016-1191 (Directory traversal vulnerability in the Files function in Cybozu ...)
TODO: check
-CVE-2016-1190
- RESERVED
-CVE-2016-1189
- RESERVED
-CVE-2016-1188
- RESERVED
+CVE-2016-1190 (Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to ...)
+ TODO: check
+CVE-2016-1189 (Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated ...)
+ TODO: check
+CVE-2016-1188 (Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated ...)
+ TODO: check
CVE-2016-1187
RESERVED
CVE-2016-1186
@@ -15916,8 +16192,7 @@
RESERVED
CVE-2016-0759
RESERVED
-CVE-2016-0758 [flaw in ASN.1 DER decoder for x509 certificate DER files]
- RESERVED
+CVE-2016-0758 (Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 ...)
- linux 4.5.4-1
[jessie] - linux <no-dsa> (Vulnerable code not built)
[wheezy] - linux <not-affected> (Vulnerable code introduced in v3.10-rc1)
@@ -17447,8 +17722,8 @@
RESERVED
CVE-2016-0302
RESERVED
-CVE-2016-0301
- RESERVED
+CVE-2016-0301 (Heap-based buffer overflow in the KeyView PDF filter in IBM Domino ...)
+ TODO: check
CVE-2016-0300
RESERVED
CVE-2016-0299
@@ -17491,12 +17766,12 @@
RESERVED
CVE-2016-0280
RESERVED
-CVE-2016-0279
- RESERVED
-CVE-2016-0278
- RESERVED
-CVE-2016-0277
- RESERVED
+CVE-2016-0279 (Heap-based buffer overflow in the KeyView PDF filter in IBM Domino ...)
+ TODO: check
+CVE-2016-0278 (Heap-based buffer overflow in the KeyView PDF filter in IBM Domino ...)
+ TODO: check
+CVE-2016-0277 (Heap-based buffer overflow in the KeyView PDF filter in IBM Domino ...)
+ TODO: check
CVE-2016-0276
RESERVED
CVE-2016-0275
@@ -17531,8 +17806,8 @@
RESERVED
CVE-2016-0260
RESERVED
-CVE-2016-0259
- RESERVED
+CVE-2016-0259 (runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to ...)
+ TODO: check
CVE-2016-0258
RESERVED
CVE-2016-0257
@@ -19685,10 +19960,10 @@
NOT-FOR-US: SAP HANA
CVE-2015-7991 (The Web Dispatcher service in SAP HANA DB 1.00.73.00.389160 ...)
NOT-FOR-US: SAP HANA
-CVE-2015-7988
- RESERVED
-CVE-2015-7987
- RESERVED
+CVE-2015-7988 (The handle_regservice_request function in mDNSResponder before ...)
+ TODO: check
+CVE-2015-7987 (Multiple buffer overflows in mDNSResponder before 625.41.2 allow ...)
+ TODO: check
CVE-2015-7986 (The index server (hdbindexserver) in SAP HANA 1.00.095 allows remote ...)
NOT-FOR-US: SAP
CVE-2015-7985 (Valve Steam 2.10.91.91 uses weak permissions (Users: read and write) ...)
@@ -21449,8 +21724,8 @@
RESERVED
CVE-2015-7474
RESERVED
-CVE-2015-7473
- RESERVED
+CVE-2015-7473 (runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to ...)
+ TODO: check
CVE-2015-7472 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...)
NOT-FOR-US: IBM
CVE-2015-7471
More information about the Secure-testing-commits
mailing list