[Secure-testing-commits] r46563 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Fri Nov 25 21:10:27 UTC 2016
Author: sectracker
Date: 2016-11-25 21:10:26 +0000 (Fri, 25 Nov 2016)
New Revision: 46563
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-11-25 21:03:43 UTC (rev 46562)
+++ data/CVE/list 2016-11-25 21:10:26 UTC (rev 46563)
@@ -1,4 +1,359 @@
+CVE-2017-0355
+ RESERVED
+CVE-2017-0354
+ RESERVED
+CVE-2017-0353
+ RESERVED
+CVE-2017-0352
+ RESERVED
+CVE-2017-0351
+ RESERVED
+CVE-2017-0350
+ RESERVED
+CVE-2017-0349
+ RESERVED
+CVE-2017-0348
+ RESERVED
+CVE-2017-0347
+ RESERVED
+CVE-2017-0346
+ RESERVED
+CVE-2017-0345
+ RESERVED
+CVE-2017-0344
+ RESERVED
+CVE-2017-0343
+ RESERVED
+CVE-2017-0342
+ RESERVED
+CVE-2017-0341
+ RESERVED
+CVE-2017-0340
+ RESERVED
+CVE-2017-0339
+ RESERVED
+CVE-2017-0338
+ RESERVED
+CVE-2017-0337
+ RESERVED
+CVE-2017-0336
+ RESERVED
+CVE-2017-0335
+ RESERVED
+CVE-2017-0334
+ RESERVED
+CVE-2017-0333
+ RESERVED
+CVE-2017-0332
+ RESERVED
+CVE-2017-0331
+ RESERVED
+CVE-2017-0330
+ RESERVED
+CVE-2017-0329
+ RESERVED
+CVE-2017-0328
+ RESERVED
+CVE-2017-0327
+ RESERVED
+CVE-2017-0326
+ RESERVED
+CVE-2017-0325
+ RESERVED
+CVE-2017-0324
+ RESERVED
+CVE-2017-0323
+ RESERVED
+CVE-2017-0322
+ RESERVED
+CVE-2017-0321
+ RESERVED
+CVE-2017-0320
+ RESERVED
+CVE-2017-0319
+ RESERVED
+CVE-2017-0318
+ RESERVED
+CVE-2017-0317
+ RESERVED
+CVE-2017-0316
+ RESERVED
+CVE-2017-0315
+ RESERVED
+CVE-2017-0314
+ RESERVED
+CVE-2017-0313
+ RESERVED
+CVE-2017-0312
+ RESERVED
+CVE-2017-0311
+ RESERVED
+CVE-2017-0310
+ RESERVED
+CVE-2017-0309
+ RESERVED
+CVE-2017-0308
+ RESERVED
+CVE-2017-0307
+ RESERVED
+CVE-2017-0306
+ RESERVED
+CVE-2016-9638
+ RESERVED
+CVE-2016-9637
+ RESERVED
+CVE-2016-9620
+ RESERVED
+CVE-2016-9619
+ RESERVED
+CVE-2016-9618
+ RESERVED
+CVE-2016-9617
+ RESERVED
+CVE-2016-9616
+ RESERVED
+CVE-2016-9615
+ RESERVED
+CVE-2016-9614
+ RESERVED
+CVE-2016-9613
+ RESERVED
+CVE-2016-9612
+ RESERVED
+CVE-2016-9611
+ RESERVED
+CVE-2016-9610
+ RESERVED
+CVE-2016-9609
+ RESERVED
+CVE-2016-9608
+ RESERVED
+CVE-2016-9607
+ RESERVED
+CVE-2016-9606
+ RESERVED
+CVE-2016-9605
+ RESERVED
+CVE-2016-9604
+ RESERVED
+CVE-2016-9603
+ RESERVED
+CVE-2016-9602
+ RESERVED
+CVE-2016-9601
+ RESERVED
+CVE-2016-9600
+ RESERVED
+CVE-2016-9599
+ RESERVED
+CVE-2016-9598
+ RESERVED
+CVE-2016-9597
+ RESERVED
+CVE-2016-9596
+ RESERVED
+CVE-2016-9595
+ RESERVED
+CVE-2016-9594
+ RESERVED
+CVE-2016-9593
+ RESERVED
+CVE-2016-9592
+ RESERVED
+CVE-2016-9591
+ RESERVED
+CVE-2016-9590
+ RESERVED
+CVE-2016-9589
+ RESERVED
+CVE-2016-9588
+ RESERVED
+CVE-2016-9587
+ RESERVED
+CVE-2016-9586
+ RESERVED
+CVE-2016-9585
+ RESERVED
+CVE-2016-9584
+ RESERVED
+CVE-2016-9583
+ RESERVED
+CVE-2016-9582
+ RESERVED
+CVE-2016-9581
+ RESERVED
+CVE-2016-9580
+ RESERVED
+CVE-2016-9579
+ RESERVED
+CVE-2016-9578
+ RESERVED
+CVE-2016-9577
+ RESERVED
+CVE-2016-9576
+ RESERVED
+CVE-2016-9575
+ RESERVED
+CVE-2016-9574
+ RESERVED
+CVE-2016-9573
+ RESERVED
+CVE-2016-9572
+ RESERVED
+CVE-2016-9571
+ RESERVED
+CVE-2016-9570
+ RESERVED
+CVE-2016-9569
+ RESERVED
+CVE-2016-9568
+ RESERVED
+CVE-2016-9567 (The mDNIe system service on Samsung Mobile S7 devices with M(6.0) ...)
+ TODO: check
+CVE-2016-9566
+ RESERVED
+CVE-2016-9565
+ RESERVED
+CVE-2016-9564
+ RESERVED
+CVE-2016-9563 (BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated ...)
+ TODO: check
+CVE-2016-9562 (SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of ...)
+ TODO: check
+CVE-2016-9561
+ RESERVED
+CVE-2016-9554
+ RESERVED
+CVE-2016-9553
+ RESERVED
+CVE-2016-9552
+ RESERVED
+CVE-2016-9551
+ RESERVED
+CVE-2016-9550
+ RESERVED
+CVE-2016-9549
+ RESERVED
+CVE-2016-9548
+ RESERVED
+CVE-2016-9547
+ RESERVED
+CVE-2016-9546
+ RESERVED
+CVE-2016-9545
+ RESERVED
+CVE-2016-9544
+ RESERVED
+CVE-2016-9543
+ RESERVED
+CVE-2016-9542
+ RESERVED
+CVE-2016-9541
+ RESERVED
+CVE-2016-9531
+ RESERVED
+CVE-2016-9530
+ RESERVED
+CVE-2016-9529
+ RESERVED
+CVE-2016-9528
+ RESERVED
+CVE-2016-9527
+ RESERVED
+CVE-2016-9526
+ RESERVED
+CVE-2016-9525
+ RESERVED
+CVE-2016-9524
+ RESERVED
+CVE-2016-9523
+ RESERVED
+CVE-2016-9522
+ RESERVED
+CVE-2016-9521
+ RESERVED
+CVE-2016-9520
+ RESERVED
+CVE-2016-9519
+ RESERVED
+CVE-2016-9518
+ RESERVED
+CVE-2016-9517
+ RESERVED
+CVE-2016-9516
+ RESERVED
+CVE-2016-9515
+ RESERVED
+CVE-2016-9514
+ RESERVED
+CVE-2016-9513
+ RESERVED
+CVE-2016-9512
+ RESERVED
+CVE-2016-9511
+ RESERVED
+CVE-2016-9510
+ RESERVED
+CVE-2016-9509
+ RESERVED
+CVE-2016-9508
+ RESERVED
+CVE-2016-9507
+ RESERVED
+CVE-2016-9506
+ RESERVED
+CVE-2016-9505
+ RESERVED
+CVE-2016-9504
+ RESERVED
+CVE-2016-9503
+ RESERVED
+CVE-2016-9502
+ RESERVED
+CVE-2016-9501
+ RESERVED
+CVE-2016-9500
+ RESERVED
+CVE-2016-9499
+ RESERVED
+CVE-2016-9498
+ RESERVED
+CVE-2016-9497
+ RESERVED
+CVE-2016-9496
+ RESERVED
+CVE-2016-9495
+ RESERVED
+CVE-2016-9494
+ RESERVED
+CVE-2016-9493
+ RESERVED
+CVE-2016-9492
+ RESERVED
+CVE-2016-9491
+ RESERVED
+CVE-2016-9490
+ RESERVED
+CVE-2016-9489
+ RESERVED
+CVE-2016-9488
+ RESERVED
+CVE-2016-9487
+ RESERVED
+CVE-2016-9486
+ RESERVED
+CVE-2016-9485
+ RESERVED
+CVE-2016-9484
+ RESERVED
+CVE-2016-9483
+ RESERVED
+CVE-2016-9482
+ RESERVED
+CVE-2014-9912
+ RESERVED
CVE-2016-4412 [phpMyAdmin PMASA-2016-57]
+ RESERVED
- phpmyadmin 4:4.1.7-1
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-57/
NOTE: may affect wheezy only.
@@ -55,6 +410,7 @@
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-71/
NOTE: unlikely PHP configuration required, unclear impact
CVE-2014-9911
+ RESERVED
- icu 55.1-3
NOTE: http://bugs.icu-project.org/trac/ticket/10891
NOTE: Fixed by: http://bugs.icu-project.org/trac/changeset/35699
@@ -64,6 +420,7 @@
- salt 2016.3.0+ds-1
NOTE: http://www.openwall.com/lists/oss-security/2016/11/25/2
CVE-2016-9636
+ RESERVED
{DSA-3724-1 DSA-3723-1}
- gst-plugins-good1.0 1.10.1-2 (bug #845375)
- gst-plugins-good0.10 <removed>
@@ -74,6 +431,7 @@
NOTE: Fixed by (later followed up): https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=45dcd0b9ccf33ed85cdafeb871a3781f5be57fd9
NOTE: Fixed by (later followed up): https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff
CVE-2016-9635
+ RESERVED
{DSA-3724-1 DSA-3723-1}
- gst-plugins-good1.0 1.10.1-2 (bug #845375)
- gst-plugins-good0.10 <removed>
@@ -84,6 +442,7 @@
NOTE: Fixed by (later followed up): https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=45dcd0b9ccf33ed85cdafeb871a3781f5be57fd9
NOTE: Fixed by (later followed up): https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff
CVE-2016-9634
+ RESERVED
{DSA-3724-1 DSA-3723-1}
- gst-plugins-good1.0 1.10.1-2 (bug #845375)
- gst-plugins-good0.10 <removed>
@@ -94,85 +453,102 @@
NOTE: Fixed by (later followed up): https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=45dcd0b9ccf33ed85cdafeb871a3781f5be57fd9
NOTE: Fixed by (later followed up): https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff
CVE-2016-9633
+ RESERVED
- w3m 0.5.3-33
[jessie] - w3m <no-dsa> (Minor issue)
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/23
CVE-2016-9632
+ RESERVED
- w3m 0.5.3-33
[jessie] - w3m <no-dsa> (Minor issue)
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/43
CVE-2016-9631
+ RESERVED
- w3m 0.5.3-33
[jessie] - w3m <no-dsa> (Minor issue)
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/42
CVE-2016-9630
+ RESERVED
- w3m 0.5.3-33
[jessie] - w3m <no-dsa> (Minor issue)
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/41
CVE-2016-9629
+ RESERVED
- w3m 0.5.3-33
[jessie] - w3m <no-dsa> (Minor issue)
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/40
CVE-2016-9628
+ RESERVED
- w3m 0.5.3-33
[jessie] - w3m <no-dsa> (Minor issue)
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/39
CVE-2016-9627
+ RESERVED
- w3m 0.5.3-33
[jessie] - w3m <no-dsa> (Minor issue)
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/38
NOTE: https://github.com/tats/w3m/commit/0c3f5d0e0d9269ad47b8f4b061d7818993913189
CVE-2016-9626
+ RESERVED
- w3m 0.5.3-33
[jessie] - w3m <no-dsa> (Minor issue)
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/37
CVE-2016-9625
+ RESERVED
- w3m 0.5.3-33
[jessie] - w3m <no-dsa> (Minor issue)
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/36
CVE-2016-9624
+ RESERVED
- w3m 0.5.3-33
[jessie] - w3m <no-dsa> (Minor issue)
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/35
CVE-2016-9623
+ RESERVED
- w3m 0.5.3-33
[jessie] - w3m <no-dsa> (Minor issue)
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/33
CVE-2016-9622
+ RESERVED
- w3m 0.5.3-33
[jessie] - w3m <no-dsa> (Minor issue)
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/32
CVE-2016-9621
+ RESERVED
- w3m 0.5.3-33
[jessie] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/29
CVE-2016-9560 [stack-based buffer overflow in jpc_tsfb_getbands2 (jpc_tsfb.c)]
+ RESERVED
- jasper <removed>
NOTE: https://blogs.gentoo.org/ago/2016/11/20/jasper-stack-based-buffer-overflow-in-jpc_tsfb_getbands2-jpc_tsfb-c
NOTE: Fixed by: https://github.com/mdadams/jasper/commit/1abc2e5a401a4bf1d5ca4df91358ce5df111f495
CVE-2016-9558 [negation overflow in dwarf_leb.c]
+ RESERVED
- dwarfutils <unfixed> (bug #845408)
[jessie] - dwarfutils <no-dsa> (Minor issue)
[wheezy] - dwarfutils <no-dsa> (Minor issue)
NOTE: https://blogs.gentoo.org/ago/2016/11/19/libdwarf-negation-overflow-in-dwarf_leb-c
NOTE: Fixed by: https://sourceforge.net/p/libdwarf/code/ci/4f19e1050cd8e9ddf2cb6caa061ff2fec4c9b5f9/#diff-5
CVE-2016-9557 [signed integer overflow in jas_image.c]
+ RESERVED
- jasper <removed>
NOTE: https://blogs.gentoo.org/ago/2016/11/19/jasper-signed-integer-overflow-in-jas_image-c
NOTE: Fixed by: https://github.com/mdadams/jasper/commit/d42b2388f7f8e0332c846675133acea151fc557a
CVE-2016-9555 [net/sctp: slab-out-of-bounds in sctp_sf_ootb]
+ RESERVED
- linux <unfixed>
NOTE: Fixed by: https://git.kernel.org/linus/bf911e985d6bbaa328c20c3e05f4eb03de11fdd6 (4.9-rc4)
CVE-2016-9481
@@ -260,11 +636,13 @@
NOTE: https://github.com/ImageMagick/ImageMagick/commit/8a370f9ab120faf182aa160900ba692ba8e2bcf0
TODO: check
CVE-2016-9559 [null pointer passed as argument 2, which is declared to never be null]
+ RESERVED
- imagemagick 8:6.9.6.5+dfsg-1 (bug #845243)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/1c795ce9fe1d6feac8bc36c2e6c5ba7110b671b1
NOTE: https://github.com/ImageMagick/ImageMagick/commit/b61d35eaccc0a7ddeff8a1c3abfcd0a43ccf210b (master)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/298
CVE-2016-9556 [Heap buffer overflow in heap-buffer-overflow in IsPixelGray]
+ RESERVED
- imagemagick 8:6.9.6.5+dfsg-1 (bug #845242)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/301
NOTE: https://github.com/ImageMagick/ImageMagick/commit/174de08d7c81ce147689f3b1c73fadd6bf1c023c
@@ -474,7 +852,7 @@
RESERVED
CVE-2016-9332
RESERVED
-CVE-2015-8978 [XML exponential entity expansion denial-of-service]
+CVE-2015-8978 (In Soap Lite (aka the SOAP::Lite extension for Perl) 1.14 and earlier, ...)
- libsoap-lite-perl 1.19-1
[jessie] - libsoap-lite-perl <no-dsa> (Minor issue)
NOTE: https://github.com/redhotpenguin/soaplite/pull/21
@@ -967,33 +1345,34 @@
NOTE: introduce CVE-2016-9448 / http://bugzilla.maptools.org/show_bug.cgi?id=2593
NOTE: Fix in 4.0.7 is complete.
NOTE: Patch CVE-2016-9448: https://github.com/vadz/libtiff/commit/89406285f318ffad27af4b200204394b2ee6ba5e
-CVE-2016-9540 [cpStripToTile heap-buffer-overflow]
+CVE-2016-9540 (tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled ...)
- tiff 4.0.7-1
NOTE: https://github.com/vadz/libtiff/commit/5ad9d8016fbb60109302d558f7edb2cb2a3bb8e3
-CVE-2016-9539 [Out-of-bounds read in readContigTilesIntoBuffer()]
+CVE-2016-9539 (tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in ...)
- tiff 4.0.7-1
[wheezy] - tiff <no-dsa> (Minor issue)
NOTE: https://github.com/vadz/libtiff/commit/ae9365db1b271b62b35ce018eac8799b1d5e8a53
-CVE-2016-9538 [Integer overflow leads to reading undefined buffer in readContigStripsIntoBuffer()]
+CVE-2016-9538 (tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in ...)
- tiff 4.0.7-1
[wheezy] - tiff <no-dsa> (Minor issue)
NOTE: https://github.com/vadz/libtiff/commit/43c0b81a818640429317c80fea1e66771e85024b#diff-c8b4b355f9b5c06d585b23138e1c185f
-CVE-2016-9537 [Out-of-bounds write vulnerabilities in tools/tiffcrop.c]
+CVE-2016-9537 (tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write ...)
- tiff 4.0.7-1
NOTE: https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-c8b4b355f9b5c06d585b23138e1c185f
-CVE-2016-9536 [t2p_process_jpeg_strip heap-buffer-overflow]
+CVE-2016-9536 (tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write ...)
- tiff 4.0.7-1
NOTE: https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-5173a9b3b48146e4fd86d7b9b346115e
-CVE-2016-9535 [Predictor heap-buffer-overflow]
+CVE-2016-9535 (tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that ...)
- tiff 4.0.7-1
NOTE: https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-5be5ce02d0dea67050d5b2a10102d1ba
-CVE-2016-9534 [TIFFFlushData1 heap-buffer-overflow]
+CVE-2016-9534 (tif_write.c in libtiff 4.0.6 has an issue in the error code path of ...)
- tiff 4.0.7-1
NOTE: https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-5be5ce02d0dea67050d5b2a10102d1ba
-CVE-2016-9533 [PixarLog horizontalDifference heap-buffer-overflow]
+CVE-2016-9533 (tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities ...)
- tiff 4.0.7-1
NOTE: https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-bdc795f6afeb9558c1012b3cfae729ef
CVE-2016-9532 [tiffcrop: heap buffer overflow via writeBufferToSeparateStrips]
+ RESERVED
{DLA-716-1}
- tiff 4.0.7-1 (bug #844057)
[jessie] - tiff <no-dsa> (Minor issue)
@@ -1302,8 +1681,8 @@
RESERVED
CVE-2016-9156
RESERVED
-CVE-2016-9155
- RESERVED
+CVE-2016-9155 (The following SIEMENS branded IP Camera Models CCMW3025, CVMW3025-IR, ...)
+ TODO: check
CVE-2016-9154
RESERVED
CVE-2016-9153
@@ -2563,10 +2942,10 @@
NOTE: http://git.php.net/?p=php-src.git;a=commit;h=0e6fe3a4c96be2d3e88389a5776f878021b4c59f
NOTE: NOTE: Fixed in 7.0.12, 5.6.27
NOTE: http://www.openwall.com/lists/oss-security/2016/10/18/1
-CVE-2016-8673
- RESERVED
-CVE-2016-8672
- RESERVED
+CVE-2016-8673 (Cross-site request forgery (CSRF) vulnerability in the integrated web ...)
+ TODO: check
+CVE-2016-8672 (The integrated web server on Siemens SIMATIC CP 343-1 Advanced before ...)
+ TODO: check
CVE-2005-4900 (SHA-1 is not collision resistant, which makes it easier for ...)
NOT-FOR-US: Generic protocol issue
CVE-2005-4899
@@ -3904,6 +4283,7 @@
RESERVED
CVE-2016-7553 [Information disclosure vulnerability in buf.pl]
RESERVED
+ {DLA-722-1}
- irssi 0.8.20-2 (bug #838762)
[jessie] - irssi <no-dsa> (Can be fixed in point release, minor issue)
[wheezy] - irssi <no-dsa> (Minor issue, information leak only on multi-user systems)
@@ -11640,10 +12020,10 @@
RESERVED
CVE-2016-5993
RESERVED
-CVE-2016-5992
- RESERVED
-CVE-2016-5991
- RESERVED
+CVE-2016-5992 (IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 ...)
+ TODO: check
+CVE-2016-5991 (IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 ...)
+ TODO: check
CVE-2016-5990
RESERVED
CVE-2016-5989
@@ -11662,8 +12042,8 @@
NOT-FOR-US: IBM
CVE-2016-5982
RESERVED
-CVE-2016-5981
- RESERVED
+CVE-2016-5981 (Cross-site scripting (XSS) vulnerability in IBM FileNet Workplace XT ...)
+ TODO: check
CVE-2016-5980
RESERVED
CVE-2016-5979
@@ -11688,10 +12068,10 @@
NOT-FOR-US: IBM Security Privileged Identity Manager
CVE-2016-5969
RESERVED
-CVE-2016-5968
- RESERVED
-CVE-2016-5967
- RESERVED
+CVE-2016-5968 (The Replay Server in IBM Tealeaf Customer Experience 8.x before ...)
+ TODO: check
+CVE-2016-5967 (The installation component in IBM Rational Asset Analyzer (RAA) 6.1.0 ...)
+ TODO: check
CVE-2016-5966
RESERVED
CVE-2016-5965
@@ -11714,8 +12094,8 @@
NOT-FOR-US: IBM
CVE-2016-5956
RESERVED
-CVE-2016-5955
- RESERVED
+CVE-2016-5955 (Cross-site scripting (XSS) vulnerability in IBM Rational DOORS Next ...)
+ TODO: check
CVE-2016-5954 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...)
NOT-FOR-US: IBM
CVE-2016-5953
@@ -12066,8 +12446,8 @@
NOT-FOR-US: Tollgrade
CVE-2016-5789
RESERVED
-CVE-2016-5788
- RESERVED
+CVE-2016-5788 (General Electric (GE) Bently Nevada 3500/22M USB with firmware before ...)
+ TODO: check
CVE-2016-5787 (General Electric (GE) Digital Proficy HMI/SCADA - CIMPLICITY before ...)
NOT-FOR-US: CIMPLICITY
CVE-2016-5786
@@ -21123,14 +21503,14 @@
RESERVED
CVE-2016-3029
RESERVED
-CVE-2016-3028
- RESERVED
+CVE-2016-3028 (IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before ...)
+ TODO: check
CVE-2016-3027
RESERVED
CVE-2016-3026
RESERVED
-CVE-2016-3025
- RESERVED
+CVE-2016-3025 (IBM Security Access Manager for Mobile 8.x before 8.0.1.4 IF3 and ...)
+ TODO: check
CVE-2016-3024
RESERVED
CVE-2016-3023
@@ -21187,8 +21567,8 @@
TODO: check
CVE-2016-2997 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM ...)
TODO: check
-CVE-2016-2996
- RESERVED
+CVE-2016-2996 (IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when ...)
+ TODO: check
CVE-2016-2995 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM ...)
TODO: check
CVE-2016-2994
@@ -21203,16 +21583,16 @@
RESERVED
CVE-2016-2989 (Open redirect vulnerability in the Connections Portlets component 5.x ...)
TODO: check
-CVE-2016-2988
- RESERVED
+CVE-2016-2988 (IBM Tivoli Storage Manger for Virtual Environments: Data Protection ...)
+ TODO: check
CVE-2016-2987
RESERVED
-CVE-2016-2986
- RESERVED
-CVE-2016-2985
- RESERVED
-CVE-2016-2984
- RESERVED
+CVE-2016-2986 (Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative ...)
+ TODO: check
+CVE-2016-2985 (IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and ...)
+ TODO: check
+CVE-2016-2984 (IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and ...)
+ TODO: check
CVE-2016-2983
RESERVED
CVE-2016-2982
@@ -21285,8 +21665,8 @@
RESERVED
CVE-2016-2948
RESERVED
-CVE-2016-2947
- RESERVED
+CVE-2016-2947 (IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 ...)
+ TODO: check
CVE-2016-2946
RESERVED
CVE-2016-2945 (The API Discovery implementation in IBM WebSphere Application Server ...)
@@ -21451,8 +21831,8 @@
RESERVED
CVE-2016-2865 (The GIT Integration component in IBM Rational Team Concert (RTC) 5.x ...)
TODO: check
-CVE-2016-2864
- RESERVED
+CVE-2016-2864 (Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative ...)
+ TODO: check
CVE-2016-2863 (Cross-site request forgery (CSRF) vulnerability in IBM WebSphere ...)
TODO: check
CVE-2016-2862 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 ...)
@@ -27769,8 +28149,7 @@
[wheezy] - libdbd-mysql-perl <no-dsa> (Minor issue)
NOTE: https://github.com/perl5-dbi/DBD-mysql/commit/793b72b1a0baa5070adacaac0e12fd995a6fbabe (4.039)
NOTE: http://www.openwall.com/lists/oss-security/2016/11/16/1
-CVE-2016-1248 [(neo)vim arbitrary command execution via modelines]
- RESERVED
+CVE-2016-1248 (vim before patch 8.0.0056 does not properly validate values for the ...)
{DSA-3722-1 DLA-718-1}
- vim 2:8.0.0095-1
- neovim 0.1.6-4
@@ -30728,8 +31107,8 @@
TODO: check
CVE-2016-0379 (IBM WebSphere MQ 7.5 before 7.5.0.7 and 8.0 before 8.0.0.5 mishandles ...)
TODO: check
-CVE-2016-0378
- RESERVED
+CVE-2016-0378 (IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3, when ...)
+ TODO: check
CVE-2016-0377 (The Administrative Console in IBM WebSphere Application Server (WAS) ...)
TODO: check
CVE-2016-0376 (The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java ...)
@@ -30740,8 +31119,8 @@
NOT-FOR-US: IBM
CVE-2016-0373
RESERVED
-CVE-2016-0372
- RESERVED
+CVE-2016-0372 (IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, ...)
+ TODO: check
CVE-2016-0371
RESERVED
CVE-2016-0370 (Cross-site scripting (XSS) vulnerability in IBM Forms Experience ...)
@@ -30778,8 +31157,8 @@
RESERVED
CVE-2016-0354
RESERVED
-CVE-2016-0353
- RESERVED
+CVE-2016-0353 (IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when ...)
+ TODO: check
CVE-2016-0352
RESERVED
CVE-2016-0351
@@ -30834,8 +31213,8 @@
RESERVED
CVE-2016-0326 (IBM Rational Quality Manager (RQM) and Rational Collaborative ...)
TODO: check
-CVE-2016-0325
- RESERVED
+CVE-2016-0325 (IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, ...)
+ TODO: check
CVE-2016-0324
RESERVED
CVE-2016-0323 (The Auto-Scaling agent in Liberty for Java in IBM Bluemix before ...)
@@ -30914,14 +31293,14 @@
TODO: check
CVE-2016-0286
RESERVED
-CVE-2016-0285
- RESERVED
-CVE-2016-0284
- RESERVED
+CVE-2016-0285 (Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative ...)
+ TODO: check
+CVE-2016-0284 (The XML parser in IBM Rational Collaborative Lifecycle Management ...)
+ TODO: check
CVE-2016-0283 (Cross-site scripting (XSS) vulnerability in the OpenID Connect (OIDC) ...)
TODO: check
-CVE-2016-0282
- RESERVED
+CVE-2016-0282 (Cross-site scripting (XSS) vulnerability in IBM iNotes before 8.5.3 ...)
+ TODO: check
CVE-2016-0281 (The mustendd driver in IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x, ...)
TODO: check
CVE-2016-0280 (Cross-site scripting (XSS) vulnerability in IBM Information Server ...)
@@ -30938,8 +31317,8 @@
RESERVED
CVE-2016-0274
RESERVED
-CVE-2016-0273
- RESERVED
+CVE-2016-0273 (Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative ...)
+ TODO: check
CVE-2016-0272
RESERVED
CVE-2016-0271 (The agents in IBM UrbanCode Deploy 6.x before 6.0.1.14, 6.1.x before ...)
@@ -41781,8 +42160,8 @@
NOT-FOR-US: IBM
CVE-2015-4962 (Jazz Team Server in Jazz Foundation in IBM Rational Collaborative ...)
NOT-FOR-US: IBM
-CVE-2015-4961
- RESERVED
+CVE-2015-4961 (IBM Tealeaf Customer Experience 8.x before 8.7.1.8847 FP10, 8.8.x ...)
+ TODO: check
CVE-2015-4960 (IBM InfoSphere Master Data Management - Collaborative Edition 9.1, ...)
NOT-FOR-US: IBM InfoSphere Master Data Management
CVE-2015-4959 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated ...)
More information about the Secure-testing-commits
mailing list