[Secure-testing-commits] r45235 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Tue Oct 11 21:10:10 UTC 2016
Author: sectracker
Date: 2016-10-11 21:10:10 +0000 (Tue, 11 Oct 2016)
New Revision: 45235
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-10-11 21:00:42 UTC (rev 45234)
+++ data/CVE/list 2016-10-11 21:10:10 UTC (rev 45235)
@@ -1,3 +1,201 @@
+CVE-2016-8593
+ RESERVED
+CVE-2016-8592
+ RESERVED
+CVE-2016-8591
+ RESERVED
+CVE-2016-8590
+ RESERVED
+CVE-2016-8589
+ RESERVED
+CVE-2016-8588
+ RESERVED
+CVE-2016-8587
+ RESERVED
+CVE-2016-8586
+ RESERVED
+CVE-2016-8585
+ RESERVED
+CVE-2016-8584
+ RESERVED
+CVE-2016-8583
+ RESERVED
+CVE-2016-8582
+ RESERVED
+CVE-2016-8581
+ RESERVED
+CVE-2016-8580
+ RESERVED
+CVE-2016-8579
+ RESERVED
+CVE-2016-8575
+ RESERVED
+CVE-2016-8574
+ RESERVED
+CVE-2016-8573
+ RESERVED
+CVE-2016-8572
+ RESERVED
+CVE-2016-8571
+ RESERVED
+CVE-2016-8570
+ RESERVED
+CVE-2016-8567
+ RESERVED
+CVE-2016-8566
+ RESERVED
+CVE-2016-8565
+ RESERVED
+CVE-2016-8564
+ RESERVED
+CVE-2016-8563
+ RESERVED
+CVE-2016-8562
+ RESERVED
+CVE-2016-8561
+ RESERVED
+CVE-2016-8560
+ RESERVED
+CVE-2016-8559
+ RESERVED
+CVE-2016-8558
+ RESERVED
+CVE-2016-8557
+ RESERVED
+CVE-2016-8556
+ RESERVED
+CVE-2016-8555
+ RESERVED
+CVE-2016-8554
+ RESERVED
+CVE-2016-8553
+ RESERVED
+CVE-2016-8552
+ RESERVED
+CVE-2016-8551
+ RESERVED
+CVE-2016-8550
+ RESERVED
+CVE-2016-8549
+ RESERVED
+CVE-2016-8548
+ RESERVED
+CVE-2016-8547
+ RESERVED
+CVE-2016-8546
+ RESERVED
+CVE-2016-8545
+ RESERVED
+CVE-2016-8544
+ RESERVED
+CVE-2016-8543
+ RESERVED
+CVE-2016-8542
+ RESERVED
+CVE-2016-8541
+ RESERVED
+CVE-2016-8540
+ RESERVED
+CVE-2016-8539
+ RESERVED
+CVE-2016-8538
+ RESERVED
+CVE-2016-8537
+ RESERVED
+CVE-2016-8536
+ RESERVED
+CVE-2016-8535
+ RESERVED
+CVE-2016-8534
+ RESERVED
+CVE-2016-8533
+ RESERVED
+CVE-2016-8532
+ RESERVED
+CVE-2016-8531
+ RESERVED
+CVE-2016-8530
+ RESERVED
+CVE-2016-8529
+ RESERVED
+CVE-2016-8528
+ RESERVED
+CVE-2016-8527
+ RESERVED
+CVE-2016-8526
+ RESERVED
+CVE-2016-8525
+ RESERVED
+CVE-2016-8524
+ RESERVED
+CVE-2016-8523
+ RESERVED
+CVE-2016-8522
+ RESERVED
+CVE-2016-8521
+ RESERVED
+CVE-2016-8520
+ RESERVED
+CVE-2016-8519
+ RESERVED
+CVE-2016-8518
+ RESERVED
+CVE-2016-8517
+ RESERVED
+CVE-2016-8516
+ RESERVED
+CVE-2016-8515
+ RESERVED
+CVE-2016-8514
+ RESERVED
+CVE-2016-8513
+ RESERVED
+CVE-2016-8512
+ RESERVED
+CVE-2016-8511
+ RESERVED
+CVE-2016-8510
+ RESERVED
+CVE-2016-8509
+ RESERVED
+CVE-2016-8508
+ RESERVED
+CVE-2016-8507
+ RESERVED
+CVE-2016-8506
+ RESERVED
+CVE-2016-8505
+ RESERVED
+CVE-2016-8504
+ RESERVED
+CVE-2016-8503
+ RESERVED
+CVE-2016-8502
+ RESERVED
+CVE-2016-8501
+ RESERVED
+CVE-2016-8500
+ RESERVED
+CVE-2016-8499
+ RESERVED
+CVE-2016-8498
+ RESERVED
+CVE-2016-8497
+ RESERVED
+CVE-2016-8496
+ RESERVED
+CVE-2016-8495
+ RESERVED
+CVE-2016-8494
+ RESERVED
+CVE-2016-8493
+ RESERVED
+CVE-2016-8492
+ RESERVED
+CVE-2016-8491
+ RESERVED
+CVE-2015-8965
+ RESERVED
CVE-2016-XXXX [dbus format string vulnerability]
- dbus 1.10.12-1
[jessie] - dbus <no-dsa> (Minor issue)
@@ -30,22 +228,27 @@
- linux <unfixed>
NOTE: https://gist.github.com/marcograss/40850adb3c599ac38e0beac31617d56b
CVE-2016-8578 [9pfs: potential NULL dereferencein 9pfs routines]
+ RESERVED
- qemu <unfixed> (bug #840340)
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg07143.html
CVE-2016-8577 [9pfs: host memory leakage in v9fs_read]
+ RESERVED
- qemu <unfixed> (bug #840341)
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg07127.html
CVE-2016-8576 [usb: xHCI: infinite loop vulnerability in xhci_ring_fetch]
+ RESERVED
- qemu <unfixed> (bug #840343)
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01265.html
CVE-2016-8569 [DoS using a null pointer dereference in git_commit_message]
+ RESERVED
- libgit2 <unfixed> (bug #840227)
[jessie] - libgit2 <no-dsa> (Minor issue)
NOTE: https://github.com/libgit2/libgit2/issues/3937
CVE-2016-8568 [Read out-of-bounds in git_oid_nfmt]
+ RESERVED
- libgit2 <unfixed> (bug #840227)
[jessie] - libgit2 <no-dsa> (Minor issue)
NOTE: https://github.com/libgit2/libgit2/issues/3936
@@ -723,8 +926,7 @@
RESERVED
CVE-2016-8221
RESERVED
-CVE-2016-7423 [scsi: mptsas: OOB access when freeing MPTSASRequest object]
- RESERVED
+CVE-2016-7423 (The mptsas_process_scsi_io_request function in QEMU (aka Quick ...)
- qemu <unfixed> (bug #838145)
[jessie] - qemu <not-affected> (Vulnerable code introduced later)
[wheezy] - qemu <not-affected> (Vulnerable code introduced later)
@@ -1600,10 +1802,10 @@
RESERVED
CVE-2016-8102
RESERVED
-CVE-2016-8101
- RESERVED
-CVE-2016-8100
- RESERVED
+CVE-2016-8101 (The updater subsystem in Intel SSD Toolbox before 3.3.7 allows local ...)
+ TODO: check
+CVE-2016-8100 (Intel Integrated Performance Primitives (aka IPP) Cryptography before ...)
+ TODO: check
CVE-2016-8099
RESERVED
CVE-2016-8098
@@ -2101,7 +2303,7 @@
- dotclear <removed>
NOTE: Fixed by: https://hg.dotclear.org/dotclear/rev/a9db771a5a70
CVE-2016-7901
- RESERVED
+ REJECTED
CVE-2016-7900
RESERVED
CVE-2016-7899
@@ -2390,8 +2592,7 @@
RESERVED
CVE-2016-7778
RESERVED
-CVE-2016-7777 [CR0.TS and CR0.EM not always honored for x86 HVM guests]
- RESERVED
+CVE-2016-7777 (Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which ...)
- xen <unfixed>
NOTE: http://xenbits.xen.org/xsa/advisory-190.html
CVE-2016-7776
@@ -3126,8 +3327,7 @@
RESERVED
- linux <unfixed>
NOTE: http://marc.info/?l=linux-scsi&m=147394713328707&w=2
-CVE-2016-7424 [NULL pointer dereference in put_no_rnd_pixels8_xy2_mmx (rnd_template.c)]
- RESERVED
+CVE-2016-7424 (The put_no_rnd_pixels8_xy2_mmx function in x86/rnd_template.c in libav ...)
{DSA-3685-1}
- libav <removed>
- ffmpeg <not-affected> (Fixed before introduction into the archive)
@@ -3764,8 +3964,8 @@
- kibana <itp> (bug #700337)
CVE-2016-1000217 (Zotpress plugin for WordPress SQLi in zp_get_account() ...)
TODO: check
-CVE-2016-1000216
- RESERVED
+CVE-2016-1000216 (Ruckus Wireless H500 web management interface authenticated command ...)
+ TODO: check
CVE-2016-1000215
RESERVED
CVE-2016-1000214
@@ -3813,8 +4013,7 @@
NOTE: https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/
NOTE: Fixed in 4.6.1 release upstream
NOTE: Fixed by: https://core.trac.wordpress.org/changeset/38538
-CVE-2016-7167 [curl escape and unescape integer overflows]
- RESERVED
+CVE-2016-7167 (Multiple integer overflows in the (1) curl_escape, (2) ...)
{DLA-625-1}
- curl <unfixed> (bug #837945)
[jessie] - curl <no-dsa> (Minor issue, can be fixed in point release or next DSA)
@@ -4085,8 +4284,7 @@
NOTE: https://bugs.launchpad.net/mailman/+bug/775294
CVE-2016-7119 (Cross-site scripting (XSS) vulnerability in the user-profile biography ...)
TODO: check
-CVE-2016-7117 [use after free in the recvmmsg exit path]
- RESERVED
+CVE-2016-7117 (Use-after-free vulnerability in the __sys_recvmmsg function in ...)
- linux 4.5.2-1
[jessie] - linux 3.16.36-1
[wheezy] - linux 3.2.81-1
@@ -4105,12 +4303,10 @@
CVE-2015-8960 (The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, ...)
NOTE: Vulnerability "in the TLS documentation", not assigned to a specific source/implentation
NOTE: https://www.usenix.org/system/files/conference/woot15/woot15-paper-hlauschek.pdf
-CVE-2015-8956
- RESERVED
+CVE-2015-8956 (The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the ...)
- linux 4.2.1-1
NOTE: Fixed by: https://git.kernel.org/linus/951b6a0717db97ce420547222647bcc40bf1eacd (4.2-rc1)
-CVE-2015-8955
- RESERVED
+CVE-2015-8955 (arch/arm64/kernel/perf_event.c in the Linux kernel before 4.1 on arm64 ...)
- linux 4.1.3-1
NOTE: Fixed by: https://git.kernel.org/linus/8fff105e13041e49b82f92eef034f363a6b1c071 (4.1-rc1)
CVE-2016-XXXX [Prevent buffer overflow in SIXEL, PDB, MAP, and CALS coders (bug report from Donghai Zhu)]
@@ -4158,8 +4354,7 @@
[jessie] - imagemagick 8:6.8.9.9-5+deb8u5
CVE-2016-7100
RESERVED
-CVE-2016-7099
- RESERVED
+CVE-2016-7099 (The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, ...)
- nodejs 4.6.0~dfsg-1 (bug #839714; unimportant)
NOTE: https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/
NOTE: 0.10.x: https://github.com/nodejs/node/commit/0d7e21ee7bcc79046f898f8c202d2ec87d23d711
@@ -4329,8 +4524,8 @@
RESERVED
CVE-2016-7041
RESERVED
-CVE-2016-7040
- RESERVED
+CVE-2016-7040 (Red Hat CloudForms Management Engine 4.1 does not properly handle ...)
+ TODO: check
CVE-2016-7039 [net: add recursion limit to GRO]
RESERVED
- linux <unfixed>
@@ -4926,8 +5121,8 @@
NOTE: https://git.kernel.org/linus/f9a61eb4e2471c56a63cd804c7474128138c38ac (v4.6-rc1)
NOTE: https://git.kernel.org/linus/82939d7999dfc1f1998c4b1c12e2f19edbdff272 (v4.6-rc1)
NOTE: https://git.kernel.org/linus/be0726d33cb8f411945884664924bed3cb8c70ee (v4.6-rc1)
-CVE-2015-8951
- RESERVED
+CVE-2015-8951 (Multiple use-after-free vulnerabilities in ...)
+ TODO: check
CVE-2016-6823 [Buffer overflow in bmp file reader]
RESERVED
{DSA-3652-1}
@@ -5130,58 +5325,57 @@
RESERVED
CVE-2016-6697
RESERVED
-CVE-2016-6696
- RESERVED
-CVE-2016-6695
- RESERVED
-CVE-2016-6694
- RESERVED
-CVE-2016-6693
- RESERVED
-CVE-2016-6692
- RESERVED
-CVE-2016-6691
- RESERVED
-CVE-2016-6690
- RESERVED
-CVE-2016-6689
- RESERVED
-CVE-2016-6688
- RESERVED
-CVE-2016-6687
- RESERVED
-CVE-2016-6686
- RESERVED
-CVE-2016-6685
- RESERVED
-CVE-2016-6684
- RESERVED
-CVE-2016-6683
- RESERVED
-CVE-2016-6682
- RESERVED
-CVE-2016-6681
- RESERVED
-CVE-2016-6680
- RESERVED
-CVE-2016-6679
- RESERVED
-CVE-2016-6678
- RESERVED
-CVE-2016-6677
- RESERVED
-CVE-2016-6676
- RESERVED
-CVE-2016-6675
- RESERVED
-CVE-2016-6674
- RESERVED
-CVE-2016-6673
- RESERVED
-CVE-2016-6672
- RESERVED
-CVE-2015-8950 [arm64: dma-mapping: always clear allocated buffers]
- RESERVED
+CVE-2016-6696 (sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 ...)
+ TODO: check
+CVE-2016-6695 (sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 ...)
+ TODO: check
+CVE-2016-6694 (sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 ...)
+ TODO: check
+CVE-2016-6693 (sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 ...)
+ TODO: check
+CVE-2016-6692 (drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm MDSS driver in ...)
+ TODO: check
+CVE-2016-6691 (service/jni/com_android_server_wifi_Gbk2Utf.cpp in the Qualcomm Wi-Fi ...)
+ TODO: check
+CVE-2016-6690 (The sound driver in the kernel in Android before 2016-10-05 on Nexus ...)
+ TODO: check
+CVE-2016-6689 (Binder in the kernel in Android before 2016-10-05 on Nexus devices ...)
+ TODO: check
+CVE-2016-6688 (The NVIDIA profiler in Android before 2016-10-05 on Nexus 9 devices ...)
+ TODO: check
+CVE-2016-6687 (The NVIDIA profiler in Android before 2016-10-05 on Nexus 9 devices ...)
+ TODO: check
+CVE-2016-6686 (The NVIDIA profiler in Android before 2016-10-05 on Nexus 9 devices ...)
+ TODO: check
+CVE-2016-6685 (The kernel in Android before 2016-10-05 on Nexus 6P devices allows ...)
+ TODO: check
+CVE-2016-6684 (The kernel in Android before 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, ...)
+ TODO: check
+CVE-2016-6683 (The kernel in Android before 2016-10-05 on Nexus devices allows ...)
+ TODO: check
+CVE-2016-6682 (drivers/misc/qcom/qdsp6v2/audio_utils.c in a Qualcomm QDSP6v2 driver ...)
+ TODO: check
+CVE-2016-6681 (drivers/misc/qcom/qdsp6v2/audio_utils.c in a Qualcomm QDSP6v2 driver ...)
+ TODO: check
+CVE-2016-6680 (CORE/HDD/src/wlan_hdd_wext.c in the Qualcomm Wi-Fi driver in Android ...)
+ TODO: check
+CVE-2016-6679 (CORE/HDD/src/wlan_hdd_hostapd.c in the Qualcomm Wi-Fi driver in ...)
+ TODO: check
+CVE-2016-6678 (The Motorola USBNet driver in Android before 2016-10-05 on Nexus 6 ...)
+ TODO: check
+CVE-2016-6677 (The NVIDIA GPU driver in Android before 2016-10-05 on Nexus 9 devices ...)
+ TODO: check
+CVE-2016-6676 (Off-by-one error in CORE/HDD/src/wlan_hdd_cfg.c in the Qualcomm Wi-Fi ...)
+ TODO: check
+CVE-2016-6675 (Off-by-one error in CORE/HDD/src/wlan_hdd_hostapd.c in the Qualcomm ...)
+ TODO: check
+CVE-2016-6674 (system_server in Android before 2016-10-05 on Nexus devices allows ...)
+ TODO: check
+CVE-2016-6673 (The NVIDIA camera driver in Android before 2016-10-05 on Nexus 9 ...)
+ TODO: check
+CVE-2016-6672 (The Synaptics touchscreen driver in Android before 2016-10-05 on Nexus ...)
+ TODO: check
+CVE-2015-8950 (arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used ...)
- linux 4.0.4-1
[jessie] - linux 3.16.7-ckt17-1
NOTE: Fixed by: https://git.kernel.org/linus/6829e274a623187c24f7cfc0e3d35f25d087fcc5 (4.1-rc2)
@@ -6544,8 +6738,7 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1367447
CVE-2016-6324
RESERVED
-CVE-2016-6323 [Missing unwind information on ARM]
- RESERVED
+CVE-2016-6323 (The makecontext function in the GNU C Library (aka glibc or libc6) ...)
- glibc 2.24-1 (bug #834752)
[jessie] - glibc 2.19-18+deb8u6
- eglibc <removed>
@@ -6729,8 +6922,8 @@
RESERVED
CVE-2016-6274
RESERVED
-CVE-2016-6273
- RESERVED
+CVE-2016-6273 (The lmadmin component in Flexera FlexNet Publisher (aka Flex License ...)
+ TODO: check
CVE-2016-6272
RESERVED
CVE-2016-6297 (Integer overflow in the php_stream_zip_opener function in ...)
@@ -6952,66 +7145,66 @@
RESERVED
CVE-2016-1000156
RESERVED
-CVE-2016-1000155
- RESERVED
-CVE-2016-1000154
- RESERVED
-CVE-2016-1000153
- RESERVED
-CVE-2016-1000152
- RESERVED
-CVE-2016-1000151
- RESERVED
-CVE-2016-1000150
- RESERVED
-CVE-2016-1000149
- RESERVED
-CVE-2016-1000148
- RESERVED
-CVE-2016-1000147
- RESERVED
-CVE-2016-1000146
- RESERVED
-CVE-2016-1000145
- RESERVED
-CVE-2016-1000144
- RESERVED
-CVE-2016-1000143
- RESERVED
-CVE-2016-1000142
- RESERVED
-CVE-2016-1000141
- RESERVED
-CVE-2016-1000140
- RESERVED
-CVE-2016-1000139
- RESERVED
-CVE-2016-1000138
- RESERVED
-CVE-2016-1000137
- RESERVED
-CVE-2016-1000136
- RESERVED
-CVE-2016-1000135
- RESERVED
-CVE-2016-1000134
- RESERVED
-CVE-2016-1000133
- RESERVED
-CVE-2016-1000132
- RESERVED
-CVE-2016-1000131
- RESERVED
-CVE-2016-1000130
- RESERVED
-CVE-2016-1000129
- RESERVED
-CVE-2016-1000128
- RESERVED
-CVE-2016-1000127
- RESERVED
-CVE-2016-1000126
- RESERVED
+CVE-2016-1000155 (Reflected XSS in wordpress plugin wpsolr-search-engine v7.6 ...)
+ TODO: check
+CVE-2016-1000154 (Reflected XSS in wordpress plugin whizz v1.0.7 ...)
+ TODO: check
+CVE-2016-1000153 (Reflected XSS in wordpress plugin tidio-gallery v1.1 ...)
+ TODO: check
+CVE-2016-1000152 (Reflected XSS in wordpress plugin tidio-form v1.0 ...)
+ TODO: check
+CVE-2016-1000151 (Reflected XSS in wordpress plugin tera-charts v1.0 ...)
+ TODO: check
+CVE-2016-1000150 (Reflected XSS in wordpress plugin simplified-content v1.0.0 ...)
+ TODO: check
+CVE-2016-1000149 (Reflected XSS in wordpress plugin simpel-reserveren v3.5.2 ...)
+ TODO: check
+CVE-2016-1000148 (Reflected XSS in wordpress plugin s3-video v0.983 ...)
+ TODO: check
+CVE-2016-1000147 (Reflected XSS in wordpress plugin recipes-writer v1.0.4 ...)
+ TODO: check
+CVE-2016-1000146 (Reflected XSS in wordpress plugin pondol-formmail v1.1 ...)
+ TODO: check
+CVE-2016-1000145 (Reflected XSS in wordpress plugin pondol-carousel v1.0 ...)
+ TODO: check
+CVE-2016-1000144 (Reflected XSS in wordpress plugin photoxhibit v2.1.8 ...)
+ TODO: check
+CVE-2016-1000143 (Reflected XSS in wordpress plugin photoxhibit v2.1.8 ...)
+ TODO: check
+CVE-2016-1000142 (Reflected XSS in wordpress plugin parsi-font v4.2.5 ...)
+ TODO: check
+CVE-2016-1000141 (Reflected XSS in wordpress plugin page-layout-builder v1.9.3 ...)
+ TODO: check
+CVE-2016-1000140 (Reflected XSS in wordpress plugin new-year-firework v1.1.9 ...)
+ TODO: check
+CVE-2016-1000139 (Reflected XSS in wordpress plugin infusionsoft v1.5.11 ...)
+ TODO: check
+CVE-2016-1000138 (Reflected XSS in wordpress plugin indexisto v1.0.5 ...)
+ TODO: check
+CVE-2016-1000137 (Reflected XSS in wordpress plugin hero-maps-pro v2.1.0 ...)
+ TODO: check
+CVE-2016-1000136 (Reflected XSS in wordpress plugin heat-trackr v1.0 ...)
+ TODO: check
+CVE-2016-1000135 (Reflected XSS in wordpress plugin hdw-tube v1.2 ...)
+ TODO: check
+CVE-2016-1000134 (Reflected XSS in wordpress plugin hdw-tube v1.2 ...)
+ TODO: check
+CVE-2016-1000133 (Reflected XSS in wordpress plugin forget-about-shortcode-buttons ...)
+ TODO: check
+CVE-2016-1000132 (Reflected XSS in wordpress plugin enhanced-tooltipglossary v3.2.8 ...)
+ TODO: check
+CVE-2016-1000131 (Reflected XSS in wordpress plugin e-search v1.0 ...)
+ TODO: check
+CVE-2016-1000130 (Reflected XSS in wordpress plugin e-search v1.0 ...)
+ TODO: check
+CVE-2016-1000129 (Reflected XSS in wordpress plugin defa-online-image-protector v3.3 ...)
+ TODO: check
+CVE-2016-1000128 (Reflected XSS in wordpress plugin anti-plagiarism v3.60 ...)
+ TODO: check
+CVE-2016-1000127 (Reflected XSS in wordpress plugin ajax-random-post v2.00 ...)
+ TODO: check
+CVE-2016-1000126 (Reflected XSS in wordpress plugin admin-font-editor v1.8 ...)
+ TODO: check
CVE-2016-1000125 (Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla ...)
TODO: check
CVE-2016-1000124 (Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin ...)
@@ -7635,8 +7828,7 @@
RESERVED
CVE-2016-6134
RESERVED
-CVE-2016-1000007
- RESERVED
+CVE-2016-1000007 (Pagure 2.2.1 XSS in raw file endpoint ...)
- pagure <itp> (bug #829046)
NOTE: https://pagure.io/pagure/c/070d63983fe5daef92005ea33d3b8c693c224c77
CVE-2016-6160 [segfault upon huge frames, missing size check]
@@ -8977,8 +9169,8 @@
RESERVED
CVE-2016-5637 (The restore_tqb_pixels function in libbpg 0.9.5 through 0.9.7 ...)
TODO: check
-CVE-2016-1000003
- RESERVED
+CVE-2016-1000003 (Mirror Manager version 0.7.2 and older is vulnerable to remote code ...)
+ TODO: check
CVE-2016-5727
RESERVED
NOT-FOR-US: Simple Machines Forum
@@ -9767,8 +9959,8 @@
NOTE: https://bugs.launchpad.net/bugs/1558658
CVE-2016-5349
RESERVED
-CVE-2016-5348
- RESERVED
+CVE-2016-5348 (The GPS component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, ...)
+ TODO: check
CVE-2016-5347
RESERVED
CVE-2016-5346
@@ -9777,8 +9969,8 @@
RESERVED
CVE-2016-5344 (Multiple integer overflows in the MDSS driver for the Linux kernel ...)
TODO: check
-CVE-2016-5343
- RESERVED
+CVE-2016-5343 (drivers/soc/qcom/qdsp6v2/voice_svc.c in the QDSP6v2 Voice Service ...)
+ TODO: check
CVE-2016-5342 (Heap-based buffer overflow in the wcnss_wlan_write function in ...)
TODO: check
CVE-2016-5341
@@ -9839,8 +10031,7 @@
RESERVED
CVE-2016-5326
RESERVED
-CVE-2016-5325
- RESERVED
+CVE-2016-5325 (CRLF injection vulnerability in the ServerResponse#writeHead function ...)
- nodejs 4.6.0~dfsg-1 (bug #839714; unimportant)
NOTE: libv8 is not covered by security support
NOTE: https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/
@@ -11915,8 +12106,8 @@
RESERVED
CVE-2016-4914
RESERVED
-CVE-2016-1000001
- RESERVED
+CVE-2016-1000001 (flask-oidc version 0.1.2 and earlier is vulnerable to an open redirect ...)
+ TODO: check
CVE-2016-1000000 (Ipswitch WhatsUp Gold 16.4.1 WrFreeFormText.asp sUniqueID Parameter ...)
TODO: check
CVE-2016-4910
@@ -13501,7 +13692,7 @@
TODO: check
CVE-2016-4386 (HPE Network Automation Software 10.10 allows local users to write to ...)
TODO: check
-CVE-2016-4385 (HP Network Automation Software 9.1x, 9.2x, 10.0x before 10.00.02.01, ...)
+CVE-2016-4385 (The RMI service in HP Network Automation Software 9.1x, 9.2x, 10.0x ...)
TODO: check
CVE-2016-4384 (HPE Performance Center before 12.50 and LoadRunner before 12.50 allow ...)
TODO: check
@@ -14869,88 +15060,88 @@
NOT-FOR-US: Panda
CVE-2016-3942
RESERVED
-CVE-2016-3940
- RESERVED
-CVE-2016-3939
- RESERVED
-CVE-2016-3938
- RESERVED
-CVE-2016-3937
- RESERVED
-CVE-2016-3936
- RESERVED
-CVE-2016-3935
- RESERVED
-CVE-2016-3934
- RESERVED
-CVE-2016-3933
- RESERVED
-CVE-2016-3932
- RESERVED
-CVE-2016-3931
- RESERVED
-CVE-2016-3930
- RESERVED
-CVE-2016-3929
- RESERVED
-CVE-2016-3928
- RESERVED
-CVE-2016-3927
- RESERVED
-CVE-2016-3926
- RESERVED
-CVE-2016-3925
- RESERVED
-CVE-2016-3924
- RESERVED
-CVE-2016-3923
- RESERVED
-CVE-2016-3922
- RESERVED
-CVE-2016-3921
- RESERVED
-CVE-2016-3920
- RESERVED
+CVE-2016-3940 (The Synaptics touchscreen driver in Android before 2016-10-05 on Nexus ...)
+ TODO: check
+CVE-2016-3939 (drivers/video/msm/mdss/mdss_debug.c in the Qualcomm video driver in ...)
+ TODO: check
+CVE-2016-3938 (drivers/video/msm/mdss/mdss_mdp_overlay.c in the Qualcomm video driver ...)
+ TODO: check
+CVE-2016-3937 (The MediaTek video driver in Android before 2016-10-05 allows ...)
+ TODO: check
+CVE-2016-3936 (The MediaTek video driver in Android before 2016-10-05 allows ...)
+ TODO: check
+CVE-2016-3935 (Multiple integer overflows in drivers/crypto/msm/qcedev.c in the ...)
+ TODO: check
+CVE-2016-3934 (drivers/media/platform/msm/camera_v2/sensor/io/msm_camera_cci_i2c.c in ...)
+ TODO: check
+CVE-2016-3933 (mediaserver in Android before 2016-10-05 on Nexus 9 and Pixel C ...)
+ TODO: check
+CVE-2016-3932 (mediaserver in Android before 2016-10-05 allows attackers to gain ...)
+ TODO: check
+CVE-2016-3931 (drivers/misc/qseecom.c in the Qualcomm QSEE Communicator driver in ...)
+ TODO: check
+CVE-2016-3930 (The NVIDIA MMC test driver in Android before 2016-10-05 on Nexus 9 ...)
+ TODO: check
+CVE-2016-3929 (Unspecified vulnerability in a Qualcomm component in Android before ...)
+ TODO: check
+CVE-2016-3928 (The MediaTek video driver in Android before 2016-10-05 allows ...)
+ TODO: check
+CVE-2016-3927 (Unspecified vulnerability in a Qualcomm component in Android before ...)
+ TODO: check
+CVE-2016-3926 (Unspecified vulnerability in a Qualcomm component in Android before ...)
+ TODO: check
+CVE-2016-3925 (server/wifi/anqp/ANQPFactory.java in Android 6.x before 2016-10-01 and ...)
+ TODO: check
+CVE-2016-3924 (services/audioflinger/Effects.cpp in mediaserver in Android 4.x before ...)
+ TODO: check
+CVE-2016-3923 (The Accessibility services in Android 7.0 before 2016-10-01 mishandle ...)
+ TODO: check
+CVE-2016-3922 (libril/RilSapSocket.cpp in Telephony in Android 6.x before 2016-10-01 ...)
+ TODO: check
+CVE-2016-3921 (libsysutils/src/FrameworkListener.cpp in Framework Listener in Android ...)
+ TODO: check
+CVE-2016-3920 (id3/ID3.cpp in libstagefright in mediaserver in Android 5.0.x before ...)
+ TODO: check
CVE-2016-3919
RESERVED
-CVE-2016-3918
- RESERVED
-CVE-2016-3917
- RESERVED
-CVE-2016-3916
- RESERVED
-CVE-2016-3915
- RESERVED
-CVE-2016-3914
- RESERVED
-CVE-2016-3913
- RESERVED
-CVE-2016-3912
- RESERVED
-CVE-2016-3911
- RESERVED
-CVE-2016-3910
- RESERVED
-CVE-2016-3909
- RESERVED
-CVE-2016-3908
- RESERVED
+CVE-2016-3918 (email/provider/AttachmentProvider.java in AOSP Mail in Android 4.x ...)
+ TODO: check
+CVE-2016-3917 (The fingerprint login feature in Android 6.0.1 before 2016-10-01 and ...)
+ TODO: check
+CVE-2016-3916 (camera/src/camera_metadata.c in the Camera service in Android 4.x ...)
+ TODO: check
+CVE-2016-3915 (camera/src/camera_metadata.c in the Camera service in Android 4.x ...)
+ TODO: check
+CVE-2016-3914 (Race condition in providers/telephony/MmsProvider.java in Telephony in ...)
+ TODO: check
+CVE-2016-3913 (media/libmediaplayerservice/MediaPlayerService.cpp in mediaserver in ...)
+ TODO: check
+CVE-2016-3912 (The framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, ...)
+ TODO: check
+CVE-2016-3911 (core/java/android/os/Process.java in Zygote in Android 4.x before ...)
+ TODO: check
+CVE-2016-3910 (services/soundtrigger/SoundTriggerHwService.cpp in mediaserver in ...)
+ TODO: check
+CVE-2016-3909 (The SoftMPEG4 component in libstagefright in mediaserver in Android ...)
+ TODO: check
+CVE-2016-3908 (The Lock Settings Service in Android 6.x before 2016-10-01 and 7.0 ...)
+ TODO: check
CVE-2016-3907
RESERVED
CVE-2016-3906
RESERVED
-CVE-2016-3905
- RESERVED
+CVE-2016-3905 (CORE/HDD/src/wlan_hdd_main.c in the Qualcomm Wi-Fi driver in Android ...)
+ TODO: check
CVE-2016-3904
RESERVED
-CVE-2016-3903
- RESERVED
-CVE-2016-3902
- RESERVED
-CVE-2016-3901
- RESERVED
-CVE-2016-3900
- RESERVED
+CVE-2016-3903 (drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c in the ...)
+ TODO: check
+CVE-2016-3902 (drivers/platform/msm/ipa/ipa_qmi_service.c in the Qualcomm IPA driver ...)
+ TODO: check
+CVE-2016-3901 (Multiple integer overflows in drivers/crypto/msm/qcedev.c in the ...)
+ TODO: check
+CVE-2016-3900 (cmds/servicemanager/service_manager.c in ServiceManager in Android ...)
+ TODO: check
CVE-2016-3899 (OMXCodec.cpp in libstagefright in mediaserver in Android 4.x before ...)
TODO: check
CVE-2016-3898 (Telephony in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x ...)
@@ -14985,8 +15176,8 @@
TODO: check
CVE-2016-3883 (internal/telephony/SMSDispatcher.java in Telephony in Android 4.x ...)
TODO: check
-CVE-2016-3882
- RESERVED
+CVE-2016-3882 (Off-by-one error in server/wifi/anqp/VenueNameElement.java in Wi-Fi in ...)
+ TODO: check
CVE-2016-3881 (The decoder_peek_si_internal function in vp9/vp9_dx_iface.c in libvpx ...)
TODO: check
CVE-2016-3880 (Multiple buffer overflows in rtsp/ASessionDescription.cpp in ...)
@@ -15029,8 +15220,8 @@
TODO: check
CVE-2016-3861 (LibUtils in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before ...)
TODO: check
-CVE-2016-3860
- RESERVED
+CVE-2016-3860 (sound/soc/msm/qdsp6v2/audio_calibration.c in the Qualcomm sound driver ...)
+ TODO: check
CVE-2016-3859 (The Qualcomm camera driver in Android before 2016-09-05 on Nexus 5, ...)
TODO: check
CVE-2016-3858 (Buffer overflow in drivers/soc/qcom/subsystem_restart.c in the ...)
@@ -15430,8 +15621,7 @@
RESERVED
CVE-2016-3700
RESERVED
-CVE-2016-3699
- RESERVED
+CVE-2016-3699 (The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat ...)
- linux <unfixed>
[jessie] - linux <not-affected> (Vulnerable code not present)
[wheezy] - linux <not-affected> (Vulnerable code not present)
@@ -23785,7 +23975,7 @@
CVE-2015-8705 (buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug ...)
- bind9 <not-affected> (Only affects 9.10.0->9.10.3-P2)
NOTE: https://kb.isc.org/article/AA-01336
-CVE-2015-8704 (apl_42.c in ISC BIND 9.x before 9.9.8-P3 and 9.9.x and 9.10.x before ...)
+CVE-2015-8704 (apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before ...)
{DSA-3449-1 DLA-396-1}
- bind9 1:9.10.3.dfsg.P4-6 (bug #812077)
NOTE: https://kb.isc.org/article/AA-01335
@@ -24969,7 +25159,7 @@
NOTE: https://rt.perl.org/Public/Bug/Display.html?id=126862
CVE-2015-8606 (Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe ...)
TODO: check
-CVE-2015-8605 (ISC DHCP 4.x before 4.1-ESV-R12-P1 and 4.2.x and 4.3.x before 4.3.3-P1 ...)
+CVE-2015-8605 (ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 ...)
{DSA-3442-1 DLA-385-2 DLA-385-1}
- isc-dhcp 4.3.3-7 (bug #810875)
NOTE: https://kb.isc.org/article/AA-01334
@@ -31122,8 +31312,8 @@
NOT-FOR-US: Revive Adserver
CVE-2015-7364 (The HTML_Quickform library, as used in Revive Adserver before 3.2.2, ...)
NOT-FOR-US: Revive Adserver
-CVE-2015-7363
- RESERVED
+CVE-2015-7363 (Cross-site scripting (XSS) vulnerability in the advanced settings page ...)
+ TODO: check
CVE-2015-7362 (Fortinet FortiClient Linux SSLVPN before build 2313, when installed on ...)
TODO: check
CVE-2015-7361 (FortiOS 5.2.3, when configured to use High Availability (HA) and the ...)
@@ -37273,8 +37463,7 @@
- glance 2015.1.0-4 (bug #795453)
[jessie] - glance <not-affected> (Affects Glance 2015.1 versions trough 2015.1.1)
[wheezy] - glance <not-affected> (Affects Glance 2015.1 versions trough 2015.1.1)
-CVE-2015-5162 [Malicious image causes OOM on the compute host]
- RESERVED
+CVE-2015-5162 (The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; ...)
- cinder <unfixed>
- glance <unfixed> (low)
[jessie] - glance <no-dsa> (Minor issue)
@@ -42663,7 +42852,7 @@
[wheezy] - curl <not-affected> (Vulnerable code not present)
[squeeze] - curl <not-affected> (Vulnerable code not present)
NOTE: http://curl.haxx.se/docs/adv_20150617B.html
-CVE-2015-3236 (cURL and libcurl 7.40.0 through 7.42.1 sends the HTTP Basic ...)
+CVE-2015-3236 (cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic ...)
- curl 7.43.0-1
[jessie] - curl <not-affected> (Vulnerable code not present)
[wheezy] - curl <not-affected> (Vulnerable code not present)
@@ -43079,7 +43268,7 @@
CVE-2015-3149 [insecure hsperfdata temporary file handling, CVE-2015-0383 regression (Hotspot)]
RESERVED
- openjdk-8 <not-affected> (defective patch not applied)
-CVE-2015-3148 (cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use ...)
+CVE-2015-3148 (cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use ...)
{DSA-3232-1 DLA-211-1}
- curl 7.42.0-1
NOTE: http://curl.haxx.se/docs/adv_20150422B.html
@@ -46508,8 +46697,7 @@
NOT-FOR-US: Apptha WordPress Video Gallery (contus-video-gallery) plugin for WordPress
CVE-2015-2064 (Multiple cross-site scripting (XSS) vulnerabilities in DLGuard 5, 4.6, ...)
NOT-FOR-US: DLGuard
-CVE-2015-2080 [Jetty remote unauthenticated credential exposure]
- RESERVED
+CVE-2015-2080 (The exception handling code in Eclipse Jetty before 9.2.9.v20150224 ...)
- jetty <not-affected> (Only affects 9.2.3.v20140905 through 9.2.8.v20150217)
- jetty8 <not-affected> (Only affects 9.2.3.v20140905 through 9.2.8.v20150217)
NOTE: http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00074.html
@@ -51474,8 +51662,8 @@
RESERVED
CVE-2015-0573 (drivers/media/platform/msm/broadcast/tsc.c in the TSC driver for the ...)
TODO: check
-CVE-2015-0572
- RESERVED
+CVE-2015-0572 (Multiple race conditions in drivers/char/adsprpc.c and ...)
+ TODO: check
CVE-2015-0571 (The WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used ...)
TODO: check
CVE-2015-0570 (Stack-based buffer overflow in the SET_WPS_IE IOCTL implementation in ...)
@@ -160454,7 +160642,7 @@
NOT-FOR-US: NetArt Media Car Portal
CVE-2008-5309 (SQL injection vulnerability in NetArt Media Real Estate Portal 1.2 ...)
NOT-FOR-US: NetArt Media Real Estate Portal
-CVE-2008-5308 (The Simple Forum 3.1d module for LoveCMS 1.6.2 Final does properly ...)
+CVE-2008-5308 (The Simple Forum 3.1d module for LoveCMS 1.6.2 Final does not properly ...)
NOT-FOR-US: LoveCMS
CVE-2008-5307 (SQL injection vulnerability in admin/index.php in PG Roommate Finder ...)
NOT-FOR-US: PG Roommate Finder Solution
@@ -208714,7 +208902,7 @@
- asn1c <not-affected> (Fixed before upload into archive; 0.9.7)
CVE-2004-2643 (Directory traversal vulnerability in Microsoft cabarc allows remote ...)
NOT-FOR-US: Microsoft cabarc
-CVE-2004-2642 (Yeemp 0.9.9 and earlier does properly encrypt inbound files, which ...)
+CVE-2004-2642 (Yeemp 0.9.9 and earlier does not properly encrypt inbound files, which ...)
NOT-FOR-US: Yeemp
CVE-2004-2641 (Unspecified vulnerability in Sun Fire 3800/4800/4810/6800, Sun Fire ...)
NOT-FOR-US: Sun appliances
@@ -233656,7 +233844,7 @@
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0466 (AIX cdmount allows local users to gain root privileges via shell ...)
NOT-FOR-US: AIX
-CVE-2000-0465 (Internet Explorer 4.x and 5.x does properly verify the domain of a ...)
+CVE-2000-0465 (Internet Explorer 4.x and 5.x does not properly verify the domain of a ...)
NOT-FOR-US: Microsoft
CVE-2000-0464 (Internet Explorer 4.x and 5.x allows remote attackers to execute ...)
NOT-FOR-US: Microsoft
More information about the Secure-testing-commits
mailing list