[Secure-testing-commits] r44743 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Mon Sep 19 21:10:20 UTC 2016
Author: sectracker
Date: 2016-09-19 21:10:19 +0000 (Mon, 19 Sep 2016)
New Revision: 44743
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-09-19 17:33:09 UTC (rev 44742)
+++ data/CVE/list 2016-09-19 21:10:19 UTC (rev 44743)
@@ -1,3 +1,123 @@
+CVE-2016-8280
+ RESERVED
+CVE-2016-8279
+ RESERVED
+CVE-2016-8278
+ RESERVED
+CVE-2016-8277
+ RESERVED
+CVE-2016-8276
+ RESERVED
+CVE-2016-8275
+ RESERVED
+CVE-2016-8274
+ RESERVED
+CVE-2016-8273
+ RESERVED
+CVE-2016-8272
+ RESERVED
+CVE-2016-8271
+ RESERVED
+CVE-2016-8270
+ RESERVED
+CVE-2016-8269
+ RESERVED
+CVE-2016-8268
+ RESERVED
+CVE-2016-8267
+ RESERVED
+CVE-2016-8266
+ RESERVED
+CVE-2016-8265
+ RESERVED
+CVE-2016-8264
+ RESERVED
+CVE-2016-8263
+ RESERVED
+CVE-2016-8262
+ RESERVED
+CVE-2016-8261
+ RESERVED
+CVE-2016-8260
+ RESERVED
+CVE-2016-8259
+ RESERVED
+CVE-2016-8258
+ RESERVED
+CVE-2016-8257
+ RESERVED
+CVE-2016-8256
+ RESERVED
+CVE-2016-8255
+ RESERVED
+CVE-2016-8254
+ RESERVED
+CVE-2016-8253
+ RESERVED
+CVE-2016-8252
+ RESERVED
+CVE-2016-8251
+ RESERVED
+CVE-2016-8250
+ RESERVED
+CVE-2016-8249
+ RESERVED
+CVE-2016-8248
+ RESERVED
+CVE-2016-8247
+ RESERVED
+CVE-2016-8246
+ RESERVED
+CVE-2016-8245
+ RESERVED
+CVE-2016-8244
+ RESERVED
+CVE-2016-8243
+ RESERVED
+CVE-2016-8242
+ RESERVED
+CVE-2016-8241
+ RESERVED
+CVE-2016-8240
+ RESERVED
+CVE-2016-8239
+ RESERVED
+CVE-2016-8238
+ RESERVED
+CVE-2016-8237
+ RESERVED
+CVE-2016-8236
+ RESERVED
+CVE-2016-8235
+ RESERVED
+CVE-2016-8234
+ RESERVED
+CVE-2016-8233
+ RESERVED
+CVE-2016-8232
+ RESERVED
+CVE-2016-8231
+ RESERVED
+CVE-2016-8230
+ RESERVED
+CVE-2016-8229
+ RESERVED
+CVE-2016-8228
+ RESERVED
+CVE-2016-8227
+ RESERVED
+CVE-2016-8226
+ RESERVED
+CVE-2016-8225
+ RESERVED
+CVE-2016-8224
+ RESERVED
+CVE-2016-8223
+ RESERVED
+CVE-2016-8222
+ RESERVED
+CVE-2016-8221
+ RESERVED
CVE-2016-7423 [scsi: mptsas: OOB access when freeing MPTSASRequest object]
RESERVED
- qemu <unfixed> (bug #838145)
@@ -2259,10 +2379,9 @@
NOTE: The scope of this CVE is the documentation bug, lacking treatment of
NOTE: -DNDEBUG and Static Initialization
NOTE: Documentation added in https://github.com/weidai11/cryptopp/commit/553049ba297d89d9e8fbf2204acb40a8a53f5cd6
-CVE-2016-7419
- RESERVED
-CVE-2016-7418 [Out-Of-Bounds Read in php_wddx_push_element]
- RESERVED
+CVE-2016-7419 (Cross-site scripting (XSS) vulnerability in share.js in the gallery ...)
+ TODO: check
+CVE-2016-7418 (The php_wddx_push_element function in ext/wddx/wddx.c in PHP before ...)
- php7.0 7.0.11-1
- php5 5.6.26+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73065
@@ -2270,50 +2389,43 @@
NOTE: https://github.com/php/php-src/commit/c4cca4c20e75359c9a13a1f9a36cb7b4e9601d29?w=1
NOTE: The scope of this CVE also includes all of the "other four similar issues"
NOTE: in the "[2016-09-12 06:44 UTC]" comment.
-CVE-2016-7417 [Missing type check when unserializing SplArray]
- RESERVED
+CVE-2016-7417 (ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 ...)
- php7.0 7.0.11-1
- php5 5.6.26+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73029
NOTE: Fixed in 7.0.11, 5.6.26
NOTE: https://github.com/php/php-src/commit/ecb7f58a069be0dec4a6131b6351a761f808f22e?w=1
-CVE-2016-7416 [add locale length check]
- RESERVED
+CVE-2016-7416 (ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x ...)
- php7.0 7.0.11-1
- php5 5.6.26+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73007
NOTE: Fixed in 7.0.11, 5.6.26
NOTE: https://github.com/php/php-src/commit/6d55ba265637d6adf0ba7e9c9ef11187d1ec2f5b?w=1
-CVE-2016-7415 [ICU related issue relative to PHP Bug #73007, add locale length check]
- RESERVED
+CVE-2016-7415 (Stack-based buffer overflow in the Locale class in common/locid.cpp in ...)
- icu <unfixed>
NOTE: Related code in http://source.icu-project.org/repos/icu/icu/trunk/source/common/locid.cpp file
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73007
NOTE: PHP fix: https://github.com/php/php-src/commit/6d55ba265637d6adf0ba7e9c9ef11187d1ec2f5b?w=1
NOTE: Unclear how this should be fixed for icu, if at all. Issue is mainly in PHP.
-CVE-2016-7414 [Out of bound when verify signature of zip phar in phar_parse_zipfile]
- RESERVED
+CVE-2016-7414 (The ZIP signature-verification feature in PHP before 5.6.26 and 7.x ...)
- php7.0 7.0.11-1
- php5 5.6.26+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72928
NOTE: Fixed in 7.0.11, 5.6.26
NOTE: https://github.com/php/php-src/commit/0bfb970f43acd1e81d11be1154805f86655f15d5?w=1
-CVE-2016-7413 [wddx_deserialize use-after-free]
- RESERVED
+CVE-2016-7413 (Use-after-free vulnerability in the wddx_stack_destroy function in ...)
- php7.0 7.0.11-1
- php5 5.6.26+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72860
NOTE: Fixed in 7.0.11, 5.6.26
NOTE: https://github.com/php/php-src/commit/b88393f08a558eec14964a55d3c680fe67407712?w=1
-CVE-2016-7412 [Heap overflow in mysqlnd related to BIT fields]
- RESERVED
+CVE-2016-7412 (ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before ...)
- php7.0 7.0.11-1
- php5 5.6.26+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72293
NOTE: Fixed in 7.0.11, 5.6.26
NOTE: https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1
-CVE-2016-7411 [Memory Corruption in During Deserialized-object Destruction]
- RESERVED
+CVE-2016-7411 (ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles ...)
- php7.0 <not-affected> (Only affects 5.x)
- php5 5.6.26+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73052
@@ -3601,10 +3713,10 @@
RESERVED
CVE-2016-6939
RESERVED
-CVE-2016-6938
- RESERVED
-CVE-2016-6937
- RESERVED
+CVE-2016-6938 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
+ TODO: check
+CVE-2016-6937 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
+ TODO: check
CVE-2016-6936 (Adobe AIR SDK & Compiler before 23.0.0.257 on Windows does not support ...)
TODO: check
CVE-2016-6935
@@ -4343,18 +4455,18 @@
RESERVED
CVE-2016-6645
RESERVED
-CVE-2016-6644
- RESERVED
-CVE-2016-6643
- RESERVED
-CVE-2016-6642
- RESERVED
-CVE-2016-6641
- RESERVED
+CVE-2016-6644 (EMC Documentum D2 4.5 before patch 15 and 4.6 before patch 03 allows ...)
+ TODO: check
+CVE-2016-6643 (Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 ...)
+ TODO: check
+CVE-2016-6642 (Cross-site request forgery (CSRF) vulnerability in EMC ViPR SRM before ...)
+ TODO: check
+CVE-2016-6641 (Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 ...)
+ TODO: check
CVE-2016-6640
RESERVED
-CVE-2016-6639
- RESERVED
+CVE-2016-6639 (Cloud Foundry PHP Buildpack (aka php-buildpack) before 4.3.18 and PHP ...)
+ TODO: check
CVE-2016-6638
RESERVED
CVE-2016-6637
@@ -4896,12 +5008,12 @@
RESERVED
CVE-2016-6538
RESERVED
-CVE-2016-6537
- RESERVED
-CVE-2016-6536
- RESERVED
-CVE-2016-6535
- RESERVED
+CVE-2016-6537 (AVer Information EH6108H+ devices with firmware X9.03.24.00.07l store ...)
+ TODO: check
+CVE-2016-6536 (The /setup URI on AVer Information EH6108H+ devices with firmware ...)
+ TODO: check
+CVE-2016-6535 (AVer Information EH6108H+ devices with firmware X9.03.24.00.07l have ...)
+ TODO: check
CVE-2016-6534
RESERVED
CVE-2016-6533
@@ -5281,8 +5393,8 @@
RESERVED
CVE-2016-6416
RESERVED
-CVE-2016-6415
- RESERVED
+CVE-2016-6415 (The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and ...)
+ TODO: check
CVE-2016-6414
RESERVED
CVE-2016-6413
@@ -5297,20 +5409,20 @@
RESERVED
CVE-2016-6408
RESERVED
-CVE-2016-6407
- RESERVED
+CVE-2016-6407 (Cisco AsyncOS through 9.5.0-444 on Web Security Appliance (WSA) ...)
+ TODO: check
CVE-2016-6406
RESERVED
-CVE-2016-6405
- RESERVED
-CVE-2016-6404
- RESERVED
-CVE-2016-6403
- RESERVED
-CVE-2016-6402
- RESERVED
-CVE-2016-6401
- RESERVED
+CVE-2016-6405 (Cisco Fog Director 1.0(0) for IOx allows remote authenticated users to ...)
+ TODO: check
+CVE-2016-6404 (Cross-site scripting (XSS) vulnerability in the web framework in Cisco ...)
+ TODO: check
+CVE-2016-6403 (The Data in Motion (DMo) application in Cisco IOS 15.6(1)T and IOS XE, ...)
+ TODO: check
+CVE-2016-6402 (UCS Manager and UCS 6200 Fabric Interconnects in Cisco Unified ...)
+ TODO: check
+CVE-2016-6401 (Cisco Carrier Routing System (CRS) 5.1 and 5.1.4, as used in CRS ...)
+ TODO: check
CVE-2016-6400
RESERVED
CVE-2016-6399 (Cisco ACE30 Application Control Engine Module through A5 3.3 and ACE ...)
@@ -7221,8 +7333,8 @@
RESERVED
CVE-2016-5845 (SAP SAPCAR does not check the return value of file operations when ...)
NOT-FOR-US: SAP SAPCAR
-CVE-2016-5843
- RESERVED
+CVE-2016-5843 (Multiple SQL injection vulnerabilities in the FAQ package 2.x before ...)
+ TODO: check
CVE-2016-5840 (hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, ...)
NOT-FOR-US: Trend Micro Deep Discovery Inspector
CVE-2016-5831
@@ -7245,8 +7357,8 @@
RESERVED
CVE-2016-5815
RESERVED
-CVE-2016-5814
- RESERVED
+CVE-2016-5814 (Buffer overflow in Rockwell Automation RSLogix Micro Starter Lite, ...)
+ TODO: check
CVE-2016-5813
RESERVED
CVE-2016-5812 (Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and ...)
@@ -10867,8 +10979,8 @@
NOTE: This security fix can be considered an improvement of the previous ZF2016-02
NOTE: and ZF2014-04 advisories.
NOTE: Fixed by: https://github.com/zendframework/zf1/commit/b1c71dd94296d9000127720c85a7ea9e3b35af4b (1.12.20)
-CVE-2016-4860
- RESERVED
+CVE-2016-4860 (Yokogawa STARDOM FCN/FCJ controller R1.01 through R4.01 does not ...)
+ TODO: check
CVE-2016-4859
RESERVED
CVE-2016-4858
@@ -11143,14 +11255,14 @@
RESERVED
CVE-2016-4750
RESERVED
-CVE-2016-4749
- RESERVED
+CVE-2016-4749 (Printing UIKit in Apple iOS before 10 mishandles environment ...)
+ TODO: check
CVE-2016-4748
RESERVED
-CVE-2016-4747
- RESERVED
-CVE-2016-4746
- RESERVED
+CVE-2016-4747 (Mail in Apple iOS before 10 mishandles certificates, which makes it ...)
+ TODO: check
+CVE-2016-4746 (The Keyboards component in Apple iOS before 10 does not properly use a ...)
+ TODO: check
CVE-2016-4745
RESERVED
CVE-2016-4744
@@ -11159,10 +11271,10 @@
RESERVED
CVE-2016-4742
RESERVED
-CVE-2016-4741
- RESERVED
-CVE-2016-4740
- RESERVED
+CVE-2016-4741 (The Assets component in Apple iOS before 10 allows man-in-the-middle ...)
+ TODO: check
+CVE-2016-4740 (Apple iOS before 10, when Handoff for Messages is used, does not ...)
+ TODO: check
CVE-2016-4739
RESERVED
CVE-2016-4738
@@ -11203,8 +11315,8 @@
RESERVED
CVE-2016-4720
RESERVED
-CVE-2016-4719
- RESERVED
+CVE-2016-4719 (The GeoServices component in Apple iOS before 10 and watchOS before 3 ...)
+ TODO: check
CVE-2016-4718
RESERVED
CVE-2016-4717
@@ -11231,10 +11343,10 @@
RESERVED
CVE-2016-4706
RESERVED
-CVE-2016-4705
- RESERVED
-CVE-2016-4704
- RESERVED
+CVE-2016-4705 (otool in Apple Xcode before 8 allows local users to gain privileges or ...)
+ TODO: check
+CVE-2016-4704 (otool in Apple Xcode before 8 allows local users to gain privileges or ...)
+ TODO: check
CVE-2016-4703
RESERVED
CVE-2016-4702
@@ -11401,8 +11513,8 @@
- webkit2gtk 2.12.4-1 (unimportant)
CVE-2016-4621 (libc++abi in Apple OS X before 10.11.6 allows attackers to execute ...)
NOT-FOR-US: Apple
-CVE-2016-4620
- RESERVED
+CVE-2016-4620 (The Sandbox Profiles component in Apple iOS before 10 does not ...)
+ TODO: check
CVE-2016-4619 (libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ...)
TODO: check
CVE-2016-4618
@@ -11681,8 +11793,8 @@
TODO: check
CVE-2016-4527 (ABB PCM600 before 2.7 improperly stores PCM600 authentication ...)
NOT-FOR-US: ABB PCM600
-CVE-2016-4526
- RESERVED
+CVE-2016-4526 (ABB DataManagerPro 1.x before 1.7.1 allows local users to gain ...)
+ TODO: check
CVE-2016-4525 (Unspecified ActiveX controls in Advantech WebAccess before ...)
TODO: check
CVE-2016-4524 (ABB PCM600 before 2.7 improperly stores OPC Server IEC61850 passwords ...)
@@ -21741,10 +21853,10 @@
TODO: check
CVE-2016-1484 (Cisco WebEx Meetings Server 2.6 allows remote attackers to bypass ...)
TODO: check
-CVE-2016-1483
- RESERVED
-CVE-2016-1482
- RESERVED
+CVE-2016-1483 (Cisco WebEx Meetings Server 2.6 allows remote attackers to cause a ...)
+ TODO: check
+CVE-2016-1482 (Cisco WebEx Meetings Server 2.6 allows remote attackers to execute ...)
+ TODO: check
CVE-2016-1481
RESERVED
CVE-2016-1480
@@ -21841,8 +21953,8 @@
TODO: check
CVE-2016-1434 (The license-certificate upload functionality on Cisco 8800 phones with ...)
TODO: check
-CVE-2016-1433
- RESERVED
+CVE-2016-1433 (Cisco IOS XR 6.0 and 6.0.1 on NCS 6000 devices allows remote attackers ...)
+ TODO: check
CVE-2016-1432 (Cisco IOS XE 3.15S and 3.16S on cBR-8 Converged Broadband Router ...)
TODO: check
CVE-2016-1431 (Cross-site scripting (XSS) vulnerability in Cisco Firepower Management ...)
@@ -23674,24 +23786,24 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283934
NOTE: http://www.openwall.com/lists/oss-security/2016/01/16/1
NOTE: Possibly introduced in http://git.qemu.org/?p=qemu.git;a=commit;h=4917cf44326a1bda2fd7f27303aff7a25ad86518 (v1.6.0-rc0)
-CVE-2016-0930
- RESERVED
-CVE-2016-0929
- RESERVED
-CVE-2016-0928
- RESERVED
-CVE-2016-0927
- RESERVED
-CVE-2016-0926
- RESERVED
+CVE-2016-0930 (Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.19 and 1.7.x before ...)
+ TODO: check
+CVE-2016-0929 (The metrics-collection component in RabbitMQ for Pivotal Cloud Foundry ...)
+ TODO: check
+CVE-2016-0928 (Multiple open redirect vulnerabilities in Pivotal Cloud Foundry (PCF) ...)
+ TODO: check
+CVE-2016-0927 (Cross-site scripting (XSS) vulnerability in Pivotal Cloud Foundry ...)
+ TODO: check
+CVE-2016-0926 (Cross-site scripting (XSS) vulnerability in Apps Manager in Pivotal ...)
+ TODO: check
CVE-2016-0925
RESERVED
-CVE-2016-0924
- RESERVED
-CVE-2016-0923
- RESERVED
-CVE-2016-0922
- RESERVED
+CVE-2016-0924 (The TLS 1.2 implementation in EMC RSA BSAFE Micro Edition Suite (MES) ...)
+ TODO: check
+CVE-2016-0923 (The client in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before ...)
+ TODO: check
+CVE-2016-0922 (EMC ViPR SRM before 3.7.2 does not restrict the number of ...)
+ TODO: check
CVE-2016-0921
RESERVED
CVE-2016-0920
@@ -23740,10 +23852,10 @@
NOT-FOR-US: RSA Archer GRC Platform
CVE-2016-0898
RESERVED
-CVE-2016-0897
- RESERVED
-CVE-2016-0896
- RESERVED
+CVE-2016-0897 (Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 and 1.7.x before ...)
+ TODO: check
+CVE-2016-0896 (Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.34 and 1.7.x ...)
+ TODO: check
CVE-2016-0895 (EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers ...)
TODO: check
CVE-2016-0894 (EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote ...)
@@ -23768,8 +23880,8 @@
RESERVED
CVE-2016-0884
RESERVED
-CVE-2016-0883
- RESERVED
+CVE-2016-0883 (Pivotal Cloud Foundry (PCF) Ops Manager before 1.5.14 and 1.6.x before ...)
+ TODO: check
CVE-2016-0882 (EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows ...)
NOT-FOR-US: EMC Documentum
CVE-2016-0881 (EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows ...)
@@ -23856,8 +23968,8 @@
RESERVED
CVE-2016-0871 (Eaton Lighting EG2 Web Control 4.04P and earlier allows remote ...)
TODO: check
-CVE-2016-0870
- RESERVED
+CVE-2016-0870 (The web server in Trane Tracer SC 4.2.1134 and earlier allows remote ...)
+ TODO: check
CVE-2016-0869 (Heap-based buffer overflow in MICROSYS PROMOTIC before 8.3.11 allows ...)
NOT-FOR-US: MICROSYS PROMOTIC
CVE-2016-0868 (Stack-based buffer overflow on Rockwell Automation Allen-Bradley ...)
More information about the Secure-testing-commits
mailing list