[Secure-testing-commits] r44853 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Fri Sep 23 21:10:13 UTC 2016
Author: sectracker
Date: 2016-09-23 21:10:13 +0000 (Fri, 23 Sep 2016)
New Revision: 44853
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-09-23 19:51:14 UTC (rev 44852)
+++ data/CVE/list 2016-09-23 21:10:13 UTC (rev 44853)
@@ -2472,10 +2472,12 @@
NOTE: https://secure.ucc.asn.au/hg/dropbear/rev/eed9376a4ad6
CVE-2016-7407
RESERVED
+ {DLA-634-1}
- dropbear 2016.74-1
NOTE: https://secure.ucc.asn.au/hg/dropbear/rev/34e6127ef02e
CVE-2016-7406
RESERVED
+ {DLA-634-1}
- dropbear 2016.74-1
NOTE: https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb
CVE-2016-7404
@@ -3969,8 +3971,8 @@
RESERVED
CVE-2016-6825 (Huawei XH620 V3, XH622 V3, and XH628 V3 servers with software before ...)
TODO: check
-CVE-2016-6824
- RESERVED
+CVE-2016-6824 (Huawei AC6003, AC6005, AC6605, and ACU2 access controllers with ...)
+ TODO: check
CVE-2016-6823
RESERVED
CVE-2016-6888 [net: vmxnet: integer overflow in packet initialisation]
@@ -4434,8 +4436,8 @@
- ffmpeg 7:3.1.2-1
CVE-2016-6670 (Huawei S7700, S9300, S9700, and S12700 devices with software before ...)
TODO: check
-CVE-2016-6669
- RESERVED
+CVE-2016-6669 (Buffer overflow in the Authentication, Authorization and Accounting ...)
+ TODO: check
CVE-2016-6668
RESERVED
CVE-2016-6667
@@ -5213,8 +5215,7 @@
RESERVED
CVE-2016-6496
RESERVED
-CVE-2016-6525 [heap overflow in pdf_load_mesh_params()]
- RESERVED
+CVE-2016-6525 (Heap-based buffer overflow in the pdf_load_mesh_params function in ...)
{DSA-3655-1 DLA-589-1}
- mupdf 1.9a+ds1-1.2 (bug #833417)
NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=696954
@@ -5528,8 +5529,8 @@
RESERVED
CVE-2016-6415 (The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and ...)
TODO: check
-CVE-2016-6414
- RESERVED
+CVE-2016-6414 (iox in Cisco IOS, possibly 15.6 and earlier, and IOS XE, possibly 3.18 ...)
+ TODO: check
CVE-2016-6413
RESERVED
CVE-2016-6412
@@ -5544,8 +5545,8 @@
RESERVED
CVE-2016-6407 (Cisco AsyncOS through 9.5.0-444 on Web Security Appliance (WSA) ...)
TODO: check
-CVE-2016-6406
- RESERVED
+CVE-2016-6406 (Cisco IronPort AsyncOS 9.1.2-023, 9.1.2-028, 9.1.2-036, 9.7.2-046, ...)
+ TODO: check
CVE-2016-6405 (Cisco Fog Director 1.0(0) for IOx allows remote authenticated users to ...)
TODO: check
CVE-2016-6404 (Cross-site scripting (XSS) vulnerability in the web framework in Cisco ...)
@@ -5608,11 +5609,9 @@
NOT-FOR-US: Cisco
CVE-2016-6375 (Cisco Wireless LAN Controller (WLC) devices before 8.0.140.0, 8.1.x ...)
NOT-FOR-US: Cisco
-CVE-2016-6374
- RESERVED
+CVE-2016-6374 (Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote attackers ...)
NOT-FOR-US: Cisco Cloud Services Platform 2100
-CVE-2016-6373
- RESERVED
+CVE-2016-6373 (The web-based GUI in Cisco Cloud Services Platform (CSP) 2100 2.0 ...)
NOT-FOR-US: Cisco Cloud Services Platform 2100
CVE-2016-6372
RESERVED
@@ -5679,8 +5678,7 @@
CVE-2016-6341
RESERVED
NOT-FOR-US: ovirt-engine
-CVE-2016-6340
- RESERVED
+CVE-2016-6340 (The kickstart file in Red Hat QuickStart Cloud Installer (QCI) forces ...)
NOT-FOR-US: Red Hat QCI
CVE-2016-6339
REJECTED
@@ -5752,8 +5750,7 @@
[wheezy] - eglibc <not-affected> (Vulnerable code not present)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20435
NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9e2ff6c9cc54c0b4402b8d49e4abe7000fde7617
-CVE-2016-6322
- RESERVED
+CVE-2016-6322 (Red Hat QuickStart Cloud Installer (QCI) uses world-readable ...)
NOT-FOR-US: ovirt-engine
CVE-2016-6321
RESERVED
@@ -6245,8 +6242,7 @@
RESERVED
CVE-2016-1000112
RESERVED
-CVE-2016-6265 [use-after-free]
- RESERVED
+CVE-2016-6265 (Use-after-free vulnerability in the pdf_load_xref function in ...)
{DSA-3655-1}
- mupdf 1.9a+ds1-1.1 (bug #832031)
[wheezy] - mupdf <not-affected> (vulnerable code not present, no segfault)
@@ -9402,100 +9398,85 @@
RESERVED
CVE-2016-5285
RESERVED
-CVE-2016-5284
- RESERVED
+CVE-2016-5284 (Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 rely on ...)
{DSA-3674-1}
- firefox 49.0-1
- firefox-esr 45.4.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
-CVE-2016-5283
- RESERVED
+CVE-2016-5283 (Mozilla Firefox before 49.0 allows remote attackers to bypass the Same ...)
- firefox 49.0-1
- firefox-esr <not-affected> (Doesn't affect ESR)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
-CVE-2016-5282
- RESERVED
+CVE-2016-5282 (Mozilla Firefox before 49.0 does not properly restrict the scheme in ...)
- firefox 49.0-1
- firefox-esr <not-affected> (Doesn't affect ESR)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
-CVE-2016-5281
- RESERVED
+CVE-2016-5281 (Use-after-free vulnerability in the DOMSVGLength class in Mozilla ...)
{DSA-3674-1}
- firefox 49.0-1
- firefox-esr 45.4.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
-CVE-2016-5280
- RESERVED
+CVE-2016-5280 (Use-after-free vulnerability in the ...)
{DSA-3674-1}
- firefox 49.0-1
- firefox-esr 45.4.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
-CVE-2016-5279
- RESERVED
+CVE-2016-5279 (Mozilla Firefox before 49.0 allows user-assisted remote attackers to ...)
- firefox 49.0-1
- firefox-esr <not-affected> (Doesn't affect ESR)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
-CVE-2016-5278
- RESERVED
+CVE-2016-5278 (Heap-based buffer overflow in the nsBMPEncoder::AddImageFrame function ...)
{DSA-3674-1}
- firefox 49.0-1
- firefox-esr 45.4.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
-CVE-2016-5277
- RESERVED
+CVE-2016-5277 (Use-after-free vulnerability in the nsRefreshDriver::Tick function in ...)
{DSA-3674-1}
- firefox 49.0-1
- firefox-esr 45.4.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
-CVE-2016-5276
- RESERVED
+CVE-2016-5276 (Use-after-free vulnerability in the ...)
{DSA-3674-1}
- firefox 49.0-1
- firefox-esr 45.4.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
-CVE-2016-5275
- RESERVED
+CVE-2016-5275 (Buffer overflow in the ...)
- firefox 49.0-1
- firefox-esr <not-affected> (Doesn't affect ESR)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
-CVE-2016-5274
- RESERVED
+CVE-2016-5274 (Use-after-free vulnerability in the nsFrameManager::CaptureFrameState ...)
{DSA-3674-1}
- firefox 49.0-1
- firefox-esr 45.4.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
-CVE-2016-5273
- RESERVED
+CVE-2016-5273 (The mozilla::a11y::HyperTextAccessible::GetChildOffset function in the ...)
- firefox 49.0-1
- firefox-esr <not-affected> (Doesn't affect ESR)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
-CVE-2016-5272
- RESERVED
+CVE-2016-5272 (The nsImageGeometryMixin class in Mozilla Firefox before 49.0 and ...)
{DSA-3674-1}
- firefox 49.0-1
- firefox-esr 45.4.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
-CVE-2016-5271
- RESERVED
+CVE-2016-5271 (The PropertyProvider::GetSpacingInternal function in Mozilla Firefox ...)
- firefox 49.0-1
- firefox-esr <not-affected> (Doesn't affect ESR)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
-CVE-2016-5270
- RESERVED
+CVE-2016-5270 (Heap-based buffer overflow in the ...)
{DSA-3674-1}
- firefox 49.0-1
- firefox-esr 45.4.0esr-1
@@ -9555,15 +9536,13 @@
- firefox 48.0-1
- firefox-esr 45.3.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-72/
-CVE-2016-5257
- RESERVED
+CVE-2016-5257 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
{DSA-3674-1}
- firefox 49.0-1
- firefox-esr 45.4.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
-CVE-2016-5256
- RESERVED
+CVE-2016-5256 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
- firefox 49.0-1
- firefox-esr <not-affected> (Doesn't affect Firefox ESR)
CVE-2016-5255 (Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep ...)
@@ -9598,8 +9577,8 @@
NOT-FOR-US: Lenovo
CVE-2016-5248 (The StopProxy command in LSC.Services.SystemService in Lenovo Solution ...)
NOT-FOR-US: Lenovo
-CVE-2016-5247
- RESERVED
+CVE-2016-5247 (The BIOS for Lenovo ThinkCentre E93, M6500t/s, M6600, M6600q, ...)
+ TODO: check
CVE-2016-5246
RESERVED
CVE-2016-5245
@@ -17010,8 +16989,7 @@
{DSA-3600-1 DLA-521-1}
- firefox-esr 45.2.0esr-1
- firefox 47.0-1
-CVE-2016-2827
- RESERVED
+CVE-2016-2827 (The mozilla::net::IsValidReferrerPolicy function in Mozilla Firefox ...)
- firefox 49.0-1
- firefox-esr <not-affected> (Doesn't affect ESR)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
@@ -71670,8 +71648,8 @@
RESERVED
CVE-2014-2147 (The web interface in Cisco Prime Infrastructure 2.1 and earlier does ...)
NOT-FOR-US: Cisco Prime Infrastructure
-CVE-2014-2146
- RESERVED
+CVE-2014-2146 (The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly ...)
+ TODO: check
CVE-2014-2145 (Directory traversal vulnerability in the messaging API in Cisco Unity ...)
NOT-FOR-US: Cisco
CVE-2014-2144 (Cisco IOS XR does not properly throttle ICMPv6 redirect packets, which ...)
More information about the Secure-testing-commits
mailing list