[Secure-testing-commits] r50898 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Fri Apr 21 21:10:13 UTC 2017
Author: sectracker
Date: 2017-04-21 21:10:13 +0000 (Fri, 21 Apr 2017)
New Revision: 50898
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-04-21 21:06:31 UTC (rev 50897)
+++ data/CVE/list 2017-04-21 21:10:13 UTC (rev 50898)
@@ -1,3 +1,125 @@
+CVE-2017-8051 (Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a ...)
+ TODO: check
+CVE-2017-8050 (Tenable Appliance 4.4.0, and possibly prior, contains a flaw in the Web ...)
+ TODO: check
+CVE-2017-8049
+ RESERVED
+CVE-2017-8048
+ RESERVED
+CVE-2017-8047
+ RESERVED
+CVE-2017-8046
+ RESERVED
+CVE-2017-8045
+ RESERVED
+CVE-2017-8044
+ RESERVED
+CVE-2017-8043
+ RESERVED
+CVE-2017-8042
+ RESERVED
+CVE-2017-8041
+ RESERVED
+CVE-2017-8040
+ RESERVED
+CVE-2017-8039
+ RESERVED
+CVE-2017-8038
+ RESERVED
+CVE-2017-8037
+ RESERVED
+CVE-2017-8036
+ RESERVED
+CVE-2017-8035
+ RESERVED
+CVE-2017-8034
+ RESERVED
+CVE-2017-8033
+ RESERVED
+CVE-2017-8032
+ RESERVED
+CVE-2017-8031
+ RESERVED
+CVE-2017-8030
+ RESERVED
+CVE-2017-8029
+ RESERVED
+CVE-2017-8028
+ RESERVED
+CVE-2017-8027
+ RESERVED
+CVE-2017-8026
+ RESERVED
+CVE-2017-8025
+ RESERVED
+CVE-2017-8024
+ RESERVED
+CVE-2017-8023
+ RESERVED
+CVE-2017-8022
+ RESERVED
+CVE-2017-8021
+ RESERVED
+CVE-2017-8020
+ RESERVED
+CVE-2017-8019
+ RESERVED
+CVE-2017-8018
+ RESERVED
+CVE-2017-8017
+ RESERVED
+CVE-2017-8016
+ RESERVED
+CVE-2017-8015
+ RESERVED
+CVE-2017-8014
+ RESERVED
+CVE-2017-8013
+ RESERVED
+CVE-2017-8012
+ RESERVED
+CVE-2017-8011
+ RESERVED
+CVE-2017-8010
+ RESERVED
+CVE-2017-8009
+ RESERVED
+CVE-2017-8008
+ RESERVED
+CVE-2017-8007
+ RESERVED
+CVE-2017-8006
+ RESERVED
+CVE-2017-8005
+ RESERVED
+CVE-2017-8004
+ RESERVED
+CVE-2017-8003
+ RESERVED
+CVE-2017-8002
+ RESERVED
+CVE-2017-8001
+ RESERVED
+CVE-2017-8000
+ RESERVED
+CVE-2017-7999
+ RESERVED
+CVE-2017-7998
+ RESERVED
+CVE-2017-7997
+ RESERVED
+CVE-2017-7996
+ RESERVED
+CVE-2017-7995
+ RESERVED
+CVE-2017-7994 (The function TextExtractor::ExtractText in TextExtractor.cpp:77 in ...)
+ TODO: check
+CVE-2017-7993
+ RESERVED
+CVE-2017-7992 (Heartland Payment Systems Payment Gateway PHP SDK hps/heartland-php ...)
+ TODO: check
+CVE-2016-10348
+ RESERVED
CVE-2017-7991
RESERVED
CVE-2017-7990 (The Reporting Module 1.12.0 for OpenMRS allows CSRF attacks with ...)
@@ -2366,6 +2488,7 @@
CVE-2017-7229
RESERVED
CVE-2017-7228 (An issue (known as XSA-212) was discovered in Xen, with fixes available ...)
+ {DLA-907-1}
- xen 4.8.1-1 (bug #859560)
NOTE: https://xenbits.xen.org/xsa/advisory-212.html
CVE-2017-7227 (GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based ...)
@@ -7536,7 +7659,7 @@
RESERVED
CVE-2017-5469
RESERVED
- {DSA-3831-1}
+ {DSA-3831-1 DLA-906-1}
- firefox-esr 45.9.0esr-1
- firefox 52.0.1-1
CVE-2017-5468
@@ -7550,12 +7673,12 @@
- firefox 52.0.1-1
CVE-2017-5465
RESERVED
- {DSA-3831-1}
+ {DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
CVE-2017-5464
RESERVED
- {DSA-3831-1}
+ {DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
CVE-2017-5463
@@ -7563,7 +7686,7 @@
- firefox <not-affected> (Only affects Firefox on Android)
CVE-2017-5462
RESERVED
- {DSA-3831-1}
+ {DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
- nss <undetermined>
@@ -7571,19 +7694,19 @@
NOTE: https://hg.mozilla.org/projects/nss/rev/7248d38b76e5
CVE-2017-5461
RESERVED
- {DSA-3831-1}
+ {DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- nss <undetermined>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5461
NOTE: https://hg.mozilla.org/projects/nss/rev/77a5bb81dbaa
CVE-2017-5460
RESERVED
- {DSA-3831-1}
+ {DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
CVE-2017-5459
RESERVED
- {DSA-3831-1}
+ {DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
CVE-2017-5458
@@ -7617,84 +7740,84 @@
- firefox 52.0.1-1
CVE-2017-5448
RESERVED
- {DSA-3831-1}
+ {DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
CVE-2017-5447
RESERVED
- {DSA-3831-1}
+ {DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
CVE-2017-5446
RESERVED
- {DSA-3831-1}
+ {DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
CVE-2017-5445
RESERVED
- {DSA-3831-1}
+ {DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
CVE-2017-5444
RESERVED
- {DSA-3831-1}
+ {DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
CVE-2017-5443
RESERVED
- {DSA-3831-1}
+ {DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
CVE-2017-5442
RESERVED
- {DSA-3831-1}
+ {DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
CVE-2017-5441
RESERVED
- {DSA-3831-1}
+ {DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
CVE-2017-5440
RESERVED
- {DSA-3831-1}
+ {DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
CVE-2017-5439
RESERVED
- {DSA-3831-1}
+ {DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
CVE-2017-5438
RESERVED
- {DSA-3831-1}
+ {DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
CVE-2017-5437
RESERVED
CVE-2017-5436
RESERVED
- {DSA-3831-1}
+ {DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
CVE-2017-5435
RESERVED
- {DSA-3831-1}
+ {DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
CVE-2017-5434
RESERVED
- {DSA-3831-1}
+ {DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
CVE-2017-5433
RESERVED
- {DSA-3831-1}
+ {DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
CVE-2017-5432
RESERVED
- {DSA-3831-1}
+ {DSA-3831-1 DLA-906-1}
- firefox 52.0.1-1
- firefox-esr 45.9.0esr-1
CVE-2017-5431
@@ -7705,7 +7828,7 @@
- firefox-esr <not-affected> (Only affects ESR52 and Firefox)
CVE-2017-5429
RESERVED
- {DSA-3831-1}
+ {DSA-3831-1 DLA-906-1}
- firefox-esr 45.9.0esr-1
- firefox 52.0.1-1
CVE-2017-5428
@@ -9442,8 +9565,7 @@
[wheezy] - tiff3 <not-affected> (libtiff-tools not shipped by this source package)
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2620
NOTE: Fixed by: https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a
-CVE-2016-10091 [stack-based buffer overflows in cmd_* functions]
- RESERVED
+CVE-2016-10091 (Multiple stack-based buffer overflows in unrtf 0.21.9 allow remote ...)
- unrtf 0.21.9-clean-3 (bug #849705)
[jessie] - unrtf 0.21.5-3+deb8u1
[wheezy] - unrtf <no-dsa> (Minor issue)
@@ -12161,8 +12283,7 @@
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1012568
NOTE: https://github.com/docker/docker/compare/v1.12.5...v1.12.6
NOTE: https://github.com/opencontainers/runc/commit/50a19c6ff828c58e5dab13830bd3dacde268afe5
-CVE-2016-9954
- RESERVED
+CVE-2016-9954 (The backtrack compilation code in the Irregex package (aka IrRegular ...)
- chicken <unfixed> (low; bug #851278)
[jessie] - chicken <no-dsa> (Minor issue)
[wheezy] - chicken <no-dsa> (Minor issue)
@@ -31090,8 +31211,7 @@
CVE-2016-6580 (A HTTP/2 implementation built using any version of the Python priority ...)
NOT-FOR-US: Python Priority
NOTE: https://github.com/python-hyper/priority/pull/23
-CVE-2016-6519 [persistent XSS in metadata field]
- RESERVED
+CVE-2016-6519 (Cross-site scripting (XSS) vulnerability in the "Shares" overview in ...)
- manila-ui 2.5.1-0 (bug #838017)
CVE-2016-6518 (Memory leak in Huawei S9300, S5300, S5700, S6700, S7700, S9700, and ...)
NOT-FOR-US: Huawei
@@ -34818,8 +34938,7 @@
[jessie] - linux <not-affected> (Vulnerable code not present)
[wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: Fixed by: https://git.kernel.org/linus/aa93d1fee85c890a34f2510a310e55ee76a27848 (4.7)
-CVE-2016-5399 [Improper error handling in bzread()]
- RESERVED
+CVE-2016-5399 (The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x ...)
{DSA-3631-1 DLA-628-1}
- php7.0 7.0.9-1
- php5 5.6.24+dfsg-1
@@ -36152,8 +36271,8 @@
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5169 (Format string vulnerability in Google Chrome OS before 53.0.2785.103 ...)
NOT-FOR-US: Google Chrome OS
-CVE-2016-5168
- RESERVED
+CVE-2016-5168 (Skia, as used in Google Chrome before 50.0.2661.94, allows remote ...)
+ TODO: check
CVE-2016-5167 (Multiple unspecified vulnerabilities in Google Chrome before ...)
{DSA-3660-1}
- chromium-browser 53.0.2785.89-1
@@ -37381,8 +37500,8 @@
NOT-FOR-US: ClipBucket
CVE-2016-4847 (Cross-site scripting (XSS) vulnerability in site/search.php in OSSEC ...)
TODO: check
-CVE-2016-4846
- RESERVED
+CVE-2016-4846 (Untrusted search path vulnerability in the installer of PhishWall ...)
+ TODO: check
CVE-2016-4845 (Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE ...)
NOT-FOR-US: I-O DATA
CVE-2016-4844 (Cybozu Mailwise before 5.4.0 allows remote attackers to conduct ...)
@@ -37391,10 +37510,10 @@
NOT-FOR-US: Cybozu
CVE-2016-4842 (Cybozu Mailwise before 5.4.0 allows remote attackers to obtain ...)
NOT-FOR-US: Cybozu
-CVE-2016-4841
- RESERVED
-CVE-2016-4840
- RESERVED
+CVE-2016-4841 (Cybozu Mailwise before 5.4.0 allows remote attackers to inject ...)
+ TODO: check
+CVE-2016-4840 (Coordinate Plus App for Android 1.0.2 and earlier and Coordinate Plus ...)
+ TODO: check
CVE-2016-4839
RESERVED
CVE-2016-4838
@@ -37409,14 +37528,14 @@
NOT-FOR-US: Vtiger
CVE-2016-4833 (Cross-site scripting (XSS) vulnerability in the Nofollow Links plugin ...)
NOT-FOR-US: Nofollow Links plugin for WordPress
-CVE-2016-4832
- RESERVED
+CVE-2016-4832 (WAON "Service Application" for Android 1.4.1 and earlier does not ...)
+ TODO: check
CVE-2016-4831 (Untrusted search path vulnerability in LINE and LINE Installer 4.7.0 ...)
NOT-FOR-US: LINE
-CVE-2016-4830
- RESERVED
-CVE-2016-4829
- RESERVED
+CVE-2016-4830 (Sushiro App for iOS 2.1.16 and earlier and Sushiro App for Android ...)
+ TODO: check
+CVE-2016-4829 (DMM Movie Player App for Android before 1.2.1, and DMM Movie Player ...)
+ TODO: check
CVE-2016-4828 (The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress ...)
NOT-FOR-US: Collne Welcart e-Commerce plugin for WordPress
CVE-2016-4827 (Cross-site scripting (XSS) vulnerability in the Collne Welcart ...)
@@ -40681,8 +40800,7 @@
NOT-FOR-US: Pulp (Red Hat)
CVE-2016-3703 (Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the ...)
NOT-FOR-US: OpenShift
-CVE-2016-3702
- RESERVED
+CVE-2016-3702 (Padding oracle flaw in CloudForms Management Engine (aka CFME) 5 ...)
NOT-FOR-US: Red Hat CloudForms Management Engine
CVE-2016-3701
RESERVED
@@ -42161,8 +42279,8 @@
NOT-FOR-US: Pulp (Red Hat)
CVE-2016-3110 (mod_cluster, as used in Red Hat JBoss Web Server 2.1, allows remote ...)
- libapache2-mod-cluster <itp> (bug #731410)
-CVE-2016-3109
- RESERVED
+CVE-2016-3109 (The backend/Login/load/ script in Shopware before 5.1.5 allows remote ...)
+ TODO: check
CVE-2016-3108
RESERVED
NOT-FOR-US: Pulp (Red Hat)
@@ -42323,8 +42441,8 @@
- mercurial 3.7.3-1 (bug #819504)
NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29
NOTE: https://selenic.com/repo/hg-stable/rev/34d43cb85de8
-CVE-2016-3067
- RESERVED
+CVE-2016-3067 (Cygwin before 2.5.0 does not properly handle updating permissions when ...)
+ TODO: check
CVE-2016-3066 [hijacks clipboard and sends contents to remote servers]
RESERVED
- spice-gtk <unfixed>
@@ -44400,8 +44518,8 @@
NOT-FOR-US: Android
CVE-2016-2434 (The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 ...)
NOT-FOR-US: Android
-CVE-2016-2433
- RESERVED
+CVE-2016-2433 (The Broadcom Wi-Fi driver for Android, as used by BlackBerry ...)
+ TODO: check
CVE-2016-2432 (The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus ...)
NOT-FOR-US: Android
CVE-2016-2431 (The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus ...)
@@ -44718,8 +44836,7 @@
NOT-FOR-US: BMC
CVE-2016-2348
RESERVED
-CVE-2016-2347 [decode_level3_header heap corruption vulnerability]
- RESERVED
+CVE-2016-2347 (Integer underflow in the decode_level3_header function in ...)
{DSA-3540-1}
- lhasa 0.3.1-1
NOTE: http://www.talosintel.com/reports/TALOS-2016-0095/
@@ -45471,8 +45588,7 @@
NOTE: Fixed on upstream 2.0 branch in https://svn.apache.org/viewvc?view=revision&revision=1739565
CVE-2016-2174 (SQL injection vulnerability in the policy admin tool in Apache Ranger ...)
NOT-FOR-US: Apache Ranger
-CVE-2016-2173
- RESERVED
+CVE-2016-2173 (org.springframework.core.serializer.DefaultDeserializer in Spring AMQP ...)
NOT-FOR-US: Spring AMQP
CVE-2016-2172
RESERVED
@@ -47901,20 +48017,20 @@
NOT-FOR-US: NetApp
CVE-2016-1562 (The REST API in the DTE Energy Insight application before 1.7.8 for ...)
NOT-FOR-US: DTE Energy Insight
-CVE-2016-1561
- RESERVED
-CVE-2016-1560
- RESERVED
-CVE-2016-1559
- RESERVED
-CVE-2016-1558
- RESERVED
-CVE-2016-1557
- RESERVED
-CVE-2016-1556
- RESERVED
-CVE-2016-1555
- RESERVED
+CVE-2016-1561 (ExaGrid appliances with firmware before 4.8 P26 have a default SSH ...)
+ TODO: check
+CVE-2016-1560 (ExaGrid appliances with firmware before 4.8 P26 have a default ...)
+ TODO: check
+CVE-2016-1559 (D-Link DAP-1353 H/W vers. B1 3.15 and earlier, D-Link DAP-2553 H/W ...)
+ TODO: check
+CVE-2016-1558 (Buffer overflow in D-Link DAP-2310 2.06 and earlier, DAP-2330 1.06 and ...)
+ TODO: check
+CVE-2016-1557 (Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless ...)
+ TODO: check
+CVE-2016-1556 (Information disclosure in Netgear WN604 before 3.3.3; WNAP210, ...)
+ TODO: check
+CVE-2016-1555 ((1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) ...)
+ TODO: check
CVE-2016-1554
RESERVED
CVE-2016-1553
@@ -48042,12 +48158,12 @@
NOTE: http://www.talosintel.com/reports/TALOS-2016-0058/
NOTE: http://www.talosintel.com/reports/TALOS-2016-0061/
NOTE: http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html
-CVE-2016-1520
- RESERVED
-CVE-2016-1519
- RESERVED
-CVE-2016-1518
- RESERVED
+CVE-2016-1520 (The Grandstream Wave app 1.0.1.26 and earlier for Android does not use ...)
+ TODO: check
+CVE-2016-1519 (The com.softphone.common package in the Grandstream Wave app 1.0.1.26 ...)
+ TODO: check
+CVE-2016-1518 (The auto-provisioning mechanism in the Grandstream Wave app 1.0.1.26 ...)
+ TODO: check
CVE-2016-1517 (OpenCV 3.0.0 allows remote attackers to cause a denial of service ...)
- opencv <undetermined>
NOTE: https://arxiv.org/pdf/1701.04739.pdf
@@ -49189,8 +49305,8 @@
NOT-FOR-US: Trend Micro
CVE-2016-1222 (Cross-site scripting (XSS) vulnerability in Kobe Beauty ...)
NOT-FOR-US: Kobe Beauty
-CVE-2016-1221
- RESERVED
+CVE-2016-1221 (Jetstar App for iOS before 3.0.0 does not verify X.509 certificates ...)
+ TODO: check
CVE-2016-1220 (Cybozu Garoon before 4.2.2 does not properly restrict access. ...)
NOT-FOR-US: Cybozu
CVE-2016-1219 (Cybozu Garoon before 4.2.2 allows remote attackers to bypass login ...)
@@ -49211,8 +49327,8 @@
NOT-FOR-US: futomi MP Form Mail CGI Professional Edition
CVE-2016-1211 (Cross-site scripting (XSS) vulnerability in Epoch Web Mailing List ...)
NOT-FOR-US: Epoch Web Mailing List
-CVE-2016-1210
- RESERVED
+CVE-2016-1210 (The 105 BANK app 1.0 and 1.1 for Android and 1.0 for iOS does not ...)
+ TODO: check
CVE-2016-1209 (The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote ...)
NOT-FOR-US: Wordpress plugin
CVE-2016-1208 (The server in Apple FileMaker before 14.0.4 on OS X allows remote ...)
@@ -49235,16 +49351,16 @@
NOT-FOR-US: LOCKON
CVE-2016-1199 (The login page in the management screen in LOCKON EC-CUBE 3.0.0 ...)
NOT-FOR-US: LOCKON
-CVE-2016-1198
- RESERVED
+CVE-2016-1198 (Photopt for Android before 2.0.1 does not verify SSL certificates. ...)
+ TODO: check
CVE-2016-1197 (Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.x before ...)
NOT-FOR-US: Cybozu
CVE-2016-1196 (Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated ...)
NOT-FOR-US: Cybozu
CVE-2016-1195 (Open redirect vulnerability in Cybozu Garoon 3.x and 4.x before 4.2.1 ...)
NOT-FOR-US: Cybozu
-CVE-2016-1194
- RESERVED
+CVE-2016-1194 (Cybozu Garoon before 4.2.1 allows remote attackers to cause a denial ...)
+ TODO: check
CVE-2016-1193 (Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain ...)
NOT-FOR-US: Cybozu
CVE-2016-1192 (Directory traversal vulnerability in the logging implementation in ...)
@@ -49257,14 +49373,14 @@
NOT-FOR-US: Cybozu
CVE-2016-1188 (Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated ...)
NOT-FOR-US: Cybozu
-CVE-2016-1187
- RESERVED
-CVE-2016-1186
- RESERVED
+CVE-2016-1187 (Cybozu KUNAI for iPhone 2.0.3 through 3.1.5 and for Android 2.1.2 ...)
+ TODO: check
+CVE-2016-1186 (Kintone mobile for Android 1.0.0 through 1.0.5 does not verify SSL ...)
+ TODO: check
CVE-2016-1185 (The Cybozu kintone mobile application 1.x before 1.0.6 for Android ...)
NOT-FOR-US: Cybozu
-CVE-2016-1184
- RESERVED
+CVE-2016-1184 (Tokyo Star bank App for Android before 1.4 and Tokyo Star bank App for ...)
+ TODO: check
CVE-2016-1183 (NTT Data TERASOLUNA Server Framework for Java(WEB) 2.0.0.1 through ...)
NOT-FOR-US: NTT
CVE-2016-1182 (ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not ...)
@@ -49349,8 +49465,8 @@
NOT-FOR-US: Cybozu Office
CVE-2016-1149 (Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 ...)
NOT-FOR-US: Cybozu Office
-CVE-2016-1148
- RESERVED
+CVE-2016-1148 (Akerun - Smart Lock Robot App for iOS before 1.2.4 does not verify SSL ...)
+ TODO: check
CVE-2016-1147
RESERVED
CVE-2016-1146
@@ -50368,8 +50484,8 @@
NOT-FOR-US: Android Mediaserver
CVE-2016-0834 (An unspecified media codec in mediaserver in Android 6.x before ...)
NOT-FOR-US: Android Mediaserver
-CVE-2016-0833
- RESERVED
+CVE-2016-0833 (Android allows users to cause a denial of service. ...)
+ TODO: check
CVE-2016-0832 (Setup Wizard in Android 5.1.x before LMY49H and 6.x before 2016-03-01 ...)
NOT-FOR-US: Android
CVE-2016-0831 (The getDeviceIdForPhone function in ...)
@@ -50786,14 +50902,12 @@
NOTE: https://git.kernel.org/linus/5c17c861a357e9458001f021a7afa7aab9937439 (v4.5-rc2)
CVE-2016-0722
REJECTED
-CVE-2016-0721 [cookies are not invalidated upon logout]
- RESERVED
+CVE-2016-0721 (Session fixation vulnerability in pcsd in pcs before 0.9.157. ...)
- pcs 0.9.149-1
NOTE: https://github.com/feist/pcs/commit/bc6ad9086857559db57f4e3e6de66762291c0774 (0.9.149)
NOTE: https://github.com/feist/pcs/commit/e9b28833d54a47ec441f6dbad0db96e1fc662a5b (0.9.149)
NOTE: https://github.com/feist/pcs/commit/acdbbe8307e6f4a36b2c7754765e732e43fe8d17 (0.9.149)
-CVE-2016-0720 [Cross-Site Request Forgery in web UI]
- RESERVED
+CVE-2016-0720 (Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs ...)
- pcs 0.9.149-1
NOTE: https://github.com/feist/pcs/commit/3360ecd318f7631bf5826d99a20bf4b29d86dc9c (0.9.149)
NOTE: https://github.com/feist/pcs/commit/d49435de20f71bd0816c42b445ed484dd21fbe96 (0.9.149)
More information about the Secure-testing-commits
mailing list