[Secure-testing-commits] r48794 - data/CVE

Thu Feb 9 09:10:13 UTC 2017

Author: sectracker
Date: 2017-02-09 09:10:13 +0000 (Thu, 09 Feb 2017)
New Revision: 48794

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-02-09 08:41:25 UTC (rev 48793)
+++ data/CVE/list	2017-02-09 09:10:13 UTC (rev 48794)
@@ -1,8 +1,14 @@
+CVE-2017-5939
+	RESERVED
+CVE-2017-5936
+	RESERVED
 CVE-2017-5937
+	RESERVED
 	- virglrenderer <unfixed>
 	NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=48f67f60967f963b698ec8df57ec6912a43d6282
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1420246
 CVE-2016-10214
+	RESERVED
 	- virglrenderer <unfixed>
 	NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=40b0e7813325b08077b6f541b3989edb2d86d837
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1420266
@@ -163,6 +169,7 @@
 CVE-2016-10200
 	RESERVED
 CVE-2017-5938 [viewc Cross-Site Scripting (XSS) vulnerability]
+	RESERVED
 	- viewvc <unfixed>
 	NOTE: http://www.openwall.com/lists/oss-security/2017/02/08/7
 	NOTE: https://github.com/viewvc/viewvc/commit/9dcfc7daa4c940992920d3b2fbd317da20e44aad
@@ -1322,28 +1329,28 @@
 	NOTE: PHP Bug: http://bugs.php.net/73831
 	NOTE: Fixed in 7.0.15, 7.1.1
 CVE-2016-10161 (The object_common1 function in ext/standard/var_unserializer.c in PHP ...)
-	{DLA-818-1}
+	{DSA-3783-1 DLA-818-1}
 	- php7.1 7.1.1-1
 	- php7.0 7.0.15-1
 	- php5 <removed>
 	NOTE: PHP Bug: http://bugs.php.net/73825
 	NOTE: Fixed in 5.6.30, 7.0.15, 7.1.1
 CVE-2016-10160 (Off-by-one error in the phar_parse_pharfile function in ...)
-	{DLA-818-1}
+	{DSA-3783-1 DLA-818-1}
 	- php7.1 7.1.1-1
 	- php7.0 7.0.15-1
 	- php5 <removed>
 	NOTE: PHP Bug: http://bugs.php.net/73768
 	NOTE: Fixed in 5.6.30, 7.0.15, 7.1.1
 CVE-2016-10159 (Integer overflow in the phar_parse_pharfile function in ...)
-	{DLA-818-1}
+	{DSA-3783-1 DLA-818-1}
 	- php7.1 7.1.1-1
 	- php7.0 7.0.15-1
 	- php5 <removed>
 	NOTE: PHP Bug: http://bugs.php.net/73764
 	NOTE: Fixed in 5.6.30, 7.0.15, 7.1.1
 CVE-2016-10158 (The exif_convert_any_to_int function in ext/exif/exif.c in PHP before ...)
-	{DLA-818-1}
+	{DSA-3783-1 DLA-818-1}
 	- php7.1 7.1.1-1
 	- php7.0 7.0.15-1
 	- php5 <removed>
@@ -12807,8 +12814,8 @@
 	RESERVED
 CVE-2016-9687
 	RESERVED
-CVE-2016-9686
-	RESERVED
+CVE-2016-9686 (The Puppet Communications Protocol (PCP) Broker incorrectly validates ...)
+	TODO: check
 CVE-2017-0880
 	RESERVED
 CVE-2017-0879
@@ -16571,8 +16578,8 @@
 	RESERVED
 CVE-2016-9006
 	RESERVED
-CVE-2016-9005
-	RESERVED
+CVE-2016-9005 (IBM System Storage TS3100-TS3200 Tape Library could allow an ...)
+	TODO: check
 CVE-2016-9004
 	RESERVED
 CVE-2016-9003
@@ -16673,8 +16680,8 @@
 	RESERVED
 CVE-2016-8955
 	RESERVED
-CVE-2016-8954
-	RESERVED
+CVE-2016-8954 (IBM dashDB Local uses hard-coded credentials that could allow a remote ...)
+	TODO: check
 CVE-2016-8953
 	RESERVED
 CVE-2016-8952
@@ -26627,8 +26634,8 @@
 	RESERVED
 CVE-2016-5935 (IBM Jazz for Service Management could allow a remote attacker to ...)
 	TODO: check
-CVE-2016-5934
-	RESERVED
+CVE-2016-5934 (IBM Tivoli Storage Manager FastBack installer could allow a remote ...)
+	TODO: check
 CVE-2016-5933
 	RESERVED
 CVE-2016-5932
@@ -26659,8 +26666,8 @@
 	NOT-FOR-US: IBM
 CVE-2016-5919
 	RESERVED
-CVE-2016-5918
-	RESERVED
+CVE-2016-5918 (IBM Tivoli Storage Manager HSM for Windows displays the encrypted ...)
+	TODO: check
 CVE-2016-5917
 	RESERVED
 CVE-2016-5916
@@ -26691,12 +26698,12 @@
 	RESERVED
 CVE-2016-5903
 	RESERVED
-CVE-2016-5902
-	RESERVED
+CVE-2016-5902 (IBM Maximo Asset Management is vulnerable to cross-site scripting. ...)
+	TODO: check
 CVE-2016-5901 (Cross-site scripting (XSS) vulnerability in a test page in IBM ...)
 	NOT-FOR-US: IBM
-CVE-2016-5900
-	RESERVED
+CVE-2016-5900 (IBM Tealeaf Customer Experience on Cloud Network Capture Add-On could ...)
+	TODO: check
 CVE-2016-5899 (IBM Jazz Reporting Service (JRS) is vulnerable to cross-site ...)
 	TODO: check
 CVE-2016-5898 (IBM Jazz Reporting Service (JRS) could allow a remote attacker to ...)
@@ -36348,7 +36355,7 @@
 	TODO: check
 CVE-2016-2867 (IBM InfoSphere Streams before 4.0.1.2 and IBM Streams before 4.1.1.1 ...)
 	TODO: check
-CVE-2016-2866 (An specified vulnerability in IBM Jazz Team Server may disclose some ...)
+CVE-2016-2866 (An unspecified vulnerability in IBM Jazz Team Server may disclose some ...)
 	TODO: check
 CVE-2016-2865 (The GIT Integration component in IBM Rational Team Concert (RTC) 5.x ...)
 	TODO: check
@@ -45716,18 +45723,18 @@
 	RESERVED
 CVE-2016-0311
 	RESERVED
-CVE-2016-0310
-	RESERVED
+CVE-2016-0310 (IBM Connections 5.5 and earlier is vulnerable to possible host header ...)
+	TODO: check
 CVE-2016-0309
 	RESERVED
-CVE-2016-0308
-	RESERVED
-CVE-2016-0307
-	RESERVED
+CVE-2016-0308 (IBM Connections 5.5 and earlier is vulnerable to possible link ...)
+	TODO: check
+CVE-2016-0307 (IBM Connections 5.5 and earlier allows remote attackers to obtain ...)
+	TODO: check
 CVE-2016-0306 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.41, 8.0 before ...)
 	TODO: check
-CVE-2016-0305
-	RESERVED
+CVE-2016-0305 (IBM Connections is vulnerable to cross-site scripting, caused by ...)
+	TODO: check
 CVE-2016-0304 (The Java Console in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x ...)
 	TODO: check
 CVE-2016-0303
@@ -45908,32 +45915,32 @@
 	NOT-FOR-US: IBM
 CVE-2016-0215
 	RESERVED
-CVE-2016-0214
-	RESERVED
+CVE-2016-0214 (IBM Tivoli Endpoint Manager could allow a remote attacker to upload ...)
+	TODO: check
 CVE-2016-0213 (Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 ...)
 	NOT-FOR-US: IBM
 CVE-2016-0212 (Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 ...)
 	NOT-FOR-US: IBM
 CVE-2016-0211 (IBM DB2 9.7 through FP11, 9.8, 10.1 through FP5, and 10.5 through FP7 ...)
 	TODO: check
-CVE-2016-0210
-	RESERVED
+CVE-2016-0210 (IBM Sterling B2B Integrator Standard Edition could allow a remote ...)
+	TODO: check
 CVE-2016-0209 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 ...)
 	NOT-FOR-US: IBM
 CVE-2016-0208 (IBM WebSphere Commerce 6.x through 6.0.0.11, 7.x through 7.0.0.9, and ...)
 	TODO: check
 CVE-2016-0207
 	RESERVED
-CVE-2016-0206
-	RESERVED
+CVE-2016-0206 (IBM Cloud Orchestrator could allow a local authenticated attacker to ...)
+	TODO: check
 CVE-2016-0205
 	RESERVED
 CVE-2016-0204 (Open redirect vulnerability in IBM Cloud Orchestrator 2.4.x before ...)
 	TODO: check
-CVE-2016-0203
-	RESERVED
-CVE-2016-0202
-	RESERVED
+CVE-2016-0203 (A vulnerability has been identified in the IBM Cloud Orchestrator task ...)
+	TODO: check
+CVE-2016-0202 (A vulnerability has been identified in tasks, backend object generated ...)
+	TODO: check
 CVE-2016-0201 (GSKit in IBM Security Network Protection 5.3.1 before 5.3.1.7 and ...)
 	NOT-FOR-US: IBM
 CVE-2015-8538 [a out of bound read bug is found in libdwarf]
@@ -49686,10 +49693,10 @@
 	NOTE: https://git.gnome.org/browse/gdm/commit/?id=05e5fc2
 CVE-2015-7495
 	RESERVED
-CVE-2015-7494
-	RESERVED
-CVE-2015-7493
-	RESERVED
+CVE-2015-7494 (A vulnerability has been identified in IBM Cloud Orchestrator ...)
+	TODO: check
+CVE-2015-7493 (IBM InfoSphere Information Server could allow a local user under ...)
+	TODO: check
 CVE-2015-7492 (Cross-site scripting (XSS) vulnerability in Reference Data Management ...)
 	NOT-FOR-US: IBM
 CVE-2015-7491 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x ...)
@@ -49838,8 +49845,8 @@
 	NOT-FOR-US: IBM
 CVE-2015-7419 (IBM WebSphere Portal 8.0.0.1 before CF19 and 8.5.0 before CF09 allows ...)
 	NOT-FOR-US: IBM
-CVE-2015-7418
-	RESERVED
+CVE-2015-7418 (IBM WebSphere eXtreme Scale and the WebSphere DataPower XC10 Appliance ...)
+	TODO: check
 CVE-2015-7417 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Application ...)
 	NOT-FOR-US: IBM WebSphere Application Server
 CVE-2015-7416 (AFP Workbench Viewer in IBM i Access 7.1 on Windows allows remote ...)
@@ -65518,8 +65525,8 @@
 	NOT-FOR-US: IBM
 CVE-2015-1977 (Directory traversal vulnerability in the Web Administration tool in ...)
 	TODO: check
-CVE-2015-1976
-	RESERVED
+CVE-2015-1976 (IBM Security Directory Server could allow an authenticated user to ...)
+	TODO: check
 CVE-2015-1975
 	RESERVED
 CVE-2015-1974 (The web administration tool in IBM Tivoli Security Directory Server ...)


