[Secure-testing-commits] r49860 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Mon Mar 20 21:10:12 UTC 2017
Author: sectracker
Date: 2017-03-20 21:10:12 +0000 (Mon, 20 Mar 2017)
New Revision: 49860
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-03-20 20:37:24 UTC (rev 49859)
+++ data/CVE/list 2017-03-20 21:10:12 UTC (rev 49860)
@@ -1,4 +1,24 @@
-CVE-2017-7187 [scsi: sg: check length passed to SG_NEXT_CMD_LEN]
+CVE-2017-7198
+ RESERVED
+CVE-2017-7197
+ RESERVED
+CVE-2017-7196
+ RESERVED
+CVE-2017-7195
+ RESERVED
+CVE-2017-7194
+ RESERVED
+CVE-2017-7193
+ RESERVED
+CVE-2017-7192
+ RESERVED
+CVE-2017-7190
+ RESERVED
+CVE-2017-7189
+ RESERVED
+CVE-2017-7188
+ RESERVED
+CVE-2017-7187 (The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel through ...)
- linux <unfixed>
CVE-2017-7185
RESERVED
@@ -708,72 +728,61 @@
RESERVED
CVE-2017-6853
RESERVED
-CVE-2017-6839
- RESERVED
+CVE-2017-6839 (Integer overflow in modules/MSADPCM.cpp in Audio File Library (aka ...)
- audiofile 0.3.6-4 (bug #857651)
NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/
NOTE: https://github.com/mpruett/audiofile/issues/41
NOTE: https://github.com/antlarr/audiofile/commit/beacc44eb8cdf6d58717ec1a5103c5141f1b37f9
-CVE-2017-6838
- RESERVED
+CVE-2017-6838 (Integer overflow in sfcommands/sfconvert.c in Audio File Library (aka ...)
- audiofile 0.3.6-4 (bug #857651)
NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/
NOTE: https://github.com/mpruett/audiofile/issues/41
NOTE: https://github.com/antlarr/audiofile/commit/7d65f89defb092b63bcbc5d98349fb222ca73b3c
NOTE: https://github.com/antlarr/audiofile/commit/ce536d707b8e2a26baca77320398c45238224ca7
-CVE-2017-6837
- RESERVED
+CVE-2017-6837 (WAVE.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote ...)
- audiofile 0.3.6-4 (bug #857651)
NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/
NOTE: https://github.com/mpruett/audiofile/issues/41
NOTE: https://github.com/antlarr/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0
-CVE-2017-6836
- RESERVED
+CVE-2017-6836 (Heap-based buffer overflow in the Expand3To4Module::run function in ...)
- audiofile 0.3.6-4 (bug #857651)
NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-expand3to4modulerun-simplemodule-h
NOTE: https://github.com/mpruett/audiofile/issues/40
NOTE: https://github.com/mpruett/audiofile/commit/7d65f89defb092b63bcbc5d98349fb222ca73b3c
NOTE: https://github.com/antlarr/audiofile/commit/ce536d707b8e2a26baca77320398c45238224ca7
-CVE-2017-6835
- RESERVED
+CVE-2017-6835 (The reset1 function in libaudiofile/modules/BlockCodec.cpp in Audio ...)
- audiofile 0.3.6-4 (bug #857651)
NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecreset1-blockcodec-cpp
NOTE: https://github.com/mpruett/audiofile/issues/39
NOTE: https://github.com/mpruett/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0
-CVE-2017-6834
- RESERVED
+CVE-2017-6834 (Heap-based buffer overflow in the ulaw2linear_buf function in G711.cpp ...)
- audiofile 0.3.6-4 (bug #857651)
NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-ulaw2linear_buf-g711-cpp
NOTE: https://github.com/mpruett/audiofile/issues/38
NOTE: https://github.com/mpruett/audiofile/commit/7d65f89defb092b63bcbc5d98349fb222ca73b3c
NOTE: https://github.com/antlarr/audiofile/commit/ce536d707b8e2a26baca77320398c45238224ca7
-CVE-2017-6833
- RESERVED
+CVE-2017-6833 (The runPull function in libaudiofile/modules/BlockCodec.cpp in Audio ...)
- audiofile 0.3.6-4 (bug #857651)
NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecrunpull-blockcodec-cpp
NOTE: https://github.com/mpruett/audiofile/issues/37
NOTE: https://github.com/mpruett/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0
-CVE-2017-6832
- RESERVED
+CVE-2017-6832 (Heap-based buffer overflow in the decodeBlock in MSADPCM.cpp in Audio ...)
- audiofile 0.3.6-4 (bug #857651)
NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcmdecodeblock-msadpcm-cpp
NOTE: https://github.com/mpruett/audiofile/issues/36
NOTE: https://github.com/mpruett/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0
-CVE-2017-6831
- RESERVED
+CVE-2017-6831 (Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp ...)
- audiofile 0.3.6-4 (bug #857651)
NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-imadecodeblockwave-ima-cpp
NOTE: https://github.com/mpruett/audiofile/issues/35
NOTE: https://github.com/antlarr/audiofile/commit/a2e9eab8ea87c4ffc494d839ebb4ea145eb9f2e6
-CVE-2017-6830
- RESERVED
+CVE-2017-6830 (Heap-based buffer overflow in the alaw2linear_buf function in G711.cpp ...)
- audiofile 0.3.6-4 (bug #857651)
NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-alaw2linear_buf-g711-cpp
NOTE: https://github.com/mpruett/audiofile/issues/34
NOTE: https://github.com/mpruett/audiofile/commit/7d65f89defb092b63bcbc5d98349fb222ca73b3c
NOTE: https://github.com/antlarr/audiofile/commit/ce536d707b8e2a26baca77320398c45238224ca7
-CVE-2017-6829
- RESERVED
+CVE-2017-6829 (The decodeSample function in IMA.cpp in Audio File Library (aka ...)
- audiofile 0.3.6-4 (bug #857651)
NOTE: https://github.com/mpruett/audiofile/issues/33
NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-global-buffer-overflow-in-decodesample-ima-cpp
@@ -816,6 +825,7 @@
- profanity <unfixed> (bug #857546)
NOTE: https://github.com/boothj5/profanity/issues/280
CVE-2017-7191 [irssi use after free condition during netjoin processing]
+ RESERVED
- irssi 1.0.2-1 (bug #857502)
[jessie] - irssi <not-affected> (Different code path caused the netjoins to be flushed prior reaching use-after-free condition)
[wheezy] - irssi <not-affected> (Different code path caused the netjoins to be flushed prior reaching use-after-free condition)
@@ -856,12 +866,12 @@
- libapache2-mod-auth-mellon 0.12.0-2
CVE-2017-6806
RESERVED
-CVE-2017-6805
- RESERVED
+CVE-2017-6805 (Directory traversal vulnerability in the TFTP server in MobaXterm ...)
+ TODO: check
CVE-2017-6804
REJECTED
-CVE-2017-6803
- RESERVED
+CVE-2017-6803 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web ...)
+ TODO: check
CVE-2017-6798 (Trend Micro Endpoint Sensor 1.6 before b1290 has a DLL hijacking ...)
NOT-FOR-US: Trend Micro Endpoint Sensor
CVE-2017-6802 (An issue was discovered in ytnef before 1.9.2. There is a potential ...)
@@ -1380,8 +1390,8 @@
NOT-FOR-US: Livebox 3 Sagemcom
CVE-2017-6551
RESERVED
-CVE-2017-6550
- RESERVED
+CVE-2017-6550 (Multiple SQL injection vulnerabilities in Kinsey Infor-Lawson ...)
+ TODO: check
CVE-2017-6549 (Session hijack vulnerability in httpd in ASUS ASUSWRT on RT-AC53 ...)
NOT-FOR-US: ASUS
CVE-2017-6548 (Buffer overflows in networkmap in ASUS ASUSWRT on RT-AC53 ...)
@@ -2052,8 +2062,8 @@
RESERVED
CVE-2017-6357
RESERVED
-CVE-2017-6356
- RESERVED
+CVE-2017-6356 (Palo Alto Networks Terminal Services (aka TS) Agent 6.0, 7.0, and 8.0 ...)
+ TODO: check
CVE-2015-8994 (An issue was discovered in PHP 5.x and 7.x, when the configuration ...)
- php7.1 <not-affected> (Fixed before initial upload to Debian)
- php7.0 7.0.14-1
@@ -2187,8 +2197,7 @@
[wheezy] - radare2 <not-affected> (Vulnerable code introduced in 1.1.0)
NOTE: https://github.com/radare/radare2/issues/6836
NOTE: https://github.com/radare/radare2/commit/ad55822430a03fe075221b543efb434567e9e431
-CVE-2017-6318 [saned: SANE_NET_CONTROL_OPTION response packet may contain memory contents of the server]
- RESERVED
+CVE-2017-6318 (saned in sane-backends 1.0.25 allows remote attackers to obtain ...)
- sane-backends <unfixed> (low; bug #854804)
[jessie] - sane-backends <no-dsa> (Minor issue)
CVE-2017-6316
@@ -2538,8 +2547,8 @@
NOT-FOR-US: Keekoon KK002 devices
CVE-2017-6179
RESERVED
-CVE-2017-6178
- RESERVED
+CVE-2017-6178 (The IofCallDriver function in USBPcap 1.1.0.0 allows local users to ...)
+ TODO: check
CVE-2017-6177
RESERVED
CVE-2017-6176
@@ -2798,8 +2807,7 @@
NOTE: Although jstest_main.c compiled during build and mujstest is created
NOTE: it is not included in the produced binary packages
NOTE: http://www.openwall.com/lists/oss-security/2017/02/18/1
-CVE-2017-6058 [net: vmxnet3: OOB NetRxPkt::ehdr_buf access when doing vlan stripping]
- RESERVED
+CVE-2017-6058 (Buffer overflow in NetRxPkt::ehdr_buf in hw/net/net_rx_pkt.c in QEMU ...)
- qemu 1:2.8+dfsg-3 (bug #855616)
[jessie] - qemu <not-affected> (Vulnerable code not present)
[wheezy] - qemu <not-affected> (Vulnerable code not present)
@@ -2982,8 +2990,7 @@
RESERVED
CVE-2017-5988
RESERVED
-CVE-2017-5987 [sd: infinite loop issue in multi block transfers]
- RESERVED
+CVE-2017-5987 (The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU ...)
- qemu 1:2.8+dfsg-3 (bug #855159)
[jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <not-affected> (Vulnerable code not present)
@@ -3107,8 +3114,7 @@
- virglrenderer <unfixed> (bug #858255)
NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=926b9b3460a48f6454d8bbe9e44313d86a65447f (0.6.0)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1421126
-CVE-2017-5956
- RESERVED
+CVE-2017-5956 (The vrend_draw_vbo function in virglrenderer before 0.6.0 allows local ...)
- virglrenderer <unfixed> (bug #858255)
NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=a5ac49940c40ae415eac0cf912eac7070b4ba95d (0.6.0)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1421073
@@ -3174,8 +3180,7 @@
- virglrenderer <unfixed> (bug #854728)
NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=48f67f60967f963b698ec8df57ec6912a43d6282 (0.6.0)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1420246
-CVE-2016-10214
- RESERVED
+CVE-2016-10214 (Memory leak in the virgl_resource_attach_backing function in ...)
- virglrenderer <unfixed> (bug #854728)
NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=40b0e7813325b08077b6f541b3989edb2d86d837 (0.6.0)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1420266
@@ -3204,8 +3209,7 @@
- qemu-kvm <not-affected> (Vulnerable code not present)
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg01368.html
NOTE: http://www.openwall.com/lists/oss-security/2017/02/07/8
-CVE-2017-5930
- RESERVED
+CVE-2017-5930 (The AliasHandler component in PostfixAdmin before 3.0.2 allows remote ...)
- postfixadmin 3.0.2-1 (bug #854742)
[jessie] - postfixadmin <not-affected> (Vulnerable code not present)
[wheezy] - postfixadmin <not-affected> (Vulnerable code not present)
@@ -4345,8 +4349,7 @@
NOTE: Upstream bug: https://github.com/mdadams/jasper/issues/113
NOTE: http://www.openwall.com/lists/oss-security/2017/01/25/9
NOTE: Not suitable for code injection, hardly denial of service
-CVE-2017-5618 [screen privilege escalation]
- RESERVED
+CVE-2017-5618 (GNU screen before 4.5.1 allows local users to modify arbitrary files ...)
- screen 4.5.0-3 (bug #852484)
[stretch] - screen <not-affected> (Vulnerable code not present/never migrated to stretch)
[jessie] - screen <not-affected> (Vulnerable code not present)
@@ -15574,16 +15577,16 @@
RESERVED
CVE-2017-1156
RESERVED
-CVE-2017-1155
- RESERVED
+CVE-2017-1155 (IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could ...)
+ TODO: check
CVE-2017-1154
RESERVED
CVE-2017-1153
RESERVED
CVE-2017-1152
RESERVED
-CVE-2017-1151
- RESERVED
+CVE-2017-1151 (IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID ...)
+ TODO: check
CVE-2017-1150 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) ...)
NOT-FOR-US: IBM
CVE-2017-1149
@@ -15592,10 +15595,10 @@
RESERVED
CVE-2017-1147
RESERVED
-CVE-2017-1146
- RESERVED
-CVE-2017-1145
- RESERVED
+CVE-2017-1146 (IBM Content Navigator 2.0.3 and 3.0.0 are vulnerable to cross-site ...)
+ TODO: check
+CVE-2017-1145 (IBM WebSphere MQ 8.0.0.6 does not properly terminate channel agents ...)
+ TODO: check
CVE-2017-1144
RESERVED
CVE-2017-1143
@@ -15616,8 +15619,8 @@
RESERVED
CVE-2017-1135
RESERVED
-CVE-2017-1134
- RESERVED
+CVE-2017-1134 (IBM Power Hardware Management Console (HMC) 3.3.2 and 4.1 could allow ...)
+ TODO: check
CVE-2017-1133 (IBM QRadar 7.2 is vulnerable to cross-site scripting. This ...)
NOT-FOR-US: IBM
CVE-2017-1132
@@ -16243,14 +16246,14 @@
RESERVED
CVE-2016-9698
RESERVED
-CVE-2016-9697
- RESERVED
-CVE-2016-9696
- RESERVED
+CVE-2016-9697 (An unspecified vulnerability in IBM Rhapsody DM 4.0, 5.0, and 6.0 ...)
+ TODO: check
+CVE-2016-9696 (IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to HTML injection. A ...)
+ TODO: check
CVE-2016-9695
RESERVED
-CVE-2016-9694
- RESERVED
+CVE-2016-9694 (IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to cross-site ...)
+ TODO: check
CVE-2016-9693 (IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download ...)
NOT-FOR-US: IBM
CVE-2016-9692
@@ -19505,8 +19508,8 @@
RESERVED
CVE-2016-9166
RESERVED
-CVE-2016-9165
- RESERVED
+CVE-2016-9165 (The get_sessions servlet in CA Unified Infrastructure Management ...)
+ TODO: check
CVE-2016-9164 (Directory traversal vulnerability in diag.jsp file in CA Unified ...)
NOT-FOR-US: CA Unified Infrastructure Management
CVE-2016-9163
@@ -20123,8 +20126,8 @@
RESERVED
CVE-2016-8974 (IBM Rhapsody DM 4.0, 5.0 and 6.0 is vulnerable to a denial of service, ...)
NOT-FOR-US: IBM
-CVE-2016-8973
- RESERVED
+CVE-2016-8973 (IBM Rhapsody DM 4.0, 5.0 and 6.0 contains an undisclosed vulnerability ...)
+ TODO: check
CVE-2016-8972 (IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root ...)
NOT-FOR-US: IBM
CVE-2016-8971 (IBM WebSphere MQ 8.0 could allow an authenticated user with queue ...)
@@ -26827,8 +26830,7 @@
- tomcat8 <not-affected> (Only affects 9.x and 8.5.x)
- tomcat7 <not-affected> (Only affects 9.x and 8.5.x)
- tomcat6 <not-affected> (Only affects 9.x and 8.5.x)
-CVE-2016-6816 [information disclosure]
- RESERVED
+CVE-2016-6816 (The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, ...)
{DSA-3739-1 DSA-3738-1 DLA-729-1 DLA-728-1}
- tomcat9 <itp> (bug #802312)
- tomcat8 8.0.39-1
@@ -26938,8 +26940,7 @@
CVE-2016-6793
RESERVED
NOT-FOR-US: Apache Wicket
-CVE-2015-8954 [suricata: evasion issues]
- RESERVED
+CVE-2015-8954 (The MemcmpLowercase function in Suricata before 2.0.6 improperly ...)
- suricata 2.0.6-1 (bug #777523)
[wheezy] - suricata <no-dsa> (Minor issue)
[squeeze] - suricata <no-dsa> (Minor issue)
@@ -30236,8 +30237,7 @@
RESERVED
CVE-2016-5858
RESERVED
-CVE-2016-5857
- RESERVED
+CVE-2016-5857 (The Qualcomm SPCom driver in Android before 7.0 allows local users to ...)
NOTE: Red Hat seem to have typoed the CVE, which should be CVE-2016-5875, asked to confirm
CVE-2016-5856
RESERVED
@@ -32766,49 +32766,38 @@
RESERVED
{DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
-CVE-2014-9841 [Fixed throwing of exceptions in psd handling]
- RESERVED
+CVE-2014-9841 (The ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 ...)
- imagemagick 8:6.8.9.9-4 (bug #773834)
[wheezy] - imagemagick <no-dsa> (Minor issue)
-CVE-2014-9842 [memory leak in psd handling]
- RESERVED
+CVE-2014-9842 (Memory leak in the ReadPSDLayers function in coders/psd.c in ...)
- imagemagick 8:6.8.9.9-4 (bug #773834)
[wheezy] - imagemagick <not-affected> (Leak in a code path that does not exist in this version)
-CVE-2014-9843 [Fixed boundary checks in DecodePSDPixels]
- RESERVED
+CVE-2014-9843 (The DecodePSDPixels function in coders/psd.c in ImageMagick 6.8.9.9 ...)
{DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
-CVE-2014-9844 [Fix another out of bound problem in rle file]
- RESERVED
+CVE-2014-9844 (The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 ...)
{DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
-CVE-2014-9845 [Fix crash due to corrupted dib file]
- RESERVED
+CVE-2014-9845 (The ReadDIBImage function in coders/dib.c in ImageMagick allows remote ...)
{DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
-CVE-2014-9846 [Added checks to prevent overflow in rle file]
- RESERVED
+CVE-2014-9846 (Buffer overflow in the ReadRLEImage function in coders/rle.c in ...)
{DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
-CVE-2014-9847 [Don't try to handle a "previous" image in the JNG decoder]
- RESERVED
+CVE-2014-9847 (The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have ...)
{DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
-CVE-2014-9848 [Avoid a memory leak in quantum management]
- RESERVED
+CVE-2014-9848 (Memory leak in ImageMagick allows remote attackers to cause a denial ...)
{DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
-CVE-2014-9849 [Avoid a crash in png coder]
- RESERVED
+CVE-2014-9849 (The png coder in ImageMagick allows remote attackers to cause a denial ...)
{DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
-CVE-2014-9850 [incorrect handling of thread limit 0]
- RESERVED
+CVE-2014-9850 (Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a ...)
- imagemagick 8:6.8.9.9-4 (bug #773834)
[wheezy] - imagemagick <not-affected> (Affected section of code not present in wheezy; examine diff introduced by commit 2257d1eadd02d89d225fce21013a1219d221dc7d with context of 20)
NOTE: patch supposed to be https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/patch/?id=2257d1eadd02d89d225fce21013a1219d221dc7d
-CVE-2014-9851 [In psd file handling fixed parsing resource block and avoid a crash]
- RESERVED
+CVE-2014-9851 (ImageMagick 6.8.9.9 allows remote attackers to cause a denial of ...)
{DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
NOTE: https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/patch/?id=33b2d377b94eb738011bc7d5e90ca0a16ce4d471
@@ -34152,18 +34141,18 @@
RESERVED
CVE-2016-4932
RESERVED
-CVE-2016-4931
- RESERVED
-CVE-2016-4930
- RESERVED
-CVE-2016-4929
- RESERVED
-CVE-2016-4928
- RESERVED
-CVE-2016-4927
- RESERVED
-CVE-2016-4926
- RESERVED
+CVE-2016-4931 (XML entity injection in Junos Space before 15.2R2 allows attackers to ...)
+ TODO: check
+CVE-2016-4930 (Cross-site scripting (XSS) vulnerability in Junos Space before 15.2R2 ...)
+ TODO: check
+CVE-2016-4929 (Command injection vulnerability in Junos Space before 15.2R2 allows ...)
+ TODO: check
+CVE-2016-4928 (Cross site request forgery vulnerability in Junos Space before 15.2R2 ...)
+ TODO: check
+CVE-2016-4927 (Insufficient validation of SSH keys in Junos Space before 15.2R2 ...)
+ TODO: check
+CVE-2016-4926 (Insufficient authentication vulnerability in Junos Space before 15.2R2 ...)
+ TODO: check
CVE-2016-4925
RESERVED
CVE-2016-4924
@@ -39518,8 +39507,8 @@
RESERVED
CVE-2016-2982
RESERVED
-CVE-2016-2981
- RESERVED
+CVE-2016-2981 (An undisclosed vulnerability in the CLM applications in IBM Jazz Team ...)
+ TODO: check
CVE-2016-2980
RESERVED
CVE-2016-2979
@@ -41401,8 +41390,8 @@
NOT-FOR-US: Pulse Secure Desktop Client
CVE-2016-2407
RESERVED
-CVE-2016-2406
- RESERVED
+CVE-2016-2406 (The permission control module in Huawei Document Security Management ...)
+ TODO: check
CVE-2016-2405 (Huawei Policy Center with software before V100R003C10SPC020 allows ...)
NOT-FOR-US: Huawei
CVE-2016-2404
@@ -68638,13 +68627,11 @@
RESERVED
CVE-2014-9685 (Multiple cross-site scripting (XSS) vulnerabilities in Vanilla Forums ...)
NOT-FOR-US: Vanilla Forums
-CVE-2015-8985 [potential denial of service in pop_fail_stack()]
- RESERVED
+CVE-2015-8985 (The pop_fail_stack function in the GNU C Library (aka glibc or libc6) ...)
- glibc <unfixed> (unimportant; bug #779392)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21163
NOTE: DoS via crafted regexps are not considered security issues by glibc upstream
-CVE-2015-8984 [potential application crash due to overread in fnmatch]
- RESERVED
+CVE-2015-8984 (The fnmatch function in the GNU C Library (aka glibc or libc6) before ...)
{DLA-316-1}
- glibc 2.21-1 (bug #779587)
[jessie] - glibc 2.19-18+deb8u2
@@ -68742,8 +68729,7 @@
NOT-FOR-US: Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin for WordPress
CVE-2015-2039 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
NOT-FOR-US: Acobot Live Chat & Contact Form plugin for WordPress
-CVE-2015-8983 [_IO_wstr_overflow integer overflow]
- RESERVED
+CVE-2015-8983 (Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c ...)
{DLA-316-1}
- eglibc <removed>
[wheezy] - eglibc 2.13-38+deb7u9
@@ -69836,8 +69822,8 @@
CVE-2015-1611
RESERVED
NOT-FOR-US: OpenDaylight
-CVE-2015-1610
- RESERVED
+CVE-2015-1610 (hosttracker in OpenDaylight l2switch allows remote attackers to change ...)
+ TODO: check
CVE-2015-1609 (MongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers ...)
- mongodb 1:2.4.10-5 (bug #780129)
[wheezy] - mongodb <not-affected> (BSONElement::validate() checks length, problematic code introduced later)
@@ -123296,8 +123282,7 @@
CVE-2012-5362
RESERVED
NOT-FOR-US: Microsoft Windows
-CVE-2012-5361
- RESERVED
+CVE-2012-5361 (Libavcodec in FFmpeg before 0.11 allows remote attackers to cause a ...)
- ffmpeg 7:2.4.1-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav 6:0.8.5-1 (bug #694483)
More information about the Secure-testing-commits
mailing list