Author: sectracker
Date: 2016-02-02 21:10:15 +0000 (Tue, 02 Feb 2016)
New Revision: 39417
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-02-02 20:57:09 UTC (rev 39416)
+++ data/CVE/list 2016-02-02 21:10:15 UTC (rev 39417)
@@ -1,3 +1,230 @@
+CVE-2016-7028
+ REJECTED
+ TODO: check
+CVE-2016-2199 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the ...)
+ TODO: check
+CVE-2016-2196
+ RESERVED
+CVE-2016-2195
+ RESERVED
+CVE-2016-2194
+ RESERVED
+CVE-2016-2193
+ RESERVED
+CVE-2016-2192
+ RESERVED
+CVE-2016-2191
+ RESERVED
+CVE-2016-2190
+ RESERVED
+CVE-2016-2189
+ RESERVED
+CVE-2016-2188
+ RESERVED
+CVE-2016-2187
+ RESERVED
+CVE-2016-2186
+ RESERVED
+CVE-2016-2185
+ RESERVED
+CVE-2016-2184
+ RESERVED
+CVE-2016-2183
+ RESERVED
+CVE-2016-2182
+ RESERVED
+CVE-2016-2181
+ RESERVED
+CVE-2016-2180
+ RESERVED
+CVE-2016-2179
+ RESERVED
+CVE-2016-2178
+ RESERVED
+CVE-2016-2177
+ RESERVED
+CVE-2016-2176
+ RESERVED
+CVE-2016-2175
+ RESERVED
+CVE-2016-2174
+ RESERVED
+CVE-2016-2173
+ RESERVED
+CVE-2016-2172
+ RESERVED
+CVE-2016-2171
+ RESERVED
+CVE-2016-2170
+ RESERVED
+CVE-2016-2169
+ RESERVED
+CVE-2016-2168
+ RESERVED
+CVE-2016-2167
+ RESERVED
+CVE-2016-2166
+ RESERVED
+CVE-2016-2165
+ RESERVED
+CVE-2016-2164
+ RESERVED
+CVE-2016-2163
+ RESERVED
+CVE-2016-2162
+ RESERVED
+CVE-2016-2161
+ RESERVED
+CVE-2016-2160
+ RESERVED
+CVE-2016-2159
+ RESERVED
+CVE-2016-2158
+ RESERVED
+CVE-2016-2157
+ RESERVED
+CVE-2016-2156
+ RESERVED
+CVE-2016-2155
+ RESERVED
+CVE-2016-2154
+ RESERVED
+CVE-2016-2153
+ RESERVED
+CVE-2016-2152
+ RESERVED
+CVE-2016-2151
+ RESERVED
+CVE-2016-2150
+ RESERVED
+CVE-2016-2149
+ RESERVED
+CVE-2016-2148
+ RESERVED
+CVE-2016-2147
+ RESERVED
+CVE-2016-2146
+ RESERVED
+CVE-2016-2145
+ RESERVED
+CVE-2016-2144
+ RESERVED
+CVE-2016-2143
+ RESERVED
+CVE-2016-2142
+ RESERVED
+CVE-2016-2141
+ RESERVED
+CVE-2016-2140
+ RESERVED
+CVE-2016-2139
+ RESERVED
+CVE-2016-2138
+ RESERVED
+CVE-2016-2137
+ RESERVED
+CVE-2016-2136
+ RESERVED
+CVE-2016-2135
+ RESERVED
+CVE-2016-2134
+ RESERVED
+CVE-2016-2133
+ RESERVED
+CVE-2016-2132
+ RESERVED
+CVE-2016-2131
+ RESERVED
+CVE-2016-2130
+ RESERVED
+CVE-2016-2129
+ RESERVED
+CVE-2016-2128
+ RESERVED
+CVE-2016-2127
+ RESERVED
+CVE-2016-2126
+ RESERVED
+CVE-2016-2125
+ RESERVED
+CVE-2016-2124
+ RESERVED
+CVE-2016-2123
+ RESERVED
+CVE-2016-2122
+ RESERVED
+CVE-2016-2121
+ RESERVED
+CVE-2016-2120
+ RESERVED
+CVE-2016-2119
+ RESERVED
+CVE-2016-2118
+ RESERVED
+CVE-2016-2117
+ RESERVED
+CVE-2016-2116
+ RESERVED
+CVE-2016-2115
+ RESERVED
+CVE-2016-2114
+ RESERVED
+CVE-2016-2113
+ RESERVED
+CVE-2016-2112
+ RESERVED
+CVE-2016-2111
+ RESERVED
+CVE-2016-2110
+ RESERVED
+CVE-2016-2109
+ RESERVED
+CVE-2016-2108
+ RESERVED
+CVE-2016-2107
+ RESERVED
+CVE-2016-2106
+ RESERVED
+CVE-2016-2105
+ RESERVED
+CVE-2016-2104
+ RESERVED
+CVE-2016-2103
+ RESERVED
+CVE-2016-2102
+ RESERVED
+CVE-2016-2101
+ RESERVED
+CVE-2016-2100
+ RESERVED
+CVE-2016-2099
+ RESERVED
+CVE-2016-2098
+ RESERVED
+CVE-2016-2097
+ RESERVED
+CVE-2016-2096
+ RESERVED
+CVE-2016-2095
+ RESERVED
+CVE-2016-2094
+ RESERVED
+CVE-2016-2093
+ RESERVED
+CVE-2015-8797
+ RESERVED
+CVE-2015-8796
+ RESERVED
+CVE-2015-8795
+ RESERVED
+CVE-2015-8794 (Absolute path traversal vulnerability in ...)
+ TODO: check
+CVE-2015-8793 (Cross-site scripting (XSS) vulnerability in
program/include/rcmail.php ...)
+ TODO: check
+CVE-2015-8791 (The EbmlElement::ReadCodedSizeValue function in libEBML before
1.3.3 ...)
+ TODO: check
+CVE-2015-8790 (The EbmlUnicodeString::UpdateFromUTF8 function in libEBML
before 1.3.3 ...)
+ TODO: check
CVE-2016-XXXX [Buffer overflow in Python-Pillow and PIL]
- pillow <unfixed>
- python-imaging <removed>
@@ -45,6 +272,7 @@
CVE-2016-2092
RESERVED
CVE-2016-2198 [usb: ehci null pointer dereference in ehci_caps_write]
+ RESERVED
- qemu <unfixed> (bug #813193)
[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
- qemu-kvm <removed>
@@ -53,6 +281,7 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1301643
TODO: check versions
CVE-2016-2197 [ide: ahci null pointer dereference when using FIS CLB engines]
+ RESERVED
- qemu <unfixed> (bug #813194)
[jessie] - qemu <not-affected> (Vulnerable code introduced later)
[wheezy] - qemu <not-affected> (Vulnerable code introduced later)
@@ -68,11 +297,11 @@
RESERVED
CVE-2016-2086
RESERVED
-CVE-2015-8792 [Out-of-bounds heap read in KaxInternalBlock::ReadData()]
+CVE-2015-8792 (The KaxInternalBlock::ReadData function in libMatroska before
1.4.4 ...)
- libmatroska 1.4.4-1
NOTE:
http://lists.matroska.org/pipermail/matroska-users/2015-October/006985.html
NOTE:
https://github.com/Matroska-Org/libmatroska/commit/0a2d3e3644a7453b6513db2f9bc270f77943573f
-CVE-2015-8789 [Use-after-free vulnerability in the EbmlMaster::Read function]
+CVE-2015-8789 (Use-after-free vulnerability in the EbmlMaster::Read function
in ...)
- libebml 1.3.3-1
NOTE:
http://lists.matroska.org/pipermail/matroska-users/2015-October/006985.html
NOTE:
https://github.com/Matroska-Org/libebml/commit/88409e2a94dd3b40ff81d08bf6d92f486d036b24
@@ -265,22 +494,19 @@
- linux-2.6 <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1300237
NOTE: Introduced in
https://git.kernel.org/linus/3d167d68e3805ee45ed2e8412fc03ed919c54c24
(v3.13-rc1)
-CVE-2015-8783 [other out-of-bounds reads]
- RESERVED
+CVE-2015-8783 (tif_luv.c in libtiff allows attackers to cause a denial of
service ...)
{DLA-405-1}
- tiff 4.0.6-1
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2522
NOTE: Commit:
https://github.com/vadz/libtiff/commit/aaab5c3c9d2a2c6984f23ccbc79702610439bc65
NOTE: http://www.openwall.com/lists/oss-security/2016/01/24/3
-CVE-2015-8782 [other out-of-bounds writes]
- RESERVED
+CVE-2015-8782 (tif_luv.c in libtiff allows attackers to cause a denial of
service ...)
{DLA-405-1}
- tiff 4.0.6-1
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2522
NOTE: Commit:
https://github.com/vadz/libtiff/commit/aaab5c3c9d2a2c6984f23ccbc79702610439bc65
NOTE: http://www.openwall.com/lists/oss-security/2016/01/24/3
-CVE-2015-8781 [an out of bounds write at tif_luv.c:208]
- RESERVED
+CVE-2015-8781 (tif_luv.c in libtiff allows attackers to cause a denial of
service ...)
{DLA-405-1}
- tiff 4.0.6-1
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2522#0
@@ -298,8 +524,7 @@
CVE-2015-XXXX [insecure use of temporary files]
- node-cli <unfixed> (bug #809252)
[jessie] - node-cli <no-dsa> (Minor issue)
-CVE-2016-2049 [php-openid: host based account hijack attack]
- RESERVED
+CVE-2016-2049 (examples/consumer/common.php in JanRain PHP OpenID library (aka
...)
- php-openid <unfixed>
NOTE: http://www.openwall.com/lists/oss-security/2016/01/24/2
TODO: check
@@ -410,8 +635,7 @@
RESERVED
CVE-2016-1986
RESERVED
-CVE-2016-1985
- RESERVED
+CVE-2016-1985 (HPE Operations Manager 8.x and 9.0 on Windows allows remote
attackers ...)
NOT-FOR-US: HPE Operations Manager
CVE-2016-1984 (The setUpSubtleUserAccount function in /bin/bw on Harman AMX
devices ...)
NOT-FOR-US: Harman AMX devices
@@ -479,69 +703,58 @@
RESERVED
CVE-2016-1949
RESERVED
-CVE-2016-1948 [Lightweight themes on Firefox for Android do not verify a
secure connection]
- RESERVED
+CVE-2016-1948 (Mozilla Firefox before 44.0 on Android does not ensure that
HTTPS is ...)
- iceweasel <not-affected> (Only affects Firefox for Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-12/
-CVE-2016-1947 [Application Reputation service disabled in Firefox 43]
- RESERVED
+CVE-2016-1947 (Mozilla Firefox 43.x mishandles attempts to connect to the
Application ...)
- iceweasel 44.0-1
[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-11/
-CVE-2016-1946 [Unsafe memory manipulation found through code inspection]
- RESERVED
+CVE-2016-1946 (The MoofParser::Metadata function in binding/MoofParser.cpp in
...)
- iceweasel 44.0-1
[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-10/
-CVE-2016-1945 [Unsafe memory manipulation found through code inspection]
- RESERVED
+CVE-2016-1945 (The nsZipArchive function in Mozilla Firefox before 44.0 might
allow ...)
- iceweasel 44.0-1
[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-10/
-CVE-2016-1944 [Unsafe memory manipulation found through code inspection]
- RESERVED
+CVE-2016-1944 (The Buffer11::NativeBuffer11::map function in ANGLE, as used in
...)
- iceweasel 44.0-1
[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-10/
-CVE-2016-1943 [Addressbar spoofing attacks]
- RESERVED
+CVE-2016-1943 (Mozilla Firefox before 44.0 on Android allows remote attackers
to ...)
- iceweasel 44.0-1
[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-09/
-CVE-2016-1942 [Addressbar spoofing attacks]
- RESERVED
+CVE-2016-1942 (Mozilla Firefox before 44.0 allows user-assisted remote
attackers to ...)
- iceweasel 44.0-1
[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-09/
-CVE-2016-1941 [Delay following click events in file download dialog too short
on OS X]
- RESERVED
+CVE-2016-1941 (The file-download dialog in Mozilla Firefox before 44.0 on OS X
...)
- iceweasel <not-affected> (Affects only Firefox on OS X)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-08/
-CVE-2016-1940 [Addressbar spoofing through stored data url shortcuts on
Firefox for Android]
- RESERVED
+CVE-2016-1940 (Mozilla Firefox before 44.0 on Android allows remote attackers
to ...)
- iceweasel <not-affected> (Affects Firefox for Android only)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-05/
-CVE-2016-1939
- RESERVED
+CVE-2016-1939 (Mozilla Firefox before 44.0 stores cookies with names
containing ...)
- iceweasel 44.0-1
[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-04/
-CVE-2016-1938
- RESERVED
+CVE-2016-1938 (The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla
Network ...)
- iceweasel 44.0-1
[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
@@ -555,8 +768,7 @@
NOTE: https://hg.mozilla.org/projects/nss/rev/608645309ab9
NOTE: https://hg.mozilla.org/projects/nss/rev/cfd0ad4726cb
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1190248 (not yet
public)
-CVE-2016-1937
- RESERVED
+CVE-2016-1937 (The protocol-handler dialog in Mozilla Firefox before 44.0
allows ...)
- iceweasel 44.0-1
[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
@@ -564,16 +776,14 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-06/
CVE-2016-1936
RESERVED
-CVE-2016-1935 [Buffer overflow in WebGL after out of memory allocation]
- RESERVED
+CVE-2016-1935 (Buffer overflow in the BufferSubData function in Mozilla
Firefox ...)
{DSA-3457-1}
- iceweasel 44.0-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-03/
CVE-2016-1934
RESERVED
-CVE-2016-1933 [Out of Memory crash when parsing GIF format images]
- RESERVED
+CVE-2016-1933 (Integer overflow in the image-deinterlacing functionality in
Mozilla ...)
- iceweasel 44.0-1
[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
@@ -581,15 +791,13 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-02/
CVE-2016-1932
RESERVED
-CVE-2016-1931 [Memory safety bugs]
- RESERVED
+CVE-2016-1931 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
- iceweasel 44.0-1
[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
-CVE-2016-1930 [Miscellaneous memory safety hazards]
- RESERVED
+CVE-2016-1930 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
{DSA-3457-1}
- iceweasel 44.0-1
[squeeze] - iceweasel <end-of-life>
@@ -654,10 +862,10 @@
RESERVED
CVE-2015-8774
RESERVED
-CVE-2015-8773
- RESERVED
-CVE-2015-8772
- RESERVED
+CVE-2015-8773 (Stack-based buffer overflow in McPvDrv.sys 4.6.111.0 in McAfee
File ...)
+ TODO: check
+CVE-2015-8772 (McPvDrv.sys 4.6.111.0 in McAfee File Lock 5.x in McAfee Total
...)
+ TODO: check
CVE-2016-1981 [net: e1000 infinite loop in start_xmit and e1000_receive_iov
routines]
RESERVED
- qemu 1:2.5+dfsg-5 (bug #812307)
@@ -766,8 +974,7 @@
RESERVED
CVE-2016-1883
RESERVED
-CVE-2016-1882 [TCP MD5 signature denial of service [SA-16:05]]
- RESERVED
+CVE-2016-1882 (FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9
allow ...)
- kfreebsd-10 <unfixed> (unimportant; bug #811280)
NOTE: kfreebsd not covered by security support in Jessie
- kfreebsd-9 <removed>
@@ -781,8 +988,7 @@
- kfreebsd-10 <unfixed> (unimportant; bug #811278)
NOTE: kfreebsd not covered by security support in Jessie
- kfreebsd-9 <removed>
-CVE-2016-1879 [SCTP ICMPv6 error message vulnerability [SA-16:01]]
- RESERVED
+CVE-2016-1879 (The Stream Control Transmission Protocol (SCTP) module in
FreeBSD 9.3 ...)
- kfreebsd-10 <unfixed> (unimportant; bug #811277)
NOTE: kfreebsd not covered by security support in Jessie
- kfreebsd-9 <removed>
@@ -1080,36 +1286,36 @@
RESERVED
CVE-2016-1731
RESERVED
-CVE-2016-1730
- RESERVED
-CVE-2016-1729
- RESERVED
-CVE-2016-1728
- RESERVED
-CVE-2016-1727
- RESERVED
-CVE-2016-1726
- RESERVED
-CVE-2016-1725
- RESERVED
-CVE-2016-1724
- RESERVED
-CVE-2016-1723
- RESERVED
-CVE-2016-1722
- RESERVED
-CVE-2016-1721
- RESERVED
-CVE-2016-1720
- RESERVED
-CVE-2016-1719
- RESERVED
-CVE-2016-1718
- RESERVED
-CVE-2016-1717
- RESERVED
-CVE-2016-1716
- RESERVED
+CVE-2016-1730 (WebSheet in Apple iOS before 9.2.1 allows remote attackers to
read or ...)
+ TODO: check
+CVE-2016-1729 (Untrusted search path vulnerability in OSA Scripts in Apple OS
X ...)
+ TODO: check
+CVE-2016-1728 (The Cascading Style Sheets (CSS) implementation in Apple iOS
before ...)
+ TODO: check
+CVE-2016-1727 (WebKit, as used in Apple iOS before 9.2.1, Safari before 9.0.3,
and ...)
+ TODO: check
+CVE-2016-1726 (WebKit, as used in Apple iOS before 9.2.1 and Safari before
9.0.3, ...)
+ TODO: check
+CVE-2016-1725 (WebKit, as used in Apple iOS before 9.2.1 and Safari before
9.0.3, ...)
+ TODO: check
+CVE-2016-1724 (WebKit, as used in Apple iOS before 9.2.1, Safari before 9.0.3,
and ...)
+ TODO: check
+CVE-2016-1723 (WebKit, as used in Apple iOS before 9.2.1 and Safari before
9.0.3, ...)
+ TODO: check
+CVE-2016-1722 (syslog in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS
before ...)
+ TODO: check
+CVE-2016-1721 (The kernel in Apple iOS before 9.2.1, OS X before 10.11.3, and
tvOS ...)
+ TODO: check
+CVE-2016-1720 (IOKit in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS
before ...)
+ TODO: check
+CVE-2016-1719 (The IOHIDFamily API in Apple iOS before 9.2.1, OS X before
10.11.3, ...)
+ TODO: check
+CVE-2016-1718 (The IOAcceleratorFamily2 interface in IOAcceleratorFamily in
Apple OS ...)
+ TODO: check
+CVE-2016-1717 (The Disk Images component in Apple iOS before 9.2.1, OS X
before ...)
+ TODO: check
+CVE-2016-1716 (AppleGraphicsPowerManagement in Apple OS X before 10.11.3
allows local ...)
+ TODO: check
CVE-2016-1908 [Eliminate the fallback from untrusted X11-forwarding to trusted
forwarding for cases when the X server disables the SECURITY extension]
RESERVED
- openssh <unfixed>
@@ -1175,8 +1381,7 @@
{DLA-408-1}
- gosa 2.7.4+reloaded2-6
NOTE:
https://github.com/gosa-project/gosa-core/commit/a67a047cba2cdae8bccb0f0e2bc6d3eb45cfcbc8
-CVE-2015-8770 [remote code execution / path traversal]
- RESERVED
+CVE-2015-8770 (Directory traversal vulnerability in the set_skin function in
...)
{DLA-392-1}
- roundcube 1.1.4+dfsg.1-1
NOTE:
https://roundcube.net/news/2015/12/26/updates-1.1.4-and-1.0.8-released/
@@ -1760,8 +1965,8 @@
- owncloud 7.0.12~dfsg-1
[jessie] - owncloud 7.0.4+dfsg-4~deb8u4
NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2016-001
-CVE-2016-1493
- RESERVED
+CVE-2016-1493 (Intel Driver Update Utility before 2.4 retrieves driver updates
in ...)
+ TODO: check
CVE-2016-1492 (The Wifi hotspot in Lenovo SHAREit before 3.5.48_ww for
Android, when ...)
TODO: check
CVE-2016-1491 (The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows,
when ...)
@@ -1770,8 +1975,8 @@
TODO: check
CVE-2016-1489 (Lenovo SHAREit before 3.2.0 for Windows and SHAREit before
3.5.48_ww ...)
TODO: check
-CVE-2016-1488
- RESERVED
+CVE-2016-1488 (Cross-site scripting (XSS) vulnerability in the login form in
the ...)
+ TODO: check
CVE-2016-1487
RESERVED
CVE-2016-1486
@@ -2138,10 +2343,10 @@
RESERVED
CVE-2016-1305
RESERVED
-CVE-2016-1304
- RESERVED
-CVE-2016-1303
- RESERVED
+CVE-2016-1304 (Cross-site scripting (XSS) vulnerability in Cisco Unity
Connection ...)
+ TODO: check
+CVE-2016-1303 (The web GUI on Cisco Small Business 500 devices 1.2.0.92 allows
remote ...)
+ TODO: check
CVE-2016-1302
RESERVED
CVE-2016-1301
@@ -2846,26 +3051,26 @@
RESERVED
CVE-2016-1146
RESERVED
-CVE-2016-1145
- RESERVED
-CVE-2016-1144
- RESERVED
-CVE-2016-1143
- RESERVED
+CVE-2016-1145 (Directory traversal vulnerability in WebManager in NEC
EXPRESSCLUSTER ...)
+ TODO: check
+CVE-2016-1144 (Cross-site scripting (XSS) vulnerability in JOB-CUBE -JOB WEB
SYSTEM ...)
+ TODO: check
+CVE-2016-1143 (Cross-site scripting (XSS) vulnerability in main.rb in Vine MV
before ...)
+ TODO: check
CVE-2016-1142 (Seeds acmailer before 3.8.21 and 3.9.x before 3.9.15 Beta
allows ...)
TODO: check
-CVE-2016-1141
- RESERVED
-CVE-2016-1140
- RESERVED
-CVE-2016-1139
- RESERVED
-CVE-2016-1138
- RESERVED
-CVE-2016-1137
- RESERVED
-CVE-2016-1136
- RESERVED
+CVE-2016-1141 (KDDI HOME SPOT CUBE devices before 2 allow remote authenticated
users ...)
+ TODO: check
+CVE-2016-1140 (KDDI HOME SPOT CUBE devices before 2 allow remote attackers to
conduct ...)
+ TODO: check
+CVE-2016-1139 (Cross-site request forgery (CSRF) vulnerability on KDDI HOME
SPOT CUBE ...)
+ TODO: check
+CVE-2016-1138 (CRLF injection vulnerability on KDDI HOME SPOT CUBE devices
before 2 ...)
+ TODO: check
+CVE-2016-1137 (Open redirect vulnerability on KDDI HOME SPOT CUBE devices
before 2 ...)
+ TODO: check
+CVE-2016-1136 (Cross-site scripting (XSS) vulnerability on KDDI HOME SPOT CUBE
...)
+ TODO: check
CVE-2016-1135 (Cross-site scripting (XSS) vulnerability on BUFFALO BHR-4GRV2
devices ...)
TODO: check
CVE-2016-1134 (Cross-site request forgery (CSRF) vulnerability on BUFFALO
BHR-4GRV2 ...)
@@ -3798,8 +4003,8 @@
TODO: check
CVE-2016-0868 (Stack-based buffer overflow on Rockwell Automation
Allen-Bradley ...)
TODO: check
-CVE-2016-0867
- RESERVED
+CVE-2016-0867 (CAREL PlantVisorEnhanced allows remote attackers to bypass
intended ...)
+ TODO: check
CVE-2016-0866
RESERVED
CVE-2016-0865
@@ -4024,21 +4229,18 @@
RESERVED
CVE-2016-0757
RESERVED
-CVE-2016-0756 [insecure dialback key generation/validation algorithm]
- RESERVED
+CVE-2016-0756 (The generate_dialback function in the mod_dialback module in
Prosody ...)
{DSA-3463-1 DLA-407-1}
- prosody 0.9.10-1
NOTE: http://blog.prosody.im/prosody-0-9-10-released/
NOTE: https://prosody.im/security/advisory_20160127/
NOTE: Upstream fix
https://github.com/bjc/prosody/commit/8708def4f55e61acdd5b2c762d420ab40da0d015
-CVE-2016-0755 [NTLM credentials not-checked for proxy connection re-use]
- RESERVED
+CVE-2016-0755 (The ConnectionExists function in lib/url.c in libcurl before
7.47.0 ...)
{DSA-3455-1}
- curl 7.47.0-1
[wheezy] - curl <no-dsa> (Too intrusive to backport)
NOTE: http://curl.haxx.se/docs/adv_20160127A.html
-CVE-2016-0754 [remote file name path traversal in curl tool for Windows]
- RESERVED
+CVE-2016-0754 (cURL before 7.47.0 on Windows allows attackers to write to
arbitrary ...)
- curl <not-affected> (Windows only)
NOTE: http://curl.haxx.se/docs/adv_20160127B.html
CVE-2016-0753 [Possible Input Validation Circumvention in Active Model]
@@ -4110,13 +4312,11 @@
RESERVED
CVE-2016-0739
RESERVED
-CVE-2016-0738
- RESERVED
+CVE-2016-0738 (OpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x,
and 2.5.x ...)
- swift 2.5.0-3 (bug #812984)
NOTE: Swift: >=2.2.1 <= 2.3.0, >= 2.4.0 <= 2.5.0
TODO: check
-CVE-2016-0737
- RESERVED
+CVE-2016-0737 (OpenStack Object Storage (Swift) before 2.4.0 does not properly
close ...)
- swift 2.4.0-1
NOTE: Swift: >=2.2.1 <= 2.3.0
TODO: check, not exaclty clear if it really only was introduced in 2.2.1
@@ -6732,8 +6932,8 @@
NOT-FOR-US: Dovestones
CVE-2015-8266
RESERVED
-CVE-2015-8265
- RESERVED
+CVE-2015-8265 (Huawei E5186 4G LTE router with software before
V200R001B310D01SP00C00 ...)
+ TODO: check
CVE-2015-8264
RESERVED
CVE-2015-8263 (NETGEAR WNR1000v3 devices with firmware 1.0.2.68 use the same
source ...)
@@ -7790,8 +7990,8 @@
NOT-FOR-US: eWON devices
CVE-2015-7924 (eWON devices with firmware before 10.1s0 do not trigger the
discarding ...)
NOT-FOR-US: eWON devices
-CVE-2015-7923
- RESERVED
+CVE-2015-7923 (Westermo WeOS before 4.19.0 uses the same SSL private key
across ...)
+ TODO: check
CVE-2015-7922
RESERVED
CVE-2015-7921
@@ -9082,8 +9282,7 @@
RESERVED
CVE-2015-7522
RESERVED
-CVE-2015-7521
- RESERVED
+CVE-2015-7521 (The authorization framework in Apache Hive 1.0.0, 1.0.1, 1.1.0,
1.1.1, ...)
NOT-FOR-US: Apache Hive
CVE-2015-7520
RESERVED
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
