Author: sectracker
Date: 2016-09-19 21:10:19 +0000 (Mon, 19 Sep 2016)
New Revision: 44743

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2016-09-19 17:33:09 UTC (rev 44742)
+++ data/CVE/list       2016-09-19 21:10:19 UTC (rev 44743)
@@ -1,3 +1,123 @@
+CVE-2016-8280
+       RESERVED
+CVE-2016-8279
+       RESERVED
+CVE-2016-8278
+       RESERVED
+CVE-2016-8277
+       RESERVED
+CVE-2016-8276
+       RESERVED
+CVE-2016-8275
+       RESERVED
+CVE-2016-8274
+       RESERVED
+CVE-2016-8273
+       RESERVED
+CVE-2016-8272
+       RESERVED
+CVE-2016-8271
+       RESERVED
+CVE-2016-8270
+       RESERVED
+CVE-2016-8269
+       RESERVED
+CVE-2016-8268
+       RESERVED
+CVE-2016-8267
+       RESERVED
+CVE-2016-8266
+       RESERVED
+CVE-2016-8265
+       RESERVED
+CVE-2016-8264
+       RESERVED
+CVE-2016-8263
+       RESERVED
+CVE-2016-8262
+       RESERVED
+CVE-2016-8261
+       RESERVED
+CVE-2016-8260
+       RESERVED
+CVE-2016-8259
+       RESERVED
+CVE-2016-8258
+       RESERVED
+CVE-2016-8257
+       RESERVED
+CVE-2016-8256
+       RESERVED
+CVE-2016-8255
+       RESERVED
+CVE-2016-8254
+       RESERVED
+CVE-2016-8253
+       RESERVED
+CVE-2016-8252
+       RESERVED
+CVE-2016-8251
+       RESERVED
+CVE-2016-8250
+       RESERVED
+CVE-2016-8249
+       RESERVED
+CVE-2016-8248
+       RESERVED
+CVE-2016-8247
+       RESERVED
+CVE-2016-8246
+       RESERVED
+CVE-2016-8245
+       RESERVED
+CVE-2016-8244
+       RESERVED
+CVE-2016-8243
+       RESERVED
+CVE-2016-8242
+       RESERVED
+CVE-2016-8241
+       RESERVED
+CVE-2016-8240
+       RESERVED
+CVE-2016-8239
+       RESERVED
+CVE-2016-8238
+       RESERVED
+CVE-2016-8237
+       RESERVED
+CVE-2016-8236
+       RESERVED
+CVE-2016-8235
+       RESERVED
+CVE-2016-8234
+       RESERVED
+CVE-2016-8233
+       RESERVED
+CVE-2016-8232
+       RESERVED
+CVE-2016-8231
+       RESERVED
+CVE-2016-8230
+       RESERVED
+CVE-2016-8229
+       RESERVED
+CVE-2016-8228
+       RESERVED
+CVE-2016-8227
+       RESERVED
+CVE-2016-8226
+       RESERVED
+CVE-2016-8225
+       RESERVED
+CVE-2016-8224
+       RESERVED
+CVE-2016-8223
+       RESERVED
+CVE-2016-8222
+       RESERVED
+CVE-2016-8221
+       RESERVED
 CVE-2016-7423 [scsi: mptsas: OOB access when freeing MPTSASRequest object]
        RESERVED
        - qemu <unfixed> (bug #838145)
@@ -2259,10 +2379,9 @@
        NOTE: The scope of this CVE is the documentation bug, lacking treatment 
of
        NOTE: -DNDEBUG and Static Initialization
        NOTE: Documentation added in 
https://github.com/weidai11/cryptopp/commit/553049ba297d89d9e8fbf2204acb40a8a53f5cd6
-CVE-2016-7419
-       RESERVED
-CVE-2016-7418 [Out-Of-Bounds Read in php_wddx_push_element]
-       RESERVED
+CVE-2016-7419 (Cross-site scripting (XSS) vulnerability in share.js in the 
gallery ...)
+       TODO: check
+CVE-2016-7418 (The php_wddx_push_element function in ext/wddx/wddx.c in PHP 
before ...)
        - php7.0 7.0.11-1
        - php5 5.6.26+dfsg-1
        NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73065
@@ -2270,50 +2389,43 @@
        NOTE: 
https://github.com/php/php-src/commit/c4cca4c20e75359c9a13a1f9a36cb7b4e9601d29?w=1
        NOTE: The scope of this CVE also includes all of the "other four 
similar issues"
        NOTE: in the "[2016-09-12 06:44 UTC]" comment.
-CVE-2016-7417 [Missing type check when unserializing SplArray]
-       RESERVED
+CVE-2016-7417 (ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 
...)
        - php7.0 7.0.11-1
        - php5 5.6.26+dfsg-1
        NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73029
        NOTE: Fixed in 7.0.11, 5.6.26
        NOTE: 
https://github.com/php/php-src/commit/ecb7f58a069be0dec4a6131b6351a761f808f22e?w=1
-CVE-2016-7416 [add locale length check]
-       RESERVED
+CVE-2016-7416 (ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 
7.x ...)
        - php7.0 7.0.11-1
        - php5 5.6.26+dfsg-1
        NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73007
        NOTE: Fixed in 7.0.11, 5.6.26
        NOTE: 
https://github.com/php/php-src/commit/6d55ba265637d6adf0ba7e9c9ef11187d1ec2f5b?w=1
-CVE-2016-7415 [ICU related issue relative to PHP Bug #73007, add locale length 
check]
-       RESERVED
+CVE-2016-7415 (Stack-based buffer overflow in the Locale class in 
common/locid.cpp in ...)
        - icu <unfixed>
        NOTE: Related code in 
http://source.icu-project.org/repos/icu/icu/trunk/source/common/locid.cpp file
        NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73007
        NOTE: PHP fix: 
https://github.com/php/php-src/commit/6d55ba265637d6adf0ba7e9c9ef11187d1ec2f5b?w=1
        NOTE: Unclear how this should be fixed for icu, if at all. Issue is 
mainly in PHP.
-CVE-2016-7414 [Out of bound when verify signature of zip phar in 
phar_parse_zipfile]
-       RESERVED
+CVE-2016-7414 (The ZIP signature-verification feature in PHP before 5.6.26 and 
7.x ...)
        - php7.0 7.0.11-1
        - php5 5.6.26+dfsg-1
        NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72928
        NOTE: Fixed in 7.0.11, 5.6.26
        NOTE: 
https://github.com/php/php-src/commit/0bfb970f43acd1e81d11be1154805f86655f15d5?w=1
-CVE-2016-7413 [wddx_deserialize use-after-free]
-       RESERVED
+CVE-2016-7413 (Use-after-free vulnerability in the wddx_stack_destroy function 
in ...)
        - php7.0 7.0.11-1
        - php5 5.6.26+dfsg-1
        NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72860
        NOTE: Fixed in 7.0.11, 5.6.26
        NOTE: 
https://github.com/php/php-src/commit/b88393f08a558eec14964a55d3c680fe67407712?w=1
-CVE-2016-7412 [Heap overflow in mysqlnd related to BIT fields]
-       RESERVED
+CVE-2016-7412 (ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x 
before ...)
        - php7.0 7.0.11-1
        - php5 5.6.26+dfsg-1
        NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72293
        NOTE: Fixed in 7.0.11, 5.6.26
        NOTE: 
https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1
-CVE-2016-7411 [Memory Corruption in During Deserialized-object Destruction]
-       RESERVED
+CVE-2016-7411 (ext/standard/var_unserializer.re in PHP before 5.6.26 
mishandles ...)
        - php7.0 <not-affected> (Only affects 5.x)
        - php5 5.6.26+dfsg-1
        NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73052
@@ -3601,10 +3713,10 @@
        RESERVED
 CVE-2016-6939
        RESERVED
-CVE-2016-6938
-       RESERVED
-CVE-2016-6937
-       RESERVED
+CVE-2016-6938 (Use-after-free vulnerability in Adobe Reader and Acrobat before 
...)
+       TODO: check
+CVE-2016-6937 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat 
Reader DC ...)
+       TODO: check
 CVE-2016-6936 (Adobe AIR SDK &amp; Compiler before 23.0.0.257 on Windows does 
not support ...)
        TODO: check
 CVE-2016-6935
@@ -4343,18 +4455,18 @@
        RESERVED
 CVE-2016-6645
        RESERVED
-CVE-2016-6644
-       RESERVED
-CVE-2016-6643
-       RESERVED
-CVE-2016-6642
-       RESERVED
-CVE-2016-6641
-       RESERVED
+CVE-2016-6644 (EMC Documentum D2 4.5 before patch 15 and 4.6 before patch 03 
allows ...)
+       TODO: check
+CVE-2016-6643 (Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 
3.7.2 ...)
+       TODO: check
+CVE-2016-6642 (Cross-site request forgery (CSRF) vulnerability in EMC ViPR SRM 
before ...)
+       TODO: check
+CVE-2016-6641 (Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 
3.7.2 ...)
+       TODO: check
 CVE-2016-6640
        RESERVED
-CVE-2016-6639
-       RESERVED
+CVE-2016-6639 (Cloud Foundry PHP Buildpack (aka php-buildpack) before 4.3.18 
and PHP ...)
+       TODO: check
 CVE-2016-6638
        RESERVED
 CVE-2016-6637
@@ -4896,12 +5008,12 @@
        RESERVED
 CVE-2016-6538
        RESERVED
-CVE-2016-6537
-       RESERVED
-CVE-2016-6536
-       RESERVED
-CVE-2016-6535
-       RESERVED
+CVE-2016-6537 (AVer Information EH6108H+ devices with firmware X9.03.24.00.07l 
store ...)
+       TODO: check
+CVE-2016-6536 (The /setup URI on AVer Information EH6108H+ devices with 
firmware ...)
+       TODO: check
+CVE-2016-6535 (AVer Information EH6108H+ devices with firmware X9.03.24.00.07l 
have ...)
+       TODO: check
 CVE-2016-6534
        RESERVED
 CVE-2016-6533
@@ -5281,8 +5393,8 @@
        RESERVED
 CVE-2016-6416
        RESERVED
-CVE-2016-6415
-       RESERVED
+CVE-2016-6415 (The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 
and ...)
+       TODO: check
 CVE-2016-6414
        RESERVED
 CVE-2016-6413
@@ -5297,20 +5409,20 @@
        RESERVED
 CVE-2016-6408
        RESERVED
-CVE-2016-6407
-       RESERVED
+CVE-2016-6407 (Cisco AsyncOS through 9.5.0-444 on Web Security Appliance (WSA) 
...)
+       TODO: check
 CVE-2016-6406
        RESERVED
-CVE-2016-6405
-       RESERVED
-CVE-2016-6404
-       RESERVED
-CVE-2016-6403
-       RESERVED
-CVE-2016-6402
-       RESERVED
-CVE-2016-6401
-       RESERVED
+CVE-2016-6405 (Cisco Fog Director 1.0(0) for IOx allows remote authenticated 
users to ...)
+       TODO: check
+CVE-2016-6404 (Cross-site scripting (XSS) vulnerability in the web framework 
in Cisco ...)
+       TODO: check
+CVE-2016-6403 (The Data in Motion (DMo) application in Cisco IOS 15.6(1)T and 
IOS XE, ...)
+       TODO: check
+CVE-2016-6402 (UCS Manager and UCS 6200 Fabric Interconnects in Cisco Unified 
...)
+       TODO: check
+CVE-2016-6401 (Cisco Carrier Routing System (CRS) 5.1 and 5.1.4, as used in 
CRS ...)
+       TODO: check
 CVE-2016-6400
        RESERVED
 CVE-2016-6399 (Cisco ACE30 Application Control Engine Module through A5 3.3 
and ACE ...)
@@ -7221,8 +7333,8 @@
        RESERVED
 CVE-2016-5845 (SAP SAPCAR does not check the return value of file operations 
when ...)
        NOT-FOR-US: SAP SAPCAR
-CVE-2016-5843
-       RESERVED
+CVE-2016-5843 (Multiple SQL injection vulnerabilities in the FAQ package 2.x 
before ...)
+       TODO: check
 CVE-2016-5840 (hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 
3.7, ...)
        NOT-FOR-US: Trend Micro Deep Discovery Inspector
 CVE-2016-5831
@@ -7245,8 +7357,8 @@
        RESERVED
 CVE-2016-5815
        RESERVED
-CVE-2016-5814
-       RESERVED
+CVE-2016-5814 (Buffer overflow in Rockwell Automation RSLogix Micro Starter 
Lite, ...)
+       TODO: check
 CVE-2016-5813
        RESERVED
 CVE-2016-5812 (Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, 
and ...)
@@ -10867,8 +10979,8 @@
        NOTE: This security fix can be considered an improvement of the 
previous ZF2016-02
        NOTE: and ZF2014-04 advisories.
        NOTE: Fixed by: 
https://github.com/zendframework/zf1/commit/b1c71dd94296d9000127720c85a7ea9e3b35af4b
 (1.12.20)
-CVE-2016-4860
-       RESERVED
+CVE-2016-4860 (Yokogawa STARDOM FCN/FCJ controller R1.01 through R4.01 does 
not ...)
+       TODO: check
 CVE-2016-4859
        RESERVED
 CVE-2016-4858
@@ -11143,14 +11255,14 @@
        RESERVED
 CVE-2016-4750
        RESERVED
-CVE-2016-4749
-       RESERVED
+CVE-2016-4749 (Printing UIKit in Apple iOS before 10 mishandles environment 
...)
+       TODO: check
 CVE-2016-4748
        RESERVED
-CVE-2016-4747
-       RESERVED
-CVE-2016-4746
-       RESERVED
+CVE-2016-4747 (Mail in Apple iOS before 10 mishandles certificates, which 
makes it ...)
+       TODO: check
+CVE-2016-4746 (The Keyboards component in Apple iOS before 10 does not 
properly use a ...)
+       TODO: check
 CVE-2016-4745
        RESERVED
 CVE-2016-4744
@@ -11159,10 +11271,10 @@
        RESERVED
 CVE-2016-4742
        RESERVED
-CVE-2016-4741
-       RESERVED
-CVE-2016-4740
-       RESERVED
+CVE-2016-4741 (The Assets component in Apple iOS before 10 allows 
man-in-the-middle ...)
+       TODO: check
+CVE-2016-4740 (Apple iOS before 10, when Handoff for Messages is used, does 
not ...)
+       TODO: check
 CVE-2016-4739
        RESERVED
 CVE-2016-4738
@@ -11203,8 +11315,8 @@
        RESERVED
 CVE-2016-4720
        RESERVED
-CVE-2016-4719
-       RESERVED
+CVE-2016-4719 (The GeoServices component in Apple iOS before 10 and watchOS 
before 3 ...)
+       TODO: check
 CVE-2016-4718
        RESERVED
 CVE-2016-4717
@@ -11231,10 +11343,10 @@
        RESERVED
 CVE-2016-4706
        RESERVED
-CVE-2016-4705
-       RESERVED
-CVE-2016-4704
-       RESERVED
+CVE-2016-4705 (otool in Apple Xcode before 8 allows local users to gain 
privileges or ...)
+       TODO: check
+CVE-2016-4704 (otool in Apple Xcode before 8 allows local users to gain 
privileges or ...)
+       TODO: check
 CVE-2016-4703
        RESERVED
 CVE-2016-4702
@@ -11401,8 +11513,8 @@
        - webkit2gtk 2.12.4-1 (unimportant)
 CVE-2016-4621 (libc++abi in Apple OS X before 10.11.6 allows attackers to 
execute ...)
        NOT-FOR-US: Apple
-CVE-2016-4620
-       RESERVED
+CVE-2016-4620 (The Sandbox Profiles component in Apple iOS before 10 does not 
...)
+       TODO: check
 CVE-2016-4619 (libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes 
before ...)
        TODO: check
 CVE-2016-4618
@@ -11681,8 +11793,8 @@
        TODO: check
 CVE-2016-4527 (ABB PCM600 before 2.7 improperly stores PCM600 authentication 
...)
        NOT-FOR-US: ABB PCM600
-CVE-2016-4526
-       RESERVED
+CVE-2016-4526 (ABB DataManagerPro 1.x before 1.7.1 allows local users to gain 
...)
+       TODO: check
 CVE-2016-4525 (Unspecified ActiveX controls in Advantech WebAccess before ...)
        TODO: check
 CVE-2016-4524 (ABB PCM600 before 2.7 improperly stores OPC Server IEC61850 
passwords ...)
@@ -21741,10 +21853,10 @@
        TODO: check
 CVE-2016-1484 (Cisco WebEx Meetings Server 2.6 allows remote attackers to 
bypass ...)
        TODO: check
-CVE-2016-1483
-       RESERVED
-CVE-2016-1482
-       RESERVED
+CVE-2016-1483 (Cisco WebEx Meetings Server 2.6 allows remote attackers to 
cause a ...)
+       TODO: check
+CVE-2016-1482 (Cisco WebEx Meetings Server 2.6 allows remote attackers to 
execute ...)
+       TODO: check
 CVE-2016-1481
        RESERVED
 CVE-2016-1480
@@ -21841,8 +21953,8 @@
        TODO: check
 CVE-2016-1434 (The license-certificate upload functionality on Cisco 8800 
phones with ...)
        TODO: check
-CVE-2016-1433
-       RESERVED
+CVE-2016-1433 (Cisco IOS XR 6.0 and 6.0.1 on NCS 6000 devices allows remote 
attackers ...)
+       TODO: check
 CVE-2016-1432 (Cisco IOS XE 3.15S and 3.16S on cBR-8 Converged Broadband 
Router ...)
        TODO: check
 CVE-2016-1431 (Cross-site scripting (XSS) vulnerability in Cisco Firepower 
Management ...)
@@ -23674,24 +23786,24 @@
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283934
        NOTE: http://www.openwall.com/lists/oss-security/2016/01/16/1
        NOTE: Possibly introduced in 
http://git.qemu.org/?p=qemu.git;a=commit;h=4917cf44326a1bda2fd7f27303aff7a25ad86518
 (v1.6.0-rc0)
-CVE-2016-0930
-       RESERVED
-CVE-2016-0929
-       RESERVED
-CVE-2016-0928
-       RESERVED
-CVE-2016-0927
-       RESERVED
-CVE-2016-0926
-       RESERVED
+CVE-2016-0930 (Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.19 and 1.7.x 
before ...)
+       TODO: check
+CVE-2016-0929 (The metrics-collection component in RabbitMQ for Pivotal Cloud 
Foundry ...)
+       TODO: check
+CVE-2016-0928 (Multiple open redirect vulnerabilities in Pivotal Cloud Foundry 
(PCF) ...)
+       TODO: check
+CVE-2016-0927 (Cross-site scripting (XSS) vulnerability in Pivotal Cloud 
Foundry ...)
+       TODO: check
+CVE-2016-0926 (Cross-site scripting (XSS) vulnerability in Apps Manager in 
Pivotal ...)
+       TODO: check
 CVE-2016-0925
        RESERVED
-CVE-2016-0924
-       RESERVED
-CVE-2016-0923
-       RESERVED
-CVE-2016-0922
-       RESERVED
+CVE-2016-0924 (The TLS 1.2 implementation in EMC RSA BSAFE Micro Edition Suite 
(MES) ...)
+       TODO: check
+CVE-2016-0923 (The client in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x 
before ...)
+       TODO: check
+CVE-2016-0922 (EMC ViPR SRM before 3.7.2 does not restrict the number of ...)
+       TODO: check
 CVE-2016-0921
        RESERVED
 CVE-2016-0920
@@ -23740,10 +23852,10 @@
        NOT-FOR-US: RSA Archer GRC Platform
 CVE-2016-0898
        RESERVED
-CVE-2016-0897
-       RESERVED
-CVE-2016-0896
-       RESERVED
+CVE-2016-0897 (Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 and 1.7.x 
before ...)
+       TODO: check
+CVE-2016-0896 (Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.34 and 
1.7.x ...)
+       TODO: check
 CVE-2016-0895 (EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote 
attackers ...)
        TODO: check
 CVE-2016-0894 (EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote 
...)
@@ -23768,8 +23880,8 @@
        RESERVED
 CVE-2016-0884
        RESERVED
-CVE-2016-0883
-       RESERVED
+CVE-2016-0883 (Pivotal Cloud Foundry (PCF) Ops Manager before 1.5.14 and 1.6.x 
before ...)
+       TODO: check
 CVE-2016-0882 (EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 
allows ...)
        NOT-FOR-US: EMC Documentum
 CVE-2016-0881 (EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 
allows ...)
@@ -23856,8 +23968,8 @@
        RESERVED
 CVE-2016-0871 (Eaton Lighting EG2 Web Control 4.04P and earlier allows remote 
...)
        TODO: check
-CVE-2016-0870
-       RESERVED
+CVE-2016-0870 (The web server in Trane Tracer SC 4.2.1134 and earlier allows 
remote ...)
+       TODO: check
 CVE-2016-0869 (Heap-based buffer overflow in MICROSYS PROMOTIC before 8.3.11 
allows ...)
        NOT-FOR-US: MICROSYS PROMOTIC
 CVE-2016-0868 (Stack-based buffer overflow on Rockwell Automation 
Allen-Bradley ...)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to