Author: sectracker
Date: 2016-11-04 21:10:14 +0000 (Fri, 04 Nov 2016)
New Revision: 45978
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-11-04 21:07:30 UTC (rev 45977)
+++ data/CVE/list 2016-11-04 21:10:14 UTC (rev 45978)
@@ -1,3 +1,81 @@
+CVE-2016-9190 (Pillow before 3.3.2 allows context-dependent attackers to
execute ...)
+ TODO: check
+CVE-2016-9189 (Pillow before 3.3.2 allows context-dependent attackers to
obtain ...)
+ TODO: check
+CVE-2016-9188 (Cross-site scripting (XSS) vulnerabilities in Moodle CMS on or
before ...)
+ TODO: check
+CVE-2016-9187 (Unrestricted file upload vulnerability in the double extension
support ...)
+ TODO: check
+CVE-2016-9186 (Unrestricted file upload vulnerability in the "legacy
course files" and ...)
+ TODO: check
+CVE-2016-9185 (In OpenStack Heat, by launching a new Heat stack with a local
URL an ...)
+ TODO: check
+CVE-2016-9184 (In
/framework/modules/core/controllers/expHTMLEditorController.php of ...)
+ TODO: check
+CVE-2016-9183 (In /framework/modules/ecommerce/controllers/orderController.php
of ...)
+ TODO: check
+CVE-2016-9182 (Exponent CMS 2.4 uses PHP reflection to call a method of a
controller ...)
+ TODO: check
+CVE-2016-9177 (Directory traversal vulnerability in Spark 2.5 allows remote
attackers ...)
+ TODO: check
+CVE-2016-9176 (Stack buffer overflow in the send.exe and receive.exe
components of ...)
+ TODO: check
+CVE-2016-9175
+ RESERVED
+CVE-2016-9174
+ RESERVED
+CVE-2016-9173
+ RESERVED
+CVE-2016-9172
+ RESERVED
+CVE-2016-9171
+ RESERVED
+CVE-2016-9170
+ RESERVED
+CVE-2016-9169
+ RESERVED
+CVE-2016-9168
+ RESERVED
+CVE-2016-9167
+ RESERVED
+CVE-2016-9166
+ RESERVED
+CVE-2016-9165
+ RESERVED
+CVE-2016-9164
+ RESERVED
+CVE-2016-9163
+ RESERVED
+CVE-2016-9162
+ RESERVED
+CVE-2016-9161
+ RESERVED
+CVE-2016-9160
+ RESERVED
+CVE-2016-9159
+ RESERVED
+CVE-2016-9158
+ RESERVED
+CVE-2016-9157
+ RESERVED
+CVE-2016-9156
+ RESERVED
+CVE-2016-9155
+ RESERVED
+CVE-2016-9154
+ RESERVED
+CVE-2016-9153
+ RESERVED
+CVE-2016-9152
+ RESERVED
+CVE-2016-9151
+ RESERVED
+CVE-2016-9150
+ RESERVED
+CVE-2016-9149
+ RESERVED
+CVE-2016-9148
+ RESERVED
CVE-2016-9147
RESERVED
CVE-2015-8969 (git-fastclone before 1.0.5 passes user modifiable strings
directly to a ...)
@@ -5,6 +83,7 @@
CVE-2015-8968 (git-fastclone before 1.0.1 permits arbitrary shell command
execution ...)
TODO: check
CVE-2015-8970 [crypto: GPF in lrw_crypt caused by null-deref]
+ RESERVED
- linux 4.4.2-1
NOTE:
https://groups.google.com/forum/#!msg/syzkaller/frb2XrB5aWk/xCXzkIBcDAAJ
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1386286
@@ -13,10 +92,12 @@
NOTE: triage for details.
NOTE: http://www.openwall.com/lists/oss-security/2016/11/03/6
CVE-2016-9179 [invalid URL parsing with '?']
+ RESERVED
- lynx <unfixed>
- lynx-cur <removed>
[jessie] - lynx-cur <no-dsa> (Minor issue)
CVE-2016-9178 [privilege escalation in exception table handling]
+ RESERVED
- linux <not-affected> (Vulnerable code not present, see NOTE)
NOTE: This is only an issue if 1c109fabbd51863475cd12ac206bdd249aee35af
NOTE: (added in 4.8) is backported without also backporting
@@ -37,6 +118,7 @@
CVE-2016-9141
RESERVED
CVE-2016-9181 [Image-Info: XXE in SVG files]
+ RESERVED
- libimage-info-perl 1.39-1 (bug #842891)
[jessie] - libimage-info-perl <no-dsa> (Minor issue)
[wheezy] - libimage-info-perl <no-dsa> (Minor issue)
@@ -51,6 +133,7 @@
NOTE: XML::SAX::PurePerl which is uncapable of processing external
entities
NOTE: but unfortunately it is also a slow parser.
CVE-2016-9180 [XML-Twig: expand_external_ents fails to work as documented]
+ RESERVED
- libxml-twig-perl <unfixed> (bug #842893)
NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=118097
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1379553
@@ -8317,24 +8400,23 @@
RESERVED
CVE-2016-6456
RESERVED
-CVE-2016-6455
- RESERVED
-CVE-2016-6454
- RESERVED
-CVE-2016-6453
- RESERVED
-CVE-2016-6452
- RESERVED
-CVE-2016-6451
- RESERVED
+CVE-2016-6455 (A vulnerability in the Slowpath of StarOS for Cisco ASR 5500
Series ...)
+ TODO: check
+CVE-2016-6454 (A cross-site request forgery (CSRF) vulnerability in the web
interface ...)
+ TODO: check
+CVE-2016-6453 (A vulnerability in the web framework code of Cisco Identity
Services ...)
+ TODO: check
+CVE-2016-6452 (A vulnerability in the web-based graphical user interface (GUI)
of ...)
+ TODO: check
+CVE-2016-6451 (Multiple vulnerabilities in the web framework code of the Cisco
Prime ...)
+ TODO: check
CVE-2016-6450
RESERVED
CVE-2016-6449
RESERVED
-CVE-2016-6448
- RESERVED
-CVE-2016-6447
- RESERVED
+CVE-2016-6448 (A vulnerability in the Session Description Protocol (SDP)
parser of ...)
+ TODO: check
+CVE-2016-6447 (A vulnerability in Cisco Meeting Server and Meeting App could
allow an ...)
NOT-FOR-US: Cisco Meeting Server and Meeting App
CVE-2016-6446 (A vulnerability in Web Bridge for Cisco Meeting Server could
allow an ...)
TODO: check
@@ -8346,8 +8428,7 @@
TODO: check
CVE-2016-6442 (A vulnerability in Cisco Finesse Agent and Supervisor Desktop
Software ...)
TODO: check
-CVE-2016-6441
- RESERVED
+CVE-2016-6441 (A vulnerability in the Transaction Language 1 (TL1) code of
Cisco ASR ...)
NOT-FOR-US: Cisco ASR 900 Series Aggregation Services Routers
CVE-2016-6440 (The Cisco Unified Communications Manager (CUCM) may be
vulnerable to ...)
TODO: check
@@ -8369,10 +8450,10 @@
TODO: check
CVE-2016-6431 (A vulnerability in the local Certificate Authority (CA) feature
of ...)
TODO: check
-CVE-2016-6430
- RESERVED
-CVE-2016-6429
- RESERVED
+CVE-2016-6430 (A vulnerability in the command-line interface of the Cisco IP
...)
+ TODO: check
+CVE-2016-6429 (A vulnerability in the web framework code of the Cisco IP ...)
+ TODO: check
CVE-2016-6428 (Cisco IOS XR 6.1.1 allows local users to execute arbitrary OS
commands ...)
TODO: check
CVE-2016-6427 (Cross-site request forgery (CSRF) vulnerability in Cisco
Unified ...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
