Author: sectracker
Date: 2016-10-14 21:10:14 +0000 (Fri, 14 Oct 2016)
New Revision: 45326
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-10-14 20:33:59 UTC (rev 45325)
+++ data/CVE/list 2016-10-14 21:10:14 UTC (rev 45326)
@@ -1,4 +1,135 @@
+CVE-2016-8665
+ RESERVED
+CVE-2016-8664
+ RESERVED
+CVE-2016-8663
+ RESERVED
+CVE-2016-8662
+ RESERVED
+CVE-2016-8661
+ RESERVED
+CVE-2016-8657
+ RESERVED
+CVE-2016-8656
+ RESERVED
+CVE-2016-8655
+ RESERVED
+CVE-2016-8654
+ RESERVED
+CVE-2016-8653
+ RESERVED
+CVE-2016-8652
+ RESERVED
+CVE-2016-8651
+ RESERVED
+CVE-2016-8650
+ RESERVED
+CVE-2016-8649
+ RESERVED
+CVE-2016-8648
+ RESERVED
+CVE-2016-8647
+ RESERVED
+CVE-2016-8646
+ RESERVED
+CVE-2016-8645
+ RESERVED
+CVE-2016-8644
+ RESERVED
+CVE-2016-8643
+ RESERVED
+CVE-2016-8642
+ RESERVED
+CVE-2016-8641
+ RESERVED
+CVE-2016-8640
+ RESERVED
+CVE-2016-8639
+ RESERVED
+CVE-2016-8638
+ RESERVED
+CVE-2016-8637
+ RESERVED
+CVE-2016-8636
+ RESERVED
+CVE-2016-8635
+ RESERVED
+CVE-2016-8634
+ RESERVED
+CVE-2016-8633
+ RESERVED
+CVE-2016-8632
+ RESERVED
+CVE-2016-8631
+ RESERVED
+CVE-2016-8630
+ RESERVED
+CVE-2016-8629
+ RESERVED
+CVE-2016-8628
+ RESERVED
+CVE-2016-8627
+ RESERVED
+CVE-2016-8626
+ RESERVED
+CVE-2016-8625
+ RESERVED
+CVE-2016-8624
+ RESERVED
+CVE-2016-8623
+ RESERVED
+CVE-2016-8622
+ RESERVED
+CVE-2016-8621
+ RESERVED
+CVE-2016-8620
+ RESERVED
+CVE-2016-8619
+ RESERVED
+CVE-2016-8618
+ RESERVED
+CVE-2016-8617
+ RESERVED
+CVE-2016-8616
+ RESERVED
+CVE-2016-8615
+ RESERVED
+CVE-2016-8614
+ RESERVED
+CVE-2016-8613
+ RESERVED
+CVE-2016-8612
+ RESERVED
+CVE-2016-8611
+ RESERVED
+CVE-2016-8610
+ RESERVED
+CVE-2016-8609
+ RESERVED
+CVE-2016-8608
+ RESERVED
+CVE-2016-8607
+ RESERVED
+CVE-2016-8604
+ RESERVED
+CVE-2016-8603
+ RESERVED
+CVE-2016-8600
+ RESERVED
+CVE-2016-8599
+ RESERVED
+CVE-2016-8598
+ RESERVED
+CVE-2016-8597
+ RESERVED
+CVE-2016-8596
+ RESERVED
+CVE-2016-8595
+ RESERVED
+CVE-2016-8594
+ RESERVED
CVE-2016-8666 [tunnels: Don't apply GRO to multiple layers of encapsulation]
+ RESERVED
- linux 4.6.1-1
[jessie] - linux 3.6.36-1
[wheezy] - linux <not-affected> (Vulnerable code introduced later)
@@ -6,19 +137,24 @@
NOTE: Introduced by:
htttps://git.kernel.org/linus/bf5a755f5e9186406bbf50f4087100af5bd68e40
NOTE: http://www.openwall.com/lists/oss-security/2016/10/13/11
CVE-2016-8660 [local DoS due to a page lock order bug in the XFS seek
hole/data implementation]
+ RESERVED
- linux <unfixed>
CVE-2016-8659 [privilege escalation via ptrace]
+ RESERVED
- bubblewrap 0.1.2-2 (bug #840605)
NOTE: https://github.com/projectatomic/bubblewrap/issues/107
CVE-2016-8658 [Broadcom Wifi Driver Brcmfmac brcmf_cfg80211_start_ap Buffer
Overflow]
+ RESERVED
- linux 4.7.5-1
NOTE: Fixed by:
https://git.kernel.org/linus/ded89912156b1a47d940a0c954c43afbabd0c42c (v4.8-rc8)
CVE-2016-8606 [REPL server vulnerable to HTTP inter-protocol attacks]
+ RESERVED
- guile-2.0 <unfixed> (low; bug #840555)
[jessie] - guile-2.0 <no-dsa> (Minor issue)
- guile-1.8 <not-affected> (repl server introduced in 2.0)
NOTE: Patch:
http://git.savannah.gnu.org/cgit/guile.git/commit/?h=stable-2.0&id=08c021916dbd3a235a9f9cc33df4c418c0724e03
CVE-2016-8605 [Thread-unsafe umask modification]
+ RESERVED
- guile-2.0 <unfixed> (low; bug #840556)
[jessie] - guile-2.0 <no-dsa> (Minor issue)
- guile-1.8 <not-affected> (repl server introduced in 2.0)
@@ -73,12 +209,12 @@
RESERVED
CVE-2016-8566
RESERVED
-CVE-2016-8565
- RESERVED
-CVE-2016-8564
- RESERVED
-CVE-2016-8563
- RESERVED
+CVE-2016-8565 (Siemens Automation License Manager (ALM) before 5.3 SP3 allows
remote ...)
+ TODO: check
+CVE-2016-8564 (SQL injection vulnerability in Siemens Automation License
Manager ...)
+ TODO: check
+CVE-2016-8563 (Siemens Automation License Manager (ALM) before 5.3 SP3 Update
1 ...)
+ TODO: check
CVE-2016-8562
RESERVED
CVE-2016-8561
@@ -250,11 +386,13 @@
- dwarfutils <unfixed>
NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2016/10/08/13
CVE-2016-8602 [type confusion]
+ RESERVED
{DSA-3691-1}
- ghostscript <unfixed> (bug #840451)
NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=697203
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=f5c7555c30393e64ec1f5ab0dfae5b55b3b3fc78
CVE-2016-8601 [do_blockdev_direct_IO invalid memory access]
+ RESERVED
- linux <not-affected> (Vulnerable code introduced later in 4.8
development)
NOTE:
https://gist.github.com/marcograss/40850adb3c599ac38e0beac31617d56b
CVE-2016-8578 [9pfs: potential NULL dereferencein 9pfs routines]
@@ -2181,10 +2319,10 @@
RESERVED
CVE-2016-7961
RESERVED
-CVE-2016-7960
- RESERVED
-CVE-2016-7959
- RESERVED
+CVE-2016-7960 (Siemens SIMATIC STEP 7 (TIA Portal) before 14 uses an improper
format ...)
+ TODO: check
+CVE-2016-7959 (Siemens SIMATIC STEP 7 (TIA Portal) before 14 improperly stores
...)
+ TODO: check
CVE-2016-7958
RESERVED
CVE-2016-7957
@@ -2579,14 +2717,12 @@
NOTE: http://bugs.clusterlabs.org/show_bug.cgi?id=5269
NOTE: Fixed by:
https://github.com/ClusterLabs/pacemaker/commit/5ec24a2642bd0854b884d1a9b51d12371373b410
(Pacemaker-1.1.15-rc1)
NOTE: Vulnerable code introduced in:
https://github.com/ClusterLabs/pacemaker/commit/87f40917feb5109f827d83765c924acbbd824379
(Pacemaker-1.1.12-rc1)
-CVE-2016-7796
- RESERVED
+CVE-2016-7796 (The manager_dispatch_notify_fd function in systemd allows local
users ...)
- systemd 231-9 (bug #839607)
[jessie] - systemd <no-dsa> (Proposed to be fixed via point release)
NOTE:
https://github.com/systemd/systemd/issues/4234#issuecomment-250441246
NOTE: Fixed by: https://github.com/systemd/systemd/pull/4240
-CVE-2016-7795
- RESERVED
+CVE-2016-7795 (The manager_invoke_notify_message function in systemd 231 and
earlier ...)
- systemd 231-9 (bug #839171)
[jessie] - systemd <not-affected> (Introduced in 219)
[wheezy] - systemd <not-affected> (Introduced in 219)
@@ -3348,8 +3484,8 @@
RESERVED
CVE-2016-7438
RESERVED
-CVE-2016-7437
- RESERVED
+CVE-2016-7437 (SAP Netweaver 7.40 improperly logs (1) DUI and (2) DUJ events
in the ...)
+ TODO: check
CVE-2016-7436
RESERVED
CVE-2016-7435 (The (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2)
SCTC_REFRESH_CHECK_ENV, and ...)
@@ -3875,8 +4011,8 @@
RESERVED
CVE-2016-7212
RESERVED
-CVE-2016-7211
- RESERVED
+CVE-2016-7211 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows
Server ...)
+ TODO: check
CVE-2016-7210
RESERVED
CVE-2016-7209
@@ -3909,32 +4045,32 @@
RESERVED
CVE-2016-7195
RESERVED
-CVE-2016-7194
- RESERVED
-CVE-2016-7193
- RESERVED
+CVE-2016-7194 (The Chakra JavaScript engine in Microsoft Edge allows remote
attackers ...)
+ TODO: check
+CVE-2016-7193 (Microsoft Word 2007 SP2, Office 2010 SP2, Word 2013 SP1, Word
2013 RT ...)
+ TODO: check
CVE-2016-7192
RESERVED
CVE-2016-7191 (The Microsoft Azure Active Directory Passport (aka
Passport-Azure-AD) ...)
NOT-FOR-US: Microsoft Azure Active Directory Passport
-CVE-2016-7190
- RESERVED
-CVE-2016-7189
- RESERVED
-CVE-2016-7188
- RESERVED
+CVE-2016-7190 (The Chakra JavaScript engine in Microsoft Edge allows remote
attackers ...)
+ TODO: check
+CVE-2016-7189 (The Chakra JavaScript engine in Microsoft Edge allows remote
attackers ...)
+ TODO: check
+CVE-2016-7188 (The Standard Collector Service in Windows Diagnostics Hub in
Microsoft ...)
+ TODO: check
CVE-2016-7187
RESERVED
CVE-2016-7186
RESERVED
-CVE-2016-7185
- RESERVED
+CVE-2016-7185 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows
Server ...)
+ TODO: check
CVE-2016-7184
RESERVED
CVE-2016-7183
RESERVED
-CVE-2016-7182
- RESERVED
+CVE-2016-7182 (The Graphics component in Microsoft Windows Vista SP2; Windows
Server ...)
+ TODO: check
CVE-2016-7181
RESERVED
CVE-2016-7393 [stack-based buffer overflow in aac_sync (aac_parser.c)]
@@ -4511,8 +4647,7 @@
RESERVED
CVE-2016-7066
RESERVED
-CVE-2016-7065
- RESERVED
+CVE-2016-7065 (The JMX servlet in Red Hat JBoss Enterprise Application
Platform (EAP) ...)
NOT-FOR-US: Red Hat JBoss EAP
CVE-2016-7064
RESERVED
@@ -4629,186 +4764,176 @@
RESERVED
CVE-2016-7020 (Use-after-free vulnerability in Adobe Flash Player before
18.0.0.366 ...)
NOT-FOR-US: Adobe Flash Player
-CVE-2016-7019
- RESERVED
-CVE-2016-7018
- RESERVED
-CVE-2016-7017
- RESERVED
-CVE-2016-7016
- RESERVED
-CVE-2016-7015
- RESERVED
-CVE-2016-7014
- RESERVED
-CVE-2016-7013
- RESERVED
-CVE-2016-7012
- RESERVED
-CVE-2016-7011
- RESERVED
-CVE-2016-7010
- RESERVED
-CVE-2016-7009
- RESERVED
-CVE-2016-7008
- RESERVED
-CVE-2016-7007
- RESERVED
-CVE-2016-7006
- RESERVED
-CVE-2016-7005
- RESERVED
-CVE-2016-7004
- RESERVED
-CVE-2016-7003
- RESERVED
-CVE-2016-7002
- RESERVED
-CVE-2016-7001
- RESERVED
-CVE-2016-7000
- RESERVED
-CVE-2016-6999
- RESERVED
-CVE-2016-6998
- RESERVED
-CVE-2016-6997
- RESERVED
-CVE-2016-6996
- RESERVED
-CVE-2016-6995
- RESERVED
-CVE-2016-6994
- RESERVED
-CVE-2016-6993
- RESERVED
-CVE-2016-6992
- RESERVED
+CVE-2016-7019 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat
Reader DC ...)
+ TODO: check
+CVE-2016-7018 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat
Reader DC ...)
+ TODO: check
+CVE-2016-7017 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat
Reader DC ...)
+ TODO: check
+CVE-2016-7016 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat
Reader DC ...)
+ TODO: check
+CVE-2016-7015 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat
Reader DC ...)
+ TODO: check
+CVE-2016-7014 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat
Reader DC ...)
+ TODO: check
+CVE-2016-7013 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat
Reader DC ...)
+ TODO: check
+CVE-2016-7012 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat
Reader DC ...)
+ TODO: check
+CVE-2016-7011 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat
Reader DC ...)
+ TODO: check
+CVE-2016-7010 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat
Reader DC ...)
+ TODO: check
+CVE-2016-7009 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat
Reader DC ...)
+ TODO: check
+CVE-2016-7008 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat
Reader DC ...)
+ TODO: check
+CVE-2016-7007 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat
Reader DC ...)
+ TODO: check
+CVE-2016-7006 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat
Reader DC ...)
+ TODO: check
+CVE-2016-7005 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat
Reader DC ...)
+ TODO: check
+CVE-2016-7004 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat
Reader DC ...)
+ TODO: check
+CVE-2016-7003 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat
Reader DC ...)
+ TODO: check
+CVE-2016-7002 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat
Reader DC ...)
+ TODO: check
+CVE-2016-7001 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat
Reader DC ...)
+ TODO: check
+CVE-2016-7000 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat
Reader DC ...)
+ TODO: check
+CVE-2016-6999 (Integer overflow in Adobe Reader and Acrobat before 11.0.18,
Acrobat ...)
+ TODO: check
+CVE-2016-6998 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat
Reader DC ...)
+ TODO: check
+CVE-2016-6997 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat
Reader DC ...)
+ TODO: check
+CVE-2016-6996 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat
Reader DC ...)
+ TODO: check
+CVE-2016-6995 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat
Reader DC ...)
+ TODO: check
+CVE-2016-6994 (Heap-based buffer overflow in Adobe Reader and Acrobat before
11.0.18, ...)
+ TODO: check
+CVE-2016-6993 (Use-after-free vulnerability in Adobe Reader and Acrobat before
...)
+ TODO: check
+CVE-2016-6992 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x
before ...)
NOT-FOR-US: Adobe
CVE-2016-6991
RESERVED
-CVE-2016-6990
- RESERVED
+CVE-2016-6990 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x
before ...)
NOT-FOR-US: Adobe
-CVE-2016-6989
- RESERVED
+CVE-2016-6989 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x
before ...)
NOT-FOR-US: Adobe
-CVE-2016-6988
- RESERVED
-CVE-2016-6987
- RESERVED
+CVE-2016-6988 (Use-after-free vulnerability in Adobe Reader and Acrobat before
...)
+ TODO: check
+CVE-2016-6987 (Use-after-free vulnerability in Adobe Flash Player before
18.0.0.382 ...)
NOT-FOR-US: Adobe
-CVE-2016-6986
- RESERVED
+CVE-2016-6986 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x
before ...)
NOT-FOR-US: Adobe
-CVE-2016-6985
- RESERVED
+CVE-2016-6985 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x
before ...)
NOT-FOR-US: Adobe
-CVE-2016-6984
- RESERVED
+CVE-2016-6984 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x
before ...)
NOT-FOR-US: Adobe
-CVE-2016-6983
- RESERVED
+CVE-2016-6983 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x
before ...)
NOT-FOR-US: Adobe
-CVE-2016-6982
- RESERVED
+CVE-2016-6982 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x
before ...)
NOT-FOR-US: Adobe
-CVE-2016-6981
- RESERVED
+CVE-2016-6981 (Use-after-free vulnerability in Adobe Flash Player before
18.0.0.382 ...)
NOT-FOR-US: Adobe
CVE-2016-6980 (Use-after-free vulnerability in Adobe Digital Editions before
4.5.2 ...)
NOT-FOR-US: Adobe
-CVE-2016-6979
- RESERVED
-CVE-2016-6978
- RESERVED
-CVE-2016-6977
- RESERVED
-CVE-2016-6976
- RESERVED
-CVE-2016-6975
- RESERVED
-CVE-2016-6974
- RESERVED
-CVE-2016-6973
- RESERVED
-CVE-2016-6972
- RESERVED
-CVE-2016-6971
- RESERVED
-CVE-2016-6970
- RESERVED
-CVE-2016-6969
- RESERVED
-CVE-2016-6968
- RESERVED
-CVE-2016-6967
- RESERVED
-CVE-2016-6966
- RESERVED
-CVE-2016-6965
- RESERVED
-CVE-2016-6964
- RESERVED
-CVE-2016-6963
- RESERVED
-CVE-2016-6962
- RESERVED
-CVE-2016-6961
- RESERVED
-CVE-2016-6960
- RESERVED
-CVE-2016-6959
- RESERVED
-CVE-2016-6958
- RESERVED
-CVE-2016-6957
- RESERVED
-CVE-2016-6956
- RESERVED
-CVE-2016-6955
- RESERVED
-CVE-2016-6954
- RESERVED
-CVE-2016-6953
- RESERVED
-CVE-2016-6952
- RESERVED
-CVE-2016-6951
- RESERVED
-CVE-2016-6950
- RESERVED
-CVE-2016-6949
- RESERVED
-CVE-2016-6948
- RESERVED
-CVE-2016-6947
- RESERVED
-CVE-2016-6946
- RESERVED
-CVE-2016-6945
- RESERVED
-CVE-2016-6944
- RESERVED
-CVE-2016-6943
- RESERVED
-CVE-2016-6942
- RESERVED
-CVE-2016-6941
- RESERVED
-CVE-2016-6940
- RESERVED
-CVE-2016-6939
- RESERVED
+CVE-2016-6979 (Use-after-free vulnerability in Adobe Reader and Acrobat before
...)
+ TODO: check
+CVE-2016-6978 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat
Reader DC ...)
+ TODO: check
+CVE-2016-6977 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat
Reader DC ...)
+ TODO: check
+CVE-2016-6976 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat
Reader DC ...)
+ TODO: check
+CVE-2016-6975 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat
Reader DC ...)
+ TODO: check
+CVE-2016-6974 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat
Reader DC ...)
+ TODO: check
+CVE-2016-6973 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat
Reader DC ...)
+ TODO: check
+CVE-2016-6972 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat
Reader DC ...)
+ TODO: check
+CVE-2016-6971 (Use-after-free vulnerability in Adobe Reader and Acrobat before
...)
+ TODO: check
+CVE-2016-6970 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat
Reader DC ...)
+ TODO: check
+CVE-2016-6969 (Use-after-free vulnerability in Adobe Reader and Acrobat before
...)
+ TODO: check
+CVE-2016-6968 (Use-after-free vulnerability in Adobe Reader and Acrobat before
...)
+ TODO: check
+CVE-2016-6967 (Use-after-free vulnerability in Adobe Reader and Acrobat before
...)
+ TODO: check
+CVE-2016-6966 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat
Reader DC ...)
+ TODO: check
+CVE-2016-6965 (Use-after-free vulnerability in Adobe Reader and Acrobat before
...)
+ TODO: check
+CVE-2016-6964 (Use-after-free vulnerability in Adobe Reader and Acrobat before
...)
+ TODO: check
+CVE-2016-6963 (Use-after-free vulnerability in Adobe Reader and Acrobat before
...)
+ TODO: check
+CVE-2016-6962 (Use-after-free vulnerability in Adobe Reader and Acrobat before
...)
+ TODO: check
+CVE-2016-6961 (Use-after-free vulnerability in Adobe Reader and Acrobat before
...)
+ TODO: check
+CVE-2016-6960 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat
Reader DC ...)
+ TODO: check
+CVE-2016-6959 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat
Reader DC ...)
+ TODO: check
+CVE-2016-6958 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat
Reader DC ...)
+ TODO: check
+CVE-2016-6957 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat
Reader DC ...)
+ TODO: check
+CVE-2016-6956 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat
Reader DC ...)
+ TODO: check
+CVE-2016-6955 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat
Reader DC ...)
+ TODO: check
+CVE-2016-6954 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat
Reader DC ...)
+ TODO: check
+CVE-2016-6953 (Use-after-free vulnerability in Adobe Reader and Acrobat before
...)
+ TODO: check
+CVE-2016-6952 (Use-after-free vulnerability in Adobe Reader and Acrobat before
...)
+ TODO: check
+CVE-2016-6951 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat
Reader DC ...)
+ TODO: check
+CVE-2016-6950 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat
Reader DC ...)
+ TODO: check
+CVE-2016-6949 (Use-after-free vulnerability in Adobe Reader and Acrobat before
...)
+ TODO: check
+CVE-2016-6948 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat
Reader DC ...)
+ TODO: check
+CVE-2016-6947 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat
Reader DC ...)
+ TODO: check
+CVE-2016-6946 (Use-after-free vulnerability in Adobe Reader and Acrobat before
...)
+ TODO: check
+CVE-2016-6945 (Use-after-free vulnerability in Adobe Reader and Acrobat before
...)
+ TODO: check
+CVE-2016-6944 (Use-after-free vulnerability in Adobe Reader and Acrobat before
...)
+ TODO: check
+CVE-2016-6943 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat
Reader DC ...)
+ TODO: check
+CVE-2016-6942 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat
Reader DC ...)
+ TODO: check
+CVE-2016-6941 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat
Reader DC ...)
+ TODO: check
+CVE-2016-6940 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat
Reader DC ...)
+ TODO: check
+CVE-2016-6939 (Heap-based buffer overflow in Adobe Reader and Acrobat before
11.0.18, ...)
+ TODO: check
CVE-2016-6938 (Use-after-free vulnerability in Adobe Reader and Acrobat before
...)
NOT-FOR-US: Adobe
CVE-2016-6937 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat
Reader DC ...)
NOT-FOR-US: Adobe
CVE-2016-6936 (Adobe AIR SDK & Compiler before 23.0.0.257 on Windows does
not support ...)
NOT-FOR-US: Adobe
-CVE-2016-6935
- RESERVED
+CVE-2016-6935 (Unquoted Windows search path vulnerability in Adobe Creative
Cloud ...)
+ TODO: check
CVE-2016-6934
RESERVED
CVE-2016-6933
@@ -6770,8 +6895,7 @@
NOTE: Introduced by:
https://git.kernel.org/linus/3e4f574857eebce60bb56d7524f3f9eaa2a126d0 (v3.8-rc1)
CVE-2016-6326
RESERVED
-CVE-2016-6325
- RESERVED
+CVE-2016-6325 (The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through
7, ...)
- tomcat8 <not-affected> (Red Hat and derivatives packaging specific)
- tomcat7 <not-affected> (Red Hat and derivatives packaging specific)
- tomcat6 <not-affected> (Red Hat and derivatives packaging specific)
@@ -9714,8 +9838,7 @@
NOTE: Added workaround to mark first 4.x version in unstable as fixed.
NOTE: https://doc.powerdns.com/md/security/powerdns-advisory-2016-01/
NOTE:
https://github.com/PowerDNS/pdns/commit/881b5b03a590198d03008e4200dd00cc537712f3
-CVE-2016-5425
- RESERVED
+CVE-2016-5425 (The Tomcat package on Red Hat Enterprise Linux (RHEL) 7,
Fedora, ...)
- tomcat8 <not-affected> (Red Hat and derivatives packaging specific)
- tomcat7 <not-affected> (Red Hat and derivatives packaging specific)
- tomcat6 <not-affected> (Red Hat and derivatives packaging specific)
@@ -13618,8 +13741,8 @@
RESERVED
CVE-2016-4408
RESERVED
-CVE-2016-4407
- RESERVED
+CVE-2016-4407 (The DSA algorithm implementation in SAP SAPCRYPTOLIB 5.555.38
does not ...)
+ TODO: check
CVE-2016-4406
RESERVED
CVE-2016-4405
@@ -13921,8 +14044,7 @@
RESERVED
CVE-2016-4287 (Integer overflow in Adobe Flash Player before 18.0.0.375 and
19.x ...)
NOT-FOR-US: Adobe Flash
-CVE-2016-4286
- RESERVED
+CVE-2016-4286 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x
before ...)
NOT-FOR-US: Adobe
CVE-2016-4285 (Adobe Flash Player before 18.0.0.375 and 19.x through 23.x
before ...)
NOT-FOR-US: Adobe Flash
@@ -13948,8 +14070,7 @@
NOT-FOR-US: Adobe Flash
CVE-2016-4274 (Adobe Flash Player before 18.0.0.375 and 19.x through 23.x
before ...)
NOT-FOR-US: Adobe Flash
-CVE-2016-4273
- RESERVED
+CVE-2016-4273 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x
before ...)
NOT-FOR-US: Adobe
CVE-2016-4272 (Use-after-free vulnerability in Adobe Flash Player before
18.0.0.375 ...)
NOT-FOR-US: Adobe Flash
@@ -14977,8 +15098,8 @@
CVE-2016-3958 (Untrusted search path vulnerability in Go before 1.5.4 and
1.6.x ...)
- golang <not-affected> (Only affects Go on Windows)
NOTE: https://golang.org/cl/21428
-CVE-2016-3946
- RESERVED
+CVE-2016-3946 (SAP Console (aka SAPConsole) 7.30 allows local users to
discover SAP ...)
+ TODO: check
CVE-2016-3945 (Multiple integer overflows in the (1) cvt_by_strip and (2)
cvt_by_tile ...)
{DLA-610-1}
- tiff <unfixed>
@@ -15785,14 +15906,14 @@
TODO: check
CVE-2016-3639 (SAP HANA DB 1.00.091.00.1418659308 allows remote attackers to
obtain ...)
TODO: check
-CVE-2016-3638
- RESERVED
+CVE-2016-3638 (SAP SLD Registration Program (aka SLDREG) allows local users to
cause ...)
+ TODO: check
CVE-2016-3637
RESERVED
CVE-2016-3636
RESERVED
-CVE-2016-3635
- RESERVED
+CVE-2016-3635 (SAP Netweaver 7.4 allows remote authenticated users to bypass
an ...)
+ TODO: check
CVE-2016-3634 (The tagCompare function in tif_dirinfo.c in the thumbnail tool
in ...)
- tiff <unfixed>
[jessie] - tiff <no-dsa> (Minor issue)
@@ -16444,36 +16565,36 @@
NOT-FOR-US: Tivoli
CVE-2016-3397
RESERVED
-CVE-2016-3396
- RESERVED
+CVE-2016-3396 (Graphics Device Interface (aka GDI or GDI+) in Microsoft
Windows Vista ...)
+ TODO: check
CVE-2016-3395
RESERVED
CVE-2016-3394
RESERVED
-CVE-2016-3393
- RESERVED
-CVE-2016-3392
- RESERVED
-CVE-2016-3391
- RESERVED
-CVE-2016-3390
- RESERVED
-CVE-2016-3389
- RESERVED
-CVE-2016-3388
- RESERVED
-CVE-2016-3387
- RESERVED
-CVE-2016-3386
- RESERVED
-CVE-2016-3385
- RESERVED
-CVE-2016-3384
- RESERVED
-CVE-2016-3383
- RESERVED
-CVE-2016-3382
- RESERVED
+CVE-2016-3393 (Graphics Device Interface (aka GDI or GDI+) in Microsoft
Windows Vista ...)
+ TODO: check
+CVE-2016-3392 (The Edge Content Security Policy feature in Microsoft Edge does
not ...)
+ TODO: check
+CVE-2016-3391 (Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow
...)
+ TODO: check
+CVE-2016-3390 (The scripting engines in Microsoft Internet Explorer 11 and
Microsoft ...)
+ TODO: check
+CVE-2016-3389 (The Chakra JavaScript engine in Microsoft Edge allows remote
attackers ...)
+ TODO: check
+CVE-2016-3388 (Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not
...)
+ TODO: check
+CVE-2016-3387 (Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not
...)
+ TODO: check
+CVE-2016-3386 (The Chakra JavaScript engine in Microsoft Edge allows remote
attackers ...)
+ TODO: check
+CVE-2016-3385 (The scripting engine in Microsoft Internet Explorer 9 through
11 ...)
+ TODO: check
+CVE-2016-3384 (Microsoft Internet Explorer 9 through 11 allows remote
attackers to ...)
+ TODO: check
+CVE-2016-3383 (Microsoft Internet Explorer 10 and 11 allows remote attackers
to ...)
+ TODO: check
+CVE-2016-3382 (The scripting engines in Microsoft Internet Explorer 9 through
11 and ...)
+ TODO: check
CVE-2016-3381 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel
2013 ...)
TODO: check
CVE-2016-3380
@@ -16484,8 +16605,8 @@
TODO: check
CVE-2016-3377 (The Chakra JavaScript engine in Microsoft Edge allows remote
attackers ...)
TODO: check
-CVE-2016-3376
- RESERVED
+CVE-2016-3376 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows
Server ...)
+ TODO: check
CVE-2016-3375 (The OLE Automation mechanism and VBScript scripting engine in
...)
TODO: check
CVE-2016-3374 (The PDF library in Microsoft Edge, Windows 8.1, Windows Server
2012 ...)
@@ -16554,8 +16675,8 @@
RESERVED
CVE-2016-3342
RESERVED
-CVE-2016-3341
- RESERVED
+CVE-2016-3341 (The kernel-mode drivers in Transaction Manager in Microsoft
Windows ...)
+ TODO: check
CVE-2016-3340
RESERVED
CVE-2016-3339
@@ -16574,8 +16695,8 @@
RESERVED
CVE-2016-3332
RESERVED
-CVE-2016-3331
- RESERVED
+CVE-2016-3331 (Microsoft Internet Explorer 11 and Microsoft Edge allow remote
...)
+ TODO: check
CVE-2016-3330 (Microsoft Edge allows remote attackers to execute arbitrary
code or ...)
TODO: check
CVE-2016-3329 (Microsoft Internet Explorer 9 through 11 and Edge allow remote
...)
@@ -16640,8 +16761,8 @@
TODO: check
CVE-2016-3299 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2
SP1, ...)
TODO: check
-CVE-2016-3298
- RESERVED
+CVE-2016-3298 (Microsoft Internet Explorer 9 through 11 and the Internet
Messaging ...)
+ TODO: check
CVE-2016-3297 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge
allow ...)
TODO: check
CVE-2016-3296 (The Chakra JavaScript engine in Microsoft Edge allows remote
attackers ...)
@@ -16696,24 +16817,24 @@
TODO: check
CVE-2016-3271 (The VBScript engine in Microsoft Edge allows remote attackers
to ...)
TODO: check
-CVE-2016-3270
- RESERVED
+CVE-2016-3270 (The Graphics component in the kernel in Microsoft Windows Vista
SP2; ...)
+ TODO: check
CVE-2016-3269 (The Chakra JavaScript engine in Microsoft Edge allows remote
attackers ...)
TODO: check
CVE-2016-3268
RESERVED
-CVE-2016-3267
- RESERVED
-CVE-2016-3266
- RESERVED
+CVE-2016-3267 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge
allow ...)
+ TODO: check
+CVE-2016-3266 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows
Server ...)
+ TODO: check
CVE-2016-3265 (The Chakra JavaScript engine in Microsoft Edge allows remote
attackers ...)
TODO: check
CVE-2016-3264 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge
allow ...)
NOT-FOR-US: Microsoft
-CVE-2016-3263
- RESERVED
-CVE-2016-3262
- RESERVED
+CVE-2016-3263 (Graphics Device Interface (aka GDI or GDI+) in Microsoft
Windows Vista ...)
+ TODO: check
+CVE-2016-3262 (Graphics Device Interface (aka GDI or GDI+) in Microsoft
Windows Vista ...)
+ TODO: check
CVE-2016-3261 (Microsoft Internet Explorer 11 allows remote attackers to
obtain ...)
NOT-FOR-US: Microsoft
CVE-2016-3260 (The Microsoft (1) JScript 9, (2) VBScript, and (3) Chakra
JavaScript ...)
@@ -16818,8 +16939,8 @@
NOT-FOR-US: Microsoft
CVE-2016-3210 (The Microsoft (1) JScript and (2) VBScript engines, as used in
...)
TODO: check
-CVE-2016-3209
- RESERVED
+CVE-2016-3209 (Graphics Device Interface (aka GDI or GDI+) in Microsoft
Windows Vista ...)
+ TODO: check
CVE-2016-3208
RESERVED
CVE-2016-3207 (The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8
engines, as ...)
@@ -17304,8 +17425,8 @@
RESERVED
CVE-2016-3057
RESERVED
-CVE-2016-3056
- RESERVED
+CVE-2016-3056 (Cross-site scripting (XSS) vulnerability in Business Space in
IBM ...)
+ TODO: check
CVE-2016-3055
RESERVED
CVE-2016-3054 (Cross-site scripting (XSS) vulnerability in IBM FileNet
Workplace ...)
@@ -24532,12 +24653,12 @@
NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1092 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat
Reader DC ...)
NOT-FOR-US: Adobe Reader and Acrobat
-CVE-2016-1091
- RESERVED
+CVE-2016-1091 (Use-after-free vulnerability in Adobe Reader and Acrobat before
...)
+ TODO: check
CVE-2016-1090 (Untrusted search path vulnerability in Adobe Reader and Acrobat
before ...)
NOT-FOR-US: Adobe Reader and Acrobat
-CVE-2016-1089
- RESERVED
+CVE-2016-1089 (Use-after-free vulnerability in Adobe Reader and Acrobat before
...)
+ TODO: check
CVE-2016-1088 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat
Reader DC ...)
NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1087 (Untrusted search path vulnerability in Adobe Reader and Acrobat
before ...)
@@ -27476,8 +27597,8 @@
RESERVED
CVE-2016-0143 (The kernel-mode driver in Microsoft Windows Vista SP2, Windows
Server ...)
NOT-FOR-US: Microsoft Windows
-CVE-2016-0142
- RESERVED
+CVE-2016-0142 (Video Control in Microsoft Windows Vista SP2, Windows 7 SP1,
Windows ...)
+ TODO: check
CVE-2016-0141 (The Visual Basic macros in Microsoft Office 2007 SP3, 2010 SP2,
2013 ...)
TODO: check
CVE-2016-0140 (Microsoft Office 2007 SP3, Office 2010 SP2, Word Automation
Services ...)
@@ -27602,26 +27723,26 @@
RESERVED
CVE-2016-0080 (Microsoft Edge mishandles exceptions during window-message
dispatch ...)
NOT-FOR-US: Microsoft
-CVE-2016-0079
- RESERVED
+CVE-2016-0079 (The kernel in Microsoft Windows 10 Gold, 1511, and 1607 allows
local ...)
+ TODO: check
CVE-2016-0078
RESERVED
CVE-2016-0077 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge
misparse ...)
NOT-FOR-US: Microsoft
CVE-2016-0076
RESERVED
-CVE-2016-0075
- RESERVED
+CVE-2016-0075 (The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold
and R2, ...)
+ TODO: check
CVE-2016-0074
RESERVED
-CVE-2016-0073
- RESERVED
+CVE-2016-0073 (The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold
and R2, ...)
+ TODO: check
CVE-2016-0072 (Microsoft Internet Explorer 9 through 11 allows remote
attackers to ...)
NOT-FOR-US: Microsoft
CVE-2016-0071 (Microsoft Internet Explorer 9 allows remote attackers to
execute ...)
NOT-FOR-US: Microsoft
-CVE-2016-0070
- RESERVED
+CVE-2016-0070 (The kernel in Microsoft Windows Vista SP2, Windows Server 2008
SP2 and ...)
+ TODO: check
CVE-2016-0069 (Microsoft Internet Explorer 9 through 11 allows remote
attackers to ...)
NOT-FOR-US: Microsoft
CVE-2016-0068 (Microsoft Internet Explorer 9 through 11 allows remote
attackers to ...)
@@ -205389,7 +205510,7 @@
NOT-FOR-US: Microsoft
CVE-2006-0798 (Multiple directory traversal vulnerabilities in the IMAP
service in ...)
NOT-FOR-US: Macallan Mail Solution
-CVE-2006-0797 (Nokia N70 cell phone allows remote attackers to caues a denial
of ...)
+CVE-2006-0797 (Nokia N70 cell phone allows remote attackers to cause a denial
of ...)
NOT-FOR-US: Nokia cell phone
CVE-2006-0796 (Cross-site scripting (XSS) vulnerability in default.php in
Clever Copy ...)
NOT-FOR-US: Clever Copy
@@ -217739,7 +217860,7 @@
NOT-FOR-US: FishCart
CVE-2005-1486 (Multiple cross-site scripting vulnerabilities in FishCart 3.1
allow ...)
NOT-FOR-US: FishCart
-CVE-2005-1485 (Golden FTP Server Pro allows 2.52 allows remote attackers to
obtain ...)
+CVE-2005-1485 (Golden FTP Server Pro 2.52 allows remote attackers to obtain
sensitive ...)
NOT-FOR-US: Golden FTP Server Pro
CVE-2005-1484 (Directory traversal vulnerability in Golden FTP server pro 2.52
allows ...)
NOT-FOR-US: Golden FTP Server Pro
@@ -221547,7 +221668,7 @@
NOT-FOR-US: FTP server in TriDComm
CVE-2004-1582 (PHP remote file inclusion vulnerability in BlackBoard 1.5.1
allows ...)
NOT-FOR-US: BlackBoard
-CVE-2004-1581 (BlackBoard 1.5.1 allows remote attackers to gains sensitive ...)
+CVE-2004-1581 (BlackBoard 1.5.1 allows remote attackers to gain sensitive
information ...)
NOT-FOR-US: BlackBoard
CVE-2004-1580 (SQL injection vulnerability in index.php in CubeCart 2.0.1
allows ...)
NOT-FOR-US: CubeCart
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
