Author: sectracker
Date: 2017-01-25 21:10:12 +0000 (Wed, 25 Jan 2017)
New Revision: 48381

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-01-25 18:19:49 UTC (rev 48380)
+++ data/CVE/list       2017-01-25 21:10:12 UTC (rev 48381)
@@ -1,3 +1,17 @@
+CVE-2017-5588
+       RESERVED
+CVE-2017-5587
+       RESERVED
+CVE-2017-5586
+       RESERVED
+CVE-2017-5585
+       RESERVED
+CVE-2017-5584
+       RESERVED
+CVE-2017-5583
+       RESERVED
+CVE-2017-5582
+       RESERVED
 CVE-2017-XXXX [jasper: heap-based buffer overflow in jpc_dec_decodepkt 
(jpc_t2dec.c)]
        - jasper <unfixed>
        NOTE: Upstream bug: https://github.com/mdadams/jasper/issues/114
@@ -36,40 +50,48 @@
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1367357
        NOTE: 
https://github.com/mm2/Little-CMS/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2
 CVE-2016-10164 [heap overflow]
+       RESERVED
        - libxpm 1:3.5.12-1
        NOTE: Fixed by: 
https://cgit.freedesktop.org/xorg/lib/libXpm/commit/?id=d1167418f0fd02a27f617ec5afd6db053afbe185
        NOTE: http://www.openwall.com/lists/oss-security/2017/01/22/2
 CVE-2016-10163 [host memory leakage when creating decode context]
+       RESERVED
        - virglrenderer <unfixed> (bug #852603)
        NOTE: 
https://cgit.freedesktop.org/virglrenderer/commit/?id=747a293ff6055203e529f083896b823e22523fe7
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1415944
 CVE-2017-5581
+       RESERVED
        - tigervnc <unfixed> (bug #852213)
        NOTE: https://github.com/TigerVNC/tigervnc/pull/399
        NOTE: 
https://github.com/TigerVNC/tigervnc/commit/18c020124ff1b2441f714da2017f63dba50720ba
 CVE-2017-5580 [OOB access while parsing texture instruction]
+       RESERVED
        - virglrenderer <unfixed> (bug #852604)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1415986
        NOTE: 
https://lists.freedesktop.org/archives/virglrenderer-devel/2017-January/000105.html
 CVE-2017-5579 [serial: host memory leakage in 16550A UART emulation]
+       RESERVED
        - qemu <unfixed>
        - qemu-kvm <removed>
        NOTE: 
http://git.qemu.org/?p=qemu.git;a=commit;h=8409dc884a201bf74b30a9d232b6bbdd00cb7e2b
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1416157
        TODO: check
 CVE-2017-5578 [display: virtio-gpu: host memory leakage in 
virtio_gpu_resource_attach_backing]
+       RESERVED
        - qemu <unfixed>
        - qemu-kvm <removed>
        NOTE: 
http://git.qemu.org/?p=qemu.git;a=commit;h=204f01b30975923c64006f8067f0937b91eea68b
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1415795
        TODO: check affected versions
 CVE-2017-5577 [drm/vc4: Return -EINVAL on the overflow checks failing]
+       RESERVED
        - linux <unfixed>
        [jessie] - linux <not-affected> (Vulnerable code introduced later)
        [wheezy] - linux <not-affected> (Vulnerable code introduced later)
        NOTE: https://lkml.org/lkml/2017/1/17/759
        NOTE: Introduced by: 
https://github.com/torvalds/linux/commit/d5b1a78a772f1e31a94f8babfa964152ec5e9aa5
 (4.5-rc1)
 CVE-2017-5576 [drm/vc4: Fix an integer overflow in temporary allocation layout]
+       RESERVED
        - linux <unfixed>
        [jessie] - linux <not-affected> (Vulnerable code introduced later)
        [wheezy] - linux <not-affected> (Vulnerable code introduced later)
@@ -85,10 +107,10 @@
        RESERVED
 CVE-2017-5571
        RESERVED
-CVE-2017-5570
-       RESERVED
-CVE-2017-5569
-       RESERVED
+CVE-2017-5570 (An issue was discovered in eClinicalWorks Patient Portal 7.0 
build 13. ...)
+       TODO: check
+CVE-2017-5569 (An issue was discovered in eClinicalWorks Patient Portal 7.0 
build 13. ...)
+       TODO: check
 CVE-2017-5568
        RESERVED
 CVE-2017-5567
@@ -160,30 +182,30 @@
        RESERVED
 CVE-2017-5527
        RESERVED
-CVE-2016-10162 [NULL Pointer Dereference while unserialize php object]
+CVE-2016-10162 (The php_wddx_pop_element function in ext/wddx/wddx.c in PHP 
7.0.x ...)
        - php7.1 <unfixed>
        - php7.0 7.0.15-1
        NOTE: PHP Bug: http://bugs.php.net/73831
        NOTE: Fixed in 7.0.15, 7.1.1
-CVE-2016-10161 [Heap out of bounds read on unserialize in finish_nested_data()]
+CVE-2016-10161 (The object_common1 function in ext/standard/var_unserializer.c 
in PHP ...)
        - php7.1 <unfixed>
        - php7.0 7.0.15-1
        - php5 <removed>
        NOTE: PHP Bug: http://bugs.php.net/73825
        NOTE: Fixed in 5.6.30, 7.0.15, 7.1.1
-CVE-2016-10160 [Memory corruption when loading hostile phar]
+CVE-2016-10160 (Off-by-one error in the phar_parse_pharfile function in ...)
        - php7.1 <unfixed>
        - php7.0 7.0.15-1
        - php5 <removed>
        NOTE: PHP Bug: http://bugs.php.net/73768
        NOTE: Fixed in 5.6.30, 7.0.15, 7.1.1
-CVE-2016-10159 [Crash while loading hostile phar archive]
+CVE-2016-10159 (Integer overflow in the phar_parse_pharfile function in ...)
        - php7.1 <unfixed>
        - php7.0 7.0.15-1
        - php5 <removed>
        NOTE: PHP Bug: http://bugs.php.net/73764
        NOTE: Fixed in 5.6.30, 7.0.15, 7.1.1
-CVE-2016-10158 [FPE when parsing a tag format]
+CVE-2016-10158 (The exif_convert_any_to_int function in ext/exif/exif.c in PHP 
before ...)
        - php7.1 <unfixed>
        - php7.0 7.0.15-1
        - php5 <removed>
@@ -360,8 +382,7 @@
        RESERVED
 CVE-2017-5496
        RESERVED
-CVE-2017-5495 [Telnet interface input buffer allocates unbounded amounts of 
memory]
-       RESERVED
+CVE-2017-5495 (All versions of Quagga, 0.93 through 1.1.0, are vulnerable to 
an ...)
        - quagga <unfixed> (bug #852454)
        [jessie] - quagga <no-dsa> (Minor issue)
        NOTE: http://savannah.nongnu.org/forum/forum.php?forum_id=8783
@@ -681,10 +702,10 @@
        - firefox-esr 45.7.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5373
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5373
-CVE-2017-5372
-       RESERVED
-CVE-2017-5371
-       RESERVED
+CVE-2017-5372 (The function msp (aka MSPRuntimeInterface) in the P4 SERVERCORE 
...)
+       TODO: check
+CVE-2017-5371 (Odata Server in SAP Adaptive Server Enterprise (ASE) 16 allows 
remote ...)
+       TODO: check
 CVE-2017-5370
        RESERVED
 CVE-2017-5369
@@ -1286,8 +1307,8 @@
        RESERVED
 CVE-2017-5183
        RESERVED
-CVE-2017-5182
-       RESERVED
+CVE-2017-5182 (Remote Manager in Open Enterprise Server (OES) allows 
unauthenticated ...)
+       TODO: check
 CVE-2017-5181
        RESERVED
 CVE-2017-5196 [Out of bounds read in certain incomplete character sequences]
@@ -4142,7 +4163,7 @@
        NOTE: 
http://legalhackers.com/advisories/ZendFramework-Exploit-ZendMail-Remote-Code-Exec-CVE-2016-10034-Vuln.html
 CVE-2014-9914
        RESERVED
-CVE-2016-10045 (The isMail transport in PHPMailer before 5.2.20, when the 
Sender ...)
+CVE-2016-10045 (The isMail transport in PHPMailer before 5.2.20 might allow 
remote ...)
        - libphp-phpmailer <not-affected> (Incomplete fix not applied)
        NOTE: 
https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html
 CVE-2016-10033 (The mailSend function in the isMail transport in PHPMailer 
before ...)
@@ -6917,12 +6938,12 @@
        RESERVED
 CVE-2017-2973
        RESERVED
-CVE-2017-2972
-       RESERVED
-CVE-2017-2971
-       RESERVED
-CVE-2017-2970
-       RESERVED
+CVE-2017-2972 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 
15.006.30244 ...)
+       TODO: check
+CVE-2017-2971 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 
15.006.30244 ...)
+       TODO: check
+CVE-2017-2970 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 
15.006.30244 ...)
+       TODO: check
 CVE-2017-2969
        RESERVED
 CVE-2017-2968
@@ -7003,8 +7024,8 @@
        NOT-FOR-US: Adobe Flash
 CVE-2017-2930 (Adobe Flash Player versions 24.0.0.186 and earlier have an 
exploitable ...)
        NOT-FOR-US: Adobe Flash
-CVE-2017-2929
-       RESERVED
+CVE-2017-2929 (Adobe Acrobat Chrome extension version 15.1.0.3 and earlier 
have a ...)
+       TODO: check
 CVE-2017-2928 (Adobe Flash Player versions 24.0.0.186 and earlier have an 
exploitable ...)
        NOT-FOR-US: Adobe Flash
 CVE-2017-2927 (Adobe Flash Player versions 24.0.0.186 and earlier have an 
exploitable ...)
@@ -13790,13 +13811,11 @@
        RESERVED
 CVE-2016-9402
        RESERVED
-CVE-2016-9386 [x86 null segments not always treated as unusable]
-       RESERVED
+CVE-2016-9386 (The x86 emulator in Xen does not properly treat x86 NULL 
segments as ...)
        {DSA-3729-1 DLA-720-1}
        - xen 4.8.0-1 (bug #845663)
        NOTE: https://xenbits.xen.org/xsa/advisory-191.html
-CVE-2016-9385 [x86 segment base write emulation lacking canonical address 
checks]
-       RESERVED
+CVE-2016-9385 (The x86 segment base write emulation functionality in Xen 4.4.x 
...)
        {DSA-3729-1}
        - xen 4.8.0-1 (bug #845665)
        [wheezy] - xen <not-affected> (Only affects Xen >= 4.4)
@@ -13807,29 +13826,24 @@
        [jessie] - xen <not-affected> (Only affects Xen >= 4.7)
        [wheezy] - xen <not-affected> (Only affects Xen >= 4.7)
        NOTE: https://xenbits.xen.org/xsa/advisory-194.html
-CVE-2016-9383 [x86 64-bit bit test instruction emulation broken]
-       RESERVED
+CVE-2016-9383 (Xen, when running on a 64-bit hypervisor, allows local x86 
guest OS ...)
        {DSA-3729-1 DLA-720-1}
        - xen 4.8.0-1 (bug #845668)
        NOTE: https://xenbits.xen.org/xsa/advisory-195.html
-CVE-2016-9382 [x86 task switch to VM86 mode mis-handled]
-       RESERVED
+CVE-2016-9382 (Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 
mode, ...)
        {DSA-3729-1 DLA-720-1}
        - xen 4.8.0-1 (bug #845664)
        NOTE: https://xenbits.xen.org/xsa/advisory-192.html
-CVE-2016-9381 [qemu incautious about shared ring processing]
-       RESERVED
+CVE-2016-9381 (Race condition in QEMU in Xen allows local x86 HVM guest OS ...)
        {DLA-720-1}
        - xen 4.4.0-1
        NOTE: Xen switched to qemu-system in 4.4.0-1
        NOTE: https://xenbits.xen.org/xsa/advisory-197.html
-CVE-2016-9380 [delimiter injection vulnerabilities in pygrub]
-       RESERVED
+CVE-2016-9380 (The pygrub boot loader emulator in Xen, when nul-delimited 
output ...)
        {DSA-3729-1 DLA-720-1}
        - xen 4.8.0-1 (bug #845670)
        NOTE: https://xenbits.xen.org/xsa/advisory-198.html
-CVE-2016-9379 [delimiter injection vulnerabilities in pygrub]
-       RESERVED
+CVE-2016-9379 (The pygrub boot loader emulator in Xen, when S-expression 
output ...)
        {DSA-3729-1 DLA-720-1}
        - xen 4.8.0-1 (bug #845670)
        NOTE: https://xenbits.xen.org/xsa/advisory-198.html
@@ -13959,16 +13973,14 @@
        NOTE: TIFFReadDirectory: Warning, Unknown field with tag 3 (0x3) 
encountered.
        NOTE: TIFFReadDirectory: IO error during reading of "BitsPerSample".
        NOTE: tiff2pdf: Can't open input file ./CVE-2016-9453.tiff for reading.
-CVE-2016-9446 [gstreamer 0.10 VMNC code execution #2]
-       RESERVED
+CVE-2016-9446 (The vmnc decoder in the gstreamer does not initialize the 
render ...)
        {DSA-3717-1 DLA-712-1}
        - gst-plugins-bad0.10 <removed>
        - gst-plugins-bad1.0 1.10.1-1
        NOTE: 
http://scarybeastsecurity.blogspot.de/2016/11/0day-poc-risky-design-decisions-in.html
        NOTE: Upstream Bug: https://bugzilla.gnome.org/show_bug.cgi?id=774533
        NOTE: Fixed by: 
https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/?id=4cb1bcf1422bbcd79c0f683edb7ee85e3f7a31fe
-CVE-2016-9445 [gstreamer 0.10 VMNC code execution]
-       RESERVED
+CVE-2016-9445 (Integer overflow in the vmnc decoder in the gstreamer allows 
remote ...)
        {DSA-3717-1 DLA-712-1}
        - gst-plugins-bad0.10 <removed>
        - gst-plugins-bad1.0 1.10.1-1
@@ -14112,8 +14124,7 @@
        [jessie] - w3m 0.5.3-19+deb8u1
        [wheezy] - w3m <no-dsa> (Minor issue)
        NOTE: https://github.com/tats/w3m/issues/8
-CVE-2016-9401 [popd controlled free]
-       RESERVED
+CVE-2016-9401 (popd in bash might allow local users to bypass the restricted 
shell ...)
        - bash 4.4-3 (bug #844727)
        [jessie] - bash <no-dsa> (Minor issue)
        [wheezy] - bash <no-dsa> (Minor issue)
@@ -14359,8 +14370,7 @@
        RESERVED
 CVE-2016-9263
        RESERVED
-CVE-2016-9447 [gstreamer 0.10 NSF code execution]
-       RESERVED
+CVE-2016-9447 (The ROM mappings in the NSF decoder in gstreamer 0.10.x allow 
remote ...)
        {DSA-3713-1 DLA-712-1}
        - gst-plugins-bad0.10 <removed>
        NOTE: 
http://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-compromising-linux-desktop.html
@@ -14654,14 +14664,12 @@
        NOT-FOR-US: Cisco
 CVE-2016-9192 (A vulnerability in Cisco AnyConnect Secure Mobility Client for 
Windows ...)
        NOT-FOR-US: Cisco
-CVE-2015-8972 [user input buffer overflow]
-       RESERVED
+CVE-2015-8972 (Stack-based buffer overflow in the ValidateMove function in ...)
        - gnuchess 6.2.4-1 (unimportant)
        NOTE: Built with hardening flags, no security impact
        NOTE: 
http://lists.gnu.org/archive/html/bug-gnu-chess/2015-10/msg00002.html
        NOTE: 
http://svn.savannah.gnu.org/viewvc?view=rev&root=chess&revision=134
-CVE-2015-8971 [Escape Sequence Command Execution vulnerability]
-       RESERVED
+CVE-2015-8971 (Terminology 0.7.0 allows remote attackers to execute arbitrary 
...)
        {DSA-3712-1}
        - terminology 0.7.0-2 (bug #843434)
        NOTE: 
https://git.enlightenment.org/apps/terminology.git/commit/?id=b80bedc7c21ecffe99d8d142930db696eebdd6a5
@@ -15035,8 +15043,8 @@
        - gitlab 8.13.3+dfsg1-2 (bug #843519)
        NOTE: https://hackerone.com/reports/178152
        NOTE: https://about.gitlab.com/2016/11/02/cve-2016-9086-patches/
-CVE-2016-9081
-       RESERVED
+CVE-2016-9081 (Joomla! 3.4.4 through 3.6.3 allows attackers to reset username, 
...)
+       TODO: check
 CVE-2016-9080
        RESERVED
        - firefox 50.1.0-1
@@ -15168,7 +15176,7 @@
 CVE-2016-9042
        RESERVED
 CVE-2016-9041
-       RESERVED
+       REJECTED
 CVE-2016-9040
        RESERVED
 CVE-2016-9039
@@ -15271,8 +15279,8 @@
        [wheezy] - python-django <no-dsa> (Minor issue; specific to Oracle)
        NOTE: 
https://www.djangoproject.com/weblog/2016/nov/01/security-releases/
        NOTE: 
https://github.com/django/django/commit/da7910d4834726eca596af0a830762fa5fb2dfd9
-CVE-2016-9012
-       RESERVED
+CVE-2016-9012 (CloudVision Portal (CVP) before 2016.1.2.1 allows remote 
authenticated ...)
+       TODO: check
 CVE-2016-9010
        RESERVED
 CVE-2016-9009
@@ -17732,11 +17740,9 @@
        RESERVED
 CVE-2016-8216
        RESERVED
-CVE-2016-8215
-       RESERVED
+CVE-2016-8215 (EMC RSA Security Analytics 10.5.3 and 10.6.2 contains fixes for 
a ...)
        NOT-FOR-US: RSA Security Analytics
-CVE-2016-8214
-       RESERVED
+CVE-2016-8214 (EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 
versions ...)
        NOT-FOR-US: EMC Avamar
 CVE-2016-8213 (EMC Documentum WebTop Version 6.8, prior to P18 and Version 
6.8.1, ...)
        NOT-FOR-US: EMC Documentum
@@ -19403,8 +19409,8 @@
        - git-hub 0.10.2-2 (bug #839284)
 CVE-2016-7793 (sociomantic-tsunami git-hub before 0.10.3 allows remote 
attackers to ...)
        - git-hub 0.10.2-2 (bug #839284)
-CVE-2016-7792
-       RESERVED
+CVE-2016-7792 (Ubiquiti Networks UniFi 5.2.7 does not restrict access to the 
...)
+       TODO: check
 CVE-2016-7791 (Exponent CMS 2.3.9 suffers from a remote code execution 
vulnerability ...)
        NOT-FOR-US: Exponent CMS
 CVE-2016-7790 (Exponent CMS 2.3.9 suffers from a remote code execution 
vulnerability ...)
@@ -19928,8 +19934,7 @@
        [jessie] - php5 5.6.27+dfsg-0+deb8u1
        NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73003
        NOTE: 
https://github.com/php/php-src/commit/c18263e0e0769faee96a5d0ee04b750c442783c6
-CVE-2016-7567
-       RESERVED
+CVE-2016-7567 (Buffer overflow in the SLPFoldWhiteSpace function in ...)
        - openslp-dfsg <not-affected> (Only affects openslp 2)
        NOTE: 
https://sourceforge.net/p/openslp/mercurial/ci/34fb3aa5e6b4997fa21cb614e480de36da5dbc9a/
 CVE-2016-7566
@@ -20359,8 +20364,7 @@
        NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73052
        NOTE: Fixed in 5.6.26
        NOTE: 
https://github.com/php/php-src/commit/6a7cc8ff85827fa9ac715b3a83c2d9147f33cd43?w=1
-CVE-2016-7410 [Heap buffer overflow in _dwarf_read_loc_section]
-       RESERVED
+CVE-2016-7410 (The _dwarf_read_loc_section function in dwarf_loc.c in libdwarf 
...)
        - dwarfutils 20160923-1 (bug #838019)
        [jessie] - dwarfutils <not-affected> (Vulnerable code introduced in 
later version)
        [wheezy] - dwarfutils <not-affected> (Vulnerable code introduced in 
later version)
@@ -21339,8 +21343,8 @@
        RESERVED
 CVE-2016-7104
        RESERVED
-CVE-2016-7102
-       RESERVED
+CVE-2016-7102 (ownCloud Desktop before 2.2.3 allows local users to execute 
arbitrary ...)
+       TODO: check
 CVE-2016-7101 (The SGI coder in ImageMagick before 7.0.2-10 allows remote 
attackers ...)
        {DLA-731-1}
        - imagemagick 8:6.9.6.2+dfsg-2 (bug #836776)
@@ -21601,10 +21605,10 @@
        NOTE: Intorduced by: 
https://git.kernel.org/linus/66e5133f19e901a044fa5eaeeb6ecff4545839e5 (v4.2-rc1)
 CVE-2016-7038 (In Moodle 2.x and 3.x, web service tokens are not invalidated 
when the ...)
        - moodle 2.7.16+dfsg-1
-CVE-2016-7037
-       RESERVED
-CVE-2016-7036
-       RESERVED
+CVE-2016-7037 (The verify function in Encryption/Symmetric.php in Malcolm Fell 
jwt ...)
+       TODO: check
+CVE-2016-7036 (python-jose before 1.3.2 allows attackers to have unspecified 
impact ...)
+       TODO: check
 CVE-2016-7035 [improper IPC guarding]
        RESERVED
        - pacemaker 1.1.15-3 (bug #843041)
@@ -21854,8 +21858,7 @@
        NOT-FOR-US: Adobe Flash
 CVE-2016-6921 (Use-after-free vulnerability in Adobe Flash Player before 
18.0.0.375 ...)
        NOT-FOR-US: Adobe Flash
-CVE-2016-6920 [exr file Heap Overflow]
-       RESERVED
+CVE-2016-6920 (Heap-based buffer overflow in the decode_block function in ...)
        - ffmpeg 7:3.1.3-1
        - libav <undetermined>
 CVE-2016-6919
@@ -22560,8 +22563,8 @@
        NOT-FOR-US: Huawei
 CVE-2016-6669 (Buffer overflow in the Authentication, Authorization and 
Accounting ...)
        NOT-FOR-US: Huawei
-CVE-2016-6668
-       RESERVED
+CVE-2016-6668 (The Atlassian Hipchat Integration Plugin for Bitbucket Server 
6.26.0 ...)
+       TODO: check
 CVE-2016-6667
        RESERVED
 CVE-2016-6666
@@ -23117,14 +23120,14 @@
        NOTE: https://bugs.launchpad.net/bugs/1594060
        NOTE: https://github.com/ImageMagick/ImageMagick/pull/223
        NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
-CVE-2016-6603
-       RESERVED
-CVE-2016-6602
-       RESERVED
-CVE-2016-6601
-       RESERVED
-CVE-2016-6600
-       RESERVED
+CVE-2016-6603 (ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers 
to ...)
+       TODO: check
+CVE-2016-6602 (ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation 
algorithm ...)
+       TODO: check
+CVE-2016-6601 (Directory traversal vulnerability in the file download 
functionality ...)
+       TODO: check
+CVE-2016-6600 (Directory traversal vulnerability in the file upload 
functionality in ...)
+       TODO: check
 CVE-2016-6599
        RESERVED
 CVE-2016-6598
@@ -23159,8 +23162,7 @@
        RESERVED
 CVE-2016-6583
        RESERVED
-CVE-2016-6582 [Doorkeeper does not revoke tokens and wrong auth/auth method]
-       RESERVED
+CVE-2016-6582 (The Doorkeeper gem before 4.2.0 for Ruby might allow remote 
attackers ...)
        - ruby-doorkeeper 4.2.0-3 (bug #834843)
        NOTE: 
https://github.com/doorkeeper-gem/doorkeeper/commit/fb938051777a3c9cb071e96fc66458f8f615bd53
        NOTE: https://github.com/doorkeeper-gem/doorkeeper/issues/875
@@ -23294,8 +23296,8 @@
        - manila-ui 2.5.1-0 (bug #838017)
 CVE-2016-6518 (Memory leak in Huawei S9300, S5300, S5700, S6700, S7700, S9700, 
and ...)
        NOT-FOR-US: Huawei
-CVE-2016-6517
-       RESERVED
+CVE-2016-6517 (Directory traversal vulnerability in Liferay 5.1.0 allows 
remote ...)
+       TODO: check
 CVE-2016-6515 (The auth_password function in auth-passwd.c in sshd in OpenSSH 
before ...)
        {DLA-594-1}
        - openssh 1:7.3p1-1 (bug #833823)
@@ -23328,8 +23330,7 @@
 CVE-2016-6522
        RESERVED
        NOT-FOR-US: OpenBSD
-CVE-2016-6521
-       RESERVED
+CVE-2016-6521 (Cross-site request forgery (CSRF) vulnerability in Grails 
console (aka ...)
        - grails <itp> (bug #473213)
 CVE-2016-6520 (Buffer overflow in MagickCore/enhance.c in ImageMagick before 
7.0.2-7 ...)
        - imagemagick <not-affected> (Only affects imagemagick 7, which isn't 
packaged yet, bug #833485)
@@ -23384,8 +23385,8 @@
        NOTE: but not a vulnerability in GnuTLS. Needs 
https://gitlab.com/gnutls/gnutls/commit/186dc9c2012003587a38d7f4d03edd8da5fe989f
 CVE-2016-6485
        RESERVED
-CVE-2016-6484
-       RESERVED
+CVE-2016-6484 (CRLF injection vulnerability in Infoblox Network Automation 
NetMRI ...)
+       TODO: check
 CVE-2016-6513 (epan/dissectors/packet-wbxml.c in the WBXML dissector in 
Wireshark 2.x ...)
        - wireshark 2.0.5+ga3be9c6-1
        [jessie] - wireshark <not-affected> (Only affects 2.x)
@@ -24723,8 +24724,7 @@
        NOTE: 
https://github.com/libgd/libgd/commit/10ef1dca63d62433fda13309b4a228782db823f7
        NOTE: Different issue than CVE-2016-6132
        NOTE: http://www.openwall.com/lists/oss-security/2016/07/13/5
-CVE-2016-6223 [tiff: information leak in libtiff/tif_read.c]
-       RESERVED
+CVE-2016-6223 (The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in 
tif_read.c in ...)
        {DSA-3762-1 DLA-693-1 DLA-610-1}
        - tiff 4.0.6-2 (bug #842270)
        - tiff3 <removed>
@@ -24838,8 +24838,8 @@
        RESERVED
 CVE-2016-6165
        RESERVED
-CVE-2016-6164
-       RESERVED
+CVE-2016-6164 (Integer overflow in the mov_build_index function in 
libavformat/mov.c ...)
+       TODO: check
 CVE-2016-1000101
        REJECTED
 CVE-2016-1000100
@@ -24953,8 +24953,7 @@
 CVE-2016-1000007 (Pagure 2.2.1 XSS in raw file endpoint ...)
        - pagure <itp> (bug #829046)
        NOTE: 
https://pagure.io/pagure/c/070d63983fe5daef92005ea33d3b8c693c224c77
-CVE-2016-6160 [segfault upon huge frames, missing size check]
-       RESERVED
+CVE-2016-6160 (tcprewrite in tcpreplay before 4.1.2 allows remote attackers to 
cause ...)
        {DLA-544-1}
        - tcpreplay 3.4.4-3 (bug #829350)
        [jessie] - tcpreplay 3.4.4-2+deb8u1
@@ -25521,8 +25520,8 @@
        [wheezy] - php5 <not-affected> (Vulnerable code not present)
        NOTE: PHP bug: https://bugs.php.net/bug.php?id=72494
        NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
-CVE-2016-5876
-       RESERVED
+CVE-2016-5876 (ownCloud server before 8.2.6 and 9.x before 9.0.3, when the 
gallery ...)
+       TODO: check
 CVE-2016-5875 [tiff: heap-based buffer overflow when using the PixarLog 
compression format]
        RESERVED
        {DSA-3762-1 DLA-610-1 DLA-606-1}
@@ -25581,8 +25580,7 @@
        TODO: check
 CVE-2016-5850 (Cross-site scripting (XSS) vulnerability in the volume backup 
service ...)
        NOT-FOR-US: Huawei
-CVE-2016-5873
-       RESERVED
+CVE-2016-5873 (Buffer overflow in the HTTP URL parsing functions in pecl_http 
before ...)
        - php-pecl-http 3.0.1-0.1
        [jessie] - php-pecl-http <not-affected> (Vulnerable code not present)
        NOTE: https://bugs.php.net/bug.php?id=71719
@@ -26070,8 +26068,7 @@
 CVE-2016-5730 (phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 
4.6.x ...)
        - phpmyadmin 4:4.6.3-1 (unimportant)
        NOTE: path disclosure irrelevant in Debian
-CVE-2016-5742 [SQL injection in MovableType xml-rpc interface]
-       RESERVED
+CVE-2016-5742 (SQL injection vulnerability in the XML-RPC interface in Movable 
Type ...)
        {DLA-532-1}
        - movabletype-opensource <removed>
        NOTE: 
https://movabletype.org/news/2016/06/movable_type_626_and_613_released.html
@@ -26107,8 +26104,8 @@
        NOT-FOR-US: OceanStor
 CVE-2016-5721 (Multiple cross-site scripting (XSS) vulnerabilities in Zimbra 
...)
        NOT-FOR-US: Zimbra
-CVE-2016-5720
-       RESERVED
+CVE-2016-5720 (Multiple untrusted search path vulnerabilities in Microsoft 
Skype ...)
+       TODO: check
 CVE-2016-5719
        RESERVED
 CVE-2016-5718
@@ -26163,8 +26160,7 @@
        NOT-FOR-US: F5 BIG-IP
 CVE-2016-5698
        RESERVED
-CVE-2016-5697 [signature wrapping attack vulnerability]
-       RESERVED
+CVE-2016-5697 (Ruby-saml before 1.3.0 allows attackers to perform XML 
signature ...)
        - ruby-saml 1.3.0-1 (bug #828076)
        NOTE: 
https://github.com/onelogin/ruby-saml/commit/a571f52171e6bfd87db59822d1d9e8c38fb3b995
 CVE-2016-5695
@@ -27940,8 +27936,8 @@
        - graphicsmagick 1.3.24-1
        NOTE: Fixed by: 
http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/ddc999ec896c
        NOTE: DLA-547-1 didn't fix this properly
-CVE-2016-5237
-       RESERVED
+CVE-2016-5237 (Valve Steam 3.42.16.13 uses weak permissions for the files in 
the ...)
+       TODO: check
 CVE-2016-5236
        RESERVED
 CVE-2016-5235
@@ -28749,8 +28745,7 @@
        RESERVED
 CVE-2016-5120
        RESERVED
-CVE-2016-5119
-       RESERVED
+CVE-2016-5119 (The automatic update feature in KeePass 2.33 and earlier allows 
...)
        - keepass2 2.18+dfsg-1
        NOTE: autoupdate dialog disabled in Debian via patch, but basically 
not-affected
 CVE-2016-5113
@@ -29248,8 +29243,7 @@
        NOTE: PHP bug: https://bugs.php.net/bug.php?id=72227
        NOTE: Fixed in 7.0.7, 5.6.22, 5.5.36
        NOTE: http://www.openwall.com/lists/oss-security/2016/05/25/3
-CVE-2016-5091
-       RESERVED
+CVE-2016-5091 (Extbase in TYPO3 4.3.0 before 6.2.24, 7.x before 7.6.8, and 
8.1.1 ...)
        - typo3-src <removed>
        [wheezy] - typo3-src <end-of-life> (Not supported in Wheezy LTS)
 CVE-2016-5044
@@ -29844,8 +29838,8 @@
        RESERVED
 CVE-2016-4795
        RESERVED
-CVE-2016-4793
-       RESERVED
+CVE-2016-4793 (The clientIp function in CakePHP 3.2.4 and earlier allows 
remote ...)
+       TODO: check
 CVE-2016-4792 (Pulse Connect Secure (PCS) 8.2 before 8.2r1 allows remote 
attackers to ...)
        NOT-FOR-US: Pulse Connect Secure
 CVE-2016-4791 (The administrative user interface in Pulse Connect Secure (PCS) 
8.2 ...)
@@ -30767,8 +30761,7 @@
        {DSA-3607-1 DLA-516-1}
        - linux 4.5.4-1
        NOTE: 
https://git.kernel.org/linus/b8670c09f37bdf2847cc44f36511a53afc6161fd
-CVE-2016-4484
-       RESERVED
+CVE-2016-4484 (The Debian initrd script for the cryptsetup package 2:1.7.3-2 
and ...)
        - cryptsetup 2:1.7.3-2 (unimportant)
        NOTE: 
http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html
        NOTE: Negligable security impact
@@ -31183,8 +31176,7 @@
        RESERVED
 CVE-2016-4339
        RESERVED
-CVE-2016-4338 [zabbix-agent: mysql.size shell command injection]
-       RESERVED
+CVE-2016-4338 (The mysql user parameter configuration script ...)
        - zabbix 1:3.0.3+dfsg-1 (bug #823329)
        [jessie] - zabbix 1:2.2.7+dfsg-2+deb8u1
        NOTE: http://seclists.org/bugtraq/2016/May/11
@@ -31737,8 +31729,7 @@
        NOT-FOR-US: Adobe Reader and Acrobat
 CVE-2016-4088 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat 
Reader DC ...)
        NOT-FOR-US: Adobe Reader and Acrobat
-CVE-2016-4340 [Privilege escalation via "impersonate" feature]
-       RESERVED
+CVE-2016-4340 (The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 
8.5.0 ...)
        - gitlab 8.8.2+dfsg-1 (bug #823290)
        NOTE: https://about.gitlab.com/2016/05/02/cve-2016-4340-patches/
 CVE-2016-4087 (Huawei S12700 switches with software before V200R008C00SPC500 
and ...)
@@ -31853,8 +31844,7 @@
        NOT-FOR-US: Huawei FusionCompute
 CVE-2016-6479
        REJECTED
-CVE-2016-4055
-       RESERVED
+CVE-2016-4055 (The duration function in the moment package before 2.11.2 for 
Node.js ...)
        - node-moment <unfixed> (unimportant)
        NOTE: nodejs not covered by security support
 CVE-2016-4050
@@ -31872,43 +31862,38 @@
        TODO: check
 CVE-2016-4045 (An issue was discovered in Open-Xchange OX App Suite before ...)
        TODO: check
-CVE-2015-8862
-       RESERVED
+CVE-2015-8862 (mustache package before 2.2.1 for Node.js allows remote 
attackers to ...)
        - mustache.js <unfixed> (unimportant)
        NOTE: node-handlebars only in experimental for now, fixed in 4.0.0
        NOTE: libv8 is not covered by security support
-CVE-2015-8861
-       RESERVED
+CVE-2015-8861 (The handlebars package before 4.0.0 for Node.js allows remote 
...)
        - mustache.js <unfixed> (unimportant)
        NOTE: node-handlebars only in experimental for now, fixed in 4.0.0
        NOTE: libv8 is not covered by security support
-CVE-2015-8860
-       RESERVED
+CVE-2015-8860 (The tar package before 2.0.0 for Node.js allows remote 
attackers to ...)
        - node-tar <unfixed> (unimportant)
        NOTE: libv8 is not covered by security support
-CVE-2015-8859
-       RESERVED
-CVE-2015-8858
-       RESERVED
+CVE-2015-8859 (The send package before 0.11.1 for Node.js allows attackers to 
obtain ...)
+       TODO: check
+CVE-2015-8858 (The uglify-js package before 2.6.0 for Node.js allows attackers 
to ...)
        - uglifyjs <unfixed> (unimportant)
        NOTE: libv8 is not covered by security support
        NOTE: https://nodesecurity.io/advisories/48
-CVE-2015-8854 [marked: regular expression denial of service]
-       RESERVED
+CVE-2015-8854 (The marked package before 0.3.4 for Node.js allows attackers to 
cause ...)
        - node-marked <unfixed> (unimportant)
        NOTE: https://nodesecurity.io/advisories/marked_redos
        NOTE: https://github.com/chjj/marked/issues/497
        NOTE: libv8 is not covered by security support
-CVE-2014-9772
-       RESERVED
-CVE-2013-7454
-       RESERVED
-CVE-2013-7453
-       RESERVED
-CVE-2013-7452
-       RESERVED
-CVE-2013-7451
-       RESERVED
+CVE-2014-9772 (The validator package before 2.0.0 for Node.js allows remote 
attackers ...)
+       TODO: check
+CVE-2013-7454 (The validator module before 1.1.0 for Node.js allows remote 
attackers ...)
+       TODO: check
+CVE-2013-7453 (The validator module before 1.1.0 for Node.js allows remote 
attackers ...)
+       TODO: check
+CVE-2013-7452 (The validator module before 1.1.0 for Node.js allows remote 
attackers ...)
+       TODO: check
+CVE-2013-7451 (The validator module before 1.1.0 for Node.js allows remote 
attackers ...)
+       TODO: check
 CVE-2015-8866 (ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 
5.6.6, when ...)
        {DLA-499-1}
        - php5 5.6.6+dfsg-1
@@ -31928,8 +31913,7 @@
        NOTE: 
http://git.php.net/?p=php-src.git;a=commit;h=16023f3e3b9c06cf677c3c980e8d574e4c162827
        NOTE: Fixed in 7.0.0, 5.6.12, 5.5.28, 5.5.44
        NOTE: http://www.openwall.com/lists/oss-security/2016/04/21/8
-CVE-2016-4056
-       RESERVED
+CVE-2016-4056 (Cross-site scripting (XSS) vulnerability in the Backend 
component in ...)
        - typo3-src <removed>
        [wheezy] - typo3-src <end-of-life> (See DSA 3314)
 CVE-2016-4054 (Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 
allows ...)
@@ -32081,8 +32065,7 @@
        RESERVED
 CVE-2016-4011
        RESERVED
-CVE-2016-4010
-       RESERVED
+CVE-2016-4010 (Magento CE and EE before 2.0.6 allows remote attackers to 
conduct PHP ...)
        NOT-FOR-US: Magento
        NOTE: https://magento.com/security/patches/magento-206-security-update
        NOTE: 
http://www.netanelrub.in/2016/05/17/magento-unauthenticated-remote-code-execution/
@@ -34328,8 +34311,7 @@
        - torbrowser-launcher 0.2.4-1
        [jessie] - torbrowser-launcher 0.1.9-1+deb8u3
        NOTE: https://github.com/micahflee/torbrowser-launcher/issues/229
-CVE-2016-3177 [gifcolor: use-after-free in EGifCloseFile]
-       RESERVED
+CVE-2016-3177 (Multiple use-after-free and double-free vulnerabilities in 
gifcolor.c ...)
        - giflib <unfixed> (unimportant)
        NOTE: https://sourceforge.net/p/giflib/bugs/83/
        NOTE: Issue only in gifcolor utility, not installed into giflib-tools
@@ -34405,8 +34387,8 @@
        TODO: check
 CVE-2016-3148
        RESERVED
-CVE-2016-3147
-       RESERVED
+CVE-2016-3147 (Buffer overflow in the collector.exe listener of the Landesk 
...)
+       TODO: check
 CVE-2016-3146
        RESERVED
 CVE-2016-3145 (Lexmark printers with firmware ATL before ATL.021.063, CB 
before ...)
@@ -35683,8 +35665,8 @@
        NOTE: 
https://lists.gnu.org/archive/html/qemu-stable/2016-01/msg00060.html
        NOTE: 
http://git.qemu.org/?p=qemu.git;a=commit;h=23820dbfc79d1c9dce090b4c555994f2bb6a69b3
 (v2.4.0-rc0)
        TODO: check again after the CVE id split
-CVE-2016-2783
-       RESERVED
+CVE-2016-2783 (Avaya Fabric Connect Virtual Services Platform (VSP) Operating 
System ...)
+       TODO: check
 CVE-2016-2780 (Untrusted search path vulnerability in Huawei UTPS before ...)
        NOT-FOR-US: Huawei UTPS
 CVE-2016-2778
@@ -36827,8 +36809,7 @@
        NOT-FOR-US: SAP
 CVE-2016-2386 (SQL injection vulnerability in the UDDI server in SAP NetWeaver 
J2EE ...)
        NOT-FOR-US: SAP
-CVE-2015-8857 [incorrect handling of non-boolean comparisons during 
minification]
-       RESERVED
+CVE-2015-8857 (The uglify-js package before 2.4.24 for Node.js does not 
properly ...)
        - uglifyjs <unfixed> (unimportant)
        NOTE: fixed in 2.4.24
        NOTE: https://zyan.scripts.mit.edu/blog/backdooring-js/
@@ -37481,8 +37462,8 @@
        NOTE: https://bugs.exim.org/show_bug.cgi?id=1780
        NOTE: Possibly introduced after 
http://vcs.pcre.org/pcre?view=revision&revision=1266
        NOTE: Fixed by: http://vcs.pcre.org/pcre?view=revision&revision=1638 
(8.39)
-CVE-2016-2242
-       RESERVED
+CVE-2016-2242 (Exponent CMS 2.x before 2.3.7 Patch 3 allows remote attackers 
to ...)
+       TODO: check
 CVE-2016-2241
        RESERVED
 CVE-2016-2240
@@ -39019,8 +39000,7 @@
        [jessie] - imagemagick 8:6.8.9.9-5+deb8u1
        [wheezy] - imagemagick 8:6.7.7.10-5+deb7u4
        NOTE: CVE Request: 
http://www.openwall.com/lists/oss-security/2016/02/22/4
-CVE-2016-1925 [Improper handling of length parameter inconsitency]
-       RESERVED
+CVE-2016-1925 (Integer underflow in header.c in lha allows remote attackers to 
have ...)
        - lha <removed> (unimportant)
        NOTE: Non-free not supported
 CVE-2016-1924 (The opj_tgt_reset function in OpenJpeg 2016.1.18 allows remote 
...)
@@ -40625,8 +40605,8 @@
        TODO: check
 CVE-2016-1418 (Cisco Aironet Access Point Software 8.2(100.0) on 1830e, 1830i, 
1850e, ...)
        TODO: check
-CVE-2016-1417
-       RESERVED
+CVE-2016-1417 (Untrusted search path vulnerability in Snort 2.9.7.0-WIN32 
allows ...)
+       TODO: check
 CVE-2016-1416 (Cisco Prime Collaboration Provisioning 10.6 SP2 (aka 
10.6.0.10602) ...)
        NOT-FOR-US: Cisco Prime
 CVE-2016-1415 (Cisco WebEx Meetings Player T29.10, when WRF file support is 
enabled, ...)
@@ -40966,8 +40946,8 @@
        NOTE: http://www.openwall.com/lists/oss-security/2016/01/04/8
 CVE-2016-1282
        RESERVED
-CVE-2016-1281
-       RESERVED
+CVE-2016-1281 (Untrusted search path vulnerability in the installer for 
TrueCrypt 7.2 ...)
+       TODO: check
 CVE-2015-8742 (The dissect_CPMSetBindings function in 
epan/dissectors/packet-mswsp.c ...)
        - wireshark 2.0.1+g59ea380-1
        [jessie] - wireshark <not-affected> (Only affects 2.x)
@@ -42907,8 +42887,8 @@
        NOTE: https://www.samba.org/samba/security/CVE-2016-0771.html
 CVE-2016-0770
        RESERVED
-CVE-2016-0769
-       RESERVED
+CVE-2016-0769 (Multiple SQL injection vulnerabilities in eshop-orders.php in 
the ...)
+       TODO: check
 CVE-2016-0768
        RESERVED
 CVE-2016-0767
@@ -42919,8 +42899,8 @@
        - postgresql-9.4 <unfixed>
        - postgresql-9.1 <removed>
        [jessie] - postgresql-9.1 <not-affected> (postgresql-9.1 in jessie only 
provides PL/Perl)
-CVE-2016-0765
-       RESERVED
+CVE-2016-0765 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+       TODO: check
 CVE-2016-0764 [Race conditions that could disclose connection secrets to 
authenticated local users]
        RESERVED
        - network-manager 1.1.91-1 (bug #820354)
@@ -45812,8 +45792,7 @@
        TODO: check
 CVE-2015-8318 (Heap-based buffer overflow in the HIFI driver in Huawei P8 
smartphones ...)
        TODO: check
-CVE-2015-8315
-       RESERVED
+CVE-2015-8315 (The ms package before 0.7.1 for Node.js allows attackers to 
cause a ...)
        NOT-FOR-US: ms for Node.js
 CVE-2015-8314
        RESERVED
@@ -46610,9 +46589,9 @@
        NOTE: 
https://sources.debian.net/src/salt/2014.1.13%2Bds-3/salt/utils/verify.py/#L207
        NOTE: 
https://github.com/cachedout/salt/commit/097838ec0c52b1e96f7f761e5fb3cd7e79808741
        NOTE: https://github.com/saltstack/salt/issues/28455
-CVE-2014-9755 (The hardware VPN client in Viprinet MultichannelVPN Router 300 
verison ...)
+CVE-2014-9755 (The hardware VPN client in Viprinet MultichannelVPN Router 300 
version ...)
        TODO: check
-CVE-2014-9754 (The hardware VPN client in Viprinet MultichannelVPN Router 300 
verison ...)
+CVE-2014-9754 (The hardware VPN client in Viprinet MultichannelVPN Router 300 
version ...)
        TODO: check
 CVE-2015-8075
        REJECTED
@@ -47569,8 +47548,8 @@
        - mariadb-10.0 10.0.22-1
        [jessie] - mariadb-10.0 10.0.22-0+deb8u1
        NOTE: 
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
-CVE-2015-7743
-       RESERVED
+CVE-2015-7743 (XML external entity vulnerability in PRTG Network Monitor 
before ...)
+       TODO: check
 CVE-2015-7742
        RESERVED
 CVE-2015-7741
@@ -56364,8 +56343,8 @@
        - limesurvey <itp> (bug #472802)
 CVE-2015-4627
        RESERVED
-CVE-2015-4626
-       RESERVED
+CVE-2015-4626 (B.A.S C2Box before 4.0.0 (r19171) relies on client-side 
validation, ...)
+       TODO: check
 CVE-2015-4624
        RESERVED
 CVE-2015-4623
@@ -61525,8 +61504,7 @@
        - ownclound-contacts <itp> (bug #779055)
        NOTE: owncloud-contacts fixed in 0.3.0.18+8.0.0+dfsg-1
        NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-001
-CVE-2015-8855 [Regular Expression Denial of Service]
-       RESERVED
+CVE-2015-8855 (The semver package before 4.3.2 for Node.js allows attackers to 
cause ...)
        - node-semver <unfixed> (unimportant)
        NOTE: https://nodesecurity.io/advisories/semver_redos
        NOTE: https://github.com/npm/npm/releases/tag/v2.7.5
@@ -63296,8 +63274,7 @@
 CVE-2015-2310 [Integer overflow in pointer validation]
        RESERVED
        - capnproto 0.4.1-3 (bug #780565)
-CVE-2015-8856 [XSS via filename]
-       RESERVED
+CVE-2015-8856 (Cross-site scripting (XSS) vulnerability in the serve-index 
package ...)
        - node-serve-index <unfixed> (unimportant)
        NOTE: libv8 is not covered by security support
        NOTE: https://nodesecurity.io/advisories/serve-static-xss
@@ -74123,8 +74100,7 @@
        NOT-FOR-US: WordPress plugin wpSS
 CVE-2014-8363 (SQL injection vulnerability in ss_handler.php in the WordPress 
...)
        NOT-FOR-US: WordPress plugin wpSS
-CVE-2014-8362
-       RESERVED
+CVE-2014-8362 (Vivint Sky Control Panel 1.1.1.9926 allows remote attackers to 
enable ...)
        NOT-FOR-US: Vivint Sky Control Panel
 CVE-2014-8361 (The miniigd SOAP service in Realtek SDK allows remote attackers 
to ...)
        NOT-FOR-US: Realtek SDK
@@ -90412,7 +90388,7 @@
        - owncloud 6.0.2+dfsg-1
 CVE-2014-2046 (cgi-bin/rpcBridge in the web interface 1.1 on Broadcom Ltd PIPA 
C211 ...)
        NOT-FOR-US: Broadcom Ltd PIPA C211
-CVE-2014-2045 (Multiple cross-site scripting (XSS) vulnerabilities in the 
'old' and ...)
+CVE-2014-2045 (Multiple cross-site scripting (XSS) vulnerabilities in the old 
and new ...)
        TODO: check
 CVE-2014-2044 (Incomplete blacklist vulnerability in ajax/upload.php in 
ownCloud ...)
        - owncloud <not-affected> (Windows-specific)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to