Author: sectracker Date: 2017-02-01 21:10:19 +0000 (Wed, 01 Feb 2017) New Revision: 48654
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-02-01 18:44:16 UTC (rev 48653) +++ data/CVE/list 2017-02-01 21:10:19 UTC (rev 48654) @@ -1,3 +1,17 @@ +CVE-2017-5675 + RESERVED +CVE-2017-5674 + RESERVED +CVE-2017-5673 + RESERVED +CVE-2017-5672 + RESERVED +CVE-2017-5671 + RESERVED +CVE-2017-5670 + RESERVED +CVE-2017-5669 + RESERVED CVE-2017-5666 [invalid free in free_options (options_manager.c)] RESERVED - mp3splt <unfixed> @@ -226,17 +240,17 @@ CVE-2017-5598 (An issue was discovered in eClinicalWorks healow@work 8.0 build 8. This ...) NOT-FOR-US: eClinicalWorks CVE-2017-5612 (Cross-site scripting (XSS) vulnerability in ...) - {DLA-813-1} + {DSA-3779-1 DLA-813-1} - wordpress 4.7.2+dfsg-1 (bug #852767) NOTE: https://github.com/WordPress/WordPress/commit/4482f9207027de8f36630737ae085110896ea849 NOTE: http://www.openwall.com/lists/oss-security/2017/01/27/2 CVE-2017-5611 (SQL injection vulnerability in wp-includes/class-wp-query.php in ...) - {DLA-813-1} + {DSA-3779-1 DLA-813-1} - wordpress 4.7.2+dfsg-1 (bug #852767) NOTE: https://github.com/WordPress/WordPress/commit/85384297a60900004e27e417eac56d24267054cb NOTE: http://www.openwall.com/lists/oss-security/2017/01/27/2 CVE-2017-5610 (wp-admin/includes/class-wp-press-this.php in Press This in WordPress ...) - {DLA-813-1} + {DSA-3779-1 DLA-813-1} - wordpress 4.7.2+dfsg-1 (bug #852767) NOTE: https://github.com/WordPress/WordPress/commit/21264a31e0849e6ff793a06a17de877dd88ea454 NOTE: http://www.openwall.com/lists/oss-security/2017/01/27/2 @@ -254,8 +268,7 @@ RESERVED CVE-2017-5589 RESERVED -CVE-2016-10173 [directory traversal vulnerability] - RESERVED +CVE-2016-10173 (Directory traversal vulnerability in the minitar before 0.6 and ...) {DSA-3778-1 DLA-808-1} - ruby-minitar 0.5.4-3.1 (bug #853075) - ruby-archive-tar-minitar <removed> (bug #853249) @@ -373,8 +386,7 @@ - lcms2 2.8-4 (bug #852627) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1367357 NOTE: https://github.com/mm2/Little-CMS/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2 -CVE-2016-10164 [heap overflow] - RESERVED +CVE-2016-10164 (Multiple integer overflows in libXpm before 3.5.12, when a program ...) {DSA-3772-1 DLA-801-1} - libxpm 1:3.5.12-1 NOTE: Fixed by: https://cgit.freedesktop.org/xorg/lib/libXpm/commit/?id=d1167418f0fd02a27f617ec5afd6db053afbe185 @@ -1234,36 +1246,36 @@ NOTE: https://wpvulndb.com/vulnerabilities/8715 NOTE: https://github.com/WordPress/WordPress/commit/daf358983cc1ce0c77bf6d2de2ebbb43df2add60 CVE-2017-5488 (Multiple cross-site scripting (XSS) vulnerabilities in ...) - {DLA-813-1} + {DSA-3779-1 DLA-813-1} - wordpress 4.7.1+dfsg-1 (bug #851310) NOTE: http://www.openwall.com/lists/oss-security/2017/01/14/1 NOTE: https://wpvulndb.com/vulnerabilities/8716 NOTE: https://github.com/WordPress/WordPress/blob/c9ea1de1441bb3bda133bf72d513ca9de66566c2/wp-admin/update-core.php CVE-2017-5489 (Cross-site request forgery (CSRF) vulnerability in WordPress before ...) - {DLA-813-1} + {DSA-3779-1 DLA-813-1} - wordpress 4.7.1+dfsg-1 (bug #851310) NOTE: http://www.openwall.com/lists/oss-security/2017/01/14/1 NOTE: https://wpvulndb.com/vulnerabilities/8717 CVE-2017-5490 (Cross-site scripting (XSS) vulnerability in the theme-name fallback ...) - {DLA-813-1} + {DSA-3779-1 DLA-813-1} - wordpress 4.7.1+dfsg-1 (bug #851310) NOTE: http://www.openwall.com/lists/oss-security/2017/01/14/1 NOTE: https://wpvulndb.com/vulnerabilities/8718 NOTE: https://github.com/WordPress/WordPress/commit/ce7fb2934dd111e6353784852de8aea2a938b359 CVE-2017-5491 (wp-mail.php in WordPress before 4.7.1 might allow remote attackers to ...) - {DLA-813-1} + {DSA-3779-1 DLA-813-1} - wordpress 4.7.1+dfsg-1 (bug #851310) NOTE: http://www.openwall.com/lists/oss-security/2017/01/14/1 NOTE: https://wpvulndb.com/vulnerabilities/8719 NOTE: https://github.com/WordPress/WordPress/commit/061e8788814ac87706d8b95688df276fe3c8596a CVE-2017-5492 (Cross-site request forgery (CSRF) vulnerability in the widget-editing ...) - {DLA-813-1} + {DSA-3779-1 DLA-813-1} - wordpress 4.7.1+dfsg-1 (bug #851310) NOTE: http://www.openwall.com/lists/oss-security/2017/01/14/1 NOTE: https://wpvulndb.com/vulnerabilities/8720 NOTE: https://github.com/WordPress/WordPress/commit/03e5c0314aeffe6b27f4b98fef842bf0fb00c733 CVE-2017-5493 (wp-includes/ms-functions.php in the Multisite WordPress API in ...) - {DLA-813-1} + {DSA-3779-1 DLA-813-1} - wordpress 4.7.1+dfsg-1 (bug #851310) NOTE: http://www.openwall.com/lists/oss-security/2017/01/14/1 NOTE: https://wpvulndb.com/vulnerabilities/8721 @@ -2466,8 +2478,8 @@ NOTE: https://bugs.launchpad.net/shutter/+bug/1652600 CVE-2016-10080 RESERVED -CVE-2016-10079 - RESERVED +CVE-2016-10079 (SAPlpd through 7400.3.11.33 in SAP GUI 7.40 on Windows has a Denial of ...) + TODO: check CVE-2016-10078 RESERVED CVE-2016-10077 @@ -4618,8 +4630,8 @@ NOT-FOR-US: WampServer CVE-2016-10044 RESERVED -CVE-2016-10043 - RESERVED +CVE-2016-10043 (An issue was discovered in Radisys MRF Web Panel (SWMS) 9.0.1. The ...) + TODO: check CVE-2016-10042 RESERVED CVE-2016-10041 (An issue was discovered in Sprecher Automation SPRECON-E Service ...) @@ -4814,8 +4826,8 @@ RESERVED CVE-2017-3824 RESERVED -CVE-2017-3823 - RESERVED +CVE-2017-3823 (An issue was discovered in the Cisco WebEx Extension before 1.0.7 on ...) + TODO: check CVE-2017-3822 RESERVED CVE-2017-3821 @@ -4876,13 +4888,11 @@ NOT-FOR-US: Cisco CVE-2017-3793 RESERVED -CVE-2017-3792 - RESERVED +CVE-2017-3792 (A vulnerability in a proprietary device driver in the kernel of Cisco ...) NOT-FOR-US: Cisco TelePresence -CVE-2017-3791 - RESERVED -CVE-2017-3790 - RESERVED +CVE-2017-3791 (A vulnerability in the web-based GUI of Cisco Prime Home could allow an ...) + TODO: check +CVE-2017-3790 (A vulnerability in the received packet parser of Cisco Expressway ...) NOT-FOR-US: Cisco Expressway CVE-2016-5103 REJECTED @@ -5075,7 +5085,7 @@ NOTE: https://www.openssl.org/news/secadv/20170126.txt CVE-2017-3731 RESERVED - {DSA-3773-1} + {DSA-3773-1 DLA-814-1} - openssl 1.1.0d-1 - openssl1.0 1.0.2k-1 NOTE: https://www.openssl.org/news/secadv/20170126.txt @@ -5155,8 +5165,7 @@ NOT-FOR-US: Samsung CVE-2016-9965 (Lack of appropriate exception handling in some receivers of the Telecom ...) NOT-FOR-US: Samsung -CVE-2016-9962 [insecure opening of file-descriptor allows privilege escalation] - RESERVED +CVE-2016-9962 (Race condition in Docker Engine before 1.12.6 might allow local root ...) - docker.io <unfixed> (bug #850952) - runc 0.1.1+dfsg1-2 (bug #850951) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1012568 @@ -5278,8 +5287,7 @@ - python-bottle 0.12.11-1 (bug #848392) NOTE: Upstream bug: https://github.com/bottlepy/bottle/issues/913 NOTE: Upstream patch: https://github.com/bottlepy/bottle/commit/6d7e13da0f998820800ecb3fe9ccee4189aefb54 -CVE-2016-9963 [disclosure of private information] - RESERVED +CVE-2016-9963 (Exim before 4.87.1 might allow remote attackers to obtain the private ...) {DSA-3747-1 DLA-762-1} - exim4 4.88~RC6-2 NOTE: https://bugs.exim.org/show_bug.cgi?id=1996 @@ -11871,8 +11879,8 @@ RESERVED CVE-2016-9732 RESERVED -CVE-2016-9731 - RESERVED +CVE-2016-9731 (IBM Business Process Manager is vulnerable to cross-site scripting. ...) + TODO: check CVE-2016-9730 RESERVED CVE-2016-9729 @@ -13189,6 +13197,7 @@ RESERVED CVE-2017-0358 RESERVED + {DSA-3780-1} - ntfs-3g 1:2016.2.22AR.1-4 CVE-2017-0357 [heap buffer overflow on -tr loader] RESERVED @@ -14200,46 +14209,46 @@ - tiff <not-affected> (Vulnerable code introduced by fix for CVE-2016-9297) NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2593 NOTE: Regression introduced by previous fix done on 2016-11-11 for CVE-2016-9297 -CVE-2016-9421 - RESERVED -CVE-2016-9420 - RESERVED -CVE-2016-9419 - RESERVED -CVE-2016-9418 - RESERVED -CVE-2016-9417 - RESERVED -CVE-2016-9416 - RESERVED -CVE-2016-9415 - RESERVED -CVE-2016-9414 - RESERVED -CVE-2016-9413 - RESERVED -CVE-2016-9412 - RESERVED -CVE-2016-9411 - RESERVED -CVE-2016-9410 - RESERVED -CVE-2016-9409 - RESERVED -CVE-2016-9408 - RESERVED -CVE-2016-9407 - RESERVED -CVE-2016-9406 - RESERVED -CVE-2016-9405 - RESERVED -CVE-2016-9404 - RESERVED -CVE-2016-9403 - RESERVED -CVE-2016-9402 - RESERVED +CVE-2016-9421 (Cross-site scripting (XSS) vulnerability in the Users module in the ...) + TODO: check +CVE-2016-9420 (MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before ...) + TODO: check +CVE-2016-9419 (Cross-site scripting (XSS) vulnerability in the Admin control panel in ...) + TODO: check +CVE-2016-9418 (MyBB (aka MyBulletinBoard) before 1.8.8 on Windows and MyBB Merge ...) + TODO: check +CVE-2016-9417 (The fetch_remote_file function in MyBB (aka MyBulletinBoard) before ...) + TODO: check +CVE-2016-9416 (SQL injection vulnerability in the users data handler in MyBB (aka ...) + TODO: check +CVE-2016-9415 (MyBB (aka MyBulletinBoard) before 1.8.8 on Windows and MyBB Merge ...) + TODO: check +CVE-2016-9414 (MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before ...) + TODO: check +CVE-2016-9413 (The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and ...) + TODO: check +CVE-2016-9412 (MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before ...) + TODO: check +CVE-2016-9411 (The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and ...) + TODO: check +CVE-2016-9410 (MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before ...) + TODO: check +CVE-2016-9409 (Cross-site scripting (XSS) vulnerability in the Admin control panel in ...) + TODO: check +CVE-2016-9408 (Cross-site scripting (XSS) vulnerability in the Mod control panel in ...) + TODO: check +CVE-2016-9407 (Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) ...) + TODO: check +CVE-2016-9406 (Cross-site scripting (XSS) vulnerability in the User control panel in ...) + TODO: check +CVE-2016-9405 (Cross-site scripting (XSS) vulnerability in member validation in MyBB ...) + TODO: check +CVE-2016-9404 (Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) ...) + TODO: check +CVE-2016-9403 (newreply.php in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge ...) + TODO: check +CVE-2016-9402 (SQL injection vulnerability in the moderation tool in MyBB (aka ...) + TODO: check CVE-2016-9386 (The x86 emulator in Xen does not properly treat x86 NULL segments as ...) {DSA-3729-1 DLA-720-1} - xen 4.8.0-1 (bug #845663) @@ -14374,16 +14383,16 @@ [jessie] - libsoap-lite-perl <no-dsa> (Minor issue) NOTE: https://github.com/redhotpenguin/soaplite/pull/21 NOTE: https://github.com/redhotpenguin/soaplite/commit/6942fe0d281be1c32c5117605f9c4e8d44f51124 -CVE-2015-8977 - RESERVED -CVE-2015-8976 - RESERVED -CVE-2015-8975 - RESERVED -CVE-2015-8974 - RESERVED -CVE-2015-8973 - RESERVED +CVE-2015-8977 (MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and ...) + TODO: check +CVE-2015-8976 (Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) ...) + TODO: check +CVE-2015-8975 (Cross-site scripting (XSS) vulnerability in the error handler in MyBB ...) + TODO: check +CVE-2015-8974 (SQL injection vulnerability in the Group Promotions module in the ...) + TODO: check +CVE-2015-8973 (xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x ...) + TODO: check CVE-2016-9453 (The t2p_readwrite_pdf_image_tile function in LibTIFF allows remote ...) {DSA-3762-1} - tiff 4.0.6-3 @@ -14915,8 +14924,8 @@ NOTE: Can be reproduced with valgrind in jessie with libtiff 4.0.3-12.3+deb8u1 CVE-2016-9261 RESERVED -CVE-2016-9260 - RESERVED +CVE-2016-9260 (Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9 ...) + TODO: check CVE-2016-9259 RESERVED CVE-2017-0305 @@ -15028,8 +15037,7 @@ RESERVED CVE-2016-9226 RESERVED -CVE-2016-9225 - RESERVED +CVE-2016-9225 (A vulnerability in the data plane IP fragment handler of the Cisco ...) NOT-FOR-US: Cisco Adaptive Security Appliance CVE-2016-9224 (A vulnerability in the Cisco Jabber Guest Server could allow an ...) NOT-FOR-US: Cisco @@ -15610,8 +15618,8 @@ REJECTED CVE-2016-9040 RESERVED -CVE-2016-9039 - RESERVED +CVE-2016-9039 (An exploitable denial of service exists in the the Joyent SmartOS ...) + TODO: check CVE-2016-9038 RESERVED CVE-2016-9037 (An exploitable out-of-bounds array access vulnerability exists in the ...) @@ -15770,10 +15778,10 @@ RESERVED CVE-2016-8982 RESERVED -CVE-2016-8981 - RESERVED -CVE-2016-8980 - RESERVED +CVE-2016-8981 (IBM BigFix Inventory v9 allows web pages to be stored locally which ...) + TODO: check +CVE-2016-8980 (IBM BigFix Inventory v9 is vulnerable to a denial of service, caused ...) + TODO: check CVE-2016-8979 RESERVED CVE-2016-8978 @@ -15800,8 +15808,8 @@ RESERVED CVE-2016-8967 RESERVED -CVE-2016-8966 - RESERVED +CVE-2016-8966 (IBM BigFix Inventory v9 could allow a remote attacker to obtain ...) + TODO: check CVE-2016-8965 RESERVED CVE-2016-8964 @@ -15810,8 +15818,8 @@ RESERVED CVE-2016-8962 RESERVED -CVE-2016-8961 - RESERVED +CVE-2016-8961 (IBM BigFix Inventory v9 could allow a remote attacker to conduct ...) + TODO: check CVE-2016-8960 RESERVED CVE-2016-8959 @@ -15846,12 +15854,12 @@ RESERVED CVE-2016-8944 RESERVED -CVE-2016-8943 - RESERVED -CVE-2016-8942 - RESERVED -CVE-2016-8941 - RESERVED +CVE-2016-8943 (IBM Tivoli Storage Productivity Center is vulnerable to cross-site ...) + TODO: check +CVE-2016-8942 (IBM Tivoli Storage Productivity Center could allow an authenticated ...) + TODO: check +CVE-2016-8941 (IBM Tivoli Storage Productivity Center is vulnerable to cross-site ...) + TODO: check CVE-2016-8940 RESERVED CVE-2016-8939 @@ -15860,12 +15868,12 @@ RESERVED CVE-2016-8937 RESERVED -CVE-2016-8936 - RESERVED +CVE-2016-8936 (IBM Social Rendering Templates for Digital Data Connector is ...) + TODO: check CVE-2016-8935 RESERVED -CVE-2016-8934 - RESERVED +CVE-2016-8934 (IBM WebSphere Application Server is vulnerable to cross-site ...) + TODO: check CVE-2016-8933 RESERVED CVE-2016-8932 @@ -15888,16 +15896,16 @@ RESERVED CVE-2016-8923 RESERVED -CVE-2016-8922 - RESERVED -CVE-2016-8921 - RESERVED -CVE-2016-8920 - RESERVED +CVE-2016-8922 (Exphox WebRadar is vulnerable to cross-site scripting. This ...) + TODO: check +CVE-2016-8921 (IBM FileNet WorkPlace XT could allow a remote attacker to upload ...) + TODO: check +CVE-2016-8920 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to ...) + TODO: check CVE-2016-8919 RESERVED -CVE-2016-8918 - RESERVED +CVE-2016-8918 (IBM Integration Bus, under non default configurations, could allow a ...) + TODO: check CVE-2016-8917 RESERVED CVE-2016-8916 @@ -15906,12 +15914,12 @@ RESERVED CVE-2016-8914 RESERVED -CVE-2016-8913 - RESERVED -CVE-2016-8912 - RESERVED -CVE-2016-8911 - RESERVED +CVE-2016-8913 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote ...) + TODO: check +CVE-2016-8912 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 stores potentially ...) + TODO: check +CVE-2016-8911 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote ...) + TODO: check CVE-2016-9016 (Firejail 0.9.38.4 allows local users to execute arbitrary commands ...) - firejail 0.9.44-1 NOTE: https://github.com/netblue30/firejail/commit/46dc2b34f1fbbc4597b4ff9f6a3cb28b2d500d1b @@ -16553,62 +16561,52 @@ - libgd2 2.2.3-87-gd0fec80-2 (bug #840806) NOTE: Corresponds to the 0020-Fix-invalid-read-in-gdImageCreateFromTiffPtr.patch patch NOTE: https://github.com/libgd/libgd/commit/4859d69e07504d4b0a4bdf9bcb4d9e3769ca35ae -CVE-2016-8703 - RESERVED +CVE-2016-8703 (Heap-based buffer overflow in the bm_readbody_bmp function in ...) {DLA-675-1} - potrace 1.13-1 [jessie] - potrace 1.12-1+deb8u1 NOTE: https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/ -CVE-2016-8702 - RESERVED +CVE-2016-8702 (Heap-based buffer overflow in the bm_readbody_bmp function in ...) {DLA-675-1} - potrace 1.13-1 [jessie] - potrace 1.12-1+deb8u1 NOTE: https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/ -CVE-2016-8701 - RESERVED +CVE-2016-8701 (Heap-based buffer overflow in the bm_readbody_bmp function in ...) {DLA-675-1} - potrace 1.13-1 [jessie] - potrace 1.12-1+deb8u1 NOTE: https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/ -CVE-2016-8700 - RESERVED +CVE-2016-8700 (Heap-based buffer overflow in the bm_readbody_bmp function in ...) {DLA-675-1} - potrace 1.13-1 [jessie] - potrace 1.12-1+deb8u1 NOTE: https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/ -CVE-2016-8699 - RESERVED +CVE-2016-8699 (Heap-based buffer overflow in the bm_readbody_bmp function in ...) {DLA-675-1} - potrace 1.13-1 [jessie] - potrace 1.12-1+deb8u1 NOTE: https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/ -CVE-2016-8698 - RESERVED +CVE-2016-8698 (Heap-based buffer overflow in the bm_readbody_bmp function in ...) {DLA-675-1} - potrace 1.13-1 [jessie] - potrace 1.12-1+deb8u1 NOTE: https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/ -CVE-2016-8697 [AddressSanitizer: FPE on unknown address 0x508d51 in bm_new ... bitmap.h] - RESERVED +CVE-2016-8697 (The bm_new function in bitmap.h in potrace before 1.13 allows remote ...) {DLA-675-1} - potrace 1.13-1 [jessie] - potrace 1.12-1+deb8u1 NOTE: https://blogs.gentoo.org/ago/2016/08/08/potrace-divide-by-zero-in-bm_new-bitmap-h/ -CVE-2016-8696 - RESERVED +CVE-2016-8696 (The bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 ...) {DLA-675-1} - potrace 1.13-1 [jessie] - potrace 1.12-1+deb8u1 NOTE: https://blogs.gentoo.org/ago/2016/08/08/potrace-multiple-three-null-pointer-dereference-in-bm_readbody_bmp-bitmap_io-c/ -CVE-2016-8695 - RESERVED +CVE-2016-8695 (The bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 ...) {DLA-675-1} - potrace 1.13-1 [jessie] - potrace 1.12-1+deb8u1 NOTE: https://blogs.gentoo.org/ago/2016/08/08/potrace-multiple-three-null-pointer-dereference-in-bm_readbody_bmp-bitmap_io-c/ -CVE-2016-8694 - RESERVED +CVE-2016-8694 (The bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 ...) {DLA-675-1} - potrace 1.13-1 [jessie] - potrace 1.12-1+deb8u1 @@ -16995,7 +16993,7 @@ NOTE: http://www.openwall.com/lists/oss-security/2016/10/27/16 CVE-2016-8610 [SSL/TLS SSL3_AL_WARNING undefined alert DoS] RESERVED - {DSA-3773-1} + {DSA-3773-1 DLA-814-1} - openssl 1.0.2j-1 NOTE: http://www.openwall.com/lists/oss-security/2016/10/24/3 NOTE: Fixed by: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401 @@ -17274,8 +17272,8 @@ RESERVED CVE-2016-8492 RESERVED -CVE-2016-8491 - RESERVED +CVE-2016-8491 (The presence of a hardcoded account named 'core' in Fortinet FortiWLC ...) + TODO: check CVE-2015-8965 RESERVED CVE-2016-XXXX [dbus format string vulnerability] @@ -17294,12 +17292,10 @@ NOTE: and no mechanism is currently known by which an attacker who does not NOTE: already have root privileges could induce systemd to send messages NOTE: that would trigger the format string vulnerability. -CVE-2016-8686 [memory allocation failure] - RESERVED +CVE-2016-8686 (The bm_new function in bitmap.h in potrace 1.13 allows remote ...) - potrace <unfixed> (low; bug #850595) NOTE: https://blogs.gentoo.org/ago/2016/08/29/potrace-memory-allocation-failure -CVE-2016-8685 [invalid memory access in findnext (decompose.c)] - RESERVED +CVE-2016-8685 (The findnext function in decompose.c in potrace 1.13 allows remote ...) - potrace 1.13-3 (bug #843861) NOTE: https://blogs.gentoo.org/ago/2016/08/29/potrace-invalid-memory-access-in-findnext-decompose-c/ CVE-2016-8684 [memory allocation failure in MagickMalloc (memory.c)] @@ -21960,7 +21956,7 @@ RESERVED CVE-2016-7056 [ECDSA P-256 timing attack key recovery] RESERVED - {DSA-3773-1} + {DSA-3773-1 DLA-814-1} - openssl 1.0.2a-1 - openssl1.0 <not-affected> (Fixed before initial upload to Debian) NOTE: https://eprint.iacr.org/2016/1195.pdf @@ -23238,8 +23234,7 @@ {DLA-626-1} - phpmyadmin 4:4.6.4+dfsg1-1 NOTE: https://www.phpmyadmin.net/security/PMASA-2016-45/ -CVE-2016-6621 - RESERVED +CVE-2016-6621 (The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before ...) - phpmyadmin <undetermined> NOTE: https://www.phpmyadmin.net/security/PMASA-2016-44/ NOTE: https://github.com/phpmyadmin/phpmyadmin/issues/12481 @@ -24278,8 +24273,7 @@ NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2016-August/086342.html CVE-2016-6330 (The server in Red Hat JBoss Operations Network (JON), when SSL ...) NOT-FOR-US: Red Hat / JBoss Operations Network server -CVE-2016-6329 - RESERVED +CVE-2016-6329 (OpenVPN, when using a 64-bit block cipher, makes it easier for remote ...) - openvpn <unfixed> (unimportant) NOTE: https://community.openvpn.net/openvpn/wiki/SWEET32 NOTE: This is a generic cryptographic weakness, not a vulnerability in OpenVPN per se @@ -24460,8 +24454,8 @@ TODO: check CVE-2016-6286 (The "spiffy-cgi-handlers" egg would convert a nonexistent "Proxy" ...) TODO: check -CVE-2016-6285 - RESERVED +CVE-2016-6285 (Cross-site scripting (XSS) vulnerability in ...) + TODO: check CVE-2016-6284 RESERVED CVE-2016-6283 (Cross-site scripting (XSS) vulnerability in Atlassian Confluence ...) @@ -25427,16 +25421,16 @@ NOTE: libtomcrypt, thus keep that source package as well for now associated. CVE-2016-6127 RESERVED -CVE-2016-6126 - RESERVED -CVE-2016-6125 - RESERVED -CVE-2016-6124 - RESERVED -CVE-2016-6123 - RESERVED -CVE-2016-6122 - RESERVED +CVE-2016-6126 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote ...) + TODO: check +CVE-2016-6125 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to ...) + TODO: check +CVE-2016-6124 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote ...) + TODO: check +CVE-2016-6123 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to ...) + TODO: check +CVE-2016-6122 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 discloses answers to ...) + TODO: check CVE-2016-6121 RESERVED CVE-2016-6120 @@ -25453,8 +25447,8 @@ RESERVED CVE-2016-6114 RESERVED -CVE-2016-6113 - RESERVED +CVE-2016-6113 (IBM Verse is vulnerable to cross-site scripting. This vulnerability ...) + TODO: check CVE-2016-6112 RESERVED CVE-2016-6111 @@ -25499,8 +25493,8 @@ RESERVED CVE-2016-6091 REJECTED -CVE-2016-6090 - RESERVED +CVE-2016-6090 (IBM WebSphere Commerce contains an unspecified vulnerability that ...) + TODO: check CVE-2016-6089 RESERVED CVE-2016-6088 @@ -25509,18 +25503,18 @@ RESERVED CVE-2016-6086 RESERVED -CVE-2016-6085 - RESERVED -CVE-2016-6084 - RESERVED +CVE-2016-6085 (IBM BigFix Platform could allow an attacker on the local network to ...) + TODO: check +CVE-2016-6084 (IBM BigFix Platform could allow an attacker on the local network to ...) + TODO: check CVE-2016-6083 RESERVED -CVE-2016-6082 - RESERVED +CVE-2016-6082 (IBM BigFix Platform could allow a remote attacker to execute arbitrary ...) + TODO: check CVE-2016-6081 RESERVED -CVE-2016-6080 - RESERVED +CVE-2016-6080 (The WebAdmin context for WebSphere Message Broker allows directory ...) + TODO: check CVE-2016-6079 RESERVED CVE-2016-6078 @@ -25535,8 +25529,8 @@ RESERVED CVE-2016-6073 RESERVED -CVE-2016-6072 - RESERVED +CVE-2016-6072 (IBM Maximo Asset Management is vulnerable to cross-site scripting. ...) + TODO: check CVE-2016-6071 RESERVED CVE-2016-6070 @@ -25549,20 +25543,20 @@ RESERVED CVE-2016-6066 RESERVED -CVE-2016-6065 - RESERVED +CVE-2016-6065 (IBM Security Guardium Database Activity Monitor appliance could allow ...) + TODO: check CVE-2016-6064 RESERVED CVE-2016-6063 RESERVED CVE-2016-6062 RESERVED -CVE-2016-6061 - RESERVED +CVE-2016-6061 (IBM Jazz Foundation is vulnerable to cross-site scripting. This ...) + TODO: check CVE-2016-6060 RESERVED -CVE-2016-6059 - RESERVED +CVE-2016-6059 (IBM InfoSphere Information Server is vulnerable to a denial of ...) + TODO: check CVE-2016-6058 RESERVED CVE-2016-6057 @@ -25571,8 +25565,8 @@ RESERVED CVE-2016-6055 RESERVED -CVE-2016-6054 - RESERVED +CVE-2016-6054 (IBM Jazz Foundation is vulnerable to cross-site scripting. This ...) + TODO: check CVE-2016-6053 RESERVED CVE-2016-6052 @@ -25585,24 +25579,24 @@ RESERVED CVE-2016-6048 RESERVED -CVE-2016-6047 - RESERVED -CVE-2016-6046 - RESERVED -CVE-2016-6045 - RESERVED -CVE-2016-6044 - RESERVED -CVE-2016-6043 - RESERVED -CVE-2016-6042 - RESERVED +CVE-2016-6047 (IBM Jazz Reporting Service (JRS) is vulnerable to cross-site ...) + TODO: check +CVE-2016-6046 (IBM Tivoli Storage Manager Operations Center is vulnerable to ...) + TODO: check +CVE-2016-6045 (IBM Tivoli Storage Manager Operations Center is vulnerable to ...) + TODO: check +CVE-2016-6044 (IBM Tivoli Storage Manager Operations Center could allow an ...) + TODO: check +CVE-2016-6043 (Tivoli Storage Manager Operations Center could allow a local user to ...) + TODO: check +CVE-2016-6042 (IBM AppScan Enterprise Edition could allow a remote attacker to ...) + TODO: check CVE-2016-6041 RESERVED -CVE-2016-6040 - RESERVED -CVE-2016-6039 - RESERVED +CVE-2016-6040 (IBM Jazz Foundation could allow an authenticated user to take over a ...) + TODO: check +CVE-2016-6039 (IBM Jazz Reporting Service (JRS) is vulnerable to cross-site ...) + TODO: check CVE-2016-6038 (Directory traversal vulnerability in Eclipse Help in IBM Tivoli ...) NOT-FOR-US: Tivoli CVE-2016-6037 @@ -25611,20 +25605,20 @@ RESERVED CVE-2016-6035 RESERVED -CVE-2016-6034 - RESERVED +CVE-2016-6034 (IBM Tivoli Storage Manager for Virtual Environments (VMware) could ...) + TODO: check CVE-2016-6033 RESERVED CVE-2016-6032 RESERVED CVE-2016-6031 RESERVED -CVE-2016-6030 - RESERVED +CVE-2016-6030 (IBM Jazz Foundation is vulnerable to cross-site scripting. This ...) + TODO: check CVE-2016-6029 RESERVED -CVE-2016-6028 - RESERVED +CVE-2016-6028 (IBM Jazz technology based products might allow an attacker to view ...) + TODO: check CVE-2016-6027 (The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 ...) NOT-FOR-US: IBM CVE-2016-6026 (The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 ...) @@ -25639,8 +25633,8 @@ RESERVED CVE-2016-6021 RESERVED -CVE-2016-6020 - RESERVED +CVE-2016-6020 (IBM Sterling B2B Integrator Standard Edition could allow a remote ...) + TODO: check CVE-2016-6019 RESERVED CVE-2016-6018 @@ -25679,8 +25673,8 @@ RESERVED CVE-2016-6001 RESERVED -CVE-2016-6000 - RESERVED +CVE-2016-6000 (IBM TRIRIGA Application Platform is vulnerable to cross-site ...) + TODO: check CVE-2016-5999 RESERVED CVE-2016-5998 @@ -25691,36 +25685,36 @@ NOT-FOR-US: IBM Tealeaf Customer Experience CVE-2016-5995 (Untrusted search path vulnerability in IBM DB2 9.7 through FP11, 10.1 ...) NOT-FOR-US: IBM -CVE-2016-5994 - RESERVED +CVE-2016-5994 (IBM InfoSphere Information Server contains a vulnerability that would ...) + TODO: check CVE-2016-5993 RESERVED CVE-2016-5992 (IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 ...) TODO: check CVE-2016-5991 (IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 ...) TODO: check -CVE-2016-5990 - RESERVED +CVE-2016-5990 (IBM Security Privileged Identity Manager Virtual Appliance allows an ...) + TODO: check CVE-2016-5989 RESERVED -CVE-2016-5988 - RESERVED +CVE-2016-5988 (IBM Security Privileged Identity Manager Virtual Appliance could ...) + TODO: check CVE-2016-5987 (IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.10 ...) TODO: check CVE-2016-5986 (IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x ...) NOT-FOR-US: IBM -CVE-2016-5985 - RESERVED -CVE-2016-5984 - RESERVED +CVE-2016-5985 (The IBM Tivoli Storage Manager (IBM Spectrum Protect) AIX client is ...) + TODO: check +CVE-2016-5984 (IBM InfoSphere Information Server is vulnerable to cross-frame ...) + TODO: check CVE-2016-5983 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before ...) NOT-FOR-US: IBM CVE-2016-5982 RESERVED CVE-2016-5981 (Cross-site scripting (XSS) vulnerability in IBM FileNet Workplace XT ...) TODO: check -CVE-2016-5980 - RESERVED +CVE-2016-5980 (IBM TRIRIGA Application Platform is vulnerable to cross-site ...) + TODO: check CVE-2016-5979 RESERVED CVE-2016-5978 (Cross-site scripting (XSS) vulnerability in the Web UI in the web ...) @@ -25747,12 +25741,12 @@ TODO: check CVE-2016-5967 (The installation component in IBM Rational Asset Analyzer (RAA) 6.1.0 ...) TODO: check -CVE-2016-5966 - RESERVED +CVE-2016-5966 (IBM Security Privileged Identity Manager Virtual Appliance could allow ...) + TODO: check CVE-2016-5965 RESERVED -CVE-2016-5964 - RESERVED +CVE-2016-5964 (IBM Security Privileged Identity Manager Virtual Appliance version ...) + TODO: check CVE-2016-5963 (IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x ...) NOT-FOR-US: IBM CVE-2016-5962 @@ -25763,8 +25757,8 @@ RESERVED CVE-2016-5959 RESERVED -CVE-2016-5958 - RESERVED +CVE-2016-5958 (IBM Security Privileged Identity Manager could allow a remote attacker ...) + TODO: check CVE-2016-5957 (IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x ...) NOT-FOR-US: IBM CVE-2016-5956 @@ -25775,16 +25769,16 @@ NOT-FOR-US: IBM CVE-2016-5953 RESERVED -CVE-2016-5952 - RESERVED -CVE-2016-5951 - RESERVED -CVE-2016-5950 - RESERVED -CVE-2016-5949 - RESERVED -CVE-2016-5948 - RESERVED +CVE-2016-5952 (IBM Kenexa LCMS Premier on Cloud is vulnerable to SQL injection. A ...) + TODO: check +CVE-2016-5951 (IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site ...) + TODO: check +CVE-2016-5950 (IBM Kenexa LCMS Premier on Cloud stores user credentials in plain in ...) + TODO: check +CVE-2016-5949 (IBM Kenexa LCMS Premier on Cloud could allow an authenticated user to ...) + TODO: check +CVE-2016-5948 (IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site ...) + TODO: check CVE-2016-5947 (IBM Spectrum Control (formerly Tivoli Storage Productivity Center) ...) NOT-FOR-US: IBM CVE-2016-5946 (Directory traversal vulnerability in IBM Spectrum Control (formerly ...) @@ -25801,12 +25795,12 @@ RESERVED CVE-2016-5940 RESERVED -CVE-2016-5939 - RESERVED +CVE-2016-5939 (IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote ...) + TODO: check CVE-2016-5938 RESERVED -CVE-2016-5937 - RESERVED +CVE-2016-5937 (IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site request ...) + TODO: check CVE-2016-5936 RESERVED CVE-2016-5935 @@ -25881,14 +25875,14 @@ NOT-FOR-US: IBM CVE-2016-5900 RESERVED -CVE-2016-5899 - RESERVED -CVE-2016-5898 - RESERVED -CVE-2016-5897 - RESERVED -CVE-2016-5896 - RESERVED +CVE-2016-5899 (IBM Jazz Reporting Service (JRS) is vulnerable to cross-site ...) + TODO: check +CVE-2016-5898 (IBM Jazz Reporting Service (JRS) could allow a remote attacker to ...) + TODO: check +CVE-2016-5897 (IBM Jazz Reporting Service (JRS) is vulnerable to HTML injection. A ...) + TODO: check +CVE-2016-5896 (IBM Maximo Asset Management could disclose sensitive information from ...) + TODO: check CVE-2016-5895 RESERVED CVE-2016-5894 @@ -25911,16 +25905,16 @@ RESERVED CVE-2016-5885 RESERVED -CVE-2016-5884 - RESERVED +CVE-2016-5884 (IBM iNotes is vulnerable to cross-site scripting. This vulnerability ...) + TODO: check CVE-2016-5883 RESERVED -CVE-2016-5882 - RESERVED +CVE-2016-5882 (IBM iNotes is vulnerable to cross-site scripting. This vulnerability ...) + TODO: check CVE-2016-5881 RESERVED -CVE-2016-5880 - RESERVED +CVE-2016-5880 (IBM iNotes is vulnerable to cross-site scripting. This vulnerability ...) + TODO: check CVE-2016-5879 (MQCLI on IBM MQ Appliance M2000 and M2001 devices allows local users ...) NOT-FOR-US: IBM CVE-2016-5878 (Open redirect vulnerability in IBM FileNet Workplace 4.0.2 before ...) @@ -29843,8 +29837,7 @@ [wheezy] - ntp <not-affected> (Fix for CVE-2016-1547 or CVE-2015-7979 wasn't backported) NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#June_2016_ntp_4_2_8p8_NTP_Securi NOTE: http://support.ntp.org/bin/view/Main/NtpBug3045 -CVE-2016-5117 [OpenNTPD not verifying CN during HTTPS constraints request] - RESERVED +CVE-2016-5117 (OpenNTPD before 6.0p1 does not validate the CN for HTTPS constraint ...) - openntpd 1:6.0p1-1 (bug #825856; unimportant) [jessie] - openntpd <not-affected> (Vulnerable code introduced later) [wheezy] - openntpd <not-affected> (Vulnerable code introduced later) @@ -32428,8 +32421,7 @@ - linux 4.5.2-1 NOTE: Upstream commit: https://git.kernel.org/linus/b348d7dddb6c4fbfc810b7a0626e8ec9e29f7cbb (v4.6-rc3) NOTE: http://www.openwall.com/lists/oss-security/2016/04/19/1 -CVE-2016-4038 - RESERVED +CVE-2016-4038 (Array index error in the msm_sensor_config function in ...) NOT-FOR-US: Samsung Android driver CVE-2016-4035 RESERVED @@ -34751,8 +34743,7 @@ - giflib <unfixed> (unimportant) NOTE: https://sourceforge.net/p/giflib/bugs/83/ NOTE: Issue only in gifcolor utility, not installed into giflib-tools -CVE-2016-3176 [insecure configuration of PAM external authentication service] - RESERVED +CVE-2016-3176 (Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external ...) - salt 2015.8.8+ds-1 (bug #819184) [jessie] - salt <no-dsa> (Minor issue; external_auth not by default usable) NOTE: external_auth seems not usable by default under Jessie due to the @@ -35160,8 +35151,8 @@ TODO: check CVE-2016-3054 (Cross-site scripting (XSS) vulnerability in IBM FileNet Workplace ...) TODO: check -CVE-2016-3053 - RESERVED +CVE-2016-3053 (IBM AIX contains an unspecified vulnerability that would allow a ...) + TODO: check CVE-2016-3052 RESERVED CVE-2016-3051 @@ -35174,17 +35165,17 @@ RESERVED CVE-2016-3047 (Open redirect vulnerability in IBM FileNet Workplace 4.0.2 through ...) TODO: check -CVE-2016-3046 - RESERVED -CVE-2016-3045 - RESERVED +CVE-2016-3046 (IBM Security Access Manager for Web is vulnerable to SQL injection. A ...) + TODO: check +CVE-2016-3045 (IBM Security Access Manager for Web stores sensitive information in ...) + TODO: check CVE-2016-3044 (The Linux kernel component in IBM PowerKVM 2.1 before 2.1.1.3-65.10 ...) - linux <undetermined> NOTE: https://www-01.ibm.com/support/docview.wss?uid=isg3T1023969 NOTE: http://www.securityfocus.com/bid/92123/info NOTE: This issue might be a PowerKVM "rebrand" of CVE-2016-5412. -CVE-2016-3043 - RESERVED +CVE-2016-3043 (IBM Security Access Manager for Web could allow a remote attacker to ...) + TODO: check CVE-2016-3042 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM ...) TODO: check CVE-2016-3041 @@ -35199,10 +35190,10 @@ RESERVED CVE-2016-3036 RESERVED -CVE-2016-3035 - RESERVED -CVE-2016-3034 - RESERVED +CVE-2016-3035 (IBM AppScan Source could reveal some sensitive information through the ...) + TODO: check +CVE-2016-3034 (IBM AppScan Source uses a one-way hash without salt to encrypt highly ...) + TODO: check CVE-2016-3033 (IBM AppScan Source 8.7 through 9.0.3.3 allows remote authenticated ...) TODO: check CVE-2016-3032 @@ -35211,34 +35202,34 @@ RESERVED CVE-2016-3030 RESERVED -CVE-2016-3029 - RESERVED +CVE-2016-3029 (IBM Security Access Manager for Web is vulnerable to cross-site ...) + TODO: check CVE-2016-3028 (IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before ...) TODO: check -CVE-2016-3027 - RESERVED +CVE-2016-3027 (IBM Security Access Manager for Web is vulnerable to a denial of ...) + TODO: check CVE-2016-3026 RESERVED CVE-2016-3025 (IBM Security Access Manager for Mobile 8.x before 8.0.1.4 IF3 and ...) TODO: check -CVE-2016-3024 - RESERVED -CVE-2016-3023 - RESERVED -CVE-2016-3022 - RESERVED -CVE-2016-3021 - RESERVED +CVE-2016-3024 (IBM Security Access Manager for Web allows web pages to be stored ...) + TODO: check +CVE-2016-3023 (IBM Security Access Manager for Web could allow an unauthenticated ...) + TODO: check +CVE-2016-3022 (IBM Security Access Manager for Web could allow an authenticated user ...) + TODO: check +CVE-2016-3021 (IBM Security Access Manager for Web could allow an authenticated ...) + TODO: check CVE-2016-3020 RESERVED CVE-2016-3019 RESERVED -CVE-2016-3018 - RESERVED -CVE-2016-3017 - RESERVED -CVE-2016-3016 - RESERVED +CVE-2016-3018 (IBM Security Access Manager for Web is vulnerable to cross-site ...) + TODO: check +CVE-2016-3017 (IBM Security Access Manager for Web could allow a remote attacker to ...) + TODO: check +CVE-2016-3016 (IBM Security Access Manager for Web processes patches, image backups ...) + TODO: check CVE-2016-3015 RESERVED CVE-2016-3014 (Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative ...) @@ -35295,8 +35286,8 @@ TODO: check CVE-2016-2988 (IBM Tivoli Storage Manger for Virtual Environments: Data Protection ...) TODO: check -CVE-2016-2987 - RESERVED +CVE-2016-2987 (An undisclosed vulnerability in CLM applications may result in some ...) + TODO: check CVE-2016-2986 (Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative ...) TODO: check CVE-2016-2985 (IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and ...) @@ -35391,10 +35382,10 @@ RESERVED CVE-2016-2940 (Multiple unspecified vulnerabilities in IBM BigFix Remote Control ...) TODO: check -CVE-2016-2939 - RESERVED -CVE-2016-2938 - RESERVED +CVE-2016-2939 (IBM iNotes is vulnerable to cross-site scripting. This vulnerability ...) + TODO: check +CVE-2016-2938 (IBM iNotes is vulnerable to cross-site scripting. This vulnerability ...) + TODO: check CVE-2016-2937 (IBM BigFix Remote Control before 9.1.3 allows remote attackers to ...) TODO: check CVE-2016-2936 (IBM BigFix Remote Control before 9.1.3 uses cleartext storage for ...) @@ -35453,8 +35444,8 @@ RESERVED CVE-2016-2909 RESERVED -CVE-2016-2908 - RESERVED +CVE-2016-2908 (IBM Single Sign On for Bluemix could allow a remote attacker to obtain ...) + TODO: check CVE-2016-2907 RESERVED CVE-2016-2906 @@ -39422,8 +39413,7 @@ NOTE: http://www.openwall.com/lists/oss-security/2016/01/19/4 NOTE: To reproduce and uncover the issue with unstable version compile with ASAN NOTE: Patch: https://lists.gnu.org/archive/html/bug-cpio/2016-01/msg00005.html -CVE-2016-2050 [Out-of-bounds write in get_abbrev_array_info] - RESERVED +CVE-2016-2050 (The get_abbrev_array_info function in libdwarf-20151114 allows remote ...) {DLA-669-1} - dwarfutils 20160507+git20160523.9086738-1 (unimportant) [jessie] - dwarfutils 20120410-2+deb8u1 @@ -44738,12 +44728,12 @@ TODO: check CVE-2016-0397 (WebReports in IBM BigFix Platform (formerly Tivoli Endpoint Manager) ...) TODO: check -CVE-2016-0396 - RESERVED +CVE-2016-0396 (IBM Tivoli Endpoint Manager could allow a user under special ...) + TODO: check CVE-2016-0395 RESERVED -CVE-2016-0394 - RESERVED +CVE-2016-0394 (IBM Integration Bus and WebSphere Message broker sets incorrect ...) + TODO: check CVE-2016-0393 (IBM Maximo Asset Management 7.5 before 7.5.0.10-TIV-MBS-IFIX002 and ...) TODO: check CVE-2016-0392 (IBM General Parallel File System (GPFS) in GPFS Storage Server 2.0.0 ...) @@ -44936,10 +44926,10 @@ RESERVED CVE-2016-0298 (Directory traversal vulnerability in IBM Security Guardium Database ...) TODO: check -CVE-2016-0297 - RESERVED -CVE-2016-0296 - RESERVED +CVE-2016-0297 (IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) could ...) + TODO: check +CVE-2016-0296 (IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores ...) + TODO: check CVE-2016-0295 RESERVED CVE-2016-0294 @@ -45000,8 +44990,8 @@ TODO: check CVE-2016-0266 (IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the ...) TODO: check -CVE-2016-0265 - RESERVED +CVE-2016-0265 (IBM Campaign is vulnerable to cross-site scripting, caused by improper ...) + TODO: check CVE-2016-0264 (Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java ...) NOT-FOR-US: IBM JDK CVE-2016-0263 (IBM Spectrum Scale 4.1 before 4.1.1.5 and 4.2 before 4.2.0.2 and ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits