Author: sectracker
Date: 2017-02-01 21:10:19 +0000 (Wed, 01 Feb 2017)
New Revision: 48654
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-02-01 18:44:16 UTC (rev 48653)
+++ data/CVE/list 2017-02-01 21:10:19 UTC (rev 48654)
@@ -1,3 +1,17 @@
+CVE-2017-5675
+ RESERVED
+CVE-2017-5674
+ RESERVED
+CVE-2017-5673
+ RESERVED
+CVE-2017-5672
+ RESERVED
+CVE-2017-5671
+ RESERVED
+CVE-2017-5670
+ RESERVED
+CVE-2017-5669
+ RESERVED
CVE-2017-5666 [invalid free in free_options (options_manager.c)]
RESERVED
- mp3splt <unfixed>
@@ -226,17 +240,17 @@
CVE-2017-5598 (An issue was discovered in eClinicalWorks healow@work 8.0 build
8. This ...)
NOT-FOR-US: eClinicalWorks
CVE-2017-5612 (Cross-site scripting (XSS) vulnerability in ...)
- {DLA-813-1}
+ {DSA-3779-1 DLA-813-1}
- wordpress 4.7.2+dfsg-1 (bug #852767)
NOTE:
https://github.com/WordPress/WordPress/commit/4482f9207027de8f36630737ae085110896ea849
NOTE: http://www.openwall.com/lists/oss-security/2017/01/27/2
CVE-2017-5611 (SQL injection vulnerability in wp-includes/class-wp-query.php
in ...)
- {DLA-813-1}
+ {DSA-3779-1 DLA-813-1}
- wordpress 4.7.2+dfsg-1 (bug #852767)
NOTE:
https://github.com/WordPress/WordPress/commit/85384297a60900004e27e417eac56d24267054cb
NOTE: http://www.openwall.com/lists/oss-security/2017/01/27/2
CVE-2017-5610 (wp-admin/includes/class-wp-press-this.php in Press This in
WordPress ...)
- {DLA-813-1}
+ {DSA-3779-1 DLA-813-1}
- wordpress 4.7.2+dfsg-1 (bug #852767)
NOTE:
https://github.com/WordPress/WordPress/commit/21264a31e0849e6ff793a06a17de877dd88ea454
NOTE: http://www.openwall.com/lists/oss-security/2017/01/27/2
@@ -254,8 +268,7 @@
RESERVED
CVE-2017-5589
RESERVED
-CVE-2016-10173 [directory traversal vulnerability]
- RESERVED
+CVE-2016-10173 (Directory traversal vulnerability in the minitar before 0.6
and ...)
{DSA-3778-1 DLA-808-1}
- ruby-minitar 0.5.4-3.1 (bug #853075)
- ruby-archive-tar-minitar <removed> (bug #853249)
@@ -373,8 +386,7 @@
- lcms2 2.8-4 (bug #852627)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1367357
NOTE:
https://github.com/mm2/Little-CMS/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2
-CVE-2016-10164 [heap overflow]
- RESERVED
+CVE-2016-10164 (Multiple integer overflows in libXpm before 3.5.12, when a
program ...)
{DSA-3772-1 DLA-801-1}
- libxpm 1:3.5.12-1
NOTE: Fixed by:
https://cgit.freedesktop.org/xorg/lib/libXpm/commit/?id=d1167418f0fd02a27f617ec5afd6db053afbe185
@@ -1234,36 +1246,36 @@
NOTE: https://wpvulndb.com/vulnerabilities/8715
NOTE:
https://github.com/WordPress/WordPress/commit/daf358983cc1ce0c77bf6d2de2ebbb43df2add60
CVE-2017-5488 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- {DLA-813-1}
+ {DSA-3779-1 DLA-813-1}
- wordpress 4.7.1+dfsg-1 (bug #851310)
NOTE: http://www.openwall.com/lists/oss-security/2017/01/14/1
NOTE: https://wpvulndb.com/vulnerabilities/8716
NOTE:
https://github.com/WordPress/WordPress/blob/c9ea1de1441bb3bda133bf72d513ca9de66566c2/wp-admin/update-core.php
CVE-2017-5489 (Cross-site request forgery (CSRF) vulnerability in WordPress
before ...)
- {DLA-813-1}
+ {DSA-3779-1 DLA-813-1}
- wordpress 4.7.1+dfsg-1 (bug #851310)
NOTE: http://www.openwall.com/lists/oss-security/2017/01/14/1
NOTE: https://wpvulndb.com/vulnerabilities/8717
CVE-2017-5490 (Cross-site scripting (XSS) vulnerability in the theme-name
fallback ...)
- {DLA-813-1}
+ {DSA-3779-1 DLA-813-1}
- wordpress 4.7.1+dfsg-1 (bug #851310)
NOTE: http://www.openwall.com/lists/oss-security/2017/01/14/1
NOTE: https://wpvulndb.com/vulnerabilities/8718
NOTE:
https://github.com/WordPress/WordPress/commit/ce7fb2934dd111e6353784852de8aea2a938b359
CVE-2017-5491 (wp-mail.php in WordPress before 4.7.1 might allow remote
attackers to ...)
- {DLA-813-1}
+ {DSA-3779-1 DLA-813-1}
- wordpress 4.7.1+dfsg-1 (bug #851310)
NOTE: http://www.openwall.com/lists/oss-security/2017/01/14/1
NOTE: https://wpvulndb.com/vulnerabilities/8719
NOTE:
https://github.com/WordPress/WordPress/commit/061e8788814ac87706d8b95688df276fe3c8596a
CVE-2017-5492 (Cross-site request forgery (CSRF) vulnerability in the
widget-editing ...)
- {DLA-813-1}
+ {DSA-3779-1 DLA-813-1}
- wordpress 4.7.1+dfsg-1 (bug #851310)
NOTE: http://www.openwall.com/lists/oss-security/2017/01/14/1
NOTE: https://wpvulndb.com/vulnerabilities/8720
NOTE:
https://github.com/WordPress/WordPress/commit/03e5c0314aeffe6b27f4b98fef842bf0fb00c733
CVE-2017-5493 (wp-includes/ms-functions.php in the Multisite WordPress API in
...)
- {DLA-813-1}
+ {DSA-3779-1 DLA-813-1}
- wordpress 4.7.1+dfsg-1 (bug #851310)
NOTE: http://www.openwall.com/lists/oss-security/2017/01/14/1
NOTE: https://wpvulndb.com/vulnerabilities/8721
@@ -2466,8 +2478,8 @@
NOTE: https://bugs.launchpad.net/shutter/+bug/1652600
CVE-2016-10080
RESERVED
-CVE-2016-10079
- RESERVED
+CVE-2016-10079 (SAPlpd through 7400.3.11.33 in SAP GUI 7.40 on Windows has a
Denial of ...)
+ TODO: check
CVE-2016-10078
RESERVED
CVE-2016-10077
@@ -4618,8 +4630,8 @@
NOT-FOR-US: WampServer
CVE-2016-10044
RESERVED
-CVE-2016-10043
- RESERVED
+CVE-2016-10043 (An issue was discovered in Radisys MRF Web Panel (SWMS) 9.0.1.
The ...)
+ TODO: check
CVE-2016-10042
RESERVED
CVE-2016-10041 (An issue was discovered in Sprecher Automation SPRECON-E
Service ...)
@@ -4814,8 +4826,8 @@
RESERVED
CVE-2017-3824
RESERVED
-CVE-2017-3823
- RESERVED
+CVE-2017-3823 (An issue was discovered in the Cisco WebEx Extension before
1.0.7 on ...)
+ TODO: check
CVE-2017-3822
RESERVED
CVE-2017-3821
@@ -4876,13 +4888,11 @@
NOT-FOR-US: Cisco
CVE-2017-3793
RESERVED
-CVE-2017-3792
- RESERVED
+CVE-2017-3792 (A vulnerability in a proprietary device driver in the kernel of
Cisco ...)
NOT-FOR-US: Cisco TelePresence
-CVE-2017-3791
- RESERVED
-CVE-2017-3790
- RESERVED
+CVE-2017-3791 (A vulnerability in the web-based GUI of Cisco Prime Home could
allow an ...)
+ TODO: check
+CVE-2017-3790 (A vulnerability in the received packet parser of Cisco
Expressway ...)
NOT-FOR-US: Cisco Expressway
CVE-2016-5103
REJECTED
@@ -5075,7 +5085,7 @@
NOTE: https://www.openssl.org/news/secadv/20170126.txt
CVE-2017-3731
RESERVED
- {DSA-3773-1}
+ {DSA-3773-1 DLA-814-1}
- openssl 1.1.0d-1
- openssl1.0 1.0.2k-1
NOTE: https://www.openssl.org/news/secadv/20170126.txt
@@ -5155,8 +5165,7 @@
NOT-FOR-US: Samsung
CVE-2016-9965 (Lack of appropriate exception handling in some receivers of the
Telecom ...)
NOT-FOR-US: Samsung
-CVE-2016-9962 [insecure opening of file-descriptor allows privilege escalation]
- RESERVED
+CVE-2016-9962 (Race condition in Docker Engine before 1.12.6 might allow local
root ...)
- docker.io <unfixed> (bug #850952)
- runc 0.1.1+dfsg1-2 (bug #850951)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1012568
@@ -5278,8 +5287,7 @@
- python-bottle 0.12.11-1 (bug #848392)
NOTE: Upstream bug: https://github.com/bottlepy/bottle/issues/913
NOTE: Upstream patch:
https://github.com/bottlepy/bottle/commit/6d7e13da0f998820800ecb3fe9ccee4189aefb54
-CVE-2016-9963 [disclosure of private information]
- RESERVED
+CVE-2016-9963 (Exim before 4.87.1 might allow remote attackers to obtain the
private ...)
{DSA-3747-1 DLA-762-1}
- exim4 4.88~RC6-2
NOTE: https://bugs.exim.org/show_bug.cgi?id=1996
@@ -11871,8 +11879,8 @@
RESERVED
CVE-2016-9732
RESERVED
-CVE-2016-9731
- RESERVED
+CVE-2016-9731 (IBM Business Process Manager is vulnerable to cross-site
scripting. ...)
+ TODO: check
CVE-2016-9730
RESERVED
CVE-2016-9729
@@ -13189,6 +13197,7 @@
RESERVED
CVE-2017-0358
RESERVED
+ {DSA-3780-1}
- ntfs-3g 1:2016.2.22AR.1-4
CVE-2017-0357 [heap buffer overflow on -tr loader]
RESERVED
@@ -14200,46 +14209,46 @@
- tiff <not-affected> (Vulnerable code introduced by fix for
CVE-2016-9297)
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2593
NOTE: Regression introduced by previous fix done on 2016-11-11 for
CVE-2016-9297
-CVE-2016-9421
- RESERVED
-CVE-2016-9420
- RESERVED
-CVE-2016-9419
- RESERVED
-CVE-2016-9418
- RESERVED
-CVE-2016-9417
- RESERVED
-CVE-2016-9416
- RESERVED
-CVE-2016-9415
- RESERVED
-CVE-2016-9414
- RESERVED
-CVE-2016-9413
- RESERVED
-CVE-2016-9412
- RESERVED
-CVE-2016-9411
- RESERVED
-CVE-2016-9410
- RESERVED
-CVE-2016-9409
- RESERVED
-CVE-2016-9408
- RESERVED
-CVE-2016-9407
- RESERVED
-CVE-2016-9406
- RESERVED
-CVE-2016-9405
- RESERVED
-CVE-2016-9404
- RESERVED
-CVE-2016-9403
- RESERVED
-CVE-2016-9402
- RESERVED
+CVE-2016-9421 (Cross-site scripting (XSS) vulnerability in the Users module in
the ...)
+ TODO: check
+CVE-2016-9420 (MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System
before ...)
+ TODO: check
+CVE-2016-9419 (Cross-site scripting (XSS) vulnerability in the Admin control
panel in ...)
+ TODO: check
+CVE-2016-9418 (MyBB (aka MyBulletinBoard) before 1.8.8 on Windows and MyBB
Merge ...)
+ TODO: check
+CVE-2016-9417 (The fetch_remote_file function in MyBB (aka MyBulletinBoard)
before ...)
+ TODO: check
+CVE-2016-9416 (SQL injection vulnerability in the users data handler in MyBB
(aka ...)
+ TODO: check
+CVE-2016-9415 (MyBB (aka MyBulletinBoard) before 1.8.8 on Windows and MyBB
Merge ...)
+ TODO: check
+CVE-2016-9414 (MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System
before ...)
+ TODO: check
+CVE-2016-9413 (The Admin control panel in MyBB (aka MyBulletinBoard) before
1.8.7 and ...)
+ TODO: check
+CVE-2016-9412 (MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System
before ...)
+ TODO: check
+CVE-2016-9411 (The Admin control panel in MyBB (aka MyBulletinBoard) before
1.8.7 and ...)
+ TODO: check
+CVE-2016-9410 (MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System
before ...)
+ TODO: check
+CVE-2016-9409 (Cross-site scripting (XSS) vulnerability in the Admin control
panel in ...)
+ TODO: check
+CVE-2016-9408 (Cross-site scripting (XSS) vulnerability in the Mod control
panel in ...)
+ TODO: check
+CVE-2016-9407 (Cross-site scripting (XSS) vulnerability in MyBB (aka
MyBulletinBoard) ...)
+ TODO: check
+CVE-2016-9406 (Cross-site scripting (XSS) vulnerability in the User control
panel in ...)
+ TODO: check
+CVE-2016-9405 (Cross-site scripting (XSS) vulnerability in member validation
in MyBB ...)
+ TODO: check
+CVE-2016-9404 (Cross-site scripting (XSS) vulnerability in MyBB (aka
MyBulletinBoard) ...)
+ TODO: check
+CVE-2016-9403 (newreply.php in MyBB (aka MyBulletinBoard) before 1.8.7 and
MyBB Merge ...)
+ TODO: check
+CVE-2016-9402 (SQL injection vulnerability in the moderation tool in MyBB (aka
...)
+ TODO: check
CVE-2016-9386 (The x86 emulator in Xen does not properly treat x86 NULL
segments as ...)
{DSA-3729-1 DLA-720-1}
- xen 4.8.0-1 (bug #845663)
@@ -14374,16 +14383,16 @@
[jessie] - libsoap-lite-perl <no-dsa> (Minor issue)
NOTE: https://github.com/redhotpenguin/soaplite/pull/21
NOTE:
https://github.com/redhotpenguin/soaplite/commit/6942fe0d281be1c32c5117605f9c4e8d44f51124
-CVE-2015-8977
- RESERVED
-CVE-2015-8976
- RESERVED
-CVE-2015-8975
- RESERVED
-CVE-2015-8974
- RESERVED
-CVE-2015-8973
- RESERVED
+CVE-2015-8977 (MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6
and ...)
+ TODO: check
+CVE-2015-8976 (Cross-site scripting (XSS) vulnerability in MyBB (aka
MyBulletinBoard) ...)
+ TODO: check
+CVE-2015-8975 (Cross-site scripting (XSS) vulnerability in the error handler
in MyBB ...)
+ TODO: check
+CVE-2015-8974 (SQL injection vulnerability in the Group Promotions module in
the ...)
+ TODO: check
+CVE-2015-8973 (xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.6.18 and
1.8.x ...)
+ TODO: check
CVE-2016-9453 (The t2p_readwrite_pdf_image_tile function in LibTIFF allows
remote ...)
{DSA-3762-1}
- tiff 4.0.6-3
@@ -14915,8 +14924,8 @@
NOTE: Can be reproduced with valgrind in jessie with libtiff
4.0.3-12.3+deb8u1
CVE-2016-9261
RESERVED
-CVE-2016-9260
- RESERVED
+CVE-2016-9260 (Cross-site scripting (XSS) vulnerability in Tenable Nessus
before 6.9 ...)
+ TODO: check
CVE-2016-9259
RESERVED
CVE-2017-0305
@@ -15028,8 +15037,7 @@
RESERVED
CVE-2016-9226
RESERVED
-CVE-2016-9225
- RESERVED
+CVE-2016-9225 (A vulnerability in the data plane IP fragment handler of the
Cisco ...)
NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2016-9224 (A vulnerability in the Cisco Jabber Guest Server could allow an
...)
NOT-FOR-US: Cisco
@@ -15610,8 +15618,8 @@
REJECTED
CVE-2016-9040
RESERVED
-CVE-2016-9039
- RESERVED
+CVE-2016-9039 (An exploitable denial of service exists in the the Joyent
SmartOS ...)
+ TODO: check
CVE-2016-9038
RESERVED
CVE-2016-9037 (An exploitable out-of-bounds array access vulnerability exists
in the ...)
@@ -15770,10 +15778,10 @@
RESERVED
CVE-2016-8982
RESERVED
-CVE-2016-8981
- RESERVED
-CVE-2016-8980
- RESERVED
+CVE-2016-8981 (IBM BigFix Inventory v9 allows web pages to be stored locally
which ...)
+ TODO: check
+CVE-2016-8980 (IBM BigFix Inventory v9 is vulnerable to a denial of service,
caused ...)
+ TODO: check
CVE-2016-8979
RESERVED
CVE-2016-8978
@@ -15800,8 +15808,8 @@
RESERVED
CVE-2016-8967
RESERVED
-CVE-2016-8966
- RESERVED
+CVE-2016-8966 (IBM BigFix Inventory v9 could allow a remote attacker to obtain
...)
+ TODO: check
CVE-2016-8965
RESERVED
CVE-2016-8964
@@ -15810,8 +15818,8 @@
RESERVED
CVE-2016-8962
RESERVED
-CVE-2016-8961
- RESERVED
+CVE-2016-8961 (IBM BigFix Inventory v9 could allow a remote attacker to
conduct ...)
+ TODO: check
CVE-2016-8960
RESERVED
CVE-2016-8959
@@ -15846,12 +15854,12 @@
RESERVED
CVE-2016-8944
RESERVED
-CVE-2016-8943
- RESERVED
-CVE-2016-8942
- RESERVED
-CVE-2016-8941
- RESERVED
+CVE-2016-8943 (IBM Tivoli Storage Productivity Center is vulnerable to
cross-site ...)
+ TODO: check
+CVE-2016-8942 (IBM Tivoli Storage Productivity Center could allow an
authenticated ...)
+ TODO: check
+CVE-2016-8941 (IBM Tivoli Storage Productivity Center is vulnerable to
cross-site ...)
+ TODO: check
CVE-2016-8940
RESERVED
CVE-2016-8939
@@ -15860,12 +15868,12 @@
RESERVED
CVE-2016-8937
RESERVED
-CVE-2016-8936
- RESERVED
+CVE-2016-8936 (IBM Social Rendering Templates for Digital Data Connector is
...)
+ TODO: check
CVE-2016-8935
RESERVED
-CVE-2016-8934
- RESERVED
+CVE-2016-8934 (IBM WebSphere Application Server is vulnerable to cross-site
...)
+ TODO: check
CVE-2016-8933
RESERVED
CVE-2016-8932
@@ -15888,16 +15896,16 @@
RESERVED
CVE-2016-8923
RESERVED
-CVE-2016-8922
- RESERVED
-CVE-2016-8921
- RESERVED
-CVE-2016-8920
- RESERVED
+CVE-2016-8922 (Exphox WebRadar is vulnerable to cross-site scripting. This ...)
+ TODO: check
+CVE-2016-8921 (IBM FileNet WorkPlace XT could allow a remote attacker to
upload ...)
+ TODO: check
+CVE-2016-8920 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to
...)
+ TODO: check
CVE-2016-8919
RESERVED
-CVE-2016-8918
- RESERVED
+CVE-2016-8918 (IBM Integration Bus, under non default configurations, could
allow a ...)
+ TODO: check
CVE-2016-8917
RESERVED
CVE-2016-8916
@@ -15906,12 +15914,12 @@
RESERVED
CVE-2016-8914
RESERVED
-CVE-2016-8913
- RESERVED
-CVE-2016-8912
- RESERVED
-CVE-2016-8911
- RESERVED
+CVE-2016-8913 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a
remote ...)
+ TODO: check
+CVE-2016-8912 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 stores
potentially ...)
+ TODO: check
+CVE-2016-8911 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a
remote ...)
+ TODO: check
CVE-2016-9016 (Firejail 0.9.38.4 allows local users to execute arbitrary
commands ...)
- firejail 0.9.44-1
NOTE:
https://github.com/netblue30/firejail/commit/46dc2b34f1fbbc4597b4ff9f6a3cb28b2d500d1b
@@ -16553,62 +16561,52 @@
- libgd2 2.2.3-87-gd0fec80-2 (bug #840806)
NOTE: Corresponds to the
0020-Fix-invalid-read-in-gdImageCreateFromTiffPtr.patch patch
NOTE:
https://github.com/libgd/libgd/commit/4859d69e07504d4b0a4bdf9bcb4d9e3769ca35ae
-CVE-2016-8703
- RESERVED
+CVE-2016-8703 (Heap-based buffer overflow in the bm_readbody_bmp function in
...)
{DLA-675-1}
- potrace 1.13-1
[jessie] - potrace 1.12-1+deb8u1
NOTE:
https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/
-CVE-2016-8702
- RESERVED
+CVE-2016-8702 (Heap-based buffer overflow in the bm_readbody_bmp function in
...)
{DLA-675-1}
- potrace 1.13-1
[jessie] - potrace 1.12-1+deb8u1
NOTE:
https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/
-CVE-2016-8701
- RESERVED
+CVE-2016-8701 (Heap-based buffer overflow in the bm_readbody_bmp function in
...)
{DLA-675-1}
- potrace 1.13-1
[jessie] - potrace 1.12-1+deb8u1
NOTE:
https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/
-CVE-2016-8700
- RESERVED
+CVE-2016-8700 (Heap-based buffer overflow in the bm_readbody_bmp function in
...)
{DLA-675-1}
- potrace 1.13-1
[jessie] - potrace 1.12-1+deb8u1
NOTE:
https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/
-CVE-2016-8699
- RESERVED
+CVE-2016-8699 (Heap-based buffer overflow in the bm_readbody_bmp function in
...)
{DLA-675-1}
- potrace 1.13-1
[jessie] - potrace 1.12-1+deb8u1
NOTE:
https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/
-CVE-2016-8698
- RESERVED
+CVE-2016-8698 (Heap-based buffer overflow in the bm_readbody_bmp function in
...)
{DLA-675-1}
- potrace 1.13-1
[jessie] - potrace 1.12-1+deb8u1
NOTE:
https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/
-CVE-2016-8697 [AddressSanitizer: FPE on unknown address 0x508d51 in bm_new ...
bitmap.h]
- RESERVED
+CVE-2016-8697 (The bm_new function in bitmap.h in potrace before 1.13 allows
remote ...)
{DLA-675-1}
- potrace 1.13-1
[jessie] - potrace 1.12-1+deb8u1
NOTE:
https://blogs.gentoo.org/ago/2016/08/08/potrace-divide-by-zero-in-bm_new-bitmap-h/
-CVE-2016-8696
- RESERVED
+CVE-2016-8696 (The bm_readbody_bmp function in bitmap_io.c in potrace before
1.13 ...)
{DLA-675-1}
- potrace 1.13-1
[jessie] - potrace 1.12-1+deb8u1
NOTE:
https://blogs.gentoo.org/ago/2016/08/08/potrace-multiple-three-null-pointer-dereference-in-bm_readbody_bmp-bitmap_io-c/
-CVE-2016-8695
- RESERVED
+CVE-2016-8695 (The bm_readbody_bmp function in bitmap_io.c in potrace before
1.13 ...)
{DLA-675-1}
- potrace 1.13-1
[jessie] - potrace 1.12-1+deb8u1
NOTE:
https://blogs.gentoo.org/ago/2016/08/08/potrace-multiple-three-null-pointer-dereference-in-bm_readbody_bmp-bitmap_io-c/
-CVE-2016-8694
- RESERVED
+CVE-2016-8694 (The bm_readbody_bmp function in bitmap_io.c in potrace before
1.13 ...)
{DLA-675-1}
- potrace 1.13-1
[jessie] - potrace 1.12-1+deb8u1
@@ -16995,7 +16993,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/10/27/16
CVE-2016-8610 [SSL/TLS SSL3_AL_WARNING undefined alert DoS]
RESERVED
- {DSA-3773-1}
+ {DSA-3773-1 DLA-814-1}
- openssl 1.0.2j-1
NOTE: http://www.openwall.com/lists/oss-security/2016/10/24/3
NOTE: Fixed by:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401
@@ -17274,8 +17272,8 @@
RESERVED
CVE-2016-8492
RESERVED
-CVE-2016-8491
- RESERVED
+CVE-2016-8491 (The presence of a hardcoded account named 'core' in Fortinet
FortiWLC ...)
+ TODO: check
CVE-2015-8965
RESERVED
CVE-2016-XXXX [dbus format string vulnerability]
@@ -17294,12 +17292,10 @@
NOTE: and no mechanism is currently known by which an attacker who does
not
NOTE: already have root privileges could induce systemd to send messages
NOTE: that would trigger the format string vulnerability.
-CVE-2016-8686 [memory allocation failure]
- RESERVED
+CVE-2016-8686 (The bm_new function in bitmap.h in potrace 1.13 allows remote
...)
- potrace <unfixed> (low; bug #850595)
NOTE:
https://blogs.gentoo.org/ago/2016/08/29/potrace-memory-allocation-failure
-CVE-2016-8685 [invalid memory access in findnext (decompose.c)]
- RESERVED
+CVE-2016-8685 (The findnext function in decompose.c in potrace 1.13 allows
remote ...)
- potrace 1.13-3 (bug #843861)
NOTE:
https://blogs.gentoo.org/ago/2016/08/29/potrace-invalid-memory-access-in-findnext-decompose-c/
CVE-2016-8684 [memory allocation failure in MagickMalloc (memory.c)]
@@ -21960,7 +21956,7 @@
RESERVED
CVE-2016-7056 [ECDSA P-256 timing attack key recovery]
RESERVED
- {DSA-3773-1}
+ {DSA-3773-1 DLA-814-1}
- openssl 1.0.2a-1
- openssl1.0 <not-affected> (Fixed before initial upload to Debian)
NOTE: https://eprint.iacr.org/2016/1195.pdf
@@ -23238,8 +23234,7 @@
{DLA-626-1}
- phpmyadmin 4:4.6.4+dfsg1-1
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-45/
-CVE-2016-6621
- RESERVED
+CVE-2016-6621 (The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before
...)
- phpmyadmin <undetermined>
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-44/
NOTE: https://github.com/phpmyadmin/phpmyadmin/issues/12481
@@ -24278,8 +24273,7 @@
NOTE:
https://lists.wikimedia.org/pipermail/wikitech-l/2016-August/086342.html
CVE-2016-6330 (The server in Red Hat JBoss Operations Network (JON), when SSL
...)
NOT-FOR-US: Red Hat / JBoss Operations Network server
-CVE-2016-6329
- RESERVED
+CVE-2016-6329 (OpenVPN, when using a 64-bit block cipher, makes it easier for
remote ...)
- openvpn <unfixed> (unimportant)
NOTE: https://community.openvpn.net/openvpn/wiki/SWEET32
NOTE: This is a generic cryptographic weakness, not a vulnerability in
OpenVPN per se
@@ -24460,8 +24454,8 @@
TODO: check
CVE-2016-6286 (The "spiffy-cgi-handlers" egg would convert a
nonexistent "Proxy" ...)
TODO: check
-CVE-2016-6285
- RESERVED
+CVE-2016-6285 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
CVE-2016-6284
RESERVED
CVE-2016-6283 (Cross-site scripting (XSS) vulnerability in Atlassian
Confluence ...)
@@ -25427,16 +25421,16 @@
NOTE: libtomcrypt, thus keep that source package as well for now
associated.
CVE-2016-6127
RESERVED
-CVE-2016-6126
- RESERVED
-CVE-2016-6125
- RESERVED
-CVE-2016-6124
- RESERVED
-CVE-2016-6123
- RESERVED
-CVE-2016-6122
- RESERVED
+CVE-2016-6126 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a
remote ...)
+ TODO: check
+CVE-2016-6125 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to
...)
+ TODO: check
+CVE-2016-6124 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a
remote ...)
+ TODO: check
+CVE-2016-6123 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to
...)
+ TODO: check
+CVE-2016-6122 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 discloses
answers to ...)
+ TODO: check
CVE-2016-6121
RESERVED
CVE-2016-6120
@@ -25453,8 +25447,8 @@
RESERVED
CVE-2016-6114
RESERVED
-CVE-2016-6113
- RESERVED
+CVE-2016-6113 (IBM Verse is vulnerable to cross-site scripting. This
vulnerability ...)
+ TODO: check
CVE-2016-6112
RESERVED
CVE-2016-6111
@@ -25499,8 +25493,8 @@
RESERVED
CVE-2016-6091
REJECTED
-CVE-2016-6090
- RESERVED
+CVE-2016-6090 (IBM WebSphere Commerce contains an unspecified vulnerability
that ...)
+ TODO: check
CVE-2016-6089
RESERVED
CVE-2016-6088
@@ -25509,18 +25503,18 @@
RESERVED
CVE-2016-6086
RESERVED
-CVE-2016-6085
- RESERVED
-CVE-2016-6084
- RESERVED
+CVE-2016-6085 (IBM BigFix Platform could allow an attacker on the local
network to ...)
+ TODO: check
+CVE-2016-6084 (IBM BigFix Platform could allow an attacker on the local
network to ...)
+ TODO: check
CVE-2016-6083
RESERVED
-CVE-2016-6082
- RESERVED
+CVE-2016-6082 (IBM BigFix Platform could allow a remote attacker to execute
arbitrary ...)
+ TODO: check
CVE-2016-6081
RESERVED
-CVE-2016-6080
- RESERVED
+CVE-2016-6080 (The WebAdmin context for WebSphere Message Broker allows
directory ...)
+ TODO: check
CVE-2016-6079
RESERVED
CVE-2016-6078
@@ -25535,8 +25529,8 @@
RESERVED
CVE-2016-6073
RESERVED
-CVE-2016-6072
- RESERVED
+CVE-2016-6072 (IBM Maximo Asset Management is vulnerable to cross-site
scripting. ...)
+ TODO: check
CVE-2016-6071
RESERVED
CVE-2016-6070
@@ -25549,20 +25543,20 @@
RESERVED
CVE-2016-6066
RESERVED
-CVE-2016-6065
- RESERVED
+CVE-2016-6065 (IBM Security Guardium Database Activity Monitor appliance could
allow ...)
+ TODO: check
CVE-2016-6064
RESERVED
CVE-2016-6063
RESERVED
CVE-2016-6062
RESERVED
-CVE-2016-6061
- RESERVED
+CVE-2016-6061 (IBM Jazz Foundation is vulnerable to cross-site scripting. This
...)
+ TODO: check
CVE-2016-6060
RESERVED
-CVE-2016-6059
- RESERVED
+CVE-2016-6059 (IBM InfoSphere Information Server is vulnerable to a denial of
...)
+ TODO: check
CVE-2016-6058
RESERVED
CVE-2016-6057
@@ -25571,8 +25565,8 @@
RESERVED
CVE-2016-6055
RESERVED
-CVE-2016-6054
- RESERVED
+CVE-2016-6054 (IBM Jazz Foundation is vulnerable to cross-site scripting. This
...)
+ TODO: check
CVE-2016-6053
RESERVED
CVE-2016-6052
@@ -25585,24 +25579,24 @@
RESERVED
CVE-2016-6048
RESERVED
-CVE-2016-6047
- RESERVED
-CVE-2016-6046
- RESERVED
-CVE-2016-6045
- RESERVED
-CVE-2016-6044
- RESERVED
-CVE-2016-6043
- RESERVED
-CVE-2016-6042
- RESERVED
+CVE-2016-6047 (IBM Jazz Reporting Service (JRS) is vulnerable to cross-site
...)
+ TODO: check
+CVE-2016-6046 (IBM Tivoli Storage Manager Operations Center is vulnerable to
...)
+ TODO: check
+CVE-2016-6045 (IBM Tivoli Storage Manager Operations Center is vulnerable to
...)
+ TODO: check
+CVE-2016-6044 (IBM Tivoli Storage Manager Operations Center could allow an ...)
+ TODO: check
+CVE-2016-6043 (Tivoli Storage Manager Operations Center could allow a local
user to ...)
+ TODO: check
+CVE-2016-6042 (IBM AppScan Enterprise Edition could allow a remote attacker to
...)
+ TODO: check
CVE-2016-6041
RESERVED
-CVE-2016-6040
- RESERVED
-CVE-2016-6039
- RESERVED
+CVE-2016-6040 (IBM Jazz Foundation could allow an authenticated user to take
over a ...)
+ TODO: check
+CVE-2016-6039 (IBM Jazz Reporting Service (JRS) is vulnerable to cross-site
...)
+ TODO: check
CVE-2016-6038 (Directory traversal vulnerability in Eclipse Help in IBM Tivoli
...)
NOT-FOR-US: Tivoli
CVE-2016-6037
@@ -25611,20 +25605,20 @@
RESERVED
CVE-2016-6035
RESERVED
-CVE-2016-6034
- RESERVED
+CVE-2016-6034 (IBM Tivoli Storage Manager for Virtual Environments (VMware)
could ...)
+ TODO: check
CVE-2016-6033
RESERVED
CVE-2016-6032
RESERVED
CVE-2016-6031
RESERVED
-CVE-2016-6030
- RESERVED
+CVE-2016-6030 (IBM Jazz Foundation is vulnerable to cross-site scripting. This
...)
+ TODO: check
CVE-2016-6029
RESERVED
-CVE-2016-6028
- RESERVED
+CVE-2016-6028 (IBM Jazz technology based products might allow an attacker to
view ...)
+ TODO: check
CVE-2016-6027 (The Configuration Manager in IBM Sterling Secure Proxy (SSP)
3.4.2 ...)
NOT-FOR-US: IBM
CVE-2016-6026 (The Configuration Manager in IBM Sterling Secure Proxy (SSP)
3.4.2 ...)
@@ -25639,8 +25633,8 @@
RESERVED
CVE-2016-6021
RESERVED
-CVE-2016-6020
- RESERVED
+CVE-2016-6020 (IBM Sterling B2B Integrator Standard Edition could allow a
remote ...)
+ TODO: check
CVE-2016-6019
RESERVED
CVE-2016-6018
@@ -25679,8 +25673,8 @@
RESERVED
CVE-2016-6001
RESERVED
-CVE-2016-6000
- RESERVED
+CVE-2016-6000 (IBM TRIRIGA Application Platform is vulnerable to cross-site
...)
+ TODO: check
CVE-2016-5999
RESERVED
CVE-2016-5998
@@ -25691,36 +25685,36 @@
NOT-FOR-US: IBM Tealeaf Customer Experience
CVE-2016-5995 (Untrusted search path vulnerability in IBM DB2 9.7 through
FP11, 10.1 ...)
NOT-FOR-US: IBM
-CVE-2016-5994
- RESERVED
+CVE-2016-5994 (IBM InfoSphere Information Server contains a vulnerability that
would ...)
+ TODO: check
CVE-2016-5993
RESERVED
CVE-2016-5992 (IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before
4.6.0.6 ...)
TODO: check
CVE-2016-5991 (IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before
4.6.0.6 ...)
TODO: check
-CVE-2016-5990
- RESERVED
+CVE-2016-5990 (IBM Security Privileged Identity Manager Virtual Appliance
allows an ...)
+ TODO: check
CVE-2016-5989
RESERVED
-CVE-2016-5988
- RESERVED
+CVE-2016-5988 (IBM Security Privileged Identity Manager Virtual Appliance
could ...)
+ TODO: check
CVE-2016-5987 (IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before
7.5.0.10 ...)
TODO: check
CVE-2016-5986 (IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43,
8.0.x ...)
NOT-FOR-US: IBM
-CVE-2016-5985
- RESERVED
-CVE-2016-5984
- RESERVED
+CVE-2016-5985 (The IBM Tivoli Storage Manager (IBM Spectrum Protect) AIX
client is ...)
+ TODO: check
+CVE-2016-5984 (IBM InfoSphere Information Server is vulnerable to cross-frame
...)
+ TODO: check
CVE-2016-5983 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0
before ...)
NOT-FOR-US: IBM
CVE-2016-5982
RESERVED
CVE-2016-5981 (Cross-site scripting (XSS) vulnerability in IBM FileNet
Workplace XT ...)
TODO: check
-CVE-2016-5980
- RESERVED
+CVE-2016-5980 (IBM TRIRIGA Application Platform is vulnerable to cross-site
...)
+ TODO: check
CVE-2016-5979
RESERVED
CVE-2016-5978 (Cross-site scripting (XSS) vulnerability in the Web UI in the
web ...)
@@ -25747,12 +25741,12 @@
TODO: check
CVE-2016-5967 (The installation component in IBM Rational Asset Analyzer (RAA)
6.1.0 ...)
TODO: check
-CVE-2016-5966
- RESERVED
+CVE-2016-5966 (IBM Security Privileged Identity Manager Virtual Appliance
could allow ...)
+ TODO: check
CVE-2016-5965
RESERVED
-CVE-2016-5964
- RESERVED
+CVE-2016-5964 (IBM Security Privileged Identity Manager Virtual Appliance
version ...)
+ TODO: check
CVE-2016-5963 (IBM Security Privileged Identity Manager (ISPIM) Virtual
Appliance 2.x ...)
NOT-FOR-US: IBM
CVE-2016-5962
@@ -25763,8 +25757,8 @@
RESERVED
CVE-2016-5959
RESERVED
-CVE-2016-5958
- RESERVED
+CVE-2016-5958 (IBM Security Privileged Identity Manager could allow a remote
attacker ...)
+ TODO: check
CVE-2016-5957 (IBM Security Privileged Identity Manager (ISPIM) Virtual
Appliance 2.x ...)
NOT-FOR-US: IBM
CVE-2016-5956
@@ -25775,16 +25769,16 @@
NOT-FOR-US: IBM
CVE-2016-5953
RESERVED
-CVE-2016-5952
- RESERVED
-CVE-2016-5951
- RESERVED
-CVE-2016-5950
- RESERVED
-CVE-2016-5949
- RESERVED
-CVE-2016-5948
- RESERVED
+CVE-2016-5952 (IBM Kenexa LCMS Premier on Cloud is vulnerable to SQL
injection. A ...)
+ TODO: check
+CVE-2016-5951 (IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site
...)
+ TODO: check
+CVE-2016-5950 (IBM Kenexa LCMS Premier on Cloud stores user credentials in
plain in ...)
+ TODO: check
+CVE-2016-5949 (IBM Kenexa LCMS Premier on Cloud could allow an authenticated
user to ...)
+ TODO: check
+CVE-2016-5948 (IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site
...)
+ TODO: check
CVE-2016-5947 (IBM Spectrum Control (formerly Tivoli Storage Productivity
Center) ...)
NOT-FOR-US: IBM
CVE-2016-5946 (Directory traversal vulnerability in IBM Spectrum Control
(formerly ...)
@@ -25801,12 +25795,12 @@
RESERVED
CVE-2016-5940
RESERVED
-CVE-2016-5939
- RESERVED
+CVE-2016-5939 (IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A
remote ...)
+ TODO: check
CVE-2016-5938
RESERVED
-CVE-2016-5937
- RESERVED
+CVE-2016-5937 (IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site
request ...)
+ TODO: check
CVE-2016-5936
RESERVED
CVE-2016-5935
@@ -25881,14 +25875,14 @@
NOT-FOR-US: IBM
CVE-2016-5900
RESERVED
-CVE-2016-5899
- RESERVED
-CVE-2016-5898
- RESERVED
-CVE-2016-5897
- RESERVED
-CVE-2016-5896
- RESERVED
+CVE-2016-5899 (IBM Jazz Reporting Service (JRS) is vulnerable to cross-site
...)
+ TODO: check
+CVE-2016-5898 (IBM Jazz Reporting Service (JRS) could allow a remote attacker
to ...)
+ TODO: check
+CVE-2016-5897 (IBM Jazz Reporting Service (JRS) is vulnerable to HTML
injection. A ...)
+ TODO: check
+CVE-2016-5896 (IBM Maximo Asset Management could disclose sensitive
information from ...)
+ TODO: check
CVE-2016-5895
RESERVED
CVE-2016-5894
@@ -25911,16 +25905,16 @@
RESERVED
CVE-2016-5885
RESERVED
-CVE-2016-5884
- RESERVED
+CVE-2016-5884 (IBM iNotes is vulnerable to cross-site scripting. This
vulnerability ...)
+ TODO: check
CVE-2016-5883
RESERVED
-CVE-2016-5882
- RESERVED
+CVE-2016-5882 (IBM iNotes is vulnerable to cross-site scripting. This
vulnerability ...)
+ TODO: check
CVE-2016-5881
RESERVED
-CVE-2016-5880
- RESERVED
+CVE-2016-5880 (IBM iNotes is vulnerable to cross-site scripting. This
vulnerability ...)
+ TODO: check
CVE-2016-5879 (MQCLI on IBM MQ Appliance M2000 and M2001 devices allows local
users ...)
NOT-FOR-US: IBM
CVE-2016-5878 (Open redirect vulnerability in IBM FileNet Workplace 4.0.2
before ...)
@@ -29843,8 +29837,7 @@
[wheezy] - ntp <not-affected> (Fix for CVE-2016-1547 or CVE-2015-7979
wasn't backported)
NOTE:
http://support.ntp.org/bin/view/Main/SecurityNotice#June_2016_ntp_4_2_8p8_NTP_Securi
NOTE: http://support.ntp.org/bin/view/Main/NtpBug3045
-CVE-2016-5117 [OpenNTPD not verifying CN during HTTPS constraints request]
- RESERVED
+CVE-2016-5117 (OpenNTPD before 6.0p1 does not validate the CN for HTTPS
constraint ...)
- openntpd 1:6.0p1-1 (bug #825856; unimportant)
[jessie] - openntpd <not-affected> (Vulnerable code introduced later)
[wheezy] - openntpd <not-affected> (Vulnerable code introduced later)
@@ -32428,8 +32421,7 @@
- linux 4.5.2-1
NOTE: Upstream commit:
https://git.kernel.org/linus/b348d7dddb6c4fbfc810b7a0626e8ec9e29f7cbb (v4.6-rc3)
NOTE: http://www.openwall.com/lists/oss-security/2016/04/19/1
-CVE-2016-4038
- RESERVED
+CVE-2016-4038 (Array index error in the msm_sensor_config function in ...)
NOT-FOR-US: Samsung Android driver
CVE-2016-4035
RESERVED
@@ -34751,8 +34743,7 @@
- giflib <unfixed> (unimportant)
NOTE: https://sourceforge.net/p/giflib/bugs/83/
NOTE: Issue only in gifcolor utility, not installed into giflib-tools
-CVE-2016-3176 [insecure configuration of PAM external authentication service]
- RESERVED
+CVE-2016-3176 (Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM
external ...)
- salt 2015.8.8+ds-1 (bug #819184)
[jessie] - salt <no-dsa> (Minor issue; external_auth not by default
usable)
NOTE: external_auth seems not usable by default under Jessie due to the
@@ -35160,8 +35151,8 @@
TODO: check
CVE-2016-3054 (Cross-site scripting (XSS) vulnerability in IBM FileNet
Workplace ...)
TODO: check
-CVE-2016-3053
- RESERVED
+CVE-2016-3053 (IBM AIX contains an unspecified vulnerability that would allow
a ...)
+ TODO: check
CVE-2016-3052
RESERVED
CVE-2016-3051
@@ -35174,17 +35165,17 @@
RESERVED
CVE-2016-3047 (Open redirect vulnerability in IBM FileNet Workplace 4.0.2
through ...)
TODO: check
-CVE-2016-3046
- RESERVED
-CVE-2016-3045
- RESERVED
+CVE-2016-3046 (IBM Security Access Manager for Web is vulnerable to SQL
injection. A ...)
+ TODO: check
+CVE-2016-3045 (IBM Security Access Manager for Web stores sensitive
information in ...)
+ TODO: check
CVE-2016-3044 (The Linux kernel component in IBM PowerKVM 2.1 before
2.1.1.3-65.10 ...)
- linux <undetermined>
NOTE: https://www-01.ibm.com/support/docview.wss?uid=isg3T1023969
NOTE: http://www.securityfocus.com/bid/92123/info
NOTE: This issue might be a PowerKVM "rebrand" of CVE-2016-5412.
-CVE-2016-3043
- RESERVED
+CVE-2016-3043 (IBM Security Access Manager for Web could allow a remote
attacker to ...)
+ TODO: check
CVE-2016-3042 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM
...)
TODO: check
CVE-2016-3041
@@ -35199,10 +35190,10 @@
RESERVED
CVE-2016-3036
RESERVED
-CVE-2016-3035
- RESERVED
-CVE-2016-3034
- RESERVED
+CVE-2016-3035 (IBM AppScan Source could reveal some sensitive information
through the ...)
+ TODO: check
+CVE-2016-3034 (IBM AppScan Source uses a one-way hash without salt to encrypt
highly ...)
+ TODO: check
CVE-2016-3033 (IBM AppScan Source 8.7 through 9.0.3.3 allows remote
authenticated ...)
TODO: check
CVE-2016-3032
@@ -35211,34 +35202,34 @@
RESERVED
CVE-2016-3030
RESERVED
-CVE-2016-3029
- RESERVED
+CVE-2016-3029 (IBM Security Access Manager for Web is vulnerable to cross-site
...)
+ TODO: check
CVE-2016-3028 (IBM Security Access Manager for Web 7.0 before IF2 and 8.0
before ...)
TODO: check
-CVE-2016-3027
- RESERVED
+CVE-2016-3027 (IBM Security Access Manager for Web is vulnerable to a denial
of ...)
+ TODO: check
CVE-2016-3026
RESERVED
CVE-2016-3025 (IBM Security Access Manager for Mobile 8.x before 8.0.1.4 IF3
and ...)
TODO: check
-CVE-2016-3024
- RESERVED
-CVE-2016-3023
- RESERVED
-CVE-2016-3022
- RESERVED
-CVE-2016-3021
- RESERVED
+CVE-2016-3024 (IBM Security Access Manager for Web allows web pages to be
stored ...)
+ TODO: check
+CVE-2016-3023 (IBM Security Access Manager for Web could allow an
unauthenticated ...)
+ TODO: check
+CVE-2016-3022 (IBM Security Access Manager for Web could allow an
authenticated user ...)
+ TODO: check
+CVE-2016-3021 (IBM Security Access Manager for Web could allow an
authenticated ...)
+ TODO: check
CVE-2016-3020
RESERVED
CVE-2016-3019
RESERVED
-CVE-2016-3018
- RESERVED
-CVE-2016-3017
- RESERVED
-CVE-2016-3016
- RESERVED
+CVE-2016-3018 (IBM Security Access Manager for Web is vulnerable to cross-site
...)
+ TODO: check
+CVE-2016-3017 (IBM Security Access Manager for Web could allow a remote
attacker to ...)
+ TODO: check
+CVE-2016-3016 (IBM Security Access Manager for Web processes patches, image
backups ...)
+ TODO: check
CVE-2016-3015
RESERVED
CVE-2016-3014 (Cross-site scripting (XSS) vulnerability in IBM Rational
Collaborative ...)
@@ -35295,8 +35286,8 @@
TODO: check
CVE-2016-2988 (IBM Tivoli Storage Manger for Virtual Environments: Data
Protection ...)
TODO: check
-CVE-2016-2987
- RESERVED
+CVE-2016-2987 (An undisclosed vulnerability in CLM applications may result in
some ...)
+ TODO: check
CVE-2016-2986 (Cross-site scripting (XSS) vulnerability in IBM Rational
Collaborative ...)
TODO: check
CVE-2016-2985 (IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before
4.2.0.4 and ...)
@@ -35391,10 +35382,10 @@
RESERVED
CVE-2016-2940 (Multiple unspecified vulnerabilities in IBM BigFix Remote
Control ...)
TODO: check
-CVE-2016-2939
- RESERVED
-CVE-2016-2938
- RESERVED
+CVE-2016-2939 (IBM iNotes is vulnerable to cross-site scripting. This
vulnerability ...)
+ TODO: check
+CVE-2016-2938 (IBM iNotes is vulnerable to cross-site scripting. This
vulnerability ...)
+ TODO: check
CVE-2016-2937 (IBM BigFix Remote Control before 9.1.3 allows remote attackers
to ...)
TODO: check
CVE-2016-2936 (IBM BigFix Remote Control before 9.1.3 uses cleartext storage
for ...)
@@ -35453,8 +35444,8 @@
RESERVED
CVE-2016-2909
RESERVED
-CVE-2016-2908
- RESERVED
+CVE-2016-2908 (IBM Single Sign On for Bluemix could allow a remote attacker to
obtain ...)
+ TODO: check
CVE-2016-2907
RESERVED
CVE-2016-2906
@@ -39422,8 +39413,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/01/19/4
NOTE: To reproduce and uncover the issue with unstable version compile
with ASAN
NOTE: Patch:
https://lists.gnu.org/archive/html/bug-cpio/2016-01/msg00005.html
-CVE-2016-2050 [Out-of-bounds write in get_abbrev_array_info]
- RESERVED
+CVE-2016-2050 (The get_abbrev_array_info function in libdwarf-20151114 allows
remote ...)
{DLA-669-1}
- dwarfutils 20160507+git20160523.9086738-1 (unimportant)
[jessie] - dwarfutils 20120410-2+deb8u1
@@ -44738,12 +44728,12 @@
TODO: check
CVE-2016-0397 (WebReports in IBM BigFix Platform (formerly Tivoli Endpoint
Manager) ...)
TODO: check
-CVE-2016-0396
- RESERVED
+CVE-2016-0396 (IBM Tivoli Endpoint Manager could allow a user under special
...)
+ TODO: check
CVE-2016-0395
RESERVED
-CVE-2016-0394
- RESERVED
+CVE-2016-0394 (IBM Integration Bus and WebSphere Message broker sets incorrect
...)
+ TODO: check
CVE-2016-0393 (IBM Maximo Asset Management 7.5 before 7.5.0.10-TIV-MBS-IFIX002
and ...)
TODO: check
CVE-2016-0392 (IBM General Parallel File System (GPFS) in GPFS Storage Server
2.0.0 ...)
@@ -44936,10 +44926,10 @@
RESERVED
CVE-2016-0298 (Directory traversal vulnerability in IBM Security Guardium
Database ...)
TODO: check
-CVE-2016-0297
- RESERVED
-CVE-2016-0296
- RESERVED
+CVE-2016-0297 (IBM Tivoli Endpoint Manager - Mobile Device Management (MDM)
could ...)
+ TODO: check
+CVE-2016-0296 (IBM Tivoli Endpoint Manager - Mobile Device Management (MDM)
stores ...)
+ TODO: check
CVE-2016-0295
RESERVED
CVE-2016-0294
@@ -45000,8 +44990,8 @@
TODO: check
CVE-2016-0266 (IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to
the ...)
TODO: check
-CVE-2016-0265
- RESERVED
+CVE-2016-0265 (IBM Campaign is vulnerable to cross-site scripting, caused by
improper ...)
+ TODO: check
CVE-2016-0264 (Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK,
Java ...)
NOT-FOR-US: IBM JDK
CVE-2016-0263 (IBM Spectrum Scale 4.1 before 4.1.1.5 and 4.2 before 4.2.0.2
and ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
