diff options
author | security tracker role <sectracker@debian.org> | 2016-10-14 21:10:14 +0000 |
---|---|---|
committer | security tracker role <sectracker@debian.org> | 2016-10-14 21:10:14 +0000 |
commit | 1085bf71b60f29e6c8030704cd69b46d917c481a (patch) | |
tree | 1072e45824118925da3d908b4829ade156277b89 /data/CVE | |
parent | 1af2de5f7b701cb20a9d14cc3c448a93db4b3e3e (diff) |
automatic update
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@45326 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data/CVE')
-rw-r--r-- | data/CVE/list.2004 | 2 | ||||
-rw-r--r-- | data/CVE/list.2005 | 2 | ||||
-rw-r--r-- | data/CVE/list.2006 | 2 | ||||
-rw-r--r-- | data/CVE/list.2016 | 665 |
4 files changed, 396 insertions, 275 deletions
diff --git a/data/CVE/list.2004 b/data/CVE/list.2004 index 84f53288dc..5aa8f09e69 100644 --- a/data/CVE/list.2004 +++ b/data/CVE/list.2004 @@ -2474,7 +2474,7 @@ CVE-2004-1583 (Directory traversal vulnerability in the FTP server in TriDComm 1 NOT-FOR-US: FTP server in TriDComm CVE-2004-1582 (PHP remote file inclusion vulnerability in BlackBoard 1.5.1 allows ...) NOT-FOR-US: BlackBoard -CVE-2004-1581 (BlackBoard 1.5.1 allows remote attackers to gains sensitive ...) +CVE-2004-1581 (BlackBoard 1.5.1 allows remote attackers to gain sensitive information ...) NOT-FOR-US: BlackBoard CVE-2004-1580 (SQL injection vulnerability in index.php in CubeCart 2.0.1 allows ...) NOT-FOR-US: CubeCart diff --git a/data/CVE/list.2005 b/data/CVE/list.2005 index d03d4a2168..82d784a32b 100644 --- a/data/CVE/list.2005 +++ b/data/CVE/list.2005 @@ -8108,7 +8108,7 @@ CVE-2005-1487 (** DISPUTED ** ...) NOT-FOR-US: FishCart CVE-2005-1486 (Multiple cross-site scripting vulnerabilities in FishCart 3.1 allow ...) NOT-FOR-US: FishCart -CVE-2005-1485 (Golden FTP Server Pro allows 2.52 allows remote attackers to obtain ...) +CVE-2005-1485 (Golden FTP Server Pro 2.52 allows remote attackers to obtain sensitive ...) NOT-FOR-US: Golden FTP Server Pro CVE-2005-1484 (Directory traversal vulnerability in Golden FTP server pro 2.52 allows ...) NOT-FOR-US: Golden FTP Server Pro diff --git a/data/CVE/list.2006 b/data/CVE/list.2006 index 3f55e120f7..b27f699614 100644 --- a/data/CVE/list.2006 +++ b/data/CVE/list.2006 @@ -14619,7 +14619,7 @@ CVE-2006-0799 (Microsoft Internet Explorer allows remote attackers to spoof a .. NOT-FOR-US: Microsoft CVE-2006-0798 (Multiple directory traversal vulnerabilities in the IMAP service in ...) NOT-FOR-US: Macallan Mail Solution -CVE-2006-0797 (Nokia N70 cell phone allows remote attackers to caues a denial of ...) +CVE-2006-0797 (Nokia N70 cell phone allows remote attackers to cause a denial of ...) NOT-FOR-US: Nokia cell phone CVE-2006-0796 (Cross-site scripting (XSS) vulnerability in default.php in Clever Copy ...) NOT-FOR-US: Clever Copy diff --git a/data/CVE/list.2016 b/data/CVE/list.2016 index d156371b72..a506f51b92 100644 --- a/data/CVE/list.2016 +++ b/data/CVE/list.2016 @@ -1,4 +1,135 @@ +CVE-2016-8665 + RESERVED +CVE-2016-8664 + RESERVED +CVE-2016-8663 + RESERVED +CVE-2016-8662 + RESERVED +CVE-2016-8661 + RESERVED +CVE-2016-8657 + RESERVED +CVE-2016-8656 + RESERVED +CVE-2016-8655 + RESERVED +CVE-2016-8654 + RESERVED +CVE-2016-8653 + RESERVED +CVE-2016-8652 + RESERVED +CVE-2016-8651 + RESERVED +CVE-2016-8650 + RESERVED +CVE-2016-8649 + RESERVED +CVE-2016-8648 + RESERVED +CVE-2016-8647 + RESERVED +CVE-2016-8646 + RESERVED +CVE-2016-8645 + RESERVED +CVE-2016-8644 + RESERVED +CVE-2016-8643 + RESERVED +CVE-2016-8642 + RESERVED +CVE-2016-8641 + RESERVED +CVE-2016-8640 + RESERVED +CVE-2016-8639 + RESERVED +CVE-2016-8638 + RESERVED +CVE-2016-8637 + RESERVED +CVE-2016-8636 + RESERVED +CVE-2016-8635 + RESERVED +CVE-2016-8634 + RESERVED +CVE-2016-8633 + RESERVED +CVE-2016-8632 + RESERVED +CVE-2016-8631 + RESERVED +CVE-2016-8630 + RESERVED +CVE-2016-8629 + RESERVED +CVE-2016-8628 + RESERVED +CVE-2016-8627 + RESERVED +CVE-2016-8626 + RESERVED +CVE-2016-8625 + RESERVED +CVE-2016-8624 + RESERVED +CVE-2016-8623 + RESERVED +CVE-2016-8622 + RESERVED +CVE-2016-8621 + RESERVED +CVE-2016-8620 + RESERVED +CVE-2016-8619 + RESERVED +CVE-2016-8618 + RESERVED +CVE-2016-8617 + RESERVED +CVE-2016-8616 + RESERVED +CVE-2016-8615 + RESERVED +CVE-2016-8614 + RESERVED +CVE-2016-8613 + RESERVED +CVE-2016-8612 + RESERVED +CVE-2016-8611 + RESERVED +CVE-2016-8610 + RESERVED +CVE-2016-8609 + RESERVED +CVE-2016-8608 + RESERVED +CVE-2016-8607 + RESERVED +CVE-2016-8604 + RESERVED +CVE-2016-8603 + RESERVED +CVE-2016-8600 + RESERVED +CVE-2016-8599 + RESERVED +CVE-2016-8598 + RESERVED +CVE-2016-8597 + RESERVED +CVE-2016-8596 + RESERVED +CVE-2016-8595 + RESERVED +CVE-2016-8594 + RESERVED CVE-2016-8666 [tunnels: Don't apply GRO to multiple layers of encapsulation] + RESERVED - linux 4.6.1-1 [jessie] - linux 3.6.36-1 [wheezy] - linux <not-affected> (Vulnerable code introduced later) @@ -6,19 +137,24 @@ CVE-2016-8666 [tunnels: Don't apply GRO to multiple layers of encapsulation] NOTE: Introduced by: htttps://git.kernel.org/linus/bf5a755f5e9186406bbf50f4087100af5bd68e40 NOTE: http://www.openwall.com/lists/oss-security/2016/10/13/11 CVE-2016-8660 [local DoS due to a page lock order bug in the XFS seek hole/data implementation] + RESERVED - linux <unfixed> CVE-2016-8659 [privilege escalation via ptrace] + RESERVED - bubblewrap 0.1.2-2 (bug #840605) NOTE: https://github.com/projectatomic/bubblewrap/issues/107 CVE-2016-8658 [Broadcom Wifi Driver Brcmfmac brcmf_cfg80211_start_ap Buffer Overflow] + RESERVED - linux 4.7.5-1 NOTE: Fixed by: https://git.kernel.org/linus/ded89912156b1a47d940a0c954c43afbabd0c42c (v4.8-rc8) CVE-2016-8606 [REPL server vulnerable to HTTP inter-protocol attacks] + RESERVED - guile-2.0 <unfixed> (low; bug #840555) [jessie] - guile-2.0 <no-dsa> (Minor issue) - guile-1.8 <not-affected> (repl server introduced in 2.0) NOTE: Patch: http://git.savannah.gnu.org/cgit/guile.git/commit/?h=stable-2.0&id=08c021916dbd3a235a9f9cc33df4c418c0724e03 CVE-2016-8605 [Thread-unsafe umask modification] + RESERVED - guile-2.0 <unfixed> (low; bug #840556) [jessie] - guile-2.0 <no-dsa> (Minor issue) - guile-1.8 <not-affected> (repl server introduced in 2.0) @@ -73,12 +209,12 @@ CVE-2016-8567 RESERVED CVE-2016-8566 RESERVED -CVE-2016-8565 - RESERVED -CVE-2016-8564 - RESERVED -CVE-2016-8563 - RESERVED +CVE-2016-8565 (Siemens Automation License Manager (ALM) before 5.3 SP3 allows remote ...) + TODO: check +CVE-2016-8564 (SQL injection vulnerability in Siemens Automation License Manager ...) + TODO: check +CVE-2016-8563 (Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 ...) + TODO: check CVE-2016-8562 RESERVED CVE-2016-8561 @@ -248,11 +384,13 @@ CVE-2016-XXXX [dwarf_util.c: heap-based buffer overflow in _dwarf_get_abbrev_for - dwarfutils <unfixed> NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/10/08/13 CVE-2016-8602 [type confusion] + RESERVED {DSA-3691-1} - ghostscript <unfixed> (bug #840451) NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=697203 NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=f5c7555c30393e64ec1f5ab0dfae5b55b3b3fc78 CVE-2016-8601 [do_blockdev_direct_IO invalid memory access] + RESERVED - linux <not-affected> (Vulnerable code introduced later in 4.8 development) NOTE: https://gist.github.com/marcograss/40850adb3c599ac38e0beac31617d56b CVE-2016-8578 [9pfs: potential NULL dereferencein 9pfs routines] @@ -1569,10 +1707,10 @@ CVE-2016-7962 RESERVED CVE-2016-7961 RESERVED -CVE-2016-7960 - RESERVED -CVE-2016-7959 - RESERVED +CVE-2016-7960 (Siemens SIMATIC STEP 7 (TIA Portal) before 14 uses an improper format ...) + TODO: check +CVE-2016-7959 (Siemens SIMATIC STEP 7 (TIA Portal) before 14 improperly stores ...) + TODO: check CVE-2016-7958 RESERVED CVE-2016-7957 @@ -1967,14 +2105,12 @@ CVE-2016-7797 NOTE: http://bugs.clusterlabs.org/show_bug.cgi?id=5269 NOTE: Fixed by: https://github.com/ClusterLabs/pacemaker/commit/5ec24a2642bd0854b884d1a9b51d12371373b410 (Pacemaker-1.1.15-rc1) NOTE: Vulnerable code introduced in: https://github.com/ClusterLabs/pacemaker/commit/87f40917feb5109f827d83765c924acbbd824379 (Pacemaker-1.1.12-rc1) -CVE-2016-7796 - RESERVED +CVE-2016-7796 (The manager_dispatch_notify_fd function in systemd allows local users ...) - systemd 231-9 (bug #839607) [jessie] - systemd <no-dsa> (Proposed to be fixed via point release) NOTE: https://github.com/systemd/systemd/issues/4234#issuecomment-250441246 NOTE: Fixed by: https://github.com/systemd/systemd/pull/4240 -CVE-2016-7795 - RESERVED +CVE-2016-7795 (The manager_invoke_notify_message function in systemd 231 and earlier ...) - systemd 231-9 (bug #839171) [jessie] - systemd <not-affected> (Introduced in 219) [wheezy] - systemd <not-affected> (Introduced in 219) @@ -2736,8 +2872,8 @@ CVE-2016-7439 RESERVED CVE-2016-7438 RESERVED -CVE-2016-7437 - RESERVED +CVE-2016-7437 (SAP Netweaver 7.40 improperly logs (1) DUI and (2) DUJ events in the ...) + TODO: check CVE-2016-7436 RESERVED CVE-2016-7435 (The (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV, and ...) @@ -3263,8 +3399,8 @@ CVE-2016-7213 RESERVED CVE-2016-7212 RESERVED -CVE-2016-7211 - RESERVED +CVE-2016-7211 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...) + TODO: check CVE-2016-7210 RESERVED CVE-2016-7209 @@ -3297,32 +3433,32 @@ CVE-2016-7196 RESERVED CVE-2016-7195 RESERVED -CVE-2016-7194 - RESERVED -CVE-2016-7193 - RESERVED +CVE-2016-7194 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...) + TODO: check +CVE-2016-7193 (Microsoft Word 2007 SP2, Office 2010 SP2, Word 2013 SP1, Word 2013 RT ...) + TODO: check CVE-2016-7192 RESERVED CVE-2016-7191 (The Microsoft Azure Active Directory Passport (aka Passport-Azure-AD) ...) NOT-FOR-US: Microsoft Azure Active Directory Passport -CVE-2016-7190 - RESERVED -CVE-2016-7189 - RESERVED -CVE-2016-7188 - RESERVED +CVE-2016-7190 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...) + TODO: check +CVE-2016-7189 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...) + TODO: check +CVE-2016-7188 (The Standard Collector Service in Windows Diagnostics Hub in Microsoft ...) + TODO: check CVE-2016-7187 RESERVED CVE-2016-7186 RESERVED -CVE-2016-7185 - RESERVED +CVE-2016-7185 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...) + TODO: check CVE-2016-7184 RESERVED CVE-2016-7183 RESERVED -CVE-2016-7182 - RESERVED +CVE-2016-7182 (The Graphics component in Microsoft Windows Vista SP2; Windows Server ...) + TODO: check CVE-2016-7181 RESERVED CVE-2016-7393 [stack-based buffer overflow in aac_sync (aac_parser.c)] @@ -3888,8 +4024,7 @@ CVE-2016-7067 RESERVED CVE-2016-7066 RESERVED -CVE-2016-7065 - RESERVED +CVE-2016-7065 (The JMX servlet in Red Hat JBoss Enterprise Application Platform (EAP) ...) NOT-FOR-US: Red Hat JBoss EAP CVE-2016-7064 RESERVED @@ -4006,186 +4141,176 @@ CVE-2016-7021 RESERVED CVE-2016-7020 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 ...) NOT-FOR-US: Adobe Flash Player -CVE-2016-7019 - RESERVED -CVE-2016-7018 - RESERVED -CVE-2016-7017 - RESERVED -CVE-2016-7016 - RESERVED -CVE-2016-7015 - RESERVED -CVE-2016-7014 - RESERVED -CVE-2016-7013 - RESERVED -CVE-2016-7012 - RESERVED -CVE-2016-7011 - RESERVED -CVE-2016-7010 - RESERVED -CVE-2016-7009 - RESERVED -CVE-2016-7008 - RESERVED -CVE-2016-7007 - RESERVED -CVE-2016-7006 - RESERVED -CVE-2016-7005 - RESERVED -CVE-2016-7004 - RESERVED -CVE-2016-7003 - RESERVED -CVE-2016-7002 - RESERVED -CVE-2016-7001 - RESERVED -CVE-2016-7000 - RESERVED -CVE-2016-6999 - RESERVED -CVE-2016-6998 - RESERVED -CVE-2016-6997 - RESERVED -CVE-2016-6996 - RESERVED -CVE-2016-6995 - RESERVED -CVE-2016-6994 - RESERVED -CVE-2016-6993 - RESERVED -CVE-2016-6992 - RESERVED +CVE-2016-7019 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...) + TODO: check +CVE-2016-7018 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...) + TODO: check +CVE-2016-7017 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...) + TODO: check +CVE-2016-7016 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...) + TODO: check +CVE-2016-7015 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...) + TODO: check +CVE-2016-7014 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...) + TODO: check +CVE-2016-7013 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...) + TODO: check +CVE-2016-7012 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...) + TODO: check +CVE-2016-7011 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...) + TODO: check +CVE-2016-7010 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...) + TODO: check +CVE-2016-7009 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...) + TODO: check +CVE-2016-7008 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...) + TODO: check +CVE-2016-7007 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...) + TODO: check +CVE-2016-7006 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...) + TODO: check +CVE-2016-7005 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...) + TODO: check +CVE-2016-7004 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...) + TODO: check +CVE-2016-7003 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...) + TODO: check +CVE-2016-7002 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...) + TODO: check +CVE-2016-7001 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...) + TODO: check +CVE-2016-7000 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...) + TODO: check +CVE-2016-6999 (Integer overflow in Adobe Reader and Acrobat before 11.0.18, Acrobat ...) + TODO: check +CVE-2016-6998 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...) + TODO: check +CVE-2016-6997 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...) + TODO: check +CVE-2016-6996 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...) + TODO: check +CVE-2016-6995 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...) + TODO: check +CVE-2016-6994 (Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.18, ...) + TODO: check +CVE-2016-6993 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...) + TODO: check +CVE-2016-6992 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before ...) NOT-FOR-US: Adobe CVE-2016-6991 RESERVED -CVE-2016-6990 - RESERVED +CVE-2016-6990 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before ...) NOT-FOR-US: Adobe -CVE-2016-6989 - RESERVED +CVE-2016-6989 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before ...) NOT-FOR-US: Adobe -CVE-2016-6988 - RESERVED -CVE-2016-6987 - RESERVED +CVE-2016-6988 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...) + TODO: check +CVE-2016-6987 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.382 ...) NOT-FOR-US: Adobe -CVE-2016-6986 - RESERVED +CVE-2016-6986 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before ...) NOT-FOR-US: Adobe -CVE-2016-6985 - RESERVED +CVE-2016-6985 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before ...) NOT-FOR-US: Adobe -CVE-2016-6984 - RESERVED +CVE-2016-6984 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before ...) NOT-FOR-US: Adobe -CVE-2016-6983 - RESERVED +CVE-2016-6983 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before ...) NOT-FOR-US: Adobe -CVE-2016-6982 - RESERVED +CVE-2016-6982 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before ...) NOT-FOR-US: Adobe -CVE-2016-6981 - RESERVED +CVE-2016-6981 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.382 ...) NOT-FOR-US: Adobe CVE-2016-6980 (Use-after-free vulnerability in Adobe Digital Editions before 4.5.2 ...) NOT-FOR-US: Adobe -CVE-2016-6979 - RESERVED -CVE-2016-6978 - RESERVED -CVE-2016-6977 - RESERVED -CVE-2016-6976 - RESERVED -CVE-2016-6975 - RESERVED -CVE-2016-6974 - RESERVED -CVE-2016-6973 - RESERVED -CVE-2016-6972 - RESERVED -CVE-2016-6971 - RESERVED -CVE-2016-6970 - RESERVED -CVE-2016-6969 - RESERVED -CVE-2016-6968 - RESERVED -CVE-2016-6967 - RESERVED -CVE-2016-6966 - RESERVED -CVE-2016-6965 - RESERVED -CVE-2016-6964 - RESERVED -CVE-2016-6963 - RESERVED -CVE-2016-6962 - RESERVED -CVE-2016-6961 - RESERVED -CVE-2016-6960 - RESERVED -CVE-2016-6959 - RESERVED -CVE-2016-6958 - RESERVED -CVE-2016-6957 - RESERVED -CVE-2016-6956 - RESERVED -CVE-2016-6955 - RESERVED -CVE-2016-6954 - RESERVED -CVE-2016-6953 - RESERVED -CVE-2016-6952 - RESERVED -CVE-2016-6951 - RESERVED -CVE-2016-6950 - RESERVED -CVE-2016-6949 - RESERVED -CVE-2016-6948 - RESERVED -CVE-2016-6947 - RESERVED -CVE-2016-6946 - RESERVED -CVE-2016-6945 - RESERVED -CVE-2016-6944 - RESERVED -CVE-2016-6943 - RESERVED -CVE-2016-6942 - RESERVED -CVE-2016-6941 - RESERVED -CVE-2016-6940 - RESERVED -CVE-2016-6939 - RESERVED +CVE-2016-6979 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...) + TODO: check +CVE-2016-6978 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...) + TODO: check +CVE-2016-6977 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...) + TODO: check +CVE-2016-6976 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...) + TODO: check +CVE-2016-6975 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...) + TODO: check +CVE-2016-6974 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...) + TODO: check +CVE-2016-6973 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...) + TODO: check +CVE-2016-6972 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...) + TODO: check +CVE-2016-6971 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...) + TODO: check +CVE-2016-6970 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...) + TODO: check +CVE-2016-6969 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...) + TODO: check +CVE-2016-6968 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...) + TODO: check +CVE-2016-6967 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...) + TODO: check +CVE-2016-6966 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...) + TODO: check +CVE-2016-6965 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...) + TODO: check +CVE-2016-6964 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...) + TODO: check +CVE-2016-6963 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...) + TODO: check +CVE-2016-6962 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...) + TODO: check +CVE-2016-6961 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...) + TODO: check +CVE-2016-6960 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...) + TODO: check +CVE-2016-6959 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...) + TODO: check +CVE-2016-6958 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...) + TODO: check +CVE-2016-6957 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...) + TODO: check +CVE-2016-6956 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...) + TODO: check +CVE-2016-6955 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...) + TODO: check +CVE-2016-6954 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...) + TODO: check +CVE-2016-6953 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...) + TODO: check +CVE-2016-6952 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...) + TODO: check +CVE-2016-6951 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...) + TODO: check +CVE-2016-6950 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...) + TODO: check +CVE-2016-6949 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...) + TODO: check +CVE-2016-6948 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...) + TODO: check +CVE-2016-6947 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...) + TODO: check +CVE-2016-6946 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...) + TODO: check +CVE-2016-6945 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...) + TODO: check +CVE-2016-6944 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...) + TODO: check +CVE-2016-6943 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...) + TODO: check +CVE-2016-6942 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...) + TODO: check +CVE-2016-6941 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...) + TODO: check +CVE-2016-6940 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...) + TODO: check +CVE-2016-6939 (Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.18, ...) + TODO: check CVE-2016-6938 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...) NOT-FOR-US: Adobe CVE-2016-6937 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...) NOT-FOR-US: Adobe CVE-2016-6936 (Adobe AIR SDK & Compiler before 23.0.0.257 on Windows does not support ...) NOT-FOR-US: Adobe -CVE-2016-6935 - RESERVED +CVE-2016-6935 (Unquoted Windows search path vulnerability in Adobe Creative Cloud ...) + TODO: check CVE-2016-6934 RESERVED CVE-2016-6933 @@ -6079,8 +6204,7 @@ CVE-2016-6327 NOTE: Introduced by: https://git.kernel.org/linus/3e4f574857eebce60bb56d7524f3f9eaa2a126d0 (v3.8-rc1) CVE-2016-6326 RESERVED -CVE-2016-6325 - RESERVED +CVE-2016-6325 (The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, ...) - tomcat8 <not-affected> (Red Hat and derivatives packaging specific) - tomcat7 <not-affected> (Red Hat and derivatives packaging specific) - tomcat6 <not-affected> (Red Hat and derivatives packaging specific) @@ -8869,8 +8993,7 @@ CVE-2016-5426 (PowerDNS (aka pdns) Authoritative Server before 3.4.10 allows rem NOTE: Added workaround to mark first 4.x version in unstable as fixed. NOTE: https://doc.powerdns.com/md/security/powerdns-advisory-2016-01/ NOTE: https://github.com/PowerDNS/pdns/commit/881b5b03a590198d03008e4200dd00cc537712f3 -CVE-2016-5425 - RESERVED +CVE-2016-5425 (The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, ...) - tomcat8 <not-affected> (Red Hat and derivatives packaging specific) - tomcat7 <not-affected> (Red Hat and derivatives packaging specific) - tomcat6 <not-affected> (Red Hat and derivatives packaging specific) @@ -12203,8 +12326,8 @@ CVE-2016-4409 RESERVED CVE-2016-4408 RESERVED -CVE-2016-4407 - RESERVED +CVE-2016-4407 (The DSA algorithm implementation in SAP SAPCRYPTOLIB 5.555.38 does not ...) + TODO: check CVE-2016-4406 RESERVED CVE-2016-4405 @@ -12491,8 +12614,7 @@ CVE-2016-4288 RESERVED CVE-2016-4287 (Integer overflow in Adobe Flash Player before 18.0.0.375 and 19.x ...) NOT-FOR-US: Adobe Flash -CVE-2016-4286 - RESERVED +CVE-2016-4286 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before ...) NOT-FOR-US: Adobe CVE-2016-4285 (Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before ...) NOT-FOR-US: Adobe Flash @@ -12518,8 +12640,7 @@ CVE-2016-4275 (Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before NOT-FOR-US: Adobe Flash CVE-2016-4274 (Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before ...) NOT-FOR-US: Adobe Flash -CVE-2016-4273 - RESERVED +CVE-2016-4273 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before ...) NOT-FOR-US: Adobe CVE-2016-4272 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 ...) NOT-FOR-US: Adobe Flash @@ -13399,8 +13520,8 @@ CVE-2016-3959 (The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1 CVE-2016-3958 (Untrusted search path vulnerability in Go before 1.5.4 and 1.6.x ...) - golang <not-affected> (Only affects Go on Windows) NOTE: https://golang.org/cl/21428 -CVE-2016-3946 - RESERVED +CVE-2016-3946 (SAP Console (aka SAPConsole) 7.30 allows local users to discover SAP ...) + TODO: check CVE-2016-3945 (Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile ...) {DLA-610-1} - tiff <unfixed> @@ -14157,14 +14278,14 @@ CVE-2016-3640 (The Extended Application Services (aka XS or XS Engine) in SAP HA TODO: check CVE-2016-3639 (SAP HANA DB 1.00.091.00.1418659308 allows remote attackers to obtain ...) TODO: check -CVE-2016-3638 - RESERVED +CVE-2016-3638 (SAP SLD Registration Program (aka SLDREG) allows local users to cause ...) + TODO: check CVE-2016-3637 RESERVED CVE-2016-3636 RESERVED -CVE-2016-3635 - RESERVED +CVE-2016-3635 (SAP Netweaver 7.4 allows remote authenticated users to bypass an ...) + TODO: check CVE-2016-3634 (The tagCompare function in tif_dirinfo.c in the thumbnail tool in ...) - tiff <unfixed> [jessie] - tiff <no-dsa> (Minor issue) @@ -14814,36 +14935,36 @@ CVE-2016-3398 RESERVED CVE-2016-3397 RESERVED -CVE-2016-3396 - RESERVED +CVE-2016-3396 (Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista ...) + TODO: check CVE-2016-3395 RESERVED CVE-2016-3394 RESERVED -CVE-2016-3393 - RESERVED -CVE-2016-3392 - RESERVED -CVE-2016-3391 - RESERVED -CVE-2016-3390 - RESERVED -CVE-2016-3389 - RESERVED -CVE-2016-3388 - RESERVED -CVE-2016-3387 - RESERVED -CVE-2016-3386 - RESERVED -CVE-2016-3385 - RESERVED -CVE-2016-3384 - RESERVED -CVE-2016-3383 - RESERVED -CVE-2016-3382 - RESERVED +CVE-2016-3393 (Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista ...) + TODO: check +CVE-2016-3392 (The Edge Content Security Policy feature in Microsoft Edge does not ...) + TODO: check +CVE-2016-3391 (Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow ...) + TODO: check +CVE-2016-3390 (The scripting engines in Microsoft Internet Explorer 11 and Microsoft ...) + TODO: check +CVE-2016-3389 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...) + TODO: check +CVE-2016-3388 (Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not ...) + TODO: check +CVE-2016-3387 (Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not ...) + TODO: check +CVE-2016-3386 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...) + TODO: check +CVE-2016-3385 (The scripting engine in Microsoft Internet Explorer 9 through 11 ...) + TODO: check +CVE-2016-3384 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...) + TODO: check +CVE-2016-3383 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...) + TODO: check +CVE-2016-3382 (The scripting engines in Microsoft Internet Explorer 9 through 11 and ...) + TODO: check CVE-2016-3381 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 ...) TODO: check CVE-2016-3380 @@ -14854,8 +14975,8 @@ CVE-2016-3378 (Open redirect vulnerability in Microsoft Exchange Server 2013 SP1 TODO: check CVE-2016-3377 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...) TODO: check -CVE-2016-3376 - RESERVED +CVE-2016-3376 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...) + TODO: check CVE-2016-3375 (The OLE Automation mechanism and VBScript scripting engine in ...) TODO: check CVE-2016-3374 (The PDF library in Microsoft Edge, Windows 8.1, Windows Server 2012 ...) @@ -14924,8 +15045,8 @@ CVE-2016-3343 RESERVED CVE-2016-3342 RESERVED -CVE-2016-3341 - RESERVED +CVE-2016-3341 (The kernel-mode drivers in Transaction Manager in Microsoft Windows ...) + TODO: check CVE-2016-3340 RESERVED CVE-2016-3339 @@ -14944,8 +15065,8 @@ CVE-2016-3333 RESERVED CVE-2016-3332 RESERVED -CVE-2016-3331 - RESERVED +CVE-2016-3331 (Microsoft Internet Explorer 11 and Microsoft Edge allow remote ...) + TODO: check CVE-2016-3330 (Microsoft Edge allows remote attackers to execute arbitrary code or ...) TODO: check CVE-2016-3329 (Microsoft Internet Explorer 9 through 11 and Edge allow remote ...) @@ -15010,8 +15131,8 @@ CVE-2016-3300 (The Netlogon service in Microsoft Windows 8.1, Windows Server 201 TODO: check CVE-2016-3299 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...) TODO: check -CVE-2016-3298 - RESERVED +CVE-2016-3298 (Microsoft Internet Explorer 9 through 11 and the Internet Messaging ...) + TODO: check CVE-2016-3297 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow ...) TODO: check CVE-2016-3296 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...) @@ -15066,24 +15187,24 @@ CVE-2016-3272 (The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and TODO: check CVE-2016-3271 (The VBScript engine in Microsoft Edge allows remote attackers to ...) TODO: check -CVE-2016-3270 - RESERVED +CVE-2016-3270 (The Graphics component in the kernel in Microsoft Windows Vista SP2; ...) + TODO: check CVE-2016-3269 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...) TODO: check CVE-2016-3268 RESERVED -CVE-2016-3267 - RESERVED -CVE-2016-3266 - RESERVED +CVE-2016-3267 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow ...) + TODO: check +CVE-2016-3266 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...) + TODO: check CVE-2016-3265 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...) TODO: check CVE-2016-3264 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow ...) NOT-FOR-US: Microsoft -CVE-2016-3263 - RESERVED -CVE-2016-3262 - RESERVED +CVE-2016-3263 (Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista ...) + TODO: check +CVE-2016-3262 (Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista ...) + TODO: check CVE-2016-3261 (Microsoft Internet Explorer 11 allows remote attackers to obtain ...) NOT-FOR-US: Microsoft CVE-2016-3260 (The Microsoft (1) JScript 9, (2) VBScript, and (3) Chakra JavaScript ...) @@ -15188,8 +15309,8 @@ CVE-2016-3211 (Microsoft Internet Explorer 9 through 11 allows remote attackers NOT-FOR-US: Microsoft CVE-2016-3210 (The Microsoft (1) JScript and (2) VBScript engines, as used in ...) TODO: check -CVE-2016-3209 - RESERVED +CVE-2016-3209 (Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista ...) + TODO: check CVE-2016-3208 RESERVED CVE-2016-3207 (The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as ...) @@ -15666,8 +15787,8 @@ CVE-2016-3058 RESERVED CVE-2016-3057 RESERVED -CVE-2016-3056 - RESERVED +CVE-2016-3056 (Cross-site scripting (XSS) vulnerability in Business Space in IBM ...) + TODO: check CVE-2016-3055 RESERVED CVE-2016-3054 (Cross-site scripting (XSS) vulnerability in IBM FileNet Workplace ...) @@ -21880,12 +22001,12 @@ CVE-2016-1093 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Read NOT-FOR-US: Adobe Reader and Acrobat CVE-2016-1092 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...) NOT-FOR-US: Adobe Reader and Acrobat -CVE-2016-1091 - RESERVED +CVE-2016-1091 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...) + TODO: check CVE-2016-1090 (Untrusted search path vulnerability in Adobe Reader and Acrobat before ...) NOT-FOR-US: Adobe Reader and Acrobat -CVE-2016-1089 - RESERVED +CVE-2016-1089 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...) + TODO: check CVE-2016-1088 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2016-1087 (Untrusted search path vulnerability in Adobe Reader and Acrobat before ...) @@ -24239,8 +24360,8 @@ CVE-2016-0144 RESERVED CVE-2016-0143 (The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server ...) NOT-FOR-US: Microsoft Windows -CVE-2016-0142 - RESERVED +CVE-2016-0142 (Video Control in Microsoft Windows Vista SP2, Windows 7 SP1, Windows ...) + TODO: check CVE-2016-0141 (The Visual Basic macros in Microsoft Office 2007 SP3, 2010 SP2, 2013 ...) TODO: check CVE-2016-0140 (Microsoft Office 2007 SP3, Office 2010 SP2, Word Automation Services ...) @@ -24365,26 +24486,26 @@ CVE-2016-0081 RESERVED CVE-2016-0080 (Microsoft Edge mishandles exceptions during window-message dispatch ...) NOT-FOR-US: Microsoft -CVE-2016-0079 - RESERVED +CVE-2016-0079 (The kernel in Microsoft Windows 10 Gold, 1511, and 1607 allows local ...) + TODO: check CVE-2016-0078 RESERVED CVE-2016-0077 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge misparse ...) NOT-FOR-US: Microsoft CVE-2016-0076 RESERVED -CVE-2016-0075 - RESERVED +CVE-2016-0075 (The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, ...) + TODO: check CVE-2016-0074 RESERVED -CVE-2016-0073 - RESERVED +CVE-2016-0073 (The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, ...) + TODO: check CVE-2016-0072 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...) NOT-FOR-US: Microsoft CVE-2016-0071 (Microsoft Internet Explorer 9 allows remote attackers to execute ...) NOT-FOR-US: Microsoft -CVE-2016-0070 - RESERVED +CVE-2016-0070 (The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...) + TODO: check CVE-2016-0069 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...) NOT-FOR-US: Microsoft CVE-2016-0068 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...) |