[Secure-testing-commits] r38424 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Sat Dec 19 09:10:33 UTC 2015
Author: sectracker
Date: 2015-12-19 09:10:33 +0000 (Sat, 19 Dec 2015)
New Revision: 38424
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-12-19 06:20:43 UTC (rev 38423)
+++ data/CVE/list 2015-12-19 09:10:33 UTC (rev 38424)
@@ -1,3 +1,141 @@
+CVE-2016-0930
+ RESERVED
+CVE-2016-0929
+ RESERVED
+CVE-2016-0928
+ RESERVED
+CVE-2016-0927
+ RESERVED
+CVE-2016-0926
+ RESERVED
+CVE-2016-0925
+ RESERVED
+CVE-2016-0924
+ RESERVED
+CVE-2016-0923
+ RESERVED
+CVE-2016-0922
+ RESERVED
+CVE-2016-0921
+ RESERVED
+CVE-2016-0920
+ RESERVED
+CVE-2016-0919
+ RESERVED
+CVE-2016-0918
+ RESERVED
+CVE-2016-0917
+ RESERVED
+CVE-2016-0916
+ RESERVED
+CVE-2016-0915
+ RESERVED
+CVE-2016-0914
+ RESERVED
+CVE-2016-0913
+ RESERVED
+CVE-2016-0912
+ RESERVED
+CVE-2016-0911
+ RESERVED
+CVE-2016-0910
+ RESERVED
+CVE-2016-0909
+ RESERVED
+CVE-2016-0908
+ RESERVED
+CVE-2016-0907
+ RESERVED
+CVE-2016-0906
+ RESERVED
+CVE-2016-0905
+ RESERVED
+CVE-2016-0904
+ RESERVED
+CVE-2016-0903
+ RESERVED
+CVE-2016-0902
+ RESERVED
+CVE-2016-0901
+ RESERVED
+CVE-2016-0900
+ RESERVED
+CVE-2016-0899
+ RESERVED
+CVE-2016-0898
+ RESERVED
+CVE-2016-0897
+ RESERVED
+CVE-2016-0896
+ RESERVED
+CVE-2016-0895
+ RESERVED
+CVE-2016-0894
+ RESERVED
+CVE-2016-0893
+ RESERVED
+CVE-2016-0892
+ RESERVED
+CVE-2016-0891
+ RESERVED
+CVE-2016-0890
+ RESERVED
+CVE-2016-0889
+ RESERVED
+CVE-2016-0888
+ RESERVED
+CVE-2016-0887
+ RESERVED
+CVE-2016-0886
+ RESERVED
+CVE-2016-0885
+ RESERVED
+CVE-2016-0884
+ RESERVED
+CVE-2016-0883
+ RESERVED
+CVE-2016-0882
+ RESERVED
+CVE-2016-0881
+ RESERVED
+CVE-2015-8610
+ RESERVED
+CVE-2015-8609
+ RESERVED
+CVE-2015-8608
+ RESERVED
+CVE-2015-8607
+ RESERVED
+CVE-2015-8606
+ RESERVED
+CVE-2015-8605
+ RESERVED
+CVE-2015-8604
+ RESERVED
+CVE-2015-8603
+ RESERVED
+CVE-2015-8602 (The Token Insert Entity module 7.x-1.x before 7.x-1.1 for Drupal does ...)
+ TODO: check
+CVE-2015-8601 (The Chat Room module 7.x-2.x before 7.x-2.2 for Drupal does not ...)
+ TODO: check
+CVE-2015-8600 (The SysAdminWebTool servlets in SAP Mobile Platform allow remote ...)
+ TODO: check
+CVE-2015-8599
+ RESERVED
+CVE-2015-8598
+ RESERVED
+CVE-2015-8597
+ RESERVED
+CVE-2015-8596
+ RESERVED
+CVE-2015-8595
+ RESERVED
+CVE-2015-8594
+ RESERVED
+CVE-2015-8593
+ RESERVED
+CVE-2015-8592
+ RESERVED
CVE-2015-8612 [blueman local privilege escalation]
{DSA-3427-1}
- blueman 2.0.3-1
@@ -2369,8 +2507,7 @@
{DSA-3421-1 DLA-368-1}
- grub2 2.02~beta2-33 (bug #807614)
NOTE: https://twitter.com/lostinsecurity/status/674925944524640257
-CVE-2015-8369 [cacti: SQL injection in graph.php]
- RESERVED
+CVE-2015-8369 (SQL injection vulnerability in include/top_graph_header.php in Cacti ...)
{DSA-3423-1}
- cacti 0.8.8f+ds1-3 (bug #807599)
NOTE: http://bugs.cacti.net/view.php?id=2646
@@ -2384,8 +2521,7 @@
CVE-2015-8375
RESERVED
NOT-FOR-US: PHP-Fusion
-CVE-2015-8368
- RESERVED
+CVE-2015-8368 (ntopng (aka ntop) before 2.2 allows remote authenticated users to ...)
- ntopng <unfixed>
NOTE: fixed upstream in 2.2
NOTE: https://www.exploit-db.com/exploits/38836/
@@ -2457,26 +2593,22 @@
RESERVED
CVE-2015-8342
REJECTED
-CVE-2015-8341 [libxl leak of pv kernel and initrd on error]
- RESERVED
+CVE-2015-8341 (The libxl toolstack library in Xen 4.1.x through 4.6.x does not ...)
- xen <unfixed>
[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
NOTE: http://xenbits.xen.org/xsa/advisory-160.html
TODO: check
-CVE-2015-8340 [XENMEM_exchange error handling issues]
- RESERVED
+CVE-2015-8340 (The memory_exchange function in common/memory.c in Xen 3.2.x through ...)
- xen <unfixed>
[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
NOTE: http://xenbits.xen.org/xsa/advisory-159.html
TODO: chek
-CVE-2015-8339 [XENMEM_exchange error handling issues]
- RESERVED
+CVE-2015-8339 (The memory_exchange function in common/memory.c in Xen 3.2.x through ...)
- xen <unfixed>
[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
NOTE: http://xenbits.xen.org/xsa/advisory-159.html
TODO: chek
-CVE-2015-8338 [long running memory operations on ARM]
- RESERVED
+CVE-2015-8338 (Xen 4.6.x and earlier does not properly enforce limits on page order ...)
- xen <unfixed>
[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
NOTE: http://xenbits.xen.org/xsa/advisory-158.html
@@ -2514,8 +2646,7 @@
NOT-FOR-US: SAP
CVE-2015-8328 (Unspecified vulnerability in the NVAPI support layer in the NVIDIA GPU ...)
- nvidia-graphics-drivers <not-affected> (Windows only)
-CVE-2015-8327
- RESERVED
+CVE-2015-8327 (Incomplete blacklist vulnerability in util.c in foomatic-rip in ...)
{DSA-3411-1 DLA-365-1}
- cups-filters 1.2.0-1
[wheezy] - cups-filters <not-affected> (Vulnerable code not present; introduced in 1.0.42)
@@ -4876,8 +5007,7 @@
CVE-2015-7528
RESERVED
NOT-FOR-US: OpenShift
-CVE-2015-7527
- RESERVED
+CVE-2015-7527 (lib/core.php in the Cool Video Gallery plugin 1.9 for WordPress allows ...)
NOT-FOR-US: WordPress plugin cool-video-gallery
CVE-2015-7526
RESERVED
@@ -4898,8 +5028,7 @@
- passenger 5.0.22-1 (bug #807354)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=956281
NOTE: https://github.com/phusion/passenger/commit/ddb8ecc4ebf260e4967f57f271d4f5761abeac3e
-CVE-2015-7518
- RESERVED
+CVE-2015-7518 (Multiple cross-site scripting (XSS) vulnerabilities in information ...)
- foreman <itp> (bug #663101)
CVE-2015-7517
RESERVED
@@ -7402,8 +7531,8 @@
RESERVED
CVE-2015-6557 (IBM Tivoli Storage Manager for Databases: Data Protection for ...)
NOT-FOR-US: IBM
-CVE-2015-6556
- RESERVED
+CVE-2015-6556 (EACommunicatorSrv.exe in the Framework Service in the client in ...)
+ TODO: check
CVE-2015-6555 (Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 ...)
TODO: check
CVE-2015-6554 (Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 ...)
@@ -7725,16 +7854,16 @@
RESERVED
CVE-2015-6429
RESERVED
-CVE-2015-6428
- RESERVED
-CVE-2015-6427
- RESERVED
-CVE-2015-6426
- RESERVED
+CVE-2015-6428 (Cisco DPQ3925 devices with EDVA r1 Base allow remote attackers to ...)
+ TODO: check
+CVE-2015-6427 (Cisco FireSIGHT Management Center allows remote attackers to bypass ...)
+ TODO: check
+CVE-2015-6426 (Cisco Prime Network Services Controller 3.0 allows local users to ...)
+ TODO: check
CVE-2015-6425 (The WebApplications Identity Management subsystem in Cisco Unified ...)
TODO: check
-CVE-2015-6424
- RESERVED
+CVE-2015-6424 (The boot manager in Cisco Application Policy Infrastructure Controller ...)
+ TODO: check
CVE-2015-6423
RESERVED
CVE-2015-6422 (The self-service application in Cisco Unified Communications Domain ...)
@@ -10873,8 +11002,7 @@
[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
NOTE: Fix: https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03985.html
NOTE: Possibly introduced around http://git.qemu.org/?p=qemu.git;a=commitdiff;h=0ae045ae439ad83692ad039a554f7d62acf9de5c (v0.9.1)
-CVE-2015-5277 [data corruption while reading the NSS files database]
- RESERVED
+CVE-2015-5277 (The get_contents function in nss_files/files-XXX.c in the Name Service ...)
- glibc 2.21-1 (bug #799966)
[jessie] - glibc <no-dsa> (Minor issue)
- eglibc <removed>
@@ -11160,8 +11288,7 @@
RESERVED
CVE-2015-5205
RESERVED
-CVE-2015-5204
- RESERVED
+CVE-2015-5204 (CRLF injection vulnerability in the Apache Cordova File Transfer ...)
NOT-FOR-US: Apache Cordova Android File Transfer Plugin
CVE-2015-5203 [double free triggered by jasper_image_stop_load function]
RESERVED
@@ -14402,8 +14529,8 @@
NOT-FOR-US: pfSense
CVE-2015-4028
RESERVED
-CVE-2015-4027
- RESERVED
+CVE-2015-4027 (The AcuWVSSchedulerv10 service in Acunetix Web Vulnerability Scanner ...)
+ TODO: check
CVE-2013-7440 [incorrect wildcard matching rules]
RESERVED
- python3.4 3.4~b1-4
@@ -32242,7 +32369,7 @@
CVE-2014-7811 (Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and ...)
NOT-FOR-US: Red Hat Satellite / Spacewalk
CVE-2014-7810 (The Expression Language (EL) implementation in Apache Tomcat 6.x ...)
- {DLA-232-1}
+ {DSA-3428-1 DLA-232-1}
- tomcat6 6.0.41-3 (bug #787010)
NOTE: Marked as fixed in 6.0.41-3 which only builds the libservlet2.5-java and libservlet2.5-java-doc packages
- tomcat7 7.0.61-1
More information about the Secure-testing-commits
mailing list