[Secure-testing-commits] r38464 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Mon Dec 21 21:10:12 UTC 2015 

Author: sectracker
Date: 2015-12-21 21:10:12 +0000 (Mon, 21 Dec 2015)
New Revision: 38464

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-12-21 19:10:31 UTC (rev 38463)
+++ data/CVE/list	2015-12-21 21:10:12 UTC (rev 38464)
@@ -1,3 +1,5 @@
+CVE-2015-8611
+	RESERVED
 CVE-2015-XXXX [scsi: stack based buffer overflow in megasas_ctrl_get_info]
 	- qemu <unfixed>
 	- qemu-kvm <removed>
@@ -175,6 +177,7 @@
 CVE-2015-8592
 	RESERVED
 CVE-2015-8612 [blueman local privilege escalation]
+	RESERVED
 	{DSA-3427-1}
 	- blueman 2.0.3-1
 	NOTE: https://twitter.com/thegrugq/status/677809527882813440
@@ -718,7 +721,7 @@
 	TODO: check
 CVE-2015-8560 [code execution via improper escaping of ; in foomatic-rip]
 	RESERVED
-	{DSA-3419-1 DLA-371-1}
+	{DSA-3429-1 DSA-3419-1 DLA-371-1}
 	- cups-filters 1.4.0-1 (bug #807930)
 	[wheezy] - cups-filters <not-affected> (Vulnerable code not present; introduced in 1.0.42)
 	- foomatic-filters 4.0.17-7 (bug #807993)
@@ -2378,8 +2381,8 @@
 	RESERVED
 CVE-2015-8459
 	RESERVED
-CVE-2015-8458
-	RESERVED
+CVE-2015-8458 (Heap-based buffer overflow in AGM.dll in Adobe Reader and Acrobat 10.x ...)
+	TODO: check
 CVE-2015-8457 (Stack-based buffer overflow in Adobe Flash Player before 18.0.0.268 ...)
 	NOT-FOR-US: Adobe Flash
 CVE-2015-8456 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before ...)
@@ -2686,7 +2689,7 @@
 CVE-2015-8328 (Unspecified vulnerability in the NVAPI support layer in the NVIDIA GPU ...)
 	- nvidia-graphics-drivers <not-affected> (Windows only)
 CVE-2015-8327 (Incomplete blacklist vulnerability in util.c in foomatic-rip in ...)
-	{DSA-3411-1 DLA-365-1}
+	{DSA-3429-1 DSA-3411-1 DLA-365-1}
 	- cups-filters 1.2.0-1
 	[wheezy] - cups-filters <not-affected> (Vulnerable code not present; introduced in 1.0.42)
 	- foomatic-filters 4.0.17-7 (bug #806886)
@@ -3847,8 +3850,8 @@
 	RESERVED
 CVE-2015-7938
 	RESERVED
-CVE-2015-7937
-	RESERVED
+CVE-2015-7937 (Stack-based buffer overflow in the GoAhead Web Server on Schneider ...)
+	TODO: check
 CVE-2015-7936
 	RESERVED
 CVE-2015-7935
@@ -3883,8 +3886,8 @@
 	RESERVED
 CVE-2015-7920
 	RESERVED
-CVE-2015-7919
-	RESERVED
+CVE-2015-7919 (SearchBlox 8.3 before 8.3.1 allows remote attackers to write to the ...)
+	TODO: check
 CVE-2015-7918 (Multiple buffer overflows in the F1BookView ActiveX control in F1 ...)
 	NOT-FOR-US: F1BookView
 CVE-2015-7917
@@ -3905,12 +3908,12 @@
 	NOT-FOR-US: Exemys
 CVE-2015-7909
 	RESERVED
-CVE-2015-7908
-	RESERVED
-CVE-2015-7907
-	RESERVED
-CVE-2015-7906
-	RESERVED
+CVE-2015-7908 (Honeywell Midas gas detectors before 1.13b3 and Midas Black gas ...)
+	TODO: check
+CVE-2015-7907 (Directory traversal vulnerability in the web server on Honeywell Midas ...)
+	TODO: check
+CVE-2015-7906 (LOYTEC LIP-3ECTB 6.0.1, LINX-100, LVIS-3E100, and LIP-ME201 devices ...)
+	TODO: check
 CVE-2015-7905 (Unitronics VisiLogic OPLC IDE before 9.8.02 allows remote attackers to ...)
 	NOT-FOR-US: Unitronics
 CVE-2015-7904 (Unrestricted file upload vulnerability in Infinite Automation Mango ...)
@@ -4386,10 +4389,10 @@
 	RESERVED
 CVE-2015-7757
 	RESERVED
-CVE-2015-7756
-	RESERVED
-CVE-2015-7755
-	RESERVED
+CVE-2015-7756 (The encryption implementation in Juniper ScreenOS 6.2.0r15 through ...)
+	TODO: check
+CVE-2015-7755 (Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, ...)
+	TODO: check
 CVE-2015-7754
 	RESERVED
 CVE-2015-7753
@@ -5329,8 +5332,8 @@
 	RESERVED
 CVE-2015-7414
 	RESERVED
-CVE-2015-7413
-	RESERVED
+CVE-2015-7413 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 ...)
+	TODO: check
 CVE-2015-7412 (The GatewayScript modules on IBM DataPower Gateways with software ...)
 	NOT-FOR-US: IBM
 CVE-2015-7411
@@ -6496,8 +6499,8 @@
 	RESERVED
 CVE-2015-6935
 	RESERVED
-CVE-2015-6934
-	RESERVED
+CVE-2015-6934 (Serialized-object interfaces in VMware vRealize Orchestrator 6.x, ...)
+	TODO: check
 CVE-2015-6933
 	RESERVED
 CVE-2015-6932 (VMware vCenter Server 5.5 before u3 and 6.0 before u1 does not verify ...)
@@ -7798,10 +7801,10 @@
 	RESERVED
 CVE-2015-6482 (Runtime Toolkit before 2.4.7.48 in 3S-Smart CODESYS before 2.3.9.48 ...)
 	TODO: check
-CVE-2015-6481
-	RESERVED
-CVE-2015-6480
-	RESERVED
+CVE-2015-6481 (The login function in the RequestController class in Moxa OnCell ...)
+	TODO: check
+CVE-2015-6480 (The MessageBrokerServlet servlet in Moxa OnCell Central Manager before ...)
+	TODO: check
 CVE-2015-6479
 	RESERVED
 CVE-2015-6478 (Unitronics VisiLogic OPLC IDE before 9.8.02 does not properly restrict ...)
@@ -7902,8 +7905,8 @@
 	RESERVED
 CVE-2015-6430
 	RESERVED
-CVE-2015-6429
-	RESERVED
+CVE-2015-6429 (The IKEv1 state machine in Cisco IOS 15.4 through 15.6 and IOS XE 3.15 ...)
+	TODO: check
 CVE-2015-6428 (Cisco DPQ3925 devices with EDVA r1 Base allow remote attackers to ...)
 	TODO: check
 CVE-2015-6427 (Cisco FireSIGHT Management Center allows remote attackers to bypass ...)
@@ -11911,14 +11914,14 @@
 	RESERVED
 CVE-2015-5002
 	RESERVED
-CVE-2015-5001
-	RESERVED
+CVE-2015-5001 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...)
+	TODO: check
 CVE-2015-5000
 	RESERVED
 CVE-2015-4999
 	RESERVED
-CVE-2015-4998
-	RESERVED
+CVE-2015-4998 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 ...)
+	TODO: check
 CVE-2015-4997 (IBM WebSphere Portal 8.5.0 before CF08 allows remote attackers to ...)
 	NOT-FOR-US: IBM
 CVE-2015-4996
@@ -11927,8 +11930,8 @@
 	RESERVED
 CVE-2015-4994 (Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 ...)
 	NOT-FOR-US: IBM
-CVE-2015-4993
-	RESERVED
+CVE-2015-4993 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 ...)
+	TODO: check
 CVE-2015-4992 (IBM Sterling B2B Integrator 5.2 before 5020500_8 allows remote ...)
 	NOT-FOR-US: IBM
 CVE-2015-4991
@@ -21289,8 +21292,8 @@
 	NOTE: https://github.com/saltstack/salt/commit/e11298d7155e9982749483ca5538e46090caef9c
 CVE-2015-1837
 	RESERVED
-CVE-2015-1836
-	RESERVED
+CVE-2015-1836 (Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before ...)
+	TODO: check
 CVE-2015-1835
 	RESERVED
 	NOT-FOR-US: Apache Cordova
@@ -21520,8 +21523,8 @@
 	- libreoffice 1:4.4.2-1
 CVE-2015-1773 (Cross-site scripting (XSS) vulnerability in asdoc/templates/index.html ...)
 	- flex-sdk <itp> (bug #602499)
-CVE-2015-1772
-	RESERVED
+CVE-2015-1772 (The LDAP implementation in HiveServer2 in Apache Hive before 1.0.1 and ...)
+	TODO: check
 CVE-2015-1771 (Cross-site request forgery (CSRF) vulnerability in the web ...)
 	NOT-FOR-US: Microsoft Exchange Server
 CVE-2015-1770 (Microsoft Office 2013 SP1 and 2013 RT SP1 allows remote attackers to ...)

More information about the Secure-testing-commits mailing list