[Secure-testing-commits] r37537 - data/CVE

Tue Nov 3 21:10:12 UTC 2015

Author: sectracker
Date: 2015-11-03 21:10:12 +0000 (Tue, 03 Nov 2015)
New Revision: 37537

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2015-11-03 20:59:53 UTC (rev 37536)
+++ data/CVE/list	2015-11-03 21:10:12 UTC (rev 37537)
@@ -1,3 +1,85 @@
+CVE-2015-8074 (mediaserver in Android before 5.1.1 LMY48X allows remote attackers to ...)
+	TODO: check
+CVE-2015-8073 (mediaserver in Android 4.4 and 5.1 before 5.1.1 LMY48X allows remote ...)
+	TODO: check
+CVE-2015-8072 (mediaserver in Android 4.4 through 5.x before 5.1.1 LMY48X and 6.0 ...)
+	TODO: check
+CVE-2015-8071
+	RESERVED
+CVE-2015-8070
+	RESERVED
+CVE-2015-8069
+	RESERVED
+CVE-2015-8068
+	RESERVED
+CVE-2015-8067
+	RESERVED
+CVE-2015-8066
+	RESERVED
+CVE-2015-8065
+	RESERVED
+CVE-2015-8064
+	RESERVED
+CVE-2015-8063
+	RESERVED
+CVE-2015-8062
+	RESERVED
+CVE-2015-8061
+	RESERVED
+CVE-2015-8060
+	RESERVED
+CVE-2015-8059
+	RESERVED
+CVE-2015-8058
+	RESERVED
+CVE-2015-8057
+	RESERVED
+CVE-2015-8056
+	RESERVED
+CVE-2015-8055
+	RESERVED
+CVE-2015-8054
+	RESERVED
+CVE-2015-8053
+	RESERVED
+CVE-2015-8052
+	RESERVED
+CVE-2015-8051
+	RESERVED
+CVE-2015-8050
+	RESERVED
+CVE-2015-8049
+	RESERVED
+CVE-2015-8048
+	RESERVED
+CVE-2015-8047
+	RESERVED
+CVE-2015-8046
+	RESERVED
+CVE-2015-8045
+	RESERVED
+CVE-2015-8044
+	RESERVED
+CVE-2015-8043
+	RESERVED
+CVE-2015-8042
+	RESERVED
+CVE-2015-8040 (The rtsp_getdlsendtime method in the CNC_Ctrl control in Samsung ...)
+	TODO: check
+CVE-2015-8039 (Samsung SmartViewer allow remote attackers to execute arbitrary code ...)
+	TODO: check
+CVE-2015-8038 (Multiple cross-site scripting (XSS) vulnerabilities in the Graphical ...)
+	TODO: check
+CVE-2015-8037 (Multiple cross-site scripting (XSS) vulnerabilities in the Graphical ...)
+	TODO: check
+CVE-2015-8036 (Heap-based buffer overflow in ARM mbed TLS (formerly PolarSSL) 1.3.x ...)
+	TODO: check
+CVE-2015-8034
+	RESERVED
+CVE-2014-9755
+	RESERVED
+CVE-2014-9754
+	RESERVED
 CVE-2015-XXXX [use afer free]
 	- pycurl <unfixed>
 	[wheezy] - pycurl <not-affected> (Vulnerable code introduced later)
@@ -13,6 +95,7 @@
 CVE-2015-8032
 	RESERVED
 CVE-2015-8035 [DoS if xz enabled]
+	RESERVED
 	- libxml2 <unfixed> (bug #803942)
 	[squeeze] - libxml2 <not-affected> (No LZMA/XZ support in version 2.7.8)
 	NOTE: Upstream patch: https://git.gnome.org/browse/libxml2/commit/?id=f0709e3ca8f8947f2d91ed34e92e38a4c23eae63
@@ -3606,20 +3689,20 @@
 	RESERVED
 CVE-2015-6615
 	RESERVED
-CVE-2015-6614
-	RESERVED
-CVE-2015-6613
-	RESERVED
-CVE-2015-6612
-	RESERVED
-CVE-2015-6611
-	RESERVED
-CVE-2015-6610
-	RESERVED
-CVE-2015-6609
-	RESERVED
-CVE-2015-6608
-	RESERVED
+CVE-2015-6614 (Telephony in Android 5.x before 5.1.1 LMY48X allows attackers to gain ...)
+	TODO: check
+CVE-2015-6613 (Bluetooth in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 ...)
+	TODO: check
+CVE-2015-6612 (libmedia in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 ...)
+	TODO: check
+CVE-2015-6611 (mediaserver in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 ...)
+	TODO: check
+CVE-2015-6610 (libstagefright in Android before 5.1.1 LMY48X and 6.0 before ...)
+	TODO: check
+CVE-2015-6609 (libutils in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 ...)
+	TODO: check
+CVE-2015-6608 (mediaserver in Android 5.x before 5.1.1 LMY48X and 6.0 before ...)
+	TODO: check
 CVE-2015-6607 (SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows ...)
 	TODO: check
 CVE-2015-6606 (The Secure Element Evaluation Kit (aka SEEK or SmartCard API) plugin ...)
@@ -4850,8 +4933,7 @@
 	TODO: check
 CVE-2015-6032 (Qolsys IQ Panel (aka QOL) before 1.5.1 has hardcoded cryptographic ...)
 	TODO: check
-CVE-2015-6031 [Buffer overflow vulnerability in XML parser functionality]
-	RESERVED
+CVE-2015-6031 (Buffer overflow in the IGDstartelt function in igd_desc_parse.c in the ...)
 	{DSA-3379-1}
 	- miniupnpc 1.9.20140610-2.1 (bug #802650)
 	NOTE: http://talosintel.com/reports/TALOS-2015-0035/
@@ -5939,6 +6021,7 @@
 CVE-2015-5668 (SQL injection vulnerability in Techno Project Japan Enisys Gw before ...)
 	TODO: check
 CVE-2015-5667 (Cross-site scripting (XSS) vulnerability in the HTML-Scrubber module ...)
+	{DLA-339-1}
 	- libhtml-scrubber-perl 0.15-1 (bug #803943)
 	[jessie] - libhtml-scrubber-perl <no-dsa> (Minor issue; "comment" functionality is off by default)
 	[wheezy] - libhtml-scrubber-perl <no-dsa> (Minor issue; "comment" functionality is off by default)
@@ -6305,8 +6388,7 @@
 	NOT-FOR-US: Belkin router
 CVE-2015-5535 (Cross-site scripting (XSS) vulnerability in the qTranslate plugin ...)
 	NOT-FOR-US: qTranslate plugin for wordpress
-CVE-2015-5534
-	RESERVED
+CVE-2015-5534 (Multiple cross-site request forgery (CSRF) vulnerabilities in Oxwall ...)
 	NOT-FOR-US: Oxwall
 CVE-2015-5533
 	RESERVED
@@ -6713,6 +6795,7 @@
 CVE-2011-5322 (GE Healthcare Centricity Analytics Server 1.1 has a default password ...)
 	NOT-FOR-US: GE Healthcare Centricity Analytics Server
 CVE-2015-8041 [Incomplete WPS and P2P NFC NDEF record payload length validation]
+	RESERVED
 	- wpa 2.3-2.2 (bug #795740)
 	- wpasupplicant <removed>
 	[squeeze] - wpasupplicant <not-affected> (0.7.0-v2.4 with with CONFIG_WPS_NFC=y)
@@ -6725,8 +6808,7 @@
 	- sogo <unfixed> (bug #796197)
 	NOTE: http://www.openwall.com/lists/oss-security/2015/07/07/10
 	NOTE: http://www.sogo.nu/bugs/view.php?id=3246
-CVE-2015-5470 [denial of service - incomplete fix for CVE-2015-1868]
-	RESERVED
+CVE-2015-5470 (The label decompression functionality in PowerDNS Recursor before ...)
 	{DSA-3307-1 DSA-3306-1}
 	- pdns 3.4.5-1
 	[wheezy] - pdns <not-affected> (3.2 and up affected)
@@ -6882,8 +6964,8 @@
 	RESERVED
 CVE-2015-5309
 	RESERVED
-CVE-2015-5308
-	RESERVED
+CVE-2015-5308 (Multiple SQL injection vulnerabilities in cs_admin_users.php in the ...)
+	TODO: check
 CVE-2015-5307
 	RESERVED
 CVE-2015-5306
@@ -6932,8 +7014,7 @@
 	[squeeze] - sssd <not-affected> (vulnerable code not present)
 	NOTE: https://fedorahosted.org/sssd/ticket/2803
 	NOTE: https://fedorahosted.org/sssd/attachment/ticket/2803/0001-Fix-memory-leak-in-sssdpac_verify.patch
-CVE-2015-5291 [Remote attack on clients using session tickets or SNI]
-	RESERVED
+CVE-2015-5291 (Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed ...)
 	{DLA-331-1}
 	[experimental] - polarssl 1.3.14-0.1
 	- polarssl <unfixed> (bug #801413)
@@ -7265,8 +7346,7 @@
 	RESERVED
 CVE-2015-5211
 	RESERVED
-CVE-2015-5210
-	RESERVED
+CVE-2015-5210 (Open redirect vulnerability in Apache Ambari before 2.1.2 allows ...)
 	NOT-FOR-US: Apache Ambari
 CVE-2015-5209
 	RESERVED
@@ -12712,8 +12792,7 @@
 	RESERVED
 	- tika <not-affected> (The server isn't shipped in the Debian package)
 	NOTE: https://marc.info/?l=oss-security&m=143948566828051&w=2
-CVE-2015-3270
-	RESERVED
+CVE-2015-3270 (Apache Ambari before 2.0.2 or 2.1.x before 2.1.1 allows remote ...)
 	NOT-FOR-US: Apache Ambari
 CVE-2015-3269 (Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe ...)
 	NOT-FOR-US: Adobe
@@ -13067,8 +13146,7 @@
 	- subversion 1.9.0-1
 	[stretch] - subversion 1.8.13-1+deb9u1
 	NOTE: https://subversion.apache.org/security/CVE-2015-3187-advisory.txt
-CVE-2015-3186
-	RESERVED
+CVE-2015-3186 (Cross-site scripting (XSS) vulnerability in Apache Ambari before 2.1.0 ...)
 	NOT-FOR-US: Apache Ambari
 CVE-2015-3185 (The ap_some_auth_required function in server/request.c in the Apache ...)
 	{DSA-3325-1}
@@ -17397,8 +17475,7 @@
 	[wheezy] - rhn-client-tools <no-dsa> (Minor issue)
 CVE-2015-1776
 	RESERVED
-CVE-2015-1775
-	RESERVED
+CVE-2015-1775 (Server-side request forgery (SSRF) vulnerability in the proxy endpoint ...)
 	NOT-FOR-US: Apache Ambari
 CVE-2015-1774 (The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and ...)
 	{DSA-3236-1}


