[Secure-testing-commits] r37766 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Wed Nov 18 21:10:11 UTC 2015
Author: sectracker
Date: 2015-11-18 21:10:10 +0000 (Wed, 18 Nov 2015)
New Revision: 37766
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-11-18 19:42:10 UTC (rev 37765)
+++ data/CVE/list 2015-11-18 21:10:10 UTC (rev 37766)
@@ -1,3 +1,31 @@
+CVE-2015-8233 (Cross-site scripting (XSS) vulnerability in the MAYO theme 7.x-1.x ...)
+ TODO: check
+CVE-2015-8232 (The UC Profile module 6.x-1.x before 6.x-1.3 for Drupal does not ...)
+ TODO: check
+CVE-2015-8231
+ RESERVED
+CVE-2015-8230
+ RESERVED
+CVE-2015-8229
+ RESERVED
+CVE-2015-8228
+ RESERVED
+CVE-2015-8227
+ RESERVED
+CVE-2015-8226
+ RESERVED
+CVE-2015-8225
+ RESERVED
+CVE-2015-8224
+ RESERVED
+CVE-2015-8223
+ RESERVED
+CVE-2015-8222 (The lxd-unix.socket systemd unit file in the Ubuntu lxd package before ...)
+ TODO: check
+CVE-2015-8221 (Integer overflow in Google Picasa before 3.9.140 Build 259 allows ...)
+ TODO: check
+CVE-2015-8220 (Stack-based buffer overflow in the URI handler in DWRCC.exe in ...)
+ TODO: check
CVE-2015-8242 [Buffer overread with HTML parser in push mode in xmlSAX2TextNode]
- libxml2 <unfixed> (bug #805146)
[jessie] - libxml2 <not-affected> (Vulnerable code introduced later)
@@ -274,7 +302,7 @@
NOTE: latex2rtf compiled with -D_FORTIFY_SOURCE=2
NOTE: Rendered non-exploitable by toolchain hardening
CVE-2015-8126 (Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE ...)
- {DLA-343-1}
+ {DSA-3399-1 DLA-343-1}
- libpng 1.2.54-1 (bug #805113)
NOTE: http://www.openwall.com/lists/oss-security/2015/11/12/2
NOTE: Fixed in 1.6.19, 1.5.24, 1.4.17, 1.2.54, and 1.0.64
@@ -581,12 +609,12 @@
RESERVED
CVE-2015-7999
RESERVED
-CVE-2015-7998
- RESERVED
-CVE-2015-7997
- RESERVED
-CVE-2015-7996
- RESERVED
+CVE-2015-7998 (The administration UI in Citrix NetScaler Application Delivery ...)
+ TODO: check
+CVE-2015-7997 (Multiple cross-site scripting (XSS) vulnerabilities in the Nitro API ...)
+ TODO: check
+CVE-2015-7996 (The Nitro API in Citrix NetScaler Application Delivery Controller ...)
+ TODO: check
CVE-2015-7994 (The SQL interface in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) ...)
TODO: check
CVE-2015-7993 (The Extended Application Services (aka XS or XS Engine) in SAP HANA DB ...)
@@ -722,8 +750,7 @@
NOTE: workaround entry for DLA-337-1 until/if CVE assigned
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/10/25/3
NOTE: http://git.busybox.net/busybox/commit/?id=1de25a6e87e0e627aa34298105a3d17c60a1f44e
-CVE-2015-7995 [Type confusion may cause DoS]
- RESERVED
+CVE-2015-7995 (The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does ...)
- libxslt 1.1.28-2.1 (bug #802971)
[jessie] - libxslt <no-dsa> (Minor issue)
[wheezy] - libxslt <no-dsa> (Minor issue)
@@ -769,7 +796,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2015/10/23/15
CVE-2015-7981 [read out of bound]
RESERVED
- {DLA-343-1}
+ {DSA-3399-1 DLA-343-1}
- libpng 1.2.54-1 (bug #803078)
NOTE: http://sourceforge.net/p/libpng/bugs/241/
NOTE: http://sourceforge.net/p/libpng/code/ci/fbf0f024346ca0a4ffc64b082a95c6b6bb6d29c4/
@@ -1130,8 +1157,7 @@
[wheezy] - xen <not-affected> (arm not yet supported)
[squeeze] - xen <end-of-life> (not supported in squeeze-lts)
NOTE: http://xenbits.xen.org/xsa/advisory-146.html
-CVE-2015-7812 [arm: Host crash when preempting a multicall]
- RESERVED
+CVE-2015-7812 (The hypercall_create_continuation function in arch/arm/domain.c in Xen ...)
- xen 4.6.0-1
[wheezy] - xen <not-affected> (arm not yet supported)
[squeeze] - xen <end-of-life> (not supported in squeeze-lts)
@@ -1187,8 +1213,7 @@
RESERVED
CVE-2015-7806
RESERVED
-CVE-2015-7805 [heap overflow]
- RESERVED
+CVE-2015-7805 (Heap-based buffer overflow in libsndfile 1.0.25 allows remote ...)
- libsndfile 1.0.25-10 (bug #804445)
NOTE: http://www.nemux.org/2015/10/13/libsndfile-1-0-25-heap-overflow/
NOTE: https://www.exploit-db.com/exploits/38447/
@@ -3452,8 +3477,7 @@
RESERVED
CVE-2015-6848
RESERVED
-CVE-2015-6847
- RESERVED
+CVE-2015-6847 (The default configuration of EMC VPLEX GeoSynchrony 5.4 SP1 before P3 ...)
NOT-FOR-US: EMC VPLEX
CVE-2015-6846 (EMC SourceOne Email Supervisor before 7.2 uses hardcoded encryption ...)
NOT-FOR-US: EMC SourceOne
@@ -4737,8 +4761,7 @@
RESERVED
CVE-2015-6358
RESERVED
-CVE-2015-6357
- RESERVED
+CVE-2015-6357 (The rule-update feature in Cisco FireSIGHT Management Center (MC) 5.2 ...)
NOT-FOR-US: Cisco FireSIGHT
CVE-2015-6356 (Cross-site scripting (XSS) vulnerability in the WeChat page in Cisco ...)
TODO: check
@@ -4792,8 +4815,8 @@
NOT-FOR-US: Cisco
CVE-2015-6331 (SQL injection vulnerability in the web framework in Cisco Prime ...)
NOT-FOR-US: Cisco
-CVE-2015-6330
- RESERVED
+CVE-2015-6330 (Cross-site request forgery (CSRF) vulnerability in Cisco Prime ...)
+ TODO: check
CVE-2015-6329 (SQL injection vulnerability in Cisco Prime Collaboration Provisioning ...)
NOT-FOR-US: Cisco
CVE-2015-6328 (The web framework in Cisco Prime Collaboration Assurance (PCA) 10.5(1) ...)
@@ -6613,8 +6636,7 @@
RESERVED
CVE-2015-5603 (The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows ...)
NOT-FOR-US: HipChat plugin
-CVE-2015-5602 [Unauthorized privilege escalation in sudoedit]
- RESERVED
+CVE-2015-5602 (sudoedit in Sudo before 1.8.15 allows local users to gain privileges ...)
- sudo <unfixed> (bug #804149)
NOTE: http://bugzilla.sudo.ws/show_bug.cgi?id=707
NOTE: http://www.sudo.ws/repos/sudo/rev/9636fd256325
@@ -7454,8 +7476,7 @@
RESERVED
CVE-2015-5312
RESERVED
-CVE-2015-5311
- RESERVED
+CVE-2015-5311 (PowerDNS (aka pdns) Authoritative Server 3.4.4 before 3.4.7 allows ...)
- pdns 3.4.7-1
[jessie] - pdns <not-affected> (Only 3.4.4 and later affected)
[wheezy] - pdns <not-affected> (Only 3.4.4 and later affected)
@@ -7496,8 +7517,7 @@
RESERVED
CVE-2015-5302
RESERVED
-CVE-2015-5301
- RESERVED
+CVE-2015-5301 (providers/saml2/admin.py in the Identity Provider (IdP) server in ...)
NOT-FOR-US: Ipsilon
CVE-2015-5300 [MITM attacker can force ntpd to make a step larger than the panic threshold]
RESERVED
@@ -7612,8 +7632,7 @@
- eglibc <removed>
[wheezy] - eglibc <not-affected> (Vulnerable code not present)
[squeeze] - eglibc <not-affected> (Vulnerable code not present)
-CVE-2015-5276 [gcc: Predictable randomness from std::random_device]
- RESERVED
+CVE-2015-5276 (The std::random_device class in libstdc++ in the GNU Compiler ...)
- gcc-5 <unfixed>
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65142
NOTE: Upstream commit: https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=227687
@@ -7846,8 +7865,7 @@
[jessie] - bsdmainutils <no-dsa> (Minor issue)
[wheezy] - bsdmainutils <no-dsa> (Minor issue)
[squeeze] - bsdmainutils <no-dsa> (Minor issue)
-CVE-2015-5217
- RESERVED
+CVE-2015-5217 (providers/saml2/admin.py in the Identity Provider (IdP) server in ...)
NOT-FOR-US: Ipsilon
CVE-2015-5216
RESERVED
@@ -24885,8 +24903,7 @@
NOTE: https://bugs.php.net/bug.php?id=68942
NOTE: http://git.php.net/?p=php-src.git;a=commit;h=c377f1a715476934133f3254d1e0d4bf3743e2d2
NOTE: http://git.php.net/?p=php-src.git;a=commit;h=71335e6ebabc1b12c057d8017fd811892ecdfd24
-CVE-2015-0272 [linux: remote DoS using IPv6 RA with bogus MTU]
- RESERVED
+CVE-2015-0272 (GNOME NetworkManager allows remote attackers to cause a denial of ...)
- network-manager <unfixed>
[jessie] - network-manager <no-dsa> (Will be fixed on the kernel side)
[wheezy] - network-manager <not-affected> (code introduced in 0.9.10)
More information about the Secure-testing-commits
mailing list