[Secure-testing-commits] r37901 - data/CVE

Wed Nov 25 21:10:12 UTC 2015

Author: sectracker
Date: 2015-11-25 21:10:12 +0000 (Wed, 25 Nov 2015)
New Revision: 37901

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2015-11-25 20:32:45 UTC (rev 37900)
+++ data/CVE/list	2015-11-25 21:10:12 UTC (rev 37901)
@@ -1,3 +1,27 @@
+CVE-2015-8337
+	RESERVED
+CVE-2015-8336
+	RESERVED
+CVE-2015-8335
+	RESERVED
+CVE-2015-8334
+	RESERVED
+CVE-2015-8333
+	RESERVED
+CVE-2015-8332
+	RESERVED
+CVE-2015-8331
+	RESERVED
+CVE-2015-8330 (The PCo agent in SAP Plant Connectivity (PCo) allows remote attackers ...)
+	TODO: check
+CVE-2015-8329 (SAP Manufacturing Integration and Intelligence (aka MII, formerly ...)
+	TODO: check
+CVE-2015-8328 (Unspecified vulnerability in the NVAPI support layer in the NVIDIA GPU ...)
+	TODO: check
+CVE-2015-8327
+	RESERVED
+CVE-2015-8325
+	RESERVED
 CVE-2015-XXXX [RCE in gitlab-shell 2.6.6-2.6.7]
 	- gitlab-shell <not-affected> (Only affects version 2.6.6-2.6.7)
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/11/25/5
@@ -26,6 +50,7 @@
 CVE-2015-8322
 	RESERVED
 CVE-2015-8326 [Use of predictable names for temporary files]
+	RESERVED
 	- libiptables-parse-perl 1.6-1
 	[jessie] - libiptables-parse-perl <no-dsa> (Minor issue)
 	[wheezy] - libiptables-parse-perl <no-dsa> (Minor issue)
@@ -248,12 +273,12 @@
 	RESERVED
 CVE-2015-8230
 	RESERVED
-CVE-2015-8229
-	RESERVED
-CVE-2015-8228
-	RESERVED
-CVE-2015-8227
-	RESERVED
+CVE-2015-8229 (Huawei eSpace U2980 unified gateway with software before V100R001C10 ...)
+	TODO: check
+CVE-2015-8228 (Directory traversal vulnerability in the SFTP server in Huawei AR 120, ...)
+	TODO: check
+CVE-2015-8227 (The built-in web server in Huawei VP9660 multi-point control unit with ...)
+	TODO: check
 CVE-2015-8226
 	RESERVED
 CVE-2015-8225
@@ -324,6 +349,7 @@
 	RESERVED
 CVE-2015-8213 [Fixed settings leak possibility in date template filter]
 	RESERVED
+	{DSA-3404-1}
 	- python-django 1.8.7-1
 	NOTE: https://github.com/django/django/commit/316bc3fc9437c5960c24baceb93c73f1939711e4 (master)
 	NOTE: https://github.com/django/django/commit/8a01c6b53169ee079cb21ac5919fdafcc8c5e172 (1.7.x)
@@ -927,8 +953,8 @@
 	RESERVED
 CVE-2015-7986 (The index server (hdbindexserver) in SAP HANA 1.00.095 allows remote ...)
 	NOT-FOR-US: SAP
-CVE-2015-7985
-	RESERVED
+CVE-2015-7985 (Valve Steam 2.10.91.91 uses weak permissions (Users: read and write) ...)
+	TODO: check
 CVE-2015-XXXX [buffer overflow with handling pop3_deleted_flag setting]
 	- dovecot <unfixed> (bug #803223)
 	[wheezy] - dovecot <not-affected> (Bug with pop3_deleted_flag introduced in 2.2.10)
@@ -1090,8 +1116,7 @@
 	NOTE: Upstream issue: https://dev.icinga.org/issues/10453
 	NOTE: Upstream fix: https://dev.icinga.org/projects/icinga-core/repository/revisions/5c816f5d9352c373e9dadb95b63612a96cf96dff
 	NOTE: http://www.openwall.com/lists/oss-security/2015/10/23/15
-CVE-2015-7981 [read out of bound]
-	RESERVED
+CVE-2015-7981 (The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before ...)
 	{DSA-3399-1 DLA-343-1}
 	- libpng 1.2.54-1 (bug #803078)
 	NOTE: http://sourceforge.net/p/libpng/bugs/241/
@@ -1265,8 +1290,7 @@
 	NOTE: https://github.com/ntp-project/ntp/commit/aa44b5835d69d8ee031736bb8ee2730a514edb7d
 CVE-2015-7870
 	RESERVED
-CVE-2015-7869
-	RESERVED
+CVE-2015-7869 (Multiple integer overflows in the kernel mode driver for the NVIDIA ...)
 	- nvidia-graphics-drivers <unfixed>
 	[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
 	[wheezy] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
@@ -1278,10 +1302,10 @@
 	RESERVED
 CVE-2015-7867
 	RESERVED
-CVE-2015-7866
-	RESERVED
-CVE-2015-7865
-	RESERVED
+CVE-2015-7866 (Unquoted Windows search path vulnerability in the Smart Maximize ...)
+	TODO: check
+CVE-2015-7865 (nvSCPAPISvr.exe in the Stereoscopic 3D Driver Service in the NVIDIA ...)
+	TODO: check
 CVE-2015-7864
 	RESERVED
 CVE-2015-7863 (The default configuration of Persistent Accelerite Radia Client ...)
@@ -1505,8 +1529,8 @@
 	NOTE: question if Debian needs a separate CVE is in
 	NOTE: http://www.openwall.com/lists/oss-security/2015/10/13/6
 	NOTE: (unreplied so far)
-CVE-2015-7808
-	RESERVED
+CVE-2015-7808 (The vB_Api_Hook::decodeArguments method in vBulletin 5 Connect 5.1.2 ...)
+	TODO: check
 CVE-2015-7807
 	RESERVED
 CVE-2015-7806
@@ -2340,8 +2364,7 @@
 	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=6360a31a84efe69d155ed96306b9a931a40beab9 (v2.9.3)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=756528
 	TODO: check affected versions (upstream bug not yet open)
-CVE-2015-7496 [gdm3: crash when holding Escape in lock screen]
-	RESERVED
+CVE-2015-7496 (GNOME Display Manager (gdm) before 3.18.2 allows physically proximate ...)
 	- gdm3 3.18.2-1
 	[squeeze] - gdm3 <not-affected> (Vulnerable code not present)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=758032
@@ -2799,14 +2822,14 @@
 	TODO: check
 CVE-2015-7289 (Arris DG860A, TG862A, and TG862G devices with firmware ...)
 	TODO: check
-CVE-2015-7288
-	RESERVED
-CVE-2015-7287
-	RESERVED
-CVE-2015-7286
-	RESERVED
-CVE-2015-7285
-	RESERVED
+CVE-2015-7288 (CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 ...)
+	TODO: check
+CVE-2015-7287 (CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 use ...)
+	TODO: check
+CVE-2015-7286 (CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 rely ...)
+	TODO: check
+CVE-2015-7285 (CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 do ...)
+	TODO: check
 CVE-2015-7284
 	RESERVED
 CVE-2015-7283
@@ -5035,8 +5058,8 @@
 	RESERVED
 CVE-2015-6380 (An unspecified script in the web interface in Cisco Firepower ...)
 	TODO: check
-CVE-2015-6379
-	RESERVED
+CVE-2015-6379 (The XML parser in the management interface in Cisco Adaptive Security ...)
+	TODO: check
 CVE-2015-6378
 	RESERVED
 CVE-2015-6377 (Cisco Virtual Topology System (VTS) 2.0(0) and 2.0(1) allows remote ...)
@@ -7931,8 +7954,8 @@
 CVE-2015-5282
 	RESERVED
 	- foreman <itp> (bug #663101)
-CVE-2015-5281
-	RESERVED
+CVE-2015-5281 (The grub2 package before 2.02-0.29 in Red Hat Enterprise Linux (RHEL) ...)
+	TODO: check
 CVE-2015-5280
 	RESERVED
 CVE-2015-5279 (Heap-based buffer overflow in the ne2000_receive function in ...)
@@ -8692,8 +8715,8 @@
 	RESERVED
 CVE-2015-5054
 	RESERVED
-CVE-2015-5053
-	RESERVED
+CVE-2015-5053 (The host memory mapping path feature in the NVIDIA GPU graphics driver ...)
+	TODO: check
 CVE-2015-5052
 	RESERVED
 CVE-2015-5051
@@ -21788,6 +21811,7 @@
 	RESERVED
 CVE-2015-0859
 	RESERVED
+	{DLA-348-1}
 	- smokeping <unfixed>
 CVE-2015-0858 [/tmp race condition in handling temporary directory]
 	RESERVED
@@ -21795,8 +21819,7 @@
 CVE-2015-0857 [shell command injection through file names]
 	RESERVED
 	- tardiff 0.1-3
-CVE-2015-0856 [sddm: prevent KDE's crash handler from kicking in]
-	RESERVED
+CVE-2015-0856 (daemon/Greeter.cpp in sddm before 0.13.0 does not properly disable the ...)
 	- sddm 0.12.0-5 (bug #803336; low)
 	NOTE: https://github.com/sddm/sddm/commit/4cfed6b0a625593
 CVE-2015-0855
@@ -57536,6 +57559,7 @@
 	NOTE: In Debian /tmp/.X11-unix is created by  /etc/init.d/x11-common
 CVE-2013-4168 [start and end time fields not filtered]
 	RESERVED
+	{DLA-348-1}
 	- smokeping 2.6.8-2 (low)
 	[squeeze] - smokeping <no-dsa> (Minor issue)
 	NOTE: https://github.com/oetiker/SmokePing/commit/bad9f9c28f0939b269f90072aa4cf41f20f15563


