[Secure-testing-commits] r37465 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Fri Oct 30 21:10:12 UTC 2015
Author: sectracker
Date: 2015-10-30 21:10:11 +0000 (Fri, 30 Oct 2015)
New Revision: 37465
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-10-30 19:46:20 UTC (rev 37464)
+++ data/CVE/list 2015-10-30 21:10:11 UTC (rev 37465)
@@ -1,3 +1,17 @@
+CVE-2015-8031
+ RESERVED
+CVE-2015-8030 (SAP 3D Visual Enterprise Viewer (VEV) allows remote attackers to ...)
+ TODO: check
+CVE-2015-8029 (SAP 3D Visual Enterprise Viewer (VEV) allows remote attackers to ...)
+ TODO: check
+CVE-2015-8028 (Multiple buffer overflows in SAP 3D Visual Enterprise Viewer (VEV) ...)
+ TODO: check
+CVE-2015-8027
+ RESERVED
+CVE-2015-8024
+ RESERVED
+CVE-2015-8023
+ RESERVED
CVE-2015-8022
RESERVED
CVE-2015-8021
@@ -35,6 +49,7 @@
- cinnamon-settings-daemon <unfixed>
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/10/28/3
CVE-2015-8025 [xscreensaver aborts when unpluging second monitor cable when asking password]
+ RESERVED
- xscreensaver 5.34-1 (bug #802914)
NOTE: http://pkgs.fedoraproject.org/cgit/xscreensaver.git/plain/xscreensaver-5.33-0002-Modify-sigchld_hander-in_signal_hander_p-mechanism.patch?id=b57f59f3482fedf70ce7a3541094e2512290139f
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1274452
@@ -140,23 +155,19 @@
RESERVED
CVE-2015-7973
RESERVED
-CVE-2015-7972 [x86: populate-on-demand balloon size inaccuracy can crash guests]
- RESERVED
+CVE-2015-7972 (The (1) libxl_set_memory_target function in tools/libxl/libxl.c and ...)
- xen <unfixed>
[squeeze] - xen <end-of-life> (not supported in squeeze-lts)
NOTE: http://xenbits.xen.org/xsa/advisory-153.html
-CVE-2015-7971 [x86: some pmu and profiling hypercalls log without rate limiting]
- RESERVED
+CVE-2015-7971 (Xen 3.2.x through 4.6.x does not limit the number of printk console ...)
- xen <unfixed>
[squeeze] - xen <end-of-life> (not supported in squeeze-lts)
NOTE: http://xenbits.xen.org/xsa/advisory-152.html
-CVE-2015-7970 [x86: Long latency populate-on-demand operation is not preemptible]
- RESERVED
+CVE-2015-7970 (The p2m_pod_emergency_sweep function in arch/x86/mm/p2m-pod.c in Xen ...)
- xen <unfixed>
[squeeze] - xen <end-of-life> (not supported in squeeze-lts)
NOTE: http://xenbits.xen.org/xsa/advisory-150.html
-CVE-2015-7969 [leak of main per-domain vcpu pointer array]
- RESERVED
+CVE-2015-7969 (Multiple memory leaks in Xen 4.0 through 4.6.x allow local guest ...)
- xen <unfixed>
[squeeze] - xen <end-of-life> (not supported in squeeze-lts)
NOTE: http://xenbits.xen.org/xsa/advisory-149.html
@@ -234,6 +245,7 @@
NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=0f9e585480ed
NOTE: CVE Request: http://openwall.com/lists/oss-security/2015/09/08/2
CVE-2015-8026 [Heap overflow]
+ RESERVED
- exfat-utils 1.2.1-1
[jessie] - exfat-utils <no-dsa> (Minor issue)
[wheezy] - exfat-utils <no-dsa> (Minor issue)
@@ -370,8 +382,7 @@
RESERVED
CVE-2015-7886
RESERVED
-CVE-2015-7899
- RESERVED
+CVE-2015-7899 (The com_content component in Joomla! 3.x before 3.4.5 does not ...)
- joomla <itp> (bug #571794)
CVE-2015-7883
RESERVED
@@ -454,14 +465,11 @@
TODO: check
CVE-2015-7860 (Stack-based buffer overflow in the agent in Persistent Accelerite ...)
TODO: check
-CVE-2015-7859
- RESERVED
+CVE-2015-7859 (The com_contenthistory component in Joomla! 3.2 before 3.4.5 does not ...)
- joomla <itp> (bug #571794)
-CVE-2015-7858
- RESERVED
+CVE-2015-7858 (SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote ...)
- joomla <itp> (bug #571794)
-CVE-2015-7857
- RESERVED
+CVE-2015-7857 (SQL injection vulnerability in the getListQuery function in ...)
- joomla <itp> (bug #571794)
CVE-2015-7856 (OpenNMS has a default password of rtc for the rtc account, which makes ...)
TODO: check
@@ -549,6 +557,7 @@
NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f05819df10d7b09f6d1eb6f8534a8f68e5a4fe61 (v4.3-rc7)
NOTE: http://www.openwall.com/lists/oss-security/2015/10/20/5
CVE-2015-8013 [predictable session key without knowing the passphrase]
+ RESERVED
- libjs-openpgp <itp> (bug #787774)
NOTE: http://www.openwall.com/lists/oss-security/2015/10/13/7
CVE-2015-7840 (The command line management console (CMC) in SolarWinds Log and Event ...)
@@ -561,8 +570,7 @@
RESERVED
CVE-2015-7836 (Siemens RUGGEDCOM ROS before 4.2.1 allows remote attackers to obtain ...)
TODO: check
-CVE-2015-7835 [x86: Uncontrolled creation of large page mappings by PV guests]
- RESERVED
+CVE-2015-7835 (The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x ...)
- xen <unfixed>
[squeeze] - xen <end-of-life> (not supported in squeeze-lts)
NOTE: http://xenbits.xen.org/xsa/advisory-148.html
@@ -606,14 +614,12 @@
RESERVED
CVE-2015-7815
RESERVED
-CVE-2015-7814 [arm: Race between domain destruction and memory allocation decrease]
- RESERVED
+CVE-2015-7814 (Race condition in the relinquish_memory function in arch/arm/domain.c ...)
- xen <unfixed>
NOTE: http://xenbits.xen.org/xsa/advisory-147.html
[wheezy] - xen <not-affected> (arm not yet supported)
[squeeze] - xen <end-of-life> (not supported in squeeze-lts)
-CVE-2015-7813 [arm: various unimplemented hypercalls log without rate limiting]
- RESERVED
+CVE-2015-7813 (Xen 4.4.x, 4.5.x, and 4.6.x does not limit the number of printk ...)
- xen <unfixed>
[wheezy] - xen <not-affected> (arm not yet supported)
[squeeze] - xen <end-of-life> (not supported in squeeze-lts)
@@ -1078,8 +1084,7 @@
NOTE: http://bazaar.launchpad.net/~squid/squid/3.5/revision/13735 (Squid 3.5)
CVE-2014-9748
RESERVED
-CVE-2015-7713 [Nova network security group changes are not applied to running instances]
- RESERVED
+CVE-2015-7713 (OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before ...)
- nova 1:12.0.0-2
NOTE: <=2014.2.3, >=2015.1.0, <=2015.1.1
NOTE: http://www.openwall.com/lists/oss-security/2015/10/05/10
@@ -1893,8 +1898,7 @@
- owncloud-client 2.0.0+dfsg-1
[jessie] - owncloud-client <not-affected> (not compiled with a Qt release greater than 5.3.x)
NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-016
-CVE-2015-7297
- RESERVED
+CVE-2015-7297 (SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote ...)
- joomla <itp> (bug #571794)
CVE-2015-XXXX [Privilege escalation via core-gui]
- core-network <unfixed> (bug #799756)
@@ -4157,24 +4161,24 @@
RESERVED
CVE-2015-6353
RESERVED
-CVE-2015-6352
- RESERVED
-CVE-2015-6351
- RESERVED
-CVE-2015-6350
- RESERVED
-CVE-2015-6349
- RESERVED
-CVE-2015-6348
- RESERVED
-CVE-2015-6347
- RESERVED
-CVE-2015-6346
- RESERVED
-CVE-2015-6345
- RESERVED
-CVE-2015-6344
- RESERVED
+CVE-2015-6352 (Cisco Unified Communications Domain Manager before 10.6(1) provides ...)
+ TODO: check
+CVE-2015-6351 (Cisco ASR 5500 System Architecture Evolution (SAE) Gateway devices ...)
+ TODO: check
+CVE-2015-6350 (SQL injection vulnerability in the web framework in Cisco Prime ...)
+ TODO: check
+CVE-2015-6349 (Cross-site scripting (XSS) vulnerability in the web interface in the ...)
+ TODO: check
+CVE-2015-6348 (The report-generation web interface in the Solution Engine in Cisco ...)
+ TODO: check
+CVE-2015-6347 (The Solution Engine in Cisco Secure Access Control Server (ACS) ...)
+ TODO: check
+CVE-2015-6346 (Cross-site scripting (XSS) vulnerability in Cisco Secure Access ...)
+ TODO: check
+CVE-2015-6345 (SQL injection vulnerability in the Solution Engine in Cisco Secure ...)
+ TODO: check
+CVE-2015-6344 (The web-based GUI in Cisco Adaptive Security Appliance (ASA) CX ...)
+ TODO: check
CVE-2015-6343
RESERVED
CVE-2015-6342
@@ -5118,8 +5122,8 @@
[wheezy] - typo3-src <end-of-life> (See DSA 3314)
[squeeze] - typo3-src <end-of-life> (not supported in squeeze-lts)
NOTE: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-009/
-CVE-2015-5955
- RESERVED
+CVE-2015-5955 (ownCloud iOS app before 3.4.4 does not properly switch state between ...)
+ TODO: check
CVE-2015-5954 (The virtual filesystem in ownCloud Server before 6.0.9, 7.0.x before ...)
{DSA-3373-1}
- owncloud 7.0.7~dfsg-1
@@ -6859,8 +6863,7 @@
CVE-2015-5293
RESERVED
NOT-FOR-US: RHEV
-CVE-2015-5292 [memory leak in the sssd_pac_plugin]
- RESERVED
+CVE-2015-5292 (Memory leak in the Privilege Attribute Certificate (PAC) responder ...)
- sssd 1.13.1-1
[jessie] - sssd <no-dsa> (Minor issue; responder not built)
NOTE: binary package has the sssd_pac_plugin.so but the responder
@@ -6903,8 +6906,7 @@
[wheezy] - glance <no-dsa> (Minor issue)
[jessie] - glance <no-dsa> (Minor issue)
NOTE: <=2014.2.3, >=2015.1.0, <=2015.1.1
-CVE-2015-5285
- RESERVED
+CVE-2015-5285 (CRLF injection vulnerability in Kallithea before 0.3 allows remote ...)
- kallithea <itp> (bug #689573)
CVE-2015-5284 [ipa-kra-install includes certificate and private key in world readable file]
RESERVED
@@ -12796,8 +12798,7 @@
- drupal7 7.38-1
- drupal6 <not-affected> (Only affects Drupal 7.x)
NOTE: https://www.drupal.org/SA-CORE-2015-002
-CVE-2015-3230 [nsSSL3Ciphers preference not enforced server side (regression)]
- RESERVED
+CVE-2015-3230 (389 Directory Server (formerly Fedora Directory Server) before ...)
- 389-ds-base 1.3.3.12-1 (bug #789202)
NOTE: https://fedorahosted.org/389/ticket/48194
NOTE: Regression if https://fedorahosted.org/389/ticket/47838 applied
More information about the Secure-testing-commits
mailing list