[Secure-testing-commits] r36898 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Tue Sep 29 21:10:11 UTC 2015 

Author: sectracker
Date: 2015-09-29 21:10:11 +0000 (Tue, 29 Sep 2015)
New Revision: 36898

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-09-29 20:37:40 UTC (rev 36897)
+++ data/CVE/list	2015-09-29 21:10:11 UTC (rev 36898)
@@ -1,3 +1,15 @@
+CVE-2015-7389
+	RESERVED
+CVE-2015-7388
+	RESERVED
+CVE-2015-7387 (ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier ...)
+	TODO: check
+CVE-2015-7386 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2015-7385
+	RESERVED
+CVE-2015-7384
+	RESERVED
 CVE-2015-XXXX [urlfetch range handling flaw in Cyrus IMAP]
 	- cyrus-imapd-2.4 <unfixed>
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/09/29/2
@@ -979,8 +991,8 @@
 	RESERVED
 CVE-2015-6929 (Multiple cross-site scripting (XSS) vulnerabilities in Nokia Networks ...)
 	NOT-FOR-US: Nokia
-CVE-2015-6928
-	RESERVED
+CVE-2015-6928 (classes/admin.class.php in CubeCart 5.2.12 through 5.2.16 and 6.x ...)
+	TODO: check
 CVE-2015-6926
 	RESERVED
 CVE-2015-6925
@@ -1203,8 +1215,7 @@
 	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
 	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
 	NOTE: http://www.openwall.com/lists/oss-security/2015/09/10/1
-CVE-2015-6927 [vzctl issues]
-	RESERVED
+CVE-2015-6927 (vzctl before 4.9.4 determines the virtual environment (VE) layout ...)
 	{DSA-3357-1}
 	- vzctl 4.9.4-1
 	[wheezy] - vzctl <not-affected> (Vulnerability not present)
@@ -1518,8 +1529,7 @@
 	TODO: check
 CVE-2015-6723
 	RESERVED
-CVE-2015-6806 [DoS attack via stack overflow via terminal control codes]
-	RESERVED
+CVE-2015-6806 (The MScrollV function in ansi.c in GNU screen 4.3.1 and earlier does ...)
 	{DSA-3352-1 DLA-305-1}
 	- screen 4.3.1-2 (bug #797624)
 	NOTE: https://savannah.gnu.org/bugs/?45713
@@ -3365,8 +3375,8 @@
 	RESERVED
 CVE-2015-5951
 	RESERVED
-CVE-2015-5950
-	RESERVED
+CVE-2015-5950 (The NVIDIA display driver R352 before 353.82 and R340 before 341.81 on ...)
+	TODO: check
 CVE-2015-5949 (VideoLAN VLC media player 2.2.1 allows remote attackers to cause a ...)
 	{DSA-3342-1}
 	- vlc 2.2.1-3 (bug #796255)
@@ -3792,8 +3802,7 @@
 CVE-2015-5959
 	RESERVED
 	- froxlor <itp> (bug #581792)
-CVE-2015-5957
-	RESERVED
+CVE-2015-5957 (Buffer overflow in the DumpSysVar function in var.c in Remind before ...)
 	{DLA-289-1}
 	- remind 03.01.15-1 (unimportant)
 	NOTE: Non-exploitable starting with Wheezy due to D_FORTIFY_SOURCE
@@ -3934,8 +3943,8 @@
 	RESERVED
 CVE-2015-5708
 	RESERVED
-CVE-2015-5703
-	RESERVED
+CVE-2015-5703 (SQL injection vulnerability in the public key discovery API call in ...)
+	TODO: check
 CVE-2015-XXXX [Information disclosure]
 	- pcre3 2:8.35-7.2 (bug #794589)
 	[jessie] - pcre3 <no-dsa> (Minor issue)
@@ -4258,7 +4267,7 @@
 CVE-2015-5601
 	RESERVED
 CVE-2015-5600 (The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH ...)
-	{DLA-288-1}
+	{DLA-288-2 DLA-288-1}
 	- openssh 1:6.9p1-1 (bug #793616)
 	[jessie] - openssh <no-dsa> (Minor issue; not in default configurations)
 	[wheezy] - openssh <no-dsa> (Minor issue; not in default configurations)
@@ -4718,8 +4727,8 @@
 	RESERVED
 CVE-2015-5436
 	RESERVED
-CVE-2015-5435
-	RESERVED
+CVE-2015-5435 (Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 3 ...)
+	TODO: check
 CVE-2015-5434
 	RESERVED
 CVE-2015-5433 (HP Virtual Connect Enterprise Manager (VCEM) SDK before 7.5.0, as used ...)
@@ -4830,14 +4839,14 @@
 	NOTE: https://www.elastic.co/blog/elasticsearch-1-7-0-and-1-6-1-released#security
 CVE-2015-5376
 	RESERVED
-CVE-2015-5375
-	RESERVED
+CVE-2015-5375 (Cross-site scripting (XSS) vulnerability in unspecified dialogs for ...)
+	TODO: check
 CVE-2015-5374 (The EN100 module with firmware before 4.25 for Siemens SIPROTEC 4 and ...)
 	NOT-FOR-US: Siemens
 CVE-2015-5373
 	RESERVED
-CVE-2015-5372
-	RESERVED
+CVE-2015-5372 (The SAML 2.0 implementation in AdNovum nevisAuth 4.13.0.0 before ...)
+	TODO: check
 CVE-2015-5371 (The AuthenticationFilter class in SolarWinds Storage Manager allows ...)
 	NOT-FOR-US: SolarWinds
 CVE-2015-5370
@@ -4916,8 +4925,7 @@
 	[squeeze] - roundcube <not-affected> (Vulnerable code not present)
 	NOTE: http://www.openwall.com/lists/oss-security/2015/07/06/10
 	NOTE: http://trac.roundcube.net/ticket/1490417
-CVE-2015-5400 [Do not blindly forward cache peer CONNECT responses]
-	RESERVED
+CVE-2015-5400 (Squid before 3.5.6 does not properly handle CONNECT method peer ...)
 	{DSA-3327-1 DLA-286-1}
 	- squid <removed>
 	- squid3 3.5.6-1 (bug #793128)
@@ -5106,8 +5114,7 @@
 	RESERVED
 CVE-2015-5280
 	RESERVED
-CVE-2015-5279 [add checks to validate ring buffer pointers]
-	RESERVED
+CVE-2015-5279 (Heap-based buffer overflow in the ne2000_receive function in ...)
 	{DSA-3362-1 DSA-3361-1}
 	- qemu 1:2.4+dfsg-3 (bug #799074)
 	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
@@ -5469,8 +5476,7 @@
 	- audit 1:2.4.4-1 (unimportant; bug #795457)
 	NOTE: Hardening, not a vulnerability. This is treated as a vulnerability in terminal emulators
 	NOTE: https://fedorahosted.org/audit/changeset/1122
-CVE-2015-5185
-	RESERVED
+CVE-2015-5185 (The lookupProviders function in providerMgr.c in sblim-sfcb 1.3.4 and ...)
 	- sblim-sfcb <itp> (bug #754493)
 CVE-2015-5184
 	RESERVED
@@ -5769,8 +5775,8 @@
 	NOT-FOR-US: Siemens
 CVE-2015-5083
 	RESERVED
-CVE-2015-5082
-	RESERVED
+CVE-2015-5082 (Endian Firewall before 3.0 allows remote attackers to execute ...)
+	TODO: check
 CVE-2015-5080 (The Management Interface in Citrix NetScaler Application Delivery ...)
 	NOT-FOR-US: Citrix
 CVE-2015-5079
@@ -10970,8 +10976,8 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1222251
 CVE-2015-3204 (libreswan 3.9 through 3.12 allows remote attackers to cause a denial ...)
 	- libreswan <itp> (bug #773459)
-CVE-2015-3203
-	RESERVED
+CVE-2015-3203 (Unrestricted file upload vulnerability in h5ai before 0.25.0 allows ...)
+	TODO: check
 CVE-2015-3202 (fusermount in FUSE before 2.9.3-15 does not properly clear the ...)
 	{DSA-3268-2 DSA-3268-1 DSA-3266-1 DLA-238-1 DLA-226-2 DLA-226-1}
 	- fuse 2.9.3-16 (bug #786439)
@@ -15310,8 +15316,7 @@
 	{DSA-3182-1 DLA-171-1}
 	- libssh2 1.4.3-4.1 (bug #780249)
 	NOTE: http://www.libssh2.org/adv_20150311.html
-CVE-2015-1781
-	RESERVED
+CVE-2015-1781 (Buffer overflow in the gethostbyname_r and other unspecified NSS ...)
 	{DLA-230-1}
 	[experimental] - glibc 2.21-0experimental1
 	- glibc 2.19-20 (bug #796105)

More information about the Secure-testing-commits mailing list