[Secure-testing-commits] r40762 - data/CVE

Mon Apr 4 21:10:12 UTC 2016

Author: sectracker
Date: 2016-04-04 21:10:12 +0000 (Mon, 04 Apr 2016)
New Revision: 40762

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2016-04-04 18:03:42 UTC (rev 40761)
+++ data/CVE/list	2016-04-04 21:10:12 UTC (rev 40762)
@@ -1,3 +1,7 @@
+CVE-2016-3946
+	RESERVED
+CVE-2016-3945
+	RESERVED
 CVE-2016-XXXX [Buffer over-write in finfo_open with malformed magic file]
 	- php7.0 7.0.5-1
 	- php5 <unfixed>
@@ -17,6 +21,7 @@
 CVE-2012-XXXX [Option -localhost seems to fail to restrict ipv6 access]
 	- x11vnc <unfixed> (bug #672435)
 CVE-2016-3948 [Denial of service]
+	RESERVED
 	- squid3 3.5.16-1 (bug #819784)
 	[jessie] - squid3 <no-dsa> (Minor issue; needs substantial backporting; too intrusive to backport)
 	[wheezy] - squid3 <no-dsa> (Minor issue; needs substantial backporting; too intrusive to backport)
@@ -25,6 +30,7 @@
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_4.txt
 	TODO: check src:squid, possibly as wel not-affected since CVE-2016-2569 was as well
 CVE-2016-3947 [buffer overrun in Squid proxy 'pinger']
+	RESERVED
 	- squid3 3.5.16-1 (bug #819783)
 	[jessie] - squid3 <no-dsa> (Minor issue)
 	[wheezy] - squid3 <no-dsa> (Minor issue)
@@ -615,6 +621,7 @@
 CVE-2016-3662
 	RESERVED
 CVE-2015-8839 [ext4 data corruption due to punch hole races]
+	RESERVED
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/ea3d7209ca01da209cda6f0dea8be9cc4b7a933b (v4.5-rc1)
 	NOTE: https://git.kernel.org/linus/17048e8a083fec7ad841d88ef0812707fbc7e39f (v4.5-rc1)
@@ -4127,8 +4134,8 @@
 	NOT-FOR-US: SolarWinds DameWare Mini Remote Control
 CVE-2016-2344 (Stack-based buffer overflow in manager.exe in Backburner Manager in ...)
 	NOT-FOR-US: Autodesk Backburner
-CVE-2016-2343
-	RESERVED
+CVE-2016-2343 (Patterson Dental Eaglesoft 17 has a hardcoded password of sql for the ...)
+	TODO: check
 CVE-2016-2342 (The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI ...)
 	{DSA-3532-1}
 	- quagga 1.0.20160315-1 (bug #819179)
@@ -4374,8 +4381,8 @@
 	RESERVED
 CVE-2016-2290
 	RESERVED
-CVE-2016-2289
-	RESERVED
+CVE-2016-2289 (Directory traversal vulnerability in ICONICS WebHMI 9 and earlier ...)
+	TODO: check
 CVE-2016-2288 (Cogent DataHub before 7.3.10 allows local users to gain privileges by ...)
 	TODO: check
 CVE-2016-2287 (Cross-site scripting (XSS) vulnerability in XZERES 442SR OS on 442SR ...)
@@ -8238,10 +8245,10 @@
 	RESERVED
 CVE-2016-1169
 	RESERVED
-CVE-2016-1168
-	RESERVED
-CVE-2016-1167
-	RESERVED
+CVE-2016-1168 (Cross-site request forgery (CSRF) vulnerability on NEC Aterm WF800HP ...)
+	TODO: check
+CVE-2016-1167 (Cross-site request forgery (CSRF) vulnerability on NEC Aterm WG300HP ...)
+	TODO: check
 CVE-2016-1166
 	RESERVED
 CVE-2016-1165
@@ -9415,8 +9422,8 @@
 	{DSA-3482-1}
 	- libreoffice 1:5.0.5~rc1-1
 	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2016-0794/
-CVE-2016-0793
-	RESERVED
+CVE-2016-0793 (Incomplete blacklist vulnerability in the servlet filter restriction ...)
+	TODO: check
 CVE-2016-0792
 	RESERVED
 	- jenkins <removed>
@@ -18026,7 +18033,7 @@
 CVE-2015-6265 (The CLI in Cisco Application Control Engine (ACE) 4700 A5 3.0 and ...)
 	NOT-FOR-US: Cisco
 CVE-2015-6264
-	RESERVED
+	REJECTED
 CVE-2015-6263 (The RADIUS client implementation in Cisco IOS 15.4(3)M2.2, when a ...)
 	NOT-FOR-US: Cisco IOS
 CVE-2015-6262 (Cross-site request forgery (CSRF) vulnerability in Cisco Prime ...)


