[Secure-testing-commits] r40807 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Thu Apr 7 21:10:18 UTC 2016
Author: sectracker
Date: 2016-04-07 21:10:18 +0000 (Thu, 07 Apr 2016)
New Revision: 40807
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-04-07 19:25:24 UTC (rev 40806)
+++ data/CVE/list 2016-04-07 21:10:18 UTC (rev 40807)
@@ -1,3 +1,20 @@
+CVE-2016-7921
+ REJECTED
+ TODO: check
+CVE-2016-3969 (Cross-site scripting (XSS) vulnerability in McAfee Email Gateway (MEG) ...)
+ TODO: check
+CVE-2016-3968 (Multiple cross-site scripting (XSS) vulnerabilities in Sophos Cyberoam ...)
+ TODO: check
+CVE-2016-3967
+ RESERVED
+CVE-2016-3966
+ RESERVED
+CVE-2016-3965
+ RESERVED
+CVE-2016-3964
+ RESERVED
+CVE-2016-3963
+ RESERVED
CVE-2016-XXXX [uses predictable temporary files]
- cronic <unfixed> (bug #820331)
CVE-2016-3962
@@ -3755,10 +3772,12 @@
RESERVED
CVE-2016-2513 [User enumeration through timing difference on password hasher work factor upgrade]
RESERVED
+ {DSA-3544-1}
- python-django 1.9.4-1 (bug #816434)
NOTE: https://www.djangoproject.com/weblog/2016/mar/01/security-releases/
CVE-2016-2512 [Malicious redirect and possible XSS attack via user-supplied redirect URLs containing basic auth]
RESERVED
+ {DSA-3544-1}
- python-django 1.9.4-1 (bug #816434)
NOTE: https://www.djangoproject.com/weblog/2016/mar/01/security-releases/
CVE-2016-2538 [usb: integer overflow in remote NDIS control message handling]
@@ -4444,12 +4463,12 @@
RESERVED
CVE-2016-2293
RESERVED
-CVE-2016-2292
- RESERVED
-CVE-2016-2291
- RESERVED
-CVE-2016-2290
- RESERVED
+CVE-2016-2292 (Stack-based buffer overflow in Pro-face GP-Pro EX EX-ED before ...)
+ TODO: check
+CVE-2016-2291 (Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, ...)
+ TODO: check
+CVE-2016-2290 (Heap-based buffer overflow in Pro-face GP-Pro EX EX-ED before ...)
+ TODO: check
CVE-2016-2289 (Directory traversal vulnerability in ICONICS WebHMI 9 and earlier ...)
TODO: check
CVE-2016-2288 (Cogent DataHub before 7.3.10 allows local users to gain privileges by ...)
@@ -4474,8 +4493,8 @@
NOT-FOR-US: CompactLogix
CVE-2016-2278 (Schneider Electric Struxureware Building Operations Automation Server ...)
NOT-FOR-US: Schneider Electric
-CVE-2016-2277
- RESERVED
+CVE-2016-2277 (IAB.exe in Rockwell Automation Integrated Architecture Builder (IAB) ...)
+ TODO: check
CVE-2016-2276
RESERVED
CVE-2016-2275 (The web interface on Advantech/B+B SmartWorx VESP211-EU devices with ...)
@@ -4484,8 +4503,8 @@
RESERVED
CVE-2016-2273
RESERVED
-CVE-2016-2272
- RESERVED
+CVE-2016-2272 (Eaton Lighting EG2 Web Control 4.04P and earlier allows remote ...)
+ TODO: check
CVE-2016-2271 (VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU, allows ...)
{DSA-3519-1}
- xen <unfixed>
@@ -6031,12 +6050,15 @@
NOTE: https://bugs.php.net/bug.php?id=70976
NOTE: https://git.php.net/?p=php-src.git;a=commit;h=4b8394dd78571826ac66a69dc240c623f31d78f8
CVE-2016-1901 (Integer overflow in the authenticate_post function in CGit before 0.12 ...)
+ {DSA-3545-1}
- cgit 0.11.2.git2.3.2-1.1 (bug #812411)
NOTE: http://git.zx2c4.com/cgit/commit/?id=4458abf64172a62b92810c2293450106e6dfc763 (v0.12)
CVE-2016-1900 (CRLF injection vulnerability in the cgit_print_http_headers function ...)
+ {DSA-3545-1}
- cgit 0.11.2.git2.3.2-1.1 (bug #812411)
NOTE: http://git.zx2c4.com/cgit/commit/?id=513b3863d999f91b47d7e9f26710390db55f9463 (v0.12)
CVE-2016-1899 (CRLF injection vulnerability in the ui-blob handler in CGit before ...)
+ {DSA-3545-1}
- cgit 0.11.2.git2.3.2-1.1 (bug #812411)
NOTE: http://git.zx2c4.com/cgit/commit/?id=1c581a072651524f3b0d91f33e22a42c4166dd96 (v0.12)
CVE-2016-1896 (Race condition in the initialization process on Lexmark printers with ...)
@@ -6995,8 +7017,8 @@
NOTE: ahci emulation added in: http://git.qemu.org/?p=qemu.git;a=commit;h=f6ad2e32f8d833c7f1c75dc084a84a8f02704d64 (v0.14.0-rc0)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1288532
NOTE: http://www.openwall.com/lists/oss-security/2016/01/09/1
-CVE-2016-1563
- RESERVED
+CVE-2016-1563 (NetApp Clustered Data ONTAP 8.3.1 does not properly verify X.509 ...)
+ TODO: check
CVE-2016-1562 (The REST API in the DTE Energy Insight application before 1.7.8 for ...)
NOT-FOR-US: DTE Energy Insight
CVE-2016-1561
@@ -7505,8 +7527,8 @@
NOT-FOR-US: Cisco
CVE-2016-1347 (The Wide Area Application Services (WAAS) Express implementation in ...)
NOT-FOR-US: Cisco IOS
-CVE-2016-1346
- RESERVED
+CVE-2016-1346 (The kernel in Cisco TelePresence Server 3.0 through 4.2(4.18) on ...)
+ TODO: check
CVE-2016-1345 (Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with ...)
NOT-FOR-US: Cisco Firepower
CVE-2016-1344 (The IKEv2 implementation in Cisco IOS 15.0 through 15.6 and IOS XE 3.3 ...)
@@ -7571,8 +7593,8 @@
NOT-FOR-US: Cisco
CVE-2016-1314 (Cross-site scripting (XSS) vulnerability in Cisco Unified ...)
NOT-FOR-US: Cisco
-CVE-2016-1313
- RESERVED
+CVE-2016-1313 (Cisco UCS Invicta C3124SA Appliance 4.3.1 through 5.0.1, UCS Invicta ...)
+ TODO: check
CVE-2016-1312 (The HTTPS inspection engine in the Content Security and Control ...)
NOT-FOR-US: Cisco
CVE-2016-1311 (Cross-site scripting (XSS) vulnerability in the management interface ...)
@@ -7615,10 +7637,10 @@
NOT-FOR-US: Cisco
CVE-2016-1292
RESERVED
-CVE-2016-1291
- RESERVED
-CVE-2016-1290
- RESERVED
+CVE-2016-1291 (Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved ...)
+ TODO: check
+CVE-2016-1290 (The web API in Cisco Prime Infrastructure 1.2.0 through 2.2(2) and ...)
+ TODO: check
CVE-2016-1289
RESERVED
CVE-2016-1288 (The HTTPS Proxy feature in Cisco AsyncOS before 8.5.3-051 and 9.x ...)
@@ -8297,18 +8319,18 @@
TODO: check
CVE-2016-1175 (Cross-site request forgery (CSRF) vulnerability in AQUOS Photo Player ...)
TODO: check
-CVE-2016-1174
- RESERVED
-CVE-2016-1173
- RESERVED
-CVE-2016-1172
- RESERVED
-CVE-2016-1171
- RESERVED
-CVE-2016-1170
- RESERVED
-CVE-2016-1169
- RESERVED
+CVE-2016-1174 (Cross-site request forgery (CSRF) vulnerability in the Menubook plugin ...)
+ TODO: check
+CVE-2016-1173 (Cross-site scripting (XSS) vulnerability in the Menubook plugin before ...)
+ TODO: check
+CVE-2016-1172 (Cross-site request forgery (CSRF) vulnerability in the Recruit plugin ...)
+ TODO: check
+CVE-2016-1171 (Cross-site scripting (XSS) vulnerability in the Recruit plugin before ...)
+ TODO: check
+CVE-2016-1170 (Cross-site request forgery (CSRF) vulnerability in the Casebook plugin ...)
+ TODO: check
+CVE-2016-1169 (Cross-site scripting (XSS) vulnerability in the Casebook plugin before ...)
+ TODO: check
CVE-2016-1168 (Cross-site request forgery (CSRF) vulnerability on NEC Aterm WF800HP ...)
TODO: check
CVE-2016-1167 (Cross-site request forgery (CSRF) vulnerability on NEC Aterm WG300HP ...)
@@ -8796,8 +8818,8 @@
RESERVED
CVE-2016-1020
RESERVED
-CVE-2016-1019
- RESERVED
+CVE-2016-1019 (Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to ...)
+ TODO: check
CVE-2016-1018
RESERVED
CVE-2016-1017
@@ -9208,8 +9230,7 @@
RESERVED
CVE-2016-0889
RESERVED
-CVE-2016-0888
- RESERVED
+CVE-2016-0888 (EMC Documentum D2 before 4.6 lacks intended ACLs for configuration ...)
NOT-FOR-US: EMC Documentum D2
CVE-2016-0887
RESERVED
@@ -9305,8 +9326,8 @@
RESERVED
CVE-2016-0872
RESERVED
-CVE-2016-0871
- RESERVED
+CVE-2016-0871 (Eaton Lighting EG2 Web Control 4.04P and earlier allows remote ...)
+ TODO: check
CVE-2016-0870
RESERVED
CVE-2016-0869 (Heap-based buffer overflow in MICROSYS PROMOTIC before 8.3.11 allows ...)
@@ -13534,8 +13555,8 @@
NOT-FOR-US: Westermo
CVE-2015-7922
RESERVED
-CVE-2015-7921
- RESERVED
+CVE-2015-7921 (The FTP server in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV ...)
+ TODO: check
CVE-2015-7920
RESERVED
CVE-2015-7919 (SearchBlox 8.3 before 8.3.1 allows remote attackers to write to the ...)
@@ -17999,10 +18020,10 @@
NOT-FOR-US: Cisco
CVE-2015-6314 (Cisco Wireless LAN Controller (WLC) devices with software 7.6.x, 8.0 ...)
NOT-FOR-US: Cisco Wireless LAN Controller
-CVE-2015-6313
- RESERVED
-CVE-2015-6312
- RESERVED
+CVE-2015-6313 (Cisco TelePresence Server 4.1(2.29) through 4.2(4.17) on 7010; ...)
+ TODO: check
+CVE-2015-6312 (Cisco TelePresence Server 3.1 on 7010, Mobility Services Engine (MSE) ...)
+ TODO: check
CVE-2015-6311 (Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0), ...)
NOT-FOR-US: Cisco
CVE-2015-6310 (The REST interface in Cisco Unified Communications Manager IM and ...)
@@ -31037,7 +31058,7 @@
NOT-FOR-US: IBM DB2
CVE-2015-1882 (Multiple race conditions in IBM WebSphere Application Server (WAS) 8.5 ...)
NOT-FOR-US: IBM WebSphere Application Server
-CVE-2015-1880 (Cross-site scripting (XSS) vulnerability in sslvpn login page in ...)
+CVE-2015-1880 (Cross-site scripting (XSS) vulnerability in the sslvpn login page in ...)
NOT-FOR-US: Fortinet FortiOS
CVE-2015-1879 (Cross-site scripting (XSS) vulnerability in the Google Doc Embedder ...)
NOT-FOR-US: Google Doc Embedder plugin for WordPress
@@ -32847,6 +32868,7 @@
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-24666
NOTE: http://downloads.digium.com/pub/security/AST-2015-001.html
CVE-2013-7449 [don't properly verify SSL certificates]
+ RESERVED
- xchat <unfixed> (bug #776609)
[jessie] - xchat <no-dsa> (Minor issue)
[squeeze] - xchat <no-dsa> (Minor issue)
@@ -39799,7 +39821,7 @@
RESERVED
CVE-2014-8620
RESERVED
-CVE-2014-8619 (Cross-site scripting (XSS) vulnerability in autolearn configuration ...)
+CVE-2014-8619 (Cross-site scripting (XSS) vulnerability in the autolearn ...)
NOT-FOR-US: Fortinet FortiWeb
CVE-2014-8618 (Cross-site scripting (XSS) vulnerability in theme login page in ...)
NOT-FOR-US: Fortinet FortiADC
More information about the Secure-testing-commits
mailing list