[Secure-testing-commits] r40955 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Fri Apr 15 21:10:11 UTC 2016
Author: sectracker
Date: 2016-04-15 21:10:11 +0000 (Fri, 15 Apr 2016)
New Revision: 40955
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-04-15 17:05:52 UTC (rev 40954)
+++ data/CVE/list 2016-04-15 21:10:11 UTC (rev 40955)
@@ -1,3 +1,33 @@
+CVE-2016-4030
+ RESERVED
+CVE-2016-4029
+ RESERVED
+CVE-2016-4028
+ RESERVED
+CVE-2016-4027
+ RESERVED
+CVE-2016-4026
+ RESERVED
+CVE-2016-4025
+ RESERVED
+CVE-2016-4023
+ RESERVED
+CVE-2016-4022
+ RESERVED
+CVE-2016-4021
+ RESERVED
+CVE-2016-4019
+ RESERVED
+CVE-2016-4018 (The Data Provisioning Agent (aka DP Agent) in SAP HANA does not ...)
+ TODO: check
+CVE-2016-4017 (The Data Provisioning Agent (aka DP Agent) in SAP HANA allows remote ...)
+ TODO: check
+CVE-2016-4016 (Cross-site scripting (XSS) vulnerability in SAP Manufacturing ...)
+ TODO: check
+CVE-2016-4015 (The Enqueue Server in SAP NetWeaver JAVA AS 7.1 through 7.4 allows ...)
+ TODO: check
+CVE-2016-4014 (XML external entity (XXE) vulnerability in the UDDI component in SAP ...)
+ TODO: check
CVE-2016-XXXX [ZF2016-01: Potential Insufficient Entropy Vulnerability in ZF1]
- zendframework 1.12.18+dfsg-1
[jessie] - zendframework <no-dsa> (Minor issue)
@@ -28,6 +58,7 @@
CVE-2015-8843 (The Foxit Cloud Update Service (FoxitCloudUpdateService) in Foxit ...)
TODO: check
CVE-2016-4024 [integer overflow resulting in insufficient heap allocation]
+ RESERVED
- imlib2 <unfixed>
NOTE: Upstream fix: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=7eba2e4c8ac0e20838947f10f29d0efe1add8227
NOTE: http://www.openwall.com/lists/oss-security/2016/04/14/5
@@ -38,6 +69,7 @@
CVE-2016-4003 (Cross-site scripting (XSS) vulnerability in the URLDecoder function in ...)
TODO: check
CVE-2016-4020 [i386: leakage of stack memory to guest in kvmvapic.c]
+ RESERVED
- qemu <unfixed> (bug #821062)
[jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <no-dsa> (Minor issue)
@@ -114,7 +146,7 @@
TODO: check
CVE-2016-3985 (The Terminal Services Remote Desktop Protocol (RDP) client session ...)
TODO: check
-CVE-2016-3984 (McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before ...)
+CVE-2016-3984 (The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response ...)
TODO: check
CVE-2016-3983 (McAfee Advanced Threat Defense (ATD) before 3.4.8.178 might allow ...)
TODO: check
@@ -2208,8 +2240,8 @@
RESERVED
CVE-2016-3080
RESERVED
-CVE-2016-3079
- RESERVED
+CVE-2016-3079 (Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in ...)
+ TODO: check
CVE-2016-3078
RESERVED
CVE-2016-3077
@@ -5346,8 +5378,8 @@
RESERVED
CVE-2016-2104
RESERVED
-CVE-2016-2103
- RESERVED
+CVE-2016-2103 (Multiple cross-site scripting (XSS) vulnerabilities in Red Hat ...)
+ TODO: check
CVE-2016-2102
RESERVED
CVE-2016-2101
@@ -6904,14 +6936,17 @@
RESERVED
CVE-2016-1659
RESERVED
+ {DSA-3549-1}
- chromium-browser 50.0.2661.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1658
RESERVED
+ {DSA-3549-1}
- chromium-browser 50.0.2661.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1657
RESERVED
+ {DSA-3549-1}
- chromium-browser 50.0.2661.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1656
@@ -6919,24 +6954,29 @@
- chromium-browser <not-affected> (Android-specific)
CVE-2016-1655
RESERVED
+ {DSA-3549-1}
- chromium-browser 50.0.2661.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1654
RESERVED
+ {DSA-3549-1}
- chromium-browser 50.0.2661.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1653
RESERVED
+ {DSA-3549-1}
- chromium-browser 50.0.2661.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
- libv8 <unfixed> (unimportant)
NOTE: libv8 not covered by security support
CVE-2016-1652
RESERVED
+ {DSA-3549-1}
- chromium-browser 50.0.2661.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1651
RESERVED
+ {DSA-3549-1}
- chromium-browser 50.0.2661.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1650 (The PageCaptureSaveAsMHTMLFunction::ReturnFailure function in ...)
@@ -8746,10 +8786,10 @@
TODO: check
CVE-2015-8678
RESERVED
-CVE-2015-8677
- RESERVED
-CVE-2015-8676
- RESERVED
+CVE-2015-8677 (Memory leak in Huawei S5300EI, S5300SI, S5310HI, and S6300EI Campus ...)
+ TODO: check
+CVE-2015-8676 (Memory leak in Huawei S5300EI, S5300SI, S5310HI, S6300EI/ S2350EI, and ...)
+ TODO: check
CVE-2015-8675 (Huawei S5300 Campus Series switches with software before ...)
NOT-FOR-US: Huawei
CVE-2015-8674
@@ -10210,8 +10250,7 @@
- xen <unfixed>
[squeeze] - xen <end-of-life> (Unsupported in Squeeze LTS)
NOTE: http://xenbits.xen.org/xsa/advisory-165.html
-CVE-2015-8554 [qemu-dm buffer overrun in MSI-X handling]
- RESERVED
+CVE-2015-8554 (Buffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier, when using ...)
- xen 4.4.0-1
[squeeze] - xen <end-of-life> (Unsupported in Squeeze LTS)
NOTE: http://xenbits.xen.org/xsa/advisory-164.html
@@ -10249,8 +10288,7 @@
NOTE: https://git.kernel.org/linus/a396f3a210c3a61e94d6b87ec05a75d0be2a60d0
NOTE: https://git.kernel.org/linus/7cfb905b9638982862f0331b36ccaaca5d383b49
NOTE: https://git.kernel.org/linus/408fb0e5aa7fda0059db282ff58c3b2a4278baa0
-CVE-2015-8550 [paravirtualized drivers incautious about shared memory contents]
- RESERVED
+CVE-2015-8550 (Xen, when used on a system providing PV backends, allows local guest ...)
{DSA-3519-1 DSA-3471-1 DSA-3434-1}
[experimental] - linux 4.4~rc6-1~exp1
- linux 4.3.3-3
@@ -10353,8 +10391,7 @@
CVE-2015-XXXX [remotely triggerable crash]
- ruby-eventmachine <unfixed> (bug #678512; bug #696015)
NOTE: https://github.com/eventmachine/eventmachine/issues/501#issuecomment-37307556
-CVE-2015-8560 [code execution via improper escaping of ; in foomatic-rip]
- RESERVED
+CVE-2015-8560 (Incomplete blacklist vulnerability in util.c in foomatic-rip in ...)
{DSA-3429-1 DSA-3419-1 DLA-371-1}
- cups-filters 1.4.0-1 (bug #807930)
[wheezy] - cups-filters <not-affected> (Vulnerable code not present; introduced in 1.0.42)
@@ -11094,8 +11131,7 @@
RESERVED
CVE-2015-8534
RESERVED
-CVE-2015-8540 [underflow read in png_check_keyword in pngwutil.c]
- RESERVED
+CVE-2015-8540 (Integer underflow in the png_check_keyword function in pngwutil.c in ...)
{DSA-3443-1 DLA-375-1}
- libpng <unfixed> (bug #807694)
NOTE: http://www.openwall.com/lists/oss-security/2015/12/10/6
@@ -12495,8 +12531,8 @@
NOTE: it made its file world readable"
CVE-2015-8337 (The HIFI driver in Huawei P8 phones with software GRA-TL00 before ...)
NOT-FOR-US: Huawei
-CVE-2015-8336
- RESERVED
+CVE-2015-8336 (Huawei FusionCompute with software before V100R005C10SPC700 allows ...)
+ TODO: check
CVE-2015-8335 (Huawei VCN500 with software before V100R002C00SPC201 logs passwords in ...)
NOT-FOR-US: Huawei
CVE-2015-8334
@@ -12520,6 +12556,7 @@
- foomatic-filters 4.0.17-7 (bug #806886)
CVE-2015-8325 [ignore PAM environment vars when UseLogin=yes]
RESERVED
+ {DSA-3550-1}
- openssh 1:7.2p2-3
NOTE: Upstream fix: https://anongit.mindrot.org/openssh.git/commit/?id=85bdcd7c92fe7ff133bbc4e10a65c91810f88755
CVE-2015-XXXX [RCE in gitlab-shell 2.6.6-2.6.7]
@@ -13528,8 +13565,8 @@
{DSA-3420-1 DLA-370-1}
- bind9 1:9.9.5.dfsg-12.1 (bug #808081)
NOTE: https://kb.isc.org/article/AA-01317
-CVE-2015-7999
- RESERVED
+CVE-2015-7999 (Multiple SQL injection vulnerabilities in the Administration Web UI ...)
+ TODO: check
CVE-2015-7998 (The administration UI in Citrix NetScaler Application Delivery ...)
NOT-FOR-US: Citrix
CVE-2015-7997 (Multiple cross-site scripting (XSS) vulnerabilities in the Nitro API ...)
@@ -20943,8 +20980,7 @@
NOTE: Fixed in 6.0.45, 7.0.67, 8.0.30, 9.0.0.M3
CVE-2015-5344 (The camel-xstream component in Apache Camel before 2.15.5 and 2.16.x ...)
NOT-FOR-US: Apache Camel
-CVE-2015-5343 [Remotely triggerable heap overflow and out-of-bounds read in mod_dav_svn caused by integer overflow when parsing skel-encoded request bodies]
- RESERVED
+CVE-2015-5343 (Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, ...)
{DSA-3424-1}
- subversion 1.9.3-1
[wheezy] - subversion <not-affected> (Vulnerable code not present)
@@ -21364,8 +21400,7 @@
REJECTED
CVE-2015-5248
RESERVED
-CVE-2015-5247 [denial of service when volume creation fails on NFS pool]
- RESERVED
+CVE-2015-5247 (The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows ...)
- libvirt 1.2.20-1 (bug #799132)
[jessie] - libvirt <not-affected> (Vulnerable code introduced later)
[wheezy] - libvirt <not-affected> (Vulnerable code introduced later)
@@ -38597,8 +38632,7 @@
CVE-2015-0285 (The ssl3_client_hello function in s3_clnt.c in OpenSSL 1.0.2 before ...)
- openssl <not-affected> (Only affects 1.0.2, only in experimental)
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e1b568dd2462f7cacf98f3d117936c34e2849a6b
-CVE-2015-0284
- RESERVED
+CVE-2015-0284 (Cross-site scripting (XSS) vulnerability in spacewalk-java in ...)
NOT-FOR-US: Red Hat Satellite
CVE-2015-0283 (The slapi-nis plug-in before 0.54.2 does not properly reallocate ...)
- slapi-nis 0.54.2-1 (bug #781346)
@@ -100715,8 +100749,7 @@
CVE-2011-4601 (family_feedbag.c in the oscar protocol plugin in libpurple in Pidgin ...)
- pidgin 2.10.1-1 (low)
[squeeze] - pidgin 2.7.3-1+squeeze2
-CVE-2011-4600
- RESERVED
+CVE-2011-4600 (The networkReloadIptablesRules function in network/bridge_driver.c in ...)
- libvirt 0.9.9-1 (low)
[squeeze] - libvirt <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-4599 (Stack-based buffer overflow in the _canonicalize function in ...)
More information about the Secure-testing-commits
mailing list