[Secure-testing-commits] r39703 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Mon Feb 15 21:10:14 UTC 2016
Author: sectracker
Date: 2016-02-15 21:10:13 +0000 (Mon, 15 Feb 2016)
New Revision: 39703
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-02-15 20:59:29 UTC (rev 39702)
+++ data/CVE/list 2016-02-15 21:10:13 UTC (rev 39703)
@@ -1,3 +1,107 @@
+CVE-2016-2382
+ RESERVED
+CVE-2016-2381
+ RESERVED
+CVE-2016-2380
+ RESERVED
+CVE-2016-2379
+ RESERVED
+CVE-2016-2378
+ RESERVED
+CVE-2016-2377
+ RESERVED
+CVE-2016-2376
+ RESERVED
+CVE-2016-2375
+ RESERVED
+CVE-2016-2374
+ RESERVED
+CVE-2016-2373
+ RESERVED
+CVE-2016-2372
+ RESERVED
+CVE-2016-2371
+ RESERVED
+CVE-2016-2370
+ RESERVED
+CVE-2016-2369
+ RESERVED
+CVE-2016-2368
+ RESERVED
+CVE-2016-2367
+ RESERVED
+CVE-2016-2366
+ RESERVED
+CVE-2016-2365
+ RESERVED
+CVE-2016-2364
+ RESERVED
+CVE-2016-2363
+ RESERVED
+CVE-2016-2362
+ RESERVED
+CVE-2016-2361
+ RESERVED
+CVE-2016-2360
+ RESERVED
+CVE-2016-2359
+ RESERVED
+CVE-2016-2358
+ RESERVED
+CVE-2016-2357
+ RESERVED
+CVE-2016-2356
+ RESERVED
+CVE-2016-2355
+ RESERVED
+CVE-2016-2354
+ RESERVED
+CVE-2016-2353
+ RESERVED
+CVE-2016-2352
+ RESERVED
+CVE-2016-2351
+ RESERVED
+CVE-2016-2350
+ RESERVED
+CVE-2016-2349
+ RESERVED
+CVE-2016-2348
+ RESERVED
+CVE-2016-2347
+ RESERVED
+CVE-2016-2346
+ RESERVED
+CVE-2016-2345
+ RESERVED
+CVE-2016-2344
+ RESERVED
+CVE-2016-2343
+ RESERVED
+CVE-2016-2342
+ RESERVED
+CVE-2016-2341
+ RESERVED
+CVE-2016-2340
+ RESERVED
+CVE-2016-2339
+ RESERVED
+CVE-2016-2338
+ RESERVED
+CVE-2016-2337
+ RESERVED
+CVE-2016-2336
+ RESERVED
+CVE-2016-2335
+ RESERVED
+CVE-2016-2334
+ RESERVED
+CVE-2016-2333
+ RESERVED
+CVE-2016-2332
+ RESERVED
+CVE-2016-2331
+ RESERVED
CVE-2016-2385 [SEAS Module Heap overflow]
- kamailio <unfixed>
NOTE: https://github.com/kamailio/kamailio/commit/f50c9c853e7809810099c970780c30b0765b0643
@@ -3,9 +107,11 @@
TODO: check
CVE-2016-2384 [Double-free in snd-usbmidi-lib triggered by invalid USB descriptor]
+ RESERVED
- linux <unfixed>
- linux-2.6 <removed>
NOTE: Fixed by: https://git.kernel.org/linus/07d86ca93db7e5cdf4743564d98292042ec21af7 (v4.5-rc4)
NOTE: http://www.openwall.com/lists/oss-security/2016/02/14/2
CVE-2016-2383 [Incorrect branch fixups for eBPF allow arbitrary read]
+ RESERVED
- linux <unfixed>
[jessie] - linux <not-affected> (Vulnerable code not present)
@@ -150,8 +256,8 @@
RESERVED
CVE-2016-2315
RESERVED
-CVE-2016-2314
- RESERVED
+CVE-2016-2314 (GlobespanVirata ftpd 1.0, as used on Huawei SmartAX MT882 devices ...)
+ TODO: check
CVE-2016-2318
RESERVED
- graphicsmagick <unfixed> (bug #814732)
@@ -360,8 +466,8 @@
RESERVED
CVE-2016-2232
RESERVED
-CVE-2016-2231
- RESERVED
+CVE-2016-2231 (The Windows-based Host Interface Program (WHIP) service on Huawei ...)
+ TODO: check
CVE-2016-2230 (OpenELEC and RasPlex devices have a hardcoded password for the root ...)
TODO: check
CVE-2016-2229
@@ -754,12 +860,12 @@
[squeeze] - nettle <not-affected> (Vulnerable code not present)
NOTE: https://lists.lysator.liu.se/pipermail/nettle-bugs/2015/003028.html
NOTE: https://git.lysator.liu.se/nettle/nettle/commit/c71d2c9d20eeebb985e3872e4550137209e3ce4d
-CVE-2015-8797
- RESERVED
-CVE-2015-8796
- RESERVED
-CVE-2015-8795
- RESERVED
+CVE-2015-8797 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2015-8796 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2015-8795 (Multiple cross-site scripting (XSS) vulnerabilities in the Admin UI in ...)
+ TODO: check
CVE-2015-8794 (Absolute path traversal vulnerability in ...)
- roundcube 1.1.2+dfsg.1-1
[wheezy] - roundcube <not-affected> (Vulnerable code not present)
@@ -961,8 +1067,7 @@
NOTE: http://sourceforge.net/p/giflib/bugs/82/
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/01/26/5
NOTE: http://sourceforge.net/p/giflib/code/ci/4cc68b315ff9a378aef6664e1be6b2144ad4a5e6/
-CVE-2016-2073 [Out-of-bounds Read in the libxml2's htmlParseNameComplex() function]
- RESERVED
+CVE-2016-2073 (The htmlParseNameComplex function in HTMLparser.c in libxml2 allows ...)
- libxml2 <unfixed> (bug #812807)
NOTE: http://www.openwall.com/lists/oss-security/2016/01/25/6
NOTE: http://www.openwall.com/lists/oss-security/2016/01/26/8 has details
@@ -1301,8 +1406,7 @@
RESERVED
CVE-2016-1950
RESERVED
-CVE-2016-1949
- RESERVED
+CVE-2016-1949 (Mozilla Firefox before 44.0.2 does not properly restrict the ...)
- iceweasel <unfixed>
[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
@@ -2172,33 +2276,27 @@
RESERVED
CVE-2016-1628
RESERVED
-CVE-2016-1627
- RESERVED
+CVE-2016-1627 (The Developer Tools (aka DevTools) subsystem in Google Chrome before ...)
- chromium-browser <unfixed>
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
-CVE-2016-1626
- RESERVED
+CVE-2016-1626 (The opj_pi_update_decode_poc function in pi.c in OpenJPEG, as used in ...)
- chromium-browser <unfixed>
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
-CVE-2016-1625
- RESERVED
+CVE-2016-1625 (The Chrome Instant feature in Google Chrome before 48.0.2564.109 does ...)
- chromium-browser <unfixed>
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
-CVE-2016-1624
- RESERVED
+CVE-2016-1624 (Integer underflow in the ProcessCommandsInternal function in ...)
- chromium-browser <unfixed>
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
-CVE-2016-1623
- RESERVED
+CVE-2016-1623 (The DOM implementation in Google Chrome before 48.0.2564.109 does not ...)
- chromium-browser <unfixed>
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
-CVE-2016-1622
- RESERVED
+CVE-2016-1622 (The Extensions subsystem in Google Chrome before 48.0.2564.109 does ...)
- chromium-browser <unfixed>
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
@@ -2498,19 +2596,17 @@
RESERVED
CVE-2016-1527
RESERVED
-CVE-2016-1526 [denial-of-service]
- RESERVED
+CVE-2016-1526 (The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in ...)
- graphite2 <unfixed>
NOTE: http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html
NOTE: Talos Blog mentions this CVE, but it is not listed in
NOTE: http://talosintel.com/vulnerability-reports/
TODO: check
-CVE-2016-1525
- RESERVED
-CVE-2016-1524
- RESERVED
-CVE-2016-1523
- RESERVED
+CVE-2016-1525 (Directory traversal vulnerability in data/config/image.do in NETGEAR ...)
+ TODO: check
+CVE-2016-1524 (Multiple unrestricted file upload vulnerabilities in NETGEAR ...)
+ TODO: check
+CVE-2016-1523 (The SillMap::readFace function in FeatureMap.cpp in Libgraphite in ...)
{DSA-3477-1}
- graphite2 1.3.5-1
NOTE: http://www.talosintel.com/reports/TALOS-2016-0059/
@@ -2518,14 +2614,12 @@
- iceweasel 44.0-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-14/
-CVE-2016-1522
- RESERVED
+CVE-2016-1522 (Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla ...)
- graphite2 1.3.5-1
NOTE: http://www.talosintel.com/reports/TALOS-2016-0057/
NOTE: http://www.talosintel.com/reports/TALOS-2016-0060/
NOTE: http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html
-CVE-2016-1521
- RESERVED
+CVE-2016-1521 (The directrun function in directmachine.cpp in Libgraphite in Graphite ...)
- graphite2 1.3.5-1
NOTE: http://www.talosintel.com/reports/TALOS-2016-0058/
NOTE: http://www.talosintel.com/reports/TALOS-2016-0061/
@@ -3881,21 +3975,18 @@
RESERVED
CVE-2015-8632
RESERVED
-CVE-2015-8631 [Memory leak caused by supplying a null principal name in request]
- RESERVED
+CVE-2015-8631 (Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in ...)
{DSA-3466-1}
- krb5 <unfixed> (bug #813126)
NOTE: Fixed by: https://github.com/krb5/krb5/commit/83ed75feba32e46f736fcce0d96a0445f29b96c2
-CVE-2015-8630 [krb5 doesn't check for null policy when KADM5_POLICY is set in the mask]
- RESERVED
+CVE-2015-8630 (The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal ...)
- krb5 <unfixed> (bug #813127)
[jessie] - krb5 1.12.1+dfsg-19+deb8u2
[wheezy] - krb5 <not-affected> (Vulnerability introduced in 1.12)
[squeeze] - krb5 <not-affected> (Vulnerability introduced in 1.12)
NOTE: Fixed by: https://github.com/krb5/krb5/commit/b863de7fbf080b15e347a736fdda0a82d42f4f6b
NOTE: Introduced by: https://github.com/krb5/krb5/commit/0780e46fc13dbafa177525164997cd204cc50b51 (krb5-1.12-alpha1)
-CVE-2015-8629 [xdr_nullstring() doesn't check for terminating null character]
- RESERVED
+CVE-2015-8629 (The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in ...)
{DSA-3466-1}
- krb5 <unfixed> (bug #813296)
NOTE: Fixed by: https://github.com/krb5/krb5/commit/df17a1224a3406f57477bcd372c61e04c0e5a5bb
@@ -4677,14 +4768,14 @@
TODO: check
CVE-2016-0867 (CAREL PlantVisorEnhanced allows remote attackers to bypass intended ...)
TODO: check
-CVE-2016-0866
- RESERVED
-CVE-2016-0865
- RESERVED
-CVE-2016-0864
- RESERVED
-CVE-2016-0863
- RESERVED
+CVE-2016-0866 (Cross-site scripting (XSS) vulnerability in Tollgrade SmartGrid ...)
+ TODO: check
+CVE-2016-0865 (Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software ...)
+ TODO: check
+CVE-2016-0864 (Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software ...)
+ TODO: check
+CVE-2016-0863 (Cross-site request forgery (CSRF) vulnerability in Tollgrade SmartGrid ...)
+ TODO: check
CVE-2016-0862 (General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter ...)
NOT-FOR-US: General Electric devices
CVE-2016-0861 (General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter ...)
@@ -5111,8 +5202,7 @@
RESERVED
CVE-2016-0702
RESERVED
-CVE-2016-0701
- RESERVED
+CVE-2016-0701 (The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 ...)
- openssl 1.0.2f-2
[jessie] - openssl <not-affected> (Only affects 1.0.2)
[wheezy] - openssl <not-affected> (Only affects 1.0.2)
@@ -6502,8 +6592,8 @@
RESERVED
CVE-2015-8532
RESERVED
-CVE-2015-8531
- RESERVED
+CVE-2015-8531 (Cross-site scripting (XSS) vulnerability in IBM Security Access ...)
+ TODO: check
CVE-2015-8530
RESERVED
CVE-2015-8529
@@ -9965,6 +10055,7 @@
NOTE: https://bugs.launchpad.net/bugs/1524274
CVE-2015-7547
RESERVED
+ {DLA-416-1}
CVE-2015-7546 (The identity service in OpenStack Identity (Keystone) before 2015.1.3 ...)
- keystone <unfixed>
[wheezy] - keystone <no-dsa> (Too intrusive to backport, needs to switch to different token provider)
@@ -10069,7 +10160,7 @@
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-11/msg06341.html
CVE-2015-7511
RESERVED
- {DSA-3474-1}
+ {DSA-3478-1 DSA-3474-1}
- libgcrypt20 1.6.5-2
- libgcrypt11 <removed>
[squeeze] - libgcrypt11 <not-affected> (Vulnerable code not present)
@@ -10169,8 +10260,8 @@
RESERVED
CVE-2015-7493
RESERVED
-CVE-2015-7492
- RESERVED
+CVE-2015-7492 (Cross-site scripting (XSS) vulnerability in Reference Data Management ...)
+ TODO: check
CVE-2015-7491
RESERVED
CVE-2015-7490
@@ -10209,8 +10300,8 @@
RESERVED
CVE-2015-7473
RESERVED
-CVE-2015-7472
- RESERVED
+CVE-2015-7472 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...)
+ TODO: check
CVE-2015-7471
RESERVED
CVE-2015-7470 (Report Builder in IBM Jazz Reporting Service (JRS) 5.x before ...)
@@ -10265,8 +10356,8 @@
RESERVED
CVE-2015-7445 (IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B ...)
TODO: check
-CVE-2015-7444
- RESERVED
+CVE-2015-7444 (The Update Installer in IBM WebSphere Commerce Enterprise 7.0.0.8 and ...)
+ TODO: check
CVE-2015-7443
RESERVED
CVE-2015-7442 (consoleinst.sh in IBM Installation Manager before 1.7.4.4 and 1.8.x ...)
@@ -10337,8 +10428,8 @@
TODO: check
CVE-2015-7409 (Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM ...)
TODO: check
-CVE-2015-7408
- RESERVED
+CVE-2015-7408 (The server in IBM Spectrum Protect (aka Tivoli Storage Manager) 5.5 ...)
+ TODO: check
CVE-2015-7407 (Cross-site request forgery (CSRF) vulnerability in Lotus Mashups in ...)
TODO: check
CVE-2015-7406
@@ -10357,8 +10448,8 @@
TODO: check
CVE-2015-7399 (IBM WebSphere Message Broker 7 before 7.0.0.8 and 8 before 8.0.0.6 and ...)
TODO: check
-CVE-2015-7398
- RESERVED
+CVE-2015-7398 (Cross-site scripting (XSS) vulnerability in IBM Emptoris Contract ...)
+ TODO: check
CVE-2015-7397 (Multiple open redirect vulnerabilities in the Aurora starter store in ...)
TODO: check
CVE-2015-7396 (The Scheduler in IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 ...)
@@ -16846,8 +16937,8 @@
RESERVED
CVE-2015-5051 (IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before ...)
NOT-FOR-US: IBM
-CVE-2015-5050
- RESERVED
+CVE-2015-5050 (Cross-site request forgery (CSRF) vulnerability in IBM Emptoris ...)
+ TODO: check
CVE-2015-5049 (SQL injection vulnerability in the API in IBM OpenPages GRC Platform ...)
NOT-FOR-US: IBM
CVE-2015-5048
@@ -16862,8 +16953,8 @@
NOT-FOR-US: IBM QRadar
CVE-2015-5043 (diag in IBM Security Guardium 8.2 before p6015, 9.0 before p6015, 9.1, ...)
NOT-FOR-US: IBM Security Guardium
-CVE-2015-5042
- RESERVED
+CVE-2015-5042 (IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, ...)
+ TODO: check
CVE-2015-5041
RESERVED
CVE-2015-5040 (Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 ...)
@@ -16922,12 +17013,12 @@
NOT-FOR-US: IBM
CVE-2015-5013
RESERVED
-CVE-2015-5012
- RESERVED
+CVE-2015-5012 (The SSH implementation on IBM Security Access Manager for Web ...)
+ TODO: check
CVE-2015-5011 (IBM WebSphere Message Broker 8 before 8.0.0.6 and Integration Bus 9 ...)
NOT-FOR-US: IBM
-CVE-2015-5010
- RESERVED
+CVE-2015-5010 (IBM Security Access Manager for Web 7.0 before 7.0.0 IF21, 8.0 before ...)
+ TODO: check
CVE-2015-5009 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 ...)
TODO: check
CVE-2015-5008 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 ...)
@@ -16964,8 +17055,8 @@
NOT-FOR-US: IBM WebSphere
CVE-2015-4992 (IBM Sterling B2B Integrator 5.2 before 5020500_8 allows remote ...)
NOT-FOR-US: IBM
-CVE-2015-4991
- RESERVED
+CVE-2015-4991 (IBM SPSS Modeler 14.2 through FP3 IF027, 15 through FP3 IF015, 16 ...)
+ TODO: check
CVE-2015-4990 (The portal in IBM Tealeaf Customer Experience before 8.7.1.8818, 8.8 ...)
NOT-FOR-US: IBM Tealeaf Customer Experience
CVE-2015-4989 (The portal in IBM Tealeaf Customer Experience before 8.7.1.8814, 8.8 ...)
@@ -17032,10 +17123,10 @@
NOT-FOR-US: IBM Tivoli Federated Identity Manager
CVE-2015-4958 (IBM InfoSphere Master Data Management - Collaborative Edition 9.1, ...)
NOT-FOR-US: IBM InfoSphere Master Data Management
-CVE-2015-4957
- RESERVED
-CVE-2015-4956
- RESERVED
+CVE-2015-4957 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM Security ...)
+ TODO: check
+CVE-2015-4956 (The Web UI in IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 ...)
+ TODO: check
CVE-2015-4955 (Cross-site scripting (XSS) vulnerability in IBM Business Process ...)
NOT-FOR-US: IBM
CVE-2015-4954
@@ -22168,8 +22259,7 @@
CVE-2015-3198
RESERVED
NOT-FOR-US: Undertow module of WildFly / JBOSS
-CVE-2015-3197
- RESERVED
+CVE-2015-3197 (ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f ...)
- openssl 1.0.0c-2
[squeeze] - openssl <no-dsa> (Minor issue affecting only SSLv2)
NOTE: 1.0.0c-2 dropped SSLv2 support
@@ -25896,14 +25986,14 @@
REJECTED
CVE-2015-2009
RESERVED
-CVE-2015-2008
- RESERVED
+CVE-2015-2008 (IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 and 7.2.x ...)
+ TODO: check
CVE-2015-2007 (Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x ...)
NOT-FOR-US: IBM Security QRadar SIEM
CVE-2015-2006
RESERVED
-CVE-2015-2005
- RESERVED
+CVE-2015-2005 (IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 and 7.2.x ...)
+ TODO: check
CVE-2015-2004
RESERVED
CVE-2015-2003
More information about the Secure-testing-commits
mailing list