[Secure-testing-commits] r39751 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Wed Feb 17 21:10:13 UTC 2016
Author: sectracker
Date: 2016-02-17 21:10:13 +0000 (Wed, 17 Feb 2016)
New Revision: 39751
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-02-17 19:11:30 UTC (rev 39750)
+++ data/CVE/list 2016-02-17 21:10:13 UTC (rev 39751)
@@ -1,3 +1,21 @@
+CVE-2016-2395
+ RESERVED
+CVE-2016-2394
+ RESERVED
+CVE-2016-2393
+ RESERVED
+CVE-2016-2389 (Directory traversal vulnerability in the Manufacturing Integration and ...)
+ TODO: check
+CVE-2016-2388 (The Universal Worklist Configuration in SAP NetWeaver 7.4 allows ...)
+ TODO: check
+CVE-2016-2387 (Cross-site scripting (XSS) vulnerability in the Java Proxy Runtime ...)
+ TODO: check
+CVE-2016-2386 (SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE ...)
+ TODO: check
+CVE-2015-8815
+ RESERVED
+CVE-2015-8814
+ RESERVED
CVE-2016-XXXX [open redirect]
- graphite-web <unfixed>
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/17/7
@@ -3,4 +21,5 @@
NOTE: https://github.com/graphite-project/graphite-web/issues/1441
CVE-2016-2392 [usb: null pointer dereference in remote NDIS control message handling]
+ RESERVED
- qemu <unfixed> (bug #815008)
[jessie] - qemu <no-dsa> (Minor issue)
@@ -13,6 +32,7 @@
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg02553.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1302299
CVE-2016-2391 [usb: multiple eof_timers in ohci leads to null pointer dereference]
+ RESERVED
- qemu <unfixed> (bug #815009)
[jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <no-dsa> (Minor issue)
@@ -24,6 +44,7 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1304794
NOTE: http://www.openwall.com/lists/oss-security/2016/02/16/2
CVE-2016-2390 [Segfault on Certain SSL Handshake Errors]
+ RESERVED
- squid <removed> (unimportant)
- squid3 3.5.14-1 (unimportant)
NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_1.txt
@@ -133,6 +154,7 @@
CVE-2016-2331
RESERVED
CVE-2016-2385 [SEAS Module Heap overflow]
+ RESERVED
- kamailio <unfixed>
NOTE: https://github.com/kamailio/kamailio/commit/f50c9c853e7809810099c970780c30b0765b0643
TODO: check
@@ -443,6 +465,7 @@
CVE-2016-2243
RESERVED
CVE-2015-8813
+ RESERVED
NOT-FOR-US: Umbraco
CVE-2015-8812 [Flaw in CXGB3 driver]
RESERVED
@@ -3087,10 +3110,10 @@
RESERVED
CVE-2016-1332
RESERVED
-CVE-2016-1331
- RESERVED
-CVE-2016-1330
- RESERVED
+CVE-2016-1331 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Emergency ...)
+ TODO: check
+CVE-2016-1330 (Cisco IOS 15.2(4)E on Industrial Ethernet 2000 devices allows remote ...)
+ TODO: check
CVE-2016-1329
RESERVED
CVE-2016-1328
@@ -3107,8 +3130,8 @@
TODO: check
CVE-2016-1322 (The REST interface in Cisco Spark 2015-07-04 allows remote attackers ...)
TODO: check
-CVE-2016-1321
- RESERVED
+CVE-2016-1321 (Cisco Universal Small Cell devices with firmware R2.12 through R3.5 ...)
+ TODO: check
CVE-2016-1320 (The CLI in Cisco Prime Collaboration 9.0 and 11.0 allows local users ...)
TODO: check
CVE-2016-1319 (Cisco Unified Communications Manager (aka CallManager) ...)
@@ -3837,16 +3860,16 @@
RESERVED
CVE-2016-1154
RESERVED
-CVE-2016-1153
- RESERVED
-CVE-2016-1152
- RESERVED
-CVE-2016-1151
- RESERVED
-CVE-2016-1150
- RESERVED
-CVE-2016-1149
- RESERVED
+CVE-2016-1153 (customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote ...)
+ TODO: check
+CVE-2016-1152 (Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users ...)
+ TODO: check
+CVE-2016-1151 (Multiple cross-site request forgery (CSRF) vulnerabilities in Cybozu ...)
+ TODO: check
+CVE-2016-1150 (Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 ...)
+ TODO: check
+CVE-2016-1149 (Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 ...)
+ TODO: check
CVE-2016-1148
RESERVED
CVE-2016-1147
@@ -4955,10 +4978,12 @@
RESERVED
CVE-2016-0795
RESERVED
+ {DSA-3482-1}
- libreoffice 1:5.1.0~rc1-1
NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2016-0795/
CVE-2016-0794
RESERVED
+ {DSA-3482-1}
- libreoffice 1:5.1.0~rc1-1
NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2016-0794/
CVE-2016-0793
@@ -5075,8 +5100,7 @@
CVE-2016-0754 (cURL before 7.47.0 on Windows allows attackers to write to arbitrary ...)
- curl <not-affected> (Windows only)
NOTE: http://curl.haxx.se/docs/adv_20160127B.html
-CVE-2016-0753 [Possible Input Validation Circumvention in Active Model]
- RESERVED
+CVE-2016-0753 (Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before ...)
{DSA-3464-1}
- rails 2:4.2.5.1-1
[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package)
@@ -5088,8 +5112,7 @@
- ruby-activesupport-2.3 <removed>
- ruby-activemodel-3.2 <removed>
TODO: check
-CVE-2016-0752 [Possible Information Leak Vulnerability in Action View]
- RESERVED
+CVE-2016-0752 (Directory traversal vulnerability in Action View in Ruby on Rails ...)
{DSA-3464-1}
- rails 2:4.2.5.1-1
[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package)
@@ -5097,8 +5120,7 @@
- ruby-actionpack-3.2 <removed>
- ruby-actionpack-2.3 <removed>
TODO: check
-CVE-2016-0751 [Possible Object Leak and Denial of Service attack in Action Pack]
- RESERVED
+CVE-2016-0751 (actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in ...)
{DSA-3464-1}
- rails 2:4.2.5.1-1
[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package)
@@ -5112,16 +5134,14 @@
RESERVED
CVE-2016-0748
RESERVED
-CVE-2016-0747 [CNAME resolution was insufficiently limited]
- RESERVED
+CVE-2016-0747 (The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not ...)
{DSA-3473-1}
- nginx 1.9.10-1 (bug #812806)
[squeeze] - nginx <not-affected> (Vulnerable code not present)
NOTE: http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html
NOTE: https://github.com/nginx/nginx/commit/4016e6b1da4fbf9c45963211791be124cd7ffb8f (release-1.9.10)
NOTE: https://github.com/nginx/nginx/commit/fe89d99796d42b86816e17d9c87ab16964768024 (release-1.9.10)
-CVE-2016-0746 [Use-after-free condition might occur during CNAME response processing]
- RESERVED
+CVE-2016-0746 (Use-after-free vulnerability in the resolver in nginx before 1.8.1 and ...)
{DSA-3473-1}
- nginx 1.9.10-1 (bug #812806)
[squeeze] - nginx <not-affected> (Vulnerable code not present)
@@ -5134,8 +5154,7 @@
RESERVED
CVE-2016-0743
RESERVED
-CVE-2016-0742 [Invalid pointer dereference might occur during DNS server response processing]
- RESERVED
+CVE-2016-0742 (The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows ...)
{DSA-3473-1 DLA-404-1}
- nginx 1.9.10-1 (bug #812806)
NOTE: http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html
@@ -6562,10 +6581,10 @@
RESERVED
CVE-2016-0233
RESERVED
-CVE-2016-0232
- RESERVED
-CVE-2016-0231
- RESERVED
+CVE-2016-0232 (IBM Financial Transaction Manager (FTM) for ACH Services, Check ...)
+ TODO: check
+CVE-2016-0231 (IBM Financial Transaction Manager (FTM) for ACH Services, Check ...)
+ TODO: check
CVE-2016-0230
RESERVED
CVE-2016-0229
@@ -6721,20 +6740,20 @@
RESERVED
CVE-2015-8490
RESERVED
-CVE-2015-8489
- RESERVED
-CVE-2015-8488
- RESERVED
-CVE-2015-8487
- RESERVED
-CVE-2015-8486
- RESERVED
-CVE-2015-8485
- RESERVED
-CVE-2015-8484
- RESERVED
-CVE-2015-8483
- RESERVED
+CVE-2015-8489 (customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote ...)
+ TODO: check
+CVE-2015-8488 (Cybozu Office 10.3.0 allows remote attackers to read image files via a ...)
+ TODO: check
+CVE-2015-8487 (Cybozu Office 9.0.0 through 10.3 allows remote attackers to discover ...)
+ TODO: check
+CVE-2015-8486 (Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users ...)
+ TODO: check
+CVE-2015-8485 (Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users ...)
+ TODO: check
+CVE-2015-8484 (Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users ...)
+ TODO: check
+CVE-2015-8483 (Open redirect vulnerability in Cybozu Office 10.2.0 through 10.3.0 ...)
+ TODO: check
CVE-2015-8482 (Blue Coat Unified Agent before 4.6.2 does not prevent modification of ...)
NOT-FOR-US: Blue Coat Unified Agent
CVE-2015-8481 (Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA ...)
@@ -8162,6 +8181,7 @@
RESERVED
CVE-2013-7447
RESERVED
+ {DLA-419-1}
- gtk+2.0 <unfixed> (bug #799275)
- gtk+3.0 3.10.7-1
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=703220
@@ -9288,14 +9308,14 @@
NOTE: DoS, requires access to /dev/ppp which is root-only by default
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0baa57d8dc32db78369d8b5176ef56c5e2e18ab3
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4ab42d78e37a294ac7bc56901d563c642e03c4ae
-CVE-2015-7798
- RESERVED
-CVE-2015-7797
- RESERVED
-CVE-2015-7796
- RESERVED
-CVE-2015-7795
- RESERVED
+CVE-2015-7798 (Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 ...)
+ TODO: check
+CVE-2015-7797 (Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 ...)
+ TODO: check
+CVE-2015-7796 (Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 ...)
+ TODO: check
+CVE-2015-7795 (Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 ...)
+ TODO: check
CVE-2015-7794 (Corega CG-WLNCM4G devices provide an open DNS resolver, which allows ...)
TODO: check
CVE-2015-7793 (Corega CG-WLBARAGM devices provide an open proxy service, which allows ...)
@@ -9929,8 +9949,7 @@
RESERVED
CVE-2015-7582
RESERVED
-CVE-2015-7581 [Object leak vulnerability for wildcard controller routes in Action Pack]
- RESERVED
+CVE-2015-7581 (actionpack/lib/action_dispatch/routing/route_set.rb in Action Pack in ...)
{DSA-3464-1}
- rails 2:4.2.5.1-1
[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package)
@@ -9938,17 +9957,13 @@
- ruby-actionpack-3.2 <removed>
- ruby-actionpack-2.3 <removed>
TODO: check
-CVE-2015-7580 [Possible XSS vulnerability in rails-html-sanitizer]
- RESERVED
+CVE-2015-7580 (Cross-site scripting (XSS) vulnerability in ...)
- ruby-rails-html-sanitizer 1.0.3-1 (bug #812814)
-CVE-2015-7579 [XSS vulnerability in rails-html-sanitizer]
- RESERVED
+CVE-2015-7579 (Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer ...)
- ruby-rails-html-sanitizer 1.0.3-1 (bug #812814)
-CVE-2015-7578 [Possible XSS vulnerability in rails-html-sanitizer]
- RESERVED
+CVE-2015-7578 (Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer ...)
- ruby-rails-html-sanitizer 1.0.3-1 (bug #812814)
-CVE-2015-7577 [Nested attributes rejection proc bypass in Active Record]
- RESERVED
+CVE-2015-7577 (activerecord/lib/active_record/nested_attributes.rb in Active Record ...)
{DSA-3464-1}
- rails 2:4.2.5.1-1
[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package)
@@ -9956,8 +9971,7 @@
- ruby-activerecord-3.2 <removed>
- ruby-activerecord-2.3 <removed>
TODO: check
-CVE-2015-7576 [Timing attack vulnerability in basic authentication in Action Controller]
- RESERVED
+CVE-2015-7576 (The http_basic_authenticate_with method in ...)
{DSA-3464-1}
- rails 2:4.2.5.1-1
[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package)
@@ -19237,6 +19251,7 @@
CVE-2015-4173 (Unquoted Windows search path vulnerability in the autorun value in ...)
NOT-FOR-US: Dell SonicWall NetExtender
CVE-2010-5325 [foomatic-rip unhtmlify() buffer overflow vulnerability]
+ RESERVED
- foomatic-filters 4.0.5-6
- cups-filters <not-affected> (Vulnerable code not present)
NOTE: cups-filters 1.0.42 introduced foomatic-rip filter which already was fixed.
More information about the Secure-testing-commits
mailing list