[Secure-testing-commits] r38887 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Wed Jan 13 21:10:11 UTC 2016 

Author: sectracker
Date: 2016-01-13 21:10:11 +0000 (Wed, 13 Jan 2016)
New Revision: 38887

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-01-13 20:36:35 UTC (rev 38886)
+++ data/CVE/list	2016-01-13 21:10:11 UTC (rev 38887)
@@ -1,3 +1,13 @@
+CVE-2016-1715 (The swin.sys kernel driver in McAfee Application Control (MAC) 6.1.0 ...)
+	TODO: check
+CVE-2016-1713
+	RESERVED
+CVE-2016-1712
+	RESERVED
+CVE-2015-8770
+	RESERVED
+CVE-2015-8769 (SQL injection vulnerability in Joomla! 3.x before 3.4.7 allows ...)
+	TODO: check
 CVE-2016-1711
 	RESERVED
 CVE-2016-1710
@@ -289,6 +299,7 @@
 CVE-2016-1565 (Cross-site scripting (XSS) vulnerability in the Field Group module ...)
 	TODO: check
 CVE-2015-8768
+	RESERVED
 	NOT-FOR-US: Click package manager
 	NOTE: http://www.ubuntu.com/usn/usn-2771-1/
 CVE-2015-8766 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
@@ -316,6 +327,7 @@
 CVE-2015-8752
 	RESERVED
 CVE-2016-1714 [nvram: OOB r/w access in processing firmware configurations]
+	RESERVED
 	- qemu <unfixed>
 	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
 	- qemu-kvm <removed>
@@ -1410,13 +1422,11 @@
 	RESERVED
 CVE-2016-1233
 	RESERVED
-CVE-2016-1232 [Fix use of weak PRNG in generation of dialback secrets]
-	RESERVED
+CVE-2016-1232 (The mod_dialback module in Prosody before 0.9.9 does not properly ...)
 	{DSA-3439-1}
 	- prosody 0.9.9-1
 	NOTE: https://prosody.im/security/advisory_20160108-2/
-CVE-2016-1231 [Fix path traversal vulnerability in mod_http_files]
-	RESERVED
+CVE-2016-1231 (Directory traversal vulnerability in the HTTP file-serving module ...)
 	{DSA-3439-1}
 	- prosody 0.9.9-1
 	[squeeze] - prosody <not-affected> (Vulnerable code not present)
@@ -1670,10 +1680,10 @@
 	RESERVED
 CVE-2015-8674
 	RESERVED
-CVE-2015-8673
-	RESERVED
-CVE-2015-8672
-	RESERVED
+CVE-2015-8673 (Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing ...)
+	TODO: check
+CVE-2015-8672 (The presentation transmission permission management mechanism in ...)
+	TODO: check
 CVE-2015-8671
 	RESERVED
 CVE-2015-8670
@@ -2188,8 +2198,7 @@
 	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=acff81ec2c79492b180fade3c2894425cd35a545 (v4.4-rc4)
 	NOTE: OverlayFS introduced in https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e9be9d5e76e34872f0c37d72e25bc27fe9e2c54c (v3.18-rc2)
 	NOTE: http://www.openwall.com/lists/oss-security/2015/12/23/5
-CVE-2015-8659 [Use after free]
-	RESERVED
+CVE-2015-8659 (The idle stream handling in nghttp2 before 1.6.0 allows attackers to ...)
 	- nghttp2 1.6.0-1
 	NOTE: https://nghttp2.org/blog/2015/12/23/nghttp2-v1-6-0/
 	TODO: check versions
@@ -2281,8 +2290,8 @@
 	NOTE: http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3557
 	NOTE: http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3584
 	NOTE: https://bugs.gentoo.org/show_bug.cgi?id=569010
-CVE-2015-8611
-	RESERVED
+CVE-2015-8611 (BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, and ...)
+	TODO: check
 CVE-2015-8613 [scsi: stack based buffer overflow in megasas_ctrl_get_info]
 	RESERVED
 	- qemu 1:2.5+dfsg-3 (bug #809232)
@@ -2449,8 +2458,8 @@
 	RESERVED
 	- isc-dhcp <unfixed> (bug #810875)
 	NOTE: https://kb.isc.org/article/AA-01334
-CVE-2015-8603
-	RESERVED
+CVE-2015-8603 (Cross-site scripting (XSS) vulnerability in Serendipity before 2.0.3 ...)
+	TODO: check
 CVE-2015-8602 (The Token Insert Entity module 7.x-1.x before 7.x-1.1 for Drupal does ...)
 	NOT-FOR-US: Token Insert Entity module for Drupal
 CVE-2015-8601 (The Chat Room module 7.x-2.x before 7.x-2.2 for Drupal does not ...)
@@ -4567,20 +4576,20 @@
 	RESERVED
 CVE-2016-0036
 	RESERVED
-CVE-2016-0035
-	RESERVED
-CVE-2016-0034
-	RESERVED
+CVE-2016-0035 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 ...)
+	TODO: check
+CVE-2016-0034 (Microsoft Silverlight 5 before 5.1.41212.0 mishandles negative offsets ...)
+	TODO: check
 CVE-2016-0033
 	RESERVED
-CVE-2016-0032
-	RESERVED
-CVE-2016-0031
-	RESERVED
-CVE-2016-0030
-	RESERVED
-CVE-2016-0029
-	RESERVED
+CVE-2016-0032 (Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) ...)
+	TODO: check
+CVE-2016-0031 (Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) ...)
+	TODO: check
+CVE-2016-0030 (Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) ...)
+	TODO: check
+CVE-2016-0029 (Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) ...)
+	TODO: check
 CVE-2016-0028
 	RESERVED
 CVE-2016-0027
@@ -4589,52 +4598,52 @@
 	RESERVED
 CVE-2016-0025
 	RESERVED
-CVE-2016-0024
-	RESERVED
+CVE-2016-0024 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
+	TODO: check
 CVE-2016-0023
 	RESERVED
 CVE-2016-0022
 	RESERVED
 CVE-2016-0021
 	RESERVED
-CVE-2016-0020
-	RESERVED
-CVE-2016-0019
-	RESERVED
-CVE-2016-0018
-	RESERVED
+CVE-2016-0020 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and ...)
+	TODO: check
+CVE-2016-0019 (The Remote Desktop Protocol (RDP) service implementation in Microsoft ...)
+	TODO: check
+CVE-2016-0018 (Microsoft Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 ...)
+	TODO: check
 CVE-2016-0017
 	RESERVED
-CVE-2016-0016
-	RESERVED
-CVE-2016-0015
-	RESERVED
-CVE-2016-0014
-	RESERVED
+CVE-2016-0016 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...)
+	TODO: check
+CVE-2016-0015 (DirectShow in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
+	TODO: check
+CVE-2016-0014 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...)
+	TODO: check
 CVE-2016-0013
 	RESERVED
-CVE-2016-0012
-	RESERVED
-CVE-2016-0011
-	RESERVED
-CVE-2016-0010
-	RESERVED
-CVE-2016-0009
-	RESERVED
-CVE-2016-0008
-	RESERVED
-CVE-2016-0007
-	RESERVED
-CVE-2016-0006
-	RESERVED
-CVE-2016-0005
-	RESERVED
+CVE-2016-0012 (Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Visio ...)
+	TODO: check
+CVE-2016-0011 (Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 ...)
+	TODO: check
+CVE-2016-0010 (Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office ...)
+	TODO: check
+CVE-2016-0009 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...)
+	TODO: check
+CVE-2016-0008 (The graphics device interface in Microsoft Windows Vista SP2, Windows ...)
+	TODO: check
+CVE-2016-0007 (The sandbox implementation in Microsoft Windows Vista SP2, Windows ...)
+	TODO: check
+CVE-2016-0006 (The sandbox implementation in Microsoft Windows Vista SP2, Windows ...)
+	TODO: check
+CVE-2016-0005 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
+	TODO: check
 CVE-2016-0004
 	RESERVED
-CVE-2016-0003
-	RESERVED
-CVE-2016-0002
-	RESERVED
+CVE-2016-0003 (Microsoft Edge allows remote attackers to execute arbitrary code via ...)
+	TODO: check
+CVE-2016-0002 (The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 ...)
+	TODO: check
 CVE-2016-0001
 	RESERVED
 CVE-2015-8480 (The VideoFramePool::PoolImpl::CreateFrame function in ...)
@@ -4852,15 +4861,13 @@
 CVE-2015-8398
 	RESERVED
 	NOT-FOR-US: Atlassian Confluence
-CVE-2015-8397 [GDCM out-of-bounds read in JPEGLSCodec::DecodeExtent]
-	RESERVED
+CVE-2015-8397 (The JPEGLSCodec::DecodeExtent function in ...)
 	- gdcm 2.6.2-1
 	[wheezy] - gdcm <not-affected> (Vulerable code not present)
 	[squeeze] - gdcm <not-affected> (Vulerable code not present)
 	NOTE: http://census-labs.com/news/2016/01/11/gdcm-out-bounds-read-jpeglscodec-decodeextent/
 	NOTE: http://sourceforge.net/p/gdcm/gdcm/ci/e547b1ded3fd21e0b0ad149f13045aa12d4b9b7c/
-CVE-2015-8396 [GDCM buffer overflow in ImageRegionReader::ReadIntoBuffer]
-	RESERVED
+CVE-2015-8396 (Integer overflow in the ImageRegionReader::ReadIntoBuffer function in ...)
 	- gdcm 2.6.2-1
 	[squeeze] - gdcm <not-affected> (Vulerable code not present)
 	NOTE: http://census-labs.com/news/2016/01/11/gdcm-buffer-overflow-imageregionreaderreadintobuffer/
@@ -4886,8 +4893,7 @@
 	NOTE: https://launchpadlibrarian.net/228152582/dhcp.c.patch
 CVE-2015-8379
 	RESERVED
-CVE-2015-8400 [DNS rebinding attack due to HTTP fallback]
-	RESERVED
+CVE-2015-8400 (The HTTPS fallback implementation in Shell In A Box (aka shellinabox) ...)
 	- shellinabox 2.19
 	[jessie] - shellinabox <no-dsa> (Minor issue)
 	[wheezy] - shellinabox <no-dsa> (Minor issue)
@@ -5042,8 +5048,8 @@
 	NOTE: CVE assignment for the vulnerability with the impact of "User B now
 	NOTE: gets to see the 1000 bytes that user A truncated from its file before
 	NOTE: it made its file world readable"
-CVE-2015-8337
-	RESERVED
+CVE-2015-8337 (The HIFI driver in Huawei P8 phones with software GRA-TL00 before ...)
+	TODO: check
 CVE-2015-8336
 	RESERVED
 CVE-2015-8335 (Huawei VCN500 with software before V100R002C00SPC201 logs passwords in ...)
@@ -5166,8 +5172,8 @@
 	RESERVED
 CVE-2015-8307
 	RESERVED
-CVE-2015-8306
-	RESERVED
+CVE-2015-8306 (Buffer overflow in the HIFI driver in Huawei P8 phones with software ...)
+	TODO: check
 CVE-2015-8305
 	RESERVED
 CVE-2015-8304
@@ -5722,8 +5728,8 @@
 	RESERVED
 CVE-2015-8099
 	RESERVED
-CVE-2015-8098
-	RESERVED
+CVE-2015-8098 (F5 BIG-IP APM 11.4.1 before 11.4.1 HF9, 11.5.x before 11.5.3, and ...)
+	TODO: check
 CVE-2015-8097
 	RESERVED
 CVE-2015-8096 (Integer overflow in Google Picasa 3.9.140 Build 239 and Build 248 ...)
@@ -5754,8 +5760,8 @@
 	- net-snmp <not-affected> (Specific to packaging in OpenBSD)
 CVE-2015-8089
 	RESERVED
-CVE-2015-8088
-	RESERVED
+CVE-2015-8088 (Heap-based buffer overflow in the HIFI driver in Huawei Mate 7 phones ...)
+	TODO: check
 CVE-2015-8087 (Huawei NE20E-S, NE40E-M, and NE40E-M2 routers with software before ...)
 	NOT-FOR-US: Huawei
 CVE-2015-8086
@@ -6781,8 +6787,8 @@
 	NOT-FOR-US: Apple
 CVE-2015-7760 (libxpc in launchd in Apple OS X before 10.11 does not restrict the ...)
 	NOT-FOR-US: Apple
-CVE-2015-7759
-	RESERVED
+CVE-2015-7759 (BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM ...)
+	TODO: check
 CVE-2015-7757
 	RESERVED
 CVE-2015-7756 (The encryption implementation in Juniper ScreenOS 6.2.0r15 through ...)
@@ -7433,8 +7439,7 @@
 	[squeeze] - qemu-kvm <not-affected> (Vulnerable code not present)
 	NOTE: Upstream commit: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=43b11a91dd861a946b231b89b7542856ade23d1b (v2.5.0-rc0)
 	NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=d35e428c8400f9ddc07e5a15ff19622c869b9ba0 (v1.2.0-rc0)
-CVE-2015-7548 [Nova host data leak through snapshot]
-	RESERVED
+CVE-2015-7548 (OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before ...)
 	- nova <unfixed>
 	NOTE: Affects: Nova: <=2015.1.2, ==12.0.0
 	NOTE: https://bugs.launchpad.net/bugs/1524274
@@ -7824,8 +7829,8 @@
 	NOT-FOR-US: IBM
 CVE-2015-7394 (The datastor kernel module in F5 BIG-IP Analytics, APM, ASM, Link ...)
 	NOT-FOR-US: BIG-IQ
-CVE-2015-7393
-	RESERVED
+CVE-2015-7393 (dcoep in BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.0 ...)
+	TODO: check
 CVE-2015-7392 (Heap-based buffer overflow in the parse_string function in ...)
 	- freeswitch <itp> (bug #389591)
 CVE-2015-7391
@@ -8164,8 +8169,8 @@
 	TODO: check
 CVE-2015-7243 (Buffer overflow in Boxoft WAV to MP3 Converter allows remote attackers ...)
 	NOT-FOR-US: Boxoft
-CVE-2015-7242
-	RESERVED
+CVE-2015-7242 (Cross-site scripting (XSS) vulnerability in the Push-Service-Mails ...)
+	TODO: check
 CVE-2015-7241
 	RESERVED
 CVE-2015-7240
@@ -10989,8 +10994,8 @@
 	RESERVED
 CVE-2015-6118 (Microsoft Office 2007 SP3 and Office 2010 SP2 allow remote attackers ...)
 	NOT-FOR-US: Microsoft Office
-CVE-2015-6117
-	RESERVED
+CVE-2015-6117 (Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 ...)
+	TODO: check
 CVE-2015-6116
 	RESERVED
 CVE-2015-6115 (Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 allows remote ...)
@@ -12864,8 +12869,8 @@
 	RESERVED
 CVE-2015-5472 (Absolute path traversal vulnerability in lib/download.php in the IBS ...)
 	NOT-FOR-US: IBS Mappro plugin for WordPress
-CVE-2015-5471
-	RESERVED
+CVE-2015-5471 (Absolute path traversal vulnerability in include/user/download.php in ...)
+	TODO: check
 CVE-2015-5469
 	RESERVED
 CVE-2015-5468
@@ -15296,8 +15301,7 @@
 CVE-2015-4704
 	RESERVED
 	NOT-FOR-US: WordPress plugin download-zip-attachments
-CVE-2015-4703
-	RESERVED
+CVE-2015-4703 (Absolute path traversal vulnerability in mysqldump_download.php in the ...)
 	NOT-FOR-US: WordPress plugin wp-instance-rename
 CVE-2015-4700 (The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the ...)
 	{DSA-3329-1}
@@ -15328,8 +15332,8 @@
 	RESERVED
 CVE-2015-4672
 	RESERVED
-CVE-2015-4671
-	RESERVED
+CVE-2015-4671 (Cross-site scripting (XSS) vulnerability in OpenCart before 2.1.0.2 ...)
+	TODO: check
 CVE-2015-4670 (Directory traversal vulnerability in the AjaxFileUpload control in ...)
 	NOT-FOR-US: AjaxControlToolkit
 CVE-2015-4669
@@ -23959,8 +23963,7 @@
 CVE-2015-1780
 	RESERVED
 	NOT-FOR-US: oVirt Engine backend
-CVE-2015-1779 [denial of service in VNC web]
-	RESERVED
+CVE-2015-1779 (The VNC websocket frame decoder in QEMU allows remote attackers to ...)
 	{DSA-3259-1}
 	- qemu 1:2.3+dfsg-1 (bug #781250)
 	[wheezy] - qemu <not-affected> (Websocket protocol support introduced in v1.4.0-rc0)

More information about the Secure-testing-commits mailing list