[Secure-testing-commits] r38963 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Sat Jan 16 09:10:13 UTC 2016 

Author: sectracker
Date: 2016-01-16 09:10:13 +0000 (Sat, 16 Jan 2016)
New Revision: 38963

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-01-16 08:15:25 UTC (rev 38962)
+++ data/CVE/list	2016-01-16 09:10:13 UTC (rev 38963)
@@ -1,12 +1,17 @@
+CVE-2016-1902
+	RESERVED
 CVE-2016-1906 [Kubernetes api server: build config to a strategy that isn't allowed by policy]
+	RESERVED
 	- kubernetes <itp> (bug #795652)
 	NOTE: https://github.com/openshift/origin/issues/6556
 	NOTE: https://github.com/openshift/origin/pull/6576
 CVE-2016-1905 [Kubernetes api server: patch operation should use patched object to check admission control]
+	RESERVED
 	- kubernetes <itp> (bug #795652)
 	NOTE: https://github.com/kubernetes/kubernetes/issues/19479
 	NOTE: https://github.com/kubernetes/kubernetes/pull/19481
 CVE-2016-1904 [Heap BufferOver Flow in escapeshell functions]
+	RESERVED
 	- php5 <undetermined>
 	- php5.6 <undetermined>
 	- php7.0 7.0.2-1
@@ -14,18 +19,22 @@
 	NOTE: https://github.com/php/php-src/commit/2871c70efaaaa0f102557a17c727fd4d5204dd4b
 	TODO: check
 CVE-2016-1903 [Memory Read via gdImageRotateInterpolated Array Index Out of Bounds]
+	RESERVED
 	- php5 5.6.17+dfsg-1
 	- php5.6 5.6.17+dfsg-1
 	- php7.0 7.0.2-1
 	NOTE: https://bugs.php.net/bug.php?id=70976
 	TODO: check
 CVE-2016-1901 [Integer Overflow resulting in Buffer Overflow]
+	RESERVED
 	- cgit <unfixed>
 	NOTE: http://git.zx2c4.com/cgit/commit/?id=4458abf64172a62b92810c2293450106e6dfc763 (v0.12)
 CVE-2016-1900 [Stored Cross Site Scripting & Header Injection in Filename Parameter]
+	RESERVED
 	- cgit <unfixed>
 	NOTE: http://git.zx2c4.com/cgit/commit/?id=513b3863d999f91b47d7e9f26710390db55f9463 (v0.12)
 CVE-2016-1899 [Reflected Cross Site Scripting & Header Injection in Mimetype Query String]
+	RESERVED
 	- cgit <unfixed>
 	NOTE: http://git.zx2c4.com/cgit/commit/?id=1c581a072651524f3b0d91f33e22a42c4166dd96 (v0.12)
 CVE-2016-1896
@@ -403,15 +412,13 @@
 	[squeeze] - openssh <not-affected> (Issue introduced in OpenSSH 6.8)
 	NOTE: Fixed by: https://anongit.mindrot.org/openssh.git/commit/?id=2fecfd486bdba9f51b3a789277bb0733ca36e1c0
 	NOTE: Introduced by: https://anongit.mindrot.org/openssh.git/commit/packet.c?id=091c302829210c41e7f57c3f094c7b9c054306f0 (V_6_8_P1)
-CVE-2016-1898
-	RESERVED
+CVE-2016-1898 (FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and ...)
 	- ffmpeg <unfixed>
 	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
 	- libav <removed>
 	NOTE: http://habrahabr.ru/company/mailru/blog/274855
 	NOTE: Fixed in 2.8.5 upstream
-CVE-2016-1897
-	RESERVED
+CVE-2016-1897 (FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and ...)
 	- ffmpeg <unfixed>
 	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
 	- libav <removed>
@@ -2913,8 +2920,7 @@
 	NOTE: https://rt.perl.org/Public/Bug/Display.html?id=126862
 CVE-2015-8606
 	RESERVED
-CVE-2015-8605 [UDP payload length not properly checked]
-	RESERVED
+CVE-2015-8605 (ISC DHCP 4.x before 4.1-ESV-R12-P1 and 4.2.x and 4.3.x before 4.3.3-P1 ...)
 	{DSA-3442-1 DLA-385-1}
 	- isc-dhcp <unfixed> (bug #810875)
 	NOTE: https://kb.isc.org/article/AA-01334
@@ -2997,26 +3003,26 @@
 	RESERVED
 CVE-2016-0861
 	RESERVED
-CVE-2016-0860
-	RESERVED
-CVE-2016-0859
-	RESERVED
-CVE-2016-0858
-	RESERVED
-CVE-2016-0857
-	RESERVED
-CVE-2016-0856
-	RESERVED
-CVE-2016-0855
-	RESERVED
-CVE-2016-0854
-	RESERVED
-CVE-2016-0853
-	RESERVED
-CVE-2016-0852
-	RESERVED
-CVE-2016-0851
-	RESERVED
+CVE-2016-0860 (Buffer overflow in the BwpAlarm subsystem in Advantech WebAccess ...)
+	TODO: check
+CVE-2016-0859 (Integer overflow in the Kernel service in Advantech WebAccess before ...)
+	TODO: check
+CVE-2016-0858 (Race condition in Advantech WebAccess before 8.1 allows remote ...)
+	TODO: check
+CVE-2016-0857 (Multiple heap-based buffer overflows in Advantech WebAccess before 8.1 ...)
+	TODO: check
+CVE-2016-0856 (Multiple stack-based buffer overflows in Advantech WebAccess before ...)
+	TODO: check
+CVE-2016-0855 (Directory traversal vulnerability in Advantech WebAccess before 8.1 ...)
+	TODO: check
+CVE-2016-0854 (Unrestricted file upload vulnerability in Advantech WebAccess before ...)
+	TODO: check
+CVE-2016-0853 (Advantech WebAccess before 8.1 allows remote attackers to obtain ...)
+	TODO: check
+CVE-2016-0852 (Advantech WebAccess before 8.1 allows remote attackers to bypass an ...)
+	TODO: check
+CVE-2016-0851 (Advantech WebAccess before 8.1 allows remote attackers to cause a ...)
+	TODO: check
 CVE-2016-0850
 	RESERVED
 CVE-2016-0849
@@ -3161,13 +3167,11 @@
 	RESERVED
 CVE-2016-0779
 	RESERVED
-CVE-2016-0778
-	RESERVED
+CVE-2016-0778 (The (1) roaming_read and (2) roaming_write functions in ...)
 	{DSA-3446-1 DLA-387-1}
 	- openssh 1:7.1p2-1
 	NOTE: https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt
-CVE-2016-0777
-	RESERVED
+CVE-2016-0777 (The resend_bytes function in roaming_common.c in the client in OpenSSH ...)
 	{DSA-3446-1 DLA-387-1}
 	- openssh 1:7.1p2-1 (bug #810984)
 	NOTE: https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt
@@ -5713,12 +5717,12 @@
 	RESERVED
 CVE-2015-8282
 	RESERVED
-CVE-2015-8281
-	RESERVED
-CVE-2015-8280
-	RESERVED
-CVE-2015-8279
-	RESERVED
+CVE-2015-8281 (Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows attackers to ...)
+	TODO: check
+CVE-2015-8280 (Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote ...)
+	TODO: check
+CVE-2015-8279 (Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote ...)
+	TODO: check
 CVE-2015-8278
 	RESERVED
 CVE-2015-8277
@@ -10774,8 +10778,8 @@
 	NOT-FOR-US: ServerMaster
 CVE-2015-6468 (Cross-site request forgery (CSRF) vulnerability in Resource Data ...)
 	NOT-FOR-US: Resource Data Manager
-CVE-2015-6467
-	RESERVED
+CVE-2015-6467 (Advantech WebAccess before 8.1 allows remote attackers to execute ...)
+	TODO: check
 CVE-2015-6466 (Cross-site scripting (XSS) vulnerability in the Diagnosis Ping feature ...)
 	NOT-FOR-US: Moxa switches
 CVE-2015-6465 (The GoAhead web server on Moxa EDS-405A and EDS-408A switches with ...)
@@ -10862,8 +10866,8 @@
 	TODO: check
 CVE-2015-6424 (The boot manager in Cisco Application Policy Infrastructure Controller ...)
 	TODO: check
-CVE-2015-6423
-	RESERVED
+CVE-2015-6423 (The DCERPC Inspection implementation in Cisco Adaptive Security ...)
+	TODO: check
 CVE-2015-6422 (The self-service application in Cisco Unified Communications Domain ...)
 	TODO: check
 CVE-2015-6421
@@ -11043,8 +11047,8 @@
 	RESERVED
 CVE-2015-6337
 	RESERVED
-CVE-2015-6336
-	RESERVED
+CVE-2015-6336 (Cisco Aironet 1800 devices with software 7.2, 7.3, 7.4, 8.1(112.3), ...)
+	TODO: check
 CVE-2015-6335 (The policy implementation in Cisco FireSIGHT Management Center ...)
 	TODO: check
 CVE-2015-6334 (Cisco ASR 5000 and 5500 devices with software 18.0.0.57828 and ...)
@@ -11069,14 +11073,14 @@
 	NOT-FOR-US: Cisco
 CVE-2015-6324 (The DHCPv6 relay implementation in Cisco Adaptive Security Appliance ...)
 	NOT-FOR-US: Cisco
-CVE-2015-6323
-	RESERVED
+CVE-2015-6323 (The Admin portal in Cisco Identity Services Engine (ISE) 1.1.x, 1.2.0 ...)
+	TODO: check
 CVE-2015-6322 (The IPC channel in Cisco AnyConnect Secure Mobility Client 2.0.0343 ...)
 	NOT-FOR-US: Cisco
 CVE-2015-6321 (Cisco AsyncOS before 8.5.7-042, 9.x before 9.1.0-032, 9.1.x before ...)
 	NOT-FOR-US: Cisco
-CVE-2015-6320
-	RESERVED
+CVE-2015-6320 (The IP ingress packet handler on Cisco Aironet 1800 devices with ...)
+	TODO: check
 CVE-2015-6319
 	RESERVED
 CVE-2015-6318 (Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 ...)
@@ -11087,8 +11091,8 @@
 	NOT-FOR-US: Cisco
 CVE-2015-6315 (Cisco Aironet 1850 access points with software 8.1(112.4) allow local ...)
 	NOT-FOR-US: Cisco
-CVE-2015-6314
-	RESERVED
+CVE-2015-6314 (Cisco Wireless LAN Controller (WLC) devices with software 7.6.x, 8.0 ...)
+	TODO: check
 CVE-2015-6313
 	RESERVED
 CVE-2015-6312
@@ -14857,8 +14861,8 @@
 	RESERVED
 CVE-2015-5008
 	RESERVED
-CVE-2015-5007
-	RESERVED
+CVE-2015-5007 (Cross-site request forgery (CSRF) vulnerability in IBM WebSphere ...)
+	TODO: check
 CVE-2015-5006 (IBM Java Security Components in IBM SDK, Java Technology Edition 8 ...)
 	TODO: check
 CVE-2015-5005 (CSPOC in IBM PowerHA SystemMirror on AIX 6.1 and 7.1 allows remote ...)
@@ -17821,18 +17825,18 @@
 	NOT-FOR-US: XZERES 442SR (wind turbine)
 CVE-2015-3949 (Sinapsi eSolar Light with firmware before 2.0.3970_schsl_2.2.85 allows ...)
 	NOT-FOR-US: Sinapsi eSolar Light
-CVE-2015-3948
-	RESERVED
-CVE-2015-3947
-	RESERVED
-CVE-2015-3946
-	RESERVED
+CVE-2015-3948 (Cross-site scripting (XSS) vulnerability in Advantech WebAccess before ...)
+	TODO: check
+CVE-2015-3947 (SQL injection vulnerability in Advantech WebAccess before 8.1 allows ...)
+	TODO: check
+CVE-2015-3946 (Cross-site request forgery (CSRF) vulnerability in Advantech WebAccess ...)
+	TODO: check
 CVE-2015-3945
 	RESERVED
 CVE-2015-3944
 	RESERVED
-CVE-2015-3943
-	RESERVED
+CVE-2015-3943 (Advantech WebAccess before 8.1 allows remote attackers to read ...)
+	TODO: check
 CVE-2015-3942 (Multiple cross-site scripting (XSS) vulnerabilities in the web-server ...)
 	NOT-FOR-US: Belden GarrettCom switches
 CVE-2015-3941

More information about the Secure-testing-commits mailing list