[Secure-testing-commits] r40175 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Sat Mar 5 09:10:15 UTC 2016


Author: sectracker
Date: 2016-03-05 09:10:15 +0000 (Sat, 05 Mar 2016)
New Revision: 40175

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-03-05 08:40:07 UTC (rev 40174)
+++ data/CVE/list	2016-03-05 09:10:15 UTC (rev 40175)
@@ -1,3 +1,5 @@
+CVE-2016-2842 (The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 ...)
+	TODO: check
 CVE-2016-XXXX [Out-of-Bound Read in phar_parse_zipfile()]
 	- php5 <unfixed>
 	NOTE: https://bugs.php.net/bug.php?id=71498
@@ -4537,18 +4539,18 @@
 	RESERVED
 CVE-2016-1360
 	RESERVED
-CVE-2016-1359
-	RESERVED
-CVE-2016-1358
-	RESERVED
-CVE-2016-1357
-	RESERVED
-CVE-2016-1356
-	RESERVED
-CVE-2016-1355
-	RESERVED
-CVE-2016-1354
-	RESERVED
+CVE-2016-1359 (Cisco Prime Infrastructure 3.0 allows remote authenticated users to ...)
+	TODO: check
+CVE-2016-1358 (Cisco Prime Infrastructure 2.2, 3.0, and 3.1(0.0) allows remote ...)
+	TODO: check
+CVE-2016-1357 (The password-management administration component in Cisco Policy Suite ...)
+	TODO: check
+CVE-2016-1356 (Cisco FireSIGHT System Software 6.1.0 does not use a constant-time ...)
+	TODO: check
+CVE-2016-1355 (Cross-site scripting (XSS) vulnerability in the Device Management UI ...)
+	TODO: check
+CVE-2016-1354 (Cross-site scripting (XSS) vulnerability in Cisco Unified ...)
+	TODO: check
 CVE-2016-1353 (The TCP implementation in Cisco Videoscape Distribution Suite for ...)
 	NOT-FOR-US: Cisco Videoscape Distribution Suite
 CVE-2016-1352
@@ -4679,8 +4681,8 @@
 	RESERVED
 CVE-2016-1289
 	RESERVED
-CVE-2016-1288
-	RESERVED
+CVE-2016-1288 (The HTTPS Proxy feature in Cisco AsyncOS before 8.5.3-051 and 9.x ...)
+	TODO: check
 CVE-2016-1287 (Buffer overflow in the IKEv1 and IKEv2 implementations in Cisco ASA ...)
 	NOT-FOR-US: Cisco ASA
 CVE-2016-1286
@@ -5367,8 +5369,8 @@
 	RESERVED
 CVE-2016-1159
 	RESERVED
-CVE-2016-1158
-	RESERVED
+CVE-2016-1158 (Cross-site request forgery (CSRF) vulnerability on Corega CG-WLBARGMH ...)
+	TODO: check
 CVE-2016-1157 (Cross-site scripting (XSS) vulnerability in log_chat.cgi in Script* ...)
 	TODO: check
 CVE-2016-1156 (LINE 4.3.0.724 and earlier on Windows and 4.3.1 and earlier on OS X ...)
@@ -6493,21 +6495,18 @@
 	NOTE: https://www.drownattack.com/
 	NOTE: GNUTLS never implemented SSLv2
 	NOTE: http://blog.cryptographyengineering.com/2016/03/attack-of-week-drown.html
-CVE-2016-0799 [Memory issues in BIO_*printf functions]
-	RESERVED
+CVE-2016-0799 (The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before ...)
 	{DSA-3500-1}
 	- openssl 1.0.2g-1
 	NOTE: https://www.openssl.org/news/secadv/20160301.txt
 	NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=a801bf263849a2ef773e5bc0c86438cbba720835
 	NOTE: https://guidovranken.wordpress.com/2016/02/27/openssl-cve-2016-0799-heap-corruption-via-bio_printf/
-CVE-2016-0798 [Memory leak in SRP database lookups]
-	RESERVED
+CVE-2016-0798 (Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL ...)
 	{DSA-3500-1}
 	- openssl 1.0.2g-1
 	NOTE: https://www.openssl.org/news/secadv/20160301.txt
 	NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=59a908f1e8380412a81392c468b83bf6071beb2a
-CVE-2016-0797 [BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption]
-	RESERVED
+CVE-2016-0797 (Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 ...)
 	{DSA-3500-1}
 	- openssl 1.0.2g-1
 	NOTE: https://www.openssl.org/news/secadv/20160301.txt
@@ -6838,8 +6837,7 @@
 	- tomcat6 6.0.41-3
 	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs
 	NOTE: Fixed in 6.0.45, 7.0.68, 8.0.32, 9.0.0.M3
-CVE-2016-0705 [Double-free in DSA code]
-	RESERVED
+CVE-2016-0705 (Double free vulnerability in the dsa_priv_decode function in ...)
 	{DSA-3500-1}
 	- openssl 1.0.2g-1
 	[squeeze] - openssl <not-affected> (vulnerable code not present)
@@ -6853,8 +6851,7 @@
 	- openssl 1.0.0c-2
 	NOTE: 1.0.0c-2 dropped SSLv2 support
 	NOTE: https://www.openssl.org/news/secadv/20160301.txt
-CVE-2016-0702 [Side channel attack on modular exponentiation]
-	RESERVED
+CVE-2016-0702 (The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in ...)
 	{DSA-3500-1}
 	- openssl 1.0.2g-1
 	NOTE: https://www.openssl.org/news/secadv/20160301.txt
@@ -8182,8 +8179,8 @@
 	RESERVED
 CVE-2016-0228
 	RESERVED
-CVE-2016-0227
-	RESERVED
+CVE-2016-0227 (Cross-site scripting (XSS) vulnerability in the document-list control ...)
+	TODO: check
 CVE-2016-0226
 	RESERVED
 CVE-2016-0225 (IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.9 ...)
@@ -11966,8 +11963,8 @@
 	TODO: check
 CVE-2015-7491 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x ...)
 	TODO: check
-CVE-2015-7490
-	RESERVED
+CVE-2015-7490 (IBM InfoSphere Information Server 8.5 through FP3, 8.7 through FP2, ...)
+	TODO: check
 CVE-2015-7489 (IBM SPSS Statistics 22.0.0.2 before IF10 and 23.0.0.2 before IF7 uses ...)
 	TODO: check
 CVE-2015-7488 (IBM Spectrum Scale 4.1.1.x before 4.1.1.4 and 4.2.x before 4.2.0.1, in ...)
@@ -15063,8 +15060,8 @@
 	NOT-FOR-US: Cisco
 CVE-2015-6261 (Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 ...)
 	NOT-FOR-US: Cisco
-CVE-2015-6260
-	RESERVED
+CVE-2015-6260 (Cisco NX-OS 7.1(1)N1(1) on Nexus 5500, 5600, and 6000 devices does not ...)
+	TODO: check
 CVE-2015-6259 (The JavaServer Pages (JSP) component in Cisco Integrated Management ...)
 	NOT-FOR-US: Cisco
 CVE-2015-6258 (The Internet Access Point Protocol (IAPP) module on Cisco Wireless LAN ...)
@@ -32287,8 +32284,8 @@
 	RESERVED
 CVE-2015-0719
 	RESERVED
-CVE-2015-0718
-	RESERVED
+CVE-2015-0718 (Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and ...)
+	TODO: check
 CVE-2015-0717 (Cisco Unified Communications Manager 10.0(1.10000.12) allows local ...)
 	NOT-FOR-US: Cisco
 CVE-2015-0716 (Cross-site request forgery (CSRF) vulnerability in the CUCReports page ...)




More information about the Secure-testing-commits mailing list