[Secure-testing-commits] r50630 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Thu Apr 13 21:10:18 UTC 2017
Author: sectracker
Date: 2017-04-13 21:10:18 +0000 (Thu, 13 Apr 2017)
New Revision: 50630
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-04-13 19:15:55 UTC (rev 50629)
+++ data/CVE/list 2017-04-13 21:10:18 UTC (rev 50630)
@@ -1,3 +1,19 @@
+CVE-2017-7855
+ RESERVED
+CVE-2017-7854 (The consume_init_expr function in wasm.c in radare2 1.3.0 allows remote ...)
+ TODO: check
+CVE-2017-7853 (In libosip2 in GNU oSIP 5.0.0, a malformed SIP message can lead to a ...)
+ TODO: check
+CVE-2017-7852
+ RESERVED
+CVE-2017-7851
+ RESERVED
+CVE-2016-10326 (In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a ...)
+ TODO: check
+CVE-2016-10325 (In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a ...)
+ TODO: check
+CVE-2016-10324 (In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a ...)
+ TODO: check
CVE-2017-7850
RESERVED
CVE-2017-7849
@@ -268,8 +284,8 @@
RESERVED
CVE-2017-7726
RESERVED
-CVE-2017-7725
- RESERVED
+CVE-2017-7725 (concrete5 8.1.0 places incorrect trust in the HTTP Host header during ...)
+ TODO: check
CVE-2017-7724
RESERVED
CVE-2017-7723
@@ -1826,8 +1842,8 @@
RESERVED
CVE-2017-7220
RESERVED
-CVE-2017-7219
- RESERVED
+CVE-2017-7219 (A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 ...)
+ TODO: check
CVE-2017-7218
RESERVED
CVE-2017-7217
@@ -8076,42 +8092,35 @@
[wheezy] - lxc <no-dsa> (Minor issue)
NOTE: https://github.com/lxc/lxc/commit/e986ea3dfa4a2957f71ae9bfaed406dd6e1ffff6
NOTE: https://github.com/lxc/lxc/commit/5eacdc3dbd0e45abf3cc90cf0216a7f8ee560abf (lxc-2.0.0.rc2)
-CVE-2016-10123 [firejail: don't allow --chroot as user without seccomp support]
- RESERVED
+CVE-2016-10123 (Firejail allows --chroot when seccomp is not supported, which might ...)
- firejail 0.9.38-1
NOTE: http://www.openwall.com/lists/oss-security/2017/01/05/4
NOTE: https://github.com/netblue30/firejail/commit/a23ac1bf390fa4c3db4ea31e6ee6100a9c511d59 (0.9.38-rc1)
-CVE-2016-10122 [firejail: Environment not cleaned before root exec()]
- RESERVED
+CVE-2016-10122 (Firejail does not properly clean environment variables, which allows ...)
- firejail 0.9.44.2-1
NOTE: http://www.openwall.com/lists/oss-security/2017/01/05/4
NOTE: https://github.com/netblue30/firejail/commit/3b81e1f2c331644ced87d26a943b22eed6242b8f
NOTE: https://github.com/netblue30/firejail/commit/72bc0e145c67da24e555d868086953148c52b5fc
NOTE: In 0.9.44-bugfixes: https://github.com/netblue30/firejail/commit/e847207df28e181a8f590ade825b5f06d4fadf17 (0.9.44.2)
NOTE: In 0.9.44-bugfixes: https://github.com/netblue30/firejail/commit/18f6e9dc9b304f7aca291c3edce5122562b1e36c (0.9.44.2)
-CVE-2016-10121 [firejail: multiple weak permissions]
- RESERVED
+CVE-2016-10121 (Firejail uses weak permissions for /dev/shm/firejail and possibly ...)
- firejail 0.9.38-1
NOTE: http://www.openwall.com/lists/oss-security/2017/01/05/4
NOTE: https://github.com/netblue30/firejail/commit/1cab02f5ae3c90c01fae4d1c16381820b757a3a6 (0.9.38)
-CVE-2016-10120 [firejail /dev, /dev/shm, /var/tmp, /var/lock was mounted 0777]
- RESERVED
+CVE-2016-10120 (Firejail uses 0777 permissions when mounting (1) /dev, (2) /dev/shm, ...)
- firejail 0.9.38-1
NOTE: http://www.openwall.com/lists/oss-security/2017/01/05/4
NOTE: https://github.com/netblue30/firejail/commit/cd0ecfc7a7b30abde20db6dea505cd8c58e7c046 (0.9.38-rc1)
-CVE-2016-10119 [firejail /tmp,/var/tmp was mounted tmpfs 0777]
- RESERVED
+CVE-2016-10119 (Firejail uses 0777 permissions when mounting /tmp, which allows local ...)
- firejail 0.9.38-1
NOTE: http://www.openwall.com/lists/oss-security/2017/01/05/4
NOTE: https://github.com/netblue30/firejail/commit/aa28ac9e09557b833f194f594e2940919d940d1f (0.9.38)
-CVE-2016-10118 [firejail allows truncation of /etc/resolv.conf]
- RESERVED
+CVE-2016-10118 (Firejail allows local users to truncate /etc/resolv.conf via a chroot ...)
- firejail 0.9.44.2-1 (low)
NOTE: http://www.openwall.com/lists/oss-security/2017/01/05/4
NOTE: https://github.com/netblue30/firejail/commit/6144229605177764b7f3f3450c1a47f56595dc9e
NOTE: In 0.9.44-bugfixes: https://github.com/netblue30/firejail/commit/8b5b444c766b8d0592346decc6ed4a6d345e4f67 (0.9.44.2)
-CVE-2016-10117 [firejail allows unrestricted mount of tmpfs]
- RESERVED
+CVE-2016-10117 (Firejail does not restrict access to --tmpfs, which allows local users ...)
- firejail 0.9.38-1
NOTE: http://www.openwall.com/lists/oss-security/2017/01/05/4
NOTE: https://github.com/netblue30/firejail/commit/678cd1495457318dad39178bb646ba1b96332ddb (0.9.38-rc1)
@@ -22942,22 +22951,22 @@
RESERVED
CVE-2016-8728
RESERVED
-CVE-2016-8727
- RESERVED
-CVE-2016-8726
- RESERVED
-CVE-2016-8725
- RESERVED
-CVE-2016-8724
- RESERVED
-CVE-2016-8723
- RESERVED
-CVE-2016-8722
- RESERVED
+CVE-2016-8727 (An exploitable information disclosure vulnerability exists in the Web ...)
+ TODO: check
+CVE-2016-8726 (An exploitable null pointer dereference vulnerability exists in the ...)
+ TODO: check
+CVE-2016-8725 (An exploitable information disclosure vulnerability exists in the Web ...)
+ TODO: check
+CVE-2016-8724 (An exploitable information disclosure vulnerability exists in the ...)
+ TODO: check
+CVE-2016-8723 (An exploitable null pointer dereference exists in the Web Application ...)
+ TODO: check
+CVE-2016-8722 (An exploitable Information Disclosure vulnerability exists in the Web ...)
+ TODO: check
CVE-2016-8721
RESERVED
-CVE-2016-8720
- RESERVED
+CVE-2016-8720 (An exploitable HTTP Header Injection vulnerability exists in the Web ...)
+ TODO: check
CVE-2016-8719 (An exploitable reflected Cross-Site Scripting vulnerability exists in ...)
NOT-FOR-US: Moxa
CVE-2016-8718 (An exploitable Cross-Site Request Forgery vulnerability exists in the ...)
@@ -22974,8 +22983,8 @@
NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0227/
CVE-2016-8713 (A remote out of bound write / memory corruption vulnerability exists ...)
NOT-FOR-US: Nitro Pro
-CVE-2016-8712
- RESERVED
+CVE-2016-8712 (An exploitable nonce reuse vulnerability exists in the Web Application ...)
+ TODO: check
CVE-2016-8711 (A potential remote code execution vulnerability exists in the PDF ...)
NOT-FOR-US: Nitro Pro
CVE-2016-8710 (An exploitable heap write out of bounds vulnerability exists in the ...)
@@ -26328,8 +26337,8 @@
RESERVED
CVE-2016-7835
RESERVED
-CVE-2016-7834
- RESERVED
+CVE-2016-7834 (SONY SNC-CH115, SNC-CH120, SNC-CH160, SNC-CH220, SNC-CH260, SNC-DH120, ...)
+ TODO: check
CVE-2016-7833
RESERVED
CVE-2016-7832
@@ -29105,8 +29114,8 @@
NOT-FOR-US: MetroCluster Tiebreaker
CVE-2016-6819
RESERVED
-CVE-2016-6818
- RESERVED
+CVE-2016-6818 (SQL injection vulnerability in SAP Business Intelligence platform ...)
+ TODO: check
CVE-2016-6817 [denial of service]
RESERVED
- tomcat9 <itp> (bug #802312)
@@ -31872,8 +31881,8 @@
NOT-FOR-US: SAP HANA
CVE-2016-6144 (The SQL interface in SAP HANA before Revision 102 does not limit the ...)
NOT-FOR-US: SAP HANA
-CVE-2016-6143
- RESERVED
+CVE-2016-6143 (SAP HANA DB 1.00.73.00.389160 allows remote attackers to execute ...)
+ TODO: check
CVE-2016-6142 (SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers ...)
NOT-FOR-US: SAP
CVE-2016-6141
@@ -32513,7 +32522,7 @@
RESERVED
CVE-2016-5857 (The Qualcomm SPCom driver in Android before 7.0 allows local users to ...)
NOTE: Red Hat seem to have typoed the CVE, which should be CVE-2016-5875, asked to confirm
-CVE-2016-5856 (Drivers/soc/qcom/spcom.c in the Qualcom SPCom driver in the Android ...)
+CVE-2016-5856 (Drivers/soc/qcom/spcom.c in the Qualcomm SPCom driver in the Android ...)
NOT-FOR-US: Qualcomm driver for Android
CVE-2016-5855
RESERVED
@@ -36037,8 +36046,7 @@
[jessie] - wget 1.16-1+deb8u1
NOTE: http://lists.gnu.org/archive/html/info-gnu/2016-06/msg00004.html
NOTE: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=e996e322ffd42aaa051602da182d03178d0f13e1 (v1.18)
-CVE-2016-4970 [nfinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl]
- RESERVED
+CVE-2016-4970 (handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and ...)
- netty 1:4.0.37-1 (bug #827620)
[jessie] - netty <not-affected> (Vulnerable code not present)
[wheezy] - netty <not-affected> (Vulnerable code not present)
@@ -36443,10 +36451,10 @@
RESERVED
CVE-2016-4900
RESERVED
-CVE-2016-4899
- RESERVED
-CVE-2016-4898
- RESERVED
+CVE-2016-4899 (The datamover module in the Linux version of NovaBACKUP DataCenter ...)
+ TODO: check
+CVE-2016-4898 (The datamover module in the Linux version of NovaBACKUP DataCenter ...)
+ TODO: check
CVE-2016-4897 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
NOT-FOR-US: Usermin
CVE-2016-4896 (SetucoCMS allows remote attackers to alter or disclose information, ...)
@@ -36679,8 +36687,7 @@
- curl <not-affected> (Windows only)
CVE-2016-4801
RESERVED
-CVE-2016-4800
- RESERVED
+CVE-2016-4800 (The path normalization mechanism in PathResource class in Eclipse ...)
- jetty9 <not-affected> (Only affects Jetty >= 9.3.0, Jetty <= 9.3.8)
- jetty8 <not-affected> (Only affects 9.3.x)
- jetty <not-affected> (Only affects 9.3.x)
@@ -38645,14 +38652,12 @@
NOTE: https://github.com/roundcube/roundcubemail/commit/4a408843b0ef816daf70a472a02b78cd6073a4d5
NOTE: https://github.com/roundcube/roundcubemail/commit/699af1e5206ed9114322adaa3c25c1c969640a53 (release-1.1)
NOTE: http://www.openwall.com/lists/oss-security/2016/04/23/3
-CVE-2016-4068 ["for the remaining SVG XSS issues additional to CVE-2015-8864"]
- RESERVED
+CVE-2016-4068 (Cross-site scripting (XSS) vulnerability in Roundcube Webmail before ...)
{DLA-537-1}
- roundcube 1.2.1+dfsg.1-1
NOTE: https://github.com/roundcube/roundcubemail/issues/5398
NOTE: https://github.com/roundcube/roundcubemail/commit/a1fdb205f824dee7fd42dda739f207abc85ce158
-CVE-2015-8864 [XSS issue in SVG images handling]
- RESERVED
+CVE-2015-8864 (Cross-site scripting (XSS) vulnerability in Roundcube Webmail before ...)
{DLA-537-1}
- roundcube 1.1.5+dfsg.1-1 (bug #822333)
NOTE: https://github.com/roundcube/roundcubemail/issues/4949
@@ -38875,10 +38880,10 @@
RESERVED
CVE-2016-4033
RESERVED
-CVE-2016-4032
- RESERVED
-CVE-2016-4031
- RESERVED
+CVE-2016-4032 (Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build ...)
+ TODO: check
+CVE-2016-4031 (Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build ...)
+ TODO: check
CVE-2016-4037 (The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows ...)
- qemu 1:2.6+dfsg-1 (bug #822344)
[jessie] - qemu <no-dsa> (Minor issue)
@@ -38890,8 +38895,8 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/04/18/3
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=1ae3f2f178087711f9591350abad133525ba93f2 (v2.6.0-rc3)
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=a49923d2837d20510d645d3758f1ad87c32d0730 (v2.6.0-rc3)
-CVE-2016-4030
- RESERVED
+CVE-2016-4030 (Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build ...)
+ TODO: check
CVE-2016-4029 (WordPress before 4.5 does not consider octal and hexadecimal IP ...)
{DSA-3681-1 DLA-633-1}
- wordpress 4.5+dfsg-1
@@ -41354,8 +41359,7 @@
CVE-2016-3107
RESERVED
NOT-FOR-US: Pulp (Red Hat)
-CVE-2016-3106
- RESERVED
+CVE-2016-3106 (Pulp before 2.8.3 creates a temporary directory during CA key ...)
NOT-FOR-US: Pulp (Red Hat)
CVE-2016-3105 (The convert extension in Mercurial before 3.8 might allow ...)
{DSA-3570-1 DLA-459-1}
@@ -43030,12 +43034,12 @@
REJECTED
CVE-2016-2573
RESERVED
-CVE-2016-2567
- RESERVED
-CVE-2016-2566
- RESERVED
-CVE-2016-2565
- RESERVED
+CVE-2016-2567 (secfilter in the Samsung kernel for Android on SM-N9005 build ...)
+ TODO: check
+CVE-2016-2566 (Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) ...)
+ TODO: check
+CVE-2016-2565 (Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) ...)
+ TODO: check
CVE-2016-2564
RESERVED
CVE-2016-2563 (Stack-based buffer overflow in the SCP command-line utility in PuTTY ...)
@@ -43113,8 +43117,8 @@
NOT-FOR-US: NVIDIA Windows drivers
CVE-2016-2556 (The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU ...)
NOT-FOR-US: NVIDIA Windows drivers
-CVE-2016-2555
- RESERVED
+CVE-2016-2555 (SQL injection vulnerability in include/lib/mysql_connect.inc.php in ...)
+ TODO: check
CVE-2016-2553
REJECTED
CVE-2016-2552
@@ -44891,8 +44895,7 @@
- openssl 1.0.2h-1
NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=ee1e3cac2e83abc77bcc8ff98729ca1e10fcc920
NOTE: https://www.openssl.org/news/secadv/20160503.txt
-CVE-2016-2104
- RESERVED
+CVE-2016-2104 (Multiple cross-site scripting (XSS) vulnerabilities in Red Hat ...)
NOT-FOR-US: Red Hat Satellite
CVE-2016-2103 (Multiple cross-site scripting (XSS) vulnerabilities in Red Hat ...)
NOT-FOR-US: Red Hat Satellite
@@ -45310,10 +45313,10 @@
[squeeze] - phpmyadmin <no-dsa> (minor issue)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-1/
NOTE: path disclosure not relevant on Debian
-CVE-2016-2036
- RESERVED
-CVE-2015-8780
- RESERVED
+CVE-2016-2036 (The getURL function in drivers/secfilter/urlparser.c in secfilter in ...)
+ TODO: check
+CVE-2015-8780 (Samsung wssyncmlnps before 2015-10-31 allows directory traversal in a ...)
+ TODO: check
CVE-2016-2069 (Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 ...)
{DSA-3503-1 DLA-412-1}
- linux 4.3.5-1
@@ -45827,10 +45830,10 @@
NOT-FOR-US: BlackBerry
CVE-2016-1916 (Cross-site scripting (XSS) vulnerability in the Management Console in ...)
NOT-FOR-US: BlackBerry
-CVE-2016-1915
- RESERVED
-CVE-2016-1914
- RESERVED
+CVE-2016-1915 (Multiple cross-site scripting (XSS) vulnerabilities in BlackBerry ...)
+ TODO: check
+CVE-2016-1914 (Multiple SQL injection vulnerabilities in the ...)
+ TODO: check
CVE-2016-1913 (Multiple cross-site scripting (XSS) vulnerabilities in the Redhen ...)
NOT-FOR-US: Redhen module for Drupal
CVE-2016-1912 (Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ...)
@@ -48522,8 +48525,8 @@
NOT-FOR-US: Log-Chat
CVE-2016-1156 (LINE 4.3.0.724 and earlier on Windows and 4.3.1 and earlier on OS X ...)
NOT-FOR-US: LINE
-CVE-2016-1155
- RESERVED
+CVE-2016-1155 (HTTP header injection vulnerability in the URLConnection class in ...)
+ TODO: check
CVE-2016-1154 (SQL injection vulnerability in the Help plug-in 1.3.5 and earlier in ...)
NOT-FOR-US: Cuore EC-CUBE
CVE-2016-1153 (customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote ...)
@@ -48568,8 +48571,8 @@
NOT-FOR-US: BUFFALO
CVE-2016-1133 (CRLF injection vulnerability in the on_req function in ...)
NOT-FOR-US: H2O
-CVE-2016-1132
- RESERVED
+CVE-2016-1132 (Shoplat App for iOS 1.10.00 through 1.18.00 does not properly verify ...)
+ TODO: check
CVE-2016-1131 (Buffer overflow in the CL_vsprintf function in Takumi Yamada DX ...)
NOT-FOR-US: Takumi Yamada
CVE-2015-8698 (CA Release Automation (formerly LISA Release Automation) 5.0.2 before ...)
@@ -49279,8 +49282,7 @@
[wheezy] - xen <not-affected> (Only affects 4.6)
[squeeze] - xen <not-affected> (Only affects 4.6)
NOTE: http://xenbits.xen.org/xsa/advisory-169.html
-CVE-2015-8619 [hmp: stack based OOB write in hmp_sendkey routine]
- RESERVED
+CVE-2015-8619 (The Human Monitor Interface support in QEMU allows remote attackers to ...)
{DSA-3471-1}
- qemu 1:2.5+dfsg-5 (bug #809237)
[wheezy] - qemu <not-affected> (Issue introduced afer 1.2)
@@ -50208,8 +50210,7 @@
- qemu-kvm <not-affected> (Vulnerable code not present)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02299.html
NOTE: http://www.openwall.com/lists/oss-security/2015/12/15/4
-CVE-2015-8567 [net: vmxnet3: host memory leakage -- does not check if the device is active before activating it]
- RESERVED
+CVE-2015-8567 (Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause ...)
{DSA-3471-1}
- qemu 1:2.5+dfsg-3 (bug #808145)
[wheezy] - qemu <not-affected> (Vulnerable code not present)
@@ -52575,8 +52576,7 @@
CVE-2015-XXXX [RCE in gitlab-shell 2.6.6-2.6.7]
- gitlab-shell <not-affected> (Only affects version 2.6.6-2.6.7)
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/11/25/5
-CVE-2015-8345 [Qemu: net: eepro100: infinite loop in processing command block list]
- RESERVED
+CVE-2015-8345 (The eepro100 emulator in QEMU qemu-kvm blank allows local guest users ...)
{DSA-3471-1 DSA-3470-1 DSA-3469-1}
- qemu 1:2.5+dfsg-1 (bug #806373)
[jessie] - qemu <no-dsa> (Minor issue, can be fixed along in a later DSA)
@@ -52736,12 +52736,12 @@
NOT-FOR-US: Zhuhai RaySharp
CVE-2015-8285
RESERVED
-CVE-2015-8284
- RESERVED
-CVE-2015-8283
- RESERVED
-CVE-2015-8282
- RESERVED
+CVE-2015-8284 (SeaWell Networks Spectrum SDC 02.05.00 allows remote viewer users to ...)
+ TODO: check
+CVE-2015-8283 (Directory traversal vulnerability in configure_manage.php in SeaWell ...)
+ TODO: check
+CVE-2015-8282 (SeaWell Networks Spectrum SDC 02.05.00 has a default password of ...)
+ TODO: check
CVE-2015-8281 (Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows attackers to ...)
NOT-FOR-US: Samsung
CVE-2015-8280 (Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote ...)
@@ -52760,12 +52760,12 @@
RESERVED
CVE-2015-8273
RESERVED
-CVE-2015-8272
- RESERVED
-CVE-2015-8271
- RESERVED
-CVE-2015-8270
- RESERVED
+CVE-2015-8272 (RTMPDump 2.4 allows remote attackers to trigger a denial of service ...)
+ TODO: check
+CVE-2015-8271 (The AMF3CD_AddProp function in amf.c in RTMPDump 2.4 allows remote ...)
+ TODO: check
+CVE-2015-8270 (The AMF3ReadString function in amf.c in RTMPDump 2.4 allows remote ...)
+ TODO: check
CVE-2015-8269 (The API on Fisher-Price Smart Toy Bear devices allows remote attackers ...)
NOT-FOR-US: Fisher-Price
CVE-2015-8268 (The up.time agent in Idera Uptime Infrastructure Monitor 7.5 and 7.6 ...)
@@ -52871,8 +52871,8 @@
NOT-FOR-US: Huawei
CVE-2015-8224
RESERVED
-CVE-2015-8223
- RESERVED
+CVE-2015-8223 (Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B85, and ...)
+ TODO: check
CVE-2015-8222 (The lxd-unix.socket systemd unit file in the Ubuntu lxd package before ...)
- lxd <itp> (bug #768073)
CVE-2015-8221 (Integer overflow in Google Picasa before 3.9.140 Build 259 allows ...)
@@ -53201,8 +53201,7 @@
RESERVED
CVE-2015-8108 (The management interface in LenovoEMC EZ Media & Backup (hm3), ...)
NOT-FOR-US: LenovoEMC
-CVE-2015-8107 [format string vulnerability]
- RESERVED
+CVE-2015-8107 (Format string vulnerability in GNU a2ps 4.14 allows remote attackers ...)
- a2ps 1:4.14-1.2
[wheezy] - a2ps <no-dsa> (Minor issue)
[squeeze] - a2ps <no-dsa> (Minor issue)
@@ -54492,8 +54491,7 @@
[squeeze] - libui-dialog-perl <no-dsa> (Minor issue)
NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=107364
NOTE: http://www.openwall.com/lists/oss-security/2015/10/08/2
-CVE-2015-7740
- RESERVED
+CVE-2015-7740 (Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B851 and ...)
NOT-FOR-US: ARM Mali GPU driver
CVE-2015-7545 (The (1) git-remote-ext and (2) unspecified other remote helper ...)
{DSA-3435-1}
@@ -54967,13 +54965,13 @@
- linux-2.6 <removed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283371 (not (yet) public)
NOTE: Proposed upstream patch: http://marc.info/?l=linux-usb&m=145260786729359&w=2
-CVE-2015-7565
- RESERVED
+CVE-2015-7565 (Cross-site scripting (XSS) vulnerability in Ember.js 1.8.x through ...)
+ TODO: check
CVE-2015-7564 (Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier ...)
NOT-FOR-US: TeamPass
CVE-2015-7563 (Cross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and ...)
NOT-FOR-US: TeamPass
-CVE-2015-7562 (Mulitple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 ...)
+CVE-2015-7562 (Multiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 ...)
NOT-FOR-US: TeamPass
CVE-2015-7561
RESERVED
@@ -63107,8 +63105,7 @@
[wheezy] - wireshark <not-affected> (Vulnerable code not present)
[squeeze] - wireshark <not-affected> (Vulnerable code not present)
NOTE: http://www.wireshark.org/security/wnpa-sec-2015-19.html
-CVE-2015-4646
- RESERVED
+CVE-2015-4646 ((1) unsquash-1.c, (2) unsquash-2.c, (3) unsquash-3.c, and (4) ...)
- squashfs-tools 1:4.3-2 (bug #793468)
[jessie] - squashfs-tools <no-dsa> (Minor issue)
[wheezy] - squashfs-tools <no-dsa> (Minor issue)
@@ -68011,8 +68008,8 @@
NOT-FOR-US: ZenPhoto20
CVE-2015-2948 (Cross-site scripting (XSS) vulnerability in the image processor in ...)
NOT-FOR-US: Zenphoto
-CVE-2015-2947
- RESERVED
+CVE-2015-2947 (KanColleViewer versions 3.8.1 and earlier operates as an open proxy ...)
+ TODO: check
CVE-2015-2946 (Stack-based buffer overflow in the Open CAD Format Council SXF common ...)
NOT-FOR-US: Open CAD Format Council SXF common library
CVE-2015-2945 (mt-phpincgi.php in Hajime Fujimoto mt-phpincgi before 2015-05-15 does ...)
@@ -69797,8 +69794,7 @@
[jessie] - dokuwiki <no-dsa> (Minor issue)
[wheezy] - dokuwiki <no-dsa> (Minor issue)
[squeeze] - dokuwiki <no-dsa> (Minor issue)
-CVE-2015-6674 [problem of "i =- 12" where "i -= 12" was intended]
- RESERVED
+CVE-2015-6674 (Buffer underflow vulnerability in the Debian inspircd package before ...)
{DSA-3226-1 DLA-276-1}
- inspircd 2.0.16-1 (bug #780880)
NOTE: Correct fix: https://github.com/inspircd/inspircd/commit/ed28c1ba666b39581adb860bf51cdde43c84cc89
@@ -69809,8 +69805,7 @@
- inspircd 2.0.16-1 (bug #780880)
NOTE: Correct fix: https://github.com/inspircd/inspircd/commit/ed28c1ba666b39581adb860bf51cdde43c84cc89
NOTE: http://www.openwall.com/lists/oss-security/2015/03/29/5
-CVE-2012-6697 [infinite loop caused by invalid dns packets]
- RESERVED
+CVE-2012-6697 (InspIRCd before 2.0.7 allows remote attackers to cause a denial of ...)
{DSA-3226-1 DLA-276-1}
- inspircd 2.0.16-1 (bug #780880)
NOTE: https://github.com/inspircd/inspircd/commit/58c893e834ff20495d007709220881a3ff13f423
@@ -71479,13 +71474,11 @@
NOTE: https://hackerone.com/reports/49935
NOTE: https://groups.google.com/forum/#!msg/rubyonrails-security/XIZPbobuwaY/fqnzzpuOlA4J
NOTE: https://nodesecurity.io/advisories/15
-CVE-2015-1839 [insecure /tmp file handling in salt/modules/chef.py]
- RESERVED
+CVE-2015-1839 (modules/chef.py in SaltStack before 2014.7.4 does not properly handle ...)
- salt <not-affected> (Vulnerable code only present in experimental version; introduced in 2014.7.0)
NOTE: https://github.com/saltstack/salt/commit/22d2f7a1ec93300c34e8c42d14ec39d51e610b5c
NOTE: https://github.com/saltstack/salt/commit/b49d0d4b5ca5c6f31f03e2caf97cef1088eeed81
-CVE-2015-1838 [insecure /tmp file handling in salt/modules/serverdensity_device.py]
- RESERVED
+CVE-2015-1838 (modules/serverdensity_device.py in SaltStack before 2014.7.4 does not ...)
- salt <not-affected> (Vulnerable code only present in experimental version; introduced in 2014.7.0)
NOTE: https://github.com/saltstack/salt/commit/e11298d7155e9982749483ca5538e46090caef9c
CVE-2015-1837
@@ -82238,10 +82231,10 @@
- icu 52.1-7.1 (bug #776265)
CVE-2014-7922 (The GoogleAuthUtil.getToken method in the Google Play services SDK ...)
NOT-FOR-US: Google Play
-CVE-2014-7921
- RESERVED
-CVE-2014-7920
- RESERVED
+CVE-2014-7921 (mediaserver in Android 4.0.3 through 5.x before 5.1 allows attackers ...)
+ TODO: check
+CVE-2014-7920 (mediaserver in Android 2.2 through 5.x before 5.1 allows attackers to ...)
+ TODO: check
CVE-2014-7919
RESERVED
CVE-2014-7918
@@ -91865,8 +91858,8 @@
NOT-FOR-US: silex device
CVE-2014-3888 (Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS ...)
NOT-FOR-US: Yokogawa
-CVE-2014-3887
- RESERVED
+CVE-2014-3887 (Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk ...)
+ TODO: check
CVE-2014-3886 (Cross-site scripting (XSS) vulnerability in Webmin before 1.690, when ...)
NOT-FOR-US: Webmin
CVE-2014-3885 (Cross-site scripting (XSS) vulnerability in Webmin before 1.690 allows ...)
@@ -95359,8 +95352,8 @@
NOT-FOR-US: Juniper Junos
CVE-2014-2711 (Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos ...)
NOT-FOR-US: Juniper Junos
-CVE-2014-2710
- RESERVED
+CVE-2014-2710 (Multiple cross-site scripting (XSS) vulnerabilities in Oliver ...)
+ TODO: check
CVE-2014-2705
RESERVED
CVE-2014-2704
@@ -104198,8 +104191,8 @@
{DSA-2883-1}
- chromium-browser 33.0.1750.152-1
[squeeze] - chromium-browser <end-of-life>
-CVE-2013-6662
- RESERVED
+CVE-2013-6662 (Google Chrome caches TLS sessions before certificate validation ...)
+ TODO: check
CVE-2013-6661 (Multiple unspecified vulnerabilities in Google Chrome before ...)
{DSA-2883-1}
- chromium-browser 33.0.1750.152-1
@@ -104258,8 +104251,8 @@
[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- libv8-3.14 <unfixed> (unimportant; bug #773671)
NOTE: libv8 not covered by security support
-CVE-2013-6648
- RESERVED
+CVE-2013-6648 (SkRegion::setPath in Skia allows remote attackers to cause a denial of ...)
+ TODO: check
CVE-2013-6647 (A use-after-free in AnimationController::endAnimationUpdate in Google ...)
- chromium-browser <not-affected> (According to upstream bug only affected interim version, not a stable release)
CVE-2013-6646 (Use-after-free vulnerability in the Web Workers implementation in ...)
@@ -136146,8 +136139,7 @@
NOT-FOR-US: amCharts Flash
CVE-2012-1302 (Multiple cross-site scripting (XSS) vulnerabilities in amMap 2.6.3 ...)
NOT-FOR-US: amMap
-CVE-2012-1301
- RESERVED
+CVE-2012-1301 (The FeedProxy.aspx script in Umbraco 4.7.0 allows remote attackers to ...)
NOT-FOR-US: Umbraco
CVE-2012-1300
RESERVED
@@ -162377,8 +162369,8 @@
CVE-2010-1822 (WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 ...)
- webkit <not-affected> (rendererIsNeeded function not present in 1.2.x series)
- chromium-browser 6.0.472.62~r59676-1
-CVE-2010-1821
- RESERVED
+CVE-2010-1821 (Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through ...)
+ TODO: check
CVE-2010-1820 (Apple Filing Protocol (AFP) Server in Apple Mac OS X 10.6.x through ...)
NOT-FOR-US: Apple Filing Protocol Server
CVE-2010-1819 (Untrusted search path vulnerability in the Picture Viewer in Apple ...)
@@ -162387,8 +162379,8 @@
NOT-FOR-US: QuickTime
CVE-2010-1817 (Buffer overflow in ImageIO in Apple iOS before 4.1 on the iPhone and ...)
NOT-FOR-US: Apple iOS
-CVE-2010-1816
- RESERVED
+CVE-2010-1816 (Buffer overflow in ImageIO in Apple Mac OS X 10.6 through 10.6.3 and ...)
+ TODO: check
CVE-2010-1815 (Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the ...)
- webkit 1.2.5-1
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
More information about the Secure-testing-commits
mailing list