Author: sectracker
Date: 2015-12-28 21:10:13 +0000 (Mon, 28 Dec 2015)
New Revision: 38590
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-12-28 16:10:26 UTC (rev 38589)
+++ data/CVE/list 2015-12-28 21:10:13 UTC (rev 38590)
@@ -1,22 +1,402 @@
-CVE-2015-8669 [Full path disclosure vulnerability]
+CVE-2016-1255
+ RESERVED
+CVE-2016-1254
+ RESERVED
+CVE-2016-1253
+ RESERVED
+CVE-2016-1252
+ RESERVED
+CVE-2016-1251
+ RESERVED
+CVE-2016-1250
+ RESERVED
+CVE-2016-1249
+ RESERVED
+CVE-2016-1248
+ RESERVED
+CVE-2016-1247
+ RESERVED
+CVE-2016-1246
+ RESERVED
+CVE-2016-1245
+ RESERVED
+CVE-2016-1244
+ RESERVED
+CVE-2016-1243
+ RESERVED
+CVE-2016-1242
+ RESERVED
+CVE-2016-1241
+ RESERVED
+CVE-2016-1240
+ RESERVED
+CVE-2016-1239
+ RESERVED
+CVE-2016-1238
+ RESERVED
+CVE-2016-1237
+ RESERVED
+CVE-2016-1236
+ RESERVED
+CVE-2016-1235
+ RESERVED
+CVE-2016-1234
+ RESERVED
+CVE-2016-1233
+ RESERVED
+CVE-2016-1232
+ RESERVED
+CVE-2016-1231
+ RESERVED
+CVE-2016-1230
+ RESERVED
+CVE-2016-1229
+ RESERVED
+CVE-2016-1228
+ RESERVED
+CVE-2016-1227
+ RESERVED
+CVE-2016-1226
+ RESERVED
+CVE-2016-1225
+ RESERVED
+CVE-2016-1224
+ RESERVED
+CVE-2016-1223
+ RESERVED
+CVE-2016-1222
+ RESERVED
+CVE-2016-1221
+ RESERVED
+CVE-2016-1220
+ RESERVED
+CVE-2016-1219
+ RESERVED
+CVE-2016-1218
+ RESERVED
+CVE-2016-1217
+ RESERVED
+CVE-2016-1216
+ RESERVED
+CVE-2016-1215
+ RESERVED
+CVE-2016-1214
+ RESERVED
+CVE-2016-1213
+ RESERVED
+CVE-2016-1212
+ RESERVED
+CVE-2016-1211
+ RESERVED
+CVE-2016-1210
+ RESERVED
+CVE-2016-1209
+ RESERVED
+CVE-2016-1208
+ RESERVED
+CVE-2016-1207
+ RESERVED
+CVE-2016-1206
+ RESERVED
+CVE-2016-1205
+ RESERVED
+CVE-2016-1204
+ RESERVED
+CVE-2016-1203
+ RESERVED
+CVE-2016-1202
+ RESERVED
+CVE-2016-1201
+ RESERVED
+CVE-2016-1200
+ RESERVED
+CVE-2016-1199
+ RESERVED
+CVE-2016-1198
+ RESERVED
+CVE-2016-1197
+ RESERVED
+CVE-2016-1196
+ RESERVED
+CVE-2016-1195
+ RESERVED
+CVE-2016-1194
+ RESERVED
+CVE-2016-1193
+ RESERVED
+CVE-2016-1192
+ RESERVED
+CVE-2016-1191
+ RESERVED
+CVE-2016-1190
+ RESERVED
+CVE-2016-1189
+ RESERVED
+CVE-2016-1188
+ RESERVED
+CVE-2016-1187
+ RESERVED
+CVE-2016-1186
+ RESERVED
+CVE-2016-1185
+ RESERVED
+CVE-2016-1184
+ RESERVED
+CVE-2016-1183
+ RESERVED
+CVE-2016-1182
+ RESERVED
+CVE-2016-1181
+ RESERVED
+CVE-2016-1180
+ RESERVED
+CVE-2016-1179
+ RESERVED
+CVE-2016-1178
+ RESERVED
+CVE-2016-1177
+ RESERVED
+CVE-2016-1176
+ RESERVED
+CVE-2016-1175
+ RESERVED
+CVE-2016-1174
+ RESERVED
+CVE-2016-1173
+ RESERVED
+CVE-2016-1172
+ RESERVED
+CVE-2016-1171
+ RESERVED
+CVE-2016-1170
+ RESERVED
+CVE-2016-1169
+ RESERVED
+CVE-2016-1168
+ RESERVED
+CVE-2016-1167
+ RESERVED
+CVE-2016-1166
+ RESERVED
+CVE-2016-1165
+ RESERVED
+CVE-2016-1164
+ RESERVED
+CVE-2016-1163
+ RESERVED
+CVE-2016-1162
+ RESERVED
+CVE-2016-1161
+ RESERVED
+CVE-2016-1160
+ RESERVED
+CVE-2016-1159
+ RESERVED
+CVE-2016-1158
+ RESERVED
+CVE-2016-1157
+ RESERVED
+CVE-2016-1156
+ RESERVED
+CVE-2016-1155
+ RESERVED
+CVE-2016-1154
+ RESERVED
+CVE-2016-1153
+ RESERVED
+CVE-2016-1152
+ RESERVED
+CVE-2016-1151
+ RESERVED
+CVE-2016-1150
+ RESERVED
+CVE-2016-1149
+ RESERVED
+CVE-2016-1148
+ RESERVED
+CVE-2016-1147
+ RESERVED
+CVE-2016-1146
+ RESERVED
+CVE-2016-1145
+ RESERVED
+CVE-2016-1144
+ RESERVED
+CVE-2016-1143
+ RESERVED
+CVE-2016-1142
+ RESERVED
+CVE-2016-1141
+ RESERVED
+CVE-2016-1140
+ RESERVED
+CVE-2016-1139
+ RESERVED
+CVE-2016-1138
+ RESERVED
+CVE-2016-1137
+ RESERVED
+CVE-2016-1136
+ RESERVED
+CVE-2016-1135
+ RESERVED
+CVE-2016-1134
+ RESERVED
+CVE-2016-1133
+ RESERVED
+CVE-2016-1132
+ RESERVED
+CVE-2016-1131
+ RESERVED
+CVE-2015-8698
+ RESERVED
+CVE-2015-8696
+ RESERVED
+CVE-2015-8695
+ RESERVED
+CVE-2015-8694
+ RESERVED
+CVE-2015-8693
+ RESERVED
+CVE-2015-8692
+ RESERVED
+CVE-2015-8691
+ RESERVED
+CVE-2015-8690
+ RESERVED
+CVE-2015-8689
+ RESERVED
+CVE-2015-8688
+ RESERVED
+CVE-2015-8687
+ RESERVED
+CVE-2015-8686
+ RESERVED
+CVE-2015-8685
+ RESERVED
+CVE-2015-8684
+ RESERVED
+CVE-2015-8682
+ RESERVED
+CVE-2015-8681
+ RESERVED
+CVE-2015-8680
+ RESERVED
+CVE-2015-8679
+ RESERVED
+CVE-2015-8678
+ RESERVED
+CVE-2015-8677
+ RESERVED
+CVE-2015-8676
+ RESERVED
+CVE-2015-8675
+ RESERVED
+CVE-2015-8674
+ RESERVED
+CVE-2015-8673
+ RESERVED
+CVE-2015-8672
+ RESERVED
+CVE-2015-8671
+ RESERVED
+CVE-2015-8670
+ RESERVED
+CVE-2015-8667
+ RESERVED
+CVE-2015-8664 (Integer overflow in the WebCursor::Deserialize function in ...)
+ TODO: check
+CVE-2015-8663 (The ff_get_buffer function in libavcodec/utils.c in FFmpeg
before ...)
+ TODO: check
+CVE-2015-8662 (The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in
FFmpeg ...)
+ TODO: check
+CVE-2015-8661 (The h264_slice_header_init function in libavcodec/h264_slice.c
in ...)
+ TODO: check
+CVE-2015-8658
+ RESERVED
+CVE-2015-8657
+ RESERVED
+CVE-2015-8656
+ RESERVED
+CVE-2015-8655
+ RESERVED
+CVE-2015-8654
+ RESERVED
+CVE-2015-8653
+ RESERVED
+CVE-2015-8652
+ RESERVED
+CVE-2015-8651
+ RESERVED
+CVE-2015-8650
+ RESERVED
+CVE-2015-8649
+ RESERVED
+CVE-2015-8648
+ RESERVED
+CVE-2015-8647
+ RESERVED
+CVE-2015-8646
+ RESERVED
+CVE-2015-8645
+ RESERVED
+CVE-2015-8644
+ RESERVED
+CVE-2015-8643
+ RESERVED
+CVE-2015-8642
+ RESERVED
+CVE-2015-8641
+ RESERVED
+CVE-2015-8640
+ RESERVED
+CVE-2015-8639
+ RESERVED
+CVE-2015-8638
+ RESERVED
+CVE-2015-8637
+ RESERVED
+CVE-2015-8636
+ RESERVED
+CVE-2015-8635
+ RESERVED
+CVE-2015-8634
+ RESERVED
+CVE-2015-8633
+ RESERVED
+CVE-2015-8632
+ RESERVED
+CVE-2015-8631
+ RESERVED
+CVE-2015-8630
+ RESERVED
+CVE-2015-8629
+ RESERVED
+CVE-2015-8620
+ RESERVED
+CVE-2015-8669 (libraries/config/messages.inc.php in phpMyAdmin 4.0.x before
...)
- phpmyadmin 4:4.5.3.1-1 (unimportant)
[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
NOTE: https://www.phpmyadmin.net/security/PMASA-2015-6/
NOTE: non-issue for Debian-packaged version
CVE-2015-8668 [libtiff bmp file Heap Overflow]
+ RESERVED
- tiff <unfixed>
- tiff3 <removed>
NOTE: http://seclists.org/bugtraq/2015/Dec/138
TODO: check
CVE-2015-8683 [out-of-bounds read in CIE Lab image format]
+ RESERVED
- tiff <unfixed> (bug #809021)
- tiff3 <removed>
NOTE: http://www.openwall.com/lists/oss-security/2015/12/25/1
CVE-2015-8665 [Out-of-bounds Read]
+ RESERVED
- tiff <unfixed> (bug #808968)
- tiff3 <removed>
NOTE: http://www.openwall.com/lists/oss-security/2015/12/24/2
CVE-2015-8666 [acpi: heap based buffer overrun during VM migration]
+ RESERVED
- qemu 1:2.5+dfsg-1
[squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
- qemu-kvm <removed>
@@ -425,7 +805,7 @@
RESERVED
CVE-2016-0931
RESERVED
-CVE-2015-8660 [overlay: fix permission checking for setattr]
+CVE-2015-8660 (The ovl_setattr function in fs/overlayfs/inode.c in the Linux
kernel ...)
- linux <unfixed>
[jessie] - linux <not-affected> (Vulnerable code not present)
[wheezy] - linux <not-affected> (Vulnerable code not present)
@@ -434,45 +814,54 @@
NOTE: OverlayFS introduced in
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e9be9d5e76e34872f0c37d72e25bc27fe9e2c54c
(v3.18-rc2)
NOTE: http://www.openwall.com/lists/oss-security/2015/12/23/5
CVE-2015-8659 [Use after free]
+ RESERVED
- nghttp2 1.6.0-1
NOTE: https://nghttp2.org/blog/2015/12/23/nghttp2-v1-6-0/
TODO: check versions
CVE-2015-8628
+ RESERVED
- mediawiki <removed>
[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://phabricator.wikimedia.org/T109724
TODO: check
CVE-2015-8627
+ RESERVED
- mediawiki <removed>
[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://phabricator.wikimedia.org/T97897
TODO: check
CVE-2015-8626
+ RESERVED
- mediawiki <removed>
[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://phabricator.wikimedia.org/T115522
TODO: check
CVE-2015-8625
+ RESERVED
- mediawiki <removed>
[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://phabricator.wikimedia.org/T118032
TODO: check
CVE-2015-8624
+ RESERVED
- mediawiki <removed>
[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://phabricator.wikimedia.org/T119309
TODO: check
CVE-2015-8623
+ RESERVED
- mediawiki <removed>
[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://gerrit.wikimedia.org/r/#/c/156336/5/includes/User.php
TODO: check
CVE-2015-8622 [XSS from wikitext]
+ RESERVED
- mediawiki <removed>
[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://phabricator.wikimedia.org/T117899
TODO: check
CVE-2015-8621 [t-coffee: creates world-writable directories]
+ RESERVED
- t-coffee 11.00.8cbe486-2 (low; bug #751579)
[squeeze] - t-coffee <not-affected> (version in Squeeze uses system()
and umask is handled correctly by sh (as opposed to later versions that use
mkdir()))
[wheezy] - t-coffee <no-dsa> (Minor issue)
@@ -488,6 +877,7 @@
NOTE: https://bugs.php.net/bug.php?id=71020
NOTE: http://www.openwall.com/lists/oss-security/2015/12/22/4
CVE-2015-8697 [Insecure use of temporary files]
+ RESERVED
- stalin <unfixed> (bug #808730)
[jessie] - stalin <no-dsa> (Minor issue)
[wheezy] - stalin <no-dsa> (Minor issue)
@@ -1185,8 +1575,7 @@
NOTE:
https://git.kernel.org/linus/8135cf8b092723dbfcc611fe6fdcb3a36c9951c5
CVE-2015-8549
RESERVED
-CVE-2015-8569 [information leak from pptp get{sock,peer}name]
- RESERVED
+CVE-2015-8569 (The (1) pptp_bind and (2) pptp_connect functions in ...)
- linux <unfixed>
- linux-2.6 <removed>
[squeeze] - linux-2.6 <not-affected> (Vulnerable code introduced later)
@@ -1899,8 +2288,7 @@
NOTE: https://sourceforge.net/p/libpng/bugs/244/
NOTE:
http://sourceforge.net/p/libpng/code/ci/d9006f683c641793252d92254a75ae9b815b42ed/
NOTE: Fixed in 1.0.66, 1.2.56, 1.4.19, and 1.5.26
-CVE-2015-8543 [IPv6 connect causes a denial of service]
- RESERVED
+CVE-2015-8543 (The networking implementation in the Linux kernel through
4.3.3, as ...)
- linux 4.3.3-1
[jessie] - linux 3.16.7-ckt20-1+deb8u1
- linux-2.6 <removed>
@@ -3210,8 +3598,7 @@
TODO: chek
CVE-2014-9757
RESERVED
-CVE-2015-8374 [information disclosure after file truncate on BTRFS]
- RESERVED
+CVE-2015-8374 (fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles
...)
- linux 4.2.6-2
[jessie] - linux 3.16.7-ckt20-1+deb8u1
[wheezy] - linux <no-dsa> (Minor issue, BTRFS only tech-preview in
wheezy; can be fixed in a point release)
@@ -3441,18 +3828,18 @@
RESERVED
CVE-2015-8268
RESERVED
-CVE-2015-8267
- RESERVED
+CVE-2015-8267 (The
PasswordReset.Controllers.ResetController.ChangePasswordIndex ...)
+ TODO: check
CVE-2015-8266
RESERVED
CVE-2015-8265
RESERVED
CVE-2015-8264
RESERVED
-CVE-2015-8263
- RESERVED
-CVE-2015-8262
- RESERVED
+CVE-2015-8263 (NETGEAR WNR1000v3 devices with firmware 1.0.2.68 use the same
source ...)
+ TODO: check
+CVE-2015-8262 (Buffalo WZR-600DHP2 devices with firmware 2.09, 2.13, and 2.16
use an ...)
+ TODO: check
CVE-2015-8261
RESERVED
CVE-2015-8260
@@ -3467,12 +3854,12 @@
RESERVED
CVE-2015-8255
RESERVED
-CVE-2015-8254
- RESERVED
-CVE-2015-8253
- RESERVED
-CVE-2015-8252
- RESERVED
+CVE-2015-8254 (The Frontel protocol before 3 on RSI Video Technologies
Videofied ...)
+ TODO: check
+CVE-2015-8253 (The Frontel protocol before 3 on RSI Video Technologies
Videofied ...)
+ TODO: check
+CVE-2015-8252 (The Frontel protocol before 3 on RSI Video Technologies
Videofied ...)
+ TODO: check
CVE-2015-8251
RESERVED
CVE-2015-8250
@@ -3774,8 +4161,7 @@
RESERVED
CVE-2015-8127
RESERVED
-CVE-2013-7446 [Use after free in ep_remove_wait_queue]
- RESERVED
+CVE-2013-7446 (Use-after-free vulnerability in net/unix/af_unix.c in the Linux
kernel ...)
{DSA-3426-1 DLA-360-1}
- linux 4.2.6-2
- linux-2.6 <removed>
@@ -4250,8 +4636,7 @@
CVE-2015-7980
RESERVED
NOT-FOR-US: Drupal addon Compass Rose
-CVE-2015-7990 [Incomplete fix for CVE-2015-6937]
- RESERVED
+CVE-2015-7990 (Race condition in the rds_sendmsg function in net/rds/sendmsg.c
in the ...)
{DSA-3396-1 DLA-360-1}
- linux 4.2.6-1
- linux-2.6 <removed>
@@ -4415,16 +4800,16 @@
NOT-FOR-US: Motorola Solutions MOSCAD IP Gateway
CVE-2015-7935 (Motorola Solutions MOSCAD IP Gateway allows remote attackers to
read ...)
NOT-FOR-US: Motorola Solutions MOSCAD IP Gateway
-CVE-2015-7934
- RESERVED
+CVE-2015-7934 (The Java client in Adcon Telemetry A840 Telemetry Gateway Base
Station ...)
+ TODO: check
CVE-2015-7933
RESERVED
-CVE-2015-7932
- RESERVED
-CVE-2015-7931
- RESERVED
-CVE-2015-7930
- RESERVED
+CVE-2015-7932 (Adcon Telemetry A840 Telemetry Gateway Base Station allows
remote ...)
+ TODO: check
+CVE-2015-7931 (The Java client in Adcon Telemetry A840 Telemetry Gateway Base
Station ...)
+ TODO: check
+CVE-2015-7930 (Adcon Telemetry A840 Telemetry Gateway Base Station has
hardcoded ...)
+ TODO: check
CVE-2015-7929 (eWON devices with firmware through 10.1s0 support unspecified
GET ...)
NOT-FOR-US: eWON devices
CVE-2015-7928 (eWON devices with firmware before 10.1s0 do not have an off ...)
@@ -4552,15 +4937,13 @@
NOTE: https://www.drupal.org/SA-CORE-2015-004
NOTE: http://www.openwall.com/lists/oss-security/2015/10/21/6
NOTE:
http://cgit.drupalcode.org/drupal/commit/?id=9f72251c9291b5613acb9ca4ea7a51b4739e3f93
-CVE-2015-7885 [staging/dgnc: fix info leak in ioctl]
- RESERVED
+CVE-2015-7885 (The dgnc_mgmt_ioctl function in
drivers/staging/dgnc/dgnc_mgmt.c in ...)
- linux <unfixed> (unimportant)
NOTE: dgnc driver not built
[wheezy] - linux <not-affected> (Vulnerable code not present)
- linux-2.6 <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit?id=4b6184336ebb5c8dc1eae7f7ab46ee608a748b05
-CVE-2015-7884
- RESERVED
+CVE-2015-7884 (The vivid_fb_ioctl function in ...)
- linux 4.2.6-1
[jessie] - linux <not-affected> (Vulnerable code not present)
[wheezy] - linux <not-affected> (Vulnerable code not present)
@@ -4880,8 +5263,8 @@
RESERVED
CVE-2015-7784
RESERVED
-CVE-2015-7783
- RESERVED
+CVE-2015-7783 (Cross-site scripting (XSS) vulnerability in Let's PHP! p++BBS
before ...)
+ TODO: check
CVE-2015-7782
RESERVED
CVE-2015-7781
@@ -5378,8 +5761,7 @@
NOT-FOR-US: Adobe
CVE-2015-7612 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the ...)
NOT-FOR-US: McAfee
-CVE-2015-7665
- RESERVED
+CVE-2015-7665 (Tails before 1.7 includes the wget program but does not prevent
...)
NOT-FOR-US: wget as used in Tails
NOTE: http://www.openwall.com/lists/oss-security/2015/10/01/10
CVE-2015-7613 (Race condition in the IPC object implementation in the Linux
kernel ...)
@@ -5671,8 +6053,7 @@
RESERVED
CVE-2015-7510
RESERVED
-CVE-2015-7509 [Mounting ext4 filesystems in no-journal mode could have lead to
a system crash.]
- RESERVED
+CVE-2015-7509 (fs/ext4/namei.c in the Linux kernel before 3.7 allows
physically ...)
- linux 3.8-1~experimental.1
[wheezy] - linux 3.2.68-1
- linux-2.6 <removed>
@@ -7544,8 +7925,7 @@
RESERVED
CVE-2015-6793
RESERVED
-CVE-2015-6792
- RESERVED
+CVE-2015-6792 (The MIDI subsystem in Google Chrome before 47.0.2526.106 does
not ...)
- chromium-browser <unfixed>
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
@@ -8210,10 +8590,10 @@
RESERVED
CVE-2015-6539
RESERVED
-CVE-2015-6538
- RESERVED
-CVE-2015-6537
- RESERVED
+CVE-2015-6538 (The login page in Epiphany Cardio Server 3.3, 4.0, and 4.1
mishandles ...)
+ TODO: check
+CVE-2015-6537 (SQL injection vulnerability in the login page in Epiphany
Cardio ...)
+ TODO: check
CVE-2015-6536
RESERVED
CVE-2015-6535 (Cross-site scripting (XSS) vulnerability in ...)
@@ -8535,8 +8915,8 @@
TODO: check
CVE-2015-6410 (The Mobile and Remote Access (MRA) services implementation in
Cisco ...)
TODO: check
-CVE-2015-6409
- RESERVED
+CVE-2015-6409 (Cisco Jabber 10.6.x, 11.0.x, and 11.1.x on Windows allows ...)
+ TODO: check
CVE-2015-6408 (Cross-site request forgery (CSRF) vulnerability in Cisco Unity
...)
TODO: check
CVE-2015-6407 (Cisco Emergency Responder 10.5(3.10000.9) allows remote
attackers to ...)
@@ -9345,10 +9725,10 @@
NOT-FOR-US: Web Reference Database (aka refbase)
CVE-2015-6006 (The AddUserFinding implementation in Medicomp MEDCIN Engine ...)
TODO: check
-CVE-2015-6005
- RESERVED
-CVE-2015-6004
- RESERVED
+CVE-2015-6005 (Multiple cross-site scripting (XSS) vulnerabilities in IPSwitch
...)
+ TODO: check
+CVE-2015-6004 (Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold
before ...)
+ TODO: check
CVE-2015-6003 (Directory traversal vulnerability in QNAP QTS before 4.1.4
build 0910 ...)
TODO: check
CVE-2015-6002
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
