Author: sectracker
Date: 2016-03-05 09:10:15 +0000 (Sat, 05 Mar 2016)
New Revision: 40175
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-03-05 08:40:07 UTC (rev 40174)
+++ data/CVE/list 2016-03-05 09:10:15 UTC (rev 40175)
@@ -1,3 +1,5 @@
+CVE-2016-2842 (The doapr_outch function in crypto/bio/b_print.c in OpenSSL
1.0.1 ...)
+ TODO: check
CVE-2016-XXXX [Out-of-Bound Read in phar_parse_zipfile()]
- php5 <unfixed>
NOTE: https://bugs.php.net/bug.php?id=71498
@@ -4537,18 +4539,18 @@
RESERVED
CVE-2016-1360
RESERVED
-CVE-2016-1359
- RESERVED
-CVE-2016-1358
- RESERVED
-CVE-2016-1357
- RESERVED
-CVE-2016-1356
- RESERVED
-CVE-2016-1355
- RESERVED
-CVE-2016-1354
- RESERVED
+CVE-2016-1359 (Cisco Prime Infrastructure 3.0 allows remote authenticated
users to ...)
+ TODO: check
+CVE-2016-1358 (Cisco Prime Infrastructure 2.2, 3.0, and 3.1(0.0) allows remote
...)
+ TODO: check
+CVE-2016-1357 (The password-management administration component in Cisco
Policy Suite ...)
+ TODO: check
+CVE-2016-1356 (Cisco FireSIGHT System Software 6.1.0 does not use a
constant-time ...)
+ TODO: check
+CVE-2016-1355 (Cross-site scripting (XSS) vulnerability in the Device
Management UI ...)
+ TODO: check
+CVE-2016-1354 (Cross-site scripting (XSS) vulnerability in Cisco Unified ...)
+ TODO: check
CVE-2016-1353 (The TCP implementation in Cisco Videoscape Distribution Suite
for ...)
NOT-FOR-US: Cisco Videoscape Distribution Suite
CVE-2016-1352
@@ -4679,8 +4681,8 @@
RESERVED
CVE-2016-1289
RESERVED
-CVE-2016-1288
- RESERVED
+CVE-2016-1288 (The HTTPS Proxy feature in Cisco AsyncOS before 8.5.3-051 and
9.x ...)
+ TODO: check
CVE-2016-1287 (Buffer overflow in the IKEv1 and IKEv2 implementations in Cisco
ASA ...)
NOT-FOR-US: Cisco ASA
CVE-2016-1286
@@ -5367,8 +5369,8 @@
RESERVED
CVE-2016-1159
RESERVED
-CVE-2016-1158
- RESERVED
+CVE-2016-1158 (Cross-site request forgery (CSRF) vulnerability on Corega
CG-WLBARGMH ...)
+ TODO: check
CVE-2016-1157 (Cross-site scripting (XSS) vulnerability in log_chat.cgi in
Script* ...)
TODO: check
CVE-2016-1156 (LINE 4.3.0.724 and earlier on Windows and 4.3.1 and earlier on
OS X ...)
@@ -6493,21 +6495,18 @@
NOTE: https://www.drownattack.com/
NOTE: GNUTLS never implemented SSLv2
NOTE:
http://blog.cryptographyengineering.com/2016/03/attack-of-week-drown.html
-CVE-2016-0799 [Memory issues in BIO_*printf functions]
- RESERVED
+CVE-2016-0799 (The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1
before ...)
{DSA-3500-1}
- openssl 1.0.2g-1
NOTE: https://www.openssl.org/news/secadv/20160301.txt
NOTE: Fixed in master in
https://git.openssl.org/?p=openssl.git;a=commit;h=a801bf263849a2ef773e5bc0c86438cbba720835
NOTE:
https://guidovranken.wordpress.com/2016/02/27/openssl-cve-2016-0799-heap-corruption-via-bio_printf/
-CVE-2016-0798 [Memory leak in SRP database lookups]
- RESERVED
+CVE-2016-0798 (Memory leak in the SRP_VBASE_get_by_user implementation in
OpenSSL ...)
{DSA-3500-1}
- openssl 1.0.2g-1
NOTE: https://www.openssl.org/news/secadv/20160301.txt
NOTE: Fixed in master in
https://git.openssl.org/?p=openssl.git;a=commit;h=59a908f1e8380412a81392c468b83bf6071beb2a
-CVE-2016-0797 [BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption]
- RESERVED
+CVE-2016-0797 (Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and
1.0.2 ...)
{DSA-3500-1}
- openssl 1.0.2g-1
NOTE: https://www.openssl.org/news/secadv/20160301.txt
@@ -6838,8 +6837,7 @@
- tomcat6 6.0.41-3
NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs
NOTE: Fixed in 6.0.45, 7.0.68, 8.0.32, 9.0.0.M3
-CVE-2016-0705 [Double-free in DSA code]
- RESERVED
+CVE-2016-0705 (Double free vulnerability in the dsa_priv_decode function in
...)
{DSA-3500-1}
- openssl 1.0.2g-1
[squeeze] - openssl <not-affected> (vulnerable code not present)
@@ -6853,8 +6851,7 @@
- openssl 1.0.0c-2
NOTE: 1.0.0c-2 dropped SSLv2 support
NOTE: https://www.openssl.org/news/secadv/20160301.txt
-CVE-2016-0702 [Side channel attack on modular exponentiation]
- RESERVED
+CVE-2016-0702 (The MOD_EXP_CTIME_COPY_FROM_PREBUF function in
crypto/bn/bn_exp.c in ...)
{DSA-3500-1}
- openssl 1.0.2g-1
NOTE: https://www.openssl.org/news/secadv/20160301.txt
@@ -8182,8 +8179,8 @@
RESERVED
CVE-2016-0228
RESERVED
-CVE-2016-0227
- RESERVED
+CVE-2016-0227 (Cross-site scripting (XSS) vulnerability in the document-list
control ...)
+ TODO: check
CVE-2016-0226
RESERVED
CVE-2016-0225 (IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through
7.0.0.9 ...)
@@ -11966,8 +11963,8 @@
TODO: check
CVE-2015-7491 (Cross-site scripting (XSS) vulnerability in IBM WebSphere
Portal 8.0.x ...)
TODO: check
-CVE-2015-7490
- RESERVED
+CVE-2015-7490 (IBM InfoSphere Information Server 8.5 through FP3, 8.7 through
FP2, ...)
+ TODO: check
CVE-2015-7489 (IBM SPSS Statistics 22.0.0.2 before IF10 and 23.0.0.2 before
IF7 uses ...)
TODO: check
CVE-2015-7488 (IBM Spectrum Scale 4.1.1.x before 4.1.1.4 and 4.2.x before
4.2.0.1, in ...)
@@ -15063,8 +15060,8 @@
NOT-FOR-US: Cisco
CVE-2015-6261 (Cisco TelePresence Video Communication Server (VCS) Expressway
X8.5.2 ...)
NOT-FOR-US: Cisco
-CVE-2015-6260
- RESERVED
+CVE-2015-6260 (Cisco NX-OS 7.1(1)N1(1) on Nexus 5500, 5600, and 6000 devices
does not ...)
+ TODO: check
CVE-2015-6259 (The JavaServer Pages (JSP) component in Cisco Integrated
Management ...)
NOT-FOR-US: Cisco
CVE-2015-6258 (The Internet Access Point Protocol (IAPP) module on Cisco
Wireless LAN ...)
@@ -32287,8 +32284,8 @@
RESERVED
CVE-2015-0719
RESERVED
-CVE-2015-0718
- RESERVED
+CVE-2015-0718 (Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000,
6000, and ...)
+ TODO: check
CVE-2015-0717 (Cisco Unified Communications Manager 10.0(1.10000.12) allows
local ...)
NOT-FOR-US: Cisco
CVE-2015-0716 (Cross-site request forgery (CSRF) vulnerability in the
CUCReports page ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
