Author: sectracker
Date: 2016-02-22 21:10:12 +0000 (Mon, 22 Feb 2016)
New Revision: 39819
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-02-22 19:54:00 UTC (rev 39818)
+++ data/CVE/list 2016-02-22 21:10:12 UTC (rev 39819)
@@ -1,3 +1,43 @@
+CVE-2016-2532
+ RESERVED
+CVE-2016-2531
+ RESERVED
+CVE-2016-2530
+ RESERVED
+CVE-2016-2529
+ RESERVED
+CVE-2016-2528
+ RESERVED
+CVE-2016-2527
+ RESERVED
+CVE-2016-2526
+ RESERVED
+CVE-2016-2525
+ RESERVED
+CVE-2016-2524
+ RESERVED
+CVE-2016-2523
+ RESERVED
+CVE-2016-2522
+ RESERVED
+CVE-2016-2521
+ RESERVED
+CVE-2016-2520
+ RESERVED
+CVE-2016-2519
+ RESERVED
+CVE-2016-2518
+ RESERVED
+CVE-2016-2517
+ RESERVED
+CVE-2016-2516
+ RESERVED
+CVE-2016-2514
+ RESERVED
+CVE-2016-2513
+ RESERVED
+CVE-2016-2512
+ RESERVED
CVE-2016-XXXX [usb: integer overflow in remote NDIS control message handling]
- qemu <unfixed>
- qemu-kvm <removed>
@@ -6,8 +46,10 @@
NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2016/02/22/3
TODO: check versions
CVE-2016-2515
+ RESERVED
NOT-FOR-US: NodeJS Hawk
CVE-2016-2511 [Reflected Cross-Site Scripting]
+ RESERVED
- websvn <removed>
CVE-2016-2509 (The password-sync feature on Belden Hirschmann Classic Platform
...)
NOT-FOR-US: Belden Hirschmann Classic Platform switches
@@ -224,7 +266,8 @@
CVE-2016-2403
RESERVED
CVE-2013-7448 [path traversal vulnerability]
- {DSA-3485-1}
+ RESERVED
+ {DSA-3485-1 DLA-424-1}
- didiwiki 0.5-12 (bug #815111)
NOTE: https://github.com/OpenedHand/didiwiki/pull/1/files
NOTE: http://www.openwall.com/lists/oss-security/2016/02/19/4
@@ -640,22 +683,20 @@
RESERVED
CVE-2016-2276
RESERVED
-CVE-2016-2275
- RESERVED
+CVE-2016-2275 (The web interface on Advantech/B+B SmartWorx VESP211-EU devices
with ...)
+ TODO: check
CVE-2016-2274
RESERVED
CVE-2016-2273
RESERVED
CVE-2016-2272
RESERVED
-CVE-2016-2271 [XSA-170: VMX: guest user mode may crash guest with
non-canonical RIP]
- RESERVED
+CVE-2016-2271 (VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU,
allows ...)
- xen <unfixed>
[squeeze] - xen <end-of-life> (Unsupported in Squeeze LTS)
NOTE: http://xenbits.xen.org/xsa/advisory-170.html
TODO: check
-CVE-2016-2270 [XSA-154: x86: inconsistent cachability flags on guest mappings]
- RESERVED
+CVE-2016-2270 (Xen 4.6.x and earlier allows local guest administrators to
cause a ...)
- xen <unfixed>
[squeeze] - xen <end-of-life> (Unsupported in Squeeze LTS)
NOTE: http://xenbits.xen.org/xsa/advisory-154.html
@@ -1206,6 +1247,7 @@
NOTE:
https://lists.matroska.org/pipermail/matroska-users/2015-October/006985.html
NOTE:
https://github.com/Matroska-Org/libebml/commit/ababb64e0c792ad2a314245233db0833ba12036b
CVE-2016-2533 [Buffer overflow in Python-Pillow and PIL]
+ {DLA-422-1}
- pillow 3.1.1-1
- python-imaging <removed>
NOTE: https://github.com/python-pillow/Pillow/pull/1706
@@ -1449,45 +1491,37 @@
NOTE:
https://www.djangoproject.com/weblog/2016/feb/01/releases-192-and-189/
CVE-2016-2046 (Cross-site scripting (XSS) vulnerability in the Nessus Web UI
in ...)
TODO: check
-CVE-2016-2045
- RESERVED
+CVE-2016-2045 (Cross-site scripting (XSS) vulnerability in the SQL editor in
...)
- phpmyadmin 4:4.5.4-1
[squeeze] - phpmyadmin <not-affected> (vulnerable code not present)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-9/
-CVE-2016-2044
- RESERVED
+CVE-2016-2044 (libraries/sql-parser/autoload.php in the SQL parser in
phpMyAdmin ...)
- phpmyadmin 4:4.5.4-1
[squeeze] - phpmyadmin <not-affected> (vulnerable code not present)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-8/
-CVE-2016-2043
- RESERVED
+CVE-2016-2043 (Cross-site scripting (XSS) vulnerability in the goToFinish1NF
function ...)
- phpmyadmin 4:4.5.4-1
[squeeze] - phpmyadmin <not-affected> (vulnerable code not present)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-7/
-CVE-2016-2042
- RESERVED
+CVE-2016-2042 (phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows
remote ...)
- phpmyadmin 4:4.5.4-1
[squeeze] - phpmyadmin <not-affected> (vulnerable code not present)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-6/
-CVE-2016-2041
- RESERVED
+CVE-2016-2041 (libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13,
4.4.x ...)
{DLA-406-1}
- phpmyadmin 4:4.5.4-1
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-5/
NOTE:
https://github.com/phpmyadmin/phpmyadmin/commit/fe62b69a5b032de8e1d9d0a04456c1cecf46428c
-CVE-2016-2040
- RESERVED
+CVE-2016-2040 (Multiple cross-site scripting (XSS) vulnerabilities in
phpMyAdmin ...)
- phpmyadmin 4:4.5.4-1
[squeeze] - phpmyadmin <no-dsa> (minor issue)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-3/
-CVE-2016-2039
- RESERVED
+CVE-2016-2039 (libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13,
4.4.x ...)
{DLA-406-1}
- phpmyadmin 4:4.5.4-1
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-2/
NOTE:
https://github.com/phpmyadmin/phpmyadmin/commit/6fe54dfa000dd6f43f237e859781fad7111ac1bd
-CVE-2016-2038
- RESERVED
+CVE-2016-2038 (phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and
4.5.x ...)
- phpmyadmin 4:4.5.4-1
[squeeze] - phpmyadmin <no-dsa> (minor issue)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-1/
@@ -1836,8 +1870,7 @@
TODO: check
CVE-2016-1928 (Buffer overflow in the XS engine (hdbxsengine) in SAP HANA
allows ...)
TODO: check
-CVE-2016-1927
- RESERVED
+CVE-2016-1927 (The suggestPassword function in js/functions.js in phpMyAdmin
4.0.x ...)
- phpmyadmin 4:4.5.4-1
[squeeze] - phpmyadmin <no-dsa> (minor issue)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-4/
@@ -2593,14 +2626,12 @@
RESERVED
CVE-2016-1630
RESERVED
-CVE-2016-1629
- RESERVED
+CVE-2016-1629 (Google Chrome before 48.0.2564.116 allows remote attackers to
bypass ...)
{DSA-3486-1}
- chromium-browser 48.0.2564.116-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze
LTS)
-CVE-2016-1628
- RESERVED
+CVE-2016-1628 (pi.c in OpenJPEG, as used in PDFium in Google Chrome before ...)
{DSA-3486-1}
- chromium-browser 48.0.2564.116-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
@@ -3376,8 +3407,8 @@
RESERVED
CVE-2016-1336
RESERVED
-CVE-2016-1335
- RESERVED
+CVE-2016-1335 (The SSH implementation in Cisco StarOS before 19.3.M0.62771 and
20.x ...)
+ TODO: check
CVE-2016-1334 (Cisco Small Business 500 Wireless Access Point devices with
firmware ...)
TODO: check
CVE-2016-1333 (Cisco IOS 15.5(3)M and 15.6(1)T0a on Cisco 1000 Connected Grid
routers ...)
@@ -4128,12 +4159,12 @@
RESERVED
CVE-2016-1157
RESERVED
-CVE-2016-1156
- RESERVED
+CVE-2016-1156 (LINE 4.3.0.724 and earlier on Windows and 4.3.1 and earlier on
OS X ...)
+ TODO: check
CVE-2016-1155
RESERVED
-CVE-2016-1154
- RESERVED
+CVE-2016-1154 (SQL injection vulnerability in the Help plug-in 1.3.5 and
earlier in ...)
+ TODO: check
CVE-2016-1153 (customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote
...)
NOT-FOR-US: Cybozu Office
CVE-2016-1152 (Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated
users ...)
@@ -4316,7 +4347,7 @@
CVE-2015-8632
RESERVED
CVE-2015-8631 (Multiple memory leaks in kadmin/server/server_stubs.c in
kadmind in ...)
- {DSA-3466-1}
+ {DSA-3466-1 DLA-423-1}
- krb5 <unfixed> (bug #813126)
NOTE: Fixed by:
https://github.com/krb5/krb5/commit/83ed75feba32e46f736fcce0d96a0445f29b96c2
CVE-2015-8630 (The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal
...)
@@ -4327,7 +4358,7 @@
NOTE: Fixed by:
https://github.com/krb5/krb5/commit/b863de7fbf080b15e347a736fdda0a82d42f4f6b
NOTE: Introduced by:
https://github.com/krb5/krb5/commit/0780e46fc13dbafa177525164997cd204cc50b51
(krb5-1.12-alpha1)
CVE-2015-8629 (The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in
kadmind in ...)
- {DSA-3466-1}
+ {DSA-3466-1 DLA-423-1}
- krb5 <unfixed> (bug #813296)
NOTE: Fixed by:
https://github.com/krb5/krb5/commit/df17a1224a3406f57477bcd372c61e04c0e5a5bb
CVE-2015-8620
@@ -5481,13 +5512,11 @@
NOTE:
http://www.halfdog.net/Security/2015/NtpCronjobUserNtpToRootPrivilegeEscalation/
CVE-2016-0726
RESERVED
-CVE-2016-0725 [XSS Vulnerability in course management search]
- RESERVED
+CVE-2016-0725 (Cross-site scripting (XSS) vulnerability in the
search_pagination ...)
- moodle <not-affected> (Only affects 3.0 to 3.0.1, 2.9 to 2.9.3 and
2.8 to 2.8.9)
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE:
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52552
-CVE-2016-0724 [Two enrolment-related web services don't check course
visibility]
- RESERVED
+CVE-2016-0724 (The (1) core_enrol_get_course_enrolment_methods and (2) ...)
- moodle 2.7.12+dfsg-1 (bug #811344)
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE:
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52072
@@ -9647,8 +9676,8 @@
NOT-FOR-US: Newphoria
CVE-2015-7770 (Dell SonicWall TotalSecure TZ 100 devices with firmware before
...)
NOT-FOR-US: Dell
-CVE-2015-7769
- RESERVED
+CVE-2015-7769 (baserCMS 3.0.2 through 3.0.8 allows remote authenticated users
to ...)
+ TODO: check
CVE-2015-7768 (Buffer overflow in Konica Minolta FTP Utility 1.0 allows remote
...)
NOT-FOR-US: Konica Minolta
CVE-2015-7767 (Buffer overflow in Konica Minolta FTP Utility 1.0 allows remote
...)
@@ -10749,8 +10778,8 @@
NOT-FOR-US: IBM
CVE-2015-7426 (The Data Protection extension in the VMware GUI in IBM Tivoli
Storage ...)
TODO: check
-CVE-2015-7425
- RESERVED
+CVE-2015-7425 (The Data Protection component in the VMware vSphere GUI in IBM
Tivoli ...)
+ TODO: check
CVE-2015-7424
RESERVED
CVE-2015-7423
@@ -16223,36 +16252,28 @@
[wheezy] - subversion <not-affected> (Vulnerable code not present)
[squeeze] - subversion <not-affected> (Vulnerable code not present)
NOTE: https://subversion.apache.org/security/CVE-2015-5343-advisory.txt
-CVE-2015-5342
- RESERVED
+CVE-2015-5342 (The choice module in Moodle through 2.6.11, 2.7.x before
2.7.11, 2.8.x ...)
- moodle 2.7.11+dfsg-1
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
-CVE-2015-5341
- RESERVED
+CVE-2015-5341 (mod_scorm in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x
before ...)
- moodle 2.7.11+dfsg-1
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
-CVE-2015-5340
- RESERVED
+CVE-2015-5340 (Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9,
and ...)
- moodle 2.7.11+dfsg-1
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
-CVE-2015-5339
- RESERVED
+CVE-2015-5339 (The core_enrol_get_enrolled_users web service in
enrol/externallib.php ...)
- moodle 2.7.11+dfsg-1
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
-CVE-2015-5338
- RESERVED
+CVE-2015-5338 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the ...)
- moodle 2.7.11+dfsg-1
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
-CVE-2015-5337
- RESERVED
+CVE-2015-5337 (Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9,
and ...)
- moodle 2.7.11+dfsg-1
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
-CVE-2015-5336
- RESERVED
+CVE-2015-5336 (Multiple cross-site scripting (XSS) vulnerabilities in the
survey ...)
- moodle 2.7.11+dfsg-1
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
-CVE-2015-5335
- RESERVED
+CVE-2015-5335 (Cross-site request forgery (CSRF) vulnerability in ...)
- moodle 2.7.11+dfsg-1
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
CVE-2015-5334
@@ -16261,11 +16282,9 @@
CVE-2015-5333
RESERVED
- libressl <itp> (bug #754513)
-CVE-2015-5332
- RESERVED
+CVE-2015-5332 (Atto in Moodle 2.8.x before 2.8.9 and 2.9.x before 2.9.3 allows
remote ...)
- moodle <not-affected> (Only affects 2.8 and later)
-CVE-2015-5331
- RESERVED
+CVE-2015-5331 (Moodle 2.9.x before 2.9.3 does not properly check the contact
list ...)
- moodle <not-affected> (Only affects 2.9 and later)
CVE-2015-5330 (ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x
before ...)
{DSA-3433-1}
@@ -16544,8 +16563,7 @@
NOT-FOR-US: OpenShift
CVE-2015-5273 (The abrt-action-install-debuginfo-to-abrt-cache help program in
...)
NOT-FOR-US: abrt is Red Hat / Fedora specific
-CVE-2015-5272 [MSA-15-0031: Teacher in forum can still post to "all
participants" and groups they are not members of]
- RESERVED
+CVE-2015-5272 (The Forum module in Moodle 2.7.x before 2.7.10 allows remote
...)
- moodle 2.7.10+dfsg-1 (bug #799634)
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE:
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50576
@@ -16557,33 +16575,27 @@
NOTE: https://bugs.launchpad.net/tripleo/+bug/1494896
CVE-2015-5270
REJECTED
-CVE-2015-5269 [MSA-15-0036: XSS in grouping description]
- RESERVED
+CVE-2015-5269 (Cross-site scripting (XSS) vulnerability in group/overview.php
in ...)
- moodle 2.7.10+dfsg-1 (bug #799634)
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE:
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50709
-CVE-2015-5268 [MSA-15-0035: Rating component does not check separate groups]
- RESERVED
+CVE-2015-5268 (The rating component in Moodle through 2.6.11, 2.7.x before
2.7.10, ...)
- moodle 2.7.10+dfsg-1 (bug #799634)
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE:
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50173
-CVE-2015-5267 [MSA-15-0034: Vulnerability in password recovery mechanism]
- RESERVED
+CVE-2015-5267 (lib/moodlelib.php in Moodle through 2.6.11, 2.7.x before
2.7.10, 2.8.x ...)
- moodle 2.7.10+dfsg-1 (bug #799634)
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE:
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50860
-CVE-2015-5266 [MSA-15-0033: Meta course synchronisation enrols suspended
students as managers for a short period of time]
- RESERVED
+CVE-2015-5266 (The enrol_meta_sync function in enrol/meta/locallib.php in
Moodle ...)
- moodle 2.7.10+dfsg-1 (bug #799634)
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE:
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50744
-CVE-2015-5265 [MSA-15-0032: Users can delete files uploaded by other users in
wiki]
- RESERVED
+CVE-2015-5265 (The wiki component in Moodle through 2.6.11, 2.7.x before
2.7.10, ...)
- moodle 2.7.10+dfsg-1 (bug #799634)
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE:
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48371
-CVE-2015-5264 [MSA-15-0030: Students can re-attempt answering questions in the
lesson]
- RESERVED
+CVE-2015-5264 (The lesson module in Moodle through 2.6.11, 2.7.x before
2.7.10, 2.8.x ...)
- moodle 2.7.10+dfsg-1 (bug #799634)
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE:
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50516
@@ -22255,22 +22267,18 @@
CVE-2015-3276 (The nss_parse_ciphers function in libraries/libldap/tls_m.c in
...)
- openldap <unfixed> (unimportant)
NOTE: Debian builds with GNUTLS, not NSS
-CVE-2015-3275 [Javascript injection in SCORM module]
- RESERVED
+CVE-2015-3275 (Multiple cross-site scripting (XSS) vulnerabilities in the
SCORM ...)
- moodle 2.7.9+dfsg-1 (bug #792242)
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE:
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50614
-CVE-2015-3274 [Possible XSS through custom text profile fields in Web Services]
- RESERVED
+CVE-2015-3274 (Cross-site scripting (XSS) vulnerability in the
user_get_user_details ...)
- moodle 2.7.9+dfsg-1 (bug #792242)
[squeeze] - moodle <not-affected> (Only similar function looks like the
fixed version)
NOTE:
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50130
-CVE-2015-3273 [Capability 'mod/forum:canposttomygroups' is not respected when
using 'Post a copy to all groups' in forum]
- RESERVED
+CVE-2015-3273 (mod/forum/post.php in Moodle 2.9.x before 2.9.1 does not
consider the ...)
- moodle <not-affected> (Affects only 2.9)
NOTE:
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50220
-CVE-2015-3272 [Possible phishing when redirecting to external site using
referer header]
- RESERVED
+CVE-2015-3272 (Open redirect vulnerability in the clean_param function in ...)
- moodle 2.7.9+dfsg-1 (bug #792242)
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE:
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50688
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
