[Secure-testing-commits] r35874 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Tue Aug 4 09:10:18 UTC 2015
Author: sectracker
Date: 2015-08-04 09:10:18 +0000 (Tue, 04 Aug 2015)
New Revision: 35874
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-08-04 06:52:10 UTC (rev 35873)
+++ data/CVE/list 2015-08-04 09:10:18 UTC (rev 35874)
@@ -1,3 +1,25 @@
+CVE-2015-5717
+ RESERVED
+CVE-2015-5716
+ RESERVED
+CVE-2015-5715
+ RESERVED
+CVE-2015-5714
+ RESERVED
+CVE-2015-5713
+ RESERVED
+CVE-2015-5712
+ RESERVED
+CVE-2015-5711
+ RESERVED
+CVE-2015-5710
+ RESERVED
+CVE-2015-5709
+ RESERVED
+CVE-2015-5708
+ RESERVED
+CVE-2015-5703
+ RESERVED
CVE-2015-XXXX [Information disclosure]
- pcre3 <unfixed>
NOTE: http://vcs.pcre.org/pcre/code/trunk/pcre_exec.c?r1=1502&r2=1510
@@ -33,6 +55,7 @@
NOTE: Fix released in sidekiq 3.4.0
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/08/01/2
CVE-2015-5707 [Integer overflow in SCSI generic driver]
+ RESERVED
- linux <unfixed>
- linux-2.6 <removed>
NOTE: http://www.openwall.com/lists/oss-security/2015/08/01/6
@@ -40,6 +63,7 @@
NOTE: Fixed by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=451a2886b6bf90e2fb378f7c46c655450fb96e81 (v4.1-rc1)
NOTE: Fixed by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fdc81f45e9f57858da6351836507fbcf1b7583ee (v4.1-rc1)
CVE-2015-5706 [Use-after-free in path lookup]
+ RESERVED
- linux 4.0.4-1
[wheezy] - linux <not-affected> (Introduced in v3.11-rc1)
- linux-2.6 <not-affected> (Introduced in v3.11-rc1)
@@ -60,12 +84,14 @@
CVE-2002-2446
RESERVED
CVE-2015-5705 [argument injection vulnerability]
+ RESERVED
- devscripts 2.15.8 (bug #794365)
[jessie] - devscripts <not-affected> (Vulnerable code not present)
[wheezy] - devscripts <not-affected> (Vulnerable code not present)
[squeeze] - devscripts <not-affected> (Vulnerable code not present)
NOTE: Introduced in https://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=025ad4ea8ba92d32bd698a83149f782c17f78bf0 (v2.15.5)
CVE-2015-5704 [devscripts: licensecheck shell command injection]
+ RESERVED
- devscripts 2.15.7 (bug #794260)
[jessie] - devscripts <not-affected> (Vulnerable code not present)
[wheezy] - devscripts <not-affected> (Vulnerable code not present)
@@ -246,8 +272,8 @@
RESERVED
CVE-2015-5619
RESERVED
-CVE-2015-5618
- RESERVED
+CVE-2015-5618 (Chiyu BF-630 and BF-630W fingerprint access-control devices allow ...)
+ TODO: check
CVE-2015-5617
RESERVED
CVE-2015-5616
@@ -262,12 +288,14 @@
RESERVED
CVE-2015-5623
RESERVED
+ {DSA-3328-1}
- wordpress 4.2.3+dfsg-1
[wheezy] - wordpress <not-affected> (Vulnerable code not present)
[squeeze] - wordpress <not-affected> (Vulnerable code not present)
NOTE: https://core.trac.wordpress.org/changeset/33357
CVE-2015-5622
RESERVED
+ {DSA-3328-1}
- wordpress 4.2.3+dfsg-1
NOTE: https://core.trac.wordpress.org/changeset/33359
CVE-2015-5611 (Unspecified vulnerability in Uconnect before 15.26.1, as used in ...)
@@ -291,8 +319,7 @@
RESERVED
CVE-2015-5601
RESERVED
-CVE-2015-5600 [authentication limits bypass]
- RESERVED
+CVE-2015-5600 (The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH ...)
- openssh <unfixed> (bug #793616)
[jessie] - openssh <no-dsa> (Minor issue; not in default configurations)
[wheezy] - openssh <no-dsa> (Minor issue; not in default configurations)
@@ -426,8 +453,8 @@
RESERVED
CVE-2015-5538
RESERVED
-CVE-2015-5537
- RESERVED
+CVE-2015-5537 (The SSL layer of the HTTPS service in Siemens RuggedCom ROS before ...)
+ TODO: check
CVE-2015-XXXX [more to CVE-2014-8146]
- icu <unfixed>
[wheezy] - icu <not-affected> (Vulnerable code not present)
@@ -1583,8 +1610,8 @@
NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5085 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, ...)
NOT-FOR-US: Adobe Reader and Acrobat
-CVE-2015-5084
- RESERVED
+CVE-2015-5084 (The Siemens SIMATIC WinCC Sm at rtClient and Sm at rtClient Lite ...)
+ TODO: check
CVE-2015-5083
RESERVED
CVE-2015-5082
@@ -1618,8 +1645,7 @@
[wheezy] - ntp <no-dsa> (Minor issue)
[squeeze] - ntp <no-dsa> (Minor issue)
NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#June_2015_NTP_Security_Vulnerabi
-CVE-2015-5352 [refusal deadline is not checked within the x11_open_helper function]
- RESERVED
+CVE-2015-5352 (The x11_open_helper function in channels.c in ssh in OpenSSH before ...)
- openssh <unfixed> (bug #790798)
[jessie] - openssh <no-dsa> (Minor issue)
[wheezy] - openssh <no-dsa> (Minor issue)
@@ -3374,20 +3400,20 @@
RESERVED
CVE-2015-4296
RESERVED
-CVE-2015-4295
- RESERVED
-CVE-2015-4294
- RESERVED
+CVE-2015-4295 (The Prime Collaboration Deployment component in Cisco Unified ...)
+ TODO: check
+CVE-2015-4294 (Cross-site scripting (XSS) vulnerability in Cisco IM and Presence ...)
+ TODO: check
CVE-2015-4293 (The packet-reassembly implementation in Cisco IOS XE 3.13S and earlier ...)
TODO: check
-CVE-2015-4292
- RESERVED
-CVE-2015-4291
- RESERVED
+CVE-2015-4292 (Cross-site scripting (XSS) vulnerability in the management interface ...)
+ TODO: check
+CVE-2015-4291 (Cisco IOS XE 2.x before 2.4.3 and 2.5.x before 2.5.1 on ASR 1000 ...)
+ TODO: check
CVE-2015-4290 (The kernel extension in Cisco AnyConnect Secure Mobility Client ...)
TODO: check
-CVE-2015-4289
- RESERVED
+CVE-2015-4289 (Directory traversal vulnerability in Cisco AnyConnect Secure Mobility ...)
+ TODO: check
CVE-2015-4288 (The LDAP implementation on the Cisco Web Security Appliance (WSA) ...)
TODO: check
CVE-2015-4287 (Cisco Firepower Extensible Operating System 1.1(1.86) on Firepower ...)
@@ -5278,6 +5304,7 @@
[wheezy] - mew-beta <no-dsa> (Minor issue)
[jessie] - mew-beta 7.0.50~6.6+0.20140902-1+deb8u1
CVE-2015-3429 (Cross-site scripting (XSS) vulnerability in example.html in Genericons ...)
+ {DSA-3328-1}
- wordpress 4.2.2+dfsg-1 (bug #784603)
[wheezy] - wordpress <not-affected> (twentyfifteen theme not present)
[squeeze] - wordpress <not-affected> (twentyfifteen theme not present)
@@ -7523,8 +7550,8 @@
RESERVED
CVE-2015-2891
RESERVED
-CVE-2015-2890
- RESERVED
+CVE-2015-2890 (The BIOS implementation on Dell Latitude, OptiPlex, Precision Mobile ...)
+ TODO: check
CVE-2015-2889
RESERVED
CVE-2015-2888
@@ -7561,10 +7588,10 @@
RESERVED
CVE-2015-2872
RESERVED
-CVE-2015-2871
- RESERVED
-CVE-2015-2870
- RESERVED
+CVE-2015-2871 (Chiyu BF-660C fingerprint access-control devices allow remote ...)
+ TODO: check
+CVE-2015-2870 (Cross-site scripting (XSS) vulnerability on Chiyu BF-630, BF-630W, and ...)
+ TODO: check
CVE-2015-2869 (The FileInfo plugin before 2.22 for Ghisler Total Commander allows ...)
NOT-FOR-US: Ghisler Total Commander
CVE-2015-2868
@@ -10522,8 +10549,8 @@
NOT-FOR-US: IBM BPM
CVE-2015-1905 (The REST API in IBM Business Process Manager (BPM) 7.5.x through ...)
NOT-FOR-US: IBM BPM
-CVE-2015-1904
- RESERVED
+CVE-2015-1904 (IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 ...)
+ TODO: check
CVE-2015-1903 (Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and ...)
NOT-FOR-US: IBM
CVE-2015-1902 (Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and ...)
@@ -11716,20 +11743,20 @@
NOT-FOR-US: Motorola Scanner SDK
CVE-2015-1494 (The FancyBox for WordPress plugin before 3.0.3 for WordPress does not ...)
NOT-FOR-US: FancyBox plugin for WordPress
-CVE-2015-1492
- RESERVED
-CVE-2015-1491
- RESERVED
-CVE-2015-1490
- RESERVED
-CVE-2015-1489
- RESERVED
-CVE-2015-1488
- RESERVED
-CVE-2015-1487
- RESERVED
-CVE-2015-1486
- RESERVED
+CVE-2015-1492 (Untrusted search path vulnerability in the client in Symantec Endpoint ...)
+ TODO: check
+CVE-2015-1491 (SQL injection vulnerability in the management console in Symantec ...)
+ TODO: check
+CVE-2015-1490 (Directory traversal vulnerability in the management console in ...)
+ TODO: check
+CVE-2015-1489 (The management console in Symantec Endpoint Protection Manager (SEPM) ...)
+ TODO: check
+CVE-2015-1488 (An unspecified action handler in the management console in Symantec ...)
+ TODO: check
+CVE-2015-1487 (The management console in Symantec Endpoint Protection Manager (SEPM) ...)
+ TODO: check
+CVE-2015-1486 (The management console in Symantec Endpoint Protection Manager (SEPM) ...)
+ TODO: check
CVE-2015-1485 (Cross-site request forgery (CSRF) vulnerability in the administration ...)
NOT-FOR-US: Enforce Server in Symantec Data Loss Prevention
CVE-2015-1484 (Unquoted Windows search path vulnerability in the agent in Symantec ...)
@@ -13746,8 +13773,8 @@
NOT-FOR-US: Hospira LifeCare
CVE-2015-1010 (Rockwell Automation RSView32 7.60.00 (aka CPR9 SR4) and earlier does ...)
NOT-FOR-US: Rockwell Automation RSView32
-CVE-2015-1009
- RESERVED
+CVE-2015-1009 (Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and ...)
+ TODO: check
CVE-2015-1008 (SQL injection vulnerability in Emerson AMS Device Manager before 13 ...)
NOT-FOR-US: Emerson AMS Device Manager
CVE-2015-1007
More information about the Secure-testing-commits
mailing list