[Secure-testing-commits] r38290 - data/CVE
Michael Gilbert
mgilbert at moszumanska.debian.org
Tue Dec 15 03:05:47 UTC 2015
Author: mgilbert
Date: 2015-12-15 03:05:47 +0000 (Tue, 15 Dec 2015)
New Revision: 38290
Modified:
data/CVE/list
Log:
nfus
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-12-15 02:11:56 UTC (rev 38289)
+++ data/CVE/list 2015-12-15 03:05:47 UTC (rev 38290)
@@ -16,7 +16,7 @@
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/12/14/6
TODO: check
CVE-2015-8548 (Multiple unspecified vulnerabilities in Google V8 before 4.7.80.23, as ...)
- TODO: check
+ - chromium-browser 47.0.2526.80-1
CVE-2015-8546
RESERVED
CVE-2015-8545
@@ -1146,11 +1146,11 @@
CVE-2015-8508
RESERVED
CVE-2015-8507 (mediaserver in Android 6.0 before 2015-12-01 allows remote attackers ...)
- TODO: check
+ - android <itp> (bug #459219)
CVE-2015-8506 (mediaserver in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 ...)
- TODO: check
+ - android <itp> (bug #459219)
CVE-2015-8505 (mediaserver in Android before 5.1.1 LMY48Z allows remote attackers to ...)
- TODO: check
+ - android <itp> (bug #459219)
CVE-2015-8503
RESERVED
CVE-2015-8502
@@ -1194,7 +1194,7 @@
CVE-2015-8483
RESERVED
CVE-2015-8482 (Blue Coat Unified Agent before 4.6.2 does not prevent modification of ...)
- TODO: check
+ NOT-FOR-US: Blue Coat Unified Agent
CVE-2015-8481
RESERVED
CVE-2015-8504 [vnc: avoid floating point exception]
@@ -1608,11 +1608,12 @@
CVE-2016-0001
RESERVED
CVE-2015-8480 (The VideoFramePool::PoolImpl::CreateFrame function in ...)
- TODO: check
+ - chromium-browser 47.0.2526.73-1
CVE-2015-8479 (Use-after-free vulnerability in the ...)
- TODO: check
+ - chromium-browser 47.0.2526.73-1
CVE-2015-8478 (Multiple unspecified vulnerabilities in Google V8 before 4.7.80.23, as ...)
- TODO: check
+ - chromium-browser 47.0.2526-73-1
+ - libv8 <unfixed>
CVE-2015-8475
RESERVED
CVE-2015-8471
@@ -1685,119 +1686,119 @@
CVE-2015-8458
RESERVED
CVE-2015-8457 (Stack-based buffer overflow in Adobe Flash Player before 18.0.0.268 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8456 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8455 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8454 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8453 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8452 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8451 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8450 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8449 (Use-after-free vulnerability in the MovieClip object implementation in ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8448 (Use-after-free vulnerability in the DisplacementMapFilter object ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8447 (Use-after-free vulnerability in the Color object implementation in ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8446 (Heap-based buffer overflow in Adobe Flash Player before 18.0.0.268 and ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8445 (Integer overflow in the Shader filter implementation in Adobe Flash ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8444 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8443 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8442 (Use-after-free vulnerability in the MovieClip object implementation in ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8441 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8440 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8439 (The SharedObject object implementation in Adobe Flash Player before ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8438 (Heap-based buffer overflow in Adobe Flash Player before 18.0.0.268 and ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8437 (Use-after-free vulnerability in the Selection object implementation in ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8436 (Use-after-free vulnerability in the PrintJob object implementation in ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8435 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8434 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8433 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8432 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8431 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8430 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8429 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8428 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8427 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8426 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
- TODO: check
+ NOT-FOR-US: Adobe FLash
CVE-2015-8425 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8424 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8423 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8422 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8421 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8420 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
TODO: check
CVE-2015-8419 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8418 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8417 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8416 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8415 (Buffer overflow in Adobe Flash Player before 18.0.0.268 and 19.x and ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8414 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8413 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8412 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
TODO: check
CVE-2015-8411 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8410 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8409 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8408 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8407 (Stack-based buffer overflow in Adobe Flash Player before 18.0.0.268 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8406 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8405 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8404 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8403 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8402 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8401 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8399
RESERVED
CVE-2015-8398
@@ -2354,7 +2355,7 @@
NOTE: Patch for the kernel to harden against invalid MTUs: http://article.gmane.org/gmane.linux.network/351269
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=77751427a1ff25b27d47a4c36b12c3c8667855ac (v4.0-rc3)
CVE-2015-8214 (Siemens SIMATIC CP 343-1 Advanced devices before 3.0.44, CP 343-1 Lean ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2015-8213 (The get_format function in utils/formats.py in Django before 1.7.x ...)
{DSA-3404-1 DLA-349-1}
- python-django 1.8.7-1
@@ -2658,7 +2659,7 @@
CVE-2015-8096 (Integer overflow in Google Picasa 3.9.140 Build 239 and Build 248 ...)
NOT-FOR-US: Google Picasa
CVE-2015-8095 (The recycle bin feature in the Monster Menus module 7.x-1.21 before ...)
- TODO: check
+ NOT-FOR-US: Monster Menus module for Drupal
CVE-2015-8094
RESERVED
CVE-2015-8093
@@ -2668,7 +2669,7 @@
CVE-2015-8091
RESERVED
CVE-2015-8090 (The Web Server component in TIBCO LogLogic Unity before 1.1.1 allows ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2015-8104 (The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x ...)
{DSA-3414-1}
- linux 4.2.6-2
@@ -2686,19 +2687,19 @@
CVE-2015-8088
RESERVED
CVE-2015-8087 (Huawei NE20E-S, NE40E-M, and NE40E-M2 routers with software before ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2015-8086
RESERVED
CVE-2015-8085
RESERVED
CVE-2015-8084 (Huawei USG5500, USG2100, USG2200, and USG5100 unified security ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2015-8083 (An unspecified module in Huawei eSpace U1910, U1911, U1930, U1960, ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2015-8082 (The Login Disable module 6.x-1.x before 6.x-1.1 and 7.x-1.x before ...)
- TODO: check
+ NOT-FOR-US: Login Disable module for Drupal
CVE-2015-8081 (The Field as Block module 7.x-1.x before 7.x-1.4 for Drupal might ...)
- TODO: check
+ NOT-FOR-US: Field as Block module for Drupal
CVE-2015-8103 (The Jenkins CLI subsystem in CloudBees Jenkins before 1.638 and LTS ...)
- jenkins <unfixed> (bug #804522)
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
@@ -2750,73 +2751,73 @@
CVE-2015-8072 (mediaserver in Android 4.4 through 5.x before 5.1.1 LMY48X and 6.0 ...)
NOT-FOR-US: Android
CVE-2015-8071 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8070 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8069 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8068 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8067 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8066 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8065 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8064 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8063 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8062 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8061 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8060 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8059 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8058 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8057 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8056 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8055 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8054
RESERVED
CVE-2015-8053 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before ...)
- TODO: check
+ NOT-FOR-US: Adobe ColdFusion
CVE-2015-8052 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before ...)
- TODO: check
+ NOT-FOR-US: Adobe ColdFusion
CVE-2015-8051 (The Adobe Premiere Clip app before 1.2.1 for iOS mishandles ...)
- TODO: check
+ NOT-FOR-US: Adobe Pemiere Clip
CVE-2015-8050 (Use-after-free vulnerability in the MovieClip object implementation in ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8049 (Use-after-free vulnerability in the TextField object implementation in ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8048 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8047 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8046 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8045 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8044 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8043 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8042 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-8040 (The rtsp_getdlsendtime method in the CNC_Ctrl control in Samsung ...)
NOT-FOR-US: Samsung SmartViewer
CVE-2015-8039 (Samsung SmartViewer allow remote attackers to execute arbitrary code ...)
NOT-FOR-US: Samsung SmartViewer
CVE-2015-8038 (Multiple cross-site scripting (XSS) vulnerabilities in the Graphical ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2015-8037 (Multiple cross-site scripting (XSS) vulnerabilities in the Graphical ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2015-8036 (Heap-based buffer overflow in ARM mbed TLS (formerly PolarSSL) 1.3.x ...)
[experimental] - polarssl 1.3.14-0.1
- polarssl <unfixed>
@@ -2876,7 +2877,7 @@
[jessie] - nodejs <not-affected> (0.10 series not affected)
NOTE: https://nodejs.org/en/blog/vulnerability/cve-2015-8027_cve-2015-6764/
CVE-2015-8024 (McAfee Enterprise Security Manager (ESM), Enterprise Security ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2015-8023 (The server implementation of the EAP-MSCHAPv2 protocol in the ...)
{DSA-3398-1 DLA-345-1}
- strongswan 5.3.3-3
@@ -2955,19 +2956,19 @@
CVE-2015-7999
RESERVED
CVE-2015-7998 (The administration UI in Citrix NetScaler Application Delivery ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2015-7997 (Multiple cross-site scripting (XSS) vulnerabilities in the Nitro API ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2015-7996 (The Nitro API in Citrix NetScaler Application Delivery Controller ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2015-7994 (The SQL interface in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) ...)
- TODO: check
+ NOT-FOR-US: SAP HANA
CVE-2015-7993 (The Extended Application Services (aka XS or XS Engine) in SAP HANA DB ...)
- TODO: check
+ NOT-FOR-US: SAP HANA
CVE-2015-7992 (SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote ...)
- TODO: check
+ NOT-FOR-US: SAP HANA
CVE-2015-7991 (The Web Dispatcher service in SAP HANA DB 1.00.73.00.389160 ...)
- TODO: check
+ NOT-FOR-US: SAP HANA
CVE-2015-7988
RESERVED
CVE-2015-7987
@@ -2975,7 +2976,7 @@
CVE-2015-7986 (The index server (hdbindexserver) in SAP HANA 1.00.095 allows remote ...)
NOT-FOR-US: SAP
CVE-2015-7985 (Valve Steam 2.10.91.91 uses weak permissions (Users: read and write) ...)
- TODO: check
+ - steam <not-affected> (specific to the steam installor on windows)
CVE-2015-XXXX [buffer overflow with handling pop3_deleted_flag setting]
- dovecot <unfixed> (bug #803223)
[wheezy] - dovecot <not-affected> (Bug with pop3_deleted_flag introduced in 2.2.10)
@@ -3203,13 +3204,13 @@
CVE-2015-7914
RESERVED
CVE-2015-7913 (ag_server_service.exe in the AggreGate Server Service in Tibbo ...)
- TODO: check
+ NOT-FOR-US: AggreGate
CVE-2015-7912 (The Ice Faces servlet in ag_server_service.exe in the AggreGate Server ...)
- TODO: check
+ NOT-FOR-US: AggreGate
CVE-2015-7911
RESERVED
CVE-2015-7910 (Exemys Telemetry Web Server relies on an HTTP Location header to ...)
- TODO: check
+ NOT-FOR-US: Exemys
CVE-2015-7909
RESERVED
CVE-2015-7908
@@ -3219,21 +3220,21 @@
CVE-2015-7906
RESERVED
CVE-2015-7905 (Unitronics VisiLogic OPLC IDE before 9.8.02 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Unitronics
CVE-2015-7904 (Unrestricted file upload vulnerability in Infinite Automation Mango ...)
- TODO: check
+ NOT-FOR-US: Mango Automation
CVE-2015-7903 (SQL injection vulnerability in Infinite Automation Mango Automation ...)
- TODO: check
+ NOT-FOR-US: Mango Automation
CVE-2015-7902 (Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 ...)
- TODO: check
+ NOT-FOR-US: Mango Automation
CVE-2015-7901 (Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 ...)
- TODO: check
+ NOT-FOR-US: Mango Automation
CVE-2015-7900 (Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 ...)
- TODO: check
+ NOT-FOR-US: Mango Automation
CVE-2015-7898
RESERVED
CVE-2015-7897 (The media scanning functionality in the face recognition library in ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2015-7896
RESERVED
CVE-2015-7895
@@ -3338,13 +3339,13 @@
CVE-2015-7864
RESERVED
CVE-2015-7863 (The default configuration of Persistent Accelerite Radia Client ...)
- TODO: check
+ NOT-FOR-US: Persistent Accelerite Radia
CVE-2015-7862 (Persistent Accelerite Radia Client Automation (formerly HP Client ...)
- TODO: check
+ NOT-FOR-US: Persistent Accelerite Radia
CVE-2015-7861 (Persistent Accelerite Radia Client Automation (formerly HP Client ...)
- TODO: check
+ NOT-FOR-US: Persistent Accelerite Radia
CVE-2015-7860 (Stack-based buffer overflow in the agent in Persistent Accelerite ...)
- TODO: check
+ NOT-FOR-US: Persistent Accelerite Radia
CVE-2015-7859 (The com_contenthistory component in Joomla! 3.2 before 3.4.5 does not ...)
- joomla <itp> (bug #571794)
CVE-2015-7858 (SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote ...)
@@ -3417,7 +3418,7 @@
CVE-2015-7846
RESERVED
CVE-2015-7845 (The exception handling mechanism in the CLI Module in Huawei eSpace ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2015-7844
RESERVED
CVE-2015-7843
@@ -3441,22 +3442,23 @@
- libjs-openpgp <itp> (bug #787774)
NOTE: http://www.openwall.com/lists/oss-security/2015/10/13/7
CVE-2015-7840 (The command line management console (CMC) in SolarWinds Log and Event ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2015-7839 (SolarWinds Log and Event Manager (LEM) allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2015-7838 (ProcessFileUpload.jsp in SolarWinds Storage Manager before 6.2 allows ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2015-7837
RESERVED
CVE-2015-7836 (Siemens RUGGEDCOM ROS before 4.2.1 allows remote attackers to obtain ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2015-7835 (The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x ...)
{DSA-3390-1}
- xen 4.6.0-1
[squeeze] - xen <end-of-life> (not supported in squeeze-lts)
NOTE: http://xenbits.xen.org/xsa/advisory-148.html
CVE-2015-7834 (Multiple unspecified vulnerabilities in Google V8 before 4.6.85.23, as ...)
- TODO: check
+ - chromium-browser 46.0.2490.71-1
+ - libv8 <unfixed>
CVE-2015-7833 (The usbvision driver in the Linux kernel package 3.10.0-123.20.1.el7 ...)
{DSA-3396-1 DLA-360-1}
- linux 4.2.6-2
@@ -3471,7 +3473,7 @@
CVE-2015-7829 (Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, ...)
NOT-FOR-US: Adobe
CVE-2015-7828 (SAP HANA Database 1.00 SPS10 and earlier do not require ...)
- TODO: check
+ NOT-FOR-US: SAP HANA
CVE-2015-7827
RESERVED
CVE-2015-7826
@@ -3481,19 +3483,19 @@
CVE-2015-7824
RESERVED
CVE-2015-7823 (Open redirect vulnerability in CMSPages/GetDocLink.ashx in Kentico CMS ...)
- TODO: check
+ NOT-FOR-US: Kentico CMS
CVE-2015-7822 (Multiple cross-site scripting (XSS) vulnerabilities in Kentico CMS 8.2 ...)
- TODO: check
+ NOT-FOR-US: Kentico CMS
CVE-2015-7821
RESERVED
CVE-2015-7820 (Race condition in the administration-panel web service in IBM System ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2015-7819 (The DB service in IBM System Networking Switch Center (SNSC) before ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2015-7818 (The administration-panel web service in IBM System Networking Switch ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2015-7817 (Race condition in the administration-panel web service in IBM System ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2015-7816 (The DisplayTopKeywords function in plugins/Referrers/Controller.php in ...)
TODO: check
CVE-2015-7815 (Directory traversal vulnerability in core/ViewDataTable/Factory.php in ...)
@@ -3636,31 +3638,31 @@
CVE-2015-7778
RESERVED
CVE-2015-7777 (Cross-site scripting (XSS) vulnerability in index.php in JosephErnest ...)
- TODO: check
+ NOT-FOR-US: JosephErnest Void
CVE-2015-7776
RESERVED
CVE-2015-7775
RESERVED
CVE-2015-7774 (PC-EGG pWebManager before 3.3.10, and before 2.2.2 for PHP 4.x, allows ...)
- TODO: check
+ NOT-FOR-US: PC-EGG
CVE-2015-7773 (Unrestricted file upload vulnerability in the Panel component in ...)
- TODO: check
+ NOT-FOR-US: Bastian Allgeier Kirby
CVE-2015-7772 (Cross-site scripting (XSS) vulnerability in the runtime engine in the ...)
- TODO: check
+ NOT-FOR-US: Newphoria
CVE-2015-7771 (Cross-site scripting (XSS) vulnerability in the runtime engine in the ...)
- TODO: check
+ NOT-FOR-US: Newphoria
CVE-2015-7770 (Dell SonicWall TotalSecure TZ 100 devices with firmware before ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2015-7769
RESERVED
CVE-2015-7768 (Buffer overflow in Konica Minolta FTP Utility 1.0 allows remote ...)
- TODO: check
+ NOT-FOR-US: Konica Minolta
CVE-2015-7767 (Buffer overflow in Konica Minolta FTP Utility 1.0 allows remote ...)
- TODO: check
+ NOT-FOR-US: Konica Minolta
CVE-2015-7766 (PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6, 11.5, and ...)
- TODO: check
+ NOT-FOR-US: ZOHO
CVE-2015-7765 (ZOHO ManageEngine OpManager 11.5 build 11600 and earlier uses a ...)
- TODO: check
+ NOT-FOR-US: ZOHO
CVE-2015-7809 (The displayBlock function Template.php in Sensio Labs Twig before ...)
{DSA-3343-1}
- twig 1.20.0-1
@@ -3700,15 +3702,15 @@
CVE-2015-7753
RESERVED
CVE-2015-7752 (The SSH server in Juniper Junos OS before 12.1X44-D50, 12.1X46 before ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2015-7751 (Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2015-7750 (The L2TP packet processing functionality in Juniper Netscreen and ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2015-7749 (The PFE daemon in Juniper vSRX virtual firewalls with Junos OS before ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2015-7748 (Juniper chassis with Trio (Trinity) chipset line cards and Junos OS ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2015-7746
RESERVED
CVE-2015-7745
@@ -3740,17 +3742,17 @@
CVE-2015-7731
RESERVED
CVE-2015-7730 (SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and ...)
- TODO: check
+ NOT-FOR-US: SAP BusinessObjects
CVE-2015-7729 (Eval injection in test-net.xsjs in the Web-based Development Workbench ...)
- TODO: check
+ NOT-FOR-US: SAP HANA
CVE-2015-7728 (Cross-site scripting (XSS) vulnerability in user creation in the ...)
- TODO: check
+ NOT-FOR-US: SAP HANA
CVE-2015-7727 (Multiple SQL injection vulnerabilities in the Web-based Development ...)
- TODO: check
+ NOT-FOR-US: SAP HANA
CVE-2015-7726 (Cross-site scripting (XSS) vulnerability in role deletion in the ...)
- TODO: check
+ NOT-FOR-US: SAP HANA
CVE-2015-7725 (Multiple SQL injection vulnerabilities in the Web-based Development ...)
- TODO: check
+ NOT-FOR-US: SAP HANA
CVE-2015-7724 [Privilege Escalation Via Symlink Attacks On POSIX Shared Memory With Insecure Permissions In AMD fglrx-driver]
RESERVED
- fglrx-driver 1:15.9-1 (bug #803517)
@@ -3784,17 +3786,17 @@
CVE-2015-7714
RESERVED
CVE-2015-7712 (Multiple eval injection vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: ATutor
CVE-2015-7711
RESERVED
CVE-2015-7710
RESERVED
CVE-2015-7709 (The arkeiad daemon in the Arkeia Backup Agent in Western Digital ...)
- TODO: check
+ NOT-FOR-US: Western Digital
CVE-2015-7708 (Cross-site scripting (XSS) vulnerability in 4images 1.7.11 and earlier ...)
- TODO: check
+ NOT-FOR-US: 4images
CVE-2015-7707 (Ignite Realtime Openfire 3.10.2 allows remote authenticated users to ...)
- TODO: check
+ NOT-FOR-US: Ignite Realtime Openfire
CVE-2015-7706
RESERVED
CVE-2014-9756 (The psf_fwrite function in file_io.c in libsndfile allows attackers to ...)
@@ -4022,33 +4024,33 @@
CVE-2015-7664
RESERVED
CVE-2015-7663 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-7662 (Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-7661 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-7660 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-7659 (Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-7658 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-7657 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-7656 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-7655 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-7654 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-7653 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-7652 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-7651 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash
CVE-2015-7650 (Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, ...)
- TODO: check
+ NOT-FOR-US: Adobe Reader
CVE-2015-7649 (Adobe Shockwave Player before 12.2.1.171 allows attackers to execute ...)
NOT-FOR-US: Adobe Shockwave Player
CVE-2015-7648 (Adobe Flash Player before 18.0.0.255 and 19.x before 19.0.0.226 on ...)
@@ -4577,7 +4579,7 @@
CVE-2015-7428
RESERVED
CVE-2015-7427 (IBM DataPower Gateway appliances with firmware 6.x before 6.0.0.17, ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2015-7426
RESERVED
CVE-2015-7425
@@ -4593,7 +4595,7 @@
CVE-2015-7420
RESERVED
CVE-2015-7419 (IBM WebSphere Portal 8.0.0.1 before CF19 and 8.5.0 before CF09 allows ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2015-7418
RESERVED
CVE-2015-7417
@@ -4607,7 +4609,7 @@
CVE-2015-7413
RESERVED
CVE-2015-7412 (The GatewayScript modules on IBM DataPower Gateways with software ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2015-7411
RESERVED
CVE-2015-7410
@@ -4623,7 +4625,7 @@
CVE-2015-7405
RESERVED
CVE-2015-7404 (IBM Tivoli Storage Manager for Databases: Data Protection for ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2015-7403
RESERVED
CVE-2015-7402
@@ -4641,7 +4643,7 @@
CVE-2015-7396
RESERVED
CVE-2015-7395 (IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2015-7394 (The datastor kernel module in F5 BIG-IP Analytics, APM, ASM, Link ...)
TODO: check
CVE-2015-7393
More information about the Secure-testing-commits
mailing list