[Secure-testing-commits] r35335 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Sun Jul 5 21:10:14 UTC 2015
Author: sectracker
Date: 2015-07-05 21:10:13 +0000 (Sun, 05 Jul 2015)
New Revision: 35335
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-07-05 20:33:34 UTC (rev 35334)
+++ data/CVE/list 2015-07-05 21:10:13 UTC (rev 35335)
@@ -1,3 +1,5 @@
+CVE-2015-5365 (Cross-site scripting (XSS) vulnerability in Zurmo CRM 3.0.2 allows ...)
+ TODO: check
CVE-2015-5363
RESERVED
CVE-2015-5362
@@ -1765,11 +1767,9 @@
RESERVED
CVE-2015-4526
RESERVED
-CVE-2015-4525
- RESERVED
+CVE-2015-4525 (The log-gather implementation in the web administration interface in ...)
NOT-FOR-US: EMC Isilon OneFS
-CVE-2015-4524
- RESERVED
+CVE-2015-4524 (Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 ...)
NOT-FOR-US: EMC Documentum WebTop Client
CVE-2015-4523
RESERVED
@@ -1962,8 +1962,7 @@
NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7720
NOTE: http://bugs.cacti.net/view.php?id=2572
NOTE: Fixed upstream in 0.8.8d
-CVE-2015-4453
- RESERVED
+CVE-2015-4453 (The web interface in OpenEMR 2.x, 3.x, and 4.x before 4.2.0 patch 2 ...)
NOT-FOR-US: OpenEMR
CVE-2015-4452
RESERVED
@@ -2382,30 +2381,30 @@
RESERVED
CVE-2015-4240
RESERVED
-CVE-2015-4239
- RESERVED
-CVE-2015-4238
- RESERVED
-CVE-2015-4237
- RESERVED
+CVE-2015-4239 (Cisco Adaptive Security Appliance (ASA) Software 9.3(2.243) and ...)
+ TODO: check
+CVE-2015-4238 (The SNMP implementation in Cisco Adaptive Security Appliance (ASA) ...)
+ TODO: check
+CVE-2015-4237 (The CLI parser in Cisco NX-OS 4.1(2)E1(1), 6.2(11b), 6.2(12), ...)
+ TODO: check
CVE-2015-4236
RESERVED
CVE-2015-4235
RESERVED
-CVE-2015-4234
- RESERVED
+CVE-2015-4234 (Cisco NX-OS 6.0(2) and 6.2(2) on Nexus devices has an improper OS ...)
+ TODO: check
CVE-2015-4233 (SQL injection vulnerability in Cisco Unified MeetingPlace 8.6(1.2) ...)
TODO: check
-CVE-2015-4232
- RESERVED
-CVE-2015-4231
- RESERVED
+CVE-2015-4232 (Cisco NX-OS 6.2(10) on Nexus and MDS 9000 devices allows local users ...)
+ TODO: check
+CVE-2015-4231 (The Python interpreter in Cisco NX-OS 6.2(8a) on Nexus 7000 devices ...)
+ TODO: check
CVE-2015-4230
RESERVED
CVE-2015-4229 (The web framework in Cisco Unified Communications Domain Manager ...)
TODO: check
-CVE-2015-4228
- RESERVED
+CVE-2015-4228 (Cisco Digital Content Manager (DCM) 15.0.0 might allow remote ad ...)
+ TODO: check
CVE-2015-4227 (Memory leak in Cisco Headend System Release allows remote attackers to ...)
NOT-FOR-US: Cisco
CVE-2015-4226 (The packet-storing feature on Cisco 9900 phones with firmware 9.3(2) ...)
@@ -2468,8 +2467,8 @@
NOT-FOR-US: Cisco
CVE-2015-4197 (Cisco NX-OS 5.2(5) on Nexus 7000 devices allows remote attackers to ...)
NOT-FOR-US: Cisco
-CVE-2015-4196
- RESERVED
+CVE-2015-4196 (Platform Software before 4.4.5 in Cisco Unified Communications Domain ...)
+ TODO: check
CVE-2015-4195 (Cisco IOS XR 5.1.1.K9SEC allows remote authenticated users to cause a ...)
NOT-FOR-US: Cisco
CVE-2015-4194 (The web-based administrative interface in Cisco WebEx Meeting Center ...)
@@ -2737,8 +2736,8 @@
RESERVED
CVE-2015-4130
RESERVED
-CVE-2015-4129
- RESERVED
+CVE-2015-4129 (SQL injection vulnerability in Subrion CMS before 3.3.3 allows remote ...)
+ TODO: check
CVE-2015-4128
RESERVED
CVE-2015-4127 (Cross-site scripting (XSS) vulnerability in the church_admin plugin ...)
@@ -3833,148 +3832,148 @@
RESERVED
CVE-2015-3729
RESERVED
-CVE-2015-3728
- RESERVED
-CVE-2015-3727
- RESERVED
-CVE-2015-3726
- RESERVED
-CVE-2015-3725
- RESERVED
-CVE-2015-3724
- RESERVED
-CVE-2015-3723
- RESERVED
-CVE-2015-3722
- RESERVED
-CVE-2015-3721
- RESERVED
-CVE-2015-3720
- RESERVED
-CVE-2015-3719
- RESERVED
-CVE-2015-3718
- RESERVED
-CVE-2015-3717
- RESERVED
-CVE-2015-3716
- RESERVED
-CVE-2015-3715
- RESERVED
-CVE-2015-3714
- RESERVED
-CVE-2015-3713
- RESERVED
-CVE-2015-3712
- RESERVED
-CVE-2015-3711
- RESERVED
-CVE-2015-3710
- RESERVED
-CVE-2015-3709
- RESERVED
-CVE-2015-3708
- RESERVED
-CVE-2015-3707
- RESERVED
-CVE-2015-3706
- RESERVED
-CVE-2015-3705
- RESERVED
-CVE-2015-3704
- RESERVED
-CVE-2015-3703
- RESERVED
-CVE-2015-3702
- RESERVED
-CVE-2015-3701
- RESERVED
-CVE-2015-3700
- RESERVED
-CVE-2015-3699
- RESERVED
-CVE-2015-3698
- RESERVED
-CVE-2015-3697
- RESERVED
-CVE-2015-3696
- RESERVED
-CVE-2015-3695
- RESERVED
-CVE-2015-3694
- RESERVED
-CVE-2015-3693
- RESERVED
-CVE-2015-3692
- RESERVED
-CVE-2015-3691
- RESERVED
-CVE-2015-3690
- RESERVED
-CVE-2015-3689
- RESERVED
-CVE-2015-3688
- RESERVED
-CVE-2015-3687
- RESERVED
-CVE-2015-3686
- RESERVED
-CVE-2015-3685
- RESERVED
-CVE-2015-3684
- RESERVED
-CVE-2015-3683
- RESERVED
-CVE-2015-3682
- RESERVED
-CVE-2015-3681
- RESERVED
-CVE-2015-3680
- RESERVED
-CVE-2015-3679
- RESERVED
-CVE-2015-3678
- RESERVED
-CVE-2015-3677
- RESERVED
-CVE-2015-3676
- RESERVED
-CVE-2015-3675
- RESERVED
-CVE-2015-3674
- RESERVED
-CVE-2015-3673
- RESERVED
-CVE-2015-3672
- RESERVED
-CVE-2015-3671
- RESERVED
+CVE-2015-3728 (The WiFi Connectivity feature in Apple iOS before 8.4 allows remote ...)
+ TODO: check
+CVE-2015-3727 (WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before ...)
+ TODO: check
+CVE-2015-3726 (The Telephony subsystem in Apple iOS before 8.4 allows physically ...)
+ TODO: check
+CVE-2015-3725 (MobileInstallation in Apple iOS before 8.4 does not ensure the ...)
+ TODO: check
+CVE-2015-3724 (CoreGraphics in Apple iOS before 8.4 allows remote attackers to ...)
+ TODO: check
+CVE-2015-3723 (CoreGraphics in Apple iOS before 8.4 allows remote attackers to ...)
+ TODO: check
+CVE-2015-3722 (Application Store in Apple iOS before 8.4 does not ensure the ...)
+ TODO: check
+CVE-2015-3721 (The kernel in Apple iOS before 8.4 and OS X before 10.10.4 does not ...)
+ TODO: check
+CVE-2015-3720 (The kernel in Apple OS X before 10.10.4 does not properly manage ...)
+ TODO: check
+CVE-2015-3719 (TrueTypeScaler in FontParser in Apple iOS before 8.4 and OS X before ...)
+ TODO: check
+CVE-2015-3718 (systemstatsd in the System Stats subsystem in Apple OS X before ...)
+ TODO: check
+CVE-2015-3717 (Multiple buffer overflows in the printf functionality in SQLite, as ...)
+ TODO: check
+CVE-2015-3716 (Spotlight in Apple OS X before 10.10.4 allows attackers to execute ...)
+ TODO: check
+CVE-2015-3715 (The code-signing implementation in Apple OS X before 10.10.4 does not ...)
+ TODO: check
+CVE-2015-3714 (Apple OS X before 10.10.4 does not properly consider custom resource ...)
+ TODO: check
+CVE-2015-3713 (QuickTime in Apple OS X before 10.10.4 allows remote attackers to ...)
+ TODO: check
+CVE-2015-3712 (The NVIDIA graphics driver in Apple OS X before 10.10.4 allows ...)
+ TODO: check
+CVE-2015-3711 (The NTFS implementation in Apple OS X before 10.10.4 allows attackers ...)
+ TODO: check
+CVE-2015-3710 (Mail in Apple iOS before 8.4 and OS X before 10.10.4 allows remote ...)
+ TODO: check
+CVE-2015-3709 (Race condition in kext tools in Apple OS X before 10.10.4 allows local ...)
+ TODO: check
+CVE-2015-3708 (kextd in kext tools in Apple OS X before 10.10.4 allows attackers to ...)
+ TODO: check
+CVE-2015-3707 (The FireWire driver in IOFireWireFamily in Apple OS X before 10.10.4 ...)
+ TODO: check
+CVE-2015-3706 (IOAcceleratorFamily in Apple OS X before 10.10.4 allows attackers to ...)
+ TODO: check
+CVE-2015-3705 (IOAcceleratorFamily in Apple OS X before 10.10.4 allows attackers to ...)
+ TODO: check
+CVE-2015-3704 (runner in Install.framework in the Install Framework Legacy subsystem ...)
+ TODO: check
+CVE-2015-3703 (ImageIO in Apple iOS before 8.4 and OS X before 10.10.4 allows remote ...)
+ TODO: check
+CVE-2015-3702 (Buffer overflow in the Intel Graphics Driver in Apple OS X before ...)
+ TODO: check
+CVE-2015-3701 (Buffer overflow in the Intel Graphics Driver in Apple OS X before ...)
+ TODO: check
+CVE-2015-3700 (Buffer overflow in the Intel Graphics Driver in Apple OS X before ...)
+ TODO: check
+CVE-2015-3699 (Buffer overflow in the Intel Graphics Driver in Apple OS X before ...)
+ TODO: check
+CVE-2015-3698 (Buffer overflow in the Intel Graphics Driver in Apple OS X before ...)
+ TODO: check
+CVE-2015-3697 (Buffer overflow in the Intel Graphics Driver in Apple OS X before ...)
+ TODO: check
+CVE-2015-3696 (Buffer overflow in the Intel Graphics Driver in Apple OS X before ...)
+ TODO: check
+CVE-2015-3695 (Buffer overflow in the Intel Graphics Driver in Apple OS X before ...)
+ TODO: check
+CVE-2015-3694 (FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows ...)
+ TODO: check
+CVE-2015-3693 (Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and ...)
+ TODO: check
+CVE-2015-3692 (Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and ...)
+ TODO: check
+CVE-2015-3691 (The Monitor Control Command Set kernel extension in the Display ...)
+ TODO: check
+CVE-2015-3690 (The DiskImages subsystem in Apple iOS before 8.4 and OS X before ...)
+ TODO: check
+CVE-2015-3689 (CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote ...)
+ TODO: check
+CVE-2015-3688 (CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote ...)
+ TODO: check
+CVE-2015-3687 (CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote ...)
+ TODO: check
+CVE-2015-3686 (CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote ...)
+ TODO: check
+CVE-2015-3685 (CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote ...)
+ TODO: check
+CVE-2015-3684 (The HTTPAuthentication implementation in CFNetwork in Apple iOS before ...)
+ TODO: check
+CVE-2015-3683 (The Bluetooth HCI interface implementation in Apple OS X before ...)
+ TODO: check
+CVE-2015-3682 (Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote ...)
+ TODO: check
+CVE-2015-3681 (Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote ...)
+ TODO: check
+CVE-2015-3680 (Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote ...)
+ TODO: check
+CVE-2015-3679 (Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote ...)
+ TODO: check
+CVE-2015-3678 (AppleThunderboltEDMService in Apple OS X before 10.10.4 allows local ...)
+ TODO: check
+CVE-2015-3677 (The LZVN compression feature in AppleFSCompression in Apple OS X ...)
+ TODO: check
+CVE-2015-3676 (AppleGraphicsControl in Apple OS X before 10.10.4 allows attackers to ...)
+ TODO: check
+CVE-2015-3675 (The default configuration of the Apache HTTP Server on Apple OS X ...)
+ TODO: check
+CVE-2015-3674 (afpserver in Apple OS X before 10.10.4 allows remote attackers to ...)
+ TODO: check
+CVE-2015-3673 (Admin Framework in Apple OS X before 10.10.4 does not properly ...)
+ TODO: check
+CVE-2015-3672 (Admin Framework in Apple OS X before 10.10.4 does not properly handle ...)
+ TODO: check
+CVE-2015-3671 (Admin Framework in Apple OS X before 10.10.4 does not properly verify ...)
+ TODO: check
CVE-2015-3670
RESERVED
-CVE-2015-3669
- RESERVED
-CVE-2015-3668
- RESERVED
-CVE-2015-3667
- RESERVED
-CVE-2015-3666
- RESERVED
-CVE-2015-3665
- RESERVED
-CVE-2015-3664
- RESERVED
-CVE-2015-3663
- RESERVED
-CVE-2015-3662
- RESERVED
-CVE-2015-3661
- RESERVED
-CVE-2015-3660
- RESERVED
-CVE-2015-3659
- RESERVED
-CVE-2015-3658
- RESERVED
+CVE-2015-3669 (QT Media Foundation in Apple QuickTime before 7.7.7 allows remote ...)
+ TODO: check
+CVE-2015-3668 (QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X ...)
+ TODO: check
+CVE-2015-3667 (QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X ...)
+ TODO: check
+CVE-2015-3666 (QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X ...)
+ TODO: check
+CVE-2015-3665 (QT Media Foundation in Apple QuickTime before 7.7.7 allows remote ...)
+ TODO: check
+CVE-2015-3664 (QT Media Foundation in Apple QuickTime before 7.7.7 allows remote ...)
+ TODO: check
+CVE-2015-3663 (QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X ...)
+ TODO: check
+CVE-2015-3662 (QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X ...)
+ TODO: check
+CVE-2015-3661 (QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X ...)
+ TODO: check
+CVE-2015-3660 (Cross-site scripting (XSS) vulnerability in the PDF functionality in ...)
+ TODO: check
+CVE-2015-3659 (The SQLite authorizer in the Storage functionality in WebKit in Apple ...)
+ TODO: check
+CVE-2015-3658 (The Page Loading functionality in WebKit in Apple Safari before 6.2.7, ...)
+ TODO: check
CVE-2015-3657
RESERVED
CVE-2015-3656
@@ -4601,7 +4600,7 @@
CVE-2015-3457 (Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) ...)
NOT-FOR-US: Magento
CVE-2015-3456 (The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and ...)
- {DSA-3274-1 DSA-3262-1 DSA-3259-1 DLA-249-1 DLA-248-1}
+ {DSA-3274-1 DSA-3262-1 DSA-3259-1 DLA-268-1 DLA-249-1 DLA-248-1}
- qemu 1:2.3+dfsg-3
NOTE: qemu 1:2.3+dfsg-3 is pending in the NEW queue
[wheezy] - qemu 1.1.2+dfsg-6a+deb7u7
@@ -4654,8 +4653,8 @@
RESERVED
CVE-2015-3444
RESERVED
-CVE-2015-3443
- RESERVED
+CVE-2015-3443 (Cross-site scripting (XSS) vulnerability in the basic dashboard in ...)
+ TODO: check
CVE-2015-3442
RESERVED
CVE-2015-3441
@@ -5432,8 +5431,7 @@
- libreswan <itp> (bug #773459)
CVE-2015-3203
RESERVED
-CVE-2015-3202
- RESERVED
+CVE-2015-3202 (fusermount in FUSE before 2.9.3-15 does not properly clear the ...)
{DSA-3268-2 DSA-3268-1 DSA-3266-1 DLA-238-1 DLA-226-2 DLA-226-1}
- fuse 2.9.3-16 (bug #786439)
NOTE: Upstream fix: http://sourceforge.net/p/fuse/fuse/ci/fe2d96/
@@ -6105,8 +6103,8 @@
TODO: check
CVE-2015-2965 (Directory traversal vulnerability in osCommerce Japanese 2.2ms1j-R8 ...)
NOT-FOR-US: osCommerce Japanese
-CVE-2015-2964
- RESERVED
+CVE-2015-2964 (NAMSHI | JOSE 5.0.0 and earlier allows remote attackers to bypass ...)
+ TODO: check
CVE-2015-2963
RESERVED
CVE-2015-2962 (CGI RESCUE BloBee 1.20 and earlier allows remote attackers to write to ...)
@@ -9065,8 +9063,8 @@
RESERVED
CVE-2015-1967 (MQ Explorer in IBM WebSphere MQ before 8.0.0.3 does not recognize the ...)
NOT-FOR-US: IBM
-CVE-2015-1966
- RESERVED
+CVE-2015-1966 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli ...)
+ TODO: check
CVE-2015-1965 (Stack-based buffer overflow in the server in IBM Tivoli Storage ...)
NOT-FOR-US: IBM
CVE-2015-1964 (Stack-based buffer overflow in the server in IBM Tivoli Storage ...)
@@ -9165,13 +9163,11 @@
RESERVED
CVE-2015-1917
RESERVED
-CVE-2015-1916
- RESERVED
+CVE-2015-1916 (Unspecified vulnerability in IBM Java 8 before SR1 allows remote ...)
NOT-FOR-US: IBM JDK
CVE-2015-1915 (The Endpoint Manager for Remote Control component in IBM Tivoli ...)
NOT-FOR-US: IBM
-CVE-2015-1914
- RESERVED
+CVE-2015-1914 (IBM Java 7 R1 before SR3, 7 before SR9, 6 R1 before SR8 FP4, 6 before ...)
NOT-FOR-US: IBM JDK
CVE-2015-1913 (Rational Test Control Panel in IBM Rational Test Workbench and ...)
NOT-FOR-US: IBM
@@ -14318,27 +14314,24 @@
[wheezy] - mpg123 <no-dsa> (Minor issue)
[squeeze] - mpg123 <not-affected> (Introduced in 1.14.1)
NOTE: http://sourceforge.net/p/mpg123/bugs/201/
-CVE-2015-0551
- RESERVED
+CVE-2015-0551 (Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum ...)
NOT-FOR-US: EMC Documentum WebTop Client
CVE-2015-0550 (Directory traversal vulnerability in EMC Documentum Thumbnail Server ...)
NOT-FOR-US: EMC Documentum Thumbnail Server
CVE-2015-0549 (Cross-site scripting (XSS) vulnerability in EMC Documentum D2 before ...)
NOT-FOR-US: EMC Documentum D2
-CVE-2015-0548
- RESERVED
+CVE-2015-0548 (The D2DownloadService.getDownloadUrls service method in EMC Documentum ...)
NOT-FOR-US: EMC Documentum D2
-CVE-2015-0547
- RESERVED
+CVE-2015-0547 (The D2CenterstageService.getComments service method in EMC Documentum ...)
NOT-FOR-US: EMC Documentum D2
CVE-2015-0546 (EMC Unified Infrastructure Manager/Provisioning (UIM/P) 4.1 allows ...)
NOT-FOR-US: EMC Unified Infrastructure Manager/Provisioning
CVE-2015-0545 (EMC Unisphere for VMAX 8.x before 8.0.3.4 sets up the Java Debugging ...)
NOT-FOR-US: EMC Unisphere
-CVE-2015-0544
- RESERVED
-CVE-2015-0543
- RESERVED
+CVE-2015-0544 (EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 ...)
+ TODO: check
+CVE-2015-0543 (EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 ...)
+ TODO: check
CVE-2015-0542
RESERVED
CVE-2015-0541 (Cross-site request forgery (CSRF) vulnerability in EMC RSA Web Threat ...)
@@ -14680,7 +14673,7 @@
CVE-2015-0419 (Unspecified vulnerability in the Siebel UI Framework component in ...)
NOT-FOR-US: Oracle
CVE-2015-0418 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
- {DSA-3143-1}
+ {DSA-3143-1 DLA-268-1}
- virtualbox 4.3.2-dfsg-1 (low; bug #775888)
- virtualbox-ose <removed> (low)
NOTE: This only affects releases < 4.3, so marking the first 4.3 upload as the fixed version
@@ -14819,7 +14812,7 @@
CVE-2015-0378 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...)
NOT-FOR-US: Oracle Sun Solaris
CVE-2015-0377 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
- {DSA-3143-1}
+ {DSA-3143-1 DLA-268-1}
- virtualbox 4.3.2-dfsg-1 (bug #775888)
- virtualbox-ose <removed>
NOTE: According to http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html the 4.3
@@ -16652,8 +16645,7 @@
RESERVED
CVE-2015-0193 (Cross-site scripting (XSS) vulnerability in IBM Business Process ...)
NOT-FOR-US: IBM Business Process Manager
-CVE-2015-0192
- RESERVED
+CVE-2015-0192 (Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 ...)
NOT-FOR-US: IBM JDK
CVE-2015-0191
REJECTED
More information about the Secure-testing-commits
mailing list