[Secure-testing-commits] r35397 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Thu Jul 9 21:10:14 UTC 2015
Author: sectracker
Date: 2015-07-09 21:10:13 +0000 (Thu, 09 Jul 2015)
New Revision: 35397
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-07-09 17:55:44 UTC (rev 35396)
+++ data/CVE/list 2015-07-09 21:10:13 UTC (rev 35397)
@@ -1,3 +1,25 @@
+CVE-2015-5461 (Open redirect vulnerability in the Redirect function in ...)
+ TODO: check
+CVE-2015-5460 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2015-5459 (SQL injection vulnerability in the AdvanceSearch.class in ...)
+ TODO: check
+CVE-2015-5458 (Session fixation vulnerability in fileupload.php in PivotX before ...)
+ TODO: check
+CVE-2015-5457 (PivotX before 2.3.11 does not validate the new file extension when ...)
+ TODO: check
+CVE-2015-5456 (Cross-site scripting (XSS) vulnerability in the form method in ...)
+ TODO: check
+CVE-2015-5455 (Cross-site scripting (XSS) vulnerability in X-Cart 4.5.0 and earlier ...)
+ TODO: check
+CVE-2015-5454 (Cross-site scripting (XSS) vulnerability in Nucleus CMS 3.65 allows ...)
+ TODO: check
+CVE-2015-5453 (Watchguard XCS 9.2 and 10.0 before build 150522 allow remote ...)
+ TODO: check
+CVE-2015-5452 (SQL injection vulnerability in Watchguard XCS 9.2 and 10.0 before ...)
+ TODO: check
+CVE-2014-9741 (Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for ...)
+ TODO: check
CVE-2015-5451
RESERVED
CVE-2015-5450
@@ -241,7 +263,7 @@
NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13856.patch
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/07/06/8
TODO: check
-CVE-2015-5380 [nodejs OOB write in utf8]
+CVE-2015-5380 (The Utf8DecoderBase::WriteUtf16Slow function in unicode-decoder.cc in ...)
- nodejs <not-affected> (Only affects 0.12.x)
NOTE: http://www.openwall.com/lists/oss-security/2015/07/05/1
CVE-2015-5365 (Cross-site scripting (XSS) vulnerability in Zurmo CRM 3.0.2 allows ...)
@@ -736,8 +758,7 @@
RESERVED
CVE-2015-5120
RESERVED
-CVE-2015-5119
- RESERVED
+CVE-2015-5119 (Use-after-free vulnerability in the ByteArray class in the ...)
NOT-FOR-US: Adobe Flash Player
CVE-2015-5118
RESERVED
@@ -1852,8 +1873,7 @@
RESERVED
CVE-2015-4621
RESERVED
-CVE-2015-4620 [Specially Constructed Zone Data Can Cause a Resolver to Crash when Validating]
- RESERVED
+CVE-2015-4620 (name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and ...)
{DSA-3304-1}
- bind9 1:9.9.5.dfsg-10 (bug #791715)
NOTE: https://kb.isc.org/article/AA-01267
@@ -1863,12 +1883,12 @@
RESERVED
CVE-2015-4617
RESERVED
-CVE-2015-4616
- RESERVED
+CVE-2015-4616 (Directory traversal vulnerability in includes/MapPinImageSave.php in ...)
+ TODO: check
CVE-2015-4615
RESERVED
-CVE-2015-4614
- RESERVED
+CVE-2015-4614 (Multiple SQL injection vulnerabilities in includes/Function.php in the ...)
+ TODO: check
CVE-2015-4613 (SQL injection vulnerability in the backend module in the Developer Log ...)
NOT-FOR-US: TYPO3 extension devlog
CVE-2015-4612 (SQL injection vulnerability in the "FAQ - Frequently Asked Questions" ...)
@@ -2638,14 +2658,14 @@
RESERVED
CVE-2015-4244
RESERVED
-CVE-2015-4243
- RESERVED
-CVE-2015-4242
- RESERVED
-CVE-2015-4241
- RESERVED
-CVE-2015-4240
- RESERVED
+CVE-2015-4243 (The PPPoE establishment implementation in Cisco IOS XE 3.5.0S on ASR ...)
+ TODO: check
+CVE-2015-4242 (Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT ...)
+ TODO: check
+CVE-2015-4241 (Cisco Adaptive Security Appliance (ASA) Software 9.3(2) allows remote ...)
+ TODO: check
+CVE-2015-4240 (Cisco IP Communicator 8.6(4) allows remote attackers to cause a denial ...)
+ TODO: check
CVE-2015-4239 (Cisco Adaptive Security Appliance (ASA) Software 9.3(2.243) and ...)
TODO: check
CVE-2015-4238 (The SNMP implementation in Cisco Adaptive Security Appliance (ASA) ...)
@@ -6634,8 +6654,8 @@
RESERVED
CVE-2015-2867
RESERVED
-CVE-2015-2866
- RESERVED
+CVE-2015-2866 (SQL injection vulnerability on the Grandstream GXV3611_HD camera with ...)
+ TODO: check
CVE-2015-2865
REJECTED
CVE-2015-2864
@@ -9843,8 +9863,7 @@
NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#ntpd_accepts_unauthenticated_pac
CVE-2015-1797
RESERVED
-CVE-2015-1796 [PKIX Trust Engines Exhibit Critical Flaw In Trusted Names Evaluation]
- RESERVED
+CVE-2015-1796 (The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 ...)
- libopensaml2-java <removed> (bug #780383)
NOTE: Only change between 2.6.4 and 2.6.5 seems http://svn.shibboleth.net/view/java-opensaml2/branches/REL_2/src/main/java/org/opensaml/saml2/metadata/provider/AbstractReloadingMetadataProvider.java?r1=1656&r2=1680
NOTE: http://shibboleth.net/community/advisories/secadv_20150225.txt
@@ -19417,8 +19436,7 @@
{DSA-3287-1 DLA-247-1}
- openssl 1.0.1h-1
NOTE: http://openssl.org/news/secadv_20150611.txt
-CVE-2014-8175
- RESERVED
+CVE-2014-8175 (Red Hat JBoss Fuse before 6.2.0 allows remote authenticated users to ...)
NOT-FOR-US: JBoss Fuse
CVE-2014-8174
RESERVED
More information about the Secure-testing-commits
mailing list