[Secure-testing-commits] r35542 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Sat Jul 18 09:10:27 UTC 2015
Author: sectracker
Date: 2015-07-18 09:10:27 +0000 (Sat, 18 Jul 2015)
New Revision: 35542
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-07-18 08:36:41 UTC (rev 35541)
+++ data/CVE/list 2015-07-18 09:10:27 UTC (rev 35542)
@@ -1,3 +1,19 @@
+CVE-2015-5536
+ RESERVED
+CVE-2015-5535
+ RESERVED
+CVE-2015-5534
+ RESERVED
+CVE-2015-5533
+ RESERVED
+CVE-2015-5532
+ RESERVED
+CVE-2015-5530 (Multiple cross-site request forgery (CSRF) vulnerabilities in Free ...)
+ TODO: check
+CVE-2015-5529 (Multiple cross-site scripting (XSS) vulnerabilities in Free ...)
+ TODO: check
+CVE-2015-5528 (Cross-site scripting (XSS) vulnerability in the save_order function in ...)
+ TODO: check
CVE-2015-XXXX [d-i uses preseed data from DHCP when installing from DVD]
- debian-installer <unfixed> (low; bug #788634)
[jessie] - debian-installer <no-dsa> (Can only be fixed through point updates when new images are created)
@@ -16,6 +32,7 @@
CVE-2015-5524
RESERVED
CVE-2015-5531 [Directory traversal vulnerability]
+ RESERVED
- elasticsearch 1.6.1+dfsg-1 (bug #792617)
NOTE: https://www.elastic.co/blog/elasticsearch-1-7-0-and-1-6-1-released#security
CVE-2015-5521 (Cross-site scripting (XSS) vulnerability in BlackCat CMS 1.1.2 allows ...)
@@ -318,8 +335,8 @@
RESERVED
CVE-2015-5387
RESERVED
-CVE-2015-5386
- RESERVED
+CVE-2015-5386 (Siemens SICAM MIC devices with firmware before 2404 allow remote ...)
+ TODO: check
CVE-2015-5385
RESERVED
CVE-2015-5384
@@ -426,6 +443,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2015/07/06/10
NOTE: http://trac.roundcube.net/ticket/1490417
CVE-2015-5400 [Do not blindly forward cache peer CONNECT responses]
+ RESERVED
- squid <removed>
- squid3 <unfixed>
[squeeze] - squid <not-affected> (Vulnerable code not present)
@@ -440,20 +458,20 @@
NOTE: http://www.openwall.com/lists/oss-security/2015/07/05/1
CVE-2015-5365 (Cross-site scripting (XSS) vulnerability in Zurmo CRM 3.0.2 allows ...)
TODO: check
-CVE-2015-5363
- RESERVED
+CVE-2015-5363 (The SRX Network Security Daemon (nsd) in Juniper SRX Series services ...)
+ TODO: check
CVE-2015-5362 (The BFD daemon in Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 ...)
TODO: check
CVE-2015-5361
RESERVED
-CVE-2015-5360
- RESERVED
+CVE-2015-5360 (IPv6 sendd in Juniper Junos 12.1X44 before 12.1X44-D51, 12.1X46 before ...)
+ TODO: check
CVE-2015-5359 (Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before ...)
TODO: check
CVE-2015-5358 (Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before ...)
TODO: check
-CVE-2015-5357
- RESERVED
+CVE-2015-5357 (The Juniper EX4600, QFX3500, QFX3600, and QFX5100 switches with Junos ...)
+ TODO: check
CVE-2015-5356 (Cross-site scripting (XSS) vulnerability in admin/filebrowser.php in ...)
NOT-FOR-US: GetSimple CMS
CVE-2015-5355 (Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS ...)
@@ -1006,8 +1024,8 @@
RESERVED
CVE-2015-5082
RESERVED
-CVE-2015-5080
- RESERVED
+CVE-2015-5080 (The Management Interface in Citrix NetScaler Application Delivery ...)
+ TODO: check
CVE-2015-5079
RESERVED
CVE-2015-5078 (SQL injection vulnerability in the insert function in ...)
@@ -1723,6 +1741,7 @@
CVE-2015-4753 (Unspecified vulnerability in the RDBMS Support Tools component in ...)
TODO: check
CVE-2015-4752 (Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier ...)
+ {DSA-3308-1}
- mysql-5.6 5.6.25-2
- mysql-5.5 <unfixed> (bug #792445)
- mariadb-10.0 <undetermined>
@@ -1764,6 +1783,7 @@
CVE-2015-4738 (Unspecified vulnerability in the PeopleSoft Enterprise HCM Candidate ...)
TODO: check
CVE-2015-4737 (Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier, ...)
+ {DSA-3308-1}
- mysql-5.6 5.6.25-2
- mysql-5.5 <unfixed> (bug #792445)
- mariadb-10.0 <undetermined>
@@ -2066,8 +2086,8 @@
RESERVED
CVE-2015-4638
RESERVED
-CVE-2015-4637
- RESERVED
+CVE-2015-4637 (The REST API in F5 BIG-IQ Cloud, Device, and Security 4.4.0 and 4.5.0 ...)
+ TODO: check
CVE-2015-4636
RESERVED
CVE-2015-4635
@@ -2268,11 +2288,9 @@
RESERVED
CVE-2015-4530
RESERVED
-CVE-2015-4529
- RESERVED
+CVE-2015-4529 (Open redirect vulnerability in EMC Documentum WebTop before 6.8P02, ...)
NOT-FOR-US: EMC Documentum WebTop
-CVE-2015-4528
- RESERVED
+CVE-2015-4528 (Cross-site scripting (XSS) vulnerability in EMC Documentum CenterStage ...)
NOT-FOR-US: EMC Documentum CenterStage
CVE-2015-4527
RESERVED
@@ -2396,8 +2414,8 @@
RESERVED
CVE-2015-4461
RESERVED
-CVE-2015-4460
- RESERVED
+CVE-2015-4460 (Cross-site request forgery (CSRF) vulnerability in ...)
+ TODO: check
CVE-2015-4459
RESERVED
CVE-2015-4458
@@ -2814,16 +2832,16 @@
RESERVED
CVE-2015-4279
RESERVED
-CVE-2015-4278
- RESERVED
+CVE-2015-4278 (Cisco Email Security Appliance (ESA) devices with software 8.5.6-106 ...)
+ TODO: check
CVE-2015-4277
RESERVED
-CVE-2015-4276
- RESERVED
-CVE-2015-4275
- RESERVED
-CVE-2015-4274
- RESERVED
+CVE-2015-4276 (Cisco WebEx Meetings Server 2.5MR1 allows remote authenticated users ...)
+ TODO: check
+CVE-2015-4275 (The Packet Data Network Gateway (aka PGW) component on Cisco ASR 5000 ...)
+ TODO: check
+CVE-2015-4274 (Cross-site request forgery (CSRF) vulnerability in the web framework ...)
+ TODO: check
CVE-2015-4273 (The Packet Data Network Gateway (aka PGW) component on Cisco ASR 5000 ...)
TODO: check
CVE-2015-4272 (Multiple cross-site scripting (XSS) vulnerabilities in the ccmivr page ...)
@@ -2838,8 +2856,8 @@
TODO: check
CVE-2015-4267 (Cross-site request forgery (CSRF) vulnerability in the web framework ...)
TODO: check
-CVE-2015-4266
- RESERVED
+CVE-2015-4266 (The web interface in Cisco Identity Services Engine (ISE) 1.1(4.1), ...)
+ TODO: check
CVE-2015-4265
RESERVED
CVE-2015-4264
@@ -3081,11 +3099,13 @@
NOTE: inflatehd not installed into the Debian binary packages
CVE-2015-5523 [small file can lead to a 4 Gb allocation; potential DoS]
RESERVED
+ {DLA-273-1}
- tidy <unfixed> (bug #792571)
NOTE: https://github.com/htacg/tidy-html5/issues/217#issuecomment-108565501
NOTE: http://www.openwall.com/lists/oss-security/2015/06/04/2
CVE-2015-5522 [AddressSanitizer: heap-buffer-overflow WRITE of size 1]
RESERVED
+ {DLA-273-1}
- tidy <unfixed> (bug #792571)
NOTE: https://github.com/htacg/tidy-html5/issues/217
NOTE: http://www.openwall.com/lists/oss-security/2015/06/04/2
@@ -4735,8 +4755,8 @@
NOT-FOR-US: Ektron Content Management System
CVE-2015-3623
RESERVED
-CVE-2015-3621
- RESERVED
+CVE-2015-3621 (Untrusted search path vulnerability in SAP Enterprise Central ...)
+ TODO: check
CVE-2015-3620 (Cross-site scripting (XSS) vulnerability in the advanced dataset ...)
NOT-FOR-US: Fortinet FortiAnalyzer
CVE-2015-3619
@@ -5158,8 +5178,8 @@
RESERVED
CVE-2015-3450
RESERVED
-CVE-2015-3449
- RESERVED
+CVE-2015-3449 (The Windows client in SAP Afaria 7.0.6398.0 uses weak permissions ...)
+ TODO: check
CVE-2015-3448 (REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and ...)
- ruby-rest-client 1.8.0-1
[jessie] - ruby-rest-client <no-dsa> (Minor issue, logging not enabled by default)
@@ -5729,8 +5749,7 @@
RESERVED
CVE-2015-3260
RESERVED
-CVE-2015-3259
- RESERVED
+CVE-2015-3259 (Stack-based buffer overflow in the xl command line utility in Xen ...)
- xen <unfixed> (low)
[jessie] - xen <no-dsa> (Can be fixed along with a future DSA)
[wheezy] - xen <no-dsa> (Can be fixed along with a future DSA)
@@ -7742,6 +7761,7 @@
CVE-2015-2649 (Unspecified vulnerability in the Siebel UI Framework component in ...)
TODO: check
CVE-2015-2648 (Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier ...)
+ {DSA-3308-1}
- mysql-5.6 5.6.25-2
- mysql-5.5 <unfixed> (bug #792445)
- mariadb-10.0 <undetermined>
@@ -7755,6 +7775,7 @@
CVE-2015-2644 (Unspecified vulnerability in the Oracle Agile PLM Framework component ...)
TODO: check
CVE-2015-2643 (Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier ...)
+ {DSA-3308-1}
- mysql-5.6 5.6.25-2
- mysql-5.5 <unfixed> (bug #792445)
- mariadb-10.0 <undetermined>
@@ -7836,6 +7857,7 @@
NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
NOTE: "Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."
CVE-2015-2620 (Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier ...)
+ {DSA-3308-1}
- mysql-5.6 5.6.25-2
- mysql-5.5 <unfixed> (bug #792445)
- mariadb-10.0 <undetermined>
@@ -7939,6 +7961,7 @@
CVE-2015-2583 (Unspecified vulnerability in the Data Store component in Oracle ...)
TODO: check
CVE-2015-2582 (Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier ...)
+ {DSA-3308-1}
- mysql-5.6 5.6.25-2
- mysql-5.5 <unfixed> (bug #792445)
- mariadb-10.0 <undetermined>
@@ -10084,8 +10107,7 @@
NOTE: https://issues.apache.org/jira/browse/JCR-3883
CVE-2015-1832
RESERVED
-CVE-2015-1831
- RESERVED
+CVE-2015-1831 (The default exclude patterns (excludeParams) in Apache Struts 2.3.20 ...)
- libstruts1.2-java <not-affected> (Affects only 2.3.20)
NOTE: https://struts.apache.org/docs/s2-024.html
CVE-2015-1830
@@ -13966,8 +13988,7 @@
NOT-FOR-US: Cisco
CVE-2015-0726 (The web administration interface on Cisco Wireless LAN Controller ...)
NOT-FOR-US: Cisco
-CVE-2015-0725
- RESERVED
+CVE-2015-0725 (Cisco Videoscape Distribution Suite Service Broker (aka VDS-SB), when ...)
NOT-FOR-US: Cisco
CVE-2015-0724 (Multiple cross-site scripting (XSS) vulnerabilities in dncs 7.0.0.12 ...)
NOT-FOR-US: Cisco
More information about the Secure-testing-commits
mailing list