[Secure-testing-commits] r35607 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Tue Jul 21 21:10:19 UTC 2015
Author: sectracker
Date: 2015-07-21 21:10:19 +0000 (Tue, 21 Jul 2015)
New Revision: 35607
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-07-21 20:39:44 UTC (rev 35606)
+++ data/CVE/list 2015-07-21 21:10:19 UTC (rev 35607)
@@ -1,3 +1,143 @@
+CVE-2015-5609
+ RESERVED
+CVE-2015-5608
+ RESERVED
+CVE-2015-5606
+ RESERVED
+CVE-2015-5605
+ RESERVED
+CVE-2015-5604
+ RESERVED
+CVE-2015-5603
+ RESERVED
+CVE-2015-5602
+ RESERVED
+CVE-2015-5601
+ RESERVED
+CVE-2015-5600
+ RESERVED
+CVE-2015-5599
+ RESERVED
+CVE-2015-5598
+ RESERVED
+CVE-2015-5597
+ RESERVED
+CVE-2015-5596
+ RESERVED
+CVE-2015-5595
+ RESERVED
+CVE-2015-5594
+ RESERVED
+CVE-2015-5593
+ RESERVED
+CVE-2015-5592
+ RESERVED
+CVE-2015-5591
+ RESERVED
+CVE-2015-5588
+ RESERVED
+CVE-2015-5587
+ RESERVED
+CVE-2015-5586
+ RESERVED
+CVE-2015-5585
+ RESERVED
+CVE-2015-5584
+ RESERVED
+CVE-2015-5583
+ RESERVED
+CVE-2015-5582
+ RESERVED
+CVE-2015-5581
+ RESERVED
+CVE-2015-5580
+ RESERVED
+CVE-2015-5579
+ RESERVED
+CVE-2015-5578
+ RESERVED
+CVE-2015-5577
+ RESERVED
+CVE-2015-5576
+ RESERVED
+CVE-2015-5575
+ RESERVED
+CVE-2015-5574
+ RESERVED
+CVE-2015-5573
+ RESERVED
+CVE-2015-5572
+ RESERVED
+CVE-2015-5571
+ RESERVED
+CVE-2015-5570
+ RESERVED
+CVE-2015-5569
+ RESERVED
+CVE-2015-5568
+ RESERVED
+CVE-2015-5567
+ RESERVED
+CVE-2015-5566
+ RESERVED
+CVE-2015-5565
+ RESERVED
+CVE-2015-5564
+ RESERVED
+CVE-2015-5563
+ RESERVED
+CVE-2015-5562
+ RESERVED
+CVE-2015-5561
+ RESERVED
+CVE-2015-5560
+ RESERVED
+CVE-2015-5559
+ RESERVED
+CVE-2015-5558
+ RESERVED
+CVE-2015-5557
+ RESERVED
+CVE-2015-5556
+ RESERVED
+CVE-2015-5555
+ RESERVED
+CVE-2015-5554
+ RESERVED
+CVE-2015-5553
+ RESERVED
+CVE-2015-5552
+ RESERVED
+CVE-2015-5551
+ RESERVED
+CVE-2015-5550
+ RESERVED
+CVE-2015-5549
+ RESERVED
+CVE-2015-5548
+ RESERVED
+CVE-2015-5547
+ RESERVED
+CVE-2015-5546
+ RESERVED
+CVE-2015-5545
+ RESERVED
+CVE-2015-5544
+ RESERVED
+CVE-2015-5543
+ RESERVED
+CVE-2015-5542
+ RESERVED
+CVE-2015-5541
+ RESERVED
+CVE-2015-5540
+ RESERVED
+CVE-2015-5539
+ RESERVED
+CVE-2015-5538
+ RESERVED
+CVE-2015-5537
+ RESERVED
CVE-2015-XXXX [more to CVE-2014-8146]
- icu <unfixed>
NOTE: https://bugs.mageia.org/show_bug.cgi?id=15852#c2
@@ -44,11 +184,13 @@
NOTE: http://bugs.cacti.net/view.php?id=2574
NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7731
CVE-2015-5590 [Buffer overflow and stack smashing error in phar_fix_filepath]
+ RESERVED
- php5 5.6.11+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=69923
NOTE: http://git.php.net/?p=php-src.git;a=commit;h=6dedeb40db13971af45276f80b5375030aa7e76f
NOTE: Fixed in 5.6.11, 5.4.43
CVE-2015-5589 [Segfault in Phar::convertToData on invalid file]
+ RESERVED
- php5 5.6.11+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=69958
NOTE: http://git.php.net/?p=php-src.git;a=commit;h=bf58162ddf970f63502837f366930e44d6a992cf
@@ -220,6 +362,7 @@
CVE-2015-5462
RESERVED
CVE-2015-5607 [IPython CSRF validation]
+ RESERVED
- ipython <unfixed> (bug #793123)
[jessie] - ipython <no-dsa> (Minor issue)
[wheezy] - ipython <no-dsa> (Minor issue)
@@ -412,8 +555,8 @@
RESERVED
CVE-2015-5375
RESERVED
-CVE-2015-5374
- RESERVED
+CVE-2015-5374 (The EN100 module with firmware before 4.25 for Siemens SIPROTEC 4 and ...)
+ TODO: check
CVE-2015-5373
RESERVED
CVE-2015-5372
@@ -995,8 +1138,7 @@
RESERVED
CVE-2015-5125
RESERVED
-CVE-2015-5124
- RESERVED
+CVE-2015-5124 (Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before ...)
NOT-FOR-US: Adobe Flash Player
CVE-2015-5123 (Use-after-free vulnerability in the BitmapData class in the ...)
NOT-FOR-US: Adobe Flash Player
@@ -2477,8 +2619,8 @@
TODO: check
CVE-2015-4459
RESERVED
-CVE-2015-4458
- RESERVED
+CVE-2015-4458 (The TLS implementation in the Cavium cryptographic-module firmware, as ...)
+ TODO: check
CVE-2014-9733
RESERVED
CVE-2015-4603 [exception::getTraceAsString issue]
@@ -2887,10 +3029,10 @@
RESERVED
CVE-2015-4281
RESERVED
-CVE-2015-4280
- RESERVED
-CVE-2015-4279
- RESERVED
+CVE-2015-4280 (Cisco Prime Collaboration Assurance 10.0 allows remote attackers to ...)
+ TODO: check
+CVE-2015-4279 (The Manager component in Cisco Unified Computing System (UCS) 2.2(3b) ...)
+ TODO: check
CVE-2015-4278 (Cisco Email Security Appliance (ESA) devices with software 8.5.6-106 ...)
TODO: check
CVE-2015-4277
@@ -3398,8 +3540,8 @@
RESERVED
CVE-2015-4112
RESERVED
-CVE-2015-4111
- RESERVED
+CVE-2015-4111 (mc_demux_mp4_ds.ax in an unspecified third-party codec demux in ...)
+ TODO: check
CVE-2015-4110
RESERVED
CVE-2015-4109 (Multiple SQL injection vulnerabilities in the ratings module in the ...)
@@ -4809,8 +4951,8 @@
NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/10
CVE-2015-3626
RESERVED
-CVE-2015-3625
- RESERVED
+CVE-2015-3625 (The NVIDIA GPU driver for FreeBSD R352 before 352.09, 346 before ...)
+ TODO: check
CVE-2015-3624 (Cross-site request forgery (CSRF) vulnerability in ...)
NOT-FOR-US: Ektron Content Management System
CVE-2015-3623
@@ -6137,8 +6279,7 @@
RESERVED
CVE-2015-3186
RESERVED
-CVE-2015-3185 [Replacement of ap_some_auth_required with new ap_some_authn_required and ap_force_authn hook]
- RESERVED
+CVE-2015-3185 (The ap_some_auth_required function in server/request.c in the Apache ...)
- apache2 <unfixed>
[wheezy] - apache2 <not-affected> (Bug introduced during 2.4 development)
[squeeze] - apache2 <not-affected> (Bug introduced during 2.4 development)
@@ -6148,8 +6289,7 @@
NOTE: Behavior changed in 2.4.x refactoring, API no longer usable in 2.4.x
CVE-2015-3184
RESERVED
-CVE-2015-3183 [Fix chunk header parsing defect]
- RESERVED
+CVE-2015-3183 (The chunked transfer coding implementation in the Apache HTTP Server ...)
- apache2 <unfixed>
NOTE: https://www.apache.org/dist/httpd/Announcement2.4.txt
NOTE: https://www.apache.org/dist/httpd/CHANGES_2.4.16
@@ -6756,10 +6896,10 @@
RESERVED
CVE-2015-2973
RESERVED
-CVE-2015-2972
- RESERVED
-CVE-2015-2971
- RESERVED
+CVE-2015-2972 (Multiple SQL injection vulnerabilities in Sysphonic Thetis before ...)
+ TODO: check
+CVE-2015-2971 (Directory traversal vulnerability in Seeds acmailer before 3.8.18 and ...)
+ TODO: check
CVE-2015-2970 (index.php in LEMON-S PHP Simple Oekaki BBS before 1.21 allows remote ...)
TODO: check
CVE-2015-2969 (Cross-site scripting (XSS) vulnerability in index.php in LEMON-S PHP ...)
@@ -7005,10 +7145,10 @@
REJECTED
CVE-2015-2864
RESERVED
-CVE-2015-2863
- RESERVED
-CVE-2015-2862
- RESERVED
+CVE-2015-2863 (Open redirect vulnerability in Kaseya Virtual System Administrator ...)
+ TODO: check
+CVE-2015-2862 (Directory traversal vulnerability in Kaseya Virtual System ...)
+ TODO: check
CVE-2015-2861 (Cross-site request forgery (CSRF) vulnerability in Vesta Control Panel ...)
NOT-FOR-US: Vesta Control Panel
CVE-2015-2860 (Directory traversal vulnerability in Avigilon Control Center (ACC) 4 ...)
@@ -8361,8 +8501,8 @@
RESERVED
CVE-2015-2427
RESERVED
-CVE-2015-2426
- RESERVED
+CVE-2015-2426 (Buffer underflow in atmfd.dll in the Windows Adobe Type Manager ...)
+ TODO: check
CVE-2015-2425 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2424 (Microsoft PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, ...)
@@ -8377,8 +8517,8 @@
RESERVED
CVE-2015-2419 (JScript 9 in Microsoft Internet Explorer 10 and 11 allows remote ...)
NOT-FOR-US: Microsoft Internet Explorer
-CVE-2015-2418
- RESERVED
+CVE-2015-2418 (Race condition in Microsoft Malicious Software Removal Tool (MSRT) ...)
+ TODO: check
CVE-2015-2417 (OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows ...)
NOT-FOR-US: Microsoft Windows
CVE-2015-2416 (OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows ...)
@@ -9767,18 +9907,18 @@
NOT-FOR-US: IBM
CVE-2015-1985
RESERVED
-CVE-2015-1984
- RESERVED
+CVE-2015-1984 (IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, ...)
+ TODO: check
CVE-2015-1983
RESERVED
-CVE-2015-1982
- RESERVED
+CVE-2015-1982 (IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, ...)
+ TODO: check
CVE-2015-1981 (Cross-site scripting (XSS) vulnerability in the web server in IBM ...)
NOT-FOR-US: IBM
-CVE-2015-1980
- RESERVED
-CVE-2015-1979
- RESERVED
+CVE-2015-1980 (IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, ...)
+ TODO: check
+CVE-2015-1979 (Multiple cross-site scripting (XSS) vulnerabilities in the Error ...)
+ TODO: check
CVE-2015-1978 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Security ...)
NOT-FOR-US: IBM
CVE-2015-1977
@@ -9799,8 +9939,8 @@
RESERVED
CVE-2015-1969
RESERVED
-CVE-2015-1968
- RESERVED
+CVE-2015-1968 (Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data ...)
+ TODO: check
CVE-2015-1967 (MQ Explorer in IBM WebSphere MQ before 8.0.0.3 does not recognize the ...)
NOT-FOR-US: IBM
CVE-2015-1966 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli ...)
@@ -9865,8 +10005,8 @@
NOT-FOR-US: IBM PowerVC
CVE-2015-1936 (The administrative console in IBM WebSphere Application Server (WAS) ...)
TODO: check
-CVE-2015-1935
- RESERVED
+CVE-2015-1935 (The scalar-function implementation in IBM DB2 9.7 through FP10, 9.8 ...)
+ TODO: check
CVE-2015-1934
RESERVED
CVE-2015-1933
@@ -9892,8 +10032,8 @@
NOT-FOR-US: IBM
CVE-2015-1923 (Buffer overflow in the server in IBM Tivoli Storage Manager FastBack ...)
NOT-FOR-US: IBM
-CVE-2015-1922
- RESERVED
+CVE-2015-1922 (The Data Movement implementation in IBM DB2 9.7 through FP10, 9.8 ...)
+ TODO: check
CVE-2015-1921 (Open redirect vulnerability in IBM WebSphere Portal 8.0.0 before ...)
NOT-FOR-US: IBM
CVE-2015-1920 (IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 ...)
@@ -9970,8 +10110,8 @@
NOT-FOR-US: IBM WebSphere Application Server
CVE-2015-1884 (Directory traversal vulnerability in IBM Business Process Manager ...)
NOT-FOR-US: IBM
-CVE-2015-1883
- RESERVED
+CVE-2015-1883 (IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 ...)
+ TODO: check
CVE-2015-1882 (Multiple race conditions in IBM WebSphere Application Server (WAS) 8.5 ...)
NOT-FOR-US: IBM WebSphere Application Server
CVE-2015-1880 (Cross-site scripting (XSS) vulnerability in sslvpn login page in ...)
@@ -13918,8 +14058,8 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-47/
CVE-2015-0796
RESERVED
-CVE-2015-0795
- RESERVED
+CVE-2015-0795 (Multiple stack-based buffer overflows in the SafeShellExecute method ...)
+ TODO: check
CVE-2015-0794
RESERVED
CVE-2015-0793
@@ -16187,8 +16327,8 @@
NOT-FOR-US: Schneider Electric
CVE-2014-9197 (The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware ...)
NOT-FOR-US: Schneider Electric
-CVE-2014-9196
- RESERVED
+CVE-2014-9196 (Eaton Cooper Power Systems ProView 4.0 and 5.0 before 5.0 11 on Form 6 ...)
+ TODO: check
CVE-2014-9195 (Phoenix Contact ProConOs and MultiProg do not require authentication, ...)
NOT-FOR-US: Phoenix Contact ProConOs and MultiProg
CVE-2014-9194 (Arbiter 1094B GPS Substation Clock allows remote attackers to cause a ...)
@@ -17157,8 +17297,7 @@
- jakarta-taglibs-standard 1.1.2-3 (bug #779621)
[wheezy] - jakarta-taglibs-standard <no-dsa> (Minor issue)
NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=57560
-CVE-2015-0253
- RESERVED
+CVE-2015-0253 (The read_request_line function in server/protocol.c in the Apache HTTP ...)
- apache2 <not-affected> (Vulnerable version 2.4.11 never in Debian)
CVE-2015-0252 (internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote ...)
{DSA-3199-1 DLA-181-1}
@@ -17469,8 +17608,8 @@
REJECTED
CVE-2015-0158 (Cross-site scripting (XSS) vulnerability in the Coach NG framework in ...)
NOT-FOR-US: IBM Business Process Manager
-CVE-2015-0157
- RESERVED
+CVE-2015-0157 (IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 ...)
+ TODO: check
CVE-2015-0156 (Cross-site scripting (XSS) vulnerability in IBM Business Process ...)
NOT-FOR-US: IBM
CVE-2015-0155
@@ -17523,8 +17662,8 @@
NOT-FOR-US: IBM
CVE-2015-0131 (Cross-site scripting (XSS) vulnerability in IBM Leads 7.x, 8.1.0 ...)
NOT-FOR-US: IBM
-CVE-2015-0130
- RESERVED
+CVE-2015-0130 (Cross-site scripting (XSS) vulnerability in Jazz Team Server in Jazz ...)
+ TODO: check
CVE-2015-0129 (Cross-site scripting (XSS) vulnerability in IBM Rational Quality ...)
NOT-FOR-US: IBM Rational Quality Manager
CVE-2015-0128 (Cross-site scripting (XSS) vulnerability in IBM Rational Quality ...)
@@ -17966,8 +18105,8 @@
RESERVED
CVE-2014-8911 (Cross-site scripting (XSS) vulnerability in IBM Content Navigator ...)
NOT-FOR-US: IBM Content Navigator
-CVE-2014-8910
- RESERVED
+CVE-2014-8910 (IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 ...)
+ TODO: check
CVE-2014-8909 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal ...)
NOT-FOR-US: IBM WebSphere Portal
CVE-2014-8908
More information about the Secure-testing-commits
mailing list