[Secure-testing-commits] r35767 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Tue Jul 28 21:10:15 UTC 2015
Author: sectracker
Date: 2015-07-28 21:10:15 +0000 (Tue, 28 Jul 2015)
New Revision: 35767
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-07-28 19:57:09 UTC (rev 35766)
+++ data/CVE/list 2015-07-28 21:10:15 UTC (rev 35767)
@@ -1,3 +1,133 @@
+CVE-2015-5688
+ RESERVED
+CVE-2015-5687
+ RESERVED
+CVE-2015-5686
+ RESERVED
+CVE-2015-5685
+ RESERVED
+CVE-2015-5684
+ RESERVED
+CVE-2015-5683
+ RESERVED
+CVE-2015-5682
+ RESERVED
+CVE-2015-5681
+ RESERVED
+CVE-2015-5680
+ RESERVED
+CVE-2015-5679
+ RESERVED
+CVE-2015-5678
+ RESERVED
+CVE-2015-5677
+ RESERVED
+CVE-2015-5676
+ RESERVED
+CVE-2015-5675
+ RESERVED
+CVE-2015-5674
+ RESERVED
+CVE-2015-5673
+ RESERVED
+CVE-2015-5672
+ RESERVED
+CVE-2015-5671
+ RESERVED
+CVE-2015-5670
+ RESERVED
+CVE-2015-5669
+ RESERVED
+CVE-2015-5668
+ RESERVED
+CVE-2015-5667
+ RESERVED
+CVE-2015-5666
+ RESERVED
+CVE-2015-5665
+ RESERVED
+CVE-2015-5664
+ RESERVED
+CVE-2015-5663
+ RESERVED
+CVE-2015-5662
+ RESERVED
+CVE-2015-5661
+ RESERVED
+CVE-2015-5660
+ RESERVED
+CVE-2015-5659
+ RESERVED
+CVE-2015-5658
+ RESERVED
+CVE-2015-5657
+ RESERVED
+CVE-2015-5656
+ RESERVED
+CVE-2015-5655
+ RESERVED
+CVE-2015-5654
+ RESERVED
+CVE-2015-5653
+ RESERVED
+CVE-2015-5652
+ RESERVED
+CVE-2015-5651
+ RESERVED
+CVE-2015-5650
+ RESERVED
+CVE-2015-5649
+ RESERVED
+CVE-2015-5648
+ RESERVED
+CVE-2015-5647
+ RESERVED
+CVE-2015-5646
+ RESERVED
+CVE-2015-5645
+ RESERVED
+CVE-2015-5644
+ RESERVED
+CVE-2015-5643
+ RESERVED
+CVE-2015-5642
+ RESERVED
+CVE-2015-5641
+ RESERVED
+CVE-2015-5640
+ RESERVED
+CVE-2015-5639
+ RESERVED
+CVE-2015-5638
+ RESERVED
+CVE-2015-5637
+ RESERVED
+CVE-2015-5636
+ RESERVED
+CVE-2015-5635
+ RESERVED
+CVE-2015-5634
+ RESERVED
+CVE-2015-5633
+ RESERVED
+CVE-2015-5632
+ RESERVED
+CVE-2015-5631
+ RESERVED
+CVE-2015-5630
+ RESERVED
+CVE-2015-5629
+ RESERVED
+CVE-2015-5628
+ RESERVED
+CVE-2015-5627
+ RESERVED
+CVE-2015-5626
+ RESERVED
+CVE-2015-5625
+ RESERVED
+CVE-2015-5624
+ RESERVED
CVE-2015-XXXX [information leak in md driver]
- linux <unfixed>
- linux-2.6 <removed>
@@ -409,6 +539,7 @@
RESERVED
CVE-2015-5477 [An error in handling TKEY queries can cause named to exit with a REQUIRE assertion failure]
RESERVED
+ {DSA-3319-1 DLA-285-1}
- bind9 <unfixed> (bug #793903)
NOTE: https://kb.isc.org/article/AA-01272/0
CVE-2015-5476
@@ -1634,8 +1765,8 @@
RESERVED
CVE-2015-4946
RESERVED
-CVE-2015-4945
- RESERVED
+CVE-2015-4945 (Unspecified vulnerability in the IBM Maximo Anywhere application 7.5.1 ...)
+ TODO: check
CVE-2015-4944
RESERVED
CVE-2015-4943
@@ -2020,7 +2151,7 @@
- mariadb-10.0 <undetermined>
NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL
CVE-2015-4760 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 ...)
- {DSA-3316-1}
+ {DSA-3316-1 DLA-283-1}
- openjdk-6 <unfixed>
- openjdk-7 7u79-2.5.6-1
- openjdk-8 8u66-b01-1
@@ -3178,8 +3309,7 @@
RESERVED
CVE-2015-4263 (The Control and Provisioning functionality in Cisco Mobility Services ...)
NOT-FOR-US: Cisco
-CVE-2015-4262
- RESERVED
+CVE-2015-4262 (The password-change feature in Cisco Unified MeetingPlace Web ...)
NOT-FOR-US: Cisco Unified MeetingPlace
CVE-2015-4261
RESERVED
@@ -3233,8 +3363,7 @@
NOT-FOR-US: Cisco NX-OS
CVE-2015-4236 (Cisco AsyncOS on Email Security Appliance (ESA) devices with software ...)
NOT-FOR-US: Cisco
-CVE-2015-4235
- RESERVED
+CVE-2015-4235 (Cisco Application Policy Infrastructure Controller (APIC) devices with ...)
NOT-FOR-US: Cisco Application Policy Infrastructure Controller
CVE-2015-4234 (Cisco NX-OS 6.0(2) and 6.2(2) on Nexus devices has an improper OS ...)
NOT-FOR-US: Cisco NX-OS
@@ -3354,8 +3483,7 @@
RESERVED
CVE-2010-5324 (Directory traversal vulnerability in UploadServlet in the Remote ...)
NOT-FOR-US: Novell ZENworks Configuration Management
-CVE-2015-4692 [kvm: x86: NULL pointer dereference in kvm_apic_has_events function]
- RESERVED
+CVE-2015-4692 (The kvm_apic_has_events function in arch/x86/kvm/lapic.h in the Linux ...)
- linux 4.0.8-1
[wheezy] - linux <not-affected> (Vulnerable code not present)
- linux-2.6 <not-affected> (vulnerable code not present)
@@ -6237,31 +6365,27 @@
NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=696070
NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0c0b0859
NOTE: File to reproduce segfault with ps2pdf: http://bugs.ghostscript.com/attachment.cgi?id=11776
-CVE-2015-3227 [Denial of Service]
- RESERVED
+CVE-2015-3227 (The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby ...)
- rails <unfixed> (bug #790487)
[squeeze] - rails <end-of-life> (Unsupported in squeeze-lts)
[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package)
- ruby-activesupport-3.2 <removed>
- ruby-activesupport-2.3 <removed>
[wheezy] - ruby-activesupport-2.3 <end-of-life> (https://lists.debian.org/debian-security-announce/2014/msg00164.html)
-CVE-2015-3226 [XSS Vulnerability in ActiveSupport::JSON.encode]
- RESERVED
+CVE-2015-3226 (Cross-site scripting (XSS) vulnerability in json/encoding.rb in Active ...)
- rails <unfixed> (bug #790486)
[squeeze] - rails <end-of-life> (Unsupported in squeeze-lts)
[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package)
- ruby-activesupport-3.2 <removed>
- ruby-activesupport-2.3 <removed>
[wheezy] - ruby-activesupport-2.3 <end-of-life> (https://lists.debian.org/debian-security-announce/2014/msg00164.html)
-CVE-2015-3225 [Denial of Service]
- RESERVED
+CVE-2015-3225 (lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used ...)
{DLA-254-1}
- ruby-rack <unfixed> (bug #789311)
- ruby-rack1.4 <removed>
- librack-ruby <removed>
NOTE: http://seclists.org/oss-sec/2015/q2/729 has patches for 1.5 and 1.6
-CVE-2015-3224
- RESERVED
+CVE-2015-3224 (request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x ...)
NOT-FOR-US: Web Console Ruby Gem
CVE-2015-3223
RESERVED
@@ -6440,6 +6564,7 @@
CVE-2015-3184
RESERVED
CVE-2015-3183 (The chunked transfer coding implementation in the Apache HTTP Server ...)
+ {DLA-284-1}
- apache2 <unfixed>
NOTE: https://www.apache.org/dist/httpd/Announcement2.4.txt
NOTE: https://www.apache.org/dist/httpd/CHANGES_2.4.16
@@ -7038,14 +7163,14 @@
RESERVED
CVE-2015-2977
RESERVED
-CVE-2015-2976
- RESERVED
-CVE-2015-2975
- RESERVED
+CVE-2015-2976 (Multiple cross-site scripting (XSS) vulnerabilities in Research ...)
+ TODO: check
+CVE-2015-2975 (Research Artisan Lite before 1.18 does not ensure that a user has ...)
+ TODO: check
CVE-2015-2974
RESERVED
-CVE-2015-2973
- RESERVED
+CVE-2015-2973 (Multiple cross-site scripting (XSS) vulnerabilities in the Welcart ...)
+ TODO: check
CVE-2015-2972 (Multiple SQL injection vulnerabilities in Sysphonic Thetis before ...)
NOT-FOR-US: Syshonic Thetis
CVE-2015-2971 (Directory traversal vulnerability in Seeds acmailer before 3.8.18 and ...)
@@ -7325,10 +7450,10 @@
NOT-FOR-US: ANTlabs
CVE-2015-2849 (SQL injection vulnerability in main.ant in the ANTlabs InnGate ...)
NOT-FOR-US: ANTlabs
-CVE-2015-2848
- RESERVED
-CVE-2015-2847
- RESERVED
+CVE-2015-2848 (Cross-site request forgery (CSRF) vulnerability in Honeywell Tuxedo ...)
+ TODO: check
+CVE-2015-2847 (Honeywell Tuxedo Touch before 5.2.19.0_VA relies on client-side ...)
+ TODO: check
CVE-2015-2846 (BitTorrent Sync allows remote attackers to execute arbitrary commands ...)
- btsync <itp> (bug #706639)
CVE-2015-2845 (The cpanel function in go_site.php in GoAutoDial GoAdmin CE before ...)
@@ -10315,8 +10440,7 @@
NOT-FOR-US: Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin for WordPress
CVE-2015-1873
RESERVED
-CVE-2015-1872 [denial of service; Motion JPEG Processing Flaw in ff_mjpeg_decode_sof()]
- RESERVED
+CVE-2015-1872 (The ff_mjpeg_decode_sof function in libavcodec/mjpegdec.c in FFmpeg ...)
- ffmpeg 7:2.5.4-1
- libav <unfixed>
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=fabbfaa095660982cc0bc63242c459561fa37037
@@ -10461,8 +10585,7 @@
CVE-2015-1841
RESERVED
NOT-FOR-US: RHEV
-CVE-2015-1840 [CSRF]
- RESERVED
+CVE-2015-1840 (jquery_ujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and ...)
- ruby-jquery-rails <unfixed> (bug #790395)
CVE-2015-1839 [insecure /tmp file handling in salt/modules/chef.py]
RESERVED
@@ -14539,8 +14662,7 @@
NOT-FOR-US: Cisco
CVE-2015-0682 (Cisco Unified Communications Domain Manager 8.1(4) allows remote ...)
NOT-FOR-US: Cisco
-CVE-2015-0681
- RESERVED
+CVE-2015-0681 (The TFTP server in Cisco IOS 12.2(44)SQ1, 12.2(33)XN1, 12.4(25e)JAM1, ...)
NOT-FOR-US: Cisco IOS
CVE-2015-0680 (Cisco Unified Call Manager (CM) 9.1(2.1000.28) does not properly ...)
NOT-FOR-US: Cisco
More information about the Secure-testing-commits
mailing list