[Secure-testing-commits] r37632 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Mon Nov 9 21:10:11 UTC 2015
Author: sectracker
Date: 2015-11-09 21:10:11 +0000 (Mon, 09 Nov 2015)
New Revision: 37632
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-11-09 19:41:12 UTC (rev 37631)
+++ data/CVE/list 2015-11-09 21:10:11 UTC (rev 37632)
@@ -1,3 +1,21 @@
+CVE-2015-8089
+ RESERVED
+CVE-2015-8088
+ RESERVED
+CVE-2015-8087
+ RESERVED
+CVE-2015-8086
+ RESERVED
+CVE-2015-8085
+ RESERVED
+CVE-2015-8084
+ RESERVED
+CVE-2015-8083
+ RESERVED
+CVE-2015-8082 (The Login Disable module 6.x-1.x before 6.x-1.1 and 7.x-1.x before ...)
+ TODO: check
+CVE-2015-8081 (The Field as Block module 7.x-1.x before 7.x-1.4 for Drupal might ...)
+ TODO: check
CVE-2015-XXXX [java unserialisation issues]
- jenkins <unfixed> (bug #804522)
- libcommons-collections3-java <unfixed>
@@ -5,6 +23,7 @@
CVE-2015-8079
RESERVED
CVE-2015-8080 [integer overflow in getnum]
+ RESERVED
- redis <unfixed> (bug #804419)
[wheezy] - redis <not-affected> (Vulnerable code not present)
[squeeze] - redis <not-affected> (Vulnerable code not present)
@@ -927,8 +946,7 @@
TODO: check
CVE-2015-7765 (ZOHO ManageEngine OpManager 11.5 build 11600 and earlier uses a ...)
TODO: check
-CVE-2015-7809 [sandbox issue]
- RESERVED
+CVE-2015-7809 (The displayBlock function Template.php in Sensio Labs Twig before ...)
{DSA-3343-1}
- twig 1.20.0-1
NOTE: http://symfony.com/blog/security-release-twig-1-20-0
@@ -944,13 +962,11 @@
NOTE: https://bugs.php.net/bug.php?id=69720
CVE-2015-7764
RESERVED
-CVE-2015-7763
- RESERVED
+CVE-2015-7763 (rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and ...)
{DSA-3387-1}
- openafs 1.6.15-1
NOTE: https://www.openafs.org/security
-CVE-2015-7762
- RESERVED
+CVE-2015-7762 (rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not ...)
{DSA-3387-1}
- openafs 1.6.15-1
NOTE: https://www.openafs.org/security
@@ -1173,12 +1189,10 @@
NOTE: https://github.com/ntp-project/ntp/commit/79604d925e4477247eee202155215e7865293809
CVE-2015-7700
RESERVED
-CVE-2015-7697 [Infinite loop when extracting password-protected archive]
- RESERVED
+CVE-2015-7697 (Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of ...)
{DSA-3386-1 DLA-330-1}
- unzip 6.0-19 (bug #802160)
-CVE-2015-7696 [Heap buffer overflow when extracting password-protected archive]
- RESERVED
+CVE-2015-7696 (Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of ...)
{DSA-3386-1 DLA-330-1}
- unzip 6.0-19 (bug #802162)
CVE-2015-7695 [ZF2015-08: Potential SQL injection vector using null byte for PDO (MsSql, SQLite)]
@@ -1245,8 +1259,7 @@
{DSA-3154-2 DSA-3154-1 DLA-149-1}
- ntp 1:4.2.6.p5+dfsg-5
NOTE: http://bugs.ntp.org/show_bug.cgi?id=2671
-CVE-2014-9749 [Digest authentification never replay Ldap requests]
- RESERVED
+CVE-2014-9749 (Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest ...)
- squid <not-affected> (related code not present in 2.7.X)
- squid3 3.4.8-6 (bug #776464)
[wheezy] - squid3 <no-dsa> (Minor issue)
@@ -1821,8 +1834,8 @@
RESERVED
CVE-2015-7413
RESERVED
-CVE-2015-7412
- RESERVED
+CVE-2015-7412 (The GatewayScript modules on IBM DataPower Gateways with software ...)
+ TODO: check
CVE-2015-7411
RESERVED
CVE-2015-7410
@@ -1855,10 +1868,10 @@
RESERVED
CVE-2015-7396
RESERVED
-CVE-2015-7395
- RESERVED
-CVE-2015-7394
- RESERVED
+CVE-2015-7395 (IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 ...)
+ TODO: check
+CVE-2015-7394 (The datastor kernel module in F5 BIG-IP Analytics, APM, ASM, Link ...)
+ TODO: check
CVE-2015-7393
RESERVED
CVE-2015-7392 (Heap-based buffer overflow in the parse_string function in ...)
@@ -2175,8 +2188,8 @@
RESERVED
CVE-2015-7255
RESERVED
-CVE-2015-7254
- RESERVED
+CVE-2015-7254 (Directory traversal vulnerability on Huawei HG532e, HG532n, and HG532s ...)
+ TODO: check
CVE-2015-7253 (The Web Console in Commvault Edge Server 10 R2 allows remote attackers ...)
TODO: check
CVE-2015-7252
@@ -3166,8 +3179,7 @@
NOTE: https://savannah.nongnu.org/bugs/?41309
NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1 (VER-2-5-3)
NOTE: http://www.openwall.com/lists/oss-security/2015/09/11/4
-CVE-2015-6855 [commands which are illegal to sent to an ATAPI device should be rejected]
- RESERVED
+CVE-2015-6855 (hw/ide/core.c in QEMU does not properly restrict the commands accepted ...)
{DSA-3362-1 DSA-3361-1}
- qemu 1:2.4+dfsg-2
- qemu-kvm <removed>
@@ -3937,8 +3949,8 @@
NOT-FOR-US: Symantec Web Gateway
CVE-2015-6547 (The management console on Symantec Web Gateway (SWG) appliances with ...)
NOT-FOR-US: Semantec Web Gateway
-CVE-2015-6546
- RESERVED
+CVE-2015-6546 (The vCMP host in F5 BIG-IP Analytics, APM, ASM, GTM, Link Controller, ...)
+ TODO: check
CVE-2015-6545 (Cross-site request forgery (CSRF) vulnerability in ajax.php in Cerb ...)
NOT-FOR-US: Cerb
CVE-2015-6544
@@ -4152,8 +4164,8 @@
RESERVED
CVE-2015-6477 (Multiple cross-site scripting (XSS) vulnerabilities in the Wind Farm ...)
TODO: check
-CVE-2015-6476
- RESERVED
+CVE-2015-6476 (Advantech EKI-122x-BE devices with firmware before 1.65, EKI-132x ...)
+ TODO: check
CVE-2015-6475 (Multiple cross-site scripting (XSS) vulnerabilities in IBC Solar ...)
NOT-FOR-US: ServeMaster
CVE-2015-6474 (IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allow remote attackers ...)
@@ -5884,13 +5896,11 @@
RESERVED
CVE-2015-5718 (Stack-based buffer overflow in the handle_debug_network function in ...)
NOT-FOR-US: Websense Content Gateway
-CVE-2015-5734
- RESERVED
+CVE-2015-5734 (Cross-site scripting (XSS) vulnerability in the legacy theme preview ...)
{DSA-3383-1 DSA-3332-1 DLA-294-1}
- wordpress 4.2.4+dfsg-1 (bug #794560)
NOTE: https://core.trac.wordpress.org/changeset/33549
-CVE-2015-5733
- RESERVED
+CVE-2015-5733 (Cross-site scripting (XSS) vulnerability in the ...)
- wordpress 4.2.4+dfsg-1 (bug #794560)
[jessie] - wordpress 4.1+dfsg-1+deb8u1
[wheezy] - wordpress 3.6.1+dfsg-1~deb7u6
@@ -5901,19 +5911,16 @@
NOTE: but the issue apparently later reintroduced
NOTE: https://core.trac.wordpress.org/changeset/33540
NOTE: https://core.trac.wordpress.org/changeset/33541
-CVE-2015-5732
- RESERVED
+CVE-2015-5732 (Cross-site scripting (XSS) vulnerability in the form function in the ...)
{DSA-3383-1 DSA-3332-1 DLA-294-1}
- wordpress 4.2.4+dfsg-1 (bug #794560)
NOTE: https://core.trac.wordpress.org/changeset/33529
-CVE-2015-5731
- RESERVED
+CVE-2015-5731 (Cross-site request forgery (CSRF) vulnerability in wp-admin/post.php ...)
{DSA-3383-1 DSA-3332-1 DLA-294-1}
- wordpress 4.2.4+dfsg-1 (bug #794560)
NOTE: https://core.trac.wordpress.org/changeset/33542
NOTE: https://core.trac.wordpress.org/changeset/33543
-CVE-2015-5730
- RESERVED
+CVE-2015-5730 (The sanitize_widget_instance function in ...)
{DSA-3332-1}
- wordpress 4.2.4+dfsg-1 (bug #794560)
[squeeze] - wordpress <not-affected> (Vulnerable code introduced later)
@@ -7084,8 +7091,7 @@
RESERVED
CVE-2015-5306
RESERVED
-CVE-2015-5305
- RESERVED
+CVE-2015-5305 (Directory traversal vulnerability in Kubernetes, as used in Red Hat ...)
- kubernetes <itp> (bug #795652)
CVE-2015-5304
RESERVED
@@ -7400,8 +7406,7 @@
RESERVED
CVE-2015-5226
REJECTED
-CVE-2015-5225 [vnc: heap memory corruption issue]
- RESERVED
+CVE-2015-5225 (Buffer overflow in the vnc_refresh_server_surface function in the VNC ...)
{DSA-3348-1}
- qemu 1:2.4+dfsg-1a (bug #796465)
[wheezy] - qemu <not-affected> (Vulnerable code introduced in 2.1.0)
@@ -7962,10 +7967,10 @@
RESERVED
CVE-2015-5045
RESERVED
-CVE-2015-5044
- RESERVED
-CVE-2015-5043
- RESERVED
+CVE-2015-5044 (The Flow Collector in IBM Security QRadar QFLOW 7.1.x before 7.1 MR2 ...)
+ TODO: check
+CVE-2015-5043 (diag in IBM Security Guardium 8.2 before p6015, 9.0 before p6015, 9.1, ...)
+ TODO: check
CVE-2015-5042
RESERVED
CVE-2015-5041
@@ -8012,16 +8017,16 @@
TODO: check
CVE-2015-5020
RESERVED
-CVE-2015-5019
- RESERVED
+CVE-2015-5019 (IBM Sterling Integrator 5.1 before 5010004_8 and Sterling B2B ...)
+ TODO: check
CVE-2015-5018
RESERVED
CVE-2015-5017
RESERVED
CVE-2015-5016
RESERVED
-CVE-2015-5015
- RESERVED
+CVE-2015-5015 (IBM WebSphere Commerce Enterprise 7.0.0.9 and 8.x before Feature Pack ...)
+ TODO: check
CVE-2015-5014 (IBM Cognos Disclosure Management (CDM) 10.1.x and 10.2.x before 10.2.4 ...)
TODO: check
CVE-2015-5013
@@ -8040,8 +8045,8 @@
RESERVED
CVE-2015-5006
RESERVED
-CVE-2015-5005
- RESERVED
+CVE-2015-5005 (CSPOC in IBM PowerHA SystemMirror on AIX 6.1 and 7.1 allows remote ...)
+ TODO: check
CVE-2015-5004
RESERVED
CVE-2015-5003
@@ -8118,14 +8123,14 @@
RESERVED
CVE-2015-4967 (SQL injection vulnerability in IBM Maximo Asset Management 7.1 through ...)
NOT-FOR-US: IBM
-CVE-2015-4966
- RESERVED
+CVE-2015-4966 (IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 ...)
+ TODO: check
CVE-2015-4965 (maximouiweb/webmodule/webclient/utility/merlin.jsp in IBM Maximo Asset ...)
NOT-FOR-US: IBM
CVE-2015-4964 (IBM UrbanCode Deploy 6.0 and 6.0.1.x before 6.0.1.10, 6.1.1.x before ...)
NOT-FOR-US: IBM
-CVE-2015-4963
- RESERVED
+CVE-2015-4963 (IBM Security Access Manager for Web 7.x before 7.0.0.16 and 8.x before ...)
+ TODO: check
CVE-2015-4962
RESERVED
CVE-2015-4961
@@ -8170,8 +8175,8 @@
RESERVED
CVE-2015-4941
RESERVED
-CVE-2015-4940
- RESERVED
+CVE-2015-4940 (Apache Ambari before 2.1, as used in IBM Infosphere BigInsights 4.x ...)
+ TODO: check
CVE-2015-4939 (Cross-site scripting (XSS) vulnerability in IBM Emptoris Supplier ...)
NOT-FOR-US: IBM
CVE-2015-4938 (IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before ...)
@@ -8194,8 +8199,8 @@
NOT-FOR-US: IBM QRadar SIEM
CVE-2015-4929 (IBM License Metric Tool 9 before 9.2.1.0 and Endpoint Manager for ...)
NOT-FOR-US: IBM
-CVE-2015-4928
- RESERVED
+CVE-2015-4928 (Apache Ambari before 2.1, as used in IBM Infosphere BigInsights 4.x ...)
+ TODO: check
CVE-2015-4927 (The Reporting and Monitoring component in Tivoli Monitoring in IBM ...)
TODO: check
CVE-2015-4926
@@ -14867,21 +14872,18 @@
[squeeze] - krb5 <not-affected> (Vulnerable code not present)
NOTE: Upstream ticket: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8273
NOTE: https://github.com/krb5/krb5/commit/3db8dfec1ef50ddd78d6ba9503185995876a39fd
-CVE-2015-2697 [invalid string processing]
- RESERVED
+CVE-2015-2697 (The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT ...)
{DSA-3395-1 DLA-340-1}
- krb5 1.13.2+dfsg-3 (bug #803088)
NOTE: https://github.com/krb5/krb5/commit/f0c094a1b745d91ef2f9a4eae2149aac026a5789
NOTE: Upstream ticket: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8252
-CVE-2015-2696 [IAKERB context aliasing bugs]
- RESERVED
+CVE-2015-2696 (lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 ...)
{DSA-3395-1}
- krb5 1.13.2+dfsg-3 (bug #803084)
[squeeze] - krb5 <not-affected> (Vulnerable code not present)
NOTE: https://github.com/krb5/krb5/commit/e04f0283516e80d2f93366e0d479d13c9b5c8c2a
NOTE: Upstream ticket: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8244
-CVE-2015-2695 [SPNEGO context aliasing bugs]
- RESERVED
+CVE-2015-2695 (lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before ...)
{DSA-3395-1 DLA-340-1}
- krb5 1.13.2+dfsg-3 (bug #803083)
NOTE: https://github.com/krb5/krb5/commit/b51b33f2bc5d1497ddf5bd107f791c101695000d
@@ -16358,8 +16360,7 @@
NOT-FOR-US: Drupal module Services single sign-on server helper
CVE-2015-2214 (NetCat 5.01 and earlier allows remote attackers to obtain the ...)
NOT-FOR-US: NetCat CMS
-CVE-2015-2213 [SQL injection]
- RESERVED
+CVE-2015-2213 (SQL injection vulnerability in the wp_untrash_post_comments function ...)
{DSA-3383-1 DSA-3332-1 DLA-294-1}
- wordpress 4.2.4+dfsg-1 (bug #794560)
NOTE: https://core.trac.wordpress.org/changeset/33555
@@ -16938,8 +16939,8 @@
NOT-FOR-US: IBM
CVE-2015-2018 (IBM Integration Bus 9 and 10 before 10.0.0.1 and WebSphere Message ...)
NOT-FOR-US: IBM WebSphere
-CVE-2015-2017
- RESERVED
+CVE-2015-2017 (CRLF injection vulnerability in IBM WebSphere Application Server (WAS) ...)
+ TODO: check
CVE-2015-2016 (Unspecified vulnerability in IBM QRadar SIEM 7.1 MR2 before Patch 11 ...)
NOT-FOR-US: IBM
CVE-2015-2015 (Cross-site scripting (XSS) vulnerability in pubnames.ntf (aka the ...)
@@ -16974,28 +16975,28 @@
RESERVED
CVE-2015-2000
RESERVED
-CVE-2015-1999
- RESERVED
+CVE-2015-1999 (IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 ...)
+ TODO: check
CVE-2015-1998
RESERVED
-CVE-2015-1997
- RESERVED
-CVE-2015-1996
- RESERVED
-CVE-2015-1995
- RESERVED
-CVE-2015-1994
- RESERVED
-CVE-2015-1993
- RESERVED
+CVE-2015-1997 (Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar ...)
+ TODO: check
+CVE-2015-1996 (IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does ...)
+ TODO: check
+CVE-2015-1995 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Security ...)
+ TODO: check
+CVE-2015-1994 (IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does ...)
+ TODO: check
+CVE-2015-1993 (IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does ...)
+ TODO: check
CVE-2015-1992 (IBM Systems Director 5.2.x, 6.1.x, 6.2.0.x, 6.2.1.x, 6.3.0.0, 6.3.1.x, ...)
NOT-FOR-US: IBM Systems Director
CVE-2015-1991
RESERVED
CVE-2015-1990
RESERVED
-CVE-2015-1989
- RESERVED
+CVE-2015-1989 (SQL injection vulnerability in IBM Security QRadar Incident Forensics ...)
+ TODO: check
CVE-2015-1988 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Storage Manger ...)
NOT-FOR-US: IBM
CVE-2015-1987 (IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial ...)
More information about the Secure-testing-commits
mailing list