[Secure-testing-commits] r37002 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Mon Oct 5 21:10:13 UTC 2015
Author: sectracker
Date: 2015-10-05 21:10:13 +0000 (Mon, 05 Oct 2015)
New Revision: 37002
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-10-05 19:13:37 UTC (rev 37001)
+++ data/CVE/list 2015-10-05 21:10:13 UTC (rev 37002)
@@ -1,3 +1,71 @@
+CVE-2015-7705
+ RESERVED
+CVE-2015-7704
+ RESERVED
+CVE-2015-7703
+ RESERVED
+CVE-2015-7702
+ RESERVED
+CVE-2015-7701
+ RESERVED
+CVE-2015-7700
+ RESERVED
+CVE-2015-7699
+ RESERVED
+CVE-2015-7698
+ RESERVED
+CVE-2015-7697
+ RESERVED
+CVE-2015-7696
+ RESERVED
+CVE-2015-7695
+ RESERVED
+CVE-2015-7694
+ RESERVED
+CVE-2015-7693
+ RESERVED
+CVE-2015-7692
+ RESERVED
+CVE-2015-7691
+ RESERVED
+CVE-2015-7690
+ RESERVED
+CVE-2015-7689
+ RESERVED
+CVE-2015-7688
+ RESERVED
+CVE-2015-7685
+ RESERVED
+CVE-2015-7684
+ RESERVED
+CVE-2015-7683
+ RESERVED
+CVE-2015-7682
+ RESERVED
+CVE-2015-7681
+ RESERVED
+CVE-2015-7680
+ RESERVED
+CVE-2015-7679
+ RESERVED
+CVE-2015-7678
+ RESERVED
+CVE-2015-7677
+ RESERVED
+CVE-2015-7676
+ RESERVED
+CVE-2015-7675
+ RESERVED
+CVE-2015-7672
+ RESERVED
+CVE-2014-9751 (The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before ...)
+ TODO: check
+CVE-2014-9750 (ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey ...)
+ TODO: check
+CVE-2014-9749
+ RESERVED
+CVE-2014-9748
+ RESERVED
CVE-2015-XXXX [Nova network security group changes are not applied to running instances]
- nova <unfixed>
NOTE: <=2014.2.3, >=2015.1.0, <=2015.1.1
@@ -14,8 +82,9 @@
NOTE: https://bugs.php.net/bug.php?id=69720
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/10/05/8
CVE-2015-7687 [use-after-free issue in OpenSMTPD]
+ RESERVED
- opensmtpd <unfixed> (bug #800787)
-CVE-2015-7686 [Algorithmic Complexity issue]
+CVE-2015-7686 (Algorithmic complexity vulnerability in Address.pm in the ...)
- libemail-address-perl <unfixed> (low)
[jessie] - libemail-address-perl <no-dsa> (Minor issue)
[wheezy] - libemail-address-perl <no-dsa> (Minor issue)
@@ -160,12 +229,14 @@
CVE-2015-7605
RESERVED
CVE-2015-7673 [Heap overflow and DoS with a tga file]
+ RESERVED
- gdk-pixbuf 2.32.0-1
NOTE: http://www.openwall.com/lists/oss-security/2015/10/01/3
NOTE: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=19f9685dbff7d1f929c61cf99188df917a18811d
NOTE: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=edf6fb8d856574bc3bb3a703037f56533229267c
NOTE: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=6ddca835100107e6b5841ce9d56074f6d98c387e
CVE-2015-7674 [Heap overflow with a gif file]
+ RESERVED
- gdk-pixbuf 2.32.1-1
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/10/01/4
NOTE: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=e9a5704edaa9aee9498f1fbf6e1b70fcce2e55aa
@@ -793,8 +864,7 @@
NOT-FOR-US: McAfee
CVE-2015-7309 (The theme editor in Bolt before 2.2.5 does not check the file ...)
TODO: check
-CVE-2015-7314
- RESERVED
+CVE-2015-7314 (The Precious module in gollum before 4.0.1 allows remote attackers to ...)
NOT-FOR-US: Gollum wiki
CVE-2015-7308
RESERVED
@@ -2569,8 +2639,8 @@
RESERVED
CVE-2015-6550
RESERVED
-CVE-2015-6549
- RESERVED
+CVE-2015-6549 (Cross-site scripting (XSS) vulnerability in an application console in ...)
+ TODO: check
CVE-2015-6548 (Multiple SQL injection vulnerabilities in a PHP script in the ...)
NOT-FOR-US: Symantec Web Gateway
CVE-2015-6547 (The management console on Symantec Web Gateway (SWG) appliances with ...)
@@ -3130,10 +3200,10 @@
RESERVED
CVE-2015-6310
RESERVED
-CVE-2015-6309
- RESERVED
-CVE-2015-6308
- RESERVED
+CVE-2015-6309 (Cisco Email Security Appliance (ESA) 8.5.6-106 and 9.6.0-042 allows ...)
+ TODO: check
+CVE-2015-6308 (Cisco NX-OS 6.0(2)U6(0.46) on N3K devices allows remote authenticated ...)
+ TODO: check
CVE-2015-6307 (Cisco FirePOWER (formerly Sourcefire) 7000 and 8000 devices with ...)
NOT-FOR-US: Cisco
CVE-2015-6306 (Cisco AnyConnect Secure Mobility Client 4.1(8) on OS X and Linux does ...)
@@ -4781,14 +4851,14 @@
RESERVED
CVE-2015-5654
RESERVED
-CVE-2015-5653
- RESERVED
-CVE-2015-5652
- RESERVED
-CVE-2015-5651
- RESERVED
-CVE-2015-5650
- RESERVED
+CVE-2015-5653 (Buffer overflow in Canary Labs Trend Web Server before 9.5.2 allows ...)
+ TODO: check
+CVE-2015-5652 (Untrusted search path vulnerability in python.exe in Python through ...)
+ TODO: check
+CVE-2015-5651 (Cross-site scripting (XSS) vulnerability in Dotclear before 2.8.1 ...)
+ TODO: check
+CVE-2015-5650 (Directory traversal vulnerability in AjaXplorer 2.0 allows remote ...)
+ TODO: check
CVE-2015-5649
RESERVED
CVE-2015-5648
@@ -4797,18 +4867,18 @@
RESERVED
CVE-2015-5646
RESERVED
-CVE-2015-5645
- RESERVED
-CVE-2015-5644
- RESERVED
-CVE-2015-5643
- RESERVED
-CVE-2015-5642
- RESERVED
-CVE-2015-5641
- RESERVED
-CVE-2015-5640
- RESERVED
+CVE-2015-5645 (ICZ MATCHA SNS before 1.3.7 allows remote authenticated users to ...)
+ TODO: check
+CVE-2015-5644 (The installer in ICZ MATCHA SNS before 1.3.7 does not properly ...)
+ TODO: check
+CVE-2015-5643 (The installer in ICZ MATCHA INVOICE before 2.5.7 does not properly ...)
+ TODO: check
+CVE-2015-5642 (Multiple SQL injection vulnerabilities in ICZ MATCHA INVOICE before ...)
+ TODO: check
+CVE-2015-5641 (SQL injection vulnerability in baserCMS before 3.0.8 allows remote ...)
+ TODO: check
+CVE-2015-5640 (baserCMS before 3.0.8 allows remote authenticated users to modify ...)
+ TODO: check
CVE-2015-5639
RESERVED
CVE-2015-5638 (Directory traversal vulnerability in H2O before 1.4.5 and 1.5.x before ...)
@@ -6570,12 +6640,12 @@
RESERVED
CVE-2015-5025
RESERVED
-CVE-2015-5024
- RESERVED
+CVE-2015-5024 (IBM Emptoris Sourcing 10.0.2.0 before iFix6, 10.0.2.2 before iFix11, ...)
+ TODO: check
CVE-2015-5023
RESERVED
-CVE-2015-5022
- RESERVED
+CVE-2015-5022 (IBM Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B ...)
+ TODO: check
CVE-2015-5021
RESERVED
CVE-2015-5020
@@ -6634,8 +6704,8 @@
RESERVED
CVE-2015-4993
RESERVED
-CVE-2015-4992
- RESERVED
+CVE-2015-4992 (IBM Sterling B2B Integrator 5.2 before 5020500_8 allows remote ...)
+ TODO: check
CVE-2015-4991
RESERVED
CVE-2015-4990
@@ -6672,26 +6742,26 @@
RESERVED
CVE-2015-4974
RESERVED
-CVE-2015-4973
- RESERVED
+CVE-2015-4973 (Cross-site scripting (XSS) vulnerability in IBM Multi-Enterprise ...)
+ TODO: check
CVE-2015-4972
RESERVED
-CVE-2015-4971
- RESERVED
+CVE-2015-4971 (Cross-site scripting (XSS) vulnerability in IBM Emptoris Strategic ...)
+ TODO: check
CVE-2015-4970
RESERVED
CVE-2015-4969
RESERVED
CVE-2015-4968
RESERVED
-CVE-2015-4967
- RESERVED
+CVE-2015-4967 (SQL injection vulnerability in IBM Maximo Asset Management 7.1 through ...)
+ TODO: check
CVE-2015-4966
RESERVED
-CVE-2015-4965
- RESERVED
-CVE-2015-4964
- RESERVED
+CVE-2015-4965 (maximouiweb/webmodule/webclient/utility/merlin.jsp in IBM Maximo Asset ...)
+ TODO: check
+CVE-2015-4964 (IBM UrbanCode Deploy 6.0 and 6.0.1.x before 6.0.1.10, 6.1.1.x before ...)
+ TODO: check
CVE-2015-4963
RESERVED
CVE-2015-4962
@@ -6708,8 +6778,8 @@
RESERVED
CVE-2015-4956
RESERVED
-CVE-2015-4955
- RESERVED
+CVE-2015-4955 (Cross-site scripting (XSS) vulnerability in IBM Business Process ...)
+ TODO: check
CVE-2015-4954
RESERVED
CVE-2015-4953
@@ -6730,8 +6800,8 @@
RESERVED
CVE-2015-4945 (Unspecified vulnerability in the IBM Maximo Anywhere application 7.5.1 ...)
NOT-FOR-US: IBM
-CVE-2015-4944
- RESERVED
+CVE-2015-4944 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...)
+ TODO: check
CVE-2015-4943
RESERVED
CVE-2015-4942
@@ -6740,8 +6810,8 @@
RESERVED
CVE-2015-4940
RESERVED
-CVE-2015-4939
- RESERVED
+CVE-2015-4939 (Cross-site scripting (XSS) vulnerability in IBM Emptoris Supplier ...)
+ TODO: check
CVE-2015-4938 (IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before ...)
NOT-FOR-US: IBM WebSphere
CVE-2015-4937
@@ -6758,8 +6828,8 @@
NOT-FOR-US: IBM
CVE-2015-4931 (Stack-based buffer overflow in the server in IBM Tivoli Storage ...)
NOT-FOR-US: IBM
-CVE-2015-4930
- RESERVED
+CVE-2015-4930 (IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 ...)
+ TODO: check
CVE-2015-4929
RESERVED
CVE-2015-4928
@@ -9436,8 +9506,8 @@
NOT-FOR-US: Schneider Electric
CVE-2015-3939 (Directory traversal vulnerability in the NC854 and NC856 modules for ...)
NOT-FOR-US: IDS RTU 850C devices
-CVE-2015-3938
- RESERVED
+CVE-2015-3938 (The HTTP application on Mitsubishi Electric MELSEC FX3G PLC devices ...)
+ TODO: check
CVE-2015-3937
RESERVED
CVE-2015-3936
@@ -15280,20 +15350,20 @@
NOT-FOR-US: Anyterm Daemon
CVE-2015-2032
RESERVED
-CVE-2015-2031
- RESERVED
-CVE-2015-2030
- RESERVED
-CVE-2015-2029
- RESERVED
-CVE-2015-2028
- RESERVED
-CVE-2015-2027
- RESERVED
-CVE-2015-2026
- RESERVED
-CVE-2015-2025
- RESERVED
+CVE-2015-2031 (Cross-site scripting (XSS) vulnerability in IBM WebSphere eXtreme ...)
+ TODO: check
+CVE-2015-2030 (IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before ...)
+ TODO: check
+CVE-2015-2029 (Session fixation vulnerability in IBM WebSphere eXtreme Scale 7.1.0 ...)
+ TODO: check
+CVE-2015-2028 (CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 ...)
+ TODO: check
+CVE-2015-2027 (IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before ...)
+ TODO: check
+CVE-2015-2026 (Cross-site request forgery (CSRF) vulnerability in IBM WebSphere ...)
+ TODO: check
+CVE-2015-2025 (IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before ...)
+ TODO: check
CVE-2015-2024
RESERVED
CVE-2015-2023
@@ -15310,8 +15380,8 @@
NOT-FOR-US: IBM WebSphere
CVE-2015-2017
RESERVED
-CVE-2015-2016
- RESERVED
+CVE-2015-2016 (Unspecified vulnerability in IBM QRadar SIEM 7.1 MR2 before Patch 11 ...)
+ TODO: check
CVE-2015-2015 (Cross-site scripting (XSS) vulnerability in pubnames.ntf (aka the ...)
NOT-FOR-US: IBM Domino
CVE-2015-2014 (Open redirect vulnerability in the web server in IBM Domino 8.5 before ...)
@@ -15320,8 +15390,8 @@
NOT-FOR-US: IBM
CVE-2015-2012
RESERVED
-CVE-2015-2011
- RESERVED
+CVE-2015-2011 (The xmlrpc.cgi Webmin script in IBM QRadar SIEM 7.1 MR2 before Patch ...)
+ TODO: check
CVE-2015-2010
REJECTED
CVE-2015-2009
@@ -15366,8 +15436,8 @@
RESERVED
CVE-2015-1989
RESERVED
-CVE-2015-1988
- RESERVED
+CVE-2015-1988 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Storage Manger ...)
+ TODO: check
CVE-2015-1987 (IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial ...)
NOT-FOR-US: IBM
CVE-2015-1986 (The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 ...)
@@ -15376,8 +15446,8 @@
RESERVED
CVE-2015-1984 (IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, ...)
NOT-FOR-US: IBM
-CVE-2015-1983
- RESERVED
+CVE-2015-1983 (Cross-site scripting (XSS) vulnerability in the Projects page in IBM ...)
+ TODO: check
CVE-2015-1982 (IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, ...)
NOT-FOR-US: IBM
CVE-2015-1981 (Cross-site scripting (XSS) vulnerability in the web server in IBM ...)
@@ -15404,8 +15474,8 @@
RESERVED
CVE-2015-1970 (The IBM WebSphere DataPower XC10 appliance 2.1 through 2.1.0.3 and 2.5 ...)
NOT-FOR-US: IBM
-CVE-2015-1969
- RESERVED
+CVE-2015-1969 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Common ...)
+ TODO: check
CVE-2015-1968 (Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data ...)
NOT-FOR-US: IBM
CVE-2015-1967 (MQ Explorer in IBM WebSphere MQ before 8.0.0.3 does not recognize the ...)
@@ -15474,10 +15544,10 @@
NOT-FOR-US: IBM WAS
CVE-2015-1935 (The scalar-function implementation in IBM DB2 9.7 through FP10, 9.8 ...)
NOT-FOR-US: IBM DB2
-CVE-2015-1934
- RESERVED
-CVE-2015-1933
- RESERVED
+CVE-2015-1934 (IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 ...)
+ TODO: check
+CVE-2015-1933 (IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 ...)
+ TODO: check
CVE-2015-1932 (IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before ...)
NOT-FOR-US: IBM WebSphere
CVE-2015-1931
@@ -15567,8 +15637,8 @@
NOT-FOR-US: IBM General Parallel File System
CVE-2015-1889 (The Big SQL component in IBM InfoSphere BigInsights 3.0 through ...)
NOT-FOR-US: IBM InfoSphere BigInsights
-CVE-2015-1888
- RESERVED
+CVE-2015-1888 (Cross-site scripting (XSS) vulnerability in IBM Content Navigator ...)
+ TODO: check
CVE-2015-1887 (IBM WebSphere Portal 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 ...)
NOT-FOR-US: IBM WebSphere Portal
CVE-2015-1886 (The Remote Document Conversion Service (DCS) in IBM WebSphere Portal ...)
@@ -18800,8 +18870,8 @@
RESERVED
CVE-2015-1016
RESERVED
-CVE-2015-1015
- RESERVED
+CVE-2015-1015 (Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, ...)
+ TODO: check
CVE-2015-1014
RESERVED
CVE-2015-1013 (OSIsoft PI AF 2.6 and 2.7 and PI SQL for AF 2.1.2.19 do not ensure ...)
@@ -18854,10 +18924,10 @@
NOT-FOR-US: Ecava IntegraXor SCADA Server
CVE-2015-0989 (PACTware 4.1 SP3 allows remote attackers to cause a denial of service ...)
NOT-FOR-US: PACTware
-CVE-2015-0988
- RESERVED
-CVE-2015-0987
- RESERVED
+CVE-2015-0988 (Omron CX-One CX-Programmer before 9.6 uses a reversible format for ...)
+ TODO: check
+CVE-2015-0987 (Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, ...)
+ TODO: check
CVE-2015-0986 (Multiple stack-based buffer overflows in Moxa VPort ActiveX SDK Plus ...)
NOT-FOR-US: Moxa VPort ActiveX SDK Plus
CVE-2015-0985 (Cross-site request forgery (CSRF) vulnerability in XZERES 442SR OS on ...)
@@ -21743,12 +21813,12 @@
NOTE: http://sourceforge.net/p/firebird/code/60331
NOTE: http://tracker.firebirdsql.org/browse/CORE-4630
CVE-2014-9298
- RESERVED
+ REJECTED
{DSA-3154-1 DLA-149-1}
- ntp 1:4.2.6.p5+dfsg-4
NOTE: http://bugs.ntp.org/show_bug.cgi?id=2672 (not yet public)
CVE-2014-9297
- RESERVED
+ REJECTED
{DSA-3154-2 DSA-3154-1 DLA-149-1}
- ntp 1:4.2.6.p5+dfsg-5
NOTE: http://bugs.ntp.org/show_bug.cgi?id=2671
@@ -23162,8 +23232,8 @@
NOT-FOR-US: IBM General Parallel File System
CVE-2015-0196 (CRLF injection vulnerability in IBM WebSphere Commerce 6.0 through ...)
NOT-FOR-US: IBM
-CVE-2015-0195
- RESERVED
+CVE-2015-0195 (Cross-site scripting (XSS) vulnerability in IBM Content Template ...)
+ TODO: check
CVE-2015-0194
RESERVED
CVE-2015-0193 (Cross-site scripting (XSS) vulnerability in IBM Business Process ...)
@@ -23262,16 +23332,16 @@
RESERVED
CVE-2015-0146 (IBM Content Collector for Email 3.0 before ...)
NOT-FOR-US: IBM Content Collector
-CVE-2015-0145
- RESERVED
-CVE-2015-0144
- RESERVED
-CVE-2015-0143
- RESERVED
-CVE-2015-0142
- RESERVED
-CVE-2015-0141
- RESERVED
+CVE-2015-0145 (Cross-site request forgery (CSRF) vulnerability in IBM OpenPages GRC ...)
+ TODO: check
+CVE-2015-0144 (Cross-site scripting (XSS) vulnerability in IBM OpenPages GRC Platform ...)
+ TODO: check
+CVE-2015-0143 (IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, ...)
+ TODO: check
+CVE-2015-0142 (IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, ...)
+ TODO: check
+CVE-2015-0141 (IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, ...)
+ TODO: check
CVE-2015-0140 (An unspecified ActiveX control in IBM SPSS Statistics 22.0 through FP1 ...)
NOT-FOR-US: IBM
CVE-2015-0139 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 ...)
@@ -23723,8 +23793,8 @@
NOT-FOR-US: IBM
CVE-2014-8917 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
NOT-FOR-US: IBM
-CVE-2014-8916
- RESERVED
+CVE-2014-8916 (Cross-site scripting (XSS) vulnerability in IBM OpenPages GRC Platform ...)
+ TODO: check
CVE-2014-8915
RESERVED
CVE-2014-8914 (Cross-site scripting (XSS) vulnerability in the Process Portal in IBM ...)
More information about the Secure-testing-commits
mailing list