[Secure-testing-commits] r37401 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Wed Oct 28 21:10:11 UTC 2015
Author: sectracker
Date: 2015-10-28 21:10:11 +0000 (Wed, 28 Oct 2015)
New Revision: 37401
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-10-28 19:55:48 UTC (rev 37400)
+++ data/CVE/list 2015-10-28 21:10:11 UTC (rev 37401)
@@ -1,3 +1,39 @@
+CVE-2015-8005
+ RESERVED
+CVE-2015-8004
+ RESERVED
+CVE-2015-8003
+ RESERVED
+CVE-2015-8002
+ RESERVED
+CVE-2015-8001
+ RESERVED
+CVE-2015-8000
+ RESERVED
+CVE-2015-7999
+ RESERVED
+CVE-2015-7998
+ RESERVED
+CVE-2015-7997
+ RESERVED
+CVE-2015-7996
+ RESERVED
+CVE-2015-7994
+ RESERVED
+CVE-2015-7993
+ RESERVED
+CVE-2015-7992
+ RESERVED
+CVE-2015-7991
+ RESERVED
+CVE-2015-7988
+ RESERVED
+CVE-2015-7987
+ RESERVED
+CVE-2015-7986 (The index server (hdbindexserver) in SAP HANA 1.00.095 allows remote ...)
+ TODO: check
+CVE-2015-7985
+ RESERVED
CVE-2015-XXXX [buffer overflow with handling pop3_deleted_flag setting]
- dovecot <unfixed> (bug #803223)
[wheezy] - dovecot <not-affected> (Bug with pop3_deleted_flag introduced in 2.2.10)
@@ -18,6 +54,7 @@
CVE-2015-7980
RESERVED
CVE-2015-7990 [Incomplete fix for CVE-2015-6937]
+ RESERVED
- linux <unfixed>
- linux-2.6 <removed>
NOTE: https://lkml.org/lkml/2015/10/16/530
@@ -102,6 +139,7 @@
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/10/25/3
NOTE: http://git.busybox.net/busybox/commit/?id=1de25a6e87e0e627aa34298105a3d17c60a1f44e
CVE-2015-7995 [Type confusion may cause DoS]
+ RESERVED
- libxslt <unfixed> (bug #802971)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1257962
NOTE: http://www.openwall.com/lists/oss-security/2015/10/27/10
@@ -211,16 +249,16 @@
RESERVED
CVE-2015-7905
RESERVED
-CVE-2015-7904
- RESERVED
-CVE-2015-7903
- RESERVED
-CVE-2015-7902
- RESERVED
-CVE-2015-7901
- RESERVED
-CVE-2015-7900
- RESERVED
+CVE-2015-7904 (Unrestricted file upload vulnerability in Infinite Automation Mango ...)
+ TODO: check
+CVE-2015-7903 (SQL injection vulnerability in Infinite Automation Mango Automation ...)
+ TODO: check
+CVE-2015-7902 (Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 ...)
+ TODO: check
+CVE-2015-7901 (Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 ...)
+ TODO: check
+CVE-2015-7900 (Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 ...)
+ TODO: check
CVE-2015-7898
RESERVED
CVE-2015-7897
@@ -275,8 +313,8 @@
NOT-FOR-US: Ctools module for Drupal
CVE-2015-7874
RESERVED
-CVE-2015-7873 [phpMyadmin PMASA-2015-5 Content spoofing vulnerability when redirecting user to an external site]
- RESERVED
+CVE-2015-7873 (The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 ...)
+ {DSA-3382-1}
- phpmyadmin 4:4.5.1-1 (low)
[jessie] - phpmyadmin <no-dsa> (Minor issue)
[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
@@ -305,6 +343,7 @@
NOTE: https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/?id=eda98796aff0d9bf41094b06811f5def3b4c333c
CVE-2015-7871
RESERVED
+ {DLA-335-1}
- ntp 1:4.2.8p4+dfsg-1
NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
NOTE: https://github.com/ntp-project/ntp/commit/aa44b5835d69d8ee031736bb8ee2730a514edb7d
@@ -343,6 +382,7 @@
TODO: check
CVE-2015-7855
RESERVED
+ {DLA-335-1}
- ntp 1:4.2.8p4+dfsg-1
NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
NOTE: https://github.com/ntp-project/ntp/commit/ba716a464ecb20618560075f2e4e1051e5b6f24f
@@ -364,11 +404,13 @@
NOTE: https://github.com/ntp-project/ntp/commit/8482b536f9494a5d45196ab5b7e13040f5940261
CVE-2015-7852
RESERVED
+ {DLA-335-1}
- ntp 1:4.2.8p4+dfsg-1
NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
NOTE: https://github.com/ntp-project/ntp/commit/07a5b8141e354a998a52994c3c9cd547927e56ce
CVE-2015-7851
RESERVED
+ {DLA-335-1}
- ntp 1:4.2.8p4+dfsg-1
[jessie] - ntp <no-dsa> (Vulnerability only affects VMS)
[wheezy] - ntp <no-dsa> (Vulnerability only affects VMS)
@@ -377,6 +419,7 @@
NOTE: https://github.com/ntp-project/ntp/commit/184516e143ce4448ddb5b9876dd372008cc779f6
CVE-2015-7850
RESERVED
+ {DLA-335-1}
- ntp 1:4.2.8p4+dfsg-1
NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
NOTE: https://github.com/ntp-project/ntp/commit/bb928ef08eec020ef6008f3a140702ccc0536b8e
@@ -431,8 +474,8 @@
TODO: check
CVE-2015-7837
RESERVED
-CVE-2015-7836
- RESERVED
+CVE-2015-7836 (Siemens RUGGEDCOM ROS before 4.2.1 allows remote attackers to obtain ...)
+ TODO: check
CVE-2015-7835
RESERVED
CVE-2015-7834 (Multiple unspecified vulnerabilities in Google V8 before 4.6.85.23, as ...)
@@ -809,23 +852,27 @@
NOTE: https://github.com/ntp-project/ntp/commit/492758c3d0690d3ccf7130fabfcf670997f12f7b
CVE-2015-7704
RESERVED
+ {DLA-335-1}
- ntp 1:4.2.8p4+dfsg-3
NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
NOTE: Original ntp fix applied in 1:4.2.8p4+dfsg-1for CVE-2015-7704 is apparently broken
NOTE: http://lists.ntp.org/pipermail/pool/2015-October/007631.html
CVE-2015-7703
RESERVED
+ {DLA-335-1}
- ntp 1:4.2.8p4+dfsg-1
NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
NOTE: https://github.com/ntp-project/ntp/commit/5dea6ff160c7e8f7cb038619ccccd28c3a8df637
NOTE: https://github.com/ntp-project/ntp/commit/cdae0f1369ade98dc7ae912a0f1953b6e533cb88
CVE-2015-7702
RESERVED
+ {DLA-335-1}
- ntp 1:4.2.8p4+dfsg-1
NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
NOTE: https://github.com/ntp-project/ntp/commit/c4cd4aaf418f57f7225708a93bf48afb2bc9c1da
CVE-2015-7701
RESERVED
+ {DLA-335-1}
- ntp 1:4.2.8p4+dfsg-1
NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
NOTE: https://github.com/ntp-project/ntp/commit/d7cd5e186034340402f1393e0813c7d2b14ea6ca
@@ -852,11 +899,13 @@
RESERVED
CVE-2015-7692
RESERVED
+ {DLA-335-1}
- ntp 1:4.2.8p4+dfsg-1
NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
NOTE: Fixed upstream together with CVE-2015-7702
CVE-2015-7691
RESERVED
+ {DLA-335-1}
- ntp 1:4.2.8p4+dfsg-1
NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
NOTE: Fixed upstream together with CVE-2015-7702
@@ -2498,6 +2547,7 @@
CVE-2015-6940 (The GetResource servlet in Pentaho Business Analytics (BA) Suite ...)
NOT-FOR-US: Pentaho
CVE-2015-7989 [Cross-site scripting vulnerability in the user list table]
+ RESERVED
{DSA-3375-1 DLA-321-1}
- wordpress 4.3.1+dfsg-1 (bug #799140)
NOTE: https://github.com/WordPress/WordPress/commit/f91a5fd10ea7245e5b41e288624819a37adf290a
@@ -2839,6 +2889,7 @@
CVE-2015-6805 (Cross-site scripting (XSS) vulnerability in the MDC Private Message ...)
NOT-FOR-US: MDC Private Message plugin for WordPress
CVE-2015-6830 (libraries/plugins/auth/AuthenticationCookie.class.php in phpMyAdmin ...)
+ {DSA-3382-1}
- phpmyadmin 4:4.4.14.1-1 (low)
[jessie] - phpmyadmin <no-dsa> (Minor issue)
[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
@@ -3707,24 +3758,24 @@
RESERVED
CVE-2015-6495
RESERVED
-CVE-2015-6494
- RESERVED
-CVE-2015-6493
- RESERVED
-CVE-2015-6492
- RESERVED
-CVE-2015-6491
- RESERVED
-CVE-2015-6490
- RESERVED
+CVE-2015-6494 (Cross-site scripting (XSS) vulnerability in Infinite Automation Mango ...)
+ TODO: check
+CVE-2015-6493 (Cross-site request forgery (CSRF) vulnerability in Infinite Automation ...)
+ TODO: check
+CVE-2015-6492 (Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 ...)
+ TODO: check
+CVE-2015-6491 (Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 ...)
+ TODO: check
+CVE-2015-6490 (Stack-based buffer overflow on Allen-Bradley MicroLogix 1100 devices ...)
+ TODO: check
CVE-2015-6489
RESERVED
-CVE-2015-6488
- RESERVED
+CVE-2015-6488 (Cross-site scripting (XSS) vulnerability in the web server on ...)
+ TODO: check
CVE-2015-6487
RESERVED
-CVE-2015-6486
- RESERVED
+CVE-2015-6486 (SQL injection vulnerability on Allen-Bradley MicroLogix 1100 devices ...)
+ TODO: check
CVE-2015-6485
RESERVED
CVE-2015-6484 (3S-Smart CODESYS Gateway Server before 2.3.9.48 allows remote ...)
@@ -5529,10 +5580,10 @@
- wordpress 4.3.1+dfsg-1 (bug #799140)
NOTE: https://wordpress.org/news/2015/09/wordpress-4-3-1/
NOTE: https://github.com/WordPress/WordPress/commit/f72b21af23da6b6d54208e5c1d65ececdaa109c8
-CVE-2015-5713
- RESERVED
-CVE-2015-5712
- RESERVED
+CVE-2015-5713 (Spotfire Parsing Library and Spotfire Security Filter in TIBCO ...)
+ TODO: check
+CVE-2015-5712 (Spotfire Parsing Library and Spotfire Security Filter in TIBCO ...)
+ TODO: check
CVE-2015-5711 (TIBCO Managed File Transfer Internet Server before 7.2.5, Managed File ...)
NOT-FOR-US: TIBCO
CVE-2015-5710
@@ -6672,6 +6723,7 @@
NOT-FOR-US: Ipsilon
CVE-2015-5300 [MITM attacker can force ntpd to make a step larger than the panic threshold]
RESERVED
+ {DLA-335-1}
- ntp 1:4.2.8p4+dfsg-2
NOTE: https://www.cs.bu.edu/~goldbe/NTPattack.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1271076
@@ -6838,8 +6890,7 @@
CVE-2015-5263
RESERVED
NOT-FOR-US: Pulp (Red Hat)
-CVE-2015-5262 [Possible DoS due to failure to set socket timeout on SSL connections]
- RESERVED
+CVE-2015-5262 (http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents ...)
{DLA-322-1}
- httpcomponents-client 4.3.6-1 (low)
[squeeze] - httpcomponents-client <not-affected> (Regression introduced in 4.3.0)
@@ -6920,8 +6971,7 @@
RESERVED
CVE-2015-5241
RESERVED
-CVE-2015-5240 [Neutron firewall rules bypass through port update]
- RESERVED
+CVE-2015-5240 (Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before ...)
- neutron 1:7.0.0-1
NOTE: versions through 2014.2.3 and 2015.1 versions through 2015.1.1
CVE-2015-5239 [Integer overflow in vnc_client_read() and protocol_client_msg()]
@@ -7004,11 +7054,11 @@
[wheezy] - jasper <no-dsa> (Minor issue)
[squeeze] - jasper <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2015/08/20/4
-CVE-2015-5220
- RESERVED
+CVE-2015-5220 (The Web Console in Red Hat Enterprise Application Platform (EAP) ...)
NOT-FOR-US: JBoss EAP
CVE-2015-5219 [infinite loop in sntp processing crafted packet]
RESERVED
+ {DLA-335-1}
- ntp 1:4.2.8p3+dfsg-1 (low)
[jessie] - ntp <no-dsa> (Minor issue)
[wheezy] - ntp <no-dsa> (Minor issue)
@@ -7087,6 +7137,7 @@
REJECTED
CVE-2015-5195 [ntpd crash when processing config commands with statistics type]
RESERVED
+ {DLA-335-1}
- ntp 1:4.2.8p3+dfsg-1 (low)
[jessie] - ntp <no-dsa> (Minor issue)
[wheezy] - ntp <no-dsa> (Minor issue)
@@ -7094,6 +7145,7 @@
NOTE: https://github.com/ntp-project/ntp/commit/52e977d79a0c4ace997e5c74af429844da2f27be
CVE-2015-5194 [crash with crafted logconfig configuration command]
RESERVED
+ {DLA-335-1}
- ntp 1:4.2.8p3+dfsg-1 (low)
[jessie] - ntp <no-dsa> (Minor issue)
[wheezy] - ntp <no-dsa> (Minor issue)
@@ -7110,8 +7162,7 @@
- pcs <itp> (bug #706522)
CVE-2015-5189 (Race condition in pcsd in PCS 0.9.139 and earlier uses a global ...)
- pcs <itp> (bug #706522)
-CVE-2015-5188
- RESERVED
+CVE-2015-5188 (Cross-site request forgery (CSRF) vulnerability in the Web Console ...)
NOT-FOR-US: JBoss EAP
CVE-2015-5187
RESERVED
@@ -7147,8 +7198,7 @@
RESERVED
- freeipa <unfixed> (bug #795399)
NOTE: https://fedorahosted.org/freeipa/ticket/5153
-CVE-2015-5178
- RESERVED
+CVE-2015-5178 (The Management Console in Red Hat Enterprise Application Platform ...)
NOT-FOR-US: JBoss EAP
CVE-2015-5177 [double free in SLPDProcessMessage()]
RESERVED
@@ -7452,6 +7502,7 @@
NOT-FOR-US: Slider Revolution (revslider) plugin for WordPress
CVE-2015-5146 [ntpd control message crash: Crafted NUL-byte in configuration directive]
RESERVED
+ {DLA-335-1}
- ntp 1:4.2.8p3+dfsg-1
[jessie] - ntp <no-dsa> (Minor issue)
[wheezy] - ntp <no-dsa> (Minor issue)
@@ -10423,8 +10474,8 @@
RESERVED
CVE-2015-3997
RESERVED
-CVE-2015-3996
- RESERVED
+CVE-2015-3996 (The default AFSecurityPolicy.validatesDomainName configuration for ...)
+ TODO: check
CVE-2015-3995 (SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote ...)
NOT-FOR-US: SAP HANA DB
CVE-2015-3994 (The grant.xsfunc application in testApps/grantAccess/ in the XS Engine ...)
@@ -10514,20 +10565,20 @@
RESERVED
CVE-2015-3974 (EasyIO EasyIO-30P-SF controllers with firmware before 0.5.21 and 2.x ...)
NOT-FOR-US: EasyIO EasyIO-30P-SF controllers
-CVE-2015-3973
- RESERVED
-CVE-2015-3972
- RESERVED
-CVE-2015-3971
- RESERVED
-CVE-2015-3970
- RESERVED
-CVE-2015-3969
- RESERVED
-CVE-2015-3968
- RESERVED
-CVE-2015-3967
- RESERVED
+CVE-2015-3973 (Janitza UMG 508, 509, 511, 604, and 605 devices improperly generate ...)
+ TODO: check
+CVE-2015-3972 (The web interface on Janitza UMG 508, 509, 511, 604, and 605 devices ...)
+ TODO: check
+CVE-2015-3971 (The debug interface on Janitza UMG 508, 509, 511, 604, and 605 devices ...)
+ TODO: check
+CVE-2015-3970 (Multiple cross-site scripting (XSS) vulnerabilities in the web ...)
+ TODO: check
+CVE-2015-3969 (Janitza UMG 508, 509, 511, 604, and 605 devices allow remote attackers ...)
+ TODO: check
+CVE-2015-3968 (The FTP service on Janitza UMG 508, 509, 511, 604, and 605 devices has ...)
+ TODO: check
+CVE-2015-3967 (Cross-site request forgery (CSRF) vulnerability on Janitza UMG 508, ...)
+ TODO: check
CVE-2015-3966 (The IPsec SA establishment process on Innominate mGuard devices with ...)
NOT-FOR-US: Innominate mGuard
CVE-2015-3965
@@ -10850,10 +10901,12 @@
CVE-2015-3816
RESERVED
CVE-2015-3903 (libraries/Config.class.php in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x ...)
+ {DSA-3382-1}
- phpmyadmin 4:4.4.6.1-1 (unimportant)
- [wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
- [squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
+ [wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
+ [squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2015-3902 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
+ {DSA-3382-1 DLA-336-1}
- phpmyadmin 4:4.4.6.1-1 (unimportant)
CVE-2015-4036 (Array index error in the tcm_vhost_make_tpg function in ...)
- linux 3.16.7-ckt9-1
@@ -15930,6 +15983,7 @@
CVE-2015-2207
RESERVED
CVE-2015-2206 (libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, ...)
+ {DSA-3382-1 DLA-336-1}
- phpmyadmin 4:4.4.4-1 (unimportant)
NOTE: Hardening, not a concrete issue itself
NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2015-1.php
@@ -23310,6 +23364,7 @@
NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/9b2479b7216dd91a6cc2f231c0fd6b85d457f6e2
NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-18.php
CVE-2014-9218 (libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x ...)
+ {DSA-3382-1 DLA-336-1}
- phpmyadmin 4:4.2.12-2 (low; bug #774194)
NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/1ac863c7573d12012374d5d41e5c7dc5505ea6e1 (master)
NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-17.php
@@ -24788,6 +24843,7 @@
[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-14.php
CVE-2014-8958 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
+ {DSA-3382-1 DLA-336-1}
- phpmyadmin 4:4.2.12-1 (low)
NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-13.php
NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/42b64e12b5f596366f94ef72365fd69a019ba820 and
@@ -42923,7 +42979,7 @@
CVE-2014-1879 (Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin ...)
{DSA-2975-1}
- phpmyadmin 4:4.1.7-1 (unimportant)
- [squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
+ [squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2014-1878 (Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c ...)
{DSA-2956-1 DLA-60-1}
- icinga 1.10.3-1
More information about the Secure-testing-commits
mailing list