[Secure-testing-commits] r36565 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Wed Sep 9 21:10:14 UTC 2015
Author: sectracker
Date: 2015-09-09 21:10:13 +0000 (Wed, 09 Sep 2015)
New Revision: 36565
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-09-09 20:33:08 UTC (rev 36564)
+++ data/CVE/list 2015-09-09 21:10:13 UTC (rev 36565)
@@ -1,4 +1,49 @@
+CVE-2015-6839
+ RESERVED
+CVE-2015-6829
+ RESERVED
+CVE-2015-6828
+ RESERVED
+CVE-2015-6827
+ RESERVED
+CVE-2015-6826 (The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c in ...)
+ TODO: check
+CVE-2015-6825 (The ff_frame_thread_init function in libavcodec/pthread_frame.c in ...)
+ TODO: check
+CVE-2015-6824 (The sws_init_context function in libswscale/utils.c in FFmpeg before ...)
+ TODO: check
+CVE-2015-6823 (The allocate_buffers function in libavcodec/alac.c in FFmpeg before ...)
+ TODO: check
+CVE-2015-6822 (The destroy_buffers function in libavcodec/sanm.c in FFmpeg before ...)
+ TODO: check
+CVE-2015-6821 (The ff_mpv_common_init function in libavcodec/mpegvideo.c in FFmpeg ...)
+ TODO: check
+CVE-2015-6820 (The ff_sbr_apply function in libavcodec/aacsbr.c in FFmpeg before ...)
+ TODO: check
+CVE-2015-6819 (Multiple integer underflows in the ff_mjpeg_decode_frame function in ...)
+ TODO: check
+CVE-2015-6818 (The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg before ...)
+ TODO: check
+CVE-2015-6814
+ RESERVED
+CVE-2015-6813
+ RESERVED
+CVE-2015-6812 (Invision Power Services IPS Community Suite (aka Invision Power Board, ...)
+ TODO: check
+CVE-2015-6811 (SQL injection vulnerability in the Sophos Cyberoam CR500iNG-XP ...)
+ TODO: check
+CVE-2015-6810 (Cross-site scripting (XSS) vulnerability in Invision Power Services ...)
+ TODO: check
+CVE-2015-6809 (Multiple cross-site scripting (XSS) vulnerabilities in BEdita before ...)
+ TODO: check
+CVE-2015-6808 (Cross-site scripting (XSS) vulnerability in the Spotlight module ...)
+ TODO: check
+CVE-2015-6807 (Cross-site scripting (XSS) vulnerability in the Mass Contact module ...)
+ TODO: check
+CVE-2015-6805 (Cross-site scripting (XSS) vulnerability in the MDC Private Message ...)
+ TODO: check
CVE-2015-6830 [phpMyAdmin PMASA-2015-4 bypassing the reCaptcha test]
+ RESERVED
- phpmyadmin 4:4.4.14.1-1 (low)
[jessie] - phpmyadmin <no-dsa> (Minor issue)
[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
@@ -14,26 +59,31 @@
NOTE: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=075d7556964f5a871a73c22ac4b69f5361295099
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/09/07/8
CVE-2015-6838 [NULL pointer dereference]
+ RESERVED
- php5 <unfixed>
NOTE: https://bugs.php.net/bug.php?id=69782
NOTE: http://www.openwall.com/lists/oss-security/2015/09/07/5
NOTE: Fixed in 5.5.45 and 5.6.13
CVE-2015-6837 [NULL pointer dereference]
+ RESERVED
- php5 <unfixed>
NOTE: https://bugs.php.net/bug.php?id=69782
NOTE: http://www.openwall.com/lists/oss-security/2015/09/07/5
NOTE: Fixed in 5.5.45 and 5.6.13
CVE-2015-6836 [SOAP serialize_function_call() type confusion / RCE]
+ RESERVED
- php5 <unfixed>
NOTE: https://bugs.php.net/bug.php?id=70388
NOTE: http://www.openwall.com/lists/oss-security/2015/09/07/5
NOTE: Fixed in 5.5.45 and 5.6.13
CVE-2015-6835 [Use after free vulnerability in session deserializer]
+ RESERVED
- php5 <unfixed>
NOTE: https://bugs.php.net/bug.php?id=70219
NOTE: http://www.openwall.com/lists/oss-security/2015/09/07/5
NOTE: Fixed in 5.5.45 and 5.6.13
CVE-2015-6834 [Vulnerability in unserialize(), discoverer taoguangchen at icloud.com]
+ RESERVED
- php5 <unfixed>
NOTE: https://bugs.php.net/bug.php?id=70172
NOTE: https://bugs.php.net/bug.php?id=70365
@@ -49,6 +99,7 @@
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/09/05/8
TODO: check
CVE-2015-6815 [Qemu: net: e1000 infinite loop issue]
+ RESERVED
- qemu <unfixed> (bug #798101)
[jessie] - qemu <no-dsa> (Minor issue; Can be fixed along with a future DSA)
[wheezy] - qemu <no-dsa> (Minor issue; Can be fixed along with a future DSA)
@@ -59,12 +110,14 @@
NOTE: http://www.openwall.com/lists/oss-security/2015/09/04/4
NOTE: Upstream fix: https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg01199.html
CVE-2015-6816 [Ganglia-web auth bypass]
+ RESERVED
- ganglia-web <unfixed> (bug #798213)
- ganglia 3.6.0-1
NOTE: starting with 3.6.0-1 the web front is no longer built from src:ganglia so marking this version as fixed
NOTE: http://www.openwall.com/lists/oss-security/2015/09/04/2
NOTE: https://github.com/ganglia/ganglia-web/issues/267
CVE-2015-6817 [authentication bypass]
+ RESERVED
- pgbouncer 1.6.1-1
[jessie] - pgbouncer <not-affected> (Introduced in 1.6)
[wheezy] - pgbouncer <not-affected> (Introduced in 1.6)
@@ -217,6 +270,7 @@
CVE-2015-6723
RESERVED
CVE-2015-6806 [DoS attack via stack overflow via terminal control codes]
+ RESERVED
{DSA-3352-1 DLA-305-1}
- screen 4.3.1-2 (bug #797624)
NOTE: https://savannah.gnu.org/bugs/?45713
@@ -348,10 +402,10 @@
RESERVED
CVE-2015-6682
RESERVED
-CVE-2015-6681
- RESERVED
-CVE-2015-6680
- RESERVED
+CVE-2015-6681 (Adobe Shockwave Player before 12.2.0.162 allows attackers to execute ...)
+ TODO: check
+CVE-2015-6680 (Adobe Shockwave Player before 12.2.0.162 allows attackers to execute ...)
+ TODO: check
CVE-2015-6679
RESERVED
CVE-2015-6678
@@ -402,8 +456,7 @@
NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2c7577a7583747c9b71f26dced7f696b739da745 (v3.19-rc1)
CVE-2015-6655 (Cross-site request forgery (CSRF) vulnerability in Pligg CMS 2.0.2 ...)
TODO: check
-CVE-2015-6654
- RESERVED
+CVE-2015-6654 (The xenmem_add_to_physmap_one function in arch/arm/mm.c in Xen 4.5.x, ...)
- xen <unfixed>
[jessie] - xen <no-dsa> (Minor issue, can be fixed along in a later DSA)
[wheezy] - xen <not-affected> (Xen on arm not yet supported)
@@ -539,8 +592,7 @@
RESERVED
CVE-2015-6588
RESERVED
-CVE-2015-6587
- RESERVED
+CVE-2015-6587 (The vlserver in OpenAFS before 1.6.13 allows remote authenticated ...)
{DSA-3320-1}
- openafs 1.6.13-1
NOTE: http://www.openafs.org/pages/security/OPENAFS-SA-2015-006.txt
@@ -550,14 +602,14 @@
RESERVED
CVE-2015-6584
RESERVED
-CVE-2015-6583
- RESERVED
-CVE-2015-6582
- RESERVED
-CVE-2015-6581
- RESERVED
-CVE-2015-6580
- RESERVED
+CVE-2015-6583 (Google Chrome before 45.0.2454.85 does not display a location bar for ...)
+ TODO: check
+CVE-2015-6582 (The decompose function in platform/transforms/TransformationMatrix.cpp ...)
+ TODO: check
+CVE-2015-6581 (Double free vulnerability in the ...)
+ TODO: check
+CVE-2015-6580 (Multiple unspecified vulnerabilities in Google V8 before 4.5.103.29, ...)
+ TODO: check
CVE-2015-6579
RESERVED
CVE-2015-6578
@@ -620,8 +672,8 @@
RESERVED
CVE-2015-6546
RESERVED
-CVE-2015-6545
- RESERVED
+CVE-2015-6545 (Cross-site request forgery (CSRF) vulnerability in ajax.php in Cerb ...)
+ TODO: check
CVE-2015-6544
RESERVED
CVE-2015-6543
@@ -755,12 +807,14 @@
CVE-2015-6507
RESERVED
CVE-2015-6833 [Files extracted from archive may be placed outside of destination directory]
+ RESERVED
{DSA-3344-1}
- php5 5.6.12+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=70019
NOTE: http://www.openwall.com/lists/oss-security/2015/08/19/3
NOTE: Fixed upstream in 5.4.44 and 5.6.12
CVE-2015-6831 [vulnerabilities in unserialize]
+ RESERVED
{DSA-3344-1}
- php5 5.6.12+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=70169
@@ -770,6 +824,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2015/08/19/3
NOTE: Fixed upstream in 5.4.44 and 5.6.12
CVE-2015-6832 [Dangling pointer in the unserialization of ArrayObject items]
+ RESERVED
{DSA-3344-1}
- php5 5.6.12+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=70068
@@ -1229,14 +1284,14 @@
RESERVED
CVE-2015-6278
RESERVED
-CVE-2015-6277
- RESERVED
-CVE-2015-6276
- RESERVED
+CVE-2015-6277 (The ARP implementation in Cisco NX-OS on Nexus 1000V devices for ...)
+ TODO: check
+CVE-2015-6276 (Cisco TelePresence IX5000 8.0.3 stores a private key associated with ...)
+ TODO: check
CVE-2015-6275
RESERVED
-CVE-2015-6274
- RESERVED
+CVE-2015-6274 (The IPv4 implementation on Cisco ASR 1000 devices with software ...)
+ TODO: check
CVE-2015-6273 (Cisco IOS XE before 3.1.2S on ASR 1000 devices mishandles the ...)
NOT-FOR-US: Cisco
CVE-2015-6272 (Cisco IOS XE 2.1.0 through 2.2.3 and 2.3.0 on ASR 1000 devices, when ...)
@@ -1265,8 +1320,7 @@
NOT-FOR-US: Cisco
CVE-2015-6260
RESERVED
-CVE-2015-6259
- RESERVED
+CVE-2015-6259 (The JavaServer Pages (JSP) component in Cisco Integrated Management ...)
NOT-FOR-US: Cisco
CVE-2015-6258 (The Internet Access Point Protocol (IAPP) module on Cisco Wireless LAN ...)
NOT-FOR-US: Cisco
@@ -1840,8 +1894,7 @@
CVE-2015-6250
RESERVED
NOT-FOR-US: simple-php-captcha
-CVE-2015-5986
- RESERVED
+CVE-2015-5986 (openpgpkey_61.c in named in ISC BIND 9.9.7 before 9.9.7-P3 and 9.10.x ...)
- bind9 <not-affected> (Vulnerable code present only since 9.9.7)
NOTE: https://kb.isc.org/article/AA-01291
CVE-2015-6496 (conntrackd in conntrack-tools 1.4.2 and earlier does not ensure that ...)
@@ -1892,8 +1945,7 @@
RESERVED
CVE-2015-5965 (The SSL-VPN feature in Fortinet FortiOS before 4.3.13 only checks the ...)
NOT-FOR-US: Fortinet FortiOS
-CVE-2015-6506 [crypt XSS]
- RESERVED
+CVE-2015-6506 (Cross-site scripting (XSS) vulnerability in the cryptography interface ...)
{DSA-3335-1}
- request-tracker4 4.2.11-2
[jessie] - request-tracker4 4.2.8-3+deb8u1
@@ -2505,12 +2557,12 @@
NOTE: Patch for wheezy needs change since uses iov_from_buf:
NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=dcf6f5e15ecee4f593eeacbe0591c1addc004d92
NOTE: iov_* function changed in http://git.qemu.org/?p=qemu.git;a=commitdiff;h=2278a69e7020d86a8c73a28474e7709d3e7d5081 (v1.2.0-rc0)
-CVE-2015-5737
- RESERVED
-CVE-2015-5736
- RESERVED
-CVE-2015-5735
- RESERVED
+CVE-2015-5737 (The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, (4) ...)
+ TODO: check
+CVE-2015-5736 (The Fortishield.sys driver in Fortinet FortiClient before 5.2.4 allows ...)
+ TODO: check
+CVE-2015-5735 (The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and ...)
+ TODO: check
CVE-2015-5729
RESERVED
CVE-2015-5728
@@ -2548,9 +2600,8 @@
NOTE: https://github.com/golang/go/commit/117ddcb83d7f42d6aa72241240af99ded81118e9
CVE-2015-5724
RESERVED
-CVE-2015-5722
- RESERVED
- {DSA-3350-1}
+CVE-2015-5722 (buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before ...)
+ {DSA-3350-1 DLA-308-1}
- bind9 1:9.9.5.dfsg-12
NOTE: https://kb.isc.org/article/AA-01287
CVE-2015-5721
@@ -2736,8 +2787,8 @@
[experimental] - designate 1:1.0.0~b2-1
- designate 2015.1.0+2015.08.26.git34.9fa07c5798-1 (bug #796108)
[jessie] - designate <not-affected> (Vulnerable code doesn't exist)
-CVE-2015-5688
- RESERVED
+CVE-2015-5688 (Directory traversal vulnerability in lib/app/index.js in Geddy before ...)
+ TODO: check
CVE-2015-5687
RESERVED
CVE-2015-5686
@@ -2870,10 +2921,10 @@
RESERVED
CVE-2015-5626
RESERVED
-CVE-2015-5625
- RESERVED
-CVE-2015-5624
- RESERVED
+CVE-2015-5625 (Cross-site scripting (XSS) vulnerability in OpenDocMan before 1.3.4 ...)
+ TODO: check
+CVE-2015-5624 (Buffer overflow in the ExecCall method in c2lv6.ocx in the FreeBit ...)
+ TODO: check
CVE-2015-5697 (The get_bitmap_file function in drivers/md/md.c in the Linux kernel ...)
{DSA-3329-1}
- linux 4.1.3-1
@@ -2903,8 +2954,8 @@
RESERVED
CVE-2015-5613
RESERVED
-CVE-2015-5612
- RESERVED
+CVE-2015-5612 (Cross-site scripting (XSS) vulnerability in October CMS build 271 and ...)
+ TODO: check
CVE-2015-5623 (WordPress before 4.2.3 does not properly verify the edit_posts ...)
{DSA-3328-1}
- wordpress 4.2.3+dfsg-1
@@ -3838,8 +3889,7 @@
RESERVED
CVE-2015-5251
RESERVED
-CVE-2015-5250
- RESERVED
+CVE-2015-5250 (The API server in OpenShift Origin 1.0.5 allows remote attackers to ...)
NOT-FOR-US: OpenShift
CVE-2015-5249
RESERVED
@@ -4004,20 +4054,17 @@
NOT-FOR-US: Satellite6
CVE-2015-5201
RESERVED
-CVE-2015-5200 [vulnerability in trace functionality]
- RESERVED
+CVE-2015-5200 (The trace functionality in libvdpau before 1.1.1, when used in a ...)
{DLA-306-1}
- libvdpau 1.1.1-1 (bug #797895)
NOTE: http://lists.x.org/archives/xorg-announce/2015-August/002630.html
NOTE: http://cgit.freedesktop.org/~aplattner/libvdpau/commit/?id=d1f9c16b1a8187110e501c9116d21ffee25c0ba4
-CVE-2015-5199 [directory traversal in dlopen]
- RESERVED
+CVE-2015-5199 (Directory traversal vulnerability in dlopen in libvdpau before 1.1.1 ...)
{DLA-306-1}
- libvdpau 1.1.1-1 (bug #797895)
NOTE: http://lists.x.org/archives/xorg-announce/2015-August/002630.html
NOTE: http://cgit.freedesktop.org/~aplattner/libvdpau/commit/?id=d1f9c16b1a8187110e501c9116d21ffee25c0ba4
-CVE-2015-5198 [incorrect check for security transition]
- RESERVED
+CVE-2015-5198 (libvdpau before 1.1.1, when used in a setuid or setgid application, ...)
{DLA-306-1}
- libvdpau 1.1.1-1 (bug #797895)
NOTE: http://lists.x.org/archives/xorg-announce/2015-August/002630.html
@@ -4052,11 +4099,9 @@
REJECTED
CVE-2015-5191
RESERVED
-CVE-2015-5190
- RESERVED
+CVE-2015-5190 (The pcsd web UI in PCS 0.9.139 and earlier allows remote authenticated ...)
- pcs <itp> (bug #706522)
-CVE-2015-5189
- RESERVED
+CVE-2015-5189 (Race condition in pcsd in PCS 0.9.139 and earlier uses a global ...)
- pcs <itp> (bug #706522)
CVE-2015-5188
RESERVED
@@ -5606,8 +5651,8 @@
NOT-FOR-US: TIBCO
CVE-2015-4553
RESERVED
-CVE-2015-4552
- RESERVED
+CVE-2015-4552 (Cross-site scripting (XSS) vulnerability in the quick edit function in ...)
+ TODO: check
CVE-2015-4551
RESERVED
CVE-2015-4550 (The Cavium cryptographic-module firmware on Cisco Adaptive Security ...)
@@ -5622,8 +5667,7 @@
RESERVED
CVE-2015-4545
RESERVED
-CVE-2015-4544
- RESERVED
+CVE-2015-4544 (EMC Documentum Content Server before 7.1P20 and 7.2.x before 7.2P04 ...)
NOT-FOR-US: EMC Documentum Content Server
CVE-2015-4543
RESERVED
@@ -5635,8 +5679,7 @@
RESERVED
CVE-2015-4539
RESERVED
-CVE-2015-4538
- RESERVED
+CVE-2015-4538 (The XML parser in EMC Atmos before 2.2.3.426 and 2.3.x before 2.3.1.0 ...)
NOT-FOR-US: EMC Atmos
CVE-2015-4537 (Lockbox in EMC Documentum D2 before 4.5 uses a hardcoded passphrase ...)
NOT-FOR-US: EMC Documentum D2
@@ -6173,8 +6216,8 @@
RESERVED
CVE-2015-4331 (Cisco Prime Infrastructure (PI) 1.4(0.45) and earlier, when AAA ...)
NOT-FOR-US: Cisco Prime Infrastructure
-CVE-2015-4330
- RESERVED
+CVE-2015-4330 (A local file script in Cisco TelePresence Video Communication Server ...)
+ TODO: check
CVE-2015-4329 (The administrator web interface in Cisco TelePresence Video ...)
NOT-FOR-US: Cisco TelePresence Video Communication Server
CVE-2015-4328 (Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 ...)
@@ -6852,7 +6895,7 @@
- kibana <itp> (bug #700337)
CVE-2015-4092 (Buffer overflow in the XComms process in SAP Afaria 7.00.6620.2 SP5 ...)
NOT-FOR-US: SAP Afaria
-CVE-2015-4091 (XML external entity (XXE) vulnerability in SAP NetWeaver AS Java ...)
+CVE-2015-4091 (XML external entity (XXE) vulnerability in SAP NetWeaver AS Java 7.4 ...)
NOT-FOR-US: SAP NetWeaver AS Java
CVE-2015-4090
RESERVED
@@ -6878,8 +6921,8 @@
RESERVED
CVE-2015-4078
RESERVED
-CVE-2015-4077
- RESERVED
+CVE-2015-4077 (The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and ...)
+ TODO: check
CVE-2015-4076
RESERVED
CVE-2015-4075
@@ -9077,8 +9120,7 @@
CVE-2015-3309 [incomplete fix for CVE-2015-3297]
RESERVED
- etherpad-lite <itp> (bug #576998)
-CVE-2015-3308 [double-free in gnutls]
- RESERVED
+CVE-2015-3308 (Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before ...)
[experimental] - gnutls28 3.3.14-1
- gnutls28 3.3.8-7 (bug #782776)
[jessie] - gnutls28 3.3.8-6+deb8u1
@@ -9136,8 +9178,8 @@
[wheezy] - glance <not-affected> (Vulnerable code introduced later)
CVE-2015-3288
RESERVED
-CVE-2015-3287 (The vlserver in OpenAFS before 1.6.13 allows remote authenticated ...)
- NOTE: CVE was requested to be rejected: http://www.openwall.com/lists/oss-security/2015/09/02/1
+CVE-2015-3287
+ REJECTED
CVE-2015-3286 (Buffer overflow in the Solaris kernel extension in OpenAFS before ...)
- openafs <not-affected> (The Solaris kernel extension in versions through 1.6.12)
NOTE: http://www.openafs.org/pages/security/OPENAFS-SA-2015-005.txt
@@ -9285,8 +9327,7 @@
[wheezy] - openhpi <no-dsa> (Minor issue)
[squeeze] - openhpi <no-dsa> (Minor issue)
NOTE: In Debian directory is not world-writable
-CVE-2015-3247 [memory corruption in worker_update_monitors_config()]
- RESERVED
+CVE-2015-3247 (Race condition in the worker_update_monitors_config function in SPICE ...)
{DSA-3354-1}
- spice 0.12.5-1.2 (bug #797976)
[wheezy] - spice <not-affected> (monitors_config support introduced in 0.11.3)
@@ -9306,8 +9347,7 @@
NOTE: provided by the Debian package sets $FileCreateMode 0640
CVE-2015-3242
REJECTED
-CVE-2015-3241 [Nova instance migration process does not stop when instance is deleted]
- RESERVED
+CVE-2015-3241 (OpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and ...)
- nova <unfixed> (bug #796109)
[jessie] - nova <no-dsa> (Minor issue)
[wheezy] - nova <no-dsa> (Minor issue)
@@ -10160,20 +10200,20 @@
CVE-2015-2992
RESERVED
- libstruts1.2-java <not-affected> (Affects 2.0.0 - 2.3.16.3)
-CVE-2015-2991
- RESERVED
-CVE-2015-2990
- RESERVED
-CVE-2015-2989
- RESERVED
+CVE-2015-2991 (Buffer overflow in NScripter before 3.00 allows remote attackers to ...)
+ TODO: check
+CVE-2015-2990 (Directory traversal vulnerability in zhtml.cgi in NEOJAPAN desknet NEO ...)
+ TODO: check
+CVE-2015-2989 (Cross-site scripting (XSS) vulnerability in index.php in LEMON-S PHP ...)
+ TODO: check
CVE-2015-2988
RESERVED
CVE-2015-2987 (Type74 ED before 4.0 misuses 128-bit ECB encryption for small files, ...)
TODO: check
-CVE-2015-2986
- RESERVED
-CVE-2015-2985
- RESERVED
+CVE-2015-2986 (Cross-site scripting (XSS) vulnerability in rakuto.net hitSuji ...)
+ TODO: check
+CVE-2015-2985 (Cross-site scripting (XSS) vulnerability in guide-park.com BBS X102 ...)
+ TODO: check
CVE-2015-2984 (I-O DATA DEVICE WN-G54/R2 routers with firmware before 1.03 and ...)
TODO: check
CVE-2015-2983 (Cross-site request forgery (CSRF) vulnerability in admin.php in PHP ...)
@@ -11577,18 +11617,18 @@
RESERVED
CVE-2015-2547
RESERVED
-CVE-2015-2546
- RESERVED
-CVE-2015-2545
- RESERVED
-CVE-2015-2544
- RESERVED
-CVE-2015-2543
- RESERVED
-CVE-2015-2542
- RESERVED
-CVE-2015-2541
- RESERVED
+CVE-2015-2546 (The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server ...)
+ TODO: check
+CVE-2015-2545 (Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allows ...)
+ TODO: check
+CVE-2015-2544 (Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) ...)
+ TODO: check
+CVE-2015-2543 (Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) ...)
+ TODO: check
+CVE-2015-2542 (Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote ...)
+ TODO: check
+CVE-2015-2541 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
+ TODO: check
CVE-2015-2540
RESERVED
CVE-2015-2539
@@ -11597,114 +11637,114 @@
RESERVED
CVE-2015-2537
RESERVED
-CVE-2015-2536
- RESERVED
-CVE-2015-2535
- RESERVED
-CVE-2015-2534
- RESERVED
+CVE-2015-2536 (Cross-site scripting (XSS) vulnerability in Microsoft Lync Server 2013 ...)
+ TODO: check
+CVE-2015-2535 (Active Directory in Microsoft Windows Server 2008 SP2 and R2 SP1 and ...)
+ TODO: check
+CVE-2015-2534 (Hyper-V in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows ...)
+ TODO: check
CVE-2015-2533
RESERVED
-CVE-2015-2532
- RESERVED
-CVE-2015-2531
- RESERVED
-CVE-2015-2530
- RESERVED
-CVE-2015-2529
- RESERVED
-CVE-2015-2528
- RESERVED
-CVE-2015-2527
- RESERVED
-CVE-2015-2526
- RESERVED
-CVE-2015-2525
- RESERVED
-CVE-2015-2524
- RESERVED
-CVE-2015-2523
- RESERVED
-CVE-2015-2522
- RESERVED
-CVE-2015-2521
- RESERVED
-CVE-2015-2520
- RESERVED
-CVE-2015-2519
- RESERVED
-CVE-2015-2518
- RESERVED
-CVE-2015-2517
- RESERVED
-CVE-2015-2516
- RESERVED
+CVE-2015-2532 (Cross-site scripting (XSS) vulnerability in Microsoft Lync Server 2013 ...)
+ TODO: check
+CVE-2015-2531 (Cross-site scripting (XSS) vulnerability in the jQuery engine in ...)
+ TODO: check
+CVE-2015-2530 (Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 ...)
+ TODO: check
+CVE-2015-2529 (The kernel in Microsoft Windows 8.1, Windows Server 2012 R2, Windows ...)
+ TODO: check
+CVE-2015-2528 (Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, ...)
+ TODO: check
+CVE-2015-2527 (The process-initialization implementation in win32k.sys in the ...)
+ TODO: check
+CVE-2015-2526 (Microsoft .NET Framework 4.5, 4.5.1, 4.5.2, and 4.6 allows remote ...)
+ TODO: check
+CVE-2015-2525 (Task Scheduler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 ...)
+ TODO: check
+CVE-2015-2524 (Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, ...)
+ TODO: check
+CVE-2015-2523 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 ...)
+ TODO: check
+CVE-2015-2522 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint ...)
+ TODO: check
+CVE-2015-2521 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack ...)
+ TODO: check
+CVE-2015-2520 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011 and 2016, ...)
+ TODO: check
+CVE-2015-2519 (Integer overflow in Windows Journal in Microsoft Windows Vista SP2, ...)
+ TODO: check
+CVE-2015-2518 (The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server ...)
+ TODO: check
+CVE-2015-2517 (The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server ...)
+ TODO: check
+CVE-2015-2516 (Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 ...)
+ TODO: check
CVE-2015-2515
RESERVED
-CVE-2015-2514
- RESERVED
-CVE-2015-2513
- RESERVED
-CVE-2015-2512
- RESERVED
-CVE-2015-2511
- RESERVED
-CVE-2015-2510
- RESERVED
-CVE-2015-2509
- RESERVED
-CVE-2015-2508
- RESERVED
-CVE-2015-2507
- RESERVED
-CVE-2015-2506
- RESERVED
-CVE-2015-2505
- RESERVED
-CVE-2015-2504
- RESERVED
+CVE-2015-2514 (Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 ...)
+ TODO: check
+CVE-2015-2513 (Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 ...)
+ TODO: check
+CVE-2015-2512 (The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows ...)
+ TODO: check
+CVE-2015-2511 (The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server ...)
+ TODO: check
+CVE-2015-2510 (Buffer overflow in the Adobe Type Manager Library in Microsoft Windows ...)
+ TODO: check
+CVE-2015-2509 (Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, ...)
+ TODO: check
+CVE-2015-2508 (The Adobe Type Manager Library in Microsoft Windows 10 allows local ...)
+ TODO: check
+CVE-2015-2507 (The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows ...)
+ TODO: check
+CVE-2015-2506 (atmfd.dll in the Adobe Type Manager Library in Microsoft Windows Vista ...)
+ TODO: check
+CVE-2015-2505 (Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Cumulative ...)
+ TODO: check
+CVE-2015-2504 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, ...)
+ TODO: check
CVE-2015-2503
RESERVED
CVE-2015-2502 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
-CVE-2015-2501
- RESERVED
-CVE-2015-2500
- RESERVED
-CVE-2015-2499
- RESERVED
-CVE-2015-2498
- RESERVED
+CVE-2015-2501 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
+ TODO: check
+CVE-2015-2500 (Microsoft Internet Explorer 7 and 8 allows remote attackers to execute ...)
+ TODO: check
+CVE-2015-2499 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2015-2498 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...)
+ TODO: check
CVE-2015-2497
RESERVED
CVE-2015-2496
RESERVED
CVE-2015-2495
RESERVED
-CVE-2015-2494
- RESERVED
-CVE-2015-2493
- RESERVED
-CVE-2015-2492
- RESERVED
-CVE-2015-2491
- RESERVED
-CVE-2015-2490
- RESERVED
-CVE-2015-2489
- RESERVED
+CVE-2015-2494 (Microsoft Internet Explorer 7 through 11 and Microsoft Edge allow ...)
+ TODO: check
+CVE-2015-2493 (The (1) VBScript and (2) JScript engines in Microsoft Internet ...)
+ TODO: check
+CVE-2015-2492 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2015-2491 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2015-2490 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2015-2489 (Microsoft Internet Explorer 11 allows remote attackers to gain ...)
+ TODO: check
CVE-2015-2488
RESERVED
-CVE-2015-2487
- RESERVED
-CVE-2015-2486
- RESERVED
-CVE-2015-2485
- RESERVED
-CVE-2015-2484
- RESERVED
-CVE-2015-2483
- RESERVED
+CVE-2015-2487 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2015-2486 (Microsoft Internet Explorer 7 through 11 and Microsoft Edge allow ...)
+ TODO: check
+CVE-2015-2485 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow ...)
+ TODO: check
+CVE-2015-2484 (Microsoft Internet Explorer 10 and 11 uses an incorrect flag during ...)
+ TODO: check
+CVE-2015-2483 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
+ TODO: check
CVE-2015-2482
RESERVED
CVE-2015-2481 (The RyuJIT compiler in Microsoft .NET Framework 4.6 produces incorrect ...)
@@ -13640,8 +13680,7 @@
- docker.io <not-affected> (RHEL specific problem)
CVE-2015-1842 (The puppet manifests in the Red Hat openstack-puppet-modules package ...)
NOT-FOR-US: openstack-puppet-modules
-CVE-2015-1841
- RESERVED
+CVE-2015-1841 (The Web Admin interface in Red Hat Enterprise Virtualization Manager ...)
NOT-FOR-US: RHEV
CVE-2015-1840 (jquery_ujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and ...)
- ruby-jquery-rails <unfixed> (bug #790395)
@@ -14564,8 +14603,8 @@
- piwigo <removed>
[squeeze] - piwigo <end-of-life> (Unsupported in squeeze-lts)
NOTE: Request to mark the package as unsupported in #779104
-CVE-2015-1516
- RESERVED
+CVE-2015-1516 (Cross-site scripting (XSS) vulnerability in Polycom RealPresence ...)
+ TODO: check
CVE-2015-1515 (The dwall.sys driver in SoftSphere DefenseWall Personal Firewall 3.24 ...)
NOT-FOR-US: SoftSphere
CVE-2015-1514 (Multiple SQL injection vulnerabilities in FancyFon FAMOC before 3.17.4 ...)
@@ -15533,68 +15572,57 @@
RESERVED
CVE-2015-1302
RESERVED
-CVE-2015-1301
- RESERVED
+CVE-2015-1301 (Multiple unspecified vulnerabilities in Google Chrome before ...)
{DSA-3351-1}
- chromium-browser 45.0.2454.85-1 (low)
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1300
- RESERVED
+CVE-2015-1300 (The FrameFetchContext::updateTimingInfoForIFrameNavigation function in ...)
{DSA-3351-1}
- chromium-browser 45.0.2454.85-1 (low)
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1299
- RESERVED
+CVE-2015-1299 (Use-after-free vulnerability in the shared-timer implementation in ...)
{DSA-3351-1}
- chromium-browser 45.0.2454.85-1 (low)
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1298
- RESERVED
+CVE-2015-1298 (The RuntimeEventRouter::OnExtensionUninstalled function in ...)
{DSA-3351-1}
- chromium-browser 45.0.2454.85-1 (low)
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1297
- RESERVED
+CVE-2015-1297 (The WebRequest API implementation in ...)
{DSA-3351-1}
- chromium-browser 45.0.2454.85-1 (low)
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1296
- RESERVED
+CVE-2015-1296 (The UnescapeURLWithAdjustmentsImpl implementation in ...)
{DSA-3351-1}
- chromium-browser 45.0.2454.85-1 (low)
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1295
- RESERVED
+CVE-2015-1295 (Multiple use-after-free vulnerabilities in the PrintWebViewHelper ...)
{DSA-3351-1}
- chromium-browser 45.0.2454.85-1 (low)
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1294
- RESERVED
+CVE-2015-1294 (Use-after-free vulnerability in the SkMatrix::invertNonIdentity ...)
{DSA-3351-1}
- chromium-browser 45.0.2454.85-1 (low)
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1293
- RESERVED
+CVE-2015-1293 (The DOM implementation in Blink, as used in Google Chrome before ...)
{DSA-3351-1}
- chromium-browser 45.0.2454.85-1 (low)
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1292
- RESERVED
+CVE-2015-1292 (The NavigatorServiceWorker::serviceWorker function in ...)
{DSA-3351-1}
- chromium-browser 45.0.2454.85-1 (low)
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1291
- RESERVED
+CVE-2015-1291 (The ContainerNode::parserRemoveChild function in ...)
{DSA-3351-1}
- chromium-browser 45.0.2454.85-1 (low)
[wheezy] - chromium-browser <end-of-life>
@@ -16473,8 +16501,8 @@
RESERVED
CVE-2014-9606
RESERVED
-CVE-2014-9605
- RESERVED
+CVE-2014-9605 (WebUpgrade in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x ...)
+ TODO: check
CVE-2014-9604 (libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a ...)
{DSA-3189-1}
- ffmpeg 7:2.5.1-1
More information about the Secure-testing-commits
mailing list