[Secure-testing-commits] r36673 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Mon Sep 14 21:10:11 UTC 2015
Author: sectracker
Date: 2015-09-14 21:10:11 +0000 (Mon, 14 Sep 2015)
New Revision: 36673
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-09-14 20:38:50 UTC (rev 36672)
+++ data/CVE/list 2015-09-14 21:10:11 UTC (rev 36673)
@@ -1,3 +1,179 @@
+CVE-2015-6930
+ RESERVED
+CVE-2015-6929
+ RESERVED
+CVE-2015-6928
+ RESERVED
+CVE-2015-6926
+ RESERVED
+CVE-2015-6925
+ RESERVED
+CVE-2015-6924
+ RESERVED
+CVE-2015-6923
+ RESERVED
+CVE-2015-6922
+ RESERVED
+CVE-2015-6921 (Cross-site scripting (XSS) vulnerability in the Zendesk Feedback Tab ...)
+ TODO: check
+CVE-2015-6920 (Cross-site scripting (XSS) vulnerability in js/window.php in the ...)
+ TODO: check
+CVE-2015-6919 (Cross-site scripting (XSS) vulnerability in the googleSearch (CSE) ...)
+ TODO: check
+CVE-2015-6918
+ RESERVED
+CVE-2015-6917
+ RESERVED
+CVE-2015-6916
+ RESERVED
+CVE-2015-6915 (SQL injection vulnerability in Montala Limited ResourceSpace 7.3.7009 ...)
+ TODO: check
+CVE-2015-6914 (Absolute path traversal vulnerability in SiteFactory CMS 5.5.9 allows ...)
+ TODO: check
+CVE-2015-6913 (Cross-site scripting (XSS) vulnerability in the "Create download task ...)
+ TODO: check
+CVE-2015-6912 (Synology Video Station before 1.5-0763 allows remote attackers to ...)
+ TODO: check
+CVE-2015-6911 (SQL injection vulnerability in Synology Video Station before 1.5-0763 ...)
+ TODO: check
+CVE-2015-6910 (SQL injection vulnerability in Synology Video Station before 1.5-0757 ...)
+ TODO: check
+CVE-2015-6909 (Cross-site scripting (XSS) vulnerability in the "Create download task ...)
+ TODO: check
+CVE-2015-6907
+ RESERVED
+CVE-2015-6906
+ RESERVED
+CVE-2015-6905
+ RESERVED
+CVE-2015-6904
+ RESERVED
+CVE-2015-6903
+ RESERVED
+CVE-2015-6902
+ RESERVED
+CVE-2015-6901
+ RESERVED
+CVE-2015-6900
+ RESERVED
+CVE-2015-6899
+ RESERVED
+CVE-2015-6898
+ RESERVED
+CVE-2015-6897
+ RESERVED
+CVE-2015-6896
+ RESERVED
+CVE-2015-6895
+ RESERVED
+CVE-2015-6894
+ RESERVED
+CVE-2015-6893
+ RESERVED
+CVE-2015-6892
+ RESERVED
+CVE-2015-6891
+ RESERVED
+CVE-2015-6890
+ RESERVED
+CVE-2015-6889
+ RESERVED
+CVE-2015-6888
+ RESERVED
+CVE-2015-6887
+ RESERVED
+CVE-2015-6886
+ RESERVED
+CVE-2015-6885
+ RESERVED
+CVE-2015-6884
+ RESERVED
+CVE-2015-6883
+ RESERVED
+CVE-2015-6882
+ RESERVED
+CVE-2015-6881
+ RESERVED
+CVE-2015-6880
+ RESERVED
+CVE-2015-6879
+ RESERVED
+CVE-2015-6878
+ RESERVED
+CVE-2015-6877
+ RESERVED
+CVE-2015-6876
+ RESERVED
+CVE-2015-6875
+ RESERVED
+CVE-2015-6874
+ RESERVED
+CVE-2015-6873
+ RESERVED
+CVE-2015-6872
+ RESERVED
+CVE-2015-6871
+ RESERVED
+CVE-2015-6870
+ RESERVED
+CVE-2015-6869
+ RESERVED
+CVE-2015-6868
+ RESERVED
+CVE-2015-6867
+ RESERVED
+CVE-2015-6866
+ RESERVED
+CVE-2015-6865
+ RESERVED
+CVE-2015-6864
+ RESERVED
+CVE-2015-6863
+ RESERVED
+CVE-2015-6862
+ RESERVED
+CVE-2015-6861
+ RESERVED
+CVE-2015-6860
+ RESERVED
+CVE-2015-6859
+ RESERVED
+CVE-2015-6858
+ RESERVED
+CVE-2015-6857
+ RESERVED
+CVE-2015-6856
+ RESERVED
+CVE-2015-6854
+ RESERVED
+CVE-2015-6853
+ RESERVED
+CVE-2015-6852
+ RESERVED
+CVE-2015-6851
+ RESERVED
+CVE-2015-6850
+ RESERVED
+CVE-2015-6849
+ RESERVED
+CVE-2015-6848
+ RESERVED
+CVE-2015-6847
+ RESERVED
+CVE-2015-6846
+ RESERVED
+CVE-2015-6845
+ RESERVED
+CVE-2015-6844
+ RESERVED
+CVE-2015-6843
+ RESERVED
+CVE-2015-6842
+ RESERVED
+CVE-2015-6841
+ RESERVED
+CVE-2015-6840
+ RESERVED
CVE-2015-6937 [NULL pointer dereference in net/rds/connection.c]
- linux <unfixed>
- linux-2.6 <removed>
@@ -2,4 +178,4 @@
NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=74e98eb085889b0d2d4908f59f6e00026063014f (v4.3-rc1)
-CVE-2015-6908 [OpenLDAP ber_get_next Denial of Service]
- {DSA-3356-1}
+CVE-2015-6908 (The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 ...)
+ {DSA-3356-1 DLA-309-1}
- openldap 2.4.42+dfsg-2 (bug #798622)
@@ -30,12 +206,14 @@
NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1 (VER-2-5-3)
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/09/11/4
CVE-2015-6855 [commands which are illegal to sent to an ATAPI device should be rejected]
+ RESERVED
- qemu 1:2.4+dfsg-2
- qemu-kvm <removed>
[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
NOTE: http://www.openwall.com/lists/oss-security/2015/09/10/1
CVE-2015-6927 [vzctl issues]
+ RESERVED
{DSA-3357-1}
- vzctl 4.9.4-1
[wheezy] - vzctl <not-affected> (Vulnerability not present)
@@ -50,8 +228,8 @@
RESERVED
CVE-2015-6828
RESERVED
-CVE-2015-6827
- RESERVED
+CVE-2015-6827 (Cross-site request forgery (CSRF) vulnerability in Auto-Exchanger ...)
+ TODO: check
CVE-2015-6826 (The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c in ...)
- ffmpeg 7:2.7.2-1
- libav <removed>
@@ -97,8 +275,7 @@
TODO: check
CVE-2015-6805 (Cross-site scripting (XSS) vulnerability in the MDC Private Message ...)
TODO: check
-CVE-2015-6830 [phpMyAdmin PMASA-2015-4 bypassing the reCaptcha test]
- RESERVED
+CVE-2015-6830 (libraries/plugins/auth/AuthenticationCookie.class.php in phpMyAdmin ...)
- phpmyadmin 4:4.4.14.1-1 (low)
[jessie] - phpmyadmin <no-dsa> (Minor issue)
[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
@@ -477,8 +654,8 @@
RESERVED
CVE-2015-6676
RESERVED
-CVE-2015-6675
- RESERVED
+CVE-2015-6675 (Siemens RUGGEDCOM ROS 3.8.0 through 4.1.x permanently enables the IP ...)
+ TODO: check
CVE-2015-6672
RESERVED
CVE-2015-6671
@@ -665,8 +842,8 @@
RESERVED
CVE-2015-6585
RESERVED
-CVE-2015-6584
- RESERVED
+CVE-2015-6584 (Cross-site scripting (XSS) vulnerability in the DataTables plugin ...)
+ TODO: check
CVE-2015-6583 (Google Chrome before 45.0.2454.85 does not display a location bar for ...)
TODO: check
CVE-2015-6582 (The decompose function in platform/transforms/TransformationMatrix.cpp ...)
@@ -971,12 +1148,12 @@
RESERVED
CVE-2015-6467
RESERVED
-CVE-2015-6466
- RESERVED
-CVE-2015-6465
- RESERVED
-CVE-2015-6464
- RESERVED
+CVE-2015-6466 (Cross-site scripting (XSS) vulnerability in the Diagnosis Ping feature ...)
+ TODO: check
+CVE-2015-6465 (The GoAhead web server on Moxa EDS-405A and EDS-408A switches with ...)
+ TODO: check
+CVE-2015-6464 (The administrative web interface on Moxa EDS-405A and EDS-408A ...)
+ TODO: check
CVE-2015-6463
RESERVED
CVE-2015-6462
@@ -1323,18 +1500,18 @@
RESERVED
CVE-2015-6291
RESERVED
-CVE-2015-6290
- RESERVED
+CVE-2015-6290 (Cisco Web Security Appliance (WSA) 8.0.7 allows remote HTTP servers to ...)
+ TODO: check
CVE-2015-6289
RESERVED
-CVE-2015-6288
- RESERVED
-CVE-2015-6287
- RESERVED
-CVE-2015-6286
- RESERVED
-CVE-2015-6285
- RESERVED
+CVE-2015-6288 (Cisco Content Security Management Appliance (SMA) 7.8.0-000 does not ...)
+ TODO: check
+CVE-2015-6287 (Cisco Web Security Appliance (WSA) 8.0.6-078 and 8.0.6-115 allows ...)
+ TODO: check
+CVE-2015-6286 (Cisco Application Visibility and Control (AVC) 15.3(3)JA, when ...)
+ TODO: check
+CVE-2015-6285 (Format string vulnerability in Cisco Email Security Appliance (ESA) ...)
+ TODO: check
CVE-2015-6284
RESERVED
CVE-2015-6283
@@ -1896,10 +2073,10 @@
RESERVED
CVE-2015-5999
RESERVED
-CVE-2015-5998
- RESERVED
-CVE-2015-5997
- RESERVED
+CVE-2015-5998 (Impero Education Pro before 5105 relies on the ...)
+ TODO: check
+CVE-2015-5997 (Impero Education Pro before 5105 uses a hardcoded CBC key and ...)
+ TODO: check
CVE-2015-5996
RESERVED
CVE-2015-5995
@@ -2985,12 +3162,12 @@
RESERVED
CVE-2015-5632
RESERVED
-CVE-2015-5631
- RESERVED
-CVE-2015-5630
- RESERVED
-CVE-2015-5629
- RESERVED
+CVE-2015-5631 (Cross-site request forgery (CSRF) vulnerability in the Remote UI on ...)
+ TODO: check
+CVE-2015-5630 (Cross-site scripting (XSS) vulnerability in the NTT Broadband Platform ...)
+ TODO: check
+CVE-2015-5629 (The NTT Broadband Platform Japan Connected-free Wi-Fi application ...)
+ TODO: check
CVE-2015-5628
RESERVED
CVE-2015-5627
@@ -3929,7 +4106,7 @@
CVE-2015-5271
RESERVED
CVE-2015-5270
- RESERVED
+ REJECTED
CVE-2015-5269
RESERVED
CVE-2015-5268
@@ -3978,7 +4155,7 @@
CVE-2015-5250 (The API server in OpenShift Origin 1.0.5 allows remote attackers to ...)
NOT-FOR-US: OpenShift
CVE-2015-5249
- RESERVED
+ REJECTED
CVE-2015-5248
RESERVED
CVE-2015-5247
@@ -4058,7 +4235,7 @@
CVE-2015-5227
RESERVED
CVE-2015-5226
- RESERVED
+ REJECTED
NOT-FOR-US: OpenShift3
CVE-2015-5225 [vnc: heap memory corruption issue]
RESERVED
@@ -5853,8 +6030,7 @@
RESERVED
CVE-2015-4500
RESERVED
-CVE-2015-4499
- RESERVED
+CVE-2015-4499 (Util.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.15, 4.3.x and 4.4.x ...)
- bugzilla4 <itp> (bug #669643)
- bugzilla <removed>
[squeeze] - bugzilla <end-of-life> (Not supported in Squeeze LTS)
@@ -7419,8 +7595,8 @@
TODO: check
CVE-2015-3965
RESERVED
-CVE-2015-3964
- RESERVED
+CVE-2015-3964 (SMA Solar Sunny WebBox has hardcoded passwords, which makes it easier ...)
+ TODO: check
CVE-2015-3963 (Wind River VxWorks before 5.5.1, 6.5.x through 6.7.x before 6.7.1.1, ...)
NOT-FOR-US: Wind River VxWorks as used on Schneider Electric devices
CVE-2015-3962
@@ -13344,8 +13520,8 @@
NOT-FOR-US: IBM Domino
CVE-2015-2014 (Open redirect vulnerability in the web server in IBM Domino 8.5 before ...)
NOT-FOR-US: IBM Domino
-CVE-2015-2013
- RESERVED
+CVE-2015-2013 (IBM WebSphere MQ 7.0.1 before 7.0.1.13 allows remote attackers to ...)
+ TODO: check
CVE-2015-2012
RESERVED
CVE-2015-2011
@@ -19927,8 +20103,8 @@
RESERVED
CVE-2014-9209 (Untrusted search path vulnerability in the Clean Utility application ...)
NOT-FOR-US: Rockwell Automation FactoryTalk Services Platform
-CVE-2014-9208
- RESERVED
+CVE-2014-9208 (Multiple stack-based buffer overflows in unspecified DLL files in ...)
+ TODO: check
CVE-2014-9207 (Untrusted search path vulnerability in CmnView.exe in CIMON CmnView ...)
NOT-FOR-US: CIMON CmnView
CVE-2014-9206 (Stack-based buffer overflow in Device Type Manager (DTM) 3.1.6 and ...)
@@ -26120,8 +26296,8 @@
NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-11.php
[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
-CVE-2014-7216
- RESERVED
+CVE-2014-7216 (Multiple stack-based buffer overflows in Yahoo! Messenger 11.5.0.228 ...)
+ TODO: check
CVE-2014-7215
RESERVED
CVE-2014-7214
More information about the Secure-testing-commits
mailing list