[Secure-testing-commits] r36778 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Mon Sep 21 21:10:18 UTC 2015


Author: sectracker
Date: 2015-09-21 21:10:17 +0000 (Mon, 21 Sep 2015)
New Revision: 36778

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-09-21 19:24:41 UTC (rev 36777)
+++ data/CVE/list	2015-09-21 21:10:17 UTC (rev 36778)
@@ -1,3 +1,121 @@
+CVE-2015-7296 (Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 ...)
+	TODO: check
+CVE-2015-7294
+	RESERVED
+CVE-2015-7293
+	RESERVED
+CVE-2015-7292
+	RESERVED
+CVE-2015-7291
+	RESERVED
+CVE-2015-7290
+	RESERVED
+CVE-2015-7289
+	RESERVED
+CVE-2015-7288
+	RESERVED
+CVE-2015-7287
+	RESERVED
+CVE-2015-7286
+	RESERVED
+CVE-2015-7285
+	RESERVED
+CVE-2015-7284
+	RESERVED
+CVE-2015-7283
+	RESERVED
+CVE-2015-7282
+	RESERVED
+CVE-2015-7281
+	RESERVED
+CVE-2015-7280
+	RESERVED
+CVE-2015-7279
+	RESERVED
+CVE-2015-7278
+	RESERVED
+CVE-2015-7277
+	RESERVED
+CVE-2015-7276
+	RESERVED
+CVE-2015-7275
+	RESERVED
+CVE-2015-7274
+	RESERVED
+CVE-2015-7273
+	RESERVED
+CVE-2015-7272
+	RESERVED
+CVE-2015-7271
+	RESERVED
+CVE-2015-7270
+	RESERVED
+CVE-2015-7269
+	RESERVED
+CVE-2015-7268
+	RESERVED
+CVE-2015-7267
+	RESERVED
+CVE-2015-7266
+	RESERVED
+CVE-2015-7265
+	RESERVED
+CVE-2015-7264
+	RESERVED
+CVE-2015-7263
+	RESERVED
+CVE-2015-7262
+	RESERVED
+CVE-2015-7261
+	RESERVED
+CVE-2015-7260
+	RESERVED
+CVE-2015-7259
+	RESERVED
+CVE-2015-7258
+	RESERVED
+CVE-2015-7257
+	RESERVED
+CVE-2015-7256
+	RESERVED
+CVE-2015-7255
+	RESERVED
+CVE-2015-7254
+	RESERVED
+CVE-2015-7253
+	RESERVED
+CVE-2015-7252
+	RESERVED
+CVE-2015-7251
+	RESERVED
+CVE-2015-7250
+	RESERVED
+CVE-2015-7249
+	RESERVED
+CVE-2015-7248
+	RESERVED
+CVE-2015-7247
+	RESERVED
+CVE-2015-7246
+	RESERVED
+CVE-2015-7245
+	RESERVED
+CVE-2015-7244
+	RESERVED
+CVE-2015-7243 (Buffer overflow in Boxoft WAV to MP3 Converter allows remote attackers ...)
+	TODO: check
+CVE-2015-7242
+	RESERVED
+CVE-2015-7241
+	RESERVED
+CVE-2015-7240
+	RESERVED
+CVE-2015-7239 (SQL injection vulnerability in the BP_FIND_JOBS_WITH_PROGRAM function ...)
+	TODO: check
+CVE-2015-7238 (The Secondary server in Threat Intelligence Exchange (TIE) before ...)
+	TODO: check
+CVE-2015-7237 (Directory traversal vulnerability in the remote log viewing ...)
+	TODO: check
 CVE-2015-7235 (Multiple SQL injection vulnerabilities in dex_reservations.php in the ...)
 	NOT-FOR-US: CP Reservation Calendar plugin for WordPress
 CVE-2015-7234 (The OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF ...)
@@ -21,6 +139,7 @@
 CVE-2015-7224
 	RESERVED
 CVE-2015-7295 [net: virtio-net possible remote DoS]
+	RESERVED
 	- qemu <unfixed> (bug #799452)
 	[jessie] - qemu <no-dsa> (Minor issue; can be fixed along in a later DSA) 
 	[wheezy] - qemu <no-dsa> (Minor issue; can be fixed along in a later DSA)
@@ -618,8 +737,8 @@
 	- bouncycastle <unfixed>
 	[experimental] - bouncycastle 1.51-1
 	NOTE: http://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html
-CVE-2015-6939
-	RESERVED
+CVE-2015-6939 (Cross-site scripting (XSS) vulnerability in the login module in ...)
+	TODO: check
 CVE-2015-6936
 	RESERVED
 CVE-2015-6935
@@ -628,8 +747,8 @@
 	RESERVED
 CVE-2015-6933
 	RESERVED
-CVE-2015-6932
-	RESERVED
+CVE-2015-6932 (VMware vCenter Server 5.5 before u3 and 6.0 before u1 does not verify ...)
+	TODO: check
 CVE-2015-6931
 	RESERVED
 CVE-2014-9745 (The parse_encoding function in type1/t1load.c in FreeType before 2.5.3 ...)
@@ -818,7 +937,7 @@
 	RESERVED
 CVE-2015-6937 [NULL pointer dereference in net/rds/connection.c]
 	RESERVED
-	{DLA-310-1}
+	{DSA-3364-1 DLA-310-1}
 	- linux <unfixed>
 	- linux-2.6 <removed>
 	NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=74e98eb085889b0d2d4908f59f6e00026063014f (v4.3-rc1)
@@ -1351,7 +1470,7 @@
 	[wheezy] - polarssl <not-affected> (Affects only 1.3.x series)
 	[squeeze] - polarssl <not-affected> (Affects only 1.3.x series)
 CVE-2015-6666 [DoS]
-	RESERVED
+	REJECTED
 	- linux <unfixed>
 	[jessie] - linux <not-affected> (Vulnerable code introduced later)
 	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
@@ -1578,10 +1697,10 @@
 	RESERVED
 CVE-2015-6549
 	RESERVED
-CVE-2015-6548
-	RESERVED
-CVE-2015-6547
-	RESERVED
+CVE-2015-6548 (Multiple SQL injection vulnerabilities in a PHP script in the ...)
+	TODO: check
+CVE-2015-6547 (The management console on Symantec Web Gateway (SWG) appliances with ...)
+	TODO: check
 CVE-2015-6546
 	RESERVED
 CVE-2015-6545 (Cross-site request forgery (CSRF) vulnerability in ajax.php in Cerb ...)
@@ -1835,16 +1954,16 @@
 	RESERVED
 CVE-2015-6461
 	RESERVED
-CVE-2015-6460
-	RESERVED
-CVE-2015-6459
-	RESERVED
+CVE-2015-6460 (Multiple heap-based buffer overflows in 3S-Smart CODESYS Gateway ...)
+	TODO: check
+CVE-2015-6459 (Absolute path traversal vulnerability in the download feature in ...)
+	TODO: check
 CVE-2015-6458
 	RESERVED
 CVE-2015-6457
 	RESERVED
-CVE-2015-6456
-	RESERVED
+CVE-2015-6456 (GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before ...)
+	TODO: check
 CVE-2015-6455
 	RESERVED
 CVE-2015-6454
@@ -2153,22 +2272,22 @@
 	RESERVED
 CVE-2015-6302
 	RESERVED
-CVE-2015-6301
-	RESERVED
-CVE-2015-6300
-	RESERVED
-CVE-2015-6299
-	RESERVED
+CVE-2015-6301 (The DHCPv6 server in Cisco IOS on ASR 9000 devices with software 5.2.0 ...)
+	TODO: check
+CVE-2015-6300 (Cisco Secure Access Control Server (ACS) Solution Engine 5.7(0.15) ...)
+	TODO: check
+CVE-2015-6299 (SQL injection vulnerability in the web interface in Cisco Unity ...)
+	TODO: check
 CVE-2015-6298
 	RESERVED
-CVE-2015-6297
-	RESERVED
-CVE-2015-6296
-	RESERVED
-CVE-2015-6295
-	RESERVED
-CVE-2015-6294
-	RESERVED
+CVE-2015-6297 (The DHCPv6 server in Cisco IOS on ASR 9000 devices with software 5.2.0 ...)
+	TODO: check
+CVE-2015-6296 (Cisco Prime Network Registrar (CPNR) 8.1(3.3), 8.2(3), and 8.3(2) has ...)
+	TODO: check
+CVE-2015-6295 (Cisco NX-OS 6.1(2)I3(4) and 7.0(3)I1(1) on Nexus 9000 (N9K) devices ...)
+	TODO: check
+CVE-2015-6294 (Cisco IOS 15.2(3)E and earlier and IOS XE 3.6(2)E and earlier allow ...)
+	TODO: check
 CVE-2015-6293
 	RESERVED
 CVE-2015-6292
@@ -2187,8 +2306,7 @@
 	NOT-FOR-US: Cisco
 CVE-2015-6285 (Format string vulnerability in Cisco Email Security Appliance (ESA) ...)
 	NOT-FOR-US: Cisco Email Security Appliance
-CVE-2015-6284
-	RESERVED
+CVE-2015-6284 (Buffer overflow in the Conference Control Protocol API implementation ...)
 	NOT-FOR-US: Cisco TelePresence Server
 CVE-2015-6283
 	RESERVED
@@ -2263,6 +2381,7 @@
 	TODO: check which ppc64 kernel support perf
 CVE-2015-6252 [linux kernel:fd leak in vhost ioctl VHOST_SET_LOG_FD]
 	RESERVED
+	{DSA-3364-1}
 	- linux <unfixed>
 	- linux-2.6 <removed>
 	NOTE: https://lkml.org/lkml/2015/8/10/375
@@ -2759,12 +2878,12 @@
 	RESERVED
 CVE-2015-5994
 	RESERVED
-CVE-2015-5993
-	RESERVED
-CVE-2015-5992
-	RESERVED
-CVE-2015-5991
-	RESERVED
+CVE-2015-5993 (Buffer overflow in form2ping.cgi on Philippine Long Distance Telephone ...)
+	TODO: check
+CVE-2015-5992 (Cross-site scripting (XSS) vulnerability in form2WlanSetup.cgi on ...)
+	TODO: check
+CVE-2015-5991 (Cross-site request forgery (CSRF) vulnerability in form2WlanSetup.cgi ...)
+	TODO: check
 CVE-2015-5990
 	RESERVED
 CVE-2015-5989
@@ -3668,16 +3787,16 @@
 	TODO: check
 CVE-2015-5696 (Dell Netvault Backup before 10.0.5 allows remote attackers to cause a ...)
 	NOT-FOR-US: Dell Netvault Backup
-CVE-2015-5693
-	RESERVED
-CVE-2015-5692
-	RESERVED
-CVE-2015-5691
-	RESERVED
-CVE-2015-5690
-	RESERVED
-CVE-2015-5689
-	RESERVED
+CVE-2015-5693 (The management console on Symantec Web Gateway (SWG) appliances with ...)
+	TODO: check
+CVE-2015-5692 (admin_messages.php in the management console on Symantec Web Gateway ...)
+	TODO: check
+CVE-2015-5691 (Multiple cross-site scripting (XSS) vulnerabilities in PHP scripts in ...)
+	TODO: check
+CVE-2015-5690 (The management console on Symantec Web Gateway (SWG) appliances with ...)
+	TODO: check
+CVE-2015-5689 (ghostexp.exe in Ghost Explorer Utility in Symantec Ghost Solutions ...)
+	TODO: check
 CVE-2009-5148
 	RESERVED
 CVE-2015-5695 [Quotas were being bypassed]
@@ -3800,20 +3919,20 @@
 	RESERVED
 CVE-2015-5639
 	RESERVED
-CVE-2015-5638
-	RESERVED
-CVE-2015-5637
-	RESERVED
-CVE-2015-5636
-	RESERVED
-CVE-2015-5635
-	RESERVED
-CVE-2015-5634
-	RESERVED
-CVE-2015-5633
-	RESERVED
-CVE-2015-5632
-	RESERVED
+CVE-2015-5638 (Directory traversal vulnerability in H2O before 1.4.5 and 1.5.x before ...)
+	TODO: check
+CVE-2015-5637 (The Newphoria Photon application before 1.2 for Android allows ...)
+	TODO: check
+CVE-2015-5636 (The Newphoria Reversi application before 1.0.3 for Android and before ...)
+	TODO: check
+CVE-2015-5635 (The Newphoria Koritore application before 1.1 for Android and before ...)
+	TODO: check
+CVE-2015-5634 (The Newphoria MEGAPHONE MUSIC application before 1.1 for Android and ...)
+	TODO: check
+CVE-2015-5633 (The Newphoria Auction Camera application for iOS and before 1.2 for ...)
+	TODO: check
+CVE-2015-5632 (The runtime engine in the Newphoria applican framework before 1.12.3 ...)
+	TODO: check
 CVE-2015-5631 (Cross-site request forgery (CSRF) vulnerability in the Remote UI on ...)
 	TODO: check
 CVE-2015-5630 (Cross-site scripting (XSS) vulnerability in the NTT Broadband Platform ...)
@@ -4764,8 +4883,7 @@
 	TODO: check gcc versions affected
 CVE-2015-5275
 	RESERVED
-CVE-2015-5274
-	RESERVED
+CVE-2015-5274 (rubygem-openshift-origin-console in Red Hat OpenShift 2.2 allows ...)
 	NOT-FOR-US: OpenShift
 CVE-2015-5273
 	RESERVED
@@ -5211,7 +5329,7 @@
 	NOTE: Same fix as for CVE-2015-3290.
 CVE-2015-5156 [virt-io max-skb-frags heap overflow]
 	RESERVED
-	{DLA-310-1}
+	{DSA-3364-1 DLA-310-1}
 	- linux 4.1.5-1
 	- linux-2.6 <removed>
 	NOTE: http://marc.info/?l=linux-netdev&m=143868216724068&w=2
@@ -6468,8 +6586,8 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2015/06/18/3
 CVE-2015-4639
 	RESERVED
-CVE-2015-4638
-	RESERVED
+CVE-2015-4638 (The FastL4 virtual server in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ...)
+	TODO: check
 CVE-2015-4637 (The REST API in F5 BIG-IQ Cloud, Device, and Security 4.4.0 and 4.5.0 ...)
 	NOT-FOR-US: BIG-IQ
 CVE-2015-4636
@@ -7243,17 +7361,13 @@
 	RESERVED
 CVE-2015-4308 (The webGUI configuration-export feature in Cisco Edge Bluebird ...)
 	NOT-FOR-US: Cisco
-CVE-2015-4307
-	RESERVED
+CVE-2015-4307 (The web framework in Cisco Prime Collaboration Provisioning before ...)
 	NOT-FOR-US: Cisco Prime Collaboration Provisioning
-CVE-2015-4306
-	RESERVED
+CVE-2015-4306 (The web framework in Cisco Prime Collaboration Assurance before ...)
 	NOT-FOR-US: Cisco Prime Collaboration Assurance
-CVE-2015-4305
-	RESERVED
+CVE-2015-4305 (The web framework in Cisco Prime Collaboration Assurance before ...)
 	NOT-FOR-US: Cisco Prime Collaboration Assurance
-CVE-2015-4304
-	RESERVED
+CVE-2015-4304 (The web framework in Cisco Prime Collaboration Assurance before ...)
 	NOT-FOR-US: Cisco Prime Collaboration Assurance
 CVE-2015-4303 (Cisco TelePresence Video Communication Server (VCS) X8.5.2 allows ...)
 	NOT-FOR-US: Cisco
@@ -8308,8 +8422,8 @@
 	TODO: check
 CVE-2015-3963 (Wind River VxWorks before 5.5.1, 6.5.x through 6.7.x before 6.7.1.1, ...)
 	NOT-FOR-US: Wind River VxWorks as used on Schneider Electric devices
-CVE-2015-3962
-	RESERVED
+CVE-2015-3962 (Schneider Electric StruxureWare Building Expert MPM before 2.15 does ...)
+	TODO: check
 CVE-2015-3961 (The web-server component in MNS before 4.5.6 on Belden GarrettCom ...)
 	NOT-FOR-US: Belden GarrettCom switches
 CVE-2015-3960 (The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and ...)
@@ -11366,14 +11480,14 @@
 	RESERVED
 CVE-2015-2918
 	RESERVED
-CVE-2015-2917
-	RESERVED
-CVE-2015-2916
-	RESERVED
-CVE-2015-2915
-	RESERVED
-CVE-2015-2914
-	RESERVED
+CVE-2015-2917 (Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 ...)
+	TODO: check
+CVE-2015-2916 (Cross-site request forgery (CSRF) vulnerability on Securifi Almond ...)
+	TODO: check
+CVE-2015-2915 (Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 ...)
+	TODO: check
+CVE-2015-2914 (Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 ...)
+	TODO: check
 CVE-2015-2913
 	RESERVED
 CVE-2015-2912
@@ -11477,8 +11591,8 @@
 	NOT-FOR-US: Grandstream camera
 CVE-2015-2865
 	REJECTED
-CVE-2015-2864
-	RESERVED
+CVE-2015-2864 (Retrospect and Retrospect Client before 10.0.2.119 on Windows, before ...)
+	TODO: check
 CVE-2015-2863 (Open redirect vulnerability in Kaseya Virtual System Administrator ...)
 	NOT-FOR-US: Kaseya VSA
 CVE-2015-2862 (Directory traversal vulnerability in Kaseya Virtual System ...)
@@ -12482,7 +12596,7 @@
 CVE-2015-2595 (Unspecified vulnerability in the Oracle OLAP component in Oracle ...)
 	NOT-FOR-US: Oracle Database Server
 CVE-2015-2594 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
-	{DSA-3359-1}
+	{DSA-3359-1 DLA-313-1}
 	- virtualbox 4.3.30-dfsg-1 (bug #792446)
 	- virtualbox-ose <removed>
 	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixOVIR
@@ -20772,12 +20886,12 @@
 	RESERVED
 CVE-2014-9230 (Cross-site scripting (XSS) vulnerability in the administration console ...)
 	NOT-FOR-US: Enforce Server in Symantec Data Loss Prevention
-CVE-2014-9229
-	RESERVED
-CVE-2014-9228
-	RESERVED
-CVE-2014-9227
-	RESERVED
+CVE-2014-9229 (Multiple SQL injection vulnerabilities in interface PHP scripts in the ...)
+	TODO: check
+CVE-2014-9228 (sysplant.sys in the Manager component in Symantec Endpoint Protection ...)
+	TODO: check
+CVE-2014-9227 (Multiple untrusted search path vulnerabilities in the Manager ...)
+	TODO: check
 CVE-2014-9226 (The management server in Symantec Critical System Protection (SCSP) ...)
 	NOT-FOR-US: Symantec Data Center Security
 CVE-2014-9225 (The ajaxswing webui in the management server in Symantec Critical ...)
@@ -21758,7 +21872,7 @@
 	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=71335e6ebabc1b12c057d8017fd811892ecdfd24
 CVE-2015-0272 [linux: remote DoS using IPv6 RA with bogus MTU]
 	RESERVED
-	{DLA-310-1}
+	{DSA-3364-1 DLA-310-1}
 	- linux 4.0.2-1
 	- linux-2.6 <removed>
 	NOTE: Patch for the kernel to harden against invalid MTUs: http://article.gmane.org/gmane.linux.network/351269
@@ -39112,11 +39226,13 @@
 	- openjdk-7 7u65-2.5.1-1
 	NOTE: http://hg.openjdk.java.net/jdk7u/jdk7u/hotspot/rev/02f12a9d5aec
 CVE-2014-2489 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
+	{DLA-313-1}
 	- virtualbox 4.3.12-dfsg-1 (bug #754939)
 	[wheezy] - virtualbox <no-dsa> (Specific details withheld, but CVSS score indicates low impact)
 	- virtualbox-ose <removed>
 	[squeeze] - virtualbox-ose <no-dsa> (Specific details withheld, but CVSS score indicates low impact)
 CVE-2014-2488 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
+	{DLA-313-1}
 	- virtualbox 4.3.12-dfsg-1 (bug #754939)
 	[wheezy] - virtualbox <no-dsa> (Specific details withheld, but CVSS score indicates low impact)
 	- virtualbox-ose <removed>
@@ -39125,6 +39241,7 @@
 	- virtualbox <not-affected> (Only applies if VBox is running on Windows)
 	- virtualbox-ose <not-affected> (Only applies if VBox is running on Windows)
 CVE-2014-2486 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
+	{DLA-313-1}
 	- virtualbox 4.3.12-dfsg-1 (bug #754939)
 	[wheezy] - virtualbox <no-dsa> (Specific details withheld, but CVSS score indicates low impact)
 	- virtualbox-ose <removed>
@@ -55027,6 +55144,7 @@
 	- mariadb-5.5 <not-affected> (Fixed before initial upload)
 	NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
 CVE-2013-3792 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
+	{DLA-313-1}
 	- virtualbox-ose <removed>
 	[squeeze] - virtualbox-ose <no-dsa> (Minor issue)
 	- virtualbox 4.2.16-dfsg-1 (bug #715327)




More information about the Secure-testing-commits mailing list