[Secure-testing-commits] r36880 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Mon Sep 28 21:10:11 UTC 2015


Author: sectracker
Date: 2015-09-28 21:10:11 +0000 (Mon, 28 Sep 2015)
New Revision: 36880

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-09-28 18:11:40 UTC (rev 36879)
+++ data/CVE/list	2015-09-28 21:10:11 UTC (rev 36880)
@@ -1,3 +1,51 @@
+CVE-2015-7383 (Multiple cross-site scripting (XSS) vulnerabilities in Web Reference ...)
+	TODO: check
+CVE-2015-7382 (SQL injection vulnerability in install.php in Web Reference Database ...)
+	TODO: check
+CVE-2015-7381 (Multiple PHP remote file inclusion vulnerabilities in install.php in ...)
+	TODO: check
+CVE-2015-7380
+	RESERVED
+CVE-2015-7379
+	RESERVED
+CVE-2015-7378
+	RESERVED
+CVE-2015-7377
+	RESERVED
+CVE-2015-7376
+	RESERVED
+CVE-2015-7375 (Schneider Electric InduSoft Web Studio before 8.0 allows remote ...)
+	TODO: check
+CVE-2015-7374 (The Remote Agent component in Schneider Electric InduSoft Web Studio ...)
+	TODO: check
+CVE-2015-7373
+	RESERVED
+CVE-2015-7372
+	RESERVED
+CVE-2015-7371
+	RESERVED
+CVE-2015-7370
+	RESERVED
+CVE-2015-7369
+	RESERVED
+CVE-2015-7368
+	RESERVED
+CVE-2015-7367
+	RESERVED
+CVE-2015-7366
+	RESERVED
+CVE-2015-7365
+	RESERVED
+CVE-2015-7364
+	RESERVED
+CVE-2015-7363
+	RESERVED
+CVE-2015-7362
+	RESERVED
+CVE-2015-7361
+	RESERVED
+CVE-2015-7360
+	RESERVED
 CVE-2015-XXXX [DoS]
 	- libemail-address-perl 1.908-1
 	NOTE: as of 1.908 as mitigation default value for nestable
@@ -1128,6 +1176,7 @@
 	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=df14e6c0b9592cbb24d5381dfc6106b14f915e75 (VER-2-5-3)
 	NOTE: http://www.openwall.com/lists/oss-security/2015/09/11/4
 CVE-2014-9746 [use of uninitialized data]
+	RESERVED
 	- freetype 2.6-1 (bug #798619)
 	NOTE: https://launchpad.net/bugs/1449225
 	NOTE: http://www.ubuntu.com/usn/usn-2739-1/
@@ -1135,6 +1184,7 @@
 	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1 (VER-2-5-3)
 	NOTE: http://www.openwall.com/lists/oss-security/2015/09/11/4
 CVE-2014-9747 [t42parse.c vulnerability]
+	RESERVED
 	- freetype 2.6-1 (bug #798619)
 	NOTE: https://launchpad.net/bugs/1449225
 	NOTE: http://www.ubuntu.com/usn/usn-2739-1/
@@ -2124,8 +2174,8 @@
 	NOT-FOR-US: Moxa switches
 CVE-2015-6464 (The administrative web interface on Moxa EDS-405A and EDS-408A ...)
 	NOT-FOR-US: Moxa switches
-CVE-2015-6463
-	RESERVED
+CVE-2015-6463 (CodeWrights HART Comm DTM components, as used with Endress+Hauser ...)
+	TODO: check
 CVE-2015-6462
 	RESERVED
 CVE-2015-6461
@@ -2436,8 +2486,8 @@
 	RESERVED
 CVE-2015-6308
 	RESERVED
-CVE-2015-6307
-	RESERVED
+CVE-2015-6307 (Cisco FirePOWER (formerly Sourcefire) 7000 and 8000 devices with ...)
+	TODO: check
 CVE-2015-6306 (Cisco AnyConnect Secure Mobility Client 4.1(8) on OS X and Linux does ...)
 	NOT-FOR-US: Cisco
 CVE-2015-6305 (Untrusted search path vulnerability in the ...)
@@ -2490,14 +2540,11 @@
 	NOT-FOR-US: Cisco IOS
 CVE-2015-6281
 	RESERVED
-CVE-2015-6280
-	RESERVED
+CVE-2015-6280 (The SSHv2 functionality in Cisco IOS 15.2, 15.3, 15.4, and 15.5 and ...)
 	NOT-FOR-US: Cisco IOS
-CVE-2015-6279
-	RESERVED
+CVE-2015-6279 (The IPv6 snooping functionality in the first-hop security subsystem in ...)
 	NOT-FOR-US: Cisco IOS
-CVE-2015-6278
-	RESERVED
+CVE-2015-6278 (The IPv6 snooping functionality in the first-hop security subsystem in ...)
 	NOT-FOR-US: Cisco IOS
 CVE-2015-6277 (The ARP implementation in Cisco NX-OS on Nexus 1000V devices for ...)
 	NOT-FOR-US: Cisco
@@ -3022,18 +3069,18 @@
 	RESERVED
 CVE-2015-6013
 	RESERVED
-CVE-2015-6012
-	RESERVED
-CVE-2015-6011
-	RESERVED
-CVE-2015-6010
-	RESERVED
-CVE-2015-6009
-	RESERVED
-CVE-2015-6008
-	RESERVED
-CVE-2015-6007
-	RESERVED
+CVE-2015-6012 (Multiple open redirect vulnerabilities in Web Reference Database (aka ...)
+	TODO: check
+CVE-2015-6011 (Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge ...)
+	TODO: check
+CVE-2015-6010 (Multiple cross-site scripting (XSS) vulnerabilities in Web Reference ...)
+	TODO: check
+CVE-2015-6009 (Multiple SQL injection vulnerabilities in Web Reference Database (aka ...)
+	TODO: check
+CVE-2015-6008 (install.php in Web Reference Database (aka refbase) through 0.9.6 ...)
+	TODO: check
+CVE-2015-6007 (Cross-site request forgery (CSRF) vulnerability in Web Reference ...)
+	TODO: check
 CVE-2015-6006
 	RESERVED
 CVE-2015-6005
@@ -8656,8 +8703,8 @@
 	RESERVED
 CVE-2015-3975
 	RESERVED
-CVE-2015-3974
-	RESERVED
+CVE-2015-3974 (EasyIO EasyIO-30P-SF controllers with firmware before 0.5.21 and 2.x ...)
+	TODO: check
 CVE-2015-3973
 	RESERVED
 CVE-2015-3972
@@ -21214,8 +21261,8 @@
 	NOT-FOR-US: OPCTest.exe in Rockwell Automation RSLinx Classic
 CVE-2014-9203 (Buffer overflow in the Field Device Tool (FDT) Frame application in ...)
 	NOT-FOR-US: HART Device Type Manager (DTM) library
-CVE-2014-9202
-	RESERVED
+CVE-2014-9202 (Multiple stack-based buffer overflows in an unspecified DLL file in ...)
+	TODO: check
 CVE-2014-9201 (Beckwith Electric M-6200 Digital Voltage Regulator Control with ...)
 	NOT-FOR-US: Beckwith Electric digital voltage regulators
 CVE-2014-9200 (Stack-based buffer overflow in an unspecified DLL file in a DTM ...)




More information about the Secure-testing-commits mailing list