Author: sectracker
Date: 2015-06-19 21:10:14 +0000 (Fri, 19 Jun 2015)
New Revision: 35045
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-06-19 20:06:58 UTC (rev 35044)
+++ data/CVE/list 2015-06-19 21:10:14 UTC (rev 35045)
@@ -1,3 +1,65 @@
+CVE-2015-4674
+ RESERVED
+CVE-2015-4673
+ RESERVED
+CVE-2015-4672
+ RESERVED
+CVE-2015-4671
+ RESERVED
+CVE-2015-4670
+ RESERVED
+CVE-2015-4669
+ RESERVED
+CVE-2015-4668
+ RESERVED
+CVE-2015-4667
+ RESERVED
+CVE-2015-4666
+ RESERVED
+CVE-2015-4665
+ RESERVED
+CVE-2015-4664
+ RESERVED
+CVE-2015-4663
+ RESERVED
+CVE-2015-4662
+ RESERVED
+CVE-2015-4661 (Cross-site scripting (XSS) vulnerability in Symphony CMS 2.6.2
allows ...)
+ TODO: check
+CVE-2015-4660 (Cross-site scripting (XSS) vulnerability in Enhanced SQL Portal
...)
+ TODO: check
+CVE-2015-4659 (Cross-site request forgery (CSRF) vulnerability in ClickHeat
1.14 and ...)
+ TODO: check
+CVE-2015-4658 (Multiple SQL injection vulnerabilities in admin/login.php in
Milw0rm ...)
+ TODO: check
+CVE-2015-4657 (Cross-site scripting (XSS) vulnerability in Mailbird 2.0.16.0
and ...)
+ TODO: check
+CVE-2015-4656 (Multiple cross-site scripting (XSS) vulnerabilities in Synology
Photo ...)
+ TODO: check
+CVE-2015-4655 (Cross-site scripting (XSS) vulnerability in Synology
DiskStation ...)
+ TODO: check
+CVE-2015-4654 (SQL injection vulnerability in the EQ Event Calendar component
for ...)
+ TODO: check
+CVE-2015-4653
+ RESERVED
+CVE-2015-4652
+ RESERVED
+CVE-2015-4651
+ RESERVED
+CVE-2015-4650
+ RESERVED
+CVE-2015-4649
+ RESERVED
+CVE-2015-4648
+ RESERVED
+CVE-2015-4647
+ RESERVED
+CVE-2015-4641
+ RESERVED
+CVE-2015-4640
+ RESERVED
+CVE-2012-6692 (Cross-site scripting (XSS) vulnerability in
js/wp-seo-metabox.js in ...)
+ TODO: check
CVE-2015-XXXX [GSM DTAP dissector could crash]
- wireshark 1.12.6+gee1fce6-1
[wheezy] - wireshark <not-affected> (Vulnerable code not present)
@@ -19,23 +81,28 @@
NOTE: https://bugzilla.redhat.com/1233267
NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2015/06/18/11
CVE-2015-4646
+ RESERVED
- squashfs-tools <unfixed>
TODO: check
CVE-2015-4645
+ RESERVED
- squashfs-tools <unfixed>
TODO: check
CVE-2015-4642 [OS command injection vulnerability in escapeshellarg]
+ RESERVED
- php5 <not-affected> (Windows specific)
NOTE: https://bugs.php.net/bug.php?id=69646
NOTE:
http://git.php.net/?p=php-src.git;a=commitdiff;h=d2ac264ffea5ca2e85640b6736e0c7cd4ee9a4a9
NOTE: http://www.openwall.com/lists/oss-security/2015/06/18/3
CVE-2015-4643 [Improved fix for bug #69545 (Integer overflow in ftp_genlist()
resulting in heap overflow)]
+ RESERVED
- php5 <unfixed>
NOTE: Fixed in 5.6.10 / 5.5.26 / 5.4.42
NOTE: https://bugs.php.net/bug.php?id=69545#1431550655
NOTE:
http://git.php.net/?p=php-src.git;a=commitdiff;h=0765623d6991b62ffcd93ddb6be8a5203a2fa7e2
NOTE: http://www.openwall.com/lists/oss-security/2015/06/18/3
CVE-2015-4644 [Fixed bug #69667 (segfault in php_pgsql_meta_data)]
+ RESERVED
- php5 <unfixed>
NOTE: Fixed in 5.6.10 / 5.5.26 / 5.4.42
NOTE: https://bugs.php.net/bug.php?id=69667
@@ -63,8 +130,8 @@
RESERVED
CVE-2015-4629
RESERVED
-CVE-2015-4628
- RESERVED
+CVE-2015-4628 (SQL injection vulnerability in ...)
+ TODO: check
CVE-2015-4627
RESERVED
CVE-2015-4626
@@ -125,8 +192,8 @@
RESERVED
CVE-2015-4589
RESERVED
-CVE-2015-4587
- RESERVED
+CVE-2015-4587 (Cross-site scripting (XSS) vulnerability in the Alcatel-Lucent
...)
+ TODO: check
CVE-2015-4586
RESERVED
CVE-2015-4585
@@ -437,8 +504,8 @@
CVE-2015-4455
RESERVED
NOT-FOR-US: WordPress plugin
aviary-image-editor-add-on-for-gravity-forms
-CVE-2015-4454
- RESERVED
+CVE-2015-4454 (SQL injection vulnerability in the get_hash_graph_template
function in ...)
+ TODO: check
CVE-2015-4453
RESERVED
CVE-2015-4452
@@ -505,8 +572,8 @@
RESERVED
CVE-2015-4421
RESERVED
-CVE-2015-4420
- RESERVED
+CVE-2015-4420 (Multiple cross-site scripting (XSS) vulnerabilities in Opsview
4.6.2 ...)
+ TODO: check
CVE-2015-4419
RESERVED
CVE-2015-4418 (Zoho NetFlow Analyzer build 10250 and earlier does not have an
off ...)
@@ -517,8 +584,7 @@
RESERVED
CVE-2015-4415 (Multiple directory traversal vulnerabilities in func.php in
Magnifica ...)
NOT-FOR-US: Magnifica Webscripts Anima Gallery
-CVE-2015-4414
- RESERVED
+CVE-2015-4414 (Directory traversal vulnerability in download_audio.php in the
SE ...)
NOT-FOR-US: WordPress plugin se-html5-album-audio-player
CVE-2015-4413
RESERVED
@@ -656,8 +722,7 @@
TODO: check
CVE-2015-4343
RESERVED
-CVE-2015-4342 [SQL Injection and Location header injection from cdef id]
- RESERVED
+CVE-2015-4342 (SQL injection vulnerability in Cacti before 0.8.8d allows
remote ...)
- cacti <unfixed>
NOTE: Original report: http://seclists.org/fulldisclosure/2015/Jun/19
NOTE: Upstream bug: http://bugs.cacti.net/view.php?id=2571 (not yet
accessible)
@@ -947,16 +1012,16 @@
RESERVED
CVE-2015-4196
RESERVED
-CVE-2015-4195
- RESERVED
-CVE-2015-4194
- RESERVED
+CVE-2015-4195 (Cisco IOS XR 5.1.1.K9SEC allows remote authenticated users to
cause a ...)
+ TODO: check
+CVE-2015-4194 (The web-based administrative interface in Cisco WebEx Meeting
Center ...)
+ TODO: check
CVE-2015-4193
RESERVED
CVE-2015-4192
RESERVED
-CVE-2015-4191
- RESERVED
+CVE-2015-4191 (Cisco IOS XR 5.2.1 allows remote attackers to cause a denial of
...)
+ TODO: check
CVE-2015-4190 (Cisco Cloud Portal in Cisco Prime Service Catalog 9.4.1_vortex
on ...)
TODO: check
CVE-2015-4189
@@ -1023,14 +1088,11 @@
NOTE: http://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html
NOTE:
https://sources.debian.net/src/ruby-bson/1.10.0-1/lib/bson/types/object_id.rb/#L54
NOTE: http://www.openwall.com/lists/oss-security/2015/06/06/1
-CVE-2015-4338
- RESERVED
+CVE-2015-4338 (Static code injection vulnerability in the XCloner plugin 3.1.2
for ...)
NOT-FOR-US: WordPress plugin xclonerbackupandrestore
-CVE-2015-4337
- RESERVED
+CVE-2015-4337 (Cross-site scripting (XSS) vulnerability in the XCloner plugin
3.1.2 ...)
NOT-FOR-US: WordPress plugin xclonerbackupandrestore
-CVE-2015-4336
- RESERVED
+CVE-2015-4336 (cloner.functions.php in the XCloner plugin 3.1.2 for WordPress
allows ...)
NOT-FOR-US: WordPress plugin xclonerbackupandrestore
CVE-2015-4335 (Redis before 2.8.1 and 3.x before 3.0.2 allows remote attackers
to ...)
{DSA-3279-1}
@@ -1196,11 +1258,9 @@
NOTE: https://bugs.exim.org/show_bug.cgi?id=1515
NOTE: Fixed by: http://vcs.pcre.org/pcre?view=revision&revision=1498
NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2015/05/31/4
-CVE-2015-4140
- RESERVED
+CVE-2015-4140 (Cross-site request forgery (CSRF) vulnerability in the WP
Smiley ...)
NOT-FOR-US: WordPress plugin wp-smiley
-CVE-2015-4139
- RESERVED
+CVE-2015-4139 (Cross-site scripting (XSS) vulnerability in smilies4wp.php in
the WP ...)
NOT-FOR-US: WordPress plugin wp-smiley
CVE-2015-4135 (Cross-site scripting (XSS) vulnerability in goto.php in phpwind
8.7 ...)
NOT-FOR-US: PHPWind
@@ -1888,8 +1948,8 @@
RESERVED
CVE-2015-3898
RESERVED
-CVE-2015-3897
- RESERVED
+CVE-2015-3897 (Directory traversal vulnerability in Bonita BPM Portal before
6.5.3 ...)
+ TODO: check
CVE-2015-3896
RESERVED
CVE-2015-3895
@@ -2587,8 +2647,7 @@
[squeeze] - mew-beta <no-dsa> (Minor issue)
[wheezy] - mew-beta <no-dsa> (Minor issue)
[jessie] - mew-beta 7.0.50~6.6+0.20140902-1+deb8u1
-CVE-2015-3429 [DOM XSS Vulnerability in Twenty Fifteen WordPress Theme]
- RESERVED
+CVE-2015-3429 (Cross-site scripting (XSS) vulnerability in example.html in
Genericons ...)
- wordpress 4.2.2+dfsg-1 (bug #784603)
[wheezy] - wordpress <not-affected> (twentyfifteen theme not present)
[squeeze] - wordpress <not-affected> (twentyfifteen theme not present)
@@ -3044,7 +3103,7 @@
CVE-2015-3457 (Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition
(EE) ...)
NOT-FOR-US: Magento
CVE-2015-3456 (The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x
and ...)
- {DSA-3274-1 DSA-3262-1 DSA-3259-1}
+ {DSA-3274-1 DSA-3262-1 DSA-3259-1 DLA-249-1 DLA-248-1}
- qemu 1:2.3+dfsg-3
NOTE: qemu 1:2.3+dfsg-3 is pending in the NEW queue
[wheezy] - qemu 1.1.2+dfsg-6a+deb7u7
@@ -3131,8 +3190,8 @@
RESERVED
CVE-2015-3423
RESERVED
-CVE-2015-3422
- RESERVED
+CVE-2015-3422 (Cross-site scripting (XSS) vulnerability in SearchBlox before
8.2.1 ...)
+ TODO: check
CVE-2015-3421
RESERVED
CVE-2015-3419
@@ -4733,8 +4792,8 @@
RESERVED
CVE-2015-2862
RESERVED
-CVE-2015-2861
- RESERVED
+CVE-2015-2861 (Cross-site request forgery (CSRF) vulnerability in Vesta
Control Panel ...)
+ TODO: check
CVE-2015-2860
RESERVED
CVE-2015-2859
@@ -4940,8 +4999,8 @@
TODO: check
CVE-2015-2804 (The management web interface in Alcatel-Lucent OmniSwitch 6450,
6250, ...)
TODO: check
-CVE-2015-2803
- RESERVED
+CVE-2015-2803 (SQL injection vulnerability in mod1/index.php in the
Akronymmanager ...)
+ TODO: check
CVE-2015-2802
RESERVED
CVE-2015-2801
@@ -5391,8 +5450,8 @@
[jessie] - clamav 0.98.7+dfsg-0+deb8u1
CVE-2015-2667 (Untrusted search path vulnerability in GNS3 before 1.2.3 allows
local ...)
- gns3 <not-affected> (Windows specific)
-CVE-2015-2665
- RESERVED
+CVE-2015-2665 (Cross-site scripting (XSS) vulnerability in Cacti before 0.8.8d
allows ...)
+ TODO: check
CVE-2015-2664
RESERVED
CVE-2015-2663
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
