Author: sectracker Date: 2015-06-19 21:10:14 +0000 (Fri, 19 Jun 2015) New Revision: 35045
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2015-06-19 20:06:58 UTC (rev 35044) +++ data/CVE/list 2015-06-19 21:10:14 UTC (rev 35045) @@ -1,3 +1,65 @@ +CVE-2015-4674 + RESERVED +CVE-2015-4673 + RESERVED +CVE-2015-4672 + RESERVED +CVE-2015-4671 + RESERVED +CVE-2015-4670 + RESERVED +CVE-2015-4669 + RESERVED +CVE-2015-4668 + RESERVED +CVE-2015-4667 + RESERVED +CVE-2015-4666 + RESERVED +CVE-2015-4665 + RESERVED +CVE-2015-4664 + RESERVED +CVE-2015-4663 + RESERVED +CVE-2015-4662 + RESERVED +CVE-2015-4661 (Cross-site scripting (XSS) vulnerability in Symphony CMS 2.6.2 allows ...) + TODO: check +CVE-2015-4660 (Cross-site scripting (XSS) vulnerability in Enhanced SQL Portal ...) + TODO: check +CVE-2015-4659 (Cross-site request forgery (CSRF) vulnerability in ClickHeat 1.14 and ...) + TODO: check +CVE-2015-4658 (Multiple SQL injection vulnerabilities in admin/login.php in Milw0rm ...) + TODO: check +CVE-2015-4657 (Cross-site scripting (XSS) vulnerability in Mailbird 2.0.16.0 and ...) + TODO: check +CVE-2015-4656 (Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo ...) + TODO: check +CVE-2015-4655 (Cross-site scripting (XSS) vulnerability in Synology DiskStation ...) + TODO: check +CVE-2015-4654 (SQL injection vulnerability in the EQ Event Calendar component for ...) + TODO: check +CVE-2015-4653 + RESERVED +CVE-2015-4652 + RESERVED +CVE-2015-4651 + RESERVED +CVE-2015-4650 + RESERVED +CVE-2015-4649 + RESERVED +CVE-2015-4648 + RESERVED +CVE-2015-4647 + RESERVED +CVE-2015-4641 + RESERVED +CVE-2015-4640 + RESERVED +CVE-2012-6692 (Cross-site scripting (XSS) vulnerability in js/wp-seo-metabox.js in ...) + TODO: check CVE-2015-XXXX [GSM DTAP dissector could crash] - wireshark 1.12.6+gee1fce6-1 [wheezy] - wireshark <not-affected> (Vulnerable code not present) @@ -19,23 +81,28 @@ NOTE: https://bugzilla.redhat.com/1233267 NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/06/18/11 CVE-2015-4646 + RESERVED - squashfs-tools <unfixed> TODO: check CVE-2015-4645 + RESERVED - squashfs-tools <unfixed> TODO: check CVE-2015-4642 [OS command injection vulnerability in escapeshellarg] + RESERVED - php5 <not-affected> (Windows specific) NOTE: https://bugs.php.net/bug.php?id=69646 NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=d2ac264ffea5ca2e85640b6736e0c7cd4ee9a4a9 NOTE: http://www.openwall.com/lists/oss-security/2015/06/18/3 CVE-2015-4643 [Improved fix for bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow)] + RESERVED - php5 <unfixed> NOTE: Fixed in 5.6.10 / 5.5.26 / 5.4.42 NOTE: https://bugs.php.net/bug.php?id=69545#1431550655 NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=0765623d6991b62ffcd93ddb6be8a5203a2fa7e2 NOTE: http://www.openwall.com/lists/oss-security/2015/06/18/3 CVE-2015-4644 [Fixed bug #69667 (segfault in php_pgsql_meta_data)] + RESERVED - php5 <unfixed> NOTE: Fixed in 5.6.10 / 5.5.26 / 5.4.42 NOTE: https://bugs.php.net/bug.php?id=69667 @@ -63,8 +130,8 @@ RESERVED CVE-2015-4629 RESERVED -CVE-2015-4628 - RESERVED +CVE-2015-4628 (SQL injection vulnerability in ...) + TODO: check CVE-2015-4627 RESERVED CVE-2015-4626 @@ -125,8 +192,8 @@ RESERVED CVE-2015-4589 RESERVED -CVE-2015-4587 - RESERVED +CVE-2015-4587 (Cross-site scripting (XSS) vulnerability in the Alcatel-Lucent ...) + TODO: check CVE-2015-4586 RESERVED CVE-2015-4585 @@ -437,8 +504,8 @@ CVE-2015-4455 RESERVED NOT-FOR-US: WordPress plugin aviary-image-editor-add-on-for-gravity-forms -CVE-2015-4454 - RESERVED +CVE-2015-4454 (SQL injection vulnerability in the get_hash_graph_template function in ...) + TODO: check CVE-2015-4453 RESERVED CVE-2015-4452 @@ -505,8 +572,8 @@ RESERVED CVE-2015-4421 RESERVED -CVE-2015-4420 - RESERVED +CVE-2015-4420 (Multiple cross-site scripting (XSS) vulnerabilities in Opsview 4.6.2 ...) + TODO: check CVE-2015-4419 RESERVED CVE-2015-4418 (Zoho NetFlow Analyzer build 10250 and earlier does not have an off ...) @@ -517,8 +584,7 @@ RESERVED CVE-2015-4415 (Multiple directory traversal vulnerabilities in func.php in Magnifica ...) NOT-FOR-US: Magnifica Webscripts Anima Gallery -CVE-2015-4414 - RESERVED +CVE-2015-4414 (Directory traversal vulnerability in download_audio.php in the SE ...) NOT-FOR-US: WordPress plugin se-html5-album-audio-player CVE-2015-4413 RESERVED @@ -656,8 +722,7 @@ TODO: check CVE-2015-4343 RESERVED -CVE-2015-4342 [SQL Injection and Location header injection from cdef id] - RESERVED +CVE-2015-4342 (SQL injection vulnerability in Cacti before 0.8.8d allows remote ...) - cacti <unfixed> NOTE: Original report: http://seclists.org/fulldisclosure/2015/Jun/19 NOTE: Upstream bug: http://bugs.cacti.net/view.php?id=2571 (not yet accessible) @@ -947,16 +1012,16 @@ RESERVED CVE-2015-4196 RESERVED -CVE-2015-4195 - RESERVED -CVE-2015-4194 - RESERVED +CVE-2015-4195 (Cisco IOS XR 5.1.1.K9SEC allows remote authenticated users to cause a ...) + TODO: check +CVE-2015-4194 (The web-based administrative interface in Cisco WebEx Meeting Center ...) + TODO: check CVE-2015-4193 RESERVED CVE-2015-4192 RESERVED -CVE-2015-4191 - RESERVED +CVE-2015-4191 (Cisco IOS XR 5.2.1 allows remote attackers to cause a denial of ...) + TODO: check CVE-2015-4190 (Cisco Cloud Portal in Cisco Prime Service Catalog 9.4.1_vortex on ...) TODO: check CVE-2015-4189 @@ -1023,14 +1088,11 @@ NOTE: http://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html NOTE: https://sources.debian.net/src/ruby-bson/1.10.0-1/lib/bson/types/object_id.rb/#L54 NOTE: http://www.openwall.com/lists/oss-security/2015/06/06/1 -CVE-2015-4338 - RESERVED +CVE-2015-4338 (Static code injection vulnerability in the XCloner plugin 3.1.2 for ...) NOT-FOR-US: WordPress plugin xclonerbackupandrestore -CVE-2015-4337 - RESERVED +CVE-2015-4337 (Cross-site scripting (XSS) vulnerability in the XCloner plugin 3.1.2 ...) NOT-FOR-US: WordPress plugin xclonerbackupandrestore -CVE-2015-4336 - RESERVED +CVE-2015-4336 (cloner.functions.php in the XCloner plugin 3.1.2 for WordPress allows ...) NOT-FOR-US: WordPress plugin xclonerbackupandrestore CVE-2015-4335 (Redis before 2.8.1 and 3.x before 3.0.2 allows remote attackers to ...) {DSA-3279-1} @@ -1196,11 +1258,9 @@ NOTE: https://bugs.exim.org/show_bug.cgi?id=1515 NOTE: Fixed by: http://vcs.pcre.org/pcre?view=revision&revision=1498 NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/31/4 -CVE-2015-4140 - RESERVED +CVE-2015-4140 (Cross-site request forgery (CSRF) vulnerability in the WP Smiley ...) NOT-FOR-US: WordPress plugin wp-smiley -CVE-2015-4139 - RESERVED +CVE-2015-4139 (Cross-site scripting (XSS) vulnerability in smilies4wp.php in the WP ...) NOT-FOR-US: WordPress plugin wp-smiley CVE-2015-4135 (Cross-site scripting (XSS) vulnerability in goto.php in phpwind 8.7 ...) NOT-FOR-US: PHPWind @@ -1888,8 +1948,8 @@ RESERVED CVE-2015-3898 RESERVED -CVE-2015-3897 - RESERVED +CVE-2015-3897 (Directory traversal vulnerability in Bonita BPM Portal before 6.5.3 ...) + TODO: check CVE-2015-3896 RESERVED CVE-2015-3895 @@ -2587,8 +2647,7 @@ [squeeze] - mew-beta <no-dsa> (Minor issue) [wheezy] - mew-beta <no-dsa> (Minor issue) [jessie] - mew-beta 7.0.50~6.6+0.20140902-1+deb8u1 -CVE-2015-3429 [DOM XSS Vulnerability in Twenty Fifteen WordPress Theme] - RESERVED +CVE-2015-3429 (Cross-site scripting (XSS) vulnerability in example.html in Genericons ...) - wordpress 4.2.2+dfsg-1 (bug #784603) [wheezy] - wordpress <not-affected> (twentyfifteen theme not present) [squeeze] - wordpress <not-affected> (twentyfifteen theme not present) @@ -3044,7 +3103,7 @@ CVE-2015-3457 (Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) ...) NOT-FOR-US: Magento CVE-2015-3456 (The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and ...) - {DSA-3274-1 DSA-3262-1 DSA-3259-1} + {DSA-3274-1 DSA-3262-1 DSA-3259-1 DLA-249-1 DLA-248-1} - qemu 1:2.3+dfsg-3 NOTE: qemu 1:2.3+dfsg-3 is pending in the NEW queue [wheezy] - qemu 1.1.2+dfsg-6a+deb7u7 @@ -3131,8 +3190,8 @@ RESERVED CVE-2015-3423 RESERVED -CVE-2015-3422 - RESERVED +CVE-2015-3422 (Cross-site scripting (XSS) vulnerability in SearchBlox before 8.2.1 ...) + TODO: check CVE-2015-3421 RESERVED CVE-2015-3419 @@ -4733,8 +4792,8 @@ RESERVED CVE-2015-2862 RESERVED -CVE-2015-2861 - RESERVED +CVE-2015-2861 (Cross-site request forgery (CSRF) vulnerability in Vesta Control Panel ...) + TODO: check CVE-2015-2860 RESERVED CVE-2015-2859 @@ -4940,8 +4999,8 @@ TODO: check CVE-2015-2804 (The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, ...) TODO: check -CVE-2015-2803 - RESERVED +CVE-2015-2803 (SQL injection vulnerability in mod1/index.php in the Akronymmanager ...) + TODO: check CVE-2015-2802 RESERVED CVE-2015-2801 @@ -5391,8 +5450,8 @@ [jessie] - clamav 0.98.7+dfsg-0+deb8u1 CVE-2015-2667 (Untrusted search path vulnerability in GNS3 before 1.2.3 allows local ...) - gns3 <not-affected> (Windows specific) -CVE-2015-2665 - RESERVED +CVE-2015-2665 (Cross-site scripting (XSS) vulnerability in Cacti before 0.8.8d allows ...) + TODO: check CVE-2015-2664 RESERVED CVE-2015-2663 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits