Author: sectracker
Date: 2015-07-03 09:10:16 +0000 (Fri, 03 Jul 2015)
New Revision: 35294
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-07-03 09:09:06 UTC (rev 35293)
+++ data/CVE/list 2015-07-03 09:10:16 UTC (rev 35294)
@@ -1,14 +1,597 @@
+CVE-2015-5363
+ RESERVED
+CVE-2015-5362
+ RESERVED
+CVE-2015-5361
+ RESERVED
+CVE-2015-5360
+ RESERVED
+CVE-2015-5359
+ RESERVED
+CVE-2015-5358
+ RESERVED
+CVE-2015-5357
+ RESERVED
+CVE-2015-5356 (Cross-site scripting (XSS) vulnerability in
admin/filebrowser.php in ...)
+ TODO: check
+CVE-2015-5355 (Multiple cross-site scripting (XSS) vulnerabilities in
GetSimple CMS ...)
+ TODO: check
+CVE-2015-5354 (Open redirect vulnerability in Novius OS 5.0.1 (Elche) allows
remote ...)
+ TODO: check
+CVE-2015-5353 (Directory traversal vulnerability in Novius OS 5.0.1 (Elche)
allows ...)
+ TODO: check
+CVE-2015-5351
+ RESERVED
+CVE-2015-5350
+ RESERVED
+CVE-2015-5349
+ RESERVED
+CVE-2015-5348
+ RESERVED
+CVE-2015-5347
+ RESERVED
+CVE-2015-5346
+ RESERVED
+CVE-2015-5345
+ RESERVED
+CVE-2015-5344
+ RESERVED
+CVE-2015-5343
+ RESERVED
+CVE-2015-5342
+ RESERVED
+CVE-2015-5341
+ RESERVED
+CVE-2015-5340
+ RESERVED
+CVE-2015-5339
+ RESERVED
+CVE-2015-5338
+ RESERVED
+CVE-2015-5337
+ RESERVED
+CVE-2015-5336
+ RESERVED
+CVE-2015-5335
+ RESERVED
+CVE-2015-5334
+ RESERVED
+CVE-2015-5333
+ RESERVED
+CVE-2015-5332
+ RESERVED
+CVE-2015-5331
+ RESERVED
+CVE-2015-5330
+ RESERVED
+CVE-2015-5329
+ RESERVED
+CVE-2015-5328
+ RESERVED
+CVE-2015-5327
+ RESERVED
+CVE-2015-5326
+ RESERVED
+CVE-2015-5325
+ RESERVED
+CVE-2015-5324
+ RESERVED
+CVE-2015-5323
+ RESERVED
+CVE-2015-5322
+ RESERVED
+CVE-2015-5321
+ RESERVED
+CVE-2015-5320
+ RESERVED
+CVE-2015-5319
+ RESERVED
+CVE-2015-5318
+ RESERVED
+CVE-2015-5317
+ RESERVED
+CVE-2015-5316
+ RESERVED
+CVE-2015-5315
+ RESERVED
+CVE-2015-5314
+ RESERVED
+CVE-2015-5313
+ RESERVED
+CVE-2015-5312
+ RESERVED
+CVE-2015-5311
+ RESERVED
+CVE-2015-5310
+ RESERVED
+CVE-2015-5309
+ RESERVED
+CVE-2015-5308
+ RESERVED
+CVE-2015-5307
+ RESERVED
+CVE-2015-5306
+ RESERVED
+CVE-2015-5305
+ RESERVED
+CVE-2015-5304
+ RESERVED
+CVE-2015-5303
+ RESERVED
+CVE-2015-5302
+ RESERVED
+CVE-2015-5301
+ RESERVED
+CVE-2015-5300
+ RESERVED
+CVE-2015-5299
+ RESERVED
+CVE-2015-5298
+ RESERVED
+CVE-2015-5297
+ RESERVED
+CVE-2015-5296
+ RESERVED
+CVE-2015-5295
+ RESERVED
+CVE-2015-5294
+ RESERVED
+CVE-2015-5293
+ RESERVED
+CVE-2015-5292
+ RESERVED
+CVE-2015-5291
+ RESERVED
+CVE-2015-5290
+ RESERVED
+CVE-2015-5289
+ RESERVED
+CVE-2015-5288
+ RESERVED
+CVE-2015-5287
+ RESERVED
+CVE-2015-5286
+ RESERVED
+CVE-2015-5285
+ RESERVED
+CVE-2015-5284
+ RESERVED
+CVE-2015-5283
+ RESERVED
+CVE-2015-5282
+ RESERVED
+CVE-2015-5281
+ RESERVED
+CVE-2015-5280
+ RESERVED
+CVE-2015-5279
+ RESERVED
+CVE-2015-5278
+ RESERVED
+CVE-2015-5277
+ RESERVED
+CVE-2015-5276
+ RESERVED
+CVE-2015-5275
+ RESERVED
+CVE-2015-5274
+ RESERVED
+CVE-2015-5273
+ RESERVED
+CVE-2015-5272
+ RESERVED
+CVE-2015-5271
+ RESERVED
+CVE-2015-5270
+ RESERVED
+CVE-2015-5269
+ RESERVED
+CVE-2015-5268
+ RESERVED
+CVE-2015-5267
+ RESERVED
+CVE-2015-5266
+ RESERVED
+CVE-2015-5265
+ RESERVED
+CVE-2015-5264
+ RESERVED
+CVE-2015-5263
+ RESERVED
+CVE-2015-5262
+ RESERVED
+CVE-2015-5261
+ RESERVED
+CVE-2015-5260
+ RESERVED
+CVE-2015-5259
+ RESERVED
+CVE-2015-5258
+ RESERVED
+CVE-2015-5257
+ RESERVED
+CVE-2015-5256
+ RESERVED
+CVE-2015-5255
+ RESERVED
+CVE-2015-5254
+ RESERVED
+CVE-2015-5253
+ RESERVED
+CVE-2015-5252
+ RESERVED
+CVE-2015-5251
+ RESERVED
+CVE-2015-5250
+ RESERVED
+CVE-2015-5249
+ RESERVED
+CVE-2015-5248
+ RESERVED
+CVE-2015-5247
+ RESERVED
+CVE-2015-5246
+ RESERVED
+CVE-2015-5245
+ RESERVED
+CVE-2015-5244
+ RESERVED
+CVE-2015-5243
+ RESERVED
+CVE-2015-5242
+ RESERVED
+CVE-2015-5241
+ RESERVED
+CVE-2015-5240
+ RESERVED
+CVE-2015-5239
+ RESERVED
+CVE-2015-5238
+ RESERVED
+CVE-2015-5237
+ RESERVED
+CVE-2015-5236
+ RESERVED
+CVE-2015-5235
+ RESERVED
+CVE-2015-5234
+ RESERVED
+CVE-2015-5233
+ RESERVED
+CVE-2015-5232
+ RESERVED
+CVE-2015-5231
+ RESERVED
+CVE-2015-5230
+ RESERVED
+CVE-2015-5229
+ RESERVED
+CVE-2015-5228
+ RESERVED
+CVE-2015-5227
+ RESERVED
+CVE-2015-5226
+ RESERVED
+CVE-2015-5225
+ RESERVED
+CVE-2015-5224
+ RESERVED
+CVE-2015-5223
+ RESERVED
+CVE-2015-5222
+ RESERVED
+CVE-2015-5221
+ RESERVED
+CVE-2015-5220
+ RESERVED
+CVE-2015-5219
+ RESERVED
+CVE-2015-5218
+ RESERVED
+CVE-2015-5217
+ RESERVED
+CVE-2015-5216
+ RESERVED
+CVE-2015-5215
+ RESERVED
+CVE-2015-5214
+ RESERVED
+CVE-2015-5213
+ RESERVED
+CVE-2015-5212
+ RESERVED
+CVE-2015-5211
+ RESERVED
+CVE-2015-5210
+ RESERVED
+CVE-2015-5209
+ RESERVED
+CVE-2015-5208
+ RESERVED
+CVE-2015-5207
+ RESERVED
+CVE-2015-5206
+ RESERVED
+CVE-2015-5205
+ RESERVED
+CVE-2015-5204
+ RESERVED
+CVE-2015-5203
+ RESERVED
+CVE-2015-5202
+ RESERVED
+CVE-2015-5201
+ RESERVED
+CVE-2015-5200
+ RESERVED
+CVE-2015-5199
+ RESERVED
+CVE-2015-5198
+ RESERVED
+CVE-2015-5197
+ RESERVED
+CVE-2015-5196
+ RESERVED
+CVE-2015-5195
+ RESERVED
+CVE-2015-5194
+ RESERVED
+CVE-2015-5193
+ RESERVED
+CVE-2015-5192
+ RESERVED
+CVE-2015-5191
+ RESERVED
+CVE-2015-5190
+ RESERVED
+CVE-2015-5189
+ RESERVED
+CVE-2015-5188
+ RESERVED
+CVE-2015-5187
+ RESERVED
+CVE-2015-5186
+ RESERVED
+CVE-2015-5185
+ RESERVED
+CVE-2015-5184
+ RESERVED
+CVE-2015-5183
+ RESERVED
+CVE-2015-5182
+ RESERVED
+CVE-2015-5181
+ RESERVED
+CVE-2015-5180
+ RESERVED
+CVE-2015-5179
+ RESERVED
+CVE-2015-5178
+ RESERVED
+CVE-2015-5177
+ RESERVED
+CVE-2015-5176
+ RESERVED
+CVE-2015-5175
+ RESERVED
+CVE-2015-5174
+ RESERVED
+CVE-2015-5173
+ RESERVED
+CVE-2015-5172
+ RESERVED
+CVE-2015-5171
+ RESERVED
+CVE-2015-5170
+ RESERVED
+CVE-2015-5169
+ RESERVED
+CVE-2015-5168
+ RESERVED
+CVE-2015-5167
+ RESERVED
+CVE-2015-5166
+ RESERVED
+CVE-2015-5165
+ RESERVED
+CVE-2015-5164
+ RESERVED
+CVE-2015-5163
+ RESERVED
+CVE-2015-5162
+ RESERVED
+CVE-2015-5161
+ RESERVED
+CVE-2015-5160
+ RESERVED
+CVE-2015-5159
+ RESERVED
+CVE-2015-5158
+ RESERVED
+CVE-2015-5157
+ RESERVED
+CVE-2015-5156
+ RESERVED
+CVE-2015-5155
+ RESERVED
+CVE-2015-5154
+ RESERVED
+CVE-2015-5153
+ RESERVED
+CVE-2015-5152
+ RESERVED
+CVE-2015-5151 (Cross-site scripting (XSS) vulnerability in the Slider
Revolution ...)
+ TODO: check
+CVE-2015-5150 (Multiple cross-site scripting (XSS) vulnerabilities in Zoho ...)
+ TODO: check
+CVE-2015-5149 (Directory traversal vulnerability in Zoho ManageEngine
SupportCenter ...)
+ TODO: check
+CVE-2015-5148 (SQL injection vulnerability in LivelyCart 1.2.0 allows remote
...)
+ TODO: check
+CVE-2015-5145
+ RESERVED
+CVE-2015-5144
+ RESERVED
+CVE-2015-5143
+ RESERVED
+CVE-2015-5142
+ RESERVED
+CVE-2015-5141
+ RESERVED
+CVE-2015-5140
+ RESERVED
+CVE-2015-5139
+ RESERVED
+CVE-2015-5138
+ RESERVED
+CVE-2015-5137
+ RESERVED
+CVE-2015-5136
+ RESERVED
+CVE-2015-5135
+ RESERVED
+CVE-2015-5134
+ RESERVED
+CVE-2015-5133
+ RESERVED
+CVE-2015-5132
+ RESERVED
+CVE-2015-5131
+ RESERVED
+CVE-2015-5130
+ RESERVED
+CVE-2015-5129
+ RESERVED
+CVE-2015-5128
+ RESERVED
+CVE-2015-5127
+ RESERVED
+CVE-2015-5126
+ RESERVED
+CVE-2015-5125
+ RESERVED
+CVE-2015-5124
+ RESERVED
+CVE-2015-5123
+ RESERVED
+CVE-2015-5122
+ RESERVED
+CVE-2015-5121
+ RESERVED
+CVE-2015-5120
+ RESERVED
+CVE-2015-5119
+ RESERVED
+CVE-2015-5118
+ RESERVED
+CVE-2015-5117
+ RESERVED
+CVE-2015-5116
+ RESERVED
+CVE-2015-5115
+ RESERVED
+CVE-2015-5114
+ RESERVED
+CVE-2015-5113
+ RESERVED
+CVE-2015-5112
+ RESERVED
+CVE-2015-5111
+ RESERVED
+CVE-2015-5110
+ RESERVED
+CVE-2015-5109
+ RESERVED
+CVE-2015-5108
+ RESERVED
+CVE-2015-5107
+ RESERVED
+CVE-2015-5106
+ RESERVED
+CVE-2015-5105
+ RESERVED
+CVE-2015-5104
+ RESERVED
+CVE-2015-5103
+ RESERVED
+CVE-2015-5102
+ RESERVED
+CVE-2015-5101
+ RESERVED
+CVE-2015-5100
+ RESERVED
+CVE-2015-5099
+ RESERVED
+CVE-2015-5098
+ RESERVED
+CVE-2015-5097
+ RESERVED
+CVE-2015-5096
+ RESERVED
+CVE-2015-5095
+ RESERVED
+CVE-2015-5094
+ RESERVED
+CVE-2015-5093
+ RESERVED
+CVE-2015-5092
+ RESERVED
+CVE-2015-5091
+ RESERVED
+CVE-2015-5090
+ RESERVED
+CVE-2015-5089
+ RESERVED
+CVE-2015-5088
+ RESERVED
+CVE-2015-5087
+ RESERVED
+CVE-2015-5086
+ RESERVED
+CVE-2015-5085
+ RESERVED
+CVE-2015-5084
+ RESERVED
+CVE-2015-5083
+ RESERVED
+CVE-2015-5082
+ RESERVED
+CVE-2015-5080
+ RESERVED
+CVE-2015-5079
+ RESERVED
+CVE-2015-5078 (SQL injection vulnerability in the insert function in ...)
+ TODO: check
+CVE-2015-5077
+ RESERVED
+CVE-2015-5076
+ RESERVED
+CVE-2015-5075
+ RESERVED
+CVE-2015-5074
+ RESERVED
+CVE-2015-5072
+ RESERVED
+CVE-2015-5071
+ RESERVED
+CVE-2014-9735 (The ThemePunch Slider Revolution (revslider) plugin before
3.0.96 for ...)
+ TODO: check
+CVE-2014-9734 (Directory traversal vulnerability in the Slider Revolution
(revslider) ...)
+ TODO: check
CVE-2015-5146 [ntpd control message crash: Crafted NUL-byte in configuration
directive]
+ RESERVED
- ntp <unfixed>
[jessie] - ntp <no-dsa> (Minor issue)
[wheezy] - ntp <no-dsa> (Minor issue)
[squeeze] - ntp <no-dsa> (Minor issue)
NOTE:
http://support.ntp.org/bin/view/Main/SecurityNotice#June_2015_NTP_Security_Vulnerabi
CVE-2015-5352 [refusal deadline is not checked within the x11_open_helper
function]
+ RESERVED
- openssh <unfixed> (bug #790798)
NOTE: http://www.openwall.com/lists/oss-security/2015/07/01/7
NOTE:
https://anongit.mindrot.org/openssh.git/commit/?h=V_6_9&id=1bf477d3cdf1a864646d59820878783d42357a1d
CVE-2015-5147 [Stack overflow in redcarpet's header_anchor]
+ RESERVED
- ruby-redcarpet <not-affected> (Affects v3.3.0 - v3.3.1)
NOTE:
https://github.com/vmg/redcarpet/commit/2cee777c1e5babe8a1e2683d31ea75cc4afe55fb
NOTE: http://www.openwall.com/lists/oss-security/2015/06/29/3
@@ -20,8 +603,10 @@
NOTE:
https://blog.fuzzing-project.org/17-Courier-mail-server-Write-heap-overflow-in-mailbot-tool-and-out-of-bounds-heap-read-in-imap-folder-parser.html
NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2015/06/29/1
CVE-2015-5081 [CSRF]
+ RESERVED
- python-django-cms <itp> (bug #516183)
CVE-2015-5073 [Heap Overflow Vulnerability in find_fixedlength()]
+ RESERVED
- pcre3 2:8.35-7 (bug #790000)
[jessie] - pcre3 <no-dsa> (Minor issue)
[wheezy] - pcre3 <no-dsa> (Minor issue)
@@ -796,6 +1381,7 @@
CVE-2015-4675 (Buffer overflow in the Tiny SRP library (aka TinySRP) allows
remote ...)
NOT-FOR-US: Tiny SRP
CVE-2015-5070
+ RESERVED
- wesnoth-1.13 1:1.13.1-1
- wesnoth-1.12 1:1.12.4-1
- wesnoth-1.10 <removed>
@@ -804,6 +1390,7 @@
- wesnoth-1.8 <removed>
NOTE:
https://github.com/wesnoth/wesnoth/commit/b2738ffb2fdd2550ececb74f76f75583c43c8b59
CVE-2015-5069
+ RESERVED
- wesnoth-1.13 1:1.13.1-1
- wesnoth-1.12 1:1.12.4-1
- wesnoth-1.10 <removed>
@@ -845,12 +1432,10 @@
[squeeze] - linux-2.6 <not-affected> (Introduced in v3.0-rc1)
NOTE: Upstream commit:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3f7352bf21f8fd7ba3e2fcef9488756f188e12be
(v4.1-rc6)
NOTE: Introduced in:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0a14842f5a3c0e88a1e59fac5c3025db39721f74
(v3.0-rc1)
-CVE-2015-4696 [wmf2gd/wmf2eps use after free]
- RESERVED
+CVE-2015-4696 (Use-after-free vulnerability in libwmf 0.2.8.4 allows remote
attackers ...)
{DLA-257-1}
- libwmf <unfixed> (bug #784192)
-CVE-2015-4695 [meta_pen_create heap buffer overflow]
- RESERVED
+CVE-2015-4695 (meta.h in libwmf 0.2.8.4 allows remote attackers to cause a
denial of ...)
{DLA-257-1}
- libwmf <unfixed> (bug #784205)
CVE-2015-4680 [insufficent CRL application]
@@ -1346,8 +1931,7 @@
- php5 <unfixed>
NOTE: https://bugs.php.net/bug.php?id=69719
NOTE: Fixed in 5.6.10 and 5.4.42 upstream
-CVE-2015-4588 [RLE decoding doesn't check that the "count" fits into the image]
- RESERVED
+CVE-2015-4588 (Heap-based buffer overflow in the DecodeImage function in
libwmf ...)
{DLA-253-1}
- libwmf <unfixed> (bug #787644)
CVE-2015-4556 [buffer overrun in CHICKEN Scheme's string-translate* procedure]
@@ -1809,42 +2393,42 @@
RESERVED
CVE-2015-4234
RESERVED
-CVE-2015-4233
- RESERVED
+CVE-2015-4233 (SQL injection vulnerability in Cisco Unified MeetingPlace
8.6(1.2) ...)
+ TODO: check
CVE-2015-4232
RESERVED
CVE-2015-4231
RESERVED
CVE-2015-4230
RESERVED
-CVE-2015-4229
- RESERVED
+CVE-2015-4229 (The web framework in Cisco Unified Communications Domain
Manager ...)
+ TODO: check
CVE-2015-4228
RESERVED
-CVE-2015-4227
- RESERVED
-CVE-2015-4226
- RESERVED
-CVE-2015-4225
- RESERVED
-CVE-2015-4224
- RESERVED
-CVE-2015-4223
- RESERVED
-CVE-2015-4222
- RESERVED
-CVE-2015-4221
- RESERVED
-CVE-2015-4220
- RESERVED
+CVE-2015-4227 (Memory leak in Cisco Headend System Release allows remote
attackers to ...)
+ TODO: check
+CVE-2015-4226 (The packet-storing feature on Cisco 9900 phones with firmware
9.3(2) ...)
+ TODO: check
+CVE-2015-4225 (Cisco Application Policy Infrastructure Controller (APIC)
1.0(1.110a) ...)
+ TODO: check
+CVE-2015-4224 (Cisco Wireless LAN Controller (WLC) devices with software
7.0(240.0) ...)
+ TODO: check
+CVE-2015-4223 (Cisco IOS XR 5.1.3 allows remote attackers to cause a denial of
...)
+ TODO: check
+CVE-2015-4222 (SQL injection vulnerability in Cisco Unified Communications
Manager IM ...)
+ TODO: check
+CVE-2015-4221 (Cisco Unified Communications Manager IM and Presence Service
9.1(1) ...)
+ TODO: check
+CVE-2015-4220 (Cross-site scripting (XSS) vulnerability in Cisco Unified
Presence ...)
+ TODO: check
CVE-2015-4219 (Cisco Secure Access Control System before 5.4(0.46.2) and 5.5
before ...)
NOT-FOR-US: Cisco
CVE-2015-4218 (The web-based user interface in Cisco Jabber through 9.6(3) and
9.7 ...)
NOT-FOR-US: Cisco Jabber
-CVE-2015-4217
- RESERVED
-CVE-2015-4216
- RESERVED
+CVE-2015-4217 (The remote-support feature on Cisco Web Security Virtual
Appliance ...)
+ TODO: check
+CVE-2015-4216 (The remote-support feature on Cisco Web Security Virtual
Appliance ...)
+ TODO: check
CVE-2015-4215 (Cisco Wireless LAN Controller (WLC) devices with software
7.5(102.0) ...)
NOT-FOR-US: Cisco
CVE-2015-4214 (Cisco Unified MeetingPlace 8.6(1.2) and 8.6(1.9) allows remote
...)
@@ -1877,8 +2461,8 @@
NOT-FOR-US: Cisco
CVE-2015-4200 (Memory leak in the IPv6-to-IPv4 functionality in Cisco IOS
15.3S in ...)
NOT-FOR-US: Cisco IOS
-CVE-2015-4199
- RESERVED
+CVE-2015-4199 (Race condition in the IPv6-to-IPv4 functionality in Cisco IOS
15.3S in ...)
+ TODO: check
CVE-2015-4198 (Cross-site scripting (XSS) vulnerability in the web framework
on Cisco ...)
NOT-FOR-US: Cisco
CVE-2015-4197 (Cisco NX-OS 5.2(5) on Nexus 7000 devices allows remote
attackers to ...)
@@ -1919,8 +2503,8 @@
RESERVED
CVE-2015-4175
RESERVED
-CVE-2015-4174
- RESERVED
+CVE-2015-4174 (Cross-site scripting (XSS) vulnerability in the integrated web
server ...)
+ TODO: check
CVE-2015-4173
RESERVED
CVE-2010-5324 (Directory traversal vulnerability in UploadServlet in the
Remote ...)
@@ -2076,6 +2660,7 @@
NOTE: Upstream fix:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0e5cc9a40ada6046e6bc3bdfcd0c0d7e4b706b14
(v3.19-rc3)
NOTE: http://www.openwall.com/lists/oss-security/2015/06/03/4
CVE-2015-5364 [Linux UDP checksum DoS]
+ RESERVED
- linux <unfixed>
- linux-2.6 <removed>
NOTE:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=beb39db59d14990e401e235faf66a6b9b31240b0
(v4.1-rc7)
@@ -4623,7 +5208,7 @@
NOTE: The default for syslog is $FileCreateMode 0644 but the
rsyslog.conf
NOTE: provided by the Debian package sets $FileCreateMode 0640
CVE-2015-3242
- RESERVED
+ REJECTED
NOTE: To be rejected
NOTE: http://www.openwall.com/lists/oss-security/2015/06/25/5
CVE-2015-3241
@@ -4812,6 +5397,7 @@
RESERVED
CVE-2015-3206 [checkPassword() does not verify KDC authenticity]
RESERVED
+ {DLA-265-1}
- pykerberos <unfixed>
NOTE: CVE originally assigned for python-kerberos, pykerberos is a fork
of the
NOTE: former.
@@ -4820,8 +5406,7 @@
CVE-2015-3205 (libmimedir allows remote attackers to execute arbitrary code
via a VCF ...)
- libmimedir <removed> (bug #789197)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1222251
-CVE-2015-3204
- RESERVED
+CVE-2015-3204 (libreswan 3.9 through 3.12 allows remote attackers to cause a
denial ...)
- libreswan <itp> (bug #773459)
CVE-2015-3203
RESERVED
@@ -4949,8 +5534,7 @@
NOTE: Since 9.1.1-2 src:postgresql-9.1 builds only
postgresql-plperl-9.1, source-wise fixed
- postgresql-8.4 <removed>
[wheezy] - postgresql-8.4 <no-dsa> (postgresql-8.4 in wheezy only
provides PL/Perl; EOL upstream)
-CVE-2015-3164 [Unauthorised local client access in XWayland]
- RESERVED
+CVE-2015-3164 (The authentication setup in XWayland 1.16.x and 1.17.x before
1.17.2 ...)
- xorg-server 2:1.17.2-1 (bug #788410)
[jessie] - xorg-server <no-dsa> (Minor issue, can be fixed along in a
future DSA)
[wheezy] - xorg-server <not-affected> (XWayland not present)
@@ -4974,7 +5558,7 @@
RESERVED
NOT-FOR-US: PicketLink
CVE-2015-3157
- RESERVED
+ REJECTED
NOTE: To be rejected
http://www.openwall.com/lists/oss-security/2015/06/30/19
CVE-2015-3156 [multiple insecure /tmp file usage issues]
RESERVED
@@ -5492,10 +6076,10 @@
RESERVED
CVE-2015-2967
RESERVED
-CVE-2015-2966
- RESERVED
-CVE-2015-2965
- RESERVED
+CVE-2015-2966 (Directory traversal vulnerability in the Droidware UK Explorer+
File ...)
+ TODO: check
+CVE-2015-2965 (Directory traversal vulnerability in osCommerce Japanese
2.2ms1j-R8 ...)
+ TODO: check
CVE-2015-2964
RESERVED
CVE-2015-2963
@@ -7989,8 +8573,7 @@
RESERVED
CVE-2015-2142
RESERVED
-CVE-2015-2141
- RESERVED
+CVE-2015-2141 (The InvertibleRWFunction::CalculateInverse function in rw.cpp
in ...)
{DSA-3296-1 DLA-262-1}
- libcrypto++ 5.6.1-7
NOTE:
https://github.com/weidai11/cryptopp/commit/9425e16437439e68c7d96abef922167d68fafaff
@@ -8339,8 +8922,8 @@
RESERVED
CVE-2015-2020
RESERVED
-CVE-2015-2019
- RESERVED
+CVE-2015-2019 (IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1
before ...)
+ TODO: check
CVE-2015-2018
RESERVED
CVE-2015-2017
@@ -8405,8 +8988,8 @@
RESERVED
CVE-2015-1987
RESERVED
-CVE-2015-1986
- RESERVED
+CVE-2015-1986 (The server in IBM Tivoli Storage Manager FastBack 6.1 before
6.1.12 ...)
+ TODO: check
CVE-2015-1985
RESERVED
CVE-2015-1984
@@ -8415,26 +8998,26 @@
RESERVED
CVE-2015-1982
RESERVED
-CVE-2015-1981
- RESERVED
+CVE-2015-1981 (Cross-site scripting (XSS) vulnerability in the web server in
IBM ...)
+ TODO: check
CVE-2015-1980
RESERVED
CVE-2015-1979
RESERVED
-CVE-2015-1978
- RESERVED
+CVE-2015-1978 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Security
...)
+ TODO: check
CVE-2015-1977
RESERVED
CVE-2015-1976
RESERVED
CVE-2015-1975
RESERVED
-CVE-2015-1974
- RESERVED
+CVE-2015-1974 (The web administration tool in IBM Tivoli Security Directory
Server ...)
+ TODO: check
CVE-2015-1973
RESERVED
-CVE-2015-1972
- RESERVED
+CVE-2015-1972 (IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1
before ...)
+ TODO: check
CVE-2015-1971
RESERVED
CVE-2015-1970
@@ -8443,24 +9026,24 @@
RESERVED
CVE-2015-1968
RESERVED
-CVE-2015-1967
- RESERVED
+CVE-2015-1967 (MQ Explorer in IBM WebSphere MQ before 8.0.0.3 does not
recognize the ...)
+ TODO: check
CVE-2015-1966
RESERVED
-CVE-2015-1965
- RESERVED
-CVE-2015-1964
- RESERVED
-CVE-2015-1963
- RESERVED
-CVE-2015-1962
- RESERVED
+CVE-2015-1965 (Stack-based buffer overflow in the server in IBM Tivoli Storage
...)
+ TODO: check
+CVE-2015-1964 (Stack-based buffer overflow in the server in IBM Tivoli Storage
...)
+ TODO: check
+CVE-2015-1963 (Stack-based buffer overflow in the server in IBM Tivoli Storage
...)
+ TODO: check
+CVE-2015-1962 (Stack-based buffer overflow in the server in IBM Tivoli Storage
...)
+ TODO: check
CVE-2015-1961
RESERVED
CVE-2015-1960
RESERVED
-CVE-2015-1959
- RESERVED
+CVE-2015-1959 (IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1
before ...)
+ TODO: check
CVE-2015-1958
RESERVED
CVE-2015-1957
@@ -8469,20 +9052,20 @@
RESERVED
CVE-2015-1955
RESERVED
-CVE-2015-1954
- RESERVED
-CVE-2015-1953
- RESERVED
+CVE-2015-1954 (Stack-based buffer overflow in the server in IBM Tivoli Storage
...)
+ TODO: check
+CVE-2015-1953 (Stack-based buffer overflow in the server in IBM Tivoli Storage
...)
+ TODO: check
CVE-2015-1952
RESERVED
-CVE-2015-1951
- RESERVED
-CVE-2015-1950
- RESERVED
-CVE-2015-1949
- RESERVED
-CVE-2015-1948
- RESERVED
+CVE-2015-1951 (IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before
7.5.0.8 ...)
+ TODO: check
+CVE-2015-1950 (IBM PowerVC Standard Edition 1.2.2.1 through 1.2.2.2 does not
require ...)
+ TODO: check
+CVE-2015-1949 (The server in IBM Tivoli Storage Manager FastBack 6.1 before
6.1.12 ...)
+ TODO: check
+CVE-2015-1948 (Stack-based buffer overflow in the server in IBM Tivoli Storage
...)
+ TODO: check
CVE-2015-1947
RESERVED
CVE-2015-1946
@@ -8493,16 +9076,16 @@
RESERVED
CVE-2015-1943
RESERVED
-CVE-2015-1942
- RESERVED
-CVE-2015-1941
- RESERVED
+CVE-2015-1942 (The server in IBM Tivoli Storage Manager FastBack 6.1 before
6.1.12 ...)
+ TODO: check
+CVE-2015-1941 (The server in IBM Tivoli Storage Manager FastBack 6.1 before
6.1.12 ...)
+ TODO: check
CVE-2015-1940
RESERVED
CVE-2015-1939
RESERVED
-CVE-2015-1938
- RESERVED
+CVE-2015-1938 (The server in IBM Tivoli Storage Manager FastBack 6.1 before
6.1.12 ...)
+ TODO: check
CVE-2015-1937 (IBM PowerVC 1.2.0.x through 1.2.0.4, 1.2.1.x through 1.2.1.2,
and ...)
NOT-FOR-US: IBM PowerVC
CVE-2015-1936
@@ -8517,30 +9100,30 @@
RESERVED
CVE-2015-1931
RESERVED
-CVE-2015-1930
- RESERVED
-CVE-2015-1929
- RESERVED
+CVE-2015-1930 (Stack-based buffer overflow in the server in IBM Tivoli Storage
...)
+ TODO: check
+CVE-2015-1929 (Stack-based buffer overflow in the server in IBM Tivoli Storage
...)
+ TODO: check
CVE-2015-1928
RESERVED
CVE-2015-1927
RESERVED
CVE-2015-1926
RESERVED
-CVE-2015-1925
- RESERVED
-CVE-2015-1924
- RESERVED
-CVE-2015-1923
- RESERVED
+CVE-2015-1925 (Stack-based buffer overflow in the server in IBM Tivoli Storage
...)
+ TODO: check
+CVE-2015-1924 (Stack-based buffer overflow in the server in IBM Tivoli Storage
...)
+ TODO: check
+CVE-2015-1923 (Buffer overflow in the server in IBM Tivoli Storage Manager
FastBack ...)
+ TODO: check
CVE-2015-1922
RESERVED
CVE-2015-1921 (Open redirect vulnerability in IBM WebSphere Portal 8.0.0
before ...)
NOT-FOR-US: IBM
CVE-2015-1920 (IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47,
7.0 ...)
NOT-FOR-US: IBM
-CVE-2015-1919
- RESERVED
+CVE-2015-1919 (Cross-site scripting (XSS) vulnerability in IBM Security QRadar
...)
+ TODO: check
CVE-2015-1918
RESERVED
CVE-2015-1917
@@ -8553,8 +9136,8 @@
CVE-2015-1914
RESERVED
NOT-FOR-US: IBM JDK
-CVE-2015-1913
- RESERVED
+CVE-2015-1913 (Rational Test Control Panel in IBM Rational Test Workbench and
...)
+ TODO: check
CVE-2015-1912
RESERVED
CVE-2015-1911 (Cross-site scripting (XSS) vulnerability in Sterling Order
Management ...)
@@ -8577,10 +9160,10 @@
NOT-FOR-US: IBM
CVE-2015-1902 (Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6
IF7 and ...)
NOT-FOR-US: IBM
-CVE-2015-1901
- RESERVED
-CVE-2015-1900
- RESERVED
+CVE-2015-1901 (The installer in IBM InfoSphere Information Server 8.5 through
11.3 ...)
+ TODO: check
+CVE-2015-1900 (IBM InfoSphere DataStage 8.1, 8.5, 8.7, 9.1, and 11.3 through
11.3.1.2 ...)
+ TODO: check
CVE-2015-1899 (IBM WebSphere Portal 8.5 through CF05 allows remote attackers
to cause ...)
NOT-FOR-US: IBM
CVE-2015-1898 (Stack-based buffer overflow in the FastBackMount process in IBM
Tivoli ...)
@@ -8611,8 +9194,8 @@
NOT-FOR-US: IBM WebSphere Portal
CVE-2015-1885 (WebSphereOauth20SP.ear in IBM WebSphere Application Server
(WAS) 7.0 ...)
NOT-FOR-US: IBM WebSphere Application Server
-CVE-2015-1884
- RESERVED
+CVE-2015-1884 (Directory traversal vulnerability in IBM Business Process
Manager ...)
+ TODO: check
CVE-2015-1883
RESERVED
CVE-2015-1882 (Multiple race conditions in IBM WebSphere Application Server
(WAS) 8.5 ...)
@@ -8761,8 +9344,7 @@
[jessie] - python-keystoneclient <no-dsa> (Minor issue)
[wheezy] - python-keystoneclient <not-affected> (s3_token middleware
not present)
NOTE: https://launchpad.net/bugs/1411063
-CVE-2015-1851 [Host file disclosure through qcow2 backing file]
- RESERVED
+CVE-2015-1851 (OpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before
2014.2.4 ...)
{DSA-3292-1}
- cinder 2015.1.0+2015.06.16.git26.9634b76ba5-1 (bug #788996)
NOTE: http://www.openwall.com/lists/oss-security/2015/06/13/1
@@ -9771,8 +10353,8 @@
RESERVED
CVE-2015-1486
RESERVED
-CVE-2015-1485
- RESERVED
+CVE-2015-1485 (Cross-site request forgery (CSRF) vulnerability in the
administration ...)
+ TODO: check
CVE-2015-1484 (Unquoted Windows search path vulnerability in the agent in
Symantec ...)
NOT-FOR-US: Symantec Workspace Streaming
CVE-2015-1483 (Symantec NetBackup OpsCenter 7.6.0.2 through 7.6.1 on Linux and
UNIX ...)
@@ -10503,8 +11085,7 @@
RESERVED
CVE-2015-1331
RESERVED
-CVE-2015-1330 [package auth bypass when using dpkg force-{confold,confnew}]
- RESERVED
+CVE-2015-1330 (unattended-upgrades before 0.86.1 does not properly
authenticate ...)
{DSA-3297-1}
- unattended-upgrades 0.86.1
CVE-2015-1329
@@ -10730,26 +11311,22 @@
RESERVED
CVE-2015-1270
RESERVED
-CVE-2015-1269
- RESERVED
+CVE-2015-1269 (The DecodeHSTSPreloadRaw function in ...)
- chromium-browser 43.0.2357.130-1
[jessie] - chromium-browser <no-dsa> (minor issue)
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1268
- RESERVED
+CVE-2015-1268 (bindings/scripts/v8_types.py in Blink, as used in Google Chrome
before ...)
- chromium-browser 43.0.2357.130-1
[jessie] - chromium-browser <no-dsa> (minor issue)
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1267
- RESERVED
+CVE-2015-1267 (Blink, as used in Google Chrome before 43.0.2357.130, does not
...)
- chromium-browser 43.0.2357.130-1
[jessie] - chromium-browser <no-dsa> (minor issue)
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1266
- RESERVED
+CVE-2015-1266 (content/browser/webui/content_web_ui_controller_factory.cc in
Google ...)
- chromium-browser 43.0.2357.130-1
[jessie] - chromium-browser <no-dsa> (minor issue)
[wheezy] - chromium-browser <end-of-life>
@@ -11200,12 +11777,10 @@
NOT-FOR-US: PrestaShop
CVE-2015-1160
RESERVED
-CVE-2015-1159 [Cross-Site Scripting]
- RESERVED
+CVE-2015-1159 (Cross-site scripting (XSS) vulnerability in the cgi_puts
function in ...)
{DSA-3283-1 DLA-239-1}
- cups 1.7.5-12
-CVE-2015-1158 [Improper Update of Reference Count]
- RESERVED
+CVE-2015-1158 (The add_job function in scheduler/ipp.c in cupsd in CUPS before
2.0.3 ...)
{DSA-3283-1 DLA-239-1}
- cups 1.7.5-12
CVE-2015-1157 (CoreText in Apple iOS 8.x through 8.3 allows remote attackers
to cause ...)
@@ -11746,8 +12321,8 @@
NOT-FOR-US: Inductive Automation Ignition
CVE-2015-0990 (Untrusted search path vulnerability in Ecava IntegraXor SCADA
Server ...)
NOT-FOR-US: Ecava IntegraXor SCADA Server
-CVE-2015-0989
- RESERVED
+CVE-2015-0989 (PACTware 4.1 SP3 allows remote attackers to cause a denial of
service ...)
+ TODO: check
CVE-2015-0988
RESERVED
CVE-2015-0987
@@ -12329,8 +12904,7 @@
RESERVED
- pycode-browser 1:1.0-1 (bug #790365)
[jessie] - pycode-browser <no-dsa> (Minor issue)
-CVE-2015-0848 [Heap overflow]
- RESERVED
+CVE-2015-0848 (Heap-based buffer overflow in libwmf 0.2.8.4 allows remote
attackers ...)
{DLA-253-1}
- libwmf <unfixed> (bug #787644)
CVE-2015-0847 (nbd-server.c in Network Block Device (nbd-server) before 3.11
does not ...)
@@ -13709,11 +14283,9 @@
CVE-2015-0551
RESERVED
NOT-FOR-US: EMC Documentum WebTop Client
-CVE-2015-0550
- RESERVED
+CVE-2015-0550 (Directory traversal vulnerability in EMC Documentum Thumbnail
Server ...)
NOT-FOR-US: EMC Documentum Thumbnail Server
-CVE-2015-0549
- RESERVED
+CVE-2015-0549 (Cross-site scripting (XSS) vulnerability in EMC Documentum D2
before ...)
NOT-FOR-US: EMC Documentum D2
CVE-2015-0548
RESERVED
@@ -13723,8 +14295,7 @@
NOT-FOR-US: EMC Documentum D2
CVE-2015-0546 (EMC Unified Infrastructure Manager/Provisioning (UIM/P) 4.1
allows ...)
NOT-FOR-US: EMC Unified Infrastructure Manager/Provisioning
-CVE-2015-0545
- RESERVED
+CVE-2015-0545 (EMC Unisphere for VMAX 8.x before 8.0.3.4 sets up the Java
Debugging ...)
NOT-FOR-US: EMC Unisphere
CVE-2015-0544
RESERVED
@@ -14764,8 +15335,8 @@
RESERVED
CVE-2014-9231
RESERVED
-CVE-2014-9230
- RESERVED
+CVE-2014-9230 (Cross-site scripting (XSS) vulnerability in the administration
console ...)
+ TODO: check
CVE-2014-9229
RESERVED
CVE-2014-9228
@@ -16035,8 +16606,8 @@
NOT-FOR-US: IBM General Parallel File System
CVE-2015-0197 (IBM General Parallel File System (GPFS) 3.4 before 3.4.0.32,
3.5 ...)
NOT-FOR-US: IBM General Parallel File System
-CVE-2015-0196
- RESERVED
+CVE-2015-0196 (CRLF injection vulnerability in IBM WebSphere Commerce 6.0
through ...)
+ TODO: check
CVE-2015-0195
RESERVED
CVE-2015-0194
@@ -16082,8 +16653,8 @@
NOT-FOR-US: IBM WebSphere Application Server
CVE-2015-0174 (The SNMP implementation in IBM WebSphere Application Server
(WAS) 8.5 ...)
NOT-FOR-US: IBM WebSphere Application Server
-CVE-2015-0173
- RESERVED
+CVE-2015-0173 (The HTTP connection-management functionality in Internet
Pass-Thru ...)
+ TODO: check
CVE-2015-0172
RESERVED
CVE-2015-0171 (Directory traversal vulnerability in IBM Security SiteProtector
System ...)
@@ -16166,18 +16737,18 @@
NOT-FOR-US: IBM
CVE-2015-0132 (The XML parser in IBM Rational DOORS Next Generation 4.x before
4.0.7 ...)
NOT-FOR-US: IBM
-CVE-2015-0131
- RESERVED
+CVE-2015-0131 (Cross-site scripting (XSS) vulnerability in IBM Leads 7.x,
8.1.0 ...)
+ TODO: check
CVE-2015-0130
RESERVED
CVE-2015-0129 (Cross-site scripting (XSS) vulnerability in IBM Rational
Quality ...)
NOT-FOR-US: IBM Rational Quality Manager
CVE-2015-0128 (Cross-site scripting (XSS) vulnerability in IBM Rational
Quality ...)
NOT-FOR-US: IBM Rational Quality Manager
-CVE-2015-0127
- RESERVED
-CVE-2015-0126
- RESERVED
+CVE-2015-0127 (IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before
8.5.0.7.3, ...)
+ TODO: check
+CVE-2015-0126 (IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before
8.5.0.7.3, ...)
+ TODO: check
CVE-2015-0125 (Cross-site scripting (XSS) vulnerability in IBM Rational DOORS
Next ...)
NOT-FOR-US: IBM Rational DOORS Next Generation
CVE-2015-0124 (Cross-site scripting (XSS) vulnerability in IBM Rational
Quality ...)
@@ -16192,14 +16763,14 @@
NOT-FOR-US: IBM
CVE-2015-0119 (FastBack Mount in IBM Tivoli Storage Manager FastBack 6.1.x
before ...)
NOT-FOR-US: IBM Tivoli Storage Manager FastBack
-CVE-2015-0118
- RESERVED
+CVE-2015-0118 (IBM WebSphere Message Broker Toolkit 7 before 7007 IF2 and 8
before ...)
+ TODO: check
CVE-2015-0117 (The LDAP Server in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and
9.x ...)
NOT-FOR-US: IBM Domino
-CVE-2015-0116
- RESERVED
-CVE-2015-0115
- RESERVED
+CVE-2015-0116 (IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before
8.5.0.7.3, ...)
+ TODO: check
+CVE-2015-0115 (Cross-site request forgery (CSRF) vulnerability in IBM Leads
7.x, ...)
+ TODO: check
CVE-2015-0114
RESERVED
CVE-2015-0113 (The Jazz help system in IBM Rational Collaborative Lifecycle
...)
@@ -23479,8 +24050,8 @@
RESERVED
CVE-2014-6199 (The HTTP Server Adapter in IBM Sterling B2B Integrator 5.1 and
5.2.x ...)
NOT-FOR-US: IBM
-CVE-2014-6198
- RESERVED
+CVE-2014-6198 (Cross-site request forgery (CSRF) vulnerability in IBM Security
...)
+ TODO: check
CVE-2014-6197 (IBM Security Network Protection 5.1.x and 5.2.x before 5.2.0.0
FP5 and ...)
NOT-FOR-US: IBM
CVE-2014-6196 (Cross-site scripting (XSS) vulnerability in IBM Web Experience
Factory ...)
@@ -26797,8 +27368,8 @@
NOT-FOR-US: IBM WebSphere Application Server
CVE-2014-4769 (IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through
7.0.0.8 ...)
NOT-FOR-US: IBM
-CVE-2014-4768
- RESERVED
+CVE-2014-4768 (IBM Unified Extensible Firmware Interface (UEFI) on Flex System
x880 ...)
+ TODO: check
CVE-2014-4767 (IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x
before ...)
NOT-FOR-US: IBM WebSphere Application Server
CVE-2014-4766 (IBM Sametime Classic Meeting Server 8.0.x and 8.5.x allows
remote ...)
@@ -34874,8 +35445,7 @@
[wheezy] - logilab-common <no-dsa> (Minor issue)
CVE-2014-1837 (Cross-site scripting (XSS) vulnerability in the StackIdeas
Komento ...)
NOT-FOR-US: Joomla com_komento
-CVE-2014-1836
- RESERVED
+CVE-2014-1836 (Absolute path traversal vulnerability in ...)
NOT-FOR-US: ImpressCMS
CVE-2014-1835
RESERVED
@@ -35334,8 +35904,7 @@
- python-gnupg 0.3.6-1 (bug #738509)
CVE-2013-7318 (Cross-site scripting (XSS) vulnerability in BusinessFlow/login
in ...)
NOT-FOR-US: AlgoSec Firewall Analyzer
-CVE-2014-1750
- RESERVED
+CVE-2014-1750 (Open redirect vulnerability in nokia-mapsplaces.php in the
Nokia Maps ...)
NOT-FOR-US: WordPress plugin nokia-mapsplaces
CVE-2014-1694 (Multiple cross-site request forgery (CSRF) vulnerabilities in
(1) ...)
{DSA-2867-1}
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
