Author: sectracker
Date: 2015-10-19 21:10:10 +0000 (Mon, 19 Oct 2015)
New Revision: 37190
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-10-19 20:18:37 UTC (rev 37189)
+++ data/CVE/list 2015-10-19 21:10:10 UTC (rev 37190)
@@ -1,3 +1,41 @@
+CVE-2015-7859
+ RESERVED
+CVE-2015-7858
+ RESERVED
+CVE-2015-7857
+ RESERVED
+CVE-2015-7856 (OpenNMS has a default password of rtc for the rtc account,
which makes ...)
+ TODO: check
+CVE-2015-7855
+ RESERVED
+CVE-2015-7854
+ RESERVED
+CVE-2015-7853
+ RESERVED
+CVE-2015-7852
+ RESERVED
+CVE-2015-7851
+ RESERVED
+CVE-2015-7850
+ RESERVED
+CVE-2015-7849
+ RESERVED
+CVE-2015-7848
+ RESERVED
+CVE-2015-7847
+ RESERVED
+CVE-2015-7846
+ RESERVED
+CVE-2015-7845
+ RESERVED
+CVE-2015-7844
+ RESERVED
+CVE-2015-7843
+ RESERVED
+CVE-2015-7842
+ RESERVED
+CVE-2015-7841
+ RESERVED
CVE-2015-XXXX [Keyrings crash triggerable by unprivileged user]
- linux <unfixed>
- linux-2.6 <removed>
@@ -22,8 +60,8 @@
RESERVED
CVE-2015-7834 (Multiple unspecified vulnerabilities in Google V8 before
4.6.85.23, as ...)
TODO: check
-CVE-2015-7833
- RESERVED
+CVE-2015-7833 (The usbvision driver in the Linux kernel package
3.10.0-123.20.1.el7 ...)
+ TODO: check
CVE-2015-7832
RESERVED
CVE-2015-7831
@@ -110,8 +148,7 @@
- optipng 0.7.5-1
CVE-2015-7800
RESERVED
-CVE-2015-7799 [net: slip: crash when using PPP character device driver]
- RESERVED
+CVE-2015-7799 (The slhc_init function in drivers/net/slip/slhc.c in the Linux
kernel ...)
- linux <unfixed>
[jeesie] - linux <no-dsa> (Minor issue)
[wheezy] - linux <no-dsa> (Minor issue)
@@ -419,10 +456,10 @@
- glpi <unfixed> (unimportant)
NOTE: https://forge.glpi-project.org/issues/5217
NOTE: Only supported behind an authenticated HTTP zone
-CVE-2015-7683
- RESERVED
-CVE-2015-7682
- RESERVED
+CVE-2015-7683 (Absolute path traversal vulnerability in Font.php in the Font
plugin ...)
+ TODO: check
+CVE-2015-7682 (Multiple SQL injection vulnerabilities in ...)
+ TODO: check
CVE-2015-7681
RESERVED
CVE-2015-7680
@@ -521,10 +558,10 @@
RESERVED
CVE-2015-7649
RESERVED
-CVE-2015-7648
- RESERVED
-CVE-2015-7647
- RESERVED
+CVE-2015-7648 (Adobe Flash Player before 18.0.0.255 and 19.x before 19.0.0.226
on ...)
+ TODO: check
+CVE-2015-7647 (Adobe Flash Player before 18.0.0.255 and 19.x before 19.0.0.226
on ...)
+ TODO: check
CVE-2015-7646
RESERVED
CVE-2015-7645 (Adobe Flash Player 18.x through 18.0.0.252 and 19.x through
19.0.0.207 ...)
@@ -533,22 +570,22 @@
NOT-FOR-US: Adobe Flash Player
CVE-2015-7643 (Use-after-free vulnerability in Adobe Flash Player before
18.0.0.252 ...)
NOT-FOR-US: Adobe Flash Player
-CVE-2015-7642
- RESERVED
-CVE-2015-7641
- RESERVED
-CVE-2015-7640
- RESERVED
-CVE-2015-7639
- RESERVED
-CVE-2015-7638
- RESERVED
-CVE-2015-7637
- RESERVED
-CVE-2015-7636
- RESERVED
-CVE-2015-7635
- RESERVED
+CVE-2015-7642 (Use-after-free vulnerability in Adobe Flash Player before
18.0.0.252 ...)
+ TODO: check
+CVE-2015-7641 (Use-after-free vulnerability in Adobe Flash Player before
18.0.0.252 ...)
+ TODO: check
+CVE-2015-7640 (Use-after-free vulnerability in Adobe Flash Player before
18.0.0.252 ...)
+ TODO: check
+CVE-2015-7639 (Use-after-free vulnerability in Adobe Flash Player before
18.0.0.252 ...)
+ TODO: check
+CVE-2015-7638 (Use-after-free vulnerability in Adobe Flash Player before
18.0.0.252 ...)
+ TODO: check
+CVE-2015-7637 (Use-after-free vulnerability in Adobe Flash Player before
18.0.0.252 ...)
+ TODO: check
+CVE-2015-7636 (Use-after-free vulnerability in Adobe Flash Player before
18.0.0.252 ...)
+ TODO: check
+CVE-2015-7635 (Use-after-free vulnerability in Adobe Flash Player before
18.0.0.252 ...)
+ TODO: check
CVE-2015-7634 (Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207
on ...)
NOT-FOR-US: Adobe Flash Player
CVE-2015-7633 (Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207
on ...)
@@ -597,8 +634,7 @@
RESERVED
NOT-FOR-US: wget as used in Tails
NOTE: http://www.openwall.com/lists/oss-security/2015/10/01/10
-CVE-2015-7613 [Unauthorized access to IPC objects with SysV shm]
- RESERVED
+CVE-2015-7613 (Race condition in the IPC object implementation in the Linux
kernel ...)
{DSA-3372-1 DLA-325-1}
- linux 4.2.3-1
- linux-2.6 <removed>
@@ -1103,8 +1139,8 @@
RESERVED
CVE-2015-7378
RESERVED
-CVE-2015-7377
- RESERVED
+CVE-2015-7377 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
CVE-2015-7376
RESERVED
CVE-2015-7375 (Schneider Electric InduSoft Web Studio before 8.0 allows remote
...)
@@ -1528,8 +1564,7 @@
RESERVED
CVE-2015-7185
RESERVED
-CVE-2015-7184
- RESERVED
+CVE-2015-7184 (The fetch API implementation in Mozilla Firefox before 41.0.2
does not ...)
- iceweasel <not-affected> (Affects only Firefox later than 38)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-115/
CVE-2015-7183
@@ -1847,12 +1882,12 @@
RESERVED
CVE-2015-7035
RESERVED
-CVE-2015-7034
- RESERVED
-CVE-2015-7033
- RESERVED
-CVE-2015-7032
- RESERVED
+CVE-2015-7034 (The Apple iWork application before 2.6 for iOS and Apple Pages
before ...)
+ TODO: check
+CVE-2015-7033 (The Apple iWork application before 2.6 for iOS, Apple Keynote
before ...)
+ TODO: check
+CVE-2015-7032 (The Apple iWork application before 2.6 for iOS, Apple Keynote
before ...)
+ TODO: check
CVE-2015-7031
RESERVED
CVE-2015-7030
@@ -2242,17 +2277,13 @@
RESERVED
CVE-2015-6847
RESERVED
-CVE-2015-6846
- RESERVED
+CVE-2015-6846 (EMC SourceOne Email Supervisor before 7.2 uses hardcoded
encryption ...)
NOT-FOR-US: EMC SourceOne
-CVE-2015-6845
- RESERVED
+CVE-2015-6845 (EMC SourceOne Email Supervisor before 7.2 does not properly
employ ...)
NOT-FOR-US: EMC SourceOne
-CVE-2015-6844
- RESERVED
+CVE-2015-6844 (Cross-site scripting (XSS) vulnerability in Reviewer in EMC
SourceOne ...)
NOT-FOR-US: EMC SourceOne
-CVE-2015-6843
- RESERVED
+CVE-2015-6843 (Reviewer in EMC SourceOne Email Supervisor before 7.2 does not
...)
NOT-FOR-US: EMC SourceOne
CVE-2015-6842
RESERVED
@@ -2260,8 +2291,7 @@
RESERVED
CVE-2015-6840
RESERVED
-CVE-2015-6937 [NULL pointer dereference in net/rds/connection.c]
- RESERVED
+CVE-2015-6937 (The __rds_conn_create function in net/rds/connection.c in the
Linux ...)
{DSA-3364-1 DLA-310-1}
- linux 4.2.1-1
- linux-2.6 <removed>
@@ -3269,8 +3299,8 @@
RESERVED
CVE-2015-6483
RESERVED
-CVE-2015-6482
- RESERVED
+CVE-2015-6482 (Runtime Toolkit before 2.4.7.48 in 3S-Smart CODESYS before
2.3.9.48 ...)
+ TODO: check
CVE-2015-6481
RESERVED
CVE-2015-6480
@@ -3279,8 +3309,8 @@
RESERVED
CVE-2015-6478
RESERVED
-CVE-2015-6477
- RESERVED
+CVE-2015-6477 (Multiple cross-site scripting (XSS) vulnerabilities in the Wind
Farm ...)
+ TODO: check
CVE-2015-6476
RESERVED
CVE-2015-6475 (Multiple cross-site scripting (XSS) vulnerabilities in IBC
Solar ...)
@@ -3740,8 +3770,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2015/08/18/4
NOTE: Fixed by:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9a5cbce421a283e6aea3c4007f141735bf9da8c3
(v4.1-rc1)
TODO: check which ppc64 kernel support perf
-CVE-2015-6252 [linux kernel:fd leak in vhost ioctl VHOST_SET_LOG_FD]
- RESERVED
+CVE-2015-6252 (The vhost_dev_ioctl function in drivers/vhost/vhost.c in the
Linux ...)
{DSA-3364-1}
- linux 4.1.5-1
- linux-2.6 <removed>
@@ -4925,8 +4954,8 @@
RESERVED
CVE-2015-5743
RESERVED
-CVE-2015-5742
- RESERVED
+CVE-2015-5742 (VeeamVixProxy in Veeam Backup & Replication (B&R)
before 8.0 update 3 ...)
+ TODO: check
CVE-2015-5738 [RSA-CRT key leak in custom version of OpenSSL]
RESERVED
- openssl <not-affected> (OpenSSL upstream is not affected)
@@ -5054,13 +5083,13 @@
RESERVED
CVE-2015-5715
RESERVED
- {DLA-321-1}
+ {DSA-3375-1 DLA-321-1}
- wordpress 4.3.1+dfsg-1 (bug #799140)
NOTE: https://wordpress.org/news/2015/09/wordpress-4-3-1/
NOTE:
https://github.com/WordPress/WordPress/commit/9c57f3a4291f2311ae05f22c10eedeb0f69337ab
CVE-2015-5714
RESERVED
- {DLA-321-1}
+ {DSA-3375-1 DLA-321-1}
- wordpress 4.3.1+dfsg-1 (bug #799140)
NOTE: https://wordpress.org/news/2015/09/wordpress-4-3-1/
NOTE:
https://github.com/WordPress/WordPress/commit/f72b21af23da6b6d54208e5c1d65ececdaa109c8
@@ -5121,8 +5150,7 @@
NOTE: Fixed by
https://github.com/mperham/sidekiq/commit/2178d66b6686fbf4430223c34c184a64c9906828
NOTE: Fix released in sidekiq 3.4.0
NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2015/08/01/2
-CVE-2015-5707 [Integer overflow in SCSI generic driver]
- RESERVED
+CVE-2015-5707 (Integer overflow in the sg_start_req function in
drivers/scsi/sg.c in ...)
{DSA-3329-1 DLA-310-1}
- linux 4.1.3-1
- linux-2.6 <removed>
@@ -5259,10 +5287,10 @@
RESERVED
CVE-2015-5663
RESERVED
-CVE-2015-5662
- RESERVED
-CVE-2015-5661
- RESERVED
+CVE-2015-5662 (Directory traversal vulnerability in Avast before 150918-0
allows ...)
+ TODO: check
+CVE-2015-5661 (The SAND STUDIO AirDroid application 1.1.0 and earlier for
Android ...)
+ TODO: check
CVE-2015-5660 (Cross-site request forgery (CSRF) vulnerability in eXtplorer
before ...)
TODO: check
CVE-2015-5659 (SQL injection vulnerability in Network Applied Communication
...)
@@ -5843,8 +5871,7 @@
RESERVED
CVE-2015-5445
RESERVED
-CVE-2015-5444
- RESERVED
+CVE-2015-5444 (Multiple cross-site scripting (XSS) vulnerabilities in HP Smart
...)
NOT-FOR-US: SPS DAL
CVE-2015-5443 (HP 3PAR Service Processor SP 4.2.0.GA-29 (GA) SPOCC, SP
4.3.0.GA-17 ...)
NOT-FOR-US: HP
@@ -6243,11 +6270,13 @@
TODO: check
CVE-2015-5289 [stack overflows in json parsing]
RESERVED
+ {DSA-3374-1}
- postgresql-9.4 9.4.5-1
- postgresql-9.1 <not-affected> (no json datatype)
- postgresql-8.4 <not-affected> (no json datatype)
CVE-2015-5288 [vulnerable to too-short crypt() salts]
RESERVED
+ {DSA-3374-1 DLA-329-1}
- postgresql-9.4 9.4.5-1
- postgresql-9.1 <removed>
[jessie] - postgresql-9.1 <no-dsa> (postgresql-9.1 in jessie only
provides PL/Perl)
@@ -6271,8 +6300,7 @@
- freeipa <not-affected> (Introduced in 4.2)
NOTE: https://fedorahosted.org/freeipa/ticket/5347
NOTE: Upstream commit:
https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=55a66ccba3e2181a50e7733b7476991975b7455f
-CVE-2015-5283 [Creating multiple sockets when SCTP module isn't loaded leads
to kernel panic]
- RESERVED
+CVE-2015-5283 (The sctp_init function in net/sctp/protocol.c in the Linux
kernel ...)
- linux 4.2.1-2
[jessie] - linux 3.16.7-ckt11-1+deb8u5
[wheezy] - linux <not-affected> (Vulnerable code not present)
@@ -6789,8 +6817,7 @@
- linux-2.6 <not-affected> (Introduced in 3.3)
NOTE:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b6e6a8334d56354853f9c255d1395c2ba570e0a
NOTE: Same fix as for CVE-2015-3290.
-CVE-2015-5156 [virt-io max-skb-frags heap overflow]
- RESERVED
+CVE-2015-5156 (The virtnet_probe function in drivers/net/virtio_net.c in the
Linux ...)
{DSA-3364-1 DLA-310-1}
- linux 4.1.5-1
- linux-2.6 <removed>
@@ -16379,40 +16406,33 @@
- foreman <itp> (bug #663101)
CVE-2015-1815 (The get_rpm_nvr_by_file_path_temporary function in util.py in
...)
NOT-FOR-US: setroubleshoot
-CVE-2015-1814 [SECURITY-180, orced API token change]
- RESERVED
+CVE-2015-1814 (The API token-issuing service in CloudBees Jenkins before 1.606
and ...)
- jenkins <unfixed> (bug #781223)
NOTE:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23
-CVE-2015-1813 [SECURITY-177, Reflective XSS vulnerability]
- RESERVED
+CVE-2015-1813 (Cross-site scripting (XSS) vulnerability in CloudBees Jenkins
before ...)
- jenkins <unfixed> (bug #781223)
NOTE:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23
-CVE-2015-1812 [SECURITY-171, Reflective XSS vulnerability]
- RESERVED
+CVE-2015-1812 (Cross-site scripting (XSS) vulnerability in CloudBees Jenkins
before ...)
- jenkins <unfixed> (bug #781223)
NOTE:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23
CVE-2015-1811 [External entity processing in XML can reveal sensitive local
files (SECURITY-167)]
RESERVED
- jenkins <unfixed> (bug #781223)
NOTE:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27
-CVE-2015-1810 [HudsonPrivateSecurityRealm allows creation of reserved names
(SECURITY-166)]
- RESERVED
+CVE-2015-1810 (The HudsonPrivateSecurityRealm class in CloudBees Jenkins
before 1.600 ...)
- jenkins <unfixed> (bug #781223)
NOTE:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27
CVE-2015-1809 [external entity injection via XPath (SECURITY-165)]
RESERVED
- jenkins <unfixed> (bug #781223)
NOTE:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27
-CVE-2015-1808 [pdate center metadata retrieval DoS attack (SECURITY-163)]
- RESERVED
+CVE-2015-1808 (CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows
remote ...)
- jenkins <unfixed> (bug #781223)
NOTE:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27
-CVE-2015-1807 [directory traversal from artifacts via symlink (SECURITY-162)]
- RESERVED
+CVE-2015-1807 (Directory traversal vulnerability in CloudBees Jenkins before
1.600 ...)
- jenkins <unfixed> (bug #781223)
NOTE:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27
-CVE-2015-1806 [Combination filter Groovy script unsecured (SECURITY-125)]
- RESERVED
+CVE-2015-1806 (The combination filter Groovy script in CloudBees Jenkins
before 1.600 ...)
- jenkins <unfixed> (bug #781223)
NOTE:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27
CVE-2015-1805 (The (1) pipe_read and (2) pipe_write implementations in
fs/pipe.c in ...)
@@ -23378,8 +23398,7 @@
CVE-2015-0276
RESERVED
- kallithea <itp> (bug #689573)
-CVE-2015-0275 [ext4: fallocate zero range page size > block size BUG()]
- RESERVED
+CVE-2015-0275 (The ext4_zero_range function in fs/ext4/extents.c in the Linux
kernel ...)
- linux 3.16.7-ckt9-1
[wheezy] - linux <not-affected> (Introduced in v3.15)
- linux-2.6 <not-affected> (Introduced in v3.15)
@@ -30497,12 +30516,12 @@
NOT-FOR-US: Oracle Database Server
CVE-2014-6452 (Unspecified vulnerability in the SQLJ component in Oracle
Database ...)
NOT-FOR-US: Oracle Database Server
-CVE-2014-6451
- RESERVED
-CVE-2014-6450
- RESERVED
-CVE-2014-6449
- RESERVED
+CVE-2014-6451 (J-Web in Juniper vSRX virtual firewalls with Junos OS before
...)
+ TODO: check
+CVE-2014-6450 (Juniper Junos OS before 11.4R12-S4, 12.1X44 before 12.1X44-D41,
...)
+ TODO: check
+CVE-2014-6449 (Juniper Junos OS before 12.1X44-D50, 12.1X46 before
12.1X46-D35, ...)
+ TODO: check
CVE-2014-6448
RESERVED
CVE-2014-6447
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
